feat: uses authentication on main route

functions/authFunctions.py

@@ -0,0 +1,34 @@
+from library.server import AUTH_USERNAME, AUTH_PASSWORD
+from fastapi import Depends
+from fastapi.security import HTTPBasic, HTTPBasicCredentials
+import secrets
+
+security = HTTPBasic()
+
+
+def checkCorrectCredentials(credentials: HTTPBasicCredentials = Depends(security)):
+    """
+    A simple function that compares the passed credentials to the known correct credentials. Documentation and code from https://fastapi.tiangolo.com/advanced/security/http-basic-auth/#check-the-username
+
+    Requires:
+    - credentials: credentials passed from the request.
+
+    Returns:
+    - boolean: the boolean determines if the credentials match.
+    """
+
+
+    current_username_bytes = credentials.username.encode("utf8")
+    correct_username_bytes = AUTH_USERNAME.encode("utf-8")
+    is_correct_username = secrets.compare_digest(
+        current_username_bytes, correct_username_bytes
+    )
+    current_password_bytes = credentials.password.encode("utf8")
+    correct_password_bytes = AUTH_PASSWORD.encode("utf-8")
+    is_correct_password = secrets.compare_digest(
+        current_password_bytes, correct_password_bytes
+    )
+    if not (is_correct_username and is_correct_password):
+        return False
+    return True
+

functions/serverFunctions.py

@@ -0,0 +1,24 @@
+from library.tinfoil import errorMessage
+
+def checkAllowed(authenticated: bool, switch_uid: str):
+    """
+    Checks if a user should be allowed to finish the request, otherwise returns an error message.
+    
+    Requires:
+    - authenticated: a boolean which tells the server if the user is authenticated or not.
+    - switch_uid: a string which either contains a uid or not. If no UID then a user is not using a switch. Also has the ability to check if the switch UID matches the required UID.
+
+    Returns:
+    - boolean, dict: the boolean determines if the user is allowed past, the dict gives the errorMessage.
+    """
+
+
+    if not authenticated:
+        return False, errorMessage("Your given credentials are incorrect. Please try again.", error_code="BAD_TOKEN")
+    if not switch_uid:
+        return False, errorMessage("Please use your Nintendo Switch using Tinfoil to access this server.", error_code="INVALID_DEVICE")
+
+    # TODO: allow passing in a switch_uid to compare with
+
+    return True, None
+

main.py

@@ -1,13 +1,13 @@
 import uvicorn
-from fastapi import FastAPI, HTTPException, status
-from fastapi.security import HTTPBasic
+from fastapi import FastAPI, HTTPException, status, Depends, Header
 from fastapi.responses import JSONResponse
-
+from typing_extensions import Annotated, Union
 from library.tinfoil import errorMessage
 from library.server import PORT
+from functions.authFunctions import checkCorrectCredentials
+from functions.serverFunctions import checkAllowed
 
 app = FastAPI()
-security = HTTPBasic()
 
 # Custom exemption handler to be well-formatted with Tinfoil so the user knows what has happened if no authentication is sent, as it is required.
 @app.exception_handler(HTTPException)
@@ -19,5 +19,18 @@ async def custom_http_exception_handler(request, exc):
         )
     return await request.app.exception_handler(exc)
 
+@app.get("/")
+async def get_user_files(
+    authenticated: bool = Depends(checkCorrectCredentials),
+    uid: Annotated[Union[str, None], Header()] = None
+):
+    allowed, response = checkAllowed(authenticated=authenticated, switch_uid=uid)
+    if not allowed:
+        return JSONResponse(
+            content=response,
+            status_code=401
+        )
+
+
 if __name__ == "__main__":
     uvicorn.run(app, host="0.0.0.0", port=PORT)