reintroduce security for reverse lockup

hub_api/buildings/meb.py

@@ -21,9 +21,9 @@ class Meb(Resource, Config):
     _session = refresh_session(session_id, token, application_uuid)
     if _session is None:
       return Response(json.dumps({'error': 'unauthorized'}), status=403)
+    token = {'token': _session['token']}
     application_id = session(session_id)['application_id']
     user_id = session(session_id)['user_id']
-    token = {'token': _session['token']}
     payload = request.get_json()
     results = self.export_db_factory.results(user_id, application_id, payload)
     if results == {}:

hub_api/geolocation/reverse.py

@@ -2,10 +2,11 @@ import json
 import math
 from pathlib import Path
 
-from flask import Response
+from flask import Response, request
 from flask.views import MethodView
 
 from hub_api.config import Config
+from hub_api.helpers.session_helper import refresh_session
 
 
 class Reverse(MethodView, Config):
@@ -14,6 +15,13 @@ class Reverse(MethodView, Config):
     self._reverse_path = Path(Path(__file__).parent.parent / 'data/cities15000.txt').resolve()
 
   def get(self, latitude: float, longitude: float):
+    session_id = request.headers.get('session_id', None)
+    token = request.headers.get('token', None)
+    application_uuid = request.headers.get('application_uuid', None)
+    _session = refresh_session(session_id, token, application_uuid)
+    if _session is None:
+      return Response(json.dumps({'error': 'unauthorized'}), status=403)
+    token = {'token': _session['token']}
     latitude = float(latitude)
     longitude = float(longitude)
     distance = math.inf
@@ -31,5 +39,5 @@ class Reverse(MethodView, Config):
           distance = new_distance
           country = file_country_code
           city = file_city_name
-    return Response(json.dumps({'country': country, 'city':city}), status=200)
+    return Response(json.dumps({'country': country, 'city':city}), status=200, headers=token)