diff --git a/apiserver/apiserver/api/views.py b/apiserver/apiserver/api/views.py index d7c4650..d9ab86b 100644 --- a/apiserver/apiserver/api/views.py +++ b/apiserver/apiserver/api/views.py @@ -764,6 +764,10 @@ class StatsViewSet(viewsets.ViewSet, List): # {'data': 'Disarmed: Partition 1'} # {'data': 'Disarmed: Partition 2'} + auth_token = request.META.get('HTTP_AUTHORIZATION', '') + if secrets.VEND_API_TOKEN and auth_token != 'Bearer ' + secrets.ALARM_API_TOKEN: + raise exceptions.PermissionDenied() + try: data = str(request.data['data']) except KeyError: diff --git a/apiserver/apiserver/secrets.py.example b/apiserver/apiserver/secrets.py.example index becf607..7a887dd 100644 --- a/apiserver/apiserver/secrets.py.example +++ b/apiserver/apiserver/secrets.py.example @@ -74,6 +74,12 @@ PRINTER_API_TOKEN = '' # head /dev/urandom | base32 | head -c 40 PINBALL_API_TOKEN = '' +# Alarm integration API token +# Set this to random characters +# For example, use the output of this: +# head /dev/urandom | base32 | head -c 40 +ALARM_API_TOKEN = '' + # Protospace general info DOOR_CODE = '' WIFI_PASS = ''