Merge remote-tracking branch 'upstream/api-migration' into api-image-service

This commit is contained in:
crobibero 2020-06-20 16:26:42 -06:00
commit b603742a77
23 changed files with 1397 additions and 1346 deletions

View File

@ -1,6 +1,5 @@
#pragma warning disable CA1801
using System;
using System.Diagnostics.CodeAnalysis;
using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Data.Entities;
@ -41,6 +40,7 @@ namespace Jellyfin.Api.Controllers
/// <returns>A <see cref="QueryResult{ActivityLogEntry}"/> containing the log entries.</returns>
[HttpGet("Entries")]
[ProducesResponseType(StatusCodes.Status200OK)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "hasUserId", Justification = "Imported from ServiceStack")]
public ActionResult<QueryResult<ActivityLogEntry>> GetLogEntries(
[FromQuery] int? startIndex,
[FromQuery] int? limit,

View File

@ -0,0 +1,81 @@
using System.ComponentModel.DataAnnotations;
using System.Threading;
using MediaBrowser.Controller.Persistence;
using MediaBrowser.Model.Entities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.ModelBinding;
namespace Jellyfin.Api.Controllers
{
/// <summary>
/// Display Preferences Controller.
/// </summary>
[Authorize]
public class DisplayPreferencesController : BaseJellyfinApiController
{
private readonly IDisplayPreferencesRepository _displayPreferencesRepository;
/// <summary>
/// Initializes a new instance of the <see cref="DisplayPreferencesController"/> class.
/// </summary>
/// <param name="displayPreferencesRepository">Instance of <see cref="IDisplayPreferencesRepository"/> interface.</param>
public DisplayPreferencesController(IDisplayPreferencesRepository displayPreferencesRepository)
{
_displayPreferencesRepository = displayPreferencesRepository;
}
/// <summary>
/// Get Display Preferences.
/// </summary>
/// <param name="displayPreferencesId">Display preferences id.</param>
/// <param name="userId">User id.</param>
/// <param name="client">Client.</param>
/// <response code="200">Display preferences retrieved.</response>
/// <returns>An <see cref="OkResult"/> containing the display preferences on success, or a <see cref="NotFoundResult"/> if the display preferences could not be found.</returns>
[HttpGet("{DisplayPreferencesId}")]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
public ActionResult<DisplayPreferences> GetDisplayPreferences(
[FromRoute] string displayPreferencesId,
[FromQuery] [Required] string userId,
[FromQuery] [Required] string client)
{
return _displayPreferencesRepository.GetDisplayPreferences(displayPreferencesId, userId, client);
}
/// <summary>
/// Update Display Preferences.
/// </summary>
/// <param name="displayPreferencesId">Display preferences id.</param>
/// <param name="userId">User Id.</param>
/// <param name="client">Client.</param>
/// <param name="displayPreferences">New Display Preferences object.</param>
/// <response code="200">Display preferences updated.</response>
/// <returns>An <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if the display preferences could not be found.</returns>
[HttpPost("{DisplayPreferencesId}")]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(typeof(ModelStateDictionary), StatusCodes.Status400BadRequest)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
public ActionResult UpdateDisplayPreferences(
[FromRoute] string displayPreferencesId,
[FromQuery, BindRequired] string userId,
[FromQuery, BindRequired] string client,
[FromBody, BindRequired] DisplayPreferences displayPreferences)
{
if (displayPreferencesId == null)
{
// TODO - refactor so parameter doesn't exist or is actually used.
}
_displayPreferencesRepository.SaveDisplayPreferences(
displayPreferences,
userId,
client,
CancellationToken.None);
return Ok();
}
}
}

View File

@ -1,6 +1,5 @@
#pragma warning disable CA1801
using System;
using System;
using System.Diagnostics.CodeAnalysis;
using System.Linq;
using MediaBrowser.Controller.Dto;
using MediaBrowser.Controller.Entities;
@ -137,6 +136,7 @@ namespace Jellyfin.Api.Controllers
/// <returns>Query filters.</returns>
[HttpGet("/Items/Filters2")]
[ProducesResponseType(StatusCodes.Status200OK)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "mediaTypes", Justification = "Imported from ServiceStack")]
public ActionResult<QueryFilters> GetQueryFilters(
[FromQuery] Guid? userId,
[FromQuery] string? parentId,

View File

@ -1,6 +1,5 @@
#pragma warning disable CA1801
using System.ComponentModel;
using System.Diagnostics.CodeAnalysis;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Providers;
using MediaBrowser.Model.IO;
@ -54,6 +53,7 @@ namespace Jellyfin.Api.Controllers
[Description("Refreshes metadata for an item.")]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "recursive", Justification = "Imported from ServiceStack")]
public ActionResult Post(
[FromRoute] string id,
[FromQuery] MetadataRefreshMode metadataRefreshMode = MetadataRefreshMode.None,

View File

@ -1,7 +1,6 @@
#pragma warning disable CA1801
using System;
using System.Collections.Generic;
using System.Diagnostics.CodeAnalysis;
using System.Globalization;
using System.IO;
using System.Linq;
@ -56,6 +55,7 @@ namespace Jellyfin.Api.Controllers
/// <returns>An <see cref="IEnumerable{VirtualFolderInfo}"/> with the virtual folders.</returns>
[HttpGet]
[ProducesResponseType(StatusCodes.Status200OK)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
public ActionResult<IEnumerable<VirtualFolderInfo>> GetVirtualFolders([FromQuery] string userId)
{
return _libraryManager.GetVirtualFolders(true);

View File

@ -1,7 +1,6 @@
#pragma warning disable CA1801
using System;
using System.Collections.Generic;
using System.Diagnostics.CodeAnalysis;
using System.Linq;
using System.Threading;
using Jellyfin.Api.Models.NotificationDtos;
@ -45,6 +44,10 @@ namespace Jellyfin.Api.Controllers
/// <returns>An <see cref="OkResult"/> containing a list of notifications.</returns>
[HttpGet("{UserID}")]
[ProducesResponseType(StatusCodes.Status200OK)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isRead", Justification = "Imported from ServiceStack")]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "startIndex", Justification = "Imported from ServiceStack")]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "limit", Justification = "Imported from ServiceStack")]
public ActionResult<NotificationResultDto> GetNotifications(
[FromRoute] string userId,
[FromQuery] bool? isRead,
@ -62,6 +65,7 @@ namespace Jellyfin.Api.Controllers
/// <returns>An <cref see="OkResult"/> containing a summary of the users notifications.</returns>
[HttpGet("{UserID}/Summary")]
[ProducesResponseType(StatusCodes.Status200OK)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
public ActionResult<NotificationsSummaryDto> GetNotificationsSummary(
[FromRoute] string userId)
{
@ -136,6 +140,8 @@ namespace Jellyfin.Api.Controllers
/// <returns>A <cref see="NoContentResult"/>.</returns>
[HttpPost("{UserID}/Read")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "ids", Justification = "Imported from ServiceStack")]
public ActionResult SetRead(
[FromRoute] string userId,
[FromQuery] string ids)
@ -152,6 +158,8 @@ namespace Jellyfin.Api.Controllers
/// <returns>A <cref see="NoContentResult"/>.</returns>
[HttpPost("{UserID}/Unread")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "ids", Justification = "Imported from ServiceStack")]
public ActionResult SetUnread(
[FromRoute] string userId,
[FromQuery] string ids)

View File

@ -1,7 +1,6 @@
#pragma warning disable CA1801
using System;
using System;
using System.Collections.Generic;
using System.Diagnostics.CodeAnalysis;
using System.Linq;
using System.Text.Json;
using System.Threading.Tasks;
@ -46,6 +45,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">Installed plugins returned.</response>
/// <returns>List of currently installed plugins.</returns>
[HttpGet]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isAppStoreEnabled", Justification = "Imported from ServiceStack")]
public ActionResult<IEnumerable<PluginInfo>> GetPlugins([FromRoute] bool? isAppStoreEnabled)
{
return Ok(_appHost.Plugins.OrderBy(p => p.Name).Select(p => p.GetPluginInfo()));

View File

@ -0,0 +1,474 @@
#pragma warning disable CA1801
using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Threading;
using Jellyfin.Api.Helpers;
using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Devices;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Session;
using MediaBrowser.Model.Dto;
using MediaBrowser.Model.Session;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
namespace Jellyfin.Api.Controllers
{
/// <summary>
/// The session controller.
/// </summary>
public class SessionController : BaseJellyfinApiController
{
private readonly ISessionManager _sessionManager;
private readonly IUserManager _userManager;
private readonly IAuthorizationContext _authContext;
private readonly IDeviceManager _deviceManager;
/// <summary>
/// Initializes a new instance of the <see cref="SessionController"/> class.
/// </summary>
/// <param name="sessionManager">Instance of <see cref="ISessionManager"/> interface.</param>
/// <param name="userManager">Instance of <see cref="IUserManager"/> interface.</param>
/// <param name="authContext">Instance of <see cref="IAuthorizationContext"/> interface.</param>
/// <param name="deviceManager">Instance of <see cref="IDeviceManager"/> interface.</param>
public SessionController(
ISessionManager sessionManager,
IUserManager userManager,
IAuthorizationContext authContext,
IDeviceManager deviceManager)
{
_sessionManager = sessionManager;
_userManager = userManager;
_authContext = authContext;
_deviceManager = deviceManager;
}
/// <summary>
/// Gets a list of sessions.
/// </summary>
/// <param name="controllableByUserId">Filter by sessions that a given user is allowed to remote control.</param>
/// <param name="deviceId">Filter by device Id.</param>
/// <param name="activeWithinSeconds">Optional. Filter by sessions that were active in the last n seconds.</param>
/// <response code="200">List of sessions returned.</response>
/// <returns>An <see cref="IEnumerable{SessionInfo}"/> with the available sessions.</returns>
[HttpGet("/Sessions")]
[Authorize]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<SessionInfo>> GetSessions(
[FromQuery] Guid controllableByUserId,
[FromQuery] string deviceId,
[FromQuery] int? activeWithinSeconds)
{
var result = _sessionManager.Sessions;
if (!string.IsNullOrEmpty(deviceId))
{
result = result.Where(i => string.Equals(i.DeviceId, deviceId, StringComparison.OrdinalIgnoreCase));
}
if (!controllableByUserId.Equals(Guid.Empty))
{
result = result.Where(i => i.SupportsRemoteControl);
var user = _userManager.GetUserById(controllableByUserId);
if (!user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers))
{
result = result.Where(i => i.UserId.Equals(Guid.Empty) || i.ContainsUser(controllableByUserId));
}
if (!user.HasPermission(PermissionKind.EnableSharedDeviceControl))
{
result = result.Where(i => !i.UserId.Equals(Guid.Empty));
}
if (activeWithinSeconds.HasValue && activeWithinSeconds.Value > 0)
{
var minActiveDate = DateTime.UtcNow.AddSeconds(0 - activeWithinSeconds.Value);
result = result.Where(i => i.LastActivityDate >= minActiveDate);
}
result = result.Where(i =>
{
if (!string.IsNullOrWhiteSpace(i.DeviceId))
{
if (!_deviceManager.CanAccessDevice(user, i.DeviceId))
{
return false;
}
}
return true;
});
}
return Ok(result);
}
/// <summary>
/// Instructs a session to browse to an item or view.
/// </summary>
/// <param name="id">The session Id.</param>
/// <param name="itemType">The type of item to browse to.</param>
/// <param name="itemId">The Id of the item.</param>
/// <param name="itemName">The name of the item.</param>
/// <response code="204">Instruction sent to session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("/Sessions/{id}/Viewing")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult DisplayContent(
[FromRoute] string id,
[FromQuery] string itemType,
[FromQuery] string itemId,
[FromQuery] string itemName)
{
var command = new BrowseRequest
{
ItemId = itemId,
ItemName = itemName,
ItemType = itemType
};
_sessionManager.SendBrowseCommand(
RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id,
id,
command,
CancellationToken.None);
return NoContent();
}
/// <summary>
/// Instructs a session to play an item.
/// </summary>
/// <param name="id">The session id.</param>
/// <param name="itemIds">The ids of the items to play, comma delimited.</param>
/// <param name="startPositionTicks">The starting position of the first item.</param>
/// <param name="playCommand">The type of play command to issue (PlayNow, PlayNext, PlayLast). Clients who have not yet implemented play next and play last may play now.</param>
/// <param name="playRequest">The <see cref="PlayRequest"/>.</param>
/// <response code="204">Instruction sent to session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("/Sessions/{id}/Playing")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult Play(
[FromRoute] string id,
[FromQuery] Guid[] itemIds,
[FromQuery] long? startPositionTicks,
[FromQuery] PlayCommand playCommand,
[FromBody, Required] PlayRequest playRequest)
{
if (playRequest == null)
{
throw new ArgumentException("Request Body may not be null");
}
playRequest.ItemIds = itemIds;
playRequest.StartPositionTicks = startPositionTicks;
playRequest.PlayCommand = playCommand;
_sessionManager.SendPlayCommand(
RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id,
id,
playRequest,
CancellationToken.None);
return NoContent();
}
/// <summary>
/// Issues a playstate command to a client.
/// </summary>
/// <param name="id">The session id.</param>
/// <param name="playstateRequest">The <see cref="PlaystateRequest"/>.</param>
/// <response code="204">Playstate command sent to session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("/Sessions/{id}/Playing/{command}")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult SendPlaystateCommand(
[FromRoute] string id,
[FromBody] PlaystateRequest playstateRequest)
{
_sessionManager.SendPlaystateCommand(
RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id,
id,
playstateRequest,
CancellationToken.None);
return NoContent();
}
/// <summary>
/// Issues a system command to a client.
/// </summary>
/// <param name="id">The session id.</param>
/// <param name="command">The command to send.</param>
/// <response code="204">System command sent to session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("/Sessions/{id}/System/{Command}")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult SendSystemCommand(
[FromRoute] string id,
[FromRoute] string command)
{
var name = command;
if (Enum.TryParse(name, true, out GeneralCommandType commandType))
{
name = commandType.ToString();
}
var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
var generalCommand = new GeneralCommand
{
Name = name,
ControllingUserId = currentSession.UserId
};
_sessionManager.SendGeneralCommand(currentSession.Id, id, generalCommand, CancellationToken.None);
return NoContent();
}
/// <summary>
/// Issues a general command to a client.
/// </summary>
/// <param name="id">The session id.</param>
/// <param name="command">The command to send.</param>
/// <response code="204">General command sent to session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("/Sessions/{id}/Command/{Command}")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult SendGeneralCommand(
[FromRoute] string id,
[FromRoute] string command)
{
var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
var generalCommand = new GeneralCommand
{
Name = command,
ControllingUserId = currentSession.UserId
};
_sessionManager.SendGeneralCommand(currentSession.Id, id, generalCommand, CancellationToken.None);
return NoContent();
}
/// <summary>
/// Issues a full general command to a client.
/// </summary>
/// <param name="id">The session id.</param>
/// <param name="command">The <see cref="GeneralCommand"/>.</param>
/// <response code="204">Full general command sent to session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("/Sessions/{id}/Command")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult SendFullGeneralCommand(
[FromRoute] string id,
[FromBody, Required] GeneralCommand command)
{
var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
if (command == null)
{
throw new ArgumentException("Request body may not be null");
}
command.ControllingUserId = currentSession.UserId;
_sessionManager.SendGeneralCommand(
currentSession.Id,
id,
command,
CancellationToken.None);
return NoContent();
}
/// <summary>
/// Issues a command to a client to display a message to the user.
/// </summary>
/// <param name="id">The session id.</param>
/// <param name="text">The message test.</param>
/// <param name="header">The message header.</param>
/// <param name="timeoutMs">The message timeout. If omitted the user will have to confirm viewing the message.</param>
/// <response code="204">Message sent.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("/Sessions/{id}/Message")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult SendMessageCommand(
[FromRoute] string id,
[FromQuery] string text,
[FromQuery] string header,
[FromQuery] long? timeoutMs)
{
var command = new MessageCommand
{
Header = string.IsNullOrEmpty(header) ? "Message from Server" : header,
TimeoutMs = timeoutMs,
Text = text
};
_sessionManager.SendMessageCommand(RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id, id, command, CancellationToken.None);
return NoContent();
}
/// <summary>
/// Adds an additional user to a session.
/// </summary>
/// <param name="id">The session id.</param>
/// <param name="userId">The user id.</param>
/// <response code="204">User added to session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("/Sessions/{id}/User/{userId}")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult AddUserToSession(
[FromRoute] string id,
[FromRoute] Guid userId)
{
_sessionManager.AddAdditionalUser(id, userId);
return NoContent();
}
/// <summary>
/// Removes an additional user from a session.
/// </summary>
/// <param name="id">The session id.</param>
/// <param name="userId">The user id.</param>
/// <response code="204">User removed from session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpDelete("/Sessions/{id}/User/{userId}")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult RemoveUserFromSession(
[FromRoute] string id,
[FromRoute] Guid userId)
{
_sessionManager.RemoveAdditionalUser(id, userId);
return NoContent();
}
/// <summary>
/// Updates capabilities for a device.
/// </summary>
/// <param name="id">The session id.</param>
/// <param name="playableMediaTypes">A list of playable media types, comma delimited. Audio, Video, Book, Photo.</param>
/// <param name="supportedCommands">A list of supported remote control commands, comma delimited.</param>
/// <param name="supportsMediaControl">Determines whether media can be played remotely..</param>
/// <param name="supportsSync">Determines whether sync is supported.</param>
/// <param name="supportsPersistentIdentifier">Determines whether the device supports a unique identifier.</param>
/// <response code="204">Capabilities posted.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("/Sessions/Capabilities")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult PostCapabilities(
[FromQuery] string id,
[FromQuery] string playableMediaTypes,
[FromQuery] string supportedCommands,
[FromQuery] bool supportsMediaControl,
[FromQuery] bool supportsSync,
[FromQuery] bool supportsPersistentIdentifier = true)
{
if (string.IsNullOrWhiteSpace(id))
{
id = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
}
_sessionManager.ReportCapabilities(id, new ClientCapabilities
{
PlayableMediaTypes = RequestHelpers.Split(playableMediaTypes, ',', true),
SupportedCommands = RequestHelpers.Split(supportedCommands, ',', true),
SupportsMediaControl = supportsMediaControl,
SupportsSync = supportsSync,
SupportsPersistentIdentifier = supportsPersistentIdentifier
});
return NoContent();
}
/// <summary>
/// Updates capabilities for a device.
/// </summary>
/// <param name="id">The session id.</param>
/// <param name="capabilities">The <see cref="ClientCapabilities"/>.</param>
/// <response code="204">Capabilities updated.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("/Sessions/Capabilities/Full")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult PostFullCapabilities(
[FromQuery] string id,
[FromBody, Required] ClientCapabilities capabilities)
{
if (string.IsNullOrWhiteSpace(id))
{
id = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
}
_sessionManager.ReportCapabilities(id, capabilities);
return NoContent();
}
/// <summary>
/// Reports that a session is viewing an item.
/// </summary>
/// <param name="sessionId">The session id.</param>
/// <param name="itemId">The item id.</param>
/// <response code="204">Session reported to server.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("/Sessions/Viewing")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult ReportViewing(
[FromQuery] string sessionId,
[FromQuery] string itemId)
{
string session = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
_sessionManager.ReportNowViewingItem(session, itemId);
return NoContent();
}
/// <summary>
/// Reports that a session has ended.
/// </summary>
/// <response code="204">Session end reported to server.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("/Sessions/Logout")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult ReportSessionEnded()
{
AuthorizationInfo auth = _authContext.GetAuthorizationInfo(Request);
_sessionManager.Logout(auth.Token);
return NoContent();
}
/// <summary>
/// Get all auth providers.
/// </summary>
/// <response code="200">Auth providers retrieved.</response>
/// <returns>An <see cref="IEnumerable{NameIdPair}"/> with the auth providers.</returns>
[HttpGet("/Auth/Providers")]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<NameIdPair>> GetAuthProviders()
{
return _userManager.GetAuthenticationProviders();
}
/// <summary>
/// Get all password reset providers.
/// </summary>
/// <response code="200">Password reset providers retrieved.</response>
/// <returns>An <see cref="IEnumerable{NameIdPair}"/> with the password reset providers.</returns>
[HttpGet("/Auto/PasswordResetProviders")]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<NameIdPair>> GetPasswordResetProviders()
{
return _userManager.GetPasswordResetProviders();
}
}
}

View File

@ -1,8 +1,7 @@
#pragma warning disable CA1801
using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Diagnostics.CodeAnalysis;
using System.Globalization;
using System.IO;
using System.Linq;
@ -251,9 +250,9 @@ namespace Jellyfin.Api.Controllers
[HttpGet("/Videos/{id}/{mediaSourceId}/Subtitles/{index}/subtitles.m3u8")]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")]
public async Task<ActionResult> GetSubtitlePlaylist(
[FromRoute] Guid id,
// TODO: 'int index' is never used: CA1801 is disabled
[FromRoute] int index,
[FromRoute] string mediaSourceId,
[FromQuery, Required] int segmentLength)

View File

@ -0,0 +1,87 @@
using System;
using System.Linq;
using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers;
using MediaBrowser.Controller.Dto;
using MediaBrowser.Controller.Entities;
using MediaBrowser.Controller.Library;
using MediaBrowser.Model.Dto;
using MediaBrowser.Model.Entities;
using MediaBrowser.Model.Querying;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
namespace Jellyfin.Api.Controllers
{
/// <summary>
/// The suggestions controller.
/// </summary>
public class SuggestionsController : BaseJellyfinApiController
{
private readonly IDtoService _dtoService;
private readonly IUserManager _userManager;
private readonly ILibraryManager _libraryManager;
/// <summary>
/// Initializes a new instance of the <see cref="SuggestionsController"/> class.
/// </summary>
/// <param name="dtoService">Instance of the <see cref="IDtoService"/> interface.</param>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
/// <param name="libraryManager">Instance of the <see cref="ILibraryManager"/> interface.</param>
public SuggestionsController(
IDtoService dtoService,
IUserManager userManager,
ILibraryManager libraryManager)
{
_dtoService = dtoService;
_userManager = userManager;
_libraryManager = libraryManager;
}
/// <summary>
/// Gets suggestions.
/// </summary>
/// <param name="userId">The user id.</param>
/// <param name="mediaType">The media types.</param>
/// <param name="type">The type.</param>
/// <param name="enableTotalRecordCount">Whether to enable the total record count.</param>
/// <param name="startIndex">Optional. The start index.</param>
/// <param name="limit">Optional. The limit.</param>
/// <response code="200">Suggestions returned.</response>
/// <returns>A <see cref="QueryResult{BaseItemDto}"/> with the suggestions.</returns>
[HttpGet("/Users/{userId}/Suggestions")]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<QueryResult<BaseItemDto>> GetSuggestions(
[FromRoute] Guid userId,
[FromQuery] string? mediaType,
[FromQuery] string? type,
[FromQuery] bool enableTotalRecordCount,
[FromQuery] int? startIndex,
[FromQuery] int? limit)
{
var user = !userId.Equals(Guid.Empty) ? _userManager.GetUserById(userId) : null;
var dtoOptions = new DtoOptions().AddClientFields(Request);
var result = _libraryManager.GetItemsResult(new InternalItemsQuery(user)
{
OrderBy = new[] { ItemSortBy.Random }.Select(i => new ValueTuple<string, SortOrder>(i, SortOrder.Descending)).ToArray(),
MediaTypes = RequestHelpers.Split(mediaType!, ',', true),
IncludeItemTypes = RequestHelpers.Split(type!, ',', true),
IsVirtualItem = false,
StartIndex = startIndex,
Limit = limit,
DtoOptions = dtoOptions,
EnableTotalRecordCount = enableTotalRecordCount,
Recursive = true
});
var dtoList = _dtoService.GetBaseItemDtos(result.Items, dtoOptions, user);
return new QueryResult<BaseItemDto>
{
TotalRecordCount = result.TotalRecordCount,
Items = dtoList
};
}
}
}

