2022-09-28 09:01:17 +02:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
2022-10-12 16:34:48 +02:00
|
|
|
"net/http"
|
|
|
|
|
2022-09-28 09:01:17 +02:00
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
|
|
|
"github.com/photoprism/photoprism/internal/entity"
|
|
|
|
"github.com/photoprism/photoprism/internal/event"
|
|
|
|
"github.com/photoprism/photoprism/internal/form"
|
2022-10-15 21:54:11 +02:00
|
|
|
"github.com/photoprism/photoprism/internal/get"
|
2022-09-28 09:01:17 +02:00
|
|
|
"github.com/photoprism/photoprism/internal/i18n"
|
2022-10-11 22:44:11 +02:00
|
|
|
"github.com/photoprism/photoprism/internal/server/limiter"
|
2022-09-28 09:01:17 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
// CreateSession creates a new client session and returns it as JSON if authentication was successful.
|
|
|
|
//
|
|
|
|
// POST /api/v1/session
|
|
|
|
func CreateSession(router *gin.RouterGroup) {
|
|
|
|
router.POST("/session", func(c *gin.Context) {
|
2022-10-12 18:11:20 +02:00
|
|
|
var f form.Login
|
|
|
|
|
|
|
|
if err := c.BindJSON(&f); err != nil {
|
|
|
|
event.AuditWarn([]string{ClientIP(c), "create session", "invalid request", "%s"}, err)
|
|
|
|
AbortBadRequest(c)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-10-15 21:54:11 +02:00
|
|
|
conf := get.Config()
|
2022-10-12 16:34:48 +02:00
|
|
|
|
|
|
|
// Skip authentication if app is running in public mode.
|
|
|
|
if conf.Public() {
|
2022-10-15 21:54:11 +02:00
|
|
|
sess := get.Session().Public()
|
2022-10-13 22:11:02 +02:00
|
|
|
data := gin.H{
|
|
|
|
"status": "ok",
|
|
|
|
"id": sess.ID,
|
|
|
|
"user": sess.User(),
|
|
|
|
"data": sess.Data(),
|
|
|
|
"config": conf.ClientPublic(),
|
|
|
|
}
|
|
|
|
c.JSON(http.StatusOK, data)
|
2022-10-12 16:34:48 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-10-11 22:44:11 +02:00
|
|
|
// Check limit for failed auth requests (max. 10 per minute).
|
|
|
|
if limiter.Auth.Reject(ClientIP(c)) {
|
|
|
|
limiter.AbortJSON(c)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-09-28 09:01:17 +02:00
|
|
|
var sess *entity.Session
|
2022-10-02 11:38:30 +02:00
|
|
|
var isNew bool
|
2022-09-28 09:01:17 +02:00
|
|
|
|
2022-10-02 11:38:30 +02:00
|
|
|
// Find existing session, if any.
|
|
|
|
if s := Session(SessionID(c)); s != nil {
|
|
|
|
// Update existing session.
|
2022-09-28 09:01:17 +02:00
|
|
|
sess = s
|
|
|
|
} else {
|
2022-10-02 11:38:30 +02:00
|
|
|
// Create new session.
|
2022-10-15 21:54:11 +02:00
|
|
|
sess = get.Session().New(c)
|
2022-10-02 11:38:30 +02:00
|
|
|
isNew = true
|
2022-09-28 09:01:17 +02:00
|
|
|
}
|
|
|
|
|
2022-10-11 22:44:11 +02:00
|
|
|
// Try to log in and save session if successful.
|
|
|
|
if err := sess.LogIn(f, c); err != nil {
|
2022-10-02 11:38:30 +02:00
|
|
|
c.AbortWithStatusJSON(sess.HttpStatus(), gin.H{"error": i18n.Msg(i18n.ErrInvalidCredentials)})
|
|
|
|
return
|
2022-10-15 21:54:11 +02:00
|
|
|
} else if sess, err = get.Session().Save(sess); err != nil {
|
2022-10-02 11:38:30 +02:00
|
|
|
event.AuditErr([]string{ClientIP(c), "%s"}, err)
|
|
|
|
c.AbortWithStatusJSON(sess.HttpStatus(), gin.H{"error": i18n.Msg(i18n.ErrInvalidCredentials)})
|
2022-09-28 09:01:17 +02:00
|
|
|
return
|
|
|
|
} else if sess == nil {
|
2022-10-02 11:38:30 +02:00
|
|
|
c.AbortWithStatusJSON(sess.HttpStatus(), gin.H{"error": i18n.Msg(i18n.ErrUnexpected)})
|
2022-09-28 09:01:17 +02:00
|
|
|
return
|
2022-10-02 11:38:30 +02:00
|
|
|
} else if isNew {
|
|
|
|
event.AuditInfo([]string{ClientIP(c), "session %s", "created"}, sess.RefID)
|
|
|
|
} else {
|
|
|
|
event.AuditInfo([]string{ClientIP(c), "session %s", "updated"}, sess.RefID)
|
2022-09-28 09:01:17 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Add session id to response headers.
|
|
|
|
AddSessionHeader(c, sess.ID)
|
|
|
|
|
2022-10-13 22:11:02 +02:00
|
|
|
// Get config values for the UI.
|
|
|
|
clientConfig := conf.ClientSession(sess)
|
|
|
|
|
|
|
|
// User information, session data, and client config values.
|
|
|
|
data := gin.H{
|
|
|
|
"status": "ok",
|
|
|
|
"id": sess.ID,
|
|
|
|
"user": sess.User(),
|
|
|
|
"data": sess.Data(),
|
|
|
|
"config": clientConfig,
|
2022-09-28 09:01:17 +02:00
|
|
|
}
|
|
|
|
|
2022-10-13 22:11:02 +02:00
|
|
|
// Send JSON response.
|
|
|
|
c.JSON(sess.HttpStatus(), data)
|
2022-09-28 09:01:17 +02:00
|
|
|
})
|
|
|
|
}
|