From 54061aac2caf7f2e7c1e357e6b829bfc7b55c7b8 Mon Sep 17 00:00:00 2001
From: "Manuel Weiser (aider)" <manuel.weiser@me.com>
Date: Mon, 2 Sep 2024 10:40:44 +0200
Subject: [PATCH] feat: add authentication middleware to restrict access to
 logged-in users only

---
 game_collection/user_management.py | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/game_collection/user_management.py b/game_collection/user_management.py
index 9b666df..4ddd7c6 100644
--- a/game_collection/user_management.py
+++ b/game_collection/user_management.py
@@ -1,9 +1,27 @@
-from flask import Blueprint, request, jsonify
+from flask import Blueprint, request, jsonify, g
 from models import db, User
 from datetime import datetime
 
 user_bp = Blueprint('user', __name__)
 
+def authenticate():
+    # Hier wird die Authentifizierung überprüft (z.B. durch Token oder Session)
+    username = request.headers.get('X-Username')
+    password = request.headers.get('X-Password')
+    if username and password:
+        user = User.query.filter_by(username=username, password=password).first()
+        if user:
+            g.user = user
+            return True
+    return False
+
+@user_bp.before_request
+def before_request():
+    # Überprüfen, ob der Benutzer angemeldet ist, außer bei Login
+    if request.endpoint not in ['user.login_user']:
+        if not authenticate():
+            return jsonify({'message': 'Unauthorized access!'}), 401
+
 @user_bp.route('/users', methods=['POST'])
 def create_user():
     data = request.json