1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
|
"""
Pandora API Transport
This module contains the very low level transport agent for the Pandora API.
The transport is concerned with the details of a raw HTTP call to the Pandora
API along with the request and response encryption by way of an Encyrpytor
object. The result from a transport is a JSON object for the API or an
exception.
API consumers should use one of the API clients in the pandora.client package.
"""
import random
import time
import json
import base64
import requests
from requests.adapters import HTTPAdapter
from .errors import PandoraException
try:
import blowfish
except ImportError:
blowfish = None
DEFAULT_API_HOST = "tuner.pandora.com/services/json/"
# This decorator is a temporary workaround for handling SysCallErrors, see:
# https://github.com/shazow/urllib3/issues/367. Should be removed once a fix is
# applied in urllib3.
def retries(max_tries, exceptions=(Exception,)):
"""Function decorator implementing retrying logic.
exceptions: A tuple of exception classes; default (Exception,)
The decorator will call the function up to max_tries times if it raises
an exception.
By default it catches instances of the Exception class and subclasses.
This will recover after all but the most fatal errors. You may specify a
custom tuple of exception classes with the 'exceptions' argument; the
function will only be retried if it raises one of the specified
exceptions.
"""
def decorator(func):
def function(*args, **kwargs):
retries_left = max_tries
while retries_left > 0:
try:
retries_left -= 1
return func(*args, **kwargs)
except exceptions as exc:
# Don't retry for PandoraExceptions - unlikely that result
# will change for same set of input parameters.
if isinstance(exc, PandoraException):
raise
if retries_left > 0:
time.sleep(delay_exponential(
0.5, 2, max_tries - retries_left))
else:
raise
return function
return decorator
def delay_exponential(base, growth_factor, attempts):
"""Calculate time to sleep based on exponential function.
The format is::
base * growth_factor ^ (attempts - 1)
If ``base`` is set to 'rand' then a random number between
0 and 1 will be used as the base.
Base must be greater than 0, otherwise a ValueError will be
raised.
"""
if base == 'rand':
base = random.random()
elif base <= 0:
raise ValueError("The 'base' param must be greater than 0, "
"got: {}".format(base))
time_to_sleep = base * (growth_factor ** (attempts - 1))
return time_to_sleep
class RetryingSession(requests.Session):
"""Requests Session With Retry Support
This Requests session uses an HTTPAdapter that retries on connection
failure three times. The Pandora API is fairly aggressive about closing
connections on clients and the default session doesn't retry.
"""
def __init__(self):
super(RetryingSession, self).__init__()
self.mount('https://', HTTPAdapter(max_retries=3))
self.mount('http://', HTTPAdapter(max_retries=3))
class APITransport(object):
"""Pandora API Transport
The transport is responsible for speaking the low-level protocol required
by the Pandora API. It knows about encryption, TLS and the other API
details. Once setup the transport acts like a callable.
"""
API_VERSION = "5"
REQUIRE_RESET = ("auth.partnerLogin", )
NO_ENCRYPT = ("auth.partnerLogin", )
REQUIRE_TLS = ("auth.partnerLogin", "auth.userLogin",
"station.getPlaylist", "user.createUser")
def __init__(self, cryptor, api_host=DEFAULT_API_HOST, proxy=None):
self.cryptor = cryptor
self.api_host = api_host
self._http = RetryingSession()
if proxy:
self._http.proxies = {"http": proxy, "https": proxy}
self.reset()
def reset(self):
self.partner_auth_token = None
self.user_auth_token = None
self.partner_id = None
self.user_id = None
self.start_time = None
self.server_sync_time = None
def set_partner(self, data):
self.sync_time = data["syncTime"]
self.partner_auth_token = data["partnerAuthToken"]
self.partner_id = data["partnerId"]
def set_user(self, data):
self.user_id = data["userId"]
self.user_auth_token = data["userAuthToken"]
@property
def auth_token(self):
if self.user_auth_token:
return self.user_auth_token
if self.partner_auth_token:
return self.partner_auth_token
return None
@property
def sync_time(self):
if not self.server_sync_time:
return None
return int(self.server_sync_time + (time.time() - self.start_time))
def remove_empty_values(self, data):
return dict((k, v) for k, v in data.items() if v is not None)
@sync_time.setter
def sync_time(self, sync_time):
self.server_sync_time = self.cryptor.decrypt_sync_time(sync_time)
def _start_request(self, method):
if method in self.REQUIRE_RESET:
self.reset()
if not self.start_time:
self.start_time = int(time.time())
def _make_http_request(self, url, data, params):
try:
data = data.encode("utf-8")
except AttributeError:
pass
params = self.remove_empty_values(params)
result = self._http.post(url, data=data, params=params)
result.raise_for_status()
return result.content
def test_url(self, url):
return self._http.head(url).status_code == requests.codes.OK
def _build_params(self, method):
return {
"method": method,
"auth_token": self.auth_token,
"partner_id": self.partner_id,
"user_id": self.user_id,
}
def _build_url(self, method):
return "{0}://{1}".format(
"https" if method in self.REQUIRE_TLS else "http",
self.api_host)
def _build_data(self, method, data):
data["userAuthToken"] = self.user_auth_token
if not self.user_auth_token and self.partner_auth_token:
data["partnerAuthToken"] = self.partner_auth_token
data["syncTime"] = self.sync_time
data = json.dumps(self.remove_empty_values(data))
if method not in self.NO_ENCRYPT:
data = self.cryptor.encrypt(data)
return data
def _parse_response(self, result):
result = json.loads(result.decode("utf-8"))
if result["stat"] == "ok":
return result["result"] if "result" in result else None
else:
raise PandoraException.from_code(result["code"], result["message"])
@retries(3)
def __call__(self, method, **data):
self._start_request(method)
url = self._build_url(method)
data = self._build_data(method, data)
params = self._build_params(method)
result = self._make_http_request(url, data, params)
return self._parse_response(result)
class BlowfishCryptor(object):
"""Low-Level Blowfish Cryptography
Handles symmetric Blowfish cryptography of raw byte messages with or
without padding. Does not handle messages that are encoded in other formats
like hex or base64.
