diff --git a/Emby.Server.Implementations/ApplicationHost.cs b/Emby.Server.Implementations/ApplicationHost.cs
index 5ed0ad4155..c8af6b73a5 100644
--- a/Emby.Server.Implementations/ApplicationHost.cs
+++ b/Emby.Server.Implementations/ApplicationHost.cs
@@ -96,12 +96,12 @@ using MediaBrowser.Providers.Manager;
using MediaBrowser.Providers.Plugins.TheTvdb;
using MediaBrowser.Providers.Subtitles;
using MediaBrowser.XbmcMetadata.Providers;
-using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Prometheus.DotNetRuntime;
using OperatingSystem = MediaBrowser.Common.System.OperatingSystem;
+using WebSocketManager = Emby.Server.Implementations.HttpServer.WebSocketManager;
namespace Emby.Server.Implementations
{
@@ -122,9 +122,11 @@ namespace Emby.Server.Implementations
private IMediaEncoder _mediaEncoder;
private ISessionManager _sessionManager;
- private IHttpServer _httpServer;
+ private IWebSocketManager _webSocketManager;
private IHttpClient _httpClient;
+ private string[] _urlPrefixes;
+
///
/// Gets a value indicating whether this instance can self restart.
///
@@ -444,7 +446,6 @@ namespace Emby.Server.Implementations
Logger.LogInformation("Executed all pre-startup entry points in {Elapsed:g}", stopWatch.Elapsed);
Logger.LogInformation("Core startup complete");
- _httpServer.GlobalResponse = null;
stopWatch.Restart();
await Task.WhenAll(StartEntryPoints(entryPoints, false)).ConfigureAwait(false);
@@ -500,9 +501,6 @@ namespace Emby.Server.Implementations
RegisterServices();
}
- public Task ExecuteHttpHandlerAsync(HttpContext context, Func next)
- => _httpServer.RequestHandler(context, next);
-
///
/// Registers services/resources with the service collection that will be available via DI.
///
@@ -577,7 +575,7 @@ namespace Emby.Server.Implementations
ServiceCollection.AddSingleton();
- ServiceCollection.AddSingleton();
+ ServiceCollection.AddSingleton();
ServiceCollection.AddSingleton();
@@ -650,7 +648,7 @@ namespace Emby.Server.Implementations
_mediaEncoder = Resolve();
_sessionManager = Resolve();
- _httpServer = Resolve();
+ _webSocketManager = Resolve();
_httpClient = Resolve();
((AuthenticationRepository)Resolve()).Initialize();
@@ -771,7 +769,8 @@ namespace Emby.Server.Implementations
.Where(i => i != null)
.ToArray();
- _httpServer.Init(GetExports(), GetUrlPrefixes());
+ _urlPrefixes = GetUrlPrefixes().ToArray();
+ _webSocketManager.Init(GetExports());
Resolve().AddParts(
GetExports(),
@@ -937,7 +936,7 @@ namespace Emby.Server.Implementations
}
}
- if (!_httpServer.UrlPrefixes.SequenceEqual(GetUrlPrefixes(), StringComparer.OrdinalIgnoreCase))
+ if (!_urlPrefixes.SequenceEqual(GetUrlPrefixes(), StringComparer.OrdinalIgnoreCase))
{
requiresRestart = true;
}
diff --git a/Emby.Server.Implementations/ConfigurationOptions.cs b/Emby.Server.Implementations/ConfigurationOptions.cs
index 64ccff53b3..fde6fa1153 100644
--- a/Emby.Server.Implementations/ConfigurationOptions.cs
+++ b/Emby.Server.Implementations/ConfigurationOptions.cs
@@ -15,7 +15,7 @@ namespace Emby.Server.Implementations
public static Dictionary DefaultConfiguration => new Dictionary
{
{ HostWebClientKey, bool.TrueString },
- { HttpListenerHost.DefaultRedirectKey, "web/index.html" },
+ { DefaultRedirectKey, "web/index.html" },
{ FfmpegProbeSizeKey, "1G" },
{ FfmpegAnalyzeDurationKey, "200M" },
{ PlaylistsAllowDuplicatesKey, bool.TrueString },
diff --git a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs b/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs
deleted file mode 100644
index 27369960b0..0000000000
--- a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs
+++ /dev/null
@@ -1,315 +0,0 @@
-#pragma warning disable CS1591
-
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Net.WebSockets;
-using System.Threading.Tasks;
-using Jellyfin.Data.Events;
-using MediaBrowser.Common.Extensions;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Configuration;
-using MediaBrowser.Controller.Net;
-using MediaBrowser.Model.Globalization;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Primitives;
-
-namespace Emby.Server.Implementations.HttpServer
-{
- public class HttpListenerHost : IHttpServer
- {
- ///
- /// The key for a setting that specifies the default redirect path
- /// to use for requests where the URL base prefix is invalid or missing.
- ///
- public const string DefaultRedirectKey = "HttpListenerHost:DefaultRedirectPath";
-
- private readonly ILogger _logger;
- private readonly ILoggerFactory _loggerFactory;
- private readonly IServerConfigurationManager _config;
- private readonly INetworkManager _networkManager;
- private readonly string _defaultRedirectPath;
- private readonly string _baseUrlPrefix;
-
- private IWebSocketListener[] _webSocketListeners = Array.Empty();
- private bool _disposed = false;
-
- public HttpListenerHost(
- ILogger logger,
- IServerConfigurationManager config,
- IConfiguration configuration,
- INetworkManager networkManager,
- ILocalizationManager localizationManager,
- ILoggerFactory loggerFactory)
- {
- _logger = logger;
- _config = config;
- _defaultRedirectPath = configuration[DefaultRedirectKey];
- _baseUrlPrefix = _config.Configuration.BaseUrl;
- _networkManager = networkManager;
- _loggerFactory = loggerFactory;
-
- Instance = this;
- GlobalResponse = localizationManager.GetLocalizedString("StartupEmbyServerIsLoading");
- }
-
- public event EventHandler> WebSocketConnected;
-
- public static HttpListenerHost Instance { get; protected set; }
-
- public string[] UrlPrefixes { get; private set; }
-
- public string GlobalResponse { get; set; }
-
- private static string NormalizeConfiguredLocalAddress(string address)
- {
- var add = address.AsSpan().Trim('/');
- int index = add.IndexOf('/');
- if (index != -1)
- {
- add = add.Slice(index + 1);
- }
-
- return add.TrimStart('/').ToString();
- }
-
- private bool ValidateHost(string host)
- {
- var hosts = _config
- .Configuration
- .LocalNetworkAddresses
- .Select(NormalizeConfiguredLocalAddress)
- .ToList();
-
- if (hosts.Count == 0)
- {
- return true;
- }
-
- host ??= string.Empty;
-
- if (_networkManager.IsInPrivateAddressSpace(host))
- {
- hosts.Add("localhost");
- hosts.Add("127.0.0.1");
-
- return hosts.Any(i => host.IndexOf(i, StringComparison.OrdinalIgnoreCase) != -1);
- }
-
- return true;
- }
-
- private bool ValidateRequest(string remoteIp, bool isLocal)
- {
- if (isLocal)
- {
- return true;
- }
-
- if (_config.Configuration.EnableRemoteAccess)
- {
- var addressFilter = _config.Configuration.RemoteIPFilter.Where(i => !string.IsNullOrWhiteSpace(i)).ToArray();
-
- if (addressFilter.Length > 0 && !_networkManager.IsInLocalNetwork(remoteIp))
- {
- if (_config.Configuration.IsRemoteIPFilterBlacklist)
- {
- return !_networkManager.IsAddressInSubnets(remoteIp, addressFilter);
- }
- else
- {
- return _networkManager.IsAddressInSubnets(remoteIp, addressFilter);
- }
- }
- }
- else
- {
- if (!_networkManager.IsInLocalNetwork(remoteIp))
- {
- return false;
- }
- }
-
- return true;
- }
-
- ///
- public Task RequestHandler(HttpContext context, Func next)
- {
- if (context.WebSockets.IsWebSocketRequest)
- {
- return WebSocketRequestHandler(context);
- }
-
- return HttpRequestHandler(context, next);
- }
-
- ///
- /// Overridable method that can be used to implement a custom handler.
- ///
- private async Task HttpRequestHandler(HttpContext httpContext, Func next)
- {
- var cancellationToken = httpContext.RequestAborted;
- var httpRes = httpContext.Response;
- var host = httpContext.Request.Host.ToString();
- var localPath = httpContext.Request.Path.ToString();
- string remoteIp = httpContext.Request.RemoteIp();
-
- if (_disposed)
- {
- httpRes.StatusCode = 503;
- httpRes.ContentType = "text/plain";
- await httpRes.WriteAsync("Server shutting down", cancellationToken).ConfigureAwait(false);
- return;
- }
-
- if (!ValidateHost(host))
- {
- httpRes.StatusCode = 400;
- httpRes.ContentType = "text/plain";
- await httpRes.WriteAsync("Invalid host", cancellationToken).ConfigureAwait(false);
- return;
- }
-
- if (!ValidateRequest(remoteIp, httpContext.Request.IsLocal()))
- {
- httpRes.StatusCode = 403;
- httpRes.ContentType = "text/plain";
- await httpRes.WriteAsync("Forbidden", cancellationToken).ConfigureAwait(false);
- return;
- }
-
- if (string.Equals(httpContext.Request.Method, "OPTIONS", StringComparison.OrdinalIgnoreCase))
- {
- httpRes.StatusCode = 200;
- foreach (var (key, value) in GetDefaultCorsHeaders(httpContext))
- {
- httpRes.Headers.Add(key, value);
- }
-
- httpRes.ContentType = "text/plain";
- await httpRes.WriteAsync(string.Empty, cancellationToken).ConfigureAwait(false);
- return;
- }
-
- if (string.Equals(localPath, _baseUrlPrefix + "/", StringComparison.OrdinalIgnoreCase)
- || string.Equals(localPath, _baseUrlPrefix, StringComparison.OrdinalIgnoreCase)
- || string.Equals(localPath, "/", StringComparison.OrdinalIgnoreCase)
- || string.IsNullOrEmpty(localPath)
- || !localPath.StartsWith(_baseUrlPrefix, StringComparison.OrdinalIgnoreCase))
- {
- // Always redirect back to the default path if the base prefix is invalid or missing
- _logger.LogDebug("Normalizing a URL at {0}", localPath);
- httpRes.Redirect(_baseUrlPrefix + "/" + _defaultRedirectPath);
- return;
- }
-
- if (!string.IsNullOrEmpty(GlobalResponse))
- {
- // We don't want the address pings in ApplicationHost to fail
- if (localPath.IndexOf("system/ping", StringComparison.OrdinalIgnoreCase) == -1)
- {
- httpRes.StatusCode = 503;
- httpRes.ContentType = "text/html";
- await httpRes.WriteAsync(GlobalResponse, cancellationToken).ConfigureAwait(false);
- return;
- }
- }
-
- await next().ConfigureAwait(false);
- }
-
- private async Task WebSocketRequestHandler(HttpContext context)
- {
- if (_disposed)
- {
- return;
- }
-
- try
- {
- _logger.LogInformation("WS {IP} request", context.Connection.RemoteIpAddress);
-
- WebSocket webSocket = await context.WebSockets.AcceptWebSocketAsync().ConfigureAwait(false);
-
- using var connection = new WebSocketConnection(
- _loggerFactory.CreateLogger(),
- webSocket,
- context.Connection.RemoteIpAddress,
- context.Request.Query)
- {
- OnReceive = ProcessWebSocketMessageReceived
- };
-
- WebSocketConnected?.Invoke(this, new GenericEventArgs(connection));
-
- await connection.ProcessAsync().ConfigureAwait(false);
- _logger.LogInformation("WS {IP} closed", context.Connection.RemoteIpAddress);
- }
- catch (Exception ex) // Otherwise ASP.Net will ignore the exception
- {
- _logger.LogError(ex, "WS {IP} WebSocketRequestHandler error", context.Connection.RemoteIpAddress);
- if (!context.Response.HasStarted)
- {
- context.Response.StatusCode = 500;
- }
- }
- }
-
- ///
- public IDictionary GetDefaultCorsHeaders(HttpContext httpContext)
- {
- var origin = httpContext.Request.Headers["Origin"];
- if (origin == StringValues.Empty)
- {
- origin = httpContext.Request.Headers["Host"];
- if (origin == StringValues.Empty)
- {
- origin = "*";
- }
- }
-
- var headers = new Dictionary();
- headers.Add("Access-Control-Allow-Origin", origin);
- headers.Add("Access-Control-Allow-Credentials", "true");
- headers.Add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, PATCH, OPTIONS");
- headers.Add("Access-Control-Allow-Headers", "Content-Type, Authorization, Range, X-MediaBrowser-Token, X-Emby-Authorization, Cookie");
- return headers;
- }
-
- ///
- /// Adds the rest handlers.
- ///
- /// The web socket listeners.
- /// The URL prefixes. See .
- public void Init(IEnumerable listeners, IEnumerable urlPrefixes)
- {
- _webSocketListeners = listeners.ToArray();
- UrlPrefixes = urlPrefixes.ToArray();
- }
-
- ///
- /// Processes the web socket message received.
- ///
- /// The result.
- private Task ProcessWebSocketMessageReceived(WebSocketMessageInfo result)
- {
- if (_disposed)
- {
- return Task.CompletedTask;
- }
-
- IEnumerable GetTasks()
- {
- foreach (var x in _webSocketListeners)
- {
- yield return x.ProcessMessageAsync(result);
- }
- }
-
- return Task.WhenAll(GetTasks());
- }
- }
-}
diff --git a/Emby.Server.Implementations/HttpServer/WebSocketManager.cs b/Emby.Server.Implementations/HttpServer/WebSocketManager.cs
new file mode 100644
index 0000000000..89c1b7ea08
--- /dev/null
+++ b/Emby.Server.Implementations/HttpServer/WebSocketManager.cs
@@ -0,0 +1,102 @@
+#pragma warning disable CS1591
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.WebSockets;
+using System.Threading.Tasks;
+using Jellyfin.Data.Events;
+using MediaBrowser.Controller.Net;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+
+namespace Emby.Server.Implementations.HttpServer
+{
+ public class WebSocketManager : IWebSocketManager
+ {
+ private readonly ILogger _logger;
+ private readonly ILoggerFactory _loggerFactory;
+
+ private IWebSocketListener[] _webSocketListeners = Array.Empty();
+ private bool _disposed = false;
+
+ public WebSocketManager(
+ ILogger logger,
+ ILoggerFactory loggerFactory)
+ {
+ _logger = logger;
+ _loggerFactory = loggerFactory;
+ }
+
+ public event EventHandler> WebSocketConnected;
+
+ ///
+ public async Task WebSocketRequestHandler(HttpContext context)
+ {
+ if (_disposed)
+ {
+ return;
+ }
+
+ try
+ {
+ _logger.LogInformation("WS {IP} request", context.Connection.RemoteIpAddress);
+
+ WebSocket webSocket = await context.WebSockets.AcceptWebSocketAsync().ConfigureAwait(false);
+
+ using var connection = new WebSocketConnection(
+ _loggerFactory.CreateLogger(),
+ webSocket,
+ context.Connection.RemoteIpAddress,
+ context.Request.Query)
+ {
+ OnReceive = ProcessWebSocketMessageReceived
+ };
+
+ WebSocketConnected?.Invoke(this, new GenericEventArgs(connection));
+
+ await connection.ProcessAsync().ConfigureAwait(false);
+ _logger.LogInformation("WS {IP} closed", context.Connection.RemoteIpAddress);
+ }
+ catch (Exception ex) // Otherwise ASP.Net will ignore the exception
+ {
+ _logger.LogError(ex, "WS {IP} WebSocketRequestHandler error", context.Connection.RemoteIpAddress);
+ if (!context.Response.HasStarted)
+ {
+ context.Response.StatusCode = 500;
+ }
+ }
+ }
+
+ ///
+ /// Adds the rest handlers.
+ ///
+ /// The web socket listeners.
+ public void Init(IEnumerable listeners)
+ {
+ _webSocketListeners = listeners.ToArray();
+ }
+
+ ///
+ /// Processes the web socket message received.
+ ///
+ /// The result.
+ private Task ProcessWebSocketMessageReceived(WebSocketMessageInfo result)
+ {
+ if (_disposed)
+ {
+ return Task.CompletedTask;
+ }
+
+ IEnumerable GetTasks()
+ {
+ foreach (var x in _webSocketListeners)
+ {
+ yield return x.ProcessMessageAsync(result);
+ }
+ }
+
+ return Task.WhenAll(GetTasks());
+ }
+ }
+}
diff --git a/Emby.Server.Implementations/Session/SessionWebSocketListener.cs b/Emby.Server.Implementations/Session/SessionWebSocketListener.cs
index 1da7a64730..15c2af220d 100644
--- a/Emby.Server.Implementations/Session/SessionWebSocketListener.cs
+++ b/Emby.Server.Implementations/Session/SessionWebSocketListener.cs
@@ -44,7 +44,7 @@ namespace Emby.Server.Implementations.Session
private readonly ILogger _logger;
private readonly ILoggerFactory _loggerFactory;
- private readonly IHttpServer _httpServer;
+ private readonly IWebSocketManager _webSocketManager;
///
/// The KeepAlive cancellation token.
@@ -72,19 +72,19 @@ namespace Emby.Server.Implementations.Session
/// The logger.
/// The session manager.
/// The logger factory.
- /// The HTTP server.
+ /// The HTTP server.
public SessionWebSocketListener(
ILogger logger,
ISessionManager sessionManager,
ILoggerFactory loggerFactory,
- IHttpServer httpServer)
+ IWebSocketManager webSocketManager)
{
_logger = logger;
_sessionManager = sessionManager;
_loggerFactory = loggerFactory;
- _httpServer = httpServer;
+ _webSocketManager = webSocketManager;
- httpServer.WebSocketConnected += OnServerManagerWebSocketConnected;
+ webSocketManager.WebSocketConnected += OnServerManagerWebSocketConnected;
}
private async void OnServerManagerWebSocketConnected(object sender, GenericEventArgs e)
@@ -121,7 +121,7 @@ namespace Emby.Server.Implementations.Session
///
public void Dispose()
{
- _httpServer.WebSocketConnected -= OnServerManagerWebSocketConnected;
+ _webSocketManager.WebSocketConnected -= OnServerManagerWebSocketConnected;
StopKeepAlive();
}
diff --git a/Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs b/Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs
index 745567703f..33a8d75320 100644
--- a/Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs
@@ -1,3 +1,4 @@
+using Jellyfin.Server.Middleware;
using MediaBrowser.Controller.Configuration;
using Microsoft.AspNetCore.Builder;
@@ -46,5 +47,65 @@ namespace Jellyfin.Server.Extensions
c.RoutePrefix = $"{baseUrl}api-docs/redoc";
});
}
+
+ ///
+ /// Adds IP based access validation to the application pipeline.
+ ///
+ /// The application builder.
+ /// The updated application builder.
+ public static IApplicationBuilder UseIpBasedAccessValidation(this IApplicationBuilder appBuilder)
+ {
+ return appBuilder.UseMiddleware();
+ }
+
+ ///
+ /// Adds LAN based access filtering to the application pipeline.
+ ///
+ /// The application builder.
+ /// The updated application builder.
+ public static IApplicationBuilder UseLanFiltering(this IApplicationBuilder appBuilder)
+ {
+ return appBuilder.UseMiddleware();
+ }
+
+ ///
+ /// Adds CORS OPTIONS request handling to the application pipeline.
+ ///
+ /// The application builder.
+ /// The updated application builder.
+ public static IApplicationBuilder UseCorsOptionsResponse(this IApplicationBuilder appBuilder)
+ {
+ return appBuilder.UseMiddleware();
+ }
+
+ ///
+ /// Adds base url redirection to the application pipeline.
+ ///
+ /// The application builder.
+ /// The updated application builder.
+ public static IApplicationBuilder UseBaseUrlRedirection(this IApplicationBuilder appBuilder)
+ {
+ return appBuilder.UseMiddleware();
+ }
+
+ ///
+ /// Adds a custom message during server startup to the application pipeline.
+ ///
+ /// The application builder.
+ /// The updated application builder.
+ public static IApplicationBuilder UseServerStartupMessage(this IApplicationBuilder appBuilder)
+ {
+ return appBuilder.UseMiddleware();
+ }
+
+ ///
+ /// Adds a WebSocket request handler to the application pipeline.
+ ///
+ /// The application builder.
+ /// The updated application builder.
+ public static IApplicationBuilder UseWebSocketHandler(this IApplicationBuilder appBuilder)
+ {
+ return appBuilder.UseMiddleware();
+ }
}
}
diff --git a/Jellyfin.Server/Middleware/BaseUrlRedirectionMiddleware.cs b/Jellyfin.Server/Middleware/BaseUrlRedirectionMiddleware.cs
new file mode 100644
index 0000000000..9316737bdf
--- /dev/null
+++ b/Jellyfin.Server/Middleware/BaseUrlRedirectionMiddleware.cs
@@ -0,0 +1,62 @@
+using System;
+using System.Threading.Tasks;
+using MediaBrowser.Controller.Configuration;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging;
+using ConfigurationExtensions = MediaBrowser.Controller.Extensions.ConfigurationExtensions;
+
+namespace Jellyfin.Server.Middleware
+{
+ ///
+ /// Redirect requests without baseurl prefix to the baseurl prefixed URL.
+ ///
+ public class BaseUrlRedirectionMiddleware
+ {
+ private readonly RequestDelegate _next;
+ private readonly ILogger _logger;
+ private readonly IConfiguration _configuration;
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// The next delegate in the pipeline.
+ /// The logger.
+ /// The application configuration.
+ public BaseUrlRedirectionMiddleware(
+ RequestDelegate next,
+ ILogger logger,
+ IConfiguration configuration)
+ {
+ _next = next;
+ _logger = logger;
+ _configuration = configuration;
+ }
+
+ ///
+ /// Executes the middleware action.
+ ///
+ /// The current HTTP context.
+ /// The server configuration manager.
+ /// The async task.
+ public async Task Invoke(HttpContext httpContext, IServerConfigurationManager serverConfigurationManager)
+ {
+ var localPath = httpContext.Request.Path.ToString();
+ var baseUrlPrefix = serverConfigurationManager.Configuration.BaseUrl;
+
+ if (string.Equals(localPath, baseUrlPrefix + "/", StringComparison.OrdinalIgnoreCase)
+ || string.Equals(localPath, baseUrlPrefix, StringComparison.OrdinalIgnoreCase)
+ || string.Equals(localPath, "/", StringComparison.OrdinalIgnoreCase)
+ || string.IsNullOrEmpty(localPath)
+ || !localPath.StartsWith(baseUrlPrefix, StringComparison.OrdinalIgnoreCase))
+ {
+ // Always redirect back to the default path if the base prefix is invalid or missing
+ _logger.LogDebug("Normalizing an URL at {LocalPath}", localPath);
+ httpContext.Response.Redirect(baseUrlPrefix + "/" + _configuration[ConfigurationExtensions.DefaultRedirectKey]);
+ return;
+ }
+
+ await _next(httpContext).ConfigureAwait(false);
+ }
+ }
+}
diff --git a/Jellyfin.Server/Middleware/CorsOptionsResponseMiddleware.cs b/Jellyfin.Server/Middleware/CorsOptionsResponseMiddleware.cs
new file mode 100644
index 0000000000..8214f89079
--- /dev/null
+++ b/Jellyfin.Server/Middleware/CorsOptionsResponseMiddleware.cs
@@ -0,0 +1,69 @@
+using System;
+using System.Collections.Generic;
+using System.Net.Mime;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Primitives;
+
+namespace Jellyfin.Server.Middleware
+{
+ ///
+ /// Middleware for handling OPTIONS requests.
+ ///
+ public class CorsOptionsResponseMiddleware
+ {
+ private readonly RequestDelegate _next;
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// The next delegate in the pipeline.
+ public CorsOptionsResponseMiddleware(RequestDelegate next)
+ {
+ _next = next;
+ }
+
+ ///
+ /// Executes the middleware action.
+ ///
+ /// The current HTTP context.
+ /// The async task.
+ public async Task Invoke(HttpContext httpContext)
+ {
+ if (string.Equals(httpContext.Request.Method, HttpMethods.Options, StringComparison.OrdinalIgnoreCase))
+ {
+ httpContext.Response.StatusCode = 200;
+ foreach (var (key, value) in GetDefaultCorsHeaders(httpContext))
+ {
+ httpContext.Response.Headers.Add(key, value);
+ }
+
+ httpContext.Response.ContentType = MediaTypeNames.Text.Plain;
+ await httpContext.Response.WriteAsync(string.Empty, httpContext.RequestAborted).ConfigureAwait(false);
+ return;
+ }
+
+ await _next(httpContext).ConfigureAwait(false);
+ }
+
+ private static IDictionary GetDefaultCorsHeaders(HttpContext httpContext)
+ {
+ var origin = httpContext.Request.Headers["Origin"];
+ if (origin == StringValues.Empty)
+ {
+ origin = httpContext.Request.Headers["Host"];
+ if (origin == StringValues.Empty)
+ {
+ origin = "*";
+ }
+ }
+
+ var headers = new Dictionary();
+ headers.Add("Access-Control-Allow-Origin", origin);
+ headers.Add("Access-Control-Allow-Credentials", "true");
+ headers.Add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, PATCH, OPTIONS");
+ headers.Add("Access-Control-Allow-Headers", "Content-Type, Authorization, Range, X-MediaBrowser-Token, X-Emby-Authorization, Cookie");
+ return headers;
+ }
+ }
+}
diff --git a/Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs b/Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs
new file mode 100644
index 0000000000..59b5fb1ed2
--- /dev/null
+++ b/Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs
@@ -0,0 +1,76 @@
+using System.Linq;
+using System.Threading.Tasks;
+using MediaBrowser.Common.Extensions;
+using MediaBrowser.Common.Net;
+using MediaBrowser.Controller.Configuration;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Server.Middleware
+{
+ ///
+ /// Validates the IP of requests coming from local networks wrt. remote access.
+ ///
+ public class IpBasedAccessValidationMiddleware
+ {
+ private readonly RequestDelegate _next;
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// The next delegate in the pipeline.
+ public IpBasedAccessValidationMiddleware(RequestDelegate next)
+ {
+ _next = next;
+ }
+
+ ///
+ /// Executes the middleware action.
+ ///
+ /// The current HTTP context.
+ /// The network manager.
+ /// The server configuration manager.
+ /// The async task.
+ public async Task Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
+ {
+ if (httpContext.Request.IsLocal())
+ {
+ await _next(httpContext).ConfigureAwait(false);
+ return;
+ }
+
+ var remoteIp = httpContext.Request.RemoteIp();
+
+ if (serverConfigurationManager.Configuration.EnableRemoteAccess)
+ {
+ var addressFilter = serverConfigurationManager.Configuration.RemoteIPFilter.Where(i => !string.IsNullOrWhiteSpace(i)).ToArray();
+
+ if (addressFilter.Length > 0 && !networkManager.IsInLocalNetwork(remoteIp))
+ {
+ if (serverConfigurationManager.Configuration.IsRemoteIPFilterBlacklist)
+ {
+ if (networkManager.IsAddressInSubnets(remoteIp, addressFilter))
+ {
+ return;
+ }
+ }
+ else
+ {
+ if (!networkManager.IsAddressInSubnets(remoteIp, addressFilter))
+ {
+ return;
+ }
+ }
+ }
+ }
+ else
+ {
+ if (!networkManager.IsInLocalNetwork(remoteIp))
+ {
+ return;
+ }
+ }
+
+ await _next(httpContext).ConfigureAwait(false);
+ }
+ }
+}
diff --git a/Jellyfin.Server/Middleware/LanFilteringMiddleware.cs b/Jellyfin.Server/Middleware/LanFilteringMiddleware.cs
new file mode 100644
index 0000000000..9d795145aa
--- /dev/null
+++ b/Jellyfin.Server/Middleware/LanFilteringMiddleware.cs
@@ -0,0 +1,76 @@
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using MediaBrowser.Common.Net;
+using MediaBrowser.Controller.Configuration;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Server.Middleware
+{
+ ///
+ /// Validates the LAN host IP based on application configuration.
+ ///
+ public class LanFilteringMiddleware
+ {
+ private readonly RequestDelegate _next;
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// The next delegate in the pipeline.
+ public LanFilteringMiddleware(RequestDelegate next)
+ {
+ _next = next;
+ }
+
+ ///
+ /// Executes the middleware action.
+ ///
+ /// The current HTTP context.
+ /// The network manager.
+ /// The server configuration manager.
+ /// The async task.
+ public async Task Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
+ {
+ var currentHost = httpContext.Request.Host.ToString();
+ var hosts = serverConfigurationManager
+ .Configuration
+ .LocalNetworkAddresses
+ .Select(NormalizeConfiguredLocalAddress)
+ .ToList();
+
+ if (hosts.Count == 0)
+ {
+ await _next(httpContext).ConfigureAwait(false);
+ return;
+ }
+
+ currentHost ??= string.Empty;
+
+ if (networkManager.IsInPrivateAddressSpace(currentHost))
+ {
+ hosts.Add("localhost");
+ hosts.Add("127.0.0.1");
+
+ if (hosts.All(i => currentHost.IndexOf(i, StringComparison.OrdinalIgnoreCase) == -1))
+ {
+ return;
+ }
+ }
+
+ await _next(httpContext).ConfigureAwait(false);
+ }
+
+ private static string NormalizeConfiguredLocalAddress(string address)
+ {
+ var add = address.AsSpan().Trim('/');
+ int index = add.IndexOf('/');
+ if (index != -1)
+ {
+ add = add.Slice(index + 1);
+ }
+
+ return add.TrimStart('/').ToString();
+ }
+ }
+}
diff --git a/Jellyfin.Server/Middleware/ServerStartupMessageMiddleware.cs b/Jellyfin.Server/Middleware/ServerStartupMessageMiddleware.cs
new file mode 100644
index 0000000000..4f347d6d3b
--- /dev/null
+++ b/Jellyfin.Server/Middleware/ServerStartupMessageMiddleware.cs
@@ -0,0 +1,38 @@
+using System.Net.Mime;
+using System.Threading.Tasks;
+using MediaBrowser.Model.Globalization;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Server.Middleware
+{
+ ///
+ /// Shows a custom message during server startup.
+ ///
+ public class ServerStartupMessageMiddleware
+ {
+ private readonly RequestDelegate _next;
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// The next delegate in the pipeline.
+ public ServerStartupMessageMiddleware(RequestDelegate next)
+ {
+ _next = next;
+ }
+
+ ///
+ /// Executes the middleware action.
+ ///
+ /// The current HTTP context.
+ /// The localization manager.
+ /// The async task.
+ public async Task Invoke(HttpContext httpContext, ILocalizationManager localizationManager)
+ {
+ var message = localizationManager.GetLocalizedString("StartupEmbyServerIsLoading");
+ httpContext.Response.StatusCode = StatusCodes.Status503ServiceUnavailable;
+ httpContext.Response.ContentType = MediaTypeNames.Text.Html;
+ await httpContext.Response.WriteAsync(message, httpContext.RequestAborted).ConfigureAwait(false);
+ }
+ }
+}
diff --git a/Jellyfin.Server/Middleware/WebSocketHandlerMiddleware.cs b/Jellyfin.Server/Middleware/WebSocketHandlerMiddleware.cs
new file mode 100644
index 0000000000..b7a5d2b346
--- /dev/null
+++ b/Jellyfin.Server/Middleware/WebSocketHandlerMiddleware.cs
@@ -0,0 +1,40 @@
+using System.Threading.Tasks;
+using MediaBrowser.Controller.Net;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Server.Middleware
+{
+ ///
+ /// Handles WebSocket requests.
+ ///
+ public class WebSocketHandlerMiddleware
+ {
+ private readonly RequestDelegate _next;
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// The next delegate in the pipeline.
+ public WebSocketHandlerMiddleware(RequestDelegate next)
+ {
+ _next = next;
+ }
+
+ ///
+ /// Executes the middleware action.
+ ///
+ /// The current HTTP context.
+ /// The WebSocket connection manager.
+ /// The async task.
+ public async Task Invoke(HttpContext httpContext, IWebSocketManager webSocketManager)
+ {
+ if (!httpContext.WebSockets.IsWebSocketRequest)
+ {
+ await _next(httpContext).ConfigureAwait(false);
+ return;
+ }
+
+ await webSocketManager.WebSocketRequestHandler(httpContext).ConfigureAwait(false);
+ }
+ }
+}
diff --git a/Jellyfin.Server/Program.cs b/Jellyfin.Server/Program.cs
index 14cc5f4c24..b9a90f9dbf 100644
--- a/Jellyfin.Server/Program.cs
+++ b/Jellyfin.Server/Program.cs
@@ -11,7 +11,6 @@ using System.Threading;
using System.Threading.Tasks;
using CommandLine;
using Emby.Server.Implementations;
-using Emby.Server.Implementations.HttpServer;
using Emby.Server.Implementations.IO;
using Emby.Server.Implementations.Networking;
using Jellyfin.Api.Controllers;
@@ -28,6 +27,7 @@ using Microsoft.Extensions.Logging.Abstractions;
using Serilog;
using Serilog.Extensions.Logging;
using SQLitePCL;
+using ConfigurationExtensions = MediaBrowser.Controller.Extensions.ConfigurationExtensions;
using ILogger = Microsoft.Extensions.Logging.ILogger;
namespace Jellyfin.Server
@@ -594,7 +594,7 @@ namespace Jellyfin.Server
var inMemoryDefaultConfig = ConfigurationOptions.DefaultConfiguration;
if (startupConfig != null && !startupConfig.HostWebClient())
{
- inMemoryDefaultConfig[HttpListenerHost.DefaultRedirectKey] = "api-docs/swagger";
+ inMemoryDefaultConfig[ConfigurationExtensions.DefaultRedirectKey] = "api-docs/swagger";
}
return config
diff --git a/Jellyfin.Server/Startup.cs b/Jellyfin.Server/Startup.cs
index 9316ab79ef..80f6794206 100644
--- a/Jellyfin.Server/Startup.cs
+++ b/Jellyfin.Server/Startup.cs
@@ -84,11 +84,9 @@ namespace Jellyfin.Server
///
/// The application builder.
