Skip to content

Admin changes#3737

Open
Ulincsys wants to merge 22 commits intomainfrom
admin-changes
Open

Admin changes#3737
Ulincsys wants to merge 22 commits intomainfrom
admin-changes

Conversation

@Ulincsys
Copy link
Contributor

@Ulincsys Ulincsys commented Feb 25, 2026

Description

  • Add admin dashboard
  • Add admin API routes
  • Add admin_required decorator to protect admin routes

Notes for Reviewers

  • There's a lot more work to do on this interface, but I'd like to get it into main so it stays up to date instead of lagging behind again.
  • Admin users cannot be created via the frontend, and must be added via the augur user add command with the --admin flag

Signed commits

  • Yes, I signed my commits.

Ulincsys and others added 22 commits March 20, 2023 18:39
@Ulincsys
(WIP) Re-enable admin dashboard
6597b38 
Add @requires_admin decorator
Add clarity to backend start error status

Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
Merge branch 'dev' into admin-changes
3ebbd22
@Ulincsys
Merge branch 'dev' into admin-changes
b467bdf
@Ulincsys
Admin updates
880edeb 
- Add ssl decorator to config endpoints
- Fix syntax error in admin_required decorator
- Update dashboard endpoint to use config class directly
- Update dashboard styles with more consistent colors
- Implement config update functionality in admin dashboard

Signed-off-by: Ulincsys <28362836a@gmail.com>
@Ulincsys
Merge branch 'dev' into admin-changes
8c35bab
@Ulincsys
Merge branch 'dev' into admin-changes
c6b0098
@Ulincsys
Merge branch 'dev' into admin-changes
d65595e 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
Clean up after merge
d9de9f5 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
Add more detail to 500 page report
5eae7da 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
Fix missing import
c8b5853 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
Merge branch 'dev' into admin-changes
985f1a2 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
merge dev into admin-changes
fc0a25a 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
implement config updating and user table view
0bb452b 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
add debug log
1cc5e7c 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
Merge branch 'backend-detect-gunicorn-up' into admin-changes
7356865 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
Update config modification logic
1755377 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
Merge branch 'dev' into admin-changes
3995a94 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
Implement remote restart and shutdown
1e7d9c4 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
further work needed in CLI
40658f5 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
Merge branch 'dev' into admin-changes
a892fe6 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
Remove restart/stop functionality for now
9e6b2bd 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys
Merge branch 'main' into admin-changes
c8d3eb5 
Signed-off-by: Ulincsys <ulincsys@gmail.com>
@Ulincsys Ulincsys requested a review from sgoggins as a code owner February 25, 2026 01:17
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 25, 2026
View reviewed changes
scripts/control/restart.py
if signal.getsignal(signal.SIGHUP) != signal.SIG_DFL:
cmd = "nohup " + cmd

Popen(cmd, shell=True)

Check failure

Code scanning / Bandit

subprocess call with shell=True identified, security issue. Error

subprocess call with shell=True identified, security issue.
augur/api/routes/admin.py
from ..server import app
import sqlalchemy as s
import json
from subprocess import run, PIPE, Popen

Check notice

Code scanning / Bandit

Consider possible security implications associated with the subprocess module. Note

Consider possible security implications associated with the subprocess module.
augur/api/routes/admin.py
@app.route(f"/{AUGUR_API_VERSION}/admin/shutdown")
@admin_required
def shutdown_system():
run("augur backend stop-collection-blocking".split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)

Check notice

Code scanning / Bandit

subprocess call - check for execution of untrusted input. Note

subprocess call - check for execution of untrusted input.
augur/api/routes/admin.py
@admin_required
def shutdown_system():
run("augur backend stop-collection-blocking".split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
Popen("augur backend stop", shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)

Check notice

Code scanning / Bandit

Starting a process with a partial executable path Note

Starting a process with a partial executable path
augur/api/routes/admin.py
@admin_required
def shutdown_system():
run("augur backend stop-collection-blocking".split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
Popen("augur backend stop", shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)

Check notice

Code scanning / Bandit

subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell Note

subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
scripts/control/restart.py
@@ -0,0 +1,29 @@
from subprocess import run, PIPE, Popen

Check notice

Code scanning / Bandit

Consider possible security implications associated with the subprocess module. Note

Consider possible security implications associated with the subprocess module.
scripts/control/restart.py
# Ignore SIGTERM from parent process (since we're terminating our parent)
signal.signal(signal.SIGTERM, lambda signum, frame: None)

run("augur backend stop-collection-blocking", shell=True, stderr=PIPE, stdout=PIPE, stdin=PIPE)

