Merging the authorization branch

Kyoo.Authentication/AuthManager.cs

@@ -1,37 +0,0 @@
-using System.Linq;
-using System.Security.Claims;
-using System.Threading.Tasks;
-using IdentityServer4.Extensions;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.Extensions.Configuration;
-
-namespace Kyoo.Authentication
-{
-	public class AuthorizationValidatorHandler : AuthorizationHandler<AuthorizationValidator>
-	{
-		private readonly IConfiguration _configuration;
-		
-		public AuthorizationValidatorHandler(IConfiguration configuration)
-		{
-			_configuration = configuration;
-		}
-		
-		protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AuthorizationValidator requirement)
-		{
-			if (!context.User.IsAuthenticated())
-			{
-				string defaultPerms = _configuration.GetValue<string>("defaultPermissions");
-				if (defaultPerms.Split(',').Contains(requirement.Permission.ToLower()))
-					context.Succeed(requirement);
-			}
-			else
-			{
-				Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions");
-				if (perms != null && perms.Value.Split(",").Contains(requirement.Permission.ToLower()))
-					context.Succeed(requirement);
-			}
-
-			return Task.CompletedTask;
-		}
-	}
-}

Kyoo.Authentication/AuthRequirement.cs

@@ -1,14 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Kyoo.Authentication
-{
-	public class AuthorizationValidator : IAuthorizationRequirement
-	{
-		public string Permission { get; }
-
-		public AuthorizationValidator(string permission)
-		{
-			Permission = permission;
-		}
-	}
-}

Kyoo.Authentication/AuthenticationModule.cs

@@ -79,8 +79,10 @@ namespace Kyoo.Authentication
 			// 	.AddDefaultTokenProviders()
 			// 	.AddEntityFrameworkStores<IdentityDatabase>();
 
+			services.Configure<PermissionOption>(_configuration.GetSection(PermissionOption.Path));
 			CertificateOption certificateOptions = new();
 			_configuration.GetSection(CertificateOption.Path).Bind(certificateOptions);
+
 			services.AddIdentityServer(options =>
 				{
 					options.IssuerUri = publicUrl;
@@ -136,7 +138,7 @@ namespace Kyoo.Authentication
 					{
 						policy.AuthenticationSchemes.Add(IdentityConstants.ApplicationScheme);
 						policy.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
-						policy.AddRequirements(new AuthorizationValidator(permission));
+						policy.AddRequirements(new AuthRequirement(permission));
 						policy.RequireScope($"kyoo.{permission.ToLower()}");
 					});
 				}
@@ -153,8 +155,6 @@ namespace Kyoo.Authentication
 		/// <inheritdoc />
 		public void ConfigureAspNet(IApplicationBuilder app)
 		{
-			app.UseAuthorization();
-
 			app.UseCookiePolicy(new CookiePolicyOptions
 			{
 				MinimumSameSitePolicy = SameSiteMode.Strict
@@ -166,6 +166,7 @@ namespace Kyoo.Authentication
 				return next();
 			});
 			app.UseIdentityServer();
+			app.UseAuthorization();
 		}
 	}
 }

Kyoo.Authentication/Controllers/AuthorizationValidatorHandler.cs

@@ -0,0 +1,51 @@
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using IdentityServer4.Extensions;
+using Kyoo.Authentication.Models;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.Options;
+
+namespace Kyoo.Authentication
+{
+	/// <summary>
+	/// The default IAuthorizationHandler implementation.
+	/// </summary>
+	public class AuthorizationValidatorHandler : AuthorizationHandler<AuthRequirement>
+	{
+		/// <summary>
+		/// The permissions options to retrieve default permissions.
+		/// </summary>
+		private readonly IOptionsMonitor<PermissionOption> _options;
+		
+		/// <summary>
+		/// Create a new <see cref="AuthorizationValidatorHandler"/>.
+		/// </summary>
+		/// <param name="options">The option containing default values.</param>
+		public AuthorizationValidatorHandler(IOptionsMonitor<PermissionOption> options)
+		{
+			_options = options;
+		}
+
+
+		/// <inheritdoc />
+		protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AuthRequirement requirement)
+		{
+			if (context.User.IsAuthenticated())
+			{
+				Claim perms = context.User.Claims.FirstOrDefault(x => x.Type == "permissions");
+				if (perms != null && perms.Value.Split(",").Contains(requirement.Permission.ToLower()))
+					context.Succeed(requirement);
+			}
+			else
+			{
+				ICollection<string> defaultPerms = _options.CurrentValue.Default;
+				if (defaultPerms.Contains(requirement.Permission.ToLower()))
+					context.Succeed(requirement);
+			}
+
+			return Task.CompletedTask;
+		}
+	}
+}

Kyoo.Authentication/Models/AuthRequirement.cs

@@ -0,0 +1,24 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace Kyoo.Authentication
+{
+	/// <summary>
+	/// The requirement of Kyoo's authentication policies.
+	/// </summary>
+	public class AuthRequirement : IAuthorizationRequirement
+	{
+		/// <summary>
+		/// The name of the permission
+		/// </summary>
+		public string Permission { get; }
+
+		/// <summary>
+		/// Create a new <see cref="AuthRequirement"/> for the given permission.
+		/// </summary>
+		/// <param name="permission">The permission needed</param>
+		public AuthRequirement(string permission)
+		{
+			Permission = permission;
+		}
+	}
+}

