Modify the backend so that instead of using the server owner's QRZ & HamQTH credentials, it instead requires them to be provided by the client (if none are provided, the lookups do not occur.)

2026-05-30 17:35:11 +00:00 · 2026-05-09 15:43:22 +01:00
parent 0988a567b8
commit f81ef4347f
18 changed files with 385 additions and 174 deletions
--- a/server/handlers/api/spots.py
+++ b/server/handlers/api/spots.py
@@ -1,3 +1,4 @@
+import copy
 import json
 import logging
 from datetime import datetime, timedelta
@@ -9,6 +10,8 @@ import tornado_eventsource.handler

 from core.prometheus_metrics_handler import api_requests_counter
 from core.utils import serialize_everything, empty_queue
+from data.lookup_credentials import extract_credentials
+

 SSE_HANDLER_MAX_QUEUE_SIZE = 1000
 SSE_HANDLER_QUEUE_CHECK_INTERVAL = 5000
@@ -21,6 +24,15 @@ class APISpotsHandler(tornado.web.RequestHandler):
        self._spots = spots
        self._web_server_metrics = web_server_metrics

+    @staticmethod
+    def _enrich(spots, credentials):
+        enriched = []
+        for spot in spots:
+            spot_copy = copy.deepcopy(spot)
+            spot_copy.infer_missing(credentials)
+            enriched.append(spot_copy)
+        return enriched
+
    def get(self):
        try:
            # Metrics
@@ -33,8 +45,11 @@ class APISpotsHandler(tornado.web.RequestHandler):
            # reduce that to just the first entry, and convert bytes to string
            query_params = {k: v[0].decode("utf-8") for k, v in self.request.arguments.items()}

-            # Fetch all spots matching the query
+            # Fetch all spots matching the query, then optionally enrich with online data
+            credentials = extract_credentials(query_params)
            data = get_spot_list_with_filters(self._spots, query_params)
+            if credentials:
+                data = self._enrich(data, credentials)
            self.write(json.dumps(data, default=serialize_everything))
            self.set_status(200)
        except ValueError as e:
@@ -75,6 +90,7 @@ class APISpotsStreamHandler(tornado_eventsource.handler.EventSourceHandler):
            # request.arguments contains lists for each param key because technically the client can supply multiple,
            # reduce that to just the first entry, and convert bytes to string
            self._query_params = {k: v[0].decode("utf-8") for k, v in self.request.arguments.items()}
+            self._credentials = extract_credentials(self._query_params)

            # Create a spot queue and add it to the web server's list. The web server will fill this when spots arrive
            self._spot_queue = Queue(maxsize=SSE_HANDLER_MAX_QUEUE_SIZE)
@@ -112,6 +128,9 @@ class APISpotsStreamHandler(tornado_eventsource.handler.EventSourceHandler):
                    spot = self._spot_queue.get()
                    # If the new spot matches our param filters, send it to the client. If not, ignore it.
                    if spot_allowed_by_query(spot, self._query_params):
+                        if self._credentials:
+                            spot = copy.deepcopy(spot)
+                            spot.infer_missing(self._credentials)
                        self.write_message(msg=json.dumps(spot, default=serialize_everything))

                if self._spot_queue not in self._sse_spot_queues: