feat: #309 - Disable JWT auth for newly public endpoints

StubberG3 · StubberG3 · commit 8c4036eb3df4 · 2025-08-25T20:34:02.000-04:00
diff --git a/frontend/src/api/apiClient.ts b/frontend/src/api/apiClient.ts
@@ -3,9 +3,7 @@ import { FormValues } from "../pages/Feedback/FeedbackForm";
 import { Conversation } from "../components/Header/Chat";
 const baseURL = import.meta.env.VITE_API_BASE_URL;
 
-export const publicApi = axios.create({
-  baseURL
-});
+export const publicApi = axios.create({ baseURL });
 
 export const adminApi = axios.create({
   baseURL,
diff --git a/server/api/views/conversations/views.py b/server/api/views/conversations/views.py
@@ -1,7 +1,7 @@
 from rest_framework.response import Response
 from rest_framework import viewsets, status
 from rest_framework.decorators import action
-from rest_framework.permissions import IsAuthenticated
+from rest_framework.permissions import AllowAny
 from rest_framework.exceptions import APIException
 from django.http import JsonResponse
 from bs4 import BeautifulSoup
@@ -81,7 +81,7 @@ def __init__(self, detail=None, code=None):
 
 class ConversationViewSet(viewsets.ModelViewSet):
     serializer_class = ConversationSerializer
-    permission_classes = [IsAuthenticated]
+    permission_classes = [AllowAny]
 
     def get_queryset(self):
         return Conversation.objects.filter(user=self.request.user)
diff --git a/server/api/views/feedback/views.py b/server/api/views/feedback/views.py
@@ -1,4 +1,4 @@
-
+from rest_framework.permissions import AllowAny
 from rest_framework.views import APIView
 from rest_framework.response import Response
 from rest_framework import status
@@ -8,6 +8,8 @@
 
 
 class FeedbackView(APIView):
+    permission_classes = [AllowAny]
+
     def post(self, request, *args, **kwargs):
         serializer = FeedbackSerializer(data=request.data)
         if serializer.is_valid():
diff --git a/server/api/views/listMeds/views.py b/server/api/views/listMeds/views.py
@@ -1,4 +1,5 @@
 from rest_framework import status
+from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
@@ -21,6 +22,8 @@
 
 
 class GetMedication(APIView):
+    permission_classes = [AllowAny]
+
     def post(self, request):
         data = request.data
         state_query = data.get('state', '')
@@ -67,6 +70,8 @@ def post(self, request):
 
 
 class ListOrDetailMedication(APIView):
+    permission_classes = [AllowAny]
+
     def get(self, request):
         name_query = request.query_params.get('name', None)
         if name_query:
@@ -95,15 +100,15 @@ def post(self, request):
         name = data.get('name', '').strip()
         benefits = data.get('benefits', '').strip()
         risks = data.get('risks', '').strip()
-        
+
         # Validate required fields
         if not name:
             return Response({'error': 'Medication name is required'}, status=status.HTTP_400_BAD_REQUEST)
         if not benefits:
             return Response({'error': 'Medication benefits are required'}, status=status.HTTP_400_BAD_REQUEST)
         if not risks:
             return Response({'error': 'Medication risks are required'}, status=status.HTTP_400_BAD_REQUEST)
-        
+
         # Check if medication already exists
         if Medication.objects.filter(name=name).exists():
             return Response({'error': f'Medication "{name}" already exists'}, status=status.HTTP_400_BAD_REQUEST)
@@ -123,11 +128,11 @@ class DeleteMedication(APIView):
     def delete(self, request):
         data = request.data
         name = data.get('name', '').strip()
-        
+
         # Validate required fields
         if not name:
             return Response({'error': 'Medication name is required'}, status=status.HTTP_400_BAD_REQUEST)
-        
+
         # Check if medication exists and delete
         try:
             medication = Medication.objects.get(name=name)
