feat: check if first jellyfin user is admin (#635)

* feat: merge check if first jellyfin user is admin re #610 * refactor(i18n): extract admin error message into en locale --------- Co-authored-by: fallenbagel <98979876+Fallenbagel@users.noreply.github.com>
2025-12-24 02:39:18 -05:00 · 2024-03-30 05:53:14 +05:00
parent 530be4272c
commit 010df62776
4 changed files with 17 additions and 0 deletions
--- a/server/api/jellyfin.ts
+++ b/server/api/jellyfin.ts
@@ -9,6 +9,9 @@ export interface JellyfinUserResponse {
  ServerId: string;
  ServerName: string;
  Id: string;
+  Policy: {
+    IsAdministrator: boolean;
+  };
  PrimaryImageTag?: string;
 }

--- a/server/routes/auth.ts
+++ b/server/routes/auth.ts
@@ -276,6 +276,11 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
    });

    if (!user && !(await userRepository.count())) {
+      // Check if user is admin on jellyfin
+      if (account.User.Policy.IsAdministrator === false) {
+        throw new Error('not_admin');
+      }
+
      logger.info(
        'Sign-in attempt from Jellyfin user with access to the media server; creating initial admin user for Overseerr',
        {
@@ -423,6 +428,11 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
        status: 401,
        message: 'Unauthorized',
      });
+    } else if (e.message === 'not_admin') {
+      return next({
+        status: 403,
+        message: 'CREDENTIAL_ERROR_NOT_ADMIN',
+      });
    } else if (e.message === 'add_email') {
      return next({
        status: 406,
--- a/src/components/Login/JellyfinLogin.tsx
+++ b/src/components/Login/JellyfinLogin.tsx
@@ -24,6 +24,7 @@ const messages = defineMessages({
  validationusernamerequired: 'Username required',
  validationpasswordrequired: 'Password required',
  loginerror: 'Something went wrong while trying to sign in.',
+  adminerror: 'You must use an admin account to sign in.',
  credentialerror: 'The username or password is incorrect.',
  signingin: 'Signing in…',
  signin: 'Sign In',
@@ -94,6 +95,8 @@ const JellyfinLogin: React.FC<JellyfinLoginProps> = ({
              intl.formatMessage(
                e.message == 'Request failed with status code 401'
                  ? messages.credentialerror
+                  : e.message == 'Request failed with status code 403'
+                  ? messages.adminerror
                  : messages.loginerror
              ),
              {
--- a/src/i18n/locale/en.json
+++ b/src/i18n/locale/en.json
@@ -220,6 +220,7 @@
  "components.Layout.VersionStatus.streamdevelop": "Overseerr Develop",
  "components.Layout.VersionStatus.streamstable": "Overseerr Stable",
  "components.Login.credentialerror": "The username or password is incorrect.",
+  "components.Login.adminerror": "You must use an admin account to sign in.",
  "components.Login.description": "Since this is your first time logging into {applicationName}, you are required to add a valid email address.",
  "components.Login.email": "Email Address",
  "components.Login.emailtooltip": "Address does not need to be associated with your {mediaServerName} instance.",