Merge remote-tracking branch 'upstream/master' into dynamic-cors

5 files changed, 327 insertions, 3 deletions

diff --git a/Emby.Server.Implementations/ApplicationHost.cs b/Emby.Server.Implementations/ApplicationHost.cs
index cb63cc85e..e9b063277 100644
--- a/Emby.Server.Implementations/ApplicationHost.cs
+++ b/Emby.Server.Implementations/ApplicationHost.cs
@@ -37,6 +37,7 @@ using Emby.Server.Implementations.LiveTv;
 using Emby.Server.Implementations.Localization;
 using Emby.Server.Implementations.Net;
 using Emby.Server.Implementations.Playlists;
+using Emby.Server.Implementations.QuickConnect;
 using Emby.Server.Implementations.ScheduledTasks;
 using Emby.Server.Implementations.Security;
 using Emby.Server.Implementations.Serialization;
@@ -71,6 +72,7 @@ using MediaBrowser.Controller.Persistence;
 using MediaBrowser.Controller.Playlists;
 using MediaBrowser.Controller.Plugins;
 using MediaBrowser.Controller.Providers;
+using MediaBrowser.Controller.QuickConnect;
 using MediaBrowser.Controller.Resolvers;
 using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
@@ -97,6 +99,7 @@ using MediaBrowser.Providers.Plugins.TheTvdb;
 using MediaBrowser.Providers.Subtitles;
 using MediaBrowser.XbmcMetadata.Providers;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Prometheus.DotNetRuntime;
@@ -626,6 +629,7 @@ namespace Emby.Server.Implementations
             ServiceCollection.AddSingleton<ISessionContext, SessionContext>();
 
             ServiceCollection.AddSingleton<IAuthService, AuthService>();
+            ServiceCollection.AddSingleton<IQuickConnect, QuickConnectManager>();
 
             ServiceCollection.AddSingleton<ISubtitleEncoder, MediaBrowser.MediaEncoding.Subtitles.SubtitleEncoder>();
 
@@ -1393,6 +1397,20 @@ namespace Emby.Server.Implementations
             _plugins = list.ToArray();
         }
 
