From 4e8fae4bca9d923308194b39c0b7f9975aa906c4 Mon Sep 17 00:00:00 2001 From: Justin Campbell Date: Sun, 8 Nov 2020 16:23:00 -0500 Subject: [PATCH] Implement basic shared username/password auth using dotenv --- api/api.py | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/api/api.py b/api/api.py index dbadc9a..a9752f8 100644 --- a/api/api.py +++ b/api/api.py @@ -1,7 +1,8 @@ -from flask import Flask +from flask import Flask, request from flask_restful import Api, Resource -import ECNQueue +from werkzeug.security import check_password_hash import os, dotenv +import ECNQueue # Load envrionment variables for ./.env dotenv.load_dotenv() @@ -12,6 +13,27 @@ # Create API Interface api = Api(app) + + +class Login(Resource): + def post(self): + if not request.is_json: + return ({ "message": "JSON missing from request body"}, 422) + + data = request.json + + fields_to_check = ["username", "password"] + for field in fields_to_check: + if field not in data.keys(): + return ({ "message": f"{field} missing from request body"}, 422) + + if data["username"] != os.environ.get("SHARED_USERNAME"): + return ({ "message": "Username invalid"}, 401) + if not check_password_hash(os.environ.get("SHARED_PASSWORD_HASH"), data["password"]): + return ({ "message": "Password invalid"}, 401) + + return ({ "message": "Login successful"}, 200) + class Item(Resource): def get(self, queue: str, number: int) -> str: """Returns the JSON representation of the item requested. @@ -85,6 +107,10 @@ def get(self) -> list: -api.add_resource(QueueList, "/api/get_queues") +api.add_resource(Login, "/login") api.add_resource(Item, "/api//") -api.add_resource(Queue, "/api/") \ No newline at end of file +api.add_resource(Queue, "/api/") +api.add_resource(QueueList, "/api/get_queues") + +if __name__ == "__main__": + app.run() \ No newline at end of file