-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backend: Add API endpoint for getting files by sha1 hash #259
Backend: Add API endpoint for getting files by sha1 hash #259
Conversation
This API doesn't exist intentionally so that you can't get information about a photo library without additional information / auth. GET requests don't support authentication. |
Im not sure if I understand your concerns correctly. Of course, this API endpoint should only be accessible by authenticated users. |
Images are typically loaded by a standard component like the |
Authentication is implemented in the mobile app since today. |
At least in our Web app, we can not change request headers for images since browsers load them without AJAX (regular GET request, no JS involved, so no extra headers possible). If you can't check authentication for any reason (like in our Web app), the API would let anyone know if you own a certain photo as you can simply ask for an image with a given SHA1 hash (404 if not). Ideally, you use the same API for photos we use for our Web app as this is pretty much secure, even without extra auth and we don't have to maintain two APIs. I agree that GET requests with auth token in the http header would be secure, but that's a special case and only possible if you don't use HTML / JS. But also it means you can't give this link to a user as it wouldn't work. We need to be aware if the implications here. There are many reasons you don't want to let others know what images you have. It might be pr0n, it might be politically sensitive photos etc... |
I still have the feeling that we are talking about different things. |
I see, sorry. Thought you return the binary image. Any reason the uuid does not work for you? |
If the app is reinstalled, I do not know which photos have already been uploaded (and their UUIDs) but I know the sha1 hashes of the photos on the phone. |
Merged this, guess it has something to do with how you upload photos. I'm a bit distracted right now, sorry. |
@lastzero If you got a minute, it would be nice if you could merge this into the master branch, so that I can merge the feature into photoprism-mobile (thielepaul/photoprism-mobile#55) |
Done! |
This pull request adds a new endpoint for getting file information by their hash.
The PhotoPrism mobile app will use this endpoint