]> git.rkrishnan.org Git - tahoe-lafs/tahoe-lafs.git/blobdiff - src/allmydata/web/magic_folder.py
projects / tahoe-lafs / tahoe-lafs.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add simple auth-token to get JSON data
[tahoe-lafs/tahoe-lafs.git] / src / allmydata / web / magic_folder.py
diff --git a/src/allmydata/web/magic_folder.py b/src/allmydata/web/magic_folder.py
index 5d2f3e5ed9c7df6cd0627823d0509f3f886bcb7e..bf72cc39416b60fccf8bef35b191382071e1368c 100644 (file)
--- a/src/allmydata/web/magic_folder.py
+++ b/src/allmydata/web/magic_folder.py
@@ -1,5 +1,7 @@
 import simplejson
 
+from twisted.web.server import UnsupportedMethod
+
 from nevow import rend, url, tags as T
 from nevow.inevow import IRequest
 
@@ -12,7 +14,6 @@ class MagicFolderWebApi(rend.Page):
     """
 
     def __init__(self, client):
-        ##rend.Page.__init__(self, storage)
         super(MagicFolderWebApi, self).__init__(client)
         self.client = client
 
@@ -47,6 +48,13 @@ class MagicFolderWebApi(rend.Page):
     def renderHTTP(self, ctx):
         req = IRequest(ctx)
         t = get_arg(req, "t", None)
+        if req.method != 'POST':
+            raise UnsupportedMethod(('POST',))
+
+        token = get_arg(req, "token", None)
+        # XXX need constant-time comparison?
+        if token is None or token != self.client.get_auth_token():
+            raise WebError("Missing or invalid token.", 400)
 
         if t is None:
             return rend.Page.renderHTTP(self, ctx)
Unnamed repository; edit this file 'description' to name the repository.