Allowing the user to customize unlogged permisions

Kyoo/Controllers/AuthorizationValidator.cs

@@ -0,0 +1,47 @@
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using IdentityServer4.Extensions;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.Configuration;
+
+namespace Kyoo.Controllers
+{
+	public class AuthorizationValidatorHandler : AuthorizationHandler<AuthorizationValidator>
+	{
+		private readonly IConfiguration _configuration;
+		
+		public AuthorizationValidatorHandler(IConfiguration configuration)
+		{
+			_configuration = configuration;
+		}
+		
+		protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AuthorizationValidator requirement)
+		{
+			if (!context.User.IsAuthenticated())
+			{
+				string defaultPerms = _configuration.GetValue<string>("defaultPermissions");
+				if (defaultPerms.Split(',').Contains(requirement.Permission.ToLower()))
+					context.Succeed(requirement);
+			}
+			else
+			{
+				Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions");
+				if (perms != null && perms.Value.Split(",").Contains(requirement.Permission.ToLower()))
+					context.Succeed(requirement);
+			}
+
+			return Task.CompletedTask;
+		}
+	}
+
+	public class AuthorizationValidator : IAuthorizationRequirement
+	{
+		public string Permission;
+
+		public AuthorizationValidator(string permission)
+		{
+			Permission = permission;
+		}
+	}
+}

Kyoo/Startup.cs

@@ -2,6 +2,7 @@ using System.Linq;
 using System.Reflection;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using IdentityServer4.Extensions;
 using Kyoo.Api;
 using Kyoo.Controllers;
 using Kyoo.Models;
@@ -99,16 +100,12 @@ namespace Kyoo
 					{
 						policy.AuthenticationSchemes.Add(IdentityConstants.ApplicationScheme);
 						policy.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
-						policy.RequireAuthenticatedUser();
+						policy.AddRequirements(new AuthorizationValidator(permission));
-						policy.RequireAssertion(context =>
-						{
-							Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions");
-							return perms != null && perms.Value.Split(",").Contains(permission.ToLower());
-						});
 						// policy.RequireScope($"kyoo.{permission.ToLower()}");
 					});
 				}
 			});
+			services.AddSingleton<IAuthorizationHandler, AuthorizationValidatorHandler>();
 
 			services.AddScoped<ILibraryManager, LibraryManager>();
 			services.AddScoped<ICrawler, Crawler>();

Kyoo/Views/API/AccountAPI.cs

@@ -51,6 +51,7 @@ namespace Kyoo.Api
 	{
 		private readonly UserManager<User> _userManager;
 		private readonly SignInManager<User> _signInManager;
+		private readonly IConfiguration _configuration;
 		private readonly string _picturePath;
 
 		public Claim[] defaultClaims =
@@ -63,6 +64,7 @@ namespace Kyoo.Api
 			_userManager = userManager;
 			_signInManager = siginInManager;
 			_picturePath = configuration.GetValue<string>("profilePicturePath");
+			_configuration = configuration;
 			if (!Path.IsPathRooted(_picturePath))
 				_picturePath = Path.GetFullPath(_picturePath);
 		}
@@ -172,5 +174,11 @@ namespace Kyoo.Api
 			await _userManager.UpdateAsync(user);
 			return Ok();
 		}
+
+		[HttpGet("default-permissions")]
+		public ActionResult<IEnumerable<string>> GetDefaultPermissions()
+		{
+			return _configuration.GetValue<string>("defaultPermissions").Split(",");
+		}
 	}
 }

Kyoo/Views/WebClient

@@ -1 +1 @@
-Subproject commit e975a4f055f45cc48fd0ceedfe73fb6616bd1dbe
+Subproject commit 9f44094b2df56acceb3b6ef8abe7504efae50c98

Kyoo/appsettings.json

@@ -26,5 +26,6 @@
   "peoplePath": "people",
   "profilePicturePath": "users/",
   "plugins": "plugins/",
+  "defaultPermissions": "read,play",
   "regex": "(\\/(?<Collection>.*)\\/)?.*\\/(?<ShowTitle>.+?)(( S(?<Season>\\d+)E(?<Episode>\\d+)| (?<Absolute>\\d+)))?\\.",
 }