immich
immich copied to clipboard
immich-app
feat(server): support for read-only assets and importing existing items in the filesystem
The latest updates on your projects. Learn more about Vercel for Git ↗︎
1 Ignored Deployment
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| immich | ⬜️ Ignored (Inspect) | Visit Preview | Jun 22, 2023 2:21am |
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
Should we add a check that prevents a user from importing a path that is in another users folder? The existing structure uses /usr/src/app/upload/library/label or UUID/...
There could be some security issue where a user could gain access to another file using this import method with a valid path of another users file and then accessing or deleting it.
Hmm, not sure here. It could be a security issue, but if the person doing the importing also has access to the files, wouldn't it be ok?
Well they don't have access to them per se, hence the security issue. Relying on them just not knowing the path isn't security imo
Well they don't have access to them per se, hence the security issue. Relying on them just not knowing the path isn't security imo
Good point - added in a new method and duplicate check in the importFile method call.
Can you please help outline the steps on how to test the PR?
You can test with this branch of the CLI: https://github.com/immich-app/CLI/tree/import-photos This adds in support for the --import flag. Everything else should work the exact same way, but this will trigger the server to perform an 'import' instead of uploading the files.
Could you add a bit more description to the PR? I want to try it but it's not obvious what paths can be imported
Deployment failed with the following error:
Resource is limited - try again in 4 hours (more than 100, code: "api-deployments-free-per-day").
@jrasm91 When you have time, can you help me look at the failed tests?
We should also include a column with checkmark of user that has import path in this table
My first round of testing resulted in the following behavior. Let me know what did I do wrong here.
In the Administration page, I have the External Path for the user as the following image.
And this is how I created the folder in the location of UPLOAD_LOCATION
This is the CLI command I use the error I get
First, problem is that external path for the user must be an absolute path. If you are mounting that folder into the container at /mnt/immich_data/aleximport then your external path must be /mnt/immich_data/aleximport. Alternatively, if you were creating a new mountpoint inside the container at /aleximport, then the external path would be /aleximport. The external path needs to be absolute inside the container, beginning with a /.
Second, could you share your docker-compose for adding this new mount? The error says file doesn't exist, so I would be interested if it's not mounted properly. You can also create a container in the shell and do an ls on one of the expected files. Since you are running the CLI agains the /mnt/immich_data/aleximport directory, you should be able to ls that path inside the container as well.