feat: storage template file move hardening (#5917)

* fix: pgvecto.rs extension breaks typeorm schema:drop command

* fix: parse postgres bigints to javascript number types when selecting data

* feat: verify file size is the same as original asset after copying file for storage template job

* feat: allow disabling of storage template job, defaults to disabled for new instances

* fix: don't allow setting concurrency for storage template migration, can cause race conditions above 1

* feat: add checksum verification when file is copied for storage template job

* fix: extract metadata for assets that aren't visible on timeline

server/src/domain/system-config/dto/system-config-job.dto.ts

@@ -10,7 +10,9 @@ export class JobSettingsDto {
   concurrency!: number;
 }
 
-export class SystemConfigJobDto implements Record<QueueName, JobSettingsDto> {
+export class SystemConfigJobDto
+  implements Record<Exclude<QueueName, QueueName.STORAGE_TEMPLATE_MIGRATION>, JobSettingsDto>
+{
   @ApiProperty({ type: JobSettingsDto })
   @ValidateNested()
   @IsObject()
@@ -35,12 +37,6 @@ export class SystemConfigJobDto implements Record<QueueName, JobSettingsDto> {
   @Type(() => JobSettingsDto)
   [QueueName.SMART_SEARCH]!: JobSettingsDto;
 
-  @ApiProperty({ type: JobSettingsDto })
-  @ValidateNested()
-  @IsObject()
-  @Type(() => JobSettingsDto)
-  [QueueName.STORAGE_TEMPLATE_MIGRATION]!: JobSettingsDto;
-
   @ApiProperty({ type: JobSettingsDto })
   @ValidateNested()
   @IsObject()

server/src/domain/system-config/dto/system-config-storage-template.dto.ts

@@ -1,6 +1,10 @@
-import { IsNotEmpty, IsString } from 'class-validator';
+import { IsBoolean, IsNotEmpty, IsString } from 'class-validator';
 
 export class SystemConfigStorageTemplateDto {
+  @IsBoolean()
+  enabled!: boolean;
+  @IsBoolean()
+  hashVerificationEnabled!: boolean;
   @IsNotEmpty()
   @IsString()
   template!: string;

server/src/domain/system-config/system-config.core.ts

@@ -53,7 +53,6 @@ export const defaults = Object.freeze<SystemConfig>({
     [QueueName.SEARCH]: { concurrency: 5 },
     [QueueName.SIDECAR]: { concurrency: 5 },
     [QueueName.LIBRARY]: { concurrency: 5 },
-    [QueueName.STORAGE_TEMPLATE_MIGRATION]: { concurrency: 5 },
     [QueueName.MIGRATION]: { concurrency: 5 },
     [QueueName.THUMBNAIL_GENERATION]: { concurrency: 5 },
     [QueueName.VIDEO_CONVERSION]: { concurrency: 1 },
@@ -102,6 +101,8 @@ export const defaults = Object.freeze<SystemConfig>({
     enabled: true,
   },
   storageTemplate: {
+    enabled: false,
+    hashVerificationEnabled: true,
     template: '{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}',
   },
   thumbnail: {

server/src/domain/system-config/system-config.service.spec.ts

@@ -34,7 +34,6 @@ const updatedConfig = Object.freeze<SystemConfig>({
     [QueueName.SEARCH]: { concurrency: 5 },
     [QueueName.SIDECAR]: { concurrency: 5 },
     [QueueName.LIBRARY]: { concurrency: 5 },
-    [QueueName.STORAGE_TEMPLATE_MIGRATION]: { concurrency: 5 },
     [QueueName.MIGRATION]: { concurrency: 5 },
     [QueueName.THUMBNAIL_GENERATION]: { concurrency: 5 },
     [QueueName.VIDEO_CONVERSION]: { concurrency: 1 },
@@ -102,6 +101,8 @@ const updatedConfig = Object.freeze<SystemConfig>({
     enabled: true,
   },
   storageTemplate: {
+    enabled: false,
+    hashVerificationEnabled: true,
     template: '{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}',
   },
   thumbnail: {