o Hý¤hsã@sdZddlZddlZddlZddlZddlZddlmZmZm Z m Z m Z m Z m Z mZddlmZddlmZddlmZmZddlmZmZdd lmZmZdd lmZmZmZm Z m!Z!ed e"ƒZ#e# $d ¡ed d„ƒƒZ%e#j$ddgdedd„ƒƒZ&e#j$ddgdede'fdd„ƒƒZ(e#j$ddgdede'fdd„ƒƒZ)e# $d¡edd„ƒƒZ*e# $d¡ede'fdd „ƒƒZ+e# $d!¡ede'fd"d#„ƒƒZ,e#j$d$dgded%d&„ƒƒZ-e# $d'¡ede'd(e.fd)d*„ƒƒZ/e#j$d+dgdede'fd,d-„ƒƒZ0e#j$d.dgdede'fd/d0„ƒƒZ1e#j$d1dgdede'fd2d3„ƒƒZ2e#j$d4dgded5d6„ƒƒZ3e# $d7¡ed8d9„ƒƒZ4e# $d:¡ed;d<„ƒƒZ5e# $d=¡ede'fd>d?„ƒƒZ6dS)@aæ admin_routes.py Purpose: Admin panel HTML and actions for managing users. Includes add, remove, and change-password endpoints, protected by the admin_required decorator. Also exposes admin-only JSON APIs to view and manage any user's cameras and images, and to read audit logs. All routes are CSRF-protected globally. Routes: - GET /admin - POST /admin/add_user - POST /admin/remove_user/ - POST /admin/change_password/ - GET /admin/users.json - GET /admin/user//cameras.json - GET /admin/user//images.json - POST /admin/user//cameras/rename - POST /admin/user//cameras/delete - POST /admin/image/delete - GET /admin/logs.json éN)Ú BlueprintÚrender_templateÚrequestÚredirectÚurl_forÚflashÚsessionÚjsonifyé)Úget_db)Úadmin_required)Úlog_admin_actionÚget_request_ip)Ú STATIC_PATHÚUSER_PHOTOS_REAL)Úlatest_from_db_or_fsÚcollect_user_images)Úparse_ts_from_anyÚ format_dtÚnormalize_to_static_user_photosÚbuild_media_urlÚbuild_share_urlÚ admin_routesz/admincCs tƒ}| d¡ ¡}td|dS)Nz_SELECT id, username, IFNULL(is_admin,0) AS is_admin FROM users ORDER BY username COLLATE NOCASEz admin.html)Úusers)r ÚexecuteÚfetchallr)Údbr©rú)/var/www/html/app_modules/admin_routes.pyÚ admin_panel)s rz/admin/add_userÚPOST)ÚmethodscCs2tj d¡pd ¡ ¡}tj d¡pd}|r|s#tddƒttdƒƒSt  d|¡s4tddƒttdƒƒSzAt   |  d ¡t   ¡¡ d ¡}tƒ}| d ||f¡| ¡td d ƒztd t d¡dttƒd|›dWn tysYnwWntjy„tddƒYntjy’tddƒYnwttdƒƒS)NÚusernameÚÚpasswordu&KorisniÄko ime i lozinka su obavezni.Úerrorúadmin_routes.admin_panelz[a-z0-9_]{3,32}uUKorisniÄko ime smije sadržavati samo mala slova, brojeve i donju crtu (3-32 znaka).úutf-8z9INSERT INTO users (username, password_hash) VALUES (?, ?)zKorisnik dodan.ÚsuccessÚadd_userÚuser_idú username=©Ú admin_user_idÚtarget_user_idÚipÚdetailuKorisniÄko ime već postoji.