diff options
Diffstat (limited to 'MediaBrowser.Api')
| -rw-r--r-- | MediaBrowser.Api/AppThemeService.cs | 2 | ||||
| -rw-r--r-- | MediaBrowser.Api/AuthorizationRequestFilterAttribute.cs | 190 | ||||
| -rw-r--r-- | MediaBrowser.Api/BaseApiService.cs | 13 | ||||
| -rw-r--r-- | MediaBrowser.Api/ChannelService.cs | 4 | ||||
| -rw-r--r-- | MediaBrowser.Api/DisplayPreferencesService.cs | 4 | ||||
| -rw-r--r-- | MediaBrowser.Api/EnvironmentService.cs | 2 | ||||
| -rw-r--r-- | MediaBrowser.Api/GamesService.cs | 2 | ||||
| -rw-r--r-- | MediaBrowser.Api/Library/LibraryService.cs | 2 | ||||
| -rw-r--r-- | MediaBrowser.Api/LiveTv/LiveTvService.cs | 2 | ||||
| -rw-r--r-- | MediaBrowser.Api/MediaBrowser.Api.csproj | 1 | ||||
| -rw-r--r-- | MediaBrowser.Api/Playback/BaseStreamingService.cs | 7 | ||||
| -rw-r--r-- | MediaBrowser.Api/SessionsService.cs | 16 | ||||
| -rw-r--r-- | MediaBrowser.Api/UserLibrary/UserLibraryService.cs | 10 | ||||
| -rw-r--r-- | MediaBrowser.Api/UserService.cs | 7 |
14 files changed, 38 insertions, 224 deletions
diff --git a/MediaBrowser.Api/AppThemeService.cs b/MediaBrowser.Api/AppThemeService.cs index 4d8eed7dd..0c8a0aaa6 100644 --- a/MediaBrowser.Api/AppThemeService.cs +++ b/MediaBrowser.Api/AppThemeService.cs @@ -1,4 +1,5 @@ using MediaBrowser.Common.IO; +using MediaBrowser.Controller.Net; using MediaBrowser.Controller.Themes; using MediaBrowser.Model.Themes; using ServiceStack; @@ -47,6 +48,7 @@ namespace MediaBrowser.Api { } + [Authenticated] public class AppThemeService : BaseApiService { private readonly IAppThemeManager _themeManager; diff --git a/MediaBrowser.Api/AuthorizationRequestFilterAttribute.cs b/MediaBrowser.Api/AuthorizationRequestFilterAttribute.cs deleted file mode 100644 index 6c56083cb..000000000 --- a/MediaBrowser.Api/AuthorizationRequestFilterAttribute.cs +++ /dev/null @@ -1,190 +0,0 @@ -using MediaBrowser.Controller.Entities; -using MediaBrowser.Controller.Library; -using MediaBrowser.Controller.Session; -using MediaBrowser.Model.Logging; -using ServiceStack.Web; -using System; -using System.Collections.Generic; - -namespace MediaBrowser.Api -{ - public class AuthorizationRequestFilterAttribute : Attribute, IHasRequestFilter - { - //This property will be resolved by the IoC container - /// <summary> - /// Gets or sets the user manager. - /// </summary> - /// <value>The user manager.</value> - public IUserManager UserManager { get; set; } - - public ISessionManager SessionManager { get; set; } - - /// <summary> - /// Gets or sets the logger. - /// </summary> - /// <value>The logger.</value> - public ILogger Logger { get; set; } - - /// <summary> - /// The request filter is executed before the service. - /// </summary> - /// <param name="request">The http request wrapper</param> - /// <param name="response">The http response wrapper</param> - /// <param name="requestDto">The request DTO</param> - public void RequestFilter(IRequest request, IResponse response, object requestDto) - { - //This code is executed before the service - var auth = GetAuthorizationDictionary(request); - - if (auth != null) - { - User user = null; - - if (auth.ContainsKey("UserId")) - { - var userId = auth["UserId"]; - - if (!string.IsNullOrEmpty(userId)) - { - user = UserManager.GetUserById(new Guid(userId)); - } - } - - string deviceId; - string device; - string client; - string version; - - auth.TryGetValue("DeviceId", out deviceId); - auth.TryGetValue("Device", out device); - auth.TryGetValue("Client", out client); - auth.TryGetValue("Version", out version); - - if (!string.IsNullOrEmpty(client) && !string.IsNullOrEmpty(deviceId) && !string.IsNullOrEmpty(device) && !string.IsNullOrEmpty(version)) - { - var remoteEndPoint = request.RemoteIp; - - SessionManager.LogSessionActivity(client, version, deviceId, device, remoteEndPoint, user); - } - } - } - - /// <summary> - /// Gets the auth. - /// </summary> - /// <param name="httpReq">The HTTP req.