diff --git a/maloja/apis/_apikeys.py b/maloja/apis/_apikeys.py new file mode 100644 index 0000000..cdd153e --- /dev/null +++ b/maloja/apis/_apikeys.py @@ -0,0 +1,20 @@ +from ..globalconf import apikeystore + +# skip regular authentication if api key is present in request +# an api key now ONLY permits scrobbling tracks, no other admin tasks +def api_key_correct(request): + args = request.params + try: + args.update(request.json) + except: + pass + if "key" in args: + apikey = args.pop("key") + elif "apikey" in args: + apikey = args.pop("apikey") + else: return False + return checkAPIkey(apikey) +def checkAPIkey(key): + return apikeystore.check_key(key) +def allAPIkeys(): + return [apikeystore[k] for k in apikeystore] diff --git a/maloja/apis/audioscrobbler.py b/maloja/apis/audioscrobbler.py index 560c966..49d702a 100644 --- a/maloja/apis/audioscrobbler.py +++ b/maloja/apis/audioscrobbler.py @@ -1,6 +1,7 @@ from ._base import APIHandler from ._exceptions import * from .. import database +from ._apikeys import checkAPIkey, allAPIkeys class Audioscrobbler(APIHandler): __apiname__ = "Audioscrobbler" @@ -36,14 +37,14 @@ class Audioscrobbler(APIHandler): password = keys.get("password") # either username and password if user is not None and password is not None: - if password in database.allAPIkeys(): + if checkAPIkey(password): sessionkey = generate_key(self.mobile_sessions) return 200,{"session":{"key":sessionkey}} else: raise InvalidAuthException() # or username and token (deprecated by lastfm) elif user is not None and token is not None: - for key in database.allAPIkeys(): + for key in allAPIkeys(): if md5(user + md5(key)) == token: sessionkey = generate_key(self.mobile_sessions) return 200,{"session":{"key":sessionkey}} @@ -89,6 +90,6 @@ def generate_key(ls): random.choice( list(range(10)) + list("abcdefghijklmnopqrstuvwxyz") + list("ABCDEFGHIJKLMNOPQRSTUVWXYZ"))) for _ in range(64)) - + ls.append(key) return key diff --git a/maloja/apis/audioscrobbler_legacy.py b/maloja/apis/audioscrobbler_legacy.py index 09cd7bb..54ccc36 100644 --- a/maloja/apis/audioscrobbler_legacy.py +++ b/maloja/apis/audioscrobbler_legacy.py @@ -1,6 +1,7 @@ from ._base import APIHandler from ._exceptions import * from .. import database +from ._apikeys import checkAPIkey, allAPIkeys from bottle import request @@ -41,7 +42,7 @@ class AudioscrobblerLegacy(APIHandler): protocol = 'http' if (keys.get("u") == 'nossl') else request.urlparts.scheme if auth is not None: - for key in database.allAPIkeys(): + for key in allAPIkeys(): if check_token(auth, key, timestamp): sessionkey = generate_key(self.mobile_sessions) return 200, ( diff --git a/maloja/apis/listenbrainz.py b/maloja/apis/listenbrainz.py index a254ffa..7447bb9 100644 --- a/maloja/apis/listenbrainz.py +++ b/maloja/apis/listenbrainz.py @@ -2,6 +2,7 @@ from ._base import APIHandler from ._exceptions import * from .. import database import datetime +from ._apikeys import checkAPIkey from ..globalconf import malojaconfig @@ -36,7 +37,7 @@ class Listenbrainz(APIHandler): except: raise BadAuthException() - if token not in database.allAPIkeys(): + if not checkAPIkey(token): raise InvalidAuthException() try: @@ -69,7 +70,7 @@ class Listenbrainz(APIHandler): token = self.get_token_from_request_keys(keys) except: raise BadAuthException() - if token not in database.allAPIkeys(): + if not checkAPIkey(token): raise InvalidAuthException() else: return 200,{"code":200,"message":"Token valid.","valid":True,"user_name":malojaconfig["NAME"]} diff --git a/maloja/apis/native_v1.py b/maloja/apis/native_v1.py index 672d4f3..1515993 100644 --- a/maloja/apis/native_v1.py +++ b/maloja/apis/native_v1.py @@ -3,6 +3,7 @@ from ..globalconf import malojaconfig, apikeystore from ..__pkginfo__ import VERSION from ..malojauri import uri_to_internal from .. import utilities +from ._apikeys import api_key_correct from bottle import response, static_file @@ -15,6 +16,9 @@ api = API(delay=True) api.__apipath__ = "mlj_1" + + + @api.get("test") def test_server(key=None): """Pings the server. If an API key is supplied, the server will respond with 200 diff --git a/maloja/database/__init__.py b/maloja/database/__init__.py index 533af03..d0975db 100644 --- a/maloja/database/__init__.py +++ b/maloja/database/__init__.py @@ -42,7 +42,6 @@ import urllib -dblock = Lock() #global database lock dbstatus = { "healthy":False, "rebuildinprogress":False, @@ -69,34 +68,6 @@ cla = CleanerAgent() coa = CollectorAgent() -def checkAPIkey(key): - return apikeystore.check_key(key) - -def allAPIkeys(): - return [apikeystore[k] for k in apikeystore] - - -#### -## Getting dict representations of database objects -#### - -def get_scrobble_dict(o): - track = get_track_dict(TRACKS[o.track]) - return {"artists":track["artists"],"title":track["title"],"time":o.timestamp,"album":o.album,"duration":o.duration} - -def get_artist_dict(o): - return o - #technically not a dict, but... you know - -def get_track_dict(o): - artists = [get_artist_dict(ARTISTS[a]) for a in o.artists] - return {"artists":artists,"title":o.title} - - -#### -## Creating or finding existing database entries -#### - def createScrobble(artists,title,time,album=None,duration=None,volatile=False): @@ -138,23 +109,7 @@ def createScrobble(artists,title,time,album=None,duration=None,volatile=False): ######## ######## -# skip regular authentication if api key is present in request -# an api key now ONLY permits scrobbling tracks, no other admin tasks -def api_key_correct(request): - args = request.params - try: - args.update(request.json) - except: - pass - if "key" in args: - apikey = args["key"] - del args["key"] - elif "apikey" in args: - apikey = args["apikey"] - del args["apikey"] - else: return False - return checkAPIkey(apikey)