refactor(server): controller cleanup (#11923)

chore(server): controller cleanup

mobile/lib/services/api.service.dart

@@ -18,7 +18,7 @@ class ApiService implements Authentication {
   late AlbumsApi albumsApi;
   late AssetsApi assetsApi;
   late SearchApi searchApi;
-  late ServerInfoApi serverInfoApi;
+  late ServerApi serverInfoApi;
   late MapApi mapApi;
   late PartnersApi partnersApi;
   late PeopleApi peopleApi;
@@ -50,7 +50,7 @@ class ApiService implements Authentication {
     oAuthApi = OAuthApi(_apiClient);
     albumsApi = AlbumsApi(_apiClient);
     assetsApi = AssetsApi(_apiClient);
-    serverInfoApi = ServerInfoApi(_apiClient);
+    serverInfoApi = ServerApi(_apiClient);
     searchApi = SearchApi(_apiClient);
     mapApi = MapApi(_apiClient);
     partnersApi = PartnersApi(_apiClient);

open-api/immich-openapi-specs.json

@@ -3643,7 +3643,7 @@
         "operationId": "unlinkOAuthAccount",
         "parameters": [],
         "responses": {
-          "201": {
+          "200": {
             "content": {
               "application/json": {
                 "schema": {
@@ -4771,10 +4771,8 @@
         ]
       }
     },
-    "/server-info/about": {
+    "/server/about": {
       "get": {
-        "deprecated": true,
-        "description": "This property was deprecated in v1.107.0",
         "operationId": "getAboutInfo",
         "parameters": [],
         "responses": {
@@ -4801,18 +4799,12 @@
           }
         ],
         "tags": [
-          "Server Info",
+          "Server"
-          "Deprecated"
+        ]
-        ],
-        "x-immich-lifecycle": {
-          "deprecatedAt": "v1.107.0"
-        }
       }
     },
-    "/server-info/config": {
+    "/server/config": {
       "get": {
-        "deprecated": true,
-        "description": "This property was deprecated in v1.107.0",
         "operationId": "getServerConfig",
         "parameters": [],
         "responses": {
@@ -4828,18 +4820,12 @@
           }
         },
         "tags": [
-          "Server Info",
+          "Server"
-          "Deprecated"
+        ]
-        ],
-        "x-immich-lifecycle": {
-          "deprecatedAt": "v1.107.0"
-        }
       }
     },
-    "/server-info/features": {
+    "/server/features": {
       "get": {
-        "deprecated": true,
-        "description": "This property was deprecated in v1.107.0",
         "operationId": "getServerFeatures",
         "parameters": [],
         "responses": {
@@ -4855,196 +4841,8 @@
           }
         },
         "tags": [
-          "Server Info",
+          "Server"
-          "Deprecated"
+        ]
-        ],
-        "x-immich-lifecycle": {
-          "deprecatedAt": "v1.107.0"
-        }
-      }
-    },
-    "/server-info/media-types": {
-      "get": {
-        "deprecated": true,
-        "description": "This property was deprecated in v1.107.0",
-        "operationId": "getSupportedMediaTypes",
-        "parameters": [],
-        "responses": {
-          "200": {
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/ServerMediaTypesResponseDto"
-                }
-              }
-            },
-            "description": ""
-          }
-        },
-        "tags": [
-          "Server Info",
-          "Deprecated"
-        ],
-        "x-immich-lifecycle": {
-          "deprecatedAt": "v1.107.0"
-        }
-      }
-    },
-    "/server-info/ping": {
-      "get": {
-        "deprecated": true,
-        "description": "This property was deprecated in v1.107.0",
-        "operationId": "pingServer",
-        "parameters": [],
-        "responses": {
-          "200": {
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/ServerPingResponse"
-                }
-              }
-            },
-            "description": ""
-          }
-        },
-        "tags": [
-          "Server Info",
-          "Deprecated"
-        ],
-        "x-immich-lifecycle": {
-          "deprecatedAt": "v1.107.0"
-        }
-      }
-    },
-    "/server-info/statistics": {
-      "get": {
-        "deprecated": true,
-        "description": "This property was deprecated in v1.107.0",
-        "operationId": "getServerStatistics",
-        "parameters": [],
-        "responses": {
-          "200": {
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/ServerStatsResponseDto"
-                }
-              }
-            },
-            "description": ""
-          }
-        },
-        "security": [
-          {
-            "bearer": []
-          },
-          {
-            "cookie": []
-          },
-          {
-            "api_key": []
-          }
-        ],
-        "tags": [
-          "Server Info",
-          "Deprecated"
-        ],
-        "x-immich-lifecycle": {
-          "deprecatedAt": "v1.107.0"
-        }
-      }
-    },
-    "/server-info/storage": {
-      "get": {
-        "deprecated": true,
-        "description": "This property was deprecated in v1.107.0",
-        "operationId": "getStorage",
-        "parameters": [],
-        "responses": {
-          "200": {
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/ServerStorageResponseDto"
-                }
-              }
-            },
-            "description": ""
-          }
-        },
-        "security": [
-          {
-            "bearer": []
-          },
-          {
-            "cookie": []
-          },
-          {
-            "api_key": []
-          }
-        ],
-        "tags": [
-          "Server Info",
-          "Deprecated"
-        ],
-        "x-immich-lifecycle": {
-          "deprecatedAt": "v1.107.0"
-        }
-      }
-    },
-    "/server-info/theme": {
-      "get": {
-        "deprecated": true,
-        "description": "This property was deprecated in v1.107.0",
-        "operationId": "getTheme",
-        "parameters": [],
-        "responses": {
-          "200": {
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/ServerThemeDto"
-                }
-              }
-            },
-            "description": ""
-          }
-        },
-        "tags": [
-          "Server Info",
-          "Deprecated"
-        ],
-        "x-immich-lifecycle": {
-          "deprecatedAt": "v1.107.0"
-        }
-      }
-    },
-    "/server-info/version": {
-      "get": {
-        "deprecated": true,
-        "description": "This property was deprecated in v1.107.0",
-        "operationId": "getServerVersion",
-        "parameters": [],
-        "responses": {
-          "200": {
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/ServerVersionResponseDto"
-                }
-              }
-            },
-            "description": ""
-          }
-        },
-        "tags": [
-          "Server Info",
-          "Deprecated"
-        ],
-        "x-immich-lifecycle": {
-          "deprecatedAt": "v1.107.0"
-        }
       }
     },
     "/server/license": {
@@ -5145,6 +4943,154 @@
         ]
       }
     },
+    "/server/media-types": {
+      "get": {
+        "operationId": "getSupportedMediaTypes",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ServerMediaTypesResponseDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "tags": [
+          "Server"
+        ]
+      }
+    },
+    "/server/ping": {
+      "get": {
+        "operationId": "pingServer",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ServerPingResponse"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "tags": [
+          "Server"
+        ]
+      }
+    },
+    "/server/statistics": {
+      "get": {
+        "operationId": "getServerStatistics",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ServerStatsResponseDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "tags": [
+          "Server"
+        ]
+      }
+    },
+    "/server/storage": {
+      "get": {
+        "operationId": "getStorage",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ServerStorageResponseDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "tags": [
+          "Server"
+        ]
+      }
+    },
+    "/server/theme": {
+      "get": {
+        "operationId": "getTheme",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ServerThemeDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "tags": [
+          "Server"
+        ]
+      }
+    },
+    "/server/version": {
+      "get": {
+        "operationId": "getServerVersion",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ServerVersionResponseDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "tags": [
+          "Server"
+        ]
+      }
+    },
     "/sessions": {
       "delete": {
         "operationId": "deleteAllSessions",
@@ -9972,7 +9918,6 @@
           "asset.read",
           "asset.update",
           "asset.delete",
-          "asset.restore",
           "asset.share",
           "asset.view",
           "asset.download",
@@ -10014,6 +9959,9 @@
           "person.statistics",
           "person.merge",
           "person.reassign",
+          "session.read",
+          "session.update",
+          "session.delete",
           "sharedLink.create",
           "sharedLink.read",
           "sharedLink.update",

open-api/typescript-sdk/src/fetch-client.ts

@@ -869,6 +869,15 @@ export type ServerFeaturesDto = {
     smartSearch: boolean;
     trash: boolean;
 };
+export type LicenseResponseDto = {
+    activatedAt: string;
+    activationKey: string;
+    licenseKey: string;
+};
+export type LicenseKeyDto = {
+    activationKey: string;
+    licenseKey: string;
+};
 export type ServerMediaTypesResponseDto = {
     image: string[];
     sidecar: string[];
@@ -909,15 +918,6 @@ export type ServerVersionResponseDto = {
     minor: number;
     patch: number;
 };
-export type LicenseResponseDto = {
-    activatedAt: string;
-    activationKey: string;
-    licenseKey: string;
-};
-export type LicenseKeyDto = {
-    activationKey: string;
-    licenseKey: string;
-};
 export type SessionResponseDto = {
     createdAt: string;
     current: boolean;
@@ -2168,7 +2168,7 @@ export function redirectOAuthToMobile(opts?: Oazapfts.RequestOpts) {
 }
 export function unlinkOAuthAccount(opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
-        status: 201;
+        status: 200;
         data: UserAdminResponseDto;
     }>("/oauth/unlink", {
         ...opts,
@@ -2458,102 +2458,27 @@ export function getSearchSuggestions({ country, includeNull, make, model, state,
         ...opts
     }));
 }
-/**
- * This property was deprecated in v1.107.0
- */
 export function getAboutInfo(opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
         status: 200;
         data: ServerAboutResponseDto;
-    }>("/server-info/about", {
+    }>("/server/about", {
         ...opts
     }));
 }
-/**
- * This property was deprecated in v1.107.0
- */
 export function getServerConfig(opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
         status: 200;
         data: ServerConfigDto;
-    }>("/server-info/config", {
+    }>("/server/config", {
         ...opts
     }));
 }
-/**
- * This property was deprecated in v1.107.0
- */
 export function getServerFeatures(opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
         status: 200;
         data: ServerFeaturesDto;
-    }>("/server-info/features", {
+    }>("/server/features", {
-        ...opts
-    }));
-}
-/**
- * This property was deprecated in v1.107.0
- */
-export function getSupportedMediaTypes(opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchJson<{
-        status: 200;
-        data: ServerMediaTypesResponseDto;
-    }>("/server-info/media-types", {
-        ...opts
-    }));
-}
-/**
- * This property was deprecated in v1.107.0
- */
-export function pingServer(opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchJson<{
-        status: 200;
-        data: ServerPingResponseRead;
-    }>("/server-info/ping", {
-        ...opts
-    }));
-}
-/**
- * This property was deprecated in v1.107.0
- */
-export function getServerStatistics(opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchJson<{
-        status: 200;
-        data: ServerStatsResponseDto;
-    }>("/server-info/statistics", {
-        ...opts
-    }));
-}
-/**
- * This property was deprecated in v1.107.0
- */
-export function getStorage(opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchJson<{
-        status: 200;
-        data: ServerStorageResponseDto;
-    }>("/server-info/storage", {
-        ...opts
-    }));
-}
-/**
- * This property was deprecated in v1.107.0
- */
-export function getTheme(opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchJson<{
-        status: 200;
-        data: ServerThemeDto;
-    }>("/server-info/theme", {
-        ...opts
-    }));
-}
-/**
- * This property was deprecated in v1.107.0
- */
-export function getServerVersion(opts?: Oazapfts.RequestOpts) {
-    return oazapfts.ok(oazapfts.fetchJson<{
-        status: 200;
-        data: ServerVersionResponseDto;
-    }>("/server-info/version", {
         ...opts
     }));
 }
@@ -2585,6 +2510,54 @@ export function setServerLicense({ licenseKeyDto }: {
         body: licenseKeyDto
     })));
 }
+export function getSupportedMediaTypes(opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: ServerMediaTypesResponseDto;
+    }>("/server/media-types", {
+        ...opts
+    }));
+}
+export function pingServer(opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: ServerPingResponseRead;
+    }>("/server/ping", {
+        ...opts
+    }));
+}
+export function getServerStatistics(opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: ServerStatsResponseDto;
+    }>("/server/statistics", {
+        ...opts
+    }));
+}
+export function getStorage(opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: ServerStorageResponseDto;
+    }>("/server/storage", {
+        ...opts
+    }));
+}
+export function getTheme(opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: ServerThemeDto;
+    }>("/server/theme", {
+        ...opts
+    }));
+}
+export function getServerVersion(opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: ServerVersionResponseDto;
+    }>("/server/version", {
+        ...opts
+    }));
+}
 export function deleteAllSessions(opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchText("/sessions", {
         ...opts,
@@ -3205,7 +3178,6 @@ export enum Permission {
     AssetRead = "asset.read",
     AssetUpdate = "asset.update",
     AssetDelete = "asset.delete",
-    AssetRestore = "asset.restore",
     AssetShare = "asset.share",
     AssetView = "asset.view",
     AssetDownload = "asset.download",
@@ -3247,6 +3219,9 @@ export enum Permission {
     PersonStatistics = "person.statistics",
     PersonMerge = "person.merge",
     PersonReassign = "person.reassign",
+    SessionRead = "session.read",
+    SessionUpdate = "session.update",
+    SessionDelete = "session.delete",
     SharedLinkCreate = "sharedLink.create",
     SharedLinkRead = "sharedLink.read",
     SharedLinkUpdate = "sharedLink.update",

server/src/controllers/activity.controller.ts

@@ -25,12 +25,6 @@ export class ActivityController {
     return this.service.getAll(auth, dto);
   }
 
-  @Get('statistics')
-  @Authenticated({ permission: Permission.ACTIVITY_STATISTICS })
-  getActivityStatistics(@Auth() auth: AuthDto, @Query() dto: ActivityDto): Promise<ActivityStatisticsResponseDto> {
-    return this.service.getStatistics(auth, dto);
-  }
-
   @Post()
   @Authenticated({ permission: Permission.ACTIVITY_CREATE })
   async createActivity(
@@ -45,6 +39,12 @@ export class ActivityController {
     return value;
   }
 
+  @Get('statistics')
+  @Authenticated({ permission: Permission.ACTIVITY_STATISTICS })
+  getActivityStatistics(@Auth() auth: AuthDto, @Query() dto: ActivityDto): Promise<ActivityStatisticsResponseDto> {
+    return this.service.getStatistics(auth, dto);
+  }
+
   @Delete(':id')
   @HttpCode(HttpStatus.NO_CONTENT)
   @Authenticated({ permission: Permission.ACTIVITY_DELETE })

server/src/controllers/asset-media.controller.ts

@@ -93,8 +93,8 @@ export class AssetMediaController {
   @Put(':id/original')
   @UseInterceptors(FileUploadInterceptor)
   @ApiConsumes('multipart/form-data')
-  @Authenticated({ sharedLink: true })
   @EndpointLifecycle({ addedAt: 'v1.106.0' })
+  @Authenticated({ sharedLink: true })
   async replaceAsset(
     @Auth() auth: AuthDto,
     @Param() { id }: UUIDParamDto,

server/src/controllers/asset.controller.ts

@@ -51,8 +51,8 @@ export class AssetController {
   }
 
   @Post('jobs')
-  @HttpCode(HttpStatus.NO_CONTENT)
   @Authenticated()
+  @HttpCode(HttpStatus.NO_CONTENT)
   runAssetJobs(@Auth() auth: AuthDto, @Body() dto: AssetJobsDto): Promise<void> {
     return this.service.run(auth, dto);
   }

server/src/controllers/library.controller.ts

@@ -31,18 +31,18 @@ export class LibraryController {
     return this.service.create(dto);
   }
 
-  @Put(':id')
-  @Authenticated({ permission: Permission.LIBRARY_UPDATE, admin: true })
-  updateLibrary(@Param() { id }: UUIDParamDto, @Body() dto: UpdateLibraryDto): Promise<LibraryResponseDto> {
-    return this.service.update(id, dto);
-  }
-
   @Get(':id')
   @Authenticated({ permission: Permission.LIBRARY_READ, admin: true })
   getLibrary(@Param() { id }: UUIDParamDto): Promise<LibraryResponseDto> {
     return this.service.get(id);
   }
 
+  @Put(':id')
+  @Authenticated({ permission: Permission.LIBRARY_UPDATE, admin: true })
+  updateLibrary(@Param() { id }: UUIDParamDto, @Body() dto: UpdateLibraryDto): Promise<LibraryResponseDto> {
+    return this.service.update(id, dto);
+  }
+
   @Post(':id/validate')
   @HttpCode(200)
   @Authenticated({ admin: true })

server/src/controllers/notification.controller.ts

@@ -1,4 +1,4 @@
-import { Body, Controller, HttpCode, Post } from '@nestjs/common';
+import { Body, Controller, HttpCode, HttpStatus, Post } from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
 import { AuthDto } from 'src/dtos/auth.dto';
 import { SystemConfigSmtpDto } from 'src/dtos/system-config.dto';
@@ -11,7 +11,7 @@ export class NotificationController {
   constructor(private service: NotificationService) {}
 
   @Post('test-email')
-  @HttpCode(200)
+  @HttpCode(HttpStatus.OK)
   @Authenticated({ admin: true })
   sendTestEmail(@Auth() auth: AuthDto, @Body() dto: SystemConfigSmtpDto) {
     return this.service.sendTestEmail(auth.user.id, dto);

server/src/controllers/oauth.controller.ts

@@ -1,4 +1,4 @@
-import { Body, Controller, Get, HttpStatus, Post, Redirect, Req, Res } from '@nestjs/common';
+import { Body, Controller, Get, HttpCode, HttpStatus, Post, Redirect, Req, Res } from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
 import { Request, Response } from 'express';
 import { AuthType } from 'src/constants';
@@ -58,6 +58,7 @@ export class OAuthController {
   }
 
   @Post('unlink')
+  @HttpCode(HttpStatus.OK)
   @Authenticated()
   unlinkOAuthAccount(@Auth() auth: AuthDto): Promise<UserAdminResponseDto> {
     return this.service.unlink(auth);

server/src/controllers/partner.controller.ts

@@ -1,9 +1,8 @@
 import { Body, Controller, Delete, Get, Param, Post, Put, Query } from '@nestjs/common';
-import { ApiQuery, ApiTags } from '@nestjs/swagger';
+import { ApiTags } from '@nestjs/swagger';
 import { AuthDto } from 'src/dtos/auth.dto';
 import { PartnerResponseDto, PartnerSearchDto, UpdatePartnerDto } from 'src/dtos/partner.dto';
 import { Permission } from 'src/enum';
-import { PartnerDirection } from 'src/interfaces/partner.interface';
 import { Auth, Authenticated } from 'src/middleware/auth.guard';
 import { PartnerService } from 'src/services/partner.service';
 import { UUIDParamDto } from 'src/validation';
@@ -14,9 +13,7 @@ export class PartnerController {
   constructor(private service: PartnerService) {}
 
   @Get()
-  @ApiQuery({ name: 'direction', type: 'string', enum: PartnerDirection, required: true })
   @Authenticated({ permission: Permission.PARTNER_READ })
-  // TODO: remove 'direction' and convert to full query dto
   getPartners(@Auth() auth: AuthDto, @Query() dto: PartnerSearchDto): Promise<PartnerResponseDto[]> {
     return this.service.search(auth, dto);
   }

server/src/controllers/server-info.controller.ts

@@ -1,5 +1,5 @@
 import { Controller, Get } from '@nestjs/common';
-import { ApiTags } from '@nestjs/swagger';
+import { ApiExcludeController, ApiTags } from '@nestjs/swagger';
 import { EndpointLifecycle } from 'src/decorators';
 import {
   ServerAboutResponseDto,
@@ -16,6 +16,7 @@ import { Authenticated } from 'src/middleware/auth.guard';
 import { ServerService } from 'src/services/server.service';
 import { VersionService } from 'src/services/version.service';
 
+@ApiExcludeController()
 @ApiTags('Server Info')
 @Controller('server-info')
 export class ServerInfoController {
@@ -68,9 +69,9 @@ export class ServerInfoController {
     return this.service.getConfig();
   }
 
-  @Authenticated({ admin: true })
-  @EndpointLifecycle({ deprecatedAt: 'v1.107.0' })
   @Get('statistics')
+  @EndpointLifecycle({ deprecatedAt: 'v1.107.0' })
+  @Authenticated({ admin: true })
   getServerStatistics(): Promise<ServerStatsResponseDto> {
     return this.service.getStatistics();
   }

server/src/controllers/server.controller.ts

@@ -1,5 +1,5 @@
 import { Body, Controller, Delete, Get, Put } from '@nestjs/common';
-import { ApiExcludeEndpoint, ApiNotFoundResponse, ApiTags } from '@nestjs/swagger';
+import { ApiNotFoundResponse, ApiTags } from '@nestjs/swagger';
 import { LicenseKeyDto, LicenseResponseDto } from 'src/dtos/license.dto';
 import {
   ServerAboutResponseDto,
@@ -26,57 +26,48 @@ export class ServerController {
 
   @Get('about')
   @Authenticated()
-  @ApiExcludeEndpoint()
   getAboutInfo(): Promise<ServerAboutResponseDto> {
     return this.service.getAboutInfo();
   }
 
   @Get('storage')
   @Authenticated()
-  @ApiExcludeEndpoint()
   getStorage(): Promise<ServerStorageResponseDto> {
     return this.service.getStorage();
   }
 
   @Get('ping')
-  @ApiExcludeEndpoint()
   pingServer(): ServerPingResponse {
     return this.service.ping();
   }
 
   @Get('version')
-  @ApiExcludeEndpoint()
   getServerVersion(): ServerVersionResponseDto {
     return this.versionService.getVersion();
   }
 
   @Get('features')
-  @ApiExcludeEndpoint()
   getServerFeatures(): Promise<ServerFeaturesDto> {
     return this.service.getFeatures();
   }
 
   @Get('theme')
-  @ApiExcludeEndpoint()
   getTheme(): Promise<ServerThemeDto> {
     return this.service.getTheme();
   }
 
   @Get('config')
-  @ApiExcludeEndpoint()
   getServerConfig(): Promise<ServerConfigDto> {
     return this.service.getConfig();
   }
 
-  @Authenticated({ admin: true })
   @Get('statistics')
-  @ApiExcludeEndpoint()
+  @Authenticated({ admin: true })
   getServerStatistics(): Promise<ServerStatsResponseDto> {
     return this.service.getStatistics();
   }
 
   @Get('media-types')
-  @ApiExcludeEndpoint()
   getSupportedMediaTypes(): ServerMediaTypesResponseDto {
     return this.service.getSupportedMediaTypes();
   }

server/src/controllers/session.controller.ts

@@ -2,6 +2,7 @@ import { Controller, Delete, Get, HttpCode, HttpStatus, Param } from '@nestjs/co
 import { ApiTags } from '@nestjs/swagger';
 import { AuthDto } from 'src/dtos/auth.dto';
 import { SessionResponseDto } from 'src/dtos/session.dto';
+import { Permission } from 'src/enum';
 import { Auth, Authenticated } from 'src/middleware/auth.guard';
 import { SessionService } from 'src/services/session.service';
 import { UUIDParamDto } from 'src/validation';
@@ -12,21 +13,21 @@ export class SessionController {
   constructor(private service: SessionService) {}
 
   @Get()
-  @Authenticated()
+  @Authenticated({ permission: Permission.SESSION_READ })
   getSessions(@Auth() auth: AuthDto): Promise<SessionResponseDto[]> {
     return this.service.getAll(auth);
   }
 
   @Delete()
+  @Authenticated({ permission: Permission.SESSION_DELETE })
   @HttpCode(HttpStatus.NO_CONTENT)
-  @Authenticated()
   deleteAllSessions(@Auth() auth: AuthDto): Promise<void> {
     return this.service.deleteAll(auth);
   }
 
   @Delete(':id')
+  @Authenticated({ permission: Permission.SESSION_DELETE })
   @HttpCode(HttpStatus.NO_CONTENT)
-  @Authenticated()
   deleteSession(@Auth() auth: AuthDto, @Param() { id }: UUIDParamDto): Promise<void> {
     return this.service.delete(auth, id);
   }

server/src/controllers/stack.controller.ts

@@ -26,8 +26,8 @@ export class StackController {
   }
 
   @Delete()
-  @HttpCode(HttpStatus.NO_CONTENT)
   @Authenticated({ permission: Permission.STACK_DELETE })
+  @HttpCode(HttpStatus.NO_CONTENT)
   deleteStacks(@Auth() auth: AuthDto, @Body() dto: BulkIdsDto): Promise<void> {
     return this.service.deleteAll(auth, dto);
   }

server/src/controllers/timeline.controller.ts

@@ -3,6 +3,7 @@ import { ApiTags } from '@nestjs/swagger';
 import { AssetResponseDto } from 'src/dtos/asset-response.dto';
 import { AuthDto } from 'src/dtos/auth.dto';
 import { TimeBucketAssetDto, TimeBucketDto, TimeBucketResponseDto } from 'src/dtos/time-bucket.dto';
+import { Permission } from 'src/enum';
 import { Auth, Authenticated } from 'src/middleware/auth.guard';
 import { TimelineService } from 'src/services/timeline.service';
 
@@ -11,14 +12,14 @@ import { TimelineService } from 'src/services/timeline.service';
 export class TimelineController {
   constructor(private service: TimelineService) {}
 
-  @Authenticated({ sharedLink: true })
   @Get('buckets')
+  @Authenticated({ permission: Permission.ASSET_READ, sharedLink: true })
   getTimeBuckets(@Auth() auth: AuthDto, @Query() dto: TimeBucketDto): Promise<TimeBucketResponseDto[]> {
     return this.service.getTimeBuckets(auth, dto);
   }
 
-  @Authenticated({ sharedLink: true })
   @Get('bucket')
+  @Authenticated({ permission: Permission.ASSET_READ, sharedLink: true })
   getTimeBucket(@Auth() auth: AuthDto, @Query() dto: TimeBucketAssetDto): Promise<AssetResponseDto[]> {
     return this.service.getTimeBucket(auth, dto) as Promise<AssetResponseDto[]>;
   }

server/src/controllers/trash.controller.ts

@@ -2,6 +2,7 @@ import { Body, Controller, HttpCode, HttpStatus, Post } from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
 import { BulkIdsDto } from 'src/dtos/asset-ids.response.dto';
 import { AuthDto } from 'src/dtos/auth.dto';
+import { Permission } from 'src/enum';
 import { Auth, Authenticated } from 'src/middleware/auth.guard';
 import { TrashService } from 'src/services/trash.service';
 
@@ -12,21 +13,21 @@ export class TrashController {
 
   @Post('empty')
   @HttpCode(HttpStatus.NO_CONTENT)
-  @Authenticated()
+  @Authenticated({ permission: Permission.ASSET_DELETE })
   emptyTrash(@Auth() auth: AuthDto): Promise<void> {
     return this.service.empty(auth);
   }
 
   @Post('restore')
   @HttpCode(HttpStatus.NO_CONTENT)
-  @Authenticated()
+  @Authenticated({ permission: Permission.ASSET_DELETE })
   restoreTrash(@Auth() auth: AuthDto): Promise<void> {
     return this.service.restore(auth);
   }
 
   @Post('restore/assets')
   @HttpCode(HttpStatus.NO_CONTENT)
-  @Authenticated()
+  @Authenticated({ permission: Permission.ASSET_DELETE })
   restoreAssets(@Auth() auth: AuthDto, @Body() dto: BulkIdsDto): Promise<void> {
     return this.service.restoreAssets(auth, dto);
   }

server/src/enum.ts

@@ -54,7 +54,6 @@ export enum Permission {
   ASSET_READ = 'asset.read',
   ASSET_UPDATE = 'asset.update',
   ASSET_DELETE = 'asset.delete',
-  ASSET_RESTORE = 'asset.restore',
   ASSET_SHARE = 'asset.share',
   ASSET_VIEW = 'asset.view',
   ASSET_DOWNLOAD = 'asset.download',
@@ -107,6 +106,10 @@ export enum Permission {
   PERSON_MERGE = 'person.merge',
   PERSON_REASSIGN = 'person.reassign',
 
+  SESSION_READ = 'session.read',
+  SESSION_UPDATE = 'session.update',
+  SESSION_DELETE = 'session.delete',
+
   SHARED_LINK_CREATE = 'sharedLink.create',
   SHARED_LINK_READ = 'sharedLink.read',
   SHARED_LINK_UPDATE = 'sharedLink.update',

server/src/services/trash.service.ts

@@ -20,7 +20,7 @@ export class TrashService {
 
   async restoreAssets(auth: AuthDto, dto: BulkIdsDto): Promise<void> {
     const { ids } = dto;
-    await requireAccess(this.access, { auth, permission: Permission.ASSET_RESTORE, ids });
+    await requireAccess(this.access, { auth, permission: Permission.ASSET_DELETE, ids });
     await this.restoreAndSend(auth, ids);
   }
 

server/src/utils/access.ts

@@ -147,10 +147,6 @@ const checkOtherAccess = async (access: IAccessRepository, request: OtherAccessR
       return await access.asset.checkOwnerAccess(auth.user.id, ids);
     }
 
-    case Permission.ASSET_RESTORE: {
-      return await access.asset.checkOwnerAccess(auth.user.id, ids);
-    }
-
     case Permission.ALBUM_READ: {
       const isOwner = await access.album.checkOwnerAccess(auth.user.id, ids);
       const isShared = await access.album.checkSharedAlbumAccess(