Add a way for users to log in to the system, and only allow authenticated users to append into the queue and skip the current song.
Preferably, utilize these technologies:
JSON Web Tokens: These serve as stateless tokens for the users to prove their identity after authentication
Mongoengine: This is an ORM for MongoDB, where we will store user credentials
bcrypt: User passwords should always be hashed and salted when stored
Endpoint
/api/auth:
GET: Users insert their credentials in the Authorization header, using basic authentication. If the credentials are correct, generate a JSON Web Token containing their username, and return it with the 200 status code. Otherwise, return 401.
Once this is implemented, alter the /stream/skip and the POST version of /stream/queue to require the JWT to be present in the Authorization header, under the bearer method.
Add a way for users to log in to the system, and only allow authenticated users to append into the queue and skip the current song.
Preferably, utilize these technologies:
Endpoint
/api/auth:
Authorization
header, using basic authentication. If the credentials are correct, generate a JSON Web Token containing their username, and return it with the 200 status code. Otherwise, return 401.Once this is implemented, alter the
/stream/skip
and the POST version of/stream/queue
to require the JWT to be present in theAuthorization
header, under thebearer
method.