Avoid Internal Server Error when tampered

Add references in authentication.md Add hyperlinks for `none-shall-pass` action
thevickypedia · Jan 27, 2024 · 3aa0d62 · 3aa0d62
1 parent e5c98f5
commit 3aa0d62
Show file tree

Hide file tree

Showing 12 changed files with 58 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -2,6 +2,7 @@
 
 [![book](https://github.com/thevickypedia/pystream/actions/workflows/pages/pages-build-deployment/badge.svg)][gha_pages]
 [![pypi](https://github.com/thevickypedia/pystream/actions/workflows/python-publish.yml/badge.svg)][gha_pypi]
+[![none-shall-pass](https://github.com/thevickypedia/pystream/actions/workflows/markdown.yml/badge.svg)][gha_none_shall_pass]
 
 [![PyPI version shields.io](https://img.shields.io/pypi/v/stream-localhost)][pypi]
 [![Pypi-format](https://img.shields.io/pypi/format/stream-localhost)](https://pypi.org/project/stream-localhost/#files)
@@ -99,6 +100,7 @@ Licensed under the [MIT License][license]
 [release-notes]: https://github.com/thevickypedia/pystream/blob/master/release_notes.rst
 [gha_pages]: https://github.com/thevickypedia/pystream/actions/workflows/pages/pages-build-deployment
 [gha_pypi]: https://github.com/thevickypedia/pystream/actions/workflows/python-publish.yml
+[gha_none_shall_pass]: https://github.com/thevickypedia/pystream/actions/workflows/markdown.yml
 [google-docs]: https://google.github.io/styleguide/pyguide.html#38-comments-and-docstrings
 [pep8]: https://www.python.org/dev/peps/pep-0008/
 [isort]: https://pycqa.github.io/isort/

diff --git a/authentication.md b/authentication.md
@@ -3,7 +3,7 @@
 a `session_token` generated by the server to access directories and streaming content.
 
 ### Username and Password
-
+> [Signature Authentication][signature-authentication]
 #### Frontend
 - UI creates hex values for username and password using native JS
 - These hex values are then used the calculate the hash
@@ -17,7 +17,7 @@ a `session_token` generated by the server to access directories and streaming co
 - These signatures are then compared for authentication purpose
 
 ### Session Token
-
+> [Symmetric Encryption][symmetric-encryption]
 - Once the login has been successful, the API creates a randomly generated 64 bit url safe token
 - This token is stored as unique key for each user
 - The API then forms a payload with the username, key, and the timestamp
@@ -30,3 +30,10 @@ a `session_token` generated by the server to access directories and streaming co
 > so the username and password are lost in the frontend at this point
 - From then on, all calls to the backend including redirects, directory navigation and, streaming will carry the cookie
 - The `session_token` is the only form of authentication from this point onward
+
+### References
+- [symmetric-encryption]
+- [signature-authentication]
+
+[symmetric-encryption]: https://cryptography.io/en/latest/fernet/
+[signature-authentication]: https://developers.expediagroup.com/docs/products/rapid/resources/reference/signature-authentication
diff --git a/docs/README.html b/docs/README.html
@@ -48,7 +48,8 @@ <h3>Navigation</h3>
 
   <p><strong>Deployments</strong></p>
 <p><a class="reference external" href="https://github.com/thevickypedia/pystream/actions/workflows/pages/pages-build-deployment"><img alt="book" src="https://github.com/thevickypedia/pystream/actions/workflows/pages/pages-build-deployment/badge.svg" /></a>
-<a class="reference external" href="https://github.com/thevickypedia/pystream/actions/workflows/python-publish.yml"><img alt="pypi" src="https://github.com/thevickypedia/pystream/actions/workflows/python-publish.yml/badge.svg" /></a></p>
+<a class="reference external" href="https://github.com/thevickypedia/pystream/actions/workflows/python-publish.yml"><img alt="pypi" src="https://github.com/thevickypedia/pystream/actions/workflows/python-publish.yml/badge.svg" /></a>
+<a class="reference external" href="https://github.com/thevickypedia/pystream/actions/workflows/markdown.yml"><img alt="none-shall-pass" src="https://github.com/thevickypedia/pystream/actions/workflows/markdown.yml/badge.svg" /></a></p>
 <p><a class="reference external" href="https://pypi.org/project/stream-localhost"><img alt="PyPI version shields.io" src="https://img.shields.io/pypi/v/stream-localhost" /></a>
 <a class="reference external" href="https://pypi.org/project/stream-localhost/#files"><img alt="Pypi-format" src="https://img.shields.io/pypi/format/stream-localhost" /></a>
 <a class="reference external" href="https://pypi.org/project/stream-localhost"><img alt="Pypi-status" src="https://img.shields.io/pypi/status/stream-localhost" /></a></p>

