From 07546c47902278c0a3d012ee5640f264d8d362e5 Mon Sep 17 00:00:00 2001
From: Marek Maslowski <99432678+tiquis0290@users.noreply.github.com>
Date: Fri, 3 Apr 2026 17:29:50 +0200
Subject: [PATCH] Refactor resource token creation logic

Simplified token creation by directly using req.body.purpose.
---
 server/src/routes/auth.ts | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/server/src/routes/auth.ts b/server/src/routes/auth.ts
index 3947cf7..dd977df 100644
--- a/server/src/routes/auth.ts
+++ b/server/src/routes/auth.ts
@@ -317,11 +317,7 @@ router.post('/ws-token', authenticate, (req: Request, res: Response) => {
 // Short-lived single-use token for direct resource URLs
 router.post('/resource-token', authenticate, (req: Request, res: Response) => {
   const authReq = req as AuthRequest;
-  const { purpose } = req.body as { purpose?: string };
-  if (purpose !== 'download' && purpose !== 'immich' && purpose !== 'synologyphotos') {
-    return res.status(400).json({ error: 'Invalid purpose' });
-  }
-  const token = createResourceToken(authReq.user.id, purpose);
+  const token = createResourceToken(authReq.user.id, req.body.purpose);
   if (!token) return res.status(503).json({ error: 'Service unavailable' });
   res.json(token);
 });