Enhanced logging & error handling for auth and pg backups

- Add detailed debug/warning logs to authentication flows (AuthService, AuthorizationContext, WebSocketManager) for better traceability of auth attempts and failures.
- Log WebSocket authentication attempts, including IP, path, and token preview.
- Introduce PostgresVersionMismatchException for pg_dump/pg_restore version mismatches; parse and log server/client versions, clean up failed backups, and provide upgrade guidance.
- Add helper for parsing version mismatch errors.
- Update using directives and minor code cleanups.
- Update .csproj.user with new publish profile path.
This commit is contained in:
2026-03-04 12:37:39 -05:00
parent 895372fe98
commit 667c3768a9
8 changed files with 197 additions and 3 deletions
@@ -18,6 +18,7 @@ using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Net;
using Microsoft.AspNetCore.Http;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Logging;
using Microsoft.Net.Http.Headers;
namespace Jellyfin.Server.Implementations.Security
@@ -29,19 +30,22 @@ namespace Jellyfin.Server.Implementations.Security
private readonly IDeviceManager _deviceManager;
private readonly IServerApplicationHost _serverApplicationHost;
private readonly IServerConfigurationManager _configurationManager;
private readonly ILogger<AuthorizationContext> _logger;
public AuthorizationContext(
IDbContextFactory<JellyfinDbContext> jellyfinDb,
IUserManager userManager,
IDeviceManager deviceManager,
IServerApplicationHost serverApplicationHost,
IServerConfigurationManager configurationManager)
IServerConfigurationManager configurationManager,
ILogger<AuthorizationContext> logger)
{
_jellyfinDbProvider = jellyfinDb;
_userManager = userManager;
_deviceManager = deviceManager;
_serverApplicationHost = serverApplicationHost;
_configurationManager = configurationManager;
_logger = logger;
}
public Task<AuthorizationInfo> GetAuthorizationInfo(HttpContext requestContext)
@@ -127,9 +131,23 @@ namespace Jellyfin.Server.Implementations.Security
if (!authInfo.HasToken)
{
// Request doesn't contain a token.
_logger.LogDebug(
"No authentication token found. Client: {Client}, Device: {Device}, DeviceId: {DeviceId}, HasAuthHeader: {HasAuthHeader}",
client ?? "unknown",
deviceName ?? "unknown",
deviceId ?? "unknown",
auth is not null);
return authInfo;
}
var tokenPreview = token?.Length > 8 ? token.Substring(0, 8) + "..." : token ?? "null";
_logger.LogDebug(
"Validating authentication token. Client: {Client}, Device: {Device}, DeviceId: {DeviceId}, Token: {Token}",
client ?? "unknown",
deviceName ?? "unknown",
deviceId ?? "unknown",
tokenPreview);
var dbContext = await _jellyfinDbProvider.CreateDbContextAsync().ConfigureAwait(false);
await using (dbContext.ConfigureAwait(false))
{
@@ -138,6 +156,10 @@ namespace Jellyfin.Server.Implementations.Security
if (device is not null)
{
_logger.LogDebug(
"Token validated against device. Device: {DeviceName}, User: {UserId}",
device.DeviceName,
device.UserId);
authInfo.IsAuthenticated = true;
var updateToken = false;
@@ -199,6 +221,9 @@ namespace Jellyfin.Server.Implementations.Security
var key = await dbContext.ApiKeys.FirstOrDefaultAsync(apiKey => apiKey.AccessToken == token).ConfigureAwait(false);
if (key is not null)
{
_logger.LogDebug(
"Token validated against API key. ApiKey: {ApiKeyName}",
key.Name);
authInfo.IsAuthenticated = true;
authInfo.Client = key.Name;
authInfo.Token = key.AccessToken;
@@ -219,6 +244,13 @@ namespace Jellyfin.Server.Implementations.Security
authInfo.IsApiKey = true;
}
else
{
var tokenPreview2 = token?.Length > 8 ? token.Substring(0, 8) + "..." : token ?? "null";
_logger.LogDebug(
"Token validation failed: Token not found in devices or API keys. Token: {Token}",
tokenPreview2);
}
}
return authInfo;