mirror of
https://github.com/jellyfin/jellyfin.git
synced 2025-05-24 02:02:29 -04:00
update request classes
This commit is contained in:
Luke Pulverenti
parent
2084678266
commit
504f56d841
@ -8,6 +8,7 @@ using MediaBrowser.Controller.Security;
|
||||
using MediaBrowser.Controller.Session;
|
||||
using System;
|
||||
using System.Linq;
|
||||
using MediaBrowser.Model.Services;
|
||||
|
||||
namespace Emby.Server.Implementations.HttpServer.Security
|
||||
{
|
||||
@ -37,19 +38,19 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
/// </summary>
|
||||
public string HtmlRedirect { get; set; }
|
||||
|
||||
public void Authenticate(IServiceRequest request,
|
||||
public void Authenticate(IRequest request,
|
||||
IAuthenticationAttributes authAttribtues)
|
||||
{
|
||||
ValidateUser(request, authAttribtues);
|
||||
}
|
||||
|
||||
private void ValidateUser(IServiceRequest request,
|
||||
private void ValidateUser(IRequest request,
|
||||
IAuthenticationAttributes authAttribtues)
|
||||
{
|
||||
// This code is executed before the service
|
||||
var auth = AuthorizationContext.GetAuthorizationInfo(request);
|
||||
|
||||
if (!IsExemptFromAuthenticationToken(auth, authAttribtues))
|
||||
if (!IsExemptFromAuthenticationToken(auth, authAttribtues, request))
|
||||
{
|
||||
var valid = IsValidConnectKey(auth.Token);
|
||||
|
||||
@ -75,7 +76,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
|
||||
var info = GetTokenInfo(request);
|
||||
|
||||
if (!IsExemptFromRoles(auth, authAttribtues, info))
|
||||
if (!IsExemptFromRoles(auth, authAttribtues, request, info))
|
||||
{
|
||||
var roles = authAttribtues.GetRoles();
|
||||
|
||||
@ -95,7 +96,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
}
|
||||
}
|
||||
|
||||
private void ValidateUserAccess(User user, IServiceRequest request,
|
||||
private void ValidateUserAccess(User user, IRequest request,
|
||||
IAuthenticationAttributes authAttribtues,
|
||||
AuthorizationInfo auth)
|
||||
{
|
||||
@ -111,7 +112,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
!authAttribtues.EscapeParentalControl &&
|
||||
!user.IsParentalScheduleAllowed())
|
||||
{
|
||||
request.AddResponseHeader("X-Application-Error-Code", "ParentalControl");
|
||||
request.Response.AddHeader("X-Application-Error-Code", "ParentalControl");
|
||||
|
||||
throw new SecurityException("This user account is not allowed access at this time.")
|
||||
{
|
||||
@ -131,23 +132,33 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
}
|
||||
}
|
||||
|
||||
private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues)
|
||||
private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, IRequest request)
|
||||
{
|
||||
if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
if (authAttribtues.AllowLocal && request.IsLocal)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, AuthenticationInfo tokenInfo)
|
||||
private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, IRequest request, AuthenticationInfo tokenInfo)
|
||||
{
|
||||
if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
if (authAttribtues.AllowLocal && request.IsLocal)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
if (string.IsNullOrWhiteSpace(auth.Token))
|
||||
{
|
||||
return true;
|
||||
@ -195,7 +206,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
}
|
||||
}
|
||||
|
||||
private AuthenticationInfo GetTokenInfo(IServiceRequest request)
|
||||
private AuthenticationInfo GetTokenInfo(IRequest request)
|
||||
{
|
||||
object info;
|
||||
request.Items.TryGetValue("OriginalAuthenticationInfo", out info);
|
||||
@ -212,7 +223,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
return ConnectManager.IsAuthorizationTokenValid(token);
|
||||
}
|
||||
|
||||
private void ValidateSecurityToken(IServiceRequest request, string token)
|
||||
private void ValidateSecurityToken(IRequest request, string token)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(token))
|
||||
{
|
||||
|
||||
@ -21,11 +21,10 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
|
||||
public AuthorizationInfo GetAuthorizationInfo(object requestContext)
|
||||
{
|
||||
var req = new ServiceRequest((IRequest)requestContext);
|
||||
return GetAuthorizationInfo(req);
|
||||
return GetAuthorizationInfo((IRequest)requestContext);
|
||||
}
|
||||
|
||||
public AuthorizationInfo GetAuthorizationInfo(IServiceRequest requestContext)
|
||||
public AuthorizationInfo GetAuthorizationInfo(IRequest requestContext)
|
||||
{
|
||||
object cached;
|
||||
if (requestContext.Items.TryGetValue("AuthorizationInfo", out cached))
|
||||
@ -41,7 +40,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
/// </summary>
|
||||
/// <param name="httpReq">The HTTP req.</param>
|
||||
/// <returns>Dictionary{System.StringSystem.String}.</returns>
|
||||
private AuthorizationInfo GetAuthorization(IServiceRequest httpReq)
|
||||
private AuthorizationInfo GetAuthorization(IRequest httpReq)
|
||||
{
|
||||
var auth = GetAuthorizationDictionary(httpReq);
|
||||
|
||||
@ -135,7 +134,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
/// </summary>
|
||||
/// <param name="httpReq">The HTTP req.</param>
|
||||
/// <returns>Dictionary{System.StringSystem.String}.</returns>
|
||||
private Dictionary<string, string> GetAuthorizationDictionary(IServiceRequest httpReq)
|
||||
private Dictionary<string, string> GetAuthorizationDictionary(IRequest httpReq)
|
||||
{
|
||||
var auth = httpReq.Headers["X-Emby-Authorization"];
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
_sessionManager = sessionManager;
|
||||
}
|
||||
|
||||
public Task<SessionInfo> GetSession(IServiceRequest requestContext)
|
||||
public Task<SessionInfo> GetSession(IRequest requestContext)
|
||||
{
|
||||
var authorization = _authContext.GetAuthorizationInfo(requestContext);
|
||||
|
||||
@ -38,7 +38,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
return _sessionManager.LogSessionActivity(authorization.Client, authorization.Version, authorization.DeviceId, authorization.Device, requestContext.RemoteIp, user);
|
||||
}
|
||||
|
||||
private AuthenticationInfo GetTokenInfo(IServiceRequest request)
|
||||
private AuthenticationInfo GetTokenInfo(IRequest request)
|
||||
{
|
||||
object info;
|
||||
request.Items.TryGetValue("OriginalAuthenticationInfo", out info);
|
||||
@ -47,11 +47,10 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
|
||||
public Task<SessionInfo> GetSession(object requestContext)
|
||||
{
|
||||
var req = new ServiceRequest((IRequest)requestContext);
|
||||
return GetSession(req);
|
||||
return GetSession((IRequest)requestContext);
|
||||
}
|
||||
|
||||
public async Task<User> GetUser(IServiceRequest requestContext)
|
||||
public async Task<User> GetUser(IRequest requestContext)
|
||||
{
|
||||
var session = await GetSession(requestContext).ConfigureAwait(false);
|
||||
|
||||
@ -60,8 +59,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||
|
||||
public Task<User> GetUser(object requestContext)
|
||||
{
|
||||
var req = new ServiceRequest((IRequest)requestContext);
|
||||
return GetUser(req);
|
||||
return GetUser((IRequest)requestContext);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -43,7 +43,7 @@ namespace MediaBrowser.Api.System
|
||||
/// Class RestartApplication
|
||||
/// </summary>
|
||||
[Route("/System/Restart", "POST", Summary = "Restarts the application, if needed")]
|
||||
[Authenticated(Roles = "Admin")]
|
||||
[Authenticated(Roles = "Admin", AllowLocal = true)]
|
||||
public class RestartApplication
|
||||
{
|
||||
}
|
||||
@ -52,10 +52,9 @@ namespace MediaBrowser.Api.System
|
||||
/// This is currently not authenticated because the uninstaller needs to be able to shutdown the server.
