Spaces:
Sleeping
Sleeping
Update main.py
Browse files
main.py
CHANGED
|
@@ -136,15 +136,33 @@ def send_rotation_notification(job_id, shift_record):
|
|
| 136 |
|
| 137 |
# === Auth Middleware ===
|
| 138 |
def verify_token(req):
|
| 139 |
-
|
| 140 |
-
if not
|
| 141 |
return None
|
|
|
|
| 142 |
try:
|
| 143 |
-
|
| 144 |
-
if
|
| 145 |
-
|
| 146 |
-
|
| 147 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 148 |
return None
|
| 149 |
|
| 150 |
# === Admin Setup ===
|
|
|
|
| 136 |
|
| 137 |
# === Auth Middleware ===
|
| 138 |
def verify_token(req):
|
| 139 |
+
auth_header = req.headers.get("Authorization")
|
| 140 |
+
if not auth_header:
|
| 141 |
return None
|
| 142 |
+
|
| 143 |
try:
|
| 144 |
+
# Extract token
|
| 145 |
+
if auth_header.startswith("Bearer "):
|
| 146 |
+
token = auth_header[7:].strip()
|
| 147 |
+
else:
|
| 148 |
+
token = auth_header.strip()
|
| 149 |
+
|
| 150 |
+
# Verify the token
|
| 151 |
+
decoded = firebase_auth.verify_id_token(token)
|
| 152 |
+
|
| 153 |
+
# Get user UID from decoded token
|
| 154 |
+
uid = decoded.get('uid')
|
| 155 |
+
|
| 156 |
+
# Check if user is admin by querying Firebase Realtime Database
|
| 157 |
+
admins_ref = db.reference("/admins")
|
| 158 |
+
admin_data = admins_ref.child(uid).get()
|
| 159 |
+
|
| 160 |
+
if admin_data and admin_data.get("is_admin", False):
|
| 161 |
+
return decoded
|
| 162 |
+
|
| 163 |
+
return None
|
| 164 |
+
except Exception as e:
|
| 165 |
+
print(f"Token verification error: {e}")
|
| 166 |
return None
|
| 167 |
|
| 168 |
# === Admin Setup ===
|