< Summary - Jellyfin

Information
Class: Jellyfin.Api.Middleware.IPBasedAccessValidationMiddleware
Assembly: Jellyfin.Api
File(s): /srv/git/jellyfin/Jellyfin.Api/Middleware/IpBasedAccessValidationMiddleware.cs
Line coverage
100%
Covered lines: 3
Uncovered lines: 0
Coverable lines: 3
Total lines: 63
Line coverage: 100%
Branch coverage
N/A
Covered branches: 0
Total branches: 0
Branch coverage: N/A
Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Coverage history 0 25 50 75 100

Metrics

MethodBranch coverage Crap Score Cyclomatic complexity Line coverage
.ctor(...)100%11100%

File(s)

/srv/git/jellyfin/Jellyfin.Api/Middleware/IpBasedAccessValidationMiddleware.cs

#LineLine coverage
 1using System.Net;
 2using System.Threading.Tasks;
 3using System.Web;
 4using MediaBrowser.Common.Extensions;
 5using MediaBrowser.Common.Net;
 6using Microsoft.AspNetCore.Http;
 7using Microsoft.Extensions.Logging;
 8
 9namespace Jellyfin.Api.Middleware;
 10
 11/// <summary>
 12/// Validates the IP of requests coming from local networks wrt. remote access.
 13/// </summary>
 14public class IPBasedAccessValidationMiddleware
 15{
 16    private readonly RequestDelegate _next;
 17    private readonly ILogger<IPBasedAccessValidationMiddleware> _logger;
 18
 19    /// <summary>
 20    /// Initializes a new instance of the <see cref="IPBasedAccessValidationMiddleware"/> class.
 21    /// </summary>
 22    /// <param name="next">The next delegate in the pipeline.</param>
 23    /// <param name="logger">The logger to log to.</param>
 24    public IPBasedAccessValidationMiddleware(RequestDelegate next, ILogger<IPBasedAccessValidationMiddleware> logger)
 25    {
 2126        _next = next;
 2127        _logger = logger;
 2128    }
 29
 30    /// <summary>
 31    /// Executes the middleware action.
 32    /// </summary>
 33    /// <param name="httpContext">The current HTTP context.</param>
 34    /// <param name="networkManager">The network manager.</param>
 35    /// <returns>The async task.</returns>
 36    public async Task Invoke(HttpContext httpContext, INetworkManager networkManager)
 37    {
 38        if (httpContext.IsLocal())
 39        {
 40            // Accessing from the same machine as the server.
 41            await _next(httpContext).ConfigureAwait(false);
 42            return;
 43        }
 44
 45        var remoteIP = httpContext.GetNormalizedRemoteIP();
 46
 47        var result = networkManager.ShouldAllowServerAccess(remoteIP);
 48        if (result != RemoteAccessPolicyResult.Allow)
 49        {
 50            // No access from network, respond with 503 instead of 200.
 51            _logger.LogWarning(
 52                "Blocking request to {Path} by {RemoteIP} due to IP filtering rule, reason: {Reason}",
 53                // url-encode to block log injection
 54                HttpUtility.UrlEncode(httpContext.Request.Path),
 55                remoteIP,
 56                result);
 57            httpContext.Response.StatusCode = StatusCodes.Status503ServiceUnavailable;
 58            return;
 59        }
 60
 61        await _next(httpContext).ConfigureAwait(false);
 62    }
 63}
Generated by: ReportGenerator 5.4.7.0
6/7/2025 - 12:11:34 AM
GitHub | reportgenerator.io

Methods/Properties

.ctor(Microsoft.AspNetCore.Http.RequestDelegate,Microsoft.Extensions.Logging.ILogger`1<Jellyfin.Api.Middleware.IPBasedAccessValidationMiddleware>)