BreizhHardware/jfa-go
1
0
Fork 0
mirror of https://github.com/hrfee/jfa-go.git synced 2026-01-18 16:47:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add auth & gin logging, fixed dummy logger

Browse Source
This commit is contained in:
Harvey Tindall
2020-08-01 14:08:55 +01:00
parent 99a643ce9c
commit dba20bd3ea
2 changed files with 56 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
auth.go
View File

@@ -21,6 +21,7 @@ func (ctx *appContext) authenticate(gc *gin.Context) {
}
header := strings.SplitN(gc.Request.Header.Get("Authorization"), " ", 2)
if header[0] != "Basic" {
ctx.debug.Println("Invalid authentication header")
respond(401, "Unauthorized", gc)
return
}
@@ -28,11 +29,13 @@ func (ctx *appContext) authenticate(gc *gin.Context) {
creds := strings.SplitN(string(auth), ":", 2)
token, err := jwt.Parse(creds[0], func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
ctx.debug.Printf("Invalid JWT signing method %s", token.Header["alg"])
return nil, fmt.Errorf("Unexpected signing method %v", token.Header["alg"])
}
return []byte(os.Getenv("JFA_SECRET")), nil
})
if err != nil {
ctx.debug.Printf("Auth denied: %s", err)
respond(401, "Unauthorized", gc)
return
}
@@ -43,29 +46,32 @@ func (ctx *appContext) authenticate(gc *gin.Context) {
userId = claims["id"].(string)
jfId = claims["jfid"].(string)
} else {
ctx.debug.Printf("Invalid token")
respond(401, "Unauthorized", gc)
return
}
match := false
for _, user := range ctx.users {
fmt.Println("checking:", user.UserID, userId)
if user.UserID == userId {
match = true
}
}
if !match {
fmt.Println("error no match")
ctx.debug.Printf("Couldn't find user ID %s", userId)
respond(401, "Unauthorized", gc)
return
}
gc.Set("jfId", jfId)
gc.Set("userId", userId)
ctx.debug.Println("Authentication successful")
gc.Next()
}
func (ctx *appContext) GetToken(gc *gin.Context) {
ctx.info.Println("Token requested (login attempt)")
header := strings.SplitN(gc.Request.Header.Get("Authorization"), " ", 2)
if header[0] != "Basic" {
ctx.debug.Println("Invalid authentication header")
respond(401, "Unauthorized", gc)
return
}
@@ -82,21 +88,28 @@ func (ctx *appContext) GetToken(gc *gin.Context) {
jfId := ""
if !match {
if !ctx.jellyfinLogin {
ctx.info.Println("Auth failed: Invalid username and/or password")
respond(401, "Unauthorized", gc)
return
}
// eventually, make authenticate return a user to avoid two calls.
var status int
var err error
var user map[string]interface{}
user, status, err = ctx.authJf.authenticate(creds[0], creds[1])
jfId = user["Id"].(string)
if status != 200 || err != nil {
respond(401, "Unauthorized", gc)
if status == 401 {
ctx.info.Println("Auth failed: Invalid username and/or password")
respond(401, "Unauthorized", gc)
return
}
ctx.err.Printf("Auth failed: Couldn't authenticate with Jellyfin: Code %d", status)
respond(500, "Jellyfin error", gc)
return
} else {
if ctx.config.Section("ui").Key("admin_only").MustBool(true) {
if !user["Policy"].(map[string]interface{})["IsAdministrator"].(bool) {
ctx.debug.Printf("Auth failed: User \"%s\" isn't admin", creds[0])
respond(401, "Unauthorized", gc)
}
}
@@ -104,6 +117,7 @@ func (ctx *appContext) GetToken(gc *gin.Context) {
newuser.UserID = shortuuid.New()
userId = newuser.UserID
// uuid, nothing else identifiable!
ctx.debug.Printf("Token generated for user \"%s\"", creds[0])
ctx.users = append(ctx.users, newuser)
}
}