Media access tokens are now an option

2023-02-18 11:07:46 +01:00 · 2023-02-18 11:07:46 +01:00 · 09ec0f4620
commit 09ec0f4620
parent c272342b4b
2 changed files with 52 additions and 41 deletions
--- a/config_example.json
+++ b/config_example.json
@ -10,6 +10,8 @@
        "email_confirmed": "Email confirmed. You can now log in."
    },
    "external_address": "localhost",
+    "media_token_access": false,
+    "media_token_valid_hours": 12,
    "registration_enabled": true,
    "registration_requires_confirmation": true,
    "mailer": {
--- a/extensions/photos.py
+++ b/extensions/photos.py
@ -29,7 +29,7 @@ from fastapi.responses import UJSONResponse, Response
 from fastapi.exceptions import HTTPException
 from starlette.status import HTTP_204_NO_CONTENT, HTTP_401_UNAUTHORIZED, HTTP_409_CONFLICT

-from modules.utils import logWrite
+from modules.utils import configGet, logWrite

 async def compress_image(image_path: str):

@ -94,12 +94,15 @@ async def photo_upload(file: UploadFile, album: str, ignore_duplicates: bool = F
    duplicates = await get_duplicates(file_hash, album)

    if len(duplicates) > 0 and ignore_duplicates is False:
+        if configGet("media_token_access") is True:
            duplicates_ids = []
            for entry in duplicates:
                duplicates_ids.append(entry["id"])
-        access_token = create_access_token(data={"sub": current_user.user, "scopes": ["me", "photos.read"], "allowed": duplicates_ids}, expires_delta=timedelta(hours=1))
+            access_token = create_access_token(data={"sub": current_user.user, "scopes": ["me", "photos.read"], "allowed": duplicates_ids}, expires_delta=timedelta(hours=configGet("media_token_valid_hours")))
            access_token_short = uuid4().hex[:12].lower()
            col_tokens.insert_one({"short": access_token_short, "access_token": access_token, "photos": duplicates_ids})
+        else:
+            access_token_short = None
        return UJSONResponse(
            {
                "detail": "Image duplicates found. Pass 'ignore_duplicates=true' to ignore.",
@ -149,12 +152,18 @@ async def photo_upload(file: UploadFile, album: str, ignore_duplicates: bool = F
        }
    )

-photo_get_token_responses = {
+# Access to photos y token generated for example by
+# upload method when duplicates are found. Is disabled
+# by default and should remain so if not really needed.
+if configGet("media_token_access") is True:
+
+    photo_get_token_responses = {
        401: AccessTokenInvalidError().openapi,
        404: PhotoNotFoundError("id").openapi
-}
-@app.get("/token/photo/{token}", description="Get a photo by its duplicate token", responses=photo_get_token_responses)
-async def photo_get_token(token: str, id: int):
+    }
+
+    @app.get("/token/photo/{token}", description="Get a photo by its duplicate token", responses=photo_get_token_responses)
+    async def photo_get_token(token: str, id: int):

        db_entry = col_tokens.find_one({"short": token})