Michael Mayer
127b30dd31
Config: Allow CORS for additional file types when using a CDN #3931
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 21:25:29 +01:00
Michael Mayer
3946e2a16f
API: Refactor "404 Not Found" response handler #3931
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 20:56:43 +01:00
Michael Mayer
abfea6354c
Config: Allow CORS for fonts and CSS when using a CDN #3931
...
see https://www.w3.org/TR/css-fonts-3/#font-fetching-requirements
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 20:04:36 +01:00
graciousgrey
c478025513
Tests: Add unit tests #3943
2024-01-16 18:10:59 +01:00
graciousgrey
2bf65737d3
Tests: Add unit tests #3943
2024-01-16 18:10:59 +01:00
Michael Mayer
da10b30fdf
API: Add auth token to vary header for caching proxies and CDNs #3931
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 16:42:21 +01:00
Michael Mayer
c3b9b73d1d
API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 16:17:16 +01:00
graciousgrey
e5aa76730f
Tests: Add unit tests #3943
2024-01-16 16:10:57 +01:00
graciousgrey
121a19c58c
Tests: Add unit tests #3943
2024-01-16 16:10:57 +01:00
Michael Mayer
02a1b12edb
Config: Update CORS header defaults and add /api/v1/echo endpoint #3931
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 14:36:08 +01:00
Michael Mayer
239708f00f
Config: Add options to configure CORS origin, headers and methods #3931
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 12:14:06 +01:00
graciousgrey
4e7a61ffe5
Tests: Add unit tests
2024-01-15 17:12:34 +01:00
Michael Mayer
c5f6a28448
Config: Add PHOTOPRISM_HTTP_CORS option for CDN users #3931 #3940
...
In addition, the Access-Control-Allow-Origin header is set to the same
URL if an Origin header is found in the request (experimental).
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-15 13:06:27 +01:00
Michael Mayer
e44262d4ea
Config: Ignore configured CDN URL if the same as the Site URL #3931
...
see https://docs.photoprism.app/getting-started/using-a-cdn/#cloudflare
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-15 10:54:03 +01:00
Michael Mayer
c38962e469
API: Deny client access if the scope is not authorized #782 #808
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-14 19:27:38 +01:00
Michael Mayer
5dedc8a7c0
Auth: Apply same scope when session is created from auth token #782 #808
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-14 18:53:27 +01:00
Michael Mayer
fed1d8ad95
Auth: Accept access token as passwd with fail rate limit #782 #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-14 18:28:17 +01:00
Michael Mayer
9586a9ec69
Auth: Refactor API to allow auth secrets to be used as tokens #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-14 12:01:26 +01:00
Michael Mayer
d7710adce0
Auth: Improve "auth add" and "client add" CLI commands #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-14 09:51:49 +01:00
Michael Mayer
e21e462f00
Auth: Improve "auth add" and "client add" CLI commands #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-13 16:27:05 +01:00
Michael Mayer
91eadbc21f
Auth: Reset existing user/browser sessions when upgrading #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-12 12:50:52 +01:00
Michael Mayer
34b41cf606
Config: Update default wallpaper image
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-12 12:46:18 +01:00
Michael Mayer
93bc8996bc
Entities: Update schema/mariadb.mmd
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-12 12:02:38 +01:00
Michael Mayer
c86764fa4b
Entities: Update database schema SQL and mariadb.mmd
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-12 10:30:11 +01:00
Michael Mayer
cf71582e3f
WebDAV: Require username when authenticating with basic auth #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-11 18:51:38 +01:00
Michael Mayer
e8ca9b8db2
WebDAV: Check if basic auth user matches the token, if set #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-11 12:49:31 +01:00
Michael Mayer
d481bc3d34
WebDAV: Add token authentication tests #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-11 12:08:39 +01:00
Michael Mayer
eff130cf90
WebDAV: Allow authentication with auth token and any username #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-11 11:37:36 +01:00
Michael Mayer
cc356abe03
WebDAV: Allow authentication with auth token and no username #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-10 18:03:38 +01:00
Michael Mayer
7d78ee803a
Use human-friendly secrets & names for personal access tokens #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-10 17:23:08 +01:00
Michael Mayer
94e361a8fd
WebDAV: Add authorization check based on auth tokens #782 #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-10 16:54:13 +01:00
Michael Mayer
7ef544fa53
Docs: Improve inline comments of the internal/server package #782 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-10 12:46:00 +01:00
Michael Mayer
7a05c5553b
OAuth2: Add "POST /api/v1/oauth/revoke" API endpoint #782 #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-10 12:21:43 +01:00
Michael Mayer
481c207897
Cache: Refactor internal/ttl package
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-10 10:26:38 +01:00
Michael Mayer
63ad161b96
WebDAV: Refactor authentication and HTTP request handlers #3942 #3959
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-10 09:56:46 +01:00
Michael Mayer
e03dbe5d16
OAuth2: Refactor limit for number of access tokens / sessions #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-09 13:46:55 +01:00
Michael Mayer
3e924b70c7
API: Move handling of HTTP auth headers to pkg/header #808 #3943 #3959
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-09 10:58:47 +01:00
Michael Mayer
8db853109e
WebDAV: Set file mod time based on the "X-OC-MTime" header #3942 #3959
...
Note that this is still experimental and the implementation needs to be
tested with a WebDAV client that sends a valid "X-OC-MTime" header.
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-08 18:46:42 +01:00
Michael Mayer
64b8ed572d
API: Add .well-known/openid-configuration route handler #808 #3943
...
This adds an initial "/.well-known/openid-configuration" service
discovery endpoint for use by OpenID Connect clients.
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-08 17:25:07 +01:00
Michael Mayer
ec13ccb6d5
OAuth2: Enforce limit for number of access tokens / sessions #808 #3943
...
These changes ensure that OAuth2 clients cannot create an unlimited
number of access tokens (sessions) with their client credentials.
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-08 16:57:07 +01:00
Michael Mayer
42fbf70dcf
API: Update markers.go handler docs
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-08 14:56:07 +01:00
Michael Mayer
0e4d81853c
API: Add .well-known/oauth-authorization-server route handler #808 #3943
...
This commit also adds an /api/v1/oauth/logout endpoint that allows
clients to delete their sessions (access tokens) as needed.
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-08 14:53:39 +01:00
Michael Mayer
f8e0615cc8
Auth: Ensure backwards compatibility for existing API clients #808 #3943
...
These changes ensure that the new (SHA256) session ID is returned in the
"session_id" field, so that developers have time to update their client
implementations to use the new "access_token" field.
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-07 12:25:56 +01:00
Michael Mayer
0d2f8be522
Auth: Use hashed auth tokens for enhanced security #3943 #808 #782
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-06 17:35:19 +01:00
Michael Mayer
0ca37b2c92
Docs: Update year in backend and frontend package file headers
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-05 16:38:36 +01:00
Michael Mayer
713593da4e
Auth: Add CLI command to create access tokens for apps #782 #808 #3943
...
You can now run "photoprism auth add" to create new client access tokens
that allow external applications to use the built-in REST API.
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-05 16:31:07 +01:00
Michael Mayer
910e3becbb
Auth: Refactor existing CLI sub-commands #808 #3943
...
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-02 17:06:57 +01:00
graciousgrey
04e8dfe6cb
Tests: Add unit tests #3943
2023-12-21 16:00:28 +01:00
graciousgrey
0f8d5073dd
Tests: Add unit tests #3943
2023-12-21 11:17:33 +01:00
graciousgrey
b6cb478cfb
Tests: Add unit tests
2023-12-19 17:03:50 +01:00