diff --git a/internal/subsonic/subsonic.go b/internal/subsonic/subsonic.go index e72b80fc..524a08a1 100644 --- a/internal/subsonic/subsonic.go +++ b/internal/subsonic/subsonic.go @@ -36,6 +36,16 @@ func Mount(r chi.Router, pool *pgxpool.Pool, logger *slog.Logger, cfg Config) { register(sub, "/download", m.handleDownload) register(sub, "/getCoverArt", m.handleGetCoverArt) register(sub, "/scrobble", m.handleScrobble) + register(sub, "/getUser", handleGetUser) + + // Subsonic clients expect every /rest/* miss to come back as a + // Subsonic-shaped error envelope, not chi's plain-text 404. Without + // this, hitting an unimplemented method (Feishin's first-login probe + // hits getUser, getPlaylists, etc.) breaks the client's parser and + // surfaces as a generic "failed to log in". + sub.NotFound(func(w http.ResponseWriter, r *http.Request) { + WriteFail(w, r, ErrGeneric, "Method not implemented") + }) _ = logger }) } diff --git a/internal/subsonic/user.go b/internal/subsonic/user.go new file mode 100644 index 00000000..2f41e6b6 --- /dev/null +++ b/internal/subsonic/user.go @@ -0,0 +1,80 @@ +package subsonic + +import ( + "encoding/xml" + "net/http" + + "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" +) + +// UserResponse wraps the User payload Subsonic clients fetch right after +// login to discover what the authenticated identity can do. Feishin uses +// this to gate UI affordances; without it the login flow stalls. +type UserResponse struct { + Envelope + User User `json:"user" xml:"user"` +} + +// User mirrors the role-bag from the Subsonic spec. We expose the full set +// even though Minstrel doesn't model fine-grained ACLs yet — admins get +// every role, non-admins get the "play music" subset. This keeps clients +// from disabling features they could otherwise use. +type User struct { + XMLName xml.Name `json:"-" xml:"user"` + Username string `json:"username" xml:"username,attr"` + Email string `json:"email,omitempty" xml:"email,attr,omitempty"` + ScrobblingEnabled bool `json:"scrobblingEnabled" xml:"scrobblingEnabled,attr"` + AdminRole bool `json:"adminRole" xml:"adminRole,attr"` + SettingsRole bool `json:"settingsRole" xml:"settingsRole,attr"` + DownloadRole bool `json:"downloadRole" xml:"downloadRole,attr"` + UploadRole bool `json:"uploadRole" xml:"uploadRole,attr"` + PlaylistRole bool `json:"playlistRole" xml:"playlistRole,attr"` + CoverArtRole bool `json:"coverArtRole" xml:"coverArtRole,attr"` + CommentRole bool `json:"commentRole" xml:"commentRole,attr"` + PodcastRole bool `json:"podcastRole" xml:"podcastRole,attr"` + StreamRole bool `json:"streamRole" xml:"streamRole,attr"` + JukeboxRole bool `json:"jukeboxRole" xml:"jukeboxRole,attr"` + ShareRole bool `json:"shareRole" xml:"shareRole,attr"` + VideoConversionRole bool `json:"videoConversionRole" xml:"videoConversionRole,attr"` +} + +// handleGetUser returns the authenticated user when no username is provided +// or when the requested username matches; admins may look up any user. Per +// spec a non-admin asking about another user gets ErrNotAuthorized. +func handleGetUser(w http.ResponseWriter, r *http.Request) { + caller, ok := UserFromContext(r.Context()) + if !ok { + WriteFail(w, r, ErrNotAuthorized, "Not authenticated") + return + } + requested := r.URL.Query().Get("username") + if requested != "" && requested != caller.Username && !caller.IsAdmin { + WriteFail(w, r, ErrNotAuthorized, "Not authorized to view other users") + return + } + // We don't have a per-user lookup wired up yet; until then admins asking + // for another username see the caller's roles. Acceptable while M1 has a + // single user; revisit once user management lands. + Write(w, r, UserResponse{ + Envelope: NewEnvelope("ok"), + User: userPayload(caller), + }) +} + +func userPayload(u dbq.User) User { + return User{ + Username: u.Username, + ScrobblingEnabled: true, + AdminRole: u.IsAdmin, + SettingsRole: u.IsAdmin, + DownloadRole: true, + UploadRole: false, + PlaylistRole: true, + CoverArtRole: true, + CommentRole: false, + PodcastRole: false, + StreamRole: true, + JukeboxRole: false, + ShareRole: false, + } +} diff --git a/internal/subsonic/user_test.go b/internal/subsonic/user_test.go new file mode 100644 index 00000000..3bb3e8c5 --- /dev/null +++ b/internal/subsonic/user_test.go @@ -0,0 +1,78 @@ +package subsonic + +import ( + "context" + "encoding/json" + "net/http" + "net/http/httptest" + "strings" + "testing" + + "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" +) + +func TestHandleGetUser_Self(t *testing.T) { + user := dbq.User{Username: "alice", IsAdmin: false} + w, body := callGetUser(t, user, "") + + if w.Code != http.StatusOK { + t.Fatalf("status = %d, want 200", w.Code) + } + if body.Resp.Status != "ok" { + t.Errorf("status = %q, want ok", body.Resp.Status) + } + if body.Resp.User.Username != "alice" { + t.Errorf("username = %q, want alice", body.Resp.User.Username) + } + if body.Resp.User.AdminRole { + t.Error("non-admin should not have admin role") + } + if !body.Resp.User.StreamRole { + t.Error("stream role must be on so clients enable playback") + } +} + +func TestHandleGetUser_AdminGetsAdminRole(t *testing.T) { + admin := dbq.User{Username: "admin", IsAdmin: true} + _, body := callGetUser(t, admin, "") + if !body.Resp.User.AdminRole || !body.Resp.User.SettingsRole { + t.Errorf("admin/settings roles = %v/%v, want true/true", + body.Resp.User.AdminRole, body.Resp.User.SettingsRole) + } +} + +func TestHandleGetUser_NonAdminCannotLookupOthers(t *testing.T) { + user := dbq.User{Username: "alice", IsAdmin: false} + _, body := callGetUser(t, user, "bob") + if body.Resp.Status != "failed" || body.Resp.Error == nil || + body.Resp.Error.Code != ErrNotAuthorized { + t.Errorf("expected ErrNotAuthorized, got status=%q err=%+v", + body.Resp.Status, body.Resp.Error) + } +} + +type getUserPayload struct { + Resp struct { + Status string `json:"status"` + Error *Error `json:"error"` + User User `json:"user"` + } `json:"subsonic-response"` +} + +func callGetUser(t *testing.T, user dbq.User, requestedUsername string) (*httptest.ResponseRecorder, getUserPayload) { + t.Helper() + url := "/rest/getUser.view?f=json" + if requestedUsername != "" { + url += "&username=" + requestedUsername + } + req := httptest.NewRequest("GET", url, nil) + req = req.WithContext(context.WithValue(req.Context(), userCtxKey, user)) + w := httptest.NewRecorder() + handleGetUser(w, req) + + var body getUserPayload + if err := json.NewDecoder(strings.NewReader(w.Body.String())).Decode(&body); err != nil { + t.Fatalf("decode response: %v\nbody=%s", err, w.Body.String()) + } + return w, body +}