1
0
mirror of https://github.com/krateng/maloja.git synced 2023-08-10 21:12:55 +03:00

Added simple API key

This commit is contained in:
Krateng 2018-11-30 15:44:30 +01:00
parent 75a70a10b7
commit 19dc86d32a
5 changed files with 32 additions and 15 deletions

1
clients/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
authenticated_machines.tsv

2
clients/example_file.tsv Normal file
View File

@ -0,0 +1,2 @@
# Only the entries in authenticated_machines.tsv are used, this is an example file
YDzcmp8JpYHCcvJbDOVT7nEDoyCEND6K Example Machine
Can't render this file because it has a wrong number of fields in line 2.

View File

@ -5,6 +5,7 @@ import waitress
import os
import datetime
from cleanup import *
from utilities import *
import sys
@ -15,22 +16,18 @@ TRACKS = [] # Format: tuple(frozenset(artist_ref,...),title)
timestamps = set()
c = CleanerAgent()
clients = []
lastsync = 0
# by id
#def getScrobbleObject(o):
# #return {"artists":getTrackObject(SCROBBLES[o][0])["artists"],"title":getTrackObject(SCROBBLES[o][0])["title"],"time":SCROBBLES[o][1],"saved":SCROBBLES[o][2]}
# return {"artists":getTrackObject(SCROBBLES[o][0])["artists"],"title":getTrackObject(SCROBBLES[o][0])["title"],"time":SCROBBLES[o][1]}
#
#def getArtistObject(o):
# return ARTISTS[o]
#
#def getTrackObject(o):
# return {"artists":[getArtistObject(a) for a in TRACKS[o][0]],"title":TRACKS[o][1]}
### symmetric keys are fine for now since we hopefully use HTTPS
def loadAPIkeys():
global clients
clients = parseTSV("clients/authenticated_machines.tsv","string","string")
# by object
def checkAPIkey(k):
return (k in [k for [k,d] in clients])
def getScrobbleObject(o):
track = getTrackObject(TRACKS[o[0]])
@ -149,6 +146,11 @@ def post_scrobble():
keys = FormsDict.decode(request.forms) # The Dal★Shabet handler
artists = keys.get("artist")
title = keys.get("title")
apikey = keys.get("key")
if not (checkAPIkey(apikey)):
response.status = 403
return ""
try:
time = int(keys.get("time"))
except:
@ -178,6 +180,8 @@ def runserver(DATABASE_PORT):
#buildh()
build_db()
loadAPIkeys()
run(host='0.0.0.0', port=DATABASE_PORT, server='waitress')

View File

@ -210,9 +210,10 @@ function scrobble(artist,title,seconds) {
console.log("Scrobbling " + artist + " - " + title + "; " + seconds + " seconds playtime")
artiststring = encodeURIComponent(artist)
titlestring = encodeURIComponent(title)
APIKEY = "YDzcmp8JpYHCcvJbDOVT7nEDoyCEND6K" ///obviously this will not be hardcoded later
var xhttp = new XMLHttpRequest();
xhttp.open("POST","http://localhost:42010/db/newscrobble",true);
xhttp.send("artist=" + artiststring + "&title=" + titlestring + "&duration=" + seconds)
xhttp.send("artist=" + artiststring + "&title=" + titlestring + "&duration=" + seconds + "&key=" + APIKEY)
}
function setUpdate() {

View File

@ -4,6 +4,7 @@ import _thread
import waitress
import urllib.request
import urllib.parse
from urllib.error import *
import sys
import signal
@ -23,7 +24,7 @@ def mainpage():
# e.g. location /db { rewrite ^/db(.*)$ $1 break; proxy_pass http://yoururl:12349; }
@get("/db/<pth:path>")
def database(pth):
def database_get(pth):
keys = FormsDict.decode(request.query) # The Dal★Shabet handler
keystring = "?"
for k in keys:
@ -35,8 +36,16 @@ def database(pth):
return contents
@post("/db/<pth:path>")
def database(pth):
contents = urllib.request.urlopen("http://localhost:" + str(DATABASE_PORT) + "/" + pth,request.body).read()
def database_post(pth):
try:
proxyresponse = urllib.request.urlopen("http://localhost:" + str(DATABASE_PORT) + "/" + pth,request.body)
contents = proxyresponse.read()
response.status = proxyresponse.getcode()
except HTTPError as e:
contents = ""
response.status = e.code
response.content_type = "application/json"
response.set_header("Access-Control-Allow-Origin","*")
return contents