2 files changed, 67 insertions, 40 deletions

diff --git a/default_config.py b/default_config.py
index 612fff6..9897585 100644
--- a/default_config.py
+++ b/default_config.py
@@ -15,6 +15,8 @@ FLASKCACHINGDEFAULTTIMEOUT = 900
 FLASKCACHINGDIR = '/tmp/flask-caching-dir'
 API_URL_PLOT = "http://127.0.0.1:5000/plot"
 
+AUTH_KEY = 'Secret key' # Same key as in web application
+
 HTTP_HOST = '127.0.0.1'
 HTTP_PORT = '5000'
 PRODUCTION = True
diff --git a/r_api.py b/r_api.py
index b75b302..f8d614c 100644
--- a/r_api.py
+++ b/r_api.py
@@ -3,6 +3,7 @@ import subprocess
 import flask
 from flask import send_file
 from flask import Flask, url_for, jsonify, request
+from werkzeug import secure_filename
 import json
 import os
 import os.path
@@ -19,52 +20,63 @@ app = Flask(__name__)
 
 @app.route('/')
 def api_root():
-    return 'Welcome'
+    headers = request.headers
+    auth = headers.get("X-Api-Key")
+    if auth == AUTH_KEY:
+        return jsonify({"message": "OK: Authorized"}), 200
+    else:
+        return jsonify({"message": "ERROR: Unauthorized"}), 401
 
 
 @app.route('/rscript', methods=['GET', 'POST'])
 def get_data():
     # Validate the request body contains JSON
-    if request.is_json:
-
-        # Parse the JSON into a Python dictionary
+    headers = request.headers
+    auth = headers.get("X-Api-Key")
+    if auth == AUTH_KEY:
+        if request.is_json:
 
-        req_data = json.loads(request.get_json())
-        user_id = req_data["user_id"]
-        user_dir = TEMP_DIR + user_id
-        R_file_id = req_data["R_file_id"]
-        code = req_data["code"]
-        if not os.path.exists(user_dir):
-            os.makedirs(user_dir)
-        file_path = user_dir + '/' + R_file_id + '.R'
-        plot_path = user_dir + '/' + R_file_id + '.png'
-        f = open(file_path, "w")
-        #add png file path
-        f.write('png("{0}");\n'.format(plot_path))
-        f.write('\n')
-        f.write(code)
-        f.write('\n')
-        f.write("while (!is.null(dev.list()))  dev.off()")
-        f.close()
-        processed_data = subprocess.Popen(['Rscript', file_path],
-                                          stdout=subprocess.PIPE,
-                                          stderr=subprocess.PIPE)
-        ret_data, err = processed_data.communicate()
-        is_plot = str(os.path.isfile(plot_path))
-        plot_path_req = API_URL_PLOT + '?user_id=' + user_id + '&R_file_id=' + R_file_id
+            req_data = json.loads(request.get_json())
+            user_id = req_data["user_id"]
+            user_dir = TEMP_DIR + user_id
+            R_file_id = req_data["R_file_id"]
+            code = req_data["code"]
+            if not os.path.exists(user_dir):
+                os.makedirs(user_dir)
+            file_path = user_dir + '/' + R_file_id + '.R'
+            plot_path = user_dir + '/' + R_file_id + '.png'
+            f = open(file_path, "w")
+            f.write('png("{0}");\n'.format(plot_path))
+            f.write('\n')
+            f.write(code)
+            f.write('\n')
+            f.write("while (!is.null(dev.list()))  dev.off()")
+            f.close()
+            processed_data = subprocess.Popen(['Rscript', file_path],
+                                              stdout=subprocess.PIPE,
+                                              stderr=subprocess.PIPE)
+            ret_data, err = processed_data.communicate()
+            is_plot = str(os.path.isfile(plot_path))
+            plot_path_req = (API_URL_PLOT,
+                             '?user_id=' + user_id,
+                             '&R_file_id=' + R_file_id)
+            response_body = {
+                "data": ret_data.decode("utf-8"),
+                "error": err.decode("utf-8"),
+                "is_plot": is_plot,
+                "plot_path_req": plot_path_req
+            }
+        else:
+            response_body = {
+                "auth_error": "Invalid authentication request",
+            }
+    else:
         response_body = {
-            "data": ret_data.decode("utf-8"),
-            "error": err.decode("utf-8"),
-            "is_plot": is_plot,
-            "plot_path_req": plot_path_req
+            "auth_error": "400",
         }
-        result = jsonify(response_body)
-        return result
-
-    else:
+    result = jsonify(response_body)
+    return result
 
-        # The request body wasn't JSON so return a 400 HTTP status code
-        return "Request was not JSON", 400
 
 @app.route('/plot', methods=['GET', 'POST'])
 def get_plot():
@@ -77,10 +89,23 @@ def get_plot():
     except Exception as e:
         print("Error generated in")
 
+
+@app.route('/upload-temp-file', methods=['GET', 'POST'])
+def upload_file():
+    if request.method == 'POST':
+        f = request.files['file']
+        user_id = request.form.get('user_id')
+        user_dir = TEMP_DIR + user_id
+        uploaded_file = secure_filename(f.filename)
+        f.save(os.path.join(user_dir, uploaded_file))
+        print("done")
+        return 'file uploaded successfully'
+
+
 if __name__ == '__main__':
     if (PRODUCTION == True):
-        app.run(debug = False)
+        app.run(debug=False)
     else:
-        app.run(debug = True)
+        app.run(debug=True)
 
-    app.run(port=HTTP_PORT, host=HTTP_HOST)
\ No newline at end of file
+    app.run(port=HTTP_PORT, host=HTTP_HOST)