using System.Security.Claims; using System.Text.Encodings.Web; using System.Threading.Tasks; using Jellyfin.Api.Constants; using MediaBrowser.Controller.Net; using Microsoft.AspNetCore.Authentication; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; namespace Jellyfin.Api.Auth { /// /// Custom authentication handler wrapping the legacy authentication. /// public class CustomAuthenticationHandler : AuthenticationHandler { private readonly IAuthService _authService; /// /// Initializes a new instance of the class. /// /// The jellyfin authentication service. /// Options monitor. /// The logger. /// The url encoder. /// The system clock. public CustomAuthenticationHandler( IAuthService authService, IOptionsMonitor options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock) { _authService = authService; } /// protected override Task HandleAuthenticateAsync() { var authenticatedAttribute = new AuthenticatedAttribute(); try { var user = _authService.Authenticate(Request, authenticatedAttribute); if (user == null) { return Task.FromResult(AuthenticateResult.Fail("Invalid user")); } var claims = new[] { new Claim(ClaimTypes.Name, user.Name), new Claim( ClaimTypes.Role, value: user.Policy.IsAdministrator ? UserRole.Administrator : UserRole.User) }; var identity = new ClaimsIdentity(claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, Scheme.Name); return Task.FromResult(AuthenticateResult.Success(ticket)); } catch (SecurityException ex) { return Task.FromResult(AuthenticateResult.Fail(ex)); } } } }