mirror
/
mylar
mirror of https://github.com/evilhero/mylar
1
0
Fork 0
Code Issues Releases Wiki Activity

(#2288) Added getAPI command to API - Mylar apikey can be retrieved using username & password only

This commit is contained in:
evilhero 2019-06-03 11:54:02 -04:00
parent 07f51b7911
commit 0af13913ea
1 changed files with 63 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
mylar/api.py
View File

@ -17,7 +17,7 @@
# along with Mylar. If not, see <http://www.gnu.org/licenses/>. # along with Mylar. If not, see <http://www.gnu.org/licenses/>.
import mylar import mylar
from mylar import db, mb, importer, search, process, versioncheck, logger, webserve, helpers from mylar import db, mb, importer, search, process, versioncheck, logger, webserve, helpers, encrypted
import simplejson as simplejson import simplejson as simplejson
import json import json
import cherrypy import cherrypy
@ -31,7 +31,7 @@ from cherrypy.lib.static import serve_file, serve_download
import datetime import datetime
cmd_list = ['getIndex', 'getComic', 'getUpcoming', 'getWanted', 'getHistory', cmd_list = ['getIndex', 'getComic', 'getUpcoming', 'getWanted', 'getHistory',
'getLogs', 'clearLogs','findComic', 'addComic', 'delComic', 'getLogs', 'getAPI', 'clearLogs','findComic', 'addComic', 'delComic',
'pauseComic', 'resumeComic', 'refreshComic', 'addIssue', 'pauseComic', 'resumeComic', 'refreshComic', 'addIssue',
'queueIssue', 'unqueueIssue', 'forceSearch', 'forceProcess', 'queueIssue', 'unqueueIssue', 'forceSearch', 'forceProcess',
'getVersion', 'checkGithub','shutdown', 'restart', 'update', 'getVersion', 'checkGithub','shutdown', 'restart', 'update',
@ -56,44 +56,46 @@ class Api(object):
def checkParams(self, *args, **kwargs): def checkParams(self, *args, **kwargs):
if 'apikey' not in kwargs:
self.data = self._error_with_message('Missing api key')
return
if 'cmd' not in kwargs: if 'cmd' not in kwargs:
self.data = self._error_with_message('Missing parameter: cmd') self.data = self._error_with_message('Missing parameter: cmd')
return return
if not mylar.CONFIG.API_ENABLED: if 'apikey' not in kwargs and ('apikey' not in kwargs and kwargs['cmd'] != 'getAPI'):
if kwargs['apikey'] != mylar.DOWNLOAD_APIKEY: self.data = self._error_with_message('Missing api key')
self.data = self._error_with_message('API not enabled')
return
if kwargs['apikey'] != mylar.CONFIG.API_KEY and all([kwargs['apikey'] != mylar.DOWNLOAD_APIKEY, mylar.DOWNLOAD_APIKEY != None]):
self.data = self._error_with_message('Incorrect API key')
return return
elif kwargs['cmd'] == 'getAPI':
self.apitype = 'normal'
else: else:
if kwargs['apikey'] == mylar.CONFIG.API_KEY: if not mylar.CONFIG.API_ENABLED:
self.apitype = 'normal' if kwargs['apikey'] != mylar.DOWNLOAD_APIKEY:
elif kwargs['apikey'] == mylar.DOWNLOAD_APIKEY: self.data = self._error_with_message('API not enabled')
self.apitype = 'download' return
logger.fdebug('Matched to key. Api set to : ' + self.apitype + ' mode.')
self.apikey = kwargs.pop('apikey')
if not([mylar.CONFIG.API_KEY, mylar.DOWNLOAD_APIKEY]): if kwargs['apikey'] != mylar.CONFIG.API_KEY and all([kwargs['apikey'] != mylar.DOWNLOAD_APIKEY, mylar.DOWNLOAD_APIKEY != None]):
self.data = self._error_with_message('API key not generated') self.data = self._error_with_message('Incorrect API key')
return return
else:
if kwargs['apikey'] == mylar.CONFIG.API_KEY:
self.apitype = 'normal'
elif kwargs['apikey'] == mylar.DOWNLOAD_APIKEY:
self.apitype = 'download'
logger.fdebug('Matched to key. Api set to : ' + self.apitype + ' mode.')
self.apikey = kwargs.pop('apikey')
if self.apitype: if not([mylar.CONFIG.API_KEY, mylar.DOWNLOAD_APIKEY]):
if self.apitype == 'normal' and len(mylar.CONFIG.API_KEY) != 32: self.data = self._error_with_message('API key not generated')
return
if self.apitype:
if self.apitype == 'normal' and len(mylar.CONFIG.API_KEY) != 32:
self.data = self._error_with_message('API key not generated correctly')
return
if self.apitype == 'download' and len(mylar.DOWNLOAD_APIKEY) != 32:
self.data = self._error_with_message('Download API key not generated correctly')
return
else:
self.data = self._error_with_message('API key not generated correctly') self.data = self._error_with_message('API key not generated correctly')
return return
if self.apitype == 'download' and len(mylar.DOWNLOAD_APIKEY) != 32:
self.data = self._error_with_message('Download API key not generated correctly')
return
else:
self.data = self._error_with_message('API key not generated correctly')
return
if kwargs['cmd'] not in cmd_list: if kwargs['cmd'] not in cmd_list:
self.data = self._error_with_message('Unknown command: %s' % kwargs['cmd']) self.data = self._error_with_message('Unknown command: %s' % kwargs['cmd'])
@ -149,6 +151,37 @@ class Api(object):
cherrypy.response.headers['Content-Type'] = "application/json" cherrypy.response.headers['Content-Type'] = "application/json"
return simplejson.dumps(error) return simplejson.dumps(error)
def _getAPI(self, **kwargs):
if 'username' not in kwargs:
self.data = self._error_with_message('Missing parameter: username')
return
else:
username = kwargs['username']
if 'password' not in kwargs:
self.data = self._error_with_message('Missing parameter: password')
return
else:
password = kwargs['password']
if any([mylar.CONFIG.HTTP_USERNAME is None, mylar.CONFIG.HTTP_PASSWORD is None]):
self.data = self._error_with_message('Unable to use this command - username & password MUST be enabled.')
return
ht_user = mylar.CONFIG.HTTP_USERNAME
edc = encrypted.Encryptor(mylar.CONFIG.HTTP_PASSWORD)
ed_chk = edc.decrypt_it()
if mylar.CONFIG.ENCRYPT_PASSWORDS is True:
if username == ht_user and all([ed_chk['status'] is True, ed_chk['password'] == password]):
self.data = {'apikey': mylar.CONFIG.API_KEY}
else:
self.data = self._error_with_message('Incorrect username or password.')
else:
if username == ht_user and password == mylar.CONFIG.HTTP_PASSWORD:
self.data = {'apikey': mylar.CONFIG.API_KEY}
else:
self.data = self._error_with_message('Incorrect username or password.')
def _getIndex(self, **kwargs): def _getIndex(self, **kwargs):
self.data = self._dic_from_query('SELECT * from comics order by ComicSortName COLLATE NOCASE') self.data = self._dic_from_query('SELECT * from comics order by ComicSortName COLLATE NOCASE')
return return