photoprism/internal/hub/config.go
Michael Mayer 7a05c5553b OAuth2: Add "POST /api/v1/oauth/revoke" API endpoint #782 #808 #3943
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-10 12:21:43 +01:00

344 lines
6.9 KiB
Go

package hub
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/sha1"
"crypto/sha256"
"encoding/hex"
"encoding/json"
"errors"
"fmt"
"net/http"
"os"
"path/filepath"
"strings"
"sync"
"time"
"gopkg.in/yaml.v2"
"github.com/photoprism/photoprism/internal/hub/places"
"github.com/photoprism/photoprism/pkg/clean"
"github.com/photoprism/photoprism/pkg/fs"
"github.com/photoprism/photoprism/pkg/header"
)
type Status string
const (
StatusUnknown Status = ""
StatusNew Status = "unregistered"
StatusCommunity Status = "ce"
)
// Config represents backend api credentials for maps & geodata.
type Config struct {
Version string `json:"version" yaml:"Version"`
FileName string `json:"-" yaml:"-"`
Key string `json:"key" yaml:"Key"`
Secret string `json:"secret" yaml:"Secret"`
Session string `json:"session" yaml:"Session"`
session *Session `json:"-" yaml:"-"`
sessionMu sync.Mutex `json:"-" yaml:"-"`
Status Status `json:"status" yaml:"Status"`
Serial string `json:"serial" yaml:"Serial"`
Env string `json:"-" yaml:"-"`
UserAgent string `json:"-" yaml:"-"`
PartnerID string `json:"-" yaml:"-"`
}
// NewConfig creates a new backend api credentials instance.
func NewConfig(version, fileName, serial, env, userAgent, partnerId string) *Config {
return &Config{
Version: version,
FileName: fileName,
Key: "",
Secret: "",
Session: "",
Status: "",
Serial: serial,
Env: env,
UserAgent: userAgent,
PartnerID: partnerId,
}
}
// MapKey returns the maps api key.
func (c *Config) MapKey() string {
if sess, err := c.DecodeSession(true); err != nil {
return ""
} else {
return sess.MapKey
}
}
// Tier returns the membership tier.
func (c *Config) Tier() int {
if sess, err := c.DecodeSession(true); err != nil {
return 0
} else {
return sess.Tier
}
}
// Membership returns the membership level as string.
func (c *Config) Membership() string {
if !c.Sponsor() {
return string(StatusCommunity)
}
return string(c.Status)
}
// Customer returns the customer name.
func (c *Config) Customer() string {
if sess, err := c.DecodeSession(true); err != nil {
return ""
} else {
return sess.Customer
}
}
// Propagate updates backend api credentials in other packages.
func (c *Config) Propagate() {
places.Key = c.Key
places.Secret = c.Secret
}
// Sponsor reports if you support the project.
func (c *Config) Sponsor() bool {
switch c.Status {
case StatusUnknown, StatusNew, StatusCommunity:
return false
}
return len(c.Session) > 0 && len(c.MapKey()) > 0
}
// Sanitize verifies and sanitizes backend api credentials.
func (c *Config) Sanitize() {
c.Key = strings.ToLower(c.Key)
if c.Secret != "" {
if c.Key != fmt.Sprintf("%x", sha1.Sum([]byte(c.Secret))) {
c.Key = ""
c.Secret = ""
c.Session = ""
c.Status = ""
}
}
}
// DecodeSession decodes backend api session data.
func (c *Config) DecodeSession(cached bool) (Session, error) {
c.sessionMu.Lock()
defer c.sessionMu.Unlock()
c.Sanitize()
// No session?
if c.Session == "" {
c.session = nil
return Session{}, fmt.Errorf("empty session")
}
if cached && c.session != nil {
// Return cached session.
return *c.session, nil
} else {
// Clear session cache.
