Add app authentication when making api calls

backend/main.py

@@ -60,25 +60,25 @@ app.include_router(medicine.router)
 def read_root():
     return serverRunning()
 
-# Check if server is up
+# # Check if server is up
-@app.get("/session")
+# @app.get("/session")
-def read_root():
+# def read_root():
-    async def like_comment(session: SessionContainer = Depends(verify_session())):
+#     async def like_comment(session: SessionContainer = Depends(verify_session())):
-        user_id = session.get_user_id()
+#         user_id = session.get_user_id()
 
-        return {"Session id": user_id}
+#         return {"Session id": user_id}
 
-@app.post('/get_user_info_api') 
+# @app.post('/get_user_info_api') 
-async def get_user_info_api(session: SessionContainer = Depends(verify_session())):
+# async def get_user_info_api(session: SessionContainer = Depends(verify_session())):
-    user_id = session.get_user_id()
+#     user_id = session.get_user_id()
 
-    thirdparty_user = await get_user_by_id_thirdparty(user_id)
+#     thirdparty_user = await get_user_by_id_thirdparty(user_id)
-    if thirdparty_user is None:
+#     if thirdparty_user is None:
-        passwordless_user = await get_user_by_id_passwordless(user_id)
+#         passwordless_user = await get_user_by_id_passwordless(user_id)
-        if passwordless_user is not None:
+#         if passwordless_user is not None:
-            print(passwordless_user)
+#             print(passwordless_user)
-    else:
+#     else:
-        print(thirdparty_user)
+#         print(thirdparty_user)
 
 def serverRunning():
     return {"Status": "Server is Up and Running"}

backend/routers/docOffices.py

@@ -1,12 +1,16 @@
 import mysql.connector
 from fastapi import APIRouter, HTTPException
 from ..database import dbConnection
+#SuperToken Auth from front end
+from supertokens_python.recipe.session.framework.fastapi import verify_session
+from supertokens_python.recipe.session import SessionContainer
+from fastapi import Depends
 
 router = APIRouter()
 
 # Get Doctors Office By ID
 @router.get("/docOffices/{docOffic_id}", tags="DocOffice")
-async def read_docOfficeByID(docOffic_id: int):
+async def read_docOfficeByID(docOffic_id: int, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "SELECT * FROM doctor_offices WHERE iddoctor_offices=%s"
@@ -21,7 +25,7 @@ async def read_docOfficeByID(docOffic_id: int):
 
 # Get Doctors Office By user
 @router.get("/docOffices/user/{user}", tags="DocOffice")
-async def read_docOfficeByID(user: str):
+async def read_docOfficeByID(user: str, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "SELECT * FROM users WHERE email=%s"
@@ -42,7 +46,7 @@ async def read_docOfficeByID(user: str):
 
 # Get List of all Doctors Office
 @router.get("/docOffices/", tags="DocOffice")
-async def read_All_DoctorsOffice():
+async def read_All_DoctorsOffice(session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "SELECT * FROM doctor_offices"

backend/routers/fileStorage.py

@@ -7,7 +7,10 @@ from reportlab.lib.pagesizes import A4
 from reportlab.lib.utils import ImageReader
 import io
 from datetime import datetime
-#from minioConnect import minioConnection
+#SuperToken Auth from front end
+from supertokens_python.recipe.session.framework.fastapi import verify_session
+from supertokens_python.recipe.session import SessionContainer
+from fastapi import Depends
 
 
 router = APIRouter()
@@ -19,7 +22,7 @@ class medCertUploud(BaseModel):
     endDate: str 
     returnDate: str 
 
-
+#=================understand Supertoken multirequest for file submission================================
 # Get List of all files by patient
 @router.post("/files/upload/file/", tags="patients_files")
 async def generateAndUploudMedCert( file: UploadFile = File(...)):
@@ -34,7 +37,7 @@ async def generateAndUploudMedCert( file: UploadFile = File(...)):
 
 # Get List of all files by patient
 @router.post("/files/generate/med-cert/", tags="patients_files")
-async def generateAndUploudMedCert(requestItem: medCertUploud):
+async def generateAndUploudMedCert(requestItem: medCertUploud, session: SessionContainer = Depends(verify_session())):
     uploudMedCert(requestItem.fullName, 
                requestItem.docfname,
                requestItem.startDate,

backend/routers/medicine.py

@@ -2,7 +2,10 @@ from fastapi import APIRouter, HTTPException
 from pydantic import BaseModel
 import os
 import xlrd
-
+#SuperToken Auth from front end
+from supertokens_python.recipe.session.framework.fastapi import verify_session
+from supertokens_python.recipe.session import SessionContainer
+from fastapi import Depends
 
 router = APIRouter()
 
@@ -12,12 +15,12 @@ class medicine(BaseModel):
 
