4 files changed, 281 insertions, 5 deletions

diff --git a/Jellyfin.Server/CoreAppHost.cs b/Jellyfin.Server/CoreAppHost.cs
index 331a32c73..fe07411a6 100644
--- a/Jellyfin.Server/CoreAppHost.cs
+++ b/Jellyfin.Server/CoreAppHost.cs
@@ -7,8 +7,10 @@ using Emby.Server.Implementations;
 using Jellyfin.Drawing.Skia;
 using Jellyfin.Server.Implementations;
 using Jellyfin.Server.Implementations.Activity;
+using Jellyfin.Server.Implementations.Users;
 using MediaBrowser.Common.Net;
 using MediaBrowser.Controller.Drawing;
+using MediaBrowser.Controller.Library;
 using MediaBrowser.Model.Activity;
 using MediaBrowser.Model.IO;
 using Microsoft.EntityFrameworkCore;
@@ -63,12 +65,15 @@ namespace Jellyfin.Server
 
             // TODO: Set up scoping and use AddDbContextPool
             serviceCollection.AddDbContext<JellyfinDb>(
-                    options => options.UseSqlite($"Filename={Path.Combine(ApplicationPaths.DataPath, "jellyfin.db")}"),
-                    ServiceLifetime.Transient);
+                options => options
+                    .UseSqlite($"Filename={Path.Combine(ApplicationPaths.DataPath, "jellyfin.db")}")
+                    .UseLazyLoadingProxies(),
+                ServiceLifetime.Transient);
 
             serviceCollection.AddSingleton<JellyfinDbProvider>();
 
             serviceCollection.AddSingleton<IActivityManager, ActivityManager>();
+            serviceCollection.AddSingleton<IUserManager, UserManager>();
 
             base.RegisterServices(serviceCollection);
         }
@@ -79,7 +84,11 @@ namespace Jellyfin.Server
         /// <inheritdoc />
         protected override IEnumerable<Assembly> GetAssembliesWithPartsInternal()
         {
+            // Jellyfin.Server
             yield return typeof(CoreAppHost).Assembly;
+
+            // Jellyfin.Server.Implementations
+            yield return typeof(JellyfinDb).Assembly;
         }
 
         /// <inheritdoc />
diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
index 9cdaa0eb1..aad61d042 100644
--- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
@@ -5,7 +5,10 @@ using System.Linq;
 using System.Reflection;
 using Jellyfin.Api;
 using Jellyfin.Api.Auth;
+using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
 using Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy;
+using Jellyfin.Api.Auth.IgnoreSchedulePolicy;
+using Jellyfin.Api.Auth.LocalAccessPolicy;
 using Jellyfin.Api.Auth.RequiresElevationPolicy;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Controllers;
@@ -15,6 +18,8 @@ using MediaBrowser.Common.Json;
 using MediaBrowser.Model.Entities;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.OpenApi.Models;
 using Swashbuckle.AspNetCore.SwaggerGen;
@@ -33,16 +38,19 @@ namespace Jellyfin.Server.Extensions
         /// <returns>The updated service collection.</returns>
         public static IServiceCollection AddJellyfinApiAuthorization(this IServiceCollection serviceCollection)
         {
+            serviceCollection.AddSingleton<IAuthorizationHandler, DefaultAuthorizationHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeSetupOrElevatedHandler>();
+            serviceCollection.AddSingleton<IAuthorizationHandler, IgnoreScheduleHandler>();
+            serviceCollection.AddSingleton<IAuthorizationHandler, LocalAccessHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, RequiresElevationHandler>();
             return serviceCollection.AddAuthorizationCore(options =>
             {
                 options.AddPolicy(
-                    Policies.RequiresElevation,
+                    Policies.DefaultAuthorization,
                     policy =>
                     {
                         policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new RequiresElevationRequirement());
+                        policy.AddRequirements(new DefaultAuthorizationRequirement());
                     });
                 options.AddPolicy(
                     Policies.FirstTimeSetupOrElevated,
@@ -51,6 +59,27 @@ namespace Jellyfin.Server.Extensions
                         policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
                         policy.AddRequirements(new FirstTimeSetupOrElevatedRequirement());
                     });
+                options.AddPolicy(
+                    Policies.IgnoreSchedule,
+                    policy =>
+                    {
+                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
+                        policy.AddRequirements(new IgnoreScheduleRequirement());
+                    });
+                options.AddPolicy(
+                    Policies.LocalAccessOnly,
+                    policy =>
+                    {
+                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
+                        policy.AddRequirements(new LocalAccessRequirement());
+                    });
+                options.AddPolicy(
+                    Policies.RequiresElevation,
+                    policy =>
+                    {
+                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
+                        policy.AddRequirements(new RequiresElevationRequirement());
+                    });
             });
         }
 
@@ -78,6 +107,10 @@ namespace Jellyfin.Server.Extensions
                 {
                     options.AddPolicy(ServerCorsPolicy.DefaultPolicyName, ServerCorsPolicy.DefaultPolicy);
                 })
+                .Configure<ForwardedHeadersOptions>(options =>
+                {
+                    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+                })
                 .AddMvc(opts =>
                 {
                     opts.UseGeneralRoutePrefix(baseUrl);
@@ -182,6 +215,31 @@ namespace Jellyfin.Server.Extensions
                             Format = "string"
                         })
                 });
+
+            /*
+             * Support BlurHash dictionary
+             */
+            options.MapType<Dictionary<ImageType, Dictionary<string, string>>>(() =>
+                new OpenApiSchema
+                {
+                    Type = "object",
+                    Properties = typeof(ImageType).GetEnumNames().ToDictionary(
+                        name => name,
+                        name => new OpenApiSchema
+                        {
+                            Type = "object", Properties = new Dictionary<string, OpenApiSchema>
+                            {
+                                {
+                                    "string",
+                                    new OpenApiSchema
+                                    {
+                                        Type = "string",
+                                        Format = "string"
+                                    }
+                                }
+                            }
+                        })
+                });
         }
     }
 }
diff --git a/Jellyfin.Server/Migrations/MigrationRunner.cs b/Jellyfin.Server/Migrations/MigrationRunner.cs
index 473f62737..c98263223 100644
--- a/Jellyfin.Server/Migrations/MigrationRunner.cs
+++ b/Jellyfin.Server/Migrations/MigrationRunner.cs
@@ -19,7 +19,8 @@ namespace Jellyfin.Server.Migrations
             typeof(Routines.DisableTranscodingThrottling),
             typeof(Routines.CreateUserLoggingConfigFile),
             typeof(Routines.MigrateActivityLogDb),
-            typeof(Routines.RemoveDuplicateExtras)
+            typeof(Routines.RemoveDuplicateExtras),
+            typeof(Routines.MigrateUserDb)
         };
 