Kyoo.Authentication/Models/PermissionOption.cs

@@ -0,0 +1,25 @@
+using System.Collections.Generic;
+
+namespace Kyoo.Authentication.Models
+{
+	/// <summary>
+	/// Permission options.
+	/// </summary>
+	public class PermissionOption
+	{
+		/// <summary>
+		/// The path to get this option from the root configuration.
+		/// </summary>
+		public const string Path = "authentication:permissions";
+
+		/// <summary>
+		/// The default permissions that will be given to a non-connected user.
+		/// </summary>
+		public ICollection<string> Default { get; set; }
+		
+		/// <summary>
+		/// Permissions applied to a new user.
+		/// </summary>
+		public ICollection<string> NewUser { get; set; }
+	}
+}

Kyoo.Authentication/Views/AccountApi.cs

@@ -12,7 +12,6 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.StaticFiles;
 using Microsoft.Extensions.Configuration;
 using SignInResult = Microsoft.AspNetCore.Identity.SignInResult;
 
@@ -47,29 +46,8 @@ namespace Kyoo.Api
 		[FromForm(Name = "picture")]
 		public IFormFile Picture { get; set; }
 	}
-	
-	[ApiController]
-	public class AccountUiController : Controller
-	{
-		[HttpGet("login")]
-		public IActionResult Index()
-		{
-			return new PhysicalFileResult(Path.GetFullPath("login/login.html"), "text/html");
-		}
-		
-		[HttpGet("login/{*file}")]
-		public IActionResult Index(string file)
-		{
-			string path = Path.Combine(Path.GetFullPath("login/"), file);
-			if (!System.IO.File.Exists(path))
-				return NotFound();
-			FileExtensionContentTypeProvider provider = new FileExtensionContentTypeProvider();
-			if (!provider.TryGetContentType(path, out string contentType))
-				contentType = "text/plain";			
-			return new PhysicalFileResult(path, contentType);
-		}
-	}
-	
+
+
 	[Route("api/[controller]")]
 	[ApiController]
 	public class AccountController : Controller, IProfileService
@@ -100,7 +78,7 @@ namespace Kyoo.Api
 				return BadRequest(new[] {new {code = "username", description = "Username must be at least 4 characters."}});
 			if (!new EmailAddressAttribute().IsValid(user.Email))
 				return BadRequest(new[] {new {code = "email", description = "Email must be valid."}});
-			User account = new User {UserName = user.Username, Email = user.Email};
+			User account = new() {UserName = user.Username, Email = user.Email};
 			IdentityResult result = await _userManager.CreateAsync(account, user.Password);
 			if (!result.Succeeded)
 				return BadRequest(result.Errors);
@@ -151,7 +129,7 @@ namespace Kyoo.Api
 			User user = await _userManager.GetUserAsync(context.Subject);
 			if (user != null)
 			{
-				List<Claim> claims = new List<Claim>
+				List<Claim> claims = new()
 				{
 					new Claim("email", user.Email),
 					new Claim("username", user.UserName),

Kyoo.WebLogin/index.html

@@ -3,11 +3,11 @@
 	<head>
 		<meta charset="UTF-8">
 		<title>Kyoo - Login</title>
-		<link rel="stylesheet" type="text/css" href="login/lib/bootstrap.min.css" />
-		<link rel="stylesheet" type="text/css" href="login/login.css" />
-		<link rel="stylesheet" type="text/css" href="login/material-icons.css" />
-		<script src="login/lib/jquery.min.js"></script> 
-		<script src="login/lib/bootstrap.min.js"></script>
+		<link rel="stylesheet" type="text/css" href="lib/bootstrap.min.css" />
+		<link rel="stylesheet" type="text/css" href="login.css" />
+		<link rel="stylesheet" type="text/css" href="material-icons.css" />
+		<script src="lib/jquery.min.js"></script>
+		<script src="lib/bootstrap.min.js"></script>
 	</head>
 	<body style="height: 100vh; align-items: center;" class="d-flex">
 		<div class="container pb-5">
@@ -85,6 +85,6 @@
 				</div>
 			</div>
 		</div>
-		<script src="login/login.js"></script>
+		<script src="login.js"></script>
 	</body>
-</html>
+</html>

Kyoo/Kyoo.csproj

@@ -40,7 +40,13 @@
 		<PackageReference Include="Microsoft.AspNetCore.SpaServices" Version="3.1.14" />
 		<PackageReference Include="Microsoft.AspNetCore.SpaServices.Extensions" Version="5.0.5" />
 		<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
-		<ProjectReference Include="..\Kyoo.Postgresql\Kyoo.Postgresql.csproj" />
+		<ProjectReference Include="../Kyoo.Postgresql/Kyoo.Postgresql.csproj" />
+	</ItemGroup>
+	
+	<ItemGroup>
+		<ProjectReference Include="../Kyoo.Authentication/Kyoo.Authentication.csproj">
+			<ExcludeAssets>all</ExcludeAssets>
+		</ProjectReference>
 	</ItemGroup>
 	
