feat(api): allow plex logins from users who have access to the server

server/api/plextv.ts

@@ -1,4 +1,6 @@
 import axios, { AxiosInstance } from 'axios';
+import xml2js from 'xml2js';
+import { getSettings } from '../lib/settings';
 
 interface PlexAccountResponse {
   user: PlexUser;
@@ -26,6 +28,33 @@ interface PlexUser {
   entitlements: string[];
 }
 
+interface ServerResponse {
+  $: {
+    id: string;
+    serverId: string;
+    machineIdentifier: string;
+    name: string;
+    lastSeenAt: string;
+    numLibraries: string;
+    owned: string;
+  };
+}
+
+interface FriendResponse {
+  MediaContainer: {
+    User: {
+      $: {
+        id: string;
+        title: string;
+        username: string;
+        email: string;
+        thumb: string;
+      };
+      Server: ServerResponse[];
+    }[];
+  };
+}
+
 class PlexTvAPI {
   private authToken: string;
   private axios: AxiosInstance;
@@ -57,6 +86,48 @@ class PlexTvAPI {
       throw new Error('Invalid auth token');
     }
   }
+
+  public async getFriends(): Promise<FriendResponse> {
+    const response = await this.axios.get('/pms/friends/all', {
+      transformResponse: [],
+      responseType: 'text',
+    });
+
+    const parsedXml = (await xml2js.parseStringPromise(
+      response.data
+    )) as FriendResponse;
+
+    return parsedXml;
+  }
+
+  public async checkUserAccess(authUser: PlexUser): Promise<boolean> {
+    const settings = getSettings();
+
+    try {
+      if (!settings.plex.machineId) {
+        throw new Error('Plex is not configured!');
+      }
+
+      const friends = await this.getFriends();
+
+      const users = friends.MediaContainer.User;
+
+      const user = users.find((u) => Number(u.$.id) === authUser.id);
+
+      if (!user) {
+        throw new Error(
+          'This user does not exist on the main plex accounts shared list'
+        );
+      }
+
+      return !!user.Server.find(
+        (server) => server.$.machineIdentifier === settings.plex.machineId
+      );
+    } catch (e) {
+      console.log(`Error checking user access: ${e.message}`);
+      return false;
+    }
+  }
 }
 
 export default PlexTvAPI;

server/lib/settings.ts

@@ -10,7 +10,7 @@ interface Library {
 
 interface PlexSettings {
   name: string;
-  machineId: string;
+  machineId?: string;
   ip: string;
   port: number;
   libraries: Library[];
@@ -67,10 +67,9 @@ class Settings {
         apiKey: 'temp',
       },
       plex: {
-        name: 'Main Server',
+        name: '',
         ip: '127.0.0.1',
         port: 32400,
-        machineId: '',
         libraries: [],
       },
       radarr: [],

server/routes/auth.ts

@@ -70,8 +70,22 @@ authRoutes.post('/login', async (req, res) => {
 
       // If we get to this point, the user does not already exist so we need to create the
       // user _assuming_ they have access to the plex server
-      // (We cant do this until we finish the settings sytem and actually
-      // store the user token in ticket #55)
+      const mainUser = await userRepository.findOneOrFail({
+        select: ['id', 'plexToken'],
+        order: { id: 'ASC' },
+      });
+      const mainPlexTv = new PlexTvAPI(mainUser.plexToken ?? '');
+      if (await mainPlexTv.checkUserAccess(account)) {
+        user = new User({
+          email: account.email,
+          username: account.username,
+          plexId: account.id,
+          plexToken: account.authToken,
+          permissions: Permission.REQUEST,
+          avatar: account.thumb,
+        });
+        await userRepository.save(user);
+      }
     }
 
     // Set logged in session