refactor!: remove my shared link dto

e2e/src/specs/server/api/shared-link.e2e-spec.ts

@@ -243,9 +243,17 @@ describe('/shared-links', () => {
     });
 
     it('should get data for correct password protected link', async () => {
+      const response = await request(app)
+        .post('/shared-links')
+        .send({ password: 'foo' })
+        .query({ key: linkWithPassword.key });
+
+      const cookies = response.get('Set-Cookie') ?? [];
+
       const { status, body } = await request(app)
         .get('/shared-links/me')
-        .query({ key: linkWithPassword.key, password: 'foo' });
+        .query({ key: linkWithPassword.key, password: 'foo' })
+        .set('Cookie', cookies);
 
       expect(status).toBe(200);
       expect(body).toEqual(

mobile/openapi/lib/api/albums_api.dart

@@ -104,11 +104,7 @@ class AlbumsApi {
   /// Parameters:
   ///
   /// * [AlbumsAddAssetsDto] albumsAddAssetsDto (required):
-  ///
-  /// * [String] key:
-  ///
-  /// * [String] slug:
-  Future<Response> addAssetsToAlbumsWithHttpInfo(AlbumsAddAssetsDto albumsAddAssetsDto, { String? key, String? slug, }) async {
+  Future<Response> addAssetsToAlbumsWithHttpInfo(AlbumsAddAssetsDto albumsAddAssetsDto,) async {
     // ignore: prefer_const_declarations
     final apiPath = r'/albums/assets';
 
@@ -119,13 +115,6 @@ class AlbumsApi {
     final headerParams = <String, String>{};
     final formParams = <String, String>{};
 
-    if (key != null) {
-      queryParams.addAll(_queryParams('', 'key', key));
-    }
-    if (slug != null) {
-      queryParams.addAll(_queryParams('', 'slug', slug));
-    }
-
     const contentTypes = <String>['application/json'];
 
 
@@ -147,12 +136,8 @@ class AlbumsApi {
   /// Parameters:
   ///
   /// * [AlbumsAddAssetsDto] albumsAddAssetsDto (required):
-  ///
-  /// * [String] key:
-  ///
-  /// * [String] slug:
-  Future<AlbumsAddAssetsResponseDto?> addAssetsToAlbums(AlbumsAddAssetsDto albumsAddAssetsDto, { String? key, String? slug, }) async {
-    final response = await addAssetsToAlbumsWithHttpInfo(albumsAddAssetsDto,  key: key, slug: slug, );
+  Future<AlbumsAddAssetsResponseDto?> addAssetsToAlbums(AlbumsAddAssetsDto albumsAddAssetsDto,) async {
+    final response = await addAssetsToAlbumsWithHttpInfo(albumsAddAssetsDto,);
     if (response.statusCode >= HttpStatus.badRequest) {
       throw ApiException(response.statusCode, await _decodeBodyBytes(response));
     }

mobile/openapi/lib/api/shared_links_api.dart

@@ -235,14 +235,8 @@ class SharedLinksApi {
   ///
   /// * [String] key:
   ///
-  /// * [String] password:
-  ///   Link password
-  ///
   /// * [String] slug:
-  ///
-  /// * [String] token:
-  ///   Access token
-  Future<Response> getMySharedLinkWithHttpInfo({ String? key, String? password, String? slug, String? token, }) async {
+  Future<Response> getMySharedLinkWithHttpInfo({ String? key, String? slug, }) async {
     // ignore: prefer_const_declarations
     final apiPath = r'/shared-links/me';
 
@@ -256,15 +250,9 @@ class SharedLinksApi {
     if (key != null) {
       queryParams.addAll(_queryParams('', 'key', key));
     }
-    if (password != null) {
-      queryParams.addAll(_queryParams('', 'password', password));
-    }
     if (slug != null) {
       queryParams.addAll(_queryParams('', 'slug', slug));
     }
-    if (token != null) {
-      queryParams.addAll(_queryParams('', 'token', token));
-    }
 
     const contentTypes = <String>[];
 
@@ -288,15 +276,9 @@ class SharedLinksApi {
   ///
   /// * [String] key:
   ///
-  /// * [String] password:
-  ///   Link password
-  ///
   /// * [String] slug:
-  ///
-  /// * [String] token:
-  ///   Access token
-  Future<SharedLinkResponseDto?> getMySharedLink({ String? key, String? password, String? slug, String? token, }) async {
-    final response = await getMySharedLinkWithHttpInfo( key: key, password: password, slug: slug, token: token, );
+  Future<SharedLinkResponseDto?> getMySharedLink({ String? key, String? slug, }) async {
+    final response = await getMySharedLinkWithHttpInfo( key: key, slug: slug, );
     if (response.statusCode >= HttpStatus.badRequest) {
       throw ApiException(response.statusCode, await _decodeBodyBytes(response));
     }

