From 05d98fe24c594ae43de4cd9f54139f8b04324119 Mon Sep 17 00:00:00 2001 From: Shadowghost Date: Fri, 9 Jun 2023 17:11:22 +0200 Subject: Enforce permissions on websocket connections --- .../HttpServer/WebSocketConnection.cs | 28 ++++++++++------------ .../HttpServer/WebSocketManager.cs | 3 ++- 2 files changed, 14 insertions(+), 17 deletions(-) (limited to 'Emby.Server.Implementations/HttpServer') diff --git a/Emby.Server.Implementations/HttpServer/WebSocketConnection.cs b/Emby.Server.Implementations/HttpServer/WebSocketConnection.cs index fd7653a32..7f620d666 100644 --- a/Emby.Server.Implementations/HttpServer/WebSocketConnection.cs +++ b/Emby.Server.Implementations/HttpServer/WebSocketConnection.cs @@ -12,6 +12,7 @@ using MediaBrowser.Controller.Net; using MediaBrowser.Controller.Net.WebSocketMessages; using MediaBrowser.Controller.Net.WebSocketMessages.Outbound; using MediaBrowser.Model.Session; +using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Logging; namespace Emby.Server.Implementations.HttpServer @@ -43,14 +44,17 @@ namespace Emby.Server.Implementations.HttpServer /// /// The logger. /// The socket. + /// The authorization information. /// The remote end point. public WebSocketConnection( ILogger logger, WebSocket socket, + AuthorizationInfo authorizationInfo, IPAddress? remoteEndPoint) { _logger = logger; _socket = socket; + AuthorizationInfo = authorizationInfo; RemoteEndPoint = remoteEndPoint; _jsonOptions = JsonDefaults.Options; @@ -60,30 +64,22 @@ namespace Emby.Server.Implementations.HttpServer /// public event EventHandler? Closed; - /// - /// Gets the remote end point. - /// + /// + public AuthorizationInfo AuthorizationInfo { get; } + + /// public IPAddress? RemoteEndPoint { get; } - /// - /// Gets or sets the receive action. - /// - /// The receive action. + /// public Func? OnReceive { get; set; } - /// - /// Gets the last activity date. - /// - /// The last activity date. + /// public DateTime LastActivityDate { get; private set; } /// public DateTime LastKeepAliveDate { get; set; } - /// - /// Gets the state. - /// - /// The state. + /// public WebSocketState State => _socket.State; /// @@ -101,7 +97,7 @@ namespace Emby.Server.Implementations.HttpServer } /// - public async Task ProcessAsync(CancellationToken cancellationToken = default) + public async Task ReceiveAsync(CancellationToken cancellationToken = default) { var pipe = new Pipe(); var writer = pipe.Writer; diff --git a/Emby.Server.Implementations/HttpServer/WebSocketManager.cs b/Emby.Server.Implementations/HttpServer/WebSocketManager.cs index ecfb242f6..52f14b0b1 100644 --- a/Emby.Server.Implementations/HttpServer/WebSocketManager.cs +++ b/Emby.Server.Implementations/HttpServer/WebSocketManager.cs @@ -51,6 +51,7 @@ namespace Emby.Server.Implementations.HttpServer using var connection = new WebSocketConnection( _loggerFactory.CreateLogger(), webSocket, + authorizationInfo, context.GetNormalizedRemoteIP()) { OnReceive = ProcessWebSocketMessageReceived @@ -64,7 +65,7 @@ namespace Emby.Server.Implementations.HttpServer await Task.WhenAll(tasks).ConfigureAwait(false); - await connection.ProcessAsync().ConfigureAwait(false); + await connection.ReceiveAsync().ConfigureAwait(false); _logger.LogInformation("WS {IP} closed", context.Connection.RemoteIpAddress); } catch (Exception ex) // Otherwise ASP.Net will ignore the exception -- cgit v1.2.3