arian/navidrome
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

feat: add authentication via JWT token

Browse Source
This commit is contained in:
Deluan
2020-02-06 16:48:35 -05:00
parent 690f92a671
commit abb99a8501
10 changed files with 185 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/subsonic/middlewares.go
+2 -5
View File
@@ -44,10 +44,6 @@ func checkRequiredParameters(next http.Handler) http.Handler {
}
}
if ParamString(r, "p") == "" && (ParamString(r, "s") == "" || ParamString(r, "t") == "") {
log.Warn(r, "Missing authentication information")
}
user := ParamString(r, "u")
client := ParamString(r, "c")
version := ParamString(r, "v")
@@ -69,8 +65,9 @@ func authenticate(users engine.Users) func(next http.Handler) http.Handler {
pass := ParamString(r, "p")
token := ParamString(r, "t")
salt := ParamString(r, "s")
jwt := ParamString(r, "jwt")
usr, err := users.Authenticate(r.Context(), username, pass, token, salt)
usr, err := users.Authenticate(r.Context(), username, pass, token, salt, jwt)
if err == model.ErrInvalidAuth {
log.Warn(r, "Invalid login", "username", username, err)
} else if err != nil {
server/subsonic/middlewares_test.go
+5 -3
View File
@@ -113,7 +113,7 @@ var _ = Describe("Middlewares", func() {
})
It("passes all parameters to users.Authenticate ", func() {
r := newGetRequest("u=valid", "p=password", "t=token", "s=salt")
r := newGetRequest("u=valid", "p=password", "t=token", "s=salt", "jwt=jwt")
cp := authenticate(mockedUser)(next)
cp.ServeHTTP(w, r)
@@ -121,6 +121,7 @@ var _ = Describe("Middlewares", func() {
Expect(mockedUser.password).To(Equal("password"))
Expect(mockedUser.token).To(Equal("token"))
Expect(mockedUser.salt).To(Equal("salt"))
Expect(mockedUser.jwt).To(Equal("jwt"))
Expect(next.called).To(BeTrue())
user := next.req.Context().Value("user").(*model.User)
Expect(user.UserName).To(Equal("valid"))
@@ -149,14 +150,15 @@ func (mh *mockHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
type mockUsers struct {
engine.Users
username, password, token, salt string
username, password, token, salt, jwt string
}
func (m *mockUsers) Authenticate(ctx context.Context, username, password, token, salt string) (*model.User, error) {
func (m *mockUsers) Authenticate(ctx context.Context, username, password, token, salt, jwt string) (*model.User, error) {
m.username = username
m.password = password
m.token = token
m.salt = salt
m.jwt = jwt
if username == "valid" {
return &model.User{UserName: username, Password: password}, nil
}