init

2025-12-08 14:31:21 +08:00
commit ad2c65affb
35 changed files with 3500 additions and 0 deletions
--- a/routes/user.py
+++ b/routes/user.py
@@ -0,0 +1,79 @@
+from flask import Blueprint, render_template, session, redirect, url_for, jsonify, request
+import sqlite3
+import secrets
+
+user_bp = Blueprint('user', __name__)
+
+def get_db_connection():
+    conn = sqlite3.connect('pt_manager.db')
+    conn.row_factory = sqlite3.Row
+    return conn
+
+@user_bp.route('/user')
+def user_index():
+    if 'user_id' not in session:
+        return redirect(url_for('auth.login'))
+    
+    if session['role'] != 'admin':
+        return redirect(url_for('main.index'))
+    
+    conn = get_db_connection()
+    users = conn.execute('SELECT id, username, role, created_at FROM users').fetchall()
+    conn.close()
+    
+    return render_template('user/index.html', users=users)
+
+@user_bp.route('/user/add', methods=['POST'])
+def add_user():
+    if 'user_id' not in session:
+        return jsonify({'error': 'Authentication required'}), 401
+    
+    if session['role'] != 'admin':
+        return jsonify({'error': 'Admin access required'}), 403
+    
+    username = request.form.get('username')
+    role = request.form.get('role', 'user')
+    
+    if not username:
+        return jsonify({'error': 'Username is required'}), 400
+    
+    # Generate a random password
+    password = secrets.token_hex(8)
+    
+    conn = get_db_connection()
+    try:
+        conn.execute(
+            'INSERT INTO users (username, password_hash, role) VALUES (?, ?, ?)',
+            (username, password, role)
+        )
+        conn.commit()
+        conn.close()
+        return jsonify({'success': True, 'username': username, 'password': password})
+    except sqlite3.IntegrityError:
+        conn.close()
+        return jsonify({'error': 'Username already exists'}), 400
+    except Exception as e:
+        conn.close()
+        return jsonify({'error': str(e)}), 500
+
+@user_bp.route('/user/delete/<int:user_id>', methods=['POST'])
+def delete_user(user_id):
+    if 'user_id' not in session:
+        return jsonify({'error': 'Authentication required'}), 401
+    
+    if session['role'] != 'admin':
+        return jsonify({'error': 'Admin access required'}), 403
+    
+    # Prevent deleting oneself
+    if user_id == session['user_id']:
+        return jsonify({'error': 'Cannot delete yourself'}), 400
+    
+    conn = get_db_connection()
+    try:
+        conn.execute('DELETE FROM users WHERE id = ?', (user_id,))
+        conn.commit()
+        conn.close()
+        return jsonify({'success': True})
+    except Exception as e:
+        conn.close()
+        return jsonify({'error': str(e)}), 500