</param> - /// <returns>Dictionary{System.StringSystem.String}.</returns> - private static Dictionary<string, string> GetAuthorizationDictionary(IRequest httpReq) - { - var auth = httpReq.Headers["Authorization"]; - - return GetAuthorization(auth); - } - - public static User GetCurrentUser(IRequest httpReq, IUserManager userManager) - { - var info = GetAuthorization(httpReq); - - return string.IsNullOrEmpty(info.UserId) ? null : - userManager.GetUserById(new Guid(info.UserId)); - } - - /// <summary> - /// Gets the authorization. - /// </summary> - /// <param name="httpReq">The HTTP req.</param> - /// <returns>Dictionary{System.StringSystem.String}.</returns> - public static AuthorizationInfo GetAuthorization(IRequest httpReq) - { - var auth = GetAuthorizationDictionary(httpReq); - - string userId = null; - string deviceId = null; - string device = null; - string client = null; - string version = null; - - if (auth != null) - { - auth.TryGetValue("UserId", out userId); - auth.TryGetValue("DeviceId", out deviceId); - auth.TryGetValue("Device", out device); - auth.TryGetValue("Client", out client); - auth.TryGetValue("Version", out version); - } - - return new AuthorizationInfo - { - Client = client, - Device = device, - DeviceId = deviceId, - UserId = userId, - Version = version - }; - } - - /// <summary> - /// Gets the authorization. - /// </summary> - /// <param name="authorizationHeader">The authorization header.</param> - /// <returns>Dictionary{System.StringSystem.String}.</returns> - private static Dictionary<string, string> GetAuthorization(string authorizationHeader) - { - if (authorizationHeader == null) return null; - - var parts = authorizationHeader.Split(' '); - - // There should be at least to parts - if (parts.Length < 2) return null; - - // It has to be a digest request - if (!string.Equals(parts[0], "MediaBrowser", StringComparison.OrdinalIgnoreCase)) - { - return null; - } - - // Remove uptil the first space - authorizationHeader = authorizationHeader.Substring(authorizationHeader.IndexOf(' ')); - parts = authorizationHeader.Split(','); - - var result = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase); - - foreach (var item in parts) - { - var param = item.Trim().Split(new[] { '=' }, 2); - result.Add(param[0], param[1].Trim(new[] { '"' })); - } - - return result; - } - - /// <summary> - /// A new shallow copy of this filter is used on every request. - /// </summary> - /// <returns>IHasRequestFilter.</returns> - public IHasRequestFilter Copy() - { - return this; - } - - /// <summary> - /// Order in which Request Filters are executed. - /// <0 Executed before global request filters - /// >0 Executed after global request filters - /// </summary> - /// <value>The priority.</value> - public int Priority - { - get { return 0; } - } - } - - public class AuthorizationInfo - { - public string UserId; - public string DeviceId; - public string Device; - public string Client; - public string Version; - } -} diff --git a/MediaBrowser.Api/BaseApiService.cs b/MediaBrowser.Api/BaseApiService.cs index f1d596213..09eb1ea41 100644 --- a/MediaBrowser.Api/BaseApiService.cs +++ b/MediaBrowser.Api/BaseApiService.cs @@ -14,8 +14,7 @@ namespace MediaBrowser.Api /// <summary> /// Class BaseApiService /// </summary> - [AuthorizationRequestFilter] - public class BaseApiService : IHasResultFactory, IRestfulService + public class BaseApiService : IHasResultFactory, IRestfulService, IHasSession { /// <summary> /// Gets or sets the logger. @@ -35,6 +34,8 @@ namespace MediaBrowser.Api /// <value>The request context.