music-assistant-server
8.1 KB•PY
sendspin_proxy.py
8.1 KB • 221 lines • python
1"""Sendspin WebSocket proxy handler for Music Assistant.
2
3This module provides an authenticated WebSocket proxy to the internal Sendspin server,
4allowing web clients to connect through the main webserver instead of requiring direct
5access to the Sendspin port.
6"""
7
8from __future__ import annotations
9
10import asyncio
11import contextlib
12import json
13import logging
14from typing import TYPE_CHECKING
15
16from aiohttp import WSMsgType, web
17
18from music_assistant.constants import MASS_LOGGER_NAME
19from music_assistant.controllers.webserver.helpers.auth_middleware import (
20 get_authenticated_user,
21 is_request_from_ingress,
22)
23
24if TYPE_CHECKING:
25 import aiohttp
26 from music_assistant_models.auth import User
27
28 from music_assistant.controllers.webserver import WebserverController
29
30LOGGER = logging.getLogger(f"{MASS_LOGGER_NAME}.sendspin_proxy")
31
32
33class SendspinProxyHandler:
34 """Handler for proxying WebSocket connections to the internal Sendspin server."""
35
36 def __init__(self, webserver: WebserverController) -> None:
37 """Initialize the Sendspin proxy handler.
38
39 :param webserver: The webserver controller instance.
40 """
41 self.webserver = webserver
42 self.mass = webserver.mass
43 self.logger = LOGGER
44
45 @property
46 def internal_sendspin_url(self) -> str:
47 """Return the internal sendspin URL for connecting to the internal Sendspin server."""
48 return f"ws://{self.mass.streams.publish_ip}:8927/sendspin"
49
50 async def handle_sendspin_proxy(self, request: web.Request) -> web.WebSocketResponse:
51 """
52 Handle incoming WebSocket connection and proxy to internal Sendspin server.
53
54 Authentication is required as the first message. The client must send:
55 {"type": "auth", "token": "<access_token>"}
56
57 After successful authentication, all messages are proxied bidirectionally.
58
59 :param request: The incoming HTTP request to upgrade to WebSocket.
60 :return: The WebSocket response.
61 """
62 wsock = web.WebSocketResponse(heartbeat=30)
63 await wsock.prepare(request)
64
65 self.logger.debug("Sendspin proxy connection from %s", request.remote)
66
67 # Check for ingress authentication (HA handles auth via headers)
68 if is_request_from_ingress(request):
69 user = await get_authenticated_user(request)
70 if not user:
71 self.logger.warning(
72 "Ingress auth failed for sendspin proxy from %s", request.remote
73 )
74 await wsock.close(code=4001, message=b"Ingress authentication failed")
75 return wsock
76 self.logger.debug("Sendspin proxy authenticated via ingress: %s", user.username)
77 else:
78 # Regular auth via first message
79 try:
80 user = await self._authenticate(wsock)
81 if not user:
82 return wsock
83 except TimeoutError:
84 self.logger.warning("Auth timeout for sendspin proxy from %s", request.remote)
85 await wsock.close(code=4001, message=b"Authentication timeout")
86 return wsock
87 except Exception:
88 self.logger.exception("Auth error for sendspin proxy")
89 await wsock.close(code=4001, message=b"Authentication error")
90 return wsock
91
92 try:
93 internal_ws = await self.mass.http_session.ws_connect(self.internal_sendspin_url)
94 except Exception:
95 self.logger.exception("Failed to connect to internal Sendspin server")
96 await wsock.close(code=1011, message=b"Internal server error")
97 return wsock
98
99 self.logger.debug("Sendspin proxy authenticated and connected for %s", request.remote)
100
101 try:
102 await self._proxy_messages(wsock, internal_ws)
103 finally:
104 if not internal_ws.closed:
105 await internal_ws.close()
106 if not wsock.closed:
107 await wsock.close()
108
109 return wsock
110
111 async def _authenticate(self, wsock: web.WebSocketResponse) -> User | None:
112 """Wait for and validate authentication message.
