88 lines
2.7 KiB
Markdown
88 lines
2.7 KiB
Markdown
# Portal Auth Admin Dashboard
|
|
|
|
Web dashboard to view and edit the `portal_auth` database. **Only users with role `admin`** in the `users` table can log in.
|
|
|
|
## Setup
|
|
|
|
1. Copy `.env.example` to `.env` and set:
|
|
- `DB_AUTH_HOST`, `DB_AUTH_PORT`, `DB_AUTH_NAME`, `DB_AUTH_USER`, `DB_AUTH_PASSWORD` (same as your portal auth DB)
|
|
- `SECRET_KEY` (random string for session signing)
|
|
|
|
2. Install dependencies:
|
|
```bash
|
|
pip install -r requirements.txt
|
|
```
|
|
|
|
3. Run the app:
|
|
```bash
|
|
python app.py
|
|
```
|
|
By default it listens on `http://0.0.0.0:5000`.
|
|
|
|
## Features
|
|
|
|
- **Login**: Admin only (role = `admin`, `is_active` = true). Passwords verified with bcrypt (or legacy salt:hash).
|
|
- **Dashboard**: Links to each table.
|
|
- **Users**: View all; create new user; edit role (admin/support) and active flag; change password.
|
|
- **Sessions**: View active sessions; revoke (delete) a session.
|
|
- **Auth logs**: View only (append-only log).
|
|
- **API tokens**: View; activate/deactivate; delete.
|
|
|
|
## Git repository
|
|
|
|
- **URL:** http://10.20.30.250:3000/nearxos/portal-auth-dashboard
|
|
- **Clone:** `git clone http://10.20.30.250:3000/nearxos/portal-auth-dashboard.git`
|
|
|
|
## Deployment to Auth LXC (10.110.60.210)
|
|
|
|
The LXC has no direct access to Git. Deploy by **uploading the project from your PC** via SSH/rsync.
|
|
|
|
From your PC (with SSH and rsync):
|
|
|
|
```bash
|
|
./deploy/deploy.sh
|
|
```
|
|
|
|
Or explicitly from the project dir:
|
|
|
|
```bash
|
|
./deploy/deploy-from-pc.sh
|
|
```
|
|
|
|
This will:
|
|
- **Rsync** the project to `root@10.110.60.210:/opt/portal-auth-dashboard` (excluding `.env`, `.git`, `venv`).
|
|
- **On the server:** create/update venv, install dependencies, create `.env` from `deploy/.env.server` if missing, install and restart the systemd unit.
|
|
|
|
**After first deploy**, on the server set the real credentials:
|
|
|
|
```bash
|
|
ssh root@10.110.60.210
|
|
nano /opt/portal-auth-dashboard/.env # set DB_AUTH_PASSWORD and SECRET_KEY
|
|
systemctl restart portal-auth-dashboard
|
|
```
|
|
|
|
Dashboard URL: **http://10.110.60.210:5000**
|
|
|
|
### Manual deploy (if the script is not used)
|
|
|
|
On the server (Debian):
|
|
|
|
```bash
|
|
apt-get update && apt-get install -y python3-venv python3-pip rsync
|
|
mkdir -p /opt/portal-auth-dashboard
|
|
```
|
|
|
|
From your machine, sync the project (excluding `.env`, `venv`, `.git`), then on the server:
|
|
|
|
```bash
|
|
cd /opt/portal-auth-dashboard
|
|
python3 -m venv venv && ./venv/bin/pip install -r requirements.txt
|
|
cp deploy/.env.server .env # then edit .env
|
|
cp deploy/portal-auth-dashboard.service /etc/systemd/system/
|
|
systemctl daemon-reload && systemctl enable --now portal-auth-dashboard
|
|
```
|
|
|
|
## Production notes
|
|
|
|
Run behind a reverse proxy (e.g. nginx) with HTTPS. Set `SECRET_KEY` and ensure the app can reach the Auth DB (on the same host use `DB_AUTH_HOST=127.0.0.1`).
|