-
-
Notifications
You must be signed in to change notification settings - Fork 60
/
user-auth.go
110 lines (95 loc) · 3.05 KB
/
user-auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
package main
import (
"fmt"
"strings"
"github.com/gin-gonic/gin"
lm "github.com/hrfee/jfa-go/logmessages"
)
func (app *appContext) userAuth() gin.HandlerFunc {
return app.userAuthenticate
}
func (app *appContext) userAuthenticate(gc *gin.Context) {
jellyfinLogin := app.config.Section("ui").Key("jellyfin_login").MustBool(true)
if !jellyfinLogin {
app.err.Printf(lm.FailedAuthRequest, lm.UserPageRequiresJellyfinAuth)
respond(500, "Contact Admin", gc)
return
}
claims, ok := app.decodeValidateAuthHeader(gc)
if !ok {
return
}
// user id can be nil for all we care, we just want the Jellyfin ID
jfID := claims["jfid"].(string)
gc.Set("jfId", jfID)
gc.Set("userMode", true)
gc.Next()
}
// @Summary Grabs an user-access token using username & password.
// @description Has limited access to API routes, used to display the user's personal page.
// @Produce json
// @Success 200 {object} getTokenDTO
// @Failure 401 {object} stringResponse
// @Router /my/token/login [get]
// @tags Auth
// @Security getUserTokenAuth
func (app *appContext) getUserTokenLogin(gc *gin.Context) {
if !app.config.Section("ui").Key("jellyfin_login").MustBool(true) {
app.err.Printf(lm.FailedAuthRequest, lm.UserPageRequiresJellyfinAuth)
respond(500, "Contact Admin", gc)
return
}
app.logIpInfo(gc, true, fmt.Sprintf(lm.RequestingToken, lm.UserTokenLoginAttempt))
username, password, ok := app.decodeValidateLoginHeader(gc, true)
if !ok {
return
}
user, ok := app.validateJellyfinCredentials(username, password, gc, true)
if !ok {
return
}
token, refresh, err := CreateToken(user.ID, user.ID, false)
if err != nil {
app.err.Printf(lm.FailedGenerateToken, err)
respond(500, "Couldn't generate user token", gc)
return
}
// host := gc.Request.URL.Hostname()
host := app.ExternalDomain
uri := "/my"
if strings.HasPrefix(gc.Request.RequestURI, app.URLBase) {
uri = "/accounts/my"
}
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, uri, host, true, true)
gc.JSON(200, getTokenDTO{token})
}
// @Summary Grabs an user-access token using a refresh token from cookies.
// @Produce json
// @Success 200 {object} getTokenDTO
// @Failure 401 {object} stringResponse
// @Router /my/token/refresh [get]
// @tags Auth
func (app *appContext) getUserTokenRefresh(gc *gin.Context) {
jellyfinLogin := app.config.Section("ui").Key("jellyfin_login").MustBool(true)
if !jellyfinLogin {
app.err.Printf(lm.FailedAuthRequest, lm.UserPageRequiresJellyfinAuth)
respond(500, "Contact Admin", gc)
return
}
app.logIpInfo(gc, true, fmt.Sprintf(lm.RequestingToken, lm.UserTokenRefresh))
claims, ok := app.decodeValidateRefreshCookie(gc, "user-refresh")
if !ok {
return
}
jfID := claims["jfid"].(string)
jwt, refresh, err := CreateToken(jfID, jfID, false)
if err != nil {
app.err.Printf(lm.FailedGenerateToken, err)
respond(500, "Couldn't generate user token", gc)
return
}
// host := gc.Request.URL.Hostname()
host := app.ExternalDomain
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", host, true, true)
gc.JSON(200, getTokenDTO{jwt})
}