security: harden proxy IP trust, token flow, health and sessions

routes/admin_api/core.py

@@ -3,6 +3,8 @@
 from __future__ import annotations
 
 import os
+import stat
+import tempfile
 import time
 
 import database
@@ -153,6 +155,9 @@ def admin_logout():
     session.pop("admin_id", None)
     session.pop("admin_username", None)
     session.pop("admin_reauth_until", None)
+    session.pop("_user_id", None)
+    session.pop("_fresh", None)
+    session.pop("_id", None)
     return jsonify({"success": True})
 
 
@@ -200,11 +205,14 @@ time.sleep(3)
 os._exit(0)
 """
 
-        with open("/tmp/restart_container.py", "w") as f:
-            f.write(restart_script)
+        with tempfile.NamedTemporaryFile("w", suffix=".py", prefix="restart_container_", delete=False) as temp_file:
+            temp_file.write(restart_script)
+            script_path = temp_file.name
+
+        os.chmod(script_path, stat.S_IRUSR | stat.S_IWUSR)
 
         subprocess.Popen(
-            ["python3", "/tmp/restart_container.py"],
+            ["python3", script_path],
             stdout=subprocess.DEVNULL,
             stderr=subprocess.DEVNULL,
             start_new_session=True,