added configurable user/pass

Author: iilunin

API/APIServer.py

@@ -26,9 +26,9 @@ def __init__(self, trade_handler: TradeHandler):
         self.th = trade_handler
         self.app = app
 
-        self.app.config['JWT_SECRET_KEY'] = 'mHZ!?9@DzdLrn@H!gy2FD46W--M*Fap!'  # Change this!
+        self.app.config['JWT_SECRET_KEY'] = 'mHZ!?9@DzdLrn@H!gy2FD46W--M*Fap!'  # TODO: Change this!
+        self.app.config['SECRET_KEY'] = 'VS?cWpbD^CGa-M@h6+@pV#qCQRU3c4dn'  #  TODO: Change this!
         self.app.config['JWT_EXPIRES'] = timedelta(weeks=48)
-        self.app.config['SECRET_KEY'] = 'VS?cWpbD^CGa-M@h6+@pV#qCQRU3c4dn'
 
         self.jwt = JWTManager(app)
 

API/Endpoints/JWTEndpoint.py

@@ -1,5 +1,6 @@
+import os
 from calendar import timegm
-from datetime import datetime, timedelta
+from datetime import datetime
 
 import flask
 from flask import request
@@ -10,6 +11,9 @@
 
 
 class JWTEndpoint(BotAPIResource):
+    user: str = os.getenv('API_USER', 'bot')
+    pwd: str = os.getenv('API_PASS', 'botpwd')
+
     def __init__(self, trade_handler):
         super().__init__(trade_handler)
 
@@ -28,7 +32,7 @@ def post(self):
         if not password:
             return APIResult.ErrorResult(status=101, msg="Missing password parameter"), 400
 
-        if username != 'test' or password != 'test':
+        if username != JWTEndpoint.user or password != JWTEndpoint.pwd:
             return APIResult.ErrorResult(status=101, msg="Bad username or password"), 401
 
         # Identity can be any data that is json serializable