Add documentation

This commit is contained in:
Matthias 2019-05-25 14:16:59 +02:00
parent 1fab884a2f
commit 5bbd3c6158
2 changed files with 8 additions and 3 deletions

View File

@ -10,12 +10,17 @@ Sample configuration:
"api_server": { "api_server": {
"enabled": true, "enabled": true,
"listen_ip_address": "127.0.0.1", "listen_ip_address": "127.0.0.1",
"listen_port": 8080 "listen_port": 8080,
"username": "Freqtrader",
"password": "SuperSecret1!"
}, },
``` ```
!!! Danger: Security warning !!! Danger: Security warning
By default, the configuration listens on localhost only (so it's not reachable from other systems). We strongly recommend to not expose this API to the internet, since others will potentially be able to control your bot. By default, the configuration listens on localhost only (so it's not reachable from other systems). We strongly recommend to not expose this API to the internet and choose a strong, unique password, since others will potentially be able to control your bot.
!!! Danger: Password selection
Please make sure to select a very strong, unique password to protect your bot from unauthorized access.
You can then access the API by going to `http://127.0.0.1:8080/api/v1/version` to check if the API is running correctly. You can then access the API by going to `http://127.0.0.1:8080/api/v1/version` to check if the API is running correctly.

View File

@ -56,7 +56,7 @@ class ApiServer(RPC):
def require_login(func): def require_login(func):
def func_wrapper(self, *args, **kwargs): def func_wrapper(self, *args, **kwargs):
# Also works if no username/password is specified # Also accepts empty username/password if it's missing in both config and request
if (request.headers.get('username') == self._config['api_server'].get('username') if (request.headers.get('username') == self._config['api_server'].get('username')
and request.headers.get('password') == self._config['api_server'].get('password')): and request.headers.get('password') == self._config['api_server'].get('password')):