Kill HttpListenerHost

author: Claus Vium <clausvium@gmail.com> 2020-09-03 11:32:22 +0200
committer: Claus Vium <clausvium@gmail.com> 2020-09-03 11:32:22 +0200
commit: 571d0570f5560bde79d21c33173742f6a31e24cf (patch)
tree: 7e88d0627175556948e25bcb80ca6c92583eb7f7 /Jellyfin.Server
parent: 6ff372a550383fdc81a895b5447dee7713ffbc6f (diff)
9 files changed, 432 insertions, 6 deletions
diff --git a/Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs b/Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs
index 745567703..33a8d7532 100644
--- a/Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs
@@ -1,3 +1,4 @@
+using Jellyfin.Server.Middleware;
 using MediaBrowser.Controller.Configuration;
 using Microsoft.AspNetCore.Builder;
 
@@ -46,5 +47,65 @@ namespace Jellyfin.Server.Extensions
                     c.RoutePrefix = $"{baseUrl}api-docs/redoc";
                 });
         }
+
+        /// <summary>
+        /// Adds IP based access validation to the application pipeline.
+        /// </summary>
+        /// <param name="appBuilder">The application builder.</param>
+        /// <returns>The updated application builder.</returns>
+        public static IApplicationBuilder UseIpBasedAccessValidation(this IApplicationBuilder appBuilder)
+        {
+            return appBuilder.UseMiddleware<IpBasedAccessValidationMiddleware>();
+        }
+
+        /// <summary>
+        /// Adds LAN based access filtering to the application pipeline.
+        /// </summary>
+        /// <param name="appBuilder">The application builder.</param>
+        /// <returns>The updated application builder.</returns>
+        public static IApplicationBuilder UseLanFiltering(this IApplicationBuilder appBuilder)
+        {
+            return appBuilder.UseMiddleware<LanFilteringMiddleware>();
+        }
+
+        /// <summary>
+        /// Adds CORS OPTIONS request handling to the application pipeline.
+        /// </summary>
+        /// <param name="appBuilder">The application builder.</param>
+        /// <returns>The updated application builder.</returns>
+        public static IApplicationBuilder UseCorsOptionsResponse(this IApplicationBuilder appBuilder)
+        {
+            return appBuilder.UseMiddleware<CorsOptionsResponseMiddleware>();
+        }
+
+        /// <summary>
+        /// Adds base url redirection to the application pipeline.
+        /// </summary>
+        /// <param name="appBuilder">The application builder.</param>
+        /// <returns>The updated application builder.</returns>
+        public static IApplicationBuilder UseBaseUrlRedirection(this IApplicationBuilder appBuilder)
+        {
+            return appBuilder.UseMiddleware<BaseUrlRedirectionMiddleware>();
+        }
+
+        /// <summary>
+        /// Adds a custom message during server startup to the application pipeline.
+        /// </summary>
+        /// <param name="appBuilder">The application builder.</param>
+        /// <returns>The updated application builder.</returns>
+        public static IApplicationBuilder UseServerStartupMessage(this IApplicationBuilder appBuilder)
+        {
+            return appBuilder.UseMiddleware<ServerStartupMessageMiddleware>();
+        }
+
+        /// <summary>
+        /// Adds a WebSocket request handler to the application pipeline.
+        /// </summary>
+        /// <param name="appBuilder">The application builder.</param>
+        /// <returns>The updated application builder.</returns>
+        public static IApplicationBuilder UseWebSocketHandler(this IApplicationBuilder appBuilder)
+        {
+            return appBuilder.UseMiddleware<WebSocketHandlerMiddleware>();
+        }
     }
 }
diff --git a/Jellyfin.Server/Middleware/BaseUrlRedirectionMiddleware.cs b/Jellyfin.Server/Middleware/BaseUrlRedirectionMiddleware.cs
new file mode 100644
index 000000000..9316737bd
--- /dev/null
+++ b/Jellyfin.Server/Middleware/BaseUrlRedirectionMiddleware.cs
@@ -0,0 +1,62 @@
+using System;
+using System.Threading.Tasks;
+using MediaBrowser.Controller.Configuration;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging;
+using ConfigurationExtensions = MediaBrowser.Controller.Extensions.ConfigurationExtensions;
+
+namespace Jellyfin.Server.Middleware
+{
+    /// <summary>
+    /// Redirect requests without baseurl prefix to the baseurl prefixed URL.
