mirror of
https://github.com/immich-app/immich.git
synced 2025-01-21 00:52:43 -05:00
refactor(server): license key env (#13162)
This commit is contained in:
parent
2c8c3651de
commit
3ddb5b8733
6 changed files with 37 additions and 41 deletions
|
@ -424,29 +424,3 @@ export const getBuildMetadata = () => ({
|
||||||
thirdPartyDocumentationUrl: process.env.IMMICH_THIRD_PARTY_DOCUMENTATION_URL,
|
thirdPartyDocumentationUrl: process.env.IMMICH_THIRD_PARTY_DOCUMENTATION_URL,
|
||||||
thirdPartySupportUrl: process.env.IMMICH_THIRD_PARTY_SUPPORT_URL,
|
thirdPartySupportUrl: process.env.IMMICH_THIRD_PARTY_SUPPORT_URL,
|
||||||
});
|
});
|
||||||
|
|
||||||
const clientLicensePublicKeyProd =
|
|
||||||
'LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2LzdTMzJjUkE1KysxTm5WRHNDTQpzcFAvakpISU1xT0pYRm5oNE53QTJPcHorUk1mZGNvOTJQc09naCt3d1FlRXYxVTJjMnBqelRpUS8ybHJLcS9rCnpKUmxYd2M0Y1Vlc1FETUpPRitQMnFPTlBiQUprWHZDWFlCVUxpdENJa29Md2ZoU0dOanlJS2FSRGhkL3ROeU4KOCtoTlJabllUMWhTSWo5U0NrS3hVQ096YXRQVjRtQ0RlclMrYkUrZ0VVZVdwOTlWOWF6dkYwRkltblRXcFFTdwpjOHdFWmdPTWg0c3ZoNmFpY3dkemtQQ3dFTGFrMFZhQkgzMUJFVUNRTGI5K0FJdEhBVXRKQ0t4aGI1V2pzMXM5CmJyWGZpMHZycGdjWi82RGFuWTJxZlNQem5PbXZEMkZycmxTMXE0SkpOM1ZvN1d3LzBZeS95TWNtelRXWmhHdWgKVVFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tDQo=';
|
|
||||||
|
|
||||||
const clientLicensePublicKeyStaging =
|
|
||||||
'LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFuSUNyTm5jbGpPSC9JdTNtWVVaRQp0dGJLV1c3OGRuajl5M0U2ekk3dU1NUndEckdYWFhkTGhkUDFxSWtlZHh0clVVeUpCMWR4R04yQW91S082MlNGCldrbU9PTmNGQlRBWFZTdjhUNVY0S0VwWnFQYWEwaXpNaGxMaE5sRXEvY1ZKdllrWlh1Z2x6b1o3cG1nbzFSdHgKam1iRm5NNzhrYTFRUUJqOVdLaEw2eWpWRUl2MDdVS0lKWHBNTnNuS2g1V083MjZhYmMzSE9udTlETjY5VnFFRQo3dGZrUnRWNmx2U1NzMkFVMngzT255cHA4ek53b0lPTWRibGsyb09aWWROZzY0Y3l2SzJoU0FlU3NVMFRyOVc5Ckgra0Y5QlNCNlk0QXl0QlVkSmkrK2pMSW5HM2Q5cU9ieFVzTlYrN05mRkF5NjJkL0xNR0xSOC9OUFc0U0s3c0MKRlFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tDQo=';
|
|
||||||
|
|
||||||
export const getClientLicensePublicKey = (): string => {
|
|
||||||
if (process.env.IMMICH_ENV === 'production') {
|
|
||||||
return clientLicensePublicKeyProd;
|
|
||||||
}
|
|
||||||
return clientLicensePublicKeyStaging;
|
|
||||||
};
|
|
||||||
|
|
||||||
const serverLicensePublicKeyProd =
|
|
||||||
'LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFvcG5ZRGEwYS9kVTVJZUc3NGlFRQpNd2RBS2pzTmN6TGRDcVJkMVo5eTVUMndqTzdlWUlPZUpUc2wzNTBzUjBwNEtmU1VEU1h2QzlOcERwYzF0T0tsCjVzaEMvQXhwdlFBTENva0Y0anQ4dnJyZDlmQ2FYYzFUcVJiT21uaGl1Z0Q2dmtyME8vRmIzVURpM1UwVHZoUFAKbFBkdlNhd3pMcldaUExmbUhWVnJiclNLbW45SWVTZ3kwN3VrV1RJeUxzY2lOcnZuQnl3c0phUmVEdW9OV1BCSApVL21vMm1YYThtNHdNV2hpWGVoaUlPUXFNdVNVZ1BlQ3NXajhVVngxQ0dsUnpQREEwYlZOUXZlS1hXVnhjRUk2ClVMRWdKeTJGNDlsSDArYVlDbUJmN05FcjZWUTJXQjk1ZXZUS1hLdm4wcUlNN25nRmxjVUF3NmZ1VjFjTkNUSlMKNndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tDQo=';
|
|
||||||
|
|
||||||
const serverLicensePublicKeyStaging =
|
|
||||||
'LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE3Sy8yd3ZLUS9NdU8ydi9MUm5saAoyUy9zTHhDOGJiTEw1UUlKOGowQ3BVZW40YURlY2dYMUpKUmtGNlpUVUtpNTdTbEhtS3RSM2JOTzJmdTBUUVg5Ck5WMEJzVzllZVB0MmlTMWl4VVFmTzRObjdvTjZzbEtac01qd29RNGtGRGFmM3VHTlZJc0dMb3UxVWRLUVhpeDEKUlRHcXVTb3NZVjNWRlk3Q1hGYTVWaENBL3poVXNsNGFuVXp3eEF6M01jUFVlTXBaenYvbVZiQlRKVzBPSytWZgpWQUJvMXdYMkVBanpBekVHVzQ3Vko4czhnMnQrNHNPaHFBNStMQjBKVzlORUg5QUpweGZzWE4zSzVtM00yNUJVClZXcTlRYStIdHRENnJ0bnAvcUFweXVkWUdwZk9HYTRCUlZTR1MxMURZM0xrb2FlRzYwUEU5NHpoYjduOHpMWkgKelFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tDQo=';
|
|
||||||
|
|
||||||
export const getServerLicensePublicKey = (): string => {
|
|
||||||
if (process.env.IMMICH_ENV === 'production') {
|
|
||||||
return serverLicensePublicKeyProd;
|
|
||||||
}
|
|
||||||
return serverLicensePublicKeyStaging;
|
|
||||||
};
|
|
||||||
|
|
|
@ -14,6 +14,11 @@ export interface EnvData {
|
||||||
vectorExtension: VectorExtension;
|
vectorExtension: VectorExtension;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
licensePublicKey: {
|
||||||
|
client: string;
|
||||||
|
server: string;
|
||||||
|
};
|
||||||
|
|
||||||
storage: {
|
storage: {
|
||||||
ignoreMountCheckErrors: boolean;
|
ignoreMountCheckErrors: boolean;
|
||||||
};
|
};
|
||||||
|
|
|
@ -6,6 +6,20 @@ import { setDifference } from 'src/utils/set';
|
||||||
|
|
||||||
// TODO replace src/config validation with class-validator, here
|
// TODO replace src/config validation with class-validator, here
|
||||||
|
|
||||||
|
const productionKeys = {
|
||||||
|
client:
|
||||||
|
'LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2LzdTMzJjUkE1KysxTm5WRHNDTQpzcFAvakpISU1xT0pYRm5oNE53QTJPcHorUk1mZGNvOTJQc09naCt3d1FlRXYxVTJjMnBqelRpUS8ybHJLcS9rCnpKUmxYd2M0Y1Vlc1FETUpPRitQMnFPTlBiQUprWHZDWFlCVUxpdENJa29Md2ZoU0dOanlJS2FSRGhkL3ROeU4KOCtoTlJabllUMWhTSWo5U0NrS3hVQ096YXRQVjRtQ0RlclMrYkUrZ0VVZVdwOTlWOWF6dkYwRkltblRXcFFTdwpjOHdFWmdPTWg0c3ZoNmFpY3dkemtQQ3dFTGFrMFZhQkgzMUJFVUNRTGI5K0FJdEhBVXRKQ0t4aGI1V2pzMXM5CmJyWGZpMHZycGdjWi82RGFuWTJxZlNQem5PbXZEMkZycmxTMXE0SkpOM1ZvN1d3LzBZeS95TWNtelRXWmhHdWgKVVFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tDQo=',
|
||||||
|
server:
|
||||||
|
'LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFvcG5ZRGEwYS9kVTVJZUc3NGlFRQpNd2RBS2pzTmN6TGRDcVJkMVo5eTVUMndqTzdlWUlPZUpUc2wzNTBzUjBwNEtmU1VEU1h2QzlOcERwYzF0T0tsCjVzaEMvQXhwdlFBTENva0Y0anQ4dnJyZDlmQ2FYYzFUcVJiT21uaGl1Z0Q2dmtyME8vRmIzVURpM1UwVHZoUFAKbFBkdlNhd3pMcldaUExmbUhWVnJiclNLbW45SWVTZ3kwN3VrV1RJeUxzY2lOcnZuQnl3c0phUmVEdW9OV1BCSApVL21vMm1YYThtNHdNV2hpWGVoaUlPUXFNdVNVZ1BlQ3NXajhVVngxQ0dsUnpQREEwYlZOUXZlS1hXVnhjRUk2ClVMRWdKeTJGNDlsSDArYVlDbUJmN05FcjZWUTJXQjk1ZXZUS1hLdm4wcUlNN25nRmxjVUF3NmZ1VjFjTkNUSlMKNndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tDQo=',
|
||||||
|
};
|
||||||
|
|
||||||
|
const stagingKeys = {
|
||||||
|
client:
|
||||||
|
'LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFuSUNyTm5jbGpPSC9JdTNtWVVaRQp0dGJLV1c3OGRuajl5M0U2ekk3dU1NUndEckdYWFhkTGhkUDFxSWtlZHh0clVVeUpCMWR4R04yQW91S082MlNGCldrbU9PTmNGQlRBWFZTdjhUNVY0S0VwWnFQYWEwaXpNaGxMaE5sRXEvY1ZKdllrWlh1Z2x6b1o3cG1nbzFSdHgKam1iRm5NNzhrYTFRUUJqOVdLaEw2eWpWRUl2MDdVS0lKWHBNTnNuS2g1V083MjZhYmMzSE9udTlETjY5VnFFRQo3dGZrUnRWNmx2U1NzMkFVMngzT255cHA4ek53b0lPTWRibGsyb09aWWROZzY0Y3l2SzJoU0FlU3NVMFRyOVc5Ckgra0Y5QlNCNlk0QXl0QlVkSmkrK2pMSW5HM2Q5cU9ieFVzTlYrN05mRkF5NjJkL0xNR0xSOC9OUFc0U0s3c0MKRlFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tDQo=',
|
||||||
|
server:
|
||||||
|
'LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE3Sy8yd3ZLUS9NdU8ydi9MUm5saAoyUy9zTHhDOGJiTEw1UUlKOGowQ3BVZW40YURlY2dYMUpKUmtGNlpUVUtpNTdTbEhtS3RSM2JOTzJmdTBUUVg5Ck5WMEJzVzllZVB0MmlTMWl4VVFmTzRObjdvTjZzbEtac01qd29RNGtGRGFmM3VHTlZJc0dMb3UxVWRLUVhpeDEKUlRHcXVTb3NZVjNWRlk3Q1hGYTVWaENBL3poVXNsNGFuVXp3eEF6M01jUFVlTXBaenYvbVZiQlRKVzBPSytWZgpWQUJvMXdYMkVBanpBekVHVzQ3Vko4czhnMnQrNHNPaHFBNStMQjBKVzlORUg5QUpweGZzWE4zSzVtM00yNUJVClZXcTlRYStIdHRENnJ0bnAvcUFweXVkWUdwZk9HYTRCUlZTR1MxMURZM0xrb2FlRzYwUEU5NHpoYjduOHpMWkgKelFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tDQo=',
|
||||||
|
};
|
||||||
|
|
||||||
const WORKER_TYPES = new Set(Object.values(ImmichWorker));
|
const WORKER_TYPES = new Set(Object.values(ImmichWorker));
|
||||||
|
|
||||||
const asSet = (value: string | undefined, defaults: ImmichWorker[]) => {
|
const asSet = (value: string | undefined, defaults: ImmichWorker[]) => {
|
||||||
|
@ -25,15 +39,19 @@ export class ConfigRepository implements IConfigRepository {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const environment = process.env.IMMICH_ENV as ImmichEnvironment;
|
||||||
|
const isProd = environment === ImmichEnvironment.PRODUCTION;
|
||||||
|
|
||||||
return {
|
return {
|
||||||
port: Number(process.env.IMMICH_PORT) || 3001,
|
port: Number(process.env.IMMICH_PORT) || 3001,
|
||||||
environment: process.env.IMMICH_ENV as ImmichEnvironment,
|
environment,
|
||||||
configFile: process.env.IMMICH_CONFIG_FILE,
|
configFile: process.env.IMMICH_CONFIG_FILE,
|
||||||
logLevel: process.env.IMMICH_LOG_LEVEL as LogLevel,
|
logLevel: process.env.IMMICH_LOG_LEVEL as LogLevel,
|
||||||
database: {
|
database: {
|
||||||
skipMigrations: process.env.DB_SKIP_MIGRATIONS === 'true',
|
skipMigrations: process.env.DB_SKIP_MIGRATIONS === 'true',
|
||||||
vectorExtension: getVectorExtension(),
|
vectorExtension: getVectorExtension(),
|
||||||
},
|
},
|
||||||
|
licensePublicKey: isProd ? productionKeys : stagingKeys,
|
||||||
storage: {
|
storage: {
|
||||||
ignoreMountCheckErrors: process.env.IMMICH_IGNORE_MOUNT_CHECK_ERRORS === 'true',
|
ignoreMountCheckErrors: process.env.IMMICH_IGNORE_MOUNT_CHECK_ERRORS === 'true',
|
||||||
},
|
},
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
import { BadRequestException, Injectable, NotFoundException } from '@nestjs/common';
|
import { BadRequestException, Injectable, NotFoundException } from '@nestjs/common';
|
||||||
import { getBuildMetadata, getServerLicensePublicKey } from 'src/config';
|
import { getBuildMetadata } from 'src/config';
|
||||||
import { serverVersion } from 'src/constants';
|
import { serverVersion } from 'src/constants';
|
||||||
import { StorageCore } from 'src/cores/storage.core';
|
import { StorageCore } from 'src/cores/storage.core';
|
||||||
import { OnEvent } from 'src/decorators';
|
import { OnEvent } from 'src/decorators';
|
||||||
|
@ -162,20 +162,13 @@ export class ServerService extends BaseService {
|
||||||
if (!dto.licenseKey.startsWith('IMSV-')) {
|
if (!dto.licenseKey.startsWith('IMSV-')) {
|
||||||
throw new BadRequestException('Invalid license key');
|
throw new BadRequestException('Invalid license key');
|
||||||
}
|
}
|
||||||
const licenseValid = this.cryptoRepository.verifySha256(
