joshpatra/allstarr
1
0
Fork 0
mirror of https://github.com/SoPat712/allstarr.git synced 2026-02-10 07:58:39 -05:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

add API key authentication to Spotify admin endpoints

Browse Source
This commit is contained in:
Josh Patra
2026-01-31 20:01:59 -05:00
parent 5251c7ef6d
commit 1afa68064e
3 changed files with 57 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
allstarr/Controllers/JellyfinController.cs
View File

@@ -1979,9 +1979,10 @@ public class JellyfinController : ControllerBase
/// <summary> /// <summary>
/// Manual trigger endpoint to force fetch Spotify missing tracks. /// Manual trigger endpoint to force fetch Spotify missing tracks.
/// GET /spotify/sync /// GET /spotify/sync?api_key=YOUR_KEY
/// </summary> /// </summary>
[HttpGet("spotify/sync")] [HttpGet("spotify/sync")]
[ServiceFilter(typeof(ApiKeyAuthFilter))]
public async Task<IActionResult> TriggerSpotifySync() public async Task<IActionResult> TriggerSpotifySync()
{ {
if (!_spotifySettings.Enabled) if (!_spotifySettings.Enabled)
@@ -2110,9 +2111,10 @@ public class JellyfinController : ControllerBase
/// <summary> /// <summary>
/// Clear Spotify playlist cache to force re-matching. /// Clear Spotify playlist cache to force re-matching.
/// GET /spotify/clear-cache /// GET /spotify/clear-cache?api_key=YOUR_KEY
/// </summary> /// </summary>
[HttpGet("spotify/clear-cache")] [HttpGet("spotify/clear-cache")]
[ServiceFilter(typeof(ApiKeyAuthFilter))]
public async Task<IActionResult> ClearSpotifyCache() public async Task<IActionResult> ClearSpotifyCache()
{ {
if (!_spotifySettings.Enabled) if (!_spotifySettings.Enabled)

52
allstarr/Filters/ApiKeyAuthFilter.cs Normal file
View File

@@ -0,0 +1,52 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.Options;
using allstarr.Models.Settings;
namespace allstarr.Filters;
/// <summary>
/// Simple API key authentication filter for admin endpoints.
/// Validates against Jellyfin API key via query parameter or header.
/// </summary>
public class ApiKeyAuthFilter : IAsyncActionFilter
{
private readonly JellyfinSettings _settings;
private readonly ILogger<ApiKeyAuthFilter> _logger;
public ApiKeyAuthFilter(
IOptions<JellyfinSettings> settings,
ILogger<ApiKeyAuthFilter> logger)
{
_settings = settings.Value;
_logger = logger;
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var request = context.HttpContext.Request;
// Extract API key from query parameter or header
var apiKey = request.Query["api_key"].FirstOrDefault()
?? request.Headers["X-Api-Key"].FirstOrDefault()
?? request.Headers["X-Emby-Token"].FirstOrDefault();
// Validate API key
if (string.IsNullOrEmpty(apiKey) || !string.Equals(apiKey, _settings.ApiKey, StringComparison.Ordinal))
{
_logger.LogWarning("Unauthorized access attempt to {Path} from {IP}",
request.Path,
context.HttpContext.Connection.RemoteIpAddress);
context.Result = new UnauthorizedObjectResult(new
{
error = "Unauthorized",
message = "Valid API key required. Provide via ?api_key=YOUR_KEY or X-Api-Key header."
});
return;
}
_logger.LogDebug("API key authentication successful for {Path}", request.Path);
await next();
}
}

1
allstarr/Program.cs
View File

@@ -174,6 +174,7 @@ if (backendType == BackendType.Jellyfin)
builder.Services.AddSingleton<JellyfinModelMapper>(); builder.Services.AddSingleton<JellyfinModelMapper>();
builder.Services.AddScoped<JellyfinProxyService>(); builder.Services.AddScoped<JellyfinProxyService>();
builder.Services.AddScoped<JellyfinAuthFilter>(); builder.Services.AddScoped<JellyfinAuthFilter>();
builder.Services.AddScoped<allstarr.Filters.ApiKeyAuthFilter>();
} }
else else
{ {