Added POST /render/authorize/{resourceId} endpoint

This allows an entire registered name to be preauthorized, therefore allowing for instance a website to automatically request other resources from the same author, such as videos.
2022-01-02 18:23:27 +00:00 · 2022-01-02 18:23:27 +00:00 · 17fe94fa46
commit 17fe94fa46
parent 75d9347d23
2 changed files with 18 additions and 3 deletions
--- a/src/main/java/org/qortal/api/resource/RenderResource.java
+++ b/src/main/java/org/qortal/api/resource/RenderResource.java
@ -95,6 +95,16 @@ public class RenderResource {
        return "Unable to generate preview URL";
    }

+    @POST
+    @Path("/authorize/{resourceId}")
+    @SecurityRequirement(name = "apiKey")
+    public boolean authorizeResource(@PathParam("resourceId") String resourceId) {
+        Security.checkApiCallAllowed(request);
+        ArbitraryDataResource resource = new ArbitraryDataResource(resourceId, null, null, null);
+        ArbitraryDataRenderManager.getInstance().addToAuthorizedResources(resource);
+        return true;
+    }
+
    @POST
    @Path("authorize/{service}/{resourceId}")
    @SecurityRequirement(name = "apiKey")
--- a/src/main/java/org/qortal/controller/arbitrary/ArbitraryDataRenderManager.java
+++ b/src/main/java/org/qortal/controller/arbitrary/ArbitraryDataRenderManager.java
@ -1,8 +1,6 @@
 package org.qortal.controller.arbitrary;

-import org.qortal.arbitrary.ArbitraryDataFile;
 import org.qortal.arbitrary.ArbitraryDataResource;
-import org.qortal.arbitrary.misc.Service;

 import java.util.ArrayList;
 import java.util.Collections;
@ -31,9 +29,16 @@ public class ArbitraryDataRenderManager {
    }

    public boolean isAuthorized(ArbitraryDataResource resource) {
+        ArbitraryDataResource broadResource = new ArbitraryDataResource(resource.getResourceId(), null, null, null);
+
        for (ArbitraryDataResource authorizedResource : this.authorizedResources) {
            if (authorizedResource != null && resource != null) {
-                if (Objects.equals(authorizedResource.toString(), resource.toString())) {
+                // Check for exact match
+                if (Objects.equals(authorizedResource.getUniqueKey(), resource.getUniqueKey())) {
+                    return true;
+                }
+                // Check for a broad authorization (which applies to all services and identifiers under an authorized name)
+                if (Objects.equals(authorizedResource.getUniqueKey(), broadResource.getUniqueKey())) {
                    return true;
                }
            }