Merge remote-tracking branch 'origin/main'

mtthidoteu · mtthidoteu · commit c36d22a9368a · 2025-06-02T17:43:44.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -397,4 +397,7 @@ poetry.toml
 # ruff
 .ruff_cache/
 
-# End of https://www.toptal.com/developers/gitignore/api/pycharm,flask,python
+# End of https://www.toptal.com/developers/gitignore/api/pycharm,flask,python
+
+PLANNING.md
+TASK.md
diff --git a/app/blueprints/__init__.py b/app/blueprints/__init__.py
@@ -7,6 +7,7 @@
 from .plex.routes import plex_bp
 from .notifications.routes import notify_bp
 from .jellyfin.routes import jellyfin_bp
+from .emby.routes import emby_bp
 
 all_blueprints = (public_bp, wizard_bp, admin_bp, auth_bp,
-                  settings_bp, setup_bp, plex_bp, notify_bp, jellyfin_bp)
+                  settings_bp, setup_bp, plex_bp, notify_bp, jellyfin_bp, emby_bp)
diff --git a/app/blueprints/emby/__init__.py b/app/blueprints/emby/__init__.py
@@ -0,0 +1 @@
+
diff --git a/app/blueprints/emby/routes.py b/app/blueprints/emby/routes.py
@@ -0,0 +1,56 @@
+from flask import Blueprint, request, jsonify, abort, render_template, redirect
+from flask_login import login_required
+import logging
+import datetime
+
+# Import models needed for routes
+from app.models import User, Invitation, Library
+
+# Import the EmbyClient and all helper functions from the service module
+from app.services.media.emby import EmbyClient, join, mark_invite_used, folder_name_to_id, set_specific_folders
+
+emby_bp = Blueprint("emby", __name__, url_prefix="/emby")
+
+# Ajax scan with arbitrary creds
+@emby_bp.route("/scan", methods=["POST"])
+@login_required
+def scan():
+    client = EmbyClient()
+    url = request.args.get("emby_url")
+    key = request.args.get("emby_api_key")
+    if not url or not key:
+        abort(400)
+    try:
+        libs = client.libraries()
+        return jsonify(libs)
+    except Exception as e:
+        logging.error(f"Error scanning Emby libraries: {str(e)}")
+        abort(400)
+
+# Scan with saved creds
+@emby_bp.route("/scan-specific", methods=["POST"])
+@login_required
+def scan_specific():
+    client = EmbyClient()
+    return jsonify(client.libraries())
+
+# The join function is now defined in app.services.media.emby
+
+# Public join endpoint called from the wizard form
+@emby_bp.route("/join", methods=["POST"])
+def public_join():
+    ok, msg = join(
+        username = request.form["username"],
+        password = request.form["password"],
+        confirm  = request.form["confirm-password"],
+        email    = request.form["email"],
+        code     = request.form["code"],
+    )
+    if ok:
+        return redirect("/wizard/")
+    return render_template("welcome-jellyfin.html",
+                          username=request.form["username"],
+                          email=request.form["email"],
+                          code=request.form["code"],
+                          server_type="emby",
+                          error=msg)
diff --git a/app/blueprints/public/routes.py b/app/blueprints/public/routes.py
@@ -38,7 +38,7 @@ def invite(code):
     server_type = server_type_setting.value if server_type_setting else None
 
     if server_type == "jellyfin" or server_type == "emby":
-        return render_template("welcome-jellyfin.html", code=code)
+        return render_template("welcome-jellyfin.html", code=code, server_type=server_type)
     return render_template("user-plex-login.html", code=code)
 
 # ─── POST /join  (Plex OAuth or Jellyfin signup) ────────────────────────────
@@ -77,8 +77,8 @@ def join():
             daemon=True
         ).start()
         return redirect(url_for("wizard.start"))
-    elif server_type == "jellyfin":
-        return render_template("signup-jellyfin.html", code=code)
+    elif server_type == "jellyfin" or server_type == "emby":
+        return render_template("welcome-jellyfin.html", code=code, server_type=server_type)
 
     # fallback if server_type missing/unsupported
     return render_template("invalid-invite.html", error="Configuration error.")
diff --git a/app/services/media/emby.py b/app/services/media/emby.py
@@ -1,10 +1,18 @@
 import logging
 import requests
+import re
+import datetime
 
+from sqlalchemy import or_
 from app.extensions import db
-from app.models import User
+from app.models import User, Invitation, Library
+from app.services.invites import is_invite_valid
+from app.services.notifications import notify
 from .client_base import MediaClient, register_media_client
 
