from app.models.user import ClientUser def require_admin(f): @wraps(f) def decorated(*args, **kwargs): auth_header = request.headers.get("Authorization", "") if not auth_header.startswith("Bearer "): return jsonify({"error": "Não autorizado."}), 401 token = auth_header[7:] try: payload = jwt.decode( token, current_app.config["JWT_SECRET_KEY"], algorithms=["HS256"], ) user_id = payload.get("sub") if not user_id: return jsonify({"error": "Não autorizado."}), 401 user = ClientUser.query.get(user_id) if not user or user.role != "admin": return jsonify({"error": "Acesso restrito a administradores."}), 403 g.current_user_id = user_id g.current_user = user return f(*args, **kwargs) except jwt.ExpiredSignatureError: return jsonify({"error": "Não autorizado."}), 401 except jwt.InvalidTokenError: return jsonify({"error": "Não autorizado."}), 401 return decorated import jwt from functools import wraps from flask import request, g, current_app, jsonify def require_auth(f): @wraps(f) def decorated(*args, **kwargs): auth_header = request.headers.get("Authorization", "") if not auth_header.startswith("Bearer "): return jsonify({"error": "Não autorizado."}), 401 token = auth_header[7:] try: payload = jwt.decode( token, current_app.config["JWT_SECRET_KEY"], algorithms=["HS256"], ) user_id = payload.get("sub") if not user_id: return jsonify({"error": "Não autorizado."}), 401 g.current_user_id = user_id return f(*args, **kwargs) except jwt.ExpiredSignatureError: return jsonify({"error": "Não autorizado."}), 401 except jwt.InvalidTokenError: return jsonify({"error": "Não autorizado."}), 401 return decorated