Overview The Admin API provides system administration capabilities including user management, AI monitoring, and data maintenance. All endpoints require admin authentication.
Base Path: /admin (UI routes) and /api/admin (API routes)Authentication: Required with admin role (@admin_required decorator)Authentication & Authorization Admin Required Decorator All admin endpoints enforce strict role-based access control:
def admin_required ( f ): @wraps (f) def decorated_function ( * args , ** kwargs ): if 'user_id' not in session: return redirect(url_for( 'auth.login' )) if session.get( 'user_role' ) != 'admin' : flash( 'Bạn không có quyền truy cập trang này!' , 'error' ) return redirect(url_for( 'views.dashboard' )) return f( * args, ** kwargs) return decorated_function
Requirements:
Valid session with user_id
user_role must be exactly 'admin'Non-admin users are redirected with error message
Admin UI Routes These routes render HTML pages for the admin interface.
User Management Page Displays list of all registered users.
Template: admin/users.htmlData Provided:
All users from User.query.all()
User details: ID, name, email, role, status, last login, created date
Example Request curl -X GET https://api.finai.com/admin/users \ -H "Cookie: session=admin-session-cookie"
Category Management Page Interface for managing system-wide category templates.
Template: admin/categories.htmlExample Request curl -X GET https://api.finai.com/admin/categories \ -H "Cookie: session=admin-session-cookie"
AI Monitoring Page Monitors AI prediction accuracy and performance metrics.
Template: admin/ai_monitoring.htmlTypical Metrics:
Category prediction accuracy
AI confidence scores
Prediction feedback (correct/incorrect)
Model performance trends
Example Request curl -X GET https://api.finai.com/admin/ai-monitoring \ -H "Cookie: session=admin-session-cookie"
Chatbot Logs Page View all chatbot conversation logs across users.
Template: admin/chatbot_logs.htmlData Includes:
User questions and AI responses
Timestamps
User IDs
Conversation context
Example Request curl -X GET https://api.finai.com/admin/chatbot-logs \ -H "Cookie: session=admin-session-cookie"
Admin API Endpoints Cleanup Old Chat Logs Delete chatbot conversation logs older than 30 days.
Authentication Required. Must have admin role.
Functionality
Calculates expiration date: datetime.now() - timedelta(days=30)
Queries logs older than expiration: ChatbotLog.created_at < expiration_date
Deletes matching records
Returns count of deleted records
Response Success message with deletion count, or error description
Example Request curl -X DELETE https://api.finai.com/api/admin/cleanup-logs \ -H "Cookie: session=admin-session-cookie"
Example Response { "status" : "success" , "message" : "Đã xóa 247 tin nhắn cũ hơn 30 ngày." }
{ "status" : "error" , "message" : "Database connection failed" }
Error Codes Status Code Description 200 Logs cleaned successfully 401 Unauthorized (not logged in) 403 Forbidden (not admin) 500 Database error
Implementation Details Source: app/routes/admin.py:45-55
@admin_bp.route ( '/api/admin/cleanup-logs' , methods = [ 'DELETE' ]) @admin_required def cleanup_logs (): try : expiration_date = datetime.now() - timedelta( days = 30 ) deleted_count = ChatbotLog.query.filter( ChatbotLog.created_at < expiration_date ).delete() db.session.commit() return jsonify({ 'status' : 'success' , 'message' : f 'Đã xóa { deleted_count } tin nhắn cũ hơn 30 ngày.' }) except Exception as e: db.session.rollback() return jsonify({ 'status' : 'error' , 'message' : str (e)}), 500
Database Models (Admin Context) User Model Source: app/models.py:8-32
