personal/weather-server: weather_server/server.py comparison

server: Use a "preamble" object in the POST to auth.

comparison

equal deleted inserted replaced

-:cda47993a193
+:b42c4bfe57c7
 import bson
 import flask
+import hmac
 from . import common
 from . import locations
 from . import types
 return 'Weather server'
 @app.route('/_submit', methods=['POST'])
 def submit():
 req = flask.request
-target = req.args.get('location')
-if not target:
-flask.abort(404)
-try:
-target_loc, logger = locs.get(target)
-except KeyError:
-flask.abort(404)
-password = req.args.get('password')
-if password != target_loc.password:
-flask.abort(401)
 reader = bson.decode_file_iter(
 req.stream, codec_options=common.BSON_OPTIONS)
-entries = [
+try:
-types.Reading.from_now(
+preamble = next(reader)
-sample_time=item['sample_time'],
+loc_name = preamble['location']
-temp_c=item['temp_c'],
+password = str(preamble['password'])
-rh_pct=item['rh_pct'],
+loc, logger = locs.get(loc_name)
-)
+if not hmac.compare_digest(password, loc.password):
-for item in reader
+flask.abort(400)
-]
+entries = [
+types.Reading.from_now(
+sample_time=item['sample_time'],
+temp_c=item['temp_c'],
+rh_pct=item['rh_pct'],
+)
+for item in reader
+]
+except (KeyError, bson.InvalidBSON):
+flask.abort(400)
 logger.write_rows(entries)
 return flask.jsonify({'status': 'OK'})
 @app.route('/<location>')
 def show(location):

Mercurial > personal > weather-server