View File

@ -0,0 +1,552 @@
using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Diagnostics.CodeAnalysis;
using System.Linq;
using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Helpers;
using Jellyfin.Api.Models.UserDtos;
using Jellyfin.Data.Enums;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Authentication;
using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Devices;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Session;
using MediaBrowser.Model.Configuration;
using MediaBrowser.Model.Dto;
using MediaBrowser.Model.Users;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.ModelBinding;
namespace Jellyfin.Api.Controllers
{
/// <summary>
/// User controller.
/// </summary>
[Route("/Users")]
public class UserController : BaseJellyfinApiController
{
private readonly IUserManager _userManager;
private readonly ISessionManager _sessionManager;
private readonly INetworkManager _networkManager;
private readonly IDeviceManager _deviceManager;
private readonly IAuthorizationContext _authContext;
private readonly IServerConfigurationManager _config;
/// <summary>
/// Initializes a new instance of the <see cref="UserController"/> class.
/// </summary>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
/// <param name="sessionManager">Instance of the <see cref="ISessionManager"/> interface.</param>
/// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
/// <param name="deviceManager">Instance of the <see cref="IDeviceManager"/> interface.</param>
/// <param name="authContext">Instance of the <see cref="IAuthorizationContext"/> interface.</param>
/// <param name="config">Instance of the <see cref="IServerConfigurationManager"/> interface.</param>
public UserController(
IUserManager userManager,
ISessionManager sessionManager,
INetworkManager networkManager,
IDeviceManager deviceManager,
IAuthorizationContext authContext,
IServerConfigurationManager config)
{
_userManager = userManager;
_sessionManager = sessionManager;
_networkManager = networkManager;
_deviceManager = deviceManager;
_authContext = authContext;
_config = config;
}
/// <summary>
/// Gets a list of users.
/// </summary>
/// <param name="isHidden">Optional filter by IsHidden=true or false.</param>
/// <param name="isDisabled">Optional filter by IsDisabled=true or false.</param>
/// <param name="isGuest">Optional filter by IsGuest=true or false.</param>
/// <response code="200">Users returned.</response>
/// <returns>An <see cref="IEnumerable{UserDto}"/> containing the users.</returns>
[HttpGet]
[Authorize]
[ProducesResponseType(StatusCodes.Status200OK)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isGuest", Justification = "Imported from ServiceStack")]
public ActionResult<IEnumerable<UserDto>> GetUsers(
[FromQuery] bool? isHidden,
[FromQuery] bool? isDisabled,
[FromQuery] bool? isGuest)
{
var users = Get(isHidden, isDisabled, false, false);
return Ok(users);
}
/// <summary>
/// Gets a list of publicly visible users for display on a login screen.
/// </summary>
/// <response code="200">Public users returned.</response>
/// <returns>An <see cref="IEnumerable{UserDto}"/> containing the public users.</returns>
[HttpGet("Public")]
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<UserDto>> GetPublicUsers()
{
// If the startup wizard hasn't been completed then just return all users
if (!_config.Configuration.IsStartupWizardCompleted)
{
return Ok(Get(false, false, false, false));
}
return Ok(Get(false, false, true, true));
}
/// <summary>
/// Gets a user by Id.
/// </summary>
/// <param name="id">The user id.</param>
/// <response code="200">User returned.</response>
/// <response code="404">User not found.</response>
/// <returns>An <see cref="UserDto"/> with information about the user or a <see cref="NotFoundResult"/> if the user was not found.</returns>
[HttpGet("{id}")]
[Authorize(Policy = Policies.IgnoreSchedule)]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
public ActionResult<UserDto> GetUserById([FromRoute] Guid id)
{
var user = _userManager.GetUserById(id);
if (user == null)
{
return NotFound("User not found");
}
var result = _userManager.GetUserDto(user, HttpContext.Connection.RemoteIpAddress.ToString());
return result;
}
/// <summary>
/// Deletes a user.
/// </summary>
/// <param name="id">The user id.</param>
/// <response code="200">User deleted.</response>
/// <response code="404">User not found.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="NotFoundResult"/> if the user was not found.</returns>
[HttpDelete("{id}")]
[Authorize(Policy = Policies.RequiresElevation)]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
public ActionResult DeleteUser([FromRoute] Guid id)
{
var user = _userManager.GetUserById(id);
if (user == null)
{
return NotFound("User not found");
}
_sessionManager.RevokeUserTokens(user.Id, null);
_userManager.DeleteUser(user);
return NoContent();
}
/// <summary>
/// Authenticates a user.
/// </summary>
/// <param name="id">The user id.</param>
/// <param name="pw">The password as plain text.</param>
/// <param name="password">The password sha1-hash.</param>
/// <response code="200">User authenticated.</response>
/// <response code="403">Sha1-hashed password only is not allowed.</response>
/// <response code="404">User not found.</response>
/// <returns>A <see cref="Task"/> containing an <see cref="AuthenticationResult"/>.</returns>
[HttpPost("{id}/Authenticate")]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
public async Task<ActionResult<AuthenticationResult>> AuthenticateUser(
[FromRoute, Required] Guid id,
[FromQuery, BindRequired] string pw,
[FromQuery, BindRequired] string password)
{
var user = _userManager.GetUserById(id);
if (user == null)
{
return NotFound("User not found");
}
if (!string.IsNullOrEmpty(password) && string.IsNullOrEmpty(pw))
{
return Forbid("Only sha1 password is not allowed.");
}
// Password should always be null
AuthenticateUserByName request = new AuthenticateUserByName
{
Username = user.Username,
Password = null,
Pw = pw
};
return await AuthenticateUserByName(request).ConfigureAwait(false);
}
/// <summary>
/// Authenticates a user by name.
/// </summary>
/// <param name="request">The <see cref="AuthenticateUserByName"/> request.</param>
/// <response code="200">User authenticated.</response>
/// <returns>A <see cref="Task"/> containing an <see cref="AuthenticationRequest"/> with information about the new session.</returns>
[HttpPost("AuthenticateByName")]
[ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<AuthenticationResult>> AuthenticateUserByName([FromBody, BindRequired] AuthenticateUserByName request)
{
var auth = _authContext.GetAuthorizationInfo(Request);
try
{
var result = await _sessionManager.AuthenticateNewSession(new AuthenticationRequest
{
App = auth.Client,
AppVersion = auth.Version,
DeviceId = auth.DeviceId,
DeviceName = auth.Device,
Password = request.Pw,
PasswordSha1 = request.Password,
RemoteEndPoint = HttpContext.Connection.RemoteIpAddress.ToString(),
Username = request.Username
}).ConfigureAwait(false);
return result;
}
catch (SecurityException e)
{
// rethrow adding IP address to message
throw new SecurityException($"[{HttpContext.Connection.RemoteIpAddress}] {e.Message}", e);
}
}
/// <summary>
/// Updates a user's password.
/// </summary>
/// <param name="id">The user id.</param>
/// <param name="request">The <see cref="UpdateUserPassword"/> request.</param>
/// <response code="200">Password successfully reset.</response>
/// <response code="403">User is not allowed to update the password.</response>
/// <response code="404">User not found.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
[HttpPost("{id}/Password")]
[Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
public async Task<ActionResult> UpdateUserPassword(
[FromRoute] Guid id,
[FromBody] UpdateUserPassword request)
{
if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, true))
{
return Forbid("User is not allowed to update the password.");
}
var user = _userManager.GetUserById(id);
if (user == null)
{
return NotFound("User not found");
}
if (request.ResetPassword)
{
await _userManager.ResetPassword(user).ConfigureAwait(false);
}
else
{
var success = await _userManager.AuthenticateUser(
user.Username,
request.CurrentPw,
request.CurrentPw,
HttpContext.Connection.RemoteIpAddress.ToString(),
false).ConfigureAwait(false);
if (success == null)
{
return Forbid("Invalid user or password entered.");
}
await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
var currentToken = _authContext.GetAuthorizationInfo(Request).Token;
_sessionManager.RevokeUserTokens(user.Id, currentToken);
}
return NoContent();
}
/// <summary>
/// Updates a user's easy password.
/// </summary>
/// <param name="id">The user id.</param>
/// <param name="request">The <see cref="UpdateUserEasyPassword"/> request.</param>
/// <response code="200">Password successfully reset.</response>
/// <response code="403">User is not allowed to update the password.</response>
/// <response code="404">User not found.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
[HttpPost("{id}/EasyPassword")]
[Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
public ActionResult UpdateUserEasyPassword(
[FromRoute] Guid id,
[FromBody] UpdateUserEasyPassword request)
{
if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, true))
{
return Forbid("User is not allowed to update the easy password.");
}
var user = _userManager.GetUserById(id);
if (user == null)
{
return NotFound("User not found");
}
if (request.ResetPassword)
{
_userManager.ResetEasyPassword(user);
}
else
{
_userManager.ChangeEasyPassword(user, request.NewPw, request.NewPassword);
}
return NoContent();
}
/// <summary>
/// Updates a user.
/// </summary>
/// <param name="id">The user id.</param>
/// <param name="updateUser">The updated user model.</param>
/// <response code="204">User updated.</response>
/// <response code="400">User information was not supplied.</response>
/// <response code="403">User update forbidden.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure.</returns>
[HttpPost("{id}")]
[Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
public async Task<ActionResult> UpdateUser(
[FromRoute] Guid id,
[FromBody] UserDto updateUser)
{
if (updateUser == null)
{
return BadRequest();
}
if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, false))
{
return Forbid("User update not allowed.");
}
var user = _userManager.GetUserById(id);
if (string.Equals(user.Username, updateUser.Name, StringComparison.Ordinal))
{
await _userManager.UpdateUserAsync(user).ConfigureAwait(false);
_userManager.UpdateConfiguration(user.Id, updateUser.Configuration);
}
else
{
await _userManager.RenameUser(user, updateUser.Name).ConfigureAwait(false);
_userManager.UpdateConfiguration(updateUser.Id, updateUser.Configuration);
}
return NoContent();
}
/// <summary>
/// Updates a user policy.
/// </summary>
/// <param name="id">The user id.</param>
/// <param name="newPolicy">The new user policy.</param>
/// <response code="204">User policy updated.</response>
/// <response code="400">User policy was not supplied.</response>
/// <response code="403">User policy update forbidden.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure..</returns>
[HttpPost("{id}/Policy")]
[Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
public ActionResult UpdateUserPolicy(
[FromRoute] Guid id,
[FromBody] UserPolicy newPolicy)
{
if (newPolicy == null)
{
return BadRequest();
}
var user = _userManager.GetUserById(id);
// If removing admin access
if (!(newPolicy.IsAdministrator && user.HasPermission(PermissionKind.IsAdministrator)))
{
if (_userManager.Users.Count(i => i.HasPermission(PermissionKind.IsAdministrator)) == 1)
{
return Forbid("There must be at least one user in the system with administrative access.");
}
}
// If disabling
if (newPolicy.IsDisabled && user.HasPermission(PermissionKind.IsAdministrator))
{
return Forbid("Administrators cannot be disabled.");
}
// If disabling
if (newPolicy.IsDisabled && !user.HasPermission(PermissionKind.IsDisabled))
{
if (_userManager.Users.Count(i => !i.HasPermission(PermissionKind.IsDisabled)) == 1)
{
return Forbid("There must be at least one enabled user in the system.");
}
var currentToken = _authContext.GetAuthorizationInfo(Request).Token;
_sessionManager.RevokeUserTokens(user.Id, currentToken);
}
_userManager.UpdatePolicy(id, newPolicy);
return NoContent();
}
/// <summary>
/// Updates a user configuration.
/// </summary>
/// <param name="id">The user id.</param>
/// <param name="userConfig">The new user configuration.</param>
/// <response code="204">User configuration updated.</response>
/// <response code="403">User configuration update forbidden.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
[HttpPost("{id}/Configuration")]
[Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
public ActionResult UpdateUserConfiguration(
[FromRoute] Guid id,
[FromBody] UserConfiguration userConfig)
{
if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, false))
{
return Forbid("User configuration update not allowed");
}
_userManager.UpdateConfiguration(id, userConfig);
return NoContent();
}
/// <summary>
/// Creates a user.
/// </summary>
/// <param name="request">The create user by name request body.</param>
/// <response code="200">User created.</response>
/// <returns>An <see cref="UserDto"/> of the new user.</returns>
[HttpPost("/Users/New")]
[Authorize(Policy = Policies.RequiresElevation)]
[ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<UserDto>> CreateUserByName([FromBody] CreateUserByName request)
{
var newUser = _userManager.CreateUser(request.Name);
// no need to authenticate password for new user
if (request.Password != null)
{
await _userManager.ChangePassword(newUser, request.Password).ConfigureAwait(false);
}
var result = _userManager.GetUserDto(newUser, HttpContext.Connection.RemoteIpAddress.ToString());
return result;
}
/// <summary>
/// Initiates the forgot password process for a local user.
/// </summary>
/// <param name="enteredUsername">The entered username.</param>
/// <response code="200">Password reset process started.</response>
/// <returns>A <see cref="Task"/> containing a <see cref="ForgotPasswordResult"/>.</returns>
[HttpPost("ForgotPassword")]
[ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<ForgotPasswordResult>> ForgotPassword([FromBody] string enteredUsername)
{
var isLocal = HttpContext.Connection.RemoteIpAddress.Equals(HttpContext.Connection.LocalIpAddress)
|| _networkManager.IsInLocalNetwork(HttpContext.Connection.RemoteIpAddress.ToString());
var result = await _userManager.StartForgotPasswordProcess(enteredUsername, isLocal).ConfigureAwait(false);
return result;
}
/// <summary>
/// Redeems a forgot password pin.
/// </summary>
/// <param name="pin">The pin.</param>
/// <response code="200">Pin reset process started.</response>
/// <returns>A <see cref="Task"/> containing a <see cref="PinRedeemResult"/>.</returns>
[HttpPost("ForgotPassword/Pin")]
[ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<PinRedeemResult>> ForgotPasswordPin([FromBody] string pin)
{
var result = await _userManager.RedeemPasswordResetPin(pin).ConfigureAwait(false);
return result;
}
private IEnumerable<UserDto> Get(bool? isHidden, bool? isDisabled, bool filterByDevice, bool filterByNetwork)
{
var users = _userManager.Users;
if (isDisabled.HasValue)
{
users = users.Where(i => i.HasPermission(PermissionKind.IsDisabled) == isDisabled.Value);
}
if (isHidden.HasValue)
{
users = users.Where(i => i.HasPermission(PermissionKind.IsHidden) == isHidden.Value);
}
if (filterByDevice)
{
var deviceId = _authContext.GetAuthorizationInfo(Request).DeviceId;
if (!string.IsNullOrWhiteSpace(deviceId))
{
users = users.Where(i => _deviceManager.CanAccessDevice(i, deviceId));
}
}
if (filterByNetwork)
{
if (!_networkManager.IsInLocalNetwork(HttpContext.Connection.RemoteIpAddress.ToString()))
{
users = users.Where(i => i.HasPermission(PermissionKind.EnableRemoteAccess));
}
}
var result = users
.OrderBy(u => u.Username)
.Select(i => _userManager.GetUserDto(i, HttpContext.Connection.RemoteIpAddress.ToString()));
return result;
}
}
}

