Commit graph

8 commits

Author SHA1 Message Date
Michael Mayer
2912ac9464 Security: Refactor cache headers, auth token validation & UI #782 #808
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-17 14:16:02 +01:00
Michael Mayer
3946e2a16f API: Refactor "404 Not Found" response handler #3931
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 20:56:43 +01:00
Michael Mayer
c3b9b73d1d API: Only allow CDNs to cache GET, HEAD, and OPTIONS requests #3931
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 16:17:16 +01:00
Michael Mayer
02a1b12edb Config: Update CORS header defaults and add /api/v1/echo endpoint #3931
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 14:36:08 +01:00
Michael Mayer
fed1d8ad95 Auth: Accept access token as passwd with fail rate limit #782 #808 #3943
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-14 18:28:17 +01:00
Michael Mayer
f8e0615cc8 Auth: Ensure backwards compatibility for existing API clients #808 #3943
These changes ensure that the new (SHA256) session ID is returned in the
"session_id" field, so that developers have time to update their client
implementations to use the new "access_token" field.

Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-07 12:25:56 +01:00
Michael Mayer
0d2f8be522 Auth: Use hashed auth tokens for enhanced security #3943 #808 #782
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-06 17:35:19 +01:00
Michael Mayer
8df444dfd7 Auth: Refactor session API #98
Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-03-10 12:15:10 +01:00
Renamed from internal/api/sessions_create.go (Browse further)