using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using MediaBrowser.Common.Extensions;
using MediaBrowser.Common.Net;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy
{
///
/// Local access or require elevated privileges handler.
///
public class LocalAccessOrRequiresElevationHandler : AuthorizationHandler
{
private readonly INetworkManager _networkManager;
private readonly IHttpContextAccessor _httpContextAccessor;
///
/// Initializes a new instance of the class.
///
/// Instance of the interface.
/// Instance of the interface.
public LocalAccessOrRequiresElevationHandler(
INetworkManager networkManager,
IHttpContextAccessor httpContextAccessor)
{
_networkManager = networkManager;
_httpContextAccessor = httpContextAccessor;
}
///
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, LocalAccessOrRequiresElevationRequirement requirement)
{
var ip = _httpContextAccessor.HttpContext?.GetNormalizedRemoteIp();
// Loopback will be on LAN, so we can accept null.
if (ip is null || _networkManager.IsInLocalNetwork(ip))
{
context.Succeed(requirement);
return Task.CompletedTask;
}
if (context.User.IsInRole(UserRoles.Administrator))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return Task.CompletedTask;
}
}
}