Introduction

This document describes version 2 of the Gallery remote application protocol, and its minor revisions.

The "Gallery Remote" remote administration program is this protocol's raison d'être. Version 1 of the protocol was tied very tightly to that application. It is clear that in addition to Gallery Remote users, there is a growing number of users that would like to query and control Gallery installations with their own programs.

Version 2 adds some extra features but (hopefully) greater potential for other remote applications based on Gallery. If you would like to make suggestions for future work on the Gallery Remote protocol, please submit them to either of the authors.

G1 support

Gallery remote was developed along with G1 so full support is available with the newer versions of G1.

G2 support

The long-term plan for G2 remote access is to design a protocol based on SOAP or some other HTTP RPC protocol. However, as a stopgap, we have implemented the existing protocol 2 in G2, with some small differences.

Because of G2-specific constraints, the format of the URLs is a bit different:

• the base URL is http://www.example.com/g2_path/main.php
• an additional URL parameter needs to always be added: g2_controller=remote:GalleryRemote
• each parameter needs to be modified to g2_form[name]=value. For example, on a login request, the cmd parameter would be passed as g2_form[cmd]=login.
  • except in add-item, where userfile and userfile_name become g2_userfile and g2_userfile_name respectively
• album "names" and image "names" are actually the unique identifier (an integer) of the object in G2, rather than an alphanumeric name
• the authToken [G2 since 2.10]

G3 support

G3 support for gallery remote is available as a G3 module.

authToken

Starting with G2.2 (svn r15234, protocol 2.10), a new security was put in place in order to defend against cross-site request forgery attacks. G2 expects all requests to have a new URL parameter, g2_authToken, which contains a string. The value of that string should be the value of the auth_token response element to the previous request.

This lets G2 make sure that a malicious script in another web page can't piggyback on the session that was created between the browser and G2, because the malicious code can't guess the authToken (it's not stored as a cookie).

All protocol responses will contain this new auth_token field. Usually, it's safe to assume that the authToken doesn't change throughout the lifetime of a session.

Overview

Gallery remote queries and sends information from a Gallery server through a protocol based on HTTP and form-data. The protocol leverages the same user authentication (and session cookies) as the web/HTML interface to the site. It is implemented in the PHP source file gallery_remote2.php (in G2 and G3 it's implemented by the remote module.

Each query from client to server corresponds to one action. Multiple actions require multiple HTTP requests.

The protocol is stateful and depends on the client supporting cookies. The client must provide login credentials for the session to be validated by sending a login request before any other requests will succeed.

Because the protocol has grown organically, and was developed over the course of many years by different people, it contains many syntactic inconsistencies (sometimes parameter names use dashes, sometimes underscores, sometimes camelhumps). We apologize for these.

Conventions

In this document, all protocol text is denoted by a fixed-width font, like login. Value placeholders are additionally in italics, as in status=result-code.

Along with each parameter or return value, is specified the version of the protocol when this parameter was introduced. For parameters or return values that are only supported by G2, this is also noted. Optional parameters are indicated.

Please note that the version numbers used by the Gallery 1 version of the protocol do not match the version numbers used by the Gallery 2 version of the protocol. Appendix B has a list of the major functional improvements, and the version they were introduced in G1 and G2. In general, parameters that are not supported in a given version of the protocol are just ignored. Conversely, client applications should ignore return values that they don't understand.

Client-server interactions

All client-server interaction follows the standard HTTP model. The client initiates all interactions with a request. The server always responds with one response. The data format of each request is HTTP form-data key/value pairs. The data format of each response is plain text key/value pairs.

Each request specifies a command value (and possibly some corresponding parameters) which determines the content of the response. Command-specific responses are defined in the context of each command below).

In G1, the encoding used for the data is more or less unspecified, so it is recommended to use HTML entities to encode non-ASCII characters. In G2, however, UTF-8 is always used, so plain text should be used for all strings (no HTML entities or escaping, except the escaping necessary for the Java properties file format).

Requests

Each request from the client is sent to the server through an HTTP POST. Parameters of the request are expressed as HTTP form data. Form data uses a key / value format referred to in the spec as "control-name / current value." Here we simply refer to key and value.

Each request must specify a command (the cmd key). Depending on which command is specified, other key/value pairs are required in the form-data set (as parameters).

Each request must specify a protocol version (the protocol_version key).

The server's response to the login command includes the version of the protocol it implements (with the server_version key). Protocol numbers obey the following convention:

maj.min

where maj is the major version number and min is the minor version number. The current major version number is 2. Protocol 1 is no longer supported.

Each command is described in the Commands section below. After a brief description of the command, template form data appears and the contents of the server's response is described.

Responses

After the client POSTs a request, the server sends a response to the client. The format of the response is a key/value format compatible with the Java "Properties" stream format.

In a nutshell: lines beginning with a # character are ignored. The text before the first = character is the key. The remainder of the text after the = until the end-of-line character(s) is the value.

Each response must begin with the text #__GR2PROTO__<code>. Clients should ignore any text above this tag: it might be debug output from the server.

Each response must contain at least the keys: <code>status and status_text.

The value associated with the status key is an integer status code (the codes are defined in Appendix A. For example, if the server was able to complete the command in the client's request, the value of the status code will be GR_STAT_SUCCESS.

The status key is definitive, yet the status_text may contain human-readable additional information (likely to be English language only).

Otherwise, if the server was not able to successfully complete the request, the status will be a non-zero integer (see Appendix A).

Commands

login

The login command adds the proper user object to the session (if the username and password are correct). It also returns to the client the version of the protocol the server is prepared to support.

The login command is not strictly necessary: if it is not used, the server will assume anonymous access and the protocol will be able to access data that is accessible by anybody. In this mode, it is unlikely the new albums can be created and photos uploaded.

Request

cmd=login
protocol_version=2.0
uname=gallery-user-name
password=cleartext-password

where gallery-user-name is a valid gallery user name and cleartext-password is the corresponding password.

Response

#__GR2PROTO__
status=result-code
status_text=explanatory-text
server_version=major-version.minor-version

If the status is equal to GR_STAT_SUCCESS, the login completed successfully and the user's session has been updated. Any other command can now be used in requests to this server.

fetch-albums

The fetch-albums command asks the server to return a list of all albums (visible with the client's logged in user permissions). In most cases, it's better to use fetch-albums-prune because it's much faster...

Request

cmd=fetch-albums
protocol_version=2.0
no_perms=yes/no [optional, G2 since 2.9]

If no_perms is set, then the protocol will not bother to report permissions for each album, saving chatter and a lot of load on the server. This is only supported on G2.

Response

        #__GR2PROTO__
        status=result-code
        status_text=explanatory-text
       /album.name.ref-num=album-url-name
       |album.title.ref-num=album-display-name
       |album.summary.ref-num=album-summary [since 2.8]
       |album.parent.ref-num=parent-ref-num
       |album.resize_size.ref-num=image-resize-size [since 2.8]
       |album.thumb_size.ref-num=image-thumb-size [since 2.9]
       |album.max_size.ref-num=image-max-size [since 2.15]
 0...n |album.perms.add.ref-num=boolean
       |album.perms.write.ref-num=boolean
       |album.perms.del_item.ref-num=boolean
       |album.perms.del_alb.ref-num=boolean
       |album.perms.create_sub.ref-num=boolean
       \album.info.extrafields.ref-num=extra-fields [since 2.3]
        album_count=number-of-albums
      	can_create_root=yes/no [since 2.11]

If the status is equal to GR_STAT_SUCCESS, the album data was fetched successfully.

If successful, a response to the fetch-albums command returns several keys for each album in the gallery, where:

• ref-num is a reference number,
• album-url-name is the name of the partial URL for the gallery,
• album-display-name is the gallery's visual name,
• album-summary is the summary of the album,
• parent-ref-num refers to some other album's ref-num. A parent-ref-num of 0 (zero) indicates that the album is a "top-level" album (it has no parent).
• image-resize-size is the intermediate size of images created when a large image is added to an album,
• image-max-size is the maximum size of images created when a large image is added to an album,
• extra-fields is a comma-separated list of extra fields names,
• and boolean represents a boolean value: true is considered true, any other value false.

Several "permissions" are reported for each album. The reported permissions are the effective permissions of the currently logged in user:

• the add permission allows the user to add a picture to the album.
• the write permission allows the user to add and change pictures in the album.
• the del_item permission allows the user remove pictures from the album.
• the del_alb permission allows the user to delete the album.
• the create_sub permission allows the user to create nested albums in the album.

The number of albums in the response is returned as number-of-albums.

can_create_root will be set to either yes or no depending on the user's permissions to create albums at the root level.

fetch-albums-prune

since 2.2

The fetch-albums-prune command asks the server to return a list of all albums that the user can either write to, or that are visible to the user and contain a sub-album that is writable (including sub-albums several times removed).

The reason for this slightly altered version of fetch-albums is two-fold: the previous version was slow on the server-side, because of the way it was structured, and limitations in the Gallery mode of operation; it returns all albums the the user can read, even if writing is not allowed. This new version is faster, because it uses a more efficient algorithm to find albums; it is more efficient because it only sends albums that are useful to the client. It also doesn't parse the pictures database, which makes it run much faster on the server.

Request

cmd=fetch-albums-prune
protocol_version=2.2
no_perms=yes/no [optional, G2 since 2.9]

If no_perms is set, then the protocol will not bother to report permissions for each album, saving chatter and a lot of load on the server. This is only supported on G2.

Response

        #__GR2PROTO__
        status=result-code
        status_text=explanatory-text
       /album.name.ref-num=album-url-name
       |album.title.ref-num=album-display-name
       |album.summary.ref-num=album-summary [since 2.8]
       |album.parent.ref-num=parent-ref-num
       |album.resize_size.ref-num=image-resize-size [since 2.8]
       |album.thumb_size.ref-num=image-thumb-size [since 2.9]
       |album.max_size.ref-num=image-max-size [since 2.15]
 0...n |album.perms.add.ref-num=boolean
       |album.perms.write.ref-num=boolean
       |album.perms.del_item.ref-num=boolean
       |album.perms.del_alb.ref-num=boolean
       |album.perms.create_sub.ref-num=boolean
       \album.info.extrafields.ref-num=extra-fields [since 2.3]
        album_count=number-of-albums
      	can_create_root=yes/no [since 2.11]

If the status is equal to GR_STAT_SUCCESS, the album data was fetched successfully.

If successful, a response to the fetch-albums command returns several keys for each album in the gallery, where:

• ref-num is a reference number,
• album-url-name is the name of the partial URL for the gallery,
• album-display-name is the gallery's visual name,
• album-summary is the summary of the album,
• parent-ref-num refers to some other album's ref-num. A parent-ref-num of 0 (zero) indicates that the album is a "top-level" album (it has no parent). Be aware: oppositional to this description Gallery Remote expects the album-url-name instead of parent-ref-num. This seems to be a bug according to this documentation.
• image-resize-size is the intermediate size of images created when a large image is added to an album,
• image-max-size is the maximum size of images created when a large image is added to an album,
• extra-fields is a comma-separated list of extra fields names,
• and boolean represents a boolean value: true is considered true, any other value false.

Several "permissions" are reported for each album. The reported permissions are the effective permissions of the currently logged in user:

• the add permission allows the user to add a picture to the album.
• the write permission allows the user to add and change pictures in the album.
• the del_item permission allows the user remove pictures from the album.
• the del_alb permission allows the user to delete the album.
• the create_sub permission allows the user to create nested albums in the album.

The number of albums in the response is returned as number-of-albums.

can_create_root will be set to either yes or no depending on the user's permissions to create albums at the root level.

add-item

The add-item command asks the server to add a photo to a specified album. It's usually necessary to have previously sent a login request.

Request

cmd=add-item
protocol_version=2.0
set_albumName=album name
userfile=user-file
userfile_name=file-name
caption=caption [optional]
force_filename=force-filename [optional]
auto_rotate=yes/no [optional, since 2.5]
extrafield.fieldname=fieldvalue [optional, since 2.3]

• file-name is usually inserted automatically by HTTP library, which is why we also have force_filename, so the client can override the default file name;
• user-file can be either
  • form-data-encoded image data [since 2.0]
  • URL of image [since 2.12]
• Multiple extrafield. lines with different fieldname values can be used.
• Only gallery administrators can specify a URL as the userfile. This is not supported in G2.
• Note than in G2, the userfile parameter is g2_userfile, not g2_form[userfile]
• auto_rotate is not supported in G2.

Response

#__GR2PROTO__
status=result-code
status_text=explanatory-text
item_name=name-of-new-item [G2 since 2.7]

• If the status is equal to GR_STAT_SUCCESS, the file upload succeeded.
• name-of-new-item is the name (or rather the Id) of the newly created item (only available in G2).

album-properties

The album-properties command asks the server for information about an album.

Request

cmd=album-properties
protocol_version=2.0
set_albumName=album-name

Response

#__GR2PROTO__
status=result-code
status_text=explanatory-text
auto_resize=resize-dimension
max_size=max-dimension [since 2.15]
add_to_beginning=yes/no [since 2.10]
extrafields=comma-separated extra fields [G2 since 2.13]
title=album title [G2 since 2.14]

• If the status is equal to GR_STAT_SUCCESS, the request succeeded.

