mirror of
https://github.com/zoriya/Kyoo.git
synced 2026-01-02 02:00:34 -05:00
117 lines
3.6 KiB
C#
117 lines
3.6 KiB
C#
// Kyoo - A portable and vast media library solution.
|
|
// Copyright (c) Kyoo.
|
|
//
|
|
// See AUTHORS.md and LICENSE file in the project root for full license information.
|
|
//
|
|
// Kyoo is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// any later version.
|
|
//
|
|
// Kyoo is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU General Public License
|
|
// along with Kyoo. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
using System.Collections.Generic;
|
|
using System.Text;
|
|
using System.Threading.Tasks;
|
|
using Autofac;
|
|
using Kyoo.Abstractions.Controllers;
|
|
using Kyoo.Authentication.Models;
|
|
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
|
using Microsoft.AspNetCore.Builder;
|
|
using Microsoft.Extensions.Configuration;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
|
|
namespace Kyoo.Authentication
|
|
{
|
|
/// <summary>
|
|
/// A module that enable OpenID authentication for Kyoo.
|
|
/// </summary>
|
|
public class AuthenticationModule : IPlugin
|
|
{
|
|
/// <inheritdoc />
|
|
public string Name => "Authentication";
|
|
|
|
/// <summary>
|
|
/// The configuration to use.
|
|
/// </summary>
|
|
private readonly IConfiguration _configuration;
|
|
|
|
/// <summary>
|
|
/// Create a new authentication module instance and use the given configuration.
|
|
/// </summary>
|
|
/// <param name="configuration">The configuration to use</param>
|
|
public AuthenticationModule(IConfiguration configuration)
|
|
{
|
|
_configuration = configuration;
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public void Configure(ContainerBuilder builder)
|
|
{
|
|
builder.RegisterType<PermissionValidator>().As<IPermissionValidator>().SingleInstance();
|
|
builder.RegisterType<TokenController>().As<ITokenController>().SingleInstance();
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public void Configure(IServiceCollection services)
|
|
{
|
|
string secret = _configuration.GetValue(
|
|
"AUTHENTICATION_SECRET",
|
|
AuthenticationOption.DefaultSecret
|
|
)!;
|
|
PermissionOption permissions =
|
|
new()
|
|
{
|
|
Default = _configuration
|
|
.GetValue("UNLOGGED_PERMISSIONS", "overall.read")!
|
|
.Split(','),
|
|
NewUser = _configuration
|
|
.GetValue("DEFAULT_PERMISSIONS", "overall.read")!
|
|
.Split(','),
|
|
ApiKeys = _configuration.GetValue("KYOO_APIKEYS", string.Empty)!.Split(','),
|
|
};
|
|
services.AddSingleton(permissions);
|
|
services.AddSingleton(
|
|
new AuthenticationOption() { Secret = secret, Permissions = permissions, }
|
|
);
|
|
|
|
// TODO handle direct-videos with bearers (probably add a cookie and a app.Use to translate that for videos)
|
|
services
|
|
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
|
.AddJwtBearer(options =>
|
|
{
|
|
options.Events = new()
|
|
{
|
|
OnMessageReceived = (ctx) =>
|
|
{
|
|
ctx.Token ??= ctx.Request.Cookies["X-Bearer"];
|
|
return Task.CompletedTask;
|
|
}
|
|
};
|
|
options.TokenValidationParameters = new TokenValidationParameters
|
|
{
|
|
ValidateIssuer = false,
|
|
ValidateAudience = false,
|
|
ValidateLifetime = true,
|
|
ValidateIssuerSigningKey = true,
|
|
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret))
|
|
};
|
|
});
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public IEnumerable<IStartupAction> ConfigureSteps =>
|
|
new IStartupAction[]
|
|
{
|
|
SA.New<IApplicationBuilder>(app => app.UseAuthentication(), SA.Authentication),
|
|
};
|
|
}
|
|
}
|