Admin Panel¶
Files: admin_routes.py, admin_db_operations.py, admin_subscription_routes.py, admin_control_flags.py
What the Admin Panel Does¶
The admin panel is the control center for Lenzeye operations. All user management, subscription assignment, encryption key management, feature toggles, and association management flows through here.
Admin Authentication¶
- Admin login uses OTP-based email verification (same as users, separate OTP storage)
otp_storagedict inadmin_routes.pyholds pending OTPs in memory- After OTP verification, admin session is set
- Separate
verify_admin_otp.htmlandadmin_login.htmltemplates
Dashboard Capabilities¶
| Section | What It Does |
|---|---|
| User Management | View all users, delete users, update plans, toggle admin status |
| Storage Management | Set per-user storage limits, trigger Wasabi storage recalculation |
| Encryption Dashboard | Enable/disable encryption per user, rotate user keys, view key versions |
| Subscription Management | Assign subscription plans, view active subscriptions |
| Lab Portal Access | Grant/revoke lab portal access per user, set lab ID and PIN |
| Feature Toggles | Enable/disable platform-wide features via AdminControlFlags |
| Association Management | Create and manage photography associations |
| Collaboration Oversight | View, approve, or reject collaboration requests |
AdminControlFlags Model¶
File: admin_control_flags.py
Global feature toggles stored in the database:
| Flag | Default | Effect |
|---|---|---|
auto_approve_collaboration_requests |
False | Auto-approve collaboration matches |
enable_razorpay_payment |
False | Show Razorpay payment UI |
enable_choosing_plan_options |
False | Allow users to self-select plans |
enable_wasabi_cloudflare_setup |
False | Use Cloudflare-fronted Wasabi URLs |
enable_dark_theme |
False | Enable dark theme across all pages |
Accessed via get_admin_flags() — returns the single row from admin_control_flags table.
Key Admin Operations¶
Encryption Management¶
```python
From admin_routes.py imports:¶
from lenzeye_encryption_service import ( generate_master_key, has_master_key, get_or_create_user_key, rotate_user_key, ) ```
- Admin can enable encryption for a user (
encrypt_data_b = True) — triggers key generation - Admin can rotate a user's key — old key retained, new key created as active
- Admin can check master key status — confirms MASTER_KEY env var is set
- Admin can generate a new master key (for initial setup only)
Storage Calculation¶
python
from admin_db_operations import calculate_storage_used_from_wasabi
- Queries Wasabi S3 to sum all object sizes under a user's email prefix
- Updates
user.storage_usedin PostgreSQL SKIP_WASABI_ON_LOAD = Trueby default — skip auto-calculation on dashboard load for performance
Lab Portal Management¶
python
from lab_portal_async import async_set_lab_portal_access
- Async function to grant/revoke lab portal access
- Generates unique
lab_id(e.g.,LNZ-LAB-XXXX) and setslab_pin - Runs in background thread to avoid blocking dashboard request
Local DB Mirror¶
admin_routes.py maintains a read-only local SQLite mirror (DSS_local.db) for fast dashboard queries:
python
def fetch_all_users_from_local() -> list[dict]
def fetch_user_from_local(email: str) -> dict | None
- SQLite reads are fast and don't hit PostgreSQL
- Used for display-only operations (user list, search)
- Writes always go to PostgreSQL (the authoritative DB)
TL;DR¶
What it does: Full platform control — user management, encryption, subscriptions, lab access, feature flags, associations.
Key techniques: OTP admin auth, in-memory OTP storage, AdminControlFlags DB model for feature toggles, async lab portal operations, local SQLite mirror for fast user listing, encryption key management via lenzeye_encryption_service.