mirror of
https://github.com/jellyfin/jellyfin.git
synced 2024-07-01 19:33:28 +02:00
Fix remote access
This commit is contained in:
parent
5592967497
commit
3fdf0de6e3
|
@ -576,6 +576,46 @@ namespace Jellyfin.Networking.Manager
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Checks to see if <paramref name="remoteIp"/> has access.
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="remoteIp">IP Address of client.</param>
|
||||||
|
/// <returns><b>True</b> if has access, otherwise <b>false</b>.</returns>
|
||||||
|
public bool HasRemoteAccess(IPAddress remoteIp)
|
||||||
|
{
|
||||||
|
var config = _configurationManager.GetNetworkConfiguration();
|
||||||
|
if (config.EnableRemoteAccess)
|
||||||
|
{
|
||||||
|
// Comma separated list of IP addresses or IP/netmask entries for networks that will be allowed to connect remotely.
|
||||||
|
// If left blank, all remote addresses will be allowed.
|
||||||
|
var remoteAddressFilter = RemoteAddressFilter;
|
||||||
|
|
||||||
|
if (RemoteAddressFilter.Count > 0 && !IsInLocalNetwork(remoteIp))
|
||||||
|
{
|
||||||
|
// remoteAddressFilter is a whitelist or blacklist.
|
||||||
|
bool isListed = RemoteAddressFilter.ContainsAddress(remoteIp);
|
||||||
|
if (config.IsRemoteIPFilterBlacklist)
|
||||||
|
{
|
||||||
|
// Black list, so flip over.
|
||||||
|
isListed = !isListed;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!isListed)
|
||||||
|
{
|
||||||
|
// If your name isn't on the list, you arn't coming in.
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if (!IsInLocalNetwork(remoteIp))
|
||||||
|
{
|
||||||
|
// Remote not enabled. So everyone should be LAN.
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Reloads all settings and re-initialises the instance.
|
/// Reloads all settings and re-initialises the instance.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
|
|
|
@ -42,32 +42,8 @@ namespace Jellyfin.Server.Middleware
|
||||||
|
|
||||||
var remoteIp = httpContext.Connection.RemoteIpAddress ?? IPAddress.Loopback;
|
var remoteIp = httpContext.Connection.RemoteIpAddress ?? IPAddress.Loopback;
|
||||||
|
|
||||||
if (serverConfigurationManager.GetNetworkConfiguration().EnableRemoteAccess)
|
if (!networkManager.HasRemoteAccess(remoteIp))
|
||||||
{
|
{
|
||||||
// Comma separated list of IP addresses or IP/netmask entries for networks that will be allowed to connect remotely.
|
|
||||||
// If left blank, all remote addresses will be allowed.
|
|
||||||
var remoteAddressFilter = networkManager.RemoteAddressFilter;
|
|
||||||
|
|
||||||
if (remoteAddressFilter.Count > 0 && !networkManager.IsInLocalNetwork(remoteIp))
|
|
||||||
{
|
|
||||||
// remoteAddressFilter is a whitelist or blacklist.
|
|
||||||
bool isListed = remoteAddressFilter.ContainsAddress(remoteIp);
|
|
||||||
if (!serverConfigurationManager.GetNetworkConfiguration().IsRemoteIPFilterBlacklist)
|
|
||||||
{
|
|
||||||
// Black list, so flip over.
|
|
||||||
isListed = !isListed;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!isListed)
|
|
||||||
{
|
|
||||||
// If your name isn't on the list, you arn't coming in.
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else if (!networkManager.IsInLocalNetwork(remoteIp))
|
|
||||||
{
|
|
||||||
// Remote not enabled. So everyone should be LAN.
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
17
Jellyfin.sln
17
Jellyfin.sln
|
@ -1,4 +1,5 @@
|
||||||
Microsoft Visual Studio Solution File, Format Version 12.00
|
|
||||||
|
Microsoft Visual Studio Solution File, Format Version 12.00
|
||||||
# Visual Studio Version 16
|
# Visual Studio Version 16
|
||||||
VisualStudioVersion = 16.0.30503.244
|
VisualStudioVersion = 16.0.30503.244
|
||||||
MinimumVisualStudioVersion = 10.0.40219.1
|
MinimumVisualStudioVersion = 10.0.40219.1
|
||||||
|
@ -70,15 +71,15 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Jellyfin.Networking", "Jell
|
||||||
EndProject
|
EndProject
|
||||||
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Jellyfin.Dlna.Tests", "tests\Jellyfin.Dlna.Tests\Jellyfin.Dlna.Tests.csproj", "{B8AE4B9D-E8D3-4B03-A95E-7FD8CECECC50}"
|
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Jellyfin.Dlna.Tests", "tests\Jellyfin.Dlna.Tests\Jellyfin.Dlna.Tests.csproj", "{B8AE4B9D-E8D3-4B03-A95E-7FD8CECECC50}"
|
||||||
EndProject
|
EndProject
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Jellyfin.XbmcMetadata.Tests", "tests\Jellyfin.XbmcMetadata.Tests\Jellyfin.XbmcMetadata.Tests.csproj", "{30922383-D513-4F4D-B890-A940B57FA353}"
|
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Jellyfin.XbmcMetadata.Tests", "tests\Jellyfin.XbmcMetadata.Tests\Jellyfin.XbmcMetadata.Tests.csproj", "{30922383-D513-4F4D-B890-A940B57FA353}"
|
||||||
EndProject
|
EndProject
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Jellyfin.Model.Tests", "tests\Jellyfin.Model.Tests\Jellyfin.Model.Tests.csproj", "{FC1BC0CE-E8D2-4AE9-A6AB-8A02143B335D}"
|
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Jellyfin.Model.Tests", "tests\Jellyfin.Model.Tests\Jellyfin.Model.Tests.csproj", "{FC1BC0CE-E8D2-4AE9-A6AB-8A02143B335D}"
