mirror of
https://github.com/immich-app/immich.git
synced 2024-12-25 10:43:13 +02:00
refactor(server): guards, decorators, and utils (#3060)
This commit is contained in:
parent
f55b3add80
commit
d69fa3ceae
@ -1,13 +1,13 @@
|
||||
import {
|
||||
AlbumResponseDto,
|
||||
AuthService,
|
||||
AuthUserDto,
|
||||
CreateAlbumDto,
|
||||
SharedLinkCreateDto,
|
||||
SharedLinkResponseDto,
|
||||
UserService,
|
||||
} from '@app/domain';
|
||||
import { AppModule } from '@app/immich/app.module';
|
||||
import { AuthUserDto } from '@app/immich/decorators/auth-user.decorator';
|
||||
import { SharedLinkType } from '@app/infra/entities';
|
||||
import { INestApplication } from '@nestjs/common';
|
||||
import { Test, TestingModule } from '@nestjs/testing';
|
||||
|
@ -1,5 +1,5 @@
|
||||
import { ValidateUUID } from '@app/immich/decorators/validate-uuid.decorator';
|
||||
import { ArrayNotEmpty } from 'class-validator';
|
||||
import { ValidateUUID } from '../../domain.util';
|
||||
|
||||
export class AddUsersDto {
|
||||
@ValidateUUID({ each: true })
|
||||
|
@ -1,6 +1,6 @@
|
||||
import { ValidateUUID } from '@app/immich/decorators/validate-uuid.decorator';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { IsNotEmpty, IsString } from 'class-validator';
|
||||
import { ValidateUUID } from '../../domain.util';
|
||||
|
||||
export class CreateAlbumDto {
|
||||
@IsNotEmpty()
|
||||
|
@ -1,6 +1,6 @@
|
||||
import { ValidateUUID } from '@app/immich/decorators/validate-uuid.decorator';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { IsOptional } from 'class-validator';
|
||||
import { ValidateUUID } from '../../domain.util';
|
||||
|
||||
export class UpdateAlbumDto {
|
||||
@IsOptional()
|
||||
|
@ -1,8 +1,7 @@
|
||||
import { ValidateUUID } from '@app/immich/decorators/validate-uuid.decorator';
|
||||
import { toBoolean } from '@app/immich/utils/transform.util';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { Transform } from 'class-transformer';
|
||||
import { IsBoolean, IsOptional } from 'class-validator';
|
||||
import { toBoolean, ValidateUUID } from '../../domain.util';
|
||||
|
||||
export class GetAlbumsDto {
|
||||
@IsOptional()
|
||||
|
@ -1,4 +1,4 @@
|
||||
import { ValidateUUID } from '@app/immich/decorators/validate-uuid.decorator';
|
||||
import { ValidateUUID } from '../../domain.util';
|
||||
|
||||
export class AssetIdsDto {
|
||||
@ValidateUUID({ each: true })
|
||||
|
@ -1,6 +1,6 @@
|
||||
import { ValidateUUID } from '@app/immich/decorators/validate-uuid.decorator';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { IsInt, IsOptional, IsPositive } from 'class-validator';
|
||||
import { ValidateUUID } from '../../domain.util';
|
||||
|
||||
export class DownloadDto {
|
||||
@ValidateUUID({ each: true, optional: true })
|
||||
|
@ -1,7 +1,7 @@
|
||||
import { toBoolean } from '@app/immich/utils/transform.util';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { Transform, Type } from 'class-transformer';
|
||||
import { IsBoolean, IsDate, IsOptional } from 'class-validator';
|
||||
import { toBoolean } from '../../domain.util';
|
||||
|
||||
export class MapMarkerDto {
|
||||
@ApiProperty()
|
||||
|
@ -1,4 +1,39 @@
|
||||
import { applyDecorators } from '@nestjs/common';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { IsArray, IsNotEmpty, IsOptional, IsString, IsUUID } from 'class-validator';
|
||||
import { basename, extname } from 'node:path';
|
||||
import sanitize from 'sanitize-filename';
|
||||
|
||||
export type Options = {
|
||||
optional?: boolean;
|
||||
each?: boolean;
|
||||
};
|
||||
|
||||
export function ValidateUUID({ optional, each }: Options = { optional: false, each: false }) {
|
||||
return applyDecorators(
|
||||
IsUUID('4', { each }),
|
||||
ApiProperty({ format: 'uuid' }),
|
||||
optional ? IsOptional() : IsNotEmpty(),
|
||||
each ? IsArray() : IsString(),
|
||||
);
|
||||
}
|
||||
|
||||
interface IValue {
|
||||
value?: string;
|
||||
}
|
||||
|
||||
export const toBoolean = ({ value }: IValue) => {
|
||||
if (value == 'true') {
|
||||
return true;
|
||||
} else if (value == 'false') {
|
||||
return false;
|
||||
}
|
||||
return value;
|
||||
};
|
||||
|
||||
export const toEmail = ({ value }: IValue) => value?.toLowerCase();
|
||||
|
||||
export const toSanitized = ({ value }: IValue) => sanitize((value || '').replace(/\./g, ''));
|
||||
|
||||
export function getFileNameWithoutExtension(path: string): string {
|
||||
return basename(path, extname(path));
|
||||
|
@ -1,7 +1,7 @@
|
||||
import { toBoolean } from '@app/immich/utils/transform.util';
|
||||
import { AssetType } from '@app/infra/entities';
|
||||
import { Transform } from 'class-transformer';
|
||||
import { IsArray, IsBoolean, IsEnum, IsNotEmpty, IsOptional, IsString } from 'class-validator';
|
||||
import { toBoolean } from '../../domain.util';
|
||||
|
||||
export class SearchDto {
|
||||
@IsString()
|
||||
|
@ -2,7 +2,7 @@ import { SharedLinkType } from '@app/infra/entities';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { Type } from 'class-transformer';
|
||||
import { IsBoolean, IsDate, IsEnum, IsOptional, IsString } from 'class-validator';
|
||||
import { ValidateUUID } from '../../immich/decorators/validate-uuid.decorator';
|
||||
import { ValidateUUID } from '../domain.util';
|
||||
|
||||
export class SharedLinkCreateDto {
|
||||
@IsEnum(SharedLinkType)
|
||||
|
@ -1,6 +1,6 @@
|
||||
import { toEmail, toSanitized } from '@app/immich/utils/transform.util';
|
||||
import { Transform } from 'class-transformer';
|
||||
import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
|
||||
import { toEmail, toSanitized } from '../../domain.util';
|
||||
|
||||
export class CreateUserDto {
|
||||
@IsEmail({ require_tld: false })
|
||||
|
@ -1,7 +1,7 @@
|
||||
import { toEmail, toSanitized } from '@app/immich/utils/transform.util';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { Transform } from 'class-transformer';
|
||||
import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsString, IsUUID } from 'class-validator';
|
||||
import { toEmail, toSanitized } from '../../domain.util';
|
||||
|
||||
export class UpdateUserDto {
|
||||
@IsOptional()
|
||||
|
@ -1,10 +1,9 @@
|
||||
import { AlbumResponseDto } from '@app/domain';
|
||||
import { AlbumResponseDto, AuthUserDto } from '@app/domain';
|
||||
import { Body, Controller, Delete, Get, Param, Put } from '@nestjs/common';
|
||||
import { ApiTags } from '@nestjs/swagger';
|
||||
import { Authenticated, AuthUser, SharedLinkRoute } from '../../app.guard';
|
||||
import { UseValidation } from '../../app.utils';
|
||||
import { UUIDParamDto } from '../../controllers/dto/uuid-param.dto';
|
||||
import { AuthUser, AuthUserDto } from '../../decorators/auth-user.decorator';
|
||||
import { Authenticated, SharedLinkRoute } from '../../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../../decorators/use-validation.decorator';
|
||||
import { AlbumService } from './album.service';
|
||||
import { AddAssetsDto } from './dto/add-assets.dto';
|
||||
import { RemoveAssetsDto } from './dto/remove-assets.dto';
|
||||
|
@ -1,8 +1,7 @@
|
||||
import { AlbumResponseDto, mapUser } from '@app/domain';
|
||||
import { AlbumResponseDto, AuthUserDto, mapUser } from '@app/domain';
|
||||
import { AlbumEntity, UserEntity } from '@app/infra/entities';
|
||||
import { ForbiddenException, NotFoundException } from '@nestjs/common';
|
||||
import { userEntityStub } from '@test';
|
||||
import { AuthUserDto } from '../../decorators/auth-user.decorator';
|
||||
import { IAlbumRepository } from './album-repository';
|
||||
import { AlbumService } from './album.service';
|
||||
import { AddAssetsResponseDto } from './response-dto/add-assets-response.dto';
|
||||
|
@ -1,7 +1,6 @@
|
||||
import { AlbumResponseDto, mapAlbum } from '@app/domain';
|
||||
import { AlbumResponseDto, AuthUserDto, mapAlbum } from '@app/domain';
|
||||
import { AlbumEntity } from '@app/infra/entities';
|
||||
import { BadRequestException, ForbiddenException, Inject, Injectable, Logger, NotFoundException } from '@nestjs/common';
|
||||
import { AuthUserDto } from '../../decorators/auth-user.decorator';
|
||||
import { IAlbumRepository } from './album-repository';
|
||||
import { AddAssetsDto } from './dto/add-assets.dto';
|
||||
import { RemoveAssetsDto } from './dto/remove-assets.dto';
|
||||
|
@ -1,4 +1,4 @@
|
||||
import { ValidateUUID } from '@app/immich/decorators/validate-uuid.decorator';
|
||||
import { ValidateUUID } from '@app/domain';
|
||||
|
||||
export class AddAssetsDto {
|
||||
@ValidateUUID({ each: true })
|
||||
|
@ -1,4 +1,4 @@
|
||||
import { ValidateUUID } from '@app/immich/decorators/validate-uuid.decorator';
|
||||
import { ValidateUUID } from '@app/domain';
|
||||
|
||||
export class AddUsersDto {
|
||||
@ValidateUUID({ each: true })
|
||||
|
@ -1,4 +1,4 @@
|
||||
import { ValidateUUID } from '@app/immich/decorators/validate-uuid.decorator';
|
||||
import { ValidateUUID } from '@app/domain';
|
||||
|
||||
export class RemoveAssetsDto {
|
||||
@ValidateUUID({ each: true })
|
||||
|
@ -1,4 +1,4 @@
|
||||
import { AssetResponseDto } from '@app/domain';
|
||||
import { AssetResponseDto, AuthUserDto } from '@app/domain';
|
||||
import {
|
||||
Body,
|
||||
Controller,
|
||||
@ -21,10 +21,9 @@ import {
|
||||
import { FileFieldsInterceptor } from '@nestjs/platform-express';
|
||||
import { ApiBody, ApiConsumes, ApiHeader, ApiOkResponse, ApiTags } from '@nestjs/swagger';
|
||||
import { Response as Res } from 'express';
|
||||
import { Authenticated, AuthUser, SharedLinkRoute } from '../../app.guard';
|
||||
import { assetUploadOption, ImmichFile } from '../../config/asset-upload.config';
|
||||
import { UUIDParamDto } from '../../controllers/dto/uuid-param.dto';
|
||||
import { AuthUser, AuthUserDto } from '../../decorators/auth-user.decorator';
|
||||
import { Authenticated, SharedLinkRoute } from '../../decorators/authenticated.decorator';
|
||||
import FileNotEmptyValidator from '../validation/file-not-empty-validator';
|
||||
import { AssetService } from './asset.service';
|
||||
import { AssetBulkUploadCheckDto } from './dto/asset-check.dto';
|
||||
|
@ -1,7 +1,7 @@
|
||||
import { toBoolean } from '@app/domain';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { Transform } from 'class-transformer';
|
||||
import { IsBoolean, IsNotEmpty, IsNumber, IsOptional, IsUUID } from 'class-validator';
|
||||
import { toBoolean } from '../../../utils/transform.util';
|
||||
|
||||
export class AssetSearchDto {
|
||||
@IsOptional()
|
||||
|
@ -1,9 +1,9 @@
|
||||
import { toBoolean, toSanitized } from '@app/domain';
|
||||
import { AssetType } from '@app/infra/entities';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { Transform } from 'class-transformer';
|
||||
import { IsBoolean, IsEnum, IsNotEmpty, IsOptional, IsString } from 'class-validator';
|
||||
import { ImmichFile } from '../../../config/asset-upload.config';
|
||||
import { toBoolean, toSanitized } from '../../../utils/transform.util';
|
||||
|
||||
export class CreateAssetBase {
|
||||
@IsNotEmpty()
|
||||
|
@ -1,7 +1,7 @@
|
||||
import { toBoolean } from '@app/domain';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { Transform } from 'class-transformer';
|
||||
import { IsBoolean, IsNotEmpty, IsOptional, IsUUID } from 'class-validator';
|
||||
import { toBoolean } from '../../../utils/transform.util';
|
||||
|
||||
export class GetAssetByTimeBucketDto {
|
||||
@IsNotEmpty()
|
||||
|
@ -1,7 +1,7 @@
|
||||
import { toBoolean } from '@app/domain';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { Transform } from 'class-transformer';
|
||||
import { IsBoolean, IsNotEmpty, IsOptional, IsUUID } from 'class-validator';
|
||||
import { toBoolean } from '../../../utils/transform.util';
|
||||
|
||||
export enum TimeGroupEnum {
|
||||
Day = 'day',
|
||||
|
@ -1,7 +1,7 @@
|
||||
import { toBoolean } from '@app/domain';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { Transform } from 'class-transformer';
|
||||
import { IsBoolean, IsOptional } from 'class-validator';
|
||||
import { toBoolean } from '../../../utils/transform.util';
|
||||
|
||||
export class ServeFileDto {
|
||||
@IsOptional()
|
||||
|
118
server/src/immich/app.guard.ts
Normal file
118
server/src/immich/app.guard.ts
Normal file
@ -0,0 +1,118 @@
|
||||
import { AuthService, AuthUserDto, IMMICH_API_KEY_NAME, LoginDetails } from '@app/domain';
|
||||
import {
|
||||
applyDecorators,
|
||||
CanActivate,
|
||||
createParamDecorator,
|
||||
ExecutionContext,
|
||||
Injectable,
|
||||
Logger,
|
||||
SetMetadata,
|
||||
} from '@nestjs/common';
|
||||
import { Reflector } from '@nestjs/core';
|
||||
import { ApiBearerAuth, ApiCookieAuth, ApiQuery, ApiSecurity } from '@nestjs/swagger';
|
||||
import { Request } from 'express';
|
||||
import { UAParser } from 'ua-parser-js';
|
||||
|
||||
export enum Metadata {
|
||||
AUTH_ROUTE = 'auth_route',
|
||||
ADMIN_ROUTE = 'admin_route',
|
||||
SHARED_ROUTE = 'shared_route',
|
||||
PUBLIC_SECURITY = 'public_security',
|
||||
}
|
||||
|
||||
const adminDecorator = SetMetadata(Metadata.ADMIN_ROUTE, true);
|
||||
|
||||
const sharedLinkDecorators = [
|
||||
SetMetadata(Metadata.SHARED_ROUTE, true),
|
||||
ApiQuery({ name: 'key', type: String, required: false }),
|
||||
];
|
||||
|
||||
export interface AuthenticatedOptions {
|
||||
admin?: boolean;
|
||||
isShared?: boolean;
|
||||
}
|
||||
|
||||
export const Authenticated = (options: AuthenticatedOptions = {}) => {
|
||||
const decorators: MethodDecorator[] = [
|
||||
ApiBearerAuth(),
|
||||
ApiCookieAuth(),
|
||||
ApiSecurity(IMMICH_API_KEY_NAME),
|
||||
SetMetadata(Metadata.AUTH_ROUTE, true),
|
||||
];
|
||||
|
||||
if (options.admin) {
|
||||
decorators.push(adminDecorator);
|
||||
}
|
||||
|
||||
if (options.isShared) {
|
||||
decorators.push(...sharedLinkDecorators);
|
||||
}
|
||||
|
||||
return applyDecorators(...decorators);
|
||||
};
|
||||
|
||||
export const PublicRoute = () =>
|
||||
applyDecorators(SetMetadata(Metadata.AUTH_ROUTE, false), ApiSecurity(Metadata.PUBLIC_SECURITY));
|
||||
export const SharedLinkRoute = () => applyDecorators(...sharedLinkDecorators);
|
||||
export const AdminRoute = () => adminDecorator;
|
||||
|
||||
export const AuthUser = createParamDecorator((data, ctx: ExecutionContext): AuthUserDto => {
|
||||
return ctx.switchToHttp().getRequest<{ user: AuthUserDto }>().user;
|
||||
});
|
||||
|
||||
export const GetLoginDetails = createParamDecorator((data, ctx: ExecutionContext): LoginDetails => {
|
||||
const req = ctx.switchToHttp().getRequest();
|
||||
const userAgent = UAParser(req.headers['user-agent']);
|
||||
|
||||
return {
|
||||
clientIp: req.clientIp,
|
||||
isSecure: req.secure,
|
||||
deviceType: userAgent.browser.name || userAgent.device.type || req.headers.devicemodel || '',
|
||||
deviceOS: userAgent.os.name || req.headers.devicetype || '',
|
||||
};
|
||||
});
|
||||
|
||||
export interface AuthRequest extends Request {
|
||||
user?: AuthUserDto;
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class AppGuard implements CanActivate {
|
||||
private logger = new Logger(AppGuard.name);
|
||||
|
||||
constructor(private reflector: Reflector, private authService: AuthService) {}
|
||||
|
||||
async canActivate(context: ExecutionContext): Promise<boolean> {
|
||||
const targets = [context.getHandler(), context.getClass()];
|
||||
|
||||
const isAuthRoute = this.reflector.getAllAndOverride(Metadata.AUTH_ROUTE, targets);
|
||||
const isAdminRoute = this.reflector.getAllAndOverride(Metadata.ADMIN_ROUTE, targets);
|
||||
const isSharedRoute = this.reflector.getAllAndOverride(Metadata.SHARED_ROUTE, targets);
|
||||
|
||||
if (!isAuthRoute) {
|
||||
return true;
|
||||
}
|
||||
|
||||
const req = context.switchToHttp().getRequest<AuthRequest>();
|
||||
|
||||
const authDto = await this.authService.validate(req.headers, req.query as Record<string, string>);
|
||||
if (!authDto) {
|
||||
this.logger.warn(`Denied access to authenticated route: ${req.path}`);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (authDto.isPublicUser && !isSharedRoute) {
|
||||
this.logger.warn(`Denied access to non-shared route: ${req.path}`);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isAdminRoute && !authDto.isAdmin) {
|
||||
this.logger.warn(`Denied access to admin only route: ${req.path}`);
|
||||
return false;
|
||||
}
|
||||
|
||||
req.user = authDto;
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
@ -5,6 +5,7 @@ import { APP_GUARD } from '@nestjs/core';
|
||||
import { ScheduleModule } from '@nestjs/schedule';
|
||||
import { AlbumModule } from './api-v1/album/album.module';
|
||||
import { AssetModule } from './api-v1/asset/asset.module';
|
||||
import { AppGuard } from './app.guard';
|
||||
import { AppService } from './app.service';
|
||||
import {
|
||||
AlbumController,
|
||||
@ -23,7 +24,6 @@ import {
|
||||
TagController,
|
||||
UserController,
|
||||
} from './controllers';
|
||||
import { AuthGuard } from './middlewares/auth.guard';
|
||||
|
||||
@Module({
|
||||
imports: [
|
||||
@ -52,8 +52,8 @@ import { AuthGuard } from './middlewares/auth.guard';
|
||||
],
|
||||
providers: [
|
||||
//
|
||||
{ provide: APP_GUARD, useExisting: AuthGuard },
|
||||
AuthGuard,
|
||||
{ provide: APP_GUARD, useExisting: AppGuard },
|
||||
AppGuard,
|
||||
AppService,
|
||||
],
|
||||
})
|
||||
|
@ -15,12 +15,29 @@ import {
|
||||
} from '@nestjs/swagger';
|
||||
import { writeFileSync } from 'fs';
|
||||
import path from 'path';
|
||||
import { Metadata } from './decorators/authenticated.decorator';
|
||||
|
||||
import { applyDecorators, UsePipes, ValidationPipe } from '@nestjs/common';
|
||||
import { Metadata } from './app.guard';
|
||||
|
||||
export function UseValidation() {
|
||||
return applyDecorators(
|
||||
UsePipes(
|
||||
new ValidationPipe({
|
||||
transform: true,
|
||||
whitelist: true,
|
||||
}),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
export const asStreamableFile = ({ stream, type, length }: ImmichReadStream) => {
|
||||
return new StreamableFile(stream, { type, length });
|
||||
};
|
||||
|
||||
export function patchFormData(latin1: string) {
|
||||
return Buffer.from(latin1, 'latin1').toString('utf8');
|
||||
}
|
||||
|
||||
function sortKeys<T extends object>(obj: T): T {
|
||||
if (!obj) {
|
||||
return obj;
|
||||
|
@ -1,6 +1,6 @@
|
||||
import { Request } from 'express';
|
||||
import * as fs from 'fs';
|
||||
import { AuthRequest } from '../decorators/auth-user.decorator';
|
||||
import { AuthRequest } from '../app.guard';
|
||||
import { multerUtils } from './asset-upload.config';
|
||||
|
||||
const { fileFilter, destination, filename } = multerUtils;
|
||||
|
@ -1,4 +1,4 @@
|
||||
import { isSidecarFileType, isSupportedFileType } from '@app/domain';
|
||||