õ GreÅ¡ka baze.)rÚformÚgetÚstripÚlowerrrrÚreÚ fullmatchÚbcryptÚhashpwÚencodeÚgensaltÚdecoder rÚcommitr rrÚ ExceptionÚsqlite3ÚIntegrityErrorÚError)r"r$Úpwd_hashrrrrÚadmin_add_user1s4      & ÿ€ÿ rCz /admin/remove_user/r*cCs–z5tƒ}| d|f¡| d|f¡| ¡tddƒztdt d¡|ttƒdWn t y3YnwWnt j yDtdd ƒYnwt t d ƒƒS) Nz%DELETE FROM cameras WHERE user_id = ?zDELETE FROM users WHERE id = ?zKorisnik i kamere obrisani.r(Ú remove_userr*©r-r.r/r1r%r&)r rr=rr rr3rrr>r?rArr)r*rrrrÚadmin_remove_userNs   ÿ€ÿ rFz$/admin/change_password/cCsptjptj d¡p d dd¡d ¡dk}|r)tjddpi}| d ¡p%d ¡}n tj d ¡p0d ¡}t|ƒd krO|rDt d d d œƒdfSt d dƒt t dƒƒSzFt  | d¡t  ¡¡ d¡}tƒ}| d||f¡| ¡ztdt d¡|ttƒdWn ty…Ynw|rt ddiƒWSt ddƒWntjy±|rªt d dd œƒdfYSt ddƒYnwt t dƒƒS)z˜Change a user's password. - Supports form POST (HTML) and JSON (AJAX) with CSRF protection. - Enforces minimal password policy server-side. z Content-Typer#ú;r rúapplication/jsonT©ÚsilentÚ new_passwordéFz&Lozinka mora imati najmanje 8 znakova.©r(Úmessageér%r&r'z/UPDATE users SET password_hash = ? WHERE id = ?Úchange_passwordr*rEr(zLozinka promijenjena.r1éô)rÚis_jsonÚheadersr3Úsplitr4Úget_jsonr2Úlenr rrrr8r9r:r;r<r rr=r rrr>r?rA)r*rRÚdatarKÚnew_hashrrrrÚadmin_change_password`s>"ÿ    ÿý rYz/admin/users.jsonc Csftƒ}| d¡ ¡}g}|D]}| |d|dt|dpdƒdkt|dp'dƒdœ¡qtd |iƒS) Na SELECT u.id, u.username, IFNULL(u.is_admin,0) AS is_admin, COUNT(c.camera_id) AS camera_count FROM users u LEFT JOIN cameras c ON c.user_id = u.id GROUP BY u.id ORDER BY u.username COLLATE NOCASE Úidr"Úis_adminrr Ú camera_count)rZr"r[r\r)r rrÚappendÚintr )rÚrowsrÚrrrrÚadmin_users_jsonsù ü raz&/admin/user//cameras.jsonc Csâtƒ}dd„| d¡ ¡Dƒ}dt|ƒv}d|rdnd}| d|›d |f¡}g}| ¡D]<}t|d ƒ}t||d p=dtƒ\} } d } |rJ|dndpMd } | ||d| rZt| ƒnd| rct |   ¡ƒnd| | dœ¡q.t d|iƒS)NcSsg|]}|d‘qS)r r)Ú.0ÚrowrrrÚ ¨sz+admin_user_cameras_json..zPRAGMA table_info(cameras)Úmodelz"camera_id, camera_name, file_pathsz, modelr#zSELECT zC FROM cameras WHERE user_id = ? ORDER BY camera_name COLLATE NOCASEÚ camera_idÚ file_pathsz/static/camera_render.pngz Vision miniÚ camera_namezNema aktivnosti)rfrhÚ last_activeÚlatest_image_tsÚ thumbnail_urlreÚcameras) r rrÚsetÚstrrrr]rr^Ú timestampr ) r*rÚcolsÚ has_modelÚ select_fieldsÚcurr_r`Úcam_idÚ latest_dtÚ_Ú thumb_urlrerrrÚadmin_user_cameras_json¤s(    ú rxz%/admin/user//images.jsonc Csttƒ}t||tƒ}| d|f¡ ¡}dd„|Dƒ}i}|D];}| d¡}|s'q||vr:|| |d|›¡gdœ||<||d |d|d || d ¡rSt| d ¡ƒnd d œ¡qtd t t j  dd ¡ƒƒ}tdt t t j  dd¡ƒdƒƒ} g} |  ¡D].