mirror of
https://github.com/hrfee/jfa-go.git
synced 2026-01-18 16:47:42 +01:00
c52ba2162e
to change the urls of the admin page, the my account page and of invites. Seems to work, but need to check all the code over and test.
112 lines
3.2 KiB
Go
112 lines
3.2 KiB
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
lm "github.com/hrfee/jfa-go/logmessages"
|
|
)
|
|
|
|
func (app *appContext) userAuth() gin.HandlerFunc {
|
|
return app.userAuthenticate
|
|
}
|
|
|
|
func (app *appContext) userAuthenticate(gc *gin.Context) {
|
|
jellyfinLogin := app.config.Section("ui").Key("jellyfin_login").MustBool(true)
|
|
if !jellyfinLogin {
|
|
app.err.Printf(lm.FailedAuthRequest, lm.UserPageRequiresJellyfinAuth)
|
|
respond(500, "Contact Admin", gc)
|
|
return
|
|
}
|
|
claims, ok := app.decodeValidateAuthHeader(gc)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
// user id can be nil for all we care, we just want the Jellyfin ID
|
|
jfID := claims["jfid"].(string)
|
|
|
|
gc.Set("jfId", jfID)
|
|
gc.Set("userMode", true)
|
|
gc.Next()
|
|
}
|
|
|
|
// @Summary Grabs an user-access token using username & password.
|
|
// @description Has limited access to API routes, used to display the user's personal page.
|
|
// @Produce json
|
|
// @Success 200 {object} getTokenDTO
|
|
// @Failure 401 {object} stringResponse
|
|
// @Router /my/token/login [get]
|
|
// @tags Auth
|
|
// @Security getUserTokenAuth
|
|
func (app *appContext) getUserTokenLogin(gc *gin.Context) {
|
|
if !app.config.Section("ui").Key("jellyfin_login").MustBool(true) {
|
|
app.err.Printf(lm.FailedAuthRequest, lm.UserPageRequiresJellyfinAuth)
|
|
respond(500, "Contact Admin", gc)
|
|
return
|
|
}
|
|
app.logIpInfo(gc, true, fmt.Sprintf(lm.RequestingToken, lm.UserTokenLoginAttempt))
|
|
username, password, ok := app.decodeValidateLoginHeader(gc, true)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
user, ok := app.validateJellyfinCredentials(username, password, gc, true)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
token, refresh, err := CreateToken(user.ID, user.ID, false)
|
|
if err != nil {
|
|
app.err.Printf(lm.FailedGenerateToken, err)
|
|
respond(500, "Couldn't generate user token", gc)
|
|
return
|
|
}
|
|
|
|
// host := gc.Request.URL.Hostname()
|
|
host := app.ExternalDomain
|
|
uri := "/my"
|
|
// FIXME: This seems like a bad idea? I think it's to deal with people having Reverse proxy subfolder/URL base set to /accounts.
|
|
if strings.HasPrefix(gc.Request.RequestURI, PAGES.Base) {
|
|
uri = "/accounts/my"
|
|
}
|
|
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, uri, host, true, true)
|
|
gc.JSON(200, getTokenDTO{token})
|
|
}
|
|
|
|
// @Summary Grabs an user-access token using a refresh token from cookies.
|
|
// @Produce json
|
|
// @Success 200 {object} getTokenDTO
|
|
// @Failure 401 {object} stringResponse
|
|
// @Router /my/token/refresh [get]
|
|
// @tags Auth
|
|
func (app *appContext) getUserTokenRefresh(gc *gin.Context) {
|
|
jellyfinLogin := app.config.Section("ui").Key("jellyfin_login").MustBool(true)
|
|
if !jellyfinLogin {
|
|
app.err.Printf(lm.FailedAuthRequest, lm.UserPageRequiresJellyfinAuth)
|
|
respond(500, "Contact Admin", gc)
|
|
return
|
|
}
|
|
|
|
app.logIpInfo(gc, true, fmt.Sprintf(lm.RequestingToken, lm.UserTokenRefresh))
|
|
claims, ok := app.decodeValidateRefreshCookie(gc, "user-refresh")
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
jfID := claims["jfid"].(string)
|
|
|
|
jwt, refresh, err := CreateToken(jfID, jfID, false)
|
|
if err != nil {
|
|
app.err.Printf(lm.FailedGenerateToken, err)
|
|
respond(500, "Couldn't generate user token", gc)
|
|
return
|
|
}
|
|
|
|
// host := gc.Request.URL.Hostname()
|
|
host := app.ExternalDomain
|
|
gc.SetCookie("user-refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", host, true, true)
|
|
gc.JSON(200, getTokenDTO{jwt})
|
|
}
|