Adding authentifications via cookies too

Kyoo/Startup.cs

@@ -79,7 +79,7 @@ namespace Kyoo
 				.AddProfileService<AccountController>()
 				.AddDeveloperSigningCredential(); // TODO remove the developer signin
 
-			services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+			services.AddAuthentication()
 				.AddJwtBearer(options =>
 				{
 					options.Authority = publicUrl;
@@ -89,31 +89,25 @@ namespace Kyoo
 			
 			services.AddAuthorization(options =>
 			{
-				options.AddPolicy("Read", policy => policy.RequireAssertion(context =>
+				AuthorizationPolicyBuilder scheme = new AuthorizationPolicyBuilder(IdentityConstants.ApplicationScheme, JwtBearerDefaults.AuthenticationScheme);
+				options.DefaultPolicy = scheme.RequireAuthenticatedUser().Build();
+
+				string[] permissions = {"Read", "Write", "Play", "Download", "Admin"};
+				foreach (string permission in permissions)
 				{
-					Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions");
+					options.AddPolicy(permission, policy =>
-					return perms != null && perms.Value.Split(",").Contains("read");
+					{
-				}).RequireScope("kyoo.read"));
+						policy.AuthenticationSchemes.Add(IdentityConstants.ApplicationScheme);
-				options.AddPolicy("Write", policy => policy.RequireAssertion(context =>
+						policy.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
-				{
+						policy.RequireAuthenticatedUser();
-					Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions");
+						policy.RequireAssertion(context =>
-					return perms != null && perms.Value.Split(",").Contains("write");
+						{
-				}).RequireScope("kyoo.write"));
+							Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions");
-				options.AddPolicy("Play", policy => policy.RequireAssertion(context =>
+							return perms != null && perms.Value.Split(",").Contains(permission.ToLower());
-				{
+						});
-					Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions");
+						// policy.RequireScope($"kyoo.{permission.ToLower()}");
-					return perms != null && perms.Value.Split(",").Contains("play");
+					});
-				}).RequireScope("kyoo.play"));
+				}
-				options.AddPolicy("Download", policy => policy.RequireAssertion(context =>
-				{
-					Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions");
-					return perms != null && perms.Value.Split(",").Contains("download");
-				}).RequireScope("kyoo.download"));
-				options.AddPolicy("Admin", policy => policy.RequireAssertion(context =>
-				{
-					Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions");
-					return perms != null && perms.Value.Split(",").Contains("admin");
-				}).RequireScope("kyoo.admin"));
 			});
 
 			services.AddScoped<ILibraryManager, LibraryManager>();

Kyoo/Views/API/AccountAPI.cs

@@ -55,9 +55,8 @@ namespace Kyoo.Api
 
 		public Claim[] defaultClaims =
 		{
-			new Claim("kyoo.read", ""),
+			new Claim("permissions", "read,play") // TODO should add this field on the server's configuration page.
-			new Claim("kyoo.play", "")
+		};
-		}; // TODO should add this field on the server's configuration page.
 		
 		public AccountController(UserManager<User> userManager, SignInManager<User> siginInManager, IConfiguration configuration)
 		{
@@ -126,9 +125,9 @@ namespace Kyoo.Api
 					new Claim("picture", $"api/account/picture/{user.UserName}")
 				};
 
-				IList<Claim> userClaims = await _userManager.GetClaimsAsync(user);
+				Claim perms = (await _userManager.GetClaimsAsync(user)).FirstOrDefault(x => x.Type == "permissions");
-				IEnumerable<string> permissions = from claim in userClaims where claim.Type.StartsWith("kyoo.") select claim.Type.Substring(claim.Type.IndexOf(".") + 1);
+				if (perms != null)
-				claims.Add(new Claim("permissions", string.Join(",", permissions)));
+					claims.Add(perms);
 				
 				context.IssuedClaims.AddRange(claims);
 			}

Kyoo/Views/API/ShowsAPI.cs

@@ -2,6 +2,7 @@
 using Microsoft.AspNetCore.Mvc;
 using System.Collections.Generic;
 using Kyoo.Controllers;
+using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authorization;
 
 namespace Kyoo.Api

Kyoo/Views/API/ThumbnailAPI.cs

@@ -19,6 +19,7 @@ namespace Kyoo.Api
 		}
 
 		[HttpGet("poster/{showSlug}")]
+		[Authorize(Policy="Read")]
 		public IActionResult GetShowThumb(string showSlug)
 		{
 			string path = _libraryManager.GetShowBySlug(showSlug)?.Path;
@@ -33,6 +34,7 @@ namespace Kyoo.Api
 		}
 
 		[HttpGet("logo/{showSlug}")]
+		[Authorize(Policy="Read")]
 		public IActionResult GetShowLogo(string showSlug)
 		{
 			string path = _libraryManager.GetShowBySlug(showSlug)?.Path;
@@ -47,6 +49,7 @@ namespace Kyoo.Api
 		}
 
 		[HttpGet("backdrop/{showSlug}")]
+		[Authorize(Policy="Read")]
 		public IActionResult GetShowBackdrop(string showSlug)
 		{
 			string path = _libraryManager.GetShowBySlug(showSlug)?.Path;
@@ -61,6 +64,7 @@ namespace Kyoo.Api
 		}
 
 		[HttpGet("peopleimg/{peopleSlug}")]
+		[Authorize(Policy="Read")]
 		public IActionResult GetPeopleIcon(string peopleSlug)
 		{
 			string thumbPath = Path.Combine(_peoplePath, peopleSlug + ".jpg");
@@ -71,6 +75,7 @@ namespace Kyoo.Api
 		}
 
 		[HttpGet("thumb/{showSlug}-s{seasonNumber}e{episodeNumber}")]
+		[Authorize(Policy="Read")]
 		public IActionResult GetEpisodeThumb(string showSlug, long seasonNumber, long episodeNumber)
 		{
 			string path = _libraryManager.GetEpisode(showSlug, seasonNumber, episodeNumber)?.Path;

Kyoo/Views/API/VideoAPI.cs

@@ -90,7 +90,7 @@ namespace Kyoo.Api
 			WatchItem episode = _libraryManager.GetMovieWatchItem(movieSlug);
 
 			if (episode != null && System.IO.File.Exists(episode.Path))
-				return PhysicalFile(episode.Path, "video/x-matroska", true);
+				return PhysicalFile(episode.Path, "video/webm", true);
 			return NotFound();
 		}
 

Kyoo/Views/WebClient

@@ -1 +1 @@
-Subproject commit ee72f573bd4815ebf7918e76a797310c140cf454
+Subproject commit e975a4f055f45cc48fd0ceedfe73fb6616bd1dbe