</value> public IRequest Request { get; set; } + public ISessionContext SessionContext { get; set; } + public string GetHeader(string name) { return Request.Headers[name]; @@ -82,13 +83,11 @@ namespace MediaBrowser.Api /// <summary> /// Gets the session. /// </summary> - /// <param name="sessionManager">The session manager.</param> /// <returns>SessionInfo.</returns> - protected SessionInfo GetSession(ISessionManager sessionManager) + /// <exception cref="System.ArgumentException">Session not found.</exception> + protected SessionInfo GetSession() { - var auth = AuthorizationRequestFilterAttribute.GetAuthorization(Request); - - var session = sessionManager.GetSession(auth.DeviceId, auth.Client, auth.Version); + var session = SessionContext.GetSession(Request); if (session == null) { diff --git a/MediaBrowser.Api/ChannelService.cs b/MediaBrowser.Api/ChannelService.cs index d71db929f..2cc046f1d 100644 --- a/MediaBrowser.Api/ChannelService.cs +++ b/MediaBrowser.Api/ChannelService.cs @@ -1,4 +1,5 @@ using MediaBrowser.Controller.Channels; +using MediaBrowser.Controller.Net; using MediaBrowser.Model.Channels; using MediaBrowser.Model.Dto; using MediaBrowser.Model.Entities; @@ -172,7 +173,8 @@ namespace MediaBrowser.Api [ApiMember(Name = "UserId", Description = "Optional attach user data.", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "GET")] public string UserId { get; set; } } - + + [Authenticated] public class ChannelService : BaseApiService { private readonly IChannelManager _channelManager; diff --git a/MediaBrowser.Api/DisplayPreferencesService.cs b/MediaBrowser.Api/DisplayPreferencesService.cs index 206f5bf7b..9f3a6134e 100644 --- a/MediaBrowser.Api/DisplayPreferencesService.cs +++ b/MediaBrowser.Api/DisplayPreferencesService.cs @@ -1,4 +1,5 @@ -using MediaBrowser.Controller.Persistence; +using MediaBrowser.Controller.Net; +using MediaBrowser.Controller.Persistence; using MediaBrowser.Model.Entities; using MediaBrowser.Model.Serialization; using ServiceStack; @@ -48,6 +49,7 @@ namespace MediaBrowser.Api /// <summary> /// Class DisplayPreferencesService /// </summary> + [Authenticated] public class DisplayPreferencesService : BaseApiService { /// <summary> diff --git a/MediaBrowser.Api/EnvironmentService.cs b/MediaBrowser.Api/EnvironmentService.cs index 56f71fc00..590deff5a 100644 --- a/MediaBrowser.Api/EnvironmentService.cs +++ b/MediaBrowser.Api/EnvironmentService.cs @@ -1,4 +1,5 @@ using MediaBrowser.Common.Net; +using MediaBrowser.Controller.Net; using MediaBrowser.Model.IO; using MediaBrowser.Model.Net; using ServiceStack; @@ -86,6 +87,7 @@ namespace MediaBrowser.Api /// <summary> /// Class EnvironmentService /// </summary> + [Authenticated] public class EnvironmentService : BaseApiService { const char UncSeparator = '\\'; diff --git a/MediaBrowser.Api/GamesService.cs b/MediaBrowser.Api/GamesService.cs index ff2771ce1..9aba2b065 100644 --- a/MediaBrowser.Api/GamesService.cs +++ b/MediaBrowser.Api/GamesService.cs @@ -1,6 +1,7 @@ using MediaBrowser.Controller.Dto; using MediaBrowser.Controller.Entities; using MediaBrowser.Controller.Library; +using MediaBrowser.Controller.Net; using MediaBrowser.Controller.Persistence; using MediaBrowser.Model.Dto; using ServiceStack; @@ -51,6 +52,7 @@ namespace MediaBrowser.Api /// <summary> /// Class GamesService /// </summary> + [Authenticated] public class GamesService : BaseApiService { /// <summary> diff --git a/MediaBrowser.Api/Library/LibraryService.cs b/MediaBrowser.Api/Library/LibraryService.cs index ddb2dc943..77a714755 100644 --- a/MediaBrowser.Api/Library/LibraryService.cs +++ b/MediaBrowser.Api/Library/LibraryService.cs @@ -470,7 +470,7 @@ namespace MediaBrowser.Api.Library { var item = _libraryManager.GetItemById(request.Id); - var session = GetSession(_sessionManager); + var session = GetSession(); if (!session.UserId.HasValue || !