From ca4b70a95f0a674b577dd11952f6e3326d4bae17 Mon Sep 17 00:00:00 2001 From: Davide Bongiovanni Date: Sat, 10 Jun 2017 15:41:33 +0200 Subject: [PATCH] Added pw protection to alter and delete --- .gitignore | 1 + server.py | 24 +++++++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 10274b4..bcb6273 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ admin.json +edit_admin.json *.scss diff --git a/server.py b/server.py index 3d3231f..bd998c5 100644 --- a/server.py +++ b/server.py @@ -5,7 +5,7 @@ import sqlalchemy from sqlalchemy.sql import select from sqlalchemy.sql import text from flask import Flask -from flask import render_template, send_from_directory, request +from flask import render_template, send_from_directory, request, Response from werkzeug.utils import secure_filename app = Flask(__name__) @@ -14,6 +14,26 @@ db_engine = {} db_metadata = {} parts = {} +def check_auth(username, password): + admin_list = [] + with open('edit_admin.json', 'r') as admin: + admin_list = json.load(admin) + for user in admin_list: + if username == user['username']: + return password == user['password'] + +def authenticate(): + return Response('Could not verify access level. Please retry', 401, {'WWW-Authenticate' : 'Basic realm="Login Required"'}) + +def requires_auth(f): + @wraps(f) + def decorated(*args, **kwargs): + auth = request.authorization + if not auth or not check_auth(auth.username, auth.password): + return authenticate() + return f(*args, **kwargs) + return decorated + @app.route('/parts') def index(): return render_template('partsearch.html') @@ -62,6 +82,7 @@ def getfile(filename): return send_from_directory('/srv/datasheets/', filename + '.pdf') @app.route('/parts/alter/', methods=['POST']) +@requires_auth def alter(partID): partID = int(partID) s = '' @@ -127,6 +148,7 @@ def alter(partID): return '{"status":"ok"}' @app.route('/parts/delete/') +@requires_auth def delete(partID): if partID < 0: abort(400)