Security updates.

[clinton/xbmc-groove.git] / resources / lib / GroovesharkAPI.py
diff --git a/resources/lib/GroovesharkAPI.py b/resources/lib/GroovesharkAPI.py

index 0c09e25..43db1ba 100644 (file)
--- a/resources/lib/GroovesharkAPI.py
+++ b/resources/lib/GroovesharkAPI.py
@@ -1,4 +1,5 @@
-import socket, hmac, urllib, urllib2, pprint, md5, os, pickle, tempfile, time, re, simplejson
+import socket, urllib, urllib2, pprint, md5, os, pickle, tempfile, time, re, simplejson, base64
+from blowfish import Blowfish
  
  SESSION_EXPIRY = 1209600 # 2 weeks
  
@@ -22,6 +23,7 @@ class GrooveAPI:
         _lastSessionTime = 0
         _lastStreamKey = ''
         _lastStreamServerID = ''
+       _key = md5.new(os.path.basename("GroovesharkAPI.py")).hexdigest()
  
         # Constructor
         def __init__(self):
@@ -36,12 +38,12 @@ class GrooveAPI:
                 # session ids last 2 weeks
                 if self._sessionID == '' or time.time()- self._lastSessionTime >= SESSION_EXPIRY:
                         self._sessionID = self._getSessionID()
-                       self._ip = self._getIP()
-                       self._country = self._getCountry()
                         if self._sessionID == '':
                                 raise StandardError('Failed to get session id')
                         else:
                                 print "New GrooveAPI session id: " + self._sessionID
+                               self._ip = self._getIP()
+                               self._country = self._getCountry()
                                 self._setSavedSession()
  
         # Call to API
@@ -50,6 +52,10 @@ class GrooveAPI:
                         res = self._getRemote(method, params)
                         url = res['url']
                         postData = res['postData']
+               except:
+                       print "Failed to get request URL and post data"
+                       return []
+               try:
                         req = urllib2.Request(url, postData)
                         response = urllib2.urlopen(req)
                         result = response.read()
@@ -58,14 +64,25 @@ class GrooveAPI:
                         response.close()
                         result = simplejson.loads(result)
                         return result
+               except urllib2.HTTPError, e:
+                       print "HTTP error " + e.code
+               except urllib2.URLError, e:
+                       print "URL error " + e.reason
                 except:
+                       print "Request to Grooveshark API failed"
                         return []       
  
+
         # Get the API call
         def _getRemote(self, method, params = {}):
                 postData = { "method": method, "sessionid": self._sessionID, "parameters": params }
                 postData = simplejson.dumps(postData)
-               url = WEB_APP_URL + "?postData=" + urllib.quote_plus(postData)
+               
+               cipher = Blowfish(self._key)
+               cipher.initCTR()
+               encryptedPostData = cipher.encryptCTR(postData)
+               encryptedPostData = base64.urlsafe_b64encode(encryptedPostData)
+               url = WEB_APP_URL + "?postData=" + encryptedPostData
                 req = urllib2.Request(url)
                 response = urllib2.urlopen(req)
                 result = response.read()
@@ -82,8 +99,8 @@ class GrooveAPI:
         def _getSessionID(self):
                 params = {}
                 result = self._callRemote('startSession', params)
-               self._lastSessionTime = time.time()
                 if 'result' in result:
+                       self._lastSessionTime = time.time()
                         return result['result']['sessionID']
                 else:
                         return ''