open-api/immich-openapi-specs.json

@@ -1734,24 +1734,7 @@
       "put": {
         "description": "Send a list of asset IDs and album IDs to add each asset to each album.",
         "operationId": "addAssetsToAlbums",
-        "parameters": [
-          {
-            "name": "key",
-            "required": false,
-            "in": "query",
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "slug",
-            "required": false,
-            "in": "query",
-            "schema": {
-              "type": "string"
-            }
-          }
-        ],
+        "parameters": [],
         "requestBody": {
           "content": {
             "application/json": {
@@ -11341,16 +11324,6 @@
               "type": "string"
             }
           },
-          {
-            "name": "password",
-            "required": false,
-            "in": "query",
-            "description": "Link password",
-            "schema": {
-              "example": "password",
-              "type": "string"
-            }
-          },
           {
             "name": "slug",
             "required": false,
@@ -11358,15 +11331,6 @@
             "schema": {
               "type": "string"
             }
-          },
-          {
-            "name": "token",
-            "required": false,
-            "in": "query",
-            "description": "Access token",
-            "schema": {
-              "type": "string"
-            }
           }
         ],
         "responses": {

open-api/typescript-sdk/src/fetch-client.ts

@@ -3698,18 +3698,13 @@ export function createAlbum({ createAlbumDto }: {
 /**
  * Add assets to albums
  */
-export function addAssetsToAlbums({ key, slug, albumsAddAssetsDto }: {
-    key?: string;
-    slug?: string;
+export function addAssetsToAlbums({ albumsAddAssetsDto }: {
     albumsAddAssetsDto: AlbumsAddAssetsDto;
 }, opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
         status: 200;
         data: AlbumsAddAssetsResponseDto;
-    }>(`/albums/assets${QS.query(QS.explode({
-        key,
-        slug
-    }))}`, oazapfts.json({
+    }>("/albums/assets", oazapfts.json({
         ...opts,
         method: "PUT",
         body: albumsAddAssetsDto
@@ -5926,20 +5921,16 @@ export function sharedLinkLogin({ key, slug, sharedLinkLoginDto }: {
 /**
  * Retrieve current shared link
  */
-export function getMySharedLink({ key, password, slug, token }: {
+export function getMySharedLink({ key, slug }: {
     key?: string;
-    password?: string;
     slug?: string;
-    token?: string;
 }, opts?: Oazapfts.RequestOpts) {
     return oazapfts.ok(oazapfts.fetchJson<{
         status: 200;
         data: SharedLinkResponseDto;
     }>(`/shared-links/me${QS.query(QS.explode({
         key,
-        password,
-        slug,
-        token
+        slug
     }))}`, {
         ...opts
     }));

server/src/controllers/album.controller.ts

@@ -118,7 +118,7 @@ export class AlbumController {
   }
 
   @Put('assets')
-  @Authenticated({ permission: Permission.AlbumAssetCreate, sharedLink: true })
+  @Authenticated({ permission: Permission.AlbumAssetCreate })
   @Endpoint({
     summary: 'Add assets to albums',
     description: 'Send a list of asset IDs and album IDs to add each asset to each album.',

server/src/controllers/shared-link.controller.ts

@@ -23,7 +23,6 @@ import {
   SharedLinkCreateDto,
   SharedLinkEditDto,
   SharedLinkLoginDto,
-  SharedLinkPasswordDto,
   SharedLinkResponseDto,
   SharedLinkSearchDto,
 } from 'src/dtos/shared-link.dto';
@@ -96,21 +95,7 @@ export class SharedLinkController {
     description: 'Retrieve the current shared link associated with authentication method.',
     history: new HistoryBuilder().added('v1').beta('v1').stable('v2'),
   })
-  async getMySharedLink(
-    @Auth() auth: AuthDto,
-    @Query() dto: SharedLinkPasswordDto,
-    @Req() req: Request,
-    @Res({ passthrough: true }) res: Response,
-    @GetLoginDetails() loginDetails: LoginDetails,
-  ): Promise<SharedLinkResponseDto> {
-    if (dto.password) {
-      this.logger.deprecate(
-        'Passing shared link password via query parameters is deprecated and will be removed in the next major release. Please use POST /shared-links/login instead.',
-      );
-
-      return this.sharedLinkLogin(auth, { password: dto.password }, req, res, loginDetails);
-    }
-
+  getMySharedLink(@Auth() auth: AuthDto, @Req() req: Request): Promise<SharedLinkResponseDto> {
     return this.service.getMine(auth, getAuthTokens(req.cookies));
   }
 

server/src/dtos/shared-link.dto.ts

@@ -99,17 +99,6 @@ export class SharedLinkLoginDto {
   password!: string;
 }
 
-export class SharedLinkPasswordDto {
-  @ApiPropertyOptional({ example: 'password', description: 'Link password' })
-  @IsString()
-  @Optional()
-  password?: string;
-
-  @ApiPropertyOptional({ description: 'Access token' })
-  @IsString()
-  @Optional()
-  token?: string;
-}
 export class SharedLinkResponseDto {
   @ApiProperty({ description: 'Shared link ID' })
   id!: string;

server/src/utils/access.ts

@@ -79,11 +79,6 @@ const checkSharedLinkAccess = async (
       return sharedLink.allowUpload ? ids : new Set();
     }
 
-    case Permission.AssetShare: {
-      // TODO: fix this to not use sharedLink.userId for access control
-      return await access.asset.checkOwnerAccess(sharedLink.userId, ids, false);
-    }
-
     case Permission.AlbumRead: {
       return await access.album.checkSharedLinkAccess(sharedLinkId, ids);
     }