chore(deps): update dependency typeorm to v0.3.28

2025-12-24 10:49:30 -05:00 · 2025-12-10 08:36:43 +00:00
4 changed files with 896 additions and 2648 deletions
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@
 <p align="center">
 <a href="https://discord.gg/seerr"><img src="https://img.shields.io/discord/783137440809746482" alt="Discord"></a>
 <a href="https://hub.docker.com/r/seerr/seerr"><img src="https://img.shields.io/docker/pulls/seerr/seerr" alt="Docker pulls"></a>
-<a href="https://translate.seerr.dev/engage/seerr/"><img src="https://translate.seerr.dev/widget/seerr/svg-badge.svg" alt="Translation status" /></a>
+<a href="https://translate.seerr.dev/engage/seerr/"><img src="https://translate.seerr.dev/widget/seerr/seerr-frontend/svg-badge.svg" alt="Translation status" /></a>
 <a href="https://github.com/seerr-team/seerr/blob/develop/LICENSE"><img alt="GitHub" src="https://img.shields.io/github/license/seerr-team/seerr"></a>

 **Seerr** is a free and open source software application for managing requests for your media library. It integrates with the media server of your choice: [Jellyfin](https://jellyfin.org), [Plex](https://plex.tv), and [Emby](https://emby.media/). In addition, it integrates with your existing services, such as **[Sonarr](https://sonarr.tv/)**, **[Radarr](https://radarr.video/)**.
--- a/package.json
+++ b/package.json
@@ -103,7 +103,7 @@
    "swagger-ui-express": "4.6.2",
    "swr": "2.3.7",
    "tailwind-merge": "^2.6.0",
-    "typeorm": "0.3.12",
+    "typeorm": "0.3.28",
    "ua-parser-js": "^1.0.35",
    "undici": "^7.16.0",
    "validator": "^13.15.23",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/server/routes/auth.ts
+++ b/server/routes/auth.ts
@@ -626,6 +626,76 @@ authRoutes.post('/local', async (req, res, next) => {
      });
    }

+    const mainUser = await userRepository.findOneOrFail({
+      select: { id: true, plexToken: true, plexId: true },
+      where: { id: 1 },
+    });
+    const mainPlexTv = new PlexTvAPI(mainUser.plexToken ?? '');
+
+    if (!user.plexId) {
+      try {
+        const plexUsersResponse = await mainPlexTv.getUsers();
+        const account = plexUsersResponse.MediaContainer.User.find(
+          (account) =>
+            account.$.email &&
+            account.$.email.toLowerCase() === user.email.toLowerCase()
+        )?.$;
+
+        if (
+          account &&
+          (await mainPlexTv.checkUserAccess(parseInt(account.id)))
+        ) {
+          logger.info(
+            'Found matching Plex user; updating user with Plex data',
+            {
+              label: 'API',
+              ip: req.ip,
+              email: body.email,
+              userId: user.id,
+              plexId: account.id,
+              plexUsername: account.username,
+            }
+          );
+
+          user.plexId = parseInt(account.id);
+          user.avatar = account.thumb;
+          user.email = account.email;
+          user.plexUsername = account.username;
+          user.userType = UserType.PLEX;
+
+          await userRepository.save(user);
+        }
+      } catch (e) {
+        logger.error('Something went wrong fetching Plex users', {
+          label: 'API',
+          errorMessage: e.message,
+        });
+      }
+    }
+
+    if (
+      user.plexId &&
+      user.plexId !== mainUser.plexId &&
+      !(await mainPlexTv.checkUserAccess(user.plexId))
+    ) {
+      logger.warn(
+        'Failed sign-in attempt from Plex user without access to the media server',
+        {
+          label: 'API',
+          account: {
+            ip: req.ip,
+            email: body.email,
+            userId: user.id,
+            plexId: user.plexId,
+          },
+        }
+      );
+      return next({
+        status: 403,
+        message: 'Access denied.',
+      });
+    }
+
    // Set logged in session
    if (user && req.session) {
      req.session.userId = user.id;
@@ -705,7 +775,7 @@ authRoutes.post('/logout', async (req, res, next) => {
        });
        return next({ status: 500, message: 'Failed to destroy session.' });
      }
-      logger.debug('Successfully logged out user', {
+      logger.info('Successfully logged out user', {
        label: 'Auth',
        userId,
      });