View File

@ -1,4 +1,8 @@
using System;
using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Session;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Helpers
{
@ -25,5 +29,49 @@ namespace Jellyfin.Api.Helpers
? value.Split(new[] { separator }, StringSplitOptions.RemoveEmptyEntries)
: value.Split(separator);
}
/// <summary>
/// Checks if the user can update an entry.
/// </summary>
/// <param name="authContext">Instance of the <see cref="IAuthorizationContext"/> interface.</param>
/// <param name="requestContext">The <see cref="HttpRequest"/>.</param>
/// <param name="userId">The user id.</param>
/// <param name="restrictUserPreferences">Whether to restrict the user preferences.</param>
/// <returns>A <see cref="bool"/> whether the user can update the entry.</returns>
internal static bool AssertCanUpdateUser(IAuthorizationContext authContext, HttpRequest requestContext, Guid userId, bool restrictUserPreferences)
{
var auth = authContext.GetAuthorizationInfo(requestContext);
var authenticatedUser = auth.User;
// If they're going to update the record of another user, they must be an administrator
if ((!userId.Equals(auth.UserId) && !authenticatedUser.HasPermission(PermissionKind.IsAdministrator))
|| (restrictUserPreferences && !authenticatedUser.EnableUserPreferenceAccess))
{
return false;
}
return true;
}
internal static SessionInfo GetSession(ISessionManager sessionManager, IAuthorizationContext authContext, HttpRequest request)
{
var authorization = authContext.GetAuthorizationInfo(request);
var user = authorization.User;
var session = sessionManager.LogSessionActivity(
authorization.Client,
authorization.Version,
authorization.DeviceId,
authorization.Device,
request.HttpContext.Connection.RemoteIpAddress.ToString(),
user);
if (session == null)
{
throw new ArgumentException("Session not found.");
}
return session;
}
}
}

View File

@ -0,0 +1,23 @@
namespace Jellyfin.Api.Models.UserDtos
{
/// <summary>
/// The authenticate user by name request body.
/// </summary>
public class AuthenticateUserByName
{
/// <summary>
/// Gets or sets the username.
/// </summary>
public string? Username { get; set; }
/// <summary>
/// Gets or sets the plain text password.
/// </summary>
public string? Pw { get; set; }
/// <summary>
/// Gets or sets the sha1-hashed password.
/// </summary>
public string? Password { get; set; }
}
}

View File

@ -0,0 +1,18 @@
namespace Jellyfin.Api.Models.UserDtos
{
/// <summary>
/// The create user by name request body.
/// </summary>
public class CreateUserByName
{
/// <summary>
/// Gets or sets the username.
/// </summary>
public string? Name { get; set; }
/// <summary>
/// Gets or sets the password.
/// </summary>
public string? Password { get; set; }
}
}

View File

@ -0,0 +1,23 @@
namespace Jellyfin.Api.Models.UserDtos
{
/// <summary>
/// The update user easy password request body.
/// </summary>
public class UpdateUserEasyPassword
{
/// <summary>
/// Gets or sets the new sha1-hashed password.
/// </summary>
public string? NewPassword { get; set; }
/// <summary>
/// Gets or sets the new password.
/// </summary>
public string? NewPw { get; set; }
/// <summary>
/// Gets or sets a value indicating whether to reset the password.
/// </summary>
public bool ResetPassword { get; set; }
}
}

View File

@ -0,0 +1,28 @@
namespace Jellyfin.Api.Models.UserDtos
{
/// <summary>
/// The update user password request body.
/// </summary>
public class UpdateUserPassword
{
/// <summary>
/// Gets or sets the current sha1-hashed password.
/// </summary>
public string? CurrentPassword { get; set; }
/// <summary>
/// Gets or sets the current plain text password.
/// </summary>
public string? CurrentPw { get; set; }
/// <summary>
/// Gets or sets the new plain text password.
/// </summary>
public string? NewPw { get; set; }
/// <summary>
/// Gets or sets a value indicating whether to reset the password.
/// </summary>
public bool ResetPassword { get; set; }
}
}

View File

@ -215,6 +215,31 @@ namespace Jellyfin.Server.Extensions
Format = "string"
})
});
/*
* Support BlurHash dictionary
*/
options.MapType<Dictionary<ImageType, Dictionary<string, string>>>(() =>
new OpenApiSchema
{
Type = "object",
Properties = typeof(ImageType).GetEnumNames().ToDictionary(
name => name,
name => new OpenApiSchema
{
Type = "object", Properties = new Dictionary<string, OpenApiSchema>
{
{
"string",
new OpenApiSchema
{
Type = "string",
Format = "string"
}
}
}
})
});
}
}
}

View File

@ -1,101 +0,0 @@
using System.Threading;
using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Persistence;
using MediaBrowser.Model.Entities;
using MediaBrowser.Model.Serialization;
using MediaBrowser.Model.Services;
using Microsoft.Extensions.Logging;
namespace MediaBrowser.Api
{
/// <summary>
/// Class UpdateDisplayPreferences
/// </summary>
[Route("/DisplayPreferences/{DisplayPreferencesId}", "POST", Summary = "Updates a user's display preferences for an item")]
public class UpdateDisplayPreferences : DisplayPreferences, IReturnVoid
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "DisplayPreferencesId", Description = "DisplayPreferences Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public string DisplayPreferencesId { get; set; }
[ApiMember(Name = "UserId", Description = "User Id", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
public string UserId { get; set; }
}
[Route("/DisplayPreferences/{Id}", "GET", Summary = "Gets a user's display preferences for an item")]
public class GetDisplayPreferences : IReturn<DisplayPreferences>
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "Id", Description = "Item Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "GET")]
public string Id { get; set; }
[ApiMember(Name = "UserId", Description = "User Id", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "GET")]
public string UserId { get; set; }
[ApiMember(Name = "Client", Description = "Client", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "GET")]
public string Client { get; set; }
}
/// <summary>
/// Class DisplayPreferencesService
/// </summary>
[Authenticated]
public class DisplayPreferencesService : BaseApiService
{
/// <summary>
/// The _display preferences manager
/// </summary>
private readonly IDisplayPreferencesRepository _displayPreferencesManager;
/// <summary>
/// The _json serializer
/// </summary>
private readonly IJsonSerializer _jsonSerializer;
/// <summary>
/// Initializes a new instance of the <see cref="DisplayPreferencesService" /> class.
/// </summary>
/// <param name="jsonSerializer">The json serializer.</param>
/// <param name="displayPreferencesManager">The display preferences manager.</param>
public DisplayPreferencesService(
ILogger<DisplayPreferencesService> logger,
IServerConfigurationManager serverConfigurationManager,
IHttpResultFactory httpResultFactory,
IJsonSerializer jsonSerializer,
IDisplayPreferencesRepository displayPreferencesManager)
: base(logger, serverConfigurationManager, httpResultFactory)
{
_jsonSerializer = jsonSerializer;
_displayPreferencesManager = displayPreferencesManager;
}
/// <summary>
/// Gets the specified request.
/// </summary>
/// <param name="request">The request.</param>
public object Get(GetDisplayPreferences request)
{
var result = _displayPreferencesManager.GetDisplayPreferences(request.Id, request.UserId, request.Client);
return ToOptimizedResult(result);
}
/// <summary>
/// Posts the specified request.
/// </summary>
/// <param name="request">The request.</param>
public void Post(UpdateDisplayPreferences request)
{
// Serialize to json and then back so that the core doesn't see the request dto type
var displayPreferences = _jsonSerializer.DeserializeFromString<DisplayPreferences>(_jsonSerializer.SerializeToString(request));
_displayPreferencesManager.SaveDisplayPreferences(displayPreferences, request.UserId, request.Client, CancellationToken.None);
}
}
}

View File

@ -1,499 +0,0 @@
using System;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Devices;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Session;
using MediaBrowser.Model.Dto;
using MediaBrowser.Model.Services;
using MediaBrowser.Model.Session;
using Microsoft.Extensions.Logging;
namespace MediaBrowser.Api.Sessions
{
/// <summary>
/// Class GetSessions.
/// </summary>
[Route("/Sessions", "GET", Summary = "Gets a list of sessions")]
[Authenticated]
public class GetSessions : IReturn<SessionInfo[]>
{
[ApiMember(Name = "ControllableByUserId", Description = "Filter by sessions that a given user is allowed to remote control.", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "GET")]
public Guid ControllableByUserId { get; set; }
[ApiMember(Name = "DeviceId", Description = "Filter by device Id.", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "GET")]
public string DeviceId { get; set; }
public int? ActiveWithinSeconds { get; set; }
}
/// <summary>
/// Class DisplayContent.
/// </summary>
[Route("/Sessions/{Id}/Viewing", "POST", Summary = "Instructs a session to browse to an item or view")]
[Authenticated]
public class DisplayContent : IReturnVoid
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public string Id { get; set; }
/// <summary>
/// Artist, Genre, Studio, Person, or any kind of BaseItem
/// </summary>
/// <value>The type of the item.</value>
[ApiMember(Name = "ItemType", Description = "The type of item to browse to.", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
public string ItemType { get; set; }
/// <summary>
/// Artist name, genre name, item Id, etc
/// </summary>
/// <value>The item identifier.</value>
[ApiMember(Name = "ItemId", Description = "The Id of the item.", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
public string ItemId { get; set; }
/// <summary>
/// Gets or sets the name of the item.
/// </summary>
/// <value>The name of the item.</value>
[ApiMember(Name = "ItemName", Description = "The name of the item.", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
public string ItemName { get; set; }
}
[Route("/Sessions/{Id}/Playing", "POST", Summary = "Instructs a session to play an item")]
[Authenticated]
public class Play : PlayRequest
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public string Id { get; set; }
}
[Route("/Sessions/{Id}/Playing/{Command}", "POST", Summary = "Issues a playstate command to a client")]
[Authenticated]
public class SendPlaystateCommand : PlaystateRequest, IReturnVoid
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public string Id { get; set; }
}
[Route("/Sessions/{Id}/System/{Command}", "POST", Summary = "Issues a system command to a client")]
[Authenticated]
public class SendSystemCommand : IReturnVoid
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public string Id { get; set; }
/// <summary>
/// Gets or sets the command.
/// </summary>
/// <value>The play command.</value>
[ApiMember(Name = "Command", Description = "The command to send.", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public string Command { get; set; }
}
[Route("/Sessions/{Id}/Command/{Command}", "POST", Summary = "Issues a system command to a client")]
[Authenticated]
public class SendGeneralCommand : IReturnVoid
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public string Id { get; set; }
/// <summary>
/// Gets or sets the command.
/// </summary>
/// <value>The play command.</value>
[ApiMember(Name = "Command", Description = "The command to send.", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public string Command { get; set; }
}
[Route("/Sessions/{Id}/Command", "POST", Summary = "Issues a system command to a client")]
[Authenticated]
public class SendFullGeneralCommand : GeneralCommand, IReturnVoid
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public string Id { get; set; }
}
[Route("/Sessions/{Id}/Message", "POST", Summary = "Issues a command to a client to display a message to the user")]
[Authenticated]
public class SendMessageCommand : IReturnVoid
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public string Id { get; set; }
[ApiMember(Name = "Text", Description = "The message text.", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
public string Text { get; set; }
[ApiMember(Name = "Header", Description = "The message header.", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
public string Header { get; set; }
[ApiMember(Name = "TimeoutMs", Description = "The message timeout. If omitted the user will have to confirm viewing the message.", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "POST")]
public long? TimeoutMs { get; set; }
}
[Route("/Sessions/{Id}/Users/{UserId}", "POST", Summary = "Adds an additional user to a session")]
[Authenticated]
public class AddUserToSession : IReturnVoid
{
[ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public string Id { get; set; }
[ApiMember(Name = "UserId", Description = "UserId Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public string UserId { get; set; }
}
[Route("/Sessions/{Id}/Users/{UserId}", "DELETE", Summary = "Removes an additional user from a session")]
[Authenticated]
public class RemoveUserFromSession : IReturnVoid
{
[ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public string Id { get; set; }
[ApiMember(Name = "UserId", Description = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public string UserId { get; set; }
}
[Route("/Sessions/Capabilities", "POST", Summary = "Updates capabilities for a device")]
[Authenticated]
public class PostCapabilities : IReturnVoid
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
public string Id { get; set; }
[ApiMember(Name = "PlayableMediaTypes", Description = "A list of playable media types, comma delimited. Audio, Video, Book, Photo.", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "POST")]
public string PlayableMediaTypes { get; set; }
[ApiMember(Name = "SupportedCommands", Description = "A list of supported remote control commands, comma delimited", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "POST")]
public string SupportedCommands { get; set; }
[ApiMember(Name = "SupportsMediaControl", Description = "Determines whether media can be played remotely.", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "POST")]
public bool SupportsMediaControl { get; set; }
[ApiMember(Name = "SupportsSync", Description = "Determines whether sync is supported.", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "POST")]
public bool SupportsSync { get; set; }
[ApiMember(Name = "SupportsPersistentIdentifier", Description = "Determines whether the device supports a unique identifier.", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "POST")]
public bool SupportsPersistentIdentifier { get; set; }
public PostCapabilities()
{
SupportsPersistentIdentifier = true;
}
}
[Route("/Sessions/Capabilities/Full", "POST", Summary = "Updates capabilities for a device")]
[Authenticated]
public class PostFullCapabilities : ClientCapabilities, IReturnVoid
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
public string Id { get; set; }
}
[Route("/Sessions/Viewing", "POST", Summary = "Reports that a session is viewing an item")]
[Authenticated]
public class ReportViewing : IReturnVoid
{
[ApiMember(Name = "SessionId", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "POST")]
public string SessionId { get; set; }
[ApiMember(Name = "ItemId", Description = "Item Id", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
public string ItemId { get; set; }
}
[Route("/Sessions/Logout", "POST", Summary = "Reports that a session has ended")]
[Authenticated]
public class ReportSessionEnded : IReturnVoid
{
}
[Route("/Auth/Providers", "GET")]
[Authenticated(Roles = "Admin")]
public class GetAuthProviders : IReturn<NameIdPair[]>
{
}
[Route("/Auth/PasswordResetProviders", "GET")]
[Authenticated(Roles = "Admin")]
public class GetPasswordResetProviders : IReturn<NameIdPair[]>
{
}
/// <summary>
/// Class SessionsService.
/// </summary>
public class SessionService : BaseApiService
{
/// <summary>
/// The session manager.
/// </summary>
private readonly ISessionManager _sessionManager;
private readonly IUserManager _userManager;
private readonly IAuthorizationContext _authContext;
private readonly IDeviceManager _deviceManager;
private readonly ISessionContext _sessionContext;
public SessionService(
ILogger<SessionService> logger,
IServerConfigurationManager serverConfigurationManager,
IHttpResultFactory httpResultFactory,
ISessionManager sessionManager,
IUserManager userManager,
IAuthorizationContext authContext,
IDeviceManager deviceManager,
ISessionContext sessionContext)
: base(logger, serverConfigurationManager, httpResultFactory)
{
_sessionManager = sessionManager;
_userManager = userManager;
_authContext = authContext;
_deviceManager = deviceManager;
_sessionContext = sessionContext;
}
public object Get(GetAuthProviders request)
{
return _userManager.GetAuthenticationProviders();
}
public object Get(GetPasswordResetProviders request)
{
return _userManager.GetPasswordResetProviders();
}
public void Post(ReportSessionEnded request)
{
var auth = _authContext.GetAuthorizationInfo(Request);
_sessionManager.Logout(auth.Token);
}
/// <summary>
/// Gets the specified request.
/// </summary>
/// <param name="request">The request.</param>
/// <returns>System.Object.</returns>
public object Get(GetSessions request)
{
var result = _sessionManager.Sessions;
if (!string.IsNullOrEmpty(request.DeviceId))
{
result = result.Where(i => string.Equals(i.DeviceId, request.DeviceId, StringComparison.OrdinalIgnoreCase));
}
if (!request.ControllableByUserId.Equals(Guid.Empty))
{
result = result.Where(i => i.SupportsRemoteControl);
var user = _userManager.GetUserById(request.ControllableByUserId);
if (!user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers))
{
result = result.Where(i => i.UserId.Equals(Guid.Empty) || i.ContainsUser(request.ControllableByUserId));
}
if (!user.HasPermission(PermissionKind.EnableSharedDeviceControl))
{
result = result.Where(i => !i.UserId.Equals(Guid.Empty));
}
if (request.ActiveWithinSeconds.HasValue && request.ActiveWithinSeconds.Value > 0)
{
var minActiveDate = DateTime.UtcNow.AddSeconds(0 - request.ActiveWithinSeconds.Value);
result = result.Where(i => i.LastActivityDate >= minActiveDate);
}
result = result.Where(i =>
{
var deviceId = i.DeviceId;
if (!string.IsNullOrWhiteSpace(deviceId))
{
if (!_deviceManager.CanAccessDevice(user, deviceId))
{
return false;
}
}
return true;
});
}
return ToOptimizedResult(result.ToArray());
}
public Task Post(SendPlaystateCommand request)
{
return _sessionManager.SendPlaystateCommand(GetSession(_sessionContext).Id, request.Id, request, CancellationToken.None);
}
/// <summary>
/// Posts the specified request.
/// </summary>
/// <param name="request">The request.</param>
public Task Post(DisplayContent request)
{
var command = new BrowseRequest
{
ItemId = request.ItemId,
ItemName = request.ItemName,
ItemType = request.ItemType
};
return _sessionManager.SendBrowseCommand(GetSession(_sessionContext).Id, request.Id, command, CancellationToken.None);
}
/// <summary>
/// Posts the specified request.
/// </summary>
/// <param name="request">The request.</param>
public Task Post(SendSystemCommand request)
{
var name = request.Command;
if (Enum.TryParse(name, true, out GeneralCommandType commandType))
{
name = commandType.ToString();
}
var currentSession = GetSession(_sessionContext);
var command = new GeneralCommand
{
Name = name,
ControllingUserId = currentSession.UserId
};
return _sessionManager.SendGeneralCommand(currentSession.Id, request.Id, command, CancellationToken.None);
}
/// <summary>
/// Posts the specified request.
/// </summary>
/// <param name="request">The request.</param>
public Task Post(SendMessageCommand request)
{
var command = new MessageCommand
{
Header = string.IsNullOrEmpty(request.Header) ? "Message from Server" : request.Header,
TimeoutMs = request.TimeoutMs,
Text = request.Text
};
return _sessionManager.SendMessageCommand(GetSession(_sessionContext).Id, request.Id, command, CancellationToken.None);
}
/// <summary>
/// Posts the specified request.
/// </summary>
/// <param name="request">The request.</param>
public Task Post(Play request)
{
return _sessionManager.SendPlayCommand(GetSession(_sessionContext).Id, request.Id, request, CancellationToken.None);
}
public Task Post(SendGeneralCommand request)
{
var currentSession = GetSession(_sessionContext);
var command = new GeneralCommand
{
Name = request.Command,
ControllingUserId = currentSession.UserId
};
return _sessionManager.SendGeneralCommand(currentSession.Id, request.Id, command, CancellationToken.None);
}
public Task Post(SendFullGeneralCommand request)
{
var currentSession = GetSession(_sessionContext);
request.ControllingUserId = currentSession.UserId;
return _sessionManager.SendGeneralCommand(currentSession.Id, request.Id, request, CancellationToken.None);
}
public void Post(AddUserToSession request)
{
_sessionManager.AddAdditionalUser(request.Id, new Guid(request.UserId));
}
public void Delete(RemoveUserFromSession request)
{
_sessionManager.RemoveAdditionalUser(request.Id, new Guid(request.UserId));
}
public void Post(PostCapabilities request)
{
if (string.IsNullOrWhiteSpace(request.Id))
{
request.Id = GetSession(_sessionContext).Id;
}
_sessionManager.ReportCapabilities(request.Id, new ClientCapabilities
{
PlayableMediaTypes = SplitValue(request.PlayableMediaTypes, ','),
SupportedCommands = SplitValue(request.SupportedCommands, ','),
SupportsMediaControl = request.SupportsMediaControl,
SupportsSync = request.SupportsSync,
SupportsPersistentIdentifier = request.SupportsPersistentIdentifier
});
}
public void Post(PostFullCapabilities request)
{
if (string.IsNullOrWhiteSpace(request.Id))
{
request.Id = GetSession(_sessionContext).Id;
}
_sessionManager.ReportCapabilities(request.Id, request);
}
public void Post(ReportViewing request)
{
request.SessionId = GetSession(_sessionContext).Id;
_sessionManager.ReportNowViewingItem(request.SessionId, request.ItemId);
}
}
}

