From 4c99dce6f01ecb352621368a747ef07bbfc6edf4 Mon Sep 17 00:00:00 2001
From: wuttinanhi <wuttinanhi@gmail.com>
Date: Thu, 22 Sep 2022 17:56:44 +0000
Subject: [PATCH] add admin only decorator

---
 admin/__init__.py |  0
 admin/service.py  | 11 +++++++++++
 auth/decorator.py | 19 +++++++++++++++++++
 dev.env           |  1 +
 4 files changed, 31 insertions(+)
 create mode 100644 admin/__init__.py
 create mode 100644 admin/service.py

diff --git a/admin/__init__.py b/admin/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/admin/service.py b/admin/service.py
new file mode 100644
index 0000000..63e815d
--- /dev/null
+++ b/admin/service.py
@@ -0,0 +1,11 @@
+"""
+    admin service
+"""
+
+import os
+
+
+class AdminService:
+    @staticmethod
+    def is_valid_admin_key(key: str):
+        return key == os.getenv("ADMIN_KEY")
diff --git a/auth/decorator.py b/auth/decorator.py
index e120f26..2e3d956 100644
--- a/auth/decorator.py
+++ b/auth/decorator.py
@@ -4,6 +4,7 @@
 
 from functools import wraps
 
+from admin.service import AdminService
 from flask import request
 from jwt_wrapper.service import JwtService
 from user.service import UserService
@@ -27,3 +28,21 @@ def decorated_function(*args, **kwargs):
         return {"error": "Unauthorized!"}, 401
 
     return decorated_function
+
+
+def admin_only(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        auth_header = request.headers.get("X-API-KEY")
+        if auth_header == None:
+            return {"error": "Unauthorized!"}, 401
+
+        admin_key = auth_header
+        check = AdminService.is_valid_admin_key(admin_key)
+
+        if check:
+            return f(*args, **kwargs)
+
+        return {"error": "Unauthorized!"}, 401
+
+    return decorated_function
diff --git a/dev.env b/dev.env
index 26a121c..747ad25 100644
--- a/dev.env
+++ b/dev.env
@@ -1,2 +1,3 @@
 ENV=dev
 DATABASE_URI=mysql+mysqldb://appuser:app-password@127.0.0.1:3306/appdb?charset=utf8mb4
+ADMIN_KEY=@Dev12345