 	<ItemGroup>
@@ -74,7 +80,7 @@
 				<ExcludeFromSingleFile>true</ExcludeFromSingleFile>
 			</ResolvedFileToPublish>
 			<ResolvedFileToPublish Include="@(LoginFiles->'%(FullPath)')" Exclude="@(ResolvedFileToPublish)">
-				<RelativePath>login/%(LoginFiles.RecursiveDir)%(LoginFiles.Filename)%(LoginFiles.Extension)</RelativePath>
+				<RelativePath>wwwroot/login/%(LoginFiles.RecursiveDir)%(LoginFiles.Filename)%(LoginFiles.Extension)</RelativePath>
 				<CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
 				<ExcludeFromSingleFile>true</ExcludeFromSingleFile>
 			</ResolvedFileToPublish>
@@ -87,7 +93,7 @@
 	
 	<Target Name="Prepare static and login pages" AfterTargets="Build" Condition="$(Configuration) == 'Debug'">
 		<Copy SourceFiles="@(StaticFiles)" DestinationFolder="$(OutputPath)/wwwroot/%(RecursiveDir)" />
-		<Copy SourceFiles="@(LoginFiles)" DestinationFolder="$(OutputPath)/wwwroot/%(RecursiveDir)" />
+		<Copy SourceFiles="@(LoginFiles)" DestinationFolder="$(OutputPath)/wwwroot/login/%(RecursiveDir)" />
 	</Target>
 
 	<Target Name="Symlink views to output - Linux" AfterTargets="Build" Condition="$(Configuration) == 'Debug' And $(OS) == 'Unix'">

Kyoo/Startup.cs

@@ -76,16 +76,6 @@ namespace Kyoo
 				});
 			services.AddHttpClient();
 			
-			// services.AddAuthorization(options =>
-			// {
-			// 	string[] permissions = {"Read", "Write", "Play", "Admin"};
-			// 	foreach (string permission in permissions)
-			// 		options.AddPolicy(permission, policy =>
-			// 		{
-			// 			policy.AddRequirements(new AuthorizationValidator(permission));
-			// 		});
-			// });
-			// services.AddAuthentication()
 			services.AddTransient(typeof(Lazy<>), typeof(LazyDi<>));
 			
 			services.AddSingleton(_plugins);
@@ -110,6 +100,7 @@ namespace Kyoo
 
 			FileExtensionContentTypeProvider contentTypeProvider = new();
 			contentTypeProvider.Mappings[".data"] = "application/octet-stream";
+			app.UseDefaultFiles();
 			app.UseStaticFiles(new StaticFileOptions
 			{
 				ContentTypeProvider = contentTypeProvider,
@@ -119,7 +110,6 @@ namespace Kyoo
 				app.UseSpaStaticFiles();
 
 			app.UseRouting();
-			// app.UseAuthorization();
 
 			app.Use((ctx, next) => 
 			{
@@ -135,13 +125,13 @@ namespace Kyoo
 			});
 			app.UseResponseCompression();
 
-			// app.UseSpa(spa =>
-			// {
-			// 	spa.Options.SourcePath = Path.Join(AppDomain.CurrentDomain.BaseDirectory, "Kyoo.WebApp");
-			//
-			// 	if (env.IsDevelopment())
-			// 		spa.UseAngularCliServer("start");
-			// });
+			app.UseSpa(spa =>
+			{
+				spa.Options.SourcePath = Path.Join(AppDomain.CurrentDomain.BaseDirectory, "Kyoo.WebApp");
+			
+				if (env.IsDevelopment())
+					spa.UseAngularCliServer("start");
+			});
 			
 			_plugins.ConfigureAspnet(app);
 			

Kyoo/settings.json

@@ -29,6 +29,10 @@
       "file": "certificate.pfx",
       "oldFile": "oldCertificate.pfx",
       "password": "passphrase"
+    },
+    "permissions": {
+      "default": ["read", "play", "write", "admin"],
+      "newUser": ["read", "play", "write", "admin"]
     }
   },
   
@@ -45,8 +49,6 @@
   "providerPath": "providers",
   "profilePicturePath": "users/",
   "plugins": "plugins/",
-  "defaultPermissions": "read,play,write,admin",
-  "newUserPermissions": "read,play,write,admin",
   "regex": "(?:\\/(?<Collection>.*?))?\\/(?<Show>.*?)(?: \\(\\d+\\))?\\/\\k<Show>(?: \\(\\d+\\))?(?:(?: S(?<Season>\\d+)E(?<Episode>\\d+))| (?<Absolute>\\d+))?.*$",
   "subtitleRegex": "^(?<Episode>.*)\\.(?<Language>\\w{1,3})\\.(?<Default>default\\.)?(?<Forced>forced\\.)?.*$"
 }