# ============================================ # MakLinkApp – backend/api/roster_server.py # Flask API: Users, Roster, Role management # ============================================ from flask import Flask, request, jsonify from flask_cors import CORS from functools import wraps import jwt, os, datetime, hashlib from backend.config.settings import DB_URI, JWT_SECRET app = Flask(__name__) CORS(app, origins=["https://maklinkapp.tfsbd.com"]) # ---- Auth decorator ---- def require_auth(roles=None): def decorator(f): @wraps(f) def wrapper(*args, **kwargs): token = request.headers.get('Authorization', '').replace('Bearer ', '') if not token: return jsonify({'error': 'Unauthorized'}), 401 try: payload = jwt.decode(token, JWT_SECRET, algorithms=['HS256']) if roles and payload.get('role') not in roles: return jsonify({'error': 'Forbidden'}), 403 request.user = payload except jwt.ExpiredSignatureError: return jsonify({'error': 'Token expired'}), 401 except jwt.InvalidTokenError: return jsonify({'error': 'Invalid token'}), 401 return f(*args, **kwargs) return wrapper return decorator # ---- Roster endpoints ---- @app.get('/api/users') @require_auth(roles=['admin', 'manager']) def get_users(): """Return paginated user roster.""" page = int(request.args.get('page', 1)) limit = int(request.args.get('limit', 20)) role = request.args.get('role') # TODO: replace with real DB query users = _mock_users(page, limit, role) return jsonify({'data': users, 'page': page, 'limit': limit, 'total': 48}) @app.get('/api/users/') @require_auth() def get_user(user_id): """Return single user profile.""" # Only admin or the user themselves if request.user.get('role') != 'admin' and request.user.get('sub') != user_id: return jsonify({'error': 'Forbidden'}), 403 return jsonify({'id': user_id, 'name': 'Alaul Karim', 'role': 'admin', 'email': 'a.karim@tfsbd.com'}) @app.post('/api/users') @require_auth(roles=['admin']) def create_user(): """Create a new platform user.""" data = request.get_json() required = ['name', 'email', 'role', 'password'] missing = [f for f in required if f not in data] if missing: return jsonify({'error': f'Missing fields: {", ".join(missing)}'}), 400 pw_hash = hashlib.sha256(data['password'].encode()).hexdigest() # TODO: INSERT INTO users return jsonify({'message': 'User created', 'id': 999}), 201 @app.patch('/api/users/') @require_auth(roles=['admin']) def update_user(user_id): """Update user profile or role.""" data = request.get_json() allowed = {'name', 'role', 'active', 'mfa_enabled'} updates = {k: v for k, v in data.items() if k in allowed} # TODO: UPDATE users SET ... WHERE id = user_id return jsonify({'message': 'User updated', 'updated': list(updates.keys())}) @app.delete('/api/users/') @require_auth(roles=['admin']) def delete_user(user_id): """Soft-delete a user account.""" # TODO: UPDATE users SET active=0 WHERE id = user_id return jsonify({'message': f'User {user_id} deactivated'}) # ---- Class/Roster sync ---- @app.post('/api/roster/sync') @require_auth(roles=['admin', 'manager']) def sync_roster(): """Trigger roster synchronization from external source.""" source = request.json.get('source', 'manual') # TODO: implement sync job (Celery task, etc.) return jsonify({'message': f'Roster sync started from {source}', 'job_id': 'job_001'}) # ---- Analytics ---- @app.get('/api/analytics/summary') @require_auth() def analytics_summary(): return jsonify({ 'active_apps': 12, 'total_users': 48, 'files_managed': 134, 'security_score': 99, 'generated_at': datetime.datetime.utcnow().isoformat() }) # ---- Mock data ---- def _mock_users(page, limit, role): sample = [ {'id': 1, 'name': 'Alaul Karim', 'role': 'admin', 'email': 'a.karim@tfsbd.com'}, {'id': 2, 'name': 'Rashed Karim', 'role': 'manager', 'email': 'r.karim@tfsbd.com'}, {'id': 3, 'name': 'Fatema Islam', 'role': 'analyst', 'email': 'f.islam@tfsbd.com'}, ] if role: sample = [u for u in sample if u['role'] == role] return sample if __name__ == '__main__': app.run(debug=False, host='0.0.0.0', port=5000)