/// The webhost environment.
- /// The server application host.
public void Configure(
IApplicationBuilder app,
- IWebHostEnvironment env,
- IServerApplicationHost serverApplicationHost)
+ IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
@@ -120,7 +118,11 @@ namespace Jellyfin.Server
app.UseHttpMetrics();
}
- app.Use(serverApplicationHost.ExecuteHttpHandlerAsync);
+ app.UseLanFiltering();
+ app.UseIpBasedAccessValidation();
+ app.UseCorsOptionsResponse();
+ app.UseBaseUrlRedirection();
+ app.UseWebSocketHandler();
app.UseEndpoints(endpoints =>
{
@@ -131,6 +133,8 @@ namespace Jellyfin.Server
}
});
+ app.UseServerStartupMessage();
+
// Add type descriptor for legacy datetime parsing.
TypeDescriptor.AddAttributes(typeof(DateTime?), new TypeConverterAttribute(typeof(DateTimeTypeConverter)));
}
diff --git a/MediaBrowser.Controller/Extensions/ConfigurationExtensions.cs b/MediaBrowser.Controller/Extensions/ConfigurationExtensions.cs
index 4c2209b67c..f9285c7682 100644
--- a/MediaBrowser.Controller/Extensions/ConfigurationExtensions.cs
+++ b/MediaBrowser.Controller/Extensions/ConfigurationExtensions.cs
@@ -8,6 +8,12 @@ namespace MediaBrowser.Controller.Extensions
///
public static class ConfigurationExtensions
{
+ ///
+ /// The key for a setting that specifies the default redirect path
+ /// to use for requests where the URL base prefix is invalid or missing..
+ ///
+ public const string DefaultRedirectKey = "DefaultRedirectPath";
+
///
/// The key for a setting that indicates whether the application should host web client content.
///
diff --git a/MediaBrowser.Controller/IServerApplicationHost.cs b/MediaBrowser.Controller/IServerApplicationHost.cs
index 39b896c0f5..d482c19d98 100644
--- a/MediaBrowser.Controller/IServerApplicationHost.cs
+++ b/MediaBrowser.Controller/IServerApplicationHost.cs
@@ -117,8 +117,7 @@ namespace MediaBrowser.Controller
IEnumerable GetWakeOnLanInfo();
string ExpandVirtualPath(string path);
- string ReverseVirtualPath(string path);
- Task ExecuteHttpHandlerAsync(HttpContext context, Func next);
+ string ReverseVirtualPath(string path);
}
}
diff --git a/MediaBrowser.Controller/Net/IHttpServer.cs b/MediaBrowser.Controller/Net/IHttpServer.cs
deleted file mode 100644
index 6739f2fa62..0000000000
--- a/MediaBrowser.Controller/Net/IHttpServer.cs
+++ /dev/null
@@ -1,50 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Jellyfin.Data.Events;
-using Microsoft.AspNetCore.Http;
-
-namespace MediaBrowser.Controller.Net
-{
- ///
- /// Interface IHttpServer.
- ///
- public interface IHttpServer
- {
- ///
- /// Gets the URL prefix.
- ///
- /// The URL prefix.
- string[] UrlPrefixes { get; }
-
- ///
- /// Occurs when [web socket connected].
- ///
- event EventHandler> WebSocketConnected;
-
- ///
- /// Inits this instance.
- ///
- void Init(IEnumerable listener, IEnumerable urlPrefixes);
-
- ///
- /// If set, all requests will respond with this message.
- ///
- string GlobalResponse { get; set; }
-
- ///
- /// The HTTP request handler.
- ///
- /// The current HTTP context.
- /// The next middleware in the ASP.NET pipeline.
- /// The task.
- Task RequestHandler(HttpContext context, Func next);
-
- ///
- /// Get the default CORS headers.
- ///
- /// The HTTP context of the current request.
- /// The default CORS headers for the context.
- IDictionary GetDefaultCorsHeaders(HttpContext httpContext);
- }
-}
diff --git a/MediaBrowser.Controller/Net/IWebSocketManager.cs b/MediaBrowser.Controller/Net/IWebSocketManager.cs
new file mode 100644
index 0000000000..e9f00ae88b
--- /dev/null
+++ b/MediaBrowser.Controller/Net/IWebSocketManager.cs
@@ -0,0 +1,32 @@
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Jellyfin.Data.Events;
+using Microsoft.AspNetCore.Http;
+
+namespace MediaBrowser.Controller.Net
+{
+ ///
+ /// Interface IHttpServer.
+ ///
+ public interface IWebSocketManager
+ {
+ ///
+ /// Occurs when [web socket connected].
+ ///
+ event EventHandler> WebSocketConnected;
+
+ ///
+ /// Inits this instance.
+ ///
+ /// The websocket listeners.
+ void Init(IEnumerable listeners);
+
+ ///
+ /// The HTTP request handler.
+ ///
+ /// The current HTTP context.
+ /// The task.
+ Task WebSocketRequestHandler(HttpContext context);
+ }
+}