5 files changed, 59 insertions, 14 deletions

diff --git a/Jellyfin.Api/Controllers/ClientLogController.cs b/Jellyfin.Api/Controllers/ClientLogController.cs
index 9fe3bf731..aac3f6a73 100644
--- a/Jellyfin.Api/Controllers/ClientLogController.cs
+++ b/Jellyfin.Api/Controllers/ClientLogController.cs
@@ -1,7 +1,11 @@
-using System.Threading.Tasks;
+using System.Net.Mime;
+using System.Threading.Tasks;
+using Jellyfin.Api.Attributes;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Models.ClientLogDtos;
 using MediaBrowser.Controller.ClientEvent;
+using MediaBrowser.Controller.Configuration;
+using MediaBrowser.Controller.Net;
 using MediaBrowser.Model.ClientLog;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
@@ -15,15 +19,25 @@ namespace Jellyfin.Api.Controllers
     [Authorize(Policy = Policies.DefaultAuthorization)]
     public class ClientLogController : BaseJellyfinApiController
     {
+        private const int MaxDocumentSize = 1_000_000;
         private readonly IClientEventLogger _clientEventLogger;
+        private readonly IAuthorizationContext _authorizationContext;
+        private readonly IServerConfigurationManager _serverConfigurationManager;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="ClientLogController"/> class.
         /// </summary>
         /// <param name="clientEventLogger">Instance of the <see cref="IClientEventLogger"/> interface.</param>
-        public ClientLogController(IClientEventLogger clientEventLogger)
+        /// <param name="authorizationContext">Instance of the <see cref="IAuthorizationContext"/> interface.</param>
+        /// <param name="serverConfigurationManager">Instance of the <see cref="IServerConfigurationManager"/> interface.</param>
+        public ClientLogController(
+            IClientEventLogger clientEventLogger,
+            IAuthorizationContext authorizationContext,
+            IServerConfigurationManager serverConfigurationManager)
         {
             _clientEventLogger = clientEventLogger;
+            _authorizationContext = authorizationContext;
+            _serverConfigurationManager = serverConfigurationManager;
         }
 
         /// <summary>
@@ -36,6 +50,11 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult LogEvent([FromBody] ClientLogEventDto clientLogEventDto)
         {
+            if (!_serverConfigurationManager.Configuration.AllowClientLogUpload)
+            {
+                return Forbid();
+            }
+
             Log(clientLogEventDto);
             return NoContent();
         }
@@ -50,6 +69,11 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult LogEvents([FromBody] ClientLogEventDto[] clientLogEventDtos)
         {
+            if (!_serverConfigurationManager.Configuration.AllowClientLogUpload)
+            {
+                return Forbid();
+            }
+
             foreach (var dto in clientLogEventDtos)
             {
                 Log(dto);
@@ -59,15 +83,30 @@ namespace Jellyfin.Api.Controllers
         }
 
         /// <summary>
-        /// Upload a log file.
+        /// Upload a document.
         /// </summary>
-        /// <param name="file">The file.</param>
         /// <returns>Submission status.</returns>
-        [HttpPost("File")]
+        [HttpPost("Document")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public async Task<ActionResult> LogFile(IFormFile file)
+        [AcceptsFile(MediaTypeNames.Text.Plain)]
+        [RequestSizeLimit(MaxDocumentSize)]
+        public async Task<ActionResult> LogFile()
         {
-            await _clientEventLogger.WriteFileAsync(file.FileName, file.OpenReadStream())
+            if (!_serverConfigurationManager.Configuration.AllowClientLogUpload)
+            {
+                return Forbid();
+            }
+
+            if (Request.ContentLength > MaxDocumentSize)
+            {
+                // Manually validate to return proper status code.
+                return StatusCode(StatusCodes.Status413PayloadTooLarge, $"Payload must be less than {MaxDocumentSize:N0} bytes");
+            }
+
+            var authorizationInfo = await _authorizationContext.GetAuthorizationInfo(Request)
+                .ConfigureAwait(false);
+
+            await _clientEventLogger.WriteDocumentAsync(authorizationInfo, Request.Body)
                 .ConfigureAwait(false);
             return NoContent();
         }
diff --git a/MediaBrowser.Controller/ClientEvent/ClientEventLogger.cs b/MediaBrowser.Controller/ClientEvent/ClientEventLogger.cs
index bdc1a7eff..61f7adff3 100644
--- a/MediaBrowser.Controller/ClientEvent/ClientEventLogger.cs
+++ b/MediaBrowser.Controller/ClientEvent/ClientEventLogger.cs
@@ -1,6 +1,7 @@
 using System;
 using System.IO;
 using System.Threading.Tasks;
+using MediaBrowser.Controller.Net;
 using MediaBrowser.Model.ClientLog;
 using Microsoft.Extensions.Logging;
 