View File

@ -1,98 +0,0 @@
using System;
using System.Linq;
using Jellyfin.Data.Entities;
using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Dto;
using MediaBrowser.Controller.Entities;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Net;
using MediaBrowser.Model.Dto;
using MediaBrowser.Model.Entities;
using MediaBrowser.Model.Querying;
using MediaBrowser.Model.Services;
using Microsoft.Extensions.Logging;
namespace MediaBrowser.Api
{
[Route("/Users/{UserId}/Suggestions", "GET", Summary = "Gets items based on a query.")]
public class GetSuggestedItems : IReturn<QueryResult<BaseItemDto>>
{
public string MediaType { get; set; }
public string Type { get; set; }
public Guid UserId { get; set; }
public bool EnableTotalRecordCount { get; set; }
public int? StartIndex { get; set; }
public int? Limit { get; set; }
public string[] GetMediaTypes()
{
return (MediaType ?? string.Empty).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
}
public string[] GetIncludeItemTypes()
{
return (Type ?? string.Empty).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
}
}
public class SuggestionsService : BaseApiService
{
private readonly IDtoService _dtoService;
private readonly IAuthorizationContext _authContext;
private readonly IUserManager _userManager;
private readonly ILibraryManager _libraryManager;
public SuggestionsService(
ILogger<SuggestionsService> logger,
IServerConfigurationManager serverConfigurationManager,
IHttpResultFactory httpResultFactory,
IDtoService dtoService,
IAuthorizationContext authContext,
IUserManager userManager,
ILibraryManager libraryManager)
: base(logger, serverConfigurationManager, httpResultFactory)
{
_dtoService = dtoService;
_authContext = authContext;
_userManager = userManager;
_libraryManager = libraryManager;
}
public object Get(GetSuggestedItems request)
{
return GetResultItems(request);
}
private QueryResult<BaseItemDto> GetResultItems(GetSuggestedItems request)
{
var user = !request.UserId.Equals(Guid.Empty) ? _userManager.GetUserById(request.UserId) : null;
var dtoOptions = GetDtoOptions(_authContext, request);
var result = GetItems(request, user, dtoOptions);
var dtoList = _dtoService.GetBaseItemDtos(result.Items, dtoOptions, user);
return new QueryResult<BaseItemDto>
{
TotalRecordCount = result.TotalRecordCount,
Items = dtoList
};
}
private QueryResult<BaseItem> GetItems(GetSuggestedItems request, User user, DtoOptions dtoOptions)
{
return _libraryManager.GetItemsResult(new InternalItemsQuery(user)
{
OrderBy = new[] { ItemSortBy.Random }.Select(i => new ValueTuple<string, SortOrder>(i, SortOrder.Descending)).ToArray(),
MediaTypes = request.GetMediaTypes(),
IncludeItemTypes = request.GetIncludeItemTypes(),
IsVirtualItem = false,
StartIndex = request.StartIndex,
Limit = request.Limit,
DtoOptions = dtoOptions,
EnableTotalRecordCount = request.EnableTotalRecordCount,
Recursive = true
});
}
}
}

