Add authorization to overlay image upload, retrieval, and deletion endpoints
This commit is contained in:
CodeDevMLH
@@ -4,6 +4,7 @@ using System.Threading.Tasks;
|
|||||||
using Microsoft.AspNetCore.Http;
|
using Microsoft.AspNetCore.Http;
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
using MediaBrowser.Common.Configuration;
|
using MediaBrowser.Common.Configuration;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
|
||||||
namespace Jellyfin.Plugin.MediaBarEnhanced.Api
|
namespace Jellyfin.Plugin.MediaBarEnhanced.Api
|
||||||
{
|
{
|
||||||
@@ -26,7 +27,7 @@ namespace Jellyfin.Plugin.MediaBarEnhanced.Api
|
|||||||
/// <summary>
|
/// <summary>
|
||||||
/// Uploads a new custom overlay image.
|
/// Uploads a new custom overlay image.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
// [Microsoft.AspNetCore.Authorization.Authorize]
|
[Authorize(Policy = "RequiresElevation")]
|
||||||
[HttpPost("OverlayImage")]
|
[HttpPost("OverlayImage")]
|
||||||
[Consumes("multipart/form-data")]
|
[Consumes("multipart/form-data")]
|
||||||
public async Task<IActionResult> UploadImage([FromForm] IFormFile file, [FromQuery] string? filename = null)
|
public async Task<IActionResult> UploadImage([FromForm] IFormFile file, [FromQuery] string? filename = null)
|
||||||
@@ -40,7 +41,7 @@ namespace Jellyfin.Plugin.MediaBarEnhanced.Api
|
|||||||
string extension = Path.GetExtension(file.FileName);
|
string extension = Path.GetExtension(file.FileName);
|
||||||
if (string.IsNullOrWhiteSpace(extension)) extension = ".jpg";
|
if (string.IsNullOrWhiteSpace(extension)) extension = ".jpg";
|
||||||
|
|
||||||
// Delete any existing file with this prefix before saving the new one (as extensions might differ)
|
// Delete any existing file with this prefix before saving the new one
|
||||||
string prefix = string.IsNullOrWhiteSpace(filename) ? "custom_overlay_image_global" : $"custom_overlay_image_{filename}";
|
string prefix = string.IsNullOrWhiteSpace(filename) ? "custom_overlay_image_global" : $"custom_overlay_image_{filename}";
|
||||||
|
|
||||||
try
|
try
|
||||||
@@ -60,9 +61,6 @@ namespace Jellyfin.Plugin.MediaBarEnhanced.Api
|
|||||||
string targetFileName = $"{prefix}{extension}";
|
string targetFileName = $"{prefix}{extension}";
|
||||||
string targetPath = Path.Combine(_imageDirectory, targetFileName);
|
string targetPath = Path.Combine(_imageDirectory, targetFileName);
|
||||||
|
|
||||||
// Delete is not strictly necessary and can cause locking issues if someone is currently reading it.
|
|
||||||
// FileMode.Create will truncate the file if it exists, effectively overwriting it.
|
|
||||||
// We use FileShare.None to ensure we have exclusive write access, but handle potential IOExceptions gracefully.
|
|
||||||
using (var stream = new FileStream(targetPath, FileMode.Create, FileAccess.Write, FileShare.None))
|
using (var stream = new FileStream(targetPath, FileMode.Create, FileAccess.Write, FileShare.None))
|
||||||
{
|
{
|
||||||
await file.CopyToAsync(stream).ConfigureAwait(false);
|
await file.CopyToAsync(stream).ConfigureAwait(false);
|
||||||
@@ -82,7 +80,6 @@ namespace Jellyfin.Plugin.MediaBarEnhanced.Api
|
|||||||
/// <summary>
|
/// <summary>
|
||||||
/// Retrieves the custom overlay image.
|
/// Retrieves the custom overlay image.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
// [Microsoft.AspNetCore.Authorization.Authorize]
|
|
||||||
[HttpGet("OverlayImage")]
|
[HttpGet("OverlayImage")]
|
||||||
public IActionResult GetImage([FromQuery] string? filename = null)
|
public IActionResult GetImage([FromQuery] string? filename = null)
|
||||||
{
|
{
|
||||||
@@ -98,7 +95,6 @@ namespace Jellyfin.Plugin.MediaBarEnhanced.Api
|
|||||||
string targetPath = existingFiles[0];
|
string targetPath = existingFiles[0];
|
||||||
|
|
||||||
// Read the file and return with appropriate MIME type
|
// Read the file and return with appropriate MIME type
|
||||||
// We use FileShare.ReadWrite | FileShare.Delete so that if someone is currently overwriting the file (uploading), we don't block them.
|
|
||||||
var stream = new FileStream(targetPath, FileMode.Open, FileAccess.Read, FileShare.ReadWrite | FileShare.Delete);
|
var stream = new FileStream(targetPath, FileMode.Open, FileAccess.Read, FileShare.ReadWrite | FileShare.Delete);
|
||||||
|
|
||||||
string mimeType = "application/octet-stream";
|
string mimeType = "application/octet-stream";
|
||||||
@@ -115,7 +111,7 @@ namespace Jellyfin.Plugin.MediaBarEnhanced.Api
|
|||||||
/// <summary>
|
/// <summary>
|
||||||
/// Deletes a custom overlay image.
|
/// Deletes a custom overlay image.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
// [Microsoft.AspNetCore.Authorization.Authorize]
|
[Authorize(Policy = "RequiresElevation")]
|
||||||
[HttpDelete("OverlayImage")]
|
[HttpDelete("OverlayImage")]
|
||||||
public IActionResult DeleteImage([FromQuery] string? filename = null)
|
public IActionResult DeleteImage([FromQuery] string? filename = null)
|
||||||
{
|
{
|
||||||
@@ -144,7 +140,6 @@ namespace Jellyfin.Plugin.MediaBarEnhanced.Api
|
|||||||
/// <summary>
|
/// <summary>
|
||||||
/// Renames a custom overlay image (used when a seasonal section is renamed).
|
/// Renames a custom overlay image (used when a seasonal section is renamed).
|
||||||
/// </summary>
|
/// </summary>
|
||||||
// [Microsoft.AspNetCore.Authorization.Authorize]
|
|
||||||
[HttpPut("OverlayImage/Rename")]
|
[HttpPut("OverlayImage/Rename")]
|
||||||
public IActionResult RenameImage([FromQuery] string oldName, [FromQuery] string newName)
|
public IActionResult RenameImage([FromQuery] string oldName, [FromQuery] string newName)
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user