updated digiserver 2

2025-11-12 16:07:03 +02:00
parent 2deb398fd8
commit e5a00d19a5
44 changed files with 2656 additions and 230 deletions
--- a/app/blueprints/api.py
+++ b/app/blueprints/api.py
@@ -94,6 +94,106 @@ def health_check():
    })


+@api_bp.route('/auth/player', methods=['POST'])
+@rate_limit(max_requests=10, window=60)
+def authenticate_player():
+    """Authenticate a player and return auth code and configuration.
+    
+    Request JSON:
+        hostname: Player hostname/identifier (required)
+        password: Player password (optional if using quickconnect)
+        quickconnect_code: Quick connect code (optional if using password)
+    
+    Returns:
+        JSON with auth_code, player_id, group_id, and configuration
+    """
+    data = request.get_json()
+    
+    if not data:
+        return jsonify({'error': 'No data provided'}), 400
+    
+    hostname = data.get('hostname')
+    password = data.get('password')
+    quickconnect_code = data.get('quickconnect_code')
+    
+    if not hostname:
+        return jsonify({'error': 'Hostname is required'}), 400
+    
+    if not password and not quickconnect_code:
+        return jsonify({'error': 'Password or quickconnect code required'}), 400
+    
+    # Authenticate player
+    player = Player.authenticate(hostname, password, quickconnect_code)
+    
+    if not player:
+        log_action('warning', f'Failed authentication attempt for hostname: {hostname}')
+        return jsonify({'error': 'Invalid credentials'}), 401
+    
+    # Update player status
+    player.update_status('online')
+    db.session.commit()
+    
+    log_action('info', f'Player authenticated: {player.name} ({player.hostname})')
+    
+    # Return authentication response
+    response = {
+        'success': True,
+        'player_id': player.id,
+        'player_name': player.name,
+        'hostname': player.hostname,
+        'auth_code': player.auth_code,
+        'group_id': player.group_id,
+        'orientation': player.orientation,
+        'status': player.status
+    }
+    
+    return jsonify(response), 200
+
+
+@api_bp.route('/auth/verify', methods=['POST'])
+@rate_limit(max_requests=30, window=60)
+def verify_auth_code():
+    """Verify an auth code and return player information.
+    
+    Request JSON:
+        auth_code: Player authentication code
+    
+    Returns:
+        JSON with player information if valid
+    """
+    data = request.get_json()
+    
+    if not data:
+        return jsonify({'error': 'No data provided'}), 400
+    
+    auth_code = data.get('auth_code')
+    
+    if not auth_code:
+        return jsonify({'error': 'Auth code is required'}), 400
+    
+    # Find player with this auth code
+    player = Player.query.filter_by(auth_code=auth_code).first()
+    
+    if not player:
+        return jsonify({'error': 'Invalid auth code'}), 401
+    
+    # Update last seen
+    player.update_status(player.status)
+    db.session.commit()
+    
+    response = {
+        'valid': True,
+        'player_id': player.id,
+        'player_name': player.name,
+        'hostname': player.hostname,
+        'group_id': player.group_id,
+        'orientation': player.orientation,
+        'status': player.status
+    }
+    
+    return jsonify(response), 200
+
+
@api_bp.route('/playlists/<int:player_id>', methods=['GET'])
@rate_limit(max_requests=30, window=60)
@verify_player_auth
@@ -120,6 +220,7 @@ def get_player_playlist(player_id: int):
            'player_id': player_id,
            'player_name': player.name,
            'group_id': player.group_id,
+            'playlist_version': player.playlist_version,
            'playlist': playlist,
            'count': len(playlist)
        })
@@ -129,6 +230,37 @@ def get_player_playlist(player_id: int):
        return jsonify({'error': 'Internal server error'}), 500


+@api_bp.route('/playlist-version/<int:player_id>', methods=['GET'])
+@verify_player_auth
+@rate_limit(max_requests=60, window=60)
+def get_playlist_version(player_id: int):
+    """Get current playlist version for a player.
+    
+    Lightweight endpoint for players to check if playlist needs updating.
+    Requires player authentication via Bearer token.
+    """
+    try:
+        # Verify the authenticated player matches the requested player_id
+        if request.player.id != player_id:
+            return jsonify({'error': 'Unauthorized access to this player'}), 403
+        
+        player = request.player
+        
+        # Update last seen
+        player.last_seen = datetime.utcnow()
+        db.session.commit()
+        
+        return jsonify({
+            'player_id': player_id,
+            'playlist_version': player.playlist_version,
+            'content_count': Content.query.filter_by(player_id=player_id).count()
+        })
+        
+    except Exception as e:
+        log_action('error', f'Error getting playlist version for player {player_id}: {str(e)}')
+        return jsonify({'error': 'Internal server error'}), 500
+
+
@cache.memoize(timeout=300)
 def get_cached_playlist(player_id: int) -> List[Dict]:
    """Get cached playlist for a player."""