\}} t| dƒ} | d||| …} || | k}|  || d| | ||r£|| nddœ¡qz| jdd„dt| t| ƒdœƒS)NzQSELECT camera_id, camera_name FROM cameras WHERE user_id = ? ORDER BY camera_namecSsi|] }t|dƒ|d“qS)rfrh©rn©rbr`rrrÚ Æóz*admin_user_images_json..rfzCamera )rfrhÚimagesr}ÚurlÚrelÚtsr#©r~rrfr€rÚoffsetr Úlimitéédrh)rfrhr}Ú total_countÚhas_moreÚ next_offsetcSó|dS)Nrhr©ÚxrrrÚïóz(admin_user_images_json..)Úkey)rlÚ total_cameras)r rrrrr3r]rÚmaxr^rÚargsÚminÚitemsrVÚsortr )r*rÚ all_imagesÚcam_rowsÚ camera_namesrlÚimgrtr‚rƒÚresult_camerasÚcam_dataÚ total_imagesÚ images_slicer‡rrrÚadmin_user_images_json½sP   ý  ü   ú þrz/admin/share_linkcCsÚtjddpi}tt| d¡pdƒƒ}t| d¡pdƒ}tdt|dƒƒ}|s/td d d œƒd fSt |ƒ\}}|s@td d d œƒd fSt j   t |¡}t j  |¡sVtd dd œƒdfStt ¡ƒ|d}t||ƒ}td||dœƒS)zÃGenerate a short-lived public share URL for an image. Admin-only endpoint to prevent user-level mass sharing without oversight. Body: { rel: 'User-photos/PICT_...', ttl_minutes: 30 } TrIrr#Ú ttl_minutesiÀNr i FzNedostaje slika.rMrOúNeispravno ime datoteke.zDatoteka ne postoji.é”é<)r(r~Ú expires_at)rrUrrnr3r^rr’r rÚosÚpathÚjoinrÚexistsÚtimer)rWrržr€ÚcamÚabs_pathÚexpr~rrrÚadmin_generate_share_link÷s   r«z8/admin/user//camera//images.jsonrfc s4ˆ ¡r tˆƒdkstddiƒdfStƒ}| d|ˆf¡ ¡}|s)tddiƒdfSt||tƒ}‡fdd „|Dƒ}td t t j   d d ¡ƒƒ}td t t t j   d d¡ƒdƒƒ}t|ƒ}||||…} |||k} g} | D]} |  | d| dˆ|   d¡r€t|   d¡ƒnddœ¡qitˆ|d| || | r”||nd|dœƒS)Né r%zInvalid camera IDrOzCSELECT camera_name FROM cameras WHERE user_id = ? AND camera_id = ?zCamera not foundr csg|] }| d¡ˆkr|‘qS©rf)r3)rbr˜r­rrrd!r|z1admin_user_camera_images_json..rr‚r rƒr„r…r~rr€r#rrh)rfrhr}r†r‡rˆÚcurrent_offset)ÚisdigitrVr r rÚfetchonerrrr^rr‘r3r’r]r) r*rfrÚ cam_checkr•Ú camera_imagesr‚rƒr›rœr‡Ú result_imagesr˜rr­rÚadmin_user_camera_images_jsons<   üùr´z%/admin/user//cameras/addc Csˆtjddpi}t| dd¡ƒ ¡}| d¡pd ¡}| ¡r%t|ƒdks.tddd œƒd fS|rr?rA)r*rWrfrhrÚexistingÚ user_existsÚerrrÚadmin_user_camera_add@s:ý, ÿ€ÿr¼z(/admin/user//cameras/renamecCs8tjddpi}t| dd¡ƒ ¡}| d¡pd ¡}| ¡r%t|ƒdks.tddd œƒd fS|rr?rA)r*rWrfÚnew_namerrsrrrÚadmin_user_camera_renameis, & ÿÿrÁz(/admin/user//cameras/deletecCsötjddpi}t| dd¡ƒ ¡}| ¡rt|ƒdks%tdddœƒd fStƒ}z?