Cutlery/immich
1
0
Fork 1
mirror of https://github.com/immich-app/immich.git synced 2026-04-03 15:52:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

chore: use esm global import (#27408)

Browse Source
This commit is contained in:
Daniel Dietzler 2026-03-31 00:22:07 +02:00 committed by GitHub
parent ce346bf956
commit a2e3635ac9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
server/src/repositories/oauth.repository.ts
View File

@ -1,5 +1,19 @@
import { Injectable, InternalServerErrorException } from '@nestjs/common';
import type { UserInfoResponse } from 'openid-client' with { 'resolution-mode': 'import' };
import {
allowInsecureRequests,
authorizationCodeGrant,
buildAuthorizationUrl,
calculatePKCECodeChallenge,
ClientSecretBasic,
ClientSecretPost,
discovery,
fetchUserInfo,
None,
randomPKCECodeVerifier,
randomState,
skipSubjectCheck,
type UserInfoResponse,
} from 'openid-client';
import { OAuthTokenEndpointAuthMethod } from 'src/enum';
import { LoggingRepository } from 'src/repositories/logging.repository';
@ -24,8 +38,6 @@ export class OAuthRepository {
}
async authorize(config: OAuthConfig, redirectUrl: string, state?: string, codeChallenge?: string) {
const { buildAuthorizationUrl, randomState, randomPKCECodeVerifier, calculatePKCECodeChallenge } =
await import('openid-client');
const client = await this.getClient(config);
state ??= randomState();
@ -64,7 +76,6 @@ export class OAuthRepository {
expectedState: string,
codeVerifier: string,
): Promise<OAuthProfile> {
const { authorizationCodeGrant, fetchUserInfo, ...oidc } = await import('openid-client');
const client = await this.getClient(config);
const pkceCodeVerifier = client.serverMetadata().supportsPKCE() ? codeVerifier : undefined;
@ -77,7 +88,7 @@ export class OAuthRepository {
this.logger.debug('Using ID token claims instead of userinfo endpoint');
profile = tokenClaims as OAuthProfile;
} else {
profile = await fetchUserInfo(client, tokens.access_token, oidc.skipSubjectCheck);
profile = await fetchUserInfo(client, tokens.access_token, skipSubjectCheck);
}
if (!profile.sub) {
@ -124,7 +135,6 @@ export class OAuthRepository {
timeout,
}: OAuthConfig) {
try {
const { allowInsecureRequests, discovery } = await import('openid-client');
return await discovery(
new URL(issuerUrl),
clientId,
@ -134,7 +144,7 @@ export class OAuthRepository {
userinfo_signed_response_alg: profileSigningAlgorithm === 'none' ? undefined : profileSigningAlgorithm,
id_token_signed_response_alg: signingAlgorithm,
},
await this.getTokenAuthMethod(tokenEndpointAuthMethod, clientSecret),
this.getTokenAuthMethod(tokenEndpointAuthMethod, clientSecret),
{
execute: [allowInsecureRequests],
timeout,
@ -146,9 +156,7 @@ export class OAuthRepository {
}
}
private async getTokenAuthMethod(tokenEndpointAuthMethod: OAuthTokenEndpointAuthMethod, clientSecret?: string) {
const { None, ClientSecretPost, ClientSecretBasic } = await import('openid-client');
private getTokenAuthMethod(tokenEndpointAuthMethod: OAuthTokenEndpointAuthMethod, clientSecret?: string) {
if (!clientSecret) {
return None();
}