Infrastructure/immich
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2025-03-04 02:11:44 -05:00
Code Issues Activity

refactor: api key repository (#15491)

Browse source
This commit is contained in:
Jason Rasmussen 2025-01-21 11:45:59 -05:00 committed by GitHub
parent 1745f48f3d
commit 9a1068c867
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 44 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
server/src/interfaces/api-key.interface.ts
View file

@ -1,19 +0,0 @@
import { Insertable } from 'kysely';
import { ApiKeys } from 'src/db';
import { APIKeyEntity } from 'src/entities/api-key.entity';
import { AuthApiKey } from 'src/types';
export const IKeyRepository = 'IKeyRepository';
export interface IKeyRepository {
create(dto: Insertable<ApiKeys>): Promise<APIKeyEntity>;
update(userId: string, id: string, dto: Partial<APIKeyEntity>): Promise<APIKeyEntity>;
delete(userId: string, id: string): Promise<void>;
/**
* Includes the hashed `key` for verification
* @param id
*/
getKey(hashedToken: string): Promise<AuthApiKey | undefined>;
getById(userId: string, id: string): Promise<APIKeyEntity | null>;
getByUserId(userId: string): Promise<APIKeyEntity[]>;
}

40
server/src/repositories/api-key.repository.ts
View file

@ -1,50 +1,36 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Insertable, Kysely, Updateable } from 'kysely';
import { InjectKysely } from 'nestjs-kysely';
import { ApiKeys, DB } from 'src/db';
import { DummyValue, GenerateSql } from 'src/decorators';
import { APIKeyEntity } from 'src/entities/api-key.entity';
import { IKeyRepository } from 'src/interfaces/api-key.interface';
import { AuthApiKey } from 'src/types';
import { asUuid } from 'src/utils/database';
import { Repository } from 'typeorm';
const columns = ['id', 'name', 'userId', 'createdAt', 'updatedAt', 'permissions'] as const;
@Injectable()
export class ApiKeyRepository implements IKeyRepository {
constructor(
@InjectRepository(APIKeyEntity) private repository: Repository<APIKeyEntity>,
@InjectKysely() private db: Kysely<DB>,
) {}
export class ApiKeyRepository {
constructor(@InjectKysely() private db: Kysely<DB>) {}
async create(dto: Insertable<ApiKeys>): Promise<APIKeyEntity> {
const { id, name, createdAt, updatedAt, permissions } = await this.db
.insertInto('api_keys')
.values(dto)
.returningAll()
.executeTakeFirstOrThrow();
return { id, name, createdAt, updatedAt, permissions } as APIKeyEntity;
create(dto: Insertable<ApiKeys>) {
return this.db.insertInto('api_keys').values(dto).returningAll().executeTakeFirstOrThrow();
}
async update(userId: string, id: string, dto: Updateable<ApiKeys>): Promise<APIKeyEntity> {
async update(userId: string, id: string, dto: Updateable<ApiKeys>) {
return this.db
.updateTable('api_keys')
.set(dto)
.where('api_keys.userId', '=', userId)
.where('id', '=', asUuid(id))
.returningAll()
.executeTakeFirstOrThrow() as unknown as Promise<APIKeyEntity>;
.executeTakeFirstOrThrow();
}
async delete(userId: string, id: string): Promise<void> {
async delete(userId: string, id: string) {
await this.db.deleteFrom('api_keys').where('userId', '=', userId).where('id', '=', asUuid(id)).execute();
}
@GenerateSql({ params: [DummyValue.STRING] })
getKey(hashedToken: string): Promise<AuthApiKey | undefined> {
getKey(hashedToken: string) {
return this.db
.selectFrom('api_keys')
.innerJoinLateral(
@ -72,26 +58,26 @@ export class ApiKeyRepository implements IKeyRepository {
eb.fn.toJson('user').as('user'),
])
.where('api_keys.key', '=', hashedToken)
.executeTakeFirst() as Promise<AuthApiKey | undefined>;
.executeTakeFirst();
}
@GenerateSql({ params: [DummyValue.UUID, DummyValue.UUID] })
getById(userId: string, id: string): Promise<APIKeyEntity | null> {
getById(userId: string, id: string) {
return this.db
.selectFrom('api_keys')
.select(columns)
.where('id', '=', asUuid(id))
.where('userId', '=', userId)
.executeTakeFirst() as unknown as Promise<APIKeyEntity | null>;
.executeTakeFirst();
}
@GenerateSql({ params: [DummyValue.UUID] })
getByUserId(userId: string): Promise<APIKeyEntity[]> {
getByUserId(userId: string) {
return this.db
.selectFrom('api_keys')
.select(columns)
.where('userId', '=', userId)
.orderBy('createdAt', 'desc')
.execute() as unknown as Promise<APIKeyEntity[]>;
.execute();
}
}

3
server/src/repositories/index.ts
View file

@ -1,6 +1,5 @@
import { IAlbumUserRepository } from 'src/interfaces/album-user.interface';
import { IAlbumRepository } from 'src/interfaces/album.interface';
import { IKeyRepository } from 'src/interfaces/api-key.interface';
import { IAssetRepository } from 'src/interfaces/asset.interface';
import { IAuditRepository } from 'src/interfaces/audit.interface';
import { IConfigRepository } from 'src/interfaces/config.interface';
@ -79,6 +78,7 @@ export const repositories = [
//
AccessRepository,
ActivityRepository,
ApiKeyRepository,
];
export const providers = [
@ -92,7 +92,6 @@ export const providers = [
{ provide: IDatabaseRepository, useClass: DatabaseRepository },
{ provide: IEventRepository, useClass: EventRepository },
{ provide: IJobRepository, useClass: JobRepository },
{ provide: IKeyRepository, useClass: ApiKeyRepository },
{ provide: ILibraryRepository, useClass: LibraryRepository },
{ provide: ILoggerRepository, useClass: LoggerRepository },
{ provide: IMachineLearningRepository, useClass: MachineLearningRepository },

10
server/src/services/api-key.service.spec.ts
View file

@ -1,8 +1,8 @@
import { BadRequestException } from '@nestjs/common';
import { Permission } from 'src/enum';
import { IKeyRepository } from 'src/interfaces/api-key.interface';
import { ICryptoRepository } from 'src/interfaces/crypto.interface';
import { APIKeyService } from 'src/services/api-key.service';
import { IApiKeyRepository } from 'src/types';
import { keyStub } from 'test/fixtures/api-key.stub';
import { authStub } from 'test/fixtures/auth.stub';
import { newTestService } from 'test/utils';
@ -12,7 +12,7 @@ describe(APIKeyService.name, () => {
let sut: APIKeyService;
let cryptoMock: Mocked<ICryptoRepository>;
let keyMock: Mocked<IKeyRepository>;
let keyMock: Mocked<IApiKeyRepository>;
beforeEach(() => {
({ sut, cryptoMock, keyMock } = newTestService(APIKeyService));
@ -56,8 +56,6 @@ describe(APIKeyService.name, () => {
describe('update', () => {
it('should throw an error if the key is not found', async () => {
keyMock.getById.mockResolvedValue(null);
await expect(sut.update(authStub.admin, 'random-guid', { name: 'New Name' })).rejects.toBeInstanceOf(
BadRequestException,
);
@ -77,8 +75,6 @@ describe(APIKeyService.name, () => {
describe('delete', () => {
it('should throw an error if the key is not found', async () => {
keyMock.getById.mockResolvedValue(null);
await expect(sut.delete(authStub.admin, 'random-guid')).rejects.toBeInstanceOf(BadRequestException);
expect(keyMock.delete).not.toHaveBeenCalledWith('random-guid');
@ -95,8 +91,6 @@ describe(APIKeyService.name, () => {
describe('getById', () => {
it('should throw an error if the key is not found', async () => {
keyMock.getById.mockResolvedValue(null);
await expect(sut.getById(authStub.admin, 'random-guid')).rejects.toBeInstanceOf(BadRequestException);
expect(keyMock.getById).toHaveBeenCalledWith(authStub.admin.user.id, 'random-guid');

