photoprism/internal/api/auth_session_get.go

package api

import (
	"net/http"

	"github.com/photoprism/photoprism/internal/config"

	"github.com/photoprism/photoprism/internal/service"

	"github.com/gin-gonic/gin"

	"github.com/photoprism/photoprism/pkg/clean"
)

// GetSession returns the session data as JSON if authentication was successful.
//
// GET /api/v1/session/:id
func GetSession(router *gin.RouterGroup) {
	router.GET("/session/:id", func(c *gin.Context) {
		id := clean.ID(c.Param("id"))

		if id == "" {
			AbortBadRequest(c)
			return
		} else if id != SessionID(c) {
			AbortForbidden(c)
			return
		}

		sess := Session(id)

		switch {
		case sess == nil:
			AbortUnauthorized(c)
			return
		case sess.Expired(), sess.ID == "":
			AbortUnauthorized(c)
			return
		case sess.Invalid():
			AbortForbidden(c)
			return
		}

		// Update user information.
		sess.RefreshUser()

		// Add session id to response headers.
		AddSessionHeader(c, sess.ID)

		var clientConfig config.ClientConfig

		if conf := service.Config(); conf == nil {
			log.Errorf("session: config is nil - possible bug")
			AbortUnexpected(c)
			return
		} else if sess.User().IsVisitor() {
			clientConfig = conf.ClientShare()
		} else if sess.User().IsRegistered() {
			clientConfig = conf.ClientSession(sess)
		} else {
			clientConfig = conf.ClientPublic()
		}

		// Send JSON response with user information, session data, and client config values.
		c.JSON(http.StatusOK, gin.H{"status": "ok", "id": sess.ID, "user": sess.User(), "data": sess.Data(), "config": clientConfig})
	})
}
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`package api`

			`import (`
			`"net/http"`

			`"github.com/photoprism/photoprism/internal/config"`

			`"github.com/photoprism/photoprism/internal/service"`

			`"github.com/gin-gonic/gin"`

			`"github.com/photoprism/photoprism/pkg/clean"`
			`)`

			`// GetSession returns the session data as JSON if authentication was successful.`
			`//`
			`// GET /api/v1/session/:id`
			`func GetSession(router *gin.RouterGroup) {`
			`router.GET("/session/:id", func(c *gin.Context) {`
			`id := clean.ID(c.Param("id"))`

			`if id == "" {`
			`AbortBadRequest(c)`
			`return`
			`} else if id != SessionID(c) {`
			`AbortForbidden(c)`
			`return`
			`}`

			`sess := Session(id)`

			`switch {`
			`case sess == nil:`
			`AbortUnauthorized(c)`
			`return`
			`case sess.Expired(), sess.ID == "":`
			`AbortUnauthorized(c)`
			`return`
			`case sess.Invalid():`
			`AbortForbidden(c)`
			`return`
			`}`

			`// Update user information.`
			`sess.RefreshUser()`

			`// Add session id to response headers.`
			`AddSessionHeader(c, sess.ID)`

			`var clientConfig config.ClientConfig`

			`if conf := service.Config(); conf == nil {`
			`log.Errorf("session: config is nil - possible bug")`
			`AbortUnexpected(c)`
			`return`
			`} else if sess.User().IsVisitor() {`
			`clientConfig = conf.ClientShare()`
			`} else if sess.User().IsRegistered() {`
			`clientConfig = conf.ClientSession(sess)`
			`} else {`
			`clientConfig = conf.ClientPublic()`
			`}`

			`// Send JSON response with user information, session data, and client config values.`
			`c.JSON(http.StatusOK, gin.H{"status": "ok", "id": sess.ID, "user": sess.User(), "data": sess.Data(), "config": clientConfig})`
			`})`
			`}`