Merge pull request #3218 from crobibero/api-cors

Enable CORS and Authentation
This commit is contained in:
dkanada 2020-06-09 14:29:52 +09:00 committed by GitHub
commit b3f8928fbb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 62 additions and 5 deletions

View File

@ -146,11 +146,17 @@ namespace Emby.Server.Implementations.HttpServer.Security
{
return true;
}
if (authAttribtues.AllowLocalOnly && request.IsLocal)
{
return true;
}
if (authAttribtues.IgnoreLegacyAuth)
{
return true;
}
return false;
}

View File

@ -37,13 +37,20 @@ namespace Jellyfin.Api.Auth
/// <inheritdoc />
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
var authenticatedAttribute = new AuthenticatedAttribute();
var authenticatedAttribute = new AuthenticatedAttribute
{
IgnoreLegacyAuth = true
};
try
{
var user = _authService.Authenticate(Request, authenticatedAttribute);
if (user == null)
{
return Task.FromResult(AuthenticateResult.Fail("Invalid user"));
return Task.FromResult(AuthenticateResult.NoResult());
// TODO return when legacy API is removed.
// Don't spam the log with "Invalid User"
// return Task.FromResult(AuthenticateResult.Fail("Invalid user"));
}
var claims = new[]

View File

@ -10,6 +10,7 @@ using Jellyfin.Api.Auth.RequiresElevationPolicy;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Controllers;
using Jellyfin.Server.Formatters;
using Jellyfin.Server.Models;
using MediaBrowser.Common.Json;
using MediaBrowser.Model.Entities;
using Microsoft.AspNetCore.Authentication;
@ -72,7 +73,12 @@ namespace Jellyfin.Server.Extensions
/// <returns>The MVC builder.</returns>
public static IMvcBuilder AddJellyfinApi(this IServiceCollection serviceCollection, string baseUrl)
{
return serviceCollection.AddMvc(opts =>
return serviceCollection
.AddCors(options =>
{
options.AddPolicy(ServerCorsPolicy.DefaultPolicyName, ServerCorsPolicy.DefaultPolicy);
})
.AddMvc(opts =>
{
opts.UseGeneralRoutePrefix(baseUrl);
opts.OutputFormatters.Insert(0, new CamelCaseJsonProfileFormatter());

View File

@ -0,0 +1,30 @@
using Microsoft.AspNetCore.Cors.Infrastructure;
namespace Jellyfin.Server.Models
{
/// <summary>
/// Server Cors Policy.
/// </summary>
public static class ServerCorsPolicy
{
/// <summary>
/// Default policy name.
/// </summary>
public const string DefaultPolicyName = "DefaultCorsPolicy";
/// <summary>
/// Default Policy. Allow Everything.
/// </summary>
public static readonly CorsPolicy DefaultPolicy = new CorsPolicy
{
// Allow any origin
Origins = { "*" },
// Allow any method
Methods = { "*" },
// Allow any header
Headers = { "*" }
};
}
}

View File

@ -1,5 +1,6 @@
using Jellyfin.Server.Extensions;
using Jellyfin.Server.Middleware;
using Jellyfin.Server.Models;
using MediaBrowser.Controller;
using MediaBrowser.Controller.Configuration;
using Microsoft.AspNetCore.Builder;
@ -68,9 +69,10 @@ namespace Jellyfin.Server
// TODO app.UseMiddleware<WebSocketMiddleware>();
app.Use(serverApplicationHost.ExecuteWebsocketHandlerAsync);
// TODO use when old API is removed: app.UseAuthentication();
app.UseAuthentication();
app.UseJellyfinApiSwagger(_serverConfigurationManager);
app.UseRouting();
app.UseCors(ServerCorsPolicy.DefaultPolicyName);
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{

View File

@ -52,6 +52,8 @@ namespace MediaBrowser.Controller.Net
return (Roles ?? string.Empty).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
}
public bool IgnoreLegacyAuth { get; set; }
public bool AllowLocalOnly { get; set; }
}
@ -63,5 +65,7 @@ namespace MediaBrowser.Controller.Net
bool AllowLocalOnly { get; }
string[] GetRoles();
bool IgnoreLegacyAuth { get; }
}
}

View File

@ -88,7 +88,9 @@ namespace Jellyfin.Api.Tests.Auth
var authenticateResult = await _sut.AuthenticateAsync();
Assert.False(authenticateResult.Succeeded);
Assert.Equal("Invalid user", authenticateResult.Failure.Message);
Assert.True(authenticateResult.None);
// TODO return when legacy API is removed.
// Assert.Equal("Invalid user", authenticateResult.Failure.Message);
}
[Fact]