113
114 :param wsock: The client WebSocket connection.
115 :return: The authenticated user, or None if authentication failed.
116 """
117 async with asyncio.timeout(10):
118 msg = await wsock.receive()
119
120 if msg.type != WSMsgType.TEXT:
121 await wsock.close(code=4001, message=b"Expected text message for auth")
122 return None
123
124 try:
125 auth_data = json.loads(msg.data)
126 except json.JSONDecodeError:
127 await wsock.close(code=4001, message=b"Invalid JSON in auth message")
128 return None
129
130 if auth_data.get("type") != "auth":
131 await wsock.close(code=4001, message=b"First message must be auth")
132 return None
133
134 token = auth_data.get("token")
135 if not token:
136 await wsock.close(code=4001, message=b"Token required in auth message")
137 return None
138
139 user = await self.webserver.auth.authenticate_with_token(token)
140 if not user:
141 await wsock.close(code=4001, message=b"Invalid or expired token")
142 return None
143
144 # Set the sendspin player_id on the user's websocket client(s)
145 # This allows the player controller to auto-whitelist this (web)player
146 # without modifying the user's player_filter list
147 client_id = auth_data.get("client_id")
148 if client_id:
149 self.webserver.set_sendspin_player_for_user(user.user_id, client_id)
150 self.logger.debug("Registered sendspin player %s for user %s", client_id, user.username)
151
152 self.logger.debug("Sendspin proxy authenticated user: %s", user.username)
153 await wsock.send_str('{"type": "auth_ok"}')
154 return user
155
156 async def _proxy_messages(
157 self,
158 client_ws: web.WebSocketResponse,
159 internal_ws: aiohttp.ClientWebSocketResponse,
160 ) -> None:
161 """
162 Proxy messages bidirectionally between client and internal Sendspin server.
163
164 :param client_ws: The client WebSocket connection.
165 :param internal_ws: The internal Sendspin server WebSocket connection.
166 """
167 client_to_internal = asyncio.create_task(
168 self._forward_client_to_internal(client_ws, internal_ws)
169 )
170 internal_to_client = asyncio.create_task(
171 self._forward_internal_to_client(client_ws, internal_ws)
172 )
173
174 _done, pending = await asyncio.wait(
175 [client_to_internal, internal_to_client],
176 return_when=asyncio.FIRST_COMPLETED,
177 )
178
179 for task in pending:
180 task.cancel()
181 with contextlib.suppress(asyncio.CancelledError):
182 await task
183
184 async def _forward_client_to_internal(
185 self,
186 client_ws: web.WebSocketResponse,
187 internal_ws: aiohttp.ClientWebSocketResponse,
188 ) -> None:
189 """
190 Forward messages from client to internal Sendspin server.
191
192 :param client_ws: The client WebSocket connection.
193 :param internal_ws: The internal Sendspin server WebSocket connection.
194 """
195 async for msg in client_ws:
196 if msg.type == WSMsgType.TEXT:
197 await internal_ws.send_str(msg.data)
198 elif msg.type == WSMsgType.BINARY:
199 await internal_ws.send_bytes(msg.data)
200 elif msg.type in (WSMsgType.CLOSE, WSMsgType.CLOSED, WSMsgType.ERROR):
201 break
202
203 async def _forward_internal_to_client(
204 self,
205 client_ws: web.WebSocketResponse,
206 internal_ws: aiohttp.ClientWebSocketResponse,
207 ) -> None:
208 """
209 Forward messages from internal Sendspin server to client.
210
211 :param client_ws: The client WebSocket connection.
212 :param internal_ws: The internal Sendspin server WebSocket connection.
213 """
214 async for msg in internal_ws:
215 if msg.type == WSMsgType.TEXT:
216 await client_ws.send_str(msg.data)
217 elif msg.type == WSMsgType.BINARY:
218 await client_ws.send_bytes(msg.data)
219 elif msg.type in (WSMsgType.CLOSE, WSMsgType.CLOSED, WSMsgType.ERROR):
220 break
221