Secure all endpoints behind auth

app/controllers/cardManager.py

@@ -4,6 +4,7 @@ from typing import List
 
 from ..model.models import Card
 from ..services.database import engine, get_session, add_and_refresh
+from ..services.auth import auth_is_admin
 import uuid as gen_uuid
 
 card_router = APIRouter(prefix="/cards", tags=["Card"])
@@ -14,12 +15,12 @@ def register_card(group_id: int):
     return card
 
 @card_router.post("/{group_id}", response_model=Card)
-def add_card(*, db: Session = Depends(get_session), group_id: int):
+def add_card(*, db: Session = Depends(get_session), group_id: int, admin: bool = Depends(auth_is_admin)):
     card = register_card(group_id)
     return add_and_refresh(db, card)
 
 @card_router.delete("/{card_id}")
-def del_card(*, db: Session = Depends(get_session), card_id: int):
+def del_card(*, db: Session = Depends(get_session), card_id: int, admin: bool = Depends(auth_is_admin)):
     card = db.get(Card, card_id)
     if card is None:
         raise HTTPException(status_code=404, detail="Card not found")
@@ -28,7 +29,7 @@ def del_card(*, db: Session = Depends(get_session), card_id: int):
     return {"message": "Card deleted successfully"}
 ##TBH not a big fan of having creation using group_id but deletion using card_id
 @card_router.get("/{group_id}", response_model=List[Card])
-def get_cards(*, db: Session = Depends(get_session), group_id: int):
+def get_cards(*, db: Session = Depends(get_session), group_id: int, admin: bool = Depends(auth_is_admin)):
     cards = db.exec(select(Card).where(Card.group_id == group_id)).all()
     return cards