added secret password to /rowers/record-progress

rowers/views.py

@@ -14,6 +14,7 @@ from django.views.generic.base import TemplateView
 from django.db.models import Q
 from django import template
 from django.db import IntegrityError, transaction
+from django.views.decorators.csrf import csrf_exempt
 
 from django.shortcuts import render
 from django.http import (
@@ -349,7 +350,8 @@ def test_job_view(request,aantal=100):
 def test_job_view2(request,aantal=100):
 
 
-    job = myqueue(queuehigh,long_test_task2,int(aantal))
+    job = myqueue(queuehigh,long_test_task2,int(aantal),
+                  secret=settings.PROGRESS_CACHE_SECRET)
 
 
     try:
@@ -361,14 +363,22 @@ def test_job_view2(request,aantal=100):
 
     return HttpResponseRedirect(url)
 
+@csrf_exempt
 def post_progress(request,id=None,value=0):
-    if id:
-        cache.set(id,value,3600)
+    if request.method == 'POST':
+        secret = request.POST['secret']
+        if secret == settings.PROGRESS_CACHE_SECRET:
+            if id:
+                cache.set(id,value,3600)
+                # test
+                result = cache.get(id)
 
-    # test
-    result = cache.get(id)
+                return HttpResponse('progress cached '+str(result),status=200)
+        else:
+            return HttpResponse('access denied',status=400)
 
-    return HttpResponse('progress cached '+str(result),status=200)
+    else:
+        return HttpResponse('hi',status=200)
     
 def get_all_queued_jobs(userid=0):
     r = StrictRedis()
@@ -9508,7 +9518,7 @@ def strokedataform(request,id=0):
 # Process the POSTed stroke data according to the API definition
 # Return the GET stroke data according to the API definition
 from rest_framework_swagger.renderers import OpenAPIRenderer, SwaggerUIRenderer
-from django.views.decorators.csrf import csrf_exempt
+
 @csrf_exempt
 @login_required()
 @api_view(['GET','POST'])