mirror of
https://github.com/hrfee/jfa-go.git
synced 2024-06-28 20:37:46 +02:00
Harvey Tindall
918f8816c5
user-auth.go contains slightly adjusted versions of auth.go functions, for authorizing jellyfin users (admin or not). Refactored auth.go so that most code is shared. User auth isn't hooked up yet, nor has it been tested.
99 lines
2.9 KiB
Go
99 lines
2.9 KiB
Go
package main
|
|
|
|
import "github.com/gin-gonic/gin"
|
|
|
|
func (app *appContext) userAuth() gin.HandlerFunc {
|
|
return app.userAuthenticate
|
|
}
|
|
|
|
func (app *appContext) userAuthenticate(gc *gin.Context) {
|
|
jellyfinLogin := app.config.Section("ui").Key("jellyfin_login").MustBool(true)
|
|
if !jellyfinLogin {
|
|
app.err.Println("Enable Jellyfin Login to use the User Page feature.")
|
|
respond(500, "Contact Admin", gc)
|
|
return
|
|
}
|
|
claims, ok := app.decodeValidateAuthHeader(gc)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
// user id can be nil for all we care, we just want the Jellyfin ID
|
|
jfID := claims["jfid"].(string)
|
|
|
|
gc.Set("jfId", jfID)
|
|
gc.Set("userMode", true)
|
|
app.debug.Println("Auth succeeded")
|
|
gc.Next()
|
|
}
|
|
|
|
// @Summary Grabs an user-access token using username & password.
|
|
// @description Has limited access to API routes, used to display the user's personal page.
|
|
// @Produce json
|
|
// @Success 200 {object} getTokenDTO
|
|
// @Failure 401 {object} stringResponse
|
|
// @Router /my/token/login [get]
|
|
// @tags Auth
|
|
// @Security getUserTokenAuth
|
|
func (app *appContext) getUserTokenLogin(gc *gin.Context) {
|
|
if !app.config.Section("ui").Key("jellyfin_login").MustBool(true) {
|
|
app.err.Println("Enable Jellyfin Login to use the User Page feature.")
|
|
respond(500, "Contact Admin", gc)
|
|
return
|
|
}
|
|
app.info.Println("UserToken requested (login attempt)")
|
|
username, password, ok := app.decodeValidateLoginHeader(gc)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
user, ok := app.validateJellyfinCredentials(username, password, gc)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
token, refresh, err := CreateToken(user.ID, user.ID, false)
|
|
if err != nil {
|
|
app.err.Printf("getUserToken failed: Couldn't generate user token (%s)", err)
|
|
respond(500, "Couldn't generate user token", gc)
|
|
return
|
|
}
|
|
|
|
app.debug.Printf("Token generated for non-admin user \"%s\"", username)
|
|
gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", gc.Request.URL.Hostname(), true, true)
|
|
gc.JSON(200, getTokenDTO{token})
|
|
}
|
|
|
|
// @Summary Grabs an user-access token using a refresh token from cookies.
|
|
// @Produce json
|
|
// @Success 200 {object} getTokenDTO
|
|
// @Failure 401 {object} stringResponse
|
|
// @Router /my/token/refresh [get]
|
|
// @tags Auth
|
|
func (app *appContext) getUserTokenRefresh(gc *gin.Context) {
|
|
jellyfinLogin := app.config.Section("ui").Key("jellyfin_login").MustBool(true)
|
|
if !jellyfinLogin {
|
|
app.err.Println("Enable Jellyfin Login to use the User Page feature.")
|
|
respond(500, "Contact Admin", gc)
|
|
return
|
|
}
|
|
|
|
app.info.Println("UserToken request (refresh token)")
|
|
claims, ok := app.decodeValidateRefreshCookie(gc)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
jfID := claims["jfid"].(string)
|
|
|
|
jwt, refresh, err := CreateToken(jfID, jfID, false)
|
|
if err != nil {
|
|
app.err.Printf("getUserToken failed: Couldn't generate user token (%s)", err)
|
|
respond(500, "Couldn't generate user token", gc)
|
|
return
|
|
}
|
|
|
|
gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", gc.Request.URL.Hostname(), true, true)
|
|
gc.JSON(200, getTokenDTO{jwt})
|
|
}
|