romm icon indicating copy to clipboard operation
romm copied to clipboard
Published 1 month ago verified publisher icon rommapp

[Bug] Tinfoil integration not connecting

Open Casuallynoted opened this issue 1 year ago • 9 comments

RomM version 3.3.0

Describe the bug At the moment, the Tinfoil integration fails to list available switch games for installation.

Additional context Already did some debugging with Asada, it's currently unclear how Tinfoil is actually supposed to be reaching out to Romm as web access logs aren't really showing any reach out attempts from Tinfoil on my end.

Thought I'd create an issue here to keep it documented- Asada is already aware and since none of the devs currently have access to a Switch for testing, it's likely to be here until we're better able to assess the situation. But figured it's good to have the issue on Github.

Casuallynoted avatar Aug 04 '24 15:08 Casuallynoted

From what I saw in my nging logs, this is because tinfoil is accessing host.com/api/tinfoil/feed/, but romm is expecting the path without a / at the end.

When accessing the path with a / at the end, it just redirects to the web-ui, which is obviously not working in tinfoil

Pfuenzle avatar Aug 05 '24 13:08 Pfuenzle

I think with the commit above the redirection works, but the authentication doesnt anymore

<ip> - <user> [05/Aug/2024:20:14:26 +0100] "GET /api/tinfoil/feed/ HTTP/1.1" 307 0 "-" "-"

<ip>  - - [05/Aug/2024:20:14:26 +0100] "GET /api/tinfoil/feed HTTP/1.1" 403 22 "-" "-"```

Pfuenzle avatar Aug 05 '24 19:08 Pfuenzle

Feel free to test the changes in https://github.com/rommapp/romm/pull/1059, and let us know if that makes any difference.

adamantike avatar Aug 07 '24 03:08 adamantike

The redirect works as expected now :) When opening the "Repo" in Tinfoil directly, all games get listed.

But it seems that downloading does not work.

When trying to access a file, the correct link gets accessed (GET /api/roms/2/content/romname.NSP), but a error 403 gets returned. When accessing the link in this format using Insomnia (and curl etc...): https://user:[email protected]/api/roms/2/content/game.NSP The file download is successful, so maybe Tinfoil does not provide the authentication header for downloads?

Here are the logs when opening the directory in Tinfoil and trying to download a file:

 - "GET /api/tinfoil/feed/ HTTP/1.0" 200
INFO:     [nginx][2024-08-07 09:33:40]  172.18.0.48 - user "GET /api/tinfoil/feed/ HTTP/1.1" 200 186 "-" "-" rt=0.291 uct="0.000" uht="0.291" urt="0.291"
 - "HEAD /api/roms/2/content/myrom.NSP HTTP/1.0" 403
INFO:     [nginx][2024-08-07 09:33:43]  172.18.0.48 - - "HEAD /api/roms/2/content/myrom.NSP HTTP/1.1" 403 0 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.85 Safari/537.37" rt=0.004 uct="0.000" uht="0.003" urt="0.003"
 - "GET /api/roms/2/content/myrom.NSP HTTP/1.0" 403
INFO:     [nginx][2024-08-07 09:33:43]  172.18.0.48 - - "GET /api/roms/2/content/myrom.NSP HTTP/1.1" 403 22 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.85 Safari/537.37" rt=0.002 uct="0.000" uht="0.002" urt="0.003"

Edit:

This can be fixed by setting the url in feeds.py to "url": f"../../roms/{file.id}/content/{file.file_name}",

Pfuenzle avatar Aug 07 '24 09:08 Pfuenzle

With the fix above everything is working correctly on Tinfoil for me. One weird thing is that it doesnt work with nginx as a reverse proxy, only when accessing it directly. With a reverse proxy, tinfoil doesnt even try to connect on startup. But on romm's side everything is working now :)

Pfuenzle avatar Aug 07 '24 10:08 Pfuenzle

Can you try setting the following environment variable for the romm container?

DISABLE_DOWNLOAD_ENDPOINT_AUTH=true

That should disable the authentication requirement for the /roms/{id}/content/{filename} endpoint.

In the meantime, we will improve this by making the Feed endpoint pre-sign the download URLs, so using Tinfoil doesn't require globally disabling authentication for downloads.

adamantike avatar Aug 07 '24 13:08 adamantike

I guess that should work, I can try it later. But making the rom path a relative path in the json returned to tinfoil, like I suggested above, is a better solution IMO. Currently it's hard coded, and tinfoil can't add the username:password parameter there, whereas with the relative path it can add the authentication.

Pfuenzle avatar Aug 07 '24 14:08 Pfuenzle

Can you try setting the following environment variable for the romm container?

DISABLE_DOWNLOAD_ENDPOINT_AUTH=true

That should disable the authentication requirement for the /roms/{id}/content/{filename} endpoint.

In the meantime, we will improve this by making the Feed endpoint pre-sign the download URLs, so using Tinfoil doesn't require globally disabling authentication for downloads.

I did give this a try but unfortunately the nsp download error still appears even when endpoint auth is disabled. I have tried checking out my cloudflared logs to find out why but it's not particularly verbose. Going to see if maybe @Pfuenzle is able to find info in their logs.

Casuallynoted avatar Aug 08 '24 09:08 Casuallynoted

I just tried it out, I still get Error 403 both with my switch and when accessing a Rom directly, even with DISABLE_DOWNLOAD_ENDPOINT_AUTH=true.

The logs dont show anything of interest, only the single request to the rom, which gets returned with a 403

Pfuenzle avatar Aug 08 '24 10:08 Pfuenzle

Closing this as the original issue has been fixed, and we're working on an improved download endpoint that'll also work with tinfoil.

gantoine avatar Aug 18 '24 14:08 gantoine