"""Admin routes and panel.""" from flask import Blueprint, render_template, jsonify, request, current_app from database import get_db from decorators import token_required, role_required, get_user_badge admin_bp = Blueprint('admin', __name__) def get_socketio(): """Get SocketIO instance from current app context.""" return current_app.extensions.get('socketio') @admin_bp.route('/api/admin/users', methods=['POST']) @token_required @role_required('Admin') def admin_get_users(): """Get all users (admin only).""" db = get_db(current_app) users = db.execute('SELECT id, username, is_banned FROM users').fetchall() result = [] for u in users: ud = dict(u) ud['badge'] = get_user_badge(u['username']) result.append(ud) return jsonify(result) @admin_bp.route('/api/admin/ban', methods=['POST']) @token_required @role_required('Admin') def admin_ban(): """Ban or unban a user (admin only).""" data = request.json user_id, status = data.get('user_id'), int(data.get('ban', 1)) db = get_db(current_app) db.execute('UPDATE users SET is_banned = ? WHERE id = ?', (status, user_id)) db.commit() socketio = get_socketio() if socketio: socketio.emit('user_ban_status', {'user_id': user_id, 'is_banned': status}) return jsonify({'status': 'updated'}) @admin_bp.route('/api/admin/servers', methods=['POST']) @token_required @role_required('Admin') def admin_get_servers(): """Get all servers (admin only).""" return jsonify([dict(s) for s in get_db(current_app).execute('SELECT id, name FROM servers').fetchall()]) @admin_bp.route('/api/admin/channels', methods=['POST']) @token_required @role_required('Admin') def admin_get_channels(): """Get channels in a server (admin only).""" sid = request.json.get('server_id') return jsonify([dict(c) for c in get_db(current_app).execute( 'SELECT id, name FROM channels WHERE server_id = ?', (sid,) ).fetchall()]) @admin_bp.route('/api/admin/messages', methods=['POST']) @token_required @role_required('Admin') def admin_get_messages(): """Get messages in a channel (admin only).""" cid = request.json.get('channel_id') msgs = get_db(current_app).execute( 'SELECT m.id, m.content, m.timestamp, u.username FROM messages m JOIN users u ON m.sender_id = u.id WHERE m.channel_id = ? ORDER BY m.timestamp DESC LIMIT 100', (cid,) ).fetchall() return jsonify([dict(m) for m in msgs]) @admin_bp.route('/api/admin/bulk-delete', methods=['POST']) @token_required @role_required('Admin') def admin_bulk_delete(): """Bulk delete messages (admin only).""" ids = request.json.get('message_ids', []) db = get_db(current_app) for mid in ids: db.execute('DELETE FROM messages WHERE id = ?', (mid,)) socketio = get_socketio() if socketio: socketio.emit('delete_message', {'id': mid}) db.commit() return jsonify({'deleted': len(ids)}) @admin_bp.route('/api/admin/message/', methods=['DELETE']) @token_required @role_required('Admin') def admin_delete_message(msg_id): """Delete a single message (admin only).""" db = get_db(current_app) db.execute('DELETE FROM messages WHERE id = ?', (msg_id,)) db.commit() socketio = get_socketio() if socketio: socketio.emit('delete_message', {'id': msg_id}) return jsonify({'status': 'deleted'}) @admin_bp.route('/ihazadmin') @token_required @role_required('Admin') def ihazadmin(): """Admin panel page.""" return render_template('admin.html')