[EPIC][TCL] TCL changes + temporary JWT auth by willian-viana · Pull Request #5189 · wri/gfw

willian-viana · 2026-03-19T14:05:02Z

Overview

[FLAG-1469](https://gfw.atlassian.net/browse/FLAG-1469)

To prevent unauthorized access to the new data by other users, we're implementing a new auth, that restricts access to the admin account

gtempus

Yeah! This is what I was orginally thinking, @willian-viana! 💯

Do we need to modify utils/request.js since the Authorization header is already being added in pages/api/data/[...params].js?

The main reason I'm asking is that it means that the client will send a token to the server-side, and could be captured and used by someone else to access the data? 🤷

willian-viana · 2026-03-24T20:05:14Z

Yeah! This is what I was orginally thinking, @willian-viana! 💯

Do we need to modify utils/request.js since the Authorization header is already being added in pages/api/data/[...params].js?

The main reason I'm asking is that it means that the client will send a token to the server-side, and could be captured and used by someone else to access the data? 🤷

pages/api/data/[...params].js is a proxy for client requests. When the request is internal (server-side) it pass directly to the Data API.

//if isServer is true, then pass the Authorization alongisde the x-api-key
...(isServer && {
    baseURL: DATA_API_URL,
    headers: {
      'x-api-key': DATA_API_KEY,
      ...(GFW_DATA_API_TOKEN && {
        Authorization: `Bearer ${GFW_DATA_API_TOKEN}`,
      }),
    },
  }),

  // If not, call the proxy (pages/api/data/[...params].js)
  ...(!isServer && {
    baseURL: PROXIES.DATA_API,
  }),

gtempus

Thanks, @willian-viana! Let's give this a shot.

Pin gain version so we don't need to add it back to geotrellis

…mart

…he datamart request

[DATAMART] Rollback datamart implementation

…er to display 2025 and avoid magic number

willian-viana requested a review from gtempus March 19, 2026 14:05

willian-viana self-assigned this Mar 19, 2026

willian-viana mentioned this pull request Mar 19, 2026

[TCL]: Add simple JWT auth #5188

Closed

willian-viana temporarily deployed to gfw-staging-pr-5189 March 19, 2026 14:08 Inactive

willian-viana force-pushed the feat/TCL-admin-full-JWT branch from 28e86cd to 7e67c31 Compare March 19, 2026 14:37

willian-viana temporarily deployed to gfw-staging-pr-5189 March 19, 2026 14:38 Inactive

willian-viana force-pushed the feat/TCL-admin-full-JWT branch from 7e67c31 to 6f1ede9 Compare March 19, 2026 14:41

willian-viana temporarily deployed to gfw-staging-pr-5189 March 19, 2026 14:42 Inactive

willian-viana marked this pull request as ready for review March 19, 2026 14:42

willian-viana changed the title ~~[TCL] Add full JWT auth~~ [TCL][FLAG-1469] Add full JWT auth Mar 19, 2026

willian-viana changed the title ~~[TCL][FLAG-1469] Add full JWT auth~~ [TCL][FLAG-1469] Add JWT auth Mar 19, 2026

gtempus requested changes Mar 19, 2026

View reviewed changes

Comment thread pages/api/data/[...params].js

willian-viana added 3 commits March 24, 2026 14:35

feat(tcl): add jwt auth

6567ef0

To prevent unauthorized access to the new data by other users, we're implementing a new auth, that restricts access to the admin account

feat(tcl): add jwt auth

1bb39dd

To prevent unauthorized access to the new data by other users, we're implementing a new auth, that restricts access to the admin account

feat(jwt): remove jwt from the client and remove admin role validation

0825119

willian-viana force-pushed the feat/TCL-admin-full-JWT branch from 6f1ede9 to 0825119 Compare March 24, 2026 18:00

willian-viana temporarily deployed to gfw-staging-pr-5189 March 24, 2026 18:01 Inactive

feat(jwt): add Authorization to the request config

b35c673

willian-viana requested a review from gtempus March 24, 2026 18:07

willian-viana temporarily deployed to gfw-staging-pr-5189 March 24, 2026 18:07 Inactive

fix(jwt): fix environment validation

10ff984

willian-viana temporarily deployed to gfw-staging-pr-5189 March 24, 2026 18:11 Inactive

