Skip to content

Refactor API security handling and enhance metadata endpoint#464

Merged
michael-j-green merged 10 commits into
mainfrom
bump
Jul 3, 2026
Merged

Refactor API security handling and enhance metadata endpoint#464
michael-j-green merged 10 commits into
mainfrom
bump

Conversation

@michael-j-green

Copy link
Copy Markdown
Member

Update package versions and refactor the Swagger security requirements to streamline API key handling. Introduce a new endpoint for fetching game metadata from ScreenScraper, with improved response handling and XML support. Sanitize media URLs and update resource naming conventions for clarity and compatibility.

… Endpoint

- Updated the AuthorizationOperationFilter to streamline the handling of API key attributes and service filters, reducing redundancy in security requirement checks.
- Introduced a new method to create a security reference document for API keys, enhancing the Swagger documentation.
- Added a new endpoint in MetadataProxyController for fetching game metadata from ScreenScraper by game ID or checksum, including detailed XML comments for API documentation.
- Implemented logic to handle multiple identifier types (gameid, crc, md5, sha1) and return appropriate metadata or error responses.
- Enhanced Swagger configuration in StartupExtensions to apply security definitions for API keys.
…L response format

- Added logic to strip sensitive login details from media URLs in the response.
- Rewrote media URLs to point to a local cache instead of the original URLs.
- Implemented XML serialization for the response when requested, defaulting to JSON otherwise.
…rce access patterns

- Refactored embedded resource naming to follow the new namespace convention `hasheous_lib.Schema.` and `hasheous_lib.Support.`.
- Updated resource access patterns to ensure compatibility with the new naming scheme.
- Adjusted related documentation to reflect these changes and ensure clarity for future resource additions.
Copilot AI review requested due to automatic review settings July 2, 2026 15:05
@michael-j-green michael-j-green self-assigned this Jul 2, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refactors how API security requirements are represented in Swagger/OpenAPI, introduces a shared proxy cache manager for media/bundle caching (local + S3 fallback), and adds new ScreenScraper proxy endpoints for game metadata and media retrieval. It also updates several package versions and extends configuration/maintenance to support the new caching behavior.

Changes:

  • Refactor Swagger security requirement detection and scheme referencing for API key–based auth.
  • Replace per-endpoint local/S3 cache logic with a centralized ProxyCacheManager, and wire cache maintenance into hourly maintenance.
  • Add ScreenScraper proxy endpoints (jeuInfos.php, systemesListe.php, media*.php) with URL sanitization and optional XML output.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 14 comments.

Show a summary per file
File Description
hasheous/StartupExtensions.cs Small SwaggerGen registration tweak (static lambda) and comment clarifying security definitions.
hasheous/Controllers/V1.0/MetadataProxyController.cs Refactors IGDB/TheGamesDB/GiantBomb media caching to use ProxyCacheManager; adds ScreenScraper proxy endpoints and response shaping.
hasheous-lib/hasheous-lib.csproj Bumps package versions (AWS S3 SDK, Redis, hasheous-client, gaseous-signature-parser).
hasheous-lib/Classes/SwaggerSecurityRequirements.cs Updates Swagger operation filter logic for detecting API-key requirements and uses scheme references.
hasheous-lib/Classes/SwaggerIDocumentFilter.cs Adjusts security scheme reference to use the active OpenAPI document.
hasheous-lib/Classes/ProxyCacheManager.cs New centralized cache helper: download+cache, local/S3 read fallback, and tiered local eviction.
hasheous-lib/Classes/Metadata/ScreenScraper/IMetadata_ScreenScraper.cs Refactors platform search method name, extracts reusable API download helper, and adds a ScreenScraper media endpoint builder.
hasheous-lib/Classes/Maintenance.cs Runs proxy cache maintenance as part of hourly maintenance.
hasheous-lib/Classes/Config.cs Adds persisted config for proxy cache policies (Policies) and a convenience accessor (Config.CachePolicies).

