Add back LocalAccessOrRequiresElevationPolicy

author: Shadowghost <Ghost_of_Stone@web.de> 2023-02-14 19:04:18 +0100
committer: Shadowghost <Ghost_of_Stone@web.de> 2023-02-14 19:06:43 +0100
commit: b8ed1f81cda7222078ed245c5f46562fc7822758 (patch)
tree: fdf8db326de6cf7244e91f7f7861fe07a5e9488d /Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs
parent: eeb0f7af6c1d3f422b66128e5a91830a3682e331 (diff)
1 files changed, 52 insertions, 0 deletions
diff --git a/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs b/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs
new file mode 100644
index 0000000000..0b0877d068
--- /dev/null
+++ b/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs
@@ -0,0 +1,52 @@
+using System.Threading.Tasks;
+using Jellyfin.Api.Constants;
+using MediaBrowser.Common.Extensions;
+using MediaBrowser.Common.Net;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy
+{
+    /// <summary>
+    /// Local access or require elevated privileges handler.
+    /// </summary>
+    public class LocalAccessOrRequiresElevationHandler : AuthorizationHandler<LocalAccessOrRequiresElevationRequirement>
+    {
+        private readonly INetworkManager _networkManager;
+        private readonly IHttpContextAccessor _httpContextAccessor;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="LocalAccessOrRequiresElevationHandler"/> class.
+        /// </summary>
+        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
+        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
+        public LocalAccessOrRequiresElevationHandler(
+            INetworkManager networkManager,
+            IHttpContextAccessor httpContextAccessor)
+        {
+            _networkManager = networkManager;
+            _httpContextAccessor = httpContextAccessor;
+        }
+
+        /// <inheritdoc />
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, LocalAccessOrRequiresElevationRequirement requirement)
+        {
+            var ip = _httpContextAccessor.HttpContext?.GetNormalizedRemoteIp();
+
+            // Loopback will be on LAN, so we can accept null.
+            if (ip is null || _networkManager.IsInLocalNetwork(ip))
+            {
+                context.Succeed(requirement);
+            }
+
+            if (context.User.IsInRole(UserRoles.Administrator))
+            {
+                context.Succeed(requirement);
+            }
+
+            context.Fail();
+
+            return Task.CompletedTask;
+        }
+    }
+}
author	Shadowghost <Ghost_of_Stone@web.de>	2023-02-14 19:04:18 +0100
committer	Shadowghost <Ghost_of_Stone@web.de>	2023-02-14 19:06:43 +0100
commit	b8ed1f81cda7222078ed245c5f46562fc7822758 (patch)
tree	fdf8db326de6cf7244e91f7f7861fe07a5e9488d /Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs
parent	eeb0f7af6c1d3f422b66128e5a91830a3682e331 (diff)