From 7f650e604eec32de1c39a4e1c6fdf81374065e29 Mon Sep 17 00:00:00 2001 From: krateng Date: Sat, 25 Dec 2021 02:22:57 +0100 Subject: [PATCH] Moved to new api key handling --- .../config/clients/example_file.tsv | 6 ----- maloja/database.py | 21 ++++------------ maloja/globalconf.py | 24 ++++++++++++++++++- maloja/proccontrol/setup.py | 12 ++++------ maloja/server.py | 3 ++- maloja/web/jinja/abstracts/admin.jinja | 9 +++++-- maloja/web/jinja/admin_apikeys.jinja | 8 +++++++ 7 files changed, 50 insertions(+), 33 deletions(-) delete mode 100644 maloja/data_files/config/clients/example_file.tsv create mode 100644 maloja/web/jinja/admin_apikeys.jinja diff --git a/maloja/data_files/config/clients/example_file.tsv b/maloja/data_files/config/clients/example_file.tsv deleted file mode 100644 index 008c446..0000000 --- a/maloja/data_files/config/clients/example_file.tsv +++ /dev/null @@ -1,6 +0,0 @@ -# Only the entries in authenticated_machines.tsv are used, this is an example file -# It is recommended to have a separate key for every scrobbler application you use, -# as well as a key for manual interactions on the website -YDzcmp8JpYHCcvJbDOVT7nEDoyCEND6K Chromium Extension on Manjaro -correcthorsebatterystaple Pano Scrobbler on Android -thingolisthebestking Web Interface diff --git a/maloja/database.py b/maloja/database.py index f4180c2..34cdcfc 100644 --- a/maloja/database.py +++ b/maloja/database.py @@ -10,7 +10,7 @@ from .malojauri import uri_to_internal, internal_to_uri, compose_querystring from .thirdparty import proxy_scrobble_all from .__pkginfo__ import version -from .globalconf import data_dir, malojaconfig +from .globalconf import data_dir, malojaconfig, apikeystore # doreah toolkit from doreah.logging import log @@ -103,24 +103,14 @@ def add_known_server(url): -### symmetric keys are fine for now since we hopefully use HTTPS -def loadAPIkeys(): - global clients - tsv.create(data_dir['clients']("authenticated_machines.tsv")) - #createTSV("clients/authenticated_machines.tsv") - clients = tsv.parse(data_dir['clients']("authenticated_machines.tsv"),"string","string") - #clients = parseTSV("clients/authenticated_machines.tsv","string","string") - log("Authenticated Machines: " + ", ".join([m[1] for m in clients])) -def checkAPIkey(k): - #return (k in [k for [k,d] in clients]) - for key, identifier in clients: - if key == k: return identifier +log("Authenticated Machines: " + ", ".join([k for k in apikeystore])) - return False +def checkAPIkey(key): + return any((key == apikeystore[k]) for k in apikeystore) def allAPIkeys(): - return [k for [k,d] in clients] + return [apikeystore[k] for k in apikeystore] #### @@ -706,7 +696,6 @@ def start_db(): log("Starting database...") global lastsync lastsync = int(datetime.datetime.now(tz=datetime.timezone.utc).timestamp()) - loadAPIkeys() build_db() #run(dbserver, host='::', port=PORT, server='waitress') log("Database reachable!") diff --git a/maloja/globalconf.py b/maloja/globalconf.py index 2e773b5..8dc37ea 100644 --- a/maloja/globalconf.py +++ b/maloja/globalconf.py @@ -1,6 +1,7 @@ import os from doreah.configuration import Configuration from doreah.configuration import types as tp +from doreah.keystore import KeyStore from .__pkginfo__ import versionstr @@ -258,7 +259,7 @@ data_directories = { "images":pthj(dir_settings['state'],"images"), "scrobbles":pthj(dir_settings['state'],"scrobbles"), "rules":pthj(dir_settings['config'],"rules"), - "clients":pthj(dir_settings['config'],"clients"), + "clients":pthj(dir_settings['config']), "settings":pthj(dir_settings['config']), "css":pthj(dir_settings['config'],"custom_css"), "logs":pthj(dir_settings['logs']), @@ -305,6 +306,27 @@ config( ) + + +### API KEYS + + + +### symmetric keys are fine for now since we hopefully use HTTPS +apikeystore = KeyStore(file=data_dir['clients']("apikeys.yml"),save_endpoint="/apis/mlj_1/api_keys") + +oldfile = pthj(dir_settings['config'],"clients","authenticated_machines.tsv") +if os.path.exists(oldfile): + try: + from doreah import tsv + clients = tsv.parse(oldfile,"string","string") + for key,identifier in clients: + apikeystore[identifier] = key + os.remove(oldfile) + except: + pass + + # what the fuck did i just write # this spaghetti file is proudly sponsored by the rice crackers i'm eating at the # moment as well as some cute chinese girl whose asmr i'm listening to in the diff --git a/maloja/proccontrol/setup.py b/maloja/proccontrol/setup.py index af2ed2f..8062e06 100644 --- a/maloja/proccontrol/setup.py +++ b/maloja/proccontrol/setup.py @@ -4,11 +4,11 @@ from doreah.io import col, ask, prompt from doreah import auth import os -from ..globalconf import data_dir, dir_settings, malojaconfig +from ..globalconf import data_dir, dir_settings, malojaconfig, apikeystore # EXTERNAL API KEYS -apikeys = [ +ext_apikeys = [ "LASTFM_API_KEY", "SPOTIFY_API_ID", "SPOTIFY_API_SECRET", @@ -33,7 +33,7 @@ def setup(): SKIP = malojaconfig["SKIP_SETUP"] print("Various external services can be used to display images. If not enough of them are set up, only local images will be used.") - for k in apikeys: + for k in ext_apikeys: keyname = malojaconfig.get_setting_info(k)['name'] key = malojaconfig[k] if key is False: @@ -47,13 +47,11 @@ def setup(): # OWN API KEY - if not os.path.exists(data_dir['clients']("authenticated_machines.tsv")): + if len(apikeystore) == 0: answer = ask("Do you want to set up a key to enable scrobbling? Your scrobble extension needs that key so that only you can scrobble tracks to your database.",default=True,skip=SKIP) if answer: - key = randomstring(64) + key = apikeystore.generate_key('default') print("Your API Key: " + col["yellow"](key)) - with open(data_dir['clients']("authenticated_machines.tsv"),"w") as keyfile: - keyfile.write(key + "\t" + "Default Generated Key") # PASSWORD forcepassword = malojaconfig["FORCE_PASSWORD"] diff --git a/maloja/server.py b/maloja/server.py index c15a6b2..8b00259 100644 --- a/maloja/server.py +++ b/maloja/server.py @@ -21,7 +21,7 @@ from doreah import auth from . import database from .utilities import resolveImage from .malojauri import uri_to_internal, remove_identical -from .globalconf import malojaconfig, data_dir +from .globalconf import malojaconfig, apikeystore, data_dir from .jinjaenv.context import jinja_environment from .apis import init_apis @@ -231,6 +231,7 @@ def static_html(name): "adminmode":adminmode, "config":malojaconfig, "apikey":request.cookies.get("apikey") if adminmode else None, + "apikeys":apikeystore, "_urikeys":keys, #temporary! } loc_context["filterkeys"], loc_context["limitkeys"], loc_context["delimitkeys"], loc_context["amountkeys"], loc_context["specialkeys"] = uri_to_internal(keys) diff --git a/maloja/web/jinja/abstracts/admin.jinja b/maloja/web/jinja/abstracts/admin.jinja index 2098ea3..0e0a271 100644 --- a/maloja/web/jinja/abstracts/admin.jinja +++ b/maloja/web/jinja/abstracts/admin.jinja @@ -36,11 +36,16 @@ {% else %} Database Maintenance {% endif %} | - {% if page=='admin_settings' %} + {% if page=='admin_settings' %} Settings {% else %} Settings - {% endif %} + {% endif %} | + {% if page=='admin_apikeys' %} + API Keys + {% else %} + API Keys + {% endif %}

diff --git a/maloja/web/jinja/admin_apikeys.jinja b/maloja/web/jinja/admin_apikeys.jinja new file mode 100644 index 0000000..bc16fb4 --- /dev/null +++ b/maloja/web/jinja/admin_apikeys.jinja @@ -0,0 +1,8 @@ +{% set page ='admin_apikeys' %} +{% extends "abstracts/admin.jinja" %} +{% block title %}Maloja - API Keys{% endblock %} + + +{% block maincontent %} +{{ apikeys.html() }} +{% endblock %}