         /// <summary>
diff --git a/Jellyfin.Server/Migrations/Routines/MigrateUserDb.cs b/Jellyfin.Server/Migrations/Routines/MigrateUserDb.cs
new file mode 100644
index 000000000..2be10c708
--- /dev/null
+++ b/Jellyfin.Server/Migrations/Routines/MigrateUserDb.cs
@@ -0,0 +1,208 @@
+using System;
+using System.IO;
+using Emby.Server.Implementations.Data;
+using Emby.Server.Implementations.Serialization;
+using Jellyfin.Data.Entities;
+using Jellyfin.Data.Enums;
+using Jellyfin.Server.Implementations;
+using Jellyfin.Server.Implementations.Users;
+using MediaBrowser.Common.Json;
+using MediaBrowser.Controller;
+using MediaBrowser.Controller.Entities;
+using MediaBrowser.Model.Configuration;
+using MediaBrowser.Model.Users;
+using Microsoft.Extensions.Logging;
+using SQLitePCL.pretty;
+using JsonSerializer = System.Text.Json.JsonSerializer;
+
+namespace Jellyfin.Server.Migrations.Routines
+{
+    /// <summary>
+    /// The migration routine for migrating the user database to EF Core.
+    /// </summary>
+    public class MigrateUserDb : IMigrationRoutine
+    {
+        private const string DbFilename = "users.db";
+
+        private readonly ILogger<MigrateUserDb> _logger;
+        private readonly IServerApplicationPaths _paths;
+        private readonly JellyfinDbProvider _provider;
+        private readonly MyXmlSerializer _xmlSerializer;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="MigrateUserDb"/> class.
+        /// </summary>
+        /// <param name="logger">The logger.</param>
+        /// <param name="paths">The server application paths.</param>
+        /// <param name="provider">The database provider.</param>
+        /// <param name="xmlSerializer">The xml serializer.</param>
+        public MigrateUserDb(
+            ILogger<MigrateUserDb> logger,
+            IServerApplicationPaths paths,
+            JellyfinDbProvider provider,
+            MyXmlSerializer xmlSerializer)
+        {
+            _logger = logger;
+            _paths = paths;
+            _provider = provider;
+            _xmlSerializer = xmlSerializer;
+        }
+
+        /// <inheritdoc/>
+        public Guid Id => Guid.Parse("5C4B82A2-F053-4009-BD05-B6FCAD82F14C");
+
+        /// <inheritdoc/>
+        public string Name => "MigrateUserDatabase";
+
+        /// <inheritdoc/>
+        public void Perform()
+        {
+            var dataPath = _paths.DataPath;
+            _logger.LogInformation("Migrating the user database may take a while, do not stop Jellyfin.");
+
+            using (var connection = SQLite3.Open(Path.Combine(dataPath, DbFilename), ConnectionFlags.ReadOnly, null))
+            {
+                var dbContext = _provider.CreateContext();
+
+                var queryResult = connection.Query("SELECT * FROM LocalUsersv2");
+
+                dbContext.RemoveRange(dbContext.Users);
+                dbContext.SaveChanges();
+
+                foreach (var entry in queryResult)
+                {
+                    UserMockup mockup = JsonSerializer.Deserialize<UserMockup>(entry[2].ToBlob(), JsonDefaults.GetOptions());
+                    var userDataDir = Path.Combine(_paths.UserConfigurationDirectoryPath, mockup.Name);
+
+                    var config = File.Exists(Path.Combine(userDataDir, "config.xml"))
+                        ? (UserConfiguration)_xmlSerializer.DeserializeFromFile(typeof(UserConfiguration), Path.Combine(userDataDir, "config.xml"))
+                        : new UserConfiguration();
+                    var policy = File.Exists(Path.Combine(userDataDir, "policy.xml"))
+                        ? (UserPolicy)_xmlSerializer.DeserializeFromFile(typeof(UserPolicy), Path.Combine(userDataDir, "policy.xml"))
+                        : new UserPolicy();
+                    policy.AuthenticationProviderId = policy.AuthenticationProviderId?.Replace(
+                        "Emby.Server.Implementations.Library",
+                        "Jellyfin.Server.Implementations.Users",
+                        StringComparison.Ordinal)
+                        ?? typeof(DefaultAuthenticationProvider).FullName;
+
+                    policy.PasswordResetProviderId = typeof(DefaultPasswordResetProvider).FullName;
+                    int? maxLoginAttempts = policy.LoginAttemptsBeforeLockout switch
+                    {
+                        -1 => null,
+                        0 => 3,
+                        _ => policy.LoginAttemptsBeforeLockout
+                    };
+
+                    var user = new User(mockup.Name, policy.AuthenticationProviderId, policy.PasswordResetProviderId)
+                    {
+                        Id = entry[1].ReadGuidFromBlob(),
+                        InternalId = entry[0].ToInt64(),
+                        MaxParentalAgeRating = policy.MaxParentalRating,
+                        EnableUserPreferenceAccess = policy.EnableUserPreferenceAccess,
+                        RemoteClientBitrateLimit = policy.RemoteClientBitrateLimit,
+                        InvalidLoginAttemptCount = policy.InvalidLoginAttemptCount,
+                        LoginAttemptsBeforeLockout = maxLoginAttempts,
+                        SubtitleMode = config.SubtitleMode,
+                        HidePlayedInLatest = config.HidePlayedInLatest,
+                        EnableLocalPassword = config.EnableLocalPassword,
+                        PlayDefaultAudioTrack = config.PlayDefaultAudioTrack,
+                        DisplayCollectionsView = config.DisplayCollectionsView,
+                        DisplayMissingEpisodes = config.DisplayMissingEpisodes,
