Roman/ohm_streaming
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
fix/issue-15-security-watchlist
ohm_streaming/app/routers/router_downloads.py
T
root 5d264d8f3b fix: sécuriser watchlist, favorites, downloads et recommendations sans auth (#15) 
- router_favorites.py: toutes les routes requièrent maintenant l'auth
  - GET utilise get_optional_user + login_prompt.html pour HTMX
  - POST/DELETE/toggle requièrent get_current_user_from_token
  - Filtrage par user_id dans toutes les requêtes favorites
- router_downloads.py: GET list et GET status protégés (401 sans token)
- router_recommendations.py: GET protégé (login_prompt HTMX, 401 JSON)
- router_sonarr.py: tous les endpoints de gestion protégés
  - Webhooks restent publics (reçus de Sonarr)
- app/favorites.py: ajout du paramètre user_id à toutes les méthodes

Closes #15
2026-04-02 22:20:29 +00:00

137 lines
4.7 KiB
Python
Raw Permalink Blame History

"""
Download management routes for Ohm Stream Downloader API.
"""
from typing import Optional
from fastapi import APIRouter, Depends, HTTPException, Query, Request, Response
from fastapi.templating import Jinja2Templates
from fastapi.responses import HTMLResponse
from app.download_manager import DownloadManager
from app.models import DownloadRequest
from app.models.auth import User
from app.routers.router_auth import get_current_user_from_token, get_optional_user
router = APIRouter(prefix="/api/downloads", tags=["downloads"])
templates = Jinja2Templates(directory="templates")
def get_download_manager() -> DownloadManager:
from main import download_manager
return download_manager
@router.get("")
async def get_downloads(
request: Request,
html: bool = Query(False),
download_manager: DownloadManager = Depends(get_download_manager),
current_user: Optional[User] = Depends(get_optional_user),
):
"""Get list of all download tasks. Returns HTML for HTMX requests."""
is_htmx = request.headers.get("HX-Request") == "true" or request.headers.get("HX-Request")
if current_user is None and (html or is_htmx):
return templates.TemplateResponse(
"components/login_prompt.html", {"request": request}
)
if current_user is None:
raise HTTPException(status_code=401, detail="Authentication required")
tasks = download_manager.get_all_tasks()
if html or is_htmx:
print(f"[DOWNLOADS] HTML Request. Found {len(tasks)} tasks.")
return templates.TemplateResponse(
"components/downloads_list.html",
{"request": request, "tasks": tasks}
)
print(f"[DOWNLOADS] API Request. Returning JSON.")
return {"downloads": tasks}
@router.post("")
async def create_download(
download_request: DownloadRequest,
download_manager: DownloadManager = Depends(get_download_manager),
current_user=Depends(get_current_user_from_token),
):
"""Create a new download task"""
return download_manager.create_task(download_request)
@router.get("/{task_id}")
async def get_download_status(
task_id: str,
download_manager: DownloadManager = Depends(get_download_manager),
current_user: Optional[User] = Depends(get_optional_user),
):
"""Get status of a specific download task"""
if current_user is None:
raise HTTPException(status_code=401, detail="Authentication required")
task = download_manager.get_task(task_id)
if not task:
raise HTTPException(status_code=404, detail="Task not found")
return task
@router.post("/{task_id}/pause")
async def pause_download(
task_id: str,
download_manager: DownloadManager = Depends(get_download_manager),
current_user=Depends(get_current_user_from_token),
):
"""Pause a download task"""
if download_manager.pause_download(task_id):
return {"status": "success", "message": "Download paused"}
raise HTTPException(status_code=400, detail="Failed to pause download")
@router.post("/{task_id}/resume")
async def resume_download(
task_id: str,
download_manager: DownloadManager = Depends(get_download_manager),
current_user=Depends(get_current_user_from_token),
):
"""Resume a paused download task"""
if download_manager.resume_download(task_id):
return {"status": "success", "message": "Download resumed"}
raise HTTPException(status_code=400, detail="Failed to resume download")
@router.delete("/{task_id}")
async def cancel_download(
task_id: str,
download_manager: DownloadManager = Depends(get_download_manager),
current_user=Depends(get_current_user_from_token),
):
"""Cancel and delete a download task"""
if hasattr(download_manager, "cancel_download"):
if download_manager.cancel_download(task_id):
return {"status": "success", "message": "Download cancelled"}
if task_id in download_manager.tasks:
del download_manager.tasks[task_id]
return {"status": "success", "message": "Download removed"}
raise HTTPException(status_code=400, detail="Failed to cancel download")
@router.post("/cleanup")
async def cleanup_completed(
download_manager: DownloadManager = Depends(get_download_manager),
current_user=Depends(get_current_user_from_token),
):
"""Remove all completed tasks from the list"""
if hasattr(download_manager, "cleanup_tasks"):
count = download_manager.cleanup_tasks()
return {"status": "success", "message": f"Cleaned up {count} tasks"}
to_delete = [tid for tid, t in download_manager.tasks.items() if t.status == "completed"]
for tid in to_delete:
del download_manager.tasks[tid]
return {"status": "success", "message": f"Cleaned up {len(to_delete)} tasks"}
Reference in New Issue View Git Blame Copy Permalink