1
0
mirror of https://github.com/immich-app/immich.git synced 2024-12-25 10:43:13 +02:00

fix(server): require local admin account (#1070)

This commit is contained in:
Jason Rasmussen 2022-12-09 15:53:11 -05:00 committed by GitHub
parent 3bb103c6b6
commit 14889e7d85
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 98 additions and 31 deletions

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,12 @@
import { Transform } from 'class-transformer';
import { IsBoolean, IsOptional } from 'class-validator';
export class UserCountDto {
@IsBoolean()
@IsOptional()
@Transform(({ value }) => value === 'true')
/**
* When true, return the number of admins accounts
*/
admin?: boolean = false;
}

View File

@ -0,0 +1,30 @@
import { UserEntity } from '@app/database/entities/user.entity';
import { BadRequestException } from '@nestjs/common';
import { Repository } from 'typeorm';
import { UserRepository } from './user-repository';
describe('UserRepository', () => {
let sui: UserRepository;
let userRepositoryMock: jest.Mocked<Repository<UserEntity>>;
beforeAll(() => {
userRepositoryMock = {
findOne: jest.fn(),
save: jest.fn(),
} as unknown as jest.Mocked<Repository<UserEntity>>;
sui = new UserRepository(userRepositoryMock);
});
it('should be defined', () => {
expect(sui).toBeDefined();
});
describe('create', () => {
it('should not create a user if there is no local admin account', async () => {
userRepositoryMock.findOne.mockResolvedValue(null);
await expect(sui.create({ isAdmin: false })).rejects.toBeInstanceOf(BadRequestException);
expect(userRepositoryMock.findOne).toHaveBeenCalled();
});
});
});

View File

@ -60,6 +60,11 @@ export class UserRepository implements IUserRepository {
}
public async create(user: Partial<UserEntity>): Promise<UserEntity> {
const localAdmin = await this.getAdmin();
if (!localAdmin && !user.isAdmin) {
throw new BadRequestException('The first registered account must the administrator.');
}
if (user.password) {
user.salt = await bcrypt.genSalt();
user.password = await this.hashPassword(user.password, user.salt);

View File

@ -26,6 +26,7 @@ import { UserResponseDto } from './response-dto/user-response.dto';
import { UserCountResponseDto } from './response-dto/user-count-response.dto';
import { CreateProfileImageDto } from './dto/create-profile-image.dto';
import { CreateProfileImageResponseDto } from './response-dto/create-profile-image-response.dto';
import { UserCountDto } from './dto/user-count.dto';
@ApiTags('User')
@Controller('user')
@ -64,8 +65,8 @@ export class UserController {
}
@Get('/count')
async getUserCount(): Promise<UserCountResponseDto> {
return await this.userService.getUserCount();
async getUserCount(@Query(new ValidationPipe({ transform: true })) dto: UserCountDto): Promise<UserCountResponseDto> {
return await this.userService.getUserCount(dto);
}
@Authenticated({ admin: true })

View File

@ -14,6 +14,7 @@ import { createReadStream } from 'fs';
import { AuthUserDto } from '../../decorators/auth-user.decorator';
import { CreateUserDto } from './dto/create-user.dto';
import { UpdateUserDto } from './dto/update-user.dto';
import { UserCountDto } from './dto/user-count.dto';
import {
CreateProfileImageResponseDto,
mapCreateProfileImageResponse,
@ -57,8 +58,12 @@ export class UserService {
return mapUser(user);
}
async getUserCount(): Promise<UserCountResponseDto> {
const users = await this.userRepository.getList();
async getUserCount(dto: UserCountDto): Promise<UserCountResponseDto> {
let users = await this.userRepository.getList();
if (dto.admin) {
users = users.filter((user) => user.isAdmin);
}
return mapUserCountResponse(users.length);
}

View File

@ -166,7 +166,17 @@
"/user/count": {
"get": {
"operationId": "getUserCount",
"parameters": [],
"parameters": [
{
"name": "admin",
"required": false,
"in": "query",
"schema": {
"default": false,
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "",

