diff --git a/server/src/db/migrations.ts b/server/src/db/migrations.ts index bdd5ee1..fdbf25b 100644 --- a/server/src/db/migrations.ts +++ b/server/src/db/migrations.ts @@ -734,7 +734,7 @@ function runMigrations(db: Database.Database): void { `); }, () => { - try {db.exec('UPDATE addons SET enabled = 0 WHERE id = memories');} catch (err) {} + try {db.exec("UPDATE addons SET enabled = 0 WHERE id = 'memories'");} catch (err) {} }, // Migration 69: Place region cache for sub-national Atlas regions () => { diff --git a/server/src/routes/immich.ts b/server/src/routes/immich.ts index 4eef709..1149f62 100644 --- a/server/src/routes/immich.ts +++ b/server/src/routes/immich.ts @@ -157,6 +157,7 @@ router.post('/trips/:tripId/photos', authenticate, async (req: Request, res: Res }; const result = await addTripPhotos(tripId, authReq.user.id, shared, [selection], sid); if ('error' in result) return res.status(result.error.status!).json({ error: result.error }); + res.json(result); }); router.delete('/trips/:tripId/photos/:assetId', authenticate, async (req: Request, res: Response) => { @@ -184,7 +185,8 @@ router.get('/assets/:assetId/info', authenticate, async (req: Request, res: Resp if (!isValidAssetId(assetId)) return res.status(400).json({ error: 'Invalid asset ID' }); const queryUserId = req.query.userId ? Number(req.query.userId) : undefined; const ownerUserId = queryUserId && queryUserId !== authReq.user.id ? queryUserId : undefined; - if (ownerUserId && !canAccessUserPhoto(authReq.user.id, ownerUserId, req.params.tripId, assetId, 'immich')) { + const tripId = req.query.tripId as string; + if (ownerUserId && tripId && !canAccessUserPhoto(authReq.user.id, ownerUserId, tripId, assetId, 'immich')) { return res.status(403).json({ error: 'Forbidden' }); } const result = await getAssetInfo(authReq.user.id, assetId, ownerUserId); @@ -200,7 +202,8 @@ router.get('/assets/:assetId/thumbnail', authFromQuery, async (req: Request, res if (!isValidAssetId(assetId)) return res.status(400).send('Invalid asset ID'); const queryUserId = req.query.userId ? Number(req.query.userId) : undefined; const ownerUserId = queryUserId && queryUserId !== authReq.user.id ? queryUserId : undefined; - if (ownerUserId && !canAccessUserPhoto(authReq.user.id, ownerUserId, req.params.tripId, assetId, 'immich')) { + const tripId = req.query.tripId as string; + if (ownerUserId && tripId && !canAccessUserPhoto(authReq.user.id, ownerUserId, tripId, assetId, 'immich')) { return res.status(403).send('Forbidden'); } const result = await proxyThumbnail(authReq.user.id, assetId, ownerUserId); @@ -216,7 +219,8 @@ router.get('/assets/:assetId/original', authFromQuery, async (req: Request, res: if (!isValidAssetId(assetId)) return res.status(400).send('Invalid asset ID'); const queryUserId = req.query.userId ? Number(req.query.userId) : undefined; const ownerUserId = queryUserId && queryUserId !== authReq.user.id ? queryUserId : undefined; - if (ownerUserId && !canAccessUserPhoto(authReq.user.id, ownerUserId, req.params.tripId, assetId, 'immich')) { + const tripId = req.query.tripId as string; + if (ownerUserId && tripId && !canAccessUserPhoto(authReq.user.id, ownerUserId, tripId, assetId, 'immich')) { return res.status(403).send('Forbidden'); } const result = await proxyOriginal(authReq.user.id, assetId, ownerUserId); diff --git a/server/src/routes/memories/synology.ts b/server/src/routes/memories/synology.ts index de6915a..1dfa4be 100644 --- a/server/src/routes/memories/synology.ts +++ b/server/src/routes/memories/synology.ts @@ -116,7 +116,7 @@ router.get('/assets/:tripId/:photoId/:ownerId/:kind', authenticate, async (req: const { size = "sm" } = req.query; if (kind !== 'thumbnail' && kind !== 'original') { - handleServiceResult(res, fail('Invalid asset kind', 400)); + return handleServiceResult(res, fail('Invalid asset kind', 400)); } if (!canAccessUserPhoto(authReq.user.id, Number(ownerId), tripId, photoId, 'synologyphotos')) {