From 7d59785235d32ec68551397fe7baf3420e48c6fe Mon Sep 17 00:00:00 2001 From: Zoe Roux Date: Thu, 2 Apr 2020 02:09:20 +0200 Subject: [PATCH] Adding authentifications via cookies too --- Kyoo/Startup.cs | 44 +++++++++++++++------------------- Kyoo/Views/API/AccountAPI.cs | 11 ++++----- Kyoo/Views/API/ShowsAPI.cs | 1 + Kyoo/Views/API/ThumbnailAPI.cs | 5 ++++ Kyoo/Views/API/VideoAPI.cs | 2 +- Kyoo/Views/WebClient | 2 +- 6 files changed, 32 insertions(+), 33 deletions(-) diff --git a/Kyoo/Startup.cs b/Kyoo/Startup.cs index 2ff1f7a5..9212bd38 100644 --- a/Kyoo/Startup.cs +++ b/Kyoo/Startup.cs @@ -79,7 +79,7 @@ namespace Kyoo .AddProfileService() .AddDeveloperSigningCredential(); // TODO remove the developer signin - services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) + services.AddAuthentication() .AddJwtBearer(options => { options.Authority = publicUrl; @@ -89,31 +89,25 @@ namespace Kyoo services.AddAuthorization(options => { - options.AddPolicy("Read", policy => policy.RequireAssertion(context => + AuthorizationPolicyBuilder scheme = new AuthorizationPolicyBuilder(IdentityConstants.ApplicationScheme, JwtBearerDefaults.AuthenticationScheme); + options.DefaultPolicy = scheme.RequireAuthenticatedUser().Build(); + + string[] permissions = {"Read", "Write", "Play", "Download", "Admin"}; + foreach (string permission in permissions) { - Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions"); - return perms != null && perms.Value.Split(",").Contains("read"); - }).RequireScope("kyoo.read")); - options.AddPolicy("Write", policy => policy.RequireAssertion(context => - { - Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions"); - return perms != null && perms.Value.Split(",").Contains("write"); - }).RequireScope("kyoo.write")); - options.AddPolicy("Play", policy => policy.RequireAssertion(context => - { - Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions"); - return perms != null && perms.Value.Split(",").Contains("play"); - }).RequireScope("kyoo.play")); - options.AddPolicy("Download", policy => policy.RequireAssertion(context => - { - Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions"); - return perms != null && perms.Value.Split(",").Contains("download"); - }).RequireScope("kyoo.download")); - options.AddPolicy("Admin", policy => policy.RequireAssertion(context => - { - Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions"); - return perms != null && perms.Value.Split(",").Contains("admin"); - }).RequireScope("kyoo.admin")); + options.AddPolicy(permission, policy => + { + policy.AuthenticationSchemes.Add(IdentityConstants.ApplicationScheme); + policy.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme); + policy.RequireAuthenticatedUser(); + policy.RequireAssertion(context => + { + Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions"); + return perms != null && perms.Value.Split(",").Contains(permission.ToLower()); + }); + // policy.RequireScope($"kyoo.