search

rommapp / romm

A beautiful, powerful, self-hosted rom manager
https://romm.app
GNU Affero General Public License v3.0
2.45k stars 100 forks source link

[Bug] Tinfoil integration not connecting #1051

Closed Casuallynoted closed 3 months ago

Casuallynoted commented 3 months ago

RomM version 3.3.0

Describe the bug At the moment, the Tinfoil integration fails to list available switch games for installation.

Additional context Already did some debugging with Asada, it's currently unclear how Tinfoil is actually supposed to be reaching out to Romm as web access logs aren't really showing any reach out attempts from Tinfoil on my end.

Thought I'd create an issue here to keep it documented- Asada is already aware and since none of the devs currently have access to a Switch for testing, it's likely to be here until we're better able to assess the situation. But figured it's good to have the issue on Github.

Pfuenzle commented 3 months ago

From what I saw in my nging logs, this is because tinfoil is accessing host.com/api/tinfoil/feed/, but romm is expecting the path without a / at the end.

When accessing the path with a / at the end, it just redirects to the web-ui, which is obviously not working in tinfoil

Pfuenzle commented 3 months ago

I think with the commit above the redirection works, but the authentication doesnt anymore


<ip> - <user> [05/Aug/2024:20:14:26 +0100] "GET /api/tinfoil/feed/ HTTP/1.1" 307 0 "-" "-"

<ip>  - - [05/Aug/2024:20:14:26 +0100] "GET /api/tinfoil/feed HTTP/1.1" 403 22 "-" "-"```
adamantike commented 3 months ago

Feel free to test the changes in https://github.com/rommapp/romm/pull/1059, and let us know if that makes any difference.

Pfuenzle commented 3 months ago

The redirect works as expected now :) When opening the "Repo" in Tinfoil directly, all games get listed.

But it seems that downloading does not work.

When trying to access a file, the correct link gets accessed (GET /api/roms/2/content/romname.NSP), but a error 403 gets returned. When accessing the link in this format using Insomnia (and curl etc...): https://user:password@domain.com/api/roms/2/content/game.NSP The file download is successful, so maybe Tinfoil does not provide the authentication header for downloads?

Here are the logs when opening the directory in Tinfoil and trying to download a file:

 - "GET /api/tinfoil/feed/ HTTP/1.0" 200
INFO:     [nginx][2024-08-07 09:33:40]  172.18.0.48 - user "GET /api/tinfoil/feed/ HTTP/1.1" 200 186 "-" "-" rt=0.291 uct="0.000" uht="0.291" urt="0.291"
 - "HEAD /api/roms/2/content/myrom.NSP HTTP/1.0" 403
INFO:     [nginx][2024-08-07 09:33:43]  172.18.0.48 - - "HEAD /api/roms/2/content/myrom.NSP HTTP/1.1" 403 0 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.85 Safari/537.37" rt=0.004 uct="0.000" uht="0.003" urt="0.003"
 - "GET /api/roms/2/content/myrom.NSP HTTP/1.0" 403
INFO:     [nginx][2024-08-07 09:33:43]  172.18.0.48 - - "GET /api/roms/2/content/myrom.NSP HTTP/1.1" 403 22 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.85 Safari/537.37" rt=0.002 uct="0.000" uht="0.002" urt="0.003"

Edit:

This can be fixed by setting the url in feeds.py to "url": f"../../roms/{file.id}/content/{file.file_name}",

Pfuenzle commented 3 months ago

With the fix above everything is working correctly on Tinfoil for me. One weird thing is that it doesnt work with nginx as a reverse proxy, only when accessing it directly. With a reverse proxy, tinfoil doesnt even try to connect on startup. But on romm's side everything is working now :)

adamantike commented 3 months ago

Can you try setting the following environment variable for the romm container?

DISABLE_DOWNLOAD_ENDPOINT_AUTH=true

That should disable the authentication requirement for the /roms/{id}/content/{filename} endpoint.

In the meantime, we will improve this by making the Feed endpoint pre-sign the download URLs, so using Tinfoil doesn't require globally disabling authentication for downloads.

Pfuenzle commented 3 months ago

I guess that should work, I can try it later. But making the rom path a relative path in the json returned to tinfoil, like I suggested above, is a better solution IMO. Currently it's hard coded, and tinfoil can't add the username:password parameter there, whereas with the relative path it can add the authentication.

Casuallynoted commented 3 months ago

Can you try setting the following environment variable for the romm container?

DISABLE_DOWNLOAD_ENDPOINT_AUTH=true

That should disable the authentication requirement for the /roms/{id}/content/{filename} endpoint.

In the meantime, we will improve this by making the Feed endpoint pre-sign the download URLs, so using Tinfoil doesn't require globally disabling authentication for downloads.

I did give this a try but unfortunately the nsp download error still appears even when endpoint auth is disabled. I have tried checking out my cloudflared logs to find out why but it's not particularly verbose. Going to see if maybe @Pfuenzle is able to find info in their logs.

Pfuenzle commented 3 months ago

I just tried it out, I still get Error 403 both with my switch and when accessing a Rom directly, even with DISABLE_DOWNLOAD_ENDPOINT_AUTH=true.

The logs dont show anything of interest, only the single request to the rom, which gets returned with a 403

gantoine commented 3 months ago

Closing this as the original issue has been fixed, and we're working on an improved download endpoint that'll also work with tinfoil.