Merge branch 'master' into comparisons

3 files changed, 151 insertions, 7 deletions

diff --git a/Jellyfin.Server/Middleware/BaseUrlRedirectionMiddleware.cs b/Jellyfin.Server/Middleware/BaseUrlRedirectionMiddleware.cs
index c23da2fd63..2eef223e52 100644
--- a/Jellyfin.Server/Middleware/BaseUrlRedirectionMiddleware.cs
+++ b/Jellyfin.Server/Middleware/BaseUrlRedirectionMiddleware.cs
@@ -45,15 +45,33 @@ namespace Jellyfin.Server.Middleware
             var localPath = httpContext.Request.Path.ToString();
             var baseUrlPrefix = serverConfigurationManager.GetNetworkConfiguration().BaseUrl;
 
-            if (string.Equals(localPath, baseUrlPrefix + "/", StringComparison.OrdinalIgnoreCase)
-                || string.Equals(localPath, baseUrlPrefix, StringComparison.OrdinalIgnoreCase)
-                || string.Equals(localPath, "/", StringComparison.OrdinalIgnoreCase)
-                || string.IsNullOrEmpty(localPath)
-                || !localPath.StartsWith(baseUrlPrefix, StringComparison.OrdinalIgnoreCase))
+            if (!string.IsNullOrEmpty(baseUrlPrefix))
             {
-                // Always redirect back to the default path if the base prefix is invalid or missing
+                var startsWithBaseUrl = localPath.StartsWith(baseUrlPrefix, StringComparison.OrdinalIgnoreCase);
+
+                if (!startsWithBaseUrl
+                    && (localPath.Equals("/health", StringComparison.OrdinalIgnoreCase)
+                        || localPath.Equals("/health/", StringComparison.OrdinalIgnoreCase)))
+                {
+                    _logger.LogDebug("Redirecting /health check");
+                    httpContext.Response.Redirect(baseUrlPrefix + "/health");
+                    return;
+                }
+
+                if (!startsWithBaseUrl)
+                {
+                    // Always redirect back to the default path if the base prefix is invalid or missing
+                    _logger.LogDebug("Normalizing an URL at {LocalPath}", localPath);
+                    httpContext.Response.Redirect(baseUrlPrefix + "/" + _configuration[ConfigurationExtensions.DefaultRedirectKey]);
+                    return;
+                }
+            }
+            else if (string.IsNullOrEmpty(localPath)
+                     || localPath.Equals("/", StringComparison.Ordinal))
+            {
+                // Always redirect back to the default path if root is requested.
                 _logger.LogDebug("Normalizing an URL at {LocalPath}", localPath);
-                httpContext.Response.Redirect(baseUrlPrefix + "/" + _configuration[ConfigurationExtensions.DefaultRedirectKey]);
+                httpContext.Response.Redirect("/" + _configuration[ConfigurationExtensions.DefaultRedirectKey]);
                 return;
             }
 
diff --git a/Jellyfin.Server/Middleware/QueryStringDecodingMiddleware.cs b/Jellyfin.Server/Middleware/QueryStringDecodingMiddleware.cs
new file mode 100644
index 0000000000..fd0ebbf438
--- /dev/null
+++ b/Jellyfin.Server/Middleware/QueryStringDecodingMiddleware.cs
@@ -0,0 +1,35 @@
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+
+namespace Jellyfin.Server.Middleware
+{
+    /// <summary>
+    /// URL decodes the querystring before binding.
+    /// </summary>
+    public class QueryStringDecodingMiddleware
+    {
+        private readonly RequestDelegate _next;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="QueryStringDecodingMiddleware"/> class.
+        /// </summary>
+        /// <param name="next">The next delegate in the pipeline.</param>
+        public QueryStringDecodingMiddleware(RequestDelegate next)
+        {
+            _next = next;
+        }
+
+        /// <summary>
+        /// Executes the middleware action.
+        /// </summary>
+        /// <param name="httpContext">The current HTTP context.</param>
+        /// <returns>The async task.</returns>
+        public async Task Invoke(HttpContext httpContext)
+        {
+            httpContext.Features.Set<IQueryFeature>(new UrlDecodeQueryFeature(httpContext.Features.Get<IQueryFeature>()));
+
+            await _next(httpContext).ConfigureAwait(false);
+        }
+    }
+}
diff --git a/Jellyfin.Server/Middleware/UrlDecodeQueryFeature.cs b/Jellyfin.Server/Middleware/UrlDecodeQueryFeature.cs
new file mode 100644
index 0000000000..310a3d31ad
--- /dev/null
+++ b/Jellyfin.Server/Middleware/UrlDecodeQueryFeature.cs
@@ -0,0 +1,91 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+using MediaBrowser.Common.Extensions;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.Extensions.Primitives;
+
+namespace Jellyfin.Server.Middleware
+{
+    /// <summary>
+    /// Defines the <see cref="UrlDecodeQueryFeature"/>.
+    /// </summary>
+    public class UrlDecodeQueryFeature : IQueryFeature
+    {
+        private IQueryCollection? _store;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="UrlDecodeQueryFeature"/> class.
+        /// </summary>
+        /// <param name="feature">The <see cref="IQueryFeature"/> instance.</param>
+        public UrlDecodeQueryFeature(IQueryFeature feature)
+        {
+            Query = feature.Query;
+        }
+
+        /// <summary>
+        /// Gets or sets a value indicating the url decoded <see cref="IQueryCollection"/>.
+        /// </summary>
+        public IQueryCollection Query
+        {
+            get
+            {
+                return _store ?? QueryCollection.Empty;
+            }
+
+            set
+            {
+                // Only interested in where the querystring is encoded which shows up as one key with nothing in the value.
+                if (value.Count != 1)
+                {
+                    _store = value;
+                    return;
+                }
+
+                // Encoded querystrings have no value, so don't process anything if a value is present.
+                var (key, stringValues) = value.First();
+                if (!string.IsNullOrEmpty(stringValues))
+                {
+                    _store = value;
+                    return;
+                }
+
+                // Unencode and re-parse querystring.
+                var unencodedKey = HttpUtility.UrlDecode(key);
+
+                if (string.Equals(unencodedKey, key, StringComparison.Ordinal))
+                {
+                    // Don't do anything if it's not encoded.
+                    _store = value;
+                    return;
+                }
+
+                var pairs = new Dictionary<string, StringValues>();
+                var queryString = unencodedKey.SpanSplit('&');
+
+                foreach (var pair in queryString)
+                {
+                    var i = pair.IndexOf('=');
+                    if (i == -1)
+                    {
+                        // encoded is an equals.
+                        // We use TryAdd so duplicate keys get ignored
+                        pairs.TryAdd(pair.ToString(), StringValues.Empty);
+                        continue;
+                    }
+
+                    var k = pair[..i].ToString();
+                    var v = pair[(i + 1)..].ToString();
+                    if (!pairs.TryAdd(k, new StringValues(v)))
+                    {
+                        pairs[k] = StringValues.Concat(pairs[k], v);
+                    }
+                }
+
+                _store = new QueryCollection(pairs);
+            }
+        }
+    }
+}