Testing out adding a admin authentication requirement per blueprint.

app/authentication/auth.py

@@ -39,6 +39,22 @@ def get_auth_token(req):
     return auth_header[7:]
 
 
+def requires_admin_auth():
+    auth_token = get_auth_token(request)
+    try:
+        client = get_token_issuer(auth_token)
+    except TokenDecodeError as e:
+        raise AuthError(e.message, 403)
+    except TokenIssuerError:
+        raise AuthError("Invalid token: iss not provided", 403)
+
+    if client == current_app.config.get('ADMIN_CLIENT_USER_NAME'):
+        g.service_id = current_app.config.get('ADMIN_CLIENT_USER_NAME')
+        return handle_admin_key(auth_token, current_app.config.get('ADMIN_CLIENT_SECRET'))
+    else:
+        raise AuthError('Unauthorized, admin authentication token required', 401)
+
+
 def requires_auth():
     auth_token = get_auth_token(request)
     try:

app/service/rest.py

@@ -4,7 +4,6 @@ from datetime import datetime
 from flask import (
     jsonify,
     request,
-    Blueprint,
     current_app
 )
 from sqlalchemy.orm.exc import NoResultFound
@@ -42,9 +41,8 @@ from app.dao import notifications_dao
 from app.dao.provider_statistics_dao import get_fragment_count
 from app.dao.users_dao import get_user_by_id
 from app.errors import (
-    register_errors,
-    InvalidRequest
-)
+    InvalidRequest,
+    register_errors)
 from app.service import statistics
 from app.service.utils import get_whitelist_objects
 from app.schemas import (
@@ -57,8 +55,13 @@ from app.schemas import (
     detailed_service_schema
 )
 from app.utils import pagination_links, get_london_midnight_in_utc
+from flask import Blueprint
+
+from app.authentication.auth import requires_admin_auth
 
 service_blueprint = Blueprint('service', __name__)
+
+service_blueprint.before_request(requires_admin_auth)
 register_errors(service_blueprint)