Commit graph

481 commits

Author SHA1 Message Date
graciousgrey
54c3ac9b6a Tests: Add unit tests 2024-01-31 14:34:56 +01:00
Michael Mayer
fc996ba65a Settings: Add buttons for configuring 2FA and App Passwords #782 #808
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-30 00:05:55 +01:00
Michael Mayer
6ff747c396 Colors: Enforce thumbnail size limit of 3x3 pixels #3976
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-29 22:31:04 +01:00
Michael Mayer
d0ad3c23fb OAuth2: Remove client soft delete and fix client add command #213 #3943
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-29 21:08:01 +01:00
Michael Mayer
fe7e342692 OAuth2: Improve authentication logs and commands #213 #3730 #3943
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-29 17:32:53 +01:00
Michael Mayer
305e7bac68 OAuth2: Refactor "client add" and "client mod" CLI commands #808 #3943
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-29 13:54:50 +01:00
Michael Mayer
86dc89c4b9 Config: Show error if originals and storage path seem identical #1642
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-21 14:22:16 +01:00
Michael Mayer
89ca0d8899 Index: Ignore nested storage folder in the originals path #1642
This creates a .ppstorage file in the storage folder so that it can be
automatically ignored if found in the originals path while indexing.

Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-20 17:32:10 +01:00
Michael Mayer
01da5bdec7 CRC32: Move checksum generation to a dedicated package
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-20 14:56:07 +01:00
Michael Mayer
2df0b6e4b1 Server: Exclude .mp4 and .zip from compression and refactor vary #4018
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-20 12:48:42 +01:00
Michael Mayer
a4e2bb33b9 2FA: Rename "Auth Secret" to "App Password" for more clarity #782 #808
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-19 18:10:01 +01:00
graciousgrey
62ddac3142 Tests: Add unit tests 2024-01-19 15:29:09 +01:00
Michael Mayer
06a18f5818 Auth: Add "access_token" authentication provider type #782 #808 #3943
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-19 14:41:08 +01:00
Michael Mayer
4ba32a7220 2FA: Add two-factor authentication key model and tests #782 #808 #3943
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-19 13:45:30 +01:00
graciousgrey
f08ef59245 Tests: Add unit tests 2024-01-17 14:56:08 +01:00
Michael Mayer
2912ac9464 Security: Refactor cache headers, auth token validation & UI #782 #808
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-17 14:16:02 +01:00
Michael Mayer
127b30dd31 Config: Allow CORS for additional file types when using a CDN #3931
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 21:25:29 +01:00
Michael Mayer
3946e2a16f API: Refactor "404 Not Found" response handler #3931
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 20:56:43 +01:00
Michael Mayer
abfea6354c Config: Allow CORS for fonts and CSS when using a CDN #3931
see https://www.w3.org/TR/css-fonts-3/#font-fetching-requirements

Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 20:04:36 +01:00
Michael Mayer
da10b30fdf API: Add auth token to vary header for caching proxies and CDNs #3931
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 16:42:21 +01:00
Michael Mayer
c3b9b73d1d API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 16:17:16 +01:00
Michael Mayer
02a1b12edb Config: Update CORS header defaults and add /api/v1/echo endpoint #3931
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 14:36:08 +01:00
Michael Mayer
239708f00f Config: Add options to configure CORS origin, headers and methods #3931
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 12:14:06 +01:00
Michael Mayer
c5f6a28448 Config: Add PHOTOPRISM_HTTP_CORS option for CDN users #3931 #3940
In addition, the Access-Control-Allow-Origin header is set to the same
URL if an Origin header is found in the request (experimental).

Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-15 13:06:27 +01:00
Michael Mayer
fed1d8ad95 Auth: Accept access token as passwd with fail rate limit #782 #808 #3943
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-14 18:28:17 +01:00
Michael Mayer
9586a9ec69 Auth: Refactor API to allow auth secrets to be used as tokens #808 #3943
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-14 12:01:26 +01:00
Michael Mayer
e21e462f00 Auth: Improve "auth add" and "client add" CLI commands #808 #3943
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-13 16:27:05 +01:00
Michael Mayer
7d78ee803a Use human-friendly secrets & names for personal access tokens #808 #3943
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-10 17:23:08 +01:00
Michael Mayer
94e361a8fd WebDAV: Add authorization check based on auth tokens #782 #808 #3943
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-10 16:54:13 +01:00
Michael Mayer
7a05c5553b OAuth2: Add "POST /api/v1/oauth/revoke" API endpoint #782 #808 #3943
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-10 12:21:43 +01:00
Michael Mayer
3e924b70c7 API: Move handling of HTTP auth headers to pkg/header #808 #3943 #3959
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-09 10:58:47 +01:00
Michael Mayer
0e4d81853c API: Add .well-known/oauth-authorization-server route handler #808 #3943
This commit also adds an /api/v1/oauth/logout endpoint that allows
clients to delete their sessions (access tokens) as needed.

Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-08 14:53:39 +01:00
Michael Mayer
f8e0615cc8 Auth: Ensure backwards compatibility for existing API clients #808 #3943
These changes ensure that the new (SHA256) session ID is returned in the
"session_id" field, so that developers have time to update their client
implementations to use the new "access_token" field.

Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-07 12:25:56 +01:00
Michael Mayer
0d2f8be522 Auth: Use hashed auth tokens for enhanced security #3943 #808 #782
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-06 17:35:19 +01:00
Michael Mayer
0ca37b2c92 Docs: Update year in backend and frontend package file headers
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-05 16:38:36 +01:00
Michael Mayer
713593da4e Auth: Add CLI command to create access tokens for apps #782 #808 #3943
You can now run "photoprism auth add" to create new client access tokens
that allow external applications to use the built-in REST API.

Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-05 16:31:07 +01:00
Michael Mayer
0fd3c1790c Search: Add inline documentation to sortby.RandomExpr()
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-01 16:22:09 +01:00
Michael Mayer
8e81f78c12 Metadata: Add "TV" to list of special terms in specialwords.go
Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-12-14 16:11:32 +01:00
Michael Mayer
a29ac670f7 Metadata: Update list of special terms in specialwords.go
Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-12-13 22:09:31 +01:00
Michael Mayer
467f7b1585 OAuth2: Add Client Credentials Authentication #213 #782 #808 #3730 #3943
This adds standard OAuth2 client credentials and bearer token support as
well as scope-based authorization checks for REST API clients. Note that
this initial implementation should not be used in production and that
the access token limit has not been implemented yet.

Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-12-12 18:42:50 +01:00
Michael Mayer
e80b07795c Metadata: Update list of special terms in specialwords.go
Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-12-11 17:55:22 +01:00
Michael Mayer
dbe525b99a Metadata: Update list of special terms in specialwords.go
Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-12-11 09:25:16 +01:00
Michael Mayer
2dc680adc9 Metadata: Update list of special terms in specialwords.go
Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-12-09 16:37:15 +01:00
Michael Mayer
99b3af1863 Metadata: Update list of special terms in specialwords.go
Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-12-09 15:49:33 +01:00
graciousgrey
55d5e7a732 Videos: Add file info for .mxf files #3935 2023-12-06 12:02:13 +01:00
graciousgrey
3507f5ef55 Add support for .mxf files #3935 2023-12-06 11:59:53 +01:00
Michael Mayer
ab491c3032 2FA: Add generator for random 16-digit app passwords #808
Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-11-27 19:43:53 +01:00
Michael Mayer
fe182d78f4 Metadata: Add tests to pkg/txt/file_title_test.go
Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-11-01 12:04:37 +01:00
Michael Mayer
29be637d62 Metadata: Update pkg/txt/specialwords.go
Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-10-31 14:06:52 +01:00
Michael Mayer
6123ddf4af Metadata: Update pkg/txt/specialwords.go
Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-10-31 11:38:57 +01:00