From 40e38e89e1cca741788b6d46202fe6af70806c1c Mon Sep 17 00:00:00 2001 From: sephrat <34862846+sephrat@users.noreply.github.com> Date: Wed, 24 May 2023 18:08:12 +0200 Subject: [PATCH] feat(emby): Show end-user external IP address to Emby when logging in as an Emby user Fixes #4947 --- src/Ombi.Api.Emby/EmbyApi.cs | 7 ++++- src/Ombi.Api.Emby/IBaseEmbyApi.cs | 2 +- .../Authentication/OmbiUserManager.cs | 8 ++++-- src/Ombi/Controllers/BaseController.cs | 28 +++++++++++++++++++ src/Ombi/Controllers/V1/IdentityController.cs | 3 +- src/Ombi/Controllers/V1/TokenController.cs | 25 ++--------------- 6 files changed, 44 insertions(+), 29 deletions(-) create mode 100644 src/Ombi/Controllers/BaseController.cs diff --git a/src/Ombi.Api.Emby/EmbyApi.cs b/src/Ombi.Api.Emby/EmbyApi.cs index d8691d9845..ca9d140cea 100644 --- a/src/Ombi.Api.Emby/EmbyApi.cs +++ b/src/Ombi.Api.Emby/EmbyApi.cs @@ -56,7 +56,7 @@ public async Task GetPublicInformation(string baseUrl) return obj; } - public async Task LogIn(string username, string password, string apiKey, string baseUri) + public async Task LogIn(string username, string password, string apiKey, string baseUri, string clientIpAddress) { var request = new Request("emby/users/authenticatebyname", baseUri, HttpMethod.Post); var body = new @@ -71,6 +71,11 @@ public async Task LogIn(string username, string password, string apiKe $"MediaBrowser Client=\"Ombi\", Device=\"Ombi\", DeviceId=\"v3\", Version=\"v3\""); AddHeaders(request, apiKey); + if (!string.IsNullOrEmpty(clientIpAddress)) + { + request.AddHeader("X-Forwarded-For", clientIpAddress); + } + var obj = await Api.Request(request); return obj; } diff --git a/src/Ombi.Api.Emby/IBaseEmbyApi.cs b/src/Ombi.Api.Emby/IBaseEmbyApi.cs index 582eac0c91..c9b0275f62 100644 --- a/src/Ombi.Api.Emby/IBaseEmbyApi.cs +++ b/src/Ombi.Api.Emby/IBaseEmbyApi.cs @@ -11,7 +11,7 @@ public interface IBaseEmbyApi { Task GetSystemInformation(string apiKey, string baseUrl); Task> GetUsers(string baseUri, string apiKey); - Task LogIn(string username, string password, string apiKey, string baseUri); + Task LogIn(string username, string password, string apiKey, string baseUri, string clientIpAddress); Task> GetAllMovies(string apiKey, string parentIdFilder, int startIndex, int count, string userId, string baseUri); diff --git a/src/Ombi.Core/Authentication/OmbiUserManager.cs b/src/Ombi.Core/Authentication/OmbiUserManager.cs index 124ff1aeb6..e80469a00d 100644 --- a/src/Ombi.Core/Authentication/OmbiUserManager.cs +++ b/src/Ombi.Core/Authentication/OmbiUserManager.cs @@ -69,6 +69,8 @@ public OmbiUserManager(IUserStore store, IOptions opt private readonly ISettingsService _embySettings; private readonly ISettingsService _jellyfinSettings; private readonly ISettingsService _authSettings; + private string _clientIpAddress; + public string ClientIpAddress { get => _clientIpAddress; set => _clientIpAddress = value; } public override async Task CheckPasswordAsync(OmbiUser user, string password) { @@ -88,7 +90,7 @@ public override async Task CheckPasswordAsync(OmbiUser user, string passwo } if (user.UserType == UserType.EmbyUser || user.UserType == UserType.EmbyConnectUser) { - return await CheckEmbyPasswordAsync(user, password); + return await CheckEmbyPasswordAsync(user, password, ClientIpAddress); } if (user.UserType == UserType.JellyfinUser) { @@ -168,7 +170,7 @@ private async Task CheckPlexPasswordAsync(OmbiUser user, string password) /// /// /// - private async Task CheckEmbyPasswordAsync(OmbiUser user, string password) + private async Task CheckEmbyPasswordAsync(OmbiUser user, string password, string clientIpAddress="") { var embySettings = await _embySettings.GetSettingsAsync(); var client = _embyApi.CreateClient(embySettings); @@ -196,7 +198,7 @@ private async Task CheckEmbyPasswordAsync(OmbiUser user, string password) { try { - var result = await client.LogIn(user.UserName, password, server.ApiKey, server.FullUri); + var result = await client.LogIn(user.UserName, password, server.ApiKey, server.FullUri, clientIpAddress); if (result != null) { return true; diff --git a/src/Ombi/Controllers/BaseController.cs b/src/Ombi/Controllers/BaseController.cs new file mode 100644 index 0000000000..a6e01ca2ca --- /dev/null +++ b/src/Ombi/Controllers/BaseController.cs @@ -0,0 +1,28 @@ + +using System.Linq; +using Microsoft.AspNetCore.Mvc; + +public class BaseController : Controller +{ + protected string GetRequestIP() + { + string ip = null; + + if (Request.HttpContext?.Request?.Headers != null && Request.HttpContext.Request.Headers.ContainsKey("X-Forwarded-For")) + { + var forwardedip = Request.HttpContext.Request.Headers["X-Forwarded-For"].ToString(); + ip = forwardedip.TrimEnd(',').Split(",").Select(s => s.Trim()).FirstOrDefault(); + } + + if (string.IsNullOrWhiteSpace(ip) && Request.HttpContext?.Connection?.RemoteIpAddress != null) + ip = Request.HttpContext.Connection.RemoteIpAddress.ToString(); + + if (string.IsNullOrWhiteSpace(ip) && Request.HttpContext?.Request?.Headers != null && Request.HttpContext.Request.Headers.ContainsKey("REMOTE_ADDR")) + { + var remoteip = Request.HttpContext.Request.Headers["REMOTE_ADDR"].ToString(); + ip = remoteip.TrimEnd(',').Split(",").Select(s => s.Trim()).FirstOrDefault(); + } + + return ip; + } +} \ No newline at end of file diff --git a/src/Ombi/Controllers/V1/IdentityController.cs b/src/Ombi/Controllers/V1/IdentityController.cs index 5577b1809e..3e561e396f 100644 --- a/src/Ombi/Controllers/V1/IdentityController.cs +++ b/src/Ombi/Controllers/V1/IdentityController.cs @@ -44,7 +44,7 @@ namespace Ombi.Controllers.V1 [ApiV1] [Produces("application/json")] [ApiController] - public class IdentityController : Controller + public class IdentityController : BaseController { public IdentityController(OmbiUserManager user, RoleManager rm, @@ -555,6 +555,7 @@ public async Task UpdateLocalUser([FromBody] UpdateLocalUser } // Make sure the pass is ok + UserManager.ClientIpAddress = GetRequestIP(); var passwordCheck = await UserManager.CheckPasswordAsync(user, ui.CurrentPassword); if (!passwordCheck) { diff --git a/src/Ombi/Controllers/V1/TokenController.cs b/src/Ombi/Controllers/V1/TokenController.cs index 872551a27b..6bec24c131 100644 --- a/src/Ombi/Controllers/V1/TokenController.cs +++ b/src/Ombi/Controllers/V1/TokenController.cs @@ -33,7 +33,7 @@ public class Token [ApiV1] [Produces("application/json")] [ApiController] - public class TokenController : ControllerBase + public class TokenController : BaseController { public TokenController(OmbiUserManager um, ITokenRepository token, IPlexOAuthManager oAuthManager, ILogger logger, ISettingsService auth, @@ -82,7 +82,7 @@ public async Task GetToken([FromBody] UserAuthModel model) user.EmailLogin = true; } - + _userManager.ClientIpAddress = GetRequestIP(); // Verify Password if (await _userManager.CheckPasswordAsync(user, model.Password)) { @@ -269,27 +269,6 @@ public class TokenRefresh public string Userename { get; set; } } - private string GetRequestIP() - { - string ip = null; - - if (Request.HttpContext?.Request?.Headers != null && Request.HttpContext.Request.Headers.ContainsKey("X-Forwarded-For")) - { - var forwardedip = Request.HttpContext.Request.Headers["X-Forwarded-For"].ToString(); - ip = forwardedip.TrimEnd(',').Split(",").Select(s => s.Trim()).FirstOrDefault(); - } - - if (string.IsNullOrWhiteSpace(ip) && Request.HttpContext?.Connection?.RemoteIpAddress != null) - ip = Request.HttpContext.Connection.RemoteIpAddress.ToString(); - - if (string.IsNullOrWhiteSpace(ip) && Request.HttpContext?.Request?.Headers != null && Request.HttpContext.Request.Headers.ContainsKey("REMOTE_ADDR")) - { - var remoteip = Request.HttpContext.Request.Headers["REMOTE_ADDR"].ToString(); - ip = remoteip.TrimEnd(',').Split(",").Select(s => s.Trim()).FirstOrDefault(); - } - - return ip; - } [HttpPost("header_auth")] [ProducesResponseType(401)]