+                        AudioLanguagePreference = config.AudioLanguagePreference,
+                        RememberAudioSelections = config.RememberAudioSelections,
+                        EnableNextEpisodeAutoPlay = config.EnableNextEpisodeAutoPlay,
+                        RememberSubtitleSelections = config.RememberSubtitleSelections,
+                        SubtitleLanguagePreference = config.SubtitleLanguagePreference,
+                        Password = mockup.Password,
+                        EasyPassword = mockup.EasyPassword,
+                        LastLoginDate = mockup.LastLoginDate,
+                        LastActivityDate = mockup.LastActivityDate
+                    };
+
+                    if (mockup.ImageInfos.Length > 0)
+                    {
+                        ItemImageInfo info = mockup.ImageInfos[0];
+
+                        user.ProfileImage = new ImageInfo(info.Path)
+                        {
+                            LastModified = info.DateModified
+                        };
+                    }
+
+                    user.SetPermission(PermissionKind.IsAdministrator, policy.IsAdministrator);
+                    user.SetPermission(PermissionKind.IsHidden, policy.IsHidden);
+                    user.SetPermission(PermissionKind.IsDisabled, policy.IsDisabled);
+                    user.SetPermission(PermissionKind.EnableSharedDeviceControl, policy.EnableSharedDeviceControl);
+                    user.SetPermission(PermissionKind.EnableRemoteAccess, policy.EnableRemoteAccess);
+                    user.SetPermission(PermissionKind.EnableLiveTvManagement, policy.EnableLiveTvManagement);
+                    user.SetPermission(PermissionKind.EnableLiveTvAccess, policy.EnableLiveTvAccess);
+                    user.SetPermission(PermissionKind.EnableMediaPlayback, policy.EnableMediaPlayback);
+                    user.SetPermission(PermissionKind.EnableAudioPlaybackTranscoding, policy.EnableAudioPlaybackTranscoding);
+                    user.SetPermission(PermissionKind.EnableVideoPlaybackTranscoding, policy.EnableVideoPlaybackTranscoding);
+                    user.SetPermission(PermissionKind.EnableContentDeletion, policy.EnableContentDeletion);
+                    user.SetPermission(PermissionKind.EnableContentDownloading, policy.EnableContentDownloading);
+                    user.SetPermission(PermissionKind.EnableSyncTranscoding, policy.EnableSyncTranscoding);
+                    user.SetPermission(PermissionKind.EnableMediaConversion, policy.EnableMediaConversion);
+                    user.SetPermission(PermissionKind.EnableAllChannels, policy.EnableAllChannels);
+                    user.SetPermission(PermissionKind.EnableAllDevices, policy.EnableAllDevices);
+                    user.SetPermission(PermissionKind.EnableAllFolders, policy.EnableAllFolders);
+                    user.SetPermission(PermissionKind.EnableRemoteControlOfOtherUsers, policy.EnableRemoteControlOfOtherUsers);
+                    user.SetPermission(PermissionKind.EnablePlaybackRemuxing, policy.EnablePlaybackRemuxing);
+                    user.SetPermission(PermissionKind.ForceRemoteSourceTranscoding, policy.ForceRemoteSourceTranscoding);
+                    user.SetPermission(PermissionKind.EnablePublicSharing, policy.EnablePublicSharing);
+
+                    foreach (var policyAccessSchedule in policy.AccessSchedules)
+                    {
+                        user.AccessSchedules.Add(policyAccessSchedule);
+                    }
+
+                    user.SetPreference(PreferenceKind.BlockedTags, policy.BlockedTags);
+                    user.SetPreference(PreferenceKind.EnabledChannels, policy.EnabledChannels);
+                    user.SetPreference(PreferenceKind.EnabledDevices, policy.EnabledDevices);
+                    user.SetPreference(PreferenceKind.EnabledFolders, policy.EnabledFolders);
+                    user.SetPreference(PreferenceKind.EnableContentDeletionFromFolders, policy.EnableContentDeletionFromFolders);
+                    user.SetPreference(PreferenceKind.OrderedViews, config.OrderedViews);
+                    user.SetPreference(PreferenceKind.GroupedFolders, config.GroupedFolders);
+                    user.SetPreference(PreferenceKind.MyMediaExcludes, config.MyMediaExcludes);
+                    user.SetPreference(PreferenceKind.LatestItemExcludes, config.LatestItemsExcludes);
+
+                    dbContext.Users.Add(user);
+                }
+
+                dbContext.SaveChanges();
+            }
+
+            try
+            {
+                File.Move(Path.Combine(dataPath, DbFilename), Path.Combine(dataPath, DbFilename + ".old"));
+
+                var journalPath = Path.Combine(dataPath, DbFilename + "-journal");
+                if (File.Exists(journalPath))
+                {
+                    File.Move(journalPath, Path.Combine(dataPath, DbFilename + ".old-journal"));
+                }
+            }
+            catch (IOException e)
+            {
+                _logger.LogError(e, "Error renaming legacy user database to 'users.db.old'");
+            }
+        }
+
+#nullable disable
+        internal class UserMockup
+        {
+            public string Password { get; set; }
+
+            public string EasyPassword { get; set; }
+
+            public DateTime? LastLoginDate { get; set; }
+
+            public DateTime? LastActivityDate { get; set; }
+
+            public string Name { get; set; }
+
+            public ItemImageInfo[] ImageInfos { get; set; }
+        }
+    }
+}