You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
jfa-go/user-auth.go

99 lines
2.9 KiB

package main
import "github.com/gin-gonic/gin"
func (app *appContext) userAuth() gin.HandlerFunc {
return app.userAuthenticate
}
func (app *appContext) userAuthenticate(gc *gin.Context) {
jellyfinLogin := app.config.Section("ui").Key("jellyfin_login").MustBool(true)
if !jellyfinLogin {
app.err.Println("Enable Jellyfin Login to use the User Page feature.")
respond(500, "Contact Admin", gc)
return
}
claims, ok := app.decodeValidateAuthHeader(gc)
if !ok {
return
}
// user id can be nil for all we care, we just want the Jellyfin ID
jfID := claims["jfid"].(string)
gc.Set("jfId", jfID)
gc.Set("userMode", true)
app.debug.Println("Auth succeeded")
gc.Next()
}
// @Summary Grabs an user-access token using username & password.
// @description Has limited access to API routes, used to display the user's personal page.
// @Produce json
// @Success 200 {object} getTokenDTO
// @Failure 401 {object} stringResponse
// @Router /my/token/login [get]
// @tags Auth
// @Security getUserTokenAuth
func (app *appContext) getUserTokenLogin(gc *gin.Context) {
if !app.config.Section("ui").Key("jellyfin_login").MustBool(true) {
app.err.Println("Enable Jellyfin Login to use the User Page feature.")
respond(500, "Contact Admin", gc)
return
}
app.info.Println("UserToken requested (login attempt)")
username, password, ok := app.decodeValidateLoginHeader(gc)
if !ok {
return
}
user, ok := app.validateJellyfinCredentials(username, password, gc)
if !ok {
return
}
token, refresh, err := CreateToken(user.ID, user.ID, false)
if err != nil {
app.err.Printf("getUserToken failed: Couldn't generate user token (%s)", err)
respond(500, "Couldn't generate user token", gc)
return
}
app.debug.Printf("Token generated for non-admin user \"%s\"", username)
gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", gc.Request.URL.Hostname(), true, true)
gc.JSON(200, getTokenDTO{token})
}
// @Summary Grabs an user-access token using a refresh token from cookies.
// @Produce json
// @Success 200 {object} getTokenDTO
// @Failure 401 {object} stringResponse
// @Router /my/token/refresh [get]
// @tags Auth
func (app *appContext) getUserTokenRefresh(gc *gin.Context) {
jellyfinLogin := app.config.Section("ui").Key("jellyfin_login").MustBool(true)
if !jellyfinLogin {
app.err.Println("Enable Jellyfin Login to use the User Page feature.")
respond(500, "Contact Admin", gc)
return
}
app.info.Println("UserToken request (refresh token)")
claims, ok := app.decodeValidateRefreshCookie(gc)
if !ok {
return
}
jfID := claims["jfid"].(string)
jwt, refresh, err := CreateToken(jfID, jfID, false)
if err != nil {
app.err.Printf("getUserToken failed: Couldn't generate user token (%s)", err)
respond(500, "Couldn't generate user token", gc)
return
}
gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/my", gc.Request.URL.Hostname(), true, true)
gc.JSON(200, getTokenDTO{jwt})
}