diff --git a/docs/README.md b/docs/README.md
@@ -2,6 +2,7 @@
 
 [![book](https://github.com/thevickypedia/pystream/actions/workflows/pages/pages-build-deployment/badge.svg)][gha_pages]
 [![pypi](https://github.com/thevickypedia/pystream/actions/workflows/python-publish.yml/badge.svg)][gha_pypi]
+[![none-shall-pass](https://github.com/thevickypedia/pystream/actions/workflows/markdown.yml/badge.svg)][gha_none_shall_pass]
 
 [![PyPI version shields.io](https://img.shields.io/pypi/v/stream-localhost)][pypi]
 [![Pypi-format](https://img.shields.io/pypi/format/stream-localhost)](https://pypi.org/project/stream-localhost/#files)
@@ -99,6 +100,7 @@ Licensed under the [MIT License][license]
 [release-notes]: https://github.com/thevickypedia/pystream/blob/master/release_notes.rst
 [gha_pages]: https://github.com/thevickypedia/pystream/actions/workflows/pages/pages-build-deployment
 [gha_pypi]: https://github.com/thevickypedia/pystream/actions/workflows/python-publish.yml
+[gha_none_shall_pass]: https://github.com/thevickypedia/pystream/actions/workflows/markdown.yml
 [google-docs]: https://google.github.io/styleguide/pyguide.html#38-comments-and-docstrings
 [pep8]: https://www.python.org/dev/peps/pep-0008/
 [isort]: https://pycqa.github.io/isort/

diff --git a/docs/_sources/README.md.txt b/docs/_sources/README.md.txt
@@ -2,6 +2,7 @@
 
 [![book](https://github.com/thevickypedia/pystream/actions/workflows/pages/pages-build-deployment/badge.svg)][gha_pages]
 [![pypi](https://github.com/thevickypedia/pystream/actions/workflows/python-publish.yml/badge.svg)][gha_pypi]
+[![none-shall-pass](https://github.com/thevickypedia/pystream/actions/workflows/markdown.yml/badge.svg)][gha_none_shall_pass]
 
 [![PyPI version shields.io](https://img.shields.io/pypi/v/stream-localhost)][pypi]
 [![Pypi-format](https://img.shields.io/pypi/format/stream-localhost)](https://pypi.org/project/stream-localhost/#files)
@@ -99,6 +100,7 @@ Licensed under the [MIT License][license]
 [release-notes]: https://github.com/thevickypedia/pystream/blob/master/release_notes.rst
 [gha_pages]: https://github.com/thevickypedia/pystream/actions/workflows/pages/pages-build-deployment
 [gha_pypi]: https://github.com/thevickypedia/pystream/actions/workflows/python-publish.yml
+[gha_none_shall_pass]: https://github.com/thevickypedia/pystream/actions/workflows/markdown.yml
 [google-docs]: https://google.github.io/styleguide/pyguide.html#38-comments-and-docstrings
 [pep8]: https://www.python.org/dev/peps/pep-0008/
 [isort]: https://pycqa.github.io/isort/

diff --git a/docs/_sources/authentication.md.txt b/docs/_sources/authentication.md.txt
@@ -3,7 +3,7 @@
 a `session_token` generated by the server to access directories and streaming content.
 
 ### Username and Password
-
+> [Signature Authentication][signature-authentication]
 #### Frontend
 - UI creates hex values for username and password using native JS
 - These hex values are then used the calculate the hash
@@ -17,7 +17,7 @@ a `session_token` generated by the server to access directories and streaming co
 - These signatures are then compared for authentication purpose
 
 ### Session Token
-
+> [Symmetric Encryption][symmetric-encryption]
 - Once the login has been successful, the API creates a randomly generated 64 bit url safe token
 - This token is stored as unique key for each user
 - The API then forms a payload with the username, key, and the timestamp
@@ -30,3 +30,10 @@ a `session_token` generated by the server to access directories and streaming co
 > so the username and password are lost in the frontend at this point
 - From then on, all calls to the backend including redirects, directory navigation and, streaming will carry the cookie
 - The `session_token` is the only form of authentication from this point onward
+
+### References
+- [symmetric-encryption]
+- [signature-authentication]
+
+[symmetric-encryption]: https://cryptography.io/en/latest/fernet/
+[signature-authentication]: https://developers.expediagroup.com/docs/products/rapid/resources/reference/signature-authentication
diff --git a/docs/authentication.html b/docs/authentication.html
@@ -48,6 +48,9 @@ <h1>Authentication<a class="headerlink" href="#authentication" title="Permalink
 a <code class="docutils literal notranslate"><span class="pre">session_token</span></code> generated by the server to access directories and streaming content.</p>
 <section id="username-and-password">
 <h2>Username and Password<a class="headerlink" href="#username-and-password" title="Permalink to this heading">¶</a></h2>
+<blockquote>
+<div><p><a class="reference external" href="https://developers.expediagroup.com/docs/products/rapid/resources/reference/signature-authentication">Signature Authentication</a></p>
+</div></blockquote>
 <section id="frontend">
 <h3>Frontend<a class="headerlink" href="#frontend" title="Permalink to this heading">¶</a></h3>
 <ul class="simple">
@@ -69,6 +72,9 @@ <h3>Backend<a class="headerlink" href="#backend" title="Permalink to this headin
 </section>
 <section id="session-token">
 <h2>Session Token<a class="headerlink" href="#session-token" title="Permalink to this heading">¶</a></h2>
+<blockquote>
+<div><p><a class="reference external" href="https://cryptography.io/en/latest/fernet/">Symmetric Encryption</a></p>
+</div></blockquote>
 <ul class="simple">
 <li><p>Once the login has been successful, the API creates a randomly generated 64 bit url safe token</p></li>
 <li><p>This token is stored as unique key for each user</p></li>
@@ -92,6 +98,13 @@ <h2>Session Token<a class="headerlink" href="#session-token" title="Permalink to
 <li><p>The <code class="docutils literal notranslate"><span class="pre">session_token</span></code> is the only form of authentication from this point onward</p></li>
 </ul>
 </section>
+<section id="references">
+<h2>References<a class="headerlink" href="#references" title="Permalink to this heading">¶</a></h2>
+<ul class="simple">
+<li><p><a class="reference external" href="https://cryptography.io/en/latest/fernet/">symmetric-encryption</a></p></li>
+<li><p><a class="reference external" href="https://developers.expediagroup.com/docs/products/rapid/resources/reference/signature-authentication">signature-authentication</a></p></li>
+</ul>
+</section>
 </section>
 
 
@@ -111,6 +124,7 @@ <h3><a href="index.html">Table of Contents</a></h3>
 </ul>
 </li>
 <li><a class="reference internal" href="#session-token">Session Token</a></li>
+<li><a class="reference internal" href="#references">References</a></li>
 </ul>
 </li>
 </ul>

diff --git a/docs/authentication.md b/docs/authentication.md
@@ -3,7 +3,7 @@
 a `session_token` generated by the server to access directories and streaming content.
 
 ### Username and Password
-
+> [Signature Authentication][signature-authentication]
 #### Frontend
 - UI creates hex values for username and password using native JS
 - These hex values are then used the calculate the hash
@@ -17,7 +17,7 @@ a `session_token` generated by the server to access directories and streaming co
 - These signatures are then compared for authentication purpose
 
 ### Session Token
-
+> [Symmetric Encryption][symmetric-encryption]
 - Once the login has been successful, the API creates a randomly generated 64 bit url safe token
 - This token is stored as unique key for each user
 - The API then forms a payload with the username, key, and the timestamp
@@ -30,3 +30,10 @@ a `session_token` generated by the server to access directories and streaming co
 > so the username and password are lost in the frontend at this point
 - From then on, all calls to the backend including redirects, directory navigation and, streaming will carry the cookie
 - The `session_token` is the only form of authentication from this point onward
+
+### References
+- [symmetric-encryption]
+- [signature-authentication]
+
+[symmetric-encryption]: https://cryptography.io/en/latest/fernet/
+[signature-authentication]: https://developers.expediagroup.com/docs/products/rapid/resources/reference/signature-authentication
diff --git a/docs/index.html b/docs/index.html
@@ -61,6 +61,7 @@ <h1>Stream-Localhost - A secured interface to stream videos<a class="headerlink"
 <li class="toctree-l1"><a class="reference internal" href="authentication.html">Authentication</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="authentication.html#username-and-password">Username and Password</a></li>
 <li class="toctree-l2"><a class="reference internal" href="authentication.html#session-token">Session Token</a></li>
+<li class="toctree-l2"><a class="reference internal" href="authentication.html#references">References</a></li>
 </ul>
 </li>
 </ul>