af1152b001
Refactored all C# test files to use explicit namespace declarations and moved all using directives inside the namespace block for consistency. Updated assembly info and cache files to reflect the new build. Adjusted MvcTestingAppManifest.json to use fully qualified assembly names. No functional changes; all updates are related to code style, organization, and project metadata.
68 lines
2.4 KiB
C#
68 lines
2.4 KiB
C#
// <copyright file="IpBasedAccessValidationMiddleware.cs" company="PlaceholderCompany">
|
|
// Copyright (c) PlaceholderCompany. All rights reserved.
|
|
// </copyright>
|
|
|
|
namespace Jellyfin.Api.Middleware;
|
|
|
|
using System.Net;
|
|
using System.Threading.Tasks;
|
|
using System.Web;
|
|
using MediaBrowser.Common.Extensions;
|
|
using MediaBrowser.Common.Net;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
/// <summary>
|
|
/// Validates the IP of requests coming from local networks wrt. remote access.
|
|
/// </summary>
|
|
public class IPBasedAccessValidationMiddleware
|
|
{
|
|
private readonly RequestDelegate _next;
|
|
private readonly ILogger<IPBasedAccessValidationMiddleware> _logger;
|
|
|
|
/// <summary>
|
|
/// Initializes a new instance of the <see cref="IPBasedAccessValidationMiddleware"/> class.
|
|
/// </summary>
|
|
/// <param name="next">The next delegate in the pipeline.</param>
|
|
/// <param name="logger">The logger to log to.</param>
|
|
public IPBasedAccessValidationMiddleware(RequestDelegate next, ILogger<IPBasedAccessValidationMiddleware> logger)
|
|
{
|
|
_next = next;
|
|
_logger = logger;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Executes the middleware action.
|
|
/// </summary>
|
|
/// <param name="httpContext">The current HTTP context.</param>
|
|
/// <param name="networkManager">The network manager.</param>
|
|
/// <returns>The async task.</returns>
|
|
public async Task Invoke(HttpContext httpContext, INetworkManager networkManager)
|
|
{
|
|
if (httpContext.IsLocal())
|
|
{
|
|
// Accessing from the same machine as the server.
|
|
await _next(httpContext).ConfigureAwait(false);
|
|
return;
|
|
}
|
|
|
|
var remoteIP = httpContext.GetNormalizedRemoteIP();
|
|
|
|
var result = networkManager.ShouldAllowServerAccess(remoteIP);
|
|
if (result != RemoteAccessPolicyResult.Allow)
|
|
{
|
|
// No access from network, respond with 503 instead of 200.
|
|
_logger.LogWarning(
|
|
"Blocking request to {Path} by {RemoteIP} due to IP filtering rule, reason: {Reason}",
|
|
// url-encode to block log injection
|
|
HttpUtility.UrlEncode(httpContext.Request.Path),
|
|
remoteIP,
|
|
result);
|
|
httpContext.Response.StatusCode = StatusCodes.Status503ServiceUnavailable;
|
|
return;
|
|
}
|
|
|
|
await _next(httpContext).ConfigureAwait(false);
|
|
}
|
|
}
|