From de18ecff2606cecc15e1a99035a2453928d8a763 Mon Sep 17 00:00:00 2001
From: krateng <git.noreply@krateng.ch>
Date: Wed, 6 Apr 2022 21:08:14 +0200
Subject: [PATCH] More elegant client checking for scrobbles
---
maloja/apis/_apikeys.py | 20 +++++++-------------
maloja/apis/native_v1.py | 8 ++++----
maloja/database/__init__.py | 6 +-----
3 files changed, 12 insertions(+), 22 deletions(-)
diff --git a/maloja/apis/_apikeys.py b/maloja/apis/_apikeys.py
index 3d19670..95fc053 100644
--- a/maloja/apis/_apikeys.py
+++ b/maloja/apis/_apikeys.py
@@ -14,21 +14,15 @@ log("Authenticated Machines: " + ", ".join([k for k in apikeystore]),module='api
# skip regular authentication if api key is present in request
# an api key now ONLY permits scrobbling tracks, no other admin tasks
-def api_key_correct(request):
- request.malojaclient = None
- args = request.params
- try:
- args.update(request.json)
- except:
- pass
- if "key" in args:
- apikey = args.pop("key")
- elif "apikey" in args:
- apikey = args.pop("apikey")
+def api_key_correct(request,args,kwargs):
+ if "key" in kwargs:
+ apikey = kwargs.pop("key")
+ elif "apikey" in kwargs:
+ apikey = kwargs.pop("apikey")
else: return False
if checkAPIkey(apikey):
- request.malojaclient = [c for c in apikeystore if apikeystore[c]==apikey][0]
- return True
+ client = [c for c in apikeystore if apikeystore[c]==apikey][0]
+ return {'client':client}
else:
return False
diff --git a/maloja/apis/native_v1.py b/maloja/apis/native_v1.py
index 5da7083..d2011c2 100644
--- a/maloja/apis/native_v1.py
+++ b/maloja/apis/native_v1.py
@@ -3,7 +3,7 @@ import os
from bottle import response, static_file, request, FormsDict
from doreah.logging import log
-from doreah.auth import authenticated_api, authenticated_api_with_alternate
+from doreah.auth import authenticated_api, authenticated_api_with_alternate, authenticated_function
# nimrodel API
from nimrodel import EAPI as API
@@ -223,8 +223,8 @@ def compare_external(**keys):
@api.post("newscrobble")
-@authenticated_api_with_alternate(api_key_correct)
-def post_scrobble(artist:Multi=None,**keys):
+@authenticated_function(alternate=api_key_correct,api=True,pass_auth_result_as='auth_result')
+def post_scrobble(artist:Multi=None,auth_result=None,**keys):
"""Submit a new scrobble.
:param string artist: Artist. Can be submitted multiple times as query argument for multiple artists.
@@ -250,7 +250,7 @@ def post_scrobble(artist:Multi=None,**keys):
return database.incoming_scrobble(
rawscrobble,
- client=request.malojaclient,
+ client='browser' if auth_result.get('doreah_native_auth_check') else auth_result.get('client'),
fix=(keys.get("nofix") is None)
)
# TODO: malojaclient needs to be converted to proper argument in doreah
diff --git a/maloja/database/__init__.py b/maloja/database/__init__.py
index 4782bf4..66972fd 100644
--- a/maloja/database/__init__.py
+++ b/maloja/database/__init__.py
@@ -86,11 +86,7 @@ coa = CollectorAgent()
##
##
-def incoming_scrobble(rawscrobble,fix=True,client=None,dbconn=None,**kwargs):
- # TODO: just collecting all extra kwargs now. at some point, rework the authenticated api with alt function
- # to actually look at the converted args instead of the request object and remove the key
- # so that this function right here doesnt get the key passed to it
-
+def incoming_scrobble(rawscrobble,fix=True,client=None,dbconn=None):
if (not "track_artists" in rawscrobble) or (len(rawscrobble['track_artists']) == 0) or (not "track_title" in rawscrobble):
log(f"Incoming scrobble {rawscrobble} [Source: {client}] is not valid")