spothole/README.md

# ![Spothole](/webassets/img/logo.png)

**Work in progress.**

Spothole is a utility to aggregate "spots" from amateur radio DX clusters and xOTA spotting sites, and provide an open JSON API as well as a website to browse the data.

![Screenshot](/images/screenshot.png)

While there are several other web-based interfaces to DX clusters, and sites that aggregate spots from various outdoor activity programmes for amateur radio, Spothole differentiates itself by supporting a large number of data sources, and by being "API first" rather than just providing a web front-end. This allows other software to be built on top of it.

The API is deliberately well-defined with an OpenAPI specification and auto-generated API documentation. The API delivers spots in a consistent format regardless of the data source, freeing developers from needing to know how each individual data source presents its data.

Spothole itself is also open source, Public Domain licenced code that anyone can take and modify.

Supported data sources include DX Clusters, the Reverse Beacon Network (RBN), the APRS Internet Service (APRS-IS), POTA, SOTA, WWFF, GMA, WWBOTA, HEMA, and Parks 'n' Peaks.

### Accessing the public version

You can access the public version's web interface at [https://spothole.m0trt.radio](https://spothole.m0trt.radio), and see [https://spothole.m0trt.radio/apidocs](https://spothole.m0trt.radio/apidocs) for the API details.

Please note this URL is not necessarily final, and the API is likely to change as the project works its way towards v1.0. Please do not build anything on the Spothole API yet!

### Running your own copy

To download and set up Spothole on a Debian server, run the following commands. Other operating systems will likely be similar.

```bash
git clone ssh://git@git.ianrenton.com/ian/spothole.git
cd spothole
python3 -m venv ./.venv
source .venv/bin/activate
pip install -r requirements.txt
deactivate
cp config-example.yml config.yml
```

Then edit `config.yml` in your text editor of choice to set up the software as you like it.

Then, to run the software this time and any future times you want to run it directly from the command line:

```bash
source .venv/bin/activate
python3 spothole.py
```

The software can take a few seconds to start up, mostly because it is downloading an updated file to match callsigns to countries. This is normal, don't panic!

If you see some errors on startup, check your configuration, e.g. in case you have specified a port for the web server that is already in use by something else.

### systemd configuration

Create a file at `/etc/systemd/system/spothole.service`. Give it the following content, adjusting for the user you want to run it as and the directory in which you have installed it:

```
Unit]
Description=Spothole
After=syslog.target network.target

[Service]
Type=simple
User=spothole
WorkingDirectory=/home/spothole/spothole
ExecStart=/home/spothole/spothole/.venv/bin/python /home/spothole/spothole/spothole.py --serve-in-foreground
Restart=on-abort

[Install]
WantedBy=multi-user.target
```

Run the following:

```bash
sudo systemctl daemon-reload
sudo systemctl enable spothole
sudo systemctl start spothole
```

Check the service has started up correctly with `sudo journalctl -u spothole -f`.

### nginx Reverse Proxy configuration

It's best not to serve Spothole directly on port 80, as that requires root privileges and prevents us using HTTPS, amongst other reasons. To set up nginx as a reverse proxy that sits in front of Spothole, first ensure it's installed e.g. `sudo apt install nginx`, and enabled e.g. `sudo systemd enable nginx`.

Create a file at `/etc/nginx/sites-available/` called `spothole`. Give it the following contents, replacing `spothole.m0trt.radio` with the domain name on which you want to run Spothole. If you changed the port on which Spothole runs, update that on the "proxy_pass" line too.

```nginx
map $request_uri $xssorigin {
    ~^/api   *;
}

server {
    server_name spothole.m0trt.radio;

    # Wellknown area for Lets Encrypt
    location /.well-known/ {
        alias /var/www/html/.well-known/;
    }
    
    location / {
        add_header Access-Control-Allow-Origin $xssorigin;
        proxy_pass http://127.0.0.1:8080;
    }
}
```

One further change you might want to make to the file above is the `add_header Access-Control-Allow-Origin` statement. This is what's used on
my own Spothole server to make sure that other third-party web-based software can get the data from my instance, and applies to any endpoint underneath `/api`. If you want
*your* Spothole instance to be set up the same way, so that others can write software in JavaScript that can access it,
leave this intact. But if you want your Spothole instance to only be usable by scripts running on the web server you write,
you can remove this block. (Note that this doesn't stop other people writing *non-web-based* software that accesses your
Spothole API—the enforcement of cross-origin headers only happens within the user's browser. If you need to lock your
instance down so that no-one else can access it with *any* software, that's an aspect of nginx config that you will need
to find help with elsewhere.)

Now, make a symbolic link to enable the site:

```bash
cd /etc/nginx/sites-enabled
sudo ln -sf ../sites-available/spothole
```

Test that your nginx config isn't broken using `nginx -t`. If it works, restart nginx with `sudo systemctl restart nginx`.

If you haven't already done so, set up a DNS entry to make sure requests for your domain name end up at the server that's running Spothole.

You should now be able to access the web interface by going to the domain from your browser.

Once that's working, [install certbot](https://certbot.eff.org/instructions?ws=nginx&os=snap) onto your server. Run it as root, and when prompted pick your domain name from the list. After a few seconds, it should successfully provision a certificate and modify your nginx config files automatically. You should then be able to access the site via HTTPS.

### Writing your own client

Various approaches exist to writing your own client, but in general:

* Refer to the API docs. These are built on an OpenAPI definition file (`/webassets/apidocs/openapi.yml`), which you can automatically use to generate a client skeleton using various software.
* Call the main "spots" API to get the data you want. Apply filters if necessary.
* Call the "options" API to get an idea of which bands, modes etc. the server knows about. You might want to do that first before calling the spots API.
* Refer to the provided HTML/JS interface for a reference
* Let me know if you get stuck, I'm happy to help!

### Structure of the source code

To navigate your way around the source code, this list may help.

*Python back-end code*

* `/core` - Core classes and scripts
* `/data` - Data storage classes
* `/spotproviders` - Classes providing spots by accessing the APIs of other services
* `/alertproviders` - Classes providing alerts by accessing the APIs of other services
* `/server` - Classes for running Spothole's own web server

*Templates*

* `/views` - Templates used for constructing Spothole's user-targeted HTML pages

*HTML/JS/CSS front-end code*

* `/webassets` - Root for static files served by the web server
* `/webassets/apidocs` - Contains the OpenAPI spec (`openapi.yml`)
* `/webassets/css` - CSS files used by the web front-end
* `/webassets/fa` - a copy of the FontAwesome library
* `/webassets/img` - image files used by the web front-end
* `/webassets/js` - JavaScript used by the web front-end

*Miscellaneous*

* `/` - Main script (`spothole.py`), pip `requirements.txt`, config, README, etc.
* `/images` - Image sources

### Extending the server

Spothole is designed to be easily extensible. If you want to write your own provider, simply add a module to the `providers` package containing your class. (Currently, in order to be loaded correctly, the module (file) name should be the same as the class name, but lower case.)

Your class should extend "Provider"; if it operates by polling an HTTP Server on a timer, it can instead extend "HTTPProvider" where some of the work is done for you.

The class will need to implement a constructor that takes in the `provider_config` and provides it to the superclass constructor, while also taking any other config parameters it needs.

If you're extending the base `Provider` class, you will need to implement `start()` and `stop()` methods that start and stop a separate thread which handles the provider's processing needs. The thread should call `submit()` or `submit_batch()` when it has one or more spots to report.

If you're extending the `HTTPProvider` class, you will need to provide a URI to query and an interval to the superclass constructor. You'll then need to implement the `http_response_to_spots()` method which is called when new data is retrieved. Your implementation should then call `submit()` or `submit_batch()` when it has one or more spots to report.

When constructing spots, use the comments in the Spot class and the existing implementations as an example. All parameters are optional, but you will at least want to provide a `time` (which must be timezone-aware) and a `dx_call`.

Finally, simply add the appropriate config to the `providers` section of `config.yml`, and your provider should be instantiated on startup.

### Thanks

As well as being my work, I have also gratefully received feature patches from Steven, M1SDH.

The project contains a self-hosted copy of Font Awesome's free library, in the `/webasset/fa/` directory. This is subject to Font Awesome's licence and is not covered by the overall licence declared in the `LICENSE` file. This approach was taken in preference to using their hosted kits due to the popularity of this project exceeding the page view limit for their free hosted offering.

The software uses a number of Python libraries as listed in `requirements.txt`, and a number of JavaScript libraries such as jQuery and moment.js. This project would not have been possible without these libraries, so many thanks to their developers.

The project's name was suggested by Harm, DK4HAA. Thanks!