from fastapi import FastAPI, HTTPException
import subprocess

app = FastAPI()

# Whitelist allowed actions (VERY important)
COMMANDS = {
    "restart_nginx": ["sudo", "systemctl", "restart", "nginx"],
    "uptime": ["uptime"],
    "update": ["sudo", "apt", "update"]
}

@app.post("/run")
def run_task(task: str, token: str):
    # simple auth check (replace with real auth later)
    if token != "MY_SECRET_TOKEN":
        raise HTTPException(status_code=403, detail="Unauthorized")

    if task not in COMMANDS:
        raise HTTPException(status_code=400, detail="Invalid task")

    try:
        result = subprocess.check_output(COMMANDS[task], text=True)
        return {"output": result}
    except subprocess.CalledProcessError as e:
        return {"error": e.output}