{permission.ToLower()}"); + }); + } }); services.AddScoped(); diff --git a/Kyoo/Views/API/AccountAPI.cs b/Kyoo/Views/API/AccountAPI.cs index b3cc61f6..6b264436 100644 --- a/Kyoo/Views/API/AccountAPI.cs +++ b/Kyoo/Views/API/AccountAPI.cs @@ -55,9 +55,8 @@ namespace Kyoo.Api public Claim[] defaultClaims = { - new Claim("kyoo.read", ""), - new Claim("kyoo.play", "") - }; // TODO should add this field on the server's configuration page. + new Claim("permissions", "read,play") // TODO should add this field on the server's configuration page. + }; public AccountController(UserManager userManager, SignInManager siginInManager, IConfiguration configuration) { @@ -126,9 +125,9 @@ namespace Kyoo.Api new Claim("picture", $"api/account/picture/{user.UserName}") }; - IList userClaims = await _userManager.GetClaimsAsync(user); - IEnumerable permissions = from claim in userClaims where claim.Type.StartsWith("kyoo.") select claim.Type.Substring(claim.Type.IndexOf(".") + 1); - claims.Add(new Claim("permissions", string.Join(",", permissions))); + Claim perms = (await _userManager.GetClaimsAsync(user)).FirstOrDefault(x => x.Type == "permissions"); + if (perms != null) + claims.Add(perms); context.IssuedClaims.AddRange(claims); } diff --git a/Kyoo/Views/API/ShowsAPI.cs b/Kyoo/Views/API/ShowsAPI.cs index 67913293..8d1f8387 100644 --- a/Kyoo/Views/API/ShowsAPI.cs +++ b/Kyoo/Views/API/ShowsAPI.cs @@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Mvc; using System.Collections.Generic; using Kyoo.Controllers; +using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authorization; namespace Kyoo.Api diff --git a/Kyoo/Views/API/ThumbnailAPI.cs b/Kyoo/Views/API/ThumbnailAPI.cs index 60cbab25..5aff643c 100644 --- a/Kyoo/Views/API/ThumbnailAPI.cs +++ b/Kyoo/Views/API/ThumbnailAPI.cs @@ -19,6 +19,7 @@ namespace Kyoo.Api } [HttpGet("poster/{showSlug}")] + [Authorize(Policy="Read")] public IActionResult GetShowThumb(string showSlug) { string path = _libraryManager.GetShowBySlug(showSlug)?.Path; @@ -33,6 +34,7 @@ namespace Kyoo.Api } [HttpGet("logo/{showSlug}")] + [Authorize(Policy="Read")] public IActionResult GetShowLogo(string showSlug) { string path = _libraryManager.GetShowBySlug(showSlug)?.Path; @@ -47,6 +49,7 @@ namespace Kyoo.Api } [HttpGet("backdrop/{showSlug}")] + [Authorize(Policy="Read")] public IActionResult GetShowBackdrop(string showSlug) { string path = _libraryManager.GetShowBySlug(showSlug)?.Path; @@ -61,6 +64,7 @@ namespace Kyoo.Api } [HttpGet("peopleimg/{peopleSlug}")] + [Authorize(Policy="Read")] public IActionResult GetPeopleIcon(string peopleSlug) { string thumbPath = Path.Combine(_peoplePath, peopleSlug + ".jpg"); @@ -71,6 +75,7 @@ namespace Kyoo.Api } [HttpGet("thumb/{showSlug}-s{seasonNumber}e{episodeNumber}")] + [Authorize(Policy="Read")] public IActionResult GetEpisodeThumb(string showSlug, long seasonNumber, long episodeNumber) { string path = _libraryManager.GetEpisode(showSlug, seasonNumber, episodeNumber)?.Path; diff --git a/Kyoo/Views/API/VideoAPI.cs b/Kyoo/Views/API/VideoAPI.cs index b3d51941..4b72fab0 100644 --- a/Kyoo/Views/API/VideoAPI.cs +++ b/Kyoo/Views/API/VideoAPI.cs @@ -90,7 +90,7 @@ namespace Kyoo.Api WatchItem episode = _libraryManager.GetMovieWatchItem(movieSlug); if (episode != null && System.IO.File.Exists(episode.Path)) - return PhysicalFile(episode.Path, "video/x-matroska", true); + return PhysicalFile(episode.Path, "video/webm", true); return NotFound(); } diff --git a/Kyoo/Views/WebClient b/Kyoo/Views/WebClient index ee72f573..e975a4f0 160000 --- a/Kyoo/Views/WebClient +++ b/Kyoo/Views/WebClient @@ -1 +1 @@ -Subproject commit ee72f573bd4815ebf7918e76a797310c140cf454 +Subproject commit e975a4f055f45cc48fd0ceedfe73fb6616bd1dbe