open-source-mirrors
/
jellyfin
mirror of https://github.com/jellyfin/jellyfin
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4645 from crobibero/openapi-auth-filter

Browse Source 
Move OpenApiSecurityScheme to OperationFilter
pull/4671/head
Claus Vium 4 years ago committed by GitHub
parent fdd8b34cc1 7a729ea8d6
commit 4a3411cad1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 79 additions and 12 deletions
Show Stats Download Patch File Download Diff File

13
Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
Unescape View File

@ -236,18 +236,6 @@ namespace Jellyfin.Server.Extensions
Description = "API key header parameter"
});
var securitySchemeRef = new OpenApiSecurityScheme
{
Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = AuthenticationSchemes.CustomAuthentication },
};
// TODO: Apply this with an operation filter instead of globally
// https://github.com/domaindrivendev/Swashbuckle.AspNetCore#add-security-definitions-and-requirements
c.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{ securitySchemeRef, Array.Empty<string>() }
});
// Add all xml doc files to swagger generator.
var xmlFiles = Directory.GetFiles(
AppContext.BaseDirectory,
@ -277,6 +265,7 @@ namespace Jellyfin.Server.Extensions
// TODO - remove when all types are supported in System.Text.Json
c.AddSwaggerTypeMappings();
c.OperationFilter<SecurityRequirementsOperationFilter>();
c.OperationFilter<FileResponseFilter>();
c.DocumentFilter<WebsocketModelFilter>();
});

78
Jellyfin.Server/Filters/SecurityRequirementsOperationFilter.cs
Unescape View File

@ -0,0 +1,78 @@
using System;
using System.Collections.Generic;
using System.Linq;
using Jellyfin.Api.Constants;
using Microsoft.AspNetCore.Authorization;
using Microsoft.OpenApi.Models;
using Swashbuckle.AspNetCore.SwaggerGen;
namespace Jellyfin.Server.Filters
{
/// <summary>
/// Security requirement operation filter.
/// </summary>
public class SecurityRequirementsOperationFilter : IOperationFilter
{
/// <inheritdoc />
public void Apply(OpenApiOperation operation, OperationFilterContext context)
{
var requiredScopes = new List<string>();
// Add all method scopes.
foreach (var attribute in context.MethodInfo.GetCustomAttributes(true))
{
if (attribute is AuthorizeAttribute authorizeAttribute
&& authorizeAttribute.Policy != null
&& !requiredScopes.Contains(authorizeAttribute.Policy, StringComparer.Ordinal))
{
requiredScopes.Add(authorizeAttribute.Policy);
}
}
// Add controller scopes if any.
var controllerAttributes = context.MethodInfo.DeclaringType?.GetCustomAttributes(true);
if (controllerAttributes != null)
{
foreach (var attribute in controllerAttributes)
{
if (attribute is AuthorizeAttribute authorizeAttribute
&& authorizeAttribute.Policy != null
&& !requiredScopes.Contains(authorizeAttribute.Policy, StringComparer.Ordinal))
{
requiredScopes.Add(authorizeAttribute.Policy);
}
}
}
if (requiredScopes.Count != 0)
{
if (!operation.Responses.ContainsKey("401"))
{
operation.Responses.Add("401", new OpenApiResponse { Description = "Unauthorized" });
}
if (!operation.Responses.ContainsKey("403"))
{
operation.Responses.Add("403", new OpenApiResponse { Description = "Forbidden" });
}
var scheme = new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = AuthenticationSchemes.CustomAuthentication
}
};
operation.Security = new List<OpenApiSecurityRequirement>
{
new OpenApiSecurityRequirement
{
[scheme] = requiredScopes
}
};
}
}
}
}
Write Preview
Loading…
Cancel
Save