diff --git a/btc_tracker/kraken_fetch.py b/btc_tracker/kraken_fetch.py index df22c1e..213e52b 100755 --- a/btc_tracker/kraken_fetch.py +++ b/btc_tracker/kraken_fetch.py @@ -1,15 +1,20 @@ #!/usr/bin/python3 import krakenex, math -import json, sqlite3 +import json, sqlite3, binascii import requests, os, time -import threading +import threading, ecdsa from hashlib import sha256 from flask import Flask, request database = "btc_ohlc.db" app = Flask(__name__) +## Add your public key here +user_publickeys = { + "kalzu": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88' + } + database_lock = threading.Lock() # Empty response json @@ -18,7 +23,7 @@ empty_json = json.dumps(empty_dict) def Checkthedatabase(): ## Some sanity for the database - # check if btc_timeseries.db database file exists + # check if the database file exists if not os.path.exists(database): db = sqlite3.connect(database) @@ -225,13 +230,37 @@ def get_the_data(): db.close() print("fetches done at", time.time(), "sleeping now for 290") time.sleep(290) - + +def check_auth(text, signature): + print(text) + print(signature) + sig_bytes = bytes.fromhex(signature) + access_granted = 0 + ## We will iterate over all user keys to determ who is we are talking to and should they have access + for key, value in user_publickeys.items(): + ## What f*ck even is this? + vk = ecdsa.VerifyingKey.from_string(sig_bytes.fromhex(value), curve=ecdsa.SECP256k1) + if vk.verify(sig_bytes, text): + print('user is', key) + access_granted = 1 + if access_granted != 0: + return True + else: + return False + @app.route('/') def get_data(): # Get the time (t) argument from the url" query_timestamp = request.args.get('t') + # Should we make output pretty for curl users? query_pretty = request.args.get('pretty') - + + # Authentication header, signatured the query with private key of a user + signature = request.headers.get('auth') + get_url = request.url + if not check_auth(get_url, signature): + return 'Error with Authentication', 403 + database_lock.acquire() db = sqlite3.connect(database) if query_timestamp: