mirror of
https://github.com/jellyfin/jellyfin.git
synced 2026-04-17 15:53:42 +01:00
Add authentication and remove versioning
This commit is contained in:
Claus Vium
@@ -47,6 +47,10 @@ using Emby.Server.Implementations.Session;
|
||||
using Emby.Server.Implementations.SocketSharp;
|
||||
using Emby.Server.Implementations.TV;
|
||||
using Emby.Server.Implementations.Updates;
|
||||
using Jellyfin.Api.Auth;
|
||||
using Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy;
|
||||
using Jellyfin.Api.Auth.RequiresElevationPolicy;
|
||||
using Jellyfin.Api.Controllers;
|
||||
using MediaBrowser.Api;
|
||||
using MediaBrowser.Common;
|
||||
using MediaBrowser.Common.Configuration;
|
||||
@@ -104,11 +108,14 @@ using MediaBrowser.Providers.Subtitles;
|
||||
using MediaBrowser.Providers.TV.TheTVDB;
|
||||
using MediaBrowser.WebDashboard.Api;
|
||||
using MediaBrowser.XbmcMetadata.Providers;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Http.Extensions;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.AspNetCore.Mvc.Authorization;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.DependencyInjection.Extensions;
|
||||
@@ -660,25 +667,45 @@ namespace Emby.Server.Implementations
|
||||
services.AddHttpContextAccessor();
|
||||
services.AddMvc(opts =>
|
||||
{
|
||||
opts.UseGeneralRoutePrefix("emby", "emby/emby", "api/v{version:apiVersion}");
|
||||
var policy = new AuthorizationPolicyBuilder()
|
||||
.RequireAuthenticatedUser()
|
||||
.Build();
|
||||
opts.Filters.Add(new AuthorizeFilter(policy));
|
||||
opts.EnableEndpointRouting = false;
|
||||
opts.UseGeneralRoutePrefix(ServerConfigurationManager.Configuration.BaseUrl.TrimStart('/'));
|
||||
})
|
||||
.SetCompatibilityVersion(CompatibilityVersion.Version_2_2)
|
||||
.AddApplicationPart(Assembly.Load("Jellyfin.Api"));
|
||||
services.AddApiVersioning(opt => opt.ReportApiVersions = true);
|
||||
.ConfigureApplicationPartManager(a => a.ApplicationParts.Clear()) // Clear app parts to avoid other assemblies being picked up
|
||||
.AddApplicationPart(typeof(StartupController).Assembly)
|
||||
.AddControllersAsServices();
|
||||
services.AddSwaggerGen(c =>
|
||||
{
|
||||
c.SwaggerDoc("v1", new OpenApiInfo { Title = "Jellyfin API", Version = "v1" });
|
||||
c.DocInclusionPredicate((docName, apiDesc) =>
|
||||
{
|
||||
if (!apiDesc.TryGetMethodInfo(out var methodInfo))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
});
|
||||
|
||||
// A bit of a hack to make Swagger pick the versioned endpoints instead of the legacy emby endpoints
|
||||
return methodInfo.DeclaringType?.BaseType == typeof(ControllerBase) &&
|
||||
apiDesc.RelativePath.Contains("api/v");
|
||||
});
|
||||
services.AddSingleton<IAuthorizationHandler, FirstTimeSetupOrElevatedHandler>();
|
||||
services.AddSingleton<IAuthorizationHandler, RequiresElevationHandler>();
|
||||
|
||||
// configure custom legacy authentication
|
||||
services.AddAuthentication("CustomAuthentication")
|
||||
.AddScheme<AuthenticationSchemeOptions, CustomAuthenticationHandler>("CustomAuthentication", null);
|
||||
|
||||
services.AddAuthorizationCore(options =>
|
||||
{
|
||||
options.AddPolicy(
|
||||
"RequiresElevation",
|
||||
policy =>
|
||||
{
|
||||
policy.AddAuthenticationSchemes("CustomAuthentication");
|
||||
policy.AddRequirements(new RequiresElevationRequirement());
|
||||
});
|
||||
options.AddPolicy(
|
||||
"FirstTimeSetupOrElevated",
|
||||
policy =>
|
||||
{
|
||||
policy.AddAuthenticationSchemes("CustomAuthentication");
|
||||
policy.AddRequirements(new FirstTimeSetupOrElevatedRequirement());
|
||||
});
|
||||
});
|
||||
|
||||
// Merge the external ServiceCollection into ASP.NET DI
|
||||
@@ -686,6 +713,7 @@ namespace Emby.Server.Implementations
|
||||
})
|
||||
.Configure(app =>
|
||||
{
|
||||
app.UseDeveloperExceptionPage();
|
||||
app.UseSwagger();
|
||||
|
||||
// Enable middleware to serve swagger-ui (HTML, JS, CSS, etc.),
|
||||
@@ -698,9 +726,9 @@ namespace Emby.Server.Implementations
|
||||
app.UseWebSockets();
|
||||
|
||||
app.UseResponseCompression();
|
||||
|
||||
// TODO app.UseMiddleware<WebSocketMiddleware>();
|
||||
app.Use(ExecuteWebsocketHandlerAsync);
|
||||
//app.UseAuthentication();
|
||||
app.UseMvc();
|
||||
app.Use(ExecuteHttpHandlerAsync);
|
||||
})
|
||||
@@ -938,7 +966,7 @@ namespace Emby.Server.Implementations
|
||||
serviceCollection.AddSingleton<IAuthorizationContext>(authContext);
|
||||
