SABnzbd Forums

Hi,

I'm in the final stages of development of a website that allows users to control their own sabnzbd installs and queue newzbin reports from a consolidated interface. The system can show you whats been released by the scene and query newzbin to find report id's which can then be sent to sabnzbd via the api. It currently integrates newzbin, myepisodes, vcdquality, imdb, tvdb and pre-db irc releases into a cool interface that I think people will like...

However, at the moment users will need to register their usernames/passwords to my system to be able to control their own sabnzbd's which is a bit insecure.

Can a system like MyEpisodes.com be implemented where you can authenticate yourself using your normal username and a different password than your normal sab one which would allow the following access only:

Status info
History info
Queue report
Delete queue item
Move queue item

But have no ability to change any settings or iniate a shutdown or anything else sinistar.

Thanks in advance

Good Luck:
1) Not getting shut down for fully integrating download sources.
2) Convincing people your system is secure. People are going to be entrusting you and your site with their SABnzbd credentials and by extension their Newzbin and News Server credentials.

Now, if you made a straight up content aggregator with send-to-sabnzbd commands and user-controlled customizable RSS feeds, then you'd at least cut out the second problem, since users would have no reason to give you direct access to their installations. The first issue, though . . can't help you there.

Edit: and regarding your actual request, I wouldn't hold your breath there either. We're busy trying to get 0.4.0 out the door, and adding a permissions system just for you doesn't sound too likely to get approved by switch or Shypike.

Let your website offer personalized RSS feeds for the user.
SABnzbd's RSS function will pick up any files in that feed by reading it periodically.

If you mimic the way www.tvnzb.com does it, SABnzbd will work fine.

You password protect your own site by letting users use these kinds of URI:
https://www.yoursite.com/myrss?user=use ... d=password

Good Luck!

inpheaux wrote:1) Not getting shut down for fully integrating download sources.

I'm not planning on making this a big thing and hence on anyone's radar. I've developed the system for myself and was planning on sharing it with other savvy sab users. I could just release the thing itself and let people host it themselves but its a bit complicated with numerous processes running (irc bots, rss scrapers, movie/tv lookup systems etc) on the server all feeding into a database where it then gets munged by the web application.

inpheaux wrote: 2) Convincing people your system is secure. People are going to be entrusting you and your site with their SABnzbd credentials and by extension their Newzbin and News Server credentials.

You do not need to give out newzbin or newsserver credientials. All the system needs is to be able to instruct your sab to go and get a report using the sab api, however to do this I need the sab username / password which currently would allow me to fully login to your sab and see the newzbin / newsserver credentials which is why I want a limited access feature so I can't see it as I don't need to anyway.

inpheaux wrote: Now, if you made a straight up content aggregator with send-to-sabnzbd commands and user-controlled customizable RSS feeds, then you'd at least cut out the second problem, since users would have no reason to give you direct access to their installations. The first issue, though . . can't help you there.

Thats the system in a nutshell apart from the RSS bit. I could make it do that but it would be less responsive and as I've designed the system for myself first and foremost the whole thing is designed with direct sab api access in mind.

pair of dimes wrote: Release the source code maybe? Why would anyone want to manage SABnzbd through your website? Sorry if I missed the point.

I have no problem in releasing the source code but I don't have any time to support it. Its a bit complicated in parts and not really packaged to be installed without a fair bit of technical knowledge.

The reason people might want to manage their sab installs via it is the fact it aggregates lots of different sources of information together in one nice interface to easily and quickly be able to see whats out and worth downloading.

For example, with main movie page shows whats been released in the scene in the last week via an irc bot that listens to predb announcements. A background process goes to imdb to get the plot,poster,ratings etc and then goes to vcdquality to get links to samples & nfo's. It currently also has seperate tabs for XVID,HD,DVDR releases. If you click on a movie release it currently searches newzbin for posts of this release and displays details of the post. Once you find the post you want to click a button and the system instructs sab to go get the report. 

Very nice!
You should be doing a SABnzbd theme like that

That's actually an interesting idea. Instead of having this setup as a seperate webpage, could this be integrated as part of the sab web interface?

It would be pretty hard to convert this into a sab theme as its doing a large amount of stuff behind the scenes to make it all work. I'll look into it though...

Firstly, is it needed for you to store the user's ips, username and passwords yourself and not in a cookie? How are you pushing the data to the users sab interface. Javascript? PHP?

How about this solution. Each SABnzbd client generates an authentication key, some random 15digit long character that when added to the api url will grant access to the things you want:

Queue Status (xml+json)
History Status (currently rss only, xml+json have not been added)
Add a job
Delete a job (not added in api yet)
Move a job (not added in api yet)
Pause queue
Resume queue

They key will appear in config>general for a user to copy and paste into your service.

switch wrote: Firstly, is it needed for you to store the user's ips, username and passwords yourself and not in a cookie? How are you pushing the data to the users sab interface. Javascript? PHP?

I'm currently invoking the sab api via http to add queue items and using the history rss feed for history information. The other controls are done using the sab http calls i.e. /pause etc

switch wrote: How about this solution. Each SABnzbd client generates an authentication key, some random 15digit long character that when added to the api url will grant access to the things you want

That would be perfect and exactly what I'm asking for

i'm just floored at the possibilities, but the hassle is the JSON/XML interface, and the fact that SABnzbd is by default, a local daemon for most users. getting users to hand over their downloading to a remote server would be anathema to the point of having a local, fast controlled service.

there's probably another way, definitely. but as i see it, there's two ways.

you'd likely have to setup a SABnzbd template for the essentials i.e. client API data, queues, download status, etc. and then tie the template into a remote site for the data inside the 'frames' (feasible).
or alternatively, use javascripts on the browser to 'fill in' data, i.e. to form submit the data to be parsed/processed and returned to the server in the next transaction. with AJAX, i don't imagine the client experience will be that strenuous, but it will be slow going waiting for larger and larger queues to be parsed, processed and for the server to compile new code every time.

as a template, you can integrate the same look on the local side as well as the remote side, i.e. add/remove favourites, modify rss feeds, social networking errata, etc. and divorce one's self from any legal issues or privacy issues since the client will be requesting data from an impartial server for "reviews". and RSS feeds, etc.

since you'd likely want a login/password to increase security, reduce odd server load, etc. create two kinds of template, a 'dull' 1-tab version as default for users without a server account, and a 'remote-enabled' template with the full CSS / HTML updated with content from the server once the user has been configured and 'logged in' (i.e. username/pass stored in a cookie with the phpsession id). if you use AJAX, you can reload the page contents on the fly.

I agree with toliman that getting people to share their sabnzbd details might become a hurdle for you.
In fact, the steps exposing sabnzbd to the world might be too much for some people to bother with.

-If you are trying to get people to click something to be added to the download queue, use cookies to store the url+password and javascript to execute the requests in the background.

-If you are trying to automatically push downloads to clients, set them up their own RSS feed they can subscribe too, this has the added benefit of being able to be added to an RSS reader for notifications.

-If you want to display the current download speed and progress, you can again populate that using cookies and javascript to fetch from the api.

I realise you have done a lot of work on it already and I am eager to have a closer look myself, but you might want to address these issues before you go live.

Thanks for the feedback guys. I'm taking it all onboard and having a rethink of how I can let people use a service like I've designed for myself.

I think I'm going to explore the possibility of scraping the direct control for other people's sabs for now and creating personal RSS feeds to tell a remote sab what to download. I'll keep the close integration stuff for my own persoanl use...