Finish security updates

app.py

@@ -46,11 +46,9 @@ class RecipeUpdate(BaseModel):
     ingredients: Optional[List[str]]
     description: Optional[str]
     instructions: Optional[str]
-    user_id: Optional[str]
 
 class DeleteRecipeRequest(BaseModel):
     id: str
-    user_id: str
 
 security = HTTPBearer()
 
@@ -65,7 +63,7 @@ def verify_token(credentials: HTTPAuthorizationCredentials = Depends(security)):
         )
         return decoded
     except Exception as e:
-        raise HTTPException(status_code=401, detail="Invalid or expired token")
+        raise HTTPException(status_code=401, detail="Invalid or expired authorization")
 
 @app.put("/supabase/add/recipe")
 def add_recipe_to_supabase(recipe: Recipe, token_data=Depends(verify_token)):
@@ -126,14 +124,15 @@ async def get_recipe_by_id(id: str):
         raise HTTPException(status_code=500, detail=str(e))
 
 @app.delete("/supabase/delrecipe")
-async def delete_recipe(data: DeleteRecipeRequest):
+async def delete_recipe(data: DeleteRecipeRequest, token_data=Depends(verify_token)):
     recipe = supabase.table("recipes").select("*").eq("id", data.id).single().execute()
+    user_id = token_data['sub']
 
     if not recipe.data:
         raise HTTPException(status_code=404, detail="Recipe not found")
 
-    if recipe.data["user_id"] != data.user_id:
-        raise HTTPException(status_code=403, detail="Unauthorized: Not your recipe")
+    if recipe.data["user_id"] != user_id:
+        raise HTTPException(status_code=403, detail="Deletion Aborted: Authorization required not found to complete this interaction")
 
     supabase.table("recipes").delete().eq("id", data.id).execute()
 
@@ -144,26 +143,23 @@ def status():
     return {"status": "ok"}
 
 @app.patch("/supabase/edit/recipe")
-async def edit_recipe(request: Request, id: str, update: RecipeUpdate):
-    try:
-        update_dict = update.dict(exclude_none=True)
-        if not update_dict:
-            raise HTTPException(status_code=400, detail="No fields provided to update.")
+async def edit_recipe(request: Request, id: str, update: RecipeUpdate, token_data=Depends(verify_token)):
+    user_id = token_data['sub']
+    update_dict = update.dict(exclude_none=True)
+    if not update_dict:
+        raise HTTPException(status_code=400, detail="No fields provided to update.")
 
-        ownership_check = supabase.table("recipes").select("user_id").eq("id", id).single().execute()
-        if ownership_check.data["user_id"] != update.user_id:
-            raise HTTPException(status_code=403, detail="You are not authorized to edit this recipe.")
+    ownership_check = supabase.table("recipes").select("user_id").eq("id", id).single().execute()
+    if ownership_check.data["user_id"] != user_id:
+        raise HTTPException(status_code=403, detail="Edit Aborted: Authorization required not found to complete this interaction")
 
-        response = supabase.table("recipes").update(update_dict).eq("id", id).execute()
+    response = supabase.table("recipes").update(update_dict).eq("id", id).execute()
 
-        return JSONResponse(content={
-            "message": "Recipe updated successfully.",
-            "data": response.data
-        })
+    return JSONResponse(content={
+        "message": "Recipe updated successfully.",
+        "data": response.data
+    })
 
-    except Exception as e:
-        print("EXCEPTION:", e)
-        raise HTTPException(status_code=500, detail=str(e))
 @app.get("/supabase/recipes/paged")
 def get_recipes_paged(
         limit: int = Query(12, ge=1),