6 files changed, 23 insertions, 29 deletions

diff --git a/Jellyfin.Api/Auth/LocalNetworkAccessPolicy/LocalNetworkAccessHandler.cs b/Jellyfin.Api/Auth/AnonymousLanAccessPolicy/AnonymousLanAccessHandler.cs
index d691c5594..b2b0e08a8 100644
--- a/Jellyfin.Api/Auth/LocalNetworkAccessPolicy/LocalNetworkAccessHandler.cs
+++ b/Jellyfin.Api/Auth/AnonymousLanAccessPolicy/AnonymousLanAccessHandler.cs
@@ -1,37 +1,38 @@
 using System.Threading.Tasks;
 using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 
-namespace Jellyfin.Api.Auth.LocalNetworkAccessPolicy
+namespace Jellyfin.Api.Auth.AnonymousLanAccessPolicy
 {
     /// <summary>
     /// Local access handler.
     /// </summary>
-    public class LocalNetworkAccessHandler : BaseAuthorizationHandler<LocalNetworkAccessRequirement>
+    public class AnonymousLanAccessHandler : AuthorizationHandler<AnonymousLanAccessRequirement>
     {
+        private readonly INetworkManager _networkManager;
+        private readonly IHttpContextAccessor _httpContextAccessor;
+
         /// <summary>
-        /// Initializes a new instance of the <see cref="LocalNetworkAccessHandler"/> class.
+        /// Initializes a new instance of the <see cref="AnonymousLanAccessHandler"/> class.
         /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
         /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
         /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public LocalNetworkAccessHandler(
-            IUserManager userManager,
+        public AnonymousLanAccessHandler(
             INetworkManager networkManager,
             IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
         {
+            _networkManager = networkManager;
+            _httpContextAccessor = httpContextAccessor;
         }
 
         /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, LocalNetworkAccessRequirement requirement)
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AnonymousLanAccessRequirement requirement)
         {
-            var ip = HttpContextAccessor.HttpContext?.Connection.RemoteIpAddress;
+            var ip = _httpContextAccessor.HttpContext?.Connection.RemoteIpAddress;
 
             // Loopback will be on LAN, so we can accept null.
-            if (ip == null || NetworkManager.IsInLocalNetwork(ip))
+            if (ip == null || _networkManager.IsInLocalNetwork(ip))
             {
                 context.Succeed(requirement);
             }
diff --git a/Jellyfin.Api/Auth/LocalNetworkAccessPolicy/LocalNetworkAccessRequirement.cs b/Jellyfin.Api/Auth/AnonymousLanAccessPolicy/AnonymousLanAccessRequirement.cs
index 29ca9c355..269ecf2a4 100644
--- a/Jellyfin.Api/Auth/LocalNetworkAccessPolicy/LocalNetworkAccessRequirement.cs
+++ b/Jellyfin.Api/Auth/AnonymousLanAccessPolicy/AnonymousLanAccessRequirement.cs
@@ -1,11 +1,11 @@
 using Microsoft.AspNetCore.Authorization;
 
-namespace Jellyfin.Api.Auth.LocalNetworkAccessPolicy
+namespace Jellyfin.Api.Auth.AnonymousLanAccessPolicy
 {
     /// <summary>
     /// The local network authorization requirement.
     /// </summary>
-    public class LocalNetworkAccessRequirement : IAuthorizationRequirement
+    public class AnonymousLanAccessRequirement : IAuthorizationRequirement
     {
     }
 }
diff --git a/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs b/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
index 62d590b18..13d3257df 100644
--- a/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
+++ b/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
@@ -37,16 +37,6 @@ namespace Jellyfin.Api.Auth
         }
 