View File

@ -1,605 +0,0 @@
using System;
using System.Linq;
using System.Threading.Tasks;
using Jellyfin.Data.Enums;
using MediaBrowser.Common.Extensions;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Authentication;
using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Devices;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Session;
using MediaBrowser.Model.Configuration;
using MediaBrowser.Model.Dto;
using MediaBrowser.Model.Services;
using MediaBrowser.Model.Users;
using Microsoft.Extensions.Logging;
namespace MediaBrowser.Api
{
/// <summary>
/// Class GetUsers
/// </summary>
[Route("/Users", "GET", Summary = "Gets a list of users")]
[Authenticated]
public class GetUsers : IReturn<UserDto[]>
{
[ApiMember(Name = "IsHidden", Description = "Optional filter by IsHidden=true or false", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "GET")]
public bool? IsHidden { get; set; }
[ApiMember(Name = "IsDisabled", Description = "Optional filter by IsDisabled=true or false", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "GET")]
public bool? IsDisabled { get; set; }
[ApiMember(Name = "IsGuest", Description = "Optional filter by IsGuest=true or false", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "GET")]
public bool? IsGuest { get; set; }
}
[Route("/Users/Public", "GET", Summary = "Gets a list of publicly visible users for display on a login screen.")]
public class GetPublicUsers : IReturn<UserDto[]>
{
}
/// <summary>
/// Class GetUser
/// </summary>
[Route("/Users/{Id}", "GET", Summary = "Gets a user by Id")]
[Authenticated(EscapeParentalControl = true)]
public class GetUser : IReturn<UserDto>
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "GET")]
public Guid Id { get; set; }
}
/// <summary>
/// Class DeleteUser
/// </summary>
[Route("/Users/{Id}", "DELETE", Summary = "Deletes a user")]
[Authenticated(Roles = "Admin")]
public class DeleteUser : IReturnVoid
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "DELETE")]
public Guid Id { get; set; }
}
/// <summary>
/// Class AuthenticateUser
/// </summary>
[Route("/Users/{Id}/Authenticate", "POST", Summary = "Authenticates a user")]
public class AuthenticateUser : IReturn<AuthenticationResult>
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public Guid Id { get; set; }
[ApiMember(Name = "Pw", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
public string Pw { get; set; }
/// <summary>
/// Gets or sets the password.
/// </summary>
/// <value>The password.</value>
[ApiMember(Name = "Password", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
public string Password { get; set; }
}
/// <summary>
/// Class AuthenticateUser
/// </summary>
[Route("/Users/AuthenticateByName", "POST", Summary = "Authenticates a user")]
public class AuthenticateUserByName : IReturn<AuthenticationResult>
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
[ApiMember(Name = "Username", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
public string Username { get; set; }
/// <summary>
/// Gets or sets the password.
/// </summary>
/// <value>The password.</value>
[ApiMember(Name = "Password", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
public string Password { get; set; }
[ApiMember(Name = "Pw", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
public string Pw { get; set; }
}
/// <summary>
/// Class UpdateUserPassword
/// </summary>
[Route("/Users/{Id}/Password", "POST", Summary = "Updates a user's password")]
[Authenticated]
public class UpdateUserPassword : IReturnVoid
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
public Guid Id { get; set; }
/// <summary>
/// Gets or sets the password.
/// </summary>
/// <value>The password.</value>
public string CurrentPassword { get; set; }
public string CurrentPw { get; set; }
public string NewPw { get; set; }
/// <summary>
/// Gets or sets a value indicating whether [reset password].
/// </summary>
/// <value><c>true</c> if [reset password]; otherwise, <c>false</c>.</value>
public bool ResetPassword { get; set; }
}
/// <summary>
/// Class UpdateUserEasyPassword
/// </summary>
[Route("/Users/{Id}/EasyPassword", "POST", Summary = "Updates a user's easy password")]
[Authenticated]
public class UpdateUserEasyPassword : IReturnVoid
{
/// <summary>
/// Gets or sets the id.
/// </summary>
/// <value>The id.</value>
public Guid Id { get; set; }
/// <summary>
/// Gets or sets the new password.
/// </summary>
/// <value>The new password.</value>
public string NewPassword { get; set; }
public string NewPw { get; set; }
/// <summary>
/// Gets or sets a value indicating whether [reset password].
/// </summary>
/// <value><c>true</c> if [reset password]; otherwise, <c>false</c>.</value>
public bool ResetPassword { get; set; }
}
/// <summary>
/// Class UpdateUser
/// </summary>
[Route("/Users/{Id}", "POST", Summary = "Updates a user")]
[Authenticated]
public class UpdateUser : UserDto, IReturnVoid
{
}
/// <summary>
/// Class UpdateUser
/// </summary>
[Route("/Users/{Id}/Policy", "POST", Summary = "Updates a user policy")]
[Authenticated(Roles = "admin")]
public class UpdateUserPolicy : UserPolicy, IReturnVoid
{
[ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public Guid Id { get; set; }
}
/// <summary>
/// Class UpdateUser
/// </summary>
[Route("/Users/{Id}/Configuration", "POST", Summary = "Updates a user configuration")]
[Authenticated]
public class UpdateUserConfiguration : UserConfiguration, IReturnVoid
{
[ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
public Guid Id { get; set; }
}
/// <summary>
/// Class CreateUser
/// </summary>
[Route("/Users/New", "POST", Summary = "Creates a user")]
[Authenticated(Roles = "Admin")]
public class CreateUserByName : IReturn<UserDto>
{
[ApiMember(Name = "Name", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
public string Name { get; set; }
[ApiMember(Name = "Password", IsRequired = false, DataType = "string", ParameterType = "body", Verb = "POST")]
public string Password { get; set; }
}
[Route("/Users/ForgotPassword", "POST", Summary = "Initiates the forgot password process for a local user")]
public class ForgotPassword : IReturn<ForgotPasswordResult>
{
[ApiMember(Name = "EnteredUsername", IsRequired = false, DataType = "string", ParameterType = "body", Verb = "POST")]
public string EnteredUsername { get; set; }
}
[Route("/Users/ForgotPassword/Pin", "POST", Summary = "Redeems a forgot password pin")]
public class ForgotPasswordPin : IReturn<PinRedeemResult>
{
[ApiMember(Name = "Pin", IsRequired = false, DataType = "string", ParameterType = "body", Verb = "POST")]
public string Pin { get; set; }
}
/// <summary>
/// Class UsersService
/// </summary>
public class UserService : BaseApiService
{
/// <summary>
/// The user manager.
/// </summary>
private readonly IUserManager _userManager;
private readonly ISessionManager _sessionMananger;
private readonly INetworkManager _networkManager;
private readonly IDeviceManager _deviceManager;
private readonly IAuthorizationContext _authContext;
public UserService(
ILogger<UserService> logger,
IServerConfigurationManager serverConfigurationManager,
IHttpResultFactory httpResultFactory,
IUserManager userManager,
ISessionManager sessionMananger,
INetworkManager networkManager,
IDeviceManager deviceManager,
IAuthorizationContext authContext)
: base(logger, serverConfigurationManager, httpResultFactory)
{
_userManager = userManager;
_sessionMananger = sessionMananger;
_networkManager = networkManager;
_deviceManager = deviceManager;
_authContext = authContext;
}
public object Get(GetPublicUsers request)
{
// If the startup wizard hasn't been completed then just return all users
if (!ServerConfigurationManager.Configuration.IsStartupWizardCompleted)
{
return Get(new GetUsers
{
IsDisabled = false
});
}
return Get(new GetUsers
{
IsHidden = false,
IsDisabled = false
}, true, true);
}
/// <summary>
/// Gets the specified request.
/// </summary>
/// <param name="request">The request.</param>
/// <returns>System.Object.</returns>
public object Get(GetUsers request)
{
return Get(request, false, false);
}
private object Get(GetUsers request, bool filterByDevice, bool filterByNetwork)
{
var users = _userManager.Users;
if (request.IsDisabled.HasValue)
{
users = users.Where(i => i.HasPermission(PermissionKind.IsDisabled) == request.IsDisabled.Value);
}
if (request.IsHidden.HasValue)
{
users = users.Where(i => i.HasPermission(PermissionKind.IsHidden) == request.IsHidden.Value);
}
if (filterByDevice)
{
var deviceId = _authContext.GetAuthorizationInfo(Request).DeviceId;
if (!string.IsNullOrWhiteSpace(deviceId))
{
users = users.Where(i => _deviceManager.CanAccessDevice(i, deviceId));
}
}
if (filterByNetwork)
{
if (!_networkManager.IsInLocalNetwork(Request.RemoteIp))
{
users = users.Where(i => i.HasPermission(PermissionKind.EnableRemoteAccess));
}
}
var result = users
.OrderBy(u => u.Username)
.Select(i => _userManager.GetUserDto(i, Request.RemoteIp))
.ToArray();
return ToOptimizedResult(result);
}
/// <summary>
/// Gets the specified request.
/// </summary>
/// <param name="request">The request.</param>
/// <returns>System.Object.</returns>
public object Get(GetUser request)
{
var user = _userManager.GetUserById(request.Id);
if (user == null)
{
throw new ResourceNotFoundException("User not found");
}
var result = _userManager.GetUserDto(user, Request.RemoteIp);
return ToOptimizedResult(result);
}
/// <summary>
/// Deletes the specified request.
/// </summary>
/// <param name="request">The request.</param>
public Task Delete(DeleteUser request)
{
return DeleteAsync(request);
}
public Task DeleteAsync(DeleteUser request)
{
var user = _userManager.GetUserById(request.Id);
if (user == null)
{
throw new ResourceNotFoundException("User not found");
}
_sessionMananger.RevokeUserTokens(user.Id, null);
_userManager.DeleteUser(user);
return Task.CompletedTask;
}
/// <summary>
/// Posts the specified request.
/// </summary>
/// <param name="request">The request.</param>
public object Post(AuthenticateUser request)
{
var user = _userManager.GetUserById(request.Id);
if (user == null)
{
throw new ResourceNotFoundException("User not found");
}
if (!string.IsNullOrEmpty(request.Password) && string.IsNullOrEmpty(request.Pw))
{
throw new MethodNotAllowedException("Hashed-only passwords are not valid for this API.");
}
// Password should always be null
return Post(new AuthenticateUserByName
{
Username = user.Username,
Password = null,
Pw = request.Pw
});
}
public async Task<object> Post(AuthenticateUserByName request)
{
var auth = _authContext.GetAuthorizationInfo(Request);
try
{
var result = await _sessionMananger.AuthenticateNewSession(new AuthenticationRequest
{
App = auth.Client,
AppVersion = auth.Version,
DeviceId = auth.DeviceId,
DeviceName = auth.Device,
Password = request.Pw,
PasswordSha1 = request.Password,
RemoteEndPoint = Request.RemoteIp,
Username = request.Username
}).ConfigureAwait(false);
return ToOptimizedResult(result);
}
catch (SecurityException e)
{
// rethrow adding IP address to message
throw new SecurityException($"[{Request.RemoteIp}] {e.Message}", e);
}
}
/// <summary>
/// Posts the specified request.
/// </summary>
/// <param name="request">The request.</param>
public Task Post(UpdateUserPassword request)
{
return PostAsync(request);
}
public async Task PostAsync(UpdateUserPassword request)
{
AssertCanUpdateUser(_authContext, _userManager, request.Id, true);
var user = _userManager.GetUserById(request.Id);
if (user == null)
{
throw new ResourceNotFoundException("User not found");
}
if (request.ResetPassword)
{
await _userManager.ResetPassword(user).ConfigureAwait(false);
}
else
{
var success = await _userManager.AuthenticateUser(
user.Username,
request.CurrentPw,
request.CurrentPassword,
Request.RemoteIp,
false).ConfigureAwait(false);
if (success == null)
{
throw new ArgumentException("Invalid user or password entered.");
}
await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
var currentToken = _authContext.GetAuthorizationInfo(Request).Token;
_sessionMananger.RevokeUserTokens(user.Id, currentToken);
}
}
public void Post(UpdateUserEasyPassword request)
{
AssertCanUpdateUser(_authContext, _userManager, request.Id, true);
var user = _userManager.GetUserById(request.Id);
if (user == null)
{
throw new ResourceNotFoundException("User not found");
}
if (request.ResetPassword)
{
_userManager.ResetEasyPassword(user);
}
else
{
_userManager.ChangeEasyPassword(user, request.NewPw, request.NewPassword);
}
}
/// <summary>
/// Posts the specified request.
/// </summary>
/// <param name="request">The request.</param>
public async Task Post(UpdateUser request)
{
var id = Guid.Parse(GetPathValue(1));
AssertCanUpdateUser(_authContext, _userManager, id, false);
var dtoUser = request;
var user = _userManager.GetUserById(id);
if (string.Equals(user.Username, dtoUser.Name, StringComparison.Ordinal))
{
await _userManager.UpdateUserAsync(user);
_userManager.UpdateConfiguration(user.Id, dtoUser.Configuration);
}
else
{
await _userManager.RenameUser(user, dtoUser.Name).ConfigureAwait(false);
_userManager.UpdateConfiguration(dtoUser.Id, dtoUser.Configuration);
}
}
/// <summary>
/// Posts the specified request.
/// </summary>
/// <param name="request">The request.</param>
/// <returns>System.Object.</returns>
public async Task<object> Post(CreateUserByName request)
{
var newUser = _userManager.CreateUser(request.Name);
// no need to authenticate password for new user
if (request.Password != null)
{
await _userManager.ChangePassword(newUser, request.Password).ConfigureAwait(false);
}
var result = _userManager.GetUserDto(newUser, Request.RemoteIp);
return ToOptimizedResult(result);
}
public async Task<object> Post(ForgotPassword request)
{
var isLocal = Request.IsLocal || _networkManager.IsInLocalNetwork(Request.RemoteIp);
var result = await _userManager.StartForgotPasswordProcess(request.EnteredUsername, isLocal).ConfigureAwait(false);
return result;
}
public async Task<object> Post(ForgotPasswordPin request)
{
var result = await _userManager.RedeemPasswordResetPin(request.Pin).ConfigureAwait(false);
return result;
}
public void Post(UpdateUserConfiguration request)
{
AssertCanUpdateUser(_authContext, _userManager, request.Id, false);
_userManager.UpdateConfiguration(request.Id, request);
}
public void Post(UpdateUserPolicy request)
{
var user = _userManager.GetUserById(request.Id);
// If removing admin access
if (!request.IsAdministrator && user.HasPermission(PermissionKind.IsAdministrator))
{
if (_userManager.Users.Count(i => i.HasPermission(PermissionKind.IsAdministrator)) == 1)
{
throw new ArgumentException("There must be at least one user in the system with administrative access.");
}
}
// If disabling
if (request.IsDisabled && user.HasPermission(PermissionKind.IsAdministrator))
{
throw new ArgumentException("Administrators cannot be disabled.");
}
// If disabling
if (request.IsDisabled && !user.HasPermission(PermissionKind.IsDisabled))
{
if (_userManager.Users.Count(i => !i.HasPermission(PermissionKind.IsDisabled)) == 1)
{
throw new ArgumentException("There must be at least one enabled user in the system.");
}
var currentToken = _authContext.GetAuthorizationInfo(Request).Token;
_sessionMananger.RevokeUserTokens(user.Id, currentToken);
}
_userManager.UpdatePolicy(request.Id, request);
}
}
}

View File

@ -14,40 +14,27 @@ namespace MediaBrowser.Common.Json.Converters
/// <inheritdoc />
public override int Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
{
static void ThrowFormatException() => throw new FormatException("Invalid format for an integer.");
ReadOnlySpan<byte> span = stackalloc byte[0];
if (reader.HasValueSequence)
if (reader.TokenType == JsonTokenType.String)
{
long sequenceLength = reader.ValueSequence.Length;
Span<byte> stackSpan = stackalloc byte[(int)sequenceLength];
reader.ValueSequence.CopyTo(stackSpan);
span = stackSpan;
}
else
ReadOnlySpan<byte> span = reader.HasValueSequence ? reader.ValueSequence.ToArray() : reader.ValueSpan;
if (Utf8Parser.TryParse(span, out int number, out int bytesConsumed) && span.Length == bytesConsumed)
{
span = reader.ValueSpan;
}
if (!Utf8Parser.TryParse(span, out int number, out _))
{
ThrowFormatException();
}
return number;
}
if (int.TryParse(reader.GetString(), out number))
{
return number;
}
}
return reader.GetInt32();
}
/// <inheritdoc />
public override void Write(Utf8JsonWriter writer, int value, JsonSerializerOptions options)
{
static void ThrowInvalidOperationException() => throw new InvalidOperationException();
Span<byte> span = stackalloc byte[16];
if (Utf8Formatter.TryFormat(value, span, out int bytesWritten))
{
writer.WriteStringValue(span.Slice(0, bytesWritten));
}
ThrowInvalidOperationException();
writer.WriteNumberValue(value);
}
}
}

View File

@ -28,6 +28,7 @@ namespace MediaBrowser.Common.Json
};
options.Converters.Add(new JsonGuidConverter());
options.Converters.Add(new JsonInt32Converter());
options.Converters.Add(new JsonStringEnumConverter());
options.Converters.Add(new JsonNonStringKeyDictionaryConverterFactory());