diff --git a/Kyoo/Models/IdentityContext.cs b/Kyoo/Models/IdentityContext.cs index 207b1b84..204dff89 100644 --- a/Kyoo/Models/IdentityContext.cs +++ b/Kyoo/Models/IdentityContext.cs @@ -29,7 +29,7 @@ namespace Kyoo AllowOfflineAccess = true, RequireClientSecret = false, RequireConsent = false, - AccessTokenType = AccessTokenType.Reference, + AccessTokenType = AccessTokenType.Jwt, AllowedScopes = { "openid", "profile", "kyoo.read", "kyoo.write", "kyoo.play", "kyoo.download", "kyoo.admin" }, RedirectUris = { "/", "/silent" }, PostLogoutRedirectUris = { "/logout" } diff --git a/Kyoo/Startup.cs b/Kyoo/Startup.cs index 7acfcf68..332d6f0c 100644 --- a/Kyoo/Startup.cs +++ b/Kyoo/Startup.cs @@ -3,6 +3,7 @@ using Kyoo.Api; using Kyoo.Controllers; using Kyoo.Models; using Microsoft.AspNetCore.Authentication; +using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Identity; @@ -26,16 +27,14 @@ namespace Kyoo // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { - // services.AddSpaStaticFiles(configuration => - // { - // configuration.RootPath = "wwwroot"; - // }); - // - // services.AddControllers().AddNewtonsoftJson(); - // services.AddHttpClient(); - // - // string publicUrl = Configuration.GetValue("public_url"); - // + services.AddSpaStaticFiles(configuration => + { + configuration.RootPath = "wwwroot"; + }); + + services.AddControllers().AddNewtonsoftJson(); + services.AddHttpClient(); + services.AddDbContext(options => { options.UseLazyLoadingProxies() @@ -74,31 +73,22 @@ namespace Kyoo .AddProfileService() .AddDeveloperSigningCredential(); // TODO remove the developer signin - services.AddAuthentication() - .AddIdentityServerJwt(); - - // services.ConfigureApplicationCookie(options => - // { - // options.Events.OnRedirectToAccessDenied = context => - // { - // context.Response.StatusCode = (int)HttpStatusCode.Forbidden; - // return Task.CompletedTask; - // }; - // options.Events.OnRedirectToLogin = context => - // { - // context.Response.StatusCode = (int)HttpStatusCode.Unauthorized; - // return Task.CompletedTask; - // }; - // }); + services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) + .AddJwtBearer(options => + { + options.Authority = publicUrl; + options.Audience = "Kyoo"; + options.RequireHttpsMetadata = false; + }); - // services.AddAuthorization(options => - // { - // options.AddPolicy("Read", policy => policy.RequireClaim("read")); - // options.AddPolicy("Write", policy => policy.RequireClaim("write")); - // options.AddPolicy("Play", policy => policy.RequireClaim("play")); - // options.AddPolicy("Download", policy => policy.RequireClaim("download")); - // options.AddPolicy("Admin", policy => policy.RequireClaim("admin")); - // }); + services.AddAuthorization(options => + { + options.AddPolicy("Read", policy => policy.RequireClaim("read")); + options.AddPolicy("Write", policy => policy.RequireClaim("write")); + options.AddPolicy("Play", policy => policy.RequireClaim("play")); + options.AddPolicy("Download", policy => policy.RequireClaim("download")); + options.AddPolicy("Admin", policy => policy.RequireClaim("admin")); + }); services.AddScoped(); services.AddScoped(); @@ -123,18 +113,18 @@ namespace Kyoo app.UseHsts(); } - // app.Use((ctx, next) => - // { - // ctx.Response.Headers.Remove("X-Powered-By"); - // ctx.Response.Headers.Remove("Server"); - // ctx.Response.Headers.Add("Feature-Policy", "autoplay 'self'; fullscreen"); - // ctx.Response.Headers.Add("Content-Security-Policy", "default-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' 'unsafe-inline'"); - // ctx.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN"); - // ctx.Response.Headers.Add("Referrer-Policy", "no-referrer"); - // ctx.Response.Headers.Add("Access-Control-Allow-Origin", "null"); - // ctx.Response.Headers.Add("X-Content-Type-Options", "nosniff"); - // return next(); - // }); + app.Use((ctx, next) => + { + ctx.Response.Headers.Remove("X-Powered-By"); + ctx.Response.Headers.Remove("Server"); + ctx.Response.Headers.Add("Feature-Policy", "autoplay 'self'; fullscreen"); + ctx.Response.Headers.Add("Content-Security-Policy", "default-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' 'unsafe-inline'"); + ctx.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN"); + ctx.Response.Headers.Add("Referrer-Policy", "no-referrer"); + ctx.Response.Headers.Add("Access-Control-Allow-Origin", "null"); + ctx.Response.Headers.Add("X-Content-Type-Options", "nosniff"); + return next(); + }); app.UseStaticFiles(); if (!env.IsDevelopment()) diff --git a/Kyoo/Views/WebClient b/Kyoo/Views/WebClient index 3f17ec96..92924ddf 160000 --- a/Kyoo/Views/WebClient +++ b/Kyoo/Views/WebClient @@ -1 +1 @@ -Subproject commit 3f17ec96dac6cc641b875a0e3b201b8b75336d6d +Subproject commit 92924ddfb62306c3e6ed7fe6462317f920686962 diff --git a/Kyoo/appsettings.json b/Kyoo/appsettings.json index fe56e208..9a363b0f 100644 --- a/Kyoo/appsettings.json +++ b/Kyoo/appsettings.json @@ -4,7 +4,7 @@ "https_port": 44300, "Logging": { "LogLevel": { - "Default": "Information", + "Default": "Trace", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" }