7
server/src/services/api-key.service.ts
View file

@ -1,8 +1,9 @@
import { BadRequestException, Injectable } from '@nestjs/common';
import { APIKeyCreateDto, APIKeyCreateResponseDto, APIKeyResponseDto, APIKeyUpdateDto } from 'src/dtos/api-key.dto';
import { AuthDto } from 'src/dtos/auth.dto';
import { APIKeyEntity } from 'src/entities/api-key.entity';
import { Permission } from 'src/enum';
import { BaseService } from 'src/services/base.service';
import { ApiKeyItem } from 'src/types';
import { isGranted } from 'src/utils/access';
@Injectable()
@ -57,13 +58,13 @@ export class APIKeyService extends BaseService {
return keys.map((key) => this.map(key));
}
private map(entity: APIKeyEntity): APIKeyResponseDto {
private map(entity: ApiKeyItem): APIKeyResponseDto {
return {
id: entity.id,
name: entity.name,
createdAt: entity.createdAt,
updatedAt: entity.updatedAt,
permissions: entity.permissions,
permissions: entity.permissions as Permission[],
};
}
}

4
server/src/services/auth.service.spec.ts
View file

@ -3,7 +3,6 @@ import { AuthDto, SignUpDto } from 'src/dtos/auth.dto';
import { UserMetadataEntity } from 'src/entities/user-metadata.entity';
import { UserEntity } from 'src/entities/user.entity';
import { AuthType, Permission } from 'src/enum';
import { IKeyRepository } from 'src/interfaces/api-key.interface';
import { ICryptoRepository } from 'src/interfaces/crypto.interface';
import { IEventRepository } from 'src/interfaces/event.interface';
import { IOAuthRepository } from 'src/interfaces/oauth.interface';
@ -12,6 +11,7 @@ import { ISharedLinkRepository } from 'src/interfaces/shared-link.interface';
import { ISystemMetadataRepository } from 'src/interfaces/system-metadata.interface';
import { IUserRepository } from 'src/interfaces/user.interface';
import { AuthService } from 'src/services/auth.service';
import { IApiKeyRepository } from 'src/types';
import { keyStub } from 'test/fixtures/api-key.stub';
import { authStub } from 'test/fixtures/auth.stub';
import { sessionStub } from 'test/fixtures/session.stub';
@ -62,7 +62,7 @@ describe('AuthService', () => {
let cryptoMock: Mocked<ICryptoRepository>;
let eventMock: Mocked<IEventRepository>;
let keyMock: Mocked<IKeyRepository>;
let keyMock: Mocked<IApiKeyRepository>;
let oauthMock: Mocked<IOAuthRepository>;
let sessionMock: Mocked<ISessionRepository>;
let sharedLinkMock: Mocked<ISharedLinkRepository>;

6
server/src/services/auth.service.ts
View file

@ -21,6 +21,7 @@ import { UserEntity } from 'src/entities/user.entity';
import { AuthType, ImmichCookie, ImmichHeader, ImmichQuery, Permission } from 'src/enum';
import { OAuthProfile } from 'src/interfaces/oauth.interface';
import { BaseService } from 'src/services/base.service';
import { AuthApiKey } from 'src/types';
import { isGranted } from 'src/utils/access';
import { HumanReadableSize } from 'src/utils/bytes';
@ -309,7 +310,10 @@ export class AuthService extends BaseService {
const hashedKey = this.cryptoRepository.hashSha256(key);
const apiKey = await this.keyRepository.getKey(hashedKey);
if (apiKey) {
return { user: apiKey.user, apiKey };
return {
user: apiKey.user as unknown as UserEntity,
apiKey: apiKey as unknown as AuthApiKey,
};
}
throw new UnauthorizedException('Invalid API key');

4
server/src/services/base.service.ts
View file

@ -8,7 +8,6 @@ import { Users } from 'src/db';
import { UserEntity } from 'src/entities/user.entity';
import { IAlbumUserRepository } from 'src/interfaces/album-user.interface';
import { IAlbumRepository } from 'src/interfaces/album.interface';
import { IKeyRepository } from 'src/interfaces/api-key.interface';
import { IAssetRepository } from 'src/interfaces/asset.interface';
import { IAuditRepository } from 'src/interfaces/audit.interface';
import { IConfigRepository } from 'src/interfaces/config.interface';
@ -45,6 +44,7 @@ import { IVersionHistoryRepository } from 'src/interfaces/version-history.interf
import { IViewRepository } from 'src/interfaces/view.interface';
import { AccessRepository } from 'src/repositories/access.repository';
import { ActivityRepository } from 'src/repositories/activity.repository';
import { ApiKeyRepository } from 'src/repositories/api-key.repository';
import { AccessRequest, checkAccess, requireAccess } from 'src/utils/access';
import { getConfig, updateConfig } from 'src/utils/config';
@ -65,7 +65,7 @@ export class BaseService {
@Inject(IDatabaseRepository) protected databaseRepository: IDatabaseRepository,
@Inject(IEventRepository) protected eventRepository: IEventRepository,
@Inject(IJobRepository) protected jobRepository: IJobRepository,
@Inject(IKeyRepository) protected keyRepository: IKeyRepository,
protected keyRepository: ApiKeyRepository,
@Inject(ILibraryRepository) protected libraryRepository: ILibraryRepository,
@Inject(IMachineLearningRepository) protected machineLearningRepository: IMachineLearningRepository,
@Inject(IMapRepository) protected mapRepository: IMapRepository,

