All POST methods now require an API key

2023-08-10 21:12:55 +03:00 · 2018-12-29 16:57:52 +01:00 · 2018-12-29 16:57:52 +01:00 · bfff37a549
commit bfff37a549
parent 6082094a3e
3 changed files with 83 additions and 27 deletions
--- a/database.py
+++ b/database.py
@ -419,9 +419,12 @@ def abouttoshutdown():
@dbserver.post("/newrule")
 def newrule():
 	keys = FormsDict.decode(request.forms)
-	addEntry("rules/webmade.tsv",[k for k in keys])
-	global db_rulestate
-	db_rulestate = False
+	apikey = keys.pop("key",None)
+	if (checkAPIkey(apikey)):
+		addEntry("rules/webmade.tsv",[k for k in keys])
+		global db_rulestate
+		db_rulestate = False
+	
 	
@dbserver.route("/issues")
 def issues():
@ -516,14 +519,16 @@ def issues():

@dbserver.post("/rebuild")
 def rebuild():
-	global db_rulestate
-	db_rulestate = False
-	sync()
-	os.system("python3 fixexisting.py")
-	global cla, coa
-	cla = CleanerAgent()
-	coa = CollectorAgent()
-	build_db()
+	apikey = keys.pop("key",None)
+	if (checkAPIkey(apikey)):
+		global db_rulestate
+		db_rulestate = False
+		sync()
+		os.system("python3 fixexisting.py")
+		global cla, coa
+		cla = CleanerAgent()
+		coa = CollectorAgent()
+		build_db()


 	
--- a/website/issues.html
+++ b/website/issues.html
@ -16,7 +16,8 @@
 					<span>with your library</span>
 					<p class="stats"><a href="/scrobbles?artist=KEY_ENC_ARTISTNAME">KEY_ISSUES Issues</a></p>
 					
-					<p>Maloja can identify possible problems with consistency or redundancy in your library. After making any changes, you should <a onclick='fullrebuild()'>rebuild your library</a>.</p>
+					<p>Maloja can identify possible problems with consistency or redundancy in your library. After making any changes, you should <a onclick='fullrebuild()'>rebuild your library</a>.<br/>
+					Your API key is required to make any changes to the server: <input id='apikey' onchange='checkAPIkey()' style='width:300px;'/></p>
 				</td>
 			</tr>
 		</table>
@ -26,26 +27,76 @@
 	</body>
 	
 	<script>
-		function newrule() {
-			keys = ""
-			for (var i = 1; i < arguments.length; i++) {
-				keys += encodeURIComponent(arguments[i]) + "&"
+		
+		cookies = decodeURIComponent(document.cookie).split(';');
+		for(var i = 0; i <cookies.length; i++) { 
+			if (cookies[i].startsWith("apikey=")) {
+				document.getElementById("apikey").value = cookies[i].replace("apikey=","")
+				checkAPIkey()
 			}
-			console.log(keys)
-			var xhttp = new XMLHttpRequest();
-			xhttp.open("POST","/db/newrule?", true);
-			xhttp.send(keys);
-			e = arguments[0]
-			line = e.parentNode
-			line.parentNode.removeChild(line)
+		}
 	
+		apikeycorrect = false;
+		
+		function newrule() {
+			if (apikeycorrect) {
+				keys = ""
+				for (var i = 1; i < arguments.length; i++) {
+					keys += encodeURIComponent(arguments[i]) + "&"
+				}
+				apikey = document.getElementById("apikey").value
+				keys += "key=" + encodeURIComponent(apikey)
+				console.log(keys)
+			
+			
+				var xhttp = new XMLHttpRequest();
+				xhttp.open("POST","/db/newrule?", true);
+				xhttp.send(keys);
+				e = arguments[0]
+				line = e.parentNode
+				line.parentNode.removeChild(line)
+			}
 		}
 		
 		function fullrebuild() {
+			if (apikeycorrect) {
+				apikey = document.getElementById("apikey").value
+			
+				var xhttp = new XMLHttpRequest();
+				xhttp.open("POST","/db/rebuild", true);
+				xhttp.send("key=" + encodeURIComponent(apikey))
+				window.location = "/wait";	
+			}
+			
+		}
+		
+		function saveAPIkey() {
+			key = document.getElementById("apikey").value
+			document.cookie = "apikey=" + encodeURIComponent(key)
+		}
+		
+		function checkAPIkey() {
+			saveAPIkey()
+			url = "/db/test?key=" + document.getElementById("apikey").value
 			var xhttp = new XMLHttpRequest();
-			xhttp.open("POST","/db/rebuild", true);
-			xhttp.send()
-			window.location = "/wait";
+			xhttp.onreadystatechange = function() {
+				if (this.readyState == 4 && (this.status == 204 || this.status == 205)) {
+					document.getElementById("apikey").style.backgroundColor = "lawngreen"
+					apikeycorrect = true
+				}
+				else {
+					document.getElementById("apikey").style.backgroundColor = "red"
+					apikeycorrect = false
+				}
+			};
+			try {
+				xhttp.open("GET",url,true);
+				xhttp.send();
+			}
+			catch (e) {
+				document.getElementById("apikey").style.backgroundColor = "red"
+				apikeycorrect = false
+			}
 		}
 	
 	</script>
--- a/website/issues.py
+++ b/website/issues.py
@ -1,6 +1,6 @@
 import urllib
 import json
-from utilities import artistLink
+from htmlgenerators import artistLink

 def replacedict(keys,dbport):