Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2025-05-24 02:02:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix ApiKey configuration options

Browse Source
This commit is contained in:
Zoe Roux 2023-03-20 16:07:28 +09:00
parent 9e98bf3532
commit 02214a127c
5 changed files with 25 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
back/src/Kyoo.Authentication/AuthenticationModule.cs
View File

@ -62,15 +62,17 @@ namespace Kyoo.Authentication
public void Configure(IServiceCollection services)
{
string secret = _configuration.GetValue("AUTHENTICATION_SECRET", AuthenticationOption.DefaultSecret);
services.Configure<AuthenticationOption>(x =>
{
x.Secret = secret;
x.Permissions = new PermissionOption
PermissionOption permissions = new()
{
Default = _configuration.GetValue<string>("UNLOGGED_PERMISSIONS", "overall.read").Split(','),
NewUser = _configuration.GetValue<string>("DEFAULT_PERMISSIONS", "overall.read").Split(','),
ApiKeys = _configuration.GetValue("KYOO_APIKEYS", string.Empty).Split(','),
};
services.AddSingleton<PermissionOption>(permissions);
services.AddSingleton<AuthenticationOption>(new AuthenticationOption()
{
Secret = secret,
Permissions = permissions,
});
// TODO handle direct-videos with bearers (probably add a cookie and a app.Use to translate that for videos)

15
back/src/Kyoo.Authentication/Controllers/PermissionValidator.cs
View File

@ -30,7 +30,6 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.Options;
using Microsoft.Extensions.Primitives;
namespace Kyoo.Authentication
@ -44,13 +43,13 @@ namespace Kyoo.Authentication
/// <summary>
/// The permissions options to retrieve default permissions.
/// </summary>
private readonly IOptionsMonitor<PermissionOption> _options;
private readonly PermissionOption _options;
/// <summary>
/// Create a new factory with the given options.
/// </summary>
/// <param name="options">The option containing default values.</param>
public PermissionValidator(IOptionsMonitor<PermissionOption> options)
public PermissionValidator(PermissionOption options)
{
_options = options;
}
@ -90,7 +89,7 @@ namespace Kyoo.Authentication
/// <summary>
/// The permissions options to retrieve default permissions.
/// </summary>
private readonly IOptionsMonitor<PermissionOption> _options;
private readonly PermissionOption _options;
/// <summary>
/// Create a new permission validator with the given options.
@ -103,7 +102,7 @@ namespace Kyoo.Authentication
string permission,
Kind kind,
Group group,
IOptionsMonitor<PermissionOption> options)
PermissionOption options)
{
_permission = permission;
_kind = kind;
@ -117,7 +116,7 @@ namespace Kyoo.Authentication
/// <param name="partialInfo">The partial permission to validate.</param>
/// <param name="group">The group of the permission.</param>
/// <param name="options">The option containing default values.</param>
public PermissionValidatorFilter(object partialInfo, Group? group, IOptionsMonitor<PermissionOption> options)
public PermissionValidatorFilter(object partialInfo, Group? group, PermissionOption options)
{
switch (partialInfo)
{
@ -183,7 +182,7 @@ namespace Kyoo.Authentication
}
else if (res.None)
{
ICollection<string> permissions = _options.CurrentValue.Default ?? Array.Empty<string>();
ICollection<string> permissions = _options.Default ?? Array.Empty<string>();
if (permissions.All(x => x != permStr && x != overallStr))
{
context.Result = _ErrorResult($"Unlogged user does not have permission {permStr} or {overallStr}", StatusCodes.Status401Unauthorized);
@ -199,7 +198,7 @@ namespace Kyoo.Authentication
{
if (!context.HttpContext.Request.Headers.TryGetValue("X-API-Key", out StringValues apiKey))
return AuthenticateResult.NoResult();
if (!_options.CurrentValue.ApiKeys.Contains<string>(apiKey))
if (!_options.ApiKeys.Contains<string>(apiKey))
return AuthenticateResult.Fail("Invalid API-Key.");
return AuthenticateResult.Success(
new AuthenticationTicket(

