Update server.py

server.py

@@ -3,12 +3,14 @@ import random
 import sqlite3
 from datetime import datetime, timedelta
 from flask import Flask, request, jsonify, redirect, session, render_template_string
-from flask import Flask
 from flask_limiter import Limiter
 from flask_limiter.util import get_remote_address
 
+# Initialize Flask
 app = Flask(__name__)
+app.secret_key = os.getenv("FLASK_SECRET_KEY", "supersecretkey")
 
+# Setup limiter (correct method)
 limiter = Limiter(key_func=get_remote_address)
 limiter.init_app(app)
 
@@ -16,17 +18,11 @@ limiter.init_app(app)
 OTP_API_KEY = os.getenv("OTP_API_KEY", "default-api-key")
 ADMIN_USER = os.getenv("ADMIN_USER", "admin")
 ADMIN_PASS = os.getenv("ADMIN_PASS", "password")
-SECRET_KEY = os.getenv("FLASK_SECRET_KEY", "supersecretkey")
 
-app = Flask(__name__)
-app.secret_key = SECRET_KEY
-
-limiter = Limiter(app, key_func=get_remote_address)
-
-# Writable DB path
+# Database location (must be writable in HF Spaces)
 DATABASE = "/tmp/database.db"
 
-# Initialize DB
+# Database setup
 def init_db():
     with sqlite3.connect(DATABASE) as conn:
         c = conn.cursor()
@@ -43,11 +39,17 @@ def init_db():
 
 init_db()
 
+# Helper: generate 6-digit OTP
 def generate_otp():
     return str(random.randint(100000, 999999))
 
+# -------------------------------
+# API ROUTES
+# -------------------------------
+
+# Generate OTP (API)
 @app.route("/generate-otp", methods=["POST"])
-@limiter.limit("5/minute")
+@limiter.limit("5 per minute")
 def api_generate():
     if request.headers.get("X-API-Key") != OTP_API_KEY:
         return jsonify({"error": "Unauthorized"}), 401
@@ -64,11 +66,14 @@ def api_generate():
 
     return jsonify({"otp": otp, "expires_at": expires_at.isoformat()})
 
+# Verify OTP (API)
 @app.route("/verify-otp", methods=["POST"])
-@limiter.limit("10/minute")
+@limiter.limit("10 per minute")
 def verify_otp():
     data = request.get_json()
     otp = data.get("otp")
+    if not otp:
+        return jsonify({"valid": False, "reason": "Missing OTP"}), 400
 
     with sqlite3.connect(DATABASE) as conn:
         c = conn.cursor()
@@ -86,13 +91,17 @@ def verify_otp():
         if datetime.fromisoformat(expires_at) < now:
             return jsonify({"valid": False, "reason": "OTP expired"}), 400
 
+        # Mark as used
         c.execute("UPDATE otps SET used_at = ?, status = ? WHERE id = ?",
                   (now.isoformat(), "used", otp_id))
         conn.commit()
 
     return jsonify({"valid": True})
 
-# Admin login UI
+# -------------------------------
+# ADMIN WEB UI
+# -------------------------------
+
 LOGIN_TEMPLATE = """
 <!DOCTYPE html><html><body>
 <h2>Admin Login</h2>
@@ -113,7 +122,6 @@ def login():
         return "Invalid login", 403
     return render_template_string(LOGIN_TEMPLATE)
 
-# Admin OTP generation UI
 GEN_TEMPLATE = """
 <!DOCTYPE html><html><body>
 <h2>Generate OTP</h2>
@@ -121,7 +129,7 @@ GEN_TEMPLATE = """
   <button type="submit">Generate OTP</button>
 </form>
 {% if otp %}
-<p>OTP: <b>{{ otp }}</b> (expires at {{ expires }})</p>
+<p><b>OTP:</b> {{ otp }}<br><b>Expires:</b> {{ expires }}</p>
 {% endif %}
 <a href="/logout">Logout</a>
 </body></html>
@@ -157,7 +165,14 @@ def logout():
 # Optional debug route
 @app.route("/debug")
 def debug():
-    return f"Database exists: {os.path.exists(DATABASE)}"
+    return jsonify({
+        "db_exists": os.path.exists(DATABASE),
+        "size_bytes": os.path.getsize(DATABASE) if os.path.exists(DATABASE) else 0
+    })
+
+# -------------------------------
+# ENTRY POINT
+# -------------------------------
 
 if __name__ == "__main__":
     app.run(host="0.0.0.0", port=7860)