ayct_backend/campaign/__init__.py

@@ -2,17 +2,22 @@ import requests
 import json
 from requests_oauthlib import OAuth1Session
 from flask import Blueprint, current_app, request, jsonify
+from rsa import verify
 from ayct_backend.twitter.models import *
 from ayct_backend.campaign.models import *
+from ayct_backend.firebase import verify_token
 
 campaign = Blueprint('campaign', __name__)
 
 @campaign.route('/campaign', methods=['GET'])
 def get_twitter_campaigns():
-    print('Headers: %s', request.headers)
-    print('Body: %s', request.get_data())
+    decoded_token = verify_token(request.headers)
+    if not decoded_token:
+        return "Not authorised!", 401
 
-    twitter_campaigns = TwitterCampaign.query.all()
+    user_id = decoded_token['uid']
+
+    twitter_campaigns = TwitterCampaign.query.filter_by(user_id=user_id)
 
     campaigns = []
 
@@ -31,6 +36,12 @@ def get_twitter_campaigns():
 
 @campaign.route('/campaign', methods=['POST'])
 def add_twitter_account():
+    decoded_token = verify_token(request.headers)
+    if not decoded_token:
+        return "Not authorised!", 401
+
+    user_id = decoded_token['uid']
+
     content_type = request.headers.get('Content-Type')
     if (content_type == 'application/json'):
         request_json = request.json
@@ -70,6 +81,7 @@ def add_twitter_account():
             # save campaign to database
             new_twitter_campaign = TwitterCampaign(
                 campaign_name = request_json['campaign_name'],
+                user_id = user_id,
                 twitter_account_id = request_json['twitter_account_id'],
                 user_input = request_json['user_input'],
                 generated_content = generated_content[0:260],

ayct_backend/campaign/models.py

@@ -6,6 +6,7 @@ class TwitterCampaign(campaign_db.Model):
     __tablename__ = 'twitter_campaign'
 
     campaign_id = campaign_db.Column(campaign_db.Integer, primary_key=True)
+    user_id = campaign_db.Column(campaign_db.String(64), nullable=False)
     campaign_name = campaign_db.Column(campaign_db.String(64), nullable=False)
     twitter_account_id = campaign_db.Column(campaign_db.String(32), nullable=False)
     user_input = campaign_db.Column(campaign_db.String(100), nullable=False)

ayct_backend/firebase.py

@@ -0,0 +1,13 @@
+import os
+import google.oauth2.id_token
+import google.auth.transport.requests
+
+HTTP_REQUEST = google.auth.transport.requests.Request()
+AUDIENCE = os.environ.get('GOOGLE_CLOUD_PROJECT')
+
+def verify_token(headers):
+    id_token = headers['auth'].split(' ').pop()
+
+    claims = google.oauth2.id_token.verify_firebase_token(id_token, HTTP_REQUEST, audience=AUDIENCE)
+
+    return claims

ayct_backend/twitter/__init__.py

@@ -1,12 +1,19 @@
 from requests_oauthlib import OAuth1Session
 from flask import Blueprint, Response, current_app, request, jsonify
 from ayct_backend.twitter.models import *
+from ayct_backend.firebase import verify_token
 
 twitter = Blueprint('twitter', __name__)
 
 @twitter.route('/account', methods=['GET'])
 def get_twitter_accounts():
-    twitter_accounts = TwitterAccount.query.all()
+    decoded_token = verify_token(request.headers)
+    if not decoded_token:
+        return "Not authorised!", 401
+
+    user_id = decoded_token['uid']
+
+    twitter_accounts = TwitterAccount.query.filter_by(user_id=user_id)
 
     accounts = []
 
@@ -22,6 +29,12 @@ def get_twitter_accounts():
 
 @twitter.route('/account', methods=['POST'])
 def add_twitter_account():
+    decoded_token = verify_token(request.headers)
+    if not decoded_token:
+        return "Not authorised!", 401
+
+    user_id = decoded_token['uid']
+
     content_type = request.headers.get('Content-Type')
     if (content_type == 'application/json'):
         json = request.json
@@ -42,6 +55,7 @@ def add_twitter_account():
             oauth_tokens = oauth.fetch_access_token(access_token_url)
 
             new_twitter_account = TwitterAccount(
+                user_id = user_id,
                 twitter_account_id = oauth_tokens['user_id'],
                 username = oauth_tokens['screen_name'],
                 access_token = oauth_tokens['oauth_token'],

ayct_backend/twitter/models.py

@@ -7,6 +7,7 @@ class TwitterAccount(twitter_db.Model):
     __tablename__ = 'twitter_account'
 
     account_id = twitter_db.Column(twitter_db.Integer, primary_key=True)
+    user_id = twitter_db.Column(twitter_db.String(64), nullable=False)
     twitter_account_id = twitter_db.Column(twitter_db.String(32), unique=True, nullable=False)
     username = twitter_db.Column(twitter_db.String(16), unique=True, nullable=False)
     access_token = twitter_db.Column(twitter_db.String(256), nullable=False)