 #get all medicines
 @router.get("/users/medicine/all", tags="medicine")
-async def read_all_medicine():
+async def read_all_medicine(session: SessionContainer = Depends(verify_session())):
     return getMedicineData("")
 
 #get all medicines by search
 @router.get("/users/medicine/{medSearch}", tags="medicine")
-async def read_all_medicine(medSearch: str):
+async def read_all_medicine(medSearch: str, session: SessionContainer = Depends(verify_session())):
     return getMedicineData(medSearch)
 
 def getMedicineData(medsearch: str):

backend/routers/patients.py

@@ -2,6 +2,10 @@ import mysql.connector
 from fastapi import APIRouter, HTTPException
 from pydantic import BaseModel
 from ..database import dbConnection
+#SuperToken Auth from front end
+from supertokens_python.recipe.session.framework.fastapi import verify_session
+from supertokens_python.recipe.session import SessionContainer
+from fastapi import Depends
 
 router = APIRouter()
 
@@ -41,7 +45,7 @@ class patientDeleteRequest(BaseModel):
 
 # Get Patient By ID Number
 @router.get("/patients/id/{pat_id}", tags="patients")
-async def read_patientByID(pat_id: str):
+async def read_patientByID(pat_id: str, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "SELECT * FROM patients WHERE idpatients=%s"
@@ -90,7 +94,7 @@ async def read_patientByID(id_no: str):
 
 # Get List of all patients
 @router.get("/patients/user/{email}", tags="patients")
-async def read_all_patientsByUser(email: str):
+async def read_all_patientsByUser(email: str, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     #query = "SELECT * FROM patients"
@@ -124,7 +128,7 @@ async def read_all_patientsByUser(email: str):
 
 # Get List of all patients
 @router.get("/patients/", tags="patients")
-async def read_all_patients():
+async def read_all_patients(session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "SELECT * FROM patients"
@@ -151,7 +155,7 @@ async def read_all_patients():
 
 # Get List of all patients by Doctors Office
 @router.get("/patients/docOffice/{docoff_id}", tags="patients")
-async def read_all_patientsby(docoff_id: str):
+async def read_all_patientsby(docoff_id: str, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "SELECT * FROM patients where doc_office_id=%s"
@@ -178,7 +182,7 @@ async def read_all_patientsby(docoff_id: str):
 
 # Insert Patient into table
 @router.post("/patients/insert/", tags="patients", status_code=201)
-async def insertPatient(itemRequest : patientInsertRequest):
+async def insertPatient(itemRequest : patientInsertRequest, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "insert into patients "
@@ -211,7 +215,7 @@ async def insertPatient(itemRequest : patientInsertRequest):
 
 # Update Patient on table
 @router.put("/patients/update/", tags="patients")
-async def UpdatePatient(itemRequest : patientUpdateRequest):
+async def UpdatePatient(itemRequest : patientUpdateRequest, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "update patients "
@@ -246,7 +250,7 @@ async def UpdatePatient(itemRequest : patientUpdateRequest):
 
 # delete Patient on table
 @router.delete("/patients/delete/", tags="patients")
-async def DeletePatient(itemRequest : patientDeleteRequest):
+async def DeletePatient(itemRequest : patientDeleteRequest, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "delete from patients "

backend/routers/patients_files.py

@@ -3,6 +3,10 @@ from fastapi import APIRouter, HTTPException
 from pydantic import BaseModel
 from ..database import dbConnection
 from datetime import date
+#SuperToken Auth from front end
+from supertokens_python.recipe.session.framework.fastapi import verify_session
+from supertokens_python.recipe.session import SessionContainer
+from fastapi import Depends
 
 router = APIRouter()
 
@@ -17,7 +21,7 @@ class fileInsertRequest(BaseModel):
 
 # Get List of all files
 @router.get("/files/patients/", tags="patients_files")
-async def read_all_files():
+async def read_all_files(session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "SELECT * FROM patient_files"
@@ -38,7 +42,7 @@ async def read_all_files():
 
 # Get List of all files by patient
 @router.get("/files/patients/{patientID}", tags="patients_files")
-async def read_all_files_by_patient(patientID: int):
+async def read_all_files_by_patient(patientID: int, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "SELECT * FROM patient_files where patient_id = %s ORDER BY insert_date DESC"
@@ -59,7 +63,7 @@ async def read_all_files_by_patient(patientID: int):
 
 # Get List of all files by patient & DocOffice
 @router.get("/files/patients-docOffice/", tags="patients_files")
-async def read_all_files_by_patient(itemRequest: fileRequest):
+async def read_all_files_by_patient(itemRequest: fileRequest, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "select patient_files.idpatient_files, patient_files.file_path, patient_files.file_name, patient_files.patient_id, patient_files.insert_date, patients.doc_office_id "
@@ -86,7 +90,7 @@ async def read_all_files_by_patient(itemRequest: fileRequest):
 
