Merge remote-tracking branch 'upstream/master' into baseitemkind-fixes

5 files changed, 153 insertions, 39 deletions

diff --git a/Jellyfin.Server/Middleware/BaseUrlRedirectionMiddleware.cs b/Jellyfin.Server/Middleware/BaseUrlRedirectionMiddleware.cs
index c23da2fd63..2eef223e52 100644
--- a/Jellyfin.Server/Middleware/BaseUrlRedirectionMiddleware.cs
+++ b/Jellyfin.Server/Middleware/BaseUrlRedirectionMiddleware.cs
@@ -45,15 +45,33 @@ namespace Jellyfin.Server.Middleware
             var localPath = httpContext.Request.Path.ToString();
             var baseUrlPrefix = serverConfigurationManager.GetNetworkConfiguration().BaseUrl;
 
-            if (string.Equals(localPath, baseUrlPrefix + "/", StringComparison.OrdinalIgnoreCase)
-                || string.Equals(localPath, baseUrlPrefix, StringComparison.OrdinalIgnoreCase)
-                || string.Equals(localPath, "/", StringComparison.OrdinalIgnoreCase)
-                || string.IsNullOrEmpty(localPath)
-                || !localPath.StartsWith(baseUrlPrefix, StringComparison.OrdinalIgnoreCase))
+            if (!string.IsNullOrEmpty(baseUrlPrefix))
             {
-                // Always redirect back to the default path if the base prefix is invalid or missing
+                var startsWithBaseUrl = localPath.StartsWith(baseUrlPrefix, StringComparison.OrdinalIgnoreCase);
+
+                if (!startsWithBaseUrl
+                    && (localPath.Equals("/health", StringComparison.OrdinalIgnoreCase)
+                        || localPath.Equals("/health/", StringComparison.OrdinalIgnoreCase)))
+                {
+                    _logger.LogDebug("Redirecting /health check");
+                    httpContext.Response.Redirect(baseUrlPrefix + "/health");
+                    return;
+                }
+
+                if (!startsWithBaseUrl)
+                {
+                    // Always redirect back to the default path if the base prefix is invalid or missing
+                    _logger.LogDebug("Normalizing an URL at {LocalPath}", localPath);
+                    httpContext.Response.Redirect(baseUrlPrefix + "/" + _configuration[ConfigurationExtensions.DefaultRedirectKey]);
+                    return;
+                }
+            }
+            else if (string.IsNullOrEmpty(localPath)
+                     || localPath.Equals("/", StringComparison.Ordinal))
+            {
+                // Always redirect back to the default path if root is requested.
                 _logger.LogDebug("Normalizing an URL at {LocalPath}", localPath);
-                httpContext.Response.Redirect(baseUrlPrefix + "/" + _configuration[ConfigurationExtensions.DefaultRedirectKey]);
+                httpContext.Response.Redirect("/" + _configuration[ConfigurationExtensions.DefaultRedirectKey]);
                 return;
             }
 
diff --git a/Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs b/Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs
index 525cd9ffe2..0afcd61a05 100644
--- a/Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs
+++ b/Jellyfin.Server/Middleware/IpBasedAccessValidationMiddleware.cs
@@ -1,9 +1,7 @@
 using System.Net;
 using System.Threading.Tasks;
-using Jellyfin.Networking.Configuration;
 using MediaBrowser.Common.Extensions;
 using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Configuration;
 using Microsoft.AspNetCore.Http;
 
 namespace Jellyfin.Server.Middleware
@@ -29,9 +27,8 @@ namespace Jellyfin.Server.Middleware
         /// </summary>
         /// <param name="httpContext">The current HTTP context.</param>
         /// <param name="networkManager">The network manager.</param>
-        /// <param name="serverConfigurationManager">The server configuration manager.</param>
         /// <returns>The async task.</returns>
-        public async Task Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
+        public async Task Invoke(HttpContext httpContext, INetworkManager networkManager)
         {
             if (httpContext.IsLocal())
             {
@@ -42,32 +39,8 @@ namespace Jellyfin.Server.Middleware
 
             var remoteIp = httpContext.Connection.RemoteIpAddress ?? IPAddress.Loopback;
 
-            if (serverConfigurationManager.GetNetworkConfiguration().EnableRemoteAccess)
+            if (!networkManager.HasRemoteAccess(remoteIp))
             {
-                // Comma separated list of IP addresses or IP/netmask entries for networks that will be allowed to connect remotely.
-                // If left blank, all remote addresses will be allowed.
-                var remoteAddressFilter = networkManager.RemoteAddressFilter;
-
-                if (remoteAddressFilter.Count > 0 && !networkManager.IsInLocalNetwork(remoteIp))
-                {
-                    // remoteAddressFilter is a whitelist or blacklist.
-                    bool isListed = remoteAddressFilter.ContainsAddress(remoteIp);
-                    if (!serverConfigurationManager.GetNetworkConfiguration().IsRemoteIPFilterBlacklist)
-                    {
-                        // Black list, so flip over.
-                        isListed = !isListed;
-                    }
-
-                    if (!isListed)
-                    {
-                        // If your name isn't on the list, you arn't coming in.
-                        return;
-                    }
-                }
-            }
-            else if (!networkManager.IsInLocalNetwork(remoteIp))
-            {
-                // Remote not enabled. So everyone should be LAN.
                 return;
             }
 