11
back/src/Kyoo.Authentication/Controllers/TokenController.cs
View File

@ -26,7 +26,6 @@ using System.Text;
using System.Threading.Tasks;
using Kyoo.Abstractions.Models;
using Kyoo.Authentication.Models;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
namespace Kyoo.Authentication
@ -39,13 +38,13 @@ namespace Kyoo.Authentication
/// <summary>
/// The options that this controller will use.
/// </summary>
private readonly IOptions<AuthenticationOption> _options;
private readonly AuthenticationOption _options;
/// <summary>
/// Create a new <see cref="TokenController"/>.
/// </summary>
/// <param name="options">The options that this controller will use.</param>
public TokenController(IOptions<AuthenticationOption> options)
public TokenController(AuthenticationOption options)
{
_options = options;
}
@ -55,7 +54,7 @@ namespace Kyoo.Authentication
{
expireIn = new TimeSpan(1, 0, 0);
SymmetricSecurityKey key = new(Encoding.UTF8.GetBytes(_options.Value.Secret));
SymmetricSecurityKey key = new(Encoding.UTF8.GetBytes(_options.Secret));
SigningCredentials credential = new(key, SecurityAlgorithms.HmacSha256Signature);
string permissions = user.Permissions != null
? string.Join(',', user.Permissions)
@ -80,7 +79,7 @@ namespace Kyoo.Authentication
/// <inheritdoc />
public Task<string> CreateRefreshToken(User user)
{
SymmetricSecurityKey key = new(Encoding.UTF8.GetBytes(_options.Value.Secret));
SymmetricSecurityKey key = new(Encoding.UTF8.GetBytes(_options.Secret));
SigningCredentials credential = new(key, SecurityAlgorithms.HmacSha256Signature);
JwtSecurityToken token = new(
signingCredentials: credential,
@ -99,7 +98,7 @@ namespace Kyoo.Authentication
/// <inheritdoc />
public int GetRefreshTokenUserID(string refreshToken)
{
SymmetricSecurityKey key = new(Encoding.UTF8.GetBytes(_options.Value.Secret));
SymmetricSecurityKey key = new(Encoding.UTF8.GetBytes(_options.Secret));
JwtSecurityTokenHandler tokenHandler = new();
ClaimsPrincipal principal;
try

7
back/src/Kyoo.Authentication/Views/AuthApi.cs
View File

@ -29,7 +29,6 @@ using Kyoo.Authentication.Models;
using Kyoo.Authentication.Models.DTO;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
using static Kyoo.Abstractions.Models.Utils.Constants;
using BCryptNet = BCrypt.Net.BCrypt;
@ -57,7 +56,7 @@ namespace Kyoo.Authentication.Views
/// <summary>
/// The permisson options.
/// </summary>
private readonly IOptionsMonitor<PermissionOption> _permissions;
private readonly PermissionOption _permissions;
/// <summary>
/// Create a new <see cref="AuthApi"/>.
@ -65,7 +64,7 @@ namespace Kyoo.Authentication.Views
/// <param name="users">The repository used to check if the user exists.</param>
/// <param name="token">The token generator.</param>
/// <param name="permissions">The permission opitons.</param>
public AuthApi(IUserRepository users, ITokenController token, IOptionsMonitor<PermissionOption> permissions)
public AuthApi(IUserRepository users, ITokenController token, PermissionOption permissions)
{
_users = users;
_token = token;
@ -124,7 +123,7 @@ namespace Kyoo.Authentication.Views
public async Task<ActionResult<JwtToken>> Register([FromBody] RegisterRequest request)
{
User user = request.ToUser();
user.Permissions = _permissions.CurrentValue.NewUser;
user.Permissions = _permissions.NewUser;
// If no users exists, the new one will be an admin. Give it every permissions.
if (await _users.GetOrDefault(where: x => true) == null)
user.Permissions = PermissionOption.Admin;

6
back/src/Kyoo.Host/HostModule.cs
View File

@ -66,12 +66,6 @@ namespace Kyoo.Host
builder.RegisterComposite<FileSystemComposite, IFileSystem>().InstancePerLifetimeScope();
}
/// <inheritdoc />
public void Configure(IServiceCollection services)
{
services.Configure<BasicOptions>(_configuration.GetSection(BasicOptions.Path));
}
/// <inheritdoc />
public IEnumerable<IStartupAction> ConfigureSteps => new[]
{