immich/server/src/services/user-admin.service.ts

import { BadRequestException, ForbiddenException, Injectable } from '@nestjs/common';
import { SALT_ROUNDS } from 'src/constants';
import { AssetStatsDto, AssetStatsResponseDto, mapStats } from 'src/dtos/asset.dto';
import { AuthDto } from 'src/dtos/auth.dto';
import { UserPreferencesResponseDto, UserPreferencesUpdateDto, mapPreferences } from 'src/dtos/user-preferences.dto';
import {
  UserAdminCreateDto,
  UserAdminDeleteDto,
  UserAdminResponseDto,
  UserAdminSearchDto,
  UserAdminUpdateDto,
  mapUserAdmin,
} from 'src/dtos/user.dto';
import { JobName, UserMetadataKey, UserStatus } from 'src/enum';
import { UserFindOptions } from 'src/repositories/user.repository';
import { BaseService } from 'src/services/base.service';
import { getPreferences, getPreferencesPartial, mergePreferences } from 'src/utils/preferences';

@Injectable()
export class UserAdminService extends BaseService {
  async search(auth: AuthDto, dto: UserAdminSearchDto): Promise<UserAdminResponseDto[]> {
    const users = await this.userRepository.getList({
      id: dto.id,
      withDeleted: dto.withDeleted,
    });
    return users.map((user) => mapUserAdmin(user));
  }

  async create(dto: UserAdminCreateDto): Promise<UserAdminResponseDto> {
    const { notify, ...userDto } = dto;
    const config = await this.getConfig({ withCache: false });
    if (!config.oauth.enabled && !userDto.password) {
      throw new BadRequestException('password is required');
    }

    const user = await this.createUser(userDto);

    await this.eventRepository.emit('UserSignup', {
      notify: !!notify,
      id: user.id,
      password: userDto.password,
    });

    return mapUserAdmin(user);
  }

  async get(auth: AuthDto, id: string): Promise<UserAdminResponseDto> {
    const user = await this.findOrFail(id, { withDeleted: true });
    return mapUserAdmin(user);
  }

  async update(auth: AuthDto, id: string, dto: UserAdminUpdateDto): Promise<UserAdminResponseDto> {
    const user = await this.findOrFail(id, {});

    if (dto.isAdmin !== undefined && dto.isAdmin !== auth.user.isAdmin && auth.user.id === id) {
      throw new BadRequestException('Admin status can only be changed by another admin');
    }

    if (dto.quotaSizeInBytes && user.quotaSizeInBytes !== dto.quotaSizeInBytes) {
      await this.userRepository.syncUsage(id);
    }

    if (dto.email) {
      const duplicate = await this.userRepository.getByEmail(dto.email);
      if (duplicate && duplicate.id !== id) {
        throw new BadRequestException('Email already in use by another account');
      }
    }

    if (dto.storageLabel) {
      const duplicate = await this.userRepository.getByStorageLabel(dto.storageLabel);
      if (duplicate && duplicate.id !== id) {
        throw new BadRequestException('Storage label already in use by another account');
      }
    }

    if (dto.password) {
      dto.password = await this.cryptoRepository.hashBcrypt(dto.password, SALT_ROUNDS);
    }

    if (dto.pinCode) {
      dto.pinCode = await this.cryptoRepository.hashBcrypt(dto.pinCode, SALT_ROUNDS);
    }

    if (dto.storageLabel === '') {
      dto.storageLabel = null;
    }

    const updatedUser = await this.userRepository.update(id, { ...dto, updatedAt: new Date() });

    return mapUserAdmin(updatedUser);
  }

  async delete(auth: AuthDto, id: string, dto: UserAdminDeleteDto): Promise<UserAdminResponseDto> {
    const { force } = dto;
    await this.findOrFail(id, {});
    if (auth.user.id === id) {
      throw new ForbiddenException('Cannot delete your own account');
    }

    await this.albumRepository.softDeleteAll(id);

    const status = force ? UserStatus.Removing : UserStatus.Deleted;
    const user = await this.userRepository.update(id, { status, deletedAt: new Date() });

    if (force) {
      await this.jobRepository.queue({ name: JobName.UserDelete, data: { id: user.id, force } });
    }

