Update Dockerfile

Dockerfile

@@ -1,116 +1,114 @@
-# Use official LibreChat base image
 FROM ghcr.io/danny-avila/librechat-dev:latest
 
-# Install Python dependencies
+# Install dependencies
 USER root
 RUN apk update && apk add --no-cache \
+    caddy \
     python3 \
     py3-pip \
-    sqlite \
-    && pip3 install flask werkzeug waitress requests pymongo waitress --break-system-packages
-
-# Setup directory structure
-RUN mkdir -p /app/{admin/{templates,static},data,uploads,client/public/images,api/logs} \
-    && mkdir -p /app/uploads/temp \
-    && chown -R 1000:1000 /app \
-    && chmod -R 777 /app/uploads \
-    && chmod -R 777 /app/client/public/images \
-    && chmod -R 777 /app/api/logs
-
-# ===== ADMIN PANEL (Adapted from LibreChat community) =====
-COPY <<"EOF" /app/admin/app.py
-from flask import Flask, request, jsonify, render_template
+    py3-pipx \
+    && pipx install flask pymongo
+
+# Create admin structure
+RUN mkdir -p /app/sudo/{templates,static} \
+    && chown -R 1000:1000 /app
+
+# ===== Admin Backend =====
+COPY <<"EOF" /app/sudo/app.py
+from flask import Flask, request, jsonify
 from pymongo import MongoClient
 from werkzeug.security import generate_password_hash
 import os
-from waitress import serve
+from datetime import datetime
+from functools import wraps
 
-app = Flask(__name__, template_folder='/app/admin/templates')
+app = Flask(__name__)
 app.secret_key = os.getenv("FLASK_SECRET")
 
-# Connect to LibreChat's MongoDB
-client = MongoClient(os.getenv("MONGO_URI", "mongodb://localhost:27017"))
+# MongoDB connection
+client = MongoClient(os.getenv("MONGO_URI", "mongodb://localhost:27017/librechat"))
 db = client.get_default_database()
 
-@app.route('/admin')
-def admin_home():
-    return render_template('login.html')
-
-@app.route('/admin/login', methods=['POST'])
-def login():
-    if request.json.get('admin_secret') == os.getenv("SUDO_SECRET"):
-        return jsonify({"status": "success", "token": os.getenv("SUDO_SECRET")})
-    return jsonify({"error": "Invalid secret"}), 403
-
-@app.route('/admin/users', methods=['GET'])
+# Authentication decorator
+def sudo_required(f):
+    @wraps(f)
+    def wrapper(*args, **kwargs):
+        auth_token = request.headers.get('X-Sudo-Token')
+        if auth_token != os.getenv("SUDO_SECRET"):
+            return jsonify({"error": "Unauthorized"}), 403
+        return f(*args, **kwargs)
+    return wrapper
+
+# Sudo API endpoints
+@app.route('/sudo/users', methods=['GET'])
+@sudo_required
 def list_users():
-    if request.headers.get('X-Admin-Token') != os.getenv("SUDO_SECRET"):
-        return jsonify({"error": "Unauthorized"}), 403
-    users = list(db.users.find({}, {"_id": 0, "username": 1, "email": 1}))
+    users = list(db.users.find({}, {
+        "_id": 0,
+        "username": 1,
+        "email": 1,
+        "createdAt": 1,
+        "lastLogin": 1
+    }))
     return jsonify(users)
 
-@app.route('/admin/users', methods=['POST'])
+@app.route('/sudo/users', methods=['POST'])
+@sudo_required
 def add_user():
-    if request.headers.get('X-Admin-Token') != os.getenv("SUDO_SECRET"):
-        return jsonify({"error": "Unauthorized"}), 403
     user_data = {
         "username": request.json["username"],
         "password": generate_password_hash(request.json["password"]),
         "email": request.json.get("email", ""),
+        "createdAt": datetime.utcnow(),
         "role": "user"
     }
     db.users.insert_one(user_data)
-    return jsonify({"status": "User added"})
-
-@app.route('/admin/users', methods=['DELETE'])
-def delete_user():
-    if request.headers.get('X-Admin-Token') != os.getenv("SUDO_SECRET"):
-        return jsonify({"error": "Unauthorized"}), 403
-    db.users.delete_one({"username": request.json["username"]})
+    return jsonify({"status": "User added"}), 201
+
+@app.route('/sudo/users/<username>', methods=['DELETE'])
+@sudo_required
+def delete_user(username):
+    result = db.users.delete_one({"username": username})
+    if result.deleted_count == 0:
+        return jsonify({"error": "User not found"}), 404
     return jsonify({"status": "User deleted"})
 
 if __name__ == "__main__":
-    serve(app, host='0.0.0.0', port=5000)
+    app.run(host='0.0.0.0', port=5000)
 EOF
 
-# ===== ADMIN TEMPLATES =====
-COPY <<"EOF" /app/admin/templates/login.html
-<!DOCTYPE html>
-<html>
-<head>
-    <title>Admin Login</title>
-    <style>
-        body { font-family: Arial; padding: 20px; }
-        form { max-width: 400px; margin: 0 auto; }
-        input, button { width: 100%; padding: 8px; margin: 5px 0; }
-    </style>
-</head>
-<body>
-    <form id="loginForm">
-        <h2>Admin Login</h2>
-        <input type="password" placeholder="Admin Secret" required>
-        <button type="submit">Login</button>
-    </form>
-    <script>
-        document.getElementById('loginForm').onsubmit = async (e) => {
-            e.preventDefault();
-            const response = await fetch('/admin/login', {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ admin_secret: e.target[0].value })
-            });
-            if (response.ok) {
-                localStorage.setItem('admin_token', await response.text());
-                window.location.href = '/admin/dashboard';
-            } else {
-                alert('Invalid secret!');
-            }
-        };
-    </script>
-</body>
-</html>
-EOF
+# ===== Caddy Configuration =====
+COPY <<"EOF" /etc/caddy/Caddyfile
+{
+    admin off
+    auto_https off
+}
+
+:7860 {
+    # LibreChat API (protected)
+    handle_path /api/* {
+        reverse_proxy localhost:3080
+    }
 
+    # Sudo API endpoints
+    handle_path /sudo/* {
+        reverse_proxy localhost:5000
+    }
+
+    # Sudo panel static files
+    handle_path /sudo-panel/* {
+        root * /app/sudo
+        file_server
+    }
+
+    # Main LibreChat frontend
+    handle {
+        root * /app/client/dist
+        try_files {path} /index.html
+        file_server
+    }
+}
+EOF
 
 
 # Startup script