refactor(server): drop salt column (#1185)

2026-03-01 19:49:22 +00:00 · 2022-12-26 23:03:14 -05:00
parent 0c896d9e59
commit 4e860b024b
6 changed files with 20 additions and 25 deletions
--- a/server/apps/immich/src/api-v1/user/user.core.ts
+++ b/server/apps/immich/src/api-v1/user/user.core.ts
@@ -7,24 +7,18 @@ import {
  NotFoundException,
  UnauthorizedException,
 } from '@nestjs/common';
-import { genSalt, hash } from 'bcrypt';
+import { hash } from 'bcrypt';
 import { createReadStream, constants, ReadStream } from 'fs';
 import fs from 'fs/promises';
 import { AuthUserDto } from '../../decorators/auth-user.decorator';
 import { CreateAdminDto, CreateUserDto, CreateUserOAuthDto } from './dto/create-user.dto';
 import { IUserRepository, UserListFilter } from './user-repository';

+const SALT_ROUNDS = 10;
+
 export class UserCore {
  constructor(private userRepository: IUserRepository) {}

-  private async generateSalt(): Promise<string> {
-    return genSalt();
-  }
-
-  private async hashPassword(password: string, salt: string): Promise<string> {
-    return hash(password, salt);
-  }
-
  async updateUser(authUser: AuthUserDto, id: string, dto: Partial<UserEntity>): Promise<UserEntity> {
    if (!(authUser.isAdmin || authUser.id === id)) {
      throw new ForbiddenException('You are not allowed to update this user');
@@ -36,9 +30,7 @@ export class UserCore {

    try {
      if (dto.password) {
-        const salt = await this.generateSalt();
-        dto.salt = salt;
-        dto.password = await this.hashPassword(dto.password, salt);
+        dto.password = await hash(dto.password, SALT_ROUNDS);
      }
      return this.userRepository.update(id, dto);
    } catch (e) {
@@ -63,9 +55,7 @@ export class UserCore {
    try {
      const payload: Partial<UserEntity> = { ...createUserDto };
      if (payload.password) {
-        const salt = await this.generateSalt();
-        payload.salt = salt;
-        payload.password = await this.hashPassword(payload.password, salt);
+        payload.password = await hash(payload.password, SALT_ROUNDS);
      }
      return this.userRepository.create(payload);
    } catch (e) {
--- a/server/apps/immich/src/api-v1/user/user.service.spec.ts
+++ b/server/apps/immich/src/api-v1/user/user.service.spec.ts
@@ -27,7 +27,6 @@ describe('UserService', () => {
    id: adminUserAuth.id,
    email: 'admin@test.com',
    password: 'admin_password',
-    salt: 'admin_salt',
    firstName: 'admin_first_name',
    lastName: 'admin_last_name',
    isAdmin: true,
@@ -42,7 +41,6 @@ describe('UserService', () => {
    id: immichUserAuth.id,
    email: 'immich@test.com',
    password: 'immich_password',
-    salt: 'immich_salt',
    firstName: 'immich_first_name',
    lastName: 'immich_last_name',
    isAdmin: false,
@@ -57,7 +55,6 @@ describe('UserService', () => {
    id: immichUserAuth.id,
    email: 'immich@test.com',
    password: 'immich_password',
-    salt: 'immich_salt',
    firstName: 'updated_immich_first_name',
    lastName: 'updated_immich_last_name',
    isAdmin: false,
--- a/server/apps/immich/src/modules/immich-jwt/immich-jwt.service.spec.ts
+++ b/server/apps/immich/src/modules/immich-jwt/immich-jwt.service.spec.ts
@@ -51,7 +51,6 @@ describe('ImmichJwtService', () => {
        isAdmin: false,
        email: 'test@immich.com',
        password: 'changeme',
-        salt: '123',
        oauthId: '',
        profileImagePath: '',
        shouldChangePassword: false,