147 lines
3.3 KiB
Go
147 lines
3.3 KiB
Go
package config
|
|
|
|
import (
|
|
"regexp"
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
|
|
"github.com/photoprism/photoprism/pkg/clean"
|
|
"github.com/photoprism/photoprism/pkg/rnd"
|
|
)
|
|
|
|
const (
|
|
AuthModePublic = "public"
|
|
AuthModePasswd = "password"
|
|
)
|
|
|
|
func isBcrypt(s string) bool {
|
|
b, err := regexp.MatchString(`^\$2[ayb]\$.{56}$`, s)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
return b
|
|
}
|
|
|
|
// AdminUser returns the admin auth name.
|
|
func (c *Config) AdminUser() string {
|
|
c.options.AdminUser = clean.Username(c.options.AdminUser)
|
|
|
|
if c.options.AdminUser == "" {
|
|
c.options.AdminUser = "admin"
|
|
}
|
|
|
|
return c.options.AdminUser
|
|
}
|
|
|
|
// AdminPassword returns the initial admin password.
|
|
func (c *Config) AdminPassword() string {
|
|
return clean.Password(c.options.AdminPassword)
|
|
}
|
|
|
|
// SessMaxAge returns the time in seconds until browser sessions expire automatically.
|
|
func (c *Config) SessMaxAge() int64 {
|
|
if c.options.SessMaxAge < 0 {
|
|
return 0
|
|
} else if c.options.SessMaxAge == 0 {
|
|
return DefaultSessMaxAge
|
|
}
|
|
|
|
return c.options.SessMaxAge
|
|
}
|
|
|
|
// SessTimeout returns the time in seconds until browser sessions expire due to inactivity
|
|
func (c *Config) SessTimeout() int64 {
|
|
if c.options.SessTimeout < 0 {
|
|
return 0
|
|
} else if c.options.SessTimeout == 0 {
|
|
return DefaultSessTimeout
|
|
}
|
|
|
|
return c.options.SessTimeout
|
|
}
|
|
|
|
// Public checks if app runs in public mode and requires no authentication.
|
|
func (c *Config) Public() bool {
|
|
return c.AuthMode() == AuthModePublic
|
|
}
|
|
|
|
// SetAuthMode changes the authentication mode (for use in tests only).
|
|
func (c *Config) SetAuthMode(mode string) {
|
|
if !c.Debug() {
|
|
return
|
|
}
|
|
|
|
switch mode {
|
|
case AuthModePublic:
|
|
c.options.AuthMode = AuthModePublic
|
|
c.options.Public = true
|
|
default:
|
|
c.options.AuthMode = AuthModePasswd
|
|
c.options.Public = false
|
|
}
|
|
}
|
|
|
|
// AuthMode returns the authentication mode.
|
|
func (c *Config) AuthMode() string {
|
|
if c.options.Public || c.options.Demo {
|
|
return AuthModePublic
|
|
}
|
|
|
|
switch c.options.AuthMode {
|
|
case AuthModePublic:
|
|
return AuthModePublic
|
|
default:
|
|
return AuthModePasswd
|
|
}
|
|
}
|
|
|
|
// Auth checks if authentication is required.
|
|
func (c *Config) Auth() bool {
|
|
return !c.Public()
|
|
}
|
|
|
|
// CheckPassword compares given password p with the admin password
|
|
func (c *Config) CheckPassword(p string) bool {
|
|
ap := c.AdminPassword()
|
|
|
|
if isBcrypt(ap) {
|
|
err := bcrypt.CompareHashAndPassword([]byte(ap), []byte(p))
|
|
return err == nil
|
|
}
|
|
|
|
return ap == p
|
|
}
|
|
|
|
// InvalidDownloadToken checks if the token is invalid.
|
|
func (c *Config) InvalidDownloadToken(t string) bool {
|
|
return c.DownloadToken() != t
|
|
}
|
|
|
|
// DownloadToken returns the DOWNLOAD api token (you can optionally use a static value for permanent caching).
|
|
func (c *Config) DownloadToken() string {
|
|
if c.options.DownloadToken == "" {
|
|
c.options.DownloadToken = rnd.GenerateToken(8)
|
|
}
|
|
|
|
return c.options.DownloadToken
|
|
}
|
|
|
|
// InvalidPreviewToken checks if the preview token is invalid.
|
|
func (c *Config) InvalidPreviewToken(t string) bool {
|
|
return c.PreviewToken() != t && c.DownloadToken() != t
|
|
}
|
|
|
|
// PreviewToken returns the preview image api token (based on the unique storage serial by default).
|
|
func (c *Config) PreviewToken() string {
|
|
if c.options.PreviewToken == "" {
|
|
if c.Public() {
|
|
c.options.PreviewToken = "public"
|
|
} else if c.Serial() == "" {
|
|
return "********"
|
|
} else {
|
|
c.options.PreviewToken = c.SerialChecksum()
|
|
}
|
|
}
|
|
|
|
return c.options.PreviewToken
|
|
}
|