View File

@ -6108,10 +6108,11 @@ export const UserApiAxiosParamCreator = function (configuration?: Configuration)
},
/**
*
* @param {boolean} [admin]
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
getUserCount: async (options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
getUserCount: async (admin?: boolean, options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
const localVarPath = `/user/count`;
// use dummy base URL string because the URL constructor only accepts absolute URLs.
const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
@ -6124,6 +6125,10 @@ export const UserApiAxiosParamCreator = function (configuration?: Configuration)
const localVarHeaderParameter = {} as any;
const localVarQueryParameter = {} as any;
if (admin !== undefined) {
localVarQueryParameter['admin'] = admin;
}
setSearchParams(localVarUrlObj, localVarQueryParameter);
@ -6292,11 +6297,12 @@ export const UserApiFp = function(configuration?: Configuration) {
},
/**
*
* @param {boolean} [admin]
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
async getUserCount(options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<UserCountResponseDto>> {
const localVarAxiosArgs = await localVarAxiosParamCreator.getUserCount(options);
async getUserCount(admin?: boolean, options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<UserCountResponseDto>> {
const localVarAxiosArgs = await localVarAxiosParamCreator.getUserCount(admin, options);
return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
},
/**
@ -6393,11 +6399,12 @@ export const UserApiFactory = function (configuration?: Configuration, basePath?
},
/**
*
* @param {boolean} [admin]
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
getUserCount(options?: any): AxiosPromise<UserCountResponseDto> {
return localVarFp.getUserCount(options).then((request) => request(axios, basePath));
getUserCount(admin?: boolean, options?: any): AxiosPromise<UserCountResponseDto> {
return localVarFp.getUserCount(admin, options).then((request) => request(axios, basePath));
},
/**
*
@ -6505,12 +6512,13 @@ export class UserApi extends BaseAPI {
/**
*
* @param {boolean} [admin]
* @param {*} [options] Override http request option.
* @throws {RequiredError}
* @memberof UserApi
*/
public getUserCount(options?: AxiosRequestConfig) {
return UserApiFp(this.configuration).getUserCount(options).then((request) => request(this.axios, this.basePath));
public getUserCount(admin?: boolean, options?: AxiosRequestConfig) {
return UserApiFp(this.configuration).getUserCount(admin, options).then((request) => request(this.axios, this.basePath));
}
/**

View File

@ -1,12 +1,5 @@
<script lang="ts">
import { goto } from '$app/navigation';
import type { PageData } from './$types';
export let data: PageData;
async function onGettingStartedClicked() {
data.isAdminUserExist ? await goto('/auth/login') : await goto('/auth/register');
}
</script>
<svelte:head>
@ -26,7 +19,7 @@
</h1>
<button
class="border px-4 py-4 rounded-md bg-immich-primary dark:bg-immich-dark-primary dark:text-immich-dark-gray dark:border-immich-dark-gray hover:bg-immich-primary/75 text-white font-bold w-[200px]"
on:click={onGettingStartedClicked}
on:click={() => goto('/auth/login')}
>Getting Started
</button>
</div>

View File

@ -1,20 +1,10 @@
export const prerender = false;
import { redirect } from '@sveltejs/kit';
import { api } from '@api';
import type { PageLoad } from './$types';
import { browser } from '$app/environment';
export const load: PageLoad = async ({ parent }) => {
const { user } = await parent();
if (user) {
throw redirect(302, '/photos');
}
if (browser) {
const { data } = await api.userApi.getUserCount();
return {
isAdminUserExist: data.userCount != 0
};
}
};

View File

@ -0,0 +1,13 @@
import { redirect } from '@sveltejs/kit';
import type { PageServerLoad } from './$types';
import { serverApi } from '@api';
export const load: PageServerLoad = async () => {
const { data } = await serverApi.userApi.getUserCount(true);
if (data.userCount === 0) {
// Admin not registered
throw redirect(302, '/auth/register');
}
return;
};

View File

@ -3,7 +3,7 @@ import type { PageServerLoad } from './$types';
import { serverApi } from '@api';
export const load: PageServerLoad = async () => {
const { data } = await serverApi.userApi.getUserCount();
const { data } = await serverApi.userApi.getUserCount(true);
if (data.userCount != 0) {
// Admin has been registered, redirect to login
throw redirect(302, '/auth/login');