Merge pull request #3218 from crobibero/api-cors

Enable CORS and Authentation
This commit is contained in:
dkanada 2020-06-09 14:29:52 +09:00 committed by GitHub
commit b3f8928fbb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 62 additions and 5 deletions

View File

@ -146,11 +146,17 @@ namespace Emby.Server.Implementations.HttpServer.Security
{ {
return true; return true;
} }
if (authAttribtues.AllowLocalOnly && request.IsLocal) if (authAttribtues.AllowLocalOnly && request.IsLocal)
{ {
return true; return true;
} }
if (authAttribtues.IgnoreLegacyAuth)
{
return true;
}
return false; return false;
} }

View File

@ -37,13 +37,20 @@ namespace Jellyfin.Api.Auth
/// <inheritdoc /> /// <inheritdoc />
protected override Task<AuthenticateResult> HandleAuthenticateAsync() protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{ {
var authenticatedAttribute = new AuthenticatedAttribute(); var authenticatedAttribute = new AuthenticatedAttribute
{
IgnoreLegacyAuth = true
};
try try
{ {
var user = _authService.Authenticate(Request, authenticatedAttribute); var user = _authService.Authenticate(Request, authenticatedAttribute);
if (user == null) if (user == null)
{ {
return Task.FromResult(AuthenticateResult.Fail("Invalid user")); return Task.FromResult(AuthenticateResult.NoResult());
// TODO return when legacy API is removed.
// Don't spam the log with "Invalid User"
// return Task.FromResult(AuthenticateResult.Fail("Invalid user"));
} }
var claims = new[] var claims = new[]

View File

@ -10,6 +10,7 @@ using Jellyfin.Api.Auth.RequiresElevationPolicy;
using Jellyfin.Api.Constants; using Jellyfin.Api.Constants;
using Jellyfin.Api.Controllers; using Jellyfin.Api.Controllers;
using Jellyfin.Server.Formatters; using Jellyfin.Server.Formatters;
using Jellyfin.Server.Models;
using MediaBrowser.Common.Json; using MediaBrowser.Common.Json;
using MediaBrowser.Model.Entities; using MediaBrowser.Model.Entities;
using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication;
@ -72,7 +73,12 @@ namespace Jellyfin.Server.Extensions
/// <returns>The MVC builder.</returns> /// <returns>The MVC builder.</returns>
public static IMvcBuilder AddJellyfinApi(this IServiceCollection serviceCollection, string baseUrl) public static IMvcBuilder AddJellyfinApi(this IServiceCollection serviceCollection, string baseUrl)
{ {
return serviceCollection.AddMvc(opts => return serviceCollection
.AddCors(options =>
{
options.AddPolicy(ServerCorsPolicy.DefaultPolicyName, ServerCorsPolicy.DefaultPolicy);
})
.AddMvc(opts =>
{ {
opts.UseGeneralRoutePrefix(baseUrl); opts.UseGeneralRoutePrefix(baseUrl);
opts.OutputFormatters.Insert(0, new CamelCaseJsonProfileFormatter()); opts.OutputFormatters.Insert(0, new CamelCaseJsonProfileFormatter());

View File

@ -0,0 +1,30 @@
using Microsoft.AspNetCore.Cors.Infrastructure;
namespace Jellyfin.Server.Models
{
/// <summary>
/// Server Cors Policy.
/// </summary>
public static class ServerCorsPolicy
{
/// <summary>
/// Default policy name.
/// </summary>
public const string DefaultPolicyName = "DefaultCorsPolicy";
/// <summary>
/// Default Policy. Allow Everything.
/// </summary>
public static readonly CorsPolicy DefaultPolicy = new CorsPolicy
{
// Allow any origin
Origins = { "*" },
// Allow any method
Methods = { "*" },
// Allow any header
Headers = { "*" }
};
}
}

View File

@ -1,5 +1,6 @@
using Jellyfin.Server.Extensions; using Jellyfin.Server.Extensions;
using Jellyfin.Server.Middleware; using Jellyfin.Server.Middleware;
using Jellyfin.Server.Models;
using MediaBrowser.Controller; using MediaBrowser.Controller;
using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Configuration;
using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Builder;
@ -68,9 +69,10 @@ namespace Jellyfin.Server
// TODO app.UseMiddleware<WebSocketMiddleware>(); // TODO app.UseMiddleware<WebSocketMiddleware>();
app.Use(serverApplicationHost.ExecuteWebsocketHandlerAsync); app.Use(serverApplicationHost.ExecuteWebsocketHandlerAsync);
// TODO use when old API is removed: app.UseAuthentication(); app.UseAuthentication();
app.UseJellyfinApiSwagger(_serverConfigurationManager); app.UseJellyfinApiSwagger(_serverConfigurationManager);
app.UseRouting(); app.UseRouting();
app.UseCors(ServerCorsPolicy.DefaultPolicyName);
app.UseAuthorization(); app.UseAuthorization();
app.UseEndpoints(endpoints => app.UseEndpoints(endpoints =>
{ {

View File

@ -52,6 +52,8 @@ namespace MediaBrowser.Controller.Net
return (Roles ?? string.Empty).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries); return (Roles ?? string.Empty).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
} }
public bool IgnoreLegacyAuth { get; set; }
public bool AllowLocalOnly { get; set; } public bool AllowLocalOnly { get; set; }
} }
@ -63,5 +65,7 @@ namespace MediaBrowser.Controller.Net
bool AllowLocalOnly { get; } bool AllowLocalOnly { get; }
string[] GetRoles(); string[] GetRoles();
bool IgnoreLegacyAuth { get; }
} }
} }

View File

@ -88,7 +88,9 @@ namespace Jellyfin.Api.Tests.Auth
var authenticateResult = await _sut.AuthenticateAsync(); var authenticateResult = await _sut.AuthenticateAsync();
Assert.False(authenticateResult.Succeeded); Assert.False(authenticateResult.Succeeded);
Assert.Equal("Invalid user", authenticateResult.Failure.Message); Assert.True(authenticateResult.None);
// TODO return when legacy API is removed.
// Assert.Equal("Invalid user", authenticateResult.Failure.Message);
} }
[Fact] [Fact]