Secure all endpoints

[jaredcat]

I expected the API_TOKEN to secure all endpoints.
I wanted to be able to make requests to this API from an external network, so I don't want all this data easily accessible.

[tobiasehlert]

@jaredcat, I've thought about adding that to all endpoints at some point, but didn't add that since probably most installations probably use some other authentication layer in front for protection as it's mentioned in the security information section of the repo readme (https://github.com/tobiasehlert/teslamateapi#security-information).
In most deployments you always have some kind of layer in front, so therefore the placement of such thing is more suitable there if you ask me.

Have you found a workaround to restrict the API access for you?

[jaredcat]

That's just not very normal to see for an api. It's kind of odd to me to protect some routes and then say auth is better handled somewhere else lol.

My idea for what I'm trying to do changed a bit where I'll probably be just accessing this api locally and exposing my own endpoint.

[jlestel]

Hi, I just created a PR to fix this: #352

[jlestel]

It's better to be secure to avoid negative publicity effects due to open configurations on the internet.

And since not everyone will know how to place a proxy/middleware in front of the API, it's better to use the token already used for commands.

[jpizquierdo]

I like the idea to have it all secured. Any updates on the PR?