1
0
mirror of https://github.com/krateng/maloja.git synced 2023-08-10 21:12:55 +03:00

Updated some methods to new authentication method

This commit is contained in:
Krateng 2020-07-29 20:11:51 +02:00
parent 0ddb5a4dd9
commit b5b09c4052
5 changed files with 63 additions and 52 deletions

View File

@ -18,6 +18,7 @@ from doreah.logging import log
from doreah import tsv
from doreah import settings
from doreah.caching import Cache, DeepCache
from doreah.auth import authenticated_api, authenticated_api_with_alternate
try:
from doreah.persistence import DiskDict
except: pass
@ -240,6 +241,23 @@ def normalize_name(name):
########
########
# skip regular authentication if api key is present in request
# an api key now ONLY permits scrobbling tracks, no other admin tasks
def api_key_correct(request):
args = request.query
print(dict(args))
if "key" in args:
apikey = args["key"]
print(args)
del args["key"]
print(args)
elif "apikey" in args:
apikey = args["apikey"]
del args["apikey"]
else: return False
return checkAPIkey(apikey)
dbserver = API(delay=True,path="api")
@ -669,23 +687,19 @@ def trackInfo(track):
@dbserver.get("newscrobble")
@dbserver.post("newscrobble")
@authenticated_api_with_alternate(api_key_correct)
def post_scrobble(artist:Multi,**keys):
artists = "/".join(artist)
title = keys.get("title")
album = keys.get("album")
duration = keys.get("seconds")
apikey = keys.get("key")
client = checkAPIkey(apikey)
if client == False: # empty string allowed!
response.status = 403
return ""
try:
time = int(keys.get("time"))
except:
time = int(datetime.datetime.now(tz=datetime.timezone.utc).timestamp())
log("Incoming scrobble (native API): Client " + client + ", ARTISTS: " + str(artists) + ", TRACK: " + title,module="debug")
log("Incoming scrobble (native API): ARTISTS: " + str(artists) + ", TRACK: " + title,module="debug")
(artists,title) = cla.fullclean(artists,title)
## this is necessary for localhost testing
@ -719,14 +733,14 @@ def sapi(path:Multi,**keys):
@dbserver.get("sync")
@authenticated_api
def abouttoshutdown():
sync()
#sys.exit()
@dbserver.post("newrule")
@authenticated_api
def newrule(**keys):
apikey = keys.pop("key",None)
if (checkAPIkey(apikey)):
tsv.add_entry(datadir("rules/webmade.tsv"),[k for k in keys])
#addEntry("rules/webmade.tsv",[k for k in keys])
global db_rulestate
@ -877,10 +891,8 @@ def get_predefined_rulesets():
return rulesets
@dbserver.post("importrules")
@authenticated_api
def import_rulemodule(**keys):
apikey = keys.pop("key",None)
if (checkAPIkey(apikey)):
filename = keys.get("filename")
remove = keys.get("remove") is not None
validchars = "-_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
@ -896,9 +908,8 @@ def import_rulemodule(**keys):
@dbserver.post("rebuild")
@authenticated_api
def rebuild(**keys):
apikey = keys.pop("key",None)
if (checkAPIkey(apikey)):
log("Database rebuild initiated!")
global db_rulestate
db_rulestate = False
@ -950,8 +961,8 @@ def search(**keys):
@dbserver.post("addpicture")
def add_picture(b64,key,artist:Multi=[],title=None):
if (checkAPIkey(key)):
@authenticated_api
def add_picture(b64,artist:Multi=[],title=None):
keys = FormsDict()
for a in artist:
keys.append("artist",a)

View File

@ -1,3 +1,3 @@
function upload(encodedentity,apikey,b64) {
neo.xhttprequest("/api/addpicture?key=" + apikey + "&" + encodedentity,{"b64":b64},"POST")
function upload(encodedentity,b64) {
neo.xhttprequest("/api/addpicture?" + encodedentity,{"b64":b64},"POST")
}

View File

@ -36,7 +36,7 @@
<td class="image">
{% if adminmode %}
<div
class="changeable-image" data-uploader="b64=>upload('{encodedartist}','{apikey}',b64)"
class="changeable-image" data-uploader="b64=>upload('{{ encodedartist }}',b64)"
style="background-image:url('{{ utilities.getArtistImage(artist=artist,fast=True) }}');"
></div>
{% else %}

View File

@ -99,7 +99,7 @@
After you've scrobbled for a bit, you might want to check the <a class="textlink" href="/issues">Issues page</a> to see if you need to set up some rules. You can also manually add rules in your server's "rules" directory - just add your own .tsv file and read the instructions on how to declare a rule.
<br/><br/>
You can also set up some predefined rulesets right away! Enter your API key and click the buttons.
You can also set up some predefined rulesets right away!
<br/>
<br/><br/>

View File

@ -30,7 +30,7 @@
<td class="image">
{% if adminmode %}
<div
class="changeable-image" data-uploader="b64=>upload('{encodedartist}','{apikey}',b64)"
class="changeable-image" data-uploader="b64=>upload('{{ encodedtrack }}',b64)"
style="background-image:url('{{ utilities.getTrackImage(artists=track.artists,title=track.title,fast=True) }}');"
></div>
{% else %}