refactor(server): domain/infra (#1298)

* refactor: user repository

* refactor: user module

* refactor: move database into infra

* refactor(cli): use user core

* chore: import path

* chore: tests

server/libs/common/src/utils/asset-utils.ts

@@ -1,4 +1,4 @@
-import { AssetEntity } from '@app/database';
+import { AssetEntity } from '@app/infra';
 import { AssetResponseDto } from 'apps/immich/src/api-v1/asset/response-dto/asset-response.dto';
 import fs from 'fs';
 

server/libs/common/src/utils/user-utils.spec.ts

@@ -1,6 +1,6 @@
 // create unit test for user utils
 
-import { UserEntity } from '@app/database';
+import { UserEntity } from '@app/infra';
 import { userUtils } from './user-utils';
 
 describe('User Utilities', () => {

server/libs/common/src/utils/user-utils.ts

@@ -1,4 +1,4 @@
-import { UserEntity } from '@app/database';
+import { UserEntity } from '@app/infra';
 
 function createUserUtils() {
   const isReadyForDeletion = (user: UserEntity): boolean => {

server/libs/database/src/database.module.ts

@@ -1,10 +0,0 @@
-import { Module } from '@nestjs/common';
-import { TypeOrmModule } from '@nestjs/typeorm';
-import { databaseConfig } from './config/database.config';
-
-@Module({
-  imports: [TypeOrmModule.forRoot(databaseConfig)],
-  providers: [],
-  exports: [TypeOrmModule],
-})
-export class DatabaseModule {}

server/libs/domain/src/auth/dto/auth-user.dto.ts

@@ -0,0 +1,8 @@
+export class AuthUserDto {
+  id!: string;
+  email!: string;
+  isAdmin!: boolean;
+  isPublicUser?: boolean;
+  sharedLinkId?: string;
+  isAllowUpload?: boolean;
+}

server/libs/domain/src/auth/dto/index.ts

@@ -0,0 +1 @@
+export * from './auth-user.dto';

server/libs/domain/src/auth/index.ts

@@ -0,0 +1 @@
+export * from './dto';

server/libs/domain/src/domain.module.ts

@@ -0,0 +1,20 @@
+import { DynamicModule, Global, Module, ModuleMetadata, Provider } from '@nestjs/common';
+import { UserService } from './user';
+
+const providers: Provider[] = [
+  //
+  UserService,
+];
+
+@Global()
+@Module({})
+export class DomainModule {
+  static register(options: Pick<ModuleMetadata, 'imports'>): DynamicModule {
+    return {
+      module: DomainModule,
+      imports: options.imports,
+      providers: [...providers],
+      exports: [...providers],
+    };
+  }
+}

server/libs/domain/src/index.ts

@@ -0,0 +1,3 @@
+export * from './auth';
+export * from './domain.module';
+export * from './user';

server/libs/domain/src/user/dto/create-profile-image.dto.ts

@@ -0,0 +1,7 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { Express } from 'express';
+
+export class CreateProfileImageDto {
+  @ApiProperty({ type: 'string', format: 'binary' })
+  file!: Express.Multer.File;
+}

server/libs/domain/src/user/dto/create-user.dto.spec.ts

@@ -0,0 +1,27 @@
+import { plainToInstance } from 'class-transformer';
+import { validate } from 'class-validator';
+import { CreateUserDto } from './create-user.dto';
+
+describe('create user DTO', () => {
+  it('validates the email', async () => {
+    const params: Partial<CreateUserDto> = {
+      email: undefined,
+      password: 'password',
+      firstName: 'first name',
+      lastName: 'last name',
+    };
+    let dto: CreateUserDto = plainToInstance(CreateUserDto, params);
+    let errors = await validate(dto);
+    expect(errors).toHaveLength(1);
+
+    params.email = 'invalid email';
+    dto = plainToInstance(CreateUserDto, params);
+    errors = await validate(dto);
+    expect(errors).toHaveLength(1);
+
+    params.email = 'valid@email.com';
+    dto = plainToInstance(CreateUserDto, params);
+    errors = await validate(dto);
+    expect(errors).toHaveLength(0);
+  });
+});

