feat: 'password' auth method: support user addition

interface.py

@@ -66,7 +66,7 @@ class ReverseProxied(object):
 web = Flask(__name__)
 web.config['TEMPLATES_AUTO_RELOAD'] = True
 log = logging.getLogger("bot")
-user = 'webuser'
+user = 'Remote Control'
 
 
 def init_proxy():
@@ -82,7 +82,18 @@ def check_auth(username, password):
     """This function is called to check if a username /
     password combination is valid.
     """
-    return username == var.config.get("webinterface", "user") and password == var.config.get("webinterface", "password")
+
+    if username == var.config.get("webinterface", "user") and password == var.config.get("webinterface", "password"):
+        return True
+
+    web_users = json.loads(var.db.get("privilege", "web_access", fallback='[]'))
+    if username in web_users:
+        user_dict = json.loads(var.db.get("user", username, fallback='{}'))
+        if 'password' in user_dict and 'salt' in user_dict and \
+                util.verify_password(password, user_dict['password'], user_dict['salt']):
+            return True
+
+    return False
 
 
 def authenticate():
@@ -109,6 +120,7 @@ def requires_auth(f):
 
         if auth_method == 'password':
             auth = request.authorization
+            user = auth.username
             if not auth or not check_auth(auth.username, auth.password):
                 if auth:
                     if request.remote_addr in bad_access_count: