diff options
| author | Joshua M. Boniface <joshua@boniface.me> | 2020-11-22 01:11:02 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-11-22 01:11:02 -0500 |
| commit | a57b99bffdf40067465a0dda920fab23ceda1451 (patch) | |
| tree | 003df6bc0da24bdddeefc8366120cb4d20fc6933 /Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs | |
| parent | c1db8869f06105b13f93f15d12061ada523dbb78 (diff) | |
| parent | 2c9e355e428e1498d4dc3bce844917a1a0333284 (diff) | |
Merge pull request #4125 from BaronGreenback/NetworkPR2
Networking 2 (Cumulative PR) - Swapping over to new NetworkManager
Diffstat (limited to 'Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs')
| -rw-r--r-- | Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs | 41 |
1 files changed, 21 insertions, 20 deletions
diff --git a/Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs b/Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs index 4bda8f273..525cd9ffe 100644 --- a/Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs +++ b/Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs @@ -1,5 +1,6 @@ -using System.Linq; +using System.Net; using System.Threading.Tasks; +using Jellyfin.Networking.Configuration; using MediaBrowser.Common.Extensions; using MediaBrowser.Common.Net; using MediaBrowser.Controller.Configuration; @@ -34,40 +35,40 @@ namespace Jellyfin.Server.Middleware { if (httpContext.IsLocal()) { + // Running locally. await _next(httpContext).ConfigureAwait(false); return; } - var remoteIp = httpContext.GetNormalizedRemoteIp(); + var remoteIp = httpContext.Connection.RemoteIpAddress ?? IPAddress.Loopback; - if (serverConfigurationManager.Configuration.EnableRemoteAccess) + if (serverConfigurationManager.GetNetworkConfiguration().EnableRemoteAccess) { - var addressFilter = serverConfigurationManager.Configuration.RemoteIPFilter.Where(i => !string.IsNullOrWhiteSpace(i)).ToArray(); + // Comma separated list of IP addresses or IP/netmask entries for networks that will be allowed to connect remotely. + // If left blank, all remote addresses will be allowed. + var remoteAddressFilter = networkManager.RemoteAddressFilter; - if (addressFilter.Length > 0 && !networkManager.IsInLocalNetwork(remoteIp)) + if (remoteAddressFilter.Count > 0 && !networkManager.IsInLocalNetwork(remoteIp)) { - if (serverConfigurationManager.Configuration.IsRemoteIPFilterBlacklist) + // remoteAddressFilter is a whitelist or blacklist. + bool isListed = remoteAddressFilter.ContainsAddress(remoteIp); + if (!serverConfigurationManager.GetNetworkConfiguration().IsRemoteIPFilterBlacklist) { - if (networkManager.IsAddressInSubnets(remoteIp, addressFilter)) - { - return; - } + // Black list, so flip over. + isListed = !isListed; } - else + + if (!isListed) { - if (!networkManager.IsAddressInSubnets(remoteIp, addressFilter)) - { - return; - } + // If your name isn't on the list, you arn't coming in. + return; } } } - else + else if (!networkManager.IsInLocalNetwork(remoteIp)) { - if (!networkManager.IsInLocalNetwork(remoteIp)) - { - return; - } + // Remote not enabled. So everyone should be LAN. + return; } await _next(httpContext).ConfigureAwait(false); |