feat(server): require auth for more endpoints (#2092)

* feat(server): require auth for more endpoints * dev: add authorization header to profile image on mobile --------- Co-authored-by: Alex <alex.tran1502@gmail.com>
2025-10-29 17:40:28 +00:00 · 2023-03-27 16:38:54 +02:00
parent 4e526dfaae
commit 089dbdbd7e
9 changed files with 129 additions and 48 deletions
--- a/server/apps/immich/src/controllers/server-info.controller.ts
+++ b/server/apps/immich/src/controllers/server-info.controller.ts
@@ -14,6 +14,7 @@ import { Authenticated } from '../decorators/authenticated.decorator';
 export class ServerInfoController {
  constructor(private service: ServerInfoService) {}

+  @Authenticated()
  @Get()
  getServerInfo(): Promise<ServerInfoResponseDto> {
    return this.service.getInfo();
--- a/server/apps/immich/src/controllers/user.controller.ts
+++ b/server/apps/immich/src/controllers/user.controller.ts
@@ -44,6 +44,7 @@ export class UserController {
    return this.service.getAllUsers(authUser, isAll);
  }

+  @Authenticated()
  @Get('/info/:userId')
  getUserById(@Param('userId') userId: string): Promise<UserResponseDto> {
    return this.service.getUserById(userId);
@@ -87,8 +88,8 @@ export class UserController {
    return this.service.updateUser(authUser, updateUserDto);
  }

-  @UseInterceptors(FileInterceptor('file', profileImageUploadOption))
  @Authenticated()
+  @UseInterceptors(FileInterceptor('file', profileImageUploadOption))
  @ApiConsumes('multipart/form-data')
  @ApiBody({
    description: 'A new avatar for the user',
@@ -102,6 +103,7 @@ export class UserController {
    return this.service.createProfileImage(authUser, fileInfo);
  }

+  @Authenticated()
  @Get('/profile-image/:userId')
  @Header('Cache-Control', 'max-age=600')
  async getProfileImage(@Param('userId') userId: string, @Response({ passthrough: true }) res: Res): Promise<any> {