refactor(server): api key auth (#3054)

2024-12-26 10:50:29 +02:00 · 2023-06-30 21:49:30 -04:00 · 2023-06-30 21:49:30 -04:00 · 399312ead3
commit 399312ead3
parent f9671dfbf7
7 changed files with 53 additions and 66 deletions
--- a/server/src/domain/api-key/api-key-response.dto.ts
+++ b/server/src/domain/api-key/api-key-response.dto.ts
@ -1,22 +0,0 @@
 import { APIKeyEntity } from '@app/infra/entities';
 export class APIKeyCreateResponseDto {
  secret!: string;
  apiKey!: APIKeyResponseDto;
 }
 export class APIKeyResponseDto {
  id!: string;
  name!: string;
  createdAt!: Date;
  updatedAt!: Date;
 }
 export function mapKey(entity: APIKeyEntity): APIKeyResponseDto {
  return {
    id: entity.id,
    name: entity.name,
    createdAt: entity.createdAt,
    updatedAt: entity.updatedAt,
  };
 }
--- a/server/src/domain/api-key/api-key.core.ts
+++ b/server/src/domain/api-key/api-key.core.ts
@ -1,28 +0,0 @@
 import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { AuthUserDto } from '../auth';
 import { ICryptoRepository } from '../crypto';
 import { IKeyRepository } from './api-key.repository';
@Injectable()
 export class APIKeyCore {
  constructor(private crypto: ICryptoRepository, private repository: IKeyRepository) {}
  async validate(token: string): Promise<AuthUserDto | null> {
    const hashedToken = this.crypto.hashSha256(token);
    const keyEntity = await this.repository.getKey(hashedToken);
    if (keyEntity?.user) {
      const user = keyEntity.user;
      return {
        id: user.id,
        email: user.email,
        isAdmin: user.isAdmin,
        isPublicUser: false,
        isAllowUpload: true,
        externalPath: user.externalPath,
      };
    }
    throw new UnauthorizedException('Invalid API key');
  }
 }
--- a/server/src/domain/api-key/api-key.dto.ts
+++ b/server/src/domain/api-key/api-key.dto.ts
@ -12,3 +12,15 @@ export class APIKeyUpdateDto {
  @IsNotEmpty()
  name!: string;
 }
 export class APIKeyCreateResponseDto {
  secret!: string;
  apiKey!: APIKeyResponseDto;
 }
 export class APIKeyResponseDto {
  id!: string;
  name!: string;
  createdAt!: Date;
  updatedAt!: Date;
 }
--- a/server/src/domain/api-key/api-key.service.spec.ts
+++ b/server/src/domain/api-key/api-key.service.spec.ts
@ -56,6 +56,7 @@ describe(APIKeyService.name, () => {
    it('should update a key', async () => {
      keyMock.getById.mockResolvedValue(keyStub.admin);
      keyMock.update.mockResolvedValue(keyStub.admin);
      await sut.update(authStub.admin, 'random-guid', { name: 'New Name' });
--- a/server/src/domain/api-key/api-key.service.ts
+++ b/server/src/domain/api-key/api-key.service.ts
@ -1,8 +1,8 @@
 import { APIKeyEntity } from '@app/infra/entities';
 import { BadRequestException, Inject, Injectable } from '@nestjs/common';
 import { AuthUserDto } from '../auth';
 import { ICryptoRepository } from '../crypto';
-import { APIKeyCreateResponseDto, APIKeyResponseDto, mapKey } from './api-key-response.dto';
+import { APIKeyCreateDto, APIKeyCreateResponseDto, APIKeyResponseDto } from './api-key.dto';
 import { APIKeyCreateDto } from './api-key.dto';
 import { IKeyRepository } from './api-key.repository';
@Injectable()
@ -20,7 +20,7 @@ export class APIKeyService {
      userId: authUser.id,
    });
-    return { secret, apiKey: mapKey(entity) };
+    return { secret, apiKey: this.map(entity) };
  }
  async update(authUser: AuthUserDto, id: string, dto: APIKeyCreateDto): Promise<APIKeyResponseDto> {
@ -29,9 +29,9 @@ export class APIKeyService {
      throw new BadRequestException('API Key not found');
    }
-    return this.repository.update(authUser.id, id, {
+    const key = await this.repository.update(authUser.id, id, { name: dto.name });
-      name: dto.name,
+
-    });
+    return this.map(key);
  }
  async delete(authUser: AuthUserDto, id: string): Promise<void> {
@ -48,11 +48,20 @@ export class APIKeyService {
    if (!key) {
      throw new BadRequestException('API Key not found');
    }
-    return mapKey(key);
+    return this.map(key);
  }
  async getAll(authUser: AuthUserDto): Promise<APIKeyResponseDto[]> {
    const keys = await this.repository.getByUserId(authUser.id);
-    return keys.map(mapKey);
+    return keys.map((key) => this.map(key));
  }
  private map(entity: APIKeyEntity): APIKeyResponseDto {
    return {
      id: entity.id,
      name: entity.name,
      createdAt: entity.createdAt,
      updatedAt: entity.updatedAt,
    };
  }
 }
--- a/server/src/domain/api-key/index.ts
+++ b/server/src/domain/api-key/index.ts
@ -1,4 +1,3 @@
 export * from './api-key-response.dto';
 export * from './api-key.dto';
 export * from './api-key.repository';
 export * from './api-key.service';
--- a/server/src/domain/auth/auth.service.ts
+++ b/server/src/domain/auth/auth.service.ts
@ -10,7 +10,6 @@ import {
 import cookieParser from 'cookie';
 import { IncomingHttpHeaders } from 'http';
 import { IKeyRepository } from '../api-key';
 import { APIKeyCore } from '../api-key/api-key.core';
 import { ICryptoRepository } from '../crypto/crypto.repository';
 import { OAuthCore } from '../oauth/oauth.core';
 import { ISharedLinkRepository } from '../shared-link';
@ -35,17 +34,16 @@ export class AuthService {
  private authCore: AuthCore;
  private oauthCore: OAuthCore;
  private userCore: UserCore;
  private keyCore: APIKeyCore;
  private logger = new Logger(AuthService.name);
  constructor(
-    @Inject(ICryptoRepository) cryptoRepository: ICryptoRepository,
+    @Inject(ICryptoRepository) private cryptoRepository: ICryptoRepository,
    @Inject(ISystemConfigRepository) configRepository: ISystemConfigRepository,
    @Inject(IUserRepository) userRepository: IUserRepository,
    @Inject(IUserTokenRepository) userTokenRepository: IUserTokenRepository,
    @Inject(ISharedLinkRepository) private sharedLinkRepository: ISharedLinkRepository,
-    @Inject(IKeyRepository) keyRepository: IKeyRepository,
+    @Inject(IKeyRepository) private keyRepository: IKeyRepository,
    @Inject(INITIAL_SYSTEM_CONFIG)
    initialConfig: SystemConfig,
  ) {
@ -53,7 +51,6 @@ export class AuthService {
    this.authCore = new AuthCore(cryptoRepository, configRepository, userTokenRepository, initialConfig);
    this.oauthCore = new OAuthCore(configRepository, initialConfig);
    this.userCore = new UserCore(userRepository, cryptoRepository);
    this.keyCore = new APIKeyCore(cryptoRepository, keyRepository);
  }
  public async login(
@ -153,7 +150,7 @@ export class AuthService {
    }
    if (apiKey) {
-      return this.keyCore.validate(apiKey);
+      return this.validateApiKey(apiKey);
    }
    throw new UnauthorizedException('Authentication required');
@ -192,7 +189,7 @@ export class AuthService {
    return cookies[IMMICH_ACCESS_COOKIE] || null;
  }
-  async validateSharedLink(key: string | string[]): Promise<AuthUserDto | null> {
+  private async validateSharedLink(key: string | string[]): Promise<AuthUserDto> {
    key = Array.isArray(key) ? key[0] : key;
    const bytes = Buffer.from(key, key.length === 100 ? 'hex' : 'base64url');
@ -216,4 +213,23 @@ export class AuthService {
    }
    throw new UnauthorizedException('Invalid share key');
  }
  private async validateApiKey(key: string): Promise<AuthUserDto> {
    const hashedKey = this.cryptoRepository.hashSha256(key);
    const keyEntity = await this.keyRepository.getKey(hashedKey);
    if (keyEntity?.user) {
      const user = keyEntity.user;
      return {
        id: user.id,
        email: user.email,
        isAdmin: user.isAdmin,
        isPublicUser: false,
        isAllowUpload: true,
        externalPath: user.externalPath,
      };
    }
    throw new UnauthorizedException('Invalid API key');
  }
 }