diff --git a/back/src/Kyoo.Authentication/AuthenticationModule.cs b/back/src/Kyoo.Authentication/AuthenticationModule.cs index c1859c7f..834ba9f5 100644 --- a/back/src/Kyoo.Authentication/AuthenticationModule.cs +++ b/back/src/Kyoo.Authentication/AuthenticationModule.cs @@ -29,6 +29,7 @@ using Microsoft.AspNetCore.Builder; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; +using Microsoft.Extensions.Primitives; using Microsoft.IdentityModel.Tokens; namespace Kyoo.Authentication @@ -69,12 +70,8 @@ namespace Kyoo.Authentication PermissionOption options = new() { - Default = _configuration - .GetValue("UNLOGGED_PERMISSIONS", "overall.read,overall.play")! - .Split(','), - NewUser = _configuration - .GetValue("DEFAULT_PERMISSIONS", "overall.read,overall.play")! - .Split(','), + Default = _configuration.GetValue("UNLOGGED_PERMISSIONS", "")!.Split(',').Where(x => x.Length > 0).ToArray(), + NewUser = _configuration.GetValue("DEFAULT_PERMISSIONS", "overall.read,overall.play")!.Split(','), RequireVerification = _configuration.GetValue( "REQUIRE_ACCOUNT_VERIFICATION", true @@ -141,7 +138,6 @@ namespace Kyoo.Authentication new AuthenticationOption() { Secret = secret, Permissions = options, } ); - // TODO handle direct-videos with bearers (probably add a cookie and a app.Use to translate that for videos) services .AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => @@ -150,6 +146,18 @@ namespace Kyoo.Authentication { OnMessageReceived = (ctx) => { + string prefix = "Bearer "; + if ( + ctx.Request.Headers.TryGetValue( + "Authorization", + out StringValues val + ) + && val.ToString() is string auth + && auth.StartsWith(prefix) + ) + { + ctx.Token ??= auth[prefix.Length..]; + } ctx.Token ??= ctx.Request.Cookies["X-Bearer"]; return Task.CompletedTask; } diff --git a/front/packages/models/src/login.ts b/front/packages/models/src/login.ts index 20e54d69..7f1b8276 100644 --- a/front/packages/models/src/login.ts +++ b/front/packages/models/src/login.ts @@ -33,7 +33,7 @@ export const login = async ( action: "register" | "login", { apiUrl, ...body }: { username: string; password: string; email?: string; apiUrl?: string }, ): Promise> => { - apiUrl ??= getCurrentApiUrl()!; + if (!apiUrl || apiUrl.length === 0) apiUrl = getCurrentApiUrl()!; try { const controller = new AbortController(); setTimeout(() => controller.abort(), 5_000); @@ -63,7 +63,7 @@ export const login = async ( }; export const oidcLogin = async (provider: string, code: string, apiUrl?: string) => { - apiUrl ??= getCurrentApiUrl()!; + if (!apiUrl || apiUrl.length === 0) apiUrl = getCurrentApiUrl()!; try { const token = await queryFn( { diff --git a/front/packages/models/src/query.tsx b/front/packages/models/src/query.tsx index 1067e374..69296f9f 100644 --- a/front/packages/models/src/query.tsx +++ b/front/packages/models/src/query.tsx @@ -50,7 +50,7 @@ export const queryFn = async ( type?: Parser, token?: string | null, ): Promise> => { - const url = context.apiUrl ?? getCurrentApiUrl(); + const url = context.apiUrl && context.apiUrl.length > 0 ? context.apiUrl : getCurrentApiUrl(); lastUsedUrl = url!; if (token === undefined && context.authenticated !== false) token = await getToken();