KevinMidboe/immich
1
0
Fork 0
mirror of https://github.com/KevinMidboe/immich.git synced 2025-12-08 20:29:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(server)*: tsconfigs (#2689)

Browse Source 
* refactor(server): tsconfigs

* chore: dummy commit

* fix: start.sh

* chore: restore original entry scripts
This commit is contained in:
Jason Rasmussen
2023-06-08 11:01:07 -04:00
committed by GitHub
parent a2130aa6c5
commit 8ebac41318
465 changed files with 209 additions and 332 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/src/domain/user/dto/create-profile-image.dto.ts Normal file
View File

@@ -0,0 +1,7 @@
import { ApiProperty } from '@nestjs/swagger';
import { Express } from 'express';
export class CreateProfileImageDto {
@ApiProperty({ type: 'string', format: 'binary' })
file!: Express.Multer.File;
}

27
server/src/domain/user/dto/create-user.dto.spec.ts Normal file
View File

@@ -0,0 +1,27 @@
import { plainToInstance } from 'class-transformer';
import { validate } from 'class-validator';
import { CreateUserDto } from './create-user.dto';
describe('create user DTO', () => {
it('validates the email', async () => {
const params: Partial<CreateUserDto> = {
email: undefined,
password: 'password',
firstName: 'first name',
lastName: 'last name',
};
let dto: CreateUserDto = plainToInstance(CreateUserDto, params);
let errors = await validate(dto);
expect(errors).toHaveLength(1);
params.email = 'invalid email';
dto = plainToInstance(CreateUserDto, params);
errors = await validate(dto);
expect(errors).toHaveLength(1);
params.email = 'valid@email.com';
dto = plainToInstance(CreateUserDto, params);
errors = await validate(dto);
expect(errors).toHaveLength(0);
});
});

57
server/src/domain/user/dto/create-user.dto.ts Normal file
View File

@@ -0,0 +1,57 @@
import { Transform } from 'class-transformer';
import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
import { toEmail, toSanitized } from '@app/immich/utils/transform.util';
export class CreateUserDto {
@IsEmail()
@Transform(toEmail)
email!: string;
@IsNotEmpty()
@IsString()
password!: string;
@IsNotEmpty()
@IsString()
firstName!: string;
@IsNotEmpty()
@IsString()
lastName!: string;
@IsOptional()
@IsString()
@Transform(toSanitized)
storageLabel?: string | null;
}
export class CreateAdminDto {
@IsNotEmpty()
isAdmin!: true;
@IsEmail()
@Transform(({ value }) => value?.toLowerCase())
email!: string;
@IsNotEmpty()
password!: string;
@IsNotEmpty()
firstName!: string;
@IsNotEmpty()
lastName!: string;
}
export class CreateUserOAuthDto {
@IsEmail()
@Transform(({ value }) => value?.toLowerCase())
email!: string;
@IsNotEmpty()
oauthId!: string;
firstName?: string;
lastName?: string;
}

4
server/src/domain/user/dto/index.ts Normal file
View File

@@ -0,0 +1,4 @@
export * from './create-profile-image.dto';
export * from './create-user.dto';
export * from './update-user.dto';
export * from './user-count.dto';

44
server/src/domain/user/dto/update-user.dto.ts Normal file
View File

@@ -0,0 +1,44 @@
import { ApiProperty } from '@nestjs/swagger';
import { Transform } from 'class-transformer';
import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsString, IsUUID } from 'class-validator';
import { toEmail, toSanitized } from '@app/immich/utils/transform.util';
export class UpdateUserDto {
@IsOptional()
@IsEmail()
@Transform(toEmail)
email?: string;
@IsOptional()
@IsNotEmpty()
@IsString()
password?: string;
@IsOptional()
@IsString()
@IsNotEmpty()
firstName?: string;
@IsOptional()
@IsString()
@IsNotEmpty()
lastName?: string;
@IsOptional()
@IsString()
@Transform(toSanitized)
storageLabel?: string;
@IsNotEmpty()
@IsUUID('4')
@ApiProperty({ format: 'uuid' })
id!: string;
@IsOptional()
@IsBoolean()
isAdmin?: boolean;
@IsOptional()
@IsBoolean()
shouldChangePassword?: boolean;
}

12
server/src/domain/user/dto/user-count.dto.ts Normal file
View File

@@ -0,0 +1,12 @@
import { Transform } from 'class-transformer';
import { IsBoolean, IsOptional } from 'class-validator';
export class UserCountDto {
@IsBoolean()
@IsOptional()
@Transform(({ value }) => value === 'true')
/**
* When true, return the number of admins accounts
*/
admin?: boolean = false;
}

