Add password protection to new entry endpoint

config.go

@@ -27,6 +27,7 @@ func initArgs() {
 	flag.BoolVar(&populateTables, "populate-db", false, "Populate database with test data")
 	flag.BoolVar(&randomizeTokens, "random-tokens", false, "Generate tokens with some random bytes")
 	flag.StringVar(&corsHeader, "cors-header", defaultCorsHeader, "Access-Control-Allow-Origin HTTP request header")
+	flag.StringVar(&password, "entry-pwd", defaultPassword, "Password provided in POST JSON to authenticate")
 }
 
 func parseArgs() {

handlers.go

@@ -14,10 +14,12 @@ import (
 
 const (
 	defaultCorsHeader = "*"
+	defaultPassword   = ""
 )
 
 var (
 	corsHeader string
+	password   string
 )
 
 func boardHandler(w http.ResponseWriter, r *http.Request) {
@@ -174,6 +176,10 @@ func newEntryHandler(w http.ResponseWriter, r *http.Request) {
 		errorResponse(400, "Unable to convert request to JSON: "+jsonErr.Error(), w, r)
 		return
 	}
+	if password != "" && newEntry.Password != password {
+		errorResponse(403, "Invalid password", w, r)
+		return
+	}
 	if newEntry.PlayerID != key.Player && !key.IsMultiuser() {
 		errorResponse(403, "Invalid authorization for player", w, r)
 		return

json_structs.go

@@ -35,6 +35,7 @@ type NewEntryJSON struct {
 	Score    int64
 	PlayerID int64
 	BoardID  int64
+	Password string
 }
 
 func UnmarshalNewEntryJSON(data []byte) (NewEntryJSON, error) {
@@ -48,7 +49,7 @@ func UnmarshalNewEntryJSON(data []byte) (NewEntryJSON, error) {
 
 // KeyJSON an API key for making new entry requests
 type KeyJSON struct {
-	Token string
+	Token    string
 	PlayerID int64
 }