nixo
/
JlSonic
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

some playlist ownership check

This commit is contained in:
nixo 2019-05-19 23:27:44 +02:00
parent c7a7dbd7fa
commit 61449fd235
4 changed files with 48 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
JlSonic/JlSonic.jl
View File

@ -7,6 +7,10 @@ import UUIDs
import HTTP
using JSON2
# # Playlist cover art support
# The idea is to sum all the album arts in some way. But it's easier to get one random
# using FileIO, Images
const domain = "nixo.xyz"
include("types.jl")

38
JlSonic/api.jl
View File

@ -292,7 +292,10 @@ function createPlaylist(req)
return not_found("playlistId")
end
elseif !isempty(name)
playlist = Playlist(req[:login][:user].name, name = name)
playlist = Playlist(req[:login][:user].name,
name = name,
# cover = ???
)
push!(playlist, song)
else
return missing_parameter("either name or playlistId")
@ -319,15 +322,21 @@ function getPlaylists(req)
return subsonic_return(xdoc)
end
import Base.get
function get(::Type{Playlist}, u::User, id::AbstractString)
global user_playlists
findfirst(p -> p.uuid == id,
filter(p -> canread(u, p),
user_playlists))
end
"Returns a listing of files in a saved playlist."
function getPlaylist(req)
global user_playlists
query = HTTP.URIs.queryparams(req[:query])
id = get(query, "id", "")
isempty(id) && return missing_parameter("id")
m = findfirst(p -> p.uuid == id,
filter(p -> canread(req[:login][:user], p),
user_playlists))
m = get(Playlist, req[:login][:user], id)
m == nothing && return not_found("id")
(xdoc, xroot) = subsonic()
append!(xroot, user_playlists[m])
@ -340,11 +349,12 @@ function updatePlaylist(req)
query = HTTP.URIs.queryparams(req[:query])
playlistId = get(query, "playlistId", "")
isempty(playlistId) && return missing_parameter("playlistId")
# FIXME: check ownership
pn = findfirst(p -> p.uuid == playlistId,
user_playlists)
pn == nothing && return not_found("playlistId")
playlist = user_playlists[pn]
m = get(Playlist, req[:login][:user], playlistId)
m == nothing && return not_found("playlistId")
playlist = user_playlists[m]
# Check ownership (if not allowed, should not even reach this (canread is false))
canedit(req[:login][:user], playlist) || return not_allowed()
playlist.name = get(query, "name", playlist.name)
playlist.comment = get(query, "comment", playlist.comment)
# FIXME: use try/catch
@ -376,8 +386,14 @@ function deletePlaylist(req)
query = HTTP.URIs.queryparams(req[:query])
id = get(query, "id", "")
isempty(id) && return missing_parameter("id")
# FIXME: check ownership
filter!(p -> p.uuid != id, user_playlists)
m = findfirst(p -> p.uuid == id, user_playlists)
m === nothing && return not_found("id")
if !canedit(req[:login][:user], user_playlists[m])
return unuthorized()
end
deleteat!(user_playlists, m)
saveplaylists()
@subsonic(nothing)
end

17
airsonic.rest
View File

@ -43,7 +43,22 @@ GET :url/stream:auth&id=df5937fd-d79b-40b5-bf14-8c29c54e1bdb
GET :url/getPlaylists:auth
# Get single playlist
GET :url/getPlaylist:auth&id=512c6d5e-798f-47f7-a50d-116ef647109e
GET :url/getPlaylist:auth&id=a2df9320-4775-40a5-9830-8960f3eb9203
# Get not owned playlist
GET :url/getPlaylist:auth&id=799f5074-5db2-4daa-b449-9677d0c7744c
# Delete not owned playlist
GET :url/deletePlaylist:auth&id=799f5074-5db2-4daa-b449-9677d0c7744c
# Update not owned playlist
GET :url/updatePlaylist:auth&playlistId=799f5074-5db2-4daa-b449-9677d0c7744c
# Update owned playlist
GET :url/updatePlaylist:auth&playlistId=a2df9320-4775-40a5-9830-8960f3eb9203&name=nuovo
# Delete owned playlist
GET :url/deletePlaylist:auth&id=a2df9320-4775-40a5-9830-8960f3eb9203

4
login.jl
View File

@ -54,9 +54,7 @@ function loadusers(; file = expanduser("~/.config/beets/users.jsonl"))
ps = JSON2.readlines(file)
p = JSON2.read.(ps, JlSonic.User)
empty!(users)
for pl in p
push!(users, pl)
end
append!(users, p)
end
sonic_login = stack(getlogin, checkpassword)