using System.Threading.Tasks; using Jellyfin.Api.Constants; using MediaBrowser.Common.Extensions; using MediaBrowser.Common.Net; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; namespace Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy { /// /// Local access or require elevated privileges handler. /// public class LocalAccessOrRequiresElevationHandler : AuthorizationHandler { private readonly INetworkManager _networkManager; private readonly IHttpContextAccessor _httpContextAccessor; /// /// Initializes a new instance of the class. /// /// Instance of the interface. /// Instance of the interface. public LocalAccessOrRequiresElevationHandler( INetworkManager networkManager, IHttpContextAccessor httpContextAccessor) { _networkManager = networkManager; _httpContextAccessor = httpContextAccessor; } /// protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, LocalAccessOrRequiresElevationRequirement requirement) { var ip = _httpContextAccessor.HttpContext?.GetNormalizedRemoteIp(); // Loopback will be on LAN, so we can accept null. if (ip is null || _networkManager.IsInLocalNetwork(ip)) { context.Succeed(requirement); return Task.CompletedTask; } if (context.User.IsInRole(UserRoles.Administrator)) { context.Succeed(requirement); } else { context.Fail(); } return Task.CompletedTask; } } }