From a73b9d6cdf0cac5cbf6d2c611d43e943df846d51 Mon Sep 17 00:00:00 2001
From: Oskar <o.winkels@fasttube.de>
Date: Tue, 1 Dec 2020 00:05:09 +0100
Subject: [PATCH] Add rudimentary password data protection

---
 config.ini       |  5 +++++
 ftracker/core.py | 15 +++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/config.ini b/config.ini
index ebec123..93dc103 100644
--- a/config.ini
+++ b/config.ini
@@ -8,3 +8,8 @@ db_file = db.json
 # Col1: First Name(s), Col2: Last Name(s), Col3 (optional): EMail
 # Remove or leave empty for no check
 name_file = namensliste.csv
+
+
+# Username and password for data retrieval
+admin_user = admin
+admin_pass = topSecret
diff --git a/ftracker/core.py b/ftracker/core.py
index c777805..cdeaa86 100644
--- a/ftracker/core.py
+++ b/ftracker/core.py
@@ -94,3 +94,18 @@ def post_departure():
 	)
 
 	return 'OK', 200
+
+
+@app.route('/data')
+def get_data():
+
+	if not 'Authorization' in request.headers:
+		return 'Error: No Authorization', 401, {'WWW-Authenticate': 'Basic'}
+
+	if request.authorization.username != config['admin_user']:
+		return "Wrong username", 403
+
+	if request.authorization.password != config['admin_pass']:
+		return "Wrong password", 403
+
+	return json.dumps(db.all(), indent=4), 200