serviceCollection.AddSingleton<ISessionContext>(new SessionContext(UserManager, authContext, SessionManager));
|
||||
|
||||
AuthService = new AuthService(authContext, ServerConfigurationManager, SessionManager, NetworkManager);
|
||||
AuthService = new AuthService(LoggerFactory, authContext, ServerConfigurationManager, SessionManager, NetworkManager);
|
||||
serviceCollection.AddSingleton(AuthService);
|
||||
|
||||
SubtitleEncoder = new MediaBrowser.MediaEncoding.Subtitles.SubtitleEncoder(LibraryManager, LoggerFactory, ApplicationPaths, FileSystemManager, MediaEncoder, JsonSerializer, HttpClient, MediaSourceManager, ProcessFactory);
|
||||
|
||||
@@ -21,6 +21,9 @@
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="IPNetwork2" Version="2.4.0.126" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication" Version="2.2.0" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authorization" Version="3.0.0" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authorization.Policy" Version="2.2.0" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="2.2.0" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Hosting" Version="2.2.7" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Hosting.Abstractions" Version="2.2.0" />
|
||||
@@ -38,7 +41,7 @@
|
||||
<PackageReference Include="ServiceStack.Text.Core" Version="5.6.0" />
|
||||
<PackageReference Include="sharpcompress" Version="0.24.0" />
|
||||
<PackageReference Include="SQLitePCL.pretty.netstandard" Version="2.0.1" />
|
||||
<PackageReference Include="Swashbuckle.AspNetCore" Version="5.0.0-rc2" />
|
||||
<PackageReference Include="Swashbuckle.AspNetCore" Version="5.0.0-rc4" />
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using System;
|
||||
using System.Linq;
|
||||
using Emby.Server.Implementations.SocketSharp;
|
||||
using MediaBrowser.Common.Net;
|
||||
using MediaBrowser.Controller.Configuration;
|
||||
using MediaBrowser.Controller.Entities;
|
||||
@@ -7,22 +8,27 @@ using MediaBrowser.Controller.Net;
|
||||
using MediaBrowser.Controller.Security;
|
||||
using MediaBrowser.Controller.Session;
|
||||
using MediaBrowser.Model.Services;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.Extensions.Logging;
|
||||
|
||||
namespace Emby.Server.Implementations.HttpServer.Security
|
||||
{
|
||||
public class AuthService : IAuthService
|
||||
{
|
||||
private readonly ILogger<AuthService> _logger;
|
||||
private readonly IAuthorizationContext _authorizationContext;
|
||||
private readonly ISessionManager _sessionManager;
|
||||
private readonly IServerConfigurationManager _config;
|
||||
private readonly INetworkManager _networkManager;
|
||||
|
||||
public AuthService(
|
||||
ILoggerFactory loggerFactory,
|
||||
IAuthorizationContext authorizationContext,
|
||||
IServerConfigurationManager config,
|
||||
ISessionManager sessionManager,
|
||||
INetworkManager networkManager)
|
||||
{
|
||||
_logger = loggerFactory.CreateLogger<AuthService>();
|
||||
_authorizationContext = authorizationContext;
|
||||
_config = config;
|
||||
_sessionManager = sessionManager;
|
||||
@@ -34,7 +40,14 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
ValidateUser(request, authAttribtues);
|
||||
}
|
||||
|
||||
private void ValidateUser(IRequest request, IAuthenticationAttributes authAttribtues)
|
||||
public User Authenticate(HttpRequest request, IAuthenticationAttributes authAttributes)
|
||||
{
|
||||
var req = new WebSocketSharpRequest(request, null, request.Path, _logger);
|
||||
var user = ValidateUser(req, authAttributes);
|
||||
return user;
|
||||
}
|
||||
|
||||
private User ValidateUser(IRequest request, IAuthenticationAttributes authAttribtues)
|
||||
{
|
||||
// This code is executed before the service
|
||||
var auth = _authorizationContext.GetAuthorizationInfo(request);
|
||||
@@ -81,6 +94,8 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
request.RemoteIp,
|
||||
user);
|
||||
}
|
||||
|
||||
return user;
|
||||
}
|
||||
|
||||
private void ValidateUserAccess(
|
||||
|
||||
@@ -12,7 +12,7 @@ namespace Emby.Server.Implementations
|
||||
opts.Conventions.Insert(0, new RoutePrefixConvention(prefixes));
|
||||
}
|
||||
|
||||
internal class RoutePrefixConvention : IApplicationModelConvention
|
||||
private class RoutePrefixConvention : IApplicationModelConvention
|
||||
{
|
||||
private readonly AttributeRouteModel[] _routePrefixes;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user