gtempus requested changes Mar 24, 2026

View reviewed changes

willian-viana requested a review from gtempus March 24, 2026 20:05

chore(jwt): remove dependency

873eb7b

willian-viana temporarily deployed to gfw-staging-pr-5189 March 24, 2026 20:14 Inactive

gtempus approved these changes Mar 24, 2026

View reviewed changes

willian-viana temporarily deployed to gfw-staging-pr-5189 March 25, 2026 17:57 Inactive

chore(jwt): add feature flag

0777407

feat(widgets): set MAX YEAR to 2025

dfb4ad1

willian-viana temporarily deployed to gfw-staging-pr-5189 April 3, 2026 19:53 Inactive

jterry64 added 3 commits April 6, 2026 10:10

Pin tree cover gain version so we can remove from current analysis

1bea56f

Use constant

ed156d0

Merge pull request #5199 from wri/pin_gain

ece605a

Pin gain version so we don't need to add it back to geotrellis

willian-viana temporarily deployed to gfw-staging-pr-5189 April 6, 2026 19:59 Inactive

Use latest geotrellis tables

ed64c18

willian-viana temporarily deployed to gfw-staging-pr-5189 April 7, 2026 23:02 Inactive

willian-viana added 8 commits April 8, 2026 21:25

feat(datamart): rollback tree cover loss by dominant driver from data…

d9f442e

…mart

feat(datamart): rollback gas emissions widget

3155b6d

feat(datamart): remove tree-loss-drivers with datamart implementation

8ac5ff8

feat(datamart): rollback Components of net change in tree cover widget

06b63e2

feat(datamart): remove datamart services and utils

ebb9b4f

fix(datamart): copy same structure of _tree-loss-drivers but remove t…

25b2dea

…he datamart request

fix(datamart): fix gas emissions datamart migration

c81a664

Merge pull request #5200 from wri/chore/remove-datamart

bd7db86

[DATAMART] Rollback datamart implementation

willian-viana temporarily deployed to gfw-staging-pr-5189 April 9, 2026 00:26 Inactive

feat(custom-alert): add whitelist for widget alerts

c2e1c0b

willian-viana temporarily deployed to gfw-staging-pr-5189 April 9, 2026 01:24 Inactive

willian-viana added 2 commits April 15, 2026 13:21

feat(dashboard): update dashboard header sentence to display 2025 data

156f0e5

feat(dashboard): update global sentence of Emissions by dominant driv…

67f647f

…er to display 2025 and avoid magic number

willian-viana temporarily deployed to gfw-staging-pr-5189 April 15, 2026 16:26 Inactive

Use v20260407 for all TCL tables

3997caa

willian-viana temporarily deployed to gfw-staging-pr-5189 April 16, 2026 15:43 Inactive

willian-viana temporarily deployed to gfw-staging-pr-5189 April 17, 2026 19:44 Inactive

feat(primary-loss): add custom alert for the India option

b9636f8

willian-viana force-pushed the feat/TCL-admin-full-JWT branch from 634bb4b to b9636f8 Compare April 17, 2026 20:04

willian-viana temporarily deployed to gfw-staging-pr-5189 April 17, 2026 20:05 Inactive

chore(emissions): set MIN_YEAR to 2002

f0ac72a

willian-viana deployed to gfw-staging-pr-5189 April 17, 2026 20:23 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[EPIC][TCL] TCL changes + temporary JWT auth#5189

[EPIC][TCL] TCL changes + temporary JWT auth#5189
willian-viana wants to merge 28 commits intodevelopfrom
feat/TCL-admin-full-JWT

willian-viana commented Mar 19, 2026 •

edited by atlassian bot

Loading

Uh oh!

Uh oh!

gtempus left a comment

Uh oh!

willian-viana commented Mar 24, 2026

Uh oh!

gtempus left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

willian-viana commented Mar 19, 2026 • edited by atlassian bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Overview

Uh oh!

Uh oh!

gtempus left a comment

Choose a reason for hiding this comment

Uh oh!

willian-viana commented Mar 24, 2026

Uh oh!

gtempus left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

willian-viana commented Mar 19, 2026 •

edited by atlassian bot

Loading