Implement basic shared username/password auth using dotenv

ECN · Nov 8, 2020 · 4e8fae4 · 4e8fae4
1 parent 982ce7b
commit 4e8fae4
Showing 1 changed file with 30 additions and 4 deletions.
diff --git a/api/api.py b/api/api.py
@@ -1,7 +1,8 @@
-from flask import Flask
+from flask import Flask, request
 from flask_restful import Api, Resource
-import ECNQueue
+from werkzeug.security import check_password_hash
 import os, dotenv
+import ECNQueue
 
 # Load envrionment variables for ./.env
 dotenv.load_dotenv()
@@ -12,6 +13,27 @@
 # Create API Interface
 api = Api(app)
 
+
+
+class Login(Resource):
+    def post(self):
+        if not request.is_json:
+            return ({ "message": "JSON missing from request body"}, 422)
+
+        data = request.json
+
+        fields_to_check = ["username", "password"]
+        for field in fields_to_check:
+            if field not in data.keys():
+                return ({ "message": f"{field} missing from request body"}, 422)
+
+        if data["username"] != os.environ.get("SHARED_USERNAME"):
+            return ({ "message": "Username invalid"}, 401)
+        if not check_password_hash(os.environ.get("SHARED_PASSWORD_HASH"), data["password"]):
+            return ({ "message": "Password invalid"}, 401)
+
+        return ({ "message": "Login successful"}, 200)
+
 class Item(Resource):
     def get(self, queue: str, number: int) -> str:
         """Returns the JSON representation of the item requested.
@@ -85,6 +107,10 @@ def get(self) -> list:
 
 
 
-api.add_resource(QueueList, "/api/get_queues")
+api.add_resource(Login, "/login")
 api.add_resource(Item, "/api/<string:queue>/<int:number>")
-api.add_resource(Queue, "/api/<string:queue>")
+api.add_resource(Queue, "/api/<string:queue>")
+api.add_resource(QueueList, "/api/get_queues")
+
+if __name__ == "__main__":
+    app.run()