Auth fixes for #419 and also #390

Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
master
Andrew DeMaria 8 years ago
parent 5d7f7e1181
commit 1ec32f28ca
No known key found for this signature in database
GPG Key ID: 0A3F5E91F8364EDF
  1. 9
      libresonic-main/src/main/java/org/libresonic/player/ajax/PlayQueueService.java
  2. 8
      libresonic-main/src/main/java/org/libresonic/player/controller/M3UController.java
  3. 4
      libresonic-main/src/main/java/org/libresonic/player/service/JWTSecurityService.java
  4. 1
      libresonic-main/src/main/resources/applicationContext-service.xml

@ -57,6 +57,7 @@ public class PlayQueueService {
private org.libresonic.player.service.PlaylistService playlistService; private org.libresonic.player.service.PlaylistService playlistService;
private MediaFileDao mediaFileDao; private MediaFileDao mediaFileDao;
private PlayQueueDao playQueueDao; private PlayQueueDao playQueueDao;
private JWTSecurityService jwtSecurityService;
/** /**
* Returns the play queue for the player of the current user. * Returns the play queue for the player of the current user.
@ -640,8 +641,8 @@ public class PlayQueueService {
String streamUrl = url + "/stream?player=" + player.getId() + "&id=" + file.getId(); String streamUrl = url + "/stream?player=" + player.getId() + "&id=" + file.getId();
String coverArtUrl = url + "/coverArt.view?id=" + file.getId(); String coverArtUrl = url + "/coverArt.view?id=" + file.getId();
String remoteStreamUrl = streamUrl; String remoteStreamUrl = jwtSecurityService.addJWTToken(url + "/ext/stream?player=" + player.getId() + "&id=" + file.getId());
String remoteCoverArtUrl = coverArtUrl; String remoteCoverArtUrl = jwtSecurityService.addJWTToken(url + "/ext/coverArt.view?id=" + file.getId());
String format = formatFormat(player, file); String format = formatFormat(player, file);
String username = securityService.getCurrentUsername(request); String username = securityService.getCurrentUsername(request);
@ -737,4 +738,8 @@ public class PlayQueueService {
public void setPlaylistService(PlaylistService playlistService) { public void setPlaylistService(PlaylistService playlistService) {
this.playlistService = playlistService; this.playlistService = playlistService;
} }
public void setJwtSecurityService(JWTSecurityService jwtSecurityService) {
this.jwtSecurityService = jwtSecurityService;
}
} }

@ -32,7 +32,6 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.util.UriComponentsBuilder;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -65,7 +64,7 @@ public class M3UController {
Player player = playerService.getPlayer(request, response); Player player = playerService.getPlayer(request, response);
String url = NetworkService.getBaseUrl(request); String url = NetworkService.getBaseUrl(request);
url = url + "stream?"; url = url + "ext/stream?";
if (player.isExternalWithPlaylist()) { if (player.isExternalWithPlaylist()) {
createClientSidePlaylist(response.getWriter(), player, url); createClientSidePlaylist(response.getWriter(), player, url);
@ -93,9 +92,8 @@ public class M3UController {
String urlNoAuth = url + "player=" + player.getId() + "&id=" + mediaFile.getId() + "&suffix=." + String urlNoAuth = url + "player=" + player.getId() + "&id=" + mediaFile.getId() + "&suffix=." +
transcodingService.getSuffix(player, mediaFile, null); transcodingService.getSuffix(player, mediaFile, null);
String urlWithAuth = jwtSecurityService.addJWTToken(UriComponentsBuilder.fromUriString(urlNoAuth)).build().toUriString(); String urlWithAuth = jwtSecurityService.addJWTToken(urlNoAuth);
out.println(urlWithAuth); out.println(urlWithAuth);
out.println();
} }
} }
@ -114,7 +112,7 @@ public class M3UController {
} }
out.println("#EXTM3U"); out.println("#EXTM3U");
out.println("#EXTINF:-1,Libresonic"); out.println("#EXTINF:-1,Libresonic");
out.println(url); out.println(jwtSecurityService.addJWTToken(url));
} }
private String getSuffix(Player player) { private String getSuffix(Player player) {

@ -55,6 +55,10 @@ public class JWTSecurityService {
.sign(getAlgorithm(jwtKey)); .sign(getAlgorithm(jwtKey));
} }
public String addJWTToken(String uri) {
return addJWTToken(UriComponentsBuilder.fromUriString(uri)).build().toString();
}
public UriComponentsBuilder addJWTToken(UriComponentsBuilder builder) { public UriComponentsBuilder addJWTToken(UriComponentsBuilder builder) {
return addJWTToken(builder, DateUtils.addDays(new Date(), DEFAULT_DAYS_VALID_FOR)); return addJWTToken(builder, DateUtils.addDays(new Date(), DEFAULT_DAYS_VALID_FOR));
} }

@ -263,6 +263,7 @@
<property name="ratingService" ref="ratingService"/> <property name="ratingService" ref="ratingService"/>
<property name="securityService" ref="securityService"/> <property name="securityService" ref="securityService"/>
<property name="podcastService" ref="podcastService"/> <property name="podcastService" ref="podcastService"/>
<property name="jwtSecurityService" ref="jwtSecurityService" />
</bean> </bean>
<bean id="ajaxPlaylistService" class="org.libresonic.player.ajax.PlaylistService"> <bean id="ajaxPlaylistService" class="org.libresonic.player.ajax.PlaylistService">

Loading…
Cancel
Save