From 020bfb3afd4715d843ba85bf182adeccf809ccf5 Mon Sep 17 00:00:00 2001 From: Tom Lebreux Date: Fri, 22 Nov 2024 10:39:27 -0500 Subject: [PATCH] Enforce key parameter (#12) --- open-api/immich-openapi-specs.json | 20 ++++++++++---------- open-api/typescript-sdk/src/fetch-client.ts | 20 ++++++++++---------- proxy/middlewares.go | 11 +++++++++++ 3 files changed, 31 insertions(+), 20 deletions(-) diff --git a/open-api/immich-openapi-specs.json b/open-api/immich-openapi-specs.json index 39e1426..8245b0c 100644 --- a/open-api/immich-openapi-specs.json +++ b/open-api/immich-openapi-specs.json @@ -16,7 +16,7 @@ }, { "name": "key", - "required": false, + "required": true, "in": "query", "schema": { "type": "string" @@ -74,7 +74,7 @@ }, { "name": "key", - "required": false, + "required": true, "in": "query", "schema": { "type": "string" @@ -124,7 +124,7 @@ }, { "name": "key", - "required": false, + "required": true, "in": "query", "schema": { "type": "string" @@ -175,7 +175,7 @@ }, { "name": "key", - "required": false, + "required": true, "in": "query", "schema": { "type": "string" @@ -234,7 +234,7 @@ }, { "name": "key", - "required": false, + "required": true, "in": "query", "schema": { "type": "string" @@ -276,7 +276,7 @@ "parameters": [ { "name": "key", - "required": false, + "required": true, "in": "query", "schema": { "type": "string" @@ -328,7 +328,7 @@ "parameters": [ { "name": "key", - "required": false, + "required": true, "in": "query", "schema": { "type": "string" @@ -379,7 +379,7 @@ "parameters": [ { "name": "key", - "required": false, + "required": true, "in": "query", "schema": { "type": "string" @@ -554,7 +554,7 @@ }, { "name": "key", - "required": false, + "required": true, "in": "query", "schema": { "type": "string" @@ -698,7 +698,7 @@ }, { "name": "key", - "required": false, + "required": true, "in": "query", "schema": { "type": "string" diff --git a/open-api/typescript-sdk/src/fetch-client.ts b/open-api/typescript-sdk/src/fetch-client.ts index d60a914..8c19153 100644 --- a/open-api/typescript-sdk/src/fetch-client.ts +++ b/open-api/typescript-sdk/src/fetch-client.ts @@ -188,7 +188,7 @@ export type TimeBucketResponseDto = { }; export function getAlbumInfo({ id, key, withoutAssets }: { id: string; - key?: string; + key: string; withoutAssets?: boolean; }, opts?: Oazapfts.RequestOpts) { return oazapfts.ok(oazapfts.fetchJson<{ @@ -203,7 +203,7 @@ export function getAlbumInfo({ id, key, withoutAssets }: { } export function getAssetInfo({ id, key }: { id: string; - key?: string; + key: string; }, opts?: Oazapfts.RequestOpts) { return oazapfts.ok(oazapfts.fetchJson<{ status: 200; @@ -216,7 +216,7 @@ export function getAssetInfo({ id, key }: { } export function downloadAsset({ id, key }: { id: string; - key?: string; + key: string; }, opts?: Oazapfts.RequestOpts) { return oazapfts.ok(oazapfts.fetchBlob<{ status: 200; @@ -229,7 +229,7 @@ export function downloadAsset({ id, key }: { } export function viewAsset({ id, key, size }: { id: string; - key?: string; + key: string; size?: AssetMediaSize; }, opts?: Oazapfts.RequestOpts) { return oazapfts.ok(oazapfts.fetchBlob<{ @@ -244,7 +244,7 @@ export function viewAsset({ id, key, size }: { } export function playAssetVideo({ id, key }: { id: string; - key?: string; + key: string; }, opts?: Oazapfts.RequestOpts) { return oazapfts.ok(oazapfts.fetchBlob<{ status: 200; @@ -256,7 +256,7 @@ export function playAssetVideo({ id, key }: { })); } export function downloadArchive({ key, assetIdsDto }: { - key?: string; + key: string; assetIdsDto: AssetIdsDto; }, opts?: Oazapfts.RequestOpts) { return oazapfts.ok(oazapfts.fetchBlob<{ @@ -271,7 +271,7 @@ export function downloadArchive({ key, assetIdsDto }: { }))); } export function getDownloadInfo({ key, downloadInfoDto }: { - key?: string; + key: string; downloadInfoDto: DownloadInfoDto; }, opts?: Oazapfts.RequestOpts) { return oazapfts.ok(oazapfts.fetchJson<{ @@ -286,7 +286,7 @@ export function getDownloadInfo({ key, downloadInfoDto }: { }))); } export function getMySharedLink({ key, password, token }: { - key?: string; + key: string; password?: string; token?: string; }, opts?: Oazapfts.RequestOpts) { @@ -326,7 +326,7 @@ export function getTimeBucket({ albumId, isArchived, isFavorite, isTrashed, key, isArchived?: boolean; isFavorite?: boolean; isTrashed?: boolean; - key?: string; + key: string; order?: AssetOrder; personId?: string; size: TimeBucketSize; @@ -362,7 +362,7 @@ export function getTimeBuckets({ albumId, isArchived, isFavorite, isTrashed, key isArchived?: boolean; isFavorite?: boolean; isTrashed?: boolean; - key?: string; + key: string; order?: AssetOrder; personId?: string; size: TimeBucketSize; diff --git a/proxy/middlewares.go b/proxy/middlewares.go index 95b19ca..280bd91 100644 --- a/proxy/middlewares.go +++ b/proxy/middlewares.go @@ -34,6 +34,17 @@ func FilterOpenAPIPaths(next http.Handler, doc *openapi3.T) http.Handler { return } + query := req.URL.Query() + for _, params := range operation.Parameters { + if params.Value.In != openapi3.ParameterInQuery { + continue + } + if params.Value.Required && (!query.Has(params.Value.Name) || query.Get(params.Value.Name) == "") { + http.Error(w, "Bad request", http.StatusBadRequest) + return + } + } + next.ServeHTTP(w, req) }) }