+    /// </summary>
+    public class BaseUrlRedirectionMiddleware
+    {
+        private readonly RequestDelegate _next;
+        private readonly ILogger<BaseUrlRedirectionMiddleware> _logger;
+        private readonly IConfiguration _configuration;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="BaseUrlRedirectionMiddleware"/> class.
+        /// </summary>
+        /// <param name="next">The next delegate in the pipeline.</param>
+        /// <param name="logger">The logger.</param>
+        /// <param name="configuration">The application configuration.</param>
+        public BaseUrlRedirectionMiddleware(
+            RequestDelegate next,
+            ILogger<BaseUrlRedirectionMiddleware> logger,
+            IConfiguration configuration)
+        {
+            _next = next;
+            _logger = logger;
+            _configuration = configuration;
+        }
+
+        /// <summary>
+        /// Executes the middleware action.
+        /// </summary>
+        /// <param name="httpContext">The current HTTP context.</param>
+        /// <param name="serverConfigurationManager">The server configuration manager.</param>
+        /// <returns>The async task.</returns>
+        public async Task Invoke(HttpContext httpContext, IServerConfigurationManager serverConfigurationManager)
+        {
+            var localPath = httpContext.Request.Path.ToString();
+            var baseUrlPrefix = serverConfigurationManager.Configuration.BaseUrl;
+
+            if (string.Equals(localPath, baseUrlPrefix + "/", StringComparison.OrdinalIgnoreCase)
+                || string.Equals(localPath, baseUrlPrefix, StringComparison.OrdinalIgnoreCase)
+                || string.Equals(localPath, "/", StringComparison.OrdinalIgnoreCase)
+                || string.IsNullOrEmpty(localPath)
+                || !localPath.StartsWith(baseUrlPrefix, StringComparison.OrdinalIgnoreCase))
+            {
+                // Always redirect back to the default path if the base prefix is invalid or missing
+                _logger.LogDebug("Normalizing an URL at {LocalPath}", localPath);
+                httpContext.Response.Redirect(baseUrlPrefix + "/" + _configuration[ConfigurationExtensions.DefaultRedirectKey]);
+                return;
+            }
+
+            await _next(httpContext).ConfigureAwait(false);
+        }
+    }
+}
diff --git a/Jellyfin.Server/Middleware/CorsOptionsResponseMiddleware.cs b/Jellyfin.Server/Middleware/CorsOptionsResponseMiddleware.cs
new file mode 100644
index 000000000..8214f8907
--- /dev/null
+++ b/Jellyfin.Server/Middleware/CorsOptionsResponseMiddleware.cs
@@ -0,0 +1,69 @@
+using System;
+using System.Collections.Generic;
+using System.Net.Mime;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Primitives;
+
+namespace Jellyfin.Server.Middleware
+{
+    /// <summary>
+    /// Middleware for handling OPTIONS requests.
+    /// </summary>
+    public class CorsOptionsResponseMiddleware
+    {
+        private readonly RequestDelegate _next;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="CorsOptionsResponseMiddleware"/> class.
+        /// </summary>
+        /// <param name="next">The next delegate in the pipeline.</param>
+        public CorsOptionsResponseMiddleware(RequestDelegate next)
+        {
+            _next = next;
+        }
+
+        /// <summary>
+        /// Executes the middleware action.