|
||||
/// </summary>
|
||||
[Route("/System/Shutdown", "POST", Summary = "Shuts down the application")]
|
||||
[Authenticated(Roles = "Admin", AllowLocal = true)]
|
||||
public class ShutdownApplication
|
||||
{
|
||||
// TODO: This is not currently authenticated due to uninstaller
|
||||
// Improve later
|
||||
}
|
||||
|
||||
[Route("/System/Logs", "GET", Summary = "Gets a list of available server log files")]
|
||||
@ -126,7 +125,7 @@ namespace MediaBrowser.Api.System
|
||||
}
|
||||
catch (IOException)
|
||||
{
|
||||
files = new FileSystemMetadata[]{};
|
||||
files = new FileSystemMetadata[] { };
|
||||
}
|
||||
|
||||
var result = files.Select(i => new LogFile
|
||||
|
||||
@ -183,14 +183,12 @@
|
||||
<Compile Include="Net\IHttpResultFactory.cs" />
|
||||
<Compile Include="Net\IHttpServer.cs" />
|
||||
<Compile Include="Net\IServerManager.cs" />
|
||||
<Compile Include="Net\IServiceRequest.cs" />
|
||||
<Compile Include="Net\ISessionContext.cs" />
|
||||
<Compile Include="Net\IWebSocket.cs" />
|
||||
<Compile Include="Net\IWebSocketConnection.cs" />
|
||||
<Compile Include="Net\IWebSocketListener.cs" />
|
||||
<Compile Include="Net\LoggedAttribute.cs" />
|
||||
<Compile Include="Net\SecurityException.cs" />
|
||||
<Compile Include="Net\ServiceRequest.cs" />
|
||||
<Compile Include="Net\StaticResultOptions.cs" />
|
||||
<Compile Include="Net\WebSocketConnectEventArgs.cs" />
|
||||
<Compile Include="Net\WebSocketMessageInfo.cs" />
|
||||
|
||||
@ -25,6 +25,8 @@ namespace MediaBrowser.Controller.Net
|
||||
/// <value><c>true</c> if [allow before startup wizard]; otherwise, <c>false</c>.</value>
|
||||
public bool AllowBeforeStartupWizard { get; set; }
|
||||
|
||||
public bool AllowLocal { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// The request filter is executed before the service.
|
||||
/// </summary>
|
||||
@ -33,9 +35,7 @@ namespace MediaBrowser.Controller.Net
|
||||
/// <param name="requestDto">The request DTO</param>
|
||||
public void RequestFilter(IRequest request, IResponse response, object requestDto)
|
||||
{
|
||||
var serviceRequest = new ServiceRequest(request);
|
||||
|
||||
AuthService.Authenticate(serviceRequest, this);
|
||||
AuthService.Authenticate(request, this);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@ -59,6 +59,7 @@ namespace MediaBrowser.Controller.Net
|
||||
{
|
||||
bool EscapeParentalControl { get; }
|
||||
bool AllowBeforeStartupWizard { get; }
|
||||
bool AllowLocal { get; }
|
||||
|
||||
string[] GetRoles();
|
||||
}
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
|
||||
using MediaBrowser.Model.Services;
|
||||
|
||||
namespace MediaBrowser.Controller.Net
|
||||
{
|
||||
public interface IAuthService
|
||||
{
|
||||
void Authenticate(IServiceRequest request,
|
||||
IAuthenticationAttributes authAttribtues);
|
||||
void Authenticate(IRequest request, IAuthenticationAttributes authAttribtues);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
|
||||
using MediaBrowser.Model.Services;
|
||||
|
||||
namespace MediaBrowser.Controller.Net
|
||||
{
|
||||
public interface IAuthorizationContext
