Strengthen credential security rules after violation
This commit is contained in:
Hoid
parent
66423cf66b
commit
faff102d34
7 changed files with 136 additions and 29 deletions
135
bin/jellyfin
135
bin/jellyfin
|
|
@ -4,30 +4,130 @@ const https = require('https');
|
|||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
|
||||
// Load credentials
|
||||
const envFile = fs.readFileSync(path.join(__dirname, '..', '.credentials', 'jellyfin.env'), 'utf8');
|
||||
// Load credentials from unified services.env
|
||||
const credFile = process.env.CRED_FILE || path.join(__dirname, '..', '.credentials', 'services.env');
|
||||
const envFile = fs.readFileSync(credFile, 'utf8');
|
||||
const env = {};
|
||||
envFile.split('\n').forEach(l => { const [k, ...v] = l.split('='); if (k && v.length) env[k.trim()] = v.join('=').trim(); });
|
||||
envFile.split('\n').forEach(l => { const m = l.match(/^(\w+)=(.+)$/); if (m) env[m[1]] = m[2]; });
|
||||
|
||||
const BASE = env.JELLYFIN_URL;
|
||||
const API_KEY = env.JELLYFIN_API_KEY;
|
||||
const USER_ID = env.JELLYFIN_USER_ID;
|
||||
const TOKEN_CACHE = path.join(__dirname, '..', '.credentials', '.jellyfin-token.json');
|
||||
|
||||
function api(endpoint) {
|
||||
const sep = endpoint.includes('?') ? '&' : '?';
|
||||
const url = `${BASE}${endpoint}${sep}api_key=${API_KEY}`;
|
||||
function request(method, endpoint, body) {
|
||||
return new Promise((resolve, reject) => {
|
||||
https.get(url, res => {
|
||||
const sep = endpoint.includes('?') ? '&' : '?';
|
||||
const u = new URL(`${BASE}${endpoint}`);
|
||||
const opts = {
|
||||
hostname: u.hostname, port: u.port || 443, path: u.pathname + u.search,
|
||||
method, headers: {}
|
||||
};
|
||||
if (body) {
|
||||
const data = JSON.stringify(body);
|
||||
opts.headers['Content-Type'] = 'application/json';
|
||||
opts.headers['Content-Length'] = Buffer.byteLength(data);
|
||||
}
|
||||
const req = https.request(opts, res => {
|
||||
let d = '';
|
||||
res.on('data', c => d += c);
|
||||
res.on('end', () => {
|
||||
try { resolve({ status: res.statusCode, data: JSON.parse(d) }); }
|
||||
catch { resolve({ status: res.statusCode, data: d }); }
|
||||
});
|
||||
});
|
||||
req.on('error', reject);
|
||||
if (body) req.write(JSON.stringify(body));
|
||||
req.end();
|
||||
});
|
||||
}
|
||||
|
||||
async function authenticate() {
|
||||
// Check cache first
|
||||
try {
|
||||
const cached = JSON.parse(fs.readFileSync(TOKEN_CACHE, 'utf8'));
|
||||
if (cached.token && cached.userId) {
|
||||
// Verify token still works
|
||||
const test = await apiWith(cached.token, cached.userId, `/Users/${cached.userId}`);
|
||||
if (test) return cached;
|
||||
}
|
||||
} catch {}
|
||||
|
||||
// Authenticate
|
||||
const res = await request('POST', '/Users/AuthenticateByName', {
|
||||
Username: env.JELLYFIN_USER,
|
||||
Pw: env.JELLYFIN_PASS
|
||||
});
|
||||
|
||||
// Add auth header for the request
|
||||
const authRes = await new Promise((resolve, reject) => {
|
||||
const body = JSON.stringify({ Username: env.JELLYFIN_USER, Pw: env.JELLYFIN_PASS });
|
||||
const u = new URL(`${BASE}/Users/AuthenticateByName`);
|
||||
const req = https.request({
|
||||
hostname: u.hostname, port: u.port || 443, path: u.pathname,