|  d ||f¡}|  ¡|j d krDtdd dœƒd fWSzt dt  d¡|ttƒd|›dWn ty`YnwtddiƒWStjyztdddœƒdfYSw)NTrIrfr#r¬FzNeispravan ID kamere.rMrOz3DELETE FROM cameras WHERE user_id=? AND camera_id=?rr½r Ú delete_camerar*r¸r,r(r1rQ)rrUrnr3r4r¯rVr r rr=r¿r rrr>r?rA)r*rWrfrrsrrrÚadmin_user_camera_delete‚s& & ÿÿrÃz/admin/image/deletec sXtjddpi}t| dd¡ƒ‰t| d¡pdƒ}ˆr|s&tddd œƒd fStˆƒ\}}|s7tdd d œƒd fStƒ}| d ||f¡  ¡}|sOtdd d œƒdfSt j   t ˆ¡}ˆ d¡r]tnt j  t ¡}t j  |¡}| |¡swtddd œƒd fSt j  |¡r¾t j  |¡} t  | t j¡s“tddd œƒdfSzt  |¡Wn#ty¬tddd œƒdfYSty½tddd œƒdfYSwz>| d||f¡  ¡} | rû| drûdd„| d d¡Dƒ} t j  ˆ¡‰‡‡fdd„| Dƒ} | dd  | ¡||f¡| ¡Wn tjyYnwztdt d¡|ttƒdˆ›dWn t y%YnwtddiƒS)NTrIrr#r*rFzNedostaju podaci.rMrOrŸz5SELECT 1 FROM cameras WHERE user_id=? AND camera_id=?z Nedozvoljeno.i“z User-photos/zPutanja nije dozvoljena.z)Server nema dozvolu za brisanje datoteke.zNe mogu obrisati datoteku.rQz>SELECT file_paths FROM cameras WHERE user_id=? AND camera_id=?rgcSsg|] }| ¡r| ¡‘qSr)r4©rbÚprrrrd»sz&admin_delete_image..ú,cs,g|]}tj |¡ˆkrt|ƒˆkr|‘qSr)r£r¤ÚbasenamerrÄ©Ú name_onlyrrrrd½s,z?UPDATE cameras SET file_paths=? WHERE user_id=? AND camera_id=?Ú delete_imagezrel=r,r()!rrUrr3r^r rr rr°r£r¤r¥rÚ startswithrÚrealpathr¦ÚdirnameÚaccessÚW_OKÚremoveÚPermissionErrorÚOSErrorrTrÇr=r?rAr rrr>) rWr*rvr¨rÚownerr©Ú real_staticÚreal_absÚ parent_dirrcÚfpsÚkeptrrÈrÚadmin_delete_image˜s\       ÿ  €ÿ&ÿ rÙz/admin/logs.jsonc Cs tdtttj dd¡ƒdƒƒ}tƒ}| d|f¡ ¡}| d|f¡ ¡}g}|D]8}|  |dd|d p5d |d pAd |d p?d›|d|dpIdd|d  ¡vsYd|d  ¡vr[dnddœ¡q(|D]V}|dpod|d›}|dp€|drd |d›nd}|d}|r|d›d|›}|  |dd|d p›d |||dp¢dd|d  ¡vs²d |d  ¡vr´d!nddœ¡qc|j d"d#„d$d%t |d|…t |ƒd&œƒS)'Nr rƒr…rQú‰ SELECT ts, ip, user_id, username, event, detail, 'auth' as log_type FROM auth_log ORDER BY ts DESC LIMIT ? án SELECT aa.ts, aa.ip, aa.admin_user_id, aa.target_user_id, aa.action, aa.detail, 'admin' as log_type, au.username as admin_username, tu.username as target_username FROM admin_audit aa LEFT JOIN users au ON au.id = aa.admin_user_id LEFT JOIN users tu ON tu.id = aa.target_user_id ORDER BY aa.ts DESC LIMIT ? r€ÚAUTHr/ÚUnknownr"úUser#r*ú?Úeventr0r#ÚfailÚlockr%Úinfo)r€Útyper/r"Úactionr0ÚseverityÚadmin_usernameúAdmin#r-Útarget_usernamer.råu → ÚADMINÚdeleterÐÚwarningcSr‰)Nr€rrŠrrrrŒrz!admin_logs_json..T©rŽÚreverse)Úlogsr†)rr’r^rr‘r3r rrr]r5r”r rV) rƒrÚ auth_logsÚ admin_logsÚall_logsÚlogÚ admin_nameÚ target_nameÚ action_descrrrÚadmin_logs_jsonÉsVüüùù   & ù "  & ù  þr÷z/admin/logs/exportc Csätj dd¡ ¡}tdtttj dd¡ƒdƒƒ}tƒ}| d|f¡  ¡}| d|f¡  ¡}g}|D]C}|  |d |d rBt |d ƒnd d |d pId |dpUd|dpSd›|d|dp]d d|d ¡vsmd|d ¡vrodnddœ¡q1|D]a}|dpƒd|d›}|dp”|dr“d|d›nd }|d} |r¤|d›d|›} |  |d |d r³t |d ƒnd d |d pºd || |dpÁd d!