diff --git a/Jellyfin.Server/Middleware/LanFilteringMiddleware.cs b/Jellyfin.Server/Middleware/LanFilteringMiddleware.cs
index 8065054a1e..67bf24d2a5 100644
--- a/Jellyfin.Server/Middleware/LanFilteringMiddleware.cs
+++ b/Jellyfin.Server/Middleware/LanFilteringMiddleware.cs
@@ -1,9 +1,6 @@
-using System;
-using System.Linq;
 using System.Net;
 using System.Threading.Tasks;
 using Jellyfin.Networking.Configuration;
-using MediaBrowser.Common.Extensions;
 using MediaBrowser.Common.Net;
 using MediaBrowser.Controller.Configuration;
 using Microsoft.AspNetCore.Http;
diff --git a/Jellyfin.Server/Middleware/QueryStringDecodingMiddleware.cs b/Jellyfin.Server/Middleware/QueryStringDecodingMiddleware.cs
new file mode 100644
index 0000000000..fd0ebbf438
--- /dev/null
+++ b/Jellyfin.Server/Middleware/QueryStringDecodingMiddleware.cs
@@ -0,0 +1,35 @@
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+
+namespace Jellyfin.Server.Middleware
+{
+    /// <summary>
+    /// URL decodes the querystring before binding.
+    /// </summary>
+    public class QueryStringDecodingMiddleware
+    {
+        private readonly RequestDelegate _next;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="QueryStringDecodingMiddleware"/> class.
+        /// </summary>
+        /// <param name="next">The next delegate in the pipeline.</param>
+        public QueryStringDecodingMiddleware(RequestDelegate next)
+        {
+            _next = next;
+        }
+
+        /// <summary>
+        /// Executes the middleware action.
+        /// </summary>
+        /// <param name="httpContext">The current HTTP context.</param>
+        /// <returns>The async task.</returns>
+        public async Task Invoke(HttpContext httpContext)
+        {
+            httpContext.Features.Set<IQueryFeature>(new UrlDecodeQueryFeature(httpContext.Features.Get<IQueryFeature>()));
+
+            await _next(httpContext).ConfigureAwait(false);
+        }
+    }
+}
diff --git a/Jellyfin.Server/Middleware/UrlDecodeQueryFeature.cs b/Jellyfin.Server/Middleware/UrlDecodeQueryFeature.cs
new file mode 100644
index 0000000000..310a3d31ad
--- /dev/null
+++ b/Jellyfin.Server/Middleware/UrlDecodeQueryFeature.cs
@@ -0,0 +1,91 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+using MediaBrowser.Common.Extensions;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.Extensions.Primitives;
+
+namespace Jellyfin.Server.Middleware
+{
+    /// <summary>
+    /// Defines the <see cref="UrlDecodeQueryFeature"/>.
+    /// </summary>
+    public class UrlDecodeQueryFeature : IQueryFeature
+    {
+        private IQueryCollection? _store;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="UrlDecodeQueryFeature"/> class.
+        /// </summary>
+        /// <param name="feature">The <see cref="IQueryFeature"/> instance.</param>
+        public UrlDecodeQueryFeature(IQueryFeature feature)
+        {
+            Query = feature.Query;
+        }
+
+        /// <summary>
+        /// Gets or sets a value indicating the url decoded <see cref="IQueryCollection"/>.
+        /// </summary>
+        public IQueryCollection Query
+        {
+            get
+            {
+                return _store ?? QueryCollection.Empty;
+            }
+
+            set
+            {
+                // Only interested in where the querystring is encoded which shows up as one key with nothing in the value.
+                if (value.Count != 1)
+                {
+                    _store = value;
+                    return;
+                }
+
+                // Encoded querystrings have no value, so don't process anything if a value is present.
+                var (key, stringValues) = value.First();
+                if (!string.IsNullOrEmpty(stringValues))
+                {
+                    _store = value;
+                    return;
+                }
+
+                // Unencode and re-parse querystring.
+                var unencodedKey = HttpUtility.UrlDecode(key);
+
+                if (string.Equals(unencodedKey, key, StringComparison.Ordinal))
+                {
+                    // Don't do anything if it's not encoded.
+                    _store = value;
+                    return;
+                }
+
+                var pairs = new Dictionary<string, StringValues>();
+                var queryString = unencodedKey.SpanSplit('&');
+
+                foreach (var pair in queryString)
+                {
+                    var i = pair.IndexOf('=');
+                    if (i == -1)
+                    {
+                        // encoded is an equals.
+                        // We use TryAdd so duplicate keys get ignored
+                        pairs.TryAdd(pair.ToString(), StringValues.Empty);
+                        continue;
+                    }
+
+                    var k = pair[..i].ToString();
+                    var v = pair[(i + 1)..].ToString();
+                    if (!pairs.TryAdd(k, new StringValues(v)))
+                    {
+                        pairs[k] = StringValues.Concat(pairs[k], v);
+                    }
+                }
+
+                _store = new QueryCollection(pairs);
+            }
+        }
+    }
+}