Added pw protection to alter and delete

.gitignore

@@ -1,2 +1,3 @@
 admin.json
+edit_admin.json
 *.scss

server.py

@@ -5,7 +5,7 @@ import sqlalchemy
 from sqlalchemy.sql import select
 from sqlalchemy.sql import text
 from flask import Flask
-from flask import render_template, send_from_directory, request
+from flask import render_template, send_from_directory, request, Response
 from werkzeug.utils import secure_filename
 
 app = Flask(__name__)
@@ -14,6 +14,26 @@ db_engine = {}
 db_metadata = {}
 parts = {}
 
+def check_auth(username, password):
+	admin_list = []
+	with open('edit_admin.json', 'r') as admin:
+		admin_list = json.load(admin)
+	for user in admin_list:
+		if username == user['username']:
+			return password == user['password']
+
+def authenticate():
+	return Response('Could not verify access level. Please retry', 401, {'WWW-Authenticate' :  'Basic realm="Login Required"'})
+
+def requires_auth(f):
+	@wraps(f)
+	def decorated(*args, **kwargs):
+		auth = request.authorization
+		if not auth or not check_auth(auth.username, auth.password):
+			return authenticate()
+		return f(*args, **kwargs)
+	return decorated
+
 @app.route('/parts')
 def index():
     return render_template('partsearch.html')
@@ -62,6 +82,7 @@ def getfile(filename):
     return send_from_directory('/srv/datasheets/', filename + '.pdf')
 
 @app.route('/parts/alter/<partID>', methods=['POST'])
+@requires_auth
 def alter(partID):
     partID = int(partID)
     s = ''
@@ -127,6 +148,7 @@ def alter(partID):
     return '{"status":"ok"}'
 
 @app.route('/parts/delete/<partID>')
+@requires_auth
 def delete(partID):
     if partID < 0:
         abort(400)