luisgulo/photoprism
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
photoprism/internal/api
History
Michael Mayer ec13ccb6d5 OAuth2: Enforce limit for number of access tokens / sessions #808 #3943 
These changes ensure that OAuth2 clients cannot create an unlimited
number of access tokens (sessions) with their client credentials.

Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-08 16:57:07 +01:00
..
abort.go Clean: Shorten error log sanitization function name #439 #3588 2023-08-15 17:05:55 +02:00
albums.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
albums_search.go Albums: Add experimental private album flag to edit dialog #480 2023-02-21 00:02:44 +01:00
albums_search_test.go Security: Use individual preview tokens for each user account #98 2022-10-13 22:11:02 +02:00
albums_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
api.go Auth: Use hashed auth tokens for enhanced security #3943 #808 #782 2024-01-06 17:35:19 +01:00
api_acl.go OAuth2: Enforce limit for number of access tokens / sessions #808 #3943 2024-01-08 16:57:07 +01:00
api_acl_test.go OAuth2: Enforce limit for number of access tokens / sessions #808 #3943 2024-01-08 16:57:07 +01:00
api_client.go Security: Add http rate limiter and auto tls mode #98 2022-10-11 22:44:11 +02:00
api_client_config.go Auth: Use hashed auth tokens for enhanced security #3943 #808 #782 2024-01-06 17:35:19 +01:00
api_event.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
api_log.go Auth: Session and ACL enhancements #98 #1746 2022-09-28 09:01:17 +02:00
api_request_headers.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
api_request_headers_test.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
api_response.go Auth: Use hashed auth tokens for enhanced security #3943 #808 #782 2024-01-06 17:35:19 +01:00
api_response_headers.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
api_test.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
auth_tokens.go Security: Use individual preview tokens for each user account #98 2022-10-13 22:11:02 +02:00
batch.go SQLite: Improve logging to confirm where the error is triggered #3742 2023-09-19 09:12:15 +02:00
batch_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
cache.go Albums: Regenerate share preview after one hour and after changes #3658 2023-09-08 17:36:56 +02:00
cache_test.go Videos: Allow setting a lower TTL for caching video content #3631 2023-08-15 11:06:43 +02:00
config_options.go Server: Add "restart required" flag and button to restart the server 2023-03-27 19:27:19 +02:00
config_options_test.go Auth: Session and ACL enhancements #98 #1746 2022-09-28 09:01:17 +02:00
config_settings.go Settings: Prevent success notification from being displayed twice 2022-12-28 20:14:35 +01:00
config_settings_test.go Security: Use individual preview tokens for each user account #98 2022-10-13 22:11:02 +02:00
connect.go Upgrade: Improve error handling and messages #3813 2023-10-13 12:43:20 +02:00
connect_test.go API: Improve logs and add /api/v1/connect endpoint for auth callbacks 2022-07-19 16:58:43 +02:00
covers.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
covers_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
download_album.go Routing: Prefix frontend UI routes with /library #840 #2466 2022-10-15 21:54:11 +02:00
download_album_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
download_file.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
download_file_test.go Security: Use individual preview tokens for each user account #98 2022-10-13 22:11:02 +02:00
errors.go Routing: Prefix frontend UI routes with /library #840 #2466 2022-10-15 21:54:11 +02:00
errors_test.go UX: Add button to clear error log history in Library > Errors #1683 2022-04-03 12:37:43 +02:00
faces.go Auth: Session and ACL enhancements #98 #1746 2022-09-28 09:01:17 +02:00
faces_search.go Security: Use individual preview tokens for each user account #98 2022-10-13 22:11:02 +02:00
faces_search_test.go Security: Use individual preview tokens for each user account #98 2022-10-13 22:11:02 +02:00
faces_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
feedback.go Upgrade: Improve error handling and messages #3813 2023-10-13 12:43:20 +02:00
feedback_test.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
file_delete.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
file_delete_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
file_orientation.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
files.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
files_test.go Auth: Session and ACL enhancements #98 #1746 2022-09-28 09:01:17 +02:00
folders_cover.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
folders_cover_test.go Security: Use individual preview tokens for each user account #98 2022-10-13 22:11:02 +02:00
folders_search.go Albums: Add experimental private album flag to edit dialog #480 2023-02-21 00:02:44 +01:00
folders_search_test.go API: Add sort order "random" to find a random set of photos #153 2023-01-30 12:27:34 +01:00
import.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
import_test.go Logs: Improve event log and messages in i18n package 2020-07-07 10:51:55 +02:00
index.go Library: Add option to run index and cache cleanup from the UI #3699 2023-09-03 16:02:42 +02:00
index_test.go Logs: Improve event log and messages in i18n package 2020-07-07 10:51:55 +02:00
labels.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
labels_search.go Security: Use individual preview tokens for each user account #98 2022-10-13 22:11:02 +02:00
labels_search_test.go Auth: Session and ACL enhancements #98 #1746 2022-09-28 09:01:17 +02:00
labels_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
links.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
