refactor: web api key

.env.example

@@ -2,4 +2,6 @@ NAV_BASE_URL=your_navidrome_server_url
 NAV_USER=your_navidrome_username
 NAV_PASS=your_navidrome_password
 SPOTIFY_CLIENT_ID=your_spotify_client_id
-SPOTIFY_CLIENT_SECRET=your_spotify_client_secret
+SPOTIFY_CLIENT_SECRET=your_spotify_client_secret
+WEB_API_KEY=changeme
+ENABLE_WEB_API_KEY=True

Dockerfile

@@ -10,11 +10,8 @@ COPY . .
 # Install any needed packages specified in requirements.txt
 RUN pip install --no-cache-dir -r requirements.txt
 
-# Expose port 5000 for the Flask app
-EXPOSE 5000
+# Expose port 3333 for the Flask app
+EXPOSE 3333
 
 # Set the entrypoint to Python
-ENTRYPOINT ["python"]
-
-# Leave CMD empty
-CMD []
+ENTRYPOINT ["python", "sptnr.py"]

docker-compose.yml.example

@@ -16,8 +16,13 @@ services:
       - SPOTIFY_CLIENT_ID=your_spotify_client_id
       - SPOTIFY_CLIENT_SECRET=your_spotify_client_secret
       - WEB_API_KEY=changeme
+      - ENABLE_WEB_API_KEY=False
     volumes:
       - ./data:/usr/src/app/data
     ports:
       - "3333:3333"
-    command: web_server.py
+    # Uncomment the next line to just run the script
+    # entrypoint: ["python", "sptnr.py"]
+    
+    # Uncomment the next line to start the web server
+    # entrypoint: ["python", "web_server.py"]

sptnr.py

@@ -45,7 +45,7 @@ LOG_DIR = "data/logs"
 if not os.path.exists(LOG_DIR):
     os.makedirs(LOG_DIR)
 
-LOGFILE = os.path.join(LOG_DIR, f"spotify-popularity_{int(time.time())}.log")
+LOGFILE = os.path.join(LOG_DIR, f"sptnr_{int(time.time())}.log")
 
 
 class NoColorFormatter(logging.Formatter):

web_server.py

@@ -1,34 +1,35 @@
 from flask import Flask, request, jsonify
-import json
 import subprocess
 import threading
 import os
 from dotenv import load_dotenv
-import datetime
+import functools
 
 load_dotenv()
 
 sptnr_web_server = Flask(__name__)
-API_KEY = os.getenv("WEB_API_KEY")
+WEB_API_KEY = os.getenv("WEB_API_KEY")
+ENABLE_WEB_API_KEY = os.getenv("ENABLE_WEB_API_KEY", "True") == "True"
 LOG_DIR = "data/logs"
 
 
+def api_key_required(f):
+    @functools.wraps(f)
+    def decorated_function(*args, **kwargs):
+        if ENABLE_WEB_API_KEY and request.args.get("api_key") != WEB_API_KEY:
+            return jsonify({"error": "Unauthorized"}), 401
+        return f(*args, **kwargs)
+
+    return decorated_function
+
+
 def run_script(cmd):
     subprocess.run(cmd)
 
 
-def log_post_data(data):
-    timestamp = datetime.datetime.now().isoformat()
-    log_filename = os.path.join(LOG_DIR, f"log_{timestamp}.txt")
-    with open(log_filename, "w") as log_file:
-        json.dump(data, log_file, indent=4)
-
-
 @sptnr_web_server.route("/process", methods=["GET", "POST"])
+@api_key_required
 def process_request():
-    if request.args.get("api_key") != API_KEY:
-        return jsonify({"error": "Unauthorized"}), 401
-
     cmd = ["python3", "sptnr.py"]
     if request.args.get("preview", "") == "true":
         cmd.append("--preview")
@@ -54,6 +55,7 @@ def process_request():
 
 
 @sptnr_web_server.route("/logs")
+@api_key_required
 def list_logs():
     try:
         logs = os.listdir(LOG_DIR)
@@ -66,6 +68,7 @@ def list_logs():
 
 
 @sptnr_web_server.route("/logs/<filename>")
+@api_key_required
 def view_log(filename):
     try:
         full_path = os.path.join(LOG_DIR, filename)