SABnzbd Forums


http://45.79.196.47/

Suggestion for API-users: clientid=blabla

http://45.79.196.47/viewtopic.php?t=12318

Page 1 of 1

Suggestion for API-users: clientid=blabla

Posted: November 16th, 2012, 4:03 pm
by sander
I have a suggestion for programs / plugins / websites using the SABnzbd API:

add "&clientid=<some-ID-of-client>" to your URL.

Goal: it makes clear which clients are accessing the API. Especially handy when you see "API Key incorrect, Use the api key from Config->General in your 3rd party program:" in your SABnzbd warnings. Currently you can only guess which client is trying to access the API without the correct API key.

Apparantly SABnzbd already accepts (and ignores?) "&clientid=blabla" in the URL. See below. That's good.
Change needed in SAB is to report the clientid in the warning. And the source IP address (if possible)
Change needed in clients using the API is to add the "&clientid=blabla". Not too difficult
A change in SAB in the future could be an option to only accept clients request that have "&clientid=blabla" added.

Please note: this is not a protection against bad behaving API clients. It's just a good behavior way of using the API. The most used programs / plugins will probably be willing to the code to their request, making identifiying easier.

Feedback welcome.

Code: Select all

sander@toverdoos:~$ curl 'http://localhost:8080/api?mode=qstatus&output=xml&apikey=123abc&clientid=sandercurltester'
<?xml version="1.0" encoding="UTF-8" ?>
<queue><have_warnings>0</have_warnings>
<jobs></jobs>
<noofslots>0</noofslots>
<paused>False</paused>
<pause_int>0</pause_int>
<mbleft>0.0</mbleft>
<diskspace2>1.09359359741</diskspace2>
<diskspace1>1.09359359741</diskspace1>
<speed>0 </speed>
<timeleft>0:00:00</timeleft>
<mb>0.0</mb>
<state>IDLE</state>
<loadavg>0.00 | 0.01 | 0.05 Memory usage: Virt: 387 MB. Res: 26 MB.</loadavg>
<kbpersec>0.0</kbpersec>
</queue>

Re: Suggestion for API-users: clientid=blabla

Posted: November 17th, 2012, 2:05 am
by sander
Ah, that was easy: 3 lines of code in sabnzbd/interface.py and now SAB is reporting the clientid in the WebGUI and logging.

Screendump:
Image

Code: Select all

$ grep clientid sabnzbd/interface.py
    clientid = kwargs.get('clientid')
                logging.warning(Ta('API Key missing, please enter the api key from Config->General into your 3rd party program: (clientid: %s)'), clientid)
            logging.warning(Ta('API Key incorrect, Use the api key from Config->General in your 3rd party program: (clientid: %s)'), clientid)
Result in logging:

Code: Select all

2012-11-17 07:57:10,651::WARNING::[interface:218] API Key incorrect, Use the api key from Config->General in your 3rd party program: (clientid: None)

2012-11-17 07:57:25,335::DEBUG::[interface:418] API-call from ::ffff:127.0.0.1 {'output': 'xml', 'apikey': '123abc', 'mode': 'qstatus', 'clientid': 'sandercurltester'}
2012-11-17 07:57:25,336::WARNING::[interface:218] API Key incorrect, Use the api key from Config->General in your 3rd party program: (clientid: sandercurltester)

Re: Suggestion for API-users: clientid=blabla

Posted: November 17th, 2012, 4:51 am
by shypike
Thanks for your suggestion, but the solution is even simpler.
Most tools probably already use the standard "User-Agent" header.
It's trivial to log that:

Code: Select all

logging.debug('API-call from %s [%s] %s', cherrypy.request.remote.ip, \
              cherrypy.request.headers.get('User-Agent'), kwargs)
A similar change is needed to add the "User-Agent" to the API warning.

Re: Suggestion for API-users: clientid=blabla

Posted: November 17th, 2012, 12:34 pm
by sander
Beautiful!

Code: Select all

    logging.debug('Yes, yes: API-call from %s [%s] %s', cherrypy.request.remote.ip, cherrypy.request.headers.get('User-Agent'), kwargs)
leads to:

Code: Select all

2012-11-17 18:31:33,108::DEBUG::[interface:192] Yes, yes: API-call from ::ffff:127.0.0.1 [curl/7.27.0] {'output': 'xml', 'apikey': '123456', 'mode': 'qstatus', 'clientid': 'sandercurltester'}
So ... will you add such a line to SABnzbd 0.7.7?

Re: Suggestion for API-users: clientid=blabla

Posted: November 17th, 2012, 12:47 pm
by shypike
It's already in 0.7.6

Re: Suggestion for API-users: clientid=blabla

Posted: November 17th, 2012, 1:03 pm
by sander
shypike wrote:It's already in 0.7.6
checking out 0.7.6:

Code: Select all

2012-11-17 19:01:13,563::DEBUG::[interface:419] API-call from ::ffff:127.0.0.1 [curl/7.27.0] {'output': 'xml', 'apikey': '123456', 'mode': 'qstatus', 'clientid': 'sandercurltester'}
2012-11-17 19:01:13,564::WARNING::[interface:189] API Key incorrect, Use the api key from Config->General in your 3rd party program: curl/7.27.0
2012-11-17 19:01:18,156::DEBUG::[interface:419] API-call from ::ffff:127.0.0.1 [curl/7.27.0] {'output': 'xml', 'apikey': '2e2983d7544fd010e8', 'mode': 'qstatus', 'clientid': 'sandercurltester'}
Yes! Cool.

Why not put that in the release notes? It is very useful for the commonly question about incorrect API keys ...

Re: Suggestion for API-users: clientid=blabla

Posted: November 17th, 2012, 2:57 pm
by shypike
It will show up in the warnings too, so it's rather self-explaining.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited