Welcome to this week’s blog. This week, my work focused on enhancing API security, adding github authentication, refining project structure, and introducing a faster Python package manager (UV).
API Security Improvements
I implemented some checks on the validation endpoint, which processes the user game files data sent from the ScummVM application. These checks are designed to prevent any kind of brute-force attempts –
On top of that, I introduced rate limiting using Flask-Limiter. Currently, the validation endpoint allows a maximum of 3 requests per minute per user.
GitHub OAuth & Role-Based Access
GitHub OAuth authentication is now in place, introducing a three-level role-based system. Though, I have tested it with my own dummy organisation, the integration with ScummVM is remaining:
-
Admin – Full access, plus the ability to clear the database.
-
Moderators – Same permissions as Admin, except database clearing.
-
Read-Only – Logged-in users with viewing rights only.
Project Restructuring & UV Integration
As suggested by my mentor Rvanlaar, I restructured the project into a Python module, making the import logic cleaner and improving overall modularity. I also added UV, a high-performance Python package and project manager, offering faster dependency handling compared to pip.
Other Fixes & Improvements
-
Updated the apache config file to use the Python virtual environment instead of the global installation.
-
Correctly decode MacBinary filenames from headers using MacRoman instead of UTF-8.
-
Improved error handling for the scan utlility.
- Use one of size or size-rd for filtering filesets for scan.dat in case of macfiles instead of both simultaneously.