c-l/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2025-01-21 03:02:44 +01:00
Code Releases Activity

fix(server): non-admin cannot use map (#4934)

Browse source 
* fix(server): non-admin cannot user map

* fix: admin route

---------

Co-authored-by: Jason Rasmussen <jrasm91@gmail.com>
This commit is contained in:
Alex 2023-11-09 13:52:10 -06:00 committed by GitHub
parent bffc2cdf60
commit 9c0805c37a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
server/src/immich/app.guard.ts
View file

@ -20,16 +20,9 @@ export enum Metadata {
PUBLIC_SECURITY = 'public_security', PUBLIC_SECURITY = 'public_security',
} }
const adminDecorator = SetMetadata(Metadata.ADMIN_ROUTE, true);
const sharedLinkDecorators = [
SetMetadata(Metadata.SHARED_ROUTE, true),
ApiQuery({ name: 'key', type: String, required: false }),
];
export interface AuthenticatedOptions { export interface AuthenticatedOptions {
admin?: boolean; admin?: true;
isShared?: boolean; isShared?: true;
} }
export const Authenticated = (options: AuthenticatedOptions = {}) => { export const Authenticated = (options: AuthenticatedOptions = {}) => {
@ -41,11 +34,11 @@ export const Authenticated = (options: AuthenticatedOptions = {}) => {
]; ];
if (options.admin) { if (options.admin) {
decorators.push(adminDecorator); decorators.push(AdminRoute());
} }
if (options.isShared) { if (options.isShared) {
decorators.push(...sharedLinkDecorators); decorators.push(SharedLinkRoute());
} }
return applyDecorators(...decorators); return applyDecorators(...decorators);
@ -53,8 +46,9 @@ export const Authenticated = (options: AuthenticatedOptions = {}) => {
export const PublicRoute = () => export const PublicRoute = () =>
applyDecorators(SetMetadata(Metadata.AUTH_ROUTE, false), ApiSecurity(Metadata.PUBLIC_SECURITY)); applyDecorators(SetMetadata(Metadata.AUTH_ROUTE, false), ApiSecurity(Metadata.PUBLIC_SECURITY));
export const SharedLinkRoute = () => applyDecorators(...sharedLinkDecorators); export const SharedLinkRoute = () =>
export const AdminRoute = () => adminDecorator; applyDecorators(SetMetadata(Metadata.SHARED_ROUTE, true), ApiQuery({ name: 'key', type: String, required: false }));
export const AdminRoute = (value = true) => SetMetadata(Metadata.ADMIN_ROUTE, value);
export const AuthUser = createParamDecorator((data, ctx: ExecutionContext): AuthUserDto => { export const AuthUser = createParamDecorator((data, ctx: ExecutionContext): AuthUserDto => {
return ctx.switchToHttp().getRequest<{ user: AuthUserDto }>().user; return ctx.switchToHttp().getRequest<{ user: AuthUserDto }>().user;

3
server/src/immich/controllers/system-config.controller.ts
View file

@ -2,7 +2,7 @@ import { SystemConfigDto, SystemConfigService, SystemConfigTemplateStorageOption
import { MapThemeDto } from '@app/domain/system-config/system-config-map-theme.dto'; import { MapThemeDto } from '@app/domain/system-config/system-config-map-theme.dto';
import { Body, Controller, Get, Put, Query } from '@nestjs/common'; import { Body, Controller, Get, Put, Query } from '@nestjs/common';
import { ApiTags } from '@nestjs/swagger'; import { ApiTags } from '@nestjs/swagger';
import { Authenticated } from '../app.guard'; import { AdminRoute, Authenticated } from '../app.guard';
import { UseValidation } from '../app.utils'; import { UseValidation } from '../app.utils';
@ApiTags('System Config') @ApiTags('System Config')
@ -32,6 +32,7 @@ export class SystemConfigController {
return this.service.getStorageTemplateOptions(); return this.service.getStorageTemplateOptions();
} }
@AdminRoute(false)
@Get('map/style.json') @Get('map/style.json')
getMapStyle(@Query() dto: MapThemeDto) { getMapStyle(@Query() dto: MapThemeDto) {
return this.service.getMapStyle(dto.theme); return this.service.getMapStyle(dto.theme);