Cutlery/immich
1
0
Fork 1
mirror of https://github.com/immich-app/immich.git synced 2025-07-09 03:04:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: return 404 for invalid shared link pages (#19493)

Browse Source
This commit is contained in:
Jason Rasmussen 2025-06-24 11:37:14 -04:00 committed by GitHub
parent 2e13543d5d
commit 88b8afb8d6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 22 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
e2e/src/api/specs/shared-link.e2e-spec.ts
View File

@ -119,6 +119,16 @@ describe('/shared-links', () => {
expect(resp.header['content-type']).toContain('text/html'); expect(resp.header['content-type']).toContain('text/html');
expect(resp.text).toContain(`<meta property="og:image" content="https://my.immich.app`); expect(resp.text).toContain(`<meta property="og:image" content="https://my.immich.app`);
}); });
it('should return 404 for an invalid shared link', async () => {
const resp = await request(shareUrl).get(`/invalid-key`);
expect(resp.status).toBe(404);
expect(resp.header['content-type']).toContain('text/html');
expect(resp.text).not.toContain(`og:type`);
expect(resp.text).not.toContain(`og:title`);
expect(resp.text).not.toContain(`og:description`);
expect(resp.text).not.toContain(`og:image`);
});
}); });
describe('GET /shared-links', () => { describe('GET /shared-links', () => {

36
server/src/services/api.service.ts
View File

@ -78,36 +78,24 @@ export class ApiService {
return next(); return next();
} }
const targets = [ let status = 200;
{
regex: /^\/share\/(.+)$/,
onMatch: async (matches: RegExpMatchArray) => {
const key = matches[1];
const auth = await this.authService.validateSharedLink(key);
return this.sharedLinkService.getMetadataTags(auth);
},
},
];
let html = index; let html = index;
try { const shareMatches = request.url.match(/^\/share\/(.+)$/);
for (const { regex, onMatch } of targets) { if (shareMatches) {
const matches = request.url.match(regex); try {
if (matches) { const key = shareMatches[1];
const meta = await onMatch(matches); const auth = await this.authService.validateSharedLink(key);
if (meta) { const meta = await this.sharedLinkService.getMetadataTags(auth);
html = render(index, meta); if (meta) {
} html = render(index, meta);
break;
} }
} catch {
status = 404;
} }
} catch {
// nothing to do here
} }
res.type('text/html').header('Cache-Control', 'no-store').send(html); res.status(status).type('text/html').header('Cache-Control', 'no-store').send(html);
}; };
} }
} }