Modify the backend so that instead of using the server owner's QRZ & HamQTH credentials, it instead requires them to be provided by the client (if none are provided, the lookups do not occur.)

2026-05-30 17:35:11 +00:00 · 2026-05-09 15:43:22 +01:00
parent 0988a567b8
commit f81ef4347f
18 changed files with 385 additions and 174 deletions
--- a/server/handlers/api/alerts.py
+++ b/server/handlers/api/alerts.py
@@ -1,3 +1,4 @@
+import copy
 import json
 import logging
 from datetime import datetime
@@ -9,6 +10,8 @@ import tornado_eventsource.handler

 from core.prometheus_metrics_handler import api_requests_counter
 from core.utils import serialize_everything, empty_queue
+from data.lookup_credentials import extract_credentials
+

 SSE_HANDLER_MAX_QUEUE_SIZE = 100
 SSE_HANDLER_QUEUE_CHECK_INTERVAL = 5000
@@ -21,6 +24,15 @@ class APIAlertsHandler(tornado.web.RequestHandler):
        self._alerts = alerts
        self._web_server_metrics = web_server_metrics

+    @staticmethod
+    def _enrich(alerts, credentials):
+        enriched = []
+        for alert in alerts:
+            alert_copy = copy.deepcopy(alert)
+            alert_copy.infer_missing(credentials)
+            enriched.append(alert_copy)
+        return enriched
+
    def get(self):
        try:
            # Metrics
@@ -33,8 +45,11 @@ class APIAlertsHandler(tornado.web.RequestHandler):
            # reduce that to just the first entry, and convert bytes to string
            query_params = {k: v[0].decode("utf-8") for k, v in self.request.arguments.items()}

-            # Fetch all alerts matching the query
+            # Fetch all alerts matching the query, then optionally enrich with online data
+            credentials = extract_credentials(query_params)
            data = get_alert_list_with_filters(self._alerts, query_params)
+            if credentials:
+                data = self._enrich(data, credentials)
            self.write(json.dumps(data, default=serialize_everything))
            self.set_status(200)
        except ValueError as e:
@@ -73,6 +88,7 @@ class APIAlertsStreamHandler(tornado_eventsource.handler.EventSourceHandler):
            # request.arguments contains lists for each param key because technically the client can supply multiple,
            # reduce that to just the first entry, and convert bytes to string
            self._query_params = {k: v[0].decode("utf-8") for k, v in self.request.arguments.items()}
+            self._credentials = extract_credentials(self._query_params)

            # Create a alert queue and add it to the web server's list. The web server will fill this when alerts arrive
            self._alert_queue = Queue(maxsize=SSE_HANDLER_MAX_QUEUE_SIZE)
@@ -110,6 +126,9 @@ class APIAlertsStreamHandler(tornado_eventsource.handler.EventSourceHandler):
                    alert = self._alert_queue.get()
                    # If the new alert matches our param filters, send it to the client. If not, ignore it.
                    if alert_allowed_by_query(alert, self._query_params):
+                        if self._credentials:
+                            alert = copy.deepcopy(alert)
+                            alert.infer_missing(self._credentials)
                        self.write_message(msg=json.dumps(alert, default=serialize_everything))

                if self._alert_queue not in self._sse_alert_queues:
--- a/server/handlers/api/lookups.py
+++ b/server/handlers/api/lookups.py
@@ -11,6 +11,7 @@ from core.geo_utils import lat_lon_for_grid_sw_corner_plus_size, lat_lon_to_cq_z
 from core.prometheus_metrics_handler import api_requests_counter
 from core.sig_utils import get_ref_regex_for_sig, populate_sig_ref_info
 from core.utils import serialize_everything
+from data.lookup_credentials import extract_credentials
 from data.sig_ref import SIGRef
 from data.spot import Spot

@@ -39,8 +40,9 @@ class APILookupCallHandler(tornado.web.RequestHandler):
                if re.match(r"^[A-Z0-9/\-]*$", call):
                    # Take the callsign, make a "fake spot" so we can run infer_missing() on it, then repack the
                    # resulting data in the correct way for the API response.
+                    credentials = extract_credentials(query_params)
                    fake_spot = Spot(dx_call=call)
-                    fake_spot.infer_missing()
+                    fake_spot.infer_missing(credentials)
                    data = {
                        "call": call,
                        "name": fake_spot.dx_name,
--- a/server/handlers/api/spots.py
+++ b/server/handlers/api/spots.py
@@ -1,3 +1,4 @@
+import copy
 import json
 import logging
 from datetime import datetime, timedelta
@@ -9,6 +10,8 @@ import tornado_eventsource.handler

 from core.prometheus_metrics_handler import api_requests_counter
 from core.utils import serialize_everything, empty_queue
+from data.lookup_credentials import extract_credentials
+

 SSE_HANDLER_MAX_QUEUE_SIZE = 1000
 SSE_HANDLER_QUEUE_CHECK_INTERVAL = 5000
@@ -21,6 +24,15 @@ class APISpotsHandler(tornado.web.RequestHandler):
        self._spots = spots
        self._web_server_metrics = web_server_metrics

+    @staticmethod
+    def _enrich(spots, credentials):
+        enriched = []
+        for spot in spots:
+            spot_copy = copy.deepcopy(spot)
+            spot_copy.infer_missing(credentials)
+            enriched.append(spot_copy)
+        return enriched
+
    def get(self):
        try:
            # Metrics
@@ -33,8 +45,11 @@ class APISpotsHandler(tornado.web.RequestHandler):
            # reduce that to just the first entry, and convert bytes to string
            query_params = {k: v[0].decode("utf-8") for k, v in self.request.arguments.items()}

-            # Fetch all spots matching the query
+            # Fetch all spots matching the query, then optionally enrich with online data
+            credentials = extract_credentials(query_params)
            data = get_spot_list_with_filters(self._spots, query_params)
+            if credentials:
+                data = self._enrich(data, credentials)
            self.write(json.dumps(data, default=serialize_everything))
            self.set_status(200)
        except ValueError as e:
@@ -75,6 +90,7 @@ class APISpotsStreamHandler(tornado_eventsource.handler.EventSourceHandler):
            # request.arguments contains lists for each param key because technically the client can supply multiple,
            # reduce that to just the first entry, and convert bytes to string
            self._query_params = {k: v[0].decode("utf-8") for k, v in self.request.arguments.items()}
+            self._credentials = extract_credentials(self._query_params)

            # Create a spot queue and add it to the web server's list. The web server will fill this when spots arrive
            self._spot_queue = Queue(maxsize=SSE_HANDLER_MAX_QUEUE_SIZE)
@@ -112,6 +128,9 @@ class APISpotsStreamHandler(tornado_eventsource.handler.EventSourceHandler):
                    spot = self._spot_queue.get()
                    # If the new spot matches our param filters, send it to the client. If not, ignore it.
                    if spot_allowed_by_query(spot, self._query_params):
+                        if self._credentials:
+                            spot = copy.deepcopy(spot)
+                            spot.infer_missing(self._credentials)
                        self.write_message(msg=json.dumps(spot, default=serialize_everything))

                if self._spot_queue not in self._sse_spot_queues: