clones/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2024-09-21 18:47:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(web,server): use feature flags for oauth (#3928)

Browse Source 
* refactor: oauth to use feature flags

* chore: open api

* chore: e2e test for authorize endpoint
This commit is contained in:
Jason Rasmussen 2023-09-01 07:08:42 -04:00 committed by GitHub
parent c7d53a5006
commit a26ed3d1a6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
26 changed files with 660 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
cli/src/api/open-api/api.ts generated
View File

@ -1861,6 +1861,19 @@ export const ModelType = {
export type ModelType = typeof ModelType[keyof typeof ModelType];
/**
*
* @export
* @interface OAuthAuthorizeResponseDto
*/
export interface OAuthAuthorizeResponseDto {
/**
*
* @type {string}
* @memberof OAuthAuthorizeResponseDto
*/
'url': string;
}
/**
*
* @export
@ -8890,6 +8903,41 @@ export class JobApi extends BaseAPI {
*/
export const OAuthApiAxiosParamCreator = function (configuration?: Configuration) {
return {
/**
*
* @param {OAuthConfigDto} oAuthConfigDto
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
authorizeOAuth: async (oAuthConfigDto: OAuthConfigDto, options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
// verify required parameter 'oAuthConfigDto' is not null or undefined
assertParamExists('authorizeOAuth', 'oAuthConfigDto', oAuthConfigDto)
const localVarPath = `/oauth/authorize`;
// use dummy base URL string because the URL constructor only accepts absolute URLs.
const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
let baseOptions;
if (configuration) {
baseOptions = configuration.baseOptions;
}
const localVarRequestOptions = { method: 'POST', ...baseOptions, ...options};
const localVarHeaderParameter = {} as any;
const localVarQueryParameter = {} as any;
localVarHeaderParameter['Content-Type'] = 'application/json';
setSearchParams(localVarUrlObj, localVarQueryParameter);
let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers};
localVarRequestOptions.data = serializeDataIfNeeded(oAuthConfigDto, localVarRequestOptions, configuration)
return {
url: toPathString(localVarUrlObj),
options: localVarRequestOptions,
};
},
/**
*
* @param {OAuthCallbackDto} oAuthCallbackDto
@ -8926,9 +8974,10 @@ export const OAuthApiAxiosParamCreator = function (configuration?: Configuration
};
},
/**
*
* @deprecated use feature flags and /oauth/authorize
* @param {OAuthConfigDto} oAuthConfigDto
* @param {*} [options] Override http request option.
* @deprecated
* @throws {RequiredError}
*/
generateConfig: async (oAuthConfigDto: OAuthConfigDto, options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
@ -9081,6 +9130,16 @@ export const OAuthApiAxiosParamCreator = function (configuration?: Configuration
export const OAuthApiFp = function(configuration?: Configuration) {
const localVarAxiosParamCreator = OAuthApiAxiosParamCreator(configuration)
return {
/**
*
* @param {OAuthConfigDto} oAuthConfigDto
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
async authorizeOAuth(oAuthConfigDto: OAuthConfigDto, options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<OAuthAuthorizeResponseDto>> {
const localVarAxiosArgs = await localVarAxiosParamCreator.authorizeOAuth(oAuthConfigDto, options);
return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
},
/**
*
* @param {OAuthCallbackDto} oAuthCallbackDto
@ -9092,9 +9151,10 @@ export const OAuthApiFp = function(configuration?: Configuration) {
return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
},
/**
*
* @deprecated use feature flags and /oauth/authorize
* @param {OAuthConfigDto} oAuthConfigDto
* @param {*} [options] Override http request option.
* @deprecated
* @throws {RequiredError}
*/
async generateConfig(oAuthConfigDto: OAuthConfigDto, options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<OAuthConfigResponseDto>> {
@ -9139,6 +9199,15 @@ export const OAuthApiFp = function(configuration?: Configuration) {
export const OAuthApiFactory = function (configuration?: Configuration, basePath?: string, axios?: AxiosInstance) {
const localVarFp = OAuthApiFp(configuration)
return {
/**
*
* @param {OAuthApiAuthorizeOAuthRequest} requestParameters Request parameters.
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
authorizeOAuth(requestParameters: OAuthApiAuthorizeOAuthRequest, options?: AxiosRequestConfig): AxiosPromise<OAuthAuthorizeResponseDto> {
return localVarFp.authorizeOAuth(requestParameters.oAuthConfigDto, options).then((request) => request(axios, basePath));
},
/**
*
* @param {OAuthApiCallbackRequest} requestParameters Request parameters.
@ -9149,9 +9218,10 @@ export const OAuthApiFactory = function (configuration?: Configuration, basePath
return localVarFp.callback(requestParameters.oAuthCallbackDto, options).then((request) => request(axios, basePath));
},
/**
*
* @deprecated use feature flags and /oauth/authorize
* @param {OAuthApiGenerateConfigRequest} requestParameters Request parameters.
* @param {*} [options] Override http request option.
* @deprecated
* @throws {RequiredError}
*/
generateConfig(requestParameters: OAuthApiGenerateConfigRequest, options?: AxiosRequestConfig): AxiosPromise<OAuthConfigResponseDto> {
@ -9185,6 +9255,20 @@ export const OAuthApiFactory = function (configuration?: Configuration, basePath
};
};
/**
* Request parameters for authorizeOAuth operation in OAuthApi.
