Uploaded image for project: 'ListenBrainz'
  1. ListenBrainz
  2. LB-95

Add authentication to messbrainz submission

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: MessyBrainz
    • Labels:

      Description

      The idea behind messybrainz submission at the moment is that it should only be used by MetaBrainz projects. Because they don't all live on the same server, we need a public submission endpoint, which should be password-protected.

      We can reuse the same authentication concepts that we have in listenbrainz and acousticbrainz.
      API key generation for AcousticBrainz was implemented like this: https://github.com/metabrainz/acousticbrainz-server/pull/181/files
      Specific usernames are not important, we should just use them for internal accounting purposes. We can just have a single api_key table with 2 fields, name and key.

      In MsB we don't need a public interface for adding/changing keys, as it's an internal service. We can have some methods in manage.py:

      $ python manage.py adduser <username>
      Added user <username> with key fd09209usdfijhflsdkjf09

      $ python manage.py listusers
      username fd09209usdfijhflsdkjf09
      user2 of98345kijw0asldkjfkjh

      $ python manage.py removeuser <username>
      Removed user <username>

      We don't have flask-login in messybrainz and probably don't need it. Instead, we can have a simple decorator which checks that the header for the format "Authentication: Token <token>"
      If the header doesn't exist, raise HTTP 403
      If the header does exist, check if the token is in the api_key table. If it isn't, raise HTTP 401. If it is, process the submission.

      GET methods don't need to be protected for now.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            alastairp Alastair Porter
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:

                Packages

                Version Package