refactor(server): cookies (#8920)

server/src/controllers/auth.controller.ts

@@ -1,10 +1,11 @@
 import { Body, Controller, HttpCode, HttpStatus, Post, Req, Res } from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
 import { Request, Response } from 'express';
-import { IMMICH_ACCESS_COOKIE, IMMICH_AUTH_TYPE_COOKIE, IMMICH_IS_AUTHENTICATED } from 'src/constants';
+import { AuthType } from 'src/constants';
 import {
   AuthDto,
   ChangePasswordDto,
+  ImmichCookie,
   LoginCredentialDto,
   LoginResponseDto,
   LogoutResponseDto,
@@ -14,6 +15,7 @@ import {
 import { UserResponseDto, mapUser } from 'src/dtos/user.dto';
 import { Auth, Authenticated, GetLoginDetails, PublicRoute } from 'src/middleware/auth.guard';
 import { AuthService, LoginDetails } from 'src/services/auth.service';
+import { respondWithCookie, respondWithoutCookie } from 'src/utils/response';
 
 @ApiTags('Authentication')
 @Controller('auth')
@@ -28,9 +30,15 @@ export class AuthController {
     @Res({ passthrough: true }) res: Response,
     @GetLoginDetails() loginDetails: LoginDetails,
   ): Promise<LoginResponseDto> {
-    const { response, cookie } = await this.service.login(loginCredential, loginDetails);
-    res.header('Set-Cookie', cookie);
-    return response;
+    const body = await this.service.login(loginCredential, loginDetails);
+    return respondWithCookie(res, body, {
+      isSecure: loginDetails.isSecure,
+      values: [
+        { key: ImmichCookie.ACCESS_TOKEN, value: body.accessToken },
+        { key: ImmichCookie.AUTH_TYPE, value: AuthType.PASSWORD },
+        { key: ImmichCookie.IS_AUTHENTICATED, value: 'true' },
+      ],
+    });
   }
 
   @PublicRoute()
@@ -53,15 +61,18 @@ export class AuthController {
 
   @Post('logout')
   @HttpCode(HttpStatus.OK)
-  logout(
+  async logout(
     @Req() request: Request,
     @Res({ passthrough: true }) res: Response,
     @Auth() auth: AuthDto,
   ): Promise<LogoutResponseDto> {
-    res.clearCookie(IMMICH_ACCESS_COOKIE);
-    res.clearCookie(IMMICH_AUTH_TYPE_COOKIE);
-    res.clearCookie(IMMICH_IS_AUTHENTICATED);
+    const authType = (request.cookies || {})[ImmichCookie.AUTH_TYPE];
 
-    return this.service.logout(auth, (request.cookies || {})[IMMICH_AUTH_TYPE_COOKIE]);
+    const body = await this.service.logout(auth, authType);
+    return respondWithoutCookie(res, body, [
+      ImmichCookie.ACCESS_TOKEN,
+      ImmichCookie.AUTH_TYPE,
+      ImmichCookie.IS_AUTHENTICATED,
+    ]);
   }
 }

server/src/controllers/oauth.controller.ts

@@ -1,8 +1,10 @@
 import { Body, Controller, Get, HttpStatus, Post, Redirect, Req, Res } from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
 import { Request, Response } from 'express';
+import { AuthType } from 'src/constants';
 import {
   AuthDto,
+  ImmichCookie,
   LoginResponseDto,
   OAuthAuthorizeResponseDto,
   OAuthCallbackDto,
@@ -11,6 +13,7 @@ import {
 import { UserResponseDto } from 'src/dtos/user.dto';
 import { Auth, Authenticated, GetLoginDetails, PublicRoute } from 'src/middleware/auth.guard';
 import { AuthService, LoginDetails } from 'src/services/auth.service';
+import { respondWithCookie } from 'src/utils/response';
 
 @ApiTags('OAuth')
 @Controller('oauth')
@@ -41,9 +44,15 @@ export class OAuthController {
     @Body() dto: OAuthCallbackDto,
     @GetLoginDetails() loginDetails: LoginDetails,
   ): Promise<LoginResponseDto> {
-    const { response, cookie } = await this.service.callback(dto, loginDetails);
-    res.header('Set-Cookie', cookie);
-    return response;
+    const body = await this.service.callback(dto, loginDetails);
+    return respondWithCookie(res, body, {
+      isSecure: loginDetails.isSecure,
+      values: [
+        { key: ImmichCookie.ACCESS_TOKEN, value: body.accessToken },
+        { key: ImmichCookie.AUTH_TYPE, value: AuthType.OAUTH },
+        { key: ImmichCookie.IS_AUTHENTICATED, value: 'true' },
+      ],
+    });
   }
 
   @Post('link')

server/src/controllers/shared-link.controller.ts

@@ -1,18 +1,19 @@
 import { Body, Controller, Delete, Get, Param, Patch, Post, Put, Query, Req, Res } from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
 import { Request, Response } from 'express';
-import { IMMICH_SHARED_LINK_ACCESS_COOKIE } from 'src/constants';
 import { AssetIdsResponseDto } from 'src/dtos/asset-ids.response.dto';
 import { AssetIdsDto } from 'src/dtos/asset.dto';
-import { AuthDto } from 'src/dtos/auth.dto';
+import { AuthDto, ImmichCookie } from 'src/dtos/auth.dto';
 import {
   SharedLinkCreateDto,
   SharedLinkEditDto,
   SharedLinkPasswordDto,
   SharedLinkResponseDto,
 } from 'src/dtos/shared-link.dto';
-import { Auth, Authenticated, SharedLinkRoute } from 'src/middleware/auth.guard';
+import { Auth, Authenticated, GetLoginDetails, SharedLinkRoute } from 'src/middleware/auth.guard';
+import { LoginDetails } from 'src/services/auth.service';
 import { SharedLinkService } from 'src/services/shared-link.service';
+import { respondWithCookie } from 'src/utils/response';
 import { UUIDParamDto } from 'src/validation';
 
 @ApiTags('Shared Link')
@@ -33,20 +34,17 @@ export class SharedLinkController {
     @Query() dto: SharedLinkPasswordDto,
     @Req() request: Request,
     @Res({ passthrough: true }) res: Response,
+    @GetLoginDetails() loginDetails: LoginDetails,
   ): Promise<SharedLinkResponseDto> {
-    const sharedLinkToken = request.cookies?.[IMMICH_SHARED_LINK_ACCESS_COOKIE];
+    const sharedLinkToken = request.cookies?.[ImmichCookie.SHARED_LINK_TOKEN];
     if (sharedLinkToken) {
       dto.token = sharedLinkToken;
     }
-    const response = await this.service.getMine(auth, dto);
-    if (response.token) {
-      res.cookie(IMMICH_SHARED_LINK_ACCESS_COOKIE, response.token, {
-        expires: new Date(Date.now() + 1000 * 60 * 60 * 24),
-        httpOnly: true,
-        sameSite: 'lax',
-      });
-    }
-    return response;
+    const body = await this.service.getMine(auth, dto);
+    return respondWithCookie(res, body, {
+      isSecure: loginDetails.isSecure,
+      values: body.token ? [{ key: ImmichCookie.SHARED_LINK_TOKEN, value: body.token }] : [],
+    });
   }
 
   @Get(':id')