apps/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-09-26 21:01:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
87f206406a1cd810c9504ef0ffa92fe7e2d8e7d0
photoprism/internal/api/oidc_login.go
Michael Mayer 578fbe4d10 API: Add missing Swagger endpoint annotations and update swagger.json 
Signed-off-by: Michael Mayer <michael@photoprism.app>
2025-09-22 04:12:02 +02:00

79 lines
2.4 KiB
Go
Raw Blame History

package api
import (
"net/http"
"github.com/gin-gonic/gin"
"github.com/photoprism/photoprism/internal/event"
"github.com/photoprism/photoprism/internal/photoprism/get"
"github.com/photoprism/photoprism/internal/server/limiter"
"github.com/photoprism/photoprism/pkg/authn"
"github.com/photoprism/photoprism/pkg/i18n"
"github.com/photoprism/photoprism/pkg/service/http/header"
)
// OIDCLogin redirects a browser to the login page of the configured OpenID Connect provider.
//
// @Summary start OpenID Connect login (browser redirect)
// @Id OIDCLogin
// @Tags Authentication
// @Produce html
// @Success 307 {string} string "redirect to provider login page"
// @Failure 401,403,429 {object} i18n.Response
// @Router /api/v1/oidc/login [get]
func OIDCLogin(router *gin.RouterGroup) {
router.GET("/oidc/login", func(c *gin.Context) {
// Prevent CDNs from caching this endpoint.
if header.IsCdn(c.Request) {
AbortNotFound(c)
return
}
// Disable caching of responses.
c.Header(header.CacheControl, header.CacheControlNoStore)
// Get client IP address for logs and rate limiting checks.
clientIp := ClientIP(c)
// Get global config.
conf := get.Config()
// Abort in public mode and if OIDC is disabled.
if get.Config().Public() {
event.AuditErr([]string{clientIp, "create session", "oidc", authn.ErrDisabledInPublicMode.Error()})
c.Redirect(http.StatusTemporaryRedirect, conf.LoginUri())
return
} else if !conf.OIDCEnabled() {
event.AuditErr([]string{clientIp, "create session", "oidc", authn.ErrAuthenticationDisabled.Error()})
c.Redirect(http.StatusTemporaryRedirect, conf.LoginUri())
return
}
// Check request rate limit.
var r *limiter.Request
r = limiter.Login.Request(clientIp)
// Abort if failure rate limit is exceeded.
if r.Reject() || limiter.Auth.Reject(clientIp) {
c.HTML(http.StatusTooManyRequests, "auth.gohtml", CreateSessionError(http.StatusTooManyRequests, i18n.Error(i18n.ErrTooManyRequests)))
return
}
// Get OIDC provider.
provider := get.OIDC()
if provider == nil {
event.AuditErr([]string{clientIp, "create session", "oidc", authn.ErrInvalidProviderConfiguration.Error()})
c.HTML(http.StatusInternalServerError, "auth.gohtml", CreateSessionError(http.StatusInternalServerError, i18n.Error(i18n.ErrConnectionFailed)))
return
}
// Return the reserved request rate limit token.
r.Success()
// Handle OIDC login request.
provider.AuthCodeUrlHandler(c)
})
}
Reference in New Issue View Git Blame Copy Permalink