+        public IEnumerable<Assembly> GetApiPluginAssemblies()
+        {
+            var assemblies = _allConcreteTypes
+                .Where(i => typeof(ControllerBase).IsAssignableFrom(i))
+                .Select(i => i.Assembly)
+                .Distinct();
+
+            foreach (var assembly in assemblies)
+            {
+                Logger.LogDebug("Found API endpoints in plugin {name}", assembly.FullName);
+                yield return assembly;
+            }
+        }
+
         public virtual void LaunchUrl(string url)
         {
             if (!CanLaunchWebBrowser)
diff --git a/Emby.Server.Implementations/Emby.Server.Implementations.csproj b/Emby.Server.Implementations/Emby.Server.Implementations.csproj
index 60564f700..56fc57327 100644
--- a/Emby.Server.Implementations/Emby.Server.Implementations.csproj
+++ b/Emby.Server.Implementations/Emby.Server.Implementations.csproj
@@ -22,7 +22,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="IPNetwork2" Version="2.5.211" />
+    <PackageReference Include="IPNetwork2" Version="2.5.224" />
     <PackageReference Include="Jellyfin.XmlTv" Version="10.6.2" />
     <PackageReference Include="Microsoft.AspNetCore.Hosting" Version="2.2.7" />
     <PackageReference Include="Microsoft.AspNetCore.Hosting.Abstractions" Version="2.2.0" />
@@ -37,7 +37,7 @@
     <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="3.1.6" />
     <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="3.1.6" />
     <PackageReference Include="Mono.Nat" Version="2.0.2" />
-    <PackageReference Include="prometheus-net.DotNetRuntime" Version="3.3.1" />
+    <PackageReference Include="prometheus-net.DotNetRuntime" Version="3.4.0" />
     <PackageReference Include="ServiceStack.Text.Core" Version="5.9.2" />
     <PackageReference Include="sharpcompress" Version="0.26.0" />
     <PackageReference Include="SQLitePCL.pretty.netstandard" Version="2.1.0" />
diff --git a/Emby.Server.Implementations/Localization/Core/es_DO.json b/Emby.Server.Implementations/Localization/Core/es_DO.json
index 0ef16542f..26732eb3f 100644
--- a/Emby.Server.Implementations/Localization/Core/es_DO.json
+++ b/Emby.Server.Implementations/Localization/Core/es_DO.json
@@ -17,5 +17,8 @@
     "Genres": "Géneros",
     "Folders": "Carpetas",
     "Favorites": "Favoritos",
-    "FailedLoginAttemptWithUserName": "Intento de inicio de sesión fallido de {0}"
+    "FailedLoginAttemptWithUserName": "Intento de inicio de sesión fallido de {0}",
+    "HeaderFavoriteSongs": "Canciones Favoritas",
+    "HeaderFavoriteEpisodes": "Episodios Favoritos",
+    "HeaderFavoriteArtists": "Artistas Favoritos"
 }
diff --git a/Emby.Server.Implementations/QuickConnect/QuickConnectManager.cs b/Emby.Server.Implementations/QuickConnect/QuickConnectManager.cs
new file mode 100644
index 000000000..140a67541
--- /dev/null
+++ b/Emby.Server.Implementations/QuickConnect/QuickConnectManager.cs
@@ -0,0 +1,285 @@
+using System;
+using System.Collections.Concurrent;
+using System.Globalization;
+using System.Linq;
+using System.Security.Cryptography;
+using MediaBrowser.Common;
+using MediaBrowser.Common.Extensions;
+using MediaBrowser.Controller;
+using MediaBrowser.Controller.Authentication;
+using MediaBrowser.Controller.Configuration;
+using MediaBrowser.Controller.Net;
+using MediaBrowser.Controller.QuickConnect;
+using MediaBrowser.Controller.Security;
+using MediaBrowser.Model.QuickConnect;
+using Microsoft.Extensions.Logging;
+
+namespace Emby.Server.Implementations.QuickConnect
+{
+    /// <summary>
+    /// Quick connect implementation.
+    /// </summary>
+    public class QuickConnectManager : IQuickConnect, IDisposable
+    {
+        private readonly RNGCryptoServiceProvider _rng = new RNGCryptoServiceProvider();
+        private readonly ConcurrentDictionary<string, QuickConnectResult> _currentRequests = new ConcurrentDictionary<string, QuickConnectResult>();
+
+        private readonly IServerConfigurationManager _config;
+        private readonly ILogger<QuickConnectManager> _logger;
+        private readonly IAuthenticationRepository _authenticationRepository;
+        private readonly IAuthorizationContext _authContext;
+        private readonly IServerApplicationHost _appHost;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="QuickConnectManager"/> class.
+        /// Should only be called at server startup when a singleton is created.
+        /// </summary>
+        /// <param name="config">Configuration.</param>
+        /// <param name="logger">Logger.</param>
+        /// <param name="appHost">Application host.</param>
+        /// <param name="authContext">Authentication context.</param>
+        /// <param name="authenticationRepository">Authentication repository.</param>