|
const { licensePublicKey } = this.configRepository.getEnv();
|
||||||
dto.licenseKey,
|
const licenseValid = this.cryptoRepository.verifySha256(dto.licenseKey, dto.activationKey, licensePublicKey.server);
|
||||||
dto.activationKey,
|
|
||||||
getServerLicensePublicKey(),
|
|
||||||
);
|
|
||||||
|
|
||||||
if (!licenseValid) {
|
if (!licenseValid) {
|
||||||
throw new BadRequestException('Invalid license key');
|
throw new BadRequestException('Invalid license key');
|
||||||
}
|
}
|
||||||
|
|
||||||
const licenseData = {
|
const licenseData = { ...dto, activatedAt: new Date() };
|
||||||
...dto,
|
|
||||||
activatedAt: new Date(),
|
|
||||||
};
|
|
||||||
|
|
||||||
await this.systemMetadataRepository.set(SystemMetadataKey.LICENSE, licenseData);
|
await this.systemMetadataRepository.set(SystemMetadataKey.LICENSE, licenseData);
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
import { BadRequestException, Injectable, NotFoundException } from '@nestjs/common';
|
import { BadRequestException, Injectable, NotFoundException } from '@nestjs/common';
|
||||||
import { DateTime } from 'luxon';
|
import { DateTime } from 'luxon';
|
||||||
import { getClientLicensePublicKey, getServerLicensePublicKey } from 'src/config';
|
|
||||||
import { SALT_ROUNDS } from 'src/constants';
|
import { SALT_ROUNDS } from 'src/constants';
|
||||||
import { StorageCore } from 'src/cores/storage.core';
|
import { StorageCore } from 'src/cores/storage.core';
|
||||||
import { AuthDto } from 'src/dtos/auth.dto';
|
import { AuthDto } from 'src/dtos/auth.dto';
|
||||||
|
@ -133,16 +132,18 @@ export class UserService extends BaseService {
|
||||||
throw new BadRequestException('Invalid license key');
|
throw new BadRequestException('Invalid license key');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const { licensePublicKey } = this.configRepository.getEnv();
|
||||||
|
|
||||||
const clientLicenseValid = this.cryptoRepository.verifySha256(
|
const clientLicenseValid = this.cryptoRepository.verifySha256(
|
||||||
license.licenseKey,
|
license.licenseKey,
|
||||||
license.activationKey,
|
license.activationKey,
|
||||||
getClientLicensePublicKey(),
|
licensePublicKey.client,
|
||||||
);
|
);
|
||||||
|
|
||||||
const serverLicenseValid = this.cryptoRepository.verifySha256(
|
const serverLicenseValid = this.cryptoRepository.verifySha256(
|
||||||
license.licenseKey,
|
license.licenseKey,
|
||||||
license.activationKey,
|
license.activationKey,
|
||||||
getServerLicensePublicKey(),
|
licensePublicKey.server,
|
||||||
);
|
);
|
||||||
|
|
||||||
if (!clientLicenseValid && !serverLicenseValid) {
|
if (!clientLicenseValid && !serverLicenseValid) {
|
||||||
|
|
|
@ -12,6 +12,11 @@ const envData: EnvData = {
|
||||||
vectorExtension: DatabaseExtension.VECTORS,
|
vectorExtension: DatabaseExtension.VECTORS,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
licensePublicKey: {
|
||||||
|
client: 'client-public-key',
|
||||||
|
server: 'server-public-key',
|
||||||
|
},
|
||||||
|
|
||||||
storage: {
|
storage: {
|
||||||
ignoreMountCheckErrors: false,
|
ignoreMountCheckErrors: false,
|
||||||
},
|
},
|
||||||
|
|
Loading…
Add table
Reference in a new issue