immich/server/src/controllers/auth.controller.ts

import { Body, Controller, Delete, Get, HttpCode, HttpStatus, Post, Put, Req, Res } from '@nestjs/common';
import { ApiTags } from '@nestjs/swagger';
import { Request, Response } from 'express';
import {
  AuthDto,
  AuthStatusResponseDto,
  ChangePasswordDto,
  LoginCredentialDto,
  LoginResponseDto,
  LogoutResponseDto,
  PinCodeChangeDto,
  PinCodeSetupDto,
  SignUpDto,
  ValidateAccessTokenResponseDto,
} from 'src/dtos/auth.dto';
import { UserAdminResponseDto } from 'src/dtos/user.dto';
import { AuthType, ImmichCookie } from 'src/enum';
import { Auth, Authenticated, GetLoginDetails } from 'src/middleware/auth.guard';
import { AuthService, LoginDetails } from 'src/services/auth.service';
import { respondWithCookie, respondWithoutCookie } from 'src/utils/response';

@ApiTags('Authentication')
@Controller('auth')
export class AuthController {
  constructor(private service: AuthService) {}

  @Post('login')
  async login(
    @Res({ passthrough: true }) res: Response,
    @Body() loginCredential: LoginCredentialDto,
    @GetLoginDetails() loginDetails: LoginDetails,
  ): Promise<LoginResponseDto> {
    const body = await this.service.login(loginCredential, loginDetails);
    return respondWithCookie(res, body, {
      isSecure: loginDetails.isSecure,
      values: [
        { key: ImmichCookie.ACCESS_TOKEN, value: body.accessToken },
        { key: ImmichCookie.AUTH_TYPE, value: AuthType.PASSWORD },
        { key: ImmichCookie.IS_AUTHENTICATED, value: 'true' },
      ],
    });
  }

  @Post('admin-sign-up')
  signUpAdmin(@Body() dto: SignUpDto): Promise<UserAdminResponseDto> {
    return this.service.adminSignUp(dto);
  }

  @Post('validateToken')
  @HttpCode(HttpStatus.OK)
  @Authenticated()
  validateAccessToken(): ValidateAccessTokenResponseDto {
    return { authStatus: true };
  }

  @Post('change-password')
  @HttpCode(HttpStatus.OK)
  @Authenticated()
  changePassword(@Auth() auth: AuthDto, @Body() dto: ChangePasswordDto): Promise<UserAdminResponseDto> {
    return this.service.changePassword(auth, dto);
  }

  @Post('logout')
  @HttpCode(HttpStatus.OK)
  @Authenticated()
  async logout(
    @Req() request: Request,
    @Res({ passthrough: true }) res: Response,
    @Auth() auth: AuthDto,
  ): Promise<LogoutResponseDto> {
    const authType = (request.cookies || {})[ImmichCookie.AUTH_TYPE];

    const body = await this.service.logout(auth, authType);
    return respondWithoutCookie(res, body, [
      ImmichCookie.ACCESS_TOKEN,
      ImmichCookie.AUTH_TYPE,
      ImmichCookie.IS_AUTHENTICATED,
    ]);
  }

  @Get('status')
  @Authenticated()
  getAuthStatus(@Auth() auth: AuthDto): Promise<AuthStatusResponseDto> {
    return this.service.getAuthStatus(auth);
  }

  @Post('pin-code')
  @Authenticated()
  setupPinCode(@Auth() auth: AuthDto, @Body() dto: PinCodeSetupDto): Promise<void> {
    return this.service.setupPinCode(auth, dto);
  }

  @Put('pin-code')
  @Authenticated()
  async changePinCode(@Auth() auth: AuthDto, @Body() dto: PinCodeChangeDto): Promise<void> {
    return this.service.changePinCode(auth, dto);
  }

  @Delete('pin-code')
  @Authenticated()
  async resetPinCode(@Auth() auth: AuthDto, @Body() dto: PinCodeChangeDto): Promise<void> {
    return this.service.resetPinCode(auth, dto);
  }