Subclasses implement the cryptography based on different back-end
libraries.
"""
block_size = 8
def _add_padding(self, data):
pad_size = self.block_size - (len(data) % self.block_size)
padding = (chr(pad_size) * pad_size).encode("ascii")
return data.encode("utf-8") + padding
@staticmethod
def _strip_padding(data):
try:
pad_size = int(data[-1]) # python3
except ValueError: # pragma: no cover
pad_size = ord(data[-1]) # python2
computed = b"".join([chr(pad_size).encode("ascii")] * pad_size)
if not data[-pad_size:] == computed:
raise ValueError('Invalid padding')
return data[:-pad_size]
class CryptographyBlowfish(BlowfishCryptor):
"""Cryptography Blowfish Cryptor
Uses the python cryptography library which wraps OpenSSL. Compatible with
both Python 2 and 3 but requires a native dependency.
"""
def __init__(self, key):
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers import Cipher
from cryptography.hazmat.primitives.ciphers.modes import ECB
from cryptography.hazmat.primitives.ciphers.algorithms import Blowfish
self.cipher = Cipher(
Blowfish(key.encode("ascii")), ECB(), backend=default_backend())
def _make_bytearray(self, data):
return bytearray(len(data) + (self.block_size - 1))
def decrypt(self, data, strip_padding=True):
buf = self._make_bytearray(data)
dec = self.cipher.decryptor()
len_dec = dec.update_into(data, buf)
data = bytes(buf[:len_dec]) + dec.finalize()
return self._strip_padding(data) if strip_padding else data
def encrypt(self, data):
data = self._add_padding(data)
enc = self.cipher.encryptor()
buf = self._make_bytearray(data)
len_enc = enc.update_into(data, buf)
return bytes(buf[:len_enc]) + enc.finalize()
class PurePythonBlowfish(BlowfishCryptor):
"""Pure Python 3 Blowfish Cryptor
Uses the pure python blowfish library but is only compatible with Python 3.
"""
def __init__(self, key):
self.cipher = blowfish.Cipher(key.encode("ascii"))
def decrypt(self, data, strip_padding=True):
data = b"".join(self.cipher.decrypt_ecb(data))
return self._strip_padding(data) if strip_padding else data
def encrypt(self, data):
return b"".join(self.cipher.encrypt_ecb(self._add_padding(data)))
# Python 3 users can use pure-python mode, if possible prefer that as default
_default_crypto = PurePythonBlowfish if blowfish else CryptographyBlowfish
class Encryptor(object):
"""Pandora Blowfish Encryptor
The blowfish encryptor can encrypt and decrypt the relevant parts of the
API request and response. It handles the formats that the API expects.
"""
def __init__(self, in_key, out_key, crypto_class=_default_crypto):
self.bf_out = crypto_class(out_key)
self.bf_in = crypto_class(in_key)
@staticmethod
def _decode_hex(data):
return base64.b16decode(data.encode("ascii").upper())
@staticmethod
def _encode_hex(data):
return base64.b16encode(data).lower()
def decrypt(self, data):
return json.loads(self.bf_out.decrypt(self._decode_hex(data)))
def decrypt_sync_time(self, data):
return int(self.bf_in.decrypt(self._decode_hex(data), False)[4:-2])
def encrypt(self, data):
return self._encode_hex(self.bf_out.encrypt(data))
|
