Cutlery/Kavita
1
0
Fork 0
mirror of https://github.com/Kareadita/Kavita.git synced 2026-01-20 10:55:54 -05:00
Code Issues Packages Projects Releases Wiki Activity
Kavita/API/Controllers/PluginController.cs
Fesaa bc8eef1353
v0.8.9.1 Hotfix (#4376) 
Co-authored-by: Joe Milazzo <josephmajora@gmail.com>
Co-authored-by: Weblate (bot) <hosted@weblate.org>
Co-authored-by: Adam Havránek <adamhavra@seznam.cz>
Co-authored-by: Aindriú Mac Giolla Eoin <aindriu80@gmail.com>
Co-authored-by: Christophorus Daniel Tegar P <tegar.200503@gmail.com>
Co-authored-by: Frozehunter <frozehunter@me.com>
Co-authored-by: Gregory.Open <gregory.open@proton.me>
Co-authored-by: Havokdan <havokdan@yahoo.com.br>
Co-authored-by: Kovács Gábor <naszalykmb@gmail.com>
Co-authored-by: karigane <169052233+karigane-cha@users.noreply.github.com>
Co-authored-by: lin49931104 <a82122794@gmail.com>
Co-authored-by: Максим Горпиніч <gorpinicmaksim0@gmail.com>
Co-authored-by: 無情天 <kofzhanganguo@126.com>
Co-authored-by: 안세훈 <on9686@gmail.com>
2026-01-18 23:38:42 +01:00

95 lines
4.0 KiB
C#
Raw Blame History

using System;
using System.ComponentModel.DataAnnotations;
using System.Threading.Tasks;
using API.Data;
using API.DTOs;
using API.Entities.Enums;
using API.Middleware;
using API.Services;
using Kavita.Common;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
namespace API.Controllers;
#nullable enable
[SkipDeviceTracking]
public class PluginController(IUnitOfWork unitOfWork, ITokenService tokenService, ILogger<PluginController> logger)
: BaseApiController
{
/// <summary>
/// Authenticate with the Server given an auth key. This will log you in by returning the user object and the JWT token.
/// </summary>
/// <remarks>This API is not fully built out and may require more information in later releases</remarks>
/// <remarks>This will log unauthorized requests to Security log</remarks>
/// <param name="apiKey">Auth key which will be used to authenticate and return a valid user token back</param>
/// <param name="pluginName">Name of the Plugin</param>
/// <returns></returns>
[AllowAnonymous]
[HttpPost("authenticate")]
public async Task<ActionResult<UserDto>> Authenticate([Required] string apiKey, [Required] string pluginName)
{
// NOTE: In order to log information about plugins, we need some Plugin Description information for each request
// Should log into the access table so we can tell the user
var ipAddress = HttpContext.Connection.RemoteIpAddress?.ToString();
var userAgent = HttpContext.Request.Headers.UserAgent;
var userId = await unitOfWork.UserRepository.GetUserIdByAuthKeyAsync(apiKey);
if (userId <= 0)
{
logger.LogInformation("A Plugin ({PluginName}) tried to authenticate with an apiKey that doesn't match. Information {@Information}", pluginName.Replace(Environment.NewLine, string.Empty), new
{
IpAddress = ipAddress,
UserAgent = userAgent,
ApiKey = apiKey
});
throw new KavitaUnauthenticatedUserException();
}
var user = await unitOfWork.UserRepository.GetUserByIdAsync(userId);
logger.LogInformation("Plugin {PluginName} has authenticated with {UserName} ({AppUserId})'s API Key", pluginName.Replace(Environment.NewLine, string.Empty), user!.UserName, userId);
return new UserDto
{
Username = user.UserName!,
Token = await tokenService.CreateToken(user),
RefreshToken = await tokenService.CreateRefreshToken(user),
ApiKey = apiKey,
KavitaVersion = (await unitOfWork.SettingsRepository.GetSettingAsync(ServerSettingKey.InstallVersion)).Value
};
}
/// <summary>
/// Returns the version of the Kavita install
/// </summary>
/// <remarks>This will log unauthorized requests to Security log</remarks>
/// <param name="apiKey">Required for authenticating to get result</param>
/// <returns></returns>
[AllowAnonymous]
[HttpGet("version")]
public async Task<ActionResult<string>> GetVersion([Required] string apiKey)
{
var userId = await unitOfWork.UserRepository.GetUserIdByAuthKeyAsync(apiKey);
if (userId <= 0) throw new KavitaUnauthenticatedUserException();
return Ok((await unitOfWork.SettingsRepository.GetSettingAsync(ServerSettingKey.InstallVersion)).Value);
}
/// <summary>
/// Returns the expiration (UTC) of the authenticated Auth key (or null if none set)
/// </summary>
/// <remarks>Will always return null if the Auth Key does not belong to this account</remarks>
/// <returns></returns>
[HttpGet("authkey-expires")]
public async Task<ActionResult<DateTime?>> GetAuthKeyExpiration()
{
var authKey = AuthKey;
if (string.IsNullOrEmpty(authKey))
return BadRequest();
var exp = await unitOfWork.UserRepository.GetAuthKeyExpiration(authKey, UserId);
return Ok(new { ExpiresAt = exp?.ToUniversalTime() });
}
}
Reference in New Issue View Git Blame Copy Permalink