class User ( db . Model ): __tablename__ = 'nguoidung' id = db.Column( 'MaNguoiDung' , db.String( 8 ), primary_key = True ) name = db.Column( 'HoTen' , db.String( 100 )) email = db.Column( 'Email' , db.String( 100 ), unique = True , nullable = False ) password_hash = db.Column( 'MatKhau' , db.String( 200 ), nullable = False ) role = db.Column( 'VaiTro' , db.String( 20 ), default = 'user' ) # 'user' or 'admin' status = db.Column( 'TrangThai' , db.Integer, default = 1 ) # 1=active, 0=inactive created_at = db.Column( 'NgayTao' , db.DateTime, default = datetime.now) last_login = db.Column( 'LanDangNhapCuoi' , db.DateTime)
Key Fields for Admin:
role: Determines admin accessstatus: Can be used to suspend userslast_login: Monitor user activitycreated_at: Track user registration dates
ChatbotLog Model Source: app/models.py:152-158
class ChatbotLog ( db . Model ): __tablename__ = 'chatbot_lichsu' id = db.Column( 'MaHoiThoai' , db.String( 8 ), primary_key = True ) user_id = db.Column( 'MaNguoiDung' , db.String( 8 ), db.ForeignKey( 'nguoidung.MaNguoiDung' , ondelete = 'CASCADE' )) question = db.Column( 'NoiDungHoi' , db.Text) answer = db.Column( 'NoiDungTraLoi' , db.Text) created_at = db.Column( 'NgayTao' , db.DateTime, default = datetime.now)
Admin Use Cases:
Monitor AI quality
Identify problematic queries
Generate training data
Track usage patterns
AILog Model Source: app/models.py:134-143
class AILog ( db . Model ): __tablename__ = 'ai_lichsu' id = db.Column( 'MaAI_Log' , db.String( 8 ), primary_key = True ) user_id = db.Column( 'MaNguoiDung' , db.String( 8 ), db.ForeignKey( 'nguoidung.MaNguoiDung' , ondelete = 'CASCADE' )) transaction_id = db.Column( 'MaGiaoDich' , db.String( 8 ), db.ForeignKey( 'giaodich.MaGiaoDich' , ondelete = 'SET NULL' )) predicted_cat = db.Column( 'DanhMucDuDoan' , db.String( 8 ), db.ForeignKey( 'danhmuc.MaDanhMuc' , ondelete = 'CASCADE' )) actual_cat = db.Column( 'DanhMucChinhXac' , db.String( 8 ), db.ForeignKey( 'danhmuc.MaDanhMuc' , ondelete = 'CASCADE' )) confidence = db.Column( 'DoTinCay' , db.Float) feedback = db.Column( 'PhanHoi' , db.String( 50 )) # 'dung' or 'sai' created_at = db.Column( 'NgayTao' , db.DateTime, default = datetime.now)
Admin Analytics:
Calculate prediction accuracy rate
Identify categories with low confidence
Track model performance over time
A/B testing insights
Security Considerations
All admin routes check session.get('user_role') == 'admin'
Redirects prevent unauthorized access
Flash messages inform users of permission issues
No API keys or tokens exposed in admin interface
Admin can view all user data (necessary for support)
Password hashes never exposed in admin UI
Chatbot logs may contain sensitive financial information
Consider GDPR compliance for log retention
Current implementation does NOT log admin actions. Consider adding:
Admin action logging (who deleted logs, when)
User modification history
System configuration changes
Future Enhancements Based on the current implementation, these admin features could be added:
User Management
AI Management
System Monitoring
Bulk Operations
Create/edit/delete users via API
Reset user passwords
Toggle user active/inactive status
View user statistics (transaction counts, AI usage)
Configure AI model parameters
Retrain models with feedback data
Export AI logs for analysis
Real-time AI performance dashboard
Database size and growth metrics
API usage statistics
Error logs and debugging tools
Performance monitoring
Bulk user imports
Category template management
Data migration tools
Batch cleanup operations
Implementation Reference Source: app/routes/admin.py
admin_bp = Blueprint( 'admin' , __name__ ) # UI Routes (render templates) @admin_bp.route ( '/admin/users' ) @admin_bp.route ( '/admin/categories' ) @admin_bp.route ( '/admin/ai-monitoring' ) @admin_bp.route ( '/admin/chatbot-logs' ) # API Routes (JSON responses) @admin_bp.route ( '/api/admin/cleanup-logs' , methods = [ 'DELETE' ])
Error Codes Status Code Description 200 Request successful 302 Redirect (unauthorized access) 401 Unauthorized (not logged in) 403 Forbidden (not admin) 500 Server error
