add jws token

client/pages/home/application_page.py

@@ -4,6 +4,9 @@ import json
 import requests
 import os
 
+# All requests now use Authorization and X-Application-Token headers.
+# application_id is sent as string during /connect.
+
 API_BASE_URL = os.getenv("API_BASE_URL", "http://127.0.0.1:5001")
 
 class ApplicationPage:
@@ -12,7 +15,7 @@ class ApplicationPage:
         self.dashboard = dashboard
         self.app = app
         self.db_applications = DBApplications()
-
+        self.access_token = self.get_access_token()
         self.access_code = ft.Text("***********")
         self.selected = None
 
@@ -60,9 +63,29 @@ class ApplicationPage:
         )
         self.placeholder = ft.Column()
 
+    def get_access_token(self):
+        application_token = self.app['access_code']
+        application_id = str(self.app['id'])
+        data = {
+            'application_id':application_id,
+            'application_token':application_token
+        }
+        response = requests.post(f"{API_BASE_URL}/connect", json=data)
+        resp_json = {}
+        try:
+            resp_json = response.json()
+        except Exception:
+            pass
+        print({"request": data, "status": response.status_code, "response": resp_json})
+        if response.status_code != 200 or 'token' not in resp_json:
+            # Fail gracefully; caller can handle empty token
+            return ""
+        return resp_json['token']
+
     def show_access_code(self, e):
         self.access_code.value = self.app['access_code']
         self.access_code.update()
+        
 
     def format_json(self, data):
         data = json.dumps(data, indent=4)
@@ -75,7 +98,11 @@ class ApplicationPage:
         self.data_details.update()
     
     def get_data(self):
-        response = requests.post(f"{API_BASE_URL}/get_all")
+        headers = {
+            'Authorization': f'Bearer {self.access_token}',
+            'X-Application-Token': self.app['access_code']
+        }
+        response = requests.post(f"{API_BASE_URL}/get_all", headers=headers)
         return json.loads(response.text) if response.status_code == 200 else []
     
     def create_list(self, items, on_click_handler):
@@ -101,12 +128,20 @@ class ApplicationPage:
         if data:
             document = {"doc":data}
             print(document)
-            requests.post(f"{API_BASE_URL}/insert", json=json.dumps(document))
+            headers = {
+                'Authorization': f'Bearer {self.access_token}',
+                'X-Application-Token': self.app['access_code']
+            }
+            requests.post(f"{API_BASE_URL}/insert", headers=headers, json=document)
             self.refresh_list('')
         self.editor.value = ''
         self.editor.update()
 
     def update_data(self, e):
+        headers = {
+            'Authorization': f'Bearer {self.access_token}',
+            'X-Application-Token': self.app['access_code']
+        }
         if self.update_doc_id.value:
             json_file = {
                 "doc_id": int(self.update_doc_id.value),
@@ -114,22 +149,26 @@ class ApplicationPage:
             }
         else:
             json_file = {
-                "where":{
-                    "field":self.query_field.value,
-                    "op":self.query_operator.value,
-                    "value":self.query_value.value,
-                    "fields": self.update_fileds.value,
-                }
+                "where": {
+                    "field": self.query_field.value,
+                    "op": self.query_operator.value,
+                    "value": self.query_value.value,
+                },
+                "fields": self.update_fileds.value,
             }
             
-        if self.update_doc_id or self.query_field.value:
-            response = requests.post(f"{API_BASE_URL}/update", json=json.dumps(json_file))
+        if self.update_doc_id.value or self.query_field.value:
+            response = requests.post(f"{API_BASE_URL}/update", headers=headers, json=json_file)
             print(response.text)
             result = json.loads(response.text) if response.status_code == 200 else []
             self.refresh_list('')
 
     def delete_data(self, e):
-        if self.update_doc_id.value == None:
+        headers = {
+            'Authorization': f'Bearer {self.access_token}',
+            'X-Application-Token': self.app['access_code']
+        }
+        if not self.update_doc_id.value:
             json_file = {
                 "where":{
                     "field":self.query_field.value,
@@ -141,14 +180,18 @@ class ApplicationPage:
             json_file = {
                 "doc_id": int(self.update_doc_id.value),
             }
-        if self.update_doc_id or self.query_field.value:
-            response = requests.post(f"{API_BASE_URL}/remove", json=json.dumps(json_file))
+        if self.update_doc_id.value or self.query_field.value:
+            response = requests.post(f"{API_BASE_URL}/remove", headers=headers, json=json_file)
             print(response.text)
             result = json.loads(response.text) if response.status_code == 200 else []
             self.refresh_list('')
 
     def query_data(self, e):
         '''Added a tiny query DSL so you can filter with { "where": { "field":"user", "op":"==", "value":"abc" } } (supports ==, !=, >, >=, <, <=, in, contains).'''
+        headers = {
+            'Authorization': f'Bearer {self.access_token}',
+            'X-Application-Token': self.app['access_code']
+        }
         json_file = {
             "where":{
                 "field":self.query_field.value,
@@ -157,7 +200,7 @@ class ApplicationPage:
             }
         }
         if self.query_field.value and self.query_value.value:
-            response = requests.post(f"{API_BASE_URL}/search", json=json.dumps(json_file))
+            response = requests.post(f"{API_BASE_URL}/search", headers=headers, json=json_file)
             print(response.text)
             result = json.loads(response.text) if response.status_code == 200 else []
             self.data_list.controls.clear()