  @Post('pin-code/verify')
  @HttpCode(HttpStatus.OK)
  @Authenticated()
  async verifyPinCode(@Auth() auth: AuthDto, @Body() dto: PinCodeSetupDto): Promise<void> {
    return this.service.verifyPinCode(auth, dto);
  }
}
feat: user pin-code (#18138) * feat: user pincode * pr feedback * chore: cleanup --------- Co-authored-by: Jason Rasmussen <jason@rasm.me> 2025-05-09 16:00:58 -05:00			`import { Body, Controller, Delete, Get, HttpCode, HttpStatus, Post, Put, Req, Res } from '@nestjs/common';`
chore(server): use absolute import paths (#8080) update server to use absolute import paths 2024-03-20 19:32:04 +01:00			`import { ApiTags } from '@nestjs/swagger';`
			`import { Request, Response } from 'express';`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00			`import {`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`AuthDto,`
feat: user pin-code (#18138) * feat: user pincode * pr feedback * chore: cleanup --------- Co-authored-by: Jason Rasmussen <jason@rasm.me> 2025-05-09 16:00:58 -05:00			`AuthStatusResponseDto,`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00			`ChangePasswordDto,`
			`LoginCredentialDto,`
			`LoginResponseDto,`
			`LogoutResponseDto,`
feat: user pin-code (#18138) * feat: user pincode * pr feedback * chore: cleanup --------- Co-authored-by: Jason Rasmussen <jason@rasm.me> 2025-05-09 16:00:58 -05:00			`PinCodeChangeDto,`
			`PinCodeSetupDto,`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00			`SignUpDto,`
			`ValidateAccessTokenResponseDto,`
chore(server): move dtos (#8131) move dtos 2024-03-20 23:53:07 +01:00			`} from 'src/dtos/auth.dto';`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`import { UserAdminResponseDto } from 'src/dtos/user.dto';`
refactor(server): auth enums (#13552) 2024-10-17 13:17:32 -04:00			`import { AuthType, ImmichCookie } from 'src/enum';`
refactor(server): auth route metadata (#9344) 2024-05-09 13:58:44 -04:00			`import { Auth, Authenticated, GetLoginDetails } from 'src/middleware/auth.guard';`
chore(server): move services (#8133) move services 2024-03-21 00:07:30 +01:00			`import { AuthService, LoginDetails } from 'src/services/auth.service';`
refactor(server): cookies (#8920) 2024-04-19 11:19:23 -04:00			`import { respondWithCookie, respondWithoutCookie } from 'src/utils/response';`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00
			`@ApiTags('Authentication')`
			`@Controller('auth')`
			`export class AuthController {`
refactor(server): send job command (#2777) * refactor: send job command * chore: open api 2023-06-16 15:36:07 -04:00			`constructor(private service: AuthService) {}`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00
			`@Post('login')`
			`async login(`
			`@Res({ passthrough: true }) res: Response,`
refactor: controller tests (#18100) 2025-05-05 18:57:32 -04:00			`@Body() loginCredential: LoginCredentialDto,`
feat(web,server): manage authorized devices (#2329) * feat: manage authorized devices * chore: open api * get header from mobile app * write header from mobile app * styling * fix unit test * feat: use relative time * feat: update access time * fix: tests * chore: confirm wording * chore: bump test coverage thresholds * feat: add some icons * chore: icon tweaks --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-04-25 22:19:23 -04:00			`@GetLoginDetails() loginDetails: LoginDetails,`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00			`): Promise<LoginResponseDto> {`
refactor(server): cookies (#8920) 2024-04-19 11:19:23 -04:00			`const body = await this.service.login(loginCredential, loginDetails);`
			`return respondWithCookie(res, body, {`
			`isSecure: loginDetails.isSecure,`
			`values: [`
			`{ key: ImmichCookie.ACCESS_TOKEN, value: body.accessToken },`
			`{ key: ImmichCookie.AUTH_TYPE, value: AuthType.PASSWORD },`
			`{ key: ImmichCookie.IS_AUTHENTICATED, value: 'true' },`
			`],`
			`});`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00			`}`

			`@Post('admin-sign-up')`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`signUpAdmin(@Body() dto: SignUpDto): Promise<UserAdminResponseDto> {`
refactor(server): auth dtos (#4881) * refactor: auth dtos * chore: open api 2023-11-09 10:14:15 -05:00			`return this.service.adminSignUp(dto);`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00			`}`

			`@Post('validateToken')`
test(server): auth e2e (#3492) * test(server): auth controller e2e test * test(server): user e2e test * refactor(server): album e2e * fix: linting 2023-08-01 11:49:50 -04:00			`@HttpCode(HttpStatus.OK)`
refactor(server): auth route metadata (#9344) 2024-05-09 13:58:44 -04:00			`@Authenticated()`
chore(server): cleanup controllers (#2065) 2023-03-24 00:53:56 -04:00			`validateAccessToken(): ValidateAccessTokenResponseDto {`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00			`return { authStatus: true };`
			`}`

			`@Post('change-password')`
test(server): auth e2e (#3492) * test(server): auth controller e2e test * test(server): user e2e test * refactor(server): album e2e * fix: linting 2023-08-01 11:49:50 -04:00			`@HttpCode(HttpStatus.OK)`
refactor(server): auth route metadata (#9344) 2024-05-09 13:58:44 -04:00			`@Authenticated()`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`changePassword(@Auth() auth: AuthDto, @Body() dto: ChangePasswordDto): Promise<UserAdminResponseDto> {`
			`return this.service.changePassword(auth, dto);`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00			`}`