Check notice

Code scanning / Bandit

Starting a process with a partial executable path Note

Starting a process with a partial executable path
scripts/control/restart.py
# Ignore SIGTERM from parent process (since we're terminating our parent)
signal.signal(signal.SIGTERM, lambda signum, frame: None)

run("augur backend stop-collection-blocking", shell=True, stderr=PIPE, stdout=PIPE, stdin=PIPE)

Check notice

Code scanning / Bandit

subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell Note

subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
scripts/control/restart.py
signal.signal(signal.SIGTERM, lambda signum, frame: None)

run("augur backend stop-collection-blocking", shell=True, stderr=PIPE, stdout=PIPE, stdin=PIPE)
Popen("augur backend stop", shell=True, stderr=PIPE, stdout=PIPE, stdin=PIPE).wait()

Check notice

Code scanning / Bandit

Starting a process with a partial executable path Note

Starting a process with a partial executable path
scripts/control/restart.py
signal.signal(signal.SIGTERM, lambda signum, frame: None)

run("augur backend stop-collection-blocking", shell=True, stderr=PIPE, stdout=PIPE, stdin=PIPE)
Popen("augur backend stop", shell=True, stderr=PIPE, stdout=PIPE, stdin=PIPE).wait()

Check notice

Code scanning / Bandit

subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell Note

subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
github-actions[bot]
github-actions bot reviewed Feb 25, 2026
View reviewed changes
augur/api/util.py
import beaker

from flask import request, jsonify, current_app
from flask import request, jsonify, current_app, abort
Copy link

@github-actions github-actions bot Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[pylint] reported by reviewdog 🐶
W0611: Unused current_app imported from flask (unused-import)

augur/api/view/augur_view.py
@@ -38,6 +40,13 @@ def unsupported_method(error):

return render_message("405 - Method not supported", "The resource you are trying to access does not support the request method used"), 405
Copy link

@github-actions github-actions bot Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[pylint] reported by reviewdog 🐶
E0602: Undefined variable 'render_message' (undefined-variable)

augur/api/view/augur_view.py
if AUGUR_API_VERSION in str(request.url_rule):
return jsonify({"status": "Forbidden"}), 403

return render_message("403 - Forbidden", "You do not have permission to view this page"), 403
Copy link

@github-actions github-actions bot Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[pylint] reported by reviewdog 🐶
E0602: Undefined variable 'render_message' (undefined-variable)

augur/api/view/augur_view.py
raise e

return render_message("500 - Internal Server Error", "An error occurred while trying to service your request. Please try again, and if the issue persists, please file a GitHub issue with the below error message:", error=stacktrace), 500
return render_message("500 - Internal Server Error", """An error occurred while trying to service your request.
Copy link

@github-actions github-actions bot Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[pylint] reported by reviewdog 🐶
E0602: Undefined variable 'render_message' (undefined-variable)

augur/api/view/augur_view.py
@@ -98,19 +120,16 @@ def load_user(user_id):
@login_manager.request_loader
def load_user_request(request):
Copy link

@github-actions github-actions bot Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[pylint] reported by reviewdog 🐶
W0621: Redefining name 'request' from outer scope (line 1) (redefined-outer-name)

augur/api/view/augur_view.py
from .init import logger
from .url_converters import *

from functools import wraps
Copy link

@github-actions github-actions bot Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[pylint] reported by reviewdog 🐶
W0611: Unused wraps imported from functools (unused-import)

augur/api/view/routes.py
@@ -112,6 +119,10 @@ def repo_card_view():
@app.route('/collection/status')
def status_view():
return render_module("status", title="Status")
Copy link

@github-actions github-actions bot Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[pylint] reported by reviewdog 🐶
E0602: Undefined variable 'render_module' (undefined-variable)

augur/api/view/routes.py

@app.route('/connection_status')
def server_ping_frontend():
return render_module("ping")
Copy link

@github-actions github-actions bot Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[pylint] reported by reviewdog 🐶
E0602: Undefined variable 'render_module' (undefined-variable)

augur/api/view/routes.py
@@ -318,6 +329,7 @@ def user_group_view(group = None):
return render_module("user-group-repos-table", title="Repos", repos=data, query_key=query, activePage=params["page"], pages=page_count, offset=pagination_offset, PS="user_group_view", reverse = rev, sorting = params.get("sort"), group=group)
Copy link

@github-actions github-actions bot Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[pylint] reported by reviewdog 🐶
E0602: Undefined variable 'render_module' (undefined-variable)

augur/api/view/routes.py
backend_config = requestJson("config/get", False)
backend_config = AugurConfig(logger, db_session).load_config()

with get_session() as session:
Copy link

@github-actions github-actions bot Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[pylint] reported by reviewdog 🐶
W0621: Redefining name 'session' from outer scope (line 8) (redefined-outer-name)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@sgoggins sgoggins Awaiting requested review from sgoggins sgoggins is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Ulincsys