2019-11-08 06:53:40 +01:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
"github.com/photoprism/photoprism/internal/config"
|
2020-06-25 01:20:58 +02:00
|
|
|
"github.com/photoprism/photoprism/internal/entity"
|
2019-12-05 19:21:35 +01:00
|
|
|
"github.com/photoprism/photoprism/internal/form"
|
2020-04-20 13:50:28 +02:00
|
|
|
"github.com/photoprism/photoprism/internal/service"
|
2020-06-25 01:20:58 +02:00
|
|
|
"github.com/photoprism/photoprism/internal/session"
|
2020-01-12 14:00:56 +01:00
|
|
|
"github.com/photoprism/photoprism/pkg/txt"
|
2019-11-08 06:53:40 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
// POST /api/v1/session
|
|
|
|
func CreateSession(router *gin.RouterGroup, conf *config.Config) {
|
|
|
|
router.POST("/session", func(c *gin.Context) {
|
2019-12-05 19:21:35 +01:00
|
|
|
var f form.Login
|
2019-11-08 06:53:40 +01:00
|
|
|
|
2019-12-05 19:21:35 +01:00
|
|
|
if err := c.BindJSON(&f); err != nil {
|
2020-01-07 17:36:49 +01:00
|
|
|
c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": txt.UcFirst(err.Error())})
|
2019-11-08 06:53:40 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-06-25 01:20:58 +02:00
|
|
|
data := session.Data{}
|
|
|
|
|
|
|
|
if f.HasToken() {
|
|
|
|
links := entity.FindLinks(f.Token, "")
|
|
|
|
|
|
|
|
if len(links) == 0 {
|
|
|
|
c.AbortWithStatusJSON(400, gin.H{"error": "Invalid link"})
|
|
|
|
}
|
|
|
|
|
|
|
|
data.Tokens = []string{f.Token}
|
|
|
|
|
|
|
|
for _, link := range links {
|
|
|
|
data.Shared = append(data.Shared, link.ShareUID)
|
|
|
|
}
|
|
|
|
|
|
|
|
data.User = entity.Guest
|
|
|
|
} else if f.HasCredentials() {
|
|
|
|
user := entity.FindPersonByUserName(f.UserName)
|
|
|
|
|
|
|
|
if user == nil {
|
|
|
|
c.AbortWithStatusJSON(400, gin.H{"error": "Invalid user name or password"})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if user.InvalidPassword(f.Password) {
|
|
|
|
c.AbortWithStatusJSON(400, gin.H{"error": "Invalid user name or password"})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
data.User = *user
|
|
|
|
} else {
|
|
|
|
c.AbortWithStatusJSON(400, gin.H{"error": "Password required, please try again"})
|
2019-11-08 06:53:40 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-06-25 01:20:58 +02:00
|
|
|
token := service.Session().Create(data)
|
2019-11-08 06:53:40 +01:00
|
|
|
|
2019-12-28 09:48:36 +01:00
|
|
|
c.Header("X-Session-Token", token)
|
2019-11-08 06:53:40 +01:00
|
|
|
|
2020-06-25 01:20:58 +02:00
|
|
|
if data.User.Anonymous() {
|
|
|
|
c.JSON(http.StatusOK, gin.H{"token": token, "data": data, "config": conf.GuestConfig()})
|
|
|
|
} else {
|
|
|
|
c.JSON(http.StatusOK, gin.H{"token": token, "data": data, "config": conf.UserConfig()})
|
|
|
|
}
|
2019-11-08 06:53:40 +01:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// DELETE /api/v1/session/
|
|
|
|
func DeleteSession(router *gin.RouterGroup, conf *config.Config) {
|
|
|
|
router.DELETE("/session/:token", func(c *gin.Context) {
|
|
|
|
token := c.Param("token")
|
|
|
|
|
2020-04-20 13:50:28 +02:00
|
|
|
service.Session().Delete(token)
|
2019-11-08 06:53:40 +01:00
|
|
|
|
|
|
|
c.JSON(http.StatusOK, gin.H{"status": "ok", "token": token})
|
|
|
|
})
|
|
|
|
}
|
2019-11-11 21:10:41 +01:00
|
|
|
|
|
|
|
// Returns true, if user doesn't have a valid session token
|
|
|
|
func Unauthorized(c *gin.Context, conf *config.Config) bool {
|
2020-06-22 20:15:08 +02:00
|
|
|
// Always return false if site is public.
|
2019-11-11 21:10:41 +01:00
|
|
|
if conf.Public() {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2020-06-22 20:15:08 +02:00
|
|
|
// Get session token from HTTP header.
|
2019-11-11 21:10:41 +01:00
|
|
|
token := c.GetHeader("X-Session-Token")
|
|
|
|
|
2020-06-22 20:15:08 +02:00
|
|
|
// Check if session token is valid.
|
2020-04-20 13:50:28 +02:00
|
|
|
return !service.Session().Exists(token)
|
2019-11-11 21:10:41 +01:00
|
|
|
}
|
2020-05-27 19:38:40 +02:00
|
|
|
|
2020-06-25 01:20:58 +02:00
|
|
|
// Gets session token from HTTP header.
|
|
|
|
func SessionToken(c *gin.Context) string {
|
|
|
|
return c.GetHeader("X-Session-Token")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Session returns the current session data.
|
|
|
|
func Session(token string, conf *config.Config) (data *session.Data) {
|
|
|
|
if token == "" {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
defer func() {
|
|
|
|
if err := recover(); err != nil {
|
|
|
|
data = nil
|
|
|
|
log.Errorf("session: %s [panic]", err)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
// Always return false if site is public.
|
|
|
|
if conf.Public() {
|
|
|
|
admin := entity.FindPersonByUserName("admin")
|
|
|
|
|
|
|
|
if admin == nil {
|
|
|
|
log.Error("session: admin user not found - bug?")
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return &session.Data{User: *admin}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if session token is valid.
|
|
|
|
return service.Session().Get(token)
|
|
|
|
}
|
|
|
|
|
2020-05-27 19:38:40 +02:00
|
|
|
// InvalidToken returns true if the token is invalid.
|
|
|
|
func InvalidToken(c *gin.Context, conf *config.Config) bool {
|
|
|
|
token := c.Param("token")
|
|
|
|
|
|
|
|
if token == "" {
|
|
|
|
token = c.Query("t")
|
|
|
|
}
|
|
|
|
|
|
|
|
return conf.InvalidToken(token)
|
|
|
|
}
|
|
|
|
|
|
|
|
// InvalidDownloadToken returns true if the token is invalid.
|
|
|
|
func InvalidDownloadToken(c *gin.Context, conf *config.Config) bool {
|
|
|
|
return conf.InvalidDownloadToken(c.Query("t"))
|
|
|
|
}
|