• If an image is uploaded such that its largest dimension is greater than max-dimension, the server will resize it. Otherwise, the server will use the original image that was uploaded for both the full-sized and the resized size. In all cases a thumbnail-sized image will be created. The creation of a thumbnail is highly dependent on the size of the image that was uploaded. If the value is 0 (zero), the Gallery server does not intend to resize uploaded images.

• add_to_beginning will contain yes or no based on whether the album will add images to the beginning or the end of the album.

new-album

since 2.1

The new-album command asks the server to add a new album to the gallery installation.

Request

cmd=new-album
protocol_version=2.1
set_albumName=parent-album-name
newAlbumName=album-name [optional]
newAlbumTitle=album-title [optional]
newAlbumDesc=album-description [optional]

• parent-album-name is the name of the album inside which the new album should be created, or 0 to create the album at the top-level;
• album-name is the new album's desired name. The name must be unique within the Gallery (or in G2 within the parent album). If it is not, then Gallery will assign an automatically-generated name. An automatically generated name will also be used if this parameter is not provided or is empty;
• album-title is the new album's desired title;
• album-description is the new album's desired description.

Response

#__GR2PROTO__
status=result-code
status_text=explanatory-text
album_name=actual-name [since 2.5]

• If the result-code is equal to GR_STAT_SUCCESS, the request succeeded.

• If the result-code is equal to GR_STAT_NO_CREATE_ALBUM_PERMISSION, the logged-in user doesn't have permission to create an album in the specified location.

• If an album is created with the same name as an already existing album or album-title is left blank, Gallery will automatically generate an album name. actual-name will return the name of the newly created album.

fetch-album-images

since 2.4

The fetch-album-images command asks the server to return information about all the images (and optionally sub-albums) that are direct children of an album.

A request with the login command can be made before the fetch-album-images command is used, but since viewing photos in an album is generally (but not always) open to non logged-in users, a login is not always necessary.

Request

cmd=fetch-album-images
protocol_version=2.4
set_albumName=album-name
albums_too=yes/no [optional, since 2.13]
random=yes/no [optional, G2 since ***]
limit=number-of-images [optional, G2 since ***]
extrafields=yes/no [optional, G2 since 2.12]
all_sizes=yes/no [optional, G2 since 2.14]

• If set_albumName is empty, the root albums are listed. Of course, this only works in G1 if albums_too is true, since no pictures are in the root album.
• albums_too determines whether the command returns only pictures, or also sub-albums.
• If random is set to yes, Gallery will return GalleryPhotoItems from this album and its descendants. limit must also be set for this to work, and it determines how many pictures will be returned. If random is not set, limit is ignored.
• In G2 since 2.12, if extrafields is yes, extra fields (Summary and Description) are returned. In G1, extra fields are always returned.
• In G2 since 2.14, if all_sizes is yes, all sizes of the image will be returned (G2 allows the album owner to define several resized sizes)

Response

        #__GR2PROTO__
        status=result-code
        status_text=explanatory-text
        album.caption=caption associated with the album [G2 since 2.11]
        album.extrafields=names of the extra fields [G2 since 2.12]
       /image.name.ref-num=filename of the image
       |image.raw_width.ref-num=the width of the full-sized image
       |image.raw_height.ref-num=the height of the full-sized image
       |image.raw_filesize.ref-num=size of the full-sized image
       |image.resizedName.ref-num=filename of the resized image, if there is one
       |image.resized_width.ref-num=the width of the resized image, if there is one [since 2.9]
       |image.resized_height.ref-num=the height of the resized image, if there is one [since 2.9]
       |image.resizedNum.ref-num=the number of resized versions for this image [since 2.14]
       |  image.resized.resized-num.name.ref-num=filename of the resized-numth resize [G2 since 2.14]
       |  image.resized.resized-num.width.ref-num=the width of the resized-numth resize [G2 since 2.14]
       |  image.resized.resized-num.height.ref-num=the height of the resized-numth resize [G2 since 2.14]
       |image.thumbName.ref-num=filename of the thumbnail [since 2.9]
       |image.thumb_width.ref-num=the width of the thumbnail [since 2.9]
       |image.thumb_height.ref-num=the height of the thumbnail [since 2.9]
       |image.caption.ref-num=caption associated with the image
       |image.title.ref-num=title associated with the image [G2]
 0...n |  image.extrafield.fieldname.ref-num=value of the extra field of key fieldname
       |image.clicks.ref-num=number of clicks on the image
       |image.capturedate.year.ref-num=date of capture of the image (year) [G1]
       |image.capturedate.mon.ref-num=date of capture of the image (month) [G1]
       |image.capturedate.mday.ref-num=date of capture of the image (day of the month) [G1]
       |image.capturedate.hours.ref-num=date of capture of the image (hour) [G1]
       |image.capturedate.minutes.ref-num=date of capture of the image (minute) [G1]
       |image.capturedate.seconds.ref-num=date of capture of the image (second) [G1]
       |image.forceExtension.ref-num=the extension of the image [G2]
       \image.hidden.ref-num=yes/no [since 2.14]
 OR     album.name.ref-num=name of the album [since 2.13]
        image_count=total number of images in the album
        baseurl=URL of the album

• If the result-code is equal to GR_STAT_SUCCESS, the request succeeded.
• The baseurl contains a fully-qualified URL. A URL to each image can be obtained by appending the filename of the image to this.
• The name and resizedName include the type (extension), but do not include any path information.
• Multiple extrafield lines with different fieldname values can be used.
• If albums_too is yes, the list of results can contain album references. In this case, none of the image.*.ref-num fields will be present. Instead, album.name.ref-num will provide the reference to the sub-album. This allows recursive fetching of all images in an album hierarchy.
• Starting with 2.14, the protocol will honor access control and will not return full-size information if the album is set to refuse full-size and will not return non-readable albums.

move-album

since 2.7; not supported for G2

The move-album command asks the server to move an album to a new location within the Gallery.

Request

cmd=move-album
protocol_version=2.7
set_albumName=source-album
set_destalbumName=destination-album

• source-album is the name of the album that you intend to move;
• destination-album is the name of the album that the source-album will be moved into, or 0 if it should be moved to the root level;

Response

#__GR2PROTO__
status=result-code
status_text=explanatory-text

If the result-code is equal to GR_STAT_SUCCESS, the album move succeeded.

increment-view-count

only in G2

The increment-view-count command informs the Gallery that the user has viewed a given item. It should be called by slideshow applications, for example. Applications that run unattended (screen savers) should probably not call it...

Request

cmd=increment-view-count
protocol_version=****
itemId=item-id

Response

#__GR2PROTO__
status=result-code
status_text=explanatory-text

If the result-code is equal to GR_STAT_SUCCESS, the view count was successfully incremented.

image-properties

only in G2

The image-properties command returns information about one image, in similar fashion as the fetch-album-images command...

Request

cmd=image-properties
protocol_version=***
id=item-id

item-id must be a valid unique identifier for either a GalleryPhotoItem or a GalleryAlbumItem.

Response

#__GR2PROTO__
status=result-code
status_text=explanatory-text
image.name=filename of the image
image.raw_width=the width of the full-sized image
image.raw_height=the height of the full-sized image
image.raw_filesize=size of the full-sized image
image.resizedName=filename of the resized image, if there is one
image.resized_width=the width of the resized image, if there is one
image.resized_height=the height of the resized image, if there is one
image.thumbName=filename of the thumbnail
image.thumb_width=the width of the thumbnail
image.thumb_height=the height of the thumbnail
image.caption=caption associated with the image
image.title=title associated with the image
image.forceExtension=the extension of the image
image.hidden=yes/no

• If the result-code is equal to GR_STAT_SUCCESS, image was found and properties returned.
• The name and resizedName include the type (extension), but do not include any path information.
• If the id parameter in the request corresponds to a GalleryAlbumItem, only the image.thumbname, image.thumb_width and image.thumb_height will be returned.

no-op

only in G2

The no-op command doesn't do anything. It can be used by clients to verify that the module is operational.

Request

cmd=no-op

Response

#__GR2PROTO__
status=result-code
status_text=explanatory-text

If the result-code is equal to GR_STAT_SUCCESS, the remote module is operational.

3rd Party Client Software/Libraries

This section contains information/experiences relating to miscellaneous libraries and software environments used to connect to Gallery installations for the purposes of invoking Remote Protocol methods.

Delphi

The GLoSS screensaver and desktop changer for Gallery is written in Delphi, and currently uses version 9.00.10 of the open source Indy library for interacting via the Remote Protocol. During testing of GLoSS with G2.2RC1 (specifically the new authToken response introduced in 2.10), an issue was found where the Indy TIdHTTP component was not returning the authToken value passed back from calls to the Remote Protocol login method. From a perusal of code from both the Indy library and Gallery's GalleryRemote.inc file from the Remote module, it appears that Gallery is not considering the first Get from the TIdHTTP component in any session to be "persistent", so is not returning the authToken. Use the Indy library with caution.

Appendix A

Appendix B

Protocol version numbers reported by G1 and G2 do not match! This table attempts to elucidate which version of the protocol supports each feature, for G1 and G2.

Appendix C

This change log only contains changes posterior to November 2006.