+        /// </summary>
+        /// <param name="httpContext">The current HTTP context.</param>
+        /// <returns>The async task.</returns>
+        public async Task Invoke(HttpContext httpContext)
+        {
+            if (string.Equals(httpContext.Request.Method, HttpMethods.Options, StringComparison.OrdinalIgnoreCase))
+            {
+                httpContext.Response.StatusCode = 200;
+                foreach (var (key, value) in GetDefaultCorsHeaders(httpContext))
+                {
+                    httpContext.Response.Headers.Add(key, value);
+                }
+
+                httpContext.Response.ContentType = MediaTypeNames.Text.Plain;
+                await httpContext.Response.WriteAsync(string.Empty, httpContext.RequestAborted).ConfigureAwait(false);
+                return;
+            }
+
+            await _next(httpContext).ConfigureAwait(false);
+        }
+
+        private static IDictionary<string, string> GetDefaultCorsHeaders(HttpContext httpContext)
+        {
+            var origin = httpContext.Request.Headers["Origin"];
+            if (origin == StringValues.Empty)
+            {
+                origin = httpContext.Request.Headers["Host"];
+                if (origin == StringValues.Empty)
+                {
+                    origin = "*";
+                }
+            }
+
+            var headers = new Dictionary<string, string>();
+            headers.Add("Access-Control-Allow-Origin", origin);
+            headers.Add("Access-Control-Allow-Credentials", "true");
+            headers.Add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, PATCH, OPTIONS");
+            headers.Add("Access-Control-Allow-Headers", "Content-Type, Authorization, Range, X-MediaBrowser-Token, X-Emby-Authorization, Cookie");
+            return headers;
+        }
+    }
+}
diff --git a/Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs b/Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs
new file mode 100644
index 000000000..59b5fb1ed
--- /dev/null
+++ b/Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs
@@ -0,0 +1,76 @@
+using System.Linq;
+using System.Threading.Tasks;
+using MediaBrowser.Common.Extensions;
+using MediaBrowser.Common.Net;
+using MediaBrowser.Controller.Configuration;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Server.Middleware
+{
+    /// <summary>
+    /// Validates the IP of requests coming from local networks wrt. remote access.
+    /// </summary>
+    public class IpBasedAccessValidationMiddleware
+    {
+        private readonly RequestDelegate _next;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="IpBasedAccessValidationMiddleware"/> class.
+        /// </summary>
+        /// <param name="next">The next delegate in the pipeline.</param>
+        public IpBasedAccessValidationMiddleware(RequestDelegate next)
+        {
+            _next = next;
+        }
+
+        /// <summary>
+        /// Executes the middleware action.
+        /// </summary>
+        /// <param name="httpContext">The current HTTP context.</param>
+        /// <param name="networkManager">The network manager.</param>
+        /// <param name="serverConfigurationManager">The server configuration manager.</param>
+        /// <returns>The async task.</returns>
+        public async Task Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
+        {
+            if (httpContext.Request.IsLocal())
+            {
+                await _next(httpContext).ConfigureAwait(false);
+                return;
+            }
+
+            var remoteIp = httpContext.Request.RemoteIp();
+
+            if (serverConfigurationManager.Configuration.EnableRemoteAccess)
+            {
+                var addressFilter = serverConfigurationManager.Configuration.RemoteIPFilter.Where(i => !string.IsNullOrWhiteSpace(i)).ToArray();
+
+                if (addressFilter.Length > 0 && !networkManager.IsInLocalNetwork(remoteIp))
+                {
+                    if (serverConfigurationManager.Configuration.IsRemoteIPFilterBlacklist)
+                    {
+                        if (networkManager.IsAddressInSubnets(remoteIp, addressFilter))
+                        {
+                            return;
+                        }
+                    }
+                    else
+                    {
+                        if (!networkManager.IsAddressInSubnets(remoteIp, addressFilter))
+                        {
+                            return;
+                        }
+                    }
+                }
+            }
+            else
+            {
+                if (!networkManager.IsInLocalNetwork(remoteIp))
+                {
+                    return;
+                }
+            }
+
+            await _next(httpContext).ConfigureAwait(false);
+        }
+    }
+}
diff --git a/Jellyfin.Server/Middleware/LanFilteringMiddleware.cs b/Jellyfin.Server/Middleware/LanFilteringMiddleware.cs
new file mode 100644
index 000000000..9d795145a
--- /dev/null
+++ b/Jellyfin.Server/Middleware/LanFilteringMiddleware.cs
@@ -0,0 +1,76 @@
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using MediaBrowser.Common.Net;
+using MediaBrowser.Controller.Configuration;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Server.Middleware
+{
+    /// <summary>
+    /// Validates the LAN host IP based on application configuration.
+    /// </summary>
+    public class LanFilteringMiddleware
+    {
+        private readonly RequestDelegate _next;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="LanFilteringMiddleware"/> class.
