feat: server-side security

main.py

@@ -1,4 +1,4 @@
-from fastapi import APIRouter, FastAPI, status
+from fastapi import APIRouter, Depends, FastAPI, status
 from fastapi.staticfiles import StaticFiles
 from db import Player, Team, Chemistry, MVPRanking, engine
 from sqlmodel import (
@@ -7,7 +7,12 @@ from sqlmodel import (
 )
 from fastapi.middleware.cors import CORSMiddleware
 from analysis import analysis_router
-from security import login_for_access_token, read_users_me, read_own_items
+from security import (
+    get_current_active_user,
+    login_for_access_token,
+    read_users_me,
+    read_own_items,
+)
 
 
 app = FastAPI(title="cutt")
@@ -92,7 +97,9 @@ class SPAStaticFiles(StaticFiles):
 
 api_router.include_router(player_router)
 api_router.include_router(team_router)
-api_router.include_router(analysis_router)
+api_router.include_router(
+    analysis_router, dependencies=[Depends(get_current_active_user)]
+)
 api_router.add_api_route("/token", endpoint=login_for_access_token, methods=["POST"])
 api_router.add_api_route("/users/me/", endpoint=read_users_me, methods=["GET"])
 api_router.add_api_route("/users/me/items/", endpoint=read_own_items, methods=["GET"])