Version v1.109.1

re-add worker env

.dockerignore

@@ -29,3 +29,4 @@ web/node_modules/
 web/coverage/
 web/.svelte-kit
 web/build/
+web/.env

.github/DISCUSSION_TEMPLATE/feature-request.yaml

@@ -1,11 +1,13 @@
-title: "[Feature] <feature-name-goes-here>"
+title: "[Feature] feature-name-goes-here"
 labels: ["feature"]
 
 body:
   - type: markdown
     attributes:
       value: |
-        Please use this form to request new feature for Immich
+        Please use this form to request new feature for Immich.
+        Stick to only a single feature per request. If you list multiple different features at once, 
+        your request will be closed.
 
   - type: checkboxes
     attributes:

.github/ISSUE_TEMPLATE/config.yml

@@ -1,11 +1,11 @@
 blank_issues_enabled: false
 contact_links:
   - name: I have a question or need support
-    url: https://discord.gg/D8JsnBEuKb
+    url: https://discord.immich.app
     about: We use GitHub for tracking bugs, please check out our Discord channel for freaky fast support.
   - name: Feature Request
     url: https://github.com/immich-app/immich/discussions/new?category=feature-request
     about: Please use our GitHub Discussion for making feature requests.
   - name: I'm unsure where to go
-    url: https://discord.gg/D8JsnBEuKb
+    url: https://discord.immich.app
     about: If you are unsure where to go, then joining our Discord is recommended; Just ask!

.github/labeler.yml

@@ -1,23 +1,35 @@
 cli:
-- changed-files:
-  - any-glob-to-any-file: cli/**
+  - changed-files:
+      - any-glob-to-any-file:
+          - cli/src/**
 
 documentation:
-- changed-files:
-  - any-glob-to-any-file: docs/**
+  - changed-files:
+      - any-glob-to-any-file:
+          - docs/blob/**
+          - docs/docs/**
+          - docs/src/**
+          - docs/static/**
 
 🖥️web:
-- changed-files:
-  - any-glob-to-any-file: web/**
+  - changed-files:
+      - any-glob-to-any-file:
+          - web/src/**
+          - web/static/**
 
 📱mobile:
-- changed-files:
-  - any-glob-to-any-file: mobile/**
+  - changed-files:
+      - any-glob-to-any-file:
+          - mobile/lib/**
+          - mobile/test/**
 
 🗄️server:
-- changed-files:
-  - any-glob-to-any-file: server/**
+  - changed-files:
+      - any-glob-to-any-file:
+          - server/src/**
+          - server/test/**
 
 🧠machine-learning:
-- changed-files:
-  - any-glob-to-any-file: machine-learning/**
+  - changed-files:
+      - any-glob-to-any-file:
+          - machine-learning/app/**

.github/workflows/cli.yml

@@ -33,7 +33,7 @@ jobs:
       # Setup .npmrc file to publish to npm
       - uses: actions/setup-node@v4
         with:
-          node-version: '20.x'
+          node-version-file: './cli/.nvmrc'
           registry-url: 'https://registry.npmjs.org'
       - name: Prepare SDK
         run: npm ci --prefix ../open-api/typescript-sdk/
@@ -56,10 +56,10 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3.0.0
+        uses: docker/setup-qemu-action@v3.1.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.3.0
+        uses: docker/setup-buildx-action@v3.4.0
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
@@ -88,7 +88,7 @@ jobs:
             type=raw,value=latest,enable=${{ github.event_name == 'release' }}
 
       - name: Build and push image
-        uses: docker/build-push-action@v5.4.0
+        uses: docker/build-push-action@v6.3.0
         with:
           file: cli/Dockerfile
           platforms: linux/amd64,linux/arm64

.github/workflows/docker.yml

@@ -63,10 +63,10 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3.0.0
+        uses: docker/setup-qemu-action@v3.1.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.3.0
+        uses: docker/setup-buildx-action@v3.4.0
 
       - name: Login to Docker Hub
         # Only push to Docker Hub when making a release
@@ -115,7 +115,7 @@ jobs:
           fi
 
       - name: Build and push image
-        uses: docker/build-push-action@v5.4.0
+        uses: docker/build-push-action@v6.3.0
         with:
           context: ${{ matrix.context }}
           file: ${{ matrix.file }}
@@ -124,7 +124,11 @@ jobs:
           push: ${{ !github.event.pull_request.head.repo.fork }}
           cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{matrix.image}}
           cache-to: ${{ steps.cache-target.outputs.cache-to }}
-          build-args: |
-            DEVICE=${{ matrix.device }}
           tags: ${{ steps.metadata.outputs.tags }}
           labels: ${{ steps.metadata.outputs.labels }}
+          build-args: |
+            DEVICE=${{ matrix.device }}
+            BUILD_ID=${{ github.run_id }}
+            BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }}
+            BUILD_SOURCE_REF=${{ github.ref_name }}
+            BUILD_SOURCE_COMMIT=${{ github.sha }}

.github/workflows/docs-build.yml

@@ -26,6 +26,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './docs/.nvmrc'
+
       - name: Run npm install
         run: npm ci
 

.github/workflows/sdk.yml

@@ -19,7 +19,7 @@ jobs:
       # Setup .npmrc file to publish to npm
       - uses: actions/setup-node@v4
         with:
-          node-version: '20.x'
+          node-version-file: './open-api/typescript-sdk/.nvmrc'
           registry-url: 'https://registry.npmjs.org'
       - name: Install deps
         run: npm ci

.github/workflows/test.yml

@@ -21,6 +21,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './server/.nvmrc'
+
       - name: Run npm install
         run: npm ci
 
@@ -54,7 +59,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version-file: './cli/.nvmrc'
 
       - name: Setup typescript-sdk
         run: npm ci && npm run build
@@ -79,6 +84,38 @@ jobs:
         run: npm run test:cov
         if: ${{ !cancelled() }}
 
+  cli-unit-tests-win:
+    name: CLI (Windows)
+    runs-on: windows-latest
+    defaults:
+      run:
+        working-directory: ./cli
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './cli/.nvmrc'
+
+      - name: Setup typescript-sdk
+        run: npm ci && npm run build
+        working-directory: ./open-api/typescript-sdk
+
+      - name: Install deps
+        run: npm ci
+
+      # Skip linter & formatter in Windows test.
+      - name: Run tsc
+        run: npm run check
+        if: ${{ !cancelled() }}
+
+      - name: Run unit tests & coverage
+        run: npm run test:cov
+        if: ${{ !cancelled() }}
+
   web-unit-tests:
     name: Web
     runs-on: ubuntu-latest
@@ -90,6 +127,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './web/.nvmrc'
+
       - name: Run setup typescript-sdk
         run: npm ci && npm run build
         working-directory: ./open-api/typescript-sdk
@@ -133,7 +175,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version-file: './e2e/.nvmrc'
 
       - name: Run setup typescript-sdk
         run: npm ci && npm run build
@@ -241,6 +283,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './server/.nvmrc'
+
       - name: Install server dependencies
         run: npm --prefix=server ci
 
@@ -291,6 +338,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './server/.nvmrc'
+
       - name: Install server dependencies
         run: npm ci
 

CODE_OF_CONDUCT.md

@@ -131,4 +131,4 @@ conduct enforcement ladder](https://github.com/mozilla/diversity).
 
 For answers to common questions about this code of conduct, see the
 FAQ at https://www.contributor-covenant.org/faq. Translations are
-available at https://www.contributor-covenant.org/translations.
+available at https://www.contributor-covenant.org/translations.

Makefile

@@ -35,3 +35,51 @@ sql:
 
 attach-server:
 	docker exec -it docker_immich-server_1 sh
+
+renovate:
+  LOG_LEVEL=debug npx renovate --platform=local --repository-cache=reset
+
+MODULES = e2e server web cli sdk
+
+audit-%:
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) audit fix
+install-%:
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) i
+build-cli: build-sdk
+build-web: build-sdk
+build-%: install-%
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run | grep 'build' >/dev/null \
+		&& npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run build || true
+format-%:
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run | grep 'format:fix' >/dev/null \
+		&& npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run format:fix || true
+lint-%:
+	npm --prefix $* run lint:fix
+check-%:
+	npm --prefix $* run check
+check-web:
+	npm --prefix web run check:typescript
+	npm --prefix web run check:svelte
+test-%:
+	npm --prefix $* run test
+test-e2e:
+	docker compose -f ./e2e/docker-compose.yml build
+	npm --prefix e2e run test
+	npm --prefix e2e run test:web
+
+build-all: $(foreach M,$(MODULES),build-$M) ;
+install-all: $(foreach M,$(MODULES),install-$M) ;
+check-all: $(foreach M,$(MODULES),check-$M) ;
+lint-all: $(foreach M,$(MODULES),lint-$M) ;
+format-all: $(foreach M,$(MODULES),format-$M) ;
+audit-all:  $(foreach M,$(MODULES),audit-$M) ;
+hygiene-all: lint-all format-all check-all sql audit-all;
+test-all: $(foreach M,$(MODULES),test-$M) ;
+
+clean:
+	find . -name "node_modules" -type d -prune -exec rm -rf '{}' +
+	find . -name "dist" -type d -prune -exec rm -rf '{}' +
+	find . -name "build" -type d -prune -exec rm -rf '{}' +
+	find . -name "svelte-kit" -type d -prune -exec rm -rf '{}' +
+	docker compose -f ./docker/docker-compose.dev.yml rm -v -f || true
+	docker compose -f ./e2e/docker-compose.yml rm -v -f || true