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'Content-Length': Buffer.byteLength(body),
|
||||
'X-Emby-Authorization': 'MediaBrowser Client="Hoid", Device="CLI", DeviceId="hoid-cli-1", Version="1.0"'
|
||||
}
|
||||
}, res => {
|
||||
let d = '';
|
||||
res.on('data', c => d += c);
|
||||
res.on('end', () => {
|
||||
try { resolve({ status: res.statusCode, data: JSON.parse(d) }); }
|
||||
catch { resolve({ status: res.statusCode, data: d }); }
|
||||
});
|
||||
});
|
||||
req.on('error', reject);
|
||||
req.write(body);
|
||||
req.end();
|
||||
});
|
||||
|
||||
if (authRes.status !== 200 || !authRes.data.AccessToken) {
|
||||
console.error(`Auth failed (${authRes.status}):`, typeof authRes.data === 'string' ? authRes.data : JSON.stringify(authRes.data).slice(0, 200));
|
||||
process.exit(1);
|
||||
}
|
||||
|
||||
const result = { token: authRes.data.AccessToken, userId: authRes.data.User.Id };
|
||||
fs.writeFileSync(TOKEN_CACHE, JSON.stringify(result));
|
||||
return result;
|
||||
}
|
||||
|
||||
function apiWith(token, userId, endpoint) {
|
||||
const sep = endpoint.includes('?') ? '&' : '?';
|
||||
const url = `${BASE}${endpoint}`;
|
||||
return new Promise((resolve, reject) => {
|
||||
const u = new URL(url);
|
||||
https.get({
|
||||
hostname: u.hostname, port: u.port || 443, path: u.pathname + u.search,
|
||||
headers: { 'X-Emby-Token': token }
|
||||
}, res => {
|
||||
let data = '';
|
||||
res.on('data', c => data += c);
|
||||
res.on('end', () => {
|
||||
if (res.statusCode === 401) return resolve(null);
|
||||
try { resolve(JSON.parse(data)); } catch { resolve(data); }
|
||||
});
|
||||
}).on('error', reject);
|
||||
});
|
||||
}
|
||||
|
||||
function getUserId() { return USER_ID; }
|
||||
let _auth;
|
||||
async function api(endpoint) {
|
||||
if (!_auth) _auth = await authenticate();
|
||||
const result = await apiWith(_auth.token, _auth.userId, endpoint);
|
||||
if (result === null) {
|
||||
// Token expired, re-auth
|
||||
try { fs.unlinkSync(TOKEN_CACHE); } catch {}
|
||||
_auth = await authenticate();
|
||||
return apiWith(_auth.token, _auth.userId, endpoint);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
async function getUserId() {
|
||||
if (!_auth) _auth = await authenticate();
|
||||
return _auth.userId;
|
||||
}
|
||||
|
||||
function dur(ticks) {
|
||||
if (!ticks) return '';
|
||||
|
|
@ -48,11 +148,10 @@ const commands = {
|
|||
async resume(limit = 10) {
|
||||
const uid = await getUserId();
|
||||
const r = await api(`/Users/${uid}/Items/Resume?Limit=${limit}&Fields=Overview,RunTimeTicks&MediaTypes=Video`);
|
||||
if (!r.Items.length) return console.log('Nothing in progress');
|
||||
if (!r.Items || !r.Items.length) return console.log('Nothing in progress');
|
||||
console.log('TITLE\tEPISODE\tPROGRESS\tDURATION');
|
||||
r.Items.forEach(i => {
|
||||
const show = i.SeriesName || '';
|
||||
const name = show ? `${i.Name}` : i.Name;
|
||||
console.log([show || i.Name, show ? i.Name : '', pct(i.UserData, i.RunTimeTicks), dur(i.RunTimeTicks)].join('\t'));
|
||||
});
|
||||
},
|
||||
|
|
@ -60,7 +159,7 @@ const commands = {
|
|||
async recent(limit = 10) {
|
||||
const uid = await getUserId();
|
||||
const r = await api(`/Users/${uid}/Items/Latest?Limit=${limit}&Fields=RunTimeTicks`);
|
||||
if (!r.length) return console.log('No recent items');
|
||||
if (!r || !r.length) return console.log('No recent items');
|
||||
console.log('TYPE\tTITLE\tNAME\tYEAR\tDURATION');
|
||||
r.forEach(i => {
|
||||
console.log([i.Type === 'Episode' ? 'EP' : 'MOV', i.SeriesName || i.Name, i.SeriesName ? i.Name : '', i.ProductionYear || '', dur(i.RunTimeTicks)].join('\t'));
|
||||
|
|
@ -70,7 +169,7 @@ const commands = {
|
|||
async watched(limit = 20) {
|
||||
const uid = await getUserId();
|
||||
const r = await api(`/Users/${uid}/Items?Limit=${limit}&SortBy=DatePlayed&SortOrder=Descending&Filters=IsPlayed&Recursive=true&IncludeItemTypes=Movie,Episode&Fields=RunTimeTicks,DateLastMediaAdded`);
|
||||
if (!r.Items.length) return console.log('No watched items');
|
||||
if (!r.Items || !r.Items.length) return console.log('No watched items');
|
||||
console.log('TYPE\tTITLE\tEPISODE\tYEAR');
|
||||
r.Items.forEach(i => {
|
||||
console.log([i.Type === 'Episode' ? 'EP' : 'MOV', i.SeriesName || i.Name, i.SeriesName ? i.Name : '', i.ProductionYear || ''].join('\t'));
|
||||
|
|
@ -80,7 +179,7 @@ const commands = {
|
|||
async shows() {
|
||||
const uid = await getUserId();
|
||||
const r = await api(`/Users/${uid}/Items?IncludeItemTypes=Series&Recursive=true&SortBy=SortName&Fields=RunTimeTicks`);
|
||||
if (!r.Items.length) return console.log('No shows');
|
||||
if (!r.Items || !r.Items.length) return console.log('No shows');
|
||||
console.log('TITLE\tYEAR\tSTATUS');
|
||||
r.Items.forEach(i => {
|
||||
console.log([i.Name, i.ProductionYear || '', pct(i.UserData, i.RunTimeTicks) || 'unwatched'].join('\t'));
|
||||
|
|
@ -90,7 +189,7 @@ const commands = {
|
|||
async movies() {
|
||||
const uid = await getUserId();
|
||||
const r = await api(`/Users/${uid}/Items?IncludeItemTypes=Movie&Recursive=true&SortBy=SortName&Fields=RunTimeTicks`);
|
||||
if (!r.Items.length) return console.log('No movies');
|
||||
if (!r.Items || !r.Items.length) return console.log('No movies');
|
||||
console.log('TITLE\tYEAR\tDURATION\tSTATUS');
|
||||
r.Items.forEach(i => {
|
||||
console.log([i.Name, i.ProductionYear || '', dur(i.RunTimeTicks), pct(i.UserData, i.RunTimeTicks) || '-'].join('\t'));
|
||||
|
|
@ -101,7 +200,7 @@ const commands = {
|
|||
if (!query) { console.error('Usage: jellyfin search <query>'); process.exit(1); }
|
||||
const uid = await getUserId();
|
||||
const r = await api(`/Users/${uid}/Items?SearchTerm=${encodeURIComponent(query)}&Recursive=true&IncludeItemTypes=Movie,Series,Episode&Limit=10&Fields=RunTimeTicks`);
|
||||
if (!r.Items.length) return console.log('No results');
|
||||
if (!r.Items || !r.Items.length) return console.log('No results');
|
||||
console.log('TYPE\tTITLE\tNAME\tYEAR');
|
||||
r.Items.forEach(i => {
|
||||
console.log([i.Type, i.SeriesName || i.Name, i.SeriesName ? i.Name : '', i.ProductionYear || ''].join('\t'));
|
||||
|
|
@ -121,7 +220,7 @@ const commands = {
|
|||
},
|
||||
|
||||
async libraries() {
|
||||
const uid = getUserId();
|
||||
const uid = await getUserId();
|
||||
const r = await api(`/Users/${uid}/Views`);
|
||||
console.log('NAME\tTYPE\tID');
|
||||
(r.Items || []).forEach(l => {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue