* fix(server): Reduce number of bound parameters in Access queries
According to https://github.com/typeorm/typeorm/issues/7565, the
introduction of bulk queries for permission checks could quickly reach
the limit of 65536 bound parameters allowed by the PostgreSQL
connection.
To avoid reaching that limit, this first change refactors the Access
queries that are expanding the set of ids multiple times. For example,
`asset.checkSharedLinkAccess` expands the ids 4 times, so providing just
~16400 ids is enough to break the query.
Refactored queries:
* activity.checkCreateAccess
```sql
-- Before
SELECT "AlbumEntity"."id" AS "AlbumEntity_id"
FROM "albums" "AlbumEntity"
LEFT JOIN "albums_shared_users_users" "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"
ON "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."albumsId"="AlbumEntity"."id"
LEFT JOIN "users" "AlbumEntity__AlbumEntity_sharedUsers"
ON "AlbumEntity__AlbumEntity_sharedUsers"."id"="AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."usersId"
AND ("AlbumEntity__AlbumEntity_sharedUsers"."deletedAt" IS NULL)
WHERE
(
(
"AlbumEntity"."id" IN ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)
AND "AlbumEntity"."isActivityEnabled" = $11
AND "AlbumEntity__AlbumEntity_sharedUsers"."id" = $12
)
OR (
"AlbumEntity"."id" IN ($13, $14, $15, $16, $17, $18, $19, $20, $21, $22)
AND "AlbumEntity"."isActivityEnabled" = $23
AND "AlbumEntity"."ownerId" = $24
)
)
AND "AlbumEntity"."deletedAt" IS NULL
-- After
SELECT "album"."id" AS "album_id"
FROM "albums" "album"
LEFT JOIN "albums_shared_users_users" "album_sharedUsers"
ON "album_sharedUsers"."albumsId"="album"."id"
LEFT JOIN "users" "sharedUsers"
ON "sharedUsers"."id"="album_sharedUsers"."usersId"
AND "sharedUsers"."deletedAt" IS NULL
WHERE
"album"."id" IN ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)
AND "album"."isActivityEnabled" = true
AND (
"album"."ownerId" = $11
OR "sharedUsers"."id" = $12
)
AND "album"."deletedAt" IS NULL
```
* asset.checkAlbumAccess
```sql
-- Before
SELECT
"asset"."id" AS "assetId",
"asset"."livePhotoVideoId" AS "livePhotoVideoId"
FROM "albums" "album"
INNER JOIN "albums_assets_assets" "album_asset"
ON "album_asset"."albumsId"="album"."id"
INNER JOIN "assets" "asset"
ON "asset"."id"="album_asset"."assetsId"
AND "asset"."deletedAt" IS NULL
LEFT JOIN "albums_shared_users_users" "album_sharedUsers"
ON "album_sharedUsers"."albumsId"="album"."id"
LEFT JOIN "users" "sharedUsers"
ON "sharedUsers"."id"="album_sharedUsers"."usersId"
AND "sharedUsers"."deletedAt" IS NULL
WHERE
(
"album"."ownerId" = $1
OR "sharedUsers"."id" = $2
)
AND (
"asset"."id" IN ($3, $4, $5, $6, $7, $8, $9, $10, $11, $12)
OR "asset"."livePhotoVideoId" IN ($13, $14, $15, $16, $17, $18, $19, $20, $21, $22)
)
AND "album"."deletedAt" IS NULL
-- After
WITH "assetIds" AS (
SELECT unnest(array[$1, $2, $3, $4, $5, $6, $7, $8, $9, $10])::uuid AS "id"
FROM (SELECT 1 AS dummy_column) "dummy_table"
)
SELECT
"asset"."id" AS "assetId",
"asset"."livePhotoVideoId" AS "livePhotoVideoId"
FROM "albums" "album"
INNER JOIN "albums_assets_assets" "album_asset"
ON "album_asset"."albumsId"="album"."id"
INNER JOIN "assets" "asset"
ON "asset"."id"="album_asset"."assetsId"
AND "asset"."deletedAt" IS NULL
LEFT JOIN "albums_shared_users_users" "album_sharedUsers"
ON "album_sharedUsers"."albumsId"="album"."id"
LEFT JOIN "users" "sharedUsers"
ON "sharedUsers"."id"="album_sharedUsers"."usersId"
AND "sharedUsers"."deletedAt" IS NULL
WHERE
(
"album"."ownerId" = $11
OR "sharedUsers"."id" = $12
)
AND (
"asset"."id" IN (SELECT id FROM "assetIds")
OR "asset"."livePhotoVideoId" IN (SELECT id FROM "assetIds")
)
AND "album"."deletedAt" IS NULL
```
* asset.checkSharedLinkAccess
```sql
-- Before
SELECT
"assets"."id" AS "assetId",
"assets"."livePhotoVideoId" AS "assetLivePhotoVideoId",
"albumAssets"."id" AS "albumAssetId",
"albumAssets"."livePhotoVideoId" AS "albumAssetLivePhotoVideoId"
FROM "shared_links" "sharedLink"
LEFT JOIN "albums" "album"
ON "album"."id"="sharedLink"."albumId"
AND "album"."deletedAt" IS NULL
LEFT JOIN "shared_link__asset" "assets_sharedLink"
ON "assets_sharedLink"."sharedLinksId"="sharedLink"."id"
LEFT JOIN "assets" "assets"
ON "assets"."id"="assets_sharedLink"."assetsId"
AND "assets"."deletedAt" IS NULL
LEFT JOIN "albums_assets_assets" "album_albumAssets"
ON "album_albumAssets"."albumsId"="album"."id"
LEFT JOIN "assets" "albumAssets"
ON "albumAssets"."id"="album_albumAssets"."assetsId"
AND "albumAssets"."deletedAt" IS NULL
WHERE
"sharedLink"."id" = $1
AND (
"assets"."id" IN ($2, $3, $4, $5, $6, $7, $8, $9, $10, $11)
OR "albumAssets"."id" IN ($12, $13, $14, $15, $16, $17, $18, $19, $20, $21)
OR "assets"."livePhotoVideoId" IN ($22, $23, $24, $25, $26, $27, $28, $29, $30, $31)
OR "albumAssets"."livePhotoVideoId" IN ($32, $33, $34, $35, $36, $37, $38, $39, $40, $41)
)
-- After
WITH "assetIds" AS (
SELECT unnest(array[$1, $2, $3, $4, $5, $6, $7, $8, $9, $10])::uuid AS "id"
FROM (SELECT 1 AS dummy_column) "dummy_table"
)
SELECT
"assets"."id" AS "assetId",
"assets"."livePhotoVideoId" AS "assetLivePhotoVideoId",
"albumAssets"."id" AS "albumAssetId",
"albumAssets"."livePhotoVideoId" AS "albumAssetLivePhotoVideoId"
FROM "shared_links" "sharedLink"
LEFT JOIN "albums" "album"
ON "album"."id"="sharedLink"."albumId"
AND "album"."deletedAt" IS NULL
LEFT JOIN "shared_link__asset" "assets_sharedLink"
ON "assets_sharedLink"."sharedLinksId"="sharedLink"."id"
LEFT JOIN "assets" "assets"
ON "assets"."id"="assets_sharedLink"."assetsId"
AND "assets"."deletedAt" IS NULL
LEFT JOIN "albums_assets_assets" "album_albumAssets"
ON "album_albumAssets"."albumsId"="album"."id"
LEFT JOIN "assets" "albumAssets"
ON "albumAssets"."id"="album_albumAssets"."assetsId"
AND "albumAssets"."deletedAt" IS NULL
WHERE
"sharedLink"."id" = $11
AND (
"assets"."id" IN (SELECT id FROM "assetIds")
OR "albumAssets"."id" IN (SELECT id FROM "assetIds")
OR "assets"."livePhotoVideoId" IN (SELECT id FROM "assetIds")
OR "albumAssets"."livePhotoVideoId" IN (SELECT id FROM "assetIds")
)
```
* fix: Use array overlapping instead of CTEs
included all thumbnail metadata. It seems this has to be explicitly disabled.
Refs: #4382
feat. basic metadata e2e test
fix: use tiff thumbnails in first step + e2e fix
fix: revert switch to tiff
feat: test metadata of both webp and jpg
feat: use upload in e2e test
fix: lint
strip metadata with exiftool
use `withIccProfile`
fix e2e
formatting
run jobs in e2e
* run migrations after checks
* optional migrations
* only run checks in server and e2e
* re-add migrations for microservices
* refactor
* move e2e init
* remove assert from migration
* update providers
* update microservices app service
* fixed logging
* refactored version check, added unit tests
* more version tests
* don't use mocks for sut
* refactor tests
* suggest image only if postgres is 14, 15 or 16
* review suggestions
* fixed regexp escape
* fix typing
* update migration
* Hide the person age if it is negative
* Add validation to prevent future birth dates
* Add comment
* Add test, Add birth date validation and update birth date modal
* Add birthDate validation in PersonService and SetBirthDateModal
* Running npm run format:fix
* Generating the migration file propoerly, and Make the birthdate form logic simpler
* Make birthDate type only string
* Adding useLocationPin back
* Allow building and installing cli
* feat: add format fix
* docs: remove cli folder
* feat: use immich scoped package
* feat: rewrite cli readme
* docs: add info on running without building
* cleanup
* chore: remove import functionality from cli
* feat: add logout to cli
* docs: add todo for file format from server
* docs: add compilation step to cli
* fix: success message spacing
* feat: can create albums
* fix: add check step to cli
* fix: typos
* feat: pull file formats from server
* chore: use crawl service from server
* chore: fix lint
* docs: add cli documentation
* chore: rename ignore pattern
* chore: add version number to cli
* feat: use sdk
* fix: cleanup
* feat: album name on windows
* chore: remove skipped asset field
* feat: add more info to server-info command
* chore: cleanup
* wip
* chore: remove unneeded packages
* e2e test can start
* git ignore for geocode in cli
* add cli e2e to github actions
* can do e2e tests in the cli
* simplify e2e test
* cleanup
* set matrix strategy in workflow
* run npm ci in server
* choose different working directory
* check out submodules too
* increase test timeout
* set node version
* cli docker e2e tests
* fix cli docker file
* run cli e2e in correct folder
* set docker context
* correct docker build
* remove cli from dockerignore
* chore: fix docs links
* feat: add cli v2 milestone
* fix: set correct cli date
* remove submodule
* chore: add npmignore
* chore(cli): push to npm
* fix: server e2e
* run npm ci in server
* remove state from e2e
* run npm ci in server
* reshuffle docker compose files
* use new e2e composes in makefile
* increase test timeout to 10 minutes
* make github actions run makefile e2e tests
* cleanup github test names
* assert on server version
* chore: split cli e2e tests into one file per command
* chore: set cli release working dir
* chore: add repo url to npmjs
* chore: bump node setup to v4
* chore: normalize the github url
* check e2e code in lint
* fix lint
* test key login flow
* feat: allow configurable config dir
* fix session service tests
* create missing dir
* cleanup
* bump cli version to 2.0.4
* remove form-data
* feat: allow single files as argument
* add version option
* bump dependencies
* fix lint
* wip use axios as upload
* version bump
* cApiTALiZaTiON
* don't touch package lock
* wip: don't use job queues
* don't use make for cli e2e
* fix server e2e
* chore: remove old gha step
* add npm ci to server
---------
Co-authored-by: Alex <alex.tran1502@gmail.com>
Co-authored-by: Jason Rasmussen <jrasm91@gmail.com>
Modify Access repository, to evaluate `asset` permissions in bulk.
This is the last set of permission changes, to migrate all of them to
run in bulk!
Queries have been validated to match what they currently generate for single ids.
Queries:
* `activity` owner access:
```sql
-- Before
SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS (
SELECT 1
FROM "activity" "ActivityEntity"
WHERE
"ActivityEntity"."id" = $1
AND "ActivityEntity"."userId" = $2
)
LIMIT 1
-- After
SELECT "ActivityEntity"."id" AS "ActivityEntity_id"
FROM "activity" "ActivityEntity"
WHERE
"ActivityEntity"."id" IN ($1)
AND "ActivityEntity"."userId" = $2
```
* `activity` album owner access:
```sql
-- Before
SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS (
SELECT 1
FROM "activity" "ActivityEntity"
LEFT JOIN "albums" "ActivityEntity__ActivityEntity_album"
ON "ActivityEntity__ActivityEntity_album"."id"="ActivityEntity"."albumId"
AND "ActivityEntity__ActivityEntity_album"."deletedAt" IS NULL
WHERE
"ActivityEntity"."id" = $1
AND "ActivityEntity__ActivityEntity_album"."ownerId" = $2
)
LIMIT 1
-- After
SELECT "ActivityEntity"."id" AS "ActivityEntity_id"
FROM "activity" "ActivityEntity"
LEFT JOIN "albums" "ActivityEntity__ActivityEntity_album"
ON "ActivityEntity__ActivityEntity_album"."id"="ActivityEntity"."albumId"
AND "ActivityEntity__ActivityEntity_album"."deletedAt" IS NULL
WHERE
"ActivityEntity"."id" IN ($1)
AND "ActivityEntity__ActivityEntity_album"."ownerId" = $2
```
* `activity` create access:
```sql
-- Before
SELECT 1 AS "row_exists" FROM (SELECT 1 AS dummy_column) "dummy_table" WHERE EXISTS (
SELECT 1
FROM "albums" "AlbumEntity"
LEFT JOIN "albums_shared_users_users" "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"
ON "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."albumsId"="AlbumEntity"."id"
LEFT JOIN "users" "AlbumEntity__AlbumEntity_sharedUsers"
ON "AlbumEntity__AlbumEntity_sharedUsers"."id"="AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."usersId"
AND "AlbumEntity__AlbumEntity_sharedUsers"."deletedAt" IS NULL
WHERE
(
(
"AlbumEntity"."id" = $1
AND "AlbumEntity"."isActivityEnabled" = $2
AND "AlbumEntity__AlbumEntity_sharedUsers"."id" = $3
)
OR (
"AlbumEntity"."id" = $4
AND "AlbumEntity"."isActivityEnabled" = $5
AND "AlbumEntity"."ownerId" = $6
)
)
AND "AlbumEntity"."deletedAt" IS NULL
)
LIMIT 1
-- After
SELECT "AlbumEntity"."id" AS "AlbumEntity_id"
FROM "albums" "AlbumEntity"
LEFT JOIN "albums_shared_users_users" "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"
ON "AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."albumsId"="AlbumEntity"."id"
LEFT JOIN "users" "AlbumEntity__AlbumEntity_sharedUsers"
ON "AlbumEntity__AlbumEntity_sharedUsers"."id"="AlbumEntity_AlbumEntity__AlbumEntity_sharedUsers"."usersId"
AND "AlbumEntity__AlbumEntity_sharedUsers"."deletedAt" IS NULL
WHERE
(
(
"AlbumEntity"."id" IN ($1)
AND "AlbumEntity"."isActivityEnabled" = $2
AND "AlbumEntity__AlbumEntity_sharedUsers"."id" = $3
)
OR (
"AlbumEntity"."id" IN ($4)
AND "AlbumEntity"."isActivityEnabled" = $5
AND "AlbumEntity"."ownerId" = $6
)
)
AND "AlbumEntity"."deletedAt" IS NULL
```