mirrors
/
navidrome
mirror of https://github.com/navidrome/navidrome.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Small refactoring

This commit is contained in:
Deluan 2024-04-26 22:01:57 -04:00
parent ac8ab3dae1
commit 89312f53bb
2 changed files with 16 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
server/subsonic/middlewares.go
View File

@ -1,7 +1,6 @@
package subsonic
import (
"context"
"crypto/md5"
"encoding/hex"
"errors"
@ -68,14 +67,14 @@ func checkRequiredParameters(next http.Handler) http.Handler {
}
client, _ := p.String("c")
version, _ := p.String("v")
ctx := r.Context()
ctx = request.WithUsername(ctx, username)
ctx = request.WithClient(ctx, client)
ctx = request.WithVersion(ctx, version)
log.Debug(ctx, "API: New request "+r.URL.Path, "username", username, "client", client, "version", version)
r = r.WithContext(ctx)
next.ServeHTTP(w, r)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
@ -89,7 +88,6 @@ func authenticate(ds model.DataStore) func(next http.Handler) http.Handler {
if username := server.UsernameFromReverseProxyHeader(r); username != "" {
usr, err = ds.User(ctx).FindByUsername(username)
if errors.Is(err, model.ErrNotFound) {
log.Warn(ctx, "API: Invalid login", "auth", "reverse-proxy", "username", username, "remoteAddr", r.RemoteAddr, err)
} else if err != nil {
@ -98,22 +96,19 @@ func authenticate(ds model.DataStore) func(next http.Handler) http.Handler {
} else {
p := req.Params(r)
username, _ := p.String("u")
pass, _ := p.String("p")
token, _ := p.String("t")
salt, _ := p.String("s")
jwt, _ := p.String("jwt")
usr, err = ds.User(ctx).FindByUsernameWithPassword(username)
if errors.Is(err, model.ErrNotFound) {
log.Warn(ctx, "API: Invalid login", "auth", "subsonic", "username", username, "remoteAddr", r.RemoteAddr, err)
} else if err != nil {
log.Error(ctx, "API: Error authenticating username", "auth", "subsonic", "username", username, "remoteAddr", r.RemoteAddr, err)
}
err = validateSubsonicSecret(ctx, ds, usr, pass, token, salt, jwt)
err = validateCredentials(usr, pass, token, salt, jwt)
if err != nil {
log.Warn(ctx, "API: Invalid login", "auth", "subsonic", "username", username, "remoteAddr", r.RemoteAddr, err)
}
@ -132,16 +127,13 @@ func authenticate(ds model.DataStore) func(next http.Handler) http.Handler {
// }
//}()
ctx = log.NewContext(r.Context(), "username", usr.UserName)
ctx = request.WithUser(ctx, *usr)
r = r.WithContext(ctx)
next.ServeHTTP(w, r)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
}
func validateSubsonicSecret(ctx context.Context, ds model.DataStore, user *model.User, pass, token, salt, jwt string) error {
func validateCredentials(user *model.User, pass, token, salt, jwt string) error {
valid := false
switch {
@ -177,7 +169,7 @@ func getPlayer(players core.Players) func(next http.Handler) http.Handler {
userAgent := canonicalUserAgent(r)
player, trc, err := players.Register(ctx, playerId, client, userAgent, ip)
if err != nil {
log.Error(r.Context(), "Could not register player", "username", userName, "client", client, err)
log.Error(ctx, "Could not register player", "username", userName, "client", client, err)
} else {
ctx = request.WithPlayer(ctx, *player)
if trc != nil {

20
server/subsonic/middlewares_test.go
View File

@ -248,7 +248,7 @@ var _ = Describe("Middlewares", func() {
})
})
Describe("validateSubsonicSecret", func() {
Describe("validateCredentials", func() {
var usr *model.User
BeforeEach(func() {
@ -259,7 +259,7 @@ var _ = Describe("Middlewares", func() {
})
var err error
usr, err = ds.User(context.TODO()).FindByUsernameWithPassword("admin")
usr, err = ur.FindByUsernameWithPassword("admin")
if err != nil {
panic(err)
}
@ -267,31 +267,31 @@ var _ = Describe("Middlewares", func() {
Context("Plaintext password", func() {
It("authenticates with plaintext password ", func() {
err := validateSubsonicSecret(context.TODO(), ds, usr, "wordpass", "", "", "")
err := validateCredentials(usr, "wordpass", "", "", "")
Expect(err).NotTo(HaveOccurred())
})
It("fails authentication with wrong password", func() {
err := validateSubsonicSecret(context.TODO(), ds, usr, "INVALID", "", "", "")
err := validateCredentials(usr, "INVALID", "", "", "")
Expect(err).To(MatchError(model.ErrInvalidAuth))
})
})
Context("Encoded password", func() {
It("authenticates with simple encoded password ", func() {
err := validateSubsonicSecret(context.TODO(), ds, usr, "enc:776f726470617373", "", "", "")
err := validateCredentials(usr, "enc:776f726470617373", "", "", "")
Expect(err).NotTo(HaveOccurred())
})
})
Context("Token based authentication", func() {
It("authenticates with token based authentication", func() {
err := validateSubsonicSecret(context.TODO(), ds, usr, "", "23b342970e25c7928831c3317edd0b67", "retnlmjetrymazgkt", "")
err := validateCredentials(usr, "", "23b342970e25c7928831c3317edd0b67", "retnlmjetrymazgkt", "")
Expect(err).NotTo(HaveOccurred())
})
It("fails if salt is missing", func() {
err := validateSubsonicSecret(context.TODO(), ds, usr, "", "23b342970e25c7928831c3317edd0b67", "", "")
err := validateCredentials(usr, "", "23b342970e25c7928831c3317edd0b67", "", "")
Expect(err).To(MatchError(model.ErrInvalidAuth))
})
})
@ -313,20 +313,20 @@ var _ = Describe("Middlewares", func() {
})
It("authenticates with JWT token based authentication", func() {
err := validateSubsonicSecret(context.TODO(), ds, usr, "", "", "", validToken)
err := validateCredentials(usr, "", "", "", validToken)
Expect(err).NotTo(HaveOccurred())
})
It("fails if JWT token is invalid", func() {
err := validateSubsonicSecret(context.TODO(), ds, usr, "", "", "", "invalid.token")
err := validateCredentials(usr, "", "", "", "invalid.token")
Expect(err).To(MatchError(model.ErrInvalidAuth))
})
It("fails if JWT token sub is different than username", func() {
u := &model.User{UserName: "hacker"}
validToken, _ = auth.CreateToken(u)
err := validateSubsonicSecret(context.TODO(), ds, usr, "", "", "", validToken)
err := validateCredentials(usr, "", "", "", validToken)
Expect(err).To(MatchError(model.ErrInvalidAuth))
})
})