diff --git a/.env.example b/.env.example index b286a66d..c433d1dd 100644 --- a/.env.example +++ b/.env.example @@ -11,27 +11,15 @@ LIBRARY_LANGUAGES=en # A pattern (regex) to ignore video files. LIBRARY_IGNORE_PATTERN=".*/[dD]ownloads?/.*" - -# Available modes: open, logged, verif, invite -# open means anyone can use your instance, even without an account (guest mode is enabled). To specify guest permissions, see UNLOGGED_PERMISSIONS. -# verif means anyone can create an account but their account needs to be manually verified by an admin before they can use kyoo -# invite means only created and verified accounts can access your instance. to allow someone else to use your instance, you need to invite them. -SECURITY_MODE=verif - -# Specify permissions of guest accounts. By default, if security mode is not open, this is empty. -# You can specify this even if security mode is not open to allow guests users to see your -# collection without behing able to play videos for example. -# Default if SECURITY_MODE is open: +# If this is true, new accounts wont have any permissions before you approve them in your admin dashboard. +REQUIRE_ACCOUNT_VERIFICATION=true +# Specify permissions of guest accounts, default is no permissions but you can allow anyone to use your instance without account by doing: # UNLOGGED_PERMISSIONS=overall.read,overall.play -# Default if SECURITY_MODE is not open: -# UNLOGGED_PERMISSIONS= -# To allow anyone to browse your collection but prevent them from playing a video: +# You can specify this to allow guests users to see your collection without behing able to play videos for example: # UNLOGGED_PERMISSIONS=overall.read - # Specify permissions of new accounts. # DEFAULT_PERMISSIONS=overall.read,overall.play - # Hardware transcoding (equivalent of --profile docker compose option). COMPOSE_PROFILES= # vaapi or qsv or nvidia # the preset used during transcode. faster means worst quality, you can probably use a slower preset with hwaccels diff --git a/back/src/Kyoo.Authentication/AuthenticationModule.cs b/back/src/Kyoo.Authentication/AuthenticationModule.cs index aedf4bd5..c1859c7f 100644 --- a/back/src/Kyoo.Authentication/AuthenticationModule.cs +++ b/back/src/Kyoo.Authentication/AuthenticationModule.cs @@ -69,11 +69,16 @@ namespace Kyoo.Authentication PermissionOption options = new() { - Default = _configuration.GetValue("UNLOGGED_PERMISSIONS", "")!.Split(','), + Default = _configuration + .GetValue("UNLOGGED_PERMISSIONS", "overall.read,overall.play")! + .Split(','), NewUser = _configuration .GetValue("DEFAULT_PERMISSIONS", "overall.read,overall.play")! .Split(','), - SecurityMode = _configuration.GetValue("SECURITY_MODE", SecurityMode.Verif), + RequireVerification = _configuration.GetValue( + "REQUIRE_ACCOUNT_VERIFICATION", + true + ), PublicUrl = _configuration.GetValue("PUBLIC_URL") ?? "http://localhost:8901", ApiKeys = _configuration.GetValue("KYOO_APIKEYS", string.Empty)!.Split(','), @@ -128,16 +133,9 @@ namespace Kyoo.Authentication return acc; } return acc; - } + } ), }; - if (!options.Default.Any()) - { - options.Default = - options.SecurityMode == SecurityMode.Open - ? new string[] {"overall.read", "overall.play"} - : Array.Empty(); - } services.AddSingleton(options); services.AddSingleton( new AuthenticationOption() { Secret = secret, Permissions = options, } diff --git a/back/src/Kyoo.Authentication/Models/DTO/ServerInfo.cs b/back/src/Kyoo.Authentication/Models/DTO/ServerInfo.cs index 519c48e7..9a581ed9 100644 --- a/back/src/Kyoo.Authentication/Models/DTO/ServerInfo.cs +++ b/back/src/Kyoo.Authentication/Models/DTO/ServerInfo.cs @@ -32,20 +32,15 @@ public class ServerInfo /// public string PublicUrl { get; set; } - /// - /// Which security mode was chosen for this instance. - /// - public SecurityMode SecurityMode { get; set; } - /// /// True if guest accounts are allowed on this instance. /// public bool AllowGuests { get; set; } /// - /// True if a user is able to register. + /// True if new users needs to be verifed. /// - public bool AllowRegister { get; set; } + public bool RequireVerification { get; set; } /// /// The list of permissions available for the guest account. diff --git a/back/src/Kyoo.Authentication/Models/Options/PermissionOption.cs b/back/src/Kyoo.Authentication/Models/Options/PermissionOption.cs index d122caa7..5dd06ecd 100644 --- a/back/src/Kyoo.Authentication/Models/Options/PermissionOption.cs +++ b/back/src/Kyoo.Authentication/Models/Options/PermissionOption.cs @@ -23,27 +23,6 @@ using Kyoo.Abstractions.Models.Permissions; namespace Kyoo.Authentication.Models; -public enum SecurityMode -{ - /// - /// Anyone can use your instance, even without an account (guest mode is enabled). - /// To specify guest permissions, see UNLOGGED_PERMISSIONS. - /// - Open, - - /// - /// Anyone can create an account but their account needs to be manually verified - /// by an admin before they can use kyoo. - /// - Verif, - - /// - /// Only created and verified accounts can access your instance. To allow someone else - /// to use your instance, you need to invite them. - /// - Invite, -} - /// /// Permission options. /// @@ -55,9 +34,9 @@ public class PermissionOption public const string Path = "authentication:permissions"; /// - /// Which security mode was chosen for this instance. + /// True if new users needs to be verifed. /// - public SecurityMode SecurityMode { get; set; } + public bool RequireVerification { get; set; } /// /// The default permissions that will be given to a non-connected user. diff --git a/back/src/Kyoo.Authentication/Views/InfoApi.cs b/back/src/Kyoo.Authentication/Views/InfoApi.cs index b1b7069a..ceb8ab4e 100644 --- a/back/src/Kyoo.Authentication/Views/InfoApi.cs +++ b/back/src/Kyoo.Authentication/Views/InfoApi.cs @@ -38,9 +38,8 @@ public class InfoApi(PermissionOption options) : ControllerBase return Ok( new ServerInfo() { - SecurityMode = options.SecurityMode, AllowGuests = options.Default.Any(), - AllowRegister = options.SecurityMode != SecurityMode.Invite, + RequireVerification = options.RequireVerification, GuestPermissions = options.Default.ToList(), PublicUrl = options.PublicUrl, Oidc = options