Add basic authentication using username/password sourced from env on delete user/workout endpoints

app.py

@@ -1,3 +1,4 @@
+from flask_basicauth import BasicAuth
 import matplotlib.dates as mdates
 import matplotlib.pyplot as plt
 from dateutil.relativedelta import relativedelta
@@ -31,6 +32,11 @@ jinja_partials.register_extensions(app)
 htmx = HTMX(app)
 db = SQLAlchemy(app)
 
+app.config['BASIC_AUTH_USERNAME'] = os.getenv("ADMIN_USERNAME") or 'admin'
+app.config['BASIC_AUTH_PASSWORD'] = os.getenv("ADMIN_PASSWORD") or 'admin'
+
+basic_auth = BasicAuth(app)
+
 
 class User(db.Model):
     __tablename__ = 'users'
@@ -126,6 +132,7 @@ def users():
 
 
 @app.route('/user/<int:user_id>', methods=['DELETE'])
+@basic_auth.required
 def delete_user(user_id):
     user = User.query.get(user_id)
     if user:
@@ -210,7 +217,7 @@ def workouts(user_id):
         return jsonify({'message': 'Workout created successfully.'}), 201
 
 
-@app.route('/user/<int:user_id>/workout/<int:workout_id>/<string:graph_type>', methods=['GET', 'DELETE'])
+@app.route('/user/<int:user_id>/workout/<int:workout_id>/<string:graph_type>', methods=['GET'])
 def workout(user_id, workout_id, graph_type):
     workout = Workout.query.filter_by(user_id=user_id, id=workout_id).join(
         Workout.cadence_readings).join(Workout.heart_rate_readings).first()
@@ -254,6 +261,7 @@ def view_workout(user_id, workout_id):
 
 
 @app.route('/user/<int:user_id>/workout/<int:workout_id>/delete', methods=['DELETE'])
+@basic_auth.required
 def delete_workout(user_id, workout_id):
     # Delete the workout and its associated cadence readings
     CadenceReading.query.filter_by(workout_id=workout_id).delete()

requirements.txt

@@ -11,3 +11,4 @@ matplotlib==3.5.2
 sparklines==0.4.2
 humanize==4.8.0
 Werkzeug==2.2.2
+Flask-BasicAuth==0.2.0