fix(web): browser-side api client to include authorization token

2024-12-28 22:51:59 +00:00 · 2023-01-18 17:11:38 -08:00 · 2023-01-18 17:11:38 -08:00 · 60e338938f
commit 60e338938f
parent 157d9b9cd7
2 changed files with 27 additions and 1 deletions
--- a/web/src/lib/components/forms/login-form.svelte
+++ b/web/src/lib/components/forms/login-form.svelte
@ -1,4 +1,5 @@
 <script lang="ts">
+	import * as cookieParse from 'cookie';
 	import { goto } from '$app/navigation';
 	import LoadingSpinner from '$lib/components/shared-components/loading-spinner.svelte';
 	import { loginPageMessage } from '$lib/constants';
@ -19,8 +20,11 @@
 		if (oauth.isCallback(window.location)) {
 			try {
 				loading = true;
-				await oauth.login(window.location);
+				const { data } = await oauth.login(window.location);
 				dispatch('success');
+
+				// Set the access token
+				saveAccessToken(data.accessToken);
 				return;
 			} catch (e) {
 				console.error('Error [login-form] [oauth.callback]', e);
@ -63,6 +67,9 @@
 				return;
 			}

+			// Set the access token
+			saveAccessToken(data.accessToken);
+
 			dispatch('success');
 			return;
 		} catch (e) {
@ -71,6 +78,14 @@
 			return;
 		}
 	};
+
+	function saveAccessToken(accessToken: string) {
+		// Set client requests to include access token
+		api.setAccessToken(accessToken);
+
+		// Save the access token cookie
+		document.cookie = cookieParse.serialize('immich_access_token', accessToken);
+	}
 </script>

 <div
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@ -1,6 +1,8 @@
 <script lang="ts">
 	import '../app.css';

+	import { api } from '@api';
+	import * as cookieParser from 'cookie';
 	import { fade } from 'svelte/transition';
 	import { page } from '$app/stores';
 	import DownloadPanel from '$lib/components/asset-viewer/download-panel.svelte';
@ -22,6 +24,7 @@
 	let showUploadCover = false;

 	onMount(async () => {
+		initApiAccessToken();
 		checkUserTheme();
 		const res = await checkAppVersion();

@ -30,6 +33,14 @@
 		remoteVersion = res.remoteVersion ?? 'unknown';
 	});

+	const initApiAccessToken = () => {
+		const cookies = cookieParser.parse(document.cookie);
+		const accessToken = cookies['immich_access_token'];
+		if (accessToken) {
+			api.setAccessToken(accessToken);
+		}
+	};
+
 	const checkUserTheme = () => {
 		// On page load or when changing themes, best to add inline in `head` to avoid FOUC
 		if (