photoprism/internal/session/session_save.go
Michael Mayer ec13ccb6d5 OAuth2: Enforce limit for number of access tokens / sessions #808 #3943
These changes ensure that OAuth2 clients cannot create an unlimited
number of access tokens (sessions) with their client credentials.

Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-08 16:57:07 +01:00

38 lines
819 B
Go

package session
import (
"fmt"
"github.com/gin-gonic/gin"
"github.com/photoprism/photoprism/internal/entity"
)
// Save updates the client session or creates a new one if needed.
func (s *Session) Save(m *entity.Session) (*entity.Session, error) {
if m == nil {
return nil, fmt.Errorf("session is nil")
}
// Update last active timestamp.
m.LastActive = entity.UnixTime()
// Save session.
err := m.Save()
// Return session.
return m, err
}
// Create initializes a new client session and returns it.
func (s *Session) Create(u *entity.User, c *gin.Context, data *entity.SessionData) (m *entity.Session, err error) {
// New session with context, user, and data.
m = s.New(c).SetUser(u).SetData(data)
// Create session.
if err = m.Create(); err != nil {
m.UpdateLastActive()
}
return m, err
}