mirror/Lidarr
1
0
Fork 0
mirror of https://github.com/lidarr/Lidarr synced 2024-12-21 23:32:27 +00:00
Code Issues Releases Wiki Activity

New: Add config file setting for CGNAT authentication bypass

Browse source 
(cherry picked from commit 4c41a4f368046f73f82306bbd73bec992392938b)
This commit is contained in:
soup 2024-12-02 01:20:08 +01:00 committed by Bogdan
parent b298bfd932
commit f87a8fa9f5
7 changed files with 42 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/Lidarr.Api.V1/Config/HostConfigResource.cs
View file

@ -45,6 +45,7 @@ public class HostConfigResource : RestResource
public string BackupFolder { get; set; } public string BackupFolder { get; set; }
public int BackupInterval { get; set; } public int BackupInterval { get; set; }
public int BackupRetention { get; set; } public int BackupRetention { get; set; }
public bool TrustCgnatIpAddresses { get; set; }
} }
public static class HostConfigResourceMapper public static class HostConfigResourceMapper

9
src/Lidarr.Http/Authentication/UiAuthorizationHandler.cs
View file

@ -27,10 +27,13 @@ protected override Task HandleRequirementAsync(AuthorizationHandlerContext conte
if (_authenticationRequired == AuthenticationRequiredType.DisabledForLocalAddresses) if (_authenticationRequired == AuthenticationRequiredType.DisabledForLocalAddresses)
{ {
if (context.Resource is HttpContext httpContext && if (context.Resource is HttpContext httpContext &&
IPAddress.TryParse(httpContext.GetRemoteIP(), out var ipAddress) && IPAddress.TryParse(httpContext.GetRemoteIP(), out var ipAddress))
ipAddress.IsLocalAddress())
{ {
context.Succeed(requirement); if (ipAddress.IsLocalAddress() ||
(_configService.TrustCgnatIpAddresses && ipAddress.IsCgnatIpAddress()))
{
context.Succeed(requirement);
}
} }
} }

19
src/NzbDrone.Common.Test/ExtensionTests/IPAddressExtensionsFixture.cs
View file

@ -21,9 +21,28 @@ public void should_return_true_for_local_ip_address(string ipAddress)
[TestCase("1.2.3.4")] [TestCase("1.2.3.4")]
[TestCase("172.55.0.1")] [TestCase("172.55.0.1")]
[TestCase("192.55.0.1")] [TestCase("192.55.0.1")]
[TestCase("100.64.0.1")]
[TestCase("100.127.255.254")]
public void should_return_false_for_public_ip_address(string ipAddress) public void should_return_false_for_public_ip_address(string ipAddress)
{ {
IPAddress.Parse(ipAddress).IsLocalAddress().Should().BeFalse(); IPAddress.Parse(ipAddress).IsLocalAddress().Should().BeFalse();
} }
[TestCase("100.64.0.1")]
[TestCase("100.127.255.254")]
[TestCase("100.100.100.100")]
public void should_return_true_for_cgnat_ip_address(string ipAddress)
{
IPAddress.Parse(ipAddress).IsCgnatIpAddress().Should().BeTrue();
}
[TestCase("1.2.3.4")]
[TestCase("192.168.5.1")]
[TestCase("100.63.255.255")]
[TestCase("100.128.0.0")]
public void should_return_false_for_non_cgnat_ip_address(string ipAddress)
{
IPAddress.Parse(ipAddress).IsCgnatIpAddress().Should().BeFalse();
}
} }
} }

6
src/NzbDrone.Common/Extensions/IpAddressExtensions.cs
View file

@ -52,5 +52,11 @@ private static bool IsLocalIPv4(byte[] ipv4Bytes)
return isLinkLocal || isClassA || isClassC || isClassB; return isLinkLocal || isClassA || isClassC || isClassB;
} }
public static bool IsCgnatIpAddress(this IPAddress ipAddress)
{
var bytes = ipAddress.GetAddressBytes();
return bytes.Length == 4 && bytes[0] == 100 && bytes[1] >= 64 && bytes[1] <= 127;
}
} }
} }

1
src/NzbDrone.Common/Options/AuthOptions.cs
View file

@ -6,4 +6,5 @@ public class AuthOptions
public bool? Enabled { get; set; } public bool? Enabled { get; set; }
public string Method { get; set; } public string Method { get; set; }
public string Required { get; set; } public string Required { get; set; }
public bool? TrustCgnatIpAddresses { get; set; }
} }

3
src/NzbDrone.Core/Configuration/ConfigFileProvider.cs
View file

@ -64,6 +64,7 @@ public interface IConfigFileProvider : IHandleAsync<ApplicationStartedEvent>,
string PostgresPassword { get; } string PostgresPassword { get; }
string PostgresMainDb { get; } string PostgresMainDb { get; }
string PostgresLogDb { get; } string PostgresLogDb { get; }
bool TrustCgnatIpAddresses { get; }
} }
public class ConfigFileProvider : IConfigFileProvider public class ConfigFileProvider : IConfigFileProvider
@ -470,5 +471,7 @@ public void Execute(ResetApiKeyCommand message)
{ {
SetValue("ApiKey", GenerateApiKey()); SetValue("ApiKey", GenerateApiKey());
} }
public bool TrustCgnatIpAddresses => _authOptions.TrustCgnatIpAddresses ?? GetValueBoolean("TrustCgnatIpAddresses", false, persist: false);
} }
} }

6
src/NzbDrone.Core/Configuration/ConfigService.cs
View file

@ -426,6 +426,12 @@ public bool CleanupMetadataImages
public string ApplicationUrl => GetValue("ApplicationUrl", string.Empty); public string ApplicationUrl => GetValue("ApplicationUrl", string.Empty);
public bool TrustCgnatIpAddresses
{
get { return GetValueBoolean("TrustCgnatIpAddresses", false); }
set { SetValue("TrustCgnatIpAddresses", value); }
}
private string GetValue(string key) private string GetValue(string key)
{ {
return GetValue(key, string.Empty); return GetValue(key, string.Empty);