Pest: require district selection + restore B2B auth gate
Browse files
api.py
CHANGED
|
@@ -875,9 +875,17 @@ def pest_risk(req: PestRiskRequest, user: _Opt[str] = Depends(_get_current_user)
|
|
| 875 |
import datetime
|
| 876 |
t0 = time.perf_counter()
|
| 877 |
|
| 878 |
-
#
|
| 879 |
-
#
|
| 880 |
-
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 881 |
|
| 882 |
month = req.month or datetime.datetime.now().month
|
| 883 |
year = req.year or datetime.datetime.now().year
|
|
|
|
| 875 |
import datetime
|
| 876 |
t0 = time.perf_counter()
|
| 877 |
|
| 878 |
+
# ββ B2B aggregate guard ββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
| 879 |
+
# State-only queries (no district) return state-wide aggregates β those are
|
| 880 |
+
# the high-value bulk views B2B clients pay for. Require auth. Single-block
|
| 881 |
+
# queries (with district) stay open for retail / consumer demo use.
|
| 882 |
+
if not req.district and user is None:
|
| 883 |
+
raise HTTPException(
|
| 884 |
+
status_code=401,
|
| 885 |
+
detail="State-only pest aggregates require B2B authentication. "
|
| 886 |
+
"POST /auth/token to get a token, or supply 'district' for "
|
| 887 |
+
"a single-block lookup.",
|
| 888 |
+
)
|
| 889 |
|
| 890 |
month = req.month or datetime.datetime.now().month
|
| 891 |
year = req.year or datetime.datetime.now().year
|