ec13ccb6d5
These changes ensure that OAuth2 clients cannot create an unlimited number of access tokens (sessions) with their client credentials. Signed-off-by: Michael Mayer <michael@photoprism.app>
38 lines
819 B
Go
38 lines
819 B
Go
package session
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
"github.com/photoprism/photoprism/internal/entity"
|
|
)
|
|
|
|
// Save updates the client session or creates a new one if needed.
|
|
func (s *Session) Save(m *entity.Session) (*entity.Session, error) {
|
|
if m == nil {
|
|
return nil, fmt.Errorf("session is nil")
|
|
}
|
|
|
|
// Update last active timestamp.
|
|
m.LastActive = entity.UnixTime()
|
|
|
|
// Save session.
|
|
err := m.Save()
|
|
|
|
// Return session.
|
|
return m, err
|
|
}
|
|
|
|
// Create initializes a new client session and returns it.
|
|
func (s *Session) Create(u *entity.User, c *gin.Context, data *entity.SessionData) (m *entity.Session, err error) {
|
|
// New session with context, user, and data.
|
|
m = s.New(c).SetUser(u).SetData(data)
|
|
|
|
// Create session.
|
|
if err = m.Create(); err != nil {
|
|
m.UpdateLastActive()
|
|
}
|
|
|
|
return m, err
|
|
}
|