Modify the backend so that instead of using the server owner's QRZ & HamQTH credentials, it instead requires them to be provided by the client (if none are provided, the lookups do not occur.)

2026-05-30 17:35:11 +00:00 · 2026-05-09 15:43:22 +01:00
parent 0988a567b8
commit f81ef4347f
18 changed files with 385 additions and 174 deletions
--- a/server/handlers/api/alerts.py
+++ b/server/handlers/api/alerts.py
@@ -1,3 +1,4 @@
+import copy
 import json
 import logging
 from datetime import datetime
@@ -9,6 +10,8 @@ import tornado_eventsource.handler

 from core.prometheus_metrics_handler import api_requests_counter
 from core.utils import serialize_everything, empty_queue
+from data.lookup_credentials import extract_credentials
+

 SSE_HANDLER_MAX_QUEUE_SIZE = 100
 SSE_HANDLER_QUEUE_CHECK_INTERVAL = 5000
@@ -21,6 +24,15 @@ class APIAlertsHandler(tornado.web.RequestHandler):
        self._alerts = alerts
        self._web_server_metrics = web_server_metrics

+    @staticmethod
+    def _enrich(alerts, credentials):
+        enriched = []
+        for alert in alerts:
+            alert_copy = copy.deepcopy(alert)
+            alert_copy.infer_missing(credentials)
+            enriched.append(alert_copy)
+        return enriched
+
    def get(self):
        try:
            # Metrics
@@ -33,8 +45,11 @@ class APIAlertsHandler(tornado.web.RequestHandler):
            # reduce that to just the first entry, and convert bytes to string
            query_params = {k: v[0].decode("utf-8") for k, v in self.request.arguments.items()}

-            # Fetch all alerts matching the query
+            # Fetch all alerts matching the query, then optionally enrich with online data
+            credentials = extract_credentials(query_params)
            data = get_alert_list_with_filters(self._alerts, query_params)
+            if credentials:
+                data = self._enrich(data, credentials)
            self.write(json.dumps(data, default=serialize_everything))
            self.set_status(200)
        except ValueError as e:
@@ -73,6 +88,7 @@ class APIAlertsStreamHandler(tornado_eventsource.handler.EventSourceHandler):
            # request.arguments contains lists for each param key because technically the client can supply multiple,
            # reduce that to just the first entry, and convert bytes to string
            self._query_params = {k: v[0].decode("utf-8") for k, v in self.request.arguments.items()}
+            self._credentials = extract_credentials(self._query_params)

            # Create a alert queue and add it to the web server's list. The web server will fill this when alerts arrive
            self._alert_queue = Queue(maxsize=SSE_HANDLER_MAX_QUEUE_SIZE)
@@ -110,6 +126,9 @@ class APIAlertsStreamHandler(tornado_eventsource.handler.EventSourceHandler):
                    alert = self._alert_queue.get()
                    # If the new alert matches our param filters, send it to the client. If not, ignore it.
                    if alert_allowed_by_query(alert, self._query_params):
+                        if self._credentials:
+                            alert = copy.deepcopy(alert)
+                            alert.infer_missing(self._credentials)
                        self.write_message(msg=json.dumps(alert, default=serialize_everything))

                if self._alert_queue not in self._sse_alert_queues: