Add Jellyfin login cache and admin-only stats
This commit is contained in:
@@ -1,3 +1,5 @@
|
||||
from datetime import datetime, timedelta, timezone
|
||||
|
||||
from fastapi import APIRouter, HTTPException, status, Depends
|
||||
from fastapi.security import OAuth2PasswordRequestForm
|
||||
|
||||
@@ -7,6 +9,7 @@ from ..db import (
|
||||
set_last_login,
|
||||
get_user_by_username,
|
||||
set_user_password,
|
||||
set_jellyfin_auth_cache,
|
||||
get_user_activity,
|
||||
get_user_activity_summary,
|
||||
get_user_request_stats,
|
||||
@@ -16,7 +19,7 @@ from ..db import (
|
||||
from ..runtime import get_runtime_settings
|
||||
from ..clients.jellyfin import JellyfinClient
|
||||
from ..clients.jellyseerr import JellyseerrClient
|
||||
from ..security import create_access_token
|
||||
from ..security import create_access_token, verify_password
|
||||
from ..auth import get_current_user
|
||||
|
||||
router = APIRouter(prefix="/auth", tags=["auth"])
|
||||
@@ -26,6 +29,31 @@ def _normalize_username(value: str) -> str:
|
||||
return value.strip().lower()
|
||||
|
||||
|
||||
def _is_recent_jellyfin_auth(last_auth_at: str) -> bool:
|
||||
if not last_auth_at:
|
||||
return False
|
||||
try:
|
||||
parsed = datetime.fromisoformat(last_auth_at)
|
||||
except ValueError:
|
||||
return False
|
||||
if parsed.tzinfo is None:
|
||||
parsed = parsed.replace(tzinfo=timezone.utc)
|
||||
age = datetime.now(timezone.utc) - parsed
|
||||
return age <= timedelta(days=7)
|
||||
|
||||
|
||||
def _has_valid_jellyfin_cache(user: dict, password: str) -> bool:
|
||||
if not user or not password:
|
||||
return False
|
||||
cached_hash = user.get("jellyfin_password_hash")
|
||||
last_auth_at = user.get("last_jellyfin_auth_at")
|
||||
if not cached_hash or not last_auth_at:
|
||||
return False
|
||||
if not verify_password(password, cached_hash):
|
||||
return False
|
||||
return _is_recent_jellyfin_auth(last_auth_at)
|
||||
|
||||
|
||||
@router.post("/login")
|
||||
async def login(form_data: OAuth2PasswordRequestForm = Depends()) -> dict:
|
||||
user = verify_user_password(form_data.username, form_data.password)
|
||||
@@ -48,14 +76,23 @@ async def jellyfin_login(form_data: OAuth2PasswordRequestForm = Depends()) -> di
|
||||
client = JellyfinClient(runtime.jellyfin_base_url, runtime.jellyfin_api_key)
|
||||
if not client.configured():
|
||||
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Jellyfin not configured")
|
||||
username = form_data.username
|
||||
password = form_data.password
|
||||
user = get_user_by_username(username)
|
||||
if user and user.get("is_blocked"):
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User is blocked")
|
||||
if user and _has_valid_jellyfin_cache(user, password):
|
||||
token = create_access_token(username, "user")
|
||||
set_last_login(username)
|
||||
return {"access_token": token, "token_type": "bearer", "user": {"username": username, "role": "user"}}
|
||||
try:
|
||||
response = await client.authenticate_by_name(form_data.username, form_data.password)
|
||||
response = await client.authenticate_by_name(username, password)
|
||||
except Exception as exc:
|
||||
raise HTTPException(status_code=status.HTTP_502_BAD_GATEWAY, detail=str(exc)) from exc
|
||||
if not isinstance(response, dict) or not response.get("User"):
|
||||
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid Jellyfin credentials")
|
||||
create_user_if_missing(form_data.username, "jellyfin-user", role="user", auth_provider="jellyfin")
|
||||
user = get_user_by_username(form_data.username)
|
||||
create_user_if_missing(username, "jellyfin-user", role="user", auth_provider="jellyfin")
|
||||
user = get_user_by_username(username)
|
||||
if user and user.get("is_blocked"):
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User is blocked")
|
||||
try:
|
||||
@@ -69,9 +106,10 @@ async def jellyfin_login(form_data: OAuth2PasswordRequestForm = Depends()) -> di
|
||||
create_user_if_missing(name, "jellyfin-user", role="user", auth_provider="jellyfin")
|
||||
except Exception:
|
||||
pass
|
||||
token = create_access_token(form_data.username, "user")
|
||||
set_last_login(form_data.username)
|
||||
return {"access_token": token, "token_type": "bearer", "user": {"username": form_data.username, "role": "user"}}
|
||||
set_jellyfin_auth_cache(username, password)
|
||||
token = create_access_token(username, "user")
|
||||
set_last_login(username)
|
||||
return {"access_token": token, "token_type": "bearer", "user": {"username": username, "role": "user"}}
|
||||
|
||||
|
||||
@router.post("/jellyseerr/login")
|
||||
@@ -107,18 +145,19 @@ async def profile(current_user: dict = Depends(get_current_user)) -> dict:
|
||||
username_norm = _normalize_username(username) if username else ""
|
||||
stats = get_user_request_stats(username_norm)
|
||||
global_total = get_global_request_total()
|
||||
leader = get_global_request_leader()
|
||||
share = (stats.get("total", 0) / global_total) if global_total else 0
|
||||
activity_summary = get_user_activity_summary(username) if username else {}
|
||||
activity_recent = get_user_activity(username, limit=5) if username else []
|
||||
stats_payload = {
|
||||
**stats,
|
||||
"share": share,
|
||||
"global_total": global_total,
|
||||
}
|
||||
if current_user.get("role") == "admin":
|
||||
stats_payload["most_active_user"] = get_global_request_leader()
|
||||
return {
|
||||
"user": current_user,
|
||||
"stats": {
|
||||
**stats,
|
||||
"share": share,
|
||||
"global_total": global_total,
|
||||
"most_active_user": leader,
|
||||
},
|
||||
"stats": stats_payload,
|
||||
"activity": {
|
||||
**activity_summary,
|
||||
"recent": activity_recent,
|
||||
|
||||
Reference in New Issue
Block a user