aboutsummaryrefslogtreecommitdiff
path: root/Emby.Server.Implementations
diff options
context:
space:
mode:
Diffstat (limited to 'Emby.Server.Implementations')
-rw-r--r--Emby.Server.Implementations/ApplicationHost.cs58
-rw-r--r--Emby.Server.Implementations/Emby.Server.Implementations.csproj5
-rw-r--r--Emby.Server.Implementations/HttpServer/Security/AuthService.cs17
-rw-r--r--Emby.Server.Implementations/MvcRoutePrefix.cs2
4 files changed, 64 insertions, 18 deletions
diff --git a/Emby.Server.Implementations/ApplicationHost.cs b/Emby.Server.Implementations/ApplicationHost.cs
index 3d2d61225..9227ef61b 100644
--- a/Emby.Server.Implementations/ApplicationHost.cs
+++ b/Emby.Server.Implementations/ApplicationHost.cs
@@ -47,6 +47,10 @@ using Emby.Server.Implementations.Session;
using Emby.Server.Implementations.SocketSharp;
using Emby.Server.Implementations.TV;
using Emby.Server.Implementations.Updates;
+using Jellyfin.Api.Auth;
+using Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy;
+using Jellyfin.Api.Auth.RequiresElevationPolicy;
+using Jellyfin.Api.Controllers;
using MediaBrowser.Api;
using MediaBrowser.Common;
using MediaBrowser.Common.Configuration;
@@ -104,11 +108,14 @@ using MediaBrowser.Providers.Subtitles;
using MediaBrowser.Providers.TV.TheTVDB;
using MediaBrowser.WebDashboard.Api;
using MediaBrowser.XbmcMetadata.Providers;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Extensions;
using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
@@ -660,25 +667,45 @@ namespace Emby.Server.Implementations
services.AddHttpContextAccessor();
services.AddMvc(opts =>
{
- opts.UseGeneralRoutePrefix("emby", "emby/emby", "api/v{version:apiVersion}");
+ var policy = new AuthorizationPolicyBuilder()
+ .RequireAuthenticatedUser()
+ .Build();
+ opts.Filters.Add(new AuthorizeFilter(policy));
+ opts.EnableEndpointRouting = false;
+ opts.UseGeneralRoutePrefix(ServerConfigurationManager.Configuration.BaseUrl.TrimStart('/'));
})
.SetCompatibilityVersion(CompatibilityVersion.Version_2_2)
- .AddApplicationPart(Assembly.Load("Jellyfin.Api"));
- services.AddApiVersioning(opt => opt.ReportApiVersions = true);
+ .ConfigureApplicationPartManager(a => a.ApplicationParts.Clear()) // Clear app parts to avoid other assemblies being picked up
+ .AddApplicationPart(typeof(StartupController).Assembly)
+ .AddControllersAsServices();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "Jellyfin API", Version = "v1" });
- c.DocInclusionPredicate((docName, apiDesc) =>
- {
- if (!apiDesc.TryGetMethodInfo(out var methodInfo))
- {
- return false;
- }
+ });
+
+ services.AddSingleton<IAuthorizationHandler, FirstTimeSetupOrElevatedHandler>();
+ services.AddSingleton<IAuthorizationHandler, RequiresElevationHandler>();
- // A bit of a hack to make Swagger pick the versioned endpoints instead of the legacy emby endpoints
- return methodInfo.DeclaringType?.BaseType == typeof(ControllerBase) &&
- apiDesc.RelativePath.Contains("api/v");
- });
+ // configure custom legacy authentication
+ services.AddAuthentication("CustomAuthentication")
+ .AddScheme<AuthenticationSchemeOptions, CustomAuthenticationHandler>("CustomAuthentication", null);
+
+ services.AddAuthorizationCore(options =>
+ {
+ options.AddPolicy(
+ "RequiresElevation",
+ policy =>
+ {
+ policy.AddAuthenticationSchemes("CustomAuthentication");
+ policy.AddRequirements(new RequiresElevationRequirement());
+ });
+ options.AddPolicy(
+ "FirstTimeSetupOrElevated",
+ policy =>
+ {
+ policy.AddAuthenticationSchemes("CustomAuthentication");
+ policy.AddRequirements(new FirstTimeSetupOrElevatedRequirement());
+ });
});
// Merge the external ServiceCollection into ASP.NET DI
@@ -686,6 +713,7 @@ namespace Emby.Server.Implementations
})
.Configure(app =>
{
+ app.UseDeveloperExceptionPage();
app.UseSwagger();
// Enable middleware to serve swagger-ui (HTML, JS, CSS, etc.),
@@ -698,9 +726,9 @@ namespace Emby.Server.Implementations
app.UseWebSockets();
app.UseResponseCompression();
-
// TODO app.UseMiddleware<WebSocketMiddleware>();
app.Use(ExecuteWebsocketHandlerAsync);
+ //app.UseAuthentication();
app.UseMvc();
app.Use(ExecuteHttpHandlerAsync);
})
@@ -938,7 +966,7 @@ namespace Emby.Server.Implementations
serviceCollection.AddSingleton<IAuthorizationContext>(authContext);
serviceCollection.AddSingleton<ISessionContext>(new SessionContext(UserManager, authContext, SessionManager));
