Use cookies for client requests (#377)

* Use cookie for frontend request * Remove api helper to use SDK * Added error handling to status box * Remove additional places that check for session.user * Refactor sending password * prettier clean up * remove deadcode * Move all authentication requests to the client * refactor upload panel to only fetch assets after the upload panel disappear * Added keydown to remove focus on title change on album viewer
2025-08-09 23:17:29 +02:00 · 2022-07-26 12:28:07 -05:00
parent 2ebb755f00
commit 83cbf51704
54 changed files with 4954 additions and 4540 deletions
--- a/server/apps/immich/src/middlewares/admin-role-guard.middleware.ts
+++ b/server/apps/immich/src/middlewares/admin-role-guard.middleware.ts
@@ -16,23 +16,27 @@ export class AdminRolesGuard implements CanActivate {

  async canActivate(context: ExecutionContext): Promise<boolean> {
    const request = context.switchToHttp().getRequest();
+    let accessToken = '';

    if (request.headers['authorization']) {
-      const bearerToken = request.headers['authorization'].split(' ')[1];
-      const { userId } = await this.jwtService.validateToken(bearerToken);
-
-      if (!userId) {
-        return false;
-      }
-
-      const user = await this.userRepository.findOne({ where: { id: userId } });
-      if (!user) {
-        return false;
-      }
-
-      return user.isAdmin;
+      accessToken = request.headers['authorization'].split(' ')[1];
+    } else if (request.cookies['immich_access_token']) {
+      accessToken = request.cookies['immich_access_token'];
+    } else {
+      return false;
    }

-    return false;
+    const { userId } = await this.jwtService.validateToken(accessToken);
+
+    if (!userId) {
+      return false;
+    }
+
+    const user = await this.userRepository.findOne({ where: { id: userId } });
+    if (!user) {
+      return false;
+    }
+
+    return user.isAdmin;
  }
 }