k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-21 14:21:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4 from tiquis0290/dev

Browse Source 
pulling changes from dev branch
This commit is contained in:
Marek Maslowski
2026-04-03 23:59:42 +02:00
committed by GitHub
parent b6686a462f 88a40c3294
commit fc28996420
5 changed files with 175 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/routes/immich.ts
+19 -3
View File
@@ -15,6 +15,7 @@ import {
proxyThumbnail,
proxyOriginal,
isValidAssetId,
canAccessUserPhoto,
listAlbums,
syncAlbumAssets,
getAssetInfo,
@@ -86,7 +87,12 @@ router.get('/assets/:assetId/info', authenticate, async (req: Request, res: Resp
const authReq = req as AuthRequest;
const { assetId } = req.params;
if (!isValidAssetId(assetId)) return res.status(400).json({ error: 'Invalid asset ID' });
const result = await getAssetInfo(authReq.user.id, assetId);
const queryUserId = req.query.userId ? Number(req.query.userId) : undefined;
const ownerUserId = queryUserId && queryUserId !== authReq.user.id ? queryUserId : undefined;
if (ownerUserId && !canAccessUserPhoto(authReq.user.id, ownerUserId, assetId)) {
return res.status(403).json({ error: 'Forbidden' });
}
const result = await getAssetInfo(authReq.user.id, assetId, ownerUserId);
if (result.error) return res.status(result.status!).json({ error: result.error });
res.json(result.data);
});
@@ -97,7 +103,12 @@ router.get('/assets/:assetId/thumbnail', authFromQuery, async (req: Request, res
const authReq = req as AuthRequest;
const { assetId } = req.params;
if (!isValidAssetId(assetId)) return res.status(400).send('Invalid asset ID');
const result = await proxyThumbnail(authReq.user.id, assetId);
const queryUserId = req.query.userId ? Number(req.query.userId) : undefined;
const ownerUserId = queryUserId && queryUserId !== authReq.user.id ? queryUserId : undefined;
if (ownerUserId && !canAccessUserPhoto(authReq.user.id, ownerUserId, assetId)) {
return res.status(403).send('Forbidden');
}
const result = await proxyThumbnail(authReq.user.id, assetId, ownerUserId);
if (result.error) return res.status(result.status!).send(result.error);
res.set('Content-Type', result.contentType!);
res.set('Cache-Control', 'public, max-age=86400');
@@ -108,7 +119,12 @@ router.get('/assets/:assetId/original', authFromQuery, async (req: Request, res:
const authReq = req as AuthRequest;
const { assetId } = req.params;
if (!isValidAssetId(assetId)) return res.status(400).send('Invalid asset ID');
const result = await proxyOriginal(authReq.user.id, assetId);
const queryUserId = req.query.userId ? Number(req.query.userId) : undefined;
const ownerUserId = queryUserId && queryUserId !== authReq.user.id ? queryUserId : undefined;
if (ownerUserId && !canAccessUserPhoto(authReq.user.id, ownerUserId, assetId)) {
return res.status(403).send('Forbidden');
}
const result = await proxyOriginal(authReq.user.id, assetId, ownerUserId);
if (result.error) return res.status(result.status!).send(result.error);
res.set('Content-Type', result.contentType!);
res.set('Cache-Control', 'public, max-age=86400');