Update app.py to add authentication.

app.py

@@ -1,15 +1,15 @@
-from flask import Flask, request, redirect, url_for, send_file, render_template, flash
+from flask import Flask, request, redirect, url_for, send_file, render_template, flash, Response
 from flask_cors import CORS
 from werkzeug.utils import secure_filename
 from pymongo.mongo_client import MongoClient
 from pymongo.server_api import ServerApi
 import urllib.parse
+from functools import wraps
 import os
 import io
 
 app = Flask(__name__)
 app.secret_key = os.getenv('SECRET_KEY')
-CORS(app,resources={r"/*":{"origins":"*"}})
 
 username = urllib.parse.quote_plus(os.getenv('MONGO_USERNAME'))
 password = urllib.parse.quote_plus(os.getenv('MONGO_PASSWORD'))
@@ -19,14 +19,42 @@ client = MongoClient(uri, server_api=ServerApi('1'))
 db = client['file_storage']
 files_collection = db['files']
 
-def allowed_file(filename):
-    return True
+try:
+    client.admin.command('ping')
+    print("Pinged your deployment. You successfully connected to MongoDB!")
+except Exception as e:
+    print(e)
+
+# Get the password from the environment variable
+APP_PASSWORD = os.getenv('APP_PASSWORD')
+
+def check_auth(username, password):
+    """Check if a username/password combination is valid."""
+    return username == 'admin' and password == APP_PASSWORD
+
+def authenticate():
+    """Send a 401 response that enables basic auth."""
+    return Response(
+        'Could not verify your access level for that URL.\n'
+        'You have to login with proper credentials', 401,
+        {'WWW-Authenticate': 'Basic realm="Login Required"'})
+
+def requires_auth(f):
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        auth = request.authorization
+        if not auth or not check_auth(auth.username, auth.password):
+            return authenticate()
+        return f(*args, **kwargs)
+    return decorated
 
 @app.route('/')
+@requires_auth
 def index():
     return render_template('index.html')
 
 @app.route('/upload', methods=['GET', 'POST'])
+@requires_auth
 def upload_file():
     if request.method == 'POST':
         if 'file' not in request.files:
@@ -37,7 +65,7 @@ def upload_file():
             if file.filename == '':
                 flash('No selected file')
                 return redirect(request.url)
-            if file and allowed_file(file.filename):
+            if file:
                 filename = secure_filename(file.filename)
                 file_data = {
                     'filename': filename,
@@ -49,6 +77,7 @@ def upload_file():
     return render_template('upload.html')
 
 @app.route('/uploads/<filename>')
+@requires_auth
 def uploaded_file(filename):
     file_data = files_collection.find_one({'filename': filename})
     if file_data:
@@ -61,11 +90,13 @@ def uploaded_file(filename):
 
 
 @app.route('/files')
+@requires_auth
 def list_files():
     files = [file_data['filename'] for file_data in files_collection.find({}, {'_id': 1, 'filename': 1})]
     return render_template('files.html', files=files)
 
 @app.route('/delete/<filename>', methods=['POST'])
+@requires_auth
 def delete_file(filename):
     file_data = files_collection.find_one({'filename': filename})
     if file_data:
@@ -76,4 +107,4 @@ def delete_file(filename):
     return redirect(url_for('list_files'))
 
 if __name__ == '__main__':
-    app.run(debug=True, host='0.0.0.0')
+    app.run(debug=True)