+        public QuickConnectManager(
+            IServerConfigurationManager config,
+            ILogger<QuickConnectManager> logger,
+            IServerApplicationHost appHost,
+            IAuthorizationContext authContext,
+            IAuthenticationRepository authenticationRepository)
+        {
+            _config = config;
+            _logger = logger;
+            _appHost = appHost;
+            _authContext = authContext;
+            _authenticationRepository = authenticationRepository;
+
+            ReloadConfiguration();
+        }
+
+        /// <inheritdoc/>
+        public int CodeLength { get; set; } = 6;
+
+        /// <inheritdoc/>
+        public string TokenName { get; set; } = "QuickConnect";
+
+        /// <inheritdoc/>
+        public QuickConnectState State { get; private set; } = QuickConnectState.Unavailable;
+
+        /// <inheritdoc/>
+        public int Timeout { get; set; } = 5;
+
+        private DateTime DateActivated { get; set; }
+
+        /// <inheritdoc/>
+        public void AssertActive()
+        {
+            if (State != QuickConnectState.Active)
+            {
+                throw new ArgumentException("Quick connect is not active on this server");
+            }
+        }
+
+        /// <inheritdoc/>
+        public void Activate()
+        {
+            DateActivated = DateTime.UtcNow;
+            SetState(QuickConnectState.Active);
+        }
+
+        /// <inheritdoc/>
+        public void SetState(QuickConnectState newState)
+        {
+            _logger.LogDebug("Changed quick connect state from {State} to {newState}", State, newState);
+
+            ExpireRequests(true);
+
+            State = newState;
+            _config.Configuration.QuickConnectAvailable = newState == QuickConnectState.Available || newState == QuickConnectState.Active;
+            _config.SaveConfiguration();
+
+            _logger.LogDebug("Configuration saved");
+        }
+
+        /// <inheritdoc/>
+        public QuickConnectResult TryConnect()
+        {
+            ExpireRequests();
+
+            if (State != QuickConnectState.Active)
+            {
+                _logger.LogDebug("Refusing quick connect initiation request, current state is {State}", State);
+                throw new AuthenticationException("Quick connect is not active on this server");
+            }
+
+            var code = GenerateCode();
+            var result = new QuickConnectResult()
+            {
+                Secret = GenerateSecureRandom(),
+                DateAdded = DateTime.UtcNow,
+                Code = code
+            };
+
+            _currentRequests[code] = result;
+            return result;
+        }
+
+        /// <inheritdoc/>
+        public QuickConnectResult CheckRequestStatus(string secret)
+        {
+            ExpireRequests();
+            AssertActive();
+
+            string code = _currentRequests.Where(x => x.Value.Secret == secret).Select(x => x.Value.Code).DefaultIfEmpty(string.Empty).First();
+
+            if (!_currentRequests.TryGetValue(code, out QuickConnectResult result))
+            {
+                throw new ResourceNotFoundException("Unable to find request with provided secret");
+            }
+
+            return result;
+        }
+
+        /// <inheritdoc/>
+        public string GenerateCode()
+        {
+            Span<byte> raw = stackalloc byte[4];
+
+            int min = (int)Math.Pow(10, CodeLength - 1);
+            int max = (int)Math.Pow(10, CodeLength);
+
+            uint scale = uint.MaxValue;
+            while (scale == uint.MaxValue)
+            {
+                _rng.GetBytes(raw);
+                scale = BitConverter.ToUInt32(raw);
+            }
+
+            int code = (int)(min + ((max - min) * (scale / (double)uint.MaxValue)));
+            return code.ToString(CultureInfo.InvariantCulture);
+        }
+
+        /// <inheritdoc/>
+        public bool AuthorizeRequest(Guid userId, string code)
+        {
+            ExpireRequests();
+            AssertActive();
+
+            if (!_currentRequests.TryGetValue(code, out QuickConnectResult result))
+            {
+                throw new ResourceNotFoundException("Unable to find request");
+            }
+
+            if (result.Authenticated)
+            {
+                throw new InvalidOperationException("Request is already authorized");
+            }
+
+            result.Authentication = Guid.NewGuid().ToString("N", CultureInfo.InvariantCulture);
+
+            // Change the time on the request so it expires one minute into the future. It can't expire immediately as otherwise some clients wouldn't ever see that they have been authenticated.
+            var added = result.DateAdded ?? DateTime.UtcNow.Subtract(TimeSpan.FromMinutes(Timeout));
+            result.DateAdded = added.Subtract(TimeSpan.FromMinutes(Timeout - 1));
+
+            _authenticationRepository.Create(new AuthenticationInfo
+            {
+                AppName = TokenName,
+                AccessToken = result.Authentication,
+                DateCreated = DateTime.UtcNow,
+                DeviceId = _appHost.SystemId,
+                DeviceName = _appHost.FriendlyName,
+                AppVersion = _appHost.ApplicationVersionString,
+                UserId = userId
+            });
+
+            _logger.LogDebug("Authorizing device with code {Code} to login as user {userId}", code, userId);
+
+            return true;
+        }
+
+        /// <inheritdoc/>
+        public int DeleteAllDevices(Guid user)
+        {
+            var raw = _authenticationRepository.Get(new AuthenticationInfoQuery()
+            {
+                DeviceId = _appHost.SystemId,
+                UserId = user
+            });
+
+            var tokens = raw.Items.Where(x => x.AppName.StartsWith(TokenName, StringComparison.Ordinal));
+
+            var removed = 0;
+            foreach (var token in tokens)
+            {
+                _authenticationRepository.Delete(token);
+                _logger.LogDebug("Deleted token {AccessToken}", token.AccessToken);
+                removed++;
+            }
+
+            return removed;
+        }
+
+        /// <summary>
+        /// Dispose.
+        /// </summary>
+        public void Dispose()
+        {
+            Dispose(true);
+            GC.SuppressFinalize(this);
+        }
+
+        /// <summary>
+        /// Dispose.
+        /// </summary>
+        /// <param name="disposing">Dispose unmanaged resources.</param>
+        protected virtual void Dispose(bool disposing)
+        {
+            if (disposing)
+            {
+                _rng?.Dispose();
+            }
+        }
+
+        private string GenerateSecureRandom(int length = 32)
+        {
+            Span<byte> bytes = stackalloc byte[length];
+            _rng.GetBytes(bytes);
+
+            return Hex.Encode(bytes);
+        }
+
+        /// <inheritdoc/>
+        public void ExpireRequests(bool expireAll = false)
+        {
+            // Check if quick connect should be deactivated
+            if (State == QuickConnectState.Active && DateTime.UtcNow > DateActivated.AddMinutes(Timeout) && !expireAll)
+            {
+                _logger.LogDebug("Quick connect time expired, deactivating");
+                SetState(QuickConnectState.Available);
+                expireAll = true;
+            }
+
+            // Expire stale connection requests
+            var code = string.Empty;
+            var values = _currentRequests.Values.ToList();
+
+            for (int i = 0; i < values.Count; i++)
+            {
+                var added = values[i].DateAdded ?? DateTime.UnixEpoch;
+                if (DateTime.UtcNow > added.AddMinutes(Timeout) || expireAll)
+                {
+                    code = values[i].Code;
+                    _logger.LogDebug("Removing expired request {code}", code);
+
+                    if (!_currentRequests.TryRemove(code, out _))
+                    {
+                        _logger.LogWarning("Request {code} already expired", code);
+                    }
+                }
+            }
+        }
+
+        private void ReloadConfiguration()
+        {
+            State = _config.Configuration.QuickConnectAvailable ? QuickConnectState.Available : QuickConnectState.Unavailable;
+        }
+    }
+}
diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs
index dad414142..ca8e0e29b 100644
--- a/Emby.Server.Implementations/Session/SessionManager.cs
+++ b/Emby.Server.Implementations/Session/SessionManager.cs
@@ -1429,6 +1429,24 @@ namespace Emby.Server.Implementations.Session
             return AuthenticateNewSessionInternal(request, false);
         }
 
+        public Task<AuthenticationResult> AuthenticateQuickConnect(AuthenticationRequest request, string token)
+        {
+            var result = _authRepo.Get(new AuthenticationInfoQuery()
+            {
+                AccessToken = token,
+                DeviceId = _appHost.SystemId,
+                Limit = 1
+            });
+
+            if (result.TotalRecordCount == 0)
+            {
+                throw new SecurityException("Unknown quick connect token");
+            }
+
+            request.UserId = result.Items[0].UserId;
+            return AuthenticateNewSessionInternal(request, false);
+        }
+
         private async Task<AuthenticationResult> AuthenticateNewSessionInternal(AuthenticationRequest request, bool enforcePassword)
         {
             CheckDisposed();