// // Copyright (c) PlaceholderCompany. All rights reserved. // #pragma warning disable CS1591 using System; using System.Threading.Tasks; using Jellyfin.Data; using Jellyfin.Database.Implementations.Enums; using MediaBrowser.Controller.Net; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Logging; namespace Emby.Server.Implementations.HttpServer.Security { public class AuthService : IAuthService { private readonly IAuthorizationContext _authorizationContext; private readonly ILogger _logger; public AuthService( IAuthorizationContext authorizationContext, ILogger logger) { _authorizationContext = authorizationContext; _logger = logger; } public async Task Authenticate(HttpRequest request) { var auth = await _authorizationContext.GetAuthorizationInfo(request).ConfigureAwait(false); if (!auth.HasToken) { _logger.LogDebug( "Authentication failed: No token provided. Path: {Path}, Client: {Client}, Device: {Device}, DeviceId: {DeviceId}", request.Path, auth.Client ?? "unknown", auth.Device ?? "unknown", auth.DeviceId ?? "unknown"); return auth; } if (!auth.IsAuthenticated) { var tokenPreview = auth.Token?.Length > 8 ? auth.Token.Substring(0, 8) + "..." : auth.Token ?? "null"; _logger.LogDebug( "Authentication failed: Invalid token. Path: {Path}, Client: {Client}, Device: {Device}, DeviceId: {DeviceId}, Token: {Token}", request.Path, auth.Client ?? "unknown", auth.Device ?? "unknown", auth.DeviceId ?? "unknown", tokenPreview); throw new SecurityException("Invalid token."); } if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false) { _logger.LogWarning( "Authentication failed: User account disabled. User: {User}, Path: {Path}", auth.User.Username, request.Path); throw new SecurityException("User account has been disabled."); } _logger.LogDebug( "Authentication successful. User: {User}, Client: {Client}, Device: {Device}, Path: {Path}", auth.User?.Username ?? "ApiKey", auth.Client ?? "unknown", auth.Device ?? "unknown", request.Path); return auth; } } }