c.session = nil
}
result := Session{}
s, err := hex.DecodeString(c.Session)
if err != nil {
return result, err
}
hash := sha256.New()
if _, err := hash.Write([]byte(c.Secret)); err != nil {
return result, err
}
var b []byte
block, err := aes.NewCipher(hash.Sum(b))
if err != nil {
return result, err
}
iv := s[:aes.BlockSize]
plaintext := make([]byte, len(s))
stream := cipher.NewCTR(block, iv)
stream.XORKeyStream(plaintext, s[aes.BlockSize:])
plaintext = bytes.Trim(plaintext, "\x00")
if err := json.Unmarshal(plaintext, &result); err != nil {
return result, err
}
// Cache session.
c.session = &result
return result, nil
}
// Update renews backend api credentials without a token.
func (c *Config) Update() error {
return c.ReSync("")
}
// ReSync renews backend api credentials with an optional token.
func (c *Config) ReSync(token string) (err error) {
mutex.Lock()
defer mutex.Unlock()
// Clear session.
c.session = nil
// Make sure storage folder exists.
if err = os.MkdirAll(filepath.Dir(c.FileName), fs.ModeDir); err != nil {
return err
}
c.Sanitize()
// Create new http.Client instance.
//
// NOTE: Timeout specifies a time limit for requests made by
// this Client. The timeout includes connection time, any
// redirects, and reading the response body. The timer remains
// running after Get, Head, Post, or Do return and will
// interrupt reading of the Response.Body.
client := &http.Client{Timeout: 60 * time.Second}
url := ServiceURL
method := http.MethodPost
var req *http.Request
if c.Key != "" {
url = fmt.Sprintf(ServiceURL+"/%s", c.Key)
method = http.MethodPut
log.Tracef("config: requesting updated keys for maps and places")
} else {
log.Tracef("config: requesting new api keys for maps and places")
}
// Create JSON request.
var j []byte
if j, err = json.Marshal(NewRequest(c.Version, c.Serial, c.Env, c.PartnerID, token)); err != nil {
return err
} else if req, err = http.NewRequest(method, url, bytes.NewReader(j)); err != nil {
return err
}
// Set user agent.
if c.UserAgent != "" {
req.Header.Set("User-Agent", c.UserAgent)
} else {
req.Header.Set("User-Agent", "PhotoPrism/Test")
}
// Add Content-Type header.
req.Header.Add(header.ContentType, header.ContentTypeJson)
var r *http.Response
// Send request.
for i := 0; i < 3; i++ {
r, err = client.Do(req)
if err == nil {
break
}
}
// Ok?
if err != nil {
return err
} else if r.StatusCode >= 400 {
err = fmt.Errorf("fetching api key from %s failed (error %d)", ApiHost(), r.StatusCode)
return err
}
// Decode JSON response.
err = json.NewDecoder(r.Body).Decode(c)
if err != nil {
return err
}
return nil
}
// Load backend api credentials from a YAML file.
func (c *Config) Load() error {
if !fs.FileExists(c.FileName) {
return fmt.Errorf("%s not found", clean.Log(c.FileName))
}
mutex.Lock()
defer mutex.Unlock()
yamlConfig, err := os.ReadFile(c.FileName)
if err != nil {
return err
}
if err = yaml.Unmarshal(yamlConfig, c); err != nil {
return err
}
c.Sanitize()
c.Propagate()
var sess Session
if sess, err = c.DecodeSession(false); err != nil {
return err
} else if sess.Expired() {
return errors.New("session expired")
}
return nil
}
// Save backend api credentials to a YAML file.
func (c *Config) Save() error {
mutex.Lock()
defer mutex.Unlock()
c.Sanitize()
data, err := yaml.Marshal(c)
if err != nil {
return err
}
c.Propagate()
if err = os.MkdirAll(filepath.Dir(c.FileName), fs.ModeDir); err != nil {
return err
}
if err = os.WriteFile(c.FileName, data, fs.ModeFile); err != nil {
return err
}
c.Propagate()
return nil
}