Enforce key parameter (#12)

tomleb · Nov 22, 2024 · 020bfb3 · 020bfb3
1 parent ce4390d
commit 020bfb3
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 20 deletions.
diff --git a/open-api/immich-openapi-specs.json b/open-api/immich-openapi-specs.json
@@ -16,7 +16,7 @@
           },
           {
             "name": "key",
-            "required": false,
+            "required": true,
             "in": "query",
             "schema": {
               "type": "string"
@@ -74,7 +74,7 @@
           },
           {
             "name": "key",
-            "required": false,
+            "required": true,
             "in": "query",
             "schema": {
               "type": "string"
@@ -124,7 +124,7 @@
           },
           {
             "name": "key",
-            "required": false,
+            "required": true,
             "in": "query",
             "schema": {
               "type": "string"
@@ -175,7 +175,7 @@
           },
           {
             "name": "key",
-            "required": false,
+            "required": true,
             "in": "query",
             "schema": {
               "type": "string"
@@ -234,7 +234,7 @@
           },
           {
             "name": "key",
-            "required": false,
+            "required": true,
             "in": "query",
             "schema": {
               "type": "string"
@@ -276,7 +276,7 @@
         "parameters": [
           {
             "name": "key",
-            "required": false,
+            "required": true,
             "in": "query",
             "schema": {
               "type": "string"
@@ -328,7 +328,7 @@
         "parameters": [
           {
             "name": "key",
-            "required": false,
+            "required": true,
             "in": "query",
             "schema": {
               "type": "string"
@@ -379,7 +379,7 @@
         "parameters": [
           {
             "name": "key",
-            "required": false,
+            "required": true,
             "in": "query",
             "schema": {
               "type": "string"
@@ -554,7 +554,7 @@
           },
           {
             "name": "key",
-            "required": false,
+            "required": true,
             "in": "query",
             "schema": {
               "type": "string"
@@ -698,7 +698,7 @@
           },
           {
             "name": "key",
-            "required": false,
+            "required": true,
             "in": "query",
             "schema": {
               "type": "string"

diff --git a/open-api/typescript-sdk/src/fetch-client.ts b/open-api/typescript-sdk/src/fetch-client.ts
@@ -188,7 +188,7 @@ export type TimeBucketResponseDto = {
 };
 export function getAlbumInfo({ id, key, withoutAssets }: {
     id: string;
-    key?: string;
+    key: string;
     withoutAssets?: boolean;
 }, opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
@@ -203,7 +203,7 @@ export function getAlbumInfo({ id, key, withoutAssets }: {
 }
 export function getAssetInfo({ id, key }: {
     id: string;
-    key?: string;
+    key: string;
 }, opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
         status: 200;
@@ -216,7 +216,7 @@ export function getAssetInfo({ id, key }: {
 }
 export function downloadAsset({ id, key }: {
     id: string;
-    key?: string;
+    key: string;
 }, opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchBlob<{
         status: 200;
@@ -229,7 +229,7 @@ export function downloadAsset({ id, key }: {
 }
 export function viewAsset({ id, key, size }: {
     id: string;
-    key?: string;
+    key: string;
     size?: AssetMediaSize;
 }, opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchBlob<{
@@ -244,7 +244,7 @@ export function viewAsset({ id, key, size }: {
 }
 export function playAssetVideo({ id, key }: {
     id: string;
-    key?: string;
+    key: string;
 }, opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchBlob<{
         status: 200;
@@ -256,7 +256,7 @@ export function playAssetVideo({ id, key }: {
     }));
 }
 export function downloadArchive({ key, assetIdsDto }: {
-    key?: string;
+    key: string;
     assetIdsDto: AssetIdsDto;
 }, opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchBlob<{
@@ -271,7 +271,7 @@ export function downloadArchive({ key, assetIdsDto }: {
     })));
 }
 export function getDownloadInfo({ key, downloadInfoDto }: {
-    key?: string;
+    key: string;
     downloadInfoDto: DownloadInfoDto;
 }, opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
@@ -286,7 +286,7 @@ export function getDownloadInfo({ key, downloadInfoDto }: {
     })));
 }
 export function getMySharedLink({ key, password, token }: {
-    key?: string;
+    key: string;
     password?: string;
     token?: string;
 }, opts?: Oazapfts.RequestOpts) {
@@ -326,7 +326,7 @@ export function getTimeBucket({ albumId, isArchived, isFavorite, isTrashed, key,
     isArchived?: boolean;
     isFavorite?: boolean;
     isTrashed?: boolean;
-    key?: string;
+    key: string;
     order?: AssetOrder;
     personId?: string;
     size: TimeBucketSize;
@@ -362,7 +362,7 @@ export function getTimeBuckets({ albumId, isArchived, isFavorite, isTrashed, key
     isArchived?: boolean;
     isFavorite?: boolean;
     isTrashed?: boolean;
-    key?: string;
+    key: string;
     order?: AssetOrder;
     personId?: string;
     size: TimeBucketSize;

diff --git a/proxy/middlewares.go b/proxy/middlewares.go
@@ -34,6 +34,17 @@ func FilterOpenAPIPaths(next http.Handler, doc *openapi3.T) http.Handler {
 			return
 		}
 
+		query := req.URL.Query()
+		for _, params := range operation.Parameters {
+			if params.Value.In != openapi3.ParameterInQuery {
+				continue
+			}
+			if params.Value.Required && (!query.Has(params.Value.Name) || query.Get(params.Value.Name) == "") {
+				http.Error(w, "Bad request", http.StatusBadRequest)
+				return
+			}
+		}
+
 		next.ServeHTTP(w, req)
 	})
 }