7e7ba69982
This also adds the ability to change the client role if needed and improves the usage information and output of the CLI commands. Signed-off-by: Michael Mayer <michael@photoprism.app>
40 lines
1 KiB
Go
40 lines
1 KiB
Go
package entity
|
|
|
|
import (
|
|
"github.com/photoprism/photoprism/pkg/authn"
|
|
"github.com/photoprism/photoprism/pkg/rnd"
|
|
)
|
|
|
|
// NewClientAccessToken returns a new access token session instance
|
|
// that can be used to access the API with unregistered clients.
|
|
func NewClientAccessToken(clientName string, lifetime int64, scope string, user *User) *Session {
|
|
sess := NewSession(lifetime, 0)
|
|
|
|
if clientName == "" {
|
|
clientName = rnd.Name()
|
|
}
|
|
|
|
sess.SetClientName(clientName)
|
|
sess.SetProvider(authn.ProviderClient)
|
|
sess.SetMethod(authn.MethodAccessToken)
|
|
sess.SetScope(scope)
|
|
|
|
if user != nil {
|
|
sess.SetUser(user)
|
|
sess.SetAuthToken(rnd.AuthSecret())
|
|
}
|
|
|
|
return sess
|
|
}
|
|
|
|
// CreateClientAccessToken initializes and creates a new access token session
|
|
// that can be used to access the API with unregistered clients.
|
|
func CreateClientAccessToken(clientName string, lifetime int64, scope string, user *User) (*Session, error) {
|
|
sess := NewClientAccessToken(clientName, lifetime, scope, user)
|
|
|
|
if err := sess.Create(); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return sess, nil
|
|
}
|