mirror of
https://github.com/hrfee/jfa-go.git
synced 2026-01-18 16:47:42 +01:00
use app identifier instead of ctx
changing this because ctx is commonly used with the context package.
This commit is contained in:
Harvey Tindall
53
auth.go
53
auth.go
@@ -3,22 +3,23 @@ package main
|
||||
import (
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"github.com/dgrijalva/jwt-go"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/lithammer/shortuuid/v3"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/dgrijalva/jwt-go"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/lithammer/shortuuid/v3"
|
||||
)
|
||||
|
||||
func (ctx *appContext) webAuth() gin.HandlerFunc {
|
||||
return ctx.authenticate
|
||||
func (app *appContext) webAuth() gin.HandlerFunc {
|
||||
return app.authenticate
|
||||
}
|
||||
|
||||
func (ctx *appContext) authenticate(gc *gin.Context) {
|
||||
func (app *appContext) authenticate(gc *gin.Context) {
|
||||
header := strings.SplitN(gc.Request.Header.Get("Authorization"), " ", 2)
|
||||
if header[0] != "Basic" {
|
||||
ctx.debug.Println("Invalid authentication header")
|
||||
app.debug.Println("Invalid authentication header")
|
||||
respond(401, "Unauthorized", gc)
|
||||
return
|
||||
}
|
||||
@@ -26,13 +27,13 @@ func (ctx *appContext) authenticate(gc *gin.Context) {
|
||||
creds := strings.SplitN(string(auth), ":", 2)
|
||||
token, err := jwt.Parse(creds[0], func(token *jwt.Token) (interface{}, error) {
|
||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
ctx.debug.Printf("Invalid JWT signing method %s", token.Header["alg"])
|
||||
app.debug.Printf("Invalid JWT signing method %s", token.Header["alg"])
|
||||
return nil, fmt.Errorf("Unexpected signing method %v", token.Header["alg"])
|
||||
}
|
||||
return []byte(os.Getenv("JFA_SECRET")), nil
|
||||
})
|
||||
if err != nil {
|
||||
ctx.debug.Printf("Auth denied: %s", err)
|
||||
app.debug.Printf("Auth denied: %s", err)
|
||||
respond(401, "Unauthorized", gc)
|
||||
return
|
||||
}
|
||||
@@ -43,32 +44,32 @@ func (ctx *appContext) authenticate(gc *gin.Context) {
|
||||
userId = claims["id"].(string)
|
||||
jfId = claims["jfid"].(string)
|
||||
} else {
|
||||
ctx.debug.Printf("Invalid token")
|
||||
app.debug.Printf("Invalid token")
|
||||
respond(401, "Unauthorized", gc)
|
||||
return
|
||||
}
|
||||
match := false
|
||||
for _, user := range ctx.users {
|
||||
for _, user := range app.users {
|
||||
if user.UserID == userId {
|
||||
match = true
|
||||
}
|
||||
}
|
||||
if !match {
|
||||
ctx.debug.Printf("Couldn't find user ID %s", userId)
|
||||
app.debug.Printf("Couldn't find user ID %s", userId)
|
||||
respond(401, "Unauthorized", gc)
|
||||
return
|
||||
}
|
||||
gc.Set("jfId", jfId)
|
||||
gc.Set("userId", userId)
|
||||
ctx.debug.Println("Authentication successful")
|
||||
app.debug.Println("Authentication successful")
|
||||
gc.Next()
|
||||
}
|
||||
|
||||
func (ctx *appContext) GetToken(gc *gin.Context) {
|
||||
ctx.info.Println("Token requested (login attempt)")
|
||||
func (app *appContext) GetToken(gc *gin.Context) {
|
||||
app.info.Println("Token requested (login attempt)")
|
||||
header := strings.SplitN(gc.Request.Header.Get("Authorization"), " ", 2)
|
||||
if header[0] != "Basic" {
|
||||
ctx.debug.Println("Invalid authentication header")
|
||||
app.debug.Println("Invalid authentication header")
|
||||
respond(401, "Unauthorized", gc)
|
||||
return
|
||||
}
|
||||
@@ -76,7 +77,7 @@ func (ctx *appContext) GetToken(gc *gin.Context) {
|
||||
creds := strings.SplitN(string(auth), ":", 2)
|
||||
match := false
|
||||
var userId string
|
||||
for _, user := range ctx.users {
|
||||
for _, user := range app.users {
|
||||
if user.Username == creds[0] && user.Password == creds[1] {
|
||||
match = true
|
||||
userId = user.UserID
|
||||
@@ -84,29 +85,29 @@ func (ctx *appContext) GetToken(gc *gin.Context) {
|
||||
}
|
||||
jfId := ""
|
||||
if !match {
|
||||
if !ctx.jellyfinLogin {
|
||||
ctx.info.Println("Auth failed: Invalid username and/or password")
|
||||
if !app.jellyfinLogin {
|
||||
app.info.Println("Auth failed: Invalid username and/or password")
|
||||
respond(401, "Unauthorized", gc)
|
||||
return
|
||||
}
|
||||
var status int
|
||||
var err error
|
||||
var user map[string]interface{}
|
||||
user, status, err = ctx.authJf.authenticate(creds[0], creds[1])
|
||||
user, status, err = app.authJf.authenticate(creds[0], creds[1])
|
||||
jfId = user["Id"].(string)
|
||||
if status != 200 || err != nil {
|
||||
if status == 401 {
|
||||
ctx.info.Println("Auth failed: Invalid username and/or password")
|
||||
app.info.Println("Auth failed: Invalid username and/or password")
|
||||
respond(401, "Unauthorized", gc)
|
||||
return
|
||||
}
|
||||
ctx.err.Printf("Auth failed: Couldn't authenticate with Jellyfin: Code %d", status)
|
||||
app.err.Printf("Auth failed: Couldn't authenticate with Jellyfin: Code %d", status)
|
||||
respond(500, "Jellyfin error", gc)
|
||||
return
|
||||
} else {
|
||||
if ctx.config.Section("ui").Key("admin_only").MustBool(true) {
|
||||
if app.config.Section("ui").Key("admin_only").MustBool(true) {
|
||||
if !user["Policy"].(map[string]interface{})["IsAdministrator"].(bool) {
|
||||
ctx.debug.Printf("Auth failed: User \"%s\" isn't admin", creds[0])
|
||||
app.debug.Printf("Auth failed: User \"%s\" isn't admin", creds[0])
|
||||
respond(401, "Unauthorized", gc)
|
||||
}
|
||||
}
|
||||
@@ -114,8 +115,8 @@ func (ctx *appContext) GetToken(gc *gin.Context) {
|
||||
newuser.UserID = shortuuid.New()
|
||||
userId = newuser.UserID
|
||||
// uuid, nothing else identifiable!
|
||||
ctx.debug.Printf("Token generated for user \"%s\"", creds[0])
|
||||
ctx.users = append(ctx.users, newuser)
|
||||
app.debug.Printf("Token generated for user \"%s\"", creds[0])
|
||||
app.users = append(app.users, newuser)
|
||||
}
|
||||
}
|
||||
token, err := CreateToken(userId, jfId)
|
||||
|
||||
Reference in New Issue
Block a user