/
users_sessions.go
72 lines (58 loc) Β· 1.81 KB
/
users_sessions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package api
import (
"net/http"
"github.com/gin-gonic/gin"
"github.com/gin-gonic/gin/binding"
"github.com/photoprism/photoprism/internal/acl"
"github.com/photoprism/photoprism/internal/entity"
"github.com/photoprism/photoprism/internal/form"
"github.com/photoprism/photoprism/internal/get"
"github.com/photoprism/photoprism/internal/search"
"github.com/photoprism/photoprism/pkg/authn"
"github.com/photoprism/photoprism/pkg/rnd"
"github.com/photoprism/photoprism/pkg/sortby"
)
// FindUserSessions finds user sessions and returns them as JSON.
//
// GET /api/v1/users/:uid/sessions
func FindUserSessions(router *gin.RouterGroup) {
router.GET("/users/:uid/sessions", func(c *gin.Context) {
// Check if the session user is has user management privileges.
s := Auth(c, acl.ResourceSessions, acl.ActionManageOwn)
if s.Abort(c) {
return
}
// Get global config.
conf := get.Config()
// Check feature flags and authorization.
if conf.Public() || conf.Demo() || !s.HasRegisteredUser() || conf.DisableSettings() {
c.JSON(http.StatusNotFound, entity.Users{})
return
} else if !rnd.IsUID(s.UserUID, entity.UserUID) || s.UserUID != c.Param("uid") {
c.JSON(http.StatusForbidden, entity.Users{})
return
}
// Init search request form.
var f form.SearchSessions
err := c.MustBindWith(&f, binding.Form)
// Abort if invalid.
if err != nil {
AbortBadRequest(c)
return
}
// Find applications that belong to the current user and sort them by name.
f.UID = s.UserUID
f.Order = sortby.ClientName
f.Provider = authn.ProviderApplication.String()
f.Method = authn.MethodDefault.String()
// Perform search.
result, err := search.Sessions(f)
if err != nil {
AbortBadRequest(c)
return
}
AddLimitHeader(c, f.Count)
AddOffsetHeader(c, f.Offset)
c.JSON(http.StatusOK, result)
})
}