Added Firebase Authentication to training/ Endpoints

[alantao912]

Added Firebase Authentication to training/ Endpoints

What user problem are we solving?

Insecure training endpoints.

What solution does this PR provide?

Firebase authentication to secure training endpoints.

Testing Methodology
Have not tested yet.

Any other considerations
I only found two endpoints in training apart from a test API.

[karkir0003]

have you tried testing through postman? @alantao912

[karkir0003]

use cli.py to generate bearer token and verify that training endpoints work

[farisdurrani]

Make sure the public routes in self.exempt_paths are accessible regardless of token status

[karkir0003]

@dwu359 do we still need the exempt paths stuff that faris mentioned?

[dwu359]

Good start so far, you can add the auth for entire routers btw instead of adding auth for each endpoint

[dwu359]

Make sure the public routes in self.exempt_paths are accessible regardless of token status

@farisdurrani @karkir0003 So Django Ninja has these things called routers which are pretty similar to flask's blueprints, we can attach auth to entire routers, and for any exempt_paths we can just put them outside of these routers or put them in a router without auth

[karkir0003]

got it. so pretty much all.solved with django!

[alantao912]

Make sure the public routes in self.exempt_paths are accessible regardless of token status

Just checked, none of the exempt paths have auth headers.

[farisdurrani]

@alantao912 let us know when your PR is ready, and do update your branch

[karkir0003]

looks good to me. as long as u address the comments or do it in a followup pr, i conditionally approve

[farisdurrani]

Very nice. Can you confirm you've tested this @alantao912 and it all works? As well as the exempt paths?

[alantao912]

Yes, I can confirm that all endpoints work. And exempt paths do not require authentication. @farisdurrani