2023-07-01 14:27:34 -04:00
|
|
|
import {
|
|
|
|
|
CanActivate,
|
|
|
|
|
ExecutionContext,
|
2024-04-15 19:39:06 -04:00
|
|
|
Inject,
|
2023-07-01 14:27:34 -04:00
|
|
|
Injectable,
|
|
|
|
|
SetMetadata,
|
2023-09-04 15:45:59 -04:00
|
|
|
applyDecorators,
|
|
|
|
|
createParamDecorator,
|
2023-07-01 14:27:34 -04:00
|
|
|
} from '@nestjs/common';
|
|
|
|
|
import { Reflector } from '@nestjs/core';
|
2023-12-12 09:58:25 -05:00
|
|
|
import { ApiBearerAuth, ApiCookieAuth, ApiOkResponse, ApiQuery, ApiSecurity } from '@nestjs/swagger';
|
2023-07-01 14:27:34 -04:00
|
|
|
import { Request } from 'express';
|
2024-05-09 13:58:44 -04:00
|
|
|
import { AuthDto, ImmichQuery } from 'src/dtos/auth.dto';
|
2024-04-15 19:39:06 -04:00
|
|
|
import { ILoggerRepository } from 'src/interfaces/logger.interface';
|
2024-03-21 00:07:30 +01:00
|
|
|
import { AuthService, LoginDetails } from 'src/services/auth.service';
|
2023-07-01 14:27:34 -04:00
|
|
|
import { UAParser } from 'ua-parser-js';
|
|
|
|
|
|
|
|
|
|
export enum Metadata {
|
|
|
|
|
AUTH_ROUTE = 'auth_route',
|
|
|
|
|
ADMIN_ROUTE = 'admin_route',
|
|
|
|
|
SHARED_ROUTE = 'shared_route',
|
2024-04-19 11:19:23 -04:00
|
|
|
API_KEY_SECURITY = 'api_key',
|
2024-08-15 16:12:41 -04:00
|
|
|
ON_EMIT_CONFIG = 'on_emit_config',
|
2023-07-01 14:27:34 -04:00
|
|
|
}
|
|
|
|
|
|
2024-05-09 13:58:44 -04:00
|
|
|
type AdminRoute = { admin?: true };
|
|
|
|
|
type SharedLinkRoute = { sharedLink?: true };
|
|
|
|
|
type AuthenticatedOptions = AdminRoute | SharedLinkRoute;
|
2023-07-01 14:27:34 -04:00
|
|
|
|
2024-05-09 13:58:44 -04:00
|
|
|
export const Authenticated = (options?: AuthenticatedOptions): MethodDecorator => {
|
2023-07-01 14:27:34 -04:00
|
|
|
const decorators: MethodDecorator[] = [
|
|
|
|
|
ApiBearerAuth(),
|
|
|
|
|
ApiCookieAuth(),
|
2024-04-19 11:19:23 -04:00
|
|
|
ApiSecurity(Metadata.API_KEY_SECURITY),
|
2024-05-09 13:58:44 -04:00
|
|
|
SetMetadata(Metadata.AUTH_ROUTE, options || {}),
|
2023-07-01 14:27:34 -04:00
|
|
|
];
|
|
|
|
|
|
2024-05-09 13:58:44 -04:00
|
|
|
if ((options as SharedLinkRoute)?.sharedLink) {
|
|
|
|
|
decorators.push(ApiQuery({ name: ImmichQuery.SHARED_LINK_KEY, type: String, required: false }));
|
2023-07-01 14:27:34 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return applyDecorators(...decorators);
|
|
|
|
|
};
|
|
|
|
|
|
2024-02-02 04:18:00 +01:00
|
|
|
export const Auth = createParamDecorator((data, context: ExecutionContext): AuthDto => {
|
2024-05-09 13:58:44 -04:00
|
|
|
return context.switchToHttp().getRequest<AuthenticatedRequest>().user;
|
2023-07-01 14:27:34 -04:00
|
|
|
});
|
|
|
|
|
|
2023-12-12 09:58:25 -05:00
|
|
|
export const FileResponse = () =>
|
|
|
|
|
ApiOkResponse({
|
|
|
|
|
content: { 'application/octet-stream': { schema: { type: 'string', format: 'binary' } } },
|
|
|
|
|
});
|
|
|
|
|
|
2024-02-02 04:18:00 +01:00
|
|
|
export const GetLoginDetails = createParamDecorator((data, context: ExecutionContext): LoginDetails => {
|
|
|
|
|
const request = context.switchToHttp().getRequest<Request>();
|
|
|
|
|
const userAgent = UAParser(request.headers['user-agent']);
|
2023-07-01 14:27:34 -04:00
|
|
|
|
|
|
|
|
return {
|
2024-02-02 04:18:00 +01:00
|
|
|
clientIp: request.ip,
|
|
|
|
|
isSecure: request.secure,
|
|
|
|
|
deviceType: userAgent.browser.name || userAgent.device.type || (request.headers.devicemodel as string) || '',
|
|
|
|
|
deviceOS: userAgent.os.name || (request.headers.devicetype as string) || '',
|
2023-07-01 14:27:34 -04:00
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
export interface AuthRequest extends Request {
|
2023-12-09 23:34:12 -05:00
|
|
|
user?: AuthDto;
|
2023-07-01 14:27:34 -04:00
|
|
|
}
|
|
|
|
|
|
2024-05-02 15:42:26 -04:00
|
|
|
export interface AuthenticatedRequest extends Request {
|
|
|
|
|
user: AuthDto;
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-01 14:27:34 -04:00
|
|
|
@Injectable()
|
2024-03-20 15:15:01 -05:00
|
|
|
export class AuthGuard implements CanActivate {
|
2023-08-28 14:41:57 -05:00
|
|
|
constructor(
|
2024-04-15 19:39:06 -04:00
|
|
|
@Inject(ILoggerRepository) private logger: ILoggerRepository,
|
2023-08-28 14:41:57 -05:00
|
|
|
private reflector: Reflector,
|
|
|
|
|
private authService: AuthService,
|
2024-04-15 19:39:06 -04:00
|
|
|
) {
|
|
|
|
|
this.logger.setContext(AuthGuard.name);
|
|
|
|
|
}
|
2023-07-01 14:27:34 -04:00
|
|
|
|
|
|
|
|
async canActivate(context: ExecutionContext): Promise<boolean> {
|
2024-05-09 13:58:44 -04:00
|
|
|
const targets = [context.getHandler()];
|
2023-07-01 14:27:34 -04:00
|
|
|
|
2024-05-09 13:58:44 -04:00
|
|
|
const options = this.reflector.getAllAndOverride<AuthenticatedOptions | undefined>(Metadata.AUTH_ROUTE, targets);
|
|
|
|
|
if (!options) {
|
2023-07-01 14:27:34 -04:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-15 09:14:23 -04:00
|
|
|
const { admin: adminRoute, sharedLink: sharedLinkRoute } = { sharedLink: false, admin: false, ...options };
|
2024-02-02 04:18:00 +01:00
|
|
|
const request = context.switchToHttp().getRequest<AuthRequest>();
|
2023-07-01 14:27:34 -04:00
|
|
|
|
2024-08-15 09:14:23 -04:00
|
|
|
request.user = await this.authService.authenticate({
|
|
|
|
|
headers: request.headers,
|
|
|
|
|
queryParams: request.query as Record<string, string>,
|
|
|
|
|
metadata: { adminRoute, sharedLinkRoute, uri: request.path },
|
|
|
|
|
});
|
2023-07-01 14:27:34 -04:00
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
