Moved to new api key handling

2021-12-25 02:22:57 +01:00 · 2021-12-25 02:22:57 +01:00 · 7f650e604e
parent a1ba5f58b8
commit 7f650e604e
7 changed files with 50 additions and 33 deletions
--- a/maloja/data_files/config/clients/example_file.tsv
+++ b/maloja/data_files/config/clients/example_file.tsv
@ -1,6 +0,0 @@
-# Only the entries in authenticated_machines.tsv are used, this is an example file
-# It is recommended to have a separate key for every scrobbler application you use,
-# as well as a key for manual interactions on the website
-YDzcmp8JpYHCcvJbDOVT7nEDoyCEND6K	Chromium Extension on Manjaro
-correcthorsebatterystaple		Pano Scrobbler on Android
-thingolisthebestking			Web Interface
--- a/maloja/database.py
+++ b/maloja/database.py
@ -10,7 +10,7 @@ from .malojauri import uri_to_internal, internal_to_uri, compose_querystring
 from .thirdparty import proxy_scrobble_all

 from .__pkginfo__ import version
-from .globalconf import data_dir, malojaconfig
+from .globalconf import data_dir, malojaconfig, apikeystore

 # doreah toolkit
 from doreah.logging import log
@ -103,24 +103,14 @@ def add_known_server(url):



-### symmetric keys are fine for now since we hopefully use HTTPS
-def loadAPIkeys():
-	global clients
-	tsv.create(data_dir['clients']("authenticated_machines.tsv"))
-	#createTSV("clients/authenticated_machines.tsv")
-	clients = tsv.parse(data_dir['clients']("authenticated_machines.tsv"),"string","string")
-	#clients = parseTSV("clients/authenticated_machines.tsv","string","string")
-	log("Authenticated Machines: " + ", ".join([m[1] for m in clients]))

-def checkAPIkey(k):
-	#return (k in [k for [k,d] in clients])
-	for key, identifier in clients:
-		if key == k: return identifier
+log("Authenticated Machines: " + ", ".join([k for k in apikeystore]))

-	return False
+def checkAPIkey(key):
+	return any((key == apikeystore[k]) for k in apikeystore)

 def allAPIkeys():
-	return [k for [k,d] in clients]
+	return [apikeystore[k] for k in apikeystore]


 ####
@ -706,7 +696,6 @@ def start_db():
 	log("Starting database...")
 	global lastsync
 	lastsync = int(datetime.datetime.now(tz=datetime.timezone.utc).timestamp())
-	loadAPIkeys()
 	build_db()
 	#run(dbserver, host='::', port=PORT, server='waitress')
 	log("Database reachable!")
--- a/maloja/globalconf.py
+++ b/maloja/globalconf.py
@ -1,6 +1,7 @@
 import os
 from doreah.configuration import Configuration
 from doreah.configuration import types as tp
+from doreah.keystore import KeyStore

 from .__pkginfo__ import versionstr

@ -258,7 +259,7 @@ data_directories = {
 	"images":pthj(dir_settings['state'],"images"),
 	"scrobbles":pthj(dir_settings['state'],"scrobbles"),
 	"rules":pthj(dir_settings['config'],"rules"),
-	"clients":pthj(dir_settings['config'],"clients"),
+	"clients":pthj(dir_settings['config']),
 	"settings":pthj(dir_settings['config']),
 	"css":pthj(dir_settings['config'],"custom_css"),
 	"logs":pthj(dir_settings['logs']),
@ -305,6 +306,27 @@ config(
 )


+
+
+### API KEYS
+
+
+
+### symmetric keys are fine for now since we hopefully use HTTPS
+apikeystore = KeyStore(file=data_dir['clients']("apikeys.yml"),save_endpoint="/apis/mlj_1/api_keys")
+
+oldfile = pthj(dir_settings['config'],"clients","authenticated_machines.tsv")
+if os.path.exists(oldfile):
+	try:
+		from doreah import tsv
+		clients = tsv.parse(oldfile,"string","string")
+		for key,identifier in clients:
+			apikeystore[identifier] = key
+		os.remove(oldfile)
+	except:
+		pass
+
+
 # what the fuck did i just write
 # this spaghetti file is proudly sponsored by the rice crackers i'm eating at the
 # moment as well as some cute chinese girl whose asmr i'm listening to in the
--- a/maloja/proccontrol/setup.py
+++ b/maloja/proccontrol/setup.py
@ -4,11 +4,11 @@ from doreah.io import col, ask, prompt
 from doreah import auth
 import os

-from ..globalconf import data_dir, dir_settings, malojaconfig
+from ..globalconf import data_dir, dir_settings, malojaconfig, apikeystore


 # EXTERNAL API KEYS
-apikeys = [
+ext_apikeys = [
 	"LASTFM_API_KEY",
 	"SPOTIFY_API_ID",
 	"SPOTIFY_API_SECRET",
@ -33,7 +33,7 @@ def setup():
 	SKIP = malojaconfig["SKIP_SETUP"]

 	print("Various external services can be used to display images. If not enough of them are set up, only local images will be used.")
-	for k in apikeys:
+	for k in ext_apikeys:
 		keyname = malojaconfig.get_setting_info(k)['name']
 		key = malojaconfig[k]
 		if key is False:
@ -47,13 +47,11 @@ def setup():


 	# OWN API KEY
-	if not os.path.exists(data_dir['clients']("authenticated_machines.tsv")):
+	if len(apikeystore) == 0:
 		answer = ask("Do you want to set up a key to enable scrobbling? Your scrobble extension needs that key so that only you can scrobble tracks to your database.",default=True,skip=SKIP)
 		if answer:
-			key = randomstring(64)
+			key = apikeystore.generate_key('default')
 			print("Your API Key: " + col["yellow"](key))
-			with open(data_dir['clients']("authenticated_machines.tsv"),"w") as keyfile:
-				keyfile.write(key + "\t" + "Default Generated Key")

 	# PASSWORD
 	forcepassword = malojaconfig["FORCE_PASSWORD"]
--- a/maloja/server.py
+++ b/maloja/server.py
@ -21,7 +21,7 @@ from doreah import auth
 from . import database
 from .utilities import resolveImage
 from .malojauri import uri_to_internal, remove_identical
-from .globalconf import malojaconfig, data_dir
+from .globalconf import malojaconfig, apikeystore, data_dir
 from .jinjaenv.context import jinja_environment
 from .apis import init_apis

@ -231,6 +231,7 @@ def static_html(name):
 		"adminmode":adminmode,
 		"config":malojaconfig,
 		"apikey":request.cookies.get("apikey") if adminmode else None,
+		"apikeys":apikeystore,
 		"_urikeys":keys, #temporary!
 	}
 	loc_context["filterkeys"], loc_context["limitkeys"], loc_context["delimitkeys"], loc_context["amountkeys"], loc_context["specialkeys"] = uri_to_internal(keys)
--- a/maloja/web/jinja/abstracts/admin.jinja
+++ b/maloja/web/jinja/abstracts/admin.jinja
@ -36,11 +36,16 @@
 					{% else %}
 						<a href="/admin_issues">Database Maintenance</a>
 					{% endif %} |
-					 {% if page=='admin_settings' %}
+					{% if page=='admin_settings' %}
 						<span style="opacity:0.5;">Settings</span>
 					{% else %}
 						<a href="/admin_settings">Settings</a>
-					{% endif %}
+					{% endif %} |
+					{% if page=='admin_apikeys' %}
+					   <span style="opacity:0.5;">API Keys</span>
+				   {% else %}
+					   <a href="/admin_apikeys">API Keys</a>
+				   {% endif %}
 				</span>
 				<br/><br/>
 				<span id="notification"></span>
--- a/maloja/web/jinja/admin_apikeys.jinja
+++ b/maloja/web/jinja/admin_apikeys.jinja
@ -0,0 +1,8 @@
+{% set page ='admin_apikeys' %}
+{% extends "abstracts/admin.jinja" %}
+{% block title %}Maloja - API Keys{% endblock %}
+
+
+{% block maincontent %}
+{{ apikeys.html() }}
+{% endblock %}