using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions;
using Jellyfin.Data.Entities;
using Jellyfin.Data.Enums;
using MediaBrowser.Common.Extensions;
using MediaBrowser.Controller.Dto;
using MediaBrowser.Controller.Entities;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Session;
using MediaBrowser.Model.Dto;
using MediaBrowser.Model.Querying;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Helpers;
///
/// Request Extensions.
///
public static class RequestHelpers
{
///
/// Get Order By.
///
/// Sort By. Comma delimited string.
/// Sort Order. Comma delimited string.
/// Order By.
public static (string, SortOrder)[] GetOrderBy(IReadOnlyList sortBy, IReadOnlyList requestedSortOrder)
{
if (sortBy.Count == 0)
{
return Array.Empty<(string, SortOrder)>();
}
var result = new (string, SortOrder)[sortBy.Count];
var i = 0;
// Add elements which have a SortOrder specified
for (; i < requestedSortOrder.Count; i++)
{
result[i] = (sortBy[i], requestedSortOrder[i]);
}
// Add remaining elements with the first specified SortOrder
// or the default one if no SortOrders are specified
var order = requestedSortOrder.Count > 0 ? requestedSortOrder[0] : SortOrder.Ascending;
for (; i < sortBy.Count; i++)
{
result[i] = (sortBy[i], order);
}
return result;
}
///
/// Checks if the user can access a user.
///
/// The for the current request.
/// The user id.
/// A whether the user can access the user.
internal static Guid GetUserId(ClaimsPrincipal claimsPrincipal, Guid? userId)
{
var authenticatedUserId = claimsPrincipal.GetUserId();
// UserId not provided, fall back to authenticated user id.
if (userId is null || userId.Value.Equals(default))
{
return authenticatedUserId;
}
// User must be administrator to access another user.
var isAdministrator = claimsPrincipal.IsInRole(UserRoles.Administrator);
if (!userId.Value.Equals(authenticatedUserId) && !isAdministrator)
{
throw new SecurityException("Forbidden");
}
return userId.Value;
}
///
/// Checks if the user can update an entry.
///
/// An instance of the interface.
/// The for the current request.
/// The user id.
/// Whether to restrict the user preferences.
/// A whether the user can update the entry.
internal static bool AssertCanUpdateUser(IUserManager userManager, ClaimsPrincipal claimsPrincipal, Guid userId, bool restrictUserPreferences)
{
var authenticatedUserId = claimsPrincipal.GetUserId();
var isAdministrator = claimsPrincipal.IsInRole(UserRoles.Administrator);
// If they're going to update the record of another user, they must be an administrator
if (!userId.Equals(authenticatedUserId) && !isAdministrator)
{
return false;
}
// TODO the EnableUserPreferenceAccess policy does not seem to be used elsewhere
if (!restrictUserPreferences || isAdministrator)
{
return true;
}
var user = userManager.GetUserById(userId);
if (user is null)
{
throw new ResourceNotFoundException();
}
return user.EnableUserPreferenceAccess;
}
internal static async Task GetSession(ISessionManager sessionManager, IUserManager userManager, HttpContext httpContext)
{
var userId = httpContext.User.GetUserId();
var user = userManager.GetUserById(userId);
var session = await sessionManager.LogSessionActivity(
httpContext.User.GetClient(),
httpContext.User.GetVersion(),
httpContext.User.GetDeviceId(),
httpContext.User.GetDevice(),
httpContext.GetNormalizedRemoteIP().ToString(),
user).ConfigureAwait(false);
if (session is null)
{
throw new ResourceNotFoundException("Session not found.");
}
return session;
}
internal static async Task GetSessionId(ISessionManager sessionManager, IUserManager userManager, HttpContext httpContext)
{
var session = await GetSession(sessionManager, userManager, httpContext).ConfigureAwait(false);
return session.Id;
}
internal static QueryResult CreateQueryResult(
QueryResult<(BaseItem Item, ItemCounts ItemCounts)> result,
DtoOptions dtoOptions,
IDtoService dtoService,
bool includeItemTypes,
User? user)
{
var dtos = result.Items.Select(i =>
{
var (baseItem, counts) = i;
var dto = dtoService.GetItemByNameDto(baseItem, dtoOptions, null, user);
if (includeItemTypes)
{
dto.ChildCount = counts.ItemCount;
dto.ProgramCount = counts.ProgramCount;
dto.SeriesCount = counts.SeriesCount;
dto.EpisodeCount = counts.EpisodeCount;
dto.MovieCount = counts.MovieCount;
dto.TrailerCount = counts.TrailerCount;
dto.AlbumCount = counts.AlbumCount;
dto.SongCount = counts.SongCount;
dto.ArtistCount = counts.ArtistCount;
}
return dto;
});
return new QueryResult(
result.StartIndex,
result.TotalRecordCount,
dtos.ToArray());
}
}