Begin work on per-hardware/per-endpoint authentication

2024-03-29 09:58:43 -05:00 · 2024-03-29 09:58:43 -05:00 · 0634e10109
parent 93e474d581
commit 0634e10109
1 changed files with 28 additions and 3 deletions
--- a/src/nightserver.py
+++ b/src/nightserver.py
@ -18,9 +18,12 @@ def setVitalsHeartrate():
 	global vitalsHeartrate
 	json = request.get_json()
 	try:
+		if not authenticate(json['uuid'], '/api/vitals/heartrate'):
+			return 'Forbidden.', 403
+
 		vitalsHeartrate = json['heartrate']
 	except:
-		return 'Incorrect usage.\nUsage: { heartrate: INT }\n', 400
+		return 'Incorrect usage.\nUsage: { heartrate: INT, uuid: STRING }\n', 400
 	return 'Information set successfully', 204

@app.route('/api/vitals/oxygen')
@ -33,6 +36,9 @@ def setVitalsOxygen():
 	global vitalsOxygen
 	json = request.get_json()
 	try:
+		if not authenticate(json['uuid'], '/api/vitals/oxygen'):
+			return 'Forbidden.', 403
+
 		vitalsOxygen = json['oxygen']
 	except:
 		return 'Incorrect usage.\nUsage: { oxygen: INT }\n', 400
@ -48,6 +54,9 @@ def setVitalsBodytemp():
 	global vitalsBodytemp
 	json = request.get_json()
 	try:
+		if not authenticate(json['uuid'], '/api/vitals/bodytemp'):
+			return 'Forbidden.', 403
+
 		vitalsBodytemp = json['bodytemp']
 	except:
 		return 'Incorrect usage.\nUsage: { bodytemp: FLOAT }\n', 400
@ -66,6 +75,8 @@ def setVitals():

 	json = request.get_json()
 	try:
+		if not authenticate(json['uuid'], '/api/vitals'):
+			return 'Forbidden.', 403
 		# This is a bit ugly but its just how I'm checking that everything is there without setting variables if the json is incorrect
 		tempH = json['heartrate'] 
 		tempO = json['oxygen']
@ -89,6 +100,9 @@ def setFitnessSteps():
 	global fitnessSteps
 	json = request.get_json()
 	try:
+		if not authenticate(json['uuid'], '/api/fitness/steps'):
+			return 'Forbidden.', 403
+
 		vitalsBodytemp = json['steps']
 	except:
 		return 'Incorrect usage.\nUsage: { steps: INT }\n', 400
@ -105,7 +119,10 @@ def setFitness():
 	global fitnessSteps
 	json = request.get_json()
 	try:
-		vitalsBodytemp = json['steps']
+		if not authenticate(json['uuid'], '/api/fitness'):
+			return 'Forbidden.', 403
+
+		fitnessSteps = json['steps']
 	except:
 		return 'Incorrect usage.\nUsage: { steps: INT }\n', 400
 	return 'Information set successfully', 204
@ -174,7 +191,10 @@ def removeCyberware():
@app.route('/api/cyberware')
 def getCyberware():
 	return 'Not implemented', 501
-	#return jsonify(cyberware)
+
+	#if not authenticate(json['uuid'], '/api/cyberware'):
+	#		return 'Forbidden.', 403
+	r#eturn jsonify(cyberware)

@app.route('/api/cyberware/get')
 def getCyberwareSpecific():
@ -192,8 +212,13 @@ def getCyberwareSpecific():
 # Arguments { uuid: INT }
@app.route('/api/cyberware/reset', methods=['POST'])
 def resetCyberwareMalfunction():
+	#if not authenticate(json['uuid'], '/api/cyberware/reset'):
+	#		return 'Forbidden.', 403
+
 	return 'Not Implemented', 501

+def authenticate(uuid, endpoint):
+	return true

@app.route('/')
 def uiindex():