mirror of
https://github.com/photoprism/photoprism.git
synced 2025-10-05 08:47:12 +08:00
713593da4e
You can now run "photoprism auth add" to create new client access tokens that allow external applications to use the built-in REST API. Signed-off-by: Michael Mayer <michael@photoprism.app>
99 lines
2.6 KiB
Go
99 lines
2.6 KiB
Go
package commands
|
|
|
|
import (
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/manifoldco/promptui"
|
|
"github.com/urfave/cli"
|
|
|
|
"github.com/photoprism/photoprism/internal/config"
|
|
"github.com/photoprism/photoprism/internal/entity"
|
|
"github.com/photoprism/photoprism/pkg/clean"
|
|
"github.com/photoprism/photoprism/pkg/report"
|
|
)
|
|
|
|
// AuthAddFlags specifies the "photoprism auth add" command flags.
|
|
var AuthAddFlags = []cli.Flag{
|
|
cli.StringFlag{
|
|
Name: "name, n",
|
|
Usage: "arbitrary `IDENTIFIER` for the new access token",
|
|
},
|
|
cli.StringFlag{
|
|
Name: "user, u",
|
|
Usage: "provide a `USERNAME` if a personal access token for a specific user account should be created",
|
|
},
|
|
cli.StringFlag{
|
|
Name: "scope, s",
|
|
Usage: "authorization `SCOPE` for the access token e.g. \"metrics\" or \"photos albums\" (\"*\" to allow all scopes)",
|
|
Value: "*",
|
|
},
|
|
cli.Int64Flag{
|
|
Name: "expires, e",
|
|
Usage: "access token lifetime in `SECONDS`, after which it expires and a new token must be created (-1 to disable)",
|
|
Value: entity.UnixYear,
|
|
},
|
|
}
|
|
|
|
// AuthAddCommand configures the command name, flags, and action.
|
|
var AuthAddCommand = cli.Command{
|
|
Name: "add",
|
|
Usage: "Creates a new client access token and shows it",
|
|
Flags: AuthAddFlags,
|
|
Action: authAddAction,
|
|
}
|
|
|
|
// authAddAction shows detailed session information.
|
|
func authAddAction(ctx *cli.Context) error {
|
|
return CallWithDependencies(ctx, func(conf *config.Config) error {
|
|
name := ctx.String("name")
|
|
|
|
if name == "" {
|
|
prompt := promptui.Prompt{
|
|
Label: "Token Name",
|
|
}
|
|
|
|
res, err := prompt.Run()
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
name = clean.Name(res)
|
|
}
|
|
|
|
// Set a default token name if no specific name has been provided.
|
|
if name == "" {
|
|
name = time.Now().UTC().Format(time.DateTime)
|
|
}
|
|
|
|
// Username provided?
|
|
userName := ctx.String("user")
|
|
user := entity.FindUserByName(userName)
|
|
|
|
if user == nil && userName != "" {
|
|
return fmt.Errorf("user %s not found", clean.LogQuote(userName))
|
|
}
|
|
|
|
// Create client session.
|
|
sess, err := entity.CreateClientAccessToken(name, ctx.Int64("expires"), ctx.String("scope"), user)
|
|
|
|
if err != nil {
|
|
return fmt.Errorf("failed to create access token: %s", err)
|
|
} else {
|
|
// Show client authentication credentials.
|
|
if sess.UserUID == "" {
|
|
fmt.Printf("\nPLEASE WRITE DOWN THE FOLLOWING RANDOMLY GENERATED CLIENT ACCESS TOKEN, AS YOU WILL NOT BE ABLE TO SEE IT AGAIN:\n")
|
|
} else {
|
|
fmt.Printf("\nPLEASE WRITE DOWN THE FOLLOWING RANDOMLY GENERATED PERSONAL ACCESS TOKEN, AS YOU WILL NOT BE ABLE TO SEE IT AGAIN:\n")
|
|
}
|
|
|
|
result := report.Credentials("Access Token", sess.ID, "Authorization Scope", sess.Scope())
|
|
|
|
fmt.Printf("\n%s\n", result)
|
|
}
|
|
|
|
return err
|
|
})
|
|
}
|