server/libs/domain/src/user/dto/create-user.dto.ts

@@ -0,0 +1,53 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { Transform } from 'class-transformer';
+import { IsNotEmpty, IsEmail } from 'class-validator';
+
+export class CreateUserDto {
+  @IsEmail()
+  @Transform(({ value }) => value?.toLowerCase())
+  @ApiProperty({ example: 'testuser@email.com' })
+  email!: string;
+
+  @IsNotEmpty()
+  @ApiProperty({ example: 'password' })
+  password!: string;
+
+  @IsNotEmpty()
+  @ApiProperty({ example: 'John' })
+  firstName!: string;
+
+  @IsNotEmpty()
+  @ApiProperty({ example: 'Doe' })
+  lastName!: string;
+}
+
+export class CreateAdminDto {
+  @IsNotEmpty()
+  isAdmin!: true;
+
+  @IsEmail()
+  @Transform(({ value }) => value?.toLowerCase())
+  email!: string;
+
+  @IsNotEmpty()
+  password!: string;
+
+  @IsNotEmpty()
+  firstName!: string;
+
+  @IsNotEmpty()
+  lastName!: string;
+}
+
+export class CreateUserOAuthDto {
+  @IsEmail()
+  @Transform(({ value }) => value?.toLowerCase())
+  email!: string;
+
+  @IsNotEmpty()
+  oauthId!: string;
+
+  firstName?: string;
+
+  lastName?: string;
+}

server/libs/domain/src/user/dto/index.ts

@@ -0,0 +1,4 @@
+export * from './create-profile-image.dto';
+export * from './create-user.dto';
+export * from './update-user.dto';
+export * from './user-count.dto';

server/libs/domain/src/user/dto/update-user.dto.ts

@@ -0,0 +1,28 @@
+import { IsEmail, IsNotEmpty, IsOptional } from 'class-validator';
+
+export class UpdateUserDto {
+  @IsNotEmpty()
+  id!: string;
+
+  @IsEmail()
+  @IsOptional()
+  email?: string;
+
+  @IsOptional()
+  password?: string;
+
+  @IsOptional()
+  firstName?: string;
+
+  @IsOptional()
+  lastName?: string;
+
+  @IsOptional()
+  isAdmin?: boolean;
+
+  @IsOptional()
+  shouldChangePassword?: boolean;
+
+  @IsOptional()
+  profileImagePath?: string;
+}

server/libs/domain/src/user/dto/user-count.dto.ts

@@ -0,0 +1,12 @@
+import { Transform } from 'class-transformer';
+import { IsBoolean, IsOptional } from 'class-validator';
+
+export class UserCountDto {
+  @IsBoolean()
+  @IsOptional()
+  @Transform(({ value }) => value === 'true')
+  /**
+   * When true, return the number of admins accounts
+   */
+  admin?: boolean = false;
+}

server/libs/domain/src/user/index.ts

@@ -0,0 +1,5 @@
+export * from './dto';
+export * from './response-dto';
+export * from './user.core';
+export * from './user.repository';
+export * from './user.service';

server/libs/domain/src/user/response-dto/create-profile-image-response.dto.ts

@@ -0,0 +1,11 @@
+export class CreateProfileImageResponseDto {
+  userId!: string;
+  profileImagePath!: string;
+}
+
+export function mapCreateProfileImageResponse(userId: string, profileImagePath: string): CreateProfileImageResponseDto {
+  return {
+    userId: userId,
+    profileImagePath: profileImagePath,
+  };
+}

server/libs/domain/src/user/response-dto/index.ts

@@ -0,0 +1,3 @@
+export * from './create-profile-image-response.dto';
+export * from './user-count-response.dto';
+export * from './user-response.dto';

server/libs/domain/src/user/response-dto/user-count-response.dto.ts

@@ -0,0 +1,12 @@
+import { ApiProperty } from '@nestjs/swagger';
+
+export class UserCountResponseDto {
+  @ApiProperty({ type: 'integer' })
+  userCount!: number;
+}
+
+export function mapUserCountResponse(count: number): UserCountResponseDto {
+  return {
+    userCount: count,
+  };
+}

server/libs/domain/src/user/response-dto/user-response.dto.ts

@@ -0,0 +1,29 @@
+import { UserEntity } from '@app/infra';
+
+export class UserResponseDto {
+  id!: string;
+  email!: string;
+  firstName!: string;
+  lastName!: string;
+  createdAt!: string;
+  profileImagePath!: string;
+  shouldChangePassword!: boolean;
+  isAdmin!: boolean;
+  deletedAt?: Date;
+  oauthId!: string;
+}
+
+export function mapUser(entity: UserEntity): UserResponseDto {
+  return {
+    id: entity.id,
+    email: entity.email,
+    firstName: entity.firstName,
+    lastName: entity.lastName,
+    createdAt: entity.createdAt,
+    profileImagePath: entity.profileImagePath,
+    shouldChangePassword: entity.shouldChangePassword,
+    isAdmin: entity.isAdmin,
+    deletedAt: entity.deletedAt,
+    oauthId: entity.oauthId,
+  };
+}

server/libs/domain/src/user/user.core.ts

@@ -0,0 +1,156 @@
+import { UserEntity } from '@app/infra';
+import {
+  BadRequestException,
+  ForbiddenException,
+  InternalServerErrorException,
+  Logger,
+  NotFoundException,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { hash } from 'bcrypt';
+import { constants, createReadStream, ReadStream } from 'fs';
+import fs from 'fs/promises';
+import { AuthUserDto } from '../auth';
+import { CreateAdminDto, CreateUserDto, CreateUserOAuthDto } from './dto/create-user.dto';
+import { IUserRepository, UserListFilter } from './user.repository';
+
+const SALT_ROUNDS = 10;
+
+export class UserCore {
+  constructor(private userRepository: IUserRepository) {}
+
+  async updateUser(authUser: AuthUserDto, id: string, dto: Partial<UserEntity>): Promise<UserEntity> {
+    if (!(authUser.isAdmin || authUser.id === id)) {
+      throw new ForbiddenException('You are not allowed to update this user');
+    }
+
+    if (dto.isAdmin && authUser.isAdmin && authUser.id !== id) {
+      throw new BadRequestException('Admin user exists');
+    }
+
+    if (dto.email) {
+      const duplicate = await this.userRepository.getByEmail(dto.email);
+      if (duplicate && duplicate.id !== id) {
+        throw new BadRequestException('Email already in user by another account');
+      }
+    }
+
+    try {
+      if (dto.password) {
+        dto.password = await hash(dto.password, SALT_ROUNDS);
+      }
+
+      return this.userRepository.update(id, dto);
+    } catch (e) {
+      Logger.error(e, 'Failed to update user info');
+      throw new InternalServerErrorException('Failed to update user info');
+    }
+  }
+
+  async createUser(createUserDto: CreateUserDto | CreateAdminDto | CreateUserOAuthDto): Promise<UserEntity> {
+    const user = await this.userRepository.getByEmail(createUserDto.email);
+    if (user) {
+      throw new BadRequestException('User exists');
+    }
+
+    if (!(createUserDto as CreateAdminDto).isAdmin) {
+      const localAdmin = await this.userRepository.getAdmin();
+      if (!localAdmin) {
+        throw new BadRequestException('The first registered account must the administrator.');
+      }
+    }
+
+    try {
+      const payload: Partial<UserEntity> = { ...createUserDto };
+      if (payload.password) {
+        payload.password = await hash(payload.password, SALT_ROUNDS);
+      }
+      return this.userRepository.create(payload);
+    } catch (e) {
+      Logger.error(e, 'Create new user');
+      throw new InternalServerErrorException('Failed to register new user');
+    }
+  }
+
+  async get(userId: string, withDeleted?: boolean): Promise<UserEntity | null> {
+    return this.userRepository.get(userId, withDeleted);
+  }
+
+  async getAdmin(): Promise<UserEntity | null> {
+    return this.userRepository.getAdmin();
+  }
+
+  async getByEmail(email: string, withPassword?: boolean): Promise<UserEntity | null> {
+    return this.userRepository.getByEmail(email, withPassword);
+  }
+
+  async getByOAuthId(oauthId: string): Promise<UserEntity | null> {
+    return this.userRepository.getByOAuthId(oauthId);
+  }
+
+  async getUserProfileImage(user: UserEntity): Promise<ReadStream> {
+    if (!user.profileImagePath) {
+      throw new NotFoundException('User does not have a profile image');
+    }
+    await fs.access(user.profileImagePath, constants.R_OK | constants.W_OK);
+    return createReadStream(user.profileImagePath);
+  }
+
+  async getList(filter?: UserListFilter): Promise<UserEntity[]> {
+    return this.userRepository.getList(filter);
+  }
+
+  async createProfileImage(authUser: AuthUserDto, filePath: string): Promise<UserEntity> {
+    // TODO: do we need to do this? Maybe we can trust the authUser
+    const user = await this.userRepository.get(authUser.id);
+    if (!user) {
+      throw new NotFoundException('User not found');
+    }
+
+    try {
+      return this.userRepository.update(user.id, { profileImagePath: filePath });
+    } catch (e) {
+      Logger.error(e, 'Create User Profile Image');
+      throw new InternalServerErrorException('Failed to create new user profile image');
+    }
+  }
+
+  async restoreUser(authUser: AuthUserDto, userToRestore: UserEntity): Promise<UserEntity> {
+    // TODO: do we need to do this? Maybe we can trust the authUser
+    const requestor = await this.userRepository.get(authUser.id);
+    if (!requestor) {
+      throw new UnauthorizedException('Requestor not found');
+    }
+    if (!requestor.isAdmin) {
+      throw new ForbiddenException('Unauthorized');
+    }
+    try {
+      return this.userRepository.restore(userToRestore);
+    } catch (e) {
+      Logger.error(e, 'Failed to restore deleted user');
+      throw new InternalServerErrorException('Failed to restore deleted user');
+    }
+  }
+
+  async deleteUser(authUser: AuthUserDto, userToDelete: UserEntity): Promise<UserEntity> {
+    // TODO: do we need to do this? Maybe we can trust the authUser
+    const requestor = await this.userRepository.get(authUser.id);
+    if (!requestor) {
+      throw new UnauthorizedException('Requestor not found');
+    }
+    if (!requestor.isAdmin) {
+      throw new ForbiddenException('Unauthorized');
+    }
+
+    if (userToDelete.isAdmin) {
+      throw new ForbiddenException('Cannot delete admin user');
+    }
+
+    try {
+      return this.userRepository.delete(userToDelete);
+    } catch (e) {
+      Logger.error(e, 'Failed to delete user');
+      throw new InternalServerErrorException('Failed to delete user');
+    }
+  }
+}

server/libs/domain/src/user/user.repository.ts

@@ -0,0 +1,19 @@
+import { UserEntity } from '@app/infra';
+
+export interface UserListFilter {
+  excludeId?: string;
+}
+
+export const IUserRepository = 'IUserRepository';
+
+export interface IUserRepository {
+  get(id: string, withDeleted?: boolean): Promise<UserEntity | null>;
+  getAdmin(): Promise<UserEntity | null>;
+  getByEmail(email: string, withPassword?: boolean): Promise<UserEntity | null>;
+  getByOAuthId(oauthId: string): Promise<UserEntity | null>;
+  getList(filter?: UserListFilter): Promise<UserEntity[]>;
+  create(user: Partial<UserEntity>): Promise<UserEntity>;
+  update(id: string, user: Partial<UserEntity>): Promise<UserEntity>;
+  delete(user: UserEntity): Promise<UserEntity>;
+  restore(user: UserEntity): Promise<UserEntity>;
+}

server/libs/domain/src/user/user.service.spec.ts

@@ -0,0 +1,207 @@
+import { UserEntity } from '@app/infra';
+import { BadRequestException, ForbiddenException, NotFoundException } from '@nestjs/common';
+import { AuthUserDto } from '../auth';
+import { IUserRepository } from '@app/domain';
+import { when } from 'jest-when';
+import { UserService } from './user.service';
+import { UpdateUserDto } from './dto/update-user.dto';
+
+describe('UserService', () => {
+  let sut: UserService;
+  let userRepositoryMock: jest.Mocked<IUserRepository>;
+
+  const adminUserAuth: AuthUserDto = Object.freeze({
+    id: 'admin_id',
+    email: 'admin@test.com',
+    isAdmin: true,
+  });
+
+  const immichUserAuth: AuthUserDto = Object.freeze({
+    id: 'immich_id',
+    email: 'immich@test.com',
+    isAdmin: false,
+  });
+
+  const adminUser: UserEntity = Object.freeze({
+    id: adminUserAuth.id,
+    email: 'admin@test.com',
+    password: 'admin_password',
+    firstName: 'admin_first_name',
+    lastName: 'admin_last_name',
+    isAdmin: true,
+    oauthId: '',
+    shouldChangePassword: false,
+    profileImagePath: '',
+    createdAt: '2021-01-01',
+    tags: [],
+  });
+
+  const immichUser: UserEntity = Object.freeze({
+    id: immichUserAuth.id,
+    email: 'immich@test.com',
+    password: 'immich_password',
+    firstName: 'immich_first_name',
+    lastName: 'immich_last_name',
+    isAdmin: false,
+    oauthId: '',
+    shouldChangePassword: false,
+    profileImagePath: '',
+    createdAt: '2021-01-01',
+    tags: [],
+  });
+
+  const updatedImmichUser: UserEntity = Object.freeze({
+    id: immichUserAuth.id,
+    email: 'immich@test.com',
+    password: 'immich_password',
+    firstName: 'updated_immich_first_name',
+    lastName: 'updated_immich_last_name',
+    isAdmin: false,
+    oauthId: '',
+    shouldChangePassword: true,
+    profileImagePath: '',
+    createdAt: '2021-01-01',
+    tags: [],
+  });
+
+  beforeEach(() => {
+    userRepositoryMock = {
+      get: jest.fn(),
+      getAdmin: jest.fn(),
+      getByEmail: jest.fn(),
+      getByOAuthId: jest.fn(),
+      getList: jest.fn(),
+      create: jest.fn(),
+      update: jest.fn(),
+      delete: jest.fn(),
+      restore: jest.fn(),
+    };
+    when(userRepositoryMock.get).calledWith(adminUser.id).mockResolvedValue(adminUser);
+    when(userRepositoryMock.get).calledWith(adminUser.id, undefined).mockResolvedValue(adminUser);
+    when(userRepositoryMock.get).calledWith(immichUser.id, undefined).mockResolvedValue(immichUser);
+
+    sut = new UserService(userRepositoryMock);
+  });
+
+  describe('Update user', () => {
+    it('should update user', async () => {
+      const update: UpdateUserDto = {
+        id: immichUser.id,
+        shouldChangePassword: true,
+      };
+
+      when(userRepositoryMock.update).calledWith(update.id, update).mockResolvedValueOnce(updatedImmichUser);
+
+      const updatedUser = await sut.updateUser(immichUserAuth, update);
+      expect(updatedUser.shouldChangePassword).toEqual(true);
+    });
+
+    it('user can only update its information', async () => {
+      when(userRepositoryMock.get)
+        .calledWith('not_immich_auth_user_id', undefined)
+        .mockResolvedValueOnce({
+          ...immichUser,
+          id: 'not_immich_auth_user_id',
+        });
+
+      const result = sut.updateUser(immichUserAuth, {
+        id: 'not_immich_auth_user_id',
+        password: 'I take over your account now',
+      });
+      await expect(result).rejects.toBeInstanceOf(ForbiddenException);
+    });
+
+    it('should let a user change their email', async () => {
+      const dto = { id: immichUser.id, email: 'updated@test.com' };
+
+      userRepositoryMock.get.mockResolvedValue(immichUser);
+      userRepositoryMock.update.mockResolvedValue(immichUser);
+
+      await sut.updateUser(immichUser, dto);
+
+      expect(userRepositoryMock.update).toHaveBeenCalledWith(immichUser.id, {
+        id: 'immich_id',
+        email: 'updated@test.com',
+      });
+    });
+
+    it('should not let a user change their email to one already in use', async () => {
+      const dto = { id: immichUser.id, email: 'updated@test.com' };
+
+      userRepositoryMock.get.mockResolvedValue(immichUser);
+      userRepositoryMock.getByEmail.mockResolvedValue(adminUser);
+
+      await expect(sut.updateUser(immichUser, dto)).rejects.toBeInstanceOf(BadRequestException);
+
+      expect(userRepositoryMock.update).not.toHaveBeenCalled();
+    });
+
+    it('admin can update any user information', async () => {
+      const update: UpdateUserDto = {
+        id: immichUser.id,
+        shouldChangePassword: true,
+      };
+
+      when(userRepositoryMock.update).calledWith(immichUser.id, update).mockResolvedValueOnce(updatedImmichUser);
+
+      const result = await sut.updateUser(adminUserAuth, update);
+
+      expect(result).toBeDefined();
+      expect(result.id).toEqual(updatedImmichUser.id);
+      expect(result.shouldChangePassword).toEqual(updatedImmichUser.shouldChangePassword);
+    });
+
+    it('update user information should throw error if user not found', async () => {
+      when(userRepositoryMock.get).calledWith(immichUser.id, undefined).mockResolvedValueOnce(null);
+
+      const result = sut.updateUser(adminUser, {
+        id: immichUser.id,
+        shouldChangePassword: true,
+      });
+
+      await expect(result).rejects.toBeInstanceOf(NotFoundException);
+    });
+  });
+
+  describe('Delete user', () => {
+    it('cannot delete admin user', async () => {
+      const result = sut.deleteUser(adminUserAuth, adminUserAuth.id);
+
+      await expect(result).rejects.toBeInstanceOf(ForbiddenException);
+    });
+  });
+
+  describe('Create user', () => {
+    it('should let the admin update himself', async () => {
+      const dto = { id: adminUser.id, shouldChangePassword: true, isAdmin: true };
+
+      when(userRepositoryMock.get).calledWith(adminUser.id).mockResolvedValueOnce(null);
+      when(userRepositoryMock.update).calledWith(adminUser.id, dto).mockResolvedValueOnce(adminUser);
+
+      await sut.updateUser(adminUser, dto);
+
+      expect(userRepositoryMock.update).toHaveBeenCalledWith(adminUser.id, dto);
+    });
+
+    it('should not let the another user become an admin', async () => {
+      const dto = { id: immichUser.id, shouldChangePassword: true, isAdmin: true };
+
+      when(userRepositoryMock.get).calledWith(immichUser.id).mockResolvedValueOnce(immichUser);
+
+      await expect(sut.updateUser(adminUser, dto)).rejects.toBeInstanceOf(BadRequestException);
+    });
+
+    it('should not create a user if there is no local admin account', async () => {
+      when(userRepositoryMock.getAdmin).calledWith().mockResolvedValueOnce(null);
+
+      await expect(
+        sut.createUser({
+          email: 'john_smith@email.com',
+          firstName: 'John',
+          lastName: 'Smith',
+          password: 'password',
+        }),
+      ).rejects.toBeInstanceOf(BadRequestException);
+    });
+  });
+});

server/libs/domain/src/user/user.service.ts

@@ -0,0 +1,107 @@
+import { BadRequestException, Inject, Injectable, NotFoundException } from '@nestjs/common';
+import { ReadStream } from 'fs';
+import { AuthUserDto } from '../auth';
+import { IUserRepository } from '../user';
+import { CreateUserDto } from './dto/create-user.dto';
+import { UpdateUserDto } from './dto/update-user.dto';
+import { UserCountDto } from './dto/user-count.dto';
+import {
+  CreateProfileImageResponseDto,
+  mapCreateProfileImageResponse,
+} from './response-dto/create-profile-image-response.dto';
+import { mapUserCountResponse, UserCountResponseDto } from './response-dto/user-count-response.dto';
+import { mapUser, UserResponseDto } from './response-dto/user-response.dto';
+import { UserCore } from './user.core';
+
+@Injectable()
+export class UserService {
+  private userCore: UserCore;
+  constructor(@Inject(IUserRepository) userRepository: IUserRepository) {
+    this.userCore = new UserCore(userRepository);
+  }
+
+  async getAllUsers(authUser: AuthUserDto, isAll: boolean): Promise<UserResponseDto[]> {
+    if (isAll) {
+      const allUsers = await this.userCore.getList();
+      return allUsers.map(mapUser);
+    }
+
+    const allUserExceptRequestedUser = await this.userCore.getList({ excludeId: authUser.id });
+    return allUserExceptRequestedUser.map(mapUser);
+  }
+
+  async getUserById(userId: string, withDeleted = false): Promise<UserResponseDto> {
+    const user = await this.userCore.get(userId, withDeleted);
+    if (!user) {
+      throw new NotFoundException('User not found');
+    }
+
+    return mapUser(user);
+  }
+
+  async getUserInfo(authUser: AuthUserDto): Promise<UserResponseDto> {
+    const user = await this.userCore.get(authUser.id);
+    if (!user) {
+      throw new BadRequestException('User not found');
+    }
+    return mapUser(user);
+  }
+
+  async getUserCount(dto: UserCountDto): Promise<UserCountResponseDto> {
+    let users = await this.userCore.getList();
+
+    if (dto.admin) {
+      users = users.filter((user) => user.isAdmin);
+    }
+
+    return mapUserCountResponse(users.length);
+  }
+
+  async createUser(createUserDto: CreateUserDto): Promise<UserResponseDto> {
+    const createdUser = await this.userCore.createUser(createUserDto);
+    return mapUser(createdUser);
+  }
+
+  async updateUser(authUser: AuthUserDto, dto: UpdateUserDto): Promise<UserResponseDto> {
+    const user = await this.userCore.get(dto.id);
+    if (!user) {
+      throw new NotFoundException('User not found');
+    }
+    const updatedUser = await this.userCore.updateUser(authUser, dto.id, dto);
+    return mapUser(updatedUser);
+  }
+
+  async deleteUser(authUser: AuthUserDto, userId: string): Promise<UserResponseDto> {
+    const user = await this.userCore.get(userId);
+    if (!user) {
+      throw new BadRequestException('User not found');
+    }
+    const deletedUser = await this.userCore.deleteUser(authUser, user);
+    return mapUser(deletedUser);
+  }
+
+  async restoreUser(authUser: AuthUserDto, userId: string): Promise<UserResponseDto> {
+    const user = await this.userCore.get(userId, true);
+    if (!user) {
+      throw new BadRequestException('User not found');
+    }
+    const updatedUser = await this.userCore.restoreUser(authUser, user);
+    return mapUser(updatedUser);
+  }
+
+  async createProfileImage(
+    authUser: AuthUserDto,
+    fileInfo: Express.Multer.File,
+  ): Promise<CreateProfileImageResponseDto> {
+    const updatedUser = await this.userCore.createProfileImage(authUser, fileInfo.path);
+    return mapCreateProfileImageResponse(updatedUser.id, updatedUser.profileImagePath);
+  }
+
+  async getUserProfileImage(userId: string): Promise<ReadStream> {
+    const user = await this.userCore.get(userId);
+    if (!user) {
+      throw new NotFoundException('User not found');
+    }
+    return this.userCore.getUserProfileImage(user);
+  }
+}

server/libs/domain/tsconfig.lib.json

@@ -2,7 +2,7 @@
   "extends": "../../tsconfig.json",
   "compilerOptions": {
     "declaration": true,
-    "outDir": "../../dist/libs/database"
+    "outDir": "../../dist/libs/domain"
   },
   "include": ["src/**/*"],
   "exclude": ["node_modules", "dist", "test", "**/*spec.ts"]

server/libs/immich-config/src/immich-config.module.ts

@@ -1,4 +1,4 @@
-import { SystemConfigEntity } from '@app/database';
+import { SystemConfigEntity } from '@app/infra';
 import { Module, Provider } from '@nestjs/common';
 import { TypeOrmModule } from '@nestjs/typeorm';
 import { ImmichConfigService } from './immich-config.service';

server/libs/immich-config/src/immich-config.service.ts

@@ -1,4 +1,4 @@
-import { SystemConfig, SystemConfigEntity, SystemConfigKey } from '@app/database';
+import { SystemConfig, SystemConfigEntity, SystemConfigKey } from '@app/infra';
 import { BadRequestException, Injectable, Logger } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 import * as _ from 'lodash';

server/libs/infra/src/db/index.ts

@@ -1,3 +1,3 @@
 export * from './config';
-export * from './database.module';
 export * from './entities';
+export * from './repository';

server/libs/infra/src/db/repository/index.ts

@@ -0,0 +1 @@
+export * from './user.repository';

server/libs/infra/src/db/repository/user.repository.ts

@@ -0,0 +1,71 @@
+import { UserEntity } from '../entities';
+import { IUserRepository, UserListFilter } from '@app/domain';
+import { Injectable, InternalServerErrorException } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Not, Repository } from 'typeorm';
+
+@Injectable()
+export class UserRepository implements IUserRepository {
+  constructor(
+    @InjectRepository(UserEntity)
+    private userRepository: Repository<UserEntity>,
+  ) {}
+
+  async get(userId: string, withDeleted?: boolean): Promise<UserEntity | null> {
+    return this.userRepository.findOne({ where: { id: userId }, withDeleted: withDeleted });
+  }
+
+  async getAdmin(): Promise<UserEntity | null> {
+    return this.userRepository.findOne({ where: { isAdmin: true } });
+  }
+
+  async getByEmail(email: string, withPassword?: boolean): Promise<UserEntity | null> {
+    let builder = this.userRepository.createQueryBuilder('user').where({ email });
+
+    if (withPassword) {
+      builder = builder.addSelect('user.password');
+    }
+
+    return builder.getOne();
+  }
+
+  async getByOAuthId(oauthId: string): Promise<UserEntity | null> {
+    return this.userRepository.findOne({ where: { oauthId } });
+  }
+
+  async getList({ excludeId }: UserListFilter = {}): Promise<UserEntity[]> {
+    if (!excludeId) {
+      return this.userRepository.find(); // TODO: this should also be ordered the same as below
+    }
+    return this.userRepository.find({
+      where: { id: Not(excludeId) },
+      withDeleted: true,
+      order: {
+        createdAt: 'DESC',
+      },
+    });
+  }
+
+  async create(user: Partial<UserEntity>): Promise<UserEntity> {
+    return this.userRepository.save(user);
+  }
+
+  async update(id: string, user: Partial<UserEntity>): Promise<UserEntity> {
+    user.id = id;
+
+    await this.userRepository.save(user);
+    const updatedUser = await this.get(id);
+    if (!updatedUser) {
+      throw new InternalServerErrorException('Cannot reload user after update');
+    }
+    return updatedUser;
+  }
+
+  async delete(user: UserEntity): Promise<UserEntity> {
+    return this.userRepository.softRemove(user);
+  }
+
+  async restore(user: UserEntity): Promise<UserEntity> {
+    return this.userRepository.recover(user);
+  }
+}

server/libs/infra/src/index.ts

@@ -0,0 +1,2 @@
+export * from './db';
+export * from './infra.module';

server/libs/infra/src/infra.module.ts

@@ -0,0 +1,22 @@
+import { databaseConfig, UserEntity } from '@app/infra';
+import { IUserRepository } from '@app/domain';
+import { Global, Module, Provider } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { UserRepository } from './db';
+
+const providers: Provider[] = [
+  //
+  { provide: IUserRepository, useClass: UserRepository },
+];
+
+@Global()
+@Module({
+  imports: [
+    //
+    TypeOrmModule.forRoot(databaseConfig),
+    TypeOrmModule.forFeature([UserEntity]),
+  ],
+  providers: [...providers],
+  exports: [...providers],
+})
+export class InfraModule {}

server/libs/infra/tsconfig.lib.json

@@ -0,0 +1,9 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "declaration": true,
+    "outDir": "../../dist/libs/infra"
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist", "test", "**/*spec.ts"]
+}

server/libs/job/src/interfaces/asset-uploaded.interface.ts

@@ -1,4 +1,4 @@
-import { AssetEntity } from '@app/database';
+import { AssetEntity } from '@app/infra';
 
 export interface IAssetUploadedJob {
   /**

server/libs/job/src/interfaces/machine-learning.interface.ts

@@ -1,4 +1,4 @@
-import { AssetEntity } from '@app/database';
+import { AssetEntity } from '@app/infra';
 
 export interface IMachineLearningJob {
   /**

server/libs/job/src/interfaces/metadata-extraction.interface.ts

@@ -1,4 +1,4 @@
-import { AssetEntity } from '@app/database';
+import { AssetEntity } from '@app/infra';
 
 export interface IExifExtractionProcessor {
   /**

server/libs/job/src/interfaces/thumbnail-generation.interface.ts

@@ -1,4 +1,4 @@
-import { AssetEntity } from '@app/database';
+import { AssetEntity } from '@app/infra';
 
 export interface JpegGeneratorProcessor {
   /**

server/libs/job/src/interfaces/user-deletion.interface.ts

@@ -1,4 +1,4 @@
-import { UserEntity } from '@app/database';
+import { UserEntity } from '@app/infra';
 
 export interface IUserDeletionJob {
   /**

server/libs/job/src/interfaces/video-transcode.interface.ts

@@ -1,4 +1,4 @@
-import { AssetEntity } from '@app/database';
+import { AssetEntity } from '@app/infra';
 
 export interface IMp4ConversionProcessor {
   /**

server/libs/storage/src/storage.module.ts

@@ -1,4 +1,4 @@
-import { AssetEntity, SystemConfigEntity } from '@app/database';
+import { AssetEntity, SystemConfigEntity } from '@app/infra';
 import { ImmichConfigModule } from '@app/immich-config';
 import { Module } from '@nestjs/common';
 import { TypeOrmModule } from '@nestjs/typeorm';

server/libs/storage/src/storage.service.ts

@@ -1,5 +1,5 @@
 import { APP_UPLOAD_LOCATION } from '@app/common';
-import { AssetEntity, SystemConfig } from '@app/database';
+import { AssetEntity, SystemConfig } from '@app/infra';
 import { ImmichConfigService, INITIAL_SYSTEM_CONFIG } from '@app/immich-config';
 import { Inject, Injectable, Logger } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';