			`@Post('logout')`
test(server): auth e2e (#3492) * test(server): auth controller e2e test * test(server): user e2e test * refactor(server): album e2e * fix: linting 2023-08-01 11:49:50 -04:00			`@HttpCode(HttpStatus.OK)`
refactor(server): auth route metadata (#9344) 2024-05-09 13:58:44 -04:00			`@Authenticated()`
refactor(server): cookies (#8920) 2024-04-19 11:19:23 -04:00			`async logout(`
chore(server,cli,web): housekeeping and stricter code style (#6751) * add unicorn to eslint * fix lint errors for cli * fix merge * fix album name extraction * Update cli/src/commands/upload.command.ts Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> * es2k23 * use lowercase os * return undefined album name * fix bug in asset response dto * auto fix issues * fix server code style * es2022 and formatting * fix compilation error * fix test * fix config load * fix last lint errors * set string type * bump ts * start work on web * web formatting * Fix UUIDParamDto as UUIDParamDto * fix library service lint * fix web errors * fix errors * formatting * wip * lints fixed * web can now start * alphabetical package json * rename error * chore: clean up --------- Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> 2024-02-02 04:18:00 +01:00			`@Req() request: Request,`
chore(server): remove token when logged out (#1560) * chore(mobile): invoke logout() on mobile app * feat: add mechanism to delete token from logging out endpoint * fix: set state after login sequence success * fix: not removing token when logging out from OAuth * fix: prettier * refactor: using accessTokenId to delete * chore: pr comments * fix: test * fix: test threshold 2023-02-05 23:31:16 -06:00			`@Res({ passthrough: true }) res: Response,`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`@Auth() auth: AuthDto,`
chore(server): remove token when logged out (#1560) * chore(mobile): invoke logout() on mobile app * feat: add mechanism to delete token from logging out endpoint * fix: set state after login sequence success * fix: not removing token when logging out from OAuth * fix: prettier * refactor: using accessTokenId to delete * chore: pr comments * fix: test * fix: test threshold 2023-02-05 23:31:16 -06:00			`): Promise<LogoutResponseDto> {`
refactor(server): cookies (#8920) 2024-04-19 11:19:23 -04:00			`const authType = (request.cookies \|\| {})[ImmichCookie.AUTH_TYPE];`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00
refactor(server): cookies (#8920) 2024-04-19 11:19:23 -04:00			`const body = await this.service.logout(auth, authType);`
			`return respondWithoutCookie(res, body, [`
			`ImmichCookie.ACCESS_TOKEN,`
			`ImmichCookie.AUTH_TYPE,`
			`ImmichCookie.IS_AUTHENTICATED,`
			`]);`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00			`}`
feat: user pin-code (#18138) * feat: user pincode * pr feedback * chore: cleanup --------- Co-authored-by: Jason Rasmussen <jason@rasm.me> 2025-05-09 16:00:58 -05:00
			`@Get('status')`
			`@Authenticated()`
			`getAuthStatus(@Auth() auth: AuthDto): Promise<AuthStatusResponseDto> {`
			`return this.service.getAuthStatus(auth);`
			`}`

			`@Post('pin-code')`
			`@Authenticated()`
			`setupPinCode(@Auth() auth: AuthDto, @Body() dto: PinCodeSetupDto): Promise<void> {`
			`return this.service.setupPinCode(auth, dto);`
			`}`

			`@Put('pin-code')`
			`@Authenticated()`
			`async changePinCode(@Auth() auth: AuthDto, @Body() dto: PinCodeChangeDto): Promise<void> {`
			`return this.service.changePinCode(auth, dto);`
			`}`

			`@Delete('pin-code')`
			`@Authenticated()`
			`async resetPinCode(@Auth() auth: AuthDto, @Body() dto: PinCodeChangeDto): Promise<void> {`
			`return this.service.resetPinCode(auth, dto);`
			`}`
feat: locked/private view (#18268) * feat: locked/private view * feat: locked/private view * pr feedback * fix: redirect loop * pr feedback 2025-05-15 09:35:21 -06:00
			`@Post('pin-code/verify')`
			`@HttpCode(HttpStatus.OK)`
			`@Authenticated()`
			`async verifyPinCode(@Auth() auth: AuthDto, @Body() dto: PinCodeSetupDto): Promise<void> {`
			`return this.service.verifyPinCode(auth, dto);`
			`}`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00			`}`