fix(server): don't publicly reveal user count (#4409)

* fix: don't reveal user count publicly * fix: mobile and user controller * fix: update other frontend endpoints * fix: revert openapi change * chore: open api * fix: initialize * openapi --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2025-11-14 17:36:12 +00:00 · 2023-10-11 04:37:13 +02:00 · 2023-10-11 04:37:13 +02:00 · 41befc0948
commit 41befc0948
parent 09bf1c9175
20 changed files with 101 additions and 15 deletions
--- a/web/src/api/open-api/api.ts
+++ b/web/src/api/open-api/api.ts
@ -2582,6 +2582,12 @@ export interface SearchResponseDto {
 * @interface ServerConfigDto
 */
 export interface ServerConfigDto {
+    /**
+     * 
+     * @type {boolean}
+     * @memberof ServerConfigDto
+     */
+    'isInitialized': boolean;
    /**
     * 
     * @type {string}
@ -15081,6 +15087,15 @@ export const UserApiAxiosParamCreator = function (configuration?: Configuration)
            const localVarHeaderParameter = {} as any;
            const localVarQueryParameter = {} as any;

+            // authentication cookie required
+
+            // authentication api_key required
+            await setApiKeyToObject(localVarHeaderParameter, "x-api-key", configuration)
+
+            // authentication bearer required
+            // http bearer authentication required
+            await setBearerAuthToObject(localVarHeaderParameter, configuration)
+
            if (admin !== undefined) {
                localVarQueryParameter['admin'] = admin;
            }
--- a/web/src/lib/stores/server-config.store.ts
+++ b/web/src/lib/stores/server-config.store.ts
@ -27,6 +27,7 @@ export const serverConfig = writable<ServerConfig>({
  mapTileUrl: '',
  loginPageMessage: '',
  trashDays: 30,
+  isInitialized: false,
 });

 export const loadConfig = async () => {
--- a/web/src/routes/+page.server.ts
+++ b/web/src/routes/+page.server.ts
@ -10,10 +10,10 @@ export const load = (async ({ parent, locals: { api } }) => {
    throw redirect(302, AppRoute.PHOTOS);
  }

-  const { data } = await api.userApi.getUserCount({ admin: true });
+  const { data } = await api.serverInfoApi.getServerConfig();

-  if (data.userCount > 0) {
-    // Redirect to login page if an admin is already registered.
+  if (data.isInitialized) {
+    // Redirect to login page if there exists an admin account (i.e. server is initialized)
    throw redirect(302, AppRoute.AUTH_LOGIN);
  }

--- a/web/src/routes/auth/login/+page.server.ts
+++ b/web/src/routes/auth/login/+page.server.ts
@ -3,8 +3,8 @@ import { redirect } from '@sveltejs/kit';
 import type { PageServerLoad } from './$types';

 export const load = (async ({ locals: { api } }) => {
-  const { data } = await api.userApi.getUserCount({ admin: true });
-  if (data.userCount === 0) {
+  const { data } = await api.serverInfoApi.getServerConfig();
+  if (!data.isInitialized) {
    // Admin not registered
    throw redirect(302, AppRoute.AUTH_REGISTER);
  }
--- a/web/src/routes/auth/register/+page.server.ts
+++ b/web/src/routes/auth/register/+page.server.ts
@ -3,8 +3,8 @@ import { redirect } from '@sveltejs/kit';
 import type { PageServerLoad } from './$types';

 export const load = (async ({ locals: { api } }) => {
-  const { data } = await api.userApi.getUserCount({ admin: true });
-  if (data.userCount != 0) {
+  const { data } = await api.serverInfoApi.getServerConfig();
+  if (data.isInitialized) {
    // Admin has been registered, redirect to login
    throw redirect(302, AppRoute.AUTH_LOGIN);
  }