From eea74f88bf5b6e5701bcd1335601d1cb54e00005 Mon Sep 17 00:00:00 2001
From: Christian Boettcher <c.boettcher@fz-juelich.de>
Date: Wed, 19 May 2021 15:35:53 +0200
Subject: [PATCH] update readme and requirements

---
 README.md        | 10 ++++++++++
 requirements.txt |  5 ++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3bf9dcc..a63d73b 100644
--- a/README.md
+++ b/README.md
@@ -13,10 +13,20 @@ It is implemented via [fastAPI](https://fastapi.tiangolo.com/) and provides an a
 
 For deployment via [docker](https://www.docker.com/), a docker image is included. 
 
+### Security
+
+Certain operations will only be possible, if the request is authenticated. The API has an endpoint at `/token` where a username/password login is possible. The endpoint will return a token, which is valid for 1 hour. This token ahs to be provided with every api call that requires authentication. Currently, these calls are `GET /me` - `PUT /dataset` - `PUT /dataset/dataset-id` - `DELETE /dataset/dataset-id`. The passwords are stored as bcrypt hashes and are not visible to anyone.
+
+A CLI is provided for server admins to add new users. It will soon be extended to allow direct hash entry, so that the user does not have to provide their password in clear text.
+
+For testing, a default userdb.json is provided with a single user "testuser" with the password "test".
+
 ### API Documentation
 
 If the api-server is running, you can see the documentation at `<server-url>/docs` or `<server-url>/redoc`.
 
+These pages can also be used as a clunky frontend, allowing the authentication and execution of all api functions.
+
 
 ### Running without docker
 First ensure that your python version is 3.6 or newer.
diff --git a/requirements.txt b/requirements.txt
index b2592d9..01cc3bc 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,4 +2,7 @@ fastapi==0.63.0
 pytest==6.2.4
 requests==2.25.1
 uvicorn==0.13.4
-python-dotenv==0.17.1
\ No newline at end of file
+python-dotenv==0.17.1
+python-multipart==0.0.5
+python-jose[cryptography]==3.2.0
+passlib[bcrypt]==1.7.4
\ No newline at end of file
-- 
GitLab