From de18ecff2606cecc15e1a99035a2453928d8a763 Mon Sep 17 00:00:00 2001 From: krateng Date: Wed, 6 Apr 2022 21:08:14 +0200 Subject: [PATCH] More elegant client checking for scrobbles --- maloja/apis/_apikeys.py | 20 +++++++------------- maloja/apis/native_v1.py | 8 ++++---- maloja/database/__init__.py | 6 +----- 3 files changed, 12 insertions(+), 22 deletions(-) diff --git a/maloja/apis/_apikeys.py b/maloja/apis/_apikeys.py index 3d19670..95fc053 100644 --- a/maloja/apis/_apikeys.py +++ b/maloja/apis/_apikeys.py @@ -14,21 +14,15 @@ log("Authenticated Machines: " + ", ".join([k for k in apikeystore]),module='api # skip regular authentication if api key is present in request # an api key now ONLY permits scrobbling tracks, no other admin tasks -def api_key_correct(request): - request.malojaclient = None - args = request.params - try: - args.update(request.json) - except: - pass - if "key" in args: - apikey = args.pop("key") - elif "apikey" in args: - apikey = args.pop("apikey") +def api_key_correct(request,args,kwargs): + if "key" in kwargs: + apikey = kwargs.pop("key") + elif "apikey" in kwargs: + apikey = kwargs.pop("apikey") else: return False if checkAPIkey(apikey): - request.malojaclient = [c for c in apikeystore if apikeystore[c]==apikey][0] - return True + client = [c for c in apikeystore if apikeystore[c]==apikey][0] + return {'client':client} else: return False diff --git a/maloja/apis/native_v1.py b/maloja/apis/native_v1.py index 5da7083..d2011c2 100644 --- a/maloja/apis/native_v1.py +++ b/maloja/apis/native_v1.py @@ -3,7 +3,7 @@ import os from bottle import response, static_file, request, FormsDict from doreah.logging import log -from doreah.auth import authenticated_api, authenticated_api_with_alternate +from doreah.auth import authenticated_api, authenticated_api_with_alternate, authenticated_function # nimrodel API from nimrodel import EAPI as API @@ -223,8 +223,8 @@ def compare_external(**keys): @api.post("newscrobble") -@authenticated_api_with_alternate(api_key_correct) -def post_scrobble(artist:Multi=None,**keys): +@authenticated_function(alternate=api_key_correct,api=True,pass_auth_result_as='auth_result') +def post_scrobble(artist:Multi=None,auth_result=None,**keys): """Submit a new scrobble. :param string artist: Artist. Can be submitted multiple times as query argument for multiple artists. @@ -250,7 +250,7 @@ def post_scrobble(artist:Multi=None,**keys): return database.incoming_scrobble( rawscrobble, - client=request.malojaclient, + client='browser' if auth_result.get('doreah_native_auth_check') else auth_result.get('client'), fix=(keys.get("nofix") is None) ) # TODO: malojaclient needs to be converted to proper argument in doreah diff --git a/maloja/database/__init__.py b/maloja/database/__init__.py index 4782bf4..66972fd 100644 --- a/maloja/database/__init__.py +++ b/maloja/database/__init__.py @@ -86,11 +86,7 @@ coa = CollectorAgent() ## ## -def incoming_scrobble(rawscrobble,fix=True,client=None,dbconn=None,**kwargs): - # TODO: just collecting all extra kwargs now. at some point, rework the authenticated api with alt function - # to actually look at the converted args instead of the request object and remove the key - # so that this function right here doesnt get the key passed to it - +def incoming_scrobble(rawscrobble,fix=True,client=None,dbconn=None): if (not "track_artists" in rawscrobble) or (len(rawscrobble['track_artists']) == 0) or (not "track_title" in rawscrobble): log(f"Incoming scrobble {rawscrobble} [Source: {client}] is not valid")