mirrors
/
jellyfin
zrcadlo https://github.com/jellyfin/jellyfin


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677
							using System.Net;
using System.Threading.Tasks;
using Jellyfin.Networking.Configuration;
using MediaBrowser.Common.Extensions;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Configuration;
using Microsoft.AspNetCore.Http;

namespace Jellyfin.Server.Middleware
{
    /// <summary>
    /// Validates the IP of requests coming from local networks wrt. remote access.
    /// </summary>
    public class IpBasedAccessValidationMiddleware
    {
        private readonly RequestDelegate _next;

        /// <summary>
        /// Initializes a new instance of the <see cref="IpBasedAccessValidationMiddleware"/> class.
        /// </summary>
        /// <param name="next">The next delegate in the pipeline.</param>
        public IpBasedAccessValidationMiddleware(RequestDelegate next)
        {
            _next = next;
        }

        /// <summary>
        /// Executes the middleware action.
        /// </summary>
        /// <param name="httpContext">The current HTTP context.</param>
        /// <param name="networkManager">The network manager.</param>
        /// <param name="serverConfigurationManager">The server configuration manager.</param>
        /// <returns>The async task.</returns>
        public async Task Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
        {
            if (httpContext.IsLocal())
            {
                // Running locally.
                await _next(httpContext).ConfigureAwait(false);
                return;
            }

            var remoteIp = httpContext.Connection.RemoteIpAddress ?? IPAddress.Loopback;

            if (serverConfigurationManager.GetNetworkConfiguration().EnableRemoteAccess)
            {
                // Comma separated list of IP addresses or IP/netmask entries for networks that will be allowed to connect remotely.
                // If left blank, all remote addresses will be allowed.
                var remoteAddressFilter = networkManager.RemoteAddressFilter;

                if (remoteAddressFilter.Count > 0 && !networkManager.IsInLocalNetwork(remoteIp))
                {
                    // remoteAddressFilter is a whitelist or blacklist.
                    bool isListed = remoteAddressFilter.ContainsAddress(remoteIp);
                    if (!serverConfigurationManager.GetNetworkConfiguration().IsRemoteIPFilterBlacklist)
                    {
                        // Black list, so flip over.
                        isListed = !isListed;
                    }

                    if (!isListed)
                    {
                        // If your name isn't on the list, you arn't coming in.
                        return;
                    }
                }
            }
            else if (!networkManager.IsInLocalNetwork(remoteIp))
            {
                // Remote not enabled. So everyone should be LAN.
                return;
            }

            await _next(httpContext).ConfigureAwait(false);
        }
    }
}