using System.Threading.Tasks;
using MediaBrowser.Common.Net;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth.AnonymousLanAccessPolicy
{
///
/// LAN access handler. Allows anonymous users.
///
public class AnonymousLanAccessHandler : AuthorizationHandler
{
private readonly INetworkManager _networkManager;
private readonly IHttpContextAccessor _httpContextAccessor;
///
/// Initializes a new instance of the class.
///
/// Instance of the interface.
/// Instance of the interface.
public AnonymousLanAccessHandler(
INetworkManager networkManager,
IHttpContextAccessor httpContextAccessor)
{
_networkManager = networkManager;
_httpContextAccessor = httpContextAccessor;
}
///
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AnonymousLanAccessRequirement requirement)
{
var ip = _httpContextAccessor.HttpContext?.Connection.RemoteIpAddress;
// Loopback will be on LAN, so we can accept null.
if (ip is null || _networkManager.IsInLocalNetwork(ip))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return Task.CompletedTask;
}
}
}