refactor(server): api key auth (#3054)

2024-12-25 10:43:13 +02:00 · 2023-06-30 21:49:30 -04:00 · 2023-06-30 21:49:30 -04:00 · 399312ead3
commit 399312ead3
parent f9671dfbf7
7 changed files with 53 additions and 66 deletions
--- a/server/src/domain/api-key/api-key-response.dto.ts
+++ b/server/src/domain/api-key/api-key-response.dto.ts
@ -1,22 +0,0 @@
-import { APIKeyEntity } from '@app/infra/entities';
-
-export class APIKeyCreateResponseDto {
-  secret!: string;
-  apiKey!: APIKeyResponseDto;
-}
-
-export class APIKeyResponseDto {
-  id!: string;
-  name!: string;
-  createdAt!: Date;
-  updatedAt!: Date;
-}
-
-export function mapKey(entity: APIKeyEntity): APIKeyResponseDto {
-  return {
-    id: entity.id,
-    name: entity.name,
-    createdAt: entity.createdAt,
-    updatedAt: entity.updatedAt,
-  };
-}
--- a/server/src/domain/api-key/api-key.core.ts
+++ b/server/src/domain/api-key/api-key.core.ts
@ -1,28 +0,0 @@
-import { Injectable, UnauthorizedException } from '@nestjs/common';
-import { AuthUserDto } from '../auth';
-import { ICryptoRepository } from '../crypto';
-import { IKeyRepository } from './api-key.repository';
-
-@Injectable()
-export class APIKeyCore {
-  constructor(private crypto: ICryptoRepository, private repository: IKeyRepository) {}
-
-  async validate(token: string): Promise<AuthUserDto | null> {
-    const hashedToken = this.crypto.hashSha256(token);
-    const keyEntity = await this.repository.getKey(hashedToken);
-    if (keyEntity?.user) {
-      const user = keyEntity.user;
-
-      return {
-        id: user.id,
-        email: user.email,
-        isAdmin: user.isAdmin,
-        isPublicUser: false,
-        isAllowUpload: true,
-        externalPath: user.externalPath,
-      };
-    }
-
-    throw new UnauthorizedException('Invalid API key');
-  }
-}
--- a/server/src/domain/api-key/api-key.dto.ts
+++ b/server/src/domain/api-key/api-key.dto.ts
@ -12,3 +12,15 @@ export class APIKeyUpdateDto {
  @IsNotEmpty()
  name!: string;
 }
+
+export class APIKeyCreateResponseDto {
+  secret!: string;
+  apiKey!: APIKeyResponseDto;
+}
+
+export class APIKeyResponseDto {
+  id!: string;
+  name!: string;
+  createdAt!: Date;
+  updatedAt!: Date;
+}
--- a/server/src/domain/api-key/api-key.service.spec.ts
+++ b/server/src/domain/api-key/api-key.service.spec.ts
@ -56,6 +56,7 @@ describe(APIKeyService.name, () => {

    it('should update a key', async () => {
      keyMock.getById.mockResolvedValue(keyStub.admin);
+      keyMock.update.mockResolvedValue(keyStub.admin);

      await sut.update(authStub.admin, 'random-guid', { name: 'New Name' });

--- a/server/src/domain/api-key/api-key.service.ts
+++ b/server/src/domain/api-key/api-key.service.ts
@ -1,8 +1,8 @@
+import { APIKeyEntity } from '@app/infra/entities';
 import { BadRequestException, Inject, Injectable } from '@nestjs/common';
 import { AuthUserDto } from '../auth';
 import { ICryptoRepository } from '../crypto';
-import { APIKeyCreateResponseDto, APIKeyResponseDto, mapKey } from './api-key-response.dto';
-import { APIKeyCreateDto } from './api-key.dto';
+import { APIKeyCreateDto, APIKeyCreateResponseDto, APIKeyResponseDto } from './api-key.dto';
 import { IKeyRepository } from './api-key.repository';

@Injectable()
@ -20,7 +20,7 @@ export class APIKeyService {
      userId: authUser.id,
    });

-    return { secret, apiKey: mapKey(entity) };
+    return { secret, apiKey: this.map(entity) };
  }

  async update(authUser: AuthUserDto, id: string, dto: APIKeyCreateDto): Promise<APIKeyResponseDto> {
@ -29,9 +29,9 @@ export class APIKeyService {
      throw new BadRequestException('API Key not found');
    }

-    return this.repository.update(authUser.id, id, {
-      name: dto.name,
-    });
+    const key = await this.repository.update(authUser.id, id, { name: dto.name });
+
+    return this.map(key);
  }

  async delete(authUser: AuthUserDto, id: string): Promise<void> {
@ -48,11 +48,20 @@ export class APIKeyService {
    if (!key) {
      throw new BadRequestException('API Key not found');
    }
-    return mapKey(key);
+    return this.map(key);
  }

  async getAll(authUser: AuthUserDto): Promise<APIKeyResponseDto[]> {
    const keys = await this.repository.getByUserId(authUser.id);
-    return keys.map(mapKey);
+    return keys.map((key) => this.map(key));
+  }
+
+  private map(entity: APIKeyEntity): APIKeyResponseDto {
+    return {
+      id: entity.id,
+      name: entity.name,
+      createdAt: entity.createdAt,
+      updatedAt: entity.updatedAt,
+    };
  }
 }
--- a/server/src/domain/api-key/index.ts
+++ b/server/src/domain/api-key/index.ts
@ -1,4 +1,3 @@
-export * from './api-key-response.dto';
 export * from './api-key.dto';
 export * from './api-key.repository';
 export * from './api-key.service';
--- a/server/src/domain/auth/auth.service.ts
+++ b/server/src/domain/auth/auth.service.ts
@ -10,7 +10,6 @@ import {
 import cookieParser from 'cookie';
 import { IncomingHttpHeaders } from 'http';
 import { IKeyRepository } from '../api-key';
-import { APIKeyCore } from '../api-key/api-key.core';
 import { ICryptoRepository } from '../crypto/crypto.repository';
 import { OAuthCore } from '../oauth/oauth.core';
 import { ISharedLinkRepository } from '../shared-link';
@ -35,17 +34,16 @@ export class AuthService {
  private authCore: AuthCore;
  private oauthCore: OAuthCore;
  private userCore: UserCore;
-  private keyCore: APIKeyCore;

  private logger = new Logger(AuthService.name);

  constructor(
-    @Inject(ICryptoRepository) cryptoRepository: ICryptoRepository,
+    @Inject(ICryptoRepository) private cryptoRepository: ICryptoRepository,
    @Inject(ISystemConfigRepository) configRepository: ISystemConfigRepository,
    @Inject(IUserRepository) userRepository: IUserRepository,
    @Inject(IUserTokenRepository) userTokenRepository: IUserTokenRepository,
    @Inject(ISharedLinkRepository) private sharedLinkRepository: ISharedLinkRepository,
-    @Inject(IKeyRepository) keyRepository: IKeyRepository,
+    @Inject(IKeyRepository) private keyRepository: IKeyRepository,
    @Inject(INITIAL_SYSTEM_CONFIG)
    initialConfig: SystemConfig,
  ) {
@ -53,7 +51,6 @@ export class AuthService {
    this.authCore = new AuthCore(cryptoRepository, configRepository, userTokenRepository, initialConfig);
    this.oauthCore = new OAuthCore(configRepository, initialConfig);
    this.userCore = new UserCore(userRepository, cryptoRepository);
-    this.keyCore = new APIKeyCore(cryptoRepository, keyRepository);
  }

  public async login(
@ -153,7 +150,7 @@ export class AuthService {
    }

    if (apiKey) {
-      return this.keyCore.validate(apiKey);
+      return this.validateApiKey(apiKey);
    }

    throw new UnauthorizedException('Authentication required');
@ -192,7 +189,7 @@ export class AuthService {
    return cookies[IMMICH_ACCESS_COOKIE] || null;
  }

-  async validateSharedLink(key: string | string[]): Promise<AuthUserDto | null> {
+  private async validateSharedLink(key: string | string[]): Promise<AuthUserDto> {
    key = Array.isArray(key) ? key[0] : key;

    const bytes = Buffer.from(key, key.length === 100 ? 'hex' : 'base64url');
@ -216,4 +213,23 @@ export class AuthService {
    }
    throw new UnauthorizedException('Invalid share key');
  }
+
+  private async validateApiKey(key: string): Promise<AuthUserDto> {
+    const hashedKey = this.cryptoRepository.hashSha256(key);
+    const keyEntity = await this.keyRepository.getKey(hashedKey);
+    if (keyEntity?.user) {
+      const user = keyEntity.user;
+
+      return {
+        id: user.id,
+        email: user.email,
+        isAdmin: user.isAdmin,
+        isPublicUser: false,
+        isAllowUpload: true,
+        externalPath: user.externalPath,
+      };
+    }
+
+    throw new UnauthorizedException('Invalid API key');
+  }
 }