_userManager.GetUserById(session.UserId.Value).Configuration.EnableContentDeletion) { diff --git a/MediaBrowser.Api/LiveTv/LiveTvService.cs b/MediaBrowser.Api/LiveTv/LiveTvService.cs index 6973a233a..de01628f8 100644 --- a/MediaBrowser.Api/LiveTv/LiveTvService.cs +++ b/MediaBrowser.Api/LiveTv/LiveTvService.cs @@ -280,7 +280,7 @@ namespace MediaBrowser.Api.LiveTv private void AssertUserCanManageLiveTv() { - var user = AuthorizationRequestFilterAttribute.GetCurrentUser(Request, _userManager); + var user = SessionContext.GetUser(Request); if (user == null) { diff --git a/MediaBrowser.Api/MediaBrowser.Api.csproj b/MediaBrowser.Api/MediaBrowser.Api.csproj index 3f1d9fe67..a68966b33 100644 --- a/MediaBrowser.Api/MediaBrowser.Api.csproj +++ b/MediaBrowser.Api/MediaBrowser.Api.csproj @@ -79,7 +79,6 @@ <Compile Include="DefaultTheme\Models.cs" /> <Compile Include="DisplayPreferencesService.cs" /> <Compile Include="EnvironmentService.cs" /> - <Compile Include="AuthorizationRequestFilterAttribute.cs" /> <Compile Include="GamesService.cs" /> <Compile Include="IHasItemFields.cs" /> <Compile Include="Images\ImageByNameService.cs" /> diff --git a/MediaBrowser.Api/Playback/BaseStreamingService.cs b/MediaBrowser.Api/Playback/BaseStreamingService.cs index 380ece2f2..9ff482a1a 100644 --- a/MediaBrowser.Api/Playback/BaseStreamingService.cs +++ b/MediaBrowser.Api/Playback/BaseStreamingService.cs @@ -1386,8 +1386,6 @@ namespace MediaBrowser.Api.Playback ParseParams(request); } - var user = AuthorizationRequestFilterAttribute.GetCurrentUser(Request, UserManager); - var url = Request.PathInfo; if (string.IsNullOrEmpty(request.AudioCodec)) @@ -1409,11 +1407,6 @@ namespace MediaBrowser.Api.Playback var item = LibraryManager.GetItemById(request.Id); - if (user != null && item.GetPlayAccess(user) != PlayAccess.Full) - { - throw new ArgumentException(string.Format("{0} is not allowed to play media.", user.Name)); - } - List<MediaStream> mediaStreams = null; state.ItemType = item.GetType().Name; diff --git a/MediaBrowser.Api/SessionsService.cs b/MediaBrowser.Api/SessionsService.cs index 36f1d6577..00c307a18 100644 --- a/MediaBrowser.Api/SessionsService.cs +++ b/MediaBrowser.Api/SessionsService.cs @@ -285,7 +285,7 @@ namespace MediaBrowser.Api SeekPositionTicks = request.SeekPositionTicks }; - var task = _sessionManager.SendPlaystateCommand(GetSession(_sessionManager).Id, request.Id, command, CancellationToken.None); + var task = _sessionManager.SendPlaystateCommand(GetSession().Id, request.Id, command, CancellationToken.None); Task.WaitAll(task); } @@ -303,7 +303,7 @@ namespace MediaBrowser.Api ItemType = request.ItemType }; - var task = _sessionManager.SendBrowseCommand(GetSession(_sessionManager).Id, request.Id, command, CancellationToken.None); + var task = _sessionManager.SendBrowseCommand(GetSession().Id, request.Id, command, CancellationToken.None); Task.WaitAll(task); } @@ -318,7 +318,7 @@ namespace MediaBrowser.Api if (Enum.TryParse(request.Command, true, out commandType)) { - var currentSession = GetSession(_sessionManager); + var currentSession = GetSession(); var command = new GeneralCommand { @@ -345,7 +345,7 @@ namespace MediaBrowser.Api Text = request.Text }; - var task = _sessionManager.SendMessageCommand(GetSession(_sessionManager).Id, request.Id, command, CancellationToken.None); + var task = _sessionManager.SendMessageCommand(GetSession().Id, request.Id, command, CancellationToken.None); Task.WaitAll(task); } @@ -364,14 +364,14 @@ namespace MediaBrowser.Api StartPositionTicks = request.StartPositionTicks }; - var task = _sessionManager.SendPlayCommand(GetSession(_sessionManager).Id, request.Id, command, CancellationToken.None); + var task = _sessionManager.SendPlayCommand(GetSession().Id, request.Id, command, CancellationToken.None); Task.WaitAll(task); } public