|
||||||
EndProject
|
EndProject
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Jellyfin.Networking.Tests", "tests\Jellyfin.Networking.Tests\Jellyfin.Networking.Tests.csproj", "{42816EA8-4511-4CBF-A9C7-7791D5DDDAE6}"
|
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Jellyfin.Networking.Tests", "tests\Jellyfin.Networking.Tests\Jellyfin.Networking.Tests.csproj", "{42816EA8-4511-4CBF-A9C7-7791D5DDDAE6}"
|
||||||
EndProject
|
EndProject
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Jellyfin.Server.Integration.Tests", "tests\Jellyfin.Server.Integration.Tests\Jellyfin.Server.Integration.Tests.csproj", "{25E40B0B-7C89-4230-8911-CBBBCE83FC5B}"
|
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Jellyfin.Server.Integration.Tests", "tests\Jellyfin.Server.Integration.Tests\Jellyfin.Server.Integration.Tests.csproj", "{25E40B0B-7C89-4230-8911-CBBBCE83FC5B}"
|
||||||
EndProject
|
EndProject
|
||||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Jellyfin.Server.Tests", "tests\Jellyfin.Server.Tests\Jellyfin.Server.Tests.csproj", "{3ADBCD8C-C0F2-4956-8FDC-35D686B74CF9}"
|
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Jellyfin.Server.Tests", "tests\Jellyfin.Server.Tests\Jellyfin.Server.Tests.csproj", "{3ADBCD8C-C0F2-4956-8FDC-35D686B74CF9}"
|
||||||
EndProject
|
EndProject
|
||||||
Global
|
Global
|
||||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
||||||
|
@ -210,6 +211,10 @@ Global
|
||||||
{42816EA8-4511-4CBF-A9C7-7791D5DDDAE6}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
{42816EA8-4511-4CBF-A9C7-7791D5DDDAE6}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||||
{42816EA8-4511-4CBF-A9C7-7791D5DDDAE6}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
{42816EA8-4511-4CBF-A9C7-7791D5DDDAE6}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||||
{42816EA8-4511-4CBF-A9C7-7791D5DDDAE6}.Release|Any CPU.Build.0 = Release|Any CPU
|
{42816EA8-4511-4CBF-A9C7-7791D5DDDAE6}.Release|Any CPU.Build.0 = Release|Any CPU
|
||||||
|
{25E40B0B-7C89-4230-8911-CBBBCE83FC5B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
||||||
|
{25E40B0B-7C89-4230-8911-CBBBCE83FC5B}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||||
|
{25E40B0B-7C89-4230-8911-CBBBCE83FC5B}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||||
|
{25E40B0B-7C89-4230-8911-CBBBCE83FC5B}.Release|Any CPU.Build.0 = Release|Any CPU
|
||||||
{3ADBCD8C-C0F2-4956-8FDC-35D686B74CF9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
{3ADBCD8C-C0F2-4956-8FDC-35D686B74CF9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
||||||
{3ADBCD8C-C0F2-4956-8FDC-35D686B74CF9}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
{3ADBCD8C-C0F2-4956-8FDC-35D686B74CF9}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||||
{3ADBCD8C-C0F2-4956-8FDC-35D686B74CF9}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
{3ADBCD8C-C0F2-4956-8FDC-35D686B74CF9}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||||
|
|
|
@ -229,5 +229,12 @@ namespace MediaBrowser.Common.Net
|
||||||
/// <param name="filter">Optional filter for the list.</param>
|
/// <param name="filter">Optional filter for the list.</param>
|
||||||
/// <returns>Returns a filtered list of LAN addresses.</returns>
|
/// <returns>Returns a filtered list of LAN addresses.</returns>
|
||||||
Collection<IPObject> GetFilteredLANSubnets(Collection<IPObject>? filter = null);
|
Collection<IPObject> GetFilteredLANSubnets(Collection<IPObject>? filter = null);
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Checks to see if <paramref name="remoteIp"/> has access.
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="remoteIp">IP Address of client.</param>
|
||||||
|
/// <returns><b>True</b> if has access, otherwise <b>false</b>.</returns>
|
||||||
|
bool HasRemoteAccess(IPAddress remoteIp);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -514,5 +514,25 @@ namespace Jellyfin.Networking.Tests
|
||||||
|
|
||||||
Assert.Equal(intf, result);
|
Assert.Equal(intf, result);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[InlineData("185.10.10.10,200.200.200.200", "79.2.3.4", false, true)] // whitelist
|
||||||
|
[InlineData("185.10.10.10", "185.10.10.10", false, false)] // whitelist
|
||||||
|
[InlineData("185.10.10.10", "79.2.3.4", true, false)] // blacklist
|
||||||
|
public void TestRemoteAccess(string addresses, string remoteIp, bool blacklist, bool denied)
|
||||||
|
{
|
||||||
|
// Comma separated list of IP addresses or IP/netmask entries for networks that will be allowed to connect remotely.
|
||||||
|
// If left blank, all remote addresses will be allowed.
|
||||||
|
var conf = new NetworkConfiguration()
|
||||||
|
{
|
||||||
|
EnableIPV4 = true,
|
||||||
|
RemoteIPFilter = addresses.Split(","),
|
||||||
|
IsRemoteIPFilterBlacklist = blacklist
|
||||||
|
};
|
||||||
|
|
||||||
|
using var nm = new NetworkManager(GetMockConfig(conf), new NullLogger<NetworkManager>());
|
||||||
|
|
||||||
|
Assert.NotEqual(nm.HasRemoteAccess(IPAddress.Parse(remoteIp)), denied);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue