TASK: Feature to password-protect the app

Fixes #4
d-Rickyy-b · Sep 3, 2017 · d3a25d5 · d3a25d5
1 parent b359388
commit d3a25d5
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/heroku/web.py b/heroku/web.py
@@ -34,24 +34,36 @@
 
 mode = FIXED_MAX
 
+# Choose a password. It is used to allow http(s) requests from monzo (or users knowing the pw) only
+password = "123456"
+
 
 @app.route('/')
 def hello():
+    if not authenticate(request.args.get('key')):
+        return "Wrong password provided"
     return "{} | {}".format(r.get("balance"), r.get("peak"))
 
 
 @app.route('/balance')
 def balance():
+    if not authenticate(request.args.get('key')):
+        return "Wrong password provided"
     return "{}".format(r.get("balance"))
 
 
 @app.route('/peak')
 def peak():
+    if not authenticate(request.args.get('key')):
+        return "Wrong password provided"
     return "{}".format(r.get("peak"))
 
 
 @app.route('/catch', methods=['POST'])
 def catch():
+    if not authenticate(request.args.get('key')):
+        return "Wrong password provided"
+
     j = json.loads(request.data)
     data = j['data']
     if mode == VARIABLE_MAX:
@@ -76,6 +88,9 @@ def catch():
 
 @app.route('/refresh')
 def refresh():
+    if not authenticate(request.args.get('key')):
+        return "Wrong password provided"
+
     angle_v = notify_particle()
     return "Set angle to {}°".format(angle_v)
 
@@ -107,6 +122,10 @@ def angle(pea, bal):
     return int(45 + (((float(pea) - float(bal)) / float(pea)) * 90))
 
 
+def authenticate(provided_pw):
+    return provided_pw == password
+
+
 if __name__ == '__main__':
     # The app is not bound to an interface. If it should, specify it under "host"
     app.run(host='0.0.0.0', port=port)