diff --git a/public/style.css b/public/style.css
index ae8274d..6fbc224 100644
--- a/public/style.css
+++ b/public/style.css
@@ -24,7 +24,7 @@ html {
}
#lightgallery img {
width: 100%;
- height: auto;
+ height: 100%;
object-fit: cover;
object-position: center;
}
diff --git a/src/immich.ts b/src/immich.ts
index 2afd3e9..25382d8 100644
--- a/src/immich.ts
+++ b/src/immich.ts
@@ -37,6 +37,10 @@ class Immich {
if (!sharedLinkRes.valid) {
// This isn't a valid request - check the console for more information
res.status(404).send()
+ } else if (sharedLinkRes.passwordRequired && request.password) {
+ // Invalid password
+ log('Invalid password for key ' + request.key)
+ res.status(401).send()
} else if (sharedLinkRes.passwordRequired) {
// Password required - show the visitor the password page
// `req.params.key` should already be sanitised at this point, but it never hurts to be explicit
@@ -159,7 +163,11 @@ class Immich {
params = Object.fromEntries(Object.entries(params).filter(([_, value]) => !!value))
let query = ''
// Safely encode query parameters
- if (Object.entries(params).length) query = '?' + (new URLSearchParams(params as { [key: string]: string })).toString()
+ if (Object.entries(params).length) {
+ query = '?' + (new URLSearchParams(params as {
+ [key: string]: string
+ })).toString()
+ }
return baseUrl + query
}
@@ -167,7 +175,7 @@ class Immich {
* Return the image data URL for a photo
*/
photoUrl (key: string, id: string, size?: ImageSize, password?: string) {
- const params = { key }
+ const params = { key, size }
if (password) {
Object.assign(params, encrypt(password))
}
diff --git a/views/password.ejs b/views/password.ejs
index 4f8dc2c..8583689 100644
--- a/views/password.ejs
+++ b/views/password.ejs
@@ -41,20 +41,19 @@