    return mapUserAdmin(user);
  }

  async restore(auth: AuthDto, id: string): Promise<UserAdminResponseDto> {
    await this.findOrFail(id, { withDeleted: true });
    await this.albumRepository.restoreAll(id);
    const user = await this.userRepository.restore(id);
    return mapUserAdmin(user);
  }

  async getStatistics(auth: AuthDto, id: string, dto: AssetStatsDto): Promise<AssetStatsResponseDto> {
    const stats = await this.assetRepository.getStatistics(id, dto);
    return mapStats(stats);
  }

  async getPreferences(auth: AuthDto, id: string): Promise<UserPreferencesResponseDto> {
    await this.findOrFail(id, { withDeleted: true });
    const metadata = await this.userRepository.getMetadata(id);
    return mapPreferences(getPreferences(metadata));
  }

  async updatePreferences(auth: AuthDto, id: string, dto: UserPreferencesUpdateDto) {
    await this.findOrFail(id, { withDeleted: false });
    const metadata = await this.userRepository.getMetadata(id);
    const newPreferences = mergePreferences(getPreferences(metadata), dto);

    await this.userRepository.upsertMetadata(id, {
      key: UserMetadataKey.Preferences,
      value: getPreferencesPartial(newPreferences),
    });

    return mapPreferences(newPreferences);
  }

  private async findOrFail(id: string, options: UserFindOptions) {
    const user = await this.userRepository.get(id, options);
    if (!user) {
      throw new BadRequestException('User not found');
    }
    return user;
  }
}
refactor: service dependencies (#13108) refactor(server): simplify service dependency management 2024-10-02 10:54:35 -04:00			`import { BadRequestException, ForbiddenException, Injectable } from '@nestjs/common';`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`import { SALT_ROUNDS } from 'src/constants';`
feat(web): user detail page (#18230) feat: user detail page 2025-05-12 16:50:26 -04:00			`import { AssetStatsDto, AssetStatsResponseDto, mapStats } from 'src/dtos/asset.dto';`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`import { AuthDto } from 'src/dtos/auth.dto';`
feat(server): user preferences (#9736) * refactor(server): user endpoints * feat(server): user preferences * mobile: user preference * wording --------- Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-27 22:16:53 -04:00			`import { UserPreferencesResponseDto, UserPreferencesUpdateDto, mapPreferences } from 'src/dtos/user-preferences.dto';`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`import {`
			`UserAdminCreateDto,`
			`UserAdminDeleteDto,`
			`UserAdminResponseDto,`
			`UserAdminSearchDto,`
			`UserAdminUpdateDto,`
			`mapUserAdmin,`
			`} from 'src/dtos/user.dto';`
refactor: last repository (#16042) 2025-02-11 17:15:56 -05:00			`import { JobName, UserMetadataKey, UserStatus } from 'src/enum';`
refactor: repositories (#16036) 2025-02-11 14:08:13 -05:00			`import { UserFindOptions } from 'src/repositories/user.repository';`
refactor: service dependencies (#13108) refactor(server): simplify service dependency management 2024-10-02 10:54:35 -04:00			`import { BaseService } from 'src/services/base.service';`
feat(server): user preferences (#9736) * refactor(server): user endpoints * feat(server): user preferences * mobile: user preference * wording --------- Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-27 22:16:53 -04:00			`import { getPreferences, getPreferencesPartial, mergePreferences } from 'src/utils/preferences';`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00
			`@Injectable()`
refactor: service dependencies (#13108) refactor(server): simplify service dependency management 2024-10-02 10:54:35 -04:00			`export class UserAdminService extends BaseService {`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`async search(auth: AuthDto, dto: UserAdminSearchDto): Promise<UserAdminResponseDto[]> {`
feat(web): user detail page (#18230) feat: user detail page 2025-05-12 16:50:26 -04:00			`const users = await this.userRepository.getList({`
			`id: dto.id,`
			`withDeleted: dto.withDeleted,`
			`});`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`return users.map((user) => mapUserAdmin(user));`
			`}`