+# Reuse the same email regex as jellyfin
+EMAIL_RE = re.compile(r"[^@]+@[^@]+\.[^@]+")
+
 
 @register_media_client("emby")
 class EmbyClient(MediaClient):
@@ -47,16 +55,30 @@ def libraries(self) -> dict[str, str]:
         }
 
     def create_user(self, username: str, password: str) -> str:
-        # Emby: create user (without password), then set password in a separate call.
+        """Create user and set password"""
+        # Step 1: Create user without password
         user = self.post("/Users/New", {"Name": username}).json()
         user_id = user["Id"]
-        # Update the user's password
-        self.post(
-            f"/Users/{user_id}/Password",
-            {"Id": user_id, "NewPw": password, "ResetPassword": True},
-        )
+        
+        # Step 2: Set password
+        try:
+            logging.info(f"Setting password for user {username} (ID: {user_id})")
+            password_response = self.post(
+                f"/Users/{user_id}/Password",
+                {
+                    "NewPw": password,
+                    "CurrentPw": "",  # No current password for new users
+                    "ResetPassword": False  # Important! Don't reset password
+                }
+            )
+            logging.info(f"Password set response: {password_response.status_code}")
+        except Exception as e:
+            logging.error(f"Failed to set password for user {username}: {str(e)}")
+            # Continue with user creation even if password setting fails
+            # as we may need to debug further
+        
         return user_id
-
+        
     def set_policy(self, user_id: str, policy: dict) -> None:
         self.post(f"/Users/{user_id}/Policy", policy)
 
@@ -105,4 +127,199 @@ def list_users(self) -> list[User]:
                 db.session.delete(dbu)
         db.session.commit()
 
-        return User.query.all()
+        return User.query.all()
+
+
+# Helper functions for Emby operations
+
+
+def mark_invite_used(inv: Invitation, user: User) -> None:
+    """Mark an invitation as used by a specific user"""
+    inv.used = True if not inv.unlimited else inv.used
+    inv.used_at = datetime.datetime.now()
+    inv.used_by = user
+    db.session.commit()
+
+
+def folder_name_to_id(name: str, cache: dict[str, str]) -> str | None:
+    """Convert a folder ID or name to its ID
+    
+    Args:
+        name: Either a library name or a library ID
+        cache: Dictionary mapping library IDs to library names
+        
+    Returns:
+        The library ID if found, None otherwise
+    """
+    # Check if the name is already a valid ID
+    if name in cache:
+        return name
+    
+    # Otherwise, try to find the ID by name
+    for folder_id, folder_name in cache.items():
+        if folder_name == name:
+            return folder_id
+    
+    # Not found
+    return None
+
+
+def set_specific_folders(client: EmbyClient, user_id: str, names: list[str]):
+    """Set specific folders for a user based on selected libraries
+    
+    Args:
+        client: The Emby client instance
+        user_id: The ID of the user to set permissions for
+        names: List of library external_ids to enable for the user
+    """
+    # Following the same simple approach as the working Jellyfin implementation
+    logging.info(f"Setting folder access for user {user_id} with libraries: {names}")
+    
+    # Get all media folders
+    response = client.get("/Library/MediaFolders")
+    media_folders = response.json().get("Items", [])
+    
+    # Create mapping (match Jellyfin's approach with both ID→Name and Name→ID)
+    id_to_name = {item["Id"]: item["Name"] for item in media_folders}
+    name_to_id = {item["Name"]: item["Id"] for item in media_folders}
+    
+    # Debug info
+    logging.info(f"Available libraries: {', '.join([f'{id}: {name}' for id, name in id_to_name.items()])}")
+    
+    # Convert names to IDs, handling both cases where names could be IDs or actual names
+    folder_ids = []
+    for name in names:
+        # If it's already an ID
+        if name in id_to_name:
+            folder_ids.append(name)
+            logging.info(f"Found direct ID match for {name}: {id_to_name[name]}")
+        # If it's a name
+        elif name in name_to_id:
+            folder_ids.append(name_to_id[name])
+            logging.info(f"Found name match for {name}: {name_to_id[name]}")
+        else:
+            logging.warning(f"Could not find library matching: {name}")
+    
+    # Remove duplicates and None values
+    folder_ids = list(set([fid for fid in folder_ids if fid]))
+    
+    # Log what we found
+    if folder_ids:
+        logging.info(f"Matched {len(folder_ids)} libraries: {[id_to_name.get(fid, fid) for fid in folder_ids]}")
+    else:
+        logging.warning("No matching libraries found, user will have no access")
+    
+    # Create simple policy patch - IDENTICAL to Jellyfin implementation
+    policy_patch = {
+        "EnableAllFolders": not folder_ids,  # True if empty list, False otherwise
+        "EnabledFolders": folder_ids,
+    }
+    
+    # Get current policy
+    current = client.get_user(user_id)["Policy"]
+    
+    # Log what we're doing
+    logging.info(f"Setting EnableAllFolders={policy_patch['EnableAllFolders']}")
+    logging.info(f"Setting EnabledFolders={policy_patch['EnabledFolders']}")
+    
+    # Update current policy with our changes
+    current.update(policy_patch)
+    
+    # Make sure essential playback permissions are enabled
+    playback_permissions = {
+        "EnableMediaPlayback": True,
+        "EnableAudioPlaybackTranscoding": True,
+        "EnableVideoPlaybackTranscoding": True,
+        "EnablePlaybackRemuxing": True,
+        "EnableContentDownloading": True,
+        "EnableRemoteAccess": True,
+    }
+    current.update(playback_permissions)
+    
+    # Apply the updated policy
+    client.set_policy(user_id, current)
+
+
+def join(username: str, password: str, confirm: str, email: str, code: str) -> tuple[bool, str]:
+    """Process a join request for a new Emby user"""
+    client = EmbyClient()
+    
+    # Validate input data
+    if not EMAIL_RE.fullmatch(email):
+        return False, "Invalid e-mail address."
+    if not 8 <= len(password) <= 20:
+        return False, "Password must be 8–20 characters."
+    if password != confirm:
+        return False, "Passwords do not match."
+    
+    # Validate invitation code
+    ok, msg = is_invite_valid(code)
+    if not ok:
+        return False, msg
+        
+    # Check for existing users with same username/email
+    existing = User.query.filter(
+        or_(User.username == username, User.email == email)
+    ).first()
+    if existing:
+        return False, "User or e-mail already exists."
+    
+    try:
+        # Create the user in Emby
+        logging.info(f"Creating Emby user: {username}")
+        
+        # Step 1: Create the user in Emby
+        user_id = client.create_user(username, password)
+        logging.info(f"Emby user created with ID: {user_id}")
+        
+        # Step 2: Get invitation record to determine library access
+        inv = Invitation.query.filter_by(code=code).first()
+        
+        # Step 3: Determine which libraries to grant access to
+        if inv.libraries:
+            logging.info(f"Using specific libraries from invitation: {[lib.name for lib in inv.libraries]}")
+            sections = [lib.external_id for lib in inv.libraries]
+        else:
+            logging.info("No specific libraries in invitation, using all enabled libraries")
+            sections = [
+                lib.external_id
+                for lib in Library.query.filter_by(enabled=True).all()
+            ]
+        
+        logging.info(f"Library IDs to enable: {sections}")
+            
+        # Step 4: Apply folder permissions directly (skip initial policy)
+        # This avoids any potential conflicts between multiple policy updates
+        set_specific_folders(client, user_id, sections)
+        logging.info(f"Applied library permissions for Emby user: {username}")
+        
+        # Calculate expiration date if needed
+        expires = None
+        if inv.duration:
+            days = int(inv.duration)
+            expires = datetime.datetime.utcnow() + datetime.timedelta(days=days)
+        
+        # Create local user record
+        new_user = User(
+            username=username,
+            email=email,
+            password="emby-user",  # Not used for auth, just a placeholder
+            token=user_id,
+            code=code,
+            expires=expires,
+        )
+        
+        db.session.add(new_user)
+        db.session.commit()
+        
+        # Mark invitation as used
+        mark_invite_used(inv, new_user)
+        notify("New User", f"User {username} has joined your Emby server! 🎉", tags="tada")
+        
+        # Return success
+        return True, ""
+        
+    except Exception as e:
+        logging.error(f"Emby join error: {str(e)}", exc_info=True)
+        db.session.rollback()
+        return False, "An unexpected error occurred during user creation."
diff --git a/app/templates/welcome-jellyfin.html b/app/templates/welcome-jellyfin.html
@@ -23,7 +23,7 @@
                     </h1>
                     <p class="mt-2 text-sm text-red-600 dark:text-red-500"><span class="font-medium">{{ error }}</p>
 
-                    <form class="space-y-4 md:space-y-6" action="{{ url_for("jellyfin.public_join") }}" method="POST">
+                    <form class="space-y-4 md:space-y-6" action="{% if server_type == 'emby' %}{{ url_for('emby.public_join') }}{% else %}{{ url_for('jellyfin.public_join') }}{% endif %}" method="POST">
                         <div>
                             <label for="username"
                                 class="block mb-2 text-sm font-medium text-gray-900 dark:text-white">{{
