photoprism/internal/form/client_credentials.go

package form

import (
	"fmt"

	"github.com/photoprism/photoprism/pkg/clean"
	"github.com/photoprism/photoprism/pkg/rnd"
)

// ClientCredentials represents client authentication request credentials.
type ClientCredentials struct {
	ClientID     string `form:"client_id" json:"client_id,omitempty"`
	ClientSecret string `form:"client_secret" json:" client_secret,omitempty"`
	AuthScope    string `form:"scope" json:"scope,omitempty"`
}

// Validate checks the grant type and credentials.
func (f ClientCredentials) Validate() error {
	// Check client ID.
	if f.ClientID == "" {
		return fmt.Errorf("missing client id")
	} else if rnd.InvalidUID(f.ClientID, 'c') {
		return fmt.Errorf("invalid client id")
	}

	// Check client secret.
	if f.ClientSecret == "" {
		return fmt.Errorf("missing client secret")
	} else if !rnd.IsAlnum(f.ClientSecret) {
		return fmt.Errorf("invalid client secret")
	}

	return nil
}

// Scope returns the client scopes as sanitized string.
func (f ClientCredentials) Scope() string {
	return clean.Scope(f.AuthScope)
}
OAuth2: Add Client Credentials Authentication #213 #782 #808 #3730 #3943 This adds standard OAuth2 client credentials and bearer token support as well as scope-based authorization checks for REST API clients. Note that this initial implementation should not be used in production and that the access token limit has not been implemented yet. Signed-off-by: Michael Mayer <michael@photoprism.app> 2023-12-12 18:42:50 +01:00			`package form`

			`import (`
			`"fmt"`

			`"github.com/photoprism/photoprism/pkg/clean"`
			`"github.com/photoprism/photoprism/pkg/rnd"`
			`)`

			`// ClientCredentials represents client authentication request credentials.`
			`type ClientCredentials struct {`
			ClientID string `form:"client_id" json:"client_id,omitempty"`
			ClientSecret string `form:"client_secret" json:" client_secret,omitempty"`
			AuthScope string `form:"scope" json:"scope,omitempty"`
			`}`

			`// Validate checks the grant type and credentials.`
			`func (f ClientCredentials) Validate() error {`
			`// Check client ID.`
			`if f.ClientID == "" {`
			`return fmt.Errorf("missing client id")`
			`} else if rnd.InvalidUID(f.ClientID, 'c') {`
			`return fmt.Errorf("invalid client id")`
			`}`

			`// Check client secret.`
			`if f.ClientSecret == "" {`
			`return fmt.Errorf("missing client secret")`
			`} else if !rnd.IsAlnum(f.ClientSecret) {`
			`return fmt.Errorf("invalid client secret")`
			`}`

			`return nil`
			`}`

			`// Scope returns the client scopes as sanitized string.`
			`func (f ClientCredentials) Scope() string {`
			`return clean.Scope(f.AuthScope)`
			`}`