first commit

api/routes/example.py

@@ -0,0 +1,56 @@
+"""
+Example route module - Copy this pattern for your domain.
+
+This module demonstrates:
+1. Registering routes with Flask app
+2. Using auth validation
+3. Making database calls via postgres module
+"""
+
+import os
+import flask
+import jwt
+import core.auth as auth
+import core.postgres as postgres
+
+
+def _get_user_uuid(token):
+    """Decode JWT to extract user UUID. Returns None on failure."""
+    try:
+        payload = jwt.decode(token, os.getenv("JWT_SECRET"), algorithms=["HS256"])
+        return payload.get("sub")
+    except (jwt.ExpiredSignatureError, jwt.InvalidTokenError):
+        return None
+
+
+def register(app):
+    """Register routes with the Flask app."""
+
+    @app.route("/api/example", methods=["GET"])
+    def api_listExamples():
+        header = flask.request.headers.get("Authorization", "")
+        if not header.startswith("Bearer "):
+            return flask.jsonify({"error": "missing token"}), 401
+        token = header[7:]
+
+        user_uuid = _get_user_uuid(token)
+        if not user_uuid or not auth.verifyLoginToken(token, userUUID=user_uuid):
+            return flask.jsonify({"error": "unauthorized"}), 401
+
+        items = postgres.select("examples")
+        return flask.jsonify(items), 200
+
+    @app.route("/api/example", methods=["POST"])
+    def api_addExample():
+        header = flask.request.headers.get("Authorization", "")
+        if not header.startswith("Bearer "):
+            return flask.jsonify({"error": "missing token"}), 401
+        token = header[7:]
+
+        user_uuid = _get_user_uuid(token)
+        if not user_uuid or not auth.verifyLoginToken(token, userUUID=user_uuid):
+            return flask.jsonify({"error": "unauthorized"}), 401
+
+        data = flask.request.get_json()
+        item = postgres.insert("examples", data)
+        return flask.jsonify(item), 201