fixes #1427 - [Feature Request]: Require Encryption

2017-09-29 15:17:54 -04:00 · 2017-09-29 15:17:54 -04:00 · 878abbddda
parent 134e74414d
commit 878abbddda
4 changed files with 24 additions and 3 deletions
--- a/Emby.Server.Implementations/ApplicationHost.cs
+++ b/Emby.Server.Implementations/ApplicationHost.cs
@ -1931,13 +1931,13 @@ namespace Emby.Server.Implementations
        {
            get
            {
-                return SupportsHttps && ServerConfigurationManager.Configuration.EnableHttps;
+                return SupportsHttps && (ServerConfigurationManager.Configuration.EnableHttps || ServerConfigurationManager.Configuration.RequireHttps);
            }
        }

        public bool SupportsHttps
        {
-            get { return Certificate != null; }
+            get { return Certificate != null || ServerConfigurationManager.Configuration.IsBehindProxy; }
        }

        public async Task<string> GetLocalApiUrl()
--- a/Emby.Server.Implementations/EntryPoints/ExternalPortForwarding.cs
+++ b/Emby.Server.Implementations/EntryPoints/ExternalPortForwarding.cs
@ -48,7 +48,7 @@ namespace Emby.Server.Implementations.EntryPoints
            values.Add(config.PublicPort.ToString(CultureInfo.InvariantCulture));
            values.Add(_appHost.HttpPort.ToString(CultureInfo.InvariantCulture));
            values.Add(_appHost.HttpsPort.ToString(CultureInfo.InvariantCulture));
-            values.Add(config.EnableHttps.ToString());
+            values.Add((config.EnableHttps || config.RequireHttps).ToString());
            values.Add(_appHost.EnableHttps.ToString());

            return string.Join("|", values.ToArray(values.Count));
--- a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs
+++ b/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs
@ -423,6 +423,19 @@ namespace Emby.Server.Implementations.HttpServer
            return true;
        }

+        private bool ValidateSsl(string remoteIp)
+        {
+            if (_config.Configuration.RequireHttps && _appHost.EnableHttps)
+            {
+                if (!_networkManager.IsInLocalNetwork(remoteIp))
+                {
+                    return false;
+                }
+            }
+
+            return true;
+        }
+
        /// <summary>
        /// Overridable method that can be used to implement a custom hnandler
        /// </summary>
@ -453,6 +466,12 @@ namespace Emby.Server.Implementations.HttpServer
                    return;
                }

+                if (!ValidateSsl(httpReq.RemoteIp))
+                {
+                    RedirectToUrl(httpRes, urlString.Replace("http://", "https://", StringComparison.OrdinalIgnoreCase));
+                    return;
+                }
+
                if (string.Equals(httpReq.Verb, "OPTIONS", StringComparison.OrdinalIgnoreCase))
                {
                    httpRes.StatusCode = 200;
--- a/MediaBrowser.Model/Configuration/ServerConfiguration.cs
+++ b/MediaBrowser.Model/Configuration/ServerConfiguration.cs
@ -181,6 +181,8 @@ namespace MediaBrowser.Model.Configuration
        public string[] CodecsUsed { get; set; }
        public bool EnableChannelView { get; set; }
        public bool EnableExternalContentInSuggestions { get; set; }
+        public bool RequireHttps { get; set; }
+        public bool IsBehindProxy { get; set; }

        public int ImageExtractionTimeoutMs { get; set; }