         /// <summary>
-        /// Gets a value indicating <see cref="INetworkManager"/> being used.
-        /// </summary>
-        protected INetworkManager NetworkManager => _networkManager;
-
-        /// <summary>
-        /// Gets a value indicating the <see cref="HttpContextAccessor"/> being used.
-        /// </summary>
-        protected IHttpContextAccessor HttpContextAccessor => _httpContextAccessor;
-
-        /// <summary>
         /// Validate authenticated claims.
         /// </summary>
         /// <param name="claimsPrincipal">Request claims.</param>
diff --git a/Jellyfin.Api/Constants/Policies.cs b/Jellyfin.Api/Constants/Policies.cs
index b176bfa32..a72eeea28 100644
--- a/Jellyfin.Api/Constants/Policies.cs
+++ b/Jellyfin.Api/Constants/Policies.cs
@@ -46,9 +46,9 @@ namespace Jellyfin.Api.Constants
         public const string LocalAccessOrRequiresElevation = "LocalAccessOrRequiresElevation";
 
         /// <summary>
-        /// Policy name for requiring local LAN access.
+        /// Policy name for requiring (anonymous) LAN access.
         /// </summary>
-        public const string LocalNetworkAccessPolicy = "LocalNetworkAccessPolicy";
+        public const string AnonymousLanAccessPolicy = "AnonymousLanAccessPolicy";
 
         /// <summary>
         /// Policy name for escaping schedule controls or requiring first time setup.
diff --git a/Jellyfin.Api/Controllers/DlnaServerController.cs b/Jellyfin.Api/Controllers/DlnaServerController.cs
index 694d16ad9..4e8c01577 100644
--- a/Jellyfin.Api/Controllers/DlnaServerController.cs
+++ b/Jellyfin.Api/Controllers/DlnaServerController.cs
@@ -7,7 +7,9 @@ using System.Threading.Tasks;
 using Emby.Dlna;
 using Emby.Dlna.Main;
 using Jellyfin.Api.Attributes;
+using Jellyfin.Api.Constants;
 using MediaBrowser.Controller.Dlna;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
@@ -17,6 +19,7 @@ namespace Jellyfin.Api.Controllers
     /// Dlna Server Controller.
     /// </summary>
     [Route("Dlna")]
+    [Authorize(Policy = Policies.AnonymousLanAccessPolicy)]
     public class DlnaServerController : BaseJellyfinApiController
     {
         private readonly IDlnaManager _dlnaManager;
diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
index 909f6b248..b5444634b 100644
--- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
@@ -7,6 +7,7 @@ using System.Net.Sockets;
 using System.Reflection;
 using Emby.Server.Implementations;
 using Jellyfin.Api.Auth;
+using Jellyfin.Api.Auth.AnonymousLanAccessPolicy;
 using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
 using Jellyfin.Api.Auth.DownloadPolicy;
 using Jellyfin.Api.Auth.FirstTimeOrIgnoreParentalControlSetupPolicy;
@@ -15,7 +16,6 @@ using Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy;
 using Jellyfin.Api.Auth.IgnoreParentalControlPolicy;
 using Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy;
 using Jellyfin.Api.Auth.LocalAccessPolicy;
-using Jellyfin.Api.Auth.LocalNetworkAccessPolicy;
 using Jellyfin.Api.Auth.RequiresElevationPolicy;
 using Jellyfin.Api.Auth.SyncPlayAccessPolicy;
 using Jellyfin.Api.Constants;
@@ -62,7 +62,7 @@ namespace Jellyfin.Server.Extensions
             serviceCollection.AddSingleton<IAuthorizationHandler, IgnoreParentalControlHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeOrIgnoreParentalControlSetupHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, LocalAccessHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, LocalNetworkAccessHandler>();
+            serviceCollection.AddSingleton<IAuthorizationHandler, AnonymousLanAccessHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, LocalAccessOrRequiresElevationHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, RequiresElevationHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, SyncPlayAccessHandler>();
@@ -160,11 +160,11 @@ namespace Jellyfin.Server.Extensions
                         policy.AddRequirements(new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.IsInGroup));
                     });
                 options.AddPolicy(
-                    Policies.LocalNetworkAccessPolicy,
+                    Policies.AnonymousLanAccessPolicy,
                     policy =>
                     {
                         policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new LocalNetworkAccessRequirement());
+                        policy.AddRequirements(new AnonymousLanAccessRequirement());
                     });
             });
         }