README.md

@@ -1,7 +1,7 @@
 <p align="center"> 
   <br/>  
   <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: AGPLv3"></a>
-  <a href="https://discord.gg/D8JsnBEuKb">
+  <a href="https://discord.immich.app">
     <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" alt="Discord"/>
   </a>
   <br/>  
@@ -19,20 +19,21 @@
 <br/>
 <p align="center">
 
-  <a href="readme_i18n/README_ca_ES.md">Català</a>
-  <a href="readme_i18n/README_es_ES.md">Español</a>
-  <a href="readme_i18n/README_fr_FR.md">Français</a>
-  <a href="readme_i18n/README_it_IT.md">Italiano</a>
-  <a href="readme_i18n/README_ja_JP.md">日本語</a>
-  <a href="readme_i18n/README_ko_KR.md">한국어</a>
-  <a href="readme_i18n/README_de_DE.md">Deutsch</a>
-  <a href="readme_i18n/README_nl_NL.md">Nederlands</a>
-  <a href="readme_i18n/README_tr_TR.md">Türkçe</a>
-  <a href="readme_i18n/README_zh_CN.md">中文</a>
-  <a href="readme_i18n/README_ru_RU.md">Русский</a>
-  <a href="readme_i18n/README_pt_BR.md">Português Brasileiro</a>
-  <a href="readme_i18n/README_sv_SE.md">Svenska</a>
-  <a href="readme_i18n/README_ar_JO.md">العربية</a>
+<a href="readme_i18n/README_ca_ES.md">Català</a>
+<a href="readme_i18n/README_es_ES.md">Español</a>
+<a href="readme_i18n/README_fr_FR.md">Français</a>
+<a href="readme_i18n/README_it_IT.md">Italiano</a>
+<a href="readme_i18n/README_ja_JP.md">日本語</a>
+<a href="readme_i18n/README_ko_KR.md">한국어</a>
+<a href="readme_i18n/README_de_DE.md">Deutsch</a>
+<a href="readme_i18n/README_nl_NL.md">Nederlands</a>
+<a href="readme_i18n/README_tr_TR.md">Türkçe</a>
+<a href="readme_i18n/README_zh_CN.md">中文</a>
+<a href="readme_i18n/README_ru_RU.md">Русский</a>
+<a href="readme_i18n/README_pt_BR.md">Português Brasileiro</a>
+<a href="readme_i18n/README_sv_SE.md">Svenska</a>
+<a href="readme_i18n/README_ar_JO.md">العربية</a>
+
 </p>
 
 ## Disclaimer
@@ -42,45 +43,36 @@
 - ⚠️ **Do not use the app as the only way to store your photos and videos.**
 - ⚠️ Always follow [3-2-1](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) backup plan for your precious photos and videos!
 
-## Content
+> [!NOTE]
+> You can find the main documentation, including installation guides, at https://immich.app/.
 
-- [Official Documentation](https://immich.app/docs)
-- [Roadmap](https://github.com/orgs/immich-app/projects/1)
+## Links
+
+- [Documentation](https://immich.app/docs)
+- [About](https://immich.app/docs/overview/introduction)
+- [Installation](https://immich.app/docs/install/requirements)
+- [Roadmap](https://immich.app/roadmap)
 - [Demo](#demo)
 - [Features](#features)
-- [Introduction](https://immich.app/docs/overview/introduction)
-- [Installation](https://immich.app/docs/install/requirements)
-- [Contribution Guidelines](https://immich.app/docs/overview/support-the-project)
-
-## Documentation
-
-You can find the main documentation, including installation guides, at https://immich.app/.
+- [Translations](https://immich.app/docs/developer/translations)
+- [Contributing](https://immich.app/docs/overview/support-the-project)
 
 ## Demo
 
-You can access the web demo at https://demo.immich.app
+Access the demo [here](https://demo.immich.app). The demo is running on a Free-tier Oracle VM in Amsterdam with a 2.4Ghz quad-core ARM64 CPU and 24GB RAM.
 
