Hetzner-Backup/v2_adminpanel/ROUTING_ISSUES_REPORT.md

V2 Admin Panel - Routing Issues Report

Generated: 2025-06-17

Summary of Findings

After systematically analyzing the v2_adminpanel application, I've identified several routing issues that need to be addressed:

1. Missing Blueprint Prefixes in url_for() Calls

The following templates have url_for() calls that are missing the required blueprint prefix:

In profile.html:

• url_for('change_password') → Should be url_for('auth.change_password')
• url_for('disable_2fa') → Should be url_for('auth.disable_2fa')
• url_for('setup_2fa') → Should be url_for('auth.setup_2fa')

In setup_2fa.html:

• url_for('profile') → Should be url_for('auth.profile')
• url_for('enable_2fa') → Should be url_for('auth.enable_2fa')

In backup_codes.html:

• url_for('profile') → Should be url_for('auth.profile')

In resource_history.html:

• url_for('resources') → Should be url_for('resources.resources')
• url_for('edit_license', license_id=...) → Should be url_for('licenses.edit_license', license_id=...)

In resource_metrics.html:

• url_for('resources') → Should be url_for('resources.resources')
• url_for('resources_report') → Should be url_for('resources.resource_report')

In resource_report.html:

• url_for('resources') → Should be url_for('resources.resources')
• url_for('resources_report') → Should be url_for('resources.resource_report')

In sessions.html:

• url_for('sessions', ...) → Should be url_for('sessions.sessions', ...)

In audit_log.html:

• url_for('audit_log', ...) → Should be url_for('admin.audit_log', ...)

In licenses.html:

• url_for('licenses', ...) → Should be url_for('licenses.licenses', ...)

In customers.html:

• url_for('customers', ...) → Should be url_for('customers.customers', ...)

In resources.html:

• Several instances of incorrect references:
  • url_for('customers.customers_licenses', ...) → Should be url_for('customers.customers_licenses', ...)
  • url_for('licenses.edit_license', ...) → Correct
  • url_for('resource_history', ...) → Should be url_for('resources.resource_history', ...)
  • url_for('edit_license', ...) → Should be url_for('licenses.edit_license', ...)
  • url_for('customers_licenses', ...) → Should be url_for('customers.customers_licenses', ...)

2. Hardcoded URLs That Need Replacement

Many templates contain hardcoded URLs that should be replaced with url_for() calls:

In base.html:

• href="/" → Should be href="{{ url_for('admin.index') }}"
• href="/profile" → Should be href="{{ url_for('auth.profile') }}"
• href="/logout" → Should be href="{{ url_for('auth.logout') }}"
• href="/customers-licenses" → Should be href="{{ url_for('customers.customers_licenses') }}"
• href="/customer/create" → Should be href="{{ url_for('customers.create_customer') }}"
• href="/create" → Should be href="{{ url_for('licenses.create_license') }}"
• href="/batch" → Should be href="{{ url_for('batch.batch_licenses') }}"
• href="/audit" → Should be href="{{ url_for('admin.audit_log') }}"
• href="/sessions" → Should be href="{{ url_for('sessions.sessions') }}"
• href="/backups" → Should be href="{{ url_for('admin.backups') }}"
• href="/security/blocked-ips" → Should be href="{{ url_for('admin.blocked_ips') }}"

In customers_licenses.html and customers_licenses_old.html:

• Multiple hardcoded URLs for editing, creating, and exporting that need to be replaced with proper url_for() calls

In edit_license.html, create_customer.html, index.html:

• href="/customers-licenses" → Should use url_for()

In dashboard.html:

• Multiple hardcoded URLs that should use url_for()

In error pages (404.html, 500.html):

• href="/" → Should be href="{{ url_for('admin.index') }}"

3. Blueprint Configuration

Current blueprint configuration:

• export_bp has url_prefix='/export'
• api_bp has url_prefix='/api'
• All other blueprints have no url_prefix

4. Route Naming Inconsistencies

Some routes have inconsistent naming between the route definition and the function name:

• Route /resources/report has function name resource_report (note the singular vs plural)
• This causes confusion with url_for() calls

5. Duplicate Route Risk Areas

While no exact duplicates were found, there are potential conflicts:

• Both admin_bp and customer_bp might handle customer-related routes
• API routes in api_bp overlap with functionality in other blueprints

Recommendations

1. Fix all url_for() calls to include the correct blueprint prefix
2. Replace all hardcoded URLs with url_for() calls
3. Standardize route naming to match function names
4. Add url_prefix to blueprints where appropriate to avoid conflicts
5. Create a route mapping document for developers to reference

Priority Actions

1. High Priority: Fix missing blueprint prefixes in url_for() calls - these will cause runtime errors
2. High Priority: Replace hardcoded URLs in navigation (base.html) - affects site-wide navigation
3. Medium Priority: Fix other hardcoded URLs in individual templates
4. Low Priority: Refactor route naming for consistency