Merge pull request #3218 from crobibero/api-cors
Enable CORS and Authentation
This commit is contained in:
commit
b3f8928fbb
|
@ -146,11 +146,17 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||||
{
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (authAttribtues.AllowLocalOnly && request.IsLocal)
|
if (authAttribtues.AllowLocalOnly && request.IsLocal)
|
||||||
{
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (authAttribtues.IgnoreLegacyAuth)
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -37,13 +37,20 @@ namespace Jellyfin.Api.Auth
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
|
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
|
||||||
{
|
{
|
||||||
var authenticatedAttribute = new AuthenticatedAttribute();
|
var authenticatedAttribute = new AuthenticatedAttribute
|
||||||
|
{
|
||||||
|
IgnoreLegacyAuth = true
|
||||||
|
};
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
var user = _authService.Authenticate(Request, authenticatedAttribute);
|
var user = _authService.Authenticate(Request, authenticatedAttribute);
|
||||||
if (user == null)
|
if (user == null)
|
||||||
{
|
{
|
||||||
return Task.FromResult(AuthenticateResult.Fail("Invalid user"));
|
return Task.FromResult(AuthenticateResult.NoResult());
|
||||||
|
// TODO return when legacy API is removed.
|
||||||
|
// Don't spam the log with "Invalid User"
|
||||||
|
// return Task.FromResult(AuthenticateResult.Fail("Invalid user"));
|
||||||
}
|
}
|
||||||
|
|
||||||
var claims = new[]
|
var claims = new[]
|
||||||
|
|
|
@ -10,6 +10,7 @@ using Jellyfin.Api.Auth.RequiresElevationPolicy;
|
||||||
using Jellyfin.Api.Constants;
|
using Jellyfin.Api.Constants;
|
||||||
using Jellyfin.Api.Controllers;
|
using Jellyfin.Api.Controllers;
|
||||||
using Jellyfin.Server.Formatters;
|
using Jellyfin.Server.Formatters;
|
||||||
|
using Jellyfin.Server.Models;
|
||||||
using MediaBrowser.Common.Json;
|
using MediaBrowser.Common.Json;
|
||||||
using MediaBrowser.Model.Entities;
|
using MediaBrowser.Model.Entities;
|
||||||
using Microsoft.AspNetCore.Authentication;
|
using Microsoft.AspNetCore.Authentication;
|
||||||
|
@ -72,7 +73,12 @@ namespace Jellyfin.Server.Extensions
|
||||||
/// <returns>The MVC builder.</returns>
|
/// <returns>The MVC builder.</returns>
|
||||||
public static IMvcBuilder AddJellyfinApi(this IServiceCollection serviceCollection, string baseUrl)
|
public static IMvcBuilder AddJellyfinApi(this IServiceCollection serviceCollection, string baseUrl)
|
||||||
{
|
{
|
||||||
return serviceCollection.AddMvc(opts =>
|
return serviceCollection
|
||||||
|
.AddCors(options =>
|
||||||
|
{
|
||||||
|
options.AddPolicy(ServerCorsPolicy.DefaultPolicyName, ServerCorsPolicy.DefaultPolicy);
|
||||||
|
})
|
||||||
|
.AddMvc(opts =>
|
||||||
{
|
{
|
||||||
opts.UseGeneralRoutePrefix(baseUrl);
|
opts.UseGeneralRoutePrefix(baseUrl);
|
||||||
opts.OutputFormatters.Insert(0, new CamelCaseJsonProfileFormatter());
|
opts.OutputFormatters.Insert(0, new CamelCaseJsonProfileFormatter());
|
||||||
|
|
30
Jellyfin.Server/Models/ServerCorsPolicy.cs
Normal file
30
Jellyfin.Server/Models/ServerCorsPolicy.cs
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
using Microsoft.AspNetCore.Cors.Infrastructure;
|
||||||
|
|
||||||
|
namespace Jellyfin.Server.Models
|
||||||
|
{
|
||||||
|
/// <summary>
|
||||||
|
/// Server Cors Policy.