9
server/src/domain/user/dto/user-id.dto.ts Normal file
View File

@@ -0,0 +1,9 @@
import { ApiProperty } from '@nestjs/swagger';
import { IsNotEmpty, IsUUID } from 'class-validator';
export class UserIdDto {
@IsNotEmpty()
@IsUUID('4')
@ApiProperty({ format: 'uuid' })
userId!: string;
}

5
server/src/domain/user/index.ts Normal file
View File

@@ -0,0 +1,5 @@
export * from './dto';
export * from './response-dto';
export * from './user.core';
export * from './user.repository';
export * from './user.service';

11
server/src/domain/user/response-dto/create-profile-image-response.dto.ts Normal file
View File

@@ -0,0 +1,11 @@
export class CreateProfileImageResponseDto {
userId!: string;
profileImagePath!: string;
}
export function mapCreateProfileImageResponse(userId: string, profileImagePath: string): CreateProfileImageResponseDto {
return {
userId: userId,
profileImagePath: profileImagePath,
};
}

3
server/src/domain/user/response-dto/index.ts Normal file
View File

@@ -0,0 +1,3 @@
export * from './create-profile-image-response.dto';
export * from './user-count-response.dto';
export * from './user-response.dto';

12
server/src/domain/user/response-dto/user-count-response.dto.ts Normal file
View File

@@ -0,0 +1,12 @@
import { ApiProperty } from '@nestjs/swagger';
export class UserCountResponseDto {
@ApiProperty({ type: 'integer' })
userCount!: number;
}
export function mapUserCountResponse(count: number): UserCountResponseDto {
return {
userCount: count,
};
}

33
server/src/domain/user/response-dto/user-response.dto.ts Normal file
View File

@@ -0,0 +1,33 @@
import { UserEntity } from '@app/infra/entities';
export class UserResponseDto {
id!: string;
email!: string;
firstName!: string;
lastName!: string;
storageLabel!: string | null;
profileImagePath!: string;
shouldChangePassword!: boolean;
isAdmin!: boolean;
createdAt!: Date;
deletedAt!: Date | null;
updatedAt!: Date;
oauthId!: string;
}
export function mapUser(entity: UserEntity): UserResponseDto {
return {
id: entity.id,
email: entity.email,
firstName: entity.firstName,
lastName: entity.lastName,
storageLabel: entity.storageLabel,
profileImagePath: entity.profileImagePath,
shouldChangePassword: entity.shouldChangePassword,
isAdmin: entity.isAdmin,
createdAt: entity.createdAt,
deletedAt: entity.deletedAt,
updatedAt: entity.updatedAt,
oauthId: entity.oauthId,
};
}

156
server/src/domain/user/user.core.ts Normal file
View File

@@ -0,0 +1,156 @@
import { UserEntity } from '@app/infra/entities';
import {
BadRequestException,
ForbiddenException,
InternalServerErrorException,
Logger,
NotFoundException,
} from '@nestjs/common';
import { hash } from 'bcrypt';
import { constants, createReadStream, ReadStream } from 'fs';
import fs from 'fs/promises';
import { AuthUserDto } from '../auth';
import { ICryptoRepository } from '../crypto';
import { CreateAdminDto, CreateUserDto, CreateUserOAuthDto } from './dto/create-user.dto';
import { IUserRepository, UserListFilter } from './user.repository';
const SALT_ROUNDS = 10;
export class UserCore {
constructor(private userRepository: IUserRepository, private cryptoRepository: ICryptoRepository) {}
async updateUser(authUser: AuthUserDto, id: string, dto: Partial<UserEntity>): Promise<UserEntity> {
if (!authUser.isAdmin && authUser.id !== id) {
throw new ForbiddenException('You are not allowed to update this user');
}
if (!authUser.isAdmin) {
// Users can never update the isAdmin property.
delete dto.isAdmin;
delete dto.storageLabel;
} else if (dto.isAdmin && authUser.id !== id) {
// Admin cannot create another admin.
throw new BadRequestException('The server already has an admin');
}
if (dto.email) {
const duplicate = await this.userRepository.getByEmail(dto.email);
if (duplicate && duplicate.id !== id) {
throw new BadRequestException('Email already in use by another account');
}
}
if (dto.storageLabel) {
const duplicate = await this.userRepository.getByStorageLabel(dto.storageLabel);
if (duplicate && duplicate.id !== id) {
throw new BadRequestException('Storage label already in use by another account');
}
}
try {
if (dto.password) {
dto.password = await this.cryptoRepository.hashBcrypt(dto.password, SALT_ROUNDS);
}
if (dto.storageLabel === '') {
dto.storageLabel = null;
}
return this.userRepository.update(id, dto);
} catch (e) {
Logger.error(e, 'Failed to update user info');
throw new InternalServerErrorException('Failed to update user info');
}
}
async createUser(createUserDto: CreateUserDto | CreateAdminDto | CreateUserOAuthDto): Promise<UserEntity> {
const user = await this.userRepository.getByEmail(createUserDto.email);
if (user) {
throw new BadRequestException('User exists');
}
if (!(createUserDto as CreateAdminDto).isAdmin) {
const localAdmin = await this.userRepository.getAdmin();
if (!localAdmin) {
throw new BadRequestException('The first registered account must the administrator.');
}
}
try {
const payload: Partial<UserEntity> = { ...createUserDto };
if (payload.password) {
payload.password = await hash(payload.password, SALT_ROUNDS);
}
return this.userRepository.create(payload);
} catch (e) {
Logger.error(e, 'Create new user');
throw new InternalServerErrorException('Failed to register new user');
}
}
async get(userId: string, withDeleted?: boolean): Promise<UserEntity | null> {
return this.userRepository.get(userId, withDeleted);
}
async getAdmin(): Promise<UserEntity | null> {
return this.userRepository.getAdmin();
}
async getByEmail(email: string, withPassword?: boolean): Promise<UserEntity | null> {
return this.userRepository.getByEmail(email, withPassword);
}
async getByOAuthId(oauthId: string): Promise<UserEntity | null> {
return this.userRepository.getByOAuthId(oauthId);
}
async getUserProfileImage(user: UserEntity): Promise<ReadStream> {
if (!user.profileImagePath) {
throw new NotFoundException('User does not have a profile image');
}
await fs.access(user.profileImagePath, constants.R_OK | constants.W_OK);
return createReadStream(user.profileImagePath);
}
async getList(filter?: UserListFilter): Promise<UserEntity[]> {
return this.userRepository.getList(filter);
}
async createProfileImage(authUser: AuthUserDto, filePath: string): Promise<UserEntity> {
try {
return this.userRepository.update(authUser.id, { profileImagePath: filePath });
} catch (e) {
Logger.error(e, 'Create User Profile Image');
throw new InternalServerErrorException('Failed to create new user profile image');
}
}
async restoreUser(authUser: AuthUserDto, userToRestore: UserEntity): Promise<UserEntity> {
if (!authUser.isAdmin) {
throw new ForbiddenException('Unauthorized');
}
try {
return this.userRepository.restore(userToRestore);
} catch (e) {
Logger.error(e, 'Failed to restore deleted user');
throw new InternalServerErrorException('Failed to restore deleted user');
}
}
async deleteUser(authUser: AuthUserDto, userToDelete: UserEntity): Promise<UserEntity> {
if (!authUser.isAdmin) {
throw new ForbiddenException('Unauthorized');
}
if (userToDelete.isAdmin) {
throw new ForbiddenException('Cannot delete admin user');
}
try {
return this.userRepository.delete(userToDelete);
} catch (e) {
Logger.error(e, 'Failed to delete user');
throw new InternalServerErrorException('Failed to delete user');
}
}
}

31
server/src/domain/user/user.repository.ts Normal file
View File

@@ -0,0 +1,31 @@
import { UserEntity } from '@app/infra/entities';
export interface UserListFilter {
withDeleted?: boolean;
}
export interface UserStatsQueryResponse {
userId: string;
userFirstName: string;
userLastName: string;
photos: number;
videos: number;
usage: number;
}
export const IUserRepository = 'IUserRepository';
export interface IUserRepository {
get(id: string, withDeleted?: boolean): Promise<UserEntity | null>;
getAdmin(): Promise<UserEntity | null>;
getByEmail(email: string, withPassword?: boolean): Promise<UserEntity | null>;
getByStorageLabel(storageLabel: string): Promise<UserEntity | null>;
getByOAuthId(oauthId: string): Promise<UserEntity | null>;
getDeletedUsers(): Promise<UserEntity[]>;
getList(filter?: UserListFilter): Promise<UserEntity[]>;
getUserStats(): Promise<UserStatsQueryResponse[]>;
create(user: Partial<UserEntity>): Promise<UserEntity>;
update(id: string, user: Partial<UserEntity>): Promise<UserEntity>;
delete(user: UserEntity, hard?: boolean): Promise<UserEntity>;
restore(user: UserEntity): Promise<UserEntity>;
}

511
server/src/domain/user/user.service.spec.ts Normal file
View File

@@ -0,0 +1,511 @@
import { UserEntity } from '@app/infra/entities';
import { BadRequestException, ForbiddenException, NotFoundException } from '@nestjs/common';
import { when } from 'jest-when';
import {
newAlbumRepositoryMock,
newAssetRepositoryMock,
newCryptoRepositoryMock,
newJobRepositoryMock,
newStorageRepositoryMock,
newUserRepositoryMock,
} from '@test';
import { IAlbumRepository } from '../album';
import { IAssetRepository } from '../asset';
import { AuthUserDto } from '../auth';
import { ICryptoRepository } from '../crypto';
import { IJobRepository, JobName } from '../job';
import { IStorageRepository } from '../storage';
import { UpdateUserDto } from './dto/update-user.dto';
import { IUserRepository } from './user.repository';
import { UserService } from './user.service';
const makeDeletedAt = (daysAgo: number) => {
const deletedAt = new Date();
deletedAt.setDate(deletedAt.getDate() - daysAgo);
return deletedAt;
};
const adminUserAuth: AuthUserDto = Object.freeze({
id: 'admin_id',
email: 'admin@test.com',
isAdmin: true,
});
const immichUserAuth: AuthUserDto = Object.freeze({
id: 'user-id',
email: 'immich@test.com',
isAdmin: false,
});
const adminUser: UserEntity = Object.freeze({
id: adminUserAuth.id,
email: 'admin@test.com',
password: 'admin_password',
firstName: 'admin_first_name',
lastName: 'admin_last_name',
isAdmin: true,
oauthId: '',
shouldChangePassword: false,
profileImagePath: '',
createdAt: new Date('2021-01-01'),
deletedAt: null,
updatedAt: new Date('2021-01-01'),
tags: [],
assets: [],
storageLabel: 'admin',
});
const immichUser: UserEntity = Object.freeze({
id: immichUserAuth.id,
email: 'immich@test.com',
password: 'immich_password',
firstName: 'immich_first_name',
lastName: 'immich_last_name',
isAdmin: false,
oauthId: '',
shouldChangePassword: false,
profileImagePath: '',
createdAt: new Date('2021-01-01'),
deletedAt: null,
updatedAt: new Date('2021-01-01'),
tags: [],
assets: [],
storageLabel: null,
});
const updatedImmichUser: UserEntity = Object.freeze({
id: immichUserAuth.id,
email: 'immich@test.com',
password: 'immich_password',
firstName: 'updated_immich_first_name',
lastName: 'updated_immich_last_name',
isAdmin: false,
oauthId: '',
shouldChangePassword: true,
profileImagePath: '',
createdAt: new Date('2021-01-01'),
deletedAt: null,
updatedAt: new Date('2021-01-01'),
tags: [],
assets: [],
storageLabel: null,
});
const adminUserResponse = Object.freeze({
id: adminUserAuth.id,
email: 'admin@test.com',
firstName: 'admin_first_name',
lastName: 'admin_last_name',
isAdmin: true,
oauthId: '',
shouldChangePassword: false,
profileImagePath: '',
createdAt: new Date('2021-01-01'),
deletedAt: null,
updatedAt: new Date('2021-01-01'),
storageLabel: 'admin',
});
describe(UserService.name, () => {
let sut: UserService;
let userMock: jest.Mocked<IUserRepository>;
let cryptoRepositoryMock: jest.Mocked<ICryptoRepository>;
let albumMock: jest.Mocked<IAlbumRepository>;
let assetMock: jest.Mocked<IAssetRepository>;
let jobMock: jest.Mocked<IJobRepository>;
let storageMock: jest.Mocked<IStorageRepository>;
beforeEach(async () => {
cryptoRepositoryMock = newCryptoRepositoryMock();
albumMock = newAlbumRepositoryMock();
assetMock = newAssetRepositoryMock();
jobMock = newJobRepositoryMock();
storageMock = newStorageRepositoryMock();
userMock = newUserRepositoryMock();
sut = new UserService(userMock, cryptoRepositoryMock, albumMock, assetMock, jobMock, storageMock);
when(userMock.get).calledWith(adminUser.id).mockResolvedValue(adminUser);
when(userMock.get).calledWith(adminUser.id, undefined).mockResolvedValue(adminUser);
when(userMock.get).calledWith(immichUser.id).mockResolvedValue(immichUser);
when(userMock.get).calledWith(immichUser.id, undefined).mockResolvedValue(immichUser);
});
describe('getAllUsers', () => {
it('should get all users', async () => {
userMock.getList.mockResolvedValue([adminUser]);
const response = await sut.getAllUsers(adminUserAuth, false);
expect(userMock.getList).toHaveBeenCalledWith({ withDeleted: true });
expect(response).toEqual([
{
id: adminUserAuth.id,
email: 'admin@test.com',
firstName: 'admin_first_name',
lastName: 'admin_last_name',
isAdmin: true,
oauthId: '',
shouldChangePassword: false,
profileImagePath: '',
createdAt: new Date('2021-01-01'),
deletedAt: null,
updatedAt: new Date('2021-01-01'),
storageLabel: 'admin',
},
]);
});
});
describe('getUserById', () => {
it('should get a user by id', async () => {
userMock.get.mockResolvedValue(adminUser);
const response = await sut.getUserById(adminUser.id);
expect(userMock.get).toHaveBeenCalledWith(adminUser.id, false);
expect(response).toEqual(adminUserResponse);
});
it('should throw an error if a user is not found', async () => {
userMock.get.mockResolvedValue(null);
await expect(sut.getUserById(adminUser.id)).rejects.toBeInstanceOf(NotFoundException);
expect(userMock.get).toHaveBeenCalledWith(adminUser.id, false);
});
});
describe('getUserInfo', () => {
it("should get the auth user's info", async () => {
userMock.get.mockResolvedValue(adminUser);
const response = await sut.getUserInfo(adminUser);
expect(userMock.get).toHaveBeenCalledWith(adminUser.id, undefined);
expect(response).toEqual(adminUserResponse);
});
it('should throw an error if a user is not found', async () => {
userMock.get.mockResolvedValue(null);
await expect(sut.getUserInfo(adminUser)).rejects.toBeInstanceOf(BadRequestException);
expect(userMock.get).toHaveBeenCalledWith(adminUser.id, undefined);
});
});
describe('getUserCount', () => {
it('should get the user count', async () => {
userMock.getList.mockResolvedValue([adminUser]);
const response = await sut.getUserCount({});
expect(userMock.getList).toHaveBeenCalled();
expect(response).toEqual({ userCount: 1 });
});
});
describe('update', () => {
it('should update user', async () => {
const update: UpdateUserDto = {
id: immichUser.id,
shouldChangePassword: true,
};
when(userMock.update).calledWith(update.id, update).mockResolvedValueOnce(updatedImmichUser);
const updatedUser = await sut.updateUser(immichUserAuth, update);
expect(updatedUser.shouldChangePassword).toEqual(true);
});
it('should not set an empty string for storage label', async () => {
userMock.update.mockResolvedValue(updatedImmichUser);
await sut.updateUser(adminUserAuth, { id: immichUser.id, storageLabel: '' });
expect(userMock.update).toHaveBeenCalledWith(immichUser.id, { id: immichUser.id, storageLabel: null });
});
it('should omit a storage label set by non-admin users', async () => {
userMock.update.mockResolvedValue(updatedImmichUser);
await sut.updateUser(immichUserAuth, { id: immichUser.id, storageLabel: 'admin' });
expect(userMock.update).toHaveBeenCalledWith(immichUser.id, { id: immichUser.id });
});
it('user can only update its information', async () => {
when(userMock.get)
.calledWith('not_immich_auth_user_id', undefined)
.mockResolvedValueOnce({
...immichUser,
id: 'not_immich_auth_user_id',
});
const result = sut.updateUser(immichUserAuth, {
id: 'not_immich_auth_user_id',
password: 'I take over your account now',
});
await expect(result).rejects.toBeInstanceOf(ForbiddenException);
});
it('should let a user change their email', async () => {
const dto = { id: immichUser.id, email: 'updated@test.com' };
userMock.get.mockResolvedValue(immichUser);
userMock.update.mockResolvedValue(immichUser);
await sut.updateUser(immichUser, dto);
expect(userMock.update).toHaveBeenCalledWith(immichUser.id, {
id: 'user-id',
email: 'updated@test.com',
});
});
it('should not let a user change their email to one already in use', async () => {
const dto = { id: immichUser.id, email: 'updated@test.com' };
userMock.get.mockResolvedValue(immichUser);
userMock.getByEmail.mockResolvedValue(adminUser);
await expect(sut.updateUser(immichUser, dto)).rejects.toBeInstanceOf(BadRequestException);
expect(userMock.update).not.toHaveBeenCalled();
});
it('should not let the admin change the storage label to one already in use', async () => {
const dto = { id: immichUser.id, storageLabel: 'admin' };
userMock.get.mockResolvedValue(immichUser);
userMock.getByStorageLabel.mockResolvedValue(adminUser);
await expect(sut.updateUser(adminUser, dto)).rejects.toBeInstanceOf(BadRequestException);
expect(userMock.update).not.toHaveBeenCalled();
});
it('admin can update any user information', async () => {
const update: UpdateUserDto = {
id: immichUser.id,
shouldChangePassword: true,
};
when(userMock.update).calledWith(immichUser.id, update).mockResolvedValueOnce(updatedImmichUser);
const result = await sut.updateUser(adminUserAuth, update);
expect(result).toBeDefined();
expect(result.id).toEqual(updatedImmichUser.id);
expect(result.shouldChangePassword).toEqual(updatedImmichUser.shouldChangePassword);
});
it('update user information should throw error if user not found', async () => {
when(userMock.get).calledWith(immichUser.id, undefined).mockResolvedValueOnce(null);
const result = sut.updateUser(adminUser, {
id: immichUser.id,
shouldChangePassword: true,
});
await expect(result).rejects.toBeInstanceOf(NotFoundException);
});
it('should let the admin update himself', async () => {
const dto = { id: adminUser.id, shouldChangePassword: true, isAdmin: true };
when(userMock.get).calledWith(adminUser.id).mockResolvedValueOnce(null);
when(userMock.update).calledWith(adminUser.id, dto).mockResolvedValueOnce(adminUser);
await sut.updateUser(adminUser, dto);
expect(userMock.update).toHaveBeenCalledWith(adminUser.id, dto);
});
it('should not let the another user become an admin', async () => {
const dto = { id: immichUser.id, shouldChangePassword: true, isAdmin: true };
when(userMock.get).calledWith(immichUser.id).mockResolvedValueOnce(immichUser);
await expect(sut.updateUser(adminUser, dto)).rejects.toBeInstanceOf(BadRequestException);
});
});
describe('restoreUser', () => {
it('should require an admin', async () => {
when(userMock.get).calledWith(adminUser.id, true).mockResolvedValue(adminUser);
await expect(sut.restoreUser(immichUserAuth, adminUser.id)).rejects.toBeInstanceOf(ForbiddenException);
expect(userMock.get).toHaveBeenCalledWith(adminUser.id, true);
});
it('should require the auth user be an admin', async () => {
await expect(sut.deleteUser(immichUserAuth, adminUserAuth.id)).rejects.toBeInstanceOf(ForbiddenException);
expect(userMock.delete).not.toHaveBeenCalled();
});
});
describe('deleteUser', () => {
it('cannot delete admin user', async () => {
await expect(sut.deleteUser(adminUserAuth, adminUserAuth.id)).rejects.toBeInstanceOf(ForbiddenException);
});
it('should require the auth user be an admin', async () => {
await expect(sut.deleteUser(immichUserAuth, adminUserAuth.id)).rejects.toBeInstanceOf(ForbiddenException);
expect(userMock.delete).not.toHaveBeenCalled();
});
});
describe('update', () => {
it('should not create a user if there is no local admin account', async () => {
when(userMock.getAdmin).calledWith().mockResolvedValueOnce(null);
await expect(
sut.createUser({
email: 'john_smith@email.com',
firstName: 'John',
lastName: 'Smith',
password: 'password',
}),
).rejects.toBeInstanceOf(BadRequestException);
});
});
describe('createProfileImage', () => {
it('should throw an error if the user does not exist', async () => {
const file = { path: '/profile/path' } as Express.Multer.File;
userMock.update.mockResolvedValue({ ...adminUser, profileImagePath: file.path });
await sut.createProfileImage(adminUserAuth, file);
expect(userMock.update).toHaveBeenCalledWith(adminUserAuth.id, { profileImagePath: file.path });
});
});
describe('getUserProfileImage', () => {
it('should throw an error if the user does not exist', async () => {
userMock.get.mockResolvedValue(null);
await expect(sut.getUserProfileImage(adminUserAuth.id)).rejects.toBeInstanceOf(NotFoundException);
expect(userMock.get).toHaveBeenCalledWith(adminUserAuth.id, undefined);
});
it('should throw an error if the user does not have a picture', async () => {
userMock.get.mockResolvedValue(adminUser);
await expect(sut.getUserProfileImage(adminUserAuth.id)).rejects.toBeInstanceOf(NotFoundException);
expect(userMock.get).toHaveBeenCalledWith(adminUserAuth.id, undefined);
});
});
describe('resetAdminPassword', () => {
it('should only work when there is an admin account', async () => {
userMock.getAdmin.mockResolvedValue(null);
const ask = jest.fn().mockResolvedValue('new-password');
await expect(sut.resetAdminPassword(ask)).rejects.toBeInstanceOf(BadRequestException);
expect(ask).not.toHaveBeenCalled();
});
it('should default to a random password', async () => {
userMock.getAdmin.mockResolvedValue(adminUser);
const ask = jest.fn().mockResolvedValue(undefined);
const response = await sut.resetAdminPassword(ask);
const [id, update] = userMock.update.mock.calls[0];
expect(response.provided).toBe(false);
expect(ask).toHaveBeenCalled();
expect(id).toEqual(adminUser.id);
expect(update.password).toBeDefined();
});
it('should use the supplied password', async () => {
userMock.getAdmin.mockResolvedValue(adminUser);
const ask = jest.fn().mockResolvedValue('new-password');
const response = await sut.resetAdminPassword(ask);
const [id, update] = userMock.update.mock.calls[0];
expect(response.provided).toBe(true);
expect(ask).toHaveBeenCalled();
expect(id).toEqual(adminUser.id);
expect(update.password).toBeDefined();
});
});
describe('handleQueueUserDelete', () => {
it('should skip users not ready for deletion', async () => {
userMock.getDeletedUsers.mockResolvedValue([
{},
{ deletedAt: undefined },
{ deletedAt: null },
{ deletedAt: makeDeletedAt(5) },
] as UserEntity[]);
await sut.handleUserDeleteCheck();
expect(userMock.getDeletedUsers).toHaveBeenCalled();
expect(jobMock.queue).not.toHaveBeenCalled();
});
it('should queue user ready for deletion', async () => {
const user = { id: 'deleted-user', deletedAt: makeDeletedAt(10) };
userMock.getDeletedUsers.mockResolvedValue([user] as UserEntity[]);
await sut.handleUserDeleteCheck();
expect(userMock.getDeletedUsers).toHaveBeenCalled();
expect(jobMock.queue).toHaveBeenCalledWith({ name: JobName.USER_DELETION, data: { id: user.id } });
});
});
describe('handleUserDelete', () => {
it('should skip users not ready for deletion', async () => {
const user = { id: 'user-1', deletedAt: makeDeletedAt(5) } as UserEntity;
userMock.get.mockResolvedValue(user);
await sut.handleUserDelete({ id: user.id });
expect(storageMock.unlinkDir).not.toHaveBeenCalled();
expect(userMock.delete).not.toHaveBeenCalled();
});
it('should delete the user and associated assets', async () => {
const user = { id: 'deleted-user', deletedAt: makeDeletedAt(10) } as UserEntity;
userMock.get.mockResolvedValue(user);
await sut.handleUserDelete({ id: user.id });
const options = { force: true, recursive: true };
expect(storageMock.unlinkDir).toHaveBeenCalledWith('upload/library/deleted-user', options);
expect(storageMock.unlinkDir).toHaveBeenCalledWith('upload/upload/deleted-user', options);
expect(storageMock.unlinkDir).toHaveBeenCalledWith('upload/profile/deleted-user', options);
expect(storageMock.unlinkDir).toHaveBeenCalledWith('upload/thumbs/deleted-user', options);
expect(storageMock.unlinkDir).toHaveBeenCalledWith('upload/encoded-video/deleted-user', options);
expect(albumMock.deleteAll).toHaveBeenCalledWith(user.id);
expect(assetMock.deleteAll).toHaveBeenCalledWith(user.id);
expect(userMock.delete).toHaveBeenCalledWith(user, true);
});
it('should delete the library path for a storage label', async () => {
const user = { id: 'deleted-user', deletedAt: makeDeletedAt(10), storageLabel: 'admin' } as UserEntity;
userMock.get.mockResolvedValue(user);
await sut.handleUserDelete({ id: user.id });
const options = { force: true, recursive: true };
expect(storageMock.unlinkDir).toHaveBeenCalledWith('upload/library/admin', options);
});
});
});

195
server/src/domain/user/user.service.ts Normal file
View File

@@ -0,0 +1,195 @@
import { UserEntity } from '@app/infra/entities';
import { BadRequestException, Inject, Injectable, Logger, NotFoundException } from '@nestjs/common';
import { randomBytes } from 'crypto';
import { ReadStream } from 'fs';
import { IAlbumRepository } from '../album/album.repository';
import { IAssetRepository } from '../asset/asset.repository';
import { AuthUserDto } from '../auth';
import { ICryptoRepository } from '../crypto/crypto.repository';
import { IEntityJob, IJobRepository, JobName } from '../job';
import { StorageCore, StorageFolder } from '../storage';
import { IStorageRepository } from '../storage/storage.repository';
import { IUserRepository } from './user.repository';
import { CreateUserDto, UpdateUserDto, UserCountDto } from './dto';
import {
CreateProfileImageResponseDto,
mapCreateProfileImageResponse,
mapUser,
mapUserCountResponse,
UserCountResponseDto,
UserResponseDto,
} from './response-dto';
import { UserCore } from './user.core';
@Injectable()
export class UserService {
private logger = new Logger(UserService.name);
private userCore: UserCore;
private storageCore = new StorageCore();
constructor(
@Inject(IUserRepository) private userRepository: IUserRepository,
@Inject(ICryptoRepository) cryptoRepository: ICryptoRepository,
@Inject(IAlbumRepository) private albumRepository: IAlbumRepository,
@Inject(IAssetRepository) private assetRepository: IAssetRepository,
@Inject(IJobRepository) private jobRepository: IJobRepository,
@Inject(IStorageRepository) private storageRepository: IStorageRepository,
) {
this.userCore = new UserCore(userRepository, cryptoRepository);
}
async getAllUsers(authUser: AuthUserDto, isAll: boolean): Promise<UserResponseDto[]> {
const users = await this.userCore.getList({ withDeleted: !isAll });
return users.map(mapUser);
}
async getUserById(userId: string, withDeleted = false): Promise<UserResponseDto> {
const user = await this.userCore.get(userId, withDeleted);
if (!user) {
throw new NotFoundException('User not found');
}
return mapUser(user);
}
async getUserInfo(authUser: AuthUserDto): Promise<UserResponseDto> {
const user = await this.userCore.get(authUser.id);
if (!user) {
throw new BadRequestException('User not found');
}
return mapUser(user);
}
async getUserCount(dto: UserCountDto): Promise<UserCountResponseDto> {
let users = await this.userCore.getList();
if (dto.admin) {
users = users.filter((user) => user.isAdmin);
}
return mapUserCountResponse(users.length);
}
async createUser(createUserDto: CreateUserDto): Promise<UserResponseDto> {
const createdUser = await this.userCore.createUser(createUserDto);
return mapUser(createdUser);
}
async updateUser(authUser: AuthUserDto, dto: UpdateUserDto): Promise<UserResponseDto> {
const user = await this.userCore.get(dto.id);
if (!user) {
throw new NotFoundException('User not found');
}
const updatedUser = await this.userCore.updateUser(authUser, dto.id, dto);
return mapUser(updatedUser);
}
async deleteUser(authUser: AuthUserDto, userId: string): Promise<UserResponseDto> {
const user = await this.userCore.get(userId);
if (!user) {
throw new BadRequestException('User not found');
}
const deletedUser = await this.userCore.deleteUser(authUser, user);
return mapUser(deletedUser);
}
async restoreUser(authUser: AuthUserDto, userId: string): Promise<UserResponseDto> {
const user = await this.userCore.get(userId, true);
if (!user) {
throw new BadRequestException('User not found');
}
const updatedUser = await this.userCore.restoreUser(authUser, user);
return mapUser(updatedUser);
}
async createProfileImage(
authUser: AuthUserDto,
fileInfo: Express.Multer.File,
): Promise<CreateProfileImageResponseDto> {
const updatedUser = await this.userCore.createProfileImage(authUser, fileInfo.path);
return mapCreateProfileImageResponse(updatedUser.id, updatedUser.profileImagePath);
}
async getUserProfileImage(userId: string): Promise<ReadStream> {
const user = await this.userCore.get(userId);
if (!user) {
throw new NotFoundException('User not found');
}
return this.userCore.getUserProfileImage(user);
}
async resetAdminPassword(ask: (admin: UserResponseDto) => Promise<string | undefined>) {
const admin = await this.userCore.getAdmin();
if (!admin) {
throw new BadRequestException('Admin account does not exist');
}
const providedPassword = await ask(admin);
const password = providedPassword || randomBytes(24).toString('base64').replace(/\W/g, '');
await this.userCore.updateUser(admin, admin.id, { password });
return { admin, password, provided: !!providedPassword };
}
async handleUserDeleteCheck() {
const users = await this.userRepository.getDeletedUsers();
for (const user of users) {
if (this.isReadyForDeletion(user)) {
await this.jobRepository.queue({ name: JobName.USER_DELETION, data: { id: user.id } });
}
}
return true;
}
async handleUserDelete({ id }: IEntityJob) {
const user = await this.userRepository.get(id, true);
if (!user) {
return false;
}
// just for extra protection here
if (!this.isReadyForDeletion(user)) {
this.logger.warn(`Skipped user that was not ready for deletion: id=${id}`);
return false;
}
this.logger.log(`Deleting user: ${user.id}`);
const folders = [
this.storageCore.getLibraryFolder(user),
this.storageCore.getFolderLocation(StorageFolder.UPLOAD, user.id),
this.storageCore.getFolderLocation(StorageFolder.PROFILE, user.id),
this.storageCore.getFolderLocation(StorageFolder.THUMBNAILS, user.id),
this.storageCore.getFolderLocation(StorageFolder.ENCODED_VIDEO, user.id),
];
for (const folder of folders) {
this.logger.warn(`Removing user from filesystem: ${folder}`);
await this.storageRepository.unlinkDir(folder, { recursive: true, force: true });
}
this.logger.warn(`Removing user from database: ${user.id}`);
await this.albumRepository.deleteAll(user.id);
await this.assetRepository.deleteAll(user.id);
await this.userRepository.delete(user, true);
return true;
}
private isReadyForDeletion(user: UserEntity): boolean {
if (!user.deletedAt) {
return false;
}
const msInDay = 86400000;
const msDeleteWait = msInDay * 7;
const msSinceDelete = new Date().getTime() - (Date.parse(user.deletedAt.toString()) || 0);
return msSinceDelete >= msDeleteWait;
}
}