70 lines
1.7 KiB
Go
70 lines
1.7 KiB
Go
package api
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
"github.com/photoprism/photoprism/internal/acl"
|
|
"github.com/photoprism/photoprism/internal/get"
|
|
"github.com/photoprism/photoprism/pkg/clean"
|
|
"github.com/photoprism/photoprism/pkg/header"
|
|
"github.com/photoprism/photoprism/pkg/rnd"
|
|
)
|
|
|
|
// GetSession returns the session data as JSON if authentication was successful.
|
|
//
|
|
// GET /api/v1/session
|
|
// GET /api/v1/session/:id
|
|
// GET /api/v1/sessions/:id
|
|
func GetSession(router *gin.RouterGroup) {
|
|
getSessionHandler := func(c *gin.Context) {
|
|
// Prevent CDNs from caching this endpoint.
|
|
if header.IsCdn(c.Request) {
|
|
AbortNotFound(c)
|
|
return
|
|
}
|
|
|
|
id := clean.ID(c.Param("id"))
|
|
|
|
if id != "" && !rnd.IsSessionID(id) {
|
|
// Abort if session id is provided but invalid.
|
|
AbortBadRequest(c)
|
|
return
|
|
}
|
|
|
|
conf := get.Config()
|
|
|
|
// Check if the session user is allowed to manage all accounts or update his/her own account.
|
|
s := AuthAny(c, acl.ResourceSessions, acl.Permissions{acl.ActionManage, acl.ActionView})
|
|
|
|
// Check if session is valid.
|
|
switch {
|
|
case s.Abort(c):
|
|
return
|
|
case s.Expired(), s.ID == "":
|
|
AbortUnauthorized(c)
|
|
return
|
|
case s.Invalid(), id != "" && s.ID != id && !conf.Public():
|
|
AbortForbidden(c)
|
|
return
|
|
}
|
|
|
|
// Get auth token from headers.
|
|
authToken := AuthToken(c)
|
|
|
|
// Update user information.
|
|
s.RefreshUser()
|
|
|
|
// Response includes user data, session data, and client config values.
|
|
response := GetSessionResponse(authToken, s, get.Config().ClientSession(s))
|
|
|
|
// Return JSON response.
|
|
c.JSON(http.StatusOK, response)
|
|
}
|
|
|
|
router.GET("/session", getSessionHandler)
|
|
router.GET("/session/:id", getSessionHandler)
|
|
router.GET("/sessions/:id", getSessionHandler)
|
|
}
|