Add authorization and per-user scrobbling

The webhook endpoints now require a token before it will accept a
scrobble. That auth then provides the user to assign the scrobble to.
This commit is contained in:
2023-01-21 23:41:35 -05:00
parent 646c7ab99c
commit d05256f249
2 changed files with 10 additions and 5 deletions

View File

@ -1,6 +1,7 @@
import json
import logging
import pytz
from django.conf import settings
from django.db.models.fields import timezone
from django.http import HttpResponseRedirect
@ -9,9 +10,9 @@ from django.utils import timezone
from django.views.decorators.csrf import csrf_exempt
from django.views.generic import FormView
from django.views.generic.list import ListView
import pytz
from rest_framework import status
from rest_framework.decorators import api_view
from rest_framework.decorators import api_view, permission_classes
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from scrobbles.constants import (
JELLYFIN_AUDIO_ITEM_TYPES,
@ -48,7 +49,7 @@ class RecentScrobbleList(ListView):
data = super().get_context_data(**kwargs)
user = self.request.user
now = timezone.now()
if self.request.user.is_authenticated:
if user.is_authenticated:
if user.profile:
timezone.activate(pytz.timezone(user.profile.timezone))
now = timezone.localtime(timezone.now())
@ -131,6 +132,7 @@ def scrobble_endpoint(request):
@csrf_exempt
@api_view(['POST'])
@permission_classes([IsAuthenticated])
def jellyfin_websocket(request):
data_dict = request.data
@ -156,6 +158,7 @@ def jellyfin_websocket(request):
@csrf_exempt
@api_view(['POST'])
@permission_classes([IsAuthenticated])
def mopidy_websocket(request):
try:
data_dict = json.loads(request.data)
@ -181,6 +184,7 @@ def mopidy_websocket(request):
@csrf_exempt
@api_view(['GET'])
@permission_classes([IsAuthenticated])
def scrobble_finish(request, uuid):
user = request.user
if not user.is_authenticated:
@ -198,6 +202,7 @@ def scrobble_finish(request, uuid):
@csrf_exempt
@api_view(['GET'])
@permission_classes([IsAuthenticated])
def scrobble_cancel(request, uuid):
user = request.user
if not user.is_authenticated:

View File

@ -160,8 +160,8 @@ AUTHENTICATION_BACKENDS = [
REST_FRAMEWORK = {
"DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.AllowAny",),
'DEFAULT_AUTHENTICATION_CLASSES': [
#'rest_framework.authentication.BasicAuthentication',
#'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
],
"DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination",