From 5ff1f2c8bf7f131f5a382f868242df3d6faeb468 Mon Sep 17 00:00:00 2001
From: lennyaiko <lennyaiko17@gmail.com>
Date: Thu, 3 Apr 2025 18:05:44 +0100
Subject: [PATCH] done with JWT

---
 app/api/routes/routes.py          | 14 +++++++-------
 app/api/services/authorization.py |  8 ++++++--
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/app/api/routes/routes.py b/app/api/routes/routes.py
index e5507e9..5e9c4d3 100644
--- a/app/api/routes/routes.py
+++ b/app/api/routes/routes.py
@@ -45,7 +45,7 @@ def serve_paths(filename):
 
 # EligibilityCheck Endpoint
 @api.route("/EligibilityCheck", methods=["POST"])
-@require_auth
+@jwt_required()
 def eligibility_check():
     data = request.get_json()
     # logger.info(f"EligibilityCheck request received: {data}")
@@ -55,7 +55,7 @@ def eligibility_check():
 
 # SelectOffer Endpoint
 @api.route("/SelectOffer", methods=["POST"])
-@require_auth
+@jwt_required()
 def select_offer():
     data = request.get_json()
     # logger.info(f"SelectOffer request received: {data}")
@@ -65,7 +65,7 @@ def select_offer():
 
 # ProvideLoan Endpoint
 @api.route("/ProvideLoan", methods=["POST"])
-@require_auth
+@jwt_required()
 def provide_loan():
     data = request.get_json()
     # logger.info(f"ProvideLoan request received: {data}")
@@ -75,7 +75,7 @@ def provide_loan():
 
 # LoanStatus Endpoint
 @api.route("/LoanStatus", methods=["POST"])
-@require_auth
+@jwt_required()
 def loan_status():
     data = request.get_json()
     # logger.info(f"LoanStatus request received: {data}")
@@ -85,7 +85,7 @@ def loan_status():
 
 # Repayment Endpoint
 @api.route("/Repayment", methods=["POST"])
-@require_auth
+@jwt_required()
 def repayment():
     data = request.get_json()
     # logger.info(f"Repayment request received: {data}")
@@ -95,7 +95,7 @@ def repayment():
 
 # CustomerConsent Endpoint
 @api.route("/CustomerConsent", methods=["POST"])
-@require_auth
+@jwt_required()
 def customer_consent():
     data = request.get_json()
     # logger.info(f"CustomerConsent request received: {data}")
@@ -105,7 +105,7 @@ def customer_consent():
 
 # NotificationCallback Endpoint
 @api.route("/NotificationCallback", methods=["POST"])
-@require_auth
+@jwt_required()
 def notification_callback():
     data = request.get_json()
     # logger.info(f"NotificationCallback request received: {data}")
diff --git a/app/api/services/authorization.py b/app/api/services/authorization.py
index f664445..9b52843 100644
--- a/app/api/services/authorization.py
+++ b/app/api/services/authorization.py
@@ -11,6 +11,10 @@ from flask_jwt_extended import (
     create_refresh_token,
     get_jwt_identity,
 )
+from app.config import Config
+
+USERNAME = Config.BASIC_AUTH_USERNAME
+PASSWORD = Config.BASIC_AUTH_PASSWORD
 
 
 class AuthorizationService(BaseService):
@@ -39,8 +43,8 @@ class AuthorizationService(BaseService):
             ### TODO: Access Database credentials here ###
 
             if (
-                validated_data["username"] != "username"
-                or validated_data["password"] != "password"
+                validated_data["username"] != USERNAME
+                or validated_data["password"] != PASSWORD
             ):
                 return ResponseHelper.unauthorized(message="Invalid credentials")