7
server/src/types.ts
View file

@ -2,6 +2,7 @@ import { UserEntity } from 'src/entities/user.entity';
import { Permission } from 'src/enum';
import { AccessRepository } from 'src/repositories/access.repository';
import { ActivityRepository } from 'src/repositories/activity.repository';
import { ApiKeyRepository } from 'src/repositories/api-key.repository';
export type AuthApiKey = {
id: string;
@ -14,7 +15,13 @@ export type RepositoryInterface<T extends object> = Pick<T, keyof T>;
export type IActivityRepository = RepositoryInterface<ActivityRepository>;
export type IAccessRepository = { [K in keyof AccessRepository]: RepositoryInterface<AccessRepository[K]> };
export type IApiKeyRepository = RepositoryInterface<ApiKeyRepository>;
export type ActivityItem =
| Awaited<ReturnType<IActivityRepository['create']>>
| Awaited<ReturnType<IActivityRepository['search']>>[0];
export type ApiKeyItem =
| Awaited<ReturnType<IApiKeyRepository['create']>>
| NonNullable<Awaited<ReturnType<IApiKeyRepository['getById']>>>
| Awaited<ReturnType<IApiKeyRepository['getByUserId']>>[0];

7
server/test/fixtures/api-key.stub.ts vendored
View file

@ -1,5 +1,3 @@
import { APIKeyEntity } from 'src/entities/api-key.entity';
import { AuthApiKey } from 'src/types';
import { authStub } from 'test/fixtures/auth.stub';
import { userStub } from 'test/fixtures/user.stub';
@ -9,7 +7,7 @@ export const keyStub = {
key: 'my-api-key (hashed)',
user: userStub.admin,
permissions: [],
} as AuthApiKey),
} as any),
admin: Object.freeze({
id: 'my-random-guid',
@ -17,5 +15,6 @@ export const keyStub = {
key: 'my-api-key (hashed)',
userId: authStub.admin.user.id,
user: userStub.admin,
} as APIKeyEntity),
permissions: [],
} as any),
};

4
server/test/repositories/api-key.repository.mock.ts
View file

@ -1,7 +1,7 @@
import { IKeyRepository } from 'src/interfaces/api-key.interface';
import { IApiKeyRepository } from 'src/types';
import { Mocked, vitest } from 'vitest';
export const newKeyRepositoryMock = (): Mocked<IKeyRepository> => {
export const newKeyRepositoryMock = (): Mocked<IApiKeyRepository> => {
return {
create: vitest.fn(),
update: vitest.fn(),

5
server/test/utils.ts
View file

@ -5,8 +5,9 @@ import { ImmichWorker } from 'src/enum';
import { IMetadataRepository } from 'src/interfaces/metadata.interface';
import { AccessRepository } from 'src/repositories/access.repository';
import { ActivityRepository } from 'src/repositories/activity.repository';
import { ApiKeyRepository } from 'src/repositories/api-key.repository';
import { BaseService } from 'src/services/base.service';
import { IAccessRepository, IActivityRepository } from 'src/types';
import { IAccessRepository, IActivityRepository, IApiKeyRepository } from 'src/types';
import { newAccessRepositoryMock } from 'test/repositories/access.repository.mock';
import { newActivityRepositoryMock } from 'test/repositories/activity.repository.mock';
import { newAlbumUserRepositoryMock } from 'test/repositories/album-user.repository.mock';
@ -118,7 +119,7 @@ export const newTestService = <T extends BaseService>(
databaseMock,
eventMock,
jobMock,
keyMock,
keyMock as IApiKeyRepository as ApiKeyRepository,
libraryMock,
machineLearningMock,
mapMock,