jellyfin/Jellyfin.Api/Controllers/QuickConnectController.cs

139 lines
5.7 KiB
C#
Raw Normal View History

using System;
2020-08-13 13:35:04 -07:00
using System.ComponentModel.DataAnnotations;
using System.Threading.Tasks;
2020-08-13 13:35:04 -07:00
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions;
2020-08-16 15:45:53 -07:00
using Jellyfin.Api.Helpers;
2020-08-13 13:35:04 -07:00
using MediaBrowser.Common.Extensions;
2021-06-18 10:31:47 -07:00
using MediaBrowser.Controller.Authentication;
using MediaBrowser.Controller.Net;
2020-08-13 13:35:04 -07:00
using MediaBrowser.Controller.QuickConnect;
using MediaBrowser.Model.QuickConnect;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
namespace Jellyfin.Api.Controllers
{
/// <summary>
/// Quick connect controller.
/// </summary>
public class QuickConnectController : BaseJellyfinApiController
{
private readonly IQuickConnect _quickConnect;
private readonly IAuthorizationContext _authContext;
2020-08-13 13:35:04 -07:00
/// <summary>
/// Initializes a new instance of the <see cref="QuickConnectController"/> class.
/// </summary>
/// <param name="quickConnect">Instance of the <see cref="IQuickConnect"/> interface.</param>
/// <param name="authContext">Instance of the <see cref="IAuthorizationContext"/> interface.</param>
public QuickConnectController(IQuickConnect quickConnect, IAuthorizationContext authContext)
2020-08-13 13:35:04 -07:00
{
_quickConnect = quickConnect;
_authContext = authContext;
2020-08-13 13:35:04 -07:00
}
/// <summary>
/// Gets the current quick connect state.
/// </summary>
/// <response code="200">Quick connect state returned.</response>
2021-06-18 10:31:47 -07:00
/// <returns>Whether Quick Connect is enabled on the server or not.</returns>
[HttpGet("Enabled")]
2020-08-13 13:35:04 -07:00
[ProducesResponseType(StatusCodes.Status200OK)]
2022-09-04 01:21:21 -07:00
public ActionResult<bool> GetQuickConnectEnabled()
2020-08-13 13:35:04 -07:00
{
2021-06-18 10:31:47 -07:00
return _quickConnect.IsEnabled;
2020-08-13 13:35:04 -07:00
}
/// <summary>
/// Initiate a new quick connect request.
/// </summary>
/// <response code="200">Quick connect request successfully created.</response>
/// <response code="401">Quick connect is not active on this server.</response>
/// <returns>A <see cref="QuickConnectResult"/> with a secret and code for future use or an error message.</returns>
[HttpPost("Initiate")]
2020-08-13 13:35:04 -07:00
[ProducesResponseType(StatusCodes.Status200OK)]
2022-09-04 01:21:21 -07:00
public async Task<ActionResult<QuickConnectResult>> InitiateQuickConnect()
2020-08-13 13:35:04 -07:00
{
2021-06-18 10:31:47 -07:00
try
{
var auth = await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false);
return _quickConnect.TryConnect(auth);
2021-06-18 10:31:47 -07:00
}
catch (AuthenticationException)
{
return Unauthorized("Quick connect is disabled");
}
2020-08-13 13:35:04 -07:00
}
/// <summary>
/// Old version of <see cref="InitiateQuickConnect" /> using a GET method.
/// Still available to avoid breaking compatibility.
/// </summary>
/// <returns>The result of <see cref="InitiateQuickConnect" />.</returns>
[Obsolete("Use POST request instead")]
[HttpGet("Initiate")]
[ApiExplorerSettings(IgnoreApi = true)]
public Task<ActionResult<QuickConnectResult>> InitiateQuickConnectLegacy() => InitiateQuickConnect();
2020-08-13 13:35:04 -07:00
/// <summary>
/// Attempts to retrieve authentication information.
/// </summary>
/// <param name="secret">Secret previously returned from the Initiate endpoint.</param>
/// <response code="200">Quick connect result returned.</response>
/// <response code="404">Unknown quick connect secret.</response>
/// <returns>An updated <see cref="QuickConnectResult"/>.</returns>
[HttpGet("Connect")]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
2022-09-04 01:21:21 -07:00
public ActionResult<QuickConnectResult> GetQuickConnectState([FromQuery, Required] string secret)
2020-08-13 13:35:04 -07:00
{
try
{
2020-08-17 14:36:45 -07:00
return _quickConnect.CheckRequestStatus(secret);
2020-08-13 13:35:04 -07:00
}
catch (ResourceNotFoundException)
{
return NotFound("Unknown secret");
}
2021-06-18 10:31:47 -07:00
catch (AuthenticationException)
2020-08-13 13:35:04 -07:00
{
2021-06-18 10:31:47 -07:00
return Unauthorized("Quick connect is disabled");
2020-08-13 13:35:04 -07:00
}
}
/// <summary>
/// Authorizes a pending quick connect request.
/// </summary>
/// <param name="code">Quick connect code to authorize.</param>
/// <param name="userId">The user the authorize. Access to the requested user is required.</param>
2020-08-13 13:35:04 -07:00
/// <response code="200">Quick connect result authorized successfully.</response>
2020-08-17 16:48:58 -07:00
/// <response code="403">Unknown user id.</response>
2020-08-13 13:35:04 -07:00
/// <returns>Boolean indicating if the authorization was successful.</returns>
[HttpPost("Authorize")]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
2020-08-17 14:36:45 -07:00
[ProducesResponseType(StatusCodes.Status403Forbidden)]
public async Task<ActionResult<bool>> AuthorizeQuickConnect([FromQuery, Required] string code, [FromQuery] Guid? userId = null)
2020-08-13 13:35:04 -07:00
{
var currentUserId = User.GetUserId();
var actualUserId = userId ?? currentUserId;
if (actualUserId.Equals(default) || (!userId.Equals(currentUserId) && !User.IsInRole(UserRoles.Administrator)))
2020-08-17 14:36:45 -07:00
{
return Forbid("Unknown user id");
2020-08-17 14:36:45 -07:00
}
2021-06-18 10:31:47 -07:00
try
2020-08-16 15:45:53 -07:00
{
return await _quickConnect.AuthorizeRequest(actualUserId, code).ConfigureAwait(false);
2021-06-18 10:31:47 -07:00
}
catch (AuthenticationException)
{
return Unauthorized("Quick connect is disabled");
2020-08-16 15:45:53 -07:00
}
2020-08-13 13:35:04 -07:00
}
}
}