From d3a25d534ff75c883b97d010a2c8af692ec37c04 Mon Sep 17 00:00:00 2001
From: Rico <r.jambor@yahoo.de>
Date: Sun, 3 Sep 2017 17:33:47 +0200
Subject: [PATCH] TASK: Feature to password-protect the app

Fixes #4
---
 heroku/web.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/heroku/web.py b/heroku/web.py
index 95c1b71..e37fb90 100644
--- a/heroku/web.py
+++ b/heroku/web.py
@@ -34,24 +34,36 @@
 
 mode = FIXED_MAX
 
+# Choose a password. It is used to allow http(s) requests from monzo (or users knowing the pw) only
+password = "123456"
+
 
 @app.route('/')
 def hello():
+    if not authenticate(request.args.get('key')):
+        return "Wrong password provided"
     return "{} | {}".format(r.get("balance"), r.get("peak"))
 
 
 @app.route('/balance')
 def balance():
+    if not authenticate(request.args.get('key')):
+        return "Wrong password provided"
     return "{}".format(r.get("balance"))
 
 
 @app.route('/peak')
 def peak():
+    if not authenticate(request.args.get('key')):
+        return "Wrong password provided"
     return "{}".format(r.get("peak"))
 
 
 @app.route('/catch', methods=['POST'])
 def catch():
+    if not authenticate(request.args.get('key')):
+        return "Wrong password provided"
+
     j = json.loads(request.data)
     data = j['data']
     if mode == VARIABLE_MAX:
@@ -76,6 +88,9 @@ def catch():
 
 @app.route('/refresh')
 def refresh():
+    if not authenticate(request.args.get('key')):
+        return "Wrong password provided"
+
     angle_v = notify_particle()
     return "Set angle to {}°".format(angle_v)
 
@@ -107,6 +122,10 @@ def angle(pea, bal):
     return int(45 + (((float(pea) - float(bal)) / float(pea)) * 90))
 
 
+def authenticate(provided_pw):
+    return provided_pw == password
+
+
 if __name__ == '__main__':
     # The app is not bound to an interface. If it should, specify it under "host"
     app.run(host='0.0.0.0', port=port)