Refactor first-boot rotation setup to use kernel command line for persistent display rotation. Update documentation to clarify the new method of setting screen orientation (90° clockwise) via cmdline.txt, eliminating the need for one-shot scripts. Enhance logging and user guidance for rotation and wallpaper configuration during first boot.

2026-02-20 20:05:23 +02:00
parent 90296498f5
commit 2777811b32
6 changed files with 88 additions and 22 deletions
--- a/emmc-provisioning/dashboard/app.py
+++ b/emmc-provisioning/dashboard/app.py
@@ -20,7 +20,13 @@ from flask import Flask, render_template, jsonify, request, send_file, redirect,

 from werkzeug.security import generate_password_hash, check_password_hash

+try:
+    from itsdangerous import BadSignature
+except ImportError:
+    BadSignature = Exception  # noqa: disable invalid-name
+
 app = Flask(__name__)
+# Set CM4_DASHBOARD_SECRET_KEY in env (e.g. via /opt/cm4-provisioning/dashboard.env) so sessions persist across restarts
 app.secret_key = os.environ.get("CM4_DASHBOARD_SECRET_KEY", os.urandom(24).hex())

 # --- Paths ---
@@ -90,7 +96,16 @@ def admin_log(action, details=None):
 def require_admin(f):
    @wraps(f)
    def wrapped(*args, **kwargs):
-        if not session.get("admin_logged_in"):
+        try:
+            logged_in = session.get("admin_logged_in")
+        except (BadSignature, ValueError, OSError):
+            # Invalid/rotated secret key or corrupted session cookie → treat as not logged in
+            try:
+                session.clear()
+            except Exception:
+                pass
+            logged_in = False
+        if not logged_in:
            if request.is_json or request.path.startswith("/api/"):
                return jsonify({"ok": False, "error": "Login required"}), 401
            return redirect(url_for("login", next=request.url))
@@ -154,6 +169,26 @@ def no_cache(response):
        response.headers["Pragma"] = "no-cache"
    return response

+
+@app.errorhandler(500)
+def handle_500(err):
+    """Log 500 and return a simple response so the user is not left with a blank error."""
+    import traceback
+    try:
+        traceback.print_exc()
+    except Exception:
+        pass
+    if request.path.startswith("/api/"):
+        return jsonify({"ok": False, "error": "Internal server error"}), 500
+    return (
+        "<!DOCTYPE html><html><head><meta charset='utf-8'><title>Error</title></head><body>"
+        "<h1>Something went wrong</h1><p>Try <a href='/login'>logging in again</a> or <a href='/'>going home</a>.</p>"
+        "</body></html>",
+        500,
+        {"Content-Type": "text/html; charset=utf-8"},
+    )
+
+
 # Default cloud-init user-data for Raspberry Pi OS (NoCloud on boot partition)
 DEFAULT_USER_DATA = """#cloud-config
 package_update: true