immich/server/src/controllers/shared-link.controller.ts

import { Body, Controller, Delete, Get, Param, Patch, Post, Put, Query, Req, Res } from '@nestjs/common';
import { ApiTags } from '@nestjs/swagger';
import { Request, Response } from 'express';
import { AssetIdsResponseDto } from 'src/dtos/asset-ids.response.dto';
import { AssetIdsDto } from 'src/dtos/asset.dto';
import { AuthDto } from 'src/dtos/auth.dto';
import {
  SharedLinkCreateDto,
  SharedLinkEditDto,
  SharedLinkPasswordDto,
  SharedLinkResponseDto,
  SharedLinkSearchDto,
} from 'src/dtos/shared-link.dto';
import { ImmichCookie, Permission } from 'src/enum';
import { Auth, Authenticated, GetLoginDetails } from 'src/middleware/auth.guard';
import { LoginDetails } from 'src/services/auth.service';
import { SharedLinkService } from 'src/services/shared-link.service';
import { respondWithCookie } from 'src/utils/response';
import { UUIDParamDto } from 'src/validation';

@ApiTags('Shared Links')
@Controller('shared-links')
export class SharedLinkController {
  constructor(private service: SharedLinkService) {}

  @Get()
  @Authenticated({ permission: Permission.SharedLinkRead })
  getAllSharedLinks(@Auth() auth: AuthDto, @Query() dto: SharedLinkSearchDto): Promise<SharedLinkResponseDto[]> {
    return this.service.getAll(auth, dto);
  }

  @Get('me')
  @Authenticated({ sharedLink: true })
  async getMySharedLink(
    @Auth() auth: AuthDto,
    @Query() dto: SharedLinkPasswordDto,
    @Req() request: Request,
    @Res({ passthrough: true }) res: Response,
    @GetLoginDetails() loginDetails: LoginDetails,
  ): Promise<SharedLinkResponseDto> {
    const sharedLinkToken = request.cookies?.[ImmichCookie.SharedLinkToken];
    if (sharedLinkToken) {
      dto.token = sharedLinkToken;
    }
    const body = await this.service.getMine(auth, dto);
    return respondWithCookie(res, body, {
      isSecure: loginDetails.isSecure,
      values: body.token ? [{ key: ImmichCookie.SharedLinkToken, value: body.token }] : [],
    });
  }

  @Get(':id')
  @Authenticated({ permission: Permission.SharedLinkRead })
  getSharedLinkById(@Auth() auth: AuthDto, @Param() { id }: UUIDParamDto): Promise<SharedLinkResponseDto> {
    return this.service.get(auth, id);
  }

  @Post()
  @Authenticated({ permission: Permission.SharedLinkCreate })
  createSharedLink(@Auth() auth: AuthDto, @Body() dto: SharedLinkCreateDto) {
    return this.service.create(auth, dto);
  }

  @Patch(':id')
  @Authenticated({ permission: Permission.SharedLinkUpdate })
  updateSharedLink(
    @Auth() auth: AuthDto,
    @Param() { id }: UUIDParamDto,
    @Body() dto: SharedLinkEditDto,
  ): Promise<SharedLinkResponseDto> {
    return this.service.update(auth, id, dto);
  }

  @Delete(':id')
  @Authenticated({ permission: Permission.SharedLinkDelete })
  removeSharedLink(@Auth() auth: AuthDto, @Param() { id }: UUIDParamDto): Promise<void> {
    return this.service.remove(auth, id);
  }

  @Put(':id/assets')
  @Authenticated({ sharedLink: true })
  addSharedLinkAssets(
    @Auth() auth: AuthDto,
    @Param() { id }: UUIDParamDto,
    @Body() dto: AssetIdsDto,
  ): Promise<AssetIdsResponseDto[]> {
    return this.service.addAssets(auth, id, dto);
  }

  @Delete(':id/assets')
  @Authenticated({ sharedLink: true })
  removeSharedLinkAssets(
    @Auth() auth: AuthDto,
    @Param() { id }: UUIDParamDto,
    @Body() dto: AssetIdsDto,
  ): Promise<AssetIdsResponseDto[]> {
    return this.service.removeAssets(auth, id, dto);
  }
}
feat(server,web,mobile): Add optional password option for share links. (#4655) * feat(server,web,mobile): Add optional password option for share links. Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> * feat(server,web): Update shared-link.controller and page.svelte for improved cookie handling and metadata updates. Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> --------- Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> 2023-10-29 09:35:38 +08:00			`import { Body, Controller, Delete, Get, Param, Patch, Post, Put, Query, Req, Res } from '@nestjs/common';`
feat(web/server) public album sharing (#1266) 2023-01-09 14:16:08 -06:00			`import { ApiTags } from '@nestjs/swagger';`
feat(server,web,mobile): Add optional password option for share links. (#4655) * feat(server,web,mobile): Add optional password option for share links. Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> * feat(server,web): Update shared-link.controller and page.svelte for improved cookie handling and metadata updates. Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> --------- Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> 2023-10-29 09:35:38 +08:00			`import { Request, Response } from 'express';`
chore(server): move dtos (#8131) move dtos 2024-03-20 23:53:07 +01:00			`import { AssetIdsResponseDto } from 'src/dtos/asset-ids.response.dto';`
			`import { AssetIdsDto } from 'src/dtos/asset.dto';`
refactor(server): auth enums (#13552) 2024-10-17 13:17:32 -04:00			`import { AuthDto } from 'src/dtos/auth.dto';`
chore(server): move dtos (#8131) move dtos 2024-03-20 23:53:07 +01:00			`import {`
			`SharedLinkCreateDto,`
			`SharedLinkEditDto,`
			`SharedLinkPasswordDto,`
			`SharedLinkResponseDto,`
feat: view album shared links (#15943) 2025-02-07 16:38:20 -05:00			`SharedLinkSearchDto,`
chore(server): move dtos (#8131) move dtos 2024-03-20 23:53:07 +01:00			`} from 'src/dtos/shared-link.dto';`
refactor(server): auth enums (#13552) 2024-10-17 13:17:32 -04:00			`import { ImmichCookie, Permission } from 'src/enum';`
refactor(server): auth route metadata (#9344) 2024-05-09 13:58:44 -04:00			`import { Auth, Authenticated, GetLoginDetails } from 'src/middleware/auth.guard';`
refactor(server): cookies (#8920) 2024-04-19 11:19:23 -04:00			`import { LoginDetails } from 'src/services/auth.service';`
chore(server): move services (#8133) move services 2024-03-21 00:07:30 +01:00			`import { SharedLinkService } from 'src/services/shared-link.service';`
refactor(server): cookies (#8920) 2024-04-19 11:19:23 -04:00			`import { respondWithCookie } from 'src/utils/response';`
chore: organize config, validation, decorators (#8118) * refactor: validation * refactor: utilities * refactor: config 2024-03-20 15:04:03 -05:00			`import { UUIDParamDto } from 'src/validation';`
feat(web/server) public album sharing (#1266) 2023-01-09 14:16:08 -06:00
refactor(server): rename api tags to follow plural nomenclature of endpoints (#9872) * rename api tags to follow plural nomenclature of endpoints * chore: open api * fix mobile 2024-05-30 00:26:57 +02:00			`@ApiTags('Shared Links')`
refactor(server): plural endpoints (#9667) 2024-05-22 13:24:57 -04:00			`@Controller('shared-links')`
feat (server, web): Share with partner (#2388) * feat(server, web): implement share with partner * chore: regenerate api * chore: regenerate api * Pass userId to getAssetCountByTimeBucket and getAssetByTimeBucket * chore: regenerate api * Use AssetGrid to view partner's assets * Remove disableNavBarActions flag * Check access to buckets * Apply suggestions from code review Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> * Remove exception rethrowing * Simplify partner access check * Create new PartnerController * chore api:generate * Use partnerApi * Remove id from PartnerResponseDto * Refactor PartnerEntity * Rename args * Remove duplicate code in getAll * Create composite primary keys for partners table * Move asset access check into PartnerCore * Remove redundant getUserAssets call * Remove unused getUserAssets method * chore: regenerate api * Simplify getAll * Replace ?? with \|\| * Simplify PartnerRepository.create * Introduce PartnerIds interface * Replace two database migrations with one * Simplify getAll * Change PartnerResponseDto to include UserResponseDto * Move partner sharing endpoints to PartnerController * Rename ShareController to SharedLinkController * chore: regenerate api after rebase * refactor: shared link remove return type * refactor: return user response dto * chore: regenerate open api * refactor: partner getAll * refactor: partner settings event typing * chore: remove unused code * refactor: add partners modal trigger * refactor: update url for viewing partner photos * feat: update partner sharing title * refactor: rename service method names * refactor: http exception logic to service, PartnerIds interface * chore: regenerate open api * test: coverage for domain code * fix: addPartner => createPartner * fix: missed rename * refactor: more code cleanup * chore: alphabetize settings order * feat: stop sharing confirmation modal * Enhance contrast of the email in dark mode * Replace button with CircleIconButton * Fix linter warning * Fix date types for PartnerEntity * Fix PartnerEntity creation * Reset assetStore state * Change layout of the partner's assets page * Add bulk download action for partner's assets --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> 2023-05-15 20:30:53 +03:00			`export class SharedLinkController {`
feat: use ILoggerRepository (#8855) * Migrate ImmichLogger over to injected ILoggerRepository * chore: cleanup and tests --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> 2024-04-17 03:00:31 +05:30			`constructor(private service: SharedLinkService) {}`
chore(server): cleanup controllers (#2065) 2023-03-24 00:53:56 -04:00
feat(web/server) public album sharing (#1266) 2023-01-09 14:16:08 -06:00			`@Get()`
refactor: enum casing (#19946) 2025-07-15 14:50:13 -04:00			`@Authenticated({ permission: Permission.SharedLinkRead })`
feat: view album shared links (#15943) 2025-02-07 16:38:20 -05:00			`getAllSharedLinks(@Auth() auth: AuthDto, @Query() dto: SharedLinkSearchDto): Promise<SharedLinkResponseDto[]> {`
			`return this.service.getAll(auth, dto);`
feat(web/server) public album sharing (#1266) 2023-01-09 14:16:08 -06:00			`}`

			`@Get('me')`
refactor(server): auth route metadata (#9344) 2024-05-09 13:58:44 -04:00			`@Authenticated({ sharedLink: true })`
feat(server,web,mobile): Add optional password option for share links. (#4655) * feat(server,web,mobile): Add optional password option for share links. Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> * feat(server,web): Update shared-link.controller and page.svelte for improved cookie handling and metadata updates. Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> --------- Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> 2023-10-29 09:35:38 +08:00			`async getMySharedLink(`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`@Auth() auth: AuthDto,`
feat(server,web,mobile): Add optional password option for share links. (#4655) * feat(server,web,mobile): Add optional password option for share links. Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> * feat(server,web): Update shared-link.controller and page.svelte for improved cookie handling and metadata updates. Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> --------- Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> 2023-10-29 09:35:38 +08:00			`@Query() dto: SharedLinkPasswordDto,`
chore(server,cli,web): housekeeping and stricter code style (#6751) * add unicorn to eslint * fix lint errors for cli * fix merge * fix album name extraction * Update cli/src/commands/upload.command.ts Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> * es2k23 * use lowercase os * return undefined album name * fix bug in asset response dto * auto fix issues * fix server code style * es2022 and formatting * fix compilation error * fix test * fix config load * fix last lint errors * set string type * bump ts * start work on web * web formatting * Fix UUIDParamDto as UUIDParamDto * fix library service lint * fix web errors * fix errors * formatting * wip * lints fixed * web can now start * alphabetical package json * rename error * chore: clean up --------- Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> 2024-02-02 04:18:00 +01:00			`@Req() request: Request,`
feat(server,web,mobile): Add optional password option for share links. (#4655) * feat(server,web,mobile): Add optional password option for share links. Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> * feat(server,web): Update shared-link.controller and page.svelte for improved cookie handling and metadata updates. Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> --------- Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> 2023-10-29 09:35:38 +08:00			`@Res({ passthrough: true }) res: Response,`
refactor(server): cookies (#8920) 2024-04-19 11:19:23 -04:00			`@GetLoginDetails() loginDetails: LoginDetails,`
feat(server,web,mobile): Add optional password option for share links. (#4655) * feat(server,web,mobile): Add optional password option for share links. Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> * feat(server,web): Update shared-link.controller and page.svelte for improved cookie handling and metadata updates. Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> --------- Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> 2023-10-29 09:35:38 +08:00			`): Promise<SharedLinkResponseDto> {`
refactor: enum casing (#19946) 2025-07-15 14:50:13 -04:00			`const sharedLinkToken = request.cookies?.[ImmichCookie.SharedLinkToken];`
feat(server,web,mobile): Add optional password option for share links. (#4655) * feat(server,web,mobile): Add optional password option for share links. Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> * feat(server,web): Update shared-link.controller and page.svelte for improved cookie handling and metadata updates. Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> --------- Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com> 2023-10-29 09:35:38 +08:00			`if (sharedLinkToken) {`
			`dto.token = sharedLinkToken;`
			`}`
refactor(server): cookies (#8920) 2024-04-19 11:19:23 -04:00			`const body = await this.service.getMine(auth, dto);`
			`return respondWithCookie(res, body, {`
			`isSecure: loginDetails.isSecure,`
refactor: enum casing (#19946) 2025-07-15 14:50:13 -04:00			`values: body.token ? [{ key: ImmichCookie.SharedLinkToken, value: body.token }] : [],`
refactor(server): cookies (#8920) 2024-04-19 11:19:23 -04:00			`});`
feat(web/server) public album sharing (#1266) 2023-01-09 14:16:08 -06:00			`}`

			`@Get(':id')`
refactor: enum casing (#19946) 2025-07-15 14:50:13 -04:00			`@Authenticated({ permission: Permission.SharedLinkRead })`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`getSharedLinkById(@Auth() auth: AuthDto, @Param() { id }: UUIDParamDto): Promise<SharedLinkResponseDto> {`
			`return this.service.get(auth, id);`
feat(web/server) public album sharing (#1266) 2023-01-09 14:16:08 -06:00			`}`

refactor(server, web): create shared link (#2879) * refactor: shared links * chore: open api * fix: tsc error 2023-06-20 21:08:43 -04:00			`@Post()`
refactor: enum casing (#19946) 2025-07-15 14:50:13 -04:00			`@Authenticated({ permission: Permission.SharedLinkCreate })`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`createSharedLink(@Auth() auth: AuthDto, @Body() dto: SharedLinkCreateDto) {`
			`return this.service.create(auth, dto);`
refactor(server, web): create shared link (#2879) * refactor: shared links * chore: open api * fix: tsc error 2023-06-20 21:08:43 -04:00			`}`

feat(web/server) public album sharing (#1266) 2023-01-09 14:16:08 -06:00			`@Patch(':id')`
refactor: enum casing (#19946) 2025-07-15 14:50:13 -04:00			`@Authenticated({ permission: Permission.SharedLinkUpdate })`
refactor(server): shared links (#2632) * refactor: rename share => shared-link * refactor: shared link crud methods * chore: open api 2023-06-01 22:09:57 -04:00			`updateSharedLink(`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`@Auth() auth: AuthDto,`
refactor(server): more consistent param validation (#2166) 2023-04-05 00:24:08 +02:00			`@Param() { id }: UUIDParamDto,`
refactor(server, web): create shared link (#2879) * refactor: shared links * chore: open api * fix: tsc error 2023-06-20 21:08:43 -04:00			`@Body() dto: SharedLinkEditDto,`
feat(web/server) public album sharing (#1266) 2023-01-09 14:16:08 -06:00			`): Promise<SharedLinkResponseDto> {`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`return this.service.update(auth, id, dto);`
refactor(server): shared links (#2632) * refactor: rename share => shared-link * refactor: shared link crud methods * chore: open api 2023-06-01 22:09:57 -04:00			`}`

			`@Delete(':id')`
refactor: enum casing (#19946) 2025-07-15 14:50:13 -04:00			`@Authenticated({ permission: Permission.SharedLinkDelete })`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`removeSharedLink(@Auth() auth: AuthDto, @Param() { id }: UUIDParamDto): Promise<void> {`
			`return this.service.remove(auth, id);`
feat(web/server) public album sharing (#1266) 2023-01-09 14:16:08 -06:00			`}`
refactor(server, web): create shared link (#2879) * refactor: shared links * chore: open api * fix: tsc error 2023-06-20 21:08:43 -04:00
			`@Put(':id/assets')`
refactor(server): auth route metadata (#9344) 2024-05-09 13:58:44 -04:00			`@Authenticated({ sharedLink: true })`
refactor(server, web): create shared link (#2879) * refactor: shared links * chore: open api * fix: tsc error 2023-06-20 21:08:43 -04:00			`addSharedLinkAssets(`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`@Auth() auth: AuthDto,`
refactor(server, web): create shared link (#2879) * refactor: shared links * chore: open api * fix: tsc error 2023-06-20 21:08:43 -04:00			`@Param() { id }: UUIDParamDto,`
			`@Body() dto: AssetIdsDto,`
			`): Promise<AssetIdsResponseDto[]> {`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`return this.service.addAssets(auth, id, dto);`
refactor(server, web): create shared link (#2879) * refactor: shared links * chore: open api * fix: tsc error 2023-06-20 21:08:43 -04:00			`}`

			`@Delete(':id/assets')`
refactor(server): auth route metadata (#9344) 2024-05-09 13:58:44 -04:00			`@Authenticated({ sharedLink: true })`
refactor(server, web): create shared link (#2879) * refactor: shared links * chore: open api * fix: tsc error 2023-06-20 21:08:43 -04:00			`removeSharedLinkAssets(`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`@Auth() auth: AuthDto,`
refactor(server, web): create shared link (#2879) * refactor: shared links * chore: open api * fix: tsc error 2023-06-20 21:08:43 -04:00			`@Param() { id }: UUIDParamDto,`
			`@Body() dto: AssetIdsDto,`
			`): Promise<AssetIdsResponseDto[]> {`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`return this.service.removeAssets(auth, id, dto);`
refactor(server, web): create shared link (#2879) * refactor: shared links * chore: open api * fix: tsc error 2023-06-20 21:08:43 -04:00			`}`
feat(web/server) public album sharing (#1266) 2023-01-09 14:16:08 -06:00			`}`