Require auth token for alarm status

apiserver/apiserver/api/views.py

@@ -764,6 +764,10 @@ class StatsViewSet(viewsets.ViewSet, List):
         # {'data': 'Disarmed: Partition 1'}
         # {'data': 'Disarmed: Partition 2'}
 
+        auth_token = request.META.get('HTTP_AUTHORIZATION', '')
+        if secrets.VEND_API_TOKEN and auth_token != 'Bearer ' + secrets.ALARM_API_TOKEN:
+            raise exceptions.PermissionDenied()
+
         try:
             data = str(request.data['data'])
         except KeyError:

apiserver/apiserver/secrets.py.example

@@ -74,6 +74,12 @@ PRINTER_API_TOKEN = ''
 # head /dev/urandom | base32 | head -c 40
 PINBALL_API_TOKEN = ''
 
+# Alarm integration API token
+# Set this to random characters
+# For example, use the output of this:
+# head /dev/urandom | base32 | head -c 40
+ALARM_API_TOKEN = ''
+
 # Protospace general info
 DOOR_CODE = ''
 WIFI_PASS = ''