 # Insert Patient note into table
 @router.post("/files/insert/", tags="patients_notes", status_code=201)
-async def insertPatientFiles(itemRequest : fileInsertRequest):
+async def insertPatientFiles(itemRequest : fileInsertRequest, session: SessionContainer = Depends(verify_session())):
     today = date.today()
     db = dbConnection.dbConnect()
     cursor = db.cursor()

backend/routers/patients_notes.py

@@ -3,6 +3,10 @@ from fastapi import APIRouter, HTTPException
 from pydantic import BaseModel
 from datetime import date
 from ..database import dbConnection
+#SuperToken Auth from front end
+from supertokens_python.recipe.session.framework.fastapi import verify_session
+from supertokens_python.recipe.session import SessionContainer
+from fastapi import Depends
 
 router = APIRouter()
 
@@ -23,7 +27,7 @@ class patientNoteUpdateRequest(BaseModel):
 
 # Get List of all notes
 @router.get("/notes/patients/", tags="patients_notes")
-async def read_all_notes():
+async def read_all_notes(session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "SELECT * FROM patient_notes"
@@ -43,7 +47,7 @@ async def read_all_notes():
 
 # Get List of all notes by patient
 @router.get("/notes/patients/{patientID}", tags="patients_notes")
-async def read_all_patientsby(patientID: int):
+async def read_all_patientsby(patientID: int, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "SELECT * FROM patient_notes where patient_id = %s ORDER BY insert_date DESC"
@@ -64,7 +68,7 @@ async def read_all_patientsby(patientID: int):
 
 # Get List of all notes by patient
 @router.get("/notes/patients-docOffice/", tags="patients_notes")
-async def read_all_patientsby(itemRequest: fileRequest):
+async def read_all_patientsby(itemRequest: fileRequest, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "select patient_notes.idpatient_notes, patient_notes.note_name, patient_notes.note_text, patient_notes.patient_id, patient_notes.insert_date, patients.doc_office_id "
@@ -88,7 +92,7 @@ async def read_all_patientsby(itemRequest: fileRequest):
 
 # Insert Patient note into table
 @router.post("/notes/insert/", tags="patients_notes", status_code=201)
-async def insertPatientNotes(itemRequest : patientNoteInsertRequest):
+async def insertPatientNotes(itemRequest : patientNoteInsertRequest, session: SessionContainer = Depends(verify_session())):
     today = date.today()
     db = dbConnection.dbConnect()
     cursor = db.cursor()
@@ -111,7 +115,7 @@ async def insertPatientNotes(itemRequest : patientNoteInsertRequest):
 
 # Update Patient note on table
 @router.put("/notes/update/", tags="patients_notes")
-async def UpdatePatient(itemRequest : patientNoteUpdateRequest):
+async def UpdatePatient(itemRequest : patientNoteUpdateRequest, session: SessionContainer = Depends(verify_session())):
     today = date.today()
     db = dbConnection.dbConnect()
     cursor = db.cursor()

backend/routers/users.py

@@ -1,6 +1,10 @@
 from fastapi import APIRouter, HTTPException
 from pydantic import BaseModel
 from ..database import dbConnection
+#SuperToken Auth from front end
+from supertokens_python.recipe.session.framework.fastapi import verify_session
+from supertokens_python.recipe.session import SessionContainer
+from fastapi import Depends
 
 router = APIRouter()
 
@@ -20,7 +24,7 @@ class userUpdateRequest(BaseModel):
     
 #get user by email & doc Office ID
 @router.get("/users/profile/{email}", tags="users")
-async def read_all_users(email: str):
+async def read_all_users(email: str, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "SELECT * FROM users where email = %s"
@@ -44,7 +48,7 @@ async def read_all_users(email: str):
 
 # Get List of all files
 @router.get("/users/", tags="users")
-async def read_all_users():
+async def read_all_users(session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "SELECT * FROM users"
@@ -68,7 +72,7 @@ async def read_all_users():
 
 # Get List of all files
 @router.get("/user/{uid}", tags="users")
-async def read_all_users(uid: str):
+async def read_all_users(uid: str, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "SELECT * FROM users where app_id = %s"
@@ -92,7 +96,7 @@ async def read_all_users(uid: str):
 
 # Insert Patient into table
 @router.post("/user/insert/", tags="user", status_code=201)
-async def insertPatient(itemRequest : userInsertRequest):
+async def insertPatient(itemRequest : userInsertRequest, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "insert into users "
@@ -112,7 +116,7 @@ async def insertPatient(itemRequest : userInsertRequest):
 
 # Update User on table
 @router.put("/user/update/", tags="user")
-async def UpdateUser(itemRequest : userUpdateRequest):
+async def UpdateUser(itemRequest : userUpdateRequest, session: SessionContainer = Depends(verify_session())):
     db = dbConnection.dbConnect()
     cursor = db.cursor()
     query = "update users "