+        /// </summary>
+        /// <param name="next">The next delegate in the pipeline.</param>
+        public LanFilteringMiddleware(RequestDelegate next)
+        {
+            _next = next;
+        }
+
+        /// <summary>
+        /// Executes the middleware action.
+        /// </summary>
+        /// <param name="httpContext">The current HTTP context.</param>
+        /// <param name="networkManager">The network manager.</param>
+        /// <param name="serverConfigurationManager">The server configuration manager.</param>
+        /// <returns>The async task.</returns>
+        public async Task Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
+        {
+            var currentHost = httpContext.Request.Host.ToString();
+            var hosts = serverConfigurationManager
+                .Configuration
+                .LocalNetworkAddresses
+                .Select(NormalizeConfiguredLocalAddress)
+                .ToList();
+
+            if (hosts.Count == 0)
+            {
+                await _next(httpContext).ConfigureAwait(false);
+                return;
+            }
+
+            currentHost ??= string.Empty;
+
+            if (networkManager.IsInPrivateAddressSpace(currentHost))
+            {
+                hosts.Add("localhost");
+                hosts.Add("127.0.0.1");
+
+                if (hosts.All(i => currentHost.IndexOf(i, StringComparison.OrdinalIgnoreCase) == -1))
+                {
+                    return;
+                }
+            }
+
+            await _next(httpContext).ConfigureAwait(false);
+        }
+
+        private static string NormalizeConfiguredLocalAddress(string address)
+        {
+            var add = address.AsSpan().Trim('/');
+            int index = add.IndexOf('/');
+            if (index != -1)
+            {
+                add = add.Slice(index + 1);
+            }
+
+            return add.TrimStart('/').ToString();
+        }
+    }
+}
diff --git a/Jellyfin.Server/Middleware/ServerStartupMessageMiddleware.cs b/Jellyfin.Server/Middleware/ServerStartupMessageMiddleware.cs
new file mode 100644
index 000000000..4f347d6d3
--- /dev/null
+++ b/Jellyfin.Server/Middleware/ServerStartupMessageMiddleware.cs
@@ -0,0 +1,38 @@
+using System.Net.Mime;
+using System.Threading.Tasks;
+using MediaBrowser.Model.Globalization;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Server.Middleware
+{
+    /// <summary>
+    /// Shows a custom message during server startup.
+    /// </summary>
+    public class ServerStartupMessageMiddleware
+    {
+        private readonly RequestDelegate _next;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="ServerStartupMessageMiddleware"/> class.
+        /// </summary>
+        /// <param name="next">The next delegate in the pipeline.</param>
+        public ServerStartupMessageMiddleware(RequestDelegate next)
+        {
+            _next = next;
+        }
+
+        /// <summary>
+        /// Executes the middleware action.
+        /// </summary>
+        /// <param name="httpContext">The current HTTP context.</param>
+        /// <param name="localizationManager">The localization manager.</param>
+        /// <returns>The async task.</returns>
+        public async Task Invoke(HttpContext httpContext, ILocalizationManager localizationManager)
+        {
+            var message = localizationManager.GetLocalizedString("StartupEmbyServerIsLoading");
+            httpContext.Response.StatusCode = StatusCodes.Status503ServiceUnavailable;
+            httpContext.Response.ContentType = MediaTypeNames.Text.Html;
+            await httpContext.Response.WriteAsync(message, httpContext.RequestAborted).ConfigureAwait(false);
+        }
+    }
+}
diff --git a/Jellyfin.Server/Middleware/WebSocketHandlerMiddleware.cs b/Jellyfin.Server/Middleware/WebSocketHandlerMiddleware.cs
new file mode 100644
index 000000000..b7a5d2b34
--- /dev/null
+++ b/Jellyfin.Server/Middleware/WebSocketHandlerMiddleware.cs
@@ -0,0 +1,40 @@
+using System.Threading.Tasks;
+using MediaBrowser.Controller.Net;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Server.Middleware
+{
+    /// <summary>
+    /// Handles WebSocket requests.
+    /// </summary>
+    public class WebSocketHandlerMiddleware
+    {
+        private readonly RequestDelegate _next;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="WebSocketHandlerMiddleware"/> class.
+        /// </summary>
+        /// <param name="next">The next delegate in the pipeline.</param>
+        public WebSocketHandlerMiddleware(RequestDelegate next)
+        {
+            _next = next;
+        }
+
+        /// <summary>
+        /// Executes the middleware action.
