Server-side support for checking JWTs

c-simpson · c-simpson · commit dfe8a3e85d61 · 2021-04-10T20:24:45.000-04:00
diff --git a/src/server/api/admin_api.py b/src/server/api/admin_api.py
@@ -11,6 +11,8 @@
 from config import engine
 from flask import request, redirect, jsonify, current_app, abort
 from api.file_uploader import validate_and_arrange_upload
+
+from api import jwt_ops
 from config import (
     RAW_DATA_PATH,
     CURRENT_SOURCE_FILES_PATH,
@@ -26,6 +28,7 @@ def __allowed_file(filename):
 
 # file upload tutorial
 @admin_api.route("/api/file", methods=["POST"])
+@jwt_ops.admin_required
 def uploadCSV():
     if "file" not in request.files:
         return redirect(request.url)
@@ -43,6 +46,7 @@ def uploadCSV():
 
 
 @admin_api.route("/api/listCurrentFiles", methods=["GET"])
+@jwt_ops.admin_required
 def list_current_files():
     result = None
 
@@ -56,6 +60,7 @@ def list_current_files():
 
 
 @admin_api.route("/api/execute", methods=["GET"])
+@jwt_ops.admin_required
 def execute():
     current_app.logger.info("Execute flow")
     flow_script.start_flow()
@@ -109,6 +114,7 @@ def get_statistics():
 
 
 @admin_api.route("/api/statistics", methods=["GET"])
+@jwt_ops.admin_required
 def list_statistics():
     """ Pull Last Execution stats from DB. """
     current_app.logger.info("list_statistics() request")
@@ -134,6 +140,7 @@ def list_statistics():
 
 
 @admin_api.route("/api/get_execution_status/<int:job_id>", methods=["GET"])
+@jwt_ops.admin_required
 def get_exec_status(job_id):
     """ Get the execution status record from the DB for the specified job_id """
 
diff --git a/src/server/api/common_api.py b/src/server/api/common_api.py
@@ -9,6 +9,8 @@
 import dateutil.parser
 from secrets import SHELTERLUV_SECRET_TOKEN
 
+from api import jwt_ops
+
 
 @common_api.route('/api/timeout_test/<duration>', methods=['GET'])
 def get_timeout(duration):
@@ -21,6 +23,7 @@ def get_timeout(duration):
     return results
 
 @common_api.route('/api/contacts/<search_text>', methods=['GET'])
+@jwt_ops.jwt_required()
 def get_contacts(search_text):
     with engine.connect() as connection:
         search_text = search_text.lower()
@@ -45,6 +48,7 @@ def get_contacts(search_text):
 
 
 @common_api.route('/api/360/<matching_id>', methods=['GET'])
+@jwt_ops.jwt_required()
 def get_360(matching_id):
     result = {}
 
