Merge branch 'main' of https://hackethon.ai/hack/HackXlbef/FreeBug

backend/utils/auth.py

@@ -4,10 +4,7 @@ from sqlalchemy import select, and_
 from ..db.model import User, Session, db
 from ..constants import UserRole
 
-def requires_role(roles=None):
+def auth_required():
-    if roles is None:
-        roles = [UserRole.USER, UserRole.ADMIN]
-    roles = [int(r) for r in roles]
     def decorator(f):
         @wraps(f)
         def decorated_function(*args, **kwargs):
@@ -23,17 +20,26 @@ def requires_role(roles=None):
             ).scalar()
             if not session:
                 return jsonify({'error': 'Invalid or expired session'}), 401
-
             user: User = session.user
             if not user:
                 return jsonify({'error': 'User not found for the Access token'}), 401
             g.current_session = session
             g.current_user = user
-            # If no roles specified, allow access
+            g.is_authed = True
-            if not roles:
+            return f(*args, **kwargs)
-                return f(*args, **kwargs)
+        return decorated_function
-            if user.role in roles:
+    return decorator
+
+def requires_role(roles=None):
+    if roles is None:
+        roles = [UserRole.USER, UserRole.ADMIN]
+    roles = [int(r) for r in roles]
+    def decorator(f):
+        @wraps(f)
+        def decorated_function(*args, **kwargs):
+            if g.get('is_authed', False) is False:
+                return jsonify({'error': 'Unauthorized'})
+            if g.current_user.role in roles:
                 return f(*args, **kwargs)
-            return jsonify({'error': 'Not authorized'}), 403
         return decorated_function
     return decorator