Comment thread hasheous-lib/Classes/ProxyCacheManager.cs Outdated
Comment thread hasheous-lib/Classes/ProxyCacheManager.cs
Comment thread hasheous/Controllers/V1.0/MetadataProxyController.cs
Comment thread hasheous/Controllers/V1.0/MetadataProxyController.cs
Comment thread hasheous/Controllers/V1.0/MetadataProxyController.cs
Comment thread hasheous/Controllers/V1.0/MetadataProxyController.cs Outdated
}

string resourcePath = $"Images/{systemeid}/{jeuid}/{media}.{extension}";
string url = Classes.MetadataLib.MetadataScreenScraper.ssMedia.Endpoint(jeuid, systemeid, media, null);
Comment on lines +1454 to +1458
var cachedStream = await ProxyCacheManager.ResolveReadAsync("Screenscraper", resourcePath, CachePolicyType.Media, mimeType);
if (cachedStream != null)
{
return File(cachedStream.Stream, mimeType);
}
Comment on lines +1461 to +1465
var fileStream = await ProxyCacheManager.DownloadAndCacheAsync(url, "Screenscraper", resourcePath, CachePolicyType.Media, mimeType, HttpContext);
if (fileStream != null)
{
return File(fileStream.Stream, mimeType);
}
- Added instructions for registering response disposal wrappers in ProxyCacheManager to prevent resource leaks.
- Introduced tiered cache policy configuration details, including retention settings for media and bundles.
- Documented new ScreenScraper proxy routes for metadata retrieval and media caching.
- Clarified maintenance tasks for proxy cache policy and updated job scheduling details.
- Included sensitive credential handling for ScreenScraper queries in response shaping.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated 9 comments.

Comment on lines +1247 to +1250
if (metadataItem != null && !string.IsNullOrEmpty(metadataItem.ImmutableId))
{
gameid = long.Parse(metadataItem.ImmutableId);
}
IActionResult? cachedResult = await TryServeFromLocalOrS3Async(imageFile, s3Key, "image/jpeg");
if (cachedResult != null)
// strip all media urls of login details since screenscraper requires credentials in the url, and we don't want to expose that in the response
foreach (var media in gameItem.medias)
return cachedResult;
if (!string.IsNullOrEmpty(media.url))
{
string endpointUrl = Classes.MetadataLib.MetadataScreenScraper.ssMedia.Endpoint((long)gameItem.id, long.Parse(gameItem.systeme.id), media.type, media.region);
}

string resourcePath = $"Images/{systemeid}/{jeuid}/{media}.{extension}";
string url = Classes.MetadataLib.MetadataScreenScraper.ssMedia.Endpoint(jeuid, systemeid, media, null);
Comment on lines +5 to +8
using System.Threading;
using System.Threading.Tasks;
using hasheous_server.Classes;
using Microsoft.AspNetCore.Http;
Comment on lines +1212 to +1215
[HttpGet]
[ProducesResponseType(typeof(hasheous_server.Classes.MetadataLib.MetadataScreenScraper.GameItem), StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
[Route("ScreenScraper/jeuInfos.php")]
Comment on lines +1370 to +1373
[HttpGet]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
[Route("ScreenScraper/media{endpoint}.php")]

#region ScreenScraper
/// <summary>
/// Get game metadata from ScreenScraper by game ID or checksum (CRC, MD5, SHA1). Returns a response containing game metadata, mirroring the response from the jueInfos.php endpoint of ScreenScraper. If multiple identifiers are provided, the order of precedence is: gameid > md5 > sha1> crc. If no identifiers are provided, a BadRequest response will be returned.
Comment on lines +775 to +777
string endpointName = "";
switch (type)
{
@michael-j-green michael-j-green added the enhancement New feature or request label Jul 3, 2026
@michael-j-green michael-j-green merged commit b5c42c3 into main Jul 3, 2026
7 checks passed
@michael-j-green michael-j-green deleted the bump branch July 3, 2026 10:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants