immich/server/libs/domain/src/user-token/user-token.core.ts

import { UserEntity } from '@app/infra/entities';
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { ICryptoRepository } from '../crypto';
import { IUserTokenRepository } from './user-token.repository';

@Injectable()
export class UserTokenCore {
  constructor(private crypto: ICryptoRepository, private repository: IUserTokenRepository) {}

  async validate(tokenValue: string) {
    const hashedToken = this.crypto.hashSha256(tokenValue);
    const token = await this.repository.get(hashedToken);

    if (token?.user) {
      return {
        ...token.user,
        isPublicUser: false,
        isAllowUpload: true,
        isAllowDownload: true,
        isShowExif: true,
        accessTokenId: token.id,
      };
    }

    throw new UnauthorizedException('Invalid user token');
  }

  public async createToken(user: UserEntity): Promise<string> {
    const key = this.crypto.randomBytes(32).toString('base64').replace(/\W/g, '');
    const token = this.crypto.hashSha256(key);
    await this.repository.create({
      token,
      user,
    });

    return key;
  }

  public async deleteToken(id: string): Promise<void> {
    await this.repository.delete(id);
  }
}
refactor(server): flatten infra folders (#2120) * refactor: flatten infra folders * fix: database migrations * fix: test related import * fix: github actions workflow * chore: rename schemas to typesense-schemas 2023-03-30 15:38:55 -04:00			`import { UserEntity } from '@app/infra/entities';`
refactor(server): auth guard (#1472) * refactor: auth guard * chore: move auth guard to middleware * chore: tests * chore: remove unused code * fix: migration to uuid without dataloss * chore: e2e tests * chore: removed unused guards 2023-01-31 13:11:49 -05:00			`import { Injectable, UnauthorizedException } from '@nestjs/common';`
			`import { ICryptoRepository } from '../crypto';`
feat(server): move authentication to tokens stored in the database (#1381) * chore: add typeorm commands to npm and set default database config values * feat: move to server side authentication tokens * fix: websocket should emit error and disconnect on error thrown by the server * refactor: rename cookie-auth-strategy to user-auth-strategy * feat: user tokens and API keys now use SHA256 hash for performance improvements * test: album e2e test remove unneeded module import * infra: truncate api key table as old keys will no longer work with new hash algorithm * fix(server): e2e tests (#1435) * fix: root module paths * chore: linting * chore: rename user-auth to strategy.ts and make validate return AuthUserDto * fix: we should always send HttpOnly for our auth cookies * chore: remove now unused crypto functions and jwt dependencies * fix: return the extra fields for AuthUserDto in auth service validate --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> 2023-01-27 20:50:07 +00:00			`import { IUserTokenRepository } from './user-token.repository';`

			`@Injectable()`
			`export class UserTokenCore {`
			`constructor(private crypto: ICryptoRepository, private repository: IUserTokenRepository) {}`

refactor(server): auth guard (#1472) * refactor: auth guard * chore: move auth guard to middleware * chore: tests * chore: remove unused code * fix: migration to uuid without dataloss * chore: e2e tests * chore: removed unused guards 2023-01-31 13:11:49 -05:00			`async validate(tokenValue: string) {`
			`const hashedToken = this.crypto.hashSha256(tokenValue);`
chore(server): remove token when logged out (#1560) * chore(mobile): invoke logout() on mobile app * feat: add mechanism to delete token from logging out endpoint * fix: set state after login sequence success * fix: not removing token when logging out from OAuth * fix: prettier * refactor: using accessTokenId to delete * chore: pr comments * fix: test * fix: test threshold 2023-02-05 23:31:16 -06:00			`const token = await this.repository.get(hashedToken);`

			`if (token?.user) {`
refactor(server): auth guard (#1472) * refactor: auth guard * chore: move auth guard to middleware * chore: tests * chore: remove unused code * fix: migration to uuid without dataloss * chore: e2e tests * chore: removed unused guards 2023-01-31 13:11:49 -05:00			`return {`
chore(server): remove token when logged out (#1560) * chore(mobile): invoke logout() on mobile app * feat: add mechanism to delete token from logging out endpoint * fix: set state after login sequence success * fix: not removing token when logging out from OAuth * fix: prettier * refactor: using accessTokenId to delete * chore: pr comments * fix: test * fix: test threshold 2023-02-05 23:31:16 -06:00			`...token.user,`
refactor(server): auth guard (#1472) * refactor: auth guard * chore: move auth guard to middleware * chore: tests * chore: remove unused code * fix: migration to uuid without dataloss * chore: e2e tests * chore: removed unused guards 2023-01-31 13:11:49 -05:00			`isPublicUser: false,`
			`isAllowUpload: true,`
			`isAllowDownload: true,`
			`isShowExif: true,`
chore(server): remove token when logged out (#1560) * chore(mobile): invoke logout() on mobile app * feat: add mechanism to delete token from logging out endpoint * fix: set state after login sequence success * fix: not removing token when logging out from OAuth * fix: prettier * refactor: using accessTokenId to delete * chore: pr comments * fix: test * fix: test threshold 2023-02-05 23:31:16 -06:00			`accessTokenId: token.id,`
refactor(server): auth guard (#1472) * refactor: auth guard * chore: move auth guard to middleware * chore: tests * chore: remove unused code * fix: migration to uuid without dataloss * chore: e2e tests * chore: removed unused guards 2023-01-31 13:11:49 -05:00			`};`
			`}`

			`throw new UnauthorizedException('Invalid user token');`
			`}`

feat(server): move authentication to tokens stored in the database (#1381) * chore: add typeorm commands to npm and set default database config values * feat: move to server side authentication tokens * fix: websocket should emit error and disconnect on error thrown by the server * refactor: rename cookie-auth-strategy to user-auth-strategy * feat: user tokens and API keys now use SHA256 hash for performance improvements * test: album e2e test remove unneeded module import * infra: truncate api key table as old keys will no longer work with new hash algorithm * fix(server): e2e tests (#1435) * fix: root module paths * chore: linting * chore: rename user-auth to strategy.ts and make validate return AuthUserDto * fix: we should always send HttpOnly for our auth cookies * chore: remove now unused crypto functions and jwt dependencies * fix: return the extra fields for AuthUserDto in auth service validate --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> 2023-01-27 20:50:07 +00:00			`public async createToken(user: UserEntity): Promise<string> {`
			`const key = this.crypto.randomBytes(32).toString('base64').replace(/\W/g, '');`
			`const token = this.crypto.hashSha256(key);`
			`await this.repository.create({`
			`token,`
			`user,`
			`});`

			`return key;`
			`}`
chore(server): remove token when logged out (#1560) * chore(mobile): invoke logout() on mobile app * feat: add mechanism to delete token from logging out endpoint * fix: set state after login sequence success * fix: not removing token when logging out from OAuth * fix: prettier * refactor: using accessTokenId to delete * chore: pr comments * fix: test * fix: test threshold 2023-02-05 23:31:16 -06:00
			`public async deleteToken(id: string): Promise<void> {`
			`await this.repository.delete(id);`
			`}`
feat(server): move authentication to tokens stored in the database (#1381) * chore: add typeorm commands to npm and set default database config values * feat: move to server side authentication tokens * fix: websocket should emit error and disconnect on error thrown by the server * refactor: rename cookie-auth-strategy to user-auth-strategy * feat: user tokens and API keys now use SHA256 hash for performance improvements * test: album e2e test remove unneeded module import * infra: truncate api key table as old keys will no longer work with new hash algorithm * fix(server): e2e tests (#1435) * fix: root module paths * chore: linting * chore: rename user-auth to strategy.ts and make validate return AuthUserDto * fix: we should always send HttpOnly for our auth cookies * chore: remove now unused crypto functions and jwt dependencies * fix: return the extra fields for AuthUserDto in auth service validate --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> 2023-01-27 20:50:07 +00:00			`}`