Add authorization and per-user scrobbling

The webhook endpoints now require a token before it will accept a
scrobble. That auth then provides the user to assign the scrobble to.
This commit is contained in:
2023-01-21 23:41:35 -05:00
parent 646c7ab99c
commit d05256f249
2 changed files with 10 additions and 5 deletions

View File

@ -1,6 +1,7 @@
import json import json
import logging import logging
import pytz
from django.conf import settings from django.conf import settings
from django.db.models.fields import timezone from django.db.models.fields import timezone
from django.http import HttpResponseRedirect from django.http import HttpResponseRedirect
@ -9,9 +10,9 @@ from django.utils import timezone
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt
from django.views.generic import FormView from django.views.generic import FormView
from django.views.generic.list import ListView from django.views.generic.list import ListView
import pytz
from rest_framework import status from rest_framework import status
from rest_framework.decorators import api_view from rest_framework.decorators import api_view, permission_classes
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response from rest_framework.response import Response
from scrobbles.constants import ( from scrobbles.constants import (
JELLYFIN_AUDIO_ITEM_TYPES, JELLYFIN_AUDIO_ITEM_TYPES,
@ -48,7 +49,7 @@ class RecentScrobbleList(ListView):
data = super().get_context_data(**kwargs) data = super().get_context_data(**kwargs)
user = self.request.user user = self.request.user
now = timezone.now() now = timezone.now()
if self.request.user.is_authenticated: if user.is_authenticated:
if user.profile: if user.profile:
timezone.activate(pytz.timezone(user.profile.timezone)) timezone.activate(pytz.timezone(user.profile.timezone))
now = timezone.localtime(timezone.now()) now = timezone.localtime(timezone.now())
@ -131,6 +132,7 @@ def scrobble_endpoint(request):
@csrf_exempt @csrf_exempt
@api_view(['POST']) @api_view(['POST'])
@permission_classes([IsAuthenticated])
def jellyfin_websocket(request): def jellyfin_websocket(request):
data_dict = request.data data_dict = request.data
@ -156,6 +158,7 @@ def jellyfin_websocket(request):
@csrf_exempt @csrf_exempt
@api_view(['POST']) @api_view(['POST'])
@permission_classes([IsAuthenticated])
def mopidy_websocket(request): def mopidy_websocket(request):
try: try:
data_dict = json.loads(request.data) data_dict = json.loads(request.data)
@ -181,6 +184,7 @@ def mopidy_websocket(request):
@csrf_exempt @csrf_exempt
@api_view(['GET']) @api_view(['GET'])
@permission_classes([IsAuthenticated])
def scrobble_finish(request, uuid): def scrobble_finish(request, uuid):
user = request.user user = request.user
if not user.is_authenticated: if not user.is_authenticated:
@ -198,6 +202,7 @@ def scrobble_finish(request, uuid):
@csrf_exempt @csrf_exempt
@api_view(['GET']) @api_view(['GET'])
@permission_classes([IsAuthenticated])
def scrobble_cancel(request, uuid): def scrobble_cancel(request, uuid):
user = request.user user = request.user
if not user.is_authenticated: if not user.is_authenticated:

View File

@ -160,8 +160,8 @@ AUTHENTICATION_BACKENDS = [
REST_FRAMEWORK = { REST_FRAMEWORK = {
"DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.AllowAny",), "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.AllowAny",),
'DEFAULT_AUTHENTICATION_CLASSES': [ 'DEFAULT_AUTHENTICATION_CLASSES': [
#'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.BasicAuthentication',
#'rest_framework.authentication.TokenAuthentication', 'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.SessionAuthentication',
], ],
"DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination", "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination",