57 lines
1.8 KiB
Python
57 lines
1.8 KiB
Python
"""
|
|
Example route module - Copy this pattern for your domain.
|
|
|
|
This module demonstrates:
|
|
1. Registering routes with Flask app
|
|
2. Using auth validation
|
|
3. Making database calls via postgres module
|
|
"""
|
|
|
|
import os
|
|
import flask
|
|
import jwt
|
|
import core.auth as auth
|
|
import core.postgres as postgres
|
|
|
|
|
|
def _get_user_uuid(token):
|
|
"""Decode JWT to extract user UUID. Returns None on failure."""
|
|
try:
|
|
payload = jwt.decode(token, os.getenv("JWT_SECRET"), algorithms=["HS256"])
|
|
return payload.get("sub")
|
|
except (jwt.ExpiredSignatureError, jwt.InvalidTokenError):
|
|
return None
|
|
|
|
|
|
def register(app):
|
|
"""Register routes with the Flask app."""
|
|
|
|
@app.route("/api/example", methods=["GET"])
|
|
def api_listExamples():
|
|
header = flask.request.headers.get("Authorization", "")
|
|
if not header.startswith("Bearer "):
|
|
return flask.jsonify({"error": "missing token"}), 401
|
|
token = header[7:]
|
|
|
|
user_uuid = _get_user_uuid(token)
|
|
if not user_uuid or not auth.verifyLoginToken(token, userUUID=user_uuid):
|
|
return flask.jsonify({"error": "unauthorized"}), 401
|
|
|
|
items = postgres.select("examples")
|
|
return flask.jsonify(items), 200
|
|
|
|
@app.route("/api/example", methods=["POST"])
|
|
def api_addExample():
|
|
header = flask.request.headers.get("Authorization", "")
|
|
if not header.startswith("Bearer "):
|
|
return flask.jsonify({"error": "missing token"}), 401
|
|
token = header[7:]
|
|
|
|
user_uuid = _get_user_uuid(token)
|
|
if not user_uuid or not auth.verifyLoginToken(token, userUUID=user_uuid):
|
|
return flask.jsonify({"error": "unauthorized"}), 401
|
|
|
|
data = flask.request.get_json()
|
|
item = postgres.insert("examples", data)
|
|
return flask.jsonify(item), 201
|