@@ -43,10 +44,9 @@ namespace MediaBrowser.Controller.ClientEvent
         }
 
         /// <inheritdoc />
-        public async Task WriteFileAsync(string fileName, Stream fileContents)
+        public async Task WriteDocumentAsync(AuthorizationInfo authorizationInfo, Stream fileContents)
         {
-            // Force naming convention: upload_YYYYMMDD_$name
-            fileName = $"upload_{DateTime.UtcNow:yyyyMMdd}_{fileName}";
+            var fileName = $"upload_{authorizationInfo.Client}_{authorizationInfo.Version}_{DateTime.UtcNow:yyyyMMddHHmmss}.log";
             var logFilePath = Path.Combine(_applicationPaths.LogDirectoryPath, fileName);
             await using var fileStream = new FileStream(logFilePath, FileMode.CreateNew, FileAccess.Write, FileShare.None);
             await fileContents.CopyToAsync(fileStream).ConfigureAwait(false);
diff --git a/MediaBrowser.Controller/ClientEvent/IClientEventLogger.cs b/MediaBrowser.Controller/ClientEvent/IClientEventLogger.cs
index 7cd71a60d..ee8e5806b 100644
--- a/MediaBrowser.Controller/ClientEvent/IClientEventLogger.cs
+++ b/MediaBrowser.Controller/ClientEvent/IClientEventLogger.cs
@@ -1,5 +1,6 @@
 using System.IO;
 using System.Threading.Tasks;
+using MediaBrowser.Controller.Net;
 using MediaBrowser.Model.ClientLog;
 
 namespace MediaBrowser.Controller.ClientEvent
@@ -18,9 +19,9 @@ namespace MediaBrowser.Controller.ClientEvent
         /// <summary>
         /// Writes a file to the log directory.
         /// </summary>
-        /// <param name="fileName">The file name.</param>
-        /// <param name="fileContents">The file contents.</param>
+        /// <param name="authorizationInfo">The current authorization info.</param>
+        /// <param name="fileContents">The file contents to write.</param>
         /// <returns>A <see cref="Task"/> representing the asynchronous operation.</returns>
-        Task WriteFileAsync(string fileName, Stream fileContents);
+        Task WriteDocumentAsync(AuthorizationInfo authorizationInfo, Stream fileContents);
     }
 }
diff --git a/MediaBrowser.Model/ClientLog/ClientLogEvent.cs b/MediaBrowser.Model/ClientLog/ClientLogEvent.cs
index e4ee88145..21087b564 100644
--- a/MediaBrowser.Model/ClientLog/ClientLogEvent.cs
+++ b/MediaBrowser.Model/ClientLog/ClientLogEvent.cs
@@ -72,4 +72,4 @@ namespace MediaBrowser.Model.ClientLog
         /// </summary>
         public string Message { get; }
     }
-}
\ No newline at end of file
+}
diff --git a/MediaBrowser.Model/Configuration/ServerConfiguration.cs b/MediaBrowser.Model/Configuration/ServerConfiguration.cs
index d1e999666..37dc49d7a 100644
--- a/MediaBrowser.Model/Configuration/ServerConfiguration.cs
+++ b/MediaBrowser.Model/Configuration/ServerConfiguration.cs
@@ -459,5 +459,10 @@ namespace MediaBrowser.Model.Configuration
         /// Gets or sets a value indicating whether older plugins should automatically be deleted from the plugin folder.
         /// </summary>
         public bool RemoveOldPlugins { get; set; }
+
+        /// <summary>
+        /// Gets or sets a value indicating whether clients should be allowed to upload logs.
+        /// </summary>
+        public bool AllowClientLogUpload { get; set; }
     }
 }