immich/server/src/controllers/oauth.controller.ts

import { Body, Controller, Get, HttpStatus, Post, Redirect, Req, Res } from '@nestjs/common';
import { ApiTags } from '@nestjs/swagger';
import { Request, Response } from 'express';
import { AuthType } from 'src/constants';
import {
  AuthDto,
  ImmichCookie,
  LoginResponseDto,
  OAuthAuthorizeResponseDto,
  OAuthCallbackDto,
  OAuthConfigDto,
} from 'src/dtos/auth.dto';
import { UserAdminResponseDto } from 'src/dtos/user.dto';
import { Auth, Authenticated, GetLoginDetails } from 'src/middleware/auth.guard';
import { AuthService, LoginDetails } from 'src/services/auth.service';
import { respondWithCookie } from 'src/utils/response';

@ApiTags('OAuth')
@Controller('oauth')
export class OAuthController {
  constructor(private service: AuthService) {}

  @Get('mobile-redirect')
  @Redirect()
  redirectOAuthToMobile(@Req() request: Request) {
    return {
      url: this.service.getMobileRedirect(request.url),
      statusCode: HttpStatus.TEMPORARY_REDIRECT,
    };
  }

  @Post('authorize')
  startOAuth(@Body() dto: OAuthConfigDto): Promise<OAuthAuthorizeResponseDto> {
    return this.service.authorize(dto);
  }

  @Post('callback')
  async finishOAuth(
    @Res({ passthrough: true }) res: Response,
    @Body() dto: OAuthCallbackDto,
    @GetLoginDetails() loginDetails: LoginDetails,
  ): Promise<LoginResponseDto> {
    const body = await this.service.callback(dto, loginDetails);
    return respondWithCookie(res, body, {
      isSecure: loginDetails.isSecure,
      values: [
        { key: ImmichCookie.ACCESS_TOKEN, value: body.accessToken },
        { key: ImmichCookie.AUTH_TYPE, value: AuthType.OAUTH },
        { key: ImmichCookie.IS_AUTHENTICATED, value: 'true' },
      ],
    });
  }

  @Post('link')
  @Authenticated()
  linkOAuthAccount(@Auth() auth: AuthDto, @Body() dto: OAuthCallbackDto): Promise<UserAdminResponseDto> {
    return this.service.link(auth, dto);
  }

