secured checkin endpoint

backend/main.py

@@ -47,6 +47,15 @@ def get_db():
         db.close()
 
 
+def check_token(token: str):
+    if datetime.fromtimestamp(oauth2_tokener.loads(token)) < datetime.now():
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+
 # Routes
 @app.post("/item/prepare", response_model=schemas.Item)
 @limiter.limit("2/minute")
@@ -78,12 +87,7 @@ def get_item(item_uuid: str, db: Session = Depends(get_db)):
 
 @app.get("/items", response_model=list[schemas.Item])
 def get_items(token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)):
-    if datetime.fromtimestamp(oauth2_tokener.loads(token)) < datetime.now():
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Invalid authentication credentials",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
+    check_token(token)
     return utils.get_stored_items(db)
 
 
@@ -101,7 +105,12 @@ def list_storages(db: Session = Depends(get_db)):
 
 
 @app.post("/checkin", response_model=schemas.Item)
-def checkin_item_by_uuid(checkin: schemas.ItemCheckin, db: Session = Depends(get_db)):
+def checkin_item_by_uuid(
+    checkin: schemas.ItemCheckin,
+    token: str = Depends(oauth2_scheme),
+    db: Session = Depends(get_db),
+):
+    check_token(token)
     item = utils.get_item_by_uuid(db, UUID(checkin.item_uuid))
     if item is None:
         raise HTTPException(status_code=404, detail="Item not found")