refactor(server): api key auth (#3054)

2025-10-29 17:40:28 +00:00 · 2023-06-30 21:49:30 -04:00
parent f9671dfbf7
commit 399312ead3
7 changed files with 53 additions and 66 deletions
--- a/server/src/domain/auth/auth.service.ts
+++ b/server/src/domain/auth/auth.service.ts
@@ -10,7 +10,6 @@ import {
 import cookieParser from 'cookie';
 import { IncomingHttpHeaders } from 'http';
 import { IKeyRepository } from '../api-key';
-import { APIKeyCore } from '../api-key/api-key.core';
 import { ICryptoRepository } from '../crypto/crypto.repository';
 import { OAuthCore } from '../oauth/oauth.core';
 import { ISharedLinkRepository } from '../shared-link';
@@ -35,17 +34,16 @@ export class AuthService {
  private authCore: AuthCore;
  private oauthCore: OAuthCore;
  private userCore: UserCore;
-  private keyCore: APIKeyCore;

  private logger = new Logger(AuthService.name);

  constructor(
-    @Inject(ICryptoRepository) cryptoRepository: ICryptoRepository,
+    @Inject(ICryptoRepository) private cryptoRepository: ICryptoRepository,
    @Inject(ISystemConfigRepository) configRepository: ISystemConfigRepository,
    @Inject(IUserRepository) userRepository: IUserRepository,
    @Inject(IUserTokenRepository) userTokenRepository: IUserTokenRepository,
    @Inject(ISharedLinkRepository) private sharedLinkRepository: ISharedLinkRepository,
-    @Inject(IKeyRepository) keyRepository: IKeyRepository,
+    @Inject(IKeyRepository) private keyRepository: IKeyRepository,
    @Inject(INITIAL_SYSTEM_CONFIG)
    initialConfig: SystemConfig,
  ) {
@@ -53,7 +51,6 @@ export class AuthService {
    this.authCore = new AuthCore(cryptoRepository, configRepository, userTokenRepository, initialConfig);
    this.oauthCore = new OAuthCore(configRepository, initialConfig);
    this.userCore = new UserCore(userRepository, cryptoRepository);
-    this.keyCore = new APIKeyCore(cryptoRepository, keyRepository);
  }

  public async login(
@@ -153,7 +150,7 @@ export class AuthService {
    }

    if (apiKey) {
-      return this.keyCore.validate(apiKey);
+      return this.validateApiKey(apiKey);
    }

    throw new UnauthorizedException('Authentication required');
@@ -192,7 +189,7 @@ export class AuthService {
    return cookies[IMMICH_ACCESS_COOKIE] || null;
  }

-  async validateSharedLink(key: string | string[]): Promise<AuthUserDto | null> {
+  private async validateSharedLink(key: string | string[]): Promise<AuthUserDto> {
    key = Array.isArray(key) ? key[0] : key;

    const bytes = Buffer.from(key, key.length === 100 ? 'hex' : 'base64url');
@@ -216,4 +213,23 @@ export class AuthService {
    }
    throw new UnauthorizedException('Invalid share key');
  }
+
+  private async validateApiKey(key: string): Promise<AuthUserDto> {
+    const hashedKey = this.cryptoRepository.hashSha256(key);
+    const keyEntity = await this.keyRepository.getKey(hashedKey);
+    if (keyEntity?.user) {
+      const user = keyEntity.user;
+
+      return {
+        id: user.id,
+        email: user.email,
+        isAdmin: user.isAdmin,
+        isPublicUser: false,
+        isAllowUpload: true,
+        externalPath: user.externalPath,
+      };
+    }
+
+    throw new UnauthorizedException('Invalid API key');
+  }
 }