added auth

diff --git a/director/__init__.py b/director/__init__.py
index 18b5d5d6652adffe60ddd513236ff0834d4cae47..ab046d4caaa7a16ef3cb459f98a929c06b2d96f0 100644 (file)
--- a/director/__init__.py
+++ b/director/__init__.py
@@ -1,5 +1,9 @@
+from werkzeug.security import generate_password_hash, check_password_hash
 from flask import Flask, render_template, send_from_directory, request
 from flask_socketio import SocketIO, emit
+from flask_httpauth import HTTPBasicAuth
+from flask_cors import CORS
+import json
 import os
 
 from .utils import deindex
@@ -10,7 +14,22 @@ from director.database.read import read_views as database_read_views
 
 app = Flask(__name__, instance_relative_config=False)
 socketio = SocketIO(app, logger=False, engineio_logger=False)
+auth = HTTPBasicAuth()
+CORS(app)
 
+# import authentication data
+
+with open(f"{app.root_path}/../../secrets.json", "r", encoding="utf-8") as f:
+       users = json.loads(f.read())
+users = {k: generate_password_hash(v) for (k, v) in users.items()}
+
+# password verifier
+
+def verify_password(username, password):
+    if username in users and check_password_hash(users.get(username), password):
+        return username
+
+auth.verify_password(verify_password)
 
 # root movements
 
@@ -30,8 +49,8 @@ def info(screen):
 
 # admin screen pages
 
-app.route("/admin", methods=["get"])(admin.admin_main)
-app.route("/admin/<string:table_name>", methods=["get", "post"])(admin.admin_table)
+app.route("/admin", methods=["get"])(auth.login_required(admin.admin_main))
+app.route("/admin/<string:table_name>", methods=["get", "post"])(auth.login_required(admin.admin_table))
 
 # script pages
 

diff --git a/requirements.txt b/requirements.txt
index 34b5c1d90469217d2f016857a034a24e505c8311..797b57058702f676ba7a8fe10dd64f395d545e51 100644 (file)
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,2 +1,5 @@
 flask_socketio
+flask_httpauth
+flask_cors
+werkzeug
 flask