Added pw protection to alter and delete

master
Davide Bongiovanni 8 years ago
parent 5e307c4eef
commit ca4b70a95f

1
.gitignore vendored

@ -1,2 +1,3 @@
admin.json admin.json
edit_admin.json
*.scss *.scss

@ -5,7 +5,7 @@ import sqlalchemy
from sqlalchemy.sql import select from sqlalchemy.sql import select
from sqlalchemy.sql import text from sqlalchemy.sql import text
from flask import Flask from flask import Flask
from flask import render_template, send_from_directory, request from flask import render_template, send_from_directory, request, Response
from werkzeug.utils import secure_filename from werkzeug.utils import secure_filename
app = Flask(__name__) app = Flask(__name__)
@ -14,6 +14,26 @@ db_engine = {}
db_metadata = {} db_metadata = {}
parts = {} parts = {}
def check_auth(username, password):
admin_list = []
with open('edit_admin.json', 'r') as admin:
admin_list = json.load(admin)
for user in admin_list:
if username == user['username']:
return password == user['password']
def authenticate():
return Response('Could not verify access level. Please retry', 401, {'WWW-Authenticate' : 'Basic realm="Login Required"'})
def requires_auth(f):
@wraps(f)
def decorated(*args, **kwargs):
auth = request.authorization
if not auth or not check_auth(auth.username, auth.password):
return authenticate()
return f(*args, **kwargs)
return decorated
@app.route('/parts') @app.route('/parts')
def index(): def index():
return render_template('partsearch.html') return render_template('partsearch.html')
@ -62,6 +82,7 @@ def getfile(filename):
return send_from_directory('/srv/datasheets/', filename + '.pdf') return send_from_directory('/srv/datasheets/', filename + '.pdf')
@app.route('/parts/alter/<partID>', methods=['POST']) @app.route('/parts/alter/<partID>', methods=['POST'])
@requires_auth
def alter(partID): def alter(partID):
partID = int(partID) partID = int(partID)
s = '' s = ''
@ -127,6 +148,7 @@ def alter(partID):
return '{"status":"ok"}' return '{"status":"ok"}'
@app.route('/parts/delete/<partID>') @app.route('/parts/delete/<partID>')
@requires_auth
def delete(partID): def delete(partID):
if partID < 0: if partID < 0:
abort(400) abort(400)

Loading…
Cancel
Save