From 8293e5375f9cd6fe92535d581587263acbfbf373 Mon Sep 17 00:00:00 2001
From: Stefan Pejcic <stefan@pejcic.rs>
Date: Wed, 30 Oct 2024 19:10:13 +0100
Subject: [PATCH] Create jwt_required_routes.py

---
 tests/jwt_required_routes.py | 49 ++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 tests/jwt_required_routes.py

diff --git a/tests/jwt_required_routes.py b/tests/jwt_required_routes.py
new file mode 100644
index 00000000..6fa4950a
--- /dev/null
+++ b/tests/jwt_required_routes.py
@@ -0,0 +1,49 @@
+import os
+import ast
+
+app_path = '/usr/local/panel'
+
+def find_api_routes_without_jwt_required():
+    api_routes_without_jwt_required = []
+
+    for root, dirs, files in os.walk(app_path):
+        for file in files:
+            if file.endswith('.py'):
+                file_path = os.path.join(root, file)
+
+                with open(file_path, 'r', encoding='utf-8') as f:
+                    file_content = f.read()
+                    try:
+                        parsed_content = ast.parse(file_content)
+                    except SyntaxError as e:
+                        print(f"Skipping {file_path} due to SyntaxError: {e}")
+                        continue
+                    for node in ast.walk(parsed_content):
+                        if isinstance(node, ast.FunctionDef):
+                            api_route_decorator = False
+                            jwt_required_decorator = False
+
+                            for decorator in node.decorator_list:
+                                if isinstance(decorator, ast.Call) and hasattr(decorator.func, 'attr') and decorator.func.attr == 'route' and hasattr(decorator.func.value, 'id') and decorator.func.value.id == 'api':
+                                    api_route_decorator = True
+                                elif isinstance(decorator, ast.Name) and decorator.id == 'jwt_required':
+                                    jwt_required_decorator = True
+
+                            if api_route_decorator and not jwt_required_decorator:
+                                api_routes_without_jwt_required.append({
+                                    'file': file_path,
+                                    'route': node.name,
+                                    'line_number': node.lineno
+                                })
+
+    return api_routes_without_jwt_required
+
+api_routes = find_api_routes_without_jwt_required()
+
+if api_routes:
+    print("API routes without @jwt_required decorator:")
+    for route in api_routes:
+        print(f"{route['file']} -> API Route: {route['route']} (line {route['line_number']})")
+else:
+    print("All API routes have the @jwt_required decorator!")
+