photoprism/internal/api/session_get.go

package api

import (
	"net/http"

	"github.com/gin-gonic/gin"

	"github.com/photoprism/photoprism/internal/acl"
	"github.com/photoprism/photoprism/internal/get"
	"github.com/photoprism/photoprism/pkg/clean"
	"github.com/photoprism/photoprism/pkg/header"
	"github.com/photoprism/photoprism/pkg/rnd"
)

// GetSession returns the session data as JSON if authentication was successful.
//
// GET /api/v1/session
// GET /api/v1/session/:id
// GET /api/v1/sessions/:id
func GetSession(router *gin.RouterGroup) {
	getSessionHandler := func(c *gin.Context) {
		// Prevent CDNs from caching this endpoint.
		if header.IsCdn(c.Request) {
			AbortNotFound(c)
			return
		}

		id := clean.ID(c.Param("id"))

		if id != "" && !rnd.IsSessionID(id) {
			// Abort if session id is provided but invalid.
			AbortBadRequest(c)
			return
		}

		conf := get.Config()

		// Check if the session user is allowed to manage all accounts or update his/her own account.
		s := AuthAny(c, acl.ResourceSessions, acl.Permissions{acl.ActionManage, acl.ActionView})

		// Check if session is valid.
		switch {
		case s.Abort(c):
			return
		case s.Expired(), s.ID == "":
			AbortUnauthorized(c)
			return
		case s.Invalid(), id != "" && s.ID != id && !conf.Public():
			AbortForbidden(c)
			return
		}

		// Get auth token from headers.
		authToken := AuthToken(c)

		// Update user information.
		s.RefreshUser()

		// Response includes user data, session data, and client config values.
		response := GetSessionResponse(authToken, s, get.Config().ClientSession(s))

		// Return JSON response.
		c.JSON(http.StatusOK, response)
	}

	router.GET("/session", getSessionHandler)
	router.GET("/session/:id", getSessionHandler)
	router.GET("/sessions/:id", getSessionHandler)
}
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`package api`

			`import (`
			`"net/http"`

			`"github.com/gin-gonic/gin"`

API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 16:17:16 +01:00			`"github.com/photoprism/photoprism/internal/acl"`
Routing: Prefix frontend UI routes with /library #840 #2466 Also improves migrations and updates the db schema docs. Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-10-15 21:54:11 +02:00			`"github.com/photoprism/photoprism/internal/get"`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`"github.com/photoprism/photoprism/pkg/clean"`
Auth: Accept access token as passwd with fail rate limit #782 #808 #3943 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-14 18:28:17 +01:00			`"github.com/photoprism/photoprism/pkg/header"`
			`"github.com/photoprism/photoprism/pkg/rnd"`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`)`

			`// GetSession returns the session data as JSON if authentication was successful.`
			`//`
Auth: Accept access token as passwd with fail rate limit #782 #808 #3943 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-14 18:28:17 +01:00			`// GET /api/v1/session`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`// GET /api/v1/session/:id`
Auth: Accept access token as passwd with fail rate limit #782 #808 #3943 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-14 18:28:17 +01:00			`// GET /api/v1/sessions/:id`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`func GetSession(router *gin.RouterGroup) {`
API: Add .well-known/oauth-authorization-server route handler #808 #3943 This commit also adds an /api/v1/oauth/logout endpoint that allows clients to delete their sessions (access tokens) as needed. Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-08 14:53:39 +01:00			`getSessionHandler := func(c *gin.Context) {`
API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 16:17:16 +01:00			`// Prevent CDNs from caching this endpoint.`
			`if header.IsCdn(c.Request) {`
API: Refactor "404 Not Found" response handler #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 20:56:43 +01:00			`AbortNotFound(c)`
API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 16:17:16 +01:00			`return`
			`}`

Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`id := clean.ID(c.Param("id"))`

Auth: Accept access token as passwd with fail rate limit #782 #808 #3943 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-14 18:28:17 +01:00			`if id != "" && !rnd.IsSessionID(id) {`
API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 16:17:16 +01:00			`// Abort if session id is provided but invalid.`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`AbortBadRequest(c)`
			`return`
			`}`

Server: Add Error 404 Not Found template and change ext to .gohtml #840 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-10-18 14:21:23 +02:00			`conf := get.Config()`
Auth: Accept access token as passwd with fail rate limit #782 #808 #3943 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-14 18:28:17 +01:00
API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 16:17:16 +01:00			`// Check if the session user is allowed to manage all accounts or update his/her own account.`
			`s := AuthAny(c, acl.ResourceSessions, acl.Permissions{acl.ActionManage, acl.ActionView})`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00
API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 16:17:16 +01:00			`// Check if session is valid.`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`switch {`
API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 16:17:16 +01:00			`case s.Abort(c):`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`return`
API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 16:17:16 +01:00			`case s.Expired(), s.ID == "":`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`AbortUnauthorized(c)`
			`return`
API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 16:17:16 +01:00			`case s.Invalid(), id != "" && s.ID != id && !conf.Public():`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`AbortForbidden(c)`
			`return`
			`}`

API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 16:17:16 +01:00			`// Get auth token from headers.`
			`authToken := AuthToken(c)`

Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`// Update user information.`
API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 16:17:16 +01:00			`s.RefreshUser()`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00
Auth: Use hashed auth tokens for enhanced security #3943 #808 #782 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-06 17:35:19 +01:00			`// Response includes user data, session data, and client config values.`
API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-16 16:17:16 +01:00			`response := GetSessionResponse(authToken, s, get.Config().ClientSession(s))`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00
Auth: Use hashed auth tokens for enhanced security #3943 #808 #782 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-06 17:35:19 +01:00			`// Return JSON response.`
			`c.JSON(http.StatusOK, response)`
API: Add .well-known/oauth-authorization-server route handler #808 #3943 This commit also adds an /api/v1/oauth/logout endpoint that allows clients to delete their sessions (access tokens) as needed. Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-08 14:53:39 +01:00			`}`

Auth: Accept access token as passwd with fail rate limit #782 #808 #3943 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-14 18:28:17 +01:00			`router.GET("/session", getSessionHandler)`
API: Add .well-known/oauth-authorization-server route handler #808 #3943 This commit also adds an /api/v1/oauth/logout endpoint that allows clients to delete their sessions (access tokens) as needed. Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-08 14:53:39 +01:00			`router.GET("/session/:id", getSessionHandler)`
Auth: Accept access token as passwd with fail rate limit #782 #808 #3943 Signed-off-by: Michael Mayer <michael@photoprism.app> 2024-01-14 18:28:17 +01:00			`router.GET("/sessions/:id", getSessionHandler)`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`}`