+        /// </summary>
+        /// <param name="httpContext">The current HTTP context.</param>
+        /// <param name="webSocketManager">The WebSocket connection manager.</param>
+        /// <returns>The async task.</returns>
+        public async Task Invoke(HttpContext httpContext, IWebSocketManager webSocketManager)
+        {
+            if (!httpContext.WebSockets.IsWebSocketRequest)
+            {
+                await _next(httpContext).ConfigureAwait(false);
+                return;
+            }
+
+            await webSocketManager.WebSocketRequestHandler(httpContext).ConfigureAwait(false);
+        }
+    }
+}
diff --git a/Jellyfin.Server/Program.cs b/Jellyfin.Server/Program.cs
index 14cc5f4c2..b9a90f9db 100644
--- a/Jellyfin.Server/Program.cs
+++ b/Jellyfin.Server/Program.cs
@@ -11,7 +11,6 @@ using System.Threading;
 using System.Threading.Tasks;
 using CommandLine;
 using Emby.Server.Implementations;
-using Emby.Server.Implementations.HttpServer;
 using Emby.Server.Implementations.IO;
 using Emby.Server.Implementations.Networking;
 using Jellyfin.Api.Controllers;
@@ -28,6 +27,7 @@ using Microsoft.Extensions.Logging.Abstractions;
 using Serilog;
 using Serilog.Extensions.Logging;
 using SQLitePCL;
+using ConfigurationExtensions = MediaBrowser.Controller.Extensions.ConfigurationExtensions;
 using ILogger = Microsoft.Extensions.Logging.ILogger;
 
 namespace Jellyfin.Server
@@ -594,7 +594,7 @@ namespace Jellyfin.Server
             var inMemoryDefaultConfig = ConfigurationOptions.DefaultConfiguration;
             if (startupConfig != null && !startupConfig.HostWebClient())
             {
-                inMemoryDefaultConfig[HttpListenerHost.DefaultRedirectKey] = "api-docs/swagger";
+                inMemoryDefaultConfig[ConfigurationExtensions.DefaultRedirectKey] = "api-docs/swagger";
             }
 
             return config
diff --git a/Jellyfin.Server/Startup.cs b/Jellyfin.Server/Startup.cs
index 9316ab79e..80f679420 100644
--- a/Jellyfin.Server/Startup.cs
+++ b/Jellyfin.Server/Startup.cs
@@ -84,11 +84,9 @@ namespace Jellyfin.Server
         /// </summary>
         /// <param name="app">The application builder.</param>
         /// <param name="env">The webhost environment.</param>
-        /// <param name="serverApplicationHost">The server application host.</param>
         public void Configure(
             IApplicationBuilder app,
-            IWebHostEnvironment env,
-            IServerApplicationHost serverApplicationHost)
+            IWebHostEnvironment env)
         {
             if (env.IsDevelopment())
             {
@@ -120,7 +118,11 @@ namespace Jellyfin.Server
                 app.UseHttpMetrics();
             }
 
-            app.Use(serverApplicationHost.ExecuteHttpHandlerAsync);
+            app.UseLanFiltering();
+            app.UseIpBasedAccessValidation();
+            app.UseCorsOptionsResponse();
+            app.UseBaseUrlRedirection();
+            app.UseWebSocketHandler();
 
             app.UseEndpoints(endpoints =>
             {
@@ -131,6 +133,8 @@ namespace Jellyfin.Server
                 }
             });
 
+            app.UseServerStartupMessage();
+
             // Add type descriptor for legacy datetime parsing.
             TypeDescriptor.AddAttributes(typeof(DateTime?), new TypeConverterAttribute(typeof(DateTimeTypeConverter)));
         }
author	Claus Vium <clausvium@gmail.com>	2020-09-03 11:32:22 +0200
committer	Claus Vium <clausvium@gmail.com>	2020-09-03 11:32:22 +0200
commit	571d0570f5560bde79d21c33173742f6a31e24cf (patch)
tree	7e88d0627175556948e25bcb80ca6c92583eb7f7 /Jellyfin.Server
parent	6ff372a550383fdc81a895b5447dee7713ffbc6f (diff)