routes are now secured.

src/cljs/auto_ap/effects.cljs

@@ -14,13 +14,16 @@
 
 (re-frame/reg-fx
  :http
- (fn [{:keys [method uri on-success body headers]}]
+ (fn [{:keys [method uri on-success body headers token]}]
    (go
-     (->> (http/request {:method method
-                         :body body
-                         :headers headers
-                        :url uri})
-         (<! )
-         :body
-         (conj on-success)
-         (re-frame/dispatch)))))
+     (let [headers (if token
+                     (assoc headers "Authorization" (str "Token " token))
+                     headers)]
+       (->> (http/request {:method method
+                           :body body
+                           :headers  headers
+                           :url uri})
+            (<! )
+            :body
+            (conj on-success)
+            (re-frame/dispatch))))))

src/cljs/auto_ap/events.cljs

@@ -41,6 +41,7 @@
  ::approve-invoices
  (fn  [cofx [_]]
    {:http {:method :post
+           :token (-> cofx :db :user)
            :uri (str "/api/invoices/approve"
                      (when-let [company-name (-> cofx :db :company :name)]
                        (str "?company=" company-name)))
@@ -52,6 +53,7 @@
  (fn [cofx []]
    {:db (assoc-in (:db cofx) [:status :loading] true)
     :http {:method :get
+           :token (-> cofx :db :user)
            :uri (str "/api/invoices/pending"
                      (when-let [company-name (-> cofx :db :company :name)]
                        (str "?company=" company-name)))
@@ -62,6 +64,7 @@
  (fn [cofx []]
    {:db (assoc-in (:db cofx) [:status :loading] true)
     :http {:method :get
+           :token (-> cofx :db :user)
            :uri (str "/api/invoices/unpaid"
                      (when-let [company-name (-> cofx :db :company :name)]
                        (str "?company=" company-name)))
@@ -71,6 +74,7 @@
  ::reject-invoices
  (fn  [cofx [_]]
    {:http {:method :post
+           :token (-> cofx :db :user)
            :uri (str "/api/invoices/reject"
                      (when-let [company-name (-> cofx :db :company :name)]
                        (str "?company=" company-name)))
@@ -86,6 +90,7 @@
  (fn  [{:keys [db]} [_ invoice]]
 
    {:http {:method :post
+           :token (-> db :user)
            :uri "/api/invoices"
            :body (pr-str {:rows [(assoc invoice :imported true)]})
            :headers {"Content-Type" "application/edn"}

src/cljs/auto_ap/subs.cljs

@@ -23,7 +23,6 @@
  (fn [db]
    (when (:user db)
      (let [{:strs [name] :as x} (js->clj (.parse js/JSON (base64/decodeString (second (str/split (:user db) #"\.")))))]
-       (println  x)
        {:name name}))))
 
 (re-frame/reg-sub

src/cljs/auto_ap/views.cljs

@@ -220,11 +220,10 @@
 (defn login-url []
   (let [client-id "264081895820-0nndcfo3pbtqf30sro82vgq5r27h8736.apps.googleusercontent.com"
         redirect-uri "http%3A%2F%2Flocalhost%3A3449%2Fapi%2Foauth"]
-    (str "https://accounts.google.com/o/oauth2/auth?access_type=online&client_id=" client-id "&redirect_uri=" redirect-uri "&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile"))
-  )
+    (str "https://accounts.google.com/o/oauth2/auth?access_type=online&client_id=" client-id "&redirect_uri=" redirect-uri "&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile")))
+
 (defn login []
   (let [user (re-frame/subscribe [::subs/user])]
-    (println @user)
     [:a {:class "navbar-link login" :href (login-url)} (or (:name @user) "Login")]))
 
 (defn main-panel []