photoprism/internal/api/session.go

package api

import (
	"net/http"

	"github.com/gin-gonic/gin"
	"github.com/photoprism/photoprism/internal/config"
	"github.com/photoprism/photoprism/internal/form"
	"github.com/photoprism/photoprism/internal/service"
	"github.com/photoprism/photoprism/pkg/txt"
)

// POST /api/v1/session
func CreateSession(router *gin.RouterGroup, conf *config.Config) {
	router.POST("/session", func(c *gin.Context) {
		var f form.Login

		if err := c.BindJSON(&f); err != nil {
			c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": txt.UcFirst(err.Error())})
			return
		}

		if !conf.CheckPassword(f.Password) {
			c.AbortWithStatusJSON(400, gin.H{"error": "Invalid password"})
			return
		}

		user := gin.H{"ID": 1, "FirstName": "Admin", "LastName": "", "Role": "admin", "Email": "photoprism@localhost"}

		token := service.Session().Create(user)

		c.Header("X-Session-Token", token)

		s := gin.H{"token": token, "user": user, "config": conf.ClientConfig()}

		c.JSON(http.StatusOK, s)
	})
}

// DELETE /api/v1/session/
func DeleteSession(router *gin.RouterGroup, conf *config.Config) {
	router.DELETE("/session/:token", func(c *gin.Context) {
		token := c.Param("token")

		service.Session().Delete(token)

		c.JSON(http.StatusOK, gin.H{"status": "ok", "token": token})
	})
}

// Returns true, if user doesn't have a valid session token
func Unauthorized(c *gin.Context, conf *config.Config) bool {
	// Always return false if site is public.
	if conf.Public() {
		return false
	}

	// Get session token from HTTP header.
	token := c.GetHeader("X-Session-Token")

	// Check if session token is valid.
	return !service.Session().Exists(token)
}

// InvalidToken returns true if the token is invalid.
func InvalidToken(c *gin.Context, conf *config.Config) bool {
	token := c.Param("token")

	if token == "" {
		token = c.Query("t")
	}

	return conf.InvalidToken(token)
}

// InvalidDownloadToken returns true if the token is invalid.
func InvalidDownloadToken(c *gin.Context, conf *config.Config) bool {
	return conf.InvalidDownloadToken(c.Query("t"))
}
Basic login for admin #16 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-11-08 06:53:40 +01:00			`package api`

			`import (`
			`"net/http"`

			`"github.com/gin-gonic/gin"`
			`"github.com/photoprism/photoprism/internal/config"`
Albums: Zip download #15 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-12-05 19:21:35 +01:00			`"github.com/photoprism/photoprism/internal/form"`
Keep sessions for 7 days Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-04-20 13:50:28 +02:00			`"github.com/photoprism/photoprism/internal/service"`
Backend: Move reusable packages to pkg/ Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-01-12 14:00:56 +01:00			`"github.com/photoprism/photoprism/pkg/txt"`
Basic login for admin #16 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-11-08 06:53:40 +01:00			`)`

			`// POST /api/v1/session`
			`func CreateSession(router gin.RouterGroup, conf config.Config) {`
			`router.POST("/session", func(c *gin.Context) {`
Albums: Zip download #15 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-12-05 19:21:35 +01:00			`var f form.Login`
Basic login for admin #16 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-11-08 06:53:40 +01:00
Albums: Zip download #15 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-12-05 19:21:35 +01:00			`if err := c.BindJSON(&f); err != nil {`
Backend: Add stub for meta package #172 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-01-07 17:36:49 +01:00			`c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": txt.UcFirst(err.Error())})`
Basic login for admin #16 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-11-08 06:53:40 +01:00			`return`
			`}`

Backend: Support encrypted password (#231) See issue #221, only handles bcrypt 2020-01-28 11:04:10 +01:00			`if !conf.CheckPassword(f.Password) {`
Basic login for admin #16 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-11-08 06:53:40 +01:00			`c.AbortWithStatusJSON(400, gin.H{"error": "Invalid password"})`
			`return`
			`}`

Backend: Add session package #169 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-12-28 09:48:36 +01:00			`user := gin.H{"ID": 1, "FirstName": "Admin", "LastName": "", "Role": "admin", "Email": "photoprism@localhost"}`
Basic login for admin #16 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-11-08 06:53:40 +01:00
Keep sessions for 7 days Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-04-20 13:50:28 +02:00			`token := service.Session().Create(user)`
Basic login for admin #16 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-11-08 06:53:40 +01:00
Backend: Add session package #169 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-12-28 09:48:36 +01:00			`c.Header("X-Session-Token", token)`
Basic login for admin #16 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-11-08 06:53:40 +01:00
Only send full clientConfig if authenticated #216 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-01-23 07:39:04 +01:00			`s := gin.H{"token": token, "user": user, "config": conf.ClientConfig()}`
Add Websocket authentication #216 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-01-22 16:54:01 +01:00
Basic login for admin #16 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-11-08 06:53:40 +01:00			`c.JSON(http.StatusOK, s)`
			`})`
			`}`

			`// DELETE /api/v1/session/`
			`func DeleteSession(router gin.RouterGroup, conf config.Config) {`
			`router.DELETE("/session/:token", func(c *gin.Context) {`
			`token := c.Param("token")`

Keep sessions for 7 days Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-04-20 13:50:28 +02:00			`service.Session().Delete(token)`
Basic login for admin #16 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-11-08 06:53:40 +01:00
			`c.JSON(http.StatusOK, gin.H{"status": "ok", "token": token})`
			`})`
			`}`
Config: Add public flag to disable auth #16 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-11-11 21:10:41 +01:00
			`// Returns true, if user doesn't have a valid session token`
			`func Unauthorized(c gin.Context, conf config.Config) bool {`
Add link sharing template #18 Public mode only, auth not implemented yet. Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-06-22 20:15:08 +02:00			`// Always return false if site is public.`
Config: Add public flag to disable auth #16 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-11-11 21:10:41 +01:00			`if conf.Public() {`
			`return false`
			`}`

Add link sharing template #18 Public mode only, auth not implemented yet. Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-06-22 20:15:08 +02:00			`// Get session token from HTTP header.`
Config: Add public flag to disable auth #16 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-11-11 21:10:41 +01:00			`token := c.GetHeader("X-Session-Token")`

Add link sharing template #18 Public mode only, auth not implemented yet. Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-06-22 20:15:08 +02:00			`// Check if session token is valid.`
Keep sessions for 7 days Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-04-20 13:50:28 +02:00			`return !service.Session().Exists(token)`
Config: Add public flag to disable auth #16 Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2019-11-11 21:10:41 +01:00			`}`
Refactor download urls and client config Signed-off-by: Michael Mayer <michael@liquidbytes.net> 2020-05-27 19:38:40 +02:00
			`// InvalidToken returns true if the token is invalid.`
			`func InvalidToken(c gin.Context, conf config.Config) bool {`
			`token := c.Param("token")`

			`if token == "" {`
			`token = c.Query("t")`
			`}`

			`return conf.InvalidToken(token)`
			`}`

			`// InvalidDownloadToken returns true if the token is invalid.`
			`func InvalidDownloadToken(c gin.Context, conf config.Config) bool {`
			`return conf.InvalidDownloadToken(c.Query("t"))`
			`}`