import { AuthUserDto, isSidecarFileType, isSupportedFileType } from '@app/domain';
|
||||
import { StorageCore, StorageFolder } from '@app/domain/storage';
|
||||
import { BadRequestException, Logger, UnauthorizedException } from '@nestjs/common';
|
||||
import { MulterOptions } from '@nestjs/platform-express/multer/interfaces/multer-options.interface';
|
||||
@ -7,8 +7,8 @@ import { existsSync, mkdirSync } from 'fs';
|
||||
import { diskStorage, StorageEngine } from 'multer';
|
||||
import { extname } from 'path';
|
||||
import sanitize from 'sanitize-filename';
|
||||
import { AuthRequest, AuthUserDto } from '../decorators/auth-user.decorator';
|
||||
import { patchFormData } from '../utils/path-form-data.util';
|
||||
import { AuthRequest } from '../app.guard';
|
||||
import { patchFormData } from '../app.utils';
|
||||
|
||||
export interface ImmichFile extends Express.Multer.File {
|
||||
/** sha1 hash of file */
|
||||
|
@ -1,6 +1,6 @@
|
||||
import { Request } from 'express';
|
||||
import * as fs from 'fs';
|
||||
import { AuthRequest } from '../decorators/auth-user.decorator';
|
||||
import { AuthRequest } from '../app.guard';
|
||||
import { multerUtils } from './profile-image-upload.config';
|
||||
|
||||
const { fileFilter, destination, filename } = multerUtils;
|
||||
|
@ -1,12 +1,12 @@
|
||||
import { StorageCore, StorageFolder } from '@app/domain/storage';
|
||||
import { AuthUserDto, StorageCore, StorageFolder } from '@app/domain';
|
||||
import { BadRequestException, UnauthorizedException } from '@nestjs/common';
|
||||
import { MulterOptions } from '@nestjs/platform-express/multer/interfaces/multer-options.interface';
|
||||
import { existsSync, mkdirSync } from 'fs';
|
||||
import { diskStorage } from 'multer';
|
||||
import { extname } from 'path';
|
||||
import sanitize from 'sanitize-filename';
|
||||
import { AuthRequest, AuthUserDto } from '../decorators/auth-user.decorator';
|
||||
import { patchFormData } from '../utils/path-form-data.util';
|
||||
import { AuthRequest } from '../app.guard';
|
||||
import { patchFormData } from '../app.utils';
|
||||
|
||||
export const profileImageUploadOption: MulterOptions = {
|
||||
fileFilter,
|
||||
|
@ -10,9 +10,8 @@ import { GetAlbumsDto } from '@app/domain/album/dto/get-albums.dto';
|
||||
import { Body, Controller, Delete, Get, Param, Patch, Post, Put, Query } from '@nestjs/common';
|
||||
import { ApiTags } from '@nestjs/swagger';
|
||||
import { ParseMeUUIDPipe } from '../api-v1/validation/parse-me-uuid-pipe';
|
||||
import { AuthUser } from '../decorators/auth-user.decorator';
|
||||
import { Authenticated } from '../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../decorators/use-validation.decorator';
|
||||
import { Authenticated, AuthUser } from '../app.guard';
|
||||
import { UseValidation } from '../app.utils';
|
||||
import { UUIDParamDto } from './dto/uuid-param.dto';
|
||||
|
||||
@ApiTags('Album')
|
||||
|
@ -8,9 +8,8 @@ import {
|
||||
} from '@app/domain';
|
||||
import { Body, Controller, Delete, Get, Param, Post, Put } from '@nestjs/common';
|
||||
import { ApiTags } from '@nestjs/swagger';
|
||||
import { AuthUser } from '../decorators/auth-user.decorator';
|
||||
import { Authenticated } from '../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../decorators/use-validation.decorator';
|
||||
import { Authenticated, AuthUser } from '../app.guard';
|
||||
import { UseValidation } from '../app.utils';
|
||||
import { UUIDParamDto } from './dto/uuid-param.dto';
|
||||
|
||||
@ApiTags('API Key')
|
||||
|
@ -11,10 +11,8 @@ import { MapMarkerDto } from '@app/domain/asset/dto/map-marker.dto';
|
||||
import { MemoryLaneResponseDto } from '@app/domain/asset/response-dto/memory-lane-response.dto';
|
||||
import { Body, Controller, Get, HttpCode, HttpStatus, Param, Post, Query, StreamableFile } from '@nestjs/common';
|
||||
import { ApiOkResponse, ApiTags } from '@nestjs/swagger';
|
||||
import { asStreamableFile } from '../app.utils';
|
||||
import { AuthUser } from '../decorators/auth-user.decorator';
|
||||
import { Authenticated, SharedLinkRoute } from '../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../decorators/use-validation.decorator';
|
||||
import { Authenticated, AuthUser, SharedLinkRoute } from '../app.guard';
|
||||
import { asStreamableFile, UseValidation } from '../app.utils';
|
||||
import { UUIDParamDto } from './dto/uuid-param.dto';
|
||||
|
||||
@ApiTags('Asset')
|
||||
|
@ -18,9 +18,8 @@ import {
|
||||
import { Body, Controller, Delete, Get, Param, Post, Req, Res } from '@nestjs/common';
|
||||
import { ApiBadRequestResponse, ApiTags } from '@nestjs/swagger';
|
||||
import { Request, Response } from 'express';
|
||||
import { AuthUser, GetLoginDetails } from '../decorators/auth-user.decorator';
|
||||
import { Authenticated, PublicRoute } from '../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../decorators/use-validation.decorator';
|
||||
import { Authenticated, AuthUser, GetLoginDetails, PublicRoute } from '../app.guard';
|
||||
import { UseValidation } from '../app.utils';
|
||||
import { UUIDParamDto } from './dto/uuid-param.dto';
|
||||
|
||||
@ApiTags('Authentication')
|
||||
|
@ -1,8 +1,8 @@
|
||||
import { AllJobStatusResponseDto, JobCommandDto, JobIdParamDto, JobService, JobStatusDto } from '@app/domain';
|
||||
import { Body, Controller, Get, Param, Put } from '@nestjs/common';
|
||||
import { ApiTags } from '@nestjs/swagger';
|
||||
import { Authenticated } from '../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../decorators/use-validation.decorator';
|
||||
import { Authenticated } from '../app.guard';
|
||||
import { UseValidation } from '../app.utils';
|
||||
|
||||
@ApiTags('Job')
|
||||
@Controller('jobs')
|
||||
|
@ -11,9 +11,8 @@ import {
|
||||
import { Body, Controller, Get, HttpStatus, Post, Redirect, Req, Res } from '@nestjs/common';
|
||||
import { ApiTags } from '@nestjs/swagger';
|
||||
import { Request, Response } from 'express';
|
||||
import { AuthUser, GetLoginDetails } from '../decorators/auth-user.decorator';
|
||||
import { Authenticated, PublicRoute } from '../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../decorators/use-validation.decorator';
|
||||
import { Authenticated, AuthUser, GetLoginDetails, PublicRoute } from '../app.guard';
|
||||
import { UseValidation } from '../app.utils';
|
||||
|
||||
@ApiTags('OAuth')
|
||||
@Controller('oauth')
|
||||
|
@ -1,9 +1,8 @@
|
||||
import { PartnerDirection, PartnerService, UserResponseDto } from '@app/domain';
|
||||
import { AuthUserDto, PartnerDirection, PartnerService, UserResponseDto } from '@app/domain';
|
||||
import { Controller, Delete, Get, Param, Post, Query } from '@nestjs/common';
|
||||
import { ApiQuery, ApiTags } from '@nestjs/swagger';
|
||||
import { AuthUser, AuthUserDto } from '../decorators/auth-user.decorator';
|
||||
import { Authenticated } from '../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../decorators/use-validation.decorator';
|
||||
import { Authenticated, AuthUser } from '../app.guard';
|
||||
import { UseValidation } from '../app.utils';
|
||||
import { UUIDParamDto } from './dto/uuid-param.dto';
|
||||
|
||||
@ApiTags('Partner')
|
||||
|
@ -8,9 +8,8 @@ import {
|
||||
} from '@app/domain';
|
||||
import { Body, Controller, Get, Param, Put, StreamableFile } from '@nestjs/common';
|
||||
import { ApiOkResponse, ApiTags } from '@nestjs/swagger';
|
||||
import { AuthUser } from '../decorators/auth-user.decorator';
|
||||
import { Authenticated } from '../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../decorators/use-validation.decorator';
|
||||
import { Authenticated, AuthUser } from '../app.guard';
|
||||
import { UseValidation } from '../app.utils';
|
||||
import { UUIDParamDto } from './dto/uuid-param.dto';
|
||||
|
||||
function asStreamableFile({ stream, type, length }: ImmichReadStream) {
|
||||
|
@ -8,9 +8,8 @@ import {
|
||||
} from '@app/domain';
|
||||
import { Controller, Get, Query } from '@nestjs/common';
|
||||
import { ApiTags } from '@nestjs/swagger';
|
||||
import { AuthUser } from '../decorators/auth-user.decorator';
|
||||
import { Authenticated } from '../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../decorators/use-validation.decorator';
|
||||
import { Authenticated, AuthUser } from '../app.guard';
|
||||
import { UseValidation } from '../app.utils';
|
||||
|
||||
@ApiTags('Search')
|
||||
@Controller('search')
|
||||
|
@ -7,8 +7,8 @@ import {
|
||||
} from '@app/domain';
|
||||
import { Controller, Get } from '@nestjs/common';
|
||||
import { ApiTags } from '@nestjs/swagger';
|
||||
import { AdminRoute, Authenticated, PublicRoute } from '../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../decorators/use-validation.decorator';
|
||||
import { AdminRoute, Authenticated, PublicRoute } from '../app.guard';
|
||||
import { UseValidation } from '../app.utils';
|
||||
|
||||
@ApiTags('Server Info')
|
||||
@Controller('server-info')
|
||||
|
@ -9,9 +9,8 @@ import {
|
||||
} from '@app/domain';
|
||||
import { Body, Controller, Delete, Get, Param, Patch, Post, Put } from '@nestjs/common';
|
||||
import { ApiTags } from '@nestjs/swagger';
|
||||
import { AuthUser } from '../decorators/auth-user.decorator';
|
||||
import { Authenticated, SharedLinkRoute } from '../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../decorators/use-validation.decorator';
|
||||
import { Authenticated, AuthUser, SharedLinkRoute } from '../app.guard';
|
||||
import { UseValidation } from '../app.utils';
|
||||
import { UUIDParamDto } from './dto/uuid-param.dto';
|
||||
|
||||
@ApiTags('Shared Link')
|
||||
|
@ -1,8 +1,8 @@
|
||||
import { SystemConfigDto, SystemConfigService, SystemConfigTemplateStorageOptionDto } from '@app/domain';
|
||||
import { Body, Controller, Get, Put } from '@nestjs/common';
|
||||
import { ApiTags } from '@nestjs/swagger';
|
||||
import { Authenticated } from '../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../decorators/use-validation.decorator';
|
||||
import { Authenticated } from '../app.guard';
|
||||
import { UseValidation } from '../app.utils';
|
||||
|
||||
@ApiTags('System Config')
|
||||
@Controller('system-config')
|
||||
|
@ -2,6 +2,7 @@ import {
|
||||
AssetIdsDto,
|
||||
AssetIdsResponseDto,
|
||||
AssetResponseDto,
|
||||
AuthUserDto,
|
||||
CreateTagDto,
|
||||
TagResponseDto,
|
||||
TagService,
|
||||
@ -9,9 +10,8 @@ import {
|
||||
} from '@app/domain';
|
||||
import { Body, Controller, Delete, Get, Param, Patch, Post, Put } from '@nestjs/common';
|
||||
import { ApiTags } from '@nestjs/swagger';
|
||||
import { AuthUser, AuthUserDto } from '../decorators/auth-user.decorator';
|
||||
import { Authenticated } from '../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../decorators/use-validation.decorator';
|
||||
import { Authenticated, AuthUser } from '../app.guard';
|
||||
import { UseValidation } from '../app.utils';
|
||||
import { UUIDParamDto } from './dto/uuid-param.dto';
|
||||
|
||||
@ApiTags('Tag')
|
||||
|
@ -1,4 +1,5 @@
|
||||
import {
|
||||
AuthUserDto,
|
||||
CreateProfileImageDto,
|
||||
CreateProfileImageResponseDto,
|
||||
CreateUserDto,
|
||||
@ -27,10 +28,9 @@ import {
|
||||
import { FileInterceptor } from '@nestjs/platform-express';
|
||||
import { ApiBody, ApiConsumes, ApiTags } from '@nestjs/swagger';
|
||||
import { Response as Res } from 'express';
|
||||
import { AdminRoute, Authenticated, AuthUser, PublicRoute } from '../app.guard';
|
||||
import { UseValidation } from '../app.utils';
|
||||
import { profileImageUploadOption } from '../config/profile-image-upload.config';
|
||||
import { AuthUser, AuthUserDto } from '../decorators/auth-user.decorator';
|
||||
import { AdminRoute, Authenticated, PublicRoute } from '../decorators/authenticated.decorator';
|
||||
import { UseValidation } from '../decorators/use-validation.decorator';
|
||||
|
||||
@ApiTags('User')
|
||||
@Controller('user')
|
||||
|
@ -1,25 +0,0 @@
|
||||
export { AuthUserDto } from '@app/domain';
|
||||
import { AuthUserDto, LoginDetails } from '@app/domain';
|
||||
import { createParamDecorator, ExecutionContext } from '@nestjs/common';
|
||||
import { Request } from 'express';
|
||||
import { UAParser } from 'ua-parser-js';
|
||||
|
||||
export interface AuthRequest extends Request {
|
||||
user?: AuthUserDto;
|
||||
}
|
||||
|
||||
export const AuthUser = createParamDecorator((data, ctx: ExecutionContext): AuthUserDto => {
|
||||
return ctx.switchToHttp().getRequest<{ user: AuthUserDto }>().user;
|
||||
});
|
||||
|
||||
export const GetLoginDetails = createParamDecorator((data, ctx: ExecutionContext): LoginDetails => {
|
||||
const req = ctx.switchToHttp().getRequest();
|
||||
const userAgent = UAParser(req.headers['user-agent']);
|
||||
|
||||
return {
|
||||
clientIp: req.clientIp,
|
||||
isSecure: req.secure,
|
||||
deviceType: userAgent.browser.name || userAgent.device.type || req.headers.devicemodel || '',
|
||||
deviceOS: userAgent.os.name || req.headers.devicetype || '',
|
||||
};
|
||||
});
|
@ -1,46 +0,0 @@
|
||||
import { IMMICH_API_KEY_NAME } from '@app/domain';
|
||||
import { applyDecorators, SetMetadata } from '@nestjs/common';
|
||||
import { ApiBearerAuth, ApiCookieAuth, ApiQuery, ApiSecurity } from '@nestjs/swagger';
|
||||
|
||||
interface AuthenticatedOptions {
|
||||
admin?: boolean;
|
||||
isShared?: boolean;
|
||||
}
|
||||
|
||||
export enum Metadata {
|
||||
AUTH_ROUTE = 'auth_route',
|
||||
ADMIN_ROUTE = 'admin_route',
|
||||
SHARED_ROUTE = 'shared_route',
|
||||
PUBLIC_SECURITY = 'public_security',
|
||||
}
|
||||
|
||||
const adminDecorator = SetMetadata(Metadata.ADMIN_ROUTE, true);
|
||||
|
||||
const sharedLinkDecorators = [
|
||||
SetMetadata(Metadata.SHARED_ROUTE, true),
|
||||
ApiQuery({ name: 'key', type: String, required: false }),
|
||||
];
|
||||
|
||||
export const Authenticated = (options: AuthenticatedOptions = {}) => {
|
||||
const decorators: MethodDecorator[] = [
|
||||
ApiBearerAuth(),
|
||||
ApiCookieAuth(),
|
||||
ApiSecurity(IMMICH_API_KEY_NAME),
|
||||
SetMetadata(Metadata.AUTH_ROUTE, true),
|
||||
];
|
||||
|
||||
if (options.admin) {
|
||||
decorators.push(adminDecorator);
|
||||
}
|
||||
|
||||
if (options.isShared) {
|
||||
decorators.push(...sharedLinkDecorators);
|
||||
}
|
||||
|
||||
return applyDecorators(...decorators);
|
||||
};
|
||||
|
||||
export const PublicRoute = () =>
|
||||
applyDecorators(SetMetadata(Metadata.AUTH_ROUTE, false), ApiSecurity(Metadata.PUBLIC_SECURITY));
|
||||
export const SharedLinkRoute = () => applyDecorators(...sharedLinkDecorators);
|
||||
export const AdminRoute = () => adminDecorator;
|
@ -1,12 +0,0 @@
|
||||
import { applyDecorators, UsePipes, ValidationPipe } from '@nestjs/common';
|
||||
|
||||
export function UseValidation() {
|
||||
return applyDecorators(
|
||||
UsePipes(
|
||||
new ValidationPipe({
|
||||
transform: true,
|
||||
whitelist: true,
|
||||
}),
|
||||
),
|
||||
);
|
||||
}
|
@ -1,17 +0,0 @@
|
||||
import { applyDecorators } from '@nestjs/common';
|
||||
import { ApiProperty } from '@nestjs/swagger';
|
||||
import { IsArray, IsNotEmpty, IsOptional, IsString, IsUUID } from 'class-validator';
|
||||
|
||||
export type Options = {
|
||||
optional?: boolean;
|
||||
each?: boolean;
|
||||
};
|
||||
|
||||
export function ValidateUUID({ optional, each }: Options = { optional: false, each: false }) {
|
||||
return applyDecorators(
|
||||
IsUUID('4', { each }),
|
||||
ApiProperty({ format: 'uuid' }),
|
||||
optional ? IsOptional() : IsNotEmpty(),
|
||||
each ? IsArray() : IsString(),
|
||||
);
|
||||
}
|
@ -1,46 +0,0 @@
|
||||
import { AuthService } from '@app/domain';
|
||||
import { CanActivate, ExecutionContext, Injectable, Logger } from '@nestjs/common';
|
||||
import { Reflector } from '@nestjs/core';
|
||||
import { AuthRequest } from '../decorators/auth-user.decorator';
|
||||
import { Metadata } from '../decorators/authenticated.decorator';
|
||||
|
||||
@Injectable()
|
||||
export class AuthGuard implements CanActivate {
|
||||
private logger = new Logger(AuthGuard.name);
|
||||
|
||||
constructor(private reflector: Reflector, private authService: AuthService) {}
|
||||
|
||||
async canActivate(context: ExecutionContext): Promise<boolean> {
|
||||
const targets = [context.getHandler(), context.getClass()];
|
||||
|
||||
const isAuthRoute = this.reflector.getAllAndOverride(Metadata.AUTH_ROUTE, targets);
|
||||
const isAdminRoute = this.reflector.getAllAndOverride(Metadata.ADMIN_ROUTE, targets);
|
||||
const isSharedRoute = this.reflector.getAllAndOverride(Metadata.SHARED_ROUTE, targets);
|
||||
|
||||
if (!isAuthRoute) {
|
||||
return true;
|
||||
}
|
||||
|
||||
const req = context.switchToHttp().getRequest<AuthRequest>();
|
||||
|
||||
const authDto = await this.authService.validate(req.headers, req.query as Record<string, string>);
|
||||
if (!authDto) {
|
||||
this.logger.warn(`Denied access to authenticated route: ${req.path}`);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (authDto.isPublicUser && !isSharedRoute) {
|
||||
this.logger.warn(`Denied access to non-shared route: ${req.path}`);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isAdminRoute && !authDto.isAdmin) {
|
||||
this.logger.warn(`Denied access to admin only route: ${req.path}`);
|
||||
return false;
|
||||
}
|
||||
|
||||
req.user = authDto;
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
@ -1,3 +0,0 @@
|
||||
export function patchFormData(latin1: string) {
|
||||
return Buffer.from(latin1, 'latin1').toString('utf8');
|
||||
}
|
@ -1,18 +0,0 @@
|
||||
import sanitize from 'sanitize-filename';
|
||||
|
||||
interface IValue {
|
||||
value?: string;
|
||||
}
|
||||
|
||||
export const toBoolean = ({ value }: IValue) => {
|
||||
if (value == 'true') {
|
||||
return true;
|
||||
} else if (value == 'false') {
|
||||
return false;
|
||||
}
|
||||
return value;
|
||||
};
|
||||
|
||||
export const toEmail = ({ value }: IValue) => value?.toLowerCase();
|
||||
|
||||
export const toSanitized = ({ value }: IValue) => sanitize((value || '').replace(/\./g, ''));
|
@ -1,5 +1,5 @@
|
||||
import { AuthUserDto } from '@app/immich/decorators/auth-user.decorator';
|
||||
import { AuthGuard } from '@app/immich/middlewares/auth.guard';
|
||||
import { AuthUserDto } from '@app/domain';
|
||||
import { AppGuard } from '@app/immich/app.guard';
|
||||
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
||||
import { TestingModuleBuilder } from '@nestjs/testing';
|
||||
import { DataSource } from 'typeorm';
|
||||
@ -34,5 +34,5 @@ export function authCustom(builder: TestingModuleBuilder, callback: CustomAuthCa
|
||||
return true;
|
||||
},
|
||||
};
|
||||
return builder.overrideProvider(AuthGuard).useValue(canActivate);
|
||||
return builder.overrideProvider(AppGuard).useValue(canActivate);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user