From 95cb4754289f8cb3f009c2547232c7f0fc1b4957 Mon Sep 17 00:00:00 2001
From: Craig Oates <craig@craigoates.net>
Date: Thu, 9 Jan 2020 14:35:26 +0000
Subject: [PATCH] add security token checks when adding new reading.

---
 app/readings.db               | Bin 40960 -> 40960 bytes
 app/services/post_services.py |  22 ++++++++++++++--------
 app/swagger.yml               |   6 ++++++
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/app/readings.db b/app/readings.db
index 5083ba19190dda489e5bb0abaad57bae0b62243e..f3d6b7a86402687a6a69adc490cef3e1b2e37422 100644
GIT binary patch
delta 72
zcmZoTz|?SnX@WE(_e2?IM(&LXOZYjM`1dpLKj7cLSx{gzzoI-73xgx0k%6J5uAzah
Zp{0VMxs`#5m8rR&0T_sHeju;V006o$5+eWr

delta 29
lcmZoTz|?SnX@WE(*F+g-My`zsOZYdlDE#K%{9m520RWUt3M~Kt

diff --git a/app/services/post_services.py b/app/services/post_services.py
index 6617b1f..18c6dd2 100644
--- a/app/services/post_services.py
+++ b/app/services/post_services.py
@@ -16,16 +16,22 @@ you will need to head to the /get_services.py/ file. It should be in
 the same directory as this: /services/.
 '''
 
-def add_latest_reading(meter,reading):
-    if meter == 1:
-        return add_reading_to_meter1(reading)
-    elif meter == 2:
-        return add_reading_to_meter2(reading)
-    elif meter == 3:
-        return add_reading_to_meter3(reading)
-    return make_response("Meter Id. not recognised. Must be between 1 and 3.", 400)
+device_check_token = "QWERTYuiopasdfghjklzxcvbnm_1234567890"
+
+def add_latest_reading(meter, info):
+    if info["token"] == device_check_token:
+        reading = {"reading":info["reading"], "time":info["time"]}
+        if meter == 1:
+            return add_reading_to_meter1(reading)
+        elif meter == 2:
+            return add_reading_to_meter2(reading)
+        elif meter == 3:
+            return add_reading_to_meter3(reading)
+        return make_response("Meter Id. not recognised. Must be between 1 and 3.", 400)
+    return make_response("Invalid token.", 400)
 
 def log_status_change(device, status):
+    # NEED TO ADD TOKEN.
     if device == 1:
         return add_status_change_to_device1(status)
     elif device == 2:
diff --git a/app/swagger.yml b/app/swagger.yml
index efa76b4..a627543 100644
--- a/app/swagger.yml
+++ b/app/swagger.yml
@@ -69,6 +69,12 @@ paths:
                   This represents the amount of light the light meter
                   recorded. This is the most important piece of data
                   you will post in this data-object.
+              token:
+                type: string
+                example: it-is-not-password-if-you-are-wondering
+                description: >-
+                  This is basically a token to check the info. sent to
+                  the server is from a valid machine.
       responses:
         201:
           description: >-