Secure api endpoints #77
Description
Some api endpoints such as those for editting attendance need to require uthentication for security but I am not sure that they currently do. Use some kind of authentication. Some example of securing an api I have seen recently is:
- https://github.com/tecladocode/rest-apis-flask-python/ (I no longer agree with this approach for Nipo)
We should simply be able to use @login_required on api endpoints with login being proven by a token/cookie. May need a db mig to add a cookie to the users table