auth email/password

app/routes/main.py

@@ -2,7 +2,7 @@
 
 from flask import Blueprint
 
-from app.services.decorators import get_current_user, require_auth
+from app.services.decorators import get_current_user, require_auth, require_admin, require_auth_or_api_token, get_user_from_api_token
 from app.services.greeting_service import GreetingService
 
 bp = Blueprint("main", __name__)
@@ -24,7 +24,7 @@ def hello(name: str | None = None) -> dict[str, str]:
 @bp.route("/protected")
 @require_auth
 def protected() -> dict[str, str]:
-    """Protected endpoint that requires authentication."""
+    """Protected endpoint that requires JWT authentication."""
     user = get_current_user()
     return {
         "message": f"Hello {user['name']}, this is a protected endpoint!",
@@ -32,6 +32,33 @@ def protected() -> dict[str, str]:
     }
 
 
+@bp.route("/api-protected")
+@require_auth_or_api_token
+def api_protected() -> dict[str, str]:
+    """Protected endpoint that accepts JWT or API token authentication."""
+    # Try to get user from JWT first, then API token
+    user = get_current_user()
+    if not user:
+        user = get_user_from_api_token()
+    
+    return {
+        "message": f"Hello {user['name']}, you accessed this via {user['provider']}!",
+        "user": user
+    }
+
+
+@bp.route("/admin")
+@require_admin
+def admin_only() -> dict[str, str]:
+    """Admin-only endpoint to demonstrate role-based access."""
+    user = get_current_user()
+    return {
+        "message": f"Hello admin {user['name']}, you have admin access!",
+        "user": user,
+        "admin_info": "This endpoint is only accessible to admin users"
+    }
+
+
 @bp.route("/health")
 def health() -> dict[str, str]:
     """Health check endpoint."""