Make SQL queries require auth
This commit is contained in:
Peter Stockings
@@ -2,6 +2,7 @@ import os
|
|||||||
import requests # Import requests library
|
import requests # Import requests library
|
||||||
import json # Import json library
|
import json # Import json library
|
||||||
from flask import Blueprint, render_template, request, current_app, jsonify
|
from flask import Blueprint, render_template, request, current_app, jsonify
|
||||||
|
from flask_login import login_required
|
||||||
from jinja2_fragments import render_block
|
from jinja2_fragments import render_block
|
||||||
from flask_htmx import HTMX
|
from flask_htmx import HTMX
|
||||||
from extensions import db
|
from extensions import db
|
||||||
@@ -132,6 +133,7 @@ def sql_explorer():
|
|||||||
return render_template('sql_explorer.html', saved_queries=saved_queries)
|
return render_template('sql_explorer.html', saved_queries=saved_queries)
|
||||||
|
|
||||||
@sql_explorer_bp.route("/query", methods=['POST'])
|
@sql_explorer_bp.route("/query", methods=['POST'])
|
||||||
|
@login_required
|
||||||
def sql_query():
|
def sql_query():
|
||||||
query = request.form.get('query')
|
query = request.form.get('query')
|
||||||
title = request.form.get('title')
|
title = request.form.get('title')
|
||||||
@@ -141,6 +143,7 @@ def sql_query():
|
|||||||
title=title, query=query, error=error, saved_queries=saved_queries)
|
title=title, query=query, error=error, saved_queries=saved_queries)
|
||||||
|
|
||||||
@sql_explorer_bp.route("/query/execute", methods=['POST'])
|
@sql_explorer_bp.route("/query/execute", methods=['POST'])
|
||||||
|
@login_required
|
||||||
def execute_sql_query():
|
def execute_sql_query():
|
||||||
query = request.form.get('query')
|
query = request.form.get('query')
|
||||||
(results, columns, error) = _execute_sql(query)
|
(results, columns, error) = _execute_sql(query)
|
||||||
@@ -155,6 +158,7 @@ def load_sql_query(query_id):
|
|||||||
title=title, query=query, saved_queries=saved_queries)
|
title=title, query=query, saved_queries=saved_queries)
|
||||||
|
|
||||||
@sql_explorer_bp.route('/delete_query/<int:query_id>', methods=['DELETE'])
|
@sql_explorer_bp.route('/delete_query/<int:query_id>', methods=['DELETE'])
|
||||||
|
@login_required
|
||||||
def delete_sql_query(query_id):
|
def delete_sql_query(query_id):
|
||||||
_delete_saved_query(query_id)
|
_delete_saved_query(query_id)
|
||||||
saved_queries = _list_saved_queries()
|
saved_queries = _list_saved_queries()
|
||||||
@@ -168,6 +172,7 @@ def sql_schema():
|
|||||||
return render_template('partials/sql_explorer/schema.html', create_sql=create_sql)
|
return render_template('partials/sql_explorer/schema.html', create_sql=create_sql)
|
||||||
|
|
||||||
@sql_explorer_bp.route("/plot/<int:query_id>", methods=['GET'])
|
@sql_explorer_bp.route("/plot/<int:query_id>", methods=['GET'])
|
||||||
|
@login_required
|
||||||
def plot_query(query_id):
|
def plot_query(query_id):
|
||||||
(title, query) = _get_saved_query(query_id)
|
(title, query) = _get_saved_query(query_id)
|
||||||
if not query: return "Query not found", 404
|
if not query: return "Query not found", 404
|
||||||
@@ -191,6 +196,7 @@ def plot_query(query_id):
|
|||||||
return f'<div class="p-4 text-red-700 bg-red-100 border border-red-400 rounded">Error preparing plot data: {e}</div>', 500
|
return f'<div class="p-4 text-red-700 bg-red-100 border border-red-400 rounded">Error preparing plot data: {e}</div>', 500
|
||||||
|
|
||||||
@sql_explorer_bp.route("/plot/show", methods=['POST'])
|
@sql_explorer_bp.route("/plot/show", methods=['POST'])
|
||||||
|
@login_required
|
||||||
def plot_unsaved_query():
|
def plot_unsaved_query():
|
||||||
query = request.form.get('query')
|
query = request.form.get('query')
|
||||||
title = request.form.get('title', 'SQL Query Plot') # Add default title
|
title = request.form.get('title', 'SQL Query Plot') # Add default title
|
||||||
@@ -214,6 +220,7 @@ def plot_unsaved_query():
|
|||||||
return f'<div class="p-4 text-red-700 bg-red-100 border border-red-400 rounded">Error preparing plot data: {e}</div>', 500
|
return f'<div class="p-4 text-red-700 bg-red-100 border border-red-400 rounded">Error preparing plot data: {e}</div>', 500
|
||||||
|
|
||||||
@sql_explorer_bp.route("/generate_sql", methods=['POST'])
|
@sql_explorer_bp.route("/generate_sql", methods=['POST'])
|
||||||
|
@login_required
|
||||||
def generate_sql():
|
def generate_sql():
|
||||||
"""Generates SQL from natural language via Gemini REST API."""
|
"""Generates SQL from natural language via Gemini REST API."""
|
||||||
natural_query = request.form.get('natural_query')
|
natural_query = request.form.get('natural_query')
|
||||||
|
|||||||
Reference in New Issue
Block a user