* @export
* @interface OAuthApiAuthorizeOAuthRequest
*/
export interface OAuthApiAuthorizeOAuthRequest {
/**
*
* @type {OAuthConfigDto}
* @memberof OAuthApiAuthorizeOAuth
*/
readonly oAuthConfigDto: OAuthConfigDto
}
/**
* Request parameters for callback operation in OAuthApi.
* @export
@ -9234,6 +9318,17 @@ export interface OAuthApiLinkRequest {
* @extends {BaseAPI}
*/
export class OAuthApi extends BaseAPI {
/**
*
* @param {OAuthApiAuthorizeOAuthRequest} requestParameters Request parameters.
* @param {*} [options] Override http request option.
* @throws {RequiredError}
* @memberof OAuthApi
*/
public authorizeOAuth(requestParameters: OAuthApiAuthorizeOAuthRequest, options?: AxiosRequestConfig) {
return OAuthApiFp(this.configuration).authorizeOAuth(requestParameters.oAuthConfigDto, options).then((request) => request(this.axios, this.basePath));
}
/**
*
* @param {OAuthApiCallbackRequest} requestParameters Request parameters.
@ -9246,9 +9341,10 @@ export class OAuthApi extends BaseAPI {
}
/**
*
* @deprecated use feature flags and /oauth/authorize
* @param {OAuthApiGenerateConfigRequest} requestParameters Request parameters.
* @param {*} [options] Override http request option.
* @deprecated
* @throws {RequiredError}
* @memberof OAuthApi
*/

3
mobile/openapi/.openapi-generator/FILES generated
View File

@ -73,6 +73,7 @@ doc/MemoryLaneResponseDto.md
doc/MergePersonDto.md
doc/ModelType.md
doc/OAuthApi.md
doc/OAuthAuthorizeResponseDto.md
doc/OAuthCallbackDto.md
doc/OAuthConfigDto.md
doc/OAuthConfigResponseDto.md
@ -225,6 +226,7 @@ lib/model/map_marker_response_dto.dart
lib/model/memory_lane_response_dto.dart
lib/model/merge_person_dto.dart
lib/model/model_type.dart
lib/model/o_auth_authorize_response_dto.dart
lib/model/o_auth_callback_dto.dart
lib/model/o_auth_config_dto.dart
lib/model/o_auth_config_response_dto.dart
@ -352,6 +354,7 @@ test/memory_lane_response_dto_test.dart
test/merge_person_dto_test.dart
test/model_type_test.dart
test/o_auth_api_test.dart
test/o_auth_authorize_response_dto_test.dart
test/o_auth_callback_dto_test.dart
test/o_auth_config_dto_test.dart
test/o_auth_config_response_dto_test.dart

2
mobile/openapi/README.md generated
View File

@ -124,6 +124,7 @@ Class | Method | HTTP request | Description
*AuthenticationApi* | [**validateAccessToken**](doc//AuthenticationApi.md#validateaccesstoken) | **POST** /auth/validateToken |
*JobApi* | [**getAllJobsStatus**](doc//JobApi.md#getalljobsstatus) | **GET** /jobs |
*JobApi* | [**sendJobCommand**](doc//JobApi.md#sendjobcommand) | **PUT** /jobs/{id} |
*OAuthApi* | [**authorizeOAuth**](doc//OAuthApi.md#authorizeoauth) | **POST** /oauth/authorize |
*OAuthApi* | [**callback**](doc//OAuthApi.md#callback) | **POST** /oauth/callback |
*OAuthApi* | [**generateConfig**](doc//OAuthApi.md#generateconfig) | **POST** /oauth/config |
*OAuthApi* | [**link**](doc//OAuthApi.md#link) | **POST** /oauth/link |
@ -244,6 +245,7 @@ Class | Method | HTTP request | Description
- [MemoryLaneResponseDto](doc//MemoryLaneResponseDto.md)
- [MergePersonDto](doc//MergePersonDto.md)
- [ModelType](doc//ModelType.md)
- [OAuthAuthorizeResponseDto](doc//OAuthAuthorizeResponseDto.md)
- [OAuthCallbackDto](doc//OAuthCallbackDto.md)
- [OAuthConfigDto](doc//OAuthConfigDto.md)
- [OAuthConfigResponseDto](doc//OAuthConfigResponseDto.md)

44
mobile/openapi/doc/OAuthApi.md generated
View File

@ -9,6 +9,7 @@ All URIs are relative to */api*
Method | HTTP request | Description
------------- | ------------- | -------------
[**authorizeOAuth**](OAuthApi.md#authorizeoauth) | **POST** /oauth/authorize |
[**callback**](OAuthApi.md#callback) | **POST** /oauth/callback |
[**generateConfig**](OAuthApi.md#generateconfig) | **POST** /oauth/config |
[**link**](OAuthApi.md#link) | **POST** /oauth/link |
@ -16,6 +17,47 @@ Method | HTTP request | Description
[**unlink**](OAuthApi.md#unlink) | **POST** /oauth/unlink |
# **authorizeOAuth**
> OAuthAuthorizeResponseDto authorizeOAuth(oAuthConfigDto)
### Example
```dart
import 'package:openapi/api.dart';
final api_instance = OAuthApi();
final oAuthConfigDto = OAuthConfigDto(); // OAuthConfigDto |
try {
final result = api_instance.authorizeOAuth(oAuthConfigDto);
print(result);
} catch (e) {
print('Exception when calling OAuthApi->authorizeOAuth: $e\n');
}
```
### Parameters
Name | Type | Description | Notes
------------- | ------------- | ------------- | -------------
**oAuthConfigDto** | [**OAuthConfigDto**](OAuthConfigDto.md)| |
### Return type
[**OAuthAuthorizeResponseDto**](OAuthAuthorizeResponseDto.md)
### Authorization
No authorization required
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
# **callback**
> LoginResponseDto callback(oAuthCallbackDto)
@ -62,6 +104,8 @@ No authorization required
@deprecated use feature flags and /oauth/authorize
### Example
```dart
import 'package:openapi/api.dart';

15
mobile/openapi/doc/OAuthAuthorizeResponseDto.md generated Normal file
View File

@ -0,0 +1,15 @@
# openapi.model.OAuthAuthorizeResponseDto
## Load the model package
```dart
import 'package:openapi/api.dart';
```
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**url** | **String** | |
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

1
mobile/openapi/lib/api.dart generated
View File

@ -107,6 +107,7 @@ part 'model/map_marker_response_dto.dart';
part 'model/memory_lane_response_dto.dart';
part 'model/merge_person_dto.dart';
part 'model/model_type.dart';
part 'model/o_auth_authorize_response_dto.dart';
part 'model/o_auth_callback_dto.dart';
part 'model/o_auth_config_dto.dart';
part 'model/o_auth_config_response_dto.dart';

54
mobile/openapi/lib/api/o_auth_api.dart generated
View File

@ -16,6 +16,53 @@ class OAuthApi {
final ApiClient apiClient;
/// Performs an HTTP 'POST /oauth/authorize' operation and returns the [Response].
/// Parameters:
///
/// * [OAuthConfigDto] oAuthConfigDto (required):
Future<Response> authorizeOAuthWithHttpInfo(OAuthConfigDto oAuthConfigDto,) async {
// ignore: prefer_const_declarations
final path = r'/oauth/authorize';
// ignore: prefer_final_locals
Object? postBody = oAuthConfigDto;
final queryParams = <QueryParam>[];
final headerParams = <String, String>{};
final formParams = <String, String>{};
const contentTypes = <String>['application/json'];
return apiClient.invokeAPI(
path,
'POST',
queryParams,
postBody,
headerParams,
formParams,
contentTypes.isEmpty ? null : contentTypes.first,
);
}
/// Parameters:
///
/// * [OAuthConfigDto] oAuthConfigDto (required):
Future<OAuthAuthorizeResponseDto?> authorizeOAuth(OAuthConfigDto oAuthConfigDto,) async {
final response = await authorizeOAuthWithHttpInfo(oAuthConfigDto,);
if (response.statusCode >= HttpStatus.badRequest) {
throw ApiException(response.statusCode, await _decodeBodyBytes(response));
}
// When a remote server returns no body with a status of 204, we shall not decode it.
// At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
// FormatException when trying to decode an empty string.
if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'OAuthAuthorizeResponseDto',) as OAuthAuthorizeResponseDto;
}
return null;
}
/// Performs an HTTP 'POST /oauth/callback' operation and returns the [Response].
/// Parameters:
///
@ -63,7 +110,10 @@ class OAuthApi {
return null;
}
/// Performs an HTTP 'POST /oauth/config' operation and returns the [Response].
/// @deprecated use feature flags and /oauth/authorize
///
/// Note: This method returns the HTTP [Response].
///
/// Parameters:
///
/// * [OAuthConfigDto] oAuthConfigDto (required):
@ -92,6 +142,8 @@ class OAuthApi {
);
}
/// @deprecated use feature flags and /oauth/authorize
///
/// Parameters:
///
/// * [OAuthConfigDto] oAuthConfigDto (required):

2
mobile/openapi/lib/api_client.dart generated
View File

@ -307,6 +307,8 @@ class ApiClient {
return MergePersonDto.fromJson(value);
case 'ModelType':
return ModelTypeTypeTransformer().decode(value);
case 'OAuthAuthorizeResponseDto':
return OAuthAuthorizeResponseDto.fromJson(value);
case 'OAuthCallbackDto':
return OAuthCallbackDto.fromJson(value);
case 'OAuthConfigDto':

98
mobile/openapi/lib/model/o_auth_authorize_response_dto.dart generated Normal file
View File

@ -0,0 +1,98 @@
//
// AUTO-GENERATED FILE, DO NOT MODIFY!
//
// @dart=2.12
// ignore_for_file: unused_element, unused_import
// ignore_for_file: always_put_required_named_parameters_first
// ignore_for_file: constant_identifier_names
// ignore_for_file: lines_longer_than_80_chars
part of openapi.api;
class OAuthAuthorizeResponseDto {
/// Returns a new [OAuthAuthorizeResponseDto] instance.
OAuthAuthorizeResponseDto({
required this.url,
});
String url;
@override
bool operator ==(Object other) => identical(this, other) || other is OAuthAuthorizeResponseDto &&
other.url == url;
@override
int get hashCode =>
// ignore: unnecessary_parenthesis
(url.hashCode);
@override
String toString() => 'OAuthAuthorizeResponseDto[url=$url]';
Map<String, dynamic> toJson() {
final json = <String, dynamic>{};
json[r'url'] = this.url;
return json;
}
/// Returns a new [OAuthAuthorizeResponseDto] instance and imports its values from
/// [value] if it's a [Map], null otherwise.
// ignore: prefer_constructors_over_static_methods
static OAuthAuthorizeResponseDto? fromJson(dynamic value) {
if (value is Map) {
final json = value.cast<String, dynamic>();
return OAuthAuthorizeResponseDto(
url: mapValueOfType<String>(json, r'url')!,
);
}
return null;
}
static List<OAuthAuthorizeResponseDto> listFromJson(dynamic json, {bool growable = false,}) {
final result = <OAuthAuthorizeResponseDto>[];
if (json is List && json.isNotEmpty) {
for (final row in json) {
final value = OAuthAuthorizeResponseDto.fromJson(row);
if (value != null) {
result.add(value);
}
}
}
return result.toList(growable: growable);
}
static Map<String, OAuthAuthorizeResponseDto> mapFromJson(dynamic json) {
final map = <String, OAuthAuthorizeResponseDto>{};
if (json is Map && json.isNotEmpty) {
json = json.cast<String, dynamic>(); // ignore: parameter_assignments
for (final entry in json.entries) {
final value = OAuthAuthorizeResponseDto.fromJson(entry.value);
if (value != null) {
map[entry.key] = value;
}
}
}
return map;
}
// maps a json object with a list of OAuthAuthorizeResponseDto-objects as value to a dart map
static Map<String, List<OAuthAuthorizeResponseDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
final map = <String, List<OAuthAuthorizeResponseDto>>{};
if (json is Map && json.isNotEmpty) {
// ignore: parameter_assignments
json = json.cast<String, dynamic>();
for (final entry in json.entries) {
map[entry.key] = OAuthAuthorizeResponseDto.listFromJson(entry.value, growable: growable,);
}
}
return map;
}
/// The list of required keys that must be present in a JSON.
static const requiredKeys = <String>{
'url',
};
}

7
mobile/openapi/test/o_auth_api_test.dart generated
View File

@ -17,11 +17,18 @@ void main() {
// final instance = OAuthApi();
group('tests for OAuthApi', () {
//Future<OAuthAuthorizeResponseDto> authorizeOAuth(OAuthConfigDto oAuthConfigDto) async
test('test authorizeOAuth', () async {
// TODO
});
//Future<LoginResponseDto> callback(OAuthCallbackDto oAuthCallbackDto) async
test('test callback', () async {
// TODO
});
// @deprecated use feature flags and /oauth/authorize
//
//Future<OAuthConfigResponseDto> generateConfig(OAuthConfigDto oAuthConfigDto) async
test('test generateConfig', () async {
// TODO

27
mobile/openapi/test/o_auth_authorize_response_dto_test.dart generated Normal file
View File

@ -0,0 +1,27 @@
//
// AUTO-GENERATED FILE, DO NOT MODIFY!
//
// @dart=2.12
// ignore_for_file: unused_element, unused_import
// ignore_for_file: always_put_required_named_parameters_first
// ignore_for_file: constant_identifier_names
// ignore_for_file: lines_longer_than_80_chars
import 'package:openapi/api.dart';
import 'package:test/test.dart';
// tests for OAuthAuthorizeResponseDto
void main() {
// final instance = OAuthAuthorizeResponseDto();
group('test OAuthAuthorizeResponseDto', () {
// String url
test('to test the property `url`', () async {
// TODO
});
});
}

44
server/immich-openapi-specs.json
View File

@ -2477,6 +2477,37 @@
]
}
},
"/oauth/authorize": {
"post": {
"operationId": "authorizeOAuth",
"parameters": [],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/OAuthConfigDto"
}
}
},
"required": true
},
"responses": {
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/OAuthAuthorizeResponseDto"
}
}
},
"description": ""
}
},
"tags": [
"OAuth"
]
}
},
"/oauth/callback": {
"post": {
"operationId": "callback",
@ -2510,6 +2541,8 @@
},
"/oauth/config": {
"post": {
"deprecated": true,
"description": "@deprecated use feature flags and /oauth/authorize",
"operationId": "generateConfig",
"parameters": [],
"requestBody": {
@ -6202,6 +6235,17 @@
],
"type": "string"
},
"OAuthAuthorizeResponseDto": {
"properties": {
"url": {
"type": "string"
}
},
"required": [
"url"
],
"type": "object"
},
"OAuthCallbackDto": {
"properties": {
"url": {

35
server/src/domain/auth/auth.service.ts
View File

@ -1,5 +1,12 @@
import { SystemConfig, UserEntity } from '@app/infra/entities';
import { BadRequestException, Inject, Injectable, Logger, UnauthorizedException } from '@nestjs/common';
import {
BadRequestException,
Inject,
Injectable,
InternalServerErrorException,
Logger,
UnauthorizedException,
} from '@nestjs/common';
import cookieParser from 'cookie';
import { IncomingHttpHeaders } from 'http';
import { DateTime } from 'luxon';
@ -27,6 +34,7 @@ import {
mapAdminSignupResponse,
mapLoginResponse,
mapUserToken,
OAuthAuthorizeResponseDto,
OAuthConfigResponseDto,
} from './response-dto';
import { IUserTokenRepository } from './user-token.repository';
@ -201,6 +209,22 @@ export class AuthService {
return { ...response, buttonText, url, autoLaunch };
}
async authorize(dto: OAuthConfigDto): Promise<OAuthAuthorizeResponseDto> {
const config = await this.configCore.getConfig();
if (!config.oauth.enabled) {
throw new BadRequestException('OAuth is not enabled');
}
const client = await this.getOAuthClient(config);
const url = await client.authorizationUrl({
redirect_uri: this.normalize(config, dto.redirectUri),
scope: config.oauth.scope,
state: generators.state(),
});
return { url };
}
async callback(
dto: OAuthCallbackDto,
loginDetails: LoginDetails,
@ -280,8 +304,13 @@ export class AuthService {
const redirectUri = this.normalize(config, url.split('?')[0]);
const client = await this.getOAuthClient(config);
const params = client.callbackParams(url);
const tokens = await client.callback(redirectUri, params, { state: params.state });
return client.userinfo<OAuthProfile>(tokens.access_token || '');
try {
const tokens = await client.callback(redirectUri, params, { state: params.state });
return client.userinfo<OAuthProfile>(tokens.access_token || '');
} catch (error: Error | any) {
this.logger.error(`Unable to complete OAuth login: ${error}`, error?.stack);
throw new InternalServerErrorException(`Unable to complete OAuth login: ${error}`, { cause: error });
}
}
private async getOAuthClient(config: SystemConfig) {

2
server/src/domain/auth/dto/oauth-config.dto.ts
View File

@ -1,9 +1,7 @@
import { ApiProperty } from '@nestjs/swagger';
import { IsNotEmpty, IsString } from 'class-validator';
export class OAuthConfigDto {
@IsNotEmpty()
@IsString()
@ApiProperty()
redirectUri!: string;
}

4
server/src/domain/auth/response-dto/oauth-config-response.dto.ts
View File

@ -5,3 +5,7 @@ export class OAuthConfigResponseDto {
buttonText?: string;
autoLaunch?: boolean;
}
export class OAuthAuthorizeResponseDto {
url!: string;
}

8
server/src/immich/controllers/oauth.controller.ts
View File

@ -3,6 +3,7 @@ import {
AuthUserDto,
LoginDetails,
LoginResponseDto,
OAuthAuthorizeResponseDto,
OAuthCallbackDto,
OAuthConfigDto,
OAuthConfigResponseDto,
@ -31,12 +32,19 @@ export class OAuthController {
};
}
/** @deprecated use feature flags and /oauth/authorize */
@PublicRoute()
@Post('config')
generateConfig(@Body() dto: OAuthConfigDto): Promise<OAuthConfigResponseDto> {
return this.service.generateConfig(dto);
}
@PublicRoute()
@Post('authorize')
authorizeOAuth(@Body() dto: OAuthConfigDto): Promise<OAuthAuthorizeResponseDto> {
return this.service.authorize(dto);
}
@PublicRoute()
@Post('callback')
async callback(

42
server/test/e2e/oauth.e2e-spec.ts Normal file
View File

@ -0,0 +1,42 @@
import { AppModule, OAuthController } from '@app/immich';
import { INestApplication } from '@nestjs/common';
import { Test, TestingModule } from '@nestjs/testing';
import request from 'supertest';
import { errorStub } from '../fixtures';
import { api, db } from '../test-utils';
describe(`${OAuthController.name} (e2e)`, () => {
let app: INestApplication;
let server: any;
beforeAll(async () => {
const moduleFixture: TestingModule = await Test.createTestingModule({
imports: [AppModule],
}).compile();
app = await moduleFixture.createNestApplication().init();
server = app.getHttpServer();
});
beforeEach(async () => {
await db.reset();
await api.adminSignUp(server);
});
afterAll(async () => {
await db.disconnect();
await app.close();
});
describe('POST /oauth/authorize', () => {
beforeEach(async () => {
await db.reset();
});
it(`should throw an error if a redirect uri is not provided`, async () => {
const { status, body } = await request(server).post('/oauth/authorize').send({});
expect(status).toBe(400);
expect(body).toEqual(errorStub.badRequest);
});
});
});

104
web/src/api/open-api/api.ts generated
View File

@ -1861,6 +1861,19 @@ export const ModelType = {
export type ModelType = typeof ModelType[keyof typeof ModelType];
/**
*
* @export
* @interface OAuthAuthorizeResponseDto
*/
export interface OAuthAuthorizeResponseDto {
/**
*
* @type {string}
* @memberof OAuthAuthorizeResponseDto
*/
'url': string;
}
/**
*
* @export
@ -8890,6 +8903,41 @@ export class JobApi extends BaseAPI {
*/
export const OAuthApiAxiosParamCreator = function (configuration?: Configuration) {
return {
/**
*
* @param {OAuthConfigDto} oAuthConfigDto
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
authorizeOAuth: async (oAuthConfigDto: OAuthConfigDto, options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
// verify required parameter 'oAuthConfigDto' is not null or undefined
assertParamExists('authorizeOAuth', 'oAuthConfigDto', oAuthConfigDto)
const localVarPath = `/oauth/authorize`;
// use dummy base URL string because the URL constructor only accepts absolute URLs.
const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
let baseOptions;
if (configuration) {
baseOptions = configuration.baseOptions;
}
const localVarRequestOptions = { method: 'POST', ...baseOptions, ...options};
const localVarHeaderParameter = {} as any;
const localVarQueryParameter = {} as any;
localVarHeaderParameter['Content-Type'] = 'application/json';
setSearchParams(localVarUrlObj, localVarQueryParameter);
let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers};
localVarRequestOptions.data = serializeDataIfNeeded(oAuthConfigDto, localVarRequestOptions, configuration)
return {
url: toPathString(localVarUrlObj),
options: localVarRequestOptions,
};
},
/**
*
* @param {OAuthCallbackDto} oAuthCallbackDto
@ -8926,9 +8974,10 @@ export const OAuthApiAxiosParamCreator = function (configuration?: Configuration
};
},
/**
*
* @deprecated use feature flags and /oauth/authorize
* @param {OAuthConfigDto} oAuthConfigDto
* @param {*} [options] Override http request option.
* @deprecated
* @throws {RequiredError}
*/
generateConfig: async (oAuthConfigDto: OAuthConfigDto, options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
@ -9081,6 +9130,16 @@ export const OAuthApiAxiosParamCreator = function (configuration?: Configuration
export const OAuthApiFp = function(configuration?: Configuration) {
const localVarAxiosParamCreator = OAuthApiAxiosParamCreator(configuration)
return {
/**
*
* @param {OAuthConfigDto} oAuthConfigDto
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
async authorizeOAuth(oAuthConfigDto: OAuthConfigDto, options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<OAuthAuthorizeResponseDto>> {
const localVarAxiosArgs = await localVarAxiosParamCreator.authorizeOAuth(oAuthConfigDto, options);
return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
},
/**
*
* @param {OAuthCallbackDto} oAuthCallbackDto
@ -9092,9 +9151,10 @@ export const OAuthApiFp = function(configuration?: Configuration) {
return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
},
/**
*
* @deprecated use feature flags and /oauth/authorize
* @param {OAuthConfigDto} oAuthConfigDto
* @param {*} [options] Override http request option.
* @deprecated
* @throws {RequiredError}
*/
async generateConfig(oAuthConfigDto: OAuthConfigDto, options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<OAuthConfigResponseDto>> {
@ -9139,6 +9199,15 @@ export const OAuthApiFp = function(configuration?: Configuration) {
export const OAuthApiFactory = function (configuration?: Configuration, basePath?: string, axios?: AxiosInstance) {
const localVarFp = OAuthApiFp(configuration)
return {
/**
*
* @param {OAuthApiAuthorizeOAuthRequest} requestParameters Request parameters.
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
authorizeOAuth(requestParameters: OAuthApiAuthorizeOAuthRequest, options?: AxiosRequestConfig): AxiosPromise<OAuthAuthorizeResponseDto> {
return localVarFp.authorizeOAuth(requestParameters.oAuthConfigDto, options).then((request) => request(axios, basePath));
},
/**
*
* @param {OAuthApiCallbackRequest} requestParameters Request parameters.
@ -9149,9 +9218,10 @@ export const OAuthApiFactory = function (configuration?: Configuration, basePath
return localVarFp.callback(requestParameters.oAuthCallbackDto, options).then((request) => request(axios, basePath));
},
/**
*
* @deprecated use feature flags and /oauth/authorize
* @param {OAuthApiGenerateConfigRequest} requestParameters Request parameters.
* @param {*} [options] Override http request option.
* @deprecated
* @throws {RequiredError}
*/
generateConfig(requestParameters: OAuthApiGenerateConfigRequest, options?: AxiosRequestConfig): AxiosPromise<OAuthConfigResponseDto> {
@ -9185,6 +9255,20 @@ export const OAuthApiFactory = function (configuration?: Configuration, basePath
};
};
/**
* Request parameters for authorizeOAuth operation in OAuthApi.
* @export
* @interface OAuthApiAuthorizeOAuthRequest
*/
export interface OAuthApiAuthorizeOAuthRequest {
/**
*
* @type {OAuthConfigDto}
* @memberof OAuthApiAuthorizeOAuth
*/
readonly oAuthConfigDto: OAuthConfigDto
}
/**
* Request parameters for callback operation in OAuthApi.
* @export
@ -9234,6 +9318,17 @@ export interface OAuthApiLinkRequest {
* @extends {BaseAPI}
*/
export class OAuthApi extends BaseAPI {
/**
*
* @param {OAuthApiAuthorizeOAuthRequest} requestParameters Request parameters.
* @param {*} [options] Override http request option.
* @throws {RequiredError}
* @memberof OAuthApi
*/
public authorizeOAuth(requestParameters: OAuthApiAuthorizeOAuthRequest, options?: AxiosRequestConfig) {
return OAuthApiFp(this.configuration).authorizeOAuth(requestParameters.oAuthConfigDto, options).then((request) => request(this.axios, this.basePath));
}
/**
*
* @param {OAuthApiCallbackRequest} requestParameters Request parameters.
@ -9246,9 +9341,10 @@ export class OAuthApi extends BaseAPI {
}
/**
*
* @deprecated use feature flags and /oauth/authorize
* @param {OAuthApiGenerateConfigRequest} requestParameters Request parameters.
* @param {*} [options] Override http request option.
* @deprecated
* @throws {RequiredError}
* @memberof OAuthApi
*/

11
web/src/api/utils.ts
View File

@ -1,3 +1,4 @@
import { goto } from '$app/navigation';
import type { AxiosError, AxiosPromise } from 'axios';
import {
notificationController,
@ -32,9 +33,17 @@ export const oauth = {
}
return false;
},
authorize: async (location: Location) => {
try {
const redirectUri = location.href.split('?')[0];
const { data } = await api.oauthApi.authorizeOAuth({ oAuthConfigDto: { redirectUri } });
goto(data.url);
} catch (error) {
handleError(error, 'Unable to login with OAuth');
}
},
getConfig: (location: Location) => {
const redirectUri = location.href.split('?')[0];
console.log(`OAuth Redirect URI: ${redirectUri}`);
return api.oauthApi.generateConfig({ oAuthConfigDto: { redirectUri } });
},
login: (location: Location) => {

75
web/src/lib/components/forms/login-form.svelte
View File

@ -2,8 +2,9 @@
import { goto } from '$app/navigation';
import LoadingSpinner from '$lib/components/shared-components/loading-spinner.svelte';
import { AppRoute } from '$lib/constants';
import { featureFlags } from '$lib/stores/feature-flags.store';
import { getServerErrorMessage, handleError } from '$lib/utils/handle-error';
import { OAuthConfigResponseDto, api, oauth } from '@api';
import { api, oauth } from '@api';
import { createEventDispatcher, onMount } from 'svelte';
import { fade } from 'svelte/transition';
import Button from '../elements/buttons/button.svelte';
@ -11,14 +12,18 @@
let errorMessage: string;
let email = '';
let password = '';
let oauthError: string;
export let authConfig: OAuthConfigResponseDto;
let oauthError = '';
let loading = false;
let oauthLoading = true;
const dispatch = createEventDispatcher();
onMount(async () => {
if (!$featureFlags.oauth) {
oauthLoading = false;
return;
}
if (oauth.isCallback(window.location)) {
try {
await oauth.login(window.location);
@ -26,25 +31,18 @@
return;
} catch (e) {
console.error('Error [login-form] [oauth.callback]', e);
oauthError = 'Unable to complete OAuth login';
} finally {
oauthError = (await getServerErrorMessage(e)) || 'Unable to complete OAuth login';
oauthLoading = false;
}
}
try {
const { data } = await oauth.getConfig(window.location);
authConfig = data;
const { enabled, url, autoLaunch } = authConfig;
if (enabled && url && autoLaunch && !oauth.isAutoLaunchDisabled(window.location)) {
if ($featureFlags.oauthAutoLaunch && !oauth.isAutoLaunchDisabled(window.location)) {
await goto(`${AppRoute.AUTH_LOGIN}?autoLaunch=0`, { replaceState: true });
await goto(url);
await oauth.authorize(window.location);
return;
}
} catch (error) {
authConfig.passwordLoginEnabled = true;
await handleError(error, 'Unable to connect!');
}
@ -76,9 +74,15 @@
return;
}
};
const handleOAuthLogin = async () => {
oauthLoading = true;
oauthError = '';
await oauth.authorize(window.location);
};
</script>
{#if authConfig.passwordLoginEnabled}
{#if !oauthLoading && $featureFlags.passwordLogin}
<form on:submit|preventDefault={login} class="mt-5 flex flex-col gap-5">
{#if errorMessage}
<p class="text-red-400" transition:fade>
@ -113,7 +117,7 @@
</div>
<div class="my-5 flex w-full">
<Button type="submit" size="lg" fullwidth disabled={loading || oauthLoading}>
<Button type="submit" size="lg" fullwidth disabled={loading}>
{#if loading}
<span class="h-6">
<LoadingSpinner />
@ -126,8 +130,8 @@
</form>
{/if}
{#if authConfig.enabled}
{#if authConfig.passwordLoginEnabled}
{#if $featureFlags.oauth}
{#if $featureFlags.passwordLogin}
<div class="inline-flex w-full items-center justify-center">
<hr class="my-4 h-px w-3/4 border-0 bg-gray-200 dark:bg-gray-600" />
<span
@ -139,28 +143,27 @@
{/if}
<div class="my-5 flex flex-col gap-5">
{#if oauthError}
<p class="text-red-400" transition:fade>{oauthError}</p>
<p class="text-center text-red-400" transition:fade>{oauthError}</p>
{/if}
<a href={authConfig.url} class="flex w-full">
<Button
type="button"
disabled={loading || oauthLoading}
size="lg"
fullwidth
color={authConfig.passwordLoginEnabled ? 'secondary' : 'primary'}
>
{#if oauthLoading}
<span class="h-6">
<LoadingSpinner />
</span>
{:else}
{authConfig.buttonText || 'Login with OAuth'}
{/if}
</Button>
</a>
<Button
type="button"
disabled={loading || oauthLoading}
size="lg"
fullwidth
color={$featureFlags.passwordLogin ? 'secondary' : 'primary'}
on:click={handleOAuthLogin}
>
{#if oauthLoading}
<span class="h-6">
<LoadingSpinner />
</span>
{:else}
{$featureFlags.passwordLogin ? 'Login with OAuth' : 'Login'}
{/if}
</Button>
</div>
{/if}
{#if !authConfig.enabled && !authConfig.passwordLoginEnabled}
{#if !$featureFlags.passwordLogin && !$featureFlags.oauth}
<p class="p-4 text-center dark:text-immich-dark-fg">Login has been disabled.</p>
{/if}

2
web/src/lib/components/shared-components/fullscreen-container.svelte
View File

@ -5,7 +5,7 @@
export let showMessage = $$slots.message;
</script>
<section class="flex min-h-screen w-screen place-content-center place-items-center p-4">
<section class="min-w-screen flex min-h-screen place-content-center place-items-center p-4">
<div
class="flex w-full max-w-lg flex-col gap-4 rounded-3xl border bg-white p-8 shadow-sm dark:border-immich-dark-gray dark:bg-immich-dark-gray"
>

19
web/src/lib/components/user-settings-page/oauth-settings.svelte
View File

@ -1,16 +1,16 @@
<script lang="ts">
import { goto } from '$app/navigation';
import { oauth, OAuthConfigResponseDto, UserResponseDto } from '@api';
import { featureFlags } from '$lib/stores/feature-flags.store';
import { oauth, UserResponseDto } from '@api';
import { onMount } from 'svelte';
import { fade } from 'svelte/transition';
import { handleError } from '../../utils/handle-error';
import Button from '../elements/buttons/button.svelte';
import LoadingSpinner from '../shared-components/loading-spinner.svelte';
import { notificationController, NotificationType } from '../shared-components/notification/notification';
import Button from '../elements/buttons/button.svelte';
export let user: UserResponseDto;
let config: OAuthConfigResponseDto = { enabled: false, passwordLoginEnabled: true };
let loading = true;
onMount(async () => {
@ -32,13 +32,6 @@
}
}
try {
const { data } = await oauth.getConfig(window.location);
config = data;
} catch (error) {
handleError(error, 'Unable to load OAuth config');
}
loading = false;
});
@ -63,13 +56,11 @@
<div class="flex place-content-center place-items-center">
<LoadingSpinner />
</div>
{:else if config.enabled}
{:else if $featureFlags.oauth}
{#if user.oauthId}
<Button size="sm" on:click={() => handleUnlink()}>Unlink Oauth</Button>
{:else}
<a href={config.url}>
<Button size="sm" on:click={() => handleUnlink()}>Link to OAuth</Button>
</a>
<Button size="sm" on:click={() => oauth.authorize(window.location)}>Link to OAuth</Button>
{/if}
{/if}
</div>

17
web/src/lib/components/user-settings-page/user-settings-list.svelte
View File

@ -1,5 +1,7 @@
<script lang="ts">
import { browser } from '$app/environment';
import { page } from '$app/stores';
import { featureFlags } from '$lib/stores/feature-flags.store';
import { APIKeyResponseDto, AuthDeviceResponseDto, oauth, UserResponseDto } from '@api';
import SettingAccordion from '../admin-page/settings/setting-accordion.svelte';
import ChangePasswordSettings from './change-password-settings.svelte';
@ -9,7 +11,6 @@
import PartnerSettings from './partner-settings.svelte';
import UserAPIKeyList from './user-api-key-list.svelte';
import UserProfileSettings from './user-profile-settings.svelte';
import { onMount } from 'svelte';
export let user: UserResponseDto;
@ -17,18 +18,10 @@
export let devices: AuthDeviceResponseDto[] = [];
export let partners: UserResponseDto[] = [];
let oauthEnabled = false;
let oauthOpen = false;
onMount(async () => {
if (browser) {
oauthOpen = oauth.isCallback(window.location);
try {
const { data } = await oauth.getConfig(window.location);
oauthEnabled = data.enabled;
} catch {
// noop
}
});
}
</script>
<SettingAccordion title="Account" subtitle="Manage your account">
@ -47,7 +40,7 @@
<MemoriesSettings {user} />
</SettingAccordion>
{#if oauthEnabled}
{#if $featureFlags.loaded && $featureFlags.oauth}
<SettingAccordion
title="OAuth"
subtitle="Manage your OAuth connection"

9
web/src/lib/stores/feature-flags.store.ts
View File

@ -1,21 +1,22 @@
import { api, ServerFeaturesDto } from '@api';
import { writable } from 'svelte/store';
export type FeatureFlags = ServerFeaturesDto;
export type FeatureFlags = ServerFeaturesDto & { loaded: boolean };
export const featureFlags = writable<FeatureFlags>({
loaded: false,
clipEncode: true,
facialRecognition: true,
sidecar: true,
tagImage: true,
search: true,
oauth: true,
oauthAutoLaunch: true,
oauth: false,
oauthAutoLaunch: false,
passwordLogin: true,
configFile: false,
});
export const loadFeatureFlags = async () => {
const { data } = await api.serverInfoApi.getServerFeatures();
featureFlags.update(() => data);
featureFlags.update(() => ({ ...data, loaded: true }));
};

17
web/src/routes/auth/login/+page.server.ts
View File

@ -1,5 +1,4 @@
import { AppRoute } from '$lib/constants';
import type { OAuthConfigResponseDto } from '@api';
import { redirect } from '@sveltejs/kit';
import type { PageServerLoad } from './$types';
@ -10,23 +9,7 @@ export const load = (async ({ locals: { api } }) => {
throw redirect(302, AppRoute.AUTH_REGISTER);
}
let authConfig: OAuthConfigResponseDto = {
passwordLoginEnabled: true,
enabled: false,
};
try {
// TODO: Figure out how to get correct redirect URI server-side.
const { data } = await api.oauthApi.generateConfig({ oAuthConfigDto: { redirectUri: '/' } });
data.url = undefined;
authConfig = data;
} catch (err) {
console.error('[ERROR] login/+page.server.ts:', err);
}
return {
authConfig,
meta: {
title: 'Login',
},

24
web/src/routes/auth/login/+page.svelte
View File

@ -4,20 +4,22 @@
import FullscreenContainer from '$lib/components/shared-components/fullscreen-container.svelte';
import { AppRoute } from '$lib/constants';
import { loginPageMessage } from '$lib/constants';
import { featureFlags } from '$lib/stores/feature-flags.store';
import type { PageData } from './$types';
export let data: PageData;
</script>
<FullscreenContainer title={data.meta.title} showMessage={!!loginPageMessage}>
<p slot="message">
<!-- eslint-disable-next-line svelte/no-at-html-tags -->
{@html loginPageMessage}
</p>
{#if $featureFlags.loaded}
<FullscreenContainer title={data.meta.title} showMessage={!!loginPageMessage}>
<p slot="message">
<!-- eslint-disable-next-line svelte/no-at-html-tags -->
{@html loginPageMessage}
</p>
<LoginForm
authConfig={data.authConfig}
on:success={() => goto(AppRoute.PHOTOS, { invalidateAll: true })}
on:first-login={() => goto(AppRoute.AUTH_CHANGE_PASSWORD)}
/>
</FullscreenContainer>
<LoginForm
on:success={() => goto(AppRoute.PHOTOS, { invalidateAll: true })}
on:first-login={() => goto(AppRoute.AUTH_CHANGE_PASSWORD)}
/>
</FullscreenContainer>
{/if}