|
||||
@ -15,6 +16,6 @@ namespace MediaBrowser.Controller.Net
|
||||
/// </summary>
|
||||
/// <param name="requestContext">The request context.</param>
|
||||
/// <returns>AuthorizationInfo.</returns>
|
||||
AuthorizationInfo GetAuthorizationInfo(IServiceRequest requestContext);
|
||||
AuthorizationInfo GetAuthorizationInfo(IRequest requestContext);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,14 +0,0 @@
|
||||
using System.Collections.Generic;
|
||||
using MediaBrowser.Model.Services;
|
||||
|
||||
namespace MediaBrowser.Controller.Net
|
||||
{
|
||||
public interface IServiceRequest
|
||||
{
|
||||
string RemoteIp { get; }
|
||||
QueryParamCollection Headers { get; }
|
||||
QueryParamCollection QueryString { get; }
|
||||
IDictionary<string,object> Items { get; }
|
||||
void AddResponseHeader(string name, string value);
|
||||
}
|
||||
}
|
||||
@ -1,6 +1,7 @@
|
||||
using MediaBrowser.Controller.Entities;
|
||||
using MediaBrowser.Controller.Session;
|
||||
using System.Threading.Tasks;
|
||||
using MediaBrowser.Model.Services;
|
||||
|
||||
namespace MediaBrowser.Controller.Net
|
||||
{
|
||||
@ -9,7 +10,7 @@ namespace MediaBrowser.Controller.Net
|
||||
Task<SessionInfo> GetSession(object requestContext);
|
||||
Task<User> GetUser(object requestContext);
|
||||
|
||||
Task<SessionInfo> GetSession(IServiceRequest requestContext);
|
||||
Task<User> GetUser(IServiceRequest requestContext);
|
||||
Task<SessionInfo> GetSession(IRequest requestContext);
|
||||
Task<User> GetUser(IRequest requestContext);
|
||||
}
|
||||
}
|
||||
|
||||
@ -30,10 +30,8 @@ namespace MediaBrowser.Controller.Net
|
||||
/// <param name="requestDto">The request DTO</param>
|
||||
public void Filter(IRequest request, IResponse response, object requestDto)
|
||||
{
|
||||
var serviceRequest = new ServiceRequest(request);
|
||||
|
||||
//This code is executed before the service
|
||||
var auth = AuthorizationContext.GetAuthorizationInfo(serviceRequest);
|
||||
var auth = AuthorizationContext.GetAuthorizationInfo(request);
|
||||
|
||||
if (auth != null)
|
||||
{
|
||||
|
||||
@ -1,42 +0,0 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Collections.Specialized;
|
||||
using MediaBrowser.Model.Services;
|
||||
|
||||
namespace MediaBrowser.Controller.Net
|
||||
{
|
||||
public class ServiceRequest : IServiceRequest
|
||||
{
|
||||
private readonly IRequest _request;
|
||||
|
||||
public ServiceRequest(IRequest request)
|
||||
{
|
||||
_request = request;
|
||||
}
|
||||
|
||||
public string RemoteIp
|
||||
{
|
||||
get { return _request.RemoteIp; }
|
||||
}
|
||||
|
||||
public QueryParamCollection Headers
|
||||
{
|
||||
get { return _request.Headers; }
|
||||
}
|
||||
|
||||
public QueryParamCollection QueryString
|
||||
{
|
||||
get { return _request.QueryString; }
|
||||
}
|
||||
|
||||
public IDictionary<string, object> Items
|
||||
{
|
||||
get { return _request.Items; }
|
||||
}
|
||||
|
||||
public void AddResponseHeader(string name, string value)
|
||||
{
|
||||
_request.Response.AddHeader(name, value);
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user