5454from server .activity_tracker import ActivityTracker
5555from server .utils import extract_patterns , convert_to_agent_msg
5656from . import service
57- from .auth import auth_required
57+ from .auth import protected_route
5858from .logging import logger
5959
6060ROOT_DIR = os .path .dirname (os .path .dirname (os .path .abspath (__file__ )))
@@ -92,7 +92,8 @@ def create_flask_app() -> Flask:
9292 CORS (app , origins = [
9393 "https://bitquant.io" ,
9494 "https://www.bitquant.io" ,
95- r"^http://localhost:(3000|3001|3002|4000|4200|5000|5173|8000|8080|8081|9000)$"
95+ r"^http://localhost:(3000|3001|3002|4000|4200|5000|5173|8000|8080|8081|9000)$" ,
96+ r"^https://defi-chat-hub-git-[\w-]+-open-gradient\.vercel\.app$"
9697 ])
9798
9899 # Initialize DynamoDB
@@ -167,6 +168,7 @@ def healthcheck():
167168 return jsonify ({"status" : "ok" })
168169
169170 @app .route ("/api/portfolio" , methods = ["GET" ])
171+ @protected_route
170172 def get_portfolio ():
171173 address = request .args .get ("address" )
172174 if not address :
@@ -226,6 +228,7 @@ def get_tokenlist():
226228 return send_from_directory (STATIC_DIR , "tokenlist.json" )
227229
228230 @app .route ("/api/agent/run" , methods = ["POST" ])
231+ @protected_route
229232 def run_agent ():
230233 request_data = request .get_json ()
231234 agent_request = AgentChatRequest (** request_data )
@@ -262,6 +265,7 @@ def run_agent():
262265 raise
263266
264267 @app .route ("/api/agent/suggestions" , methods = ["POST" ])
268+ @protected_route
265269 def run_suggestions ():
266270 request_data = request .get_json ()
267271 agent_request = AgentChatRequest (** request_data )
@@ -279,6 +283,7 @@ def run_suggestions():
279283 return jsonify ({"suggestions" : suggestions })
280284
281285 @app .route ("/api/feedback" , methods = ["POST" ])
286+ @protected_route
282287 def submit_feedback ():
283288 try :
284289 request_data = request .get_json ()
@@ -312,6 +317,7 @@ def submit_feedback():
312317 return jsonify ({"error" : "Internal server error" }), 500
313318
314319 @app .route ("/api/invite/generate" , methods = ["POST" ])
320+ @protected_route
315321 def generate_invite_code ():
316322 try :
317323 request_data = request .get_json ()
@@ -371,6 +377,7 @@ def use_invite_code():
371377 return jsonify ({"error" : "Internal server error" }), 500
372378
373379 @app .route ("/api/activity/stats" , methods = ["GET" ])
380+ @protected_route
374381 def get_activity_stats ():
375382 try :
376383 address = request .args .get ("address" )
0 commit comments