mirror/navidrome
1
0
Fork 0
mirror of https://github.com/navidrome/navidrome.git synced 2026-03-02 05:46:24 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
60a9fd61ba1b95795666d3ce1c124d94831ff2dd
navidrome/plugins/examples/wikimedia
History
Deluan Quintão 652c27690b feat(plugins): add HTTP host service (#5095) 
* feat(httpclient): implement HttpClient service for outbound HTTP requests in plugins

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(httpclient): enhance SSRF protection by validating host requests against private IPs

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(httpclient): support DELETE requests with body in HttpClient service

Signed-off-by: Deluan <deluan@navidrome.org>

* feat(httpclient): refactor HTTP client initialization and enhance redirect handling

Signed-off-by: Deluan <deluan@navidrome.org>

* refactor(http): standardize naming conventions for HTTP types and methods

Signed-off-by: Deluan <deluan@navidrome.org>

* refactor example plugin to use host.HTTPSend for improved error management

Signed-off-by: Deluan <deluan@navidrome.org>

* fix(plugins): fix IPv6 SSRF bypass and wildcard host matching

Fix two bugs in the plugin HTTP/WebSocket host validation:

1. extractHostname now strips IPv6 brackets when no port is present
(e.g. "[::1]" → "::1"). Previously, net.SplitHostPort failed for
bracketed IPv6 without a port, leaving brackets intact. This caused
net.ParseIP to return nil, bypassing the private/loopback SSRF guard.

2. matchHostPattern now treats "*" as an allow-all pattern. Previously,
a bare "*" only matched via exact equality, so plugins declaring
requiredHosts: ["*"] (like webhook-rs) had all requests rejected.

---------

Signed-off-by: Deluan <deluan@navidrome.org>
2026-02-24 14:28:36 -05:00
..
go.mod
feat(plugins): New Plugin System with multi-language PDK support (#4833)
2026-01-14 19:22:48 -05:00
go.sum
feat(plugins): New Plugin System with multi-language PDK support (#4833)
2026-01-14 19:22:48 -05:00
main.go
feat(plugins): add HTTP host service (#5095)
2026-02-24 14:28:36 -05:00
manifest.json
feat(plugins): New Plugin System with multi-language PDK support (#4833)
2026-01-14 19:22:48 -05:00
prepare.sh
feat(plugins): New Plugin System with multi-language PDK support (#4833)
2026-01-14 19:22:48 -05:00
README.md
feat(plugins): New Plugin System with multi-language PDK support (#4833)
2026-01-14 19:22:48 -05:00
xtp.toml
feat(plugins): New Plugin System with multi-language PDK support (#4833)
2026-01-14 19:22:48 -05:00

README.md

Wikimedia Plugin for Navidrome

A Navidrome plugin that fetches artist metadata from Wikidata, DBpedia, and Wikipedia.

Generating the Plugin

This plugin was generated using the XTP CLI:

xtp plugin init \
  --schema-file plugins/schemas/metadata_agent.yaml \
  --template go \
  --path ./wikimedia \
  --name wikimedia-plugin

Features

  • Artist URL: Fetches Wikipedia URL for an artist using Wikidata (by MBID or name), DBpedia, or falls back to a Wikipedia search URL
  • Artist Biography: Fetches the introductory text from the artist's Wikipedia page
  • Artist Images: Fetches artist images from Wikidata

Building

Using TinyGo

tinygo build -target wasip1 -buildmode=c-shared -o plugin.wasm .
zip -j wikimedia.ndp manifest.json plugin.wasm

Using the Makefile

From the plugins/examples directory:

make wikimedia.ndp

Using XTP CLI

xtp plugin build
zip -j wikimedia.ndp manifest.json dist/plugin.wasm

Installation

Copy the .ndp file to your Navidrome plugins folder:

cp wikimedia.ndp /path/to/navidrome/plugins/

Then enable plugins in your navidrome.toml:

[Plugins]
Enabled = true
Folder = "/path/to/navidrome/plugins"

Add the plugin to your agents list:

Agents = "lastfm,spotify,wikimedia"

Testing with Extism CLI

Install the Extism CLI:

brew install extism/tap/extism  # macOS
# or see https://extism.org/docs/install for other platforms

Extract the wasm file from the package and test:

# Extract wasm from package
unzip -p wikimedia.ndp plugin.wasm > wikimedia.wasm

# Test artist URL lookup with MBID (The Beatles)
extism call wikimedia.wasm nd_get_artist_url --wasi \
  --input '{"id":"1","name":"The Beatles","mbid":"b10bbbfc-cf9e-42e0-be17-e2c3e1d2600d"}' \
  --allow-host "query.wikidata.org"

Expected output:

{"url":"https://en.wikipedia.org/wiki/The_Beatles"}

Test artist biography

extism call wikimedia.wasm nd_get_artist_biography --wasi \
  --input '{"id":"1","name":"The Beatles","mbid":"b10bbbfc-cf9e-42e0-be17-e2c3e1d2600d"}' \
  --allow-host "query.wikidata.org" \
  --allow-host "en.wikipedia.org"

Test artist images

extism call wikimedia.wasm nd_get_artist_images --wasi \
  --input '{"id":"1","name":"The Beatles","mbid":"b10bbbfc-cf9e-42e0-be17-e2c3e1d2600d"}' \
  --allow-host "query.wikidata.org"

Expected output:

{"images":[{"url":"http://commons.wikimedia.org/wiki/Special:FilePath/Beatles%20ad%201965%20just%20the%20beatles%20crop.jpg","size":0}]}

Project Structure

wikimedia/
├── main.go       # Plugin implementation with Wikimedia API logic
├── pdk.gen.go    # Generated types and export wrappers (DO NOT EDIT)
├── go.mod        # Go module file
├── go.sum        # Go module checksums
├── prepare.sh    # Build preparation script
└── xtp.toml      # XTP plugin configuration

API Endpoints Used

Service Endpoint Purpose
Wikidata https://query.wikidata.org/sparql SPARQL queries for Wikipedia URLs and images
DBpedia https://dbpedia.org/sparql Fallback SPARQL queries for Wikipedia URLs and short bios
Wikipedia https://en.wikipedia.org/w/api.php MediaWiki API for article extracts

Implemented Functions

Function Description
nd_manifest Returns plugin manifest with HTTP permissions
nd_get_artist_url Returns Wikipedia URL for an artist
nd_get_artist_biography Returns artist biography from Wikipedia
nd_get_artist_images Returns artist image URLs from Wikidata
Reference in New Issue View Git Blame Copy Permalink