mirrors
/
navidrome
mirror of https://github.com/navidrome/navidrome.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
3,657 Commits 9 Branches 91 Tags 81 MiB
Commit Graph

39 Commits

Author SHA1 Message Date
crazygolem 1e96b858a9
Add support for Reverse Proxy auth in Subsonic endpoints (#2558) 
* feat(subsonic): Add support for Reverse Proxy auth - #2557

Signed-off-by: Jeremiah Menétrey <superjun1@gmail.com>

* Small refactoring

---------

Signed-off-by: Jeremiah Menétrey <superjun1@gmail.com>
Co-authored-by: Deluan Quintão <deluan@navidrome.org>
 2024-04-27 13:47:42 -04:00
crazygolem 18143fa5a1
Use the RealIP middleware also behind a reverse proxy (#2858) 
* Use the RealIP middleware only behind a reverse proxy

* Fix proxy ip source in tests

* Fix test for PR#2087

The PR did not update the test after changing the behavior, but the test still
passed because another condition was preventing the user from being created in
the test.

* Use RealIP even without a trusted reverse proxy

* Use own type for context key

* Fix casing to follow go's conventions

* Do not apply RealIP middleware twice

* Fix IP source in logs

The most interesting data point in the log message is the proxy's IP, but
having the client IP too can help identify integration issues.
 2024-04-25 20:43:58 -04:00
Deluan dfcc189cff Replace all `utils.Param*` with `req.Params` 2023-12-21 17:41:09 -05:00
Deluan b998c05ca0 Some refactorings 2023-03-26 21:28:37 -04:00
Deluan 10108c63c9 Allow BaseURL to contain full server url, including scheme and host. Fix #2183 2023-02-15 21:13:38 -05:00
Deluan aac6e2cb07 Add path to cookies. Fix #1580 2023-02-15 20:23:32 -05:00
Deluan 6489dd4478 Fix overriding previous logger in context 2022-12-14 11:50:16 -05:00
Deluan 982b604500 Add username to authenticated log messages 2022-12-14 09:35:30 -05:00
Deluan 9c433b5d68 Add missing context to logger calls 2022-11-04 11:30:12 -04:00
Deluan db67c1277e Fix error comparisons 2022-09-30 18:54:25 -04:00
Manuel 72cde6dfde
fix:(middlewares.go) - Set Cookie SameSite mode to Strict - 1776 (#1777) 
* None is deprecated and will fallback to Lax in the future.
* Using Strict is future proof and provides additional CSR protection

Signed-off-by: Manuel Kroeber <manuel.kroeber@gmail.com>

Signed-off-by: Manuel Kroeber <manuel.kroeber@gmail.com>
 2022-09-27 17:58:47 -04:00
Deluan 8cd405d15e Add IP to Subsonic API's invalid login log messages. Closes #1814 2022-07-25 23:54:49 -04:00
Deluan 97434c1789 Fix GetNowPlaying endpoint showing only the last play 2021-06-20 10:39:19 -04:00
Deluan Quintão 66b74c81f1
Encrypt passwords in DB (#1187) 
* Encode/Encrypt passwords in DB

* Only decrypts passwords if it is necessary

* Add tests for encryption functions
 2021-06-18 18:38:38 -04:00
Deluan b65e76293a Only send events to clients who need it 
- User events (star, rating, plays) only sent to same user
- Don't send to the client (browser window) that originated the event
 2021-06-15 18:59:26 -04:00
Deluan 6ee45a9ccc Move project to Navidrome GitHub organization 2021-02-06 21:46:35 -05:00
Deluan 4777cf0aba Simplify error responses 2020-10-27 15:33:28 -04:00
Deluan d0bf37a8a9 Move mock datastore to tests package 2020-10-27 15:23:49 -04:00
Deluan 596a4897a3 Do not force username to always be lowercase in the DB 2020-09-01 18:00:19 -04:00
Deluan 100f6a0645 Removed `engine.Users` 2020-08-14 12:10:37 -04:00
Deluan c271aa24d1 Make all Subsonic helper functions private 2020-08-14 12:10:37 -04:00
Deluan df05760769 Move `engine` package under `subsonic`, as it should only be used by the Subsonic API.master 
The idea is to move reusable code from `engine` to `core`, in future refactorings
 2020-08-04 21:29:35 -04:00
Deluan a6af46dbad Always use lowercase username, as it is used for referential integrity. Fixes #352 2020-06-14 20:20:10 -04:00
Deluan f8362a4acb Fix staticcheck's SA1029 2020-05-13 16:49:55 -04:00
Deluan a17a98a75f Log API requests and responses at Debug level 2020-04-05 23:57:04 -04:00
Deluan 0ba5840a65 Don't set a playerId cookie it cannot register the player 2020-04-04 20:26:36 -04:00
Deluan 39993810b3 feat: add `transcodedSuffix` to Subsonic API responses 2020-03-17 15:20:35 -04:00
Deluan da36941252 feat: better getPlayer middleware setup 2020-03-17 15:20:35 -04:00
Deluan 8ec78900c5 feat: transcoding and player datastores and configuration 2020-03-17 15:20:35 -04:00
Deluan fc06163b5a refactor: remove superfluous (and untested) code 2020-03-02 09:37:47 -05:00
Deluan 8673533cd4 refactor: move request param extractors to utils 2020-02-06 18:55:38 -05:00
Deluan abb99a8501 feat: add authentication via JWT token 2020-02-06 18:41:34 -05:00
Deluan 203754726b refactor: better request logging 2020-02-01 20:07:15 -05:00
Deluan 1278863416 feat: support clients that send the API params as a x-www-form-urlencoded POST 2020-01-27 15:10:46 -05:00
Deluan bee55c04c8 Rename project to Navidrome 2020-01-23 19:44:08 -05:00
Deluan f0ee41a8af Add context to all methods in engine layer 2020-01-22 08:39:57 -05:00
Deluan 2cc983638c Add authenticated user to context 2020-01-20 18:12:17 -05:00
Deluan 99c28731d4 Authenticate Subsonic API calls using the DB 2020-01-20 13:42:43 -05:00
Deluan 7610b42f4b Moved package `api` to `subsonic` under `server` 2020-01-19 18:23:09 -05:00
Renamed from api/middlewares.go (Browse further)