links_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
markers.go API: Update markers.go handler docs 2024-01-08 14:56:07 +01:00
markers_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
metrics.go OAuth2: Add Client Credentials Authentication #213 #782 #808 #3730 #3943 2023-12-12 18:42:50 +01:00
metrics_test.go OAuth2: Add Client Credentials Authentication #213 #782 #808 #3730 #3943 2023-12-12 18:42:50 +01:00
moments_time.go Routing: Prefix frontend UI routes with /library #840 #2466 2022-10-15 21:54:11 +02:00
moments_time_test.go Backend: Format go imports 2020-11-21 18:08:41 +01:00
photo_label.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
photo_label_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
photo_unstack.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
photo_unstack_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
photos.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
photos_search.go Routing: Prefix frontend UI routes with /library #840 #2466 2022-10-15 21:54:11 +02:00
photos_search_geo.go Routing: Prefix frontend UI routes with /library #840 #2466 2022-10-15 21:54:11 +02:00
photos_search_geo_test.go Auth: Open album share links in the regular user interface #98 #782 2022-10-02 11:38:30 +02:00
photos_search_test.go Security: Use individual preview tokens for each user account #98 2022-10-13 22:11:02 +02:00
photos_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
reactions.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
server.go Server: Add "restart required" flag and button to restart the server 2023-03-27 19:27:19 +02:00
services.go API: Add action and user context to indexing events #98 2023-03-11 14:09:00 +01:00
services_search.go Routing: Prefix frontend UI routes with /library #840 #2466 2022-10-15 21:54:11 +02:00
services_search_test.go Routing: Prefix frontend UI routes with /library #840 #2466 2022-10-15 21:54:11 +02:00
services_test.go Routing: Prefix frontend UI routes with /library #840 #2466 2022-10-15 21:54:11 +02:00
services_upload.go Routing: Prefix frontend UI routes with /library #840 #2466 2022-10-15 21:54:11 +02:00
services_upload_test.go Routing: Prefix frontend UI routes with /library #840 #2466 2022-10-15 21:54:11 +02:00
session.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
session_create.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
session_delete.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
session_get.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
session_oauth.go OAuth2: Enforce limit for number of access tokens / sessions #808 #3943 2024-01-08 16:57:07 +01:00
session_oauth_test.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
session_response.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
session_test.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
share.go Albums: Fix generation of site URL when opening a share link #3658 2023-08-21 11:29:41 +02:00
share_preview.go Albums: Downsize share preview image from 1600x900 to 1200x675 #3658 2023-09-09 10:40:25 +02:00
share_preview_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
share_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
status.go Server: Add "restart required" flag and button to restart the server 2023-03-27 19:27:19 +02:00
status_test.go Backend: Format go imports 2020-11-21 18:08:41 +01:00
subjects.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
subjects_search.go Security: Use individual preview tokens for each user account #98 2022-10-13 22:11:02 +02:00
subjects_search_test.go Security: Use individual preview tokens for each user account #98 2022-10-13 22:11:02 +02:00
subjects_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00
svg.go Icons: Improve UI contrast by changing color from black to dim gray 2023-09-11 10:43:40 +02:00
svg_test.go Tests: Update fixtures and folder test 2020-12-30 18:12:30 +01:00
thumbnails.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
thumbnails_test.go Security: Use individual preview tokens for each user account #98 2022-10-13 22:11:02 +02:00
users_avatar.go Auth: Improve privilege level change detection #3512 2023-07-18 23:35:10 +02:00
users_avatar_test.go Auth: Extend account settings with user details and avatar upload #98 2022-10-17 19:07:38 +02:00
users_password.go Auth: Improve privilege level change detection #3512 2023-07-18 23:35:10 +02:00
users_password_test.go Auth: Extend account settings with user details and avatar upload #98 2022-10-17 19:07:38 +02:00
users_update.go Auth: Improve privilege level change detection #3512 2023-07-18 23:35:10 +02:00
users_update_test.go Auth: Refactor user management API and CLI commands #98 2023-03-08 23:30:39 +01:00
users_upload.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
users_upload_test.go Auth: Extend account settings with user details and avatar upload #98 2022-10-17 19:07:38 +02:00
video.go API: Add .well-known/oauth-authorization-server route handler #808 #3943 2024-01-08 14:53:39 +01:00
video_test.go Index: Add native support for MP4 and Samsung/Google Motion Photos #439 2023-09-22 23:59:56 +02:00
websocket.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
websocket_create.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
websocket_reader.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
websocket_test.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
websocket_writer.go Auth: Ensure backwards compatibility for existing API clients #808 #3943 2024-01-07 12:25:56 +01:00
zip.go OAuth2: Add Client Credentials Authentication #213 #782 #808 #3730 #3943 2023-12-12 18:42:50 +01:00
zip_test.go Auth: Add CLI command to create access tokens for apps #782 #808 #3943 2024-01-05 16:31:07 +01:00