[BUG] Accessing Shared Albums triggers 401 Unauthorized Requests

[mjasny]

The bug

Hi,

I run a public instance of immich behind a swag nginx reverse proxy that also contains fail2ban. I noticed that the nginx-unauthorized rule of fail2ban is hit frequently when a user that is not logged in accesses a shared album. The fail2ban daemon is scanning the nginx logs and bans the IP for 10 minutes after 5 401 Unauthorized requests.

These 401 requests are also triggered when I access the immich instance directly without swag.
For me this is problematic because each of my users IP is directly banned after viewing 2-4 images and I don't think the webapp should request the following URLs when nobody is logged in.

http://immich-host/api/user/me -> 401 Unauthorized
http://immich-host/api/album?assetId=3effbaa-4fb5-40aa-84f8-ef3b546546428 -> 401 Unauthorized
http://immich-host/api/asset/assetById/626fff34-5a41-4cb4-8875-1ec68745948a5 -> 401 Unauthorized

Thank you :)

The OS that Immich Server is running on

Debian

Version of Immich Server

v1.68.0

Version of Immich Mobile App

v1.68.0

Platform with the issue

• Server
• Web
• Mobile

Your docker-compose.yml content

unaltered from default setup

Your .env content

unaltered from default setup

Reproduction steps

1. Create a shared album
2. Open its link in an incognito browser window
3. Go to developer tools and inspect network requests, for Firefox you can use this filter: `status-code:401`
4. see 401 Unauthorized requests popping up, that ultimately lead fail2ban to ban the requesting IP

Additional information

No response

[LasseThostrup]

I experience the same behavior for shared albums and fail2ban.