From 05d98fe24c594ae43de4cd9f54139f8b04324119 Mon Sep 17 00:00:00 2001
From: Shadowghost <Ghost_of_Stone@web.de>
Date: Fri, 9 Jun 2023 17:11:22 +0200
Subject: Enforce permissions on websocket connections

---
 .../Net/BasePeriodicWebSocketListener.cs                |  2 +-
 MediaBrowser.Controller/Net/IWebSocketConnection.cs     | 17 ++++++++++++++---
 2 files changed, 15 insertions(+), 4 deletions(-)

(limited to 'MediaBrowser.Controller/Net')

diff --git a/MediaBrowser.Controller/Net/BasePeriodicWebSocketListener.cs b/MediaBrowser.Controller/Net/BasePeriodicWebSocketListener.cs
index 8f38d4976..0ad1e4f50 100644
--- a/MediaBrowser.Controller/Net/BasePeriodicWebSocketListener.cs
+++ b/MediaBrowser.Controller/Net/BasePeriodicWebSocketListener.cs
@@ -96,7 +96,7 @@ namespace MediaBrowser.Controller.Net
         /// Starts sending messages over a web socket.
         /// </summary>
         /// <param name="message">The message.</param>
-        private void Start(WebSocketMessageInfo message)
+        protected void Start(WebSocketMessageInfo message)
         {
             var vals = message.Data.Split(',');
 
diff --git a/MediaBrowser.Controller/Net/IWebSocketConnection.cs b/MediaBrowser.Controller/Net/IWebSocketConnection.cs
index 79f0846b4..bba5a6b85 100644
--- a/MediaBrowser.Controller/Net/IWebSocketConnection.cs
+++ b/MediaBrowser.Controller/Net/IWebSocketConnection.cs
@@ -1,5 +1,3 @@
-#pragma warning disable CS1591
-
 using System;
 using System.Net;
 using System.Net.WebSockets;
@@ -9,6 +7,9 @@ using MediaBrowser.Controller.Net.WebSocketMessages;
 
 namespace MediaBrowser.Controller.Net
 {
+    /// <summary>
+    /// Interface for WebSocket connections.
+    /// </summary>
     public interface IWebSocketConnection : IAsyncDisposable, IDisposable
     {
         /// <summary>
@@ -40,6 +41,11 @@ namespace MediaBrowser.Controller.Net
         /// <value>The state.</value>
         WebSocketState State { get; }
 
+        /// <summary>
+        /// Gets the authorization information.
+        /// </summary>
+        public AuthorizationInfo AuthorizationInfo { get; }
+
         /// <summary>
         /// Gets the remote end point.
         /// </summary>
@@ -65,6 +71,11 @@ namespace MediaBrowser.Controller.Net
         /// <exception cref="ArgumentNullException">The message is null.</exception>
         Task SendAsync<T>(OutboundWebSocketMessage<T> message, CancellationToken cancellationToken);
 
-        Task ProcessAsync(CancellationToken cancellationToken = default);
+        /// <summary>
+        /// Receives a message asynchronously.
+        /// </summary>
+        /// <param name="cancellationToken">The cancellation token.</param>
+        /// <returns>Task.</returns>
+        Task ReceiveAsync(CancellationToken cancellationToken = default);
     }
 }
-- 
cgit v1.2.3


From 368f9202ce0048b92b3b43ea78a96486f9cd23c4 Mon Sep 17 00:00:00 2001
From: Shadowghost <Ghost_of_Stone@web.de>
Date: Sat, 15 Jul 2023 20:14:31 +0200
Subject: Apply review suggestions

---
 Jellyfin.Api/WebSocketListeners/ActivityLogWebSocketListener.cs | 6 +++++-
 Jellyfin.Api/WebSocketListeners/SessionInfoWebSocketListener.cs | 6 +++++-
 MediaBrowser.Controller/Net/BasePeriodicWebSocketListener.cs    | 2 +-
 3 files changed, 11 insertions(+), 3 deletions(-)

(limited to 'MediaBrowser.Controller/Net')

diff --git a/Jellyfin.Api/WebSocketListeners/ActivityLogWebSocketListener.cs b/Jellyfin.Api/WebSocketListeners/ActivityLogWebSocketListener.cs
index 33d391f29..5b90d65d8 100644
--- a/Jellyfin.Api/WebSocketListeners/ActivityLogWebSocketListener.cs
+++ b/Jellyfin.Api/WebSocketListeners/ActivityLogWebSocketListener.cs
@@ -58,7 +58,11 @@ public class ActivityLogWebSocketListener : BasePeriodicWebSocketListener<Activi
         base.Dispose(dispose);
     }
 
-    private new void Start(WebSocketMessageInfo message)
+    /// <summary>
+    /// Starts sending messages over an activity log web socket.
+    /// </summary>
+    /// <param name="message">The message.</param>
+    protected override void Start(WebSocketMessageInfo message)
     {
         if (!message.Connection.AuthorizationInfo.User.HasPermission(PermissionKind.IsAdministrator))
         {
diff --git a/Jellyfin.Api/WebSocketListeners/SessionInfoWebSocketListener.cs b/Jellyfin.Api/WebSocketListeners/SessionInfoWebSocketListener.cs
index 0d614ba4f..b403ff46d 100644
--- a/Jellyfin.Api/WebSocketListeners/SessionInfoWebSocketListener.cs
+++ b/Jellyfin.Api/WebSocketListeners/SessionInfoWebSocketListener.cs
@@ -68,7 +68,11 @@ public class SessionInfoWebSocketListener : BasePeriodicWebSocketListener<IEnume
         base.Dispose(dispose);
     }
 
-    private new void Start(WebSocketMessageInfo message)
+    /// <summary>
+    /// Starts sending messages over a session info web socket.
+    /// </summary>
+    /// <param name="message">The message.</param>
+    protected override void Start(WebSocketMessageInfo message)
     {
         if (!message.Connection.AuthorizationInfo.User.HasPermission(PermissionKind.IsAdministrator))
         {
diff --git a/MediaBrowser.Controller/Net/BasePeriodicWebSocketListener.cs b/MediaBrowser.Controller/Net/BasePeriodicWebSocketListener.cs
index 0ad1e4f50..e0942e490 100644
--- a/MediaBrowser.Controller/Net/BasePeriodicWebSocketListener.cs
+++ b/MediaBrowser.Controller/Net/BasePeriodicWebSocketListener.cs
@@ -96,7 +96,7 @@ namespace MediaBrowser.Controller.Net
         /// Starts sending messages over a web socket.
         /// </summary>
         /// <param name="message">The message.</param>
-        protected void Start(WebSocketMessageInfo message)
+        protected virtual void Start(WebSocketMessageInfo message)
         {
             var vals = message.Data.Split(',');
 
-- 
cgit v1.2.3