Auth: Ensure backwards compatibility for existing API clients #808 #3943

These changes ensure that the new (SHA256) session ID is returned in the "session_id" field, so that developers have time to update their client implementations to use the new "access_token" field. Signed-off-by: Michael Mayer <michael@photoprism.app>
2025-12-12 00:34:13 +01:00 · 2024-01-07 12:25:56 +01:00
parent 0d2f8be522
commit f8e0615cc8
52 changed files with 422 additions and 370 deletions
--- a/internal/api/session_response.go
+++ b/internal/api/session_response.go
@@ -0,0 +1,54 @@
+package api
+
+import (
+	"github.com/gin-gonic/gin"
+
+	"github.com/photoprism/photoprism/internal/config"
+	"github.com/photoprism/photoprism/internal/entity"
+)
+
+// CreateSessionResponse returns the authentication response data for POST requests
+// based on the session and configuration.
+func CreateSessionResponse(authToken string, sess *entity.Session, conf config.ClientConfig) gin.H {
+	return GetSessionResponse(authToken, sess, conf)
+}
+
+// GetSessionResponse returns the authentication response data for GET requests
+// based on the session and configuration.
+func GetSessionResponse(authToken string, sess *entity.Session, conf config.ClientConfig) gin.H {
+	if authToken == "" {
+		return gin.H{
+			"status":     StatusSuccess,
+			"session_id": sess.ID,
+			"expires_in": sess.ExpiresIn(),
+			"provider":   sess.Provider().String(),
+			"user":       sess.User(),
+			"data":       sess.Data(),
+			"config":     conf,
+		}
+	} else {
+		return gin.H{
+			"status": StatusSuccess,
+			// TODO: "id" field is deprecated! Clients should now use "access_token" instead.
+			// see https://github.com/photoprism/photoprism/commit/0d2f8be522dbf0a051ae6ef78abfc9efded0082d
+			"id":           authToken,
+			"session_id":   sess.ID,
+			"access_token": authToken,
+			"token_type":   sess.AuthTokenType(),
+			"expires_in":   sess.ExpiresIn(),
+			"provider":     sess.Provider().String(),
+			"user":         sess.User(),
+			"data":         sess.Data(),
+			"config":       conf,
+		}
+	}
+}
+
+// DeleteSessionResponse returns a confirmation response for DELETE requests.
+func DeleteSessionResponse(id string) gin.H {
+	if id == "" {
+		return gin.H{"status": StatusDeleted}
+	} else {
+		return gin.H{"status": StatusDeleted, "session_id": id}
+	}
+}