|
||||||
|
/// </summary>
|
||||||
|
public static class ServerCorsPolicy
|
||||||
|
{
|
||||||
|
/// <summary>
|
||||||
|
/// Default policy name.
|
||||||
|
/// </summary>
|
||||||
|
public const string DefaultPolicyName = "DefaultCorsPolicy";
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Default Policy. Allow Everything.
|
||||||
|
/// </summary>
|
||||||
|
public static readonly CorsPolicy DefaultPolicy = new CorsPolicy
|
||||||
|
{
|
||||||
|
// Allow any origin
|
||||||
|
Origins = { "*" },
|
||||||
|
|
||||||
|
// Allow any method
|
||||||
|
Methods = { "*" },
|
||||||
|
|
||||||
|
// Allow any header
|
||||||
|
Headers = { "*" }
|
||||||
|
};
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,5 +1,6 @@
|
||||||
using Jellyfin.Server.Extensions;
|
using Jellyfin.Server.Extensions;
|
||||||
using Jellyfin.Server.Middleware;
|
using Jellyfin.Server.Middleware;
|
||||||
|
using Jellyfin.Server.Models;
|
||||||
using MediaBrowser.Controller;
|
using MediaBrowser.Controller;
|
||||||
using MediaBrowser.Controller.Configuration;
|
using MediaBrowser.Controller.Configuration;
|
||||||
using Microsoft.AspNetCore.Builder;
|
using Microsoft.AspNetCore.Builder;
|
||||||
|
@ -68,9 +69,10 @@ namespace Jellyfin.Server
|
||||||
// TODO app.UseMiddleware<WebSocketMiddleware>();
|
// TODO app.UseMiddleware<WebSocketMiddleware>();
|
||||||
app.Use(serverApplicationHost.ExecuteWebsocketHandlerAsync);
|
app.Use(serverApplicationHost.ExecuteWebsocketHandlerAsync);
|
||||||
|
|
||||||
// TODO use when old API is removed: app.UseAuthentication();
|
app.UseAuthentication();
|
||||||
app.UseJellyfinApiSwagger(_serverConfigurationManager);
|
app.UseJellyfinApiSwagger(_serverConfigurationManager);
|
||||||
app.UseRouting();
|
app.UseRouting();
|
||||||
|
app.UseCors(ServerCorsPolicy.DefaultPolicyName);
|
||||||
app.UseAuthorization();
|
app.UseAuthorization();
|
||||||
app.UseEndpoints(endpoints =>
|
app.UseEndpoints(endpoints =>
|
||||||
{
|
{
|
||||||
|
|
|
@ -52,6 +52,8 @@ namespace MediaBrowser.Controller.Net
|
||||||
return (Roles ?? string.Empty).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
|
return (Roles ?? string.Empty).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public bool IgnoreLegacyAuth { get; set; }
|
||||||
|
|
||||||
public bool AllowLocalOnly { get; set; }
|
public bool AllowLocalOnly { get; set; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -63,5 +65,7 @@ namespace MediaBrowser.Controller.Net
|
||||||
bool AllowLocalOnly { get; }
|
bool AllowLocalOnly { get; }
|
||||||
|
|
||||||
string[] GetRoles();
|
string[] GetRoles();
|
||||||
|
|
||||||
|
bool IgnoreLegacyAuth { get; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -88,7 +88,9 @@ namespace Jellyfin.Api.Tests.Auth
|
||||||
var authenticateResult = await _sut.AuthenticateAsync();
|
var authenticateResult = await _sut.AuthenticateAsync();
|
||||||
|
|
||||||
Assert.False(authenticateResult.Succeeded);
|
Assert.False(authenticateResult.Succeeded);
|
||||||
Assert.Equal("Invalid user", authenticateResult.Failure.Message);
|
Assert.True(authenticateResult.None);
|
||||||
|
// TODO return when legacy API is removed.
|
||||||
|
// Assert.Equal("Invalid user", authenticateResult.Failure.Message);
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
|
|
Loading…
Reference in New Issue
Block a user