mirror/maloja
1
0
Fork 0
mirror of https://github.com/krateng/maloja.git synced 2023-08-10 21:12:55 +03:00
Code Issues Projects Releases Wiki Activity

Updated some methods to new authentication method

Browse Source
This commit is contained in:
Krateng 2020-07-29 20:11:51 +02:00
parent 0ddb5a4dd9
commit b5b09c4052
5 changed files with 63 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
maloja/database.py
View File

@ -18,6 +18,7 @@ from doreah.logging import log
from doreah import tsv from doreah import tsv
from doreah import settings from doreah import settings
from doreah.caching import Cache, DeepCache from doreah.caching import Cache, DeepCache
from doreah.auth import authenticated_api, authenticated_api_with_alternate
try: try:
from doreah.persistence import DiskDict from doreah.persistence import DiskDict
except: pass except: pass
@ -240,6 +241,23 @@ def normalize_name(name):
######## ########
######## ########
# skip regular authentication if api key is present in request
# an api key now ONLY permits scrobbling tracks, no other admin tasks
def api_key_correct(request):
args = request.query
print(dict(args))
if "key" in args:
apikey = args["key"]
print(args)
del args["key"]
print(args)
elif "apikey" in args:
apikey = args["apikey"]
del args["apikey"]
else: return False
return checkAPIkey(apikey)
dbserver = API(delay=True,path="api") dbserver = API(delay=True,path="api")
@ -669,23 +687,19 @@ def trackInfo(track):
@dbserver.get("newscrobble") @dbserver.get("newscrobble")
@dbserver.post("newscrobble") @dbserver.post("newscrobble")
@authenticated_api_with_alternate(api_key_correct)
def post_scrobble(artist:Multi,**keys): def post_scrobble(artist:Multi,**keys):
artists = "/".join(artist) artists = "/".join(artist)
title = keys.get("title") title = keys.get("title")
album = keys.get("album") album = keys.get("album")
duration = keys.get("seconds") duration = keys.get("seconds")
apikey = keys.get("key")
client = checkAPIkey(apikey)
if client == False: # empty string allowed!
response.status = 403
return ""
try: try:
time = int(keys.get("time")) time = int(keys.get("time"))
except: except:
time = int(datetime.datetime.now(tz=datetime.timezone.utc).timestamp()) time = int(datetime.datetime.now(tz=datetime.timezone.utc).timestamp())
log("Incoming scrobble (native API): Client " + client + ", ARTISTS: " + str(artists) + ", TRACK: " + title,module="debug") log("Incoming scrobble (native API): ARTISTS: " + str(artists) + ", TRACK: " + title,module="debug")
(artists,title) = cla.fullclean(artists,title) (artists,title) = cla.fullclean(artists,title)
## this is necessary for localhost testing ## this is necessary for localhost testing
@ -719,14 +733,14 @@ def sapi(path:Multi,**keys):
@dbserver.get("sync") @dbserver.get("sync")
@authenticated_api
def abouttoshutdown(): def abouttoshutdown():
sync() sync()
#sys.exit() #sys.exit()
@dbserver.post("newrule") @dbserver.post("newrule")
@authenticated_api
def newrule(**keys): def newrule(**keys):
apikey = keys.pop("key",None)
if (checkAPIkey(apikey)):
tsv.add_entry(datadir("rules/webmade.tsv"),[k for k in keys]) tsv.add_entry(datadir("rules/webmade.tsv"),[k for k in keys])
#addEntry("rules/webmade.tsv",[k for k in keys]) #addEntry("rules/webmade.tsv",[k for k in keys])
global db_rulestate global db_rulestate
@ -877,10 +891,8 @@ def get_predefined_rulesets():
return rulesets return rulesets
@dbserver.post("importrules") @dbserver.post("importrules")
@authenticated_api
def import_rulemodule(**keys): def import_rulemodule(**keys):
apikey = keys.pop("key",None)
if (checkAPIkey(apikey)):
filename = keys.get("filename") filename = keys.get("filename")
remove = keys.get("remove") is not None remove = keys.get("remove") is not None
validchars = "-_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" validchars = "-_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
@ -896,9 +908,8 @@ def import_rulemodule(**keys):
@dbserver.post("rebuild") @dbserver.post("rebuild")
@authenticated_api
def rebuild(**keys): def rebuild(**keys):
apikey = keys.pop("key",None)
if (checkAPIkey(apikey)):
log("Database rebuild initiated!") log("Database rebuild initiated!")
global db_rulestate global db_rulestate
db_rulestate = False db_rulestate = False
@ -950,8 +961,8 @@ def search(**keys):
@dbserver.post("addpicture") @dbserver.post("addpicture")
def add_picture(b64,key,artist:Multi=[],title=None): @authenticated_api
if (checkAPIkey(key)): def add_picture(b64,artist:Multi=[],title=None):
keys = FormsDict() keys = FormsDict()
for a in artist: for a in artist:
keys.append("artist",a) keys.append("artist",a)

4
maloja/static/js/upload.js
View File

@ -1,3 +1,3 @@
function upload(encodedentity,apikey,b64) { function upload(encodedentity,b64) {
neo.xhttprequest("/api/addpicture?key=" + apikey + "&" + encodedentity,{"b64":b64},"POST") neo.xhttprequest("/api/addpicture?" + encodedentity,{"b64":b64},"POST")
} }

2
maloja/web/jinja/artist.jinja
View File

@ -36,7 +36,7 @@
<td class="image"> <td class="image">
{% if adminmode %} {% if adminmode %}
<div <div
class="changeable-image" data-uploader="b64=>upload('{encodedartist}','{apikey}',b64)" class="changeable-image" data-uploader="b64=>upload('{{ encodedartist }}',b64)"
style="background-image:url('{{ utilities.getArtistImage(artist=artist,fast=True) }}');" style="background-image:url('{{ utilities.getArtistImage(artist=artist,fast=True) }}');"
></div> ></div>
{% else %} {% else %}

2
maloja/web/jinja/setup.jinja
View File

@ -99,7 +99,7 @@
After you've scrobbled for a bit, you might want to check the <a class="textlink" href="/issues">Issues page</a> to see if you need to set up some rules. You can also manually add rules in your server's "rules" directory - just add your own .tsv file and read the instructions on how to declare a rule. After you've scrobbled for a bit, you might want to check the <a class="textlink" href="/issues">Issues page</a> to see if you need to set up some rules. You can also manually add rules in your server's "rules" directory - just add your own .tsv file and read the instructions on how to declare a rule.
<br/><br/> <br/><br/>
You can also set up some predefined rulesets right away! Enter your API key and click the buttons. You can also set up some predefined rulesets right away!
<br/> <br/>
<br/><br/> <br/><br/>

2
maloja/web/jinja/track.jinja
View File

@ -30,7 +30,7 @@
<td class="image"> <td class="image">
{% if adminmode %} {% if adminmode %}
<div <div
class="changeable-image" data-uploader="b64=>upload('{encodedartist}','{apikey}',b64)" class="changeable-image" data-uploader="b64=>upload('{{ encodedtrack }}',b64)"
style="background-image:url('{{ utilities.getTrackImage(artists=track.artists,title=track.title,fast=True) }}');" style="background-image:url('{{ utilities.getTrackImage(artists=track.artists,title=track.title,fast=True) }}');"
></div> ></div>
{% else %} {% else %}