From 19dc86d32aee60690f8ec16d186f52091123f98b Mon Sep 17 00:00:00 2001 From: Krateng Date: Fri, 30 Nov 2018 15:44:30 +0100 Subject: [PATCH] Added simple API key --- clients/.gitignore | 1 + clients/example_file.tsv | 2 ++ database.py | 26 +++++++++++++++----------- scrobbler-vivaldi-plex/background.js | 3 ++- server.py | 15 ++++++++++++--- 5 files changed, 32 insertions(+), 15 deletions(-) create mode 100644 clients/.gitignore create mode 100644 clients/example_file.tsv diff --git a/clients/.gitignore b/clients/.gitignore new file mode 100644 index 0000000..b277966 --- /dev/null +++ b/clients/.gitignore @@ -0,0 +1 @@ +authenticated_machines.tsv diff --git a/clients/example_file.tsv b/clients/example_file.tsv new file mode 100644 index 0000000..5099df1 --- /dev/null +++ b/clients/example_file.tsv @@ -0,0 +1,2 @@ +# Only the entries in authenticated_machines.tsv are used, this is an example file +YDzcmp8JpYHCcvJbDOVT7nEDoyCEND6K Example Machine diff --git a/database.py b/database.py index 6f5017d..c4a25d5 100644 --- a/database.py +++ b/database.py @@ -5,6 +5,7 @@ import waitress import os import datetime from cleanup import * +from utilities import * import sys @@ -15,22 +16,18 @@ TRACKS = [] # Format: tuple(frozenset(artist_ref,...),title) timestamps = set() c = CleanerAgent() +clients = [] lastsync = 0 -# by id -#def getScrobbleObject(o): -# #return {"artists":getTrackObject(SCROBBLES[o][0])["artists"],"title":getTrackObject(SCROBBLES[o][0])["title"],"time":SCROBBLES[o][1],"saved":SCROBBLES[o][2]} -# return {"artists":getTrackObject(SCROBBLES[o][0])["artists"],"title":getTrackObject(SCROBBLES[o][0])["title"],"time":SCROBBLES[o][1]} -# -#def getArtistObject(o): -# return ARTISTS[o] -# -#def getTrackObject(o): -# return {"artists":[getArtistObject(a) for a in TRACKS[o][0]],"title":TRACKS[o][1]} +### symmetric keys are fine for now since we hopefully use HTTPS +def loadAPIkeys(): + global clients + clients = parseTSV("clients/authenticated_machines.tsv","string","string") -# by object +def checkAPIkey(k): + return (k in [k for [k,d] in clients]) def getScrobbleObject(o): track = getTrackObject(TRACKS[o[0]]) @@ -149,6 +146,11 @@ def post_scrobble(): keys = FormsDict.decode(request.forms) # The Dal★Shabet handler artists = keys.get("artist") title = keys.get("title") + apikey = keys.get("key") + if not (checkAPIkey(apikey)): + response.status = 403 + return "" + try: time = int(keys.get("time")) except: @@ -178,6 +180,8 @@ def runserver(DATABASE_PORT): #buildh() build_db() + loadAPIkeys() + run(host='0.0.0.0', port=DATABASE_PORT, server='waitress') diff --git a/scrobbler-vivaldi-plex/background.js b/scrobbler-vivaldi-plex/background.js index c8814db..9821db1 100644 --- a/scrobbler-vivaldi-plex/background.js +++ b/scrobbler-vivaldi-plex/background.js @@ -210,9 +210,10 @@ function scrobble(artist,title,seconds) { console.log("Scrobbling " + artist + " - " + title + "; " + seconds + " seconds playtime") artiststring = encodeURIComponent(artist) titlestring = encodeURIComponent(title) + APIKEY = "YDzcmp8JpYHCcvJbDOVT7nEDoyCEND6K" ///obviously this will not be hardcoded later var xhttp = new XMLHttpRequest(); xhttp.open("POST","http://localhost:42010/db/newscrobble",true); - xhttp.send("artist=" + artiststring + "&title=" + titlestring + "&duration=" + seconds) + xhttp.send("artist=" + artiststring + "&title=" + titlestring + "&duration=" + seconds + "&key=" + APIKEY) } function setUpdate() { diff --git a/server.py b/server.py index 2b94f9c..0be14c9 100755 --- a/server.py +++ b/server.py @@ -4,6 +4,7 @@ import _thread import waitress import urllib.request import urllib.parse +from urllib.error import * import sys import signal @@ -23,7 +24,7 @@ def mainpage(): # e.g. location /db { rewrite ^/db(.*)$ $1 break; proxy_pass http://yoururl:12349; } @get("/db/") -def database(pth): +def database_get(pth): keys = FormsDict.decode(request.query) # The Dal★Shabet handler keystring = "?" for k in keys: @@ -35,8 +36,16 @@ def database(pth): return contents @post("/db/") -def database(pth): - contents = urllib.request.urlopen("http://localhost:" + str(DATABASE_PORT) + "/" + pth,request.body).read() +def database_post(pth): + try: + proxyresponse = urllib.request.urlopen("http://localhost:" + str(DATABASE_PORT) + "/" + pth,request.body) + contents = proxyresponse.read() + response.status = proxyresponse.getcode() + except HTTPError as e: + contents = "" + response.status = e.code + + response.content_type = "application/json" response.set_header("Access-Control-Allow-Origin","*") return contents