A lot of TMDB API requests when the API key is invalid

bitmagnet-io / bitmagnet

A self-hosted BitTorrent indexer, DHT crawler, content classifier and torrent search engine with web UI, GraphQL API and Servarr stack integration.

https://bitmagnet.io/

MIT License

2.07k stars 80 forks source link

A lot of TMDB API requests when the API key is invalid #157

Closed ioqy closed 4 months ago

ioqy commented 4 months ago

[x] I have checked the existing issues to avoid duplicates
[x] I have redacted any info hashes and content metadata from any logs or screenshots attached to this issue

Describe the bug

Bitmagnet will continue to make TMDB API requests with an invalid API key at a rather high rate.

In 60 seconds with an invalid API key, bitmagnet made 700 requests.

To Reproduce

Steps to reproduce the behavior:

Set a wrong API key
Start bitmagnet
See a lot of "Invalid API key: You must be granted a valid key." messages in the log

Expected behavior

Either stop or severely limit the TMDB API requests when the API key is invalid.

Environment Information (Required)

Bitmagnet version: 0.7.3

Technetium1 commented 4 months ago

Maybe the key should be checked for validity in the first place? https://developer.themoviedb.org/reference/authentication-validate-key

mgdigital commented 4 months ago

It should arguably halt the application if it's invalid, as the classifier wouldn't be working the same without it, and you might not notice without looking at the logs.

An alternative would be to fail every queue job (without re-calling the API), but then users would have to manually requeue everything. As a user I'd probably prefer it to fail up-front.

Also possibly an idea to have an option to disable TMDB matching altogether.

Slightly aside, I want to replace the TMDB client library in use as it doesn't use the Go context convention and patches its own timeout onto requests (especially problematic with rate limiting), which I've in turn had to hack around to fix....

ioqy commented 4 months ago

I don't know if this is possible, but could the API key become invalid while bitmagnet is already running? Then a check at the start of bitmagnet might not be enough.

Another possibility is that the API key could fallback to the built in key. This would be the least disruptive to the operation of the application.

mgdigital commented 4 months ago

the API key could fallback to the built in key

Right yes, that's obviously what should happen, thanks! I'm going to do this as part of replacing the TMDB client....

could the API key become invalid while bitmagnet is already running?

It's certainly possible but probably a rare enough edge case that we don't need to handle it in any other way than letting it fail?

ioqy commented 4 months ago

It's certainly possible but probably a rare enough edge case that we don't need to handle it in any other way than letting it fail?

Just letting it fail would flood the API with unnecessary requests. Even if it is just an edge case. I would prefer the fallback to the built in key any time the API key is invalid. And not just a single validity check of the API key at the application startup.

mgdigital commented 4 months ago

As a compromise I'll stop it making further requests once it gets a 401. To fall back mid-flow involves resetting the rate limit too, and it's adding too much complexity for the sake of an edge case.