From d02b1cd8381c8117cf0faf4e7aa256528622cf32 Mon Sep 17 00:00:00 2001
From: guille <guillermo.gutierrezmorote@concordia.ca>
Date: Thu, 13 Apr 2023 09:49:10 -0400
Subject: [PATCH] reintroduce security for reverse lockup

---
 hub_api/buildings/meb.py       |  3 ++-
 hub_api/geolocation/reverse.py | 12 ++++++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/hub_api/buildings/meb.py b/hub_api/buildings/meb.py
index aa7e120..6c48f1c 100644
--- a/hub_api/buildings/meb.py
+++ b/hub_api/buildings/meb.py
@@ -21,9 +21,10 @@ class Meb(Resource, Config):
     _session = refresh_session(session_id, token, application_uuid)
     if _session is None:
       return Response(json.dumps({'error': 'unauthorized'}), status=403)
+    token = {'token': _session['token']}
     application_id = session(session_id)['application_id']
     user_id = session(session_id)['user_id']
-    token = {'token': _session['token']}
+
     payload = request.get_json()
     results = self.export_db_factory.results(user_id, application_id, payload)
     if results == {}:
diff --git a/hub_api/geolocation/reverse.py b/hub_api/geolocation/reverse.py
index e1d2570..506dfef 100644
--- a/hub_api/geolocation/reverse.py
+++ b/hub_api/geolocation/reverse.py
@@ -2,10 +2,11 @@ import json
 import math
 from pathlib import Path
 
-from flask import Response
+from flask import Response, request
 from flask.views import MethodView
 
 from hub_api.config import Config
+from hub_api.helpers.session_helper import refresh_session
 
 
 class Reverse(MethodView, Config):
@@ -14,6 +15,13 @@ class Reverse(MethodView, Config):
     self._reverse_path = Path(Path(__file__).parent.parent / 'data/cities15000.txt').resolve()
 
   def get(self, latitude: float, longitude: float):
+    session_id = request.headers.get('session_id', None)
+    token = request.headers.get('token', None)
+    application_uuid = request.headers.get('application_uuid', None)
+    _session = refresh_session(session_id, token, application_uuid)
+    if _session is None:
+      return Response(json.dumps({'error': 'unauthorized'}), status=403)
+    token = {'token': _session['token']}
     latitude = float(latitude)
     longitude = float(longitude)
     distance = math.inf
@@ -31,5 +39,5 @@ class Reverse(MethodView, Config):
           distance = new_distance
           country = file_country_code
           city = file_city_name
-    return Response(json.dumps({'country': country, 'city':city}), status=200)
+    return Response(json.dumps({'country': country, 'city':city}), status=200, headers=token)