Auth fixes for #419 and also #390

Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
master
Andrew DeMaria 8 years ago
parent 5d7f7e1181
commit 1ec32f28ca
No known key found for this signature in database
GPG Key ID: 0A3F5E91F8364EDF
  1. 9
      libresonic-main/src/main/java/org/libresonic/player/ajax/PlayQueueService.java
  2. 8
      libresonic-main/src/main/java/org/libresonic/player/controller/M3UController.java
  3. 4
      libresonic-main/src/main/java/org/libresonic/player/service/JWTSecurityService.java
  4. 1
      libresonic-main/src/main/resources/applicationContext-service.xml

@ -57,6 +57,7 @@ public class PlayQueueService {
private org.libresonic.player.service.PlaylistService playlistService;
private MediaFileDao mediaFileDao;
private PlayQueueDao playQueueDao;
private JWTSecurityService jwtSecurityService;
/**
* Returns the play queue for the player of the current user.
@ -640,8 +641,8 @@ public class PlayQueueService {
String streamUrl = url + "/stream?player=" + player.getId() + "&id=" + file.getId();
String coverArtUrl = url + "/coverArt.view?id=" + file.getId();
String remoteStreamUrl = streamUrl;
String remoteCoverArtUrl = coverArtUrl;
String remoteStreamUrl = jwtSecurityService.addJWTToken(url + "/ext/stream?player=" + player.getId() + "&id=" + file.getId());
String remoteCoverArtUrl = jwtSecurityService.addJWTToken(url + "/ext/coverArt.view?id=" + file.getId());
String format = formatFormat(player, file);
String username = securityService.getCurrentUsername(request);
@ -737,4 +738,8 @@ public class PlayQueueService {
public void setPlaylistService(PlaylistService playlistService) {
this.playlistService = playlistService;
}
public void setJwtSecurityService(JWTSecurityService jwtSecurityService) {
this.jwtSecurityService = jwtSecurityService;
}
}

@ -32,7 +32,6 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.util.UriComponentsBuilder;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -65,7 +64,7 @@ public class M3UController {
Player player = playerService.getPlayer(request, response);
String url = NetworkService.getBaseUrl(request);
url = url + "stream?";
url = url + "ext/stream?";
if (player.isExternalWithPlaylist()) {
createClientSidePlaylist(response.getWriter(), player, url);
@ -93,9 +92,8 @@ public class M3UController {
String urlNoAuth = url + "player=" + player.getId() + "&id=" + mediaFile.getId() + "&suffix=." +
transcodingService.getSuffix(player, mediaFile, null);
String urlWithAuth = jwtSecurityService.addJWTToken(UriComponentsBuilder.fromUriString(urlNoAuth)).build().toUriString();
String urlWithAuth = jwtSecurityService.addJWTToken(urlNoAuth);
out.println(urlWithAuth);
out.println();
}
}
@ -114,7 +112,7 @@ public class M3UController {
}
out.println("#EXTM3U");
out.println("#EXTINF:-1,Libresonic");
out.println(url);
out.println(jwtSecurityService.addJWTToken(url));
}
private String getSuffix(Player player) {

@ -55,6 +55,10 @@ public class JWTSecurityService {
.sign(getAlgorithm(jwtKey));
}
public String addJWTToken(String uri) {
return addJWTToken(UriComponentsBuilder.fromUriString(uri)).build().toString();
}
public UriComponentsBuilder addJWTToken(UriComponentsBuilder builder) {
return addJWTToken(builder, DateUtils.addDays(new Date(), DEFAULT_DAYS_VALID_FOR));
}

@ -263,6 +263,7 @@
<property name="ratingService" ref="ratingService"/>
<property name="securityService" ref="securityService"/>
<property name="podcastService" ref="podcastService"/>
<property name="jwtSecurityService" ref="jwtSecurityService" />
</bean>
<bean id="ajaxPlaylistService" class="org.libresonic.player.ajax.PlaylistService">

Loading…
Cancel
Save