			`async create(dto: UserAdminCreateDto): Promise<UserAdminResponseDto> {`
refactor(server): user create logic (#13728) 2024-10-24 17:24:37 -04:00			`const { notify, ...userDto } = dto;`
fix(server): Allow passwordless users when oauth enabled (#13517) * fix(server): Allow passwordless users when oauth enabled * fix(web): Use features flags for checking oauth 2024-10-17 21:54:50 +05:30			`const config = await this.getConfig({ withCache: false });`
refactor(server): user create logic (#13728) 2024-10-24 17:24:37 -04:00			`if (!config.oauth.enabled && !userDto.password) {`
fix(server): Allow passwordless users when oauth enabled (#13517) * fix(server): Allow passwordless users when oauth enabled * fix(web): Use features flags for checking oauth 2024-10-17 21:54:50 +05:30			`throw new BadRequestException('password is required');`
			`}`
refactor(server): user create logic (#13728) 2024-10-24 17:24:37 -04:00
			`const user = await this.createUser(userDto);`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00
refactor: event names (#19945) 2025-07-15 13:41:19 -04:00			`await this.eventRepository.emit('UserSignup', {`
refactor(server): notification events (#10754) 2024-07-03 22:06:20 -04:00			`notify: !!notify,`
			`id: user.id,`
fix: welcome email password (#21732) 2025-09-10 09:11:42 -04:00			`password: userDto.password,`
refactor(server): notification events (#10754) 2024-07-03 22:06:20 -04:00			`});`

refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`return mapUserAdmin(user);`
			`}`

			`async get(auth: AuthDto, id: string): Promise<UserAdminResponseDto> {`
			`const user = await this.findOrFail(id, { withDeleted: true });`
			`return mapUserAdmin(user);`
			`}`

			`async update(auth: AuthDto, id: string, dto: UserAdminUpdateDto): Promise<UserAdminResponseDto> {`
			`const user = await this.findOrFail(id, {});`

feat(web): Added admin user config to user settings (#15380) * feat(web): Added admin user config to user settings * feat (web) - cleaned up the files and added tests * feat (web) - added missing files * feat (web) - updated per review comments * feat (web) - e2e admin command test failures 2025-06-11 21:11:13 -05:00			`if (dto.isAdmin !== undefined && dto.isAdmin !== auth.user.isAdmin && auth.user.id === id) {`
			`throw new BadRequestException('Admin status can only be changed by another admin');`
			`}`

refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`if (dto.quotaSizeInBytes && user.quotaSizeInBytes !== dto.quotaSizeInBytes) {`
			`await this.userRepository.syncUsage(id);`
			`}`

			`if (dto.email) {`
			`const duplicate = await this.userRepository.getByEmail(dto.email);`
			`if (duplicate && duplicate.id !== id) {`
			`throw new BadRequestException('Email already in use by another account');`
			`}`
			`}`

			`if (dto.storageLabel) {`
			`const duplicate = await this.userRepository.getByStorageLabel(dto.storageLabel);`
			`if (duplicate && duplicate.id !== id) {`
			`throw new BadRequestException('Storage label already in use by another account');`
			`}`
			`}`

			`if (dto.password) {`
			`dto.password = await this.cryptoRepository.hashBcrypt(dto.password, SALT_ROUNDS);`
			`}`

feat: user pin-code (#18138) * feat: user pincode * pr feedback * chore: cleanup --------- Co-authored-by: Jason Rasmussen <jason@rasm.me> 2025-05-09 16:00:58 -05:00			`if (dto.pinCode) {`
			`dto.pinCode = await this.cryptoRepository.hashBcrypt(dto.pinCode, SALT_ROUNDS);`
			`}`

refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`if (dto.storageLabel === '') {`
			`dto.storageLabel = null;`
			`}`

			`const updatedUser = await this.userRepository.update(id, { ...dto, updatedAt: new Date() });`

			`return mapUserAdmin(updatedUser);`
			`}`

			`async delete(auth: AuthDto, id: string, dto: UserAdminDeleteDto): Promise<UserAdminResponseDto> {`
			`const { force } = dto;`
feat(web): Added admin user config to user settings (#15380) * feat(web): Added admin user config to user settings * feat (web) - cleaned up the files and added tests * feat (web) - added missing files * feat (web) - updated per review comments * feat (web) - e2e admin command test failures 2025-06-11 21:11:13 -05:00			`await this.findOrFail(id, {});`
			`if (auth.user.id === id) {`
			`throw new ForbiddenException('Cannot delete your own account');`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`}`

			`await this.albumRepository.softDeleteAll(id);`

refactor: enum casing (#19946) 2025-07-15 14:50:13 -04:00			`const status = force ? UserStatus.Removing : UserStatus.Deleted;`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`const user = await this.userRepository.update(id, { status, deletedAt: new Date() });`

			`if (force) {`
refactor: job names (#19949) 2025-07-15 18:39:00 -04:00			`await this.jobRepository.queue({ name: JobName.UserDelete, data: { id: user.id, force } });`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`}`

			`return mapUserAdmin(user);`
			`}`

			`async restore(auth: AuthDto, id: string): Promise<UserAdminResponseDto> {`
			`await this.findOrFail(id, { withDeleted: true });`
			`await this.albumRepository.restoreAll(id);`
fix(server): restore user (#15763) 2025-01-29 11:49:08 -05:00			`const user = await this.userRepository.restore(id);`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`return mapUserAdmin(user);`
			`}`

feat(web): user detail page (#18230) feat: user detail page 2025-05-12 16:50:26 -04:00			`async getStatistics(auth: AuthDto, id: string, dto: AssetStatsDto): Promise<AssetStatsResponseDto> {`
fix(web): user details (#18253) fix(server, web): user details 2025-05-13 19:55:58 +08:00			`const stats = await this.assetRepository.getStatistics(id, dto);`
feat(web): user detail page (#18230) feat: user detail page 2025-05-12 16:50:26 -04:00			`return mapStats(stats);`
			`}`

feat(server): user preferences (#9736) * refactor(server): user endpoints * feat(server): user preferences * mobile: user preference * wording --------- Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-27 22:16:53 -04:00			`async getPreferences(auth: AuthDto, id: string): Promise<UserPreferencesResponseDto> {`
refactor: user avatar color (#17753) 2025-04-28 09:54:51 -04:00			`await this.findOrFail(id, { withDeleted: true });`
refactor(server): narrow auth types (#16066) 2025-02-12 15:23:08 -05:00			`const metadata = await this.userRepository.getMetadata(id);`
refactor: user avatar color (#17753) 2025-04-28 09:54:51 -04:00			`return mapPreferences(getPreferences(metadata));`
feat(server): user preferences (#9736) * refactor(server): user endpoints * feat(server): user preferences * mobile: user preference * wording --------- Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-27 22:16:53 -04:00			`}`

			`async updatePreferences(auth: AuthDto, id: string, dto: UserPreferencesUpdateDto) {`
refactor: user avatar color (#17753) 2025-04-28 09:54:51 -04:00			`await this.findOrFail(id, { withDeleted: false });`
refactor(server): narrow auth types (#16066) 2025-02-12 15:23:08 -05:00			`const metadata = await this.userRepository.getMetadata(id);`
refactor: user avatar color (#17753) 2025-04-28 09:54:51 -04:00			`const newPreferences = mergePreferences(getPreferences(metadata), dto);`
feat(server): user preferences (#9736) * refactor(server): user endpoints * feat(server): user preferences * mobile: user preference * wording --------- Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-27 22:16:53 -04:00
refactor(server): narrow auth types (#16066) 2025-02-12 15:23:08 -05:00			`await this.userRepository.upsertMetadata(id, {`
refactor: enum casing (#19946) 2025-07-15 14:50:13 -04:00			`key: UserMetadataKey.Preferences,`
refactor: user avatar color (#17753) 2025-04-28 09:54:51 -04:00			`value: getPreferencesPartial(newPreferences),`
feat(server): user preferences (#9736) * refactor(server): user endpoints * feat(server): user preferences * mobile: user preference * wording --------- Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-27 22:16:53 -04:00			`});`

refactor(server): narrow auth types (#16066) 2025-02-12 15:23:08 -05:00			`return mapPreferences(newPreferences);`
feat(server): user preferences (#9736) * refactor(server): user endpoints * feat(server): user preferences * mobile: user preference * wording --------- Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-27 22:16:53 -04:00			`}`

refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`private async findOrFail(id: string, options: UserFindOptions) {`
			`const user = await this.userRepository.get(id, options);`
			`if (!user) {`
			`throw new BadRequestException('User not found');`
			`}`
			`return user;`
			`}`
			`}`