immich/server/src/controllers/asset-upload.controller.ts

import { Controller, Delete, Head, HttpCode, HttpStatus, Options, Param, Patch, Post, Req, Res } from '@nestjs/common';
import { ApiHeader, ApiOkResponse, ApiTags } from '@nestjs/swagger';
import { Request, Response } from 'express';
import { GetUploadStatusDto, Header, ResumeUploadDto, StartUploadDto, UploadOkDto } from 'src/dtos/asset-upload.dto';
import { AuthDto } from 'src/dtos/auth.dto';
import { ImmichHeader, Permission } from 'src/enum';
import { Auth, Authenticated } from 'src/middleware/auth.guard';
import { AssetUploadService } from 'src/services/asset-upload.service';
import { validateSyncOrReject } from 'src/utils/request';
import { UUIDParamDto } from 'src/validation';

const apiInteropVersion = {
  name: Header.InteropVersion,
  description: `Indicates the version of the RUFH protocol supported by the client.`,
  required: true,
};

const apiUploadComplete = {
  name: Header.UploadComplete,
  description:
    'Structured boolean indicating whether this request completes the file. Use Upload-Incomplete instead for version <= 3.',
  required: true,
};

const apiContentLength = {
  name: Header.ContentLength,
  description: 'Non-negative size of the request body in bytes.',
  required: true,
};

// This is important to let go of the asset lock for an inactive request
const SOCKET_TIMEOUT_MS = 30_000;

@ApiTags('Upload')
@Controller('upload')
export class AssetUploadController {
  constructor(private service: AssetUploadService) {}

  @Post()
  @Authenticated({ sharedLink: true, permission: Permission.AssetUpload })
  @ApiHeader({
    name: ImmichHeader.AssetData,
    description: `RFC 9651 structured dictionary containing asset metadata with the following keys:
- device-asset-id (string, required): Unique device asset identifier
- device-id (string, required): Device identifier
- file-created-at (string/date, required): ISO 8601 date string or Unix timestamp
- file-modified-at (string/date, required): ISO 8601 date string or Unix timestamp
- filename (string, required): Original filename
- is-favorite (boolean, optional): Favorite status
- live-photo-video-id (string, optional): Live photo ID for assets from iOS devices
- icloud-id (string, optional): iCloud identifier for assets from iOS devices`,
    required: true,
    example:
      'device-asset-id="abc123", device-id="phone1", filename="photo.jpg", file-created-at="2024-01-01T00:00:00Z", file-modified-at="2024-01-01T00:00:00Z"',
  })
  @ApiHeader({
    name: Header.ReprDigest,
    description:
      'RFC 9651 structured dictionary containing an `sha` (bytesequence) checksum used to detect duplicate files and validate data integrity.',
    required: true,
  })
  @ApiHeader({ ...apiInteropVersion, required: false })
  @ApiHeader({ ...apiUploadComplete, required: false })
  @ApiHeader(apiContentLength)
  @ApiOkResponse({ type: UploadOkDto })
  startUpload(@Auth() auth: AuthDto, @Req() req: Request, @Res() res: Response): Promise<void> {
    res.setTimeout(SOCKET_TIMEOUT_MS);
    return this.service.startUpload(auth, req, res, validateSyncOrReject(StartUploadDto, req.headers));
  }

  @Patch(':id')
  @Authenticated({ sharedLink: true, permission: Permission.AssetUpload })
  @ApiHeader({
    name: Header.UploadOffset,
    description:
      'Non-negative byte offset indicating the starting position of the data in the request body within the entire file.',
    required: true,
  })
  @ApiHeader(apiInteropVersion)
  @ApiHeader(apiUploadComplete)
  @ApiHeader(apiContentLength)
  @ApiOkResponse({ type: UploadOkDto })
  resumeUpload(@Auth() auth: AuthDto, @Req() req: Request, @Res() res: Response, @Param() { id }: UUIDParamDto) {
    res.setTimeout(SOCKET_TIMEOUT_MS);
    return this.service.resumeUpload(auth, req, res, id, validateSyncOrReject(ResumeUploadDto, req.headers));
  }

  @Delete(':id')
  @Authenticated({ sharedLink: true, permission: Permission.AssetUpload })
  cancelUpload(@Auth() auth: AuthDto, @Res() res: Response, @Param() { id }: UUIDParamDto) {
    res.setTimeout(SOCKET_TIMEOUT_MS);
    return this.service.cancelUpload(auth, id, res);
  }

  @Head(':id')
  @Authenticated({ sharedLink: true, permission: Permission.AssetUpload })
  @ApiHeader(apiInteropVersion)
  getUploadStatus(@Auth() auth: AuthDto, @Req() req: Request, @Res() res: Response, @Param() { id }: UUIDParamDto) {
    res.setTimeout(SOCKET_TIMEOUT_MS);
    return this.service.getUploadStatus(auth, res, id, validateSyncOrReject(GetUploadStatusDto, req.headers));
  }

  @Options()
  @HttpCode(HttpStatus.NO_CONTENT)
  getUploadOptions(@Res() res: Response) {
    return this.service.getUploadOptions(res);
  }
}
update api 2025-10-10 19:35:18 -04:00			`import { Controller, Delete, Head, HttpCode, HttpStatus, Options, Param, Patch, Post, Req, Res } from '@nestjs/common';`
listen to upload event in e2e test resume with real image 2025-10-06 21:00:20 -04:00			`import { ApiHeader, ApiOkResponse, ApiTags } from '@nestjs/swagger';`
add note about RFC 9651 authdto remove excess logs use structured dictionary 2025-10-03 01:24:38 -04:00			`import { Request, Response } from 'express';`
infer upload length when possible 2025-10-10 20:59:53 -04:00			`import { GetUploadStatusDto, Header, ResumeUploadDto, StartUploadDto, UploadOkDto } from 'src/dtos/asset-upload.dto';`
chunked upload controller 2025-09-24 13:56:46 -04:00			`import { AuthDto } from 'src/dtos/auth.dto';`
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`import { ImmichHeader, Permission } from 'src/enum';`
add note about RFC 9651 authdto remove excess logs use structured dictionary 2025-10-03 01:24:38 -04:00			`import { Auth, Authenticated } from 'src/middleware/auth.guard';`
chunked upload controller 2025-09-24 13:56:46 -04:00			`import { AssetUploadService } from 'src/services/asset-upload.service';`
add controller tests, move validation testing from e2e revert unnecessary change update mocks add structured-headers to e2e deps 2025-10-06 15:14:26 -04:00			`import { validateSyncOrReject } from 'src/utils/request';`
chunked upload controller 2025-09-24 13:56:46 -04:00			`import { UUIDParamDto } from 'src/validation';`

dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`const apiInteropVersion = {`
infer upload length when possible 2025-10-10 20:59:53 -04:00			`name: Header.InteropVersion,`
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			description: `Indicates the version of the RUFH protocol supported by the client.`,
			`required: true,`
			`};`

			`const apiUploadComplete = {`
infer upload length when possible 2025-10-10 20:59:53 -04:00			`name: Header.UploadComplete,`
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`description:`
			`'Structured boolean indicating whether this request completes the file. Use Upload-Incomplete instead for version <= 3.',`
			`required: true,`
			`};`

			`const apiContentLength = {`
infer upload length when possible 2025-10-10 20:59:53 -04:00			`name: Header.ContentLength,`
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`description: 'Non-negative size of the request body in bytes.',`
			`required: true,`
			`};`

add timeout 2025-10-07 14:13:00 -04:00			`// This is important to let go of the asset lock for an inactive request`
			`const SOCKET_TIMEOUT_MS = 30_000;`

chunked upload controller 2025-09-24 13:56:46 -04:00			`@ApiTags('Upload')`
			`@Controller('upload')`
			`export class AssetUploadController {`
			`constructor(private service: AssetUploadService) {}`

interop v8 compliance 2025-09-28 18:37:16 -04:00			`@Post()`
chunked upload controller 2025-09-24 13:56:46 -04:00			`@Authenticated({ sharedLink: true, permission: Permission.AssetUpload })`
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`@ApiHeader({`
			`name: ImmichHeader.AssetData,`
add note about RFC 9651 authdto remove excess logs use structured dictionary 2025-10-03 01:24:38 -04:00			description: `RFC 9651 structured dictionary containing asset metadata with the following keys:
			`- device-asset-id (string, required): Unique device asset identifier`
			`- device-id (string, required): Device identifier`
			`- file-created-at (string/date, required): ISO 8601 date string or Unix timestamp`
			`- file-modified-at (string/date, required): ISO 8601 date string or Unix timestamp`
			`- filename (string, required): Original filename`
			`- is-favorite (boolean, optional): Favorite status`
handle live photos 2025-10-09 16:12:47 -04:00			`- live-photo-video-id (string, optional): Live photo ID for assets from iOS devices`
add note about RFC 9651 authdto remove excess logs use structured dictionary 2025-10-03 01:24:38 -04:00			- icloud-id (string, optional): iCloud identifier for assets from iOS devices`,
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`required: true,`
add note about RFC 9651 authdto remove excess logs use structured dictionary 2025-10-03 01:24:38 -04:00			`example:`
			`'device-asset-id="abc123", device-id="phone1", filename="photo.jpg", file-created-at="2024-01-01T00:00:00Z", file-modified-at="2024-01-01T00:00:00Z"',`
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`})`
			`@ApiHeader({`
infer upload length when possible 2025-10-10 20:59:53 -04:00			`name: Header.ReprDigest,`
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`description:`
add note about RFC 9651 authdto remove excess logs use structured dictionary 2025-10-03 01:24:38 -04:00			'RFC 9651 structured dictionary containing an `sha` (bytesequence) checksum used to detect duplicate files and validate data integrity.',
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`required: true,`
			`})`
update api 2025-10-12 19:29:11 -04:00			`@ApiHeader({ ...apiInteropVersion, required: false })`
			`@ApiHeader({ ...apiUploadComplete, required: false })`
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`@ApiHeader(apiContentLength)`
listen to upload event in e2e test resume with real image 2025-10-06 21:00:20 -04:00			`@ApiOkResponse({ type: UploadOkDto })`
add note about RFC 9651 authdto remove excess logs use structured dictionary 2025-10-03 01:24:38 -04:00			`startUpload(@Auth() auth: AuthDto, @Req() req: Request, @Res() res: Response): Promise<void> {`
add timeout 2025-10-07 14:13:00 -04:00			`res.setTimeout(SOCKET_TIMEOUT_MS);`
add controller tests, move validation testing from e2e revert unnecessary change update mocks add structured-headers to e2e deps 2025-10-06 15:14:26 -04:00			`return this.service.startUpload(auth, req, res, validateSyncOrReject(StartUploadDto, req.headers));`
chunked upload controller 2025-09-24 13:56:46 -04:00			`}`

interop v8 compliance 2025-09-28 18:37:16 -04:00			`@Patch(':id')`
chunked upload controller 2025-09-24 13:56:46 -04:00			`@Authenticated({ sharedLink: true, permission: Permission.AssetUpload })`
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`@ApiHeader({`
infer upload length when possible 2025-10-10 20:59:53 -04:00			`name: Header.UploadOffset,`
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`description:`
			`'Non-negative byte offset indicating the starting position of the data in the request body within the entire file.',`
			`required: true,`
			`})`
			`@ApiHeader(apiInteropVersion)`
			`@ApiHeader(apiUploadComplete)`
			`@ApiHeader(apiContentLength)`
listen to upload event in e2e test resume with real image 2025-10-06 21:00:20 -04:00			`@ApiOkResponse({ type: UploadOkDto })`
add note about RFC 9651 authdto remove excess logs use structured dictionary 2025-10-03 01:24:38 -04:00			`resumeUpload(@Auth() auth: AuthDto, @Req() req: Request, @Res() res: Response, @Param() { id }: UUIDParamDto) {`
add timeout 2025-10-07 14:13:00 -04:00			`res.setTimeout(SOCKET_TIMEOUT_MS);`
add controller tests, move validation testing from e2e revert unnecessary change update mocks add structured-headers to e2e deps 2025-10-06 15:14:26 -04:00			`return this.service.resumeUpload(auth, req, res, id, validateSyncOrReject(ResumeUploadDto, req.headers));`
chunked upload controller 2025-09-24 13:56:46 -04:00			`}`

interop v8 compliance 2025-09-28 18:37:16 -04:00			`@Delete(':id')`
			`@Authenticated({ sharedLink: true, permission: Permission.AssetUpload })`
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`cancelUpload(@Auth() auth: AuthDto, @Res() res: Response, @Param() { id }: UUIDParamDto) {`
add timeout 2025-10-07 14:13:00 -04:00			`res.setTimeout(SOCKET_TIMEOUT_MS);`
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`return this.service.cancelUpload(auth, id, res);`
interop v8 compliance 2025-09-28 18:37:16 -04:00			`}`

working e2e 2025-09-29 03:40:24 -04:00			`@Head(':id')`
interop v8 compliance 2025-09-28 18:37:16 -04:00			`@Authenticated({ sharedLink: true, permission: Permission.AssetUpload })`
dto refactor add logging handle metadata 2025-09-29 18:09:06 -04:00			`@ApiHeader(apiInteropVersion)`
add note about RFC 9651 authdto remove excess logs use structured dictionary 2025-10-03 01:24:38 -04:00			`getUploadStatus(@Auth() auth: AuthDto, @Req() req: Request, @Res() res: Response, @Param() { id }: UUIDParamDto) {`
add timeout 2025-10-07 14:13:00 -04:00			`res.setTimeout(SOCKET_TIMEOUT_MS);`
add controller tests, move validation testing from e2e revert unnecessary change update mocks add structured-headers to e2e deps 2025-10-06 15:14:26 -04:00			`return this.service.getUploadStatus(auth, res, id, validateSyncOrReject(GetUploadStatusDto, req.headers));`
interop v8 compliance 2025-09-28 18:37:16 -04:00			`}`

working e2e 2025-09-29 03:40:24 -04:00			`@Options()`
update api 2025-10-10 19:35:18 -04:00			`@HttpCode(HttpStatus.NO_CONTENT)`
set `max-age` limit 2025-10-10 19:26:22 -04:00			`getUploadOptions(@Res() res: Response) {`
			`return this.service.getUploadOptions(res);`
			`}`
chunked upload controller 2025-09-24 13:56:46 -04:00			`}`