- AuthService = new AuthService(authContext, ServerConfigurationManager, SessionManager, NetworkManager);
+ AuthService = new AuthService(LoggerFactory, authContext, ServerConfigurationManager, SessionManager, NetworkManager);
serviceCollection.AddSingleton(AuthService);
SubtitleEncoder = new MediaBrowser.MediaEncoding.Subtitles.SubtitleEncoder(LibraryManager, LoggerFactory, ApplicationPaths, FileSystemManager, MediaEncoder, JsonSerializer, HttpClient, MediaSourceManager, ProcessFactory);
diff --git a/Emby.Server.Implementations/Emby.Server.Implementations.csproj b/Emby.Server.Implementations/Emby.Server.Implementations.csproj
index 26301b379..e7164342c 100644
--- a/Emby.Server.Implementations/Emby.Server.Implementations.csproj
+++ b/Emby.Server.Implementations/Emby.Server.Implementations.csproj
@@ -21,6 +21,9 @@
<ItemGroup>
<PackageReference Include="IPNetwork2" Version="2.4.0.126" />
+ <PackageReference Include="Microsoft.AspNetCore.Authentication" Version="2.2.0" />
+ <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="3.0.0" />
+ <PackageReference Include="Microsoft.AspNetCore.Authorization.Policy" Version="2.2.0" />
<PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="2.2.0" />
<PackageReference Include="Microsoft.AspNetCore.Hosting" Version="2.2.7" />
<PackageReference Include="Microsoft.AspNetCore.Hosting.Abstractions" Version="2.2.0" />
@@ -38,7 +41,7 @@
<PackageReference Include="ServiceStack.Text.Core" Version="5.6.0" />
<PackageReference Include="sharpcompress" Version="0.24.0" />
<PackageReference Include="SQLitePCL.pretty.netstandard" Version="2.0.1" />
- <PackageReference Include="Swashbuckle.AspNetCore" Version="5.0.0-rc2" />
+ <PackageReference Include="Swashbuckle.AspNetCore" Version="5.0.0-rc4" />
</ItemGroup>
<ItemGroup>
diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
index 93a61fe67..81dab83d5 100644
--- a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
@@ -1,5 +1,6 @@
using System;
using System.Linq;
+using Emby.Server.Implementations.SocketSharp;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Entities;
@@ -7,22 +8,27 @@ using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Security;
using MediaBrowser.Controller.Session;
using MediaBrowser.Model.Services;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
namespace Emby.Server.Implementations.HttpServer.Security
{
public class AuthService : IAuthService
{
+ private readonly ILogger<AuthService> _logger;
private readonly IAuthorizationContext _authorizationContext;
private readonly ISessionManager _sessionManager;
private readonly IServerConfigurationManager _config;
private readonly INetworkManager _networkManager;
public AuthService(
+ ILoggerFactory loggerFactory,
IAuthorizationContext authorizationContext,
IServerConfigurationManager config,
ISessionManager sessionManager,
INetworkManager networkManager)
{
+ _logger = loggerFactory.CreateLogger<AuthService>();
_authorizationContext = authorizationContext;
_config = config;
_sessionManager = sessionManager;
@@ -34,7 +40,14 @@ namespace Emby.Server.Implementations.HttpServer.Security
ValidateUser(request, authAttribtues);
}
- private void ValidateUser(IRequest request, IAuthenticationAttributes authAttribtues)
+ public User Authenticate(HttpRequest request, IAuthenticationAttributes authAttributes)
+ {
+ var req = new WebSocketSharpRequest(request, null, request.Path, _logger);
+ var user = ValidateUser(req, authAttributes);
+ return user;
+ }
+
+ private User ValidateUser(IRequest request, IAuthenticationAttributes authAttribtues)
{
// This code is executed before the service
var auth = _authorizationContext.GetAuthorizationInfo(request);
@@ -81,6 +94,8 @@ namespace Emby.Server.Implementations.HttpServer.Security
request.RemoteIp,
user);
}
+
+ return user;
}
private void ValidateUserAccess(
diff --git a/Emby.Server.Implementations/MvcRoutePrefix.cs b/Emby.Server.Implementations/MvcRoutePrefix.cs
index fb26ae09d..974a2a885 100644
--- a/Emby.Server.Implementations/MvcRoutePrefix.cs
+++ b/Emby.Server.Implementations/MvcRoutePrefix.cs
@@ -12,7 +12,7 @@ namespace Emby.Server.Implementations
opts.Conventions.Insert(0, new RoutePrefixConvention(prefixes));
}
- internal class RoutePrefixConvention : IApplicationModelConvention
+ private class RoutePrefixConvention : IApplicationModelConvention
{
private readonly AttributeRouteModel[] _routePrefixes;
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-07 03:08:00 +0000