|d ¡vsÑd"|d ¡vrÓd#nddœ¡qw|j d$d%„d&d'|d(krd)d*l m} d)dl} t tt ¡ƒƒt|ƒ|d+œ} | | j| d,d-d.d/d0d1tt ¡ƒ›d2id3} | Sd)d*l m} d)dl}d)d4lm}|ƒ}| |¡}| gd5¢¡|D] }| |d6|d7|d8|d |d|d|d|d9g¡q9| d)¡| | ¡d:d0d1tt ¡ƒ›d;id3S) rêrërÐrìcSr‰)NrorrŠrrrrŒGrz#admin_logs_export..TríÚjsonr)ÚResponse)Úexport_timestampÚ total_logsrïéF)ÚindentÚ ensure_asciirHzContent-Dispositionz attachment; filename=audit_logs_z.json)ÚmimetyperS)ÚStringIO)Ú TimestampÚDateTimeÚTypeÚIPÚUsernameÚActionÚDetailÚSeverityrorúräræztext/csvz.csv)rr‘r3r5rr’r^r rrr]rr”Úflaskrürûr§rVÚdumpsrùÚiorÚwriterÚwriterowÚseekÚgetvalue)Ú format_typerƒrrðrñròrórôrõrörürûÚ response_dataÚresponserùrÚoutputrrrrÚadmin_logs_export sœüüùù   & ø "  & ø  ýý    ø ýrz$/admin/user//stats.jsonc CsÄtƒ}| d|f¡ ¡}|stddiƒdfS| d|f¡ ¡}dd„|Dƒ}t|ƒ}d}d}d}tj t d ¡} ddl } |   d ¡} t  | ¡D]Œ\} } }|D]„}|  ¡}| d ¡sl| d ¡sl| d ¡sl| d¡sl| d¡slqLt|ƒ\}}|s|  |¡}|r|ddd…D] }||vrŒ|}nq‚|rÐ||vrÐtj | |¡}zt |¡}Wn tyªYqLw|t|jƒ7}|d7}|durÆddlm}| |j¡}|dusÎ||krÐ|}qLqE| dd||df¡ ¡}| d||df¡ ¡}| dd|d›f¡ ¡}ddlm}|rt|dƒn |rt| ¡ƒnd}|rt|dƒnd}|r%|dndp)d}d}d}|rC|dpsz(admin_user_stats_json..rz User-photosz[A-Za-z0-9]{12}z.jpgz.jpegz.pngz.gifz.webpéÿÿÿÿr )rúzfSELECT ts, ip FROM auth_log WHERE event = ? AND (user_id = ? OR username = ?) ORDER BY ts DESC LIMIT 1Ú login_successr"zSSELECT ts FROM auth_log WHERE (user_id = ? OR username = ?) ORDER BY ts ASC LIMIT 1zû SELECT aa.ts, aa.admin_user_id, au.username as admin_username FROM admin_audit aa LEFT JOIN users au ON au.id = aa.admin_user_id WHERE aa.action = 'add_user' AND aa.detail LIKE ? ORDER BY aa.ts ASC LIMIT 1 r+r€r/r#rçzAdmin #r-rZr[)rZr"r[) Úuserr\Ú image_countÚ total_bytesÚ first_seen_tsÚ last_login_tsÚ last_login_ipÚcreated_by_usernameÚ created_at_ts)r rr°r rrVr£r¤r¥rr6ÚcompileÚwalkr5ÚendswithrÚfindallÚstatrÒr^Úst_sizerúÚ fromtimestampÚst_mtimero) r*rÚur–Úcam_idsr\rrÚ earliest_tsÚrootr6Ú cam_any_reÚdirpathrvÚfilesÚnameÚnlr€r¨ÚmÚtokenr©ÚstrúÚlastÚ first_authÚ creation_inforrr r!r"rrrÚadmin_user_stats_jsonxsŒ 2  þ  ÿ  €çúú ( $÷r:)7Ú__doc__r£r6r?r8r§r rrrrrrrr rr Úsecurityr Úauditr rÚpathsrrÚimages_servicerrÚhelpersrrrrrÚ__name__ÚbpÚrouterrCr^rFrYrarxrr«rnr´r¼rÁrÃrÙr÷rr:rrrrÚs|(     + 8 -' / ? l