void Post(SendGeneralCommand request) { - var currentSession = GetSession(_sessionManager); + var currentSession = GetSession(); var command = new GeneralCommand { @@ -386,7 +386,7 @@ namespace MediaBrowser.Api public void Post(SendFullGeneralCommand request) { - var currentSession = GetSession(_sessionManager); + var currentSession = GetSession(); request.ControllingUserId = currentSession.UserId.HasValue ? currentSession.UserId.Value.ToString("N") : null; @@ -409,7 +409,7 @@ namespace MediaBrowser.Api { if (string.IsNullOrWhiteSpace(request.Id)) { - request.Id = GetSession(_sessionManager).Id; + request.Id = GetSession().Id; } _sessionManager.ReportCapabilities(request.Id, new SessionCapabilities { diff --git a/MediaBrowser.Api/UserLibrary/UserLibraryService.cs b/MediaBrowser.Api/UserLibrary/UserLibraryService.cs index a1625d052..da12a9e3d 100644 --- a/MediaBrowser.Api/UserLibrary/UserLibraryService.cs +++ b/MediaBrowser.Api/UserLibrary/UserLibraryService.cs @@ -791,7 +791,7 @@ namespace MediaBrowser.Api.UserLibrary datePlayed = DateTime.ParseExact(request.DatePlayed, "yyyyMMddHHmmss", CultureInfo.InvariantCulture, DateTimeStyles.AssumeUniversal); } - var session = GetSession(_sessionManager); + var session = GetSession(); var dto = await UpdatePlayedStatus(user, request.Id, true, datePlayed).ConfigureAwait(false); @@ -826,7 +826,7 @@ namespace MediaBrowser.Api.UserLibrary public void Post(ReportPlaybackStart request) { - request.SessionId = GetSession(_sessionManager).Id; + request.SessionId = GetSession().Id; var task = _sessionManager.OnPlaybackStart(request); @@ -854,7 +854,7 @@ namespace MediaBrowser.Api.UserLibrary public void Post(ReportPlaybackProgress request) { - request.SessionId = GetSession(_sessionManager).Id; + request.SessionId = GetSession().Id; var task = _sessionManager.OnPlaybackProgress(request); @@ -877,7 +877,7 @@ namespace MediaBrowser.Api.UserLibrary public void Post(ReportPlaybackStopped request) { - request.SessionId = GetSession(_sessionManager).Id; + request.SessionId = GetSession().Id; var task = _sessionManager.OnPlaybackStopped(request); @@ -899,7 +899,7 @@ namespace MediaBrowser.Api.UserLibrary { var user = _userManager.GetUserById(request.UserId); - var session = GetSession(_sessionManager); + var session = GetSession(); var dto = await UpdatePlayedStatus(user, request.Id, false, null).ConfigureAwait(false); diff --git a/MediaBrowser.Api/UserService.cs b/MediaBrowser.Api/UserService.cs index 1932c8f93..764a28102 100644 --- a/MediaBrowser.Api/UserService.cs +++ b/MediaBrowser.Api/UserService.cs @@ -1,6 +1,7 @@ using MediaBrowser.Common.Extensions; using MediaBrowser.Controller.Dto; using MediaBrowser.Controller.Library; +using MediaBrowser.Controller.Net; using MediaBrowser.Controller.Session; using MediaBrowser.Model.Dto; using MediaBrowser.Model.Serialization; @@ -152,7 +153,7 @@ namespace MediaBrowser.Api /// <summary> /// Class UsersService /// </summary> - public class UserService : BaseApiService + public class UserService : BaseApiService, IHasAuthorization { /// <summary> /// The _XML serializer @@ -166,6 +167,8 @@ namespace MediaBrowser.Api private readonly IDtoService _dtoService; private readonly ISessionManager _sessionMananger; + public IAuthorizationContext AuthorizationContext { get; set; } + /// <summary> /// Initializes a new instance of the <see cref="UserService" /> class. /// </summary> @@ -295,7 +298,7 @@ namespace MediaBrowser.Api throw new ResourceNotFoundException("User not found"); } - var auth = AuthorizationRequestFilterAttribute.GetAuthorization(Request); + var auth = AuthorizationContext.GetAuthorizationInfo(Request); // Login in the old way if the header is missing if (string.IsNullOrEmpty(auth.Client) || |