mirror of
https://github.com/photoprism/photoprism.git
synced 2025-09-26 21:01:58 +08:00
39 lines
1.0 KiB
Go
39 lines
1.0 KiB
Go
package api
|
|
|
|
import (
|
|
"github.com/photoprism/photoprism/internal/entity"
|
|
"github.com/photoprism/photoprism/internal/photoprism/get"
|
|
"github.com/photoprism/photoprism/internal/server/limiter"
|
|
"github.com/photoprism/photoprism/pkg/rnd"
|
|
)
|
|
|
|
// Session finds the client session for the specified auth token, or returns nil if not found.
|
|
func Session(clientIp, authToken string) (sess *entity.Session) {
|
|
// Skip authentication and return the default session when public mode is enabled.
|
|
if get.Config().Public() {
|
|
return get.Session().Public()
|
|
}
|
|
|
|
// Check auth token format and return nil if it is invalid.
|
|
if !rnd.IsAuthAny(authToken) {
|
|
return nil
|
|
}
|
|
|
|
// Check failure rate limit and return nil if it has been exceeded.
|
|
if limiter.Auth.Reject(clientIp) {
|
|
return nil
|
|
}
|
|
|
|
// Try to find an active session based on the hashed auth token.
|
|
sess, err := entity.FindSession(rnd.SessionID(authToken))
|
|
|
|
// Count error towards failure rate limit and return nil.
|
|
if err != nil {
|
|
limiter.Auth.Reserve(clientIp)
|
|
return nil
|
|
}
|
|
|
|
// Return session.
|
|
return sess
|
|
}
|