Add rudimentary password data protection

2020-12-01 00:05:09 +01:00 · 2020-12-01 00:05:09 +01:00 · a73b9d6cdf
parent e79cdb3e24
commit a73b9d6cdf
2 changed files with 20 additions and 0 deletions
--- a/config.ini
+++ b/config.ini
@ -8,3 +8,8 @@ db_file = db.json
 # Col1: First Name(s), Col2: Last Name(s), Col3 (optional): EMail
 # Remove or leave empty for no check
 name_file = namensliste.csv
+
+
+# Username and password for data retrieval
+admin_user = admin
+admin_pass = topSecret
--- a/ftracker/core.py
+++ b/ftracker/core.py
@ -94,3 +94,18 @@ def post_departure():
 	)

 	return 'OK', 200
+
+
+@app.route('/data')
+def get_data():
+
+	if not 'Authorization' in request.headers:
+		return 'Error: No Authorization', 401, {'WWW-Authenticate': 'Basic'}
+
+	if request.authorization.username != config['admin_user']:
+		return "Wrong username", 403
+
+	if request.authorization.password != config['admin_pass']:
+		return "Wrong password", 403
+
+	return json.dumps(db.all(), indent=4), 200