  @Post('unlink')
  @Authenticated()
  unlinkOAuthAccount(@Auth() auth: AuthDto): Promise<UserAdminResponseDto> {
    return this.service.unlink(auth);
  }
}
chore(server): use absolute import paths (#8080) update server to use absolute import paths 2024-03-20 19:32:04 +01:00			`import { Body, Controller, Get, HttpStatus, Post, Redirect, Req, Res } from '@nestjs/common';`
			`import { ApiTags } from '@nestjs/swagger';`
			`import { Request, Response } from 'express';`
refactor(server): cookies (#8920) 2024-04-19 11:19:23 -04:00			`import { AuthType } from 'src/constants';`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00			`import {`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`AuthDto,`
refactor(server): cookies (#8920) 2024-04-19 11:19:23 -04:00			`ImmichCookie,`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00			`LoginResponseDto,`
refactor(web,server): use feature flags for oauth (#3928) * refactor: oauth to use feature flags * chore: open api * chore: e2e test for authorize endpoint 2023-09-01 07:08:42 -04:00			`OAuthAuthorizeResponseDto,`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00			`OAuthCallbackDto,`
			`OAuthConfigDto,`
chore(server): move dtos (#8131) move dtos 2024-03-20 23:53:07 +01:00			`} from 'src/dtos/auth.dto';`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`import { UserAdminResponseDto } from 'src/dtos/user.dto';`
refactor(server): auth route metadata (#9344) 2024-05-09 13:58:44 -04:00			`import { Auth, Authenticated, GetLoginDetails } from 'src/middleware/auth.guard';`
chore(server): move services (#8133) move services 2024-03-21 00:07:30 +01:00			`import { AuthService, LoginDetails } from 'src/services/auth.service';`
refactor(server): cookies (#8920) 2024-04-19 11:19:23 -04:00			`import { respondWithCookie } from 'src/utils/response';`
feat(server,web): OIDC Implementation (#884) * chore: merge * feat: nullable password * feat: server debugger * chore: regenerate api * feat: auto-register flag * refactor: oauth endpoints * chore: regenerate api * fix: default scope configuration * refactor: pass in redirect uri from client * chore: docs * fix: bugs * refactor: auth services and user repository * fix: select password * fix: tests * fix: get signing algorithm from discovery document * refactor: cookie constants * feat: oauth logout * test: auth services * fix: query param check * fix: regenerate open-api 2022-11-14 21:24:25 -05:00
			`@ApiTags('OAuth')`
			`@Controller('oauth')`
			`export class OAuthController {`
refactor(server): auth/oauth (#3242) * refactor(server): auth/oauth * fix: show server error message on login failure 2023-07-15 00:03:56 -04:00			`constructor(private service: AuthService) {}`
feat(server,web): OIDC Implementation (#884) * chore: merge * feat: nullable password * feat: server debugger * chore: regenerate api * feat: auto-register flag * refactor: oauth endpoints * chore: regenerate api * fix: default scope configuration * refactor: pass in redirect uri from client * chore: docs * fix: bugs * refactor: auth services and user repository * fix: select password * fix: tests * fix: get signing algorithm from discovery document * refactor: cookie constants * feat: oauth logout * test: auth services * fix: query param check * fix: regenerate open-api 2022-11-14 21:24:25 -05:00
feat(server): mobile oauth with custom scheme redirect uri (#1204) * feat(server): support providers without support for custom schemas * chore: unit tests * chore: test mobile override * chore: add details to the docs 2022-12-29 15:47:30 -05:00			`@Get('mobile-redirect')`
			`@Redirect()`
chore(server,cli,web): housekeeping and stricter code style (#6751) * add unicorn to eslint * fix lint errors for cli * fix merge * fix album name extraction * Update cli/src/commands/upload.command.ts Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> * es2k23 * use lowercase os * return undefined album name * fix bug in asset response dto * auto fix issues * fix server code style * es2022 and formatting * fix compilation error * fix test * fix config load * fix last lint errors * set string type * bump ts * start work on web * web formatting * Fix UUIDParamDto as UUIDParamDto * fix library service lint * fix web errors * fix errors * formatting * wip * lints fixed * web can now start * alphabetical package json * rename error * chore: clean up --------- Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> 2024-02-02 04:18:00 +01:00			`redirectOAuthToMobile(@Req() request: Request) {`
chore(server): cleanup controllers (#2065) 2023-03-24 00:53:56 -04:00			`return {`
chore(server,cli,web): housekeeping and stricter code style (#6751) * add unicorn to eslint * fix lint errors for cli * fix merge * fix album name extraction * Update cli/src/commands/upload.command.ts Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> * es2k23 * use lowercase os * return undefined album name * fix bug in asset response dto * auto fix issues * fix server code style * es2022 and formatting * fix compilation error * fix test * fix config load * fix last lint errors * set string type * bump ts * start work on web * web formatting * Fix UUIDParamDto as UUIDParamDto * fix library service lint * fix web errors * fix errors * formatting * wip * lints fixed * web can now start * alphabetical package json * rename error * chore: clean up --------- Co-authored-by: Ben McCann <322311+benmccann@users.noreply.github.com> Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> 2024-02-02 04:18:00 +01:00			`url: this.service.getMobileRedirect(request.url),`
chore(server): cleanup controllers (#2065) 2023-03-24 00:53:56 -04:00			`statusCode: HttpStatus.TEMPORARY_REDIRECT,`
			`};`
feat(server): mobile oauth with custom scheme redirect uri (#1204) * feat(server): support providers without support for custom schemas * chore: unit tests * chore: test mobile override * chore: add details to the docs 2022-12-29 15:47:30 -05:00			`}`

refactor(web,server): use feature flags for oauth (#3928) * refactor: oauth to use feature flags * chore: open api * chore: e2e test for authorize endpoint 2023-09-01 07:08:42 -04:00			`@Post('authorize')`
feat(server): better api error messages (for unhandled exceptions) (#4817) * feat(server): better error messages * chore: open api * chore: remove debug log * fix: syntax error * fix: e2e test 2023-11-03 21:33:15 -04:00			`startOAuth(@Body() dto: OAuthConfigDto): Promise<OAuthAuthorizeResponseDto> {`
refactor(web,server): use feature flags for oauth (#3928) * refactor: oauth to use feature flags * chore: open api * chore: e2e test for authorize endpoint 2023-09-01 07:08:42 -04:00			`return this.service.authorize(dto);`
			`}`

feat(server): mobile oauth with custom scheme redirect uri (#1204) * feat(server): support providers without support for custom schemas * chore: unit tests * chore: test mobile override * chore: add details to the docs 2022-12-29 15:47:30 -05:00			`@Post('callback')`
feat(server): better api error messages (for unhandled exceptions) (#4817) * feat(server): better error messages * chore: open api * chore: remove debug log * fix: syntax error * fix: e2e test 2023-11-03 21:33:15 -04:00			`async finishOAuth(`
refactor(server): auth service (#1383) * refactor: auth * chore: tests * Remove await on non-async method * refactor: constants * chore: remove extra async Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-01-23 23:13:42 -05:00			`@Res({ passthrough: true }) res: Response,`
feat(server): apply ValidationPipe on controllers (#2137) 2023-03-31 17:14:01 +02:00			`@Body() dto: OAuthCallbackDto,`
feat(web,server): manage authorized devices (#2329) * feat: manage authorized devices * chore: open api * get header from mobile app * write header from mobile app * styling * fix unit test * feat: use relative time * feat: update access time * fix: tests * chore: confirm wording * chore: bump test coverage thresholds * feat: add some icons * chore: icon tweaks --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com> 2023-04-25 22:19:23 -04:00			`@GetLoginDetails() loginDetails: LoginDetails,`
feat(mobile) Add OAuth Login On Mobile (#990) * Added return type for oauth/callback * Remove console.log * Redirect app * Wording * Added loading state change * Added OAuth login on mobile * Return correct status for correct redirection * Auto discovery OAuth Login 2022-11-20 11:43:10 -06:00			`): Promise<LoginResponseDto> {`
refactor(server): cookies (#8920) 2024-04-19 11:19:23 -04:00			`const body = await this.service.callback(dto, loginDetails);`
			`return respondWithCookie(res, body, {`
			`isSecure: loginDetails.isSecure,`
			`values: [`
			`{ key: ImmichCookie.ACCESS_TOKEN, value: body.accessToken },`
			`{ key: ImmichCookie.AUTH_TYPE, value: AuthType.OAUTH },`
			`{ key: ImmichCookie.IS_AUTHENTICATED, value: 'true' },`
			`],`
			`});`
feat(server,web): OIDC Implementation (#884) * chore: merge * feat: nullable password * feat: server debugger * chore: regenerate api * feat: auto-register flag * refactor: oauth endpoints * chore: regenerate api * fix: default scope configuration * refactor: pass in redirect uri from client * chore: docs * fix: bugs * refactor: auth services and user repository * fix: select password * fix: tests * fix: get signing algorithm from discovery document * refactor: cookie constants * feat: oauth logout * test: auth services * fix: query param check * fix: regenerate open-api 2022-11-14 21:24:25 -05:00			`}`
feat(web,server): link/unlink oauth account (#1154) * feat(web,server): link/unlink oauth account * chore: linting * fix: broken oauth callback * fix: user core bugs * fix: tests * fix: use user response * chore: update docs * feat: prevent the same oauth account from being linked twice * chore: mock logger 2022-12-26 10:35:52 -05:00
			`@Post('link')`
refactor(server): auth route metadata (#9344) 2024-05-09 13:58:44 -04:00			`@Authenticated()`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`linkOAuthAccount(@Auth() auth: AuthDto, @Body() dto: OAuthCallbackDto): Promise<UserAdminResponseDto> {`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`return this.service.link(auth, dto);`
feat(web,server): link/unlink oauth account (#1154) * feat(web,server): link/unlink oauth account * chore: linting * fix: broken oauth callback * fix: user core bugs * fix: tests * fix: use user response * chore: update docs * feat: prevent the same oauth account from being linked twice * chore: mock logger 2022-12-26 10:35:52 -05:00			`}`

			`@Post('unlink')`
refactor(server): auth route metadata (#9344) 2024-05-09 13:58:44 -04:00			`@Authenticated()`
refactor(server): user endpoints (#9730) * refactor(server): user endpoints * fix repos * fix unit tests --------- Co-authored-by: Daniel Dietzler <mail@ddietzler.dev> Co-authored-by: Alex <alex.tran1502@gmail.com> 2024-05-26 18:15:52 -04:00			`unlinkOAuthAccount(@Auth() auth: AuthDto): Promise<UserAdminResponseDto> {`
refactor(server): auth dto (#5593) * refactor: AuthUserDto => AuthDto * refactor: reorganize auth-dto * refactor: AuthUser() => Auth() 2023-12-09 23:34:12 -05:00			`return this.service.unlink(auth);`
feat(web,server): link/unlink oauth account (#1154) * feat(web,server): link/unlink oauth account * chore: linting * fix: broken oauth callback * fix: user core bugs * fix: tests * fix: use user response * chore: update docs * feat: prevent the same oauth account from being linked twice * chore: mock logger 2022-12-26 10:35:52 -05:00			`}`
feat(server,web): OIDC Implementation (#884) * chore: merge * feat: nullable password * feat: server debugger * chore: regenerate api * feat: auto-register flag * refactor: oauth endpoints * chore: regenerate api * fix: default scope configuration * refactor: pass in redirect uri from client * chore: docs * fix: bugs * refactor: auth services and user repository * fix: select password * fix: tests * fix: get signing algorithm from discovery document * refactor: cookie constants * feat: oauth logout * test: auth services * fix: query param check * fix: regenerate open-api 2022-11-14 21:24:25 -05:00			`}`