diff --git a/Kyoo/Controllers/AuthorizationValidator.cs b/Kyoo/Controllers/AuthorizationValidator.cs new file mode 100644 index 00000000..9f50cd87 --- /dev/null +++ b/Kyoo/Controllers/AuthorizationValidator.cs @@ -0,0 +1,47 @@ +using System.Linq; +using System.Security.Claims; +using System.Threading.Tasks; +using IdentityServer4.Extensions; +using Microsoft.AspNetCore.Authorization; +using Microsoft.Extensions.Configuration; + +namespace Kyoo.Controllers +{ + public class AuthorizationValidatorHandler : AuthorizationHandler + { + private readonly IConfiguration _configuration; + + public AuthorizationValidatorHandler(IConfiguration configuration) + { + _configuration = configuration; + } + + protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AuthorizationValidator requirement) + { + if (!context.User.IsAuthenticated()) + { + string defaultPerms = _configuration.GetValue("defaultPermissions"); + if (defaultPerms.Split(',').Contains(requirement.Permission.ToLower())) + context.Succeed(requirement); + } + else + { + Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions"); + if (perms != null && perms.Value.Split(",").Contains(requirement.Permission.ToLower())) + context.Succeed(requirement); + } + + return Task.CompletedTask; + } + } + + public class AuthorizationValidator : IAuthorizationRequirement + { + public string Permission; + + public AuthorizationValidator(string permission) + { + Permission = permission; + } + } +} \ No newline at end of file diff --git a/Kyoo/Startup.cs b/Kyoo/Startup.cs index 9212bd38..c993902f 100644 --- a/Kyoo/Startup.cs +++ b/Kyoo/Startup.cs @@ -2,6 +2,7 @@ using System.Linq; using System.Reflection; using System.Security.Claims; using System.Threading.Tasks; +using IdentityServer4.Extensions; using Kyoo.Api; using Kyoo.Controllers; using Kyoo.Models; @@ -99,16 +100,12 @@ namespace Kyoo { policy.AuthenticationSchemes.Add(IdentityConstants.ApplicationScheme); policy.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme); - policy.RequireAuthenticatedUser(); - policy.RequireAssertion(context => - { - Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions"); - return perms != null && perms.Value.Split(",").Contains(permission.ToLower()); - }); + policy.AddRequirements(new AuthorizationValidator(permission)); // policy.RequireScope($"kyoo.{permission.ToLower()}"); }); } }); + services.AddSingleton(); services.AddScoped(); services.AddScoped(); diff --git a/Kyoo/Views/API/AccountAPI.cs b/Kyoo/Views/API/AccountAPI.cs index 6b264436..e448784f 100644 --- a/Kyoo/Views/API/AccountAPI.cs +++ b/Kyoo/Views/API/AccountAPI.cs @@ -51,6 +51,7 @@ namespace Kyoo.Api { private readonly UserManager _userManager; private readonly SignInManager _signInManager; + private readonly IConfiguration _configuration; private readonly string _picturePath; public Claim[] defaultClaims = @@ -63,6 +64,7 @@ namespace Kyoo.Api _userManager = userManager; _signInManager = siginInManager; _picturePath = configuration.GetValue("profilePicturePath"); + _configuration = configuration; if (!Path.IsPathRooted(_picturePath)) _picturePath = Path.GetFullPath(_picturePath); } @@ -172,5 +174,11 @@ namespace Kyoo.Api await _userManager.UpdateAsync(user); return Ok(); } + + [HttpGet("default-permissions")] + public ActionResult> GetDefaultPermissions() + { + return _configuration.GetValue("defaultPermissions").Split(","); + } } } \ No newline at end of file diff --git a/Kyoo/Views/WebClient b/Kyoo/Views/WebClient index e975a4f0..9f44094b 160000 --- a/Kyoo/Views/WebClient +++ b/Kyoo/Views/WebClient @@ -1 +1 @@ -Subproject commit e975a4f055f45cc48fd0ceedfe73fb6616bd1dbe +Subproject commit 9f44094b2df56acceb3b6ef8abe7504efae50c98 diff --git a/Kyoo/appsettings.json b/Kyoo/appsettings.json index 9a363b0f..d43606fb 100644 --- a/Kyoo/appsettings.json +++ b/Kyoo/appsettings.json @@ -26,5 +26,6 @@ "peoplePath": "people", "profilePicturePath": "users/", "plugins": "plugins/", + "defaultPermissions": "read,play", "regex": "(\\/(?.*)\\/)?.*\\/(?.+?)(( S(?\\d+)E(?\\d+)| (?\\d+)))?\\.", }