 For the mobile app, you can use `https://demo.immich.app/api` for the `Server Endpoint URL`
 
-```bash title="Demo Credential"
-The credential
-email: demo@immich.app
-password: demo
-```
+### Login credentials
 
-```
-Spec: Free-tier Oracle VM - Amsterdam - 2.4Ghz quad-core ARM64 CPU, 24GB RAM
-```
-
-## Activities
-
-![Activities](https://repobeats.axiom.co/api/embed/9e86d9dc3ddd137161f2f6d2e758d7863b1789cb.svg "Repobeats analytics image")
+| Email           | Password |
+| --------------- | -------- |
+| demo@immich.app | demo     |
 
 ## Features
 
-
 | Features                                     | Mobile | Web |
-| :--------------------------------------------- | -------- | ----- |
+| :------------------------------------------- | ------ | --- |
 | Upload and view videos and photos            | Yes    | Yes |
 | Auto backup when the app is opened           | Yes    | N/A |
 | Prevent duplication of assets                | Yes    | Yes |
@@ -110,13 +102,19 @@ Spec: Free-tier Oracle VM - Amsterdam - 2.4Ghz quad-core ARM64 CPU, 24GB RAM
 | Read-only gallery                            | Yes    | Yes |
 | Stacked Photos                               | Yes    | Yes |
 
-## Contributors
+## Translations
 
-<a href="https://github.com/alextran1502/immich/graphs/contributors">
-  <img src="https://contrib.rocks/image?repo=immich-app/immich" width="100%"/>
+Read more about translations [here](https://immich.app/docs/developer/translations).
+
+<a href="https://hosted.weblate.org/engage/immich/">
+<img src="https://hosted.weblate.org/widget/immich/immich/multi-auto.svg" alt="Translation status" />
 </a>
 
-## Star History
+## Repository activity
+
+![Activities](https://repobeats.axiom.co/api/embed/9e86d9dc3ddd137161f2f6d2e758d7863b1789cb.svg "Repobeats analytics image")
+
+## Star history
 
 <a href="https://star-history.com/#immich-app/immich&Date">
  <picture>
@@ -125,3 +123,9 @@ Spec: Free-tier Oracle VM - Amsterdam - 2.4Ghz quad-core ARM64 CPU, 24GB RAM
    <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=immich-app/immich&type=Date" width="100%" />
  </picture>
 </a>
+
+## Contributors
+
+<a href="https://github.com/alextran1502/immich/graphs/contributors">
+  <img src="https://contrib.rocks/image?repo=immich-app/immich" width="100%"/>
+</a>

SECURITY.md

@@ -2,4 +2,4 @@
 
 ## Reporting a Vulnerability
 
-Please report security issues to `alex.tran1502@gmail.com`
+Please report security issues to `security@immich.app`

cli/.nvmrc

@@ -1 +1 @@
-20.14
+20.15.1

cli/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:20-alpine3.19@sha256:696ae41fb5880949a15ade7879a2deae93b3f0723f757bdb5b8a9e4a744ce27f as core
+FROM node:20.15.1-alpine3.20@sha256:34b7aa411056c85dbf71d240d26516949b3f72b318d796c26b57caaa1df5639a as core
 
 WORKDIR /usr/src/open-api/typescript-sdk
 COPY open-api/typescript-sdk/package*.json open-api/typescript-sdk/tsconfig*.json ./
@@ -16,4 +16,4 @@ RUN npm run build
 
 WORKDIR /import
 
-ENTRYPOINT ["node", "/usr/src/app/dist"]
+ENTRYPOINT ["node", "/usr/src/app/dist"]

cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@immich/cli",
-  "version": "2.2.3",
+  "version": "2.2.10",
   "description": "Command Line Interface (CLI) for Immich",
   "type": "module",
   "exports": "./dist/index.js",
@@ -18,7 +18,7 @@
     "@types/cli-progress": "^3.11.0",
     "@types/lodash-es": "^4.17.12",
     "@types/mock-fs": "^4.13.1",
-    "@types/node": "^20.3.1",
+    "@types/node": "^20.14.10",
     "@typescript-eslint/eslint-plugin": "^7.0.0",
     "@typescript-eslint/parser": "^7.0.0",
     "@vitest/coverage-v8": "^1.2.2",
@@ -28,14 +28,15 @@
     "eslint": "^8.56.0",
     "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^53.0.0",
+    "eslint-plugin-unicorn": "^54.0.0",
     "mock-fs": "^5.2.0",
     "prettier": "^3.2.5",
-    "prettier-plugin-organize-imports": "^3.2.4",
+    "prettier-plugin-organize-imports": "^4.0.0",
     "typescript": "^5.3.3",
     "vite": "^5.0.12",
     "vite-tsconfig-paths": "^4.3.2",
     "vitest": "^1.2.2",
+    "vitest-fetch-mock": "^0.2.2",
     "yaml": "^2.3.1"
   },
   "scripts": {
@@ -59,9 +60,10 @@
   },
   "dependencies": {
     "fast-glob": "^3.3.2",
+    "fastq": "^1.17.1",
     "lodash-es": "^4.17.21"
   },
   "volta": {
-    "node": "20.14.0"
+    "node": "20.15.1"
   }
 }

cli/src/commands/asset.spec.ts

@@ -0,0 +1,201 @@
+import * as fs from 'node:fs';
+import * as os from 'node:os';
+import * as path from 'node:path';
+import { describe, expect, it, vi } from 'vitest';
+
+import { Action, checkBulkUpload, defaults, Reason } from '@immich/sdk';
+import createFetchMock from 'vitest-fetch-mock';
+
+import { checkForDuplicates, getAlbumName, uploadFiles, UploadOptionsDto } from './asset';
+
+vi.mock('@immich/sdk');
+
+describe('getAlbumName', () => {
+  it('should return a non-undefined value', () => {
+    if (os.platform() === 'win32') {
+      // This is meaningless for Unix systems.
+      expect(getAlbumName(String.raw`D:\test\Filename.txt`, {} as UploadOptionsDto)).toBe('test');
+    }
+    expect(getAlbumName('D:/parentfolder/test/Filename.txt', {} as UploadOptionsDto)).toBe('test');
+  });
+
+  it('has higher priority to return `albumName` in `options`', () => {
+    expect(getAlbumName('/parentfolder/test/Filename.txt', { albumName: 'example' } as UploadOptionsDto)).toBe(
+      'example',
+    );
+  });
+});
+
+describe('uploadFiles', () => {
+  const testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'test-'));
+  const testFilePath = path.join(testDir, 'test.png');
+  const testFileData = 'test';
+  const baseUrl = 'http://example.com';
+  const apiKey = 'key';
+  const retry = 3;
+
+  const fetchMocker = createFetchMock(vi);
+
+  beforeEach(() => {
+    // Create a test file
+    fs.writeFileSync(testFilePath, testFileData);
+
+    // Defaults
+    vi.mocked(defaults).baseUrl = baseUrl;
+    vi.mocked(defaults).headers = { 'x-api-key': apiKey };
+
+    fetchMocker.enableMocks();
+    fetchMocker.resetMocks();
+  });
+
+  it('returns new assets when upload file is successful', async () => {
+    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), () => {
+      return {
+        status: 200,
+        body: JSON.stringify({ id: 'fc5621b1-86f6-44a1-9905-403e607df9f5', status: 'created' }),
+      };
+    });
+
+    await expect(uploadFiles([testFilePath], { concurrency: 1 })).resolves.toEqual([
+      {
+        filepath: testFilePath,
+        id: 'fc5621b1-86f6-44a1-9905-403e607df9f5',
+      },
+    ]);
+  });
+
+  it('returns new assets when upload file retry is successful', async () => {
+    let counter = 0;
+    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), () => {
+      counter++;
+      if (counter < retry) {
+        throw new Error('Network error');
+      }
+
+      return {
+        status: 200,
+        body: JSON.stringify({ id: 'fc5621b1-86f6-44a1-9905-403e607df9f5', status: 'created' }),
+      };
+    });
+
+    await expect(uploadFiles([testFilePath], { concurrency: 1 })).resolves.toEqual([
+      {
+        filepath: testFilePath,
+        id: 'fc5621b1-86f6-44a1-9905-403e607df9f5',
+      },
+    ]);
+  });
+
+  it('returns new assets when upload file retry is failed', async () => {
+    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), () => {
+      throw new Error('Network error');
+    });
+
+    await expect(uploadFiles([testFilePath], { concurrency: 1 })).resolves.toEqual([]);
+  });
+});
+
+describe('checