immich/server/libs/domain/src/user-token/user-token.core.ts

import { UserEntity } from '@app/infra/db/entities';
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { ICryptoRepository } from '../crypto';
import { IUserTokenRepository } from './user-token.repository';

@Injectable()
export class UserTokenCore {
  constructor(private crypto: ICryptoRepository, private repository: IUserTokenRepository) {}

  async validate(tokenValue: string) {
    const hashedToken = this.crypto.hashSha256(tokenValue);
    const user = await this.getUserByToken(hashedToken);
    if (user) {
      return {
        ...user,
        isPublicUser: false,
        isAllowUpload: true,
        isAllowDownload: true,
        isShowExif: true,
      };
    }

    throw new UnauthorizedException('Invalid user token');
  }

  public async getUserByToken(tokenValue: string): Promise<UserEntity | null> {
    const token = await this.repository.get(tokenValue);
    if (token?.user) {
      return token.user;
    }
    return null;
  }

  public async createToken(user: UserEntity): Promise<string> {
    const key = this.crypto.randomBytes(32).toString('base64').replace(/\W/g, '');
    const token = this.crypto.hashSha256(key);
    await this.repository.create({
      token,
      user,
    });

    return key;
  }
}
feat(server): move authentication to tokens stored in the database (#1381) * chore: add typeorm commands to npm and set default database config values * feat: move to server side authentication tokens * fix: websocket should emit error and disconnect on error thrown by the server * refactor: rename cookie-auth-strategy to user-auth-strategy * feat: user tokens and API keys now use SHA256 hash for performance improvements * test: album e2e test remove unneeded module import * infra: truncate api key table as old keys will no longer work with new hash algorithm * fix(server): e2e tests (#1435) * fix: root module paths * chore: linting * chore: rename user-auth to strategy.ts and make validate return AuthUserDto * fix: we should always send HttpOnly for our auth cookies * chore: remove now unused crypto functions and jwt dependencies * fix: return the extra fields for AuthUserDto in auth service validate --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> 2023-01-27 20:50:07 +00:00			`import { UserEntity } from '@app/infra/db/entities';`
refactor(server): auth guard (#1472) * refactor: auth guard * chore: move auth guard to middleware * chore: tests * chore: remove unused code * fix: migration to uuid without dataloss * chore: e2e tests * chore: removed unused guards 2023-01-31 13:11:49 -05:00			`import { Injectable, UnauthorizedException } from '@nestjs/common';`
			`import { ICryptoRepository } from '../crypto';`
feat(server): move authentication to tokens stored in the database (#1381) * chore: add typeorm commands to npm and set default database config values * feat: move to server side authentication tokens * fix: websocket should emit error and disconnect on error thrown by the server * refactor: rename cookie-auth-strategy to user-auth-strategy * feat: user tokens and API keys now use SHA256 hash for performance improvements * test: album e2e test remove unneeded module import * infra: truncate api key table as old keys will no longer work with new hash algorithm * fix(server): e2e tests (#1435) * fix: root module paths * chore: linting * chore: rename user-auth to strategy.ts and make validate return AuthUserDto * fix: we should always send HttpOnly for our auth cookies * chore: remove now unused crypto functions and jwt dependencies * fix: return the extra fields for AuthUserDto in auth service validate --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> 2023-01-27 20:50:07 +00:00			`import { IUserTokenRepository } from './user-token.repository';`

			`@Injectable()`
			`export class UserTokenCore {`
			`constructor(private crypto: ICryptoRepository, private repository: IUserTokenRepository) {}`

refactor(server): auth guard (#1472) * refactor: auth guard * chore: move auth guard to middleware * chore: tests * chore: remove unused code * fix: migration to uuid without dataloss * chore: e2e tests * chore: removed unused guards 2023-01-31 13:11:49 -05:00			`async validate(tokenValue: string) {`
			`const hashedToken = this.crypto.hashSha256(tokenValue);`
			`const user = await this.getUserByToken(hashedToken);`
			`if (user) {`
			`return {`
			`...user,`
			`isPublicUser: false,`
			`isAllowUpload: true,`
			`isAllowDownload: true,`
			`isShowExif: true,`
			`};`
			`}`

			`throw new UnauthorizedException('Invalid user token');`
			`}`

feat(server): move authentication to tokens stored in the database (#1381) * chore: add typeorm commands to npm and set default database config values * feat: move to server side authentication tokens * fix: websocket should emit error and disconnect on error thrown by the server * refactor: rename cookie-auth-strategy to user-auth-strategy * feat: user tokens and API keys now use SHA256 hash for performance improvements * test: album e2e test remove unneeded module import * infra: truncate api key table as old keys will no longer work with new hash algorithm * fix(server): e2e tests (#1435) * fix: root module paths * chore: linting * chore: rename user-auth to strategy.ts and make validate return AuthUserDto * fix: we should always send HttpOnly for our auth cookies * chore: remove now unused crypto functions and jwt dependencies * fix: return the extra fields for AuthUserDto in auth service validate --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> 2023-01-27 20:50:07 +00:00			`public async getUserByToken(tokenValue: string): Promise<UserEntity \| null> {`
			`const token = await this.repository.get(tokenValue);`
			`if (token?.user) {`
			`return token.user;`
			`}`
			`return null;`
			`}`

			`public async createToken(user: UserEntity): Promise<string> {`
			`const key = this.crypto.randomBytes(32).toString('base64').replace(/\W/g, '');`
			`const token = this.crypto.hashSha256(key);`
			`await this.repository.create({`
			`token,`
			`user,`
			`});`

			`return key;`
			`}`
			`}`