From a91bb399f0f9088fc706bb96a5725d1a386492d3 Mon Sep 17 00:00:00 2001 From: Michael <35783820+mib1185@users.noreply.github.com> Date: Tue, 5 Aug 2025 00:39:05 +0200 Subject: [PATCH] feat: add server.versionCheck permission (#20555) * add server.versionCheck permission * getVersionCheck is no admin-route --- mobile/openapi/lib/api/server_api.dart | 5 ++++- mobile/openapi/lib/model/permission.dart | 3 +++ open-api/immich-openapi-specs.json | 5 ++++- open-api/typescript-sdk/src/fetch-client.ts | 4 ++++ server/src/controllers/server.controller.ts | 2 +- server/src/enum.ts | 1 + 6 files changed, 17 insertions(+), 3 deletions(-) diff --git a/mobile/openapi/lib/api/server_api.dart b/mobile/openapi/lib/api/server_api.dart index 9e250b83b5..9fa8f2016d 100644 --- a/mobile/openapi/lib/api/server_api.dart +++ b/mobile/openapi/lib/api/server_api.dart @@ -477,7 +477,9 @@ class ServerApi { return null; } - /// Performs an HTTP 'GET /server/version-check' operation and returns the [Response]. + /// This endpoint requires the `server.versionCheck` permission. + /// + /// Note: This method returns the HTTP [Response]. Future getVersionCheckWithHttpInfo() async { // ignore: prefer_const_declarations final apiPath = r'/server/version-check'; @@ -503,6 +505,7 @@ class ServerApi { ); } + /// This endpoint requires the `server.versionCheck` permission. Future getVersionCheck() async { final response = await getVersionCheckWithHttpInfo(); if (response.statusCode >= HttpStatus.badRequest) { diff --git a/mobile/openapi/lib/model/permission.dart b/mobile/openapi/lib/model/permission.dart index ec67d81be4..b0903e8f19 100644 --- a/mobile/openapi/lib/model/permission.dart +++ b/mobile/openapi/lib/model/permission.dart @@ -101,6 +101,7 @@ class Permission { static const serverPeriodApkLinks = Permission._(r'server.apkLinks'); static const serverPeriodStorage = Permission._(r'server.storage'); static const serverPeriodStatistics = Permission._(r'server.statistics'); + static const serverPeriodVersionCheck = Permission._(r'server.versionCheck'); static const serverLicensePeriodRead = Permission._(r'serverLicense.read'); static const serverLicensePeriodUpdate = Permission._(r'serverLicense.update'); static const serverLicensePeriodDelete = Permission._(r'serverLicense.delete'); @@ -230,6 +231,7 @@ class Permission { serverPeriodApkLinks, serverPeriodStorage, serverPeriodStatistics, + serverPeriodVersionCheck, serverLicensePeriodRead, serverLicensePeriodUpdate, serverLicensePeriodDelete, @@ -394,6 +396,7 @@ class PermissionTypeTransformer { case r'server.apkLinks': return Permission.serverPeriodApkLinks; case r'server.storage': return Permission.serverPeriodStorage; case r'server.statistics': return Permission.serverPeriodStatistics; + case r'server.versionCheck': return Permission.serverPeriodVersionCheck; case r'serverLicense.read': return Permission.serverLicensePeriodRead; case r'serverLicense.update': return Permission.serverLicensePeriodUpdate; case r'serverLicense.delete': return Permission.serverLicensePeriodDelete; diff --git a/open-api/immich-openapi-specs.json b/open-api/immich-openapi-specs.json index d97585a39e..7d3feb24a3 100644 --- a/open-api/immich-openapi-specs.json +++ b/open-api/immich-openapi-specs.json @@ -6506,7 +6506,9 @@ ], "tags": [ "Server" - ] + ], + "x-immich-permission": "server.versionCheck", + "description": "This endpoint requires the `server.versionCheck` permission." } }, "/server/version-history": { @@ -12631,6 +12633,7 @@ "server.apkLinks", "server.storage", "server.statistics", + "server.versionCheck", "serverLicense.read", "serverLicense.update", "serverLicense.delete", diff --git a/open-api/typescript-sdk/src/fetch-client.ts b/open-api/typescript-sdk/src/fetch-client.ts index d26d14aa4a..8b2ed427b4 100644 --- a/open-api/typescript-sdk/src/fetch-client.ts +++ b/open-api/typescript-sdk/src/fetch-client.ts @@ -3552,6 +3552,9 @@ export function getServerVersion(opts?: Oazapfts.RequestOpts) { ...opts })); } +/** + * This endpoint requires the `server.versionCheck` permission. + */ export function getVersionCheck(opts?: Oazapfts.RequestOpts) { return oazapfts.ok(oazapfts.fetchJson<{ status: 200; @@ -4616,6 +4619,7 @@ export enum Permission { ServerApkLinks = "server.apkLinks", ServerStorage = "server.storage", ServerStatistics = "server.statistics", + ServerVersionCheck = "server.versionCheck", ServerLicenseRead = "serverLicense.read", ServerLicenseUpdate = "serverLicense.update", ServerLicenseDelete = "serverLicense.delete", diff --git a/server/src/controllers/server.controller.ts b/server/src/controllers/server.controller.ts index 9a1004c280..0c184ba302 100644 --- a/server/src/controllers/server.controller.ts +++ b/server/src/controllers/server.controller.ts @@ -109,7 +109,7 @@ export class ServerController { } @Get('version-check') - @Authenticated() + @Authenticated({ permission: Permission.ServerVersionCheck }) getVersionCheck(): Promise { return this.systemMetadataService.getVersionCheckState(); } diff --git a/server/src/enum.ts b/server/src/enum.ts index 93d271f19c..8a6d361d35 100644 --- a/server/src/enum.ts +++ b/server/src/enum.ts @@ -172,6 +172,7 @@ export enum Permission { ServerApkLinks = 'server.apkLinks', ServerStorage = 'server.storage', ServerStatistics = 'server.statistics', + ServerVersionCheck = 'server.versionCheck', ServerLicenseRead = 'serverLicense.read', ServerLicenseUpdate = 'serverLicense.update',