mirror of
https://github.com/immich-app/immich.git
synced 2026-01-20 10:56:14 -05:00
b8313abfa8
* feat: manage authorized devices * chore: open api * get header from mobile app * write header from mobile app * styling * fix unit test * feat: use relative time * feat: update access time * fix: tests * chore: confirm wording * chore: bump test coverage thresholds * feat: add some icons * chore: icon tweaks --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
63 lines
2.5 KiB
TypeScript
63 lines
2.5 KiB
TypeScript
import { SystemConfig, UserEntity } from '@app/infra/entities';
|
|
import { ICryptoRepository } from '../crypto/crypto.repository';
|
|
import { ISystemConfigRepository } from '../system-config';
|
|
import { SystemConfigCore } from '../system-config/system-config.core';
|
|
import { IUserTokenRepository, UserTokenCore } from '../user-token';
|
|
import { AuthType, IMMICH_ACCESS_COOKIE, IMMICH_AUTH_TYPE_COOKIE } from './auth.constant';
|
|
import { LoginResponseDto, mapLoginResponse } from './response-dto';
|
|
|
|
export interface LoginDetails {
|
|
isSecure: boolean;
|
|
clientIp: string;
|
|
deviceType: string;
|
|
deviceOS: string;
|
|
}
|
|
|
|
export class AuthCore {
|
|
private userTokenCore: UserTokenCore;
|
|
constructor(
|
|
private cryptoRepository: ICryptoRepository,
|
|
configRepository: ISystemConfigRepository,
|
|
userTokenRepository: IUserTokenRepository,
|
|
private config: SystemConfig,
|
|
) {
|
|
this.userTokenCore = new UserTokenCore(cryptoRepository, userTokenRepository);
|
|
const configCore = new SystemConfigCore(configRepository);
|
|
configCore.config$.subscribe((config) => (this.config = config));
|
|
}
|
|
|
|
isPasswordLoginEnabled() {
|
|
return this.config.passwordLogin.enabled;
|
|
}
|
|
|
|
getCookies(loginResponse: LoginResponseDto, authType: AuthType, { isSecure }: LoginDetails) {
|
|
const maxAge = 400 * 24 * 3600; // 400 days
|
|
|
|
let authTypeCookie = '';
|
|
let accessTokenCookie = '';
|
|
|
|
if (isSecure) {
|
|
accessTokenCookie = `${IMMICH_ACCESS_COOKIE}=${loginResponse.accessToken}; HttpOnly; Secure; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
|
|
authTypeCookie = `${IMMICH_AUTH_TYPE_COOKIE}=${authType}; HttpOnly; Secure; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
|
|
} else {
|
|
accessTokenCookie = `${IMMICH_ACCESS_COOKIE}=${loginResponse.accessToken}; HttpOnly; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
|
|
authTypeCookie = `${IMMICH_AUTH_TYPE_COOKIE}=${authType}; HttpOnly; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
|
|
}
|
|
return [accessTokenCookie, authTypeCookie];
|
|
}
|
|
|
|
async createLoginResponse(user: UserEntity, authType: AuthType, loginDetails: LoginDetails) {
|
|
const accessToken = await this.userTokenCore.create(user, loginDetails);
|
|
const response = mapLoginResponse(user, accessToken);
|
|
const cookie = this.getCookies(response, authType, loginDetails);
|
|
return { response, cookie };
|
|
}
|
|
|
|
validatePassword(inputPassword: string, user: UserEntity): boolean {
|
|
if (!user || !user.password) {
|
|
return false;
|
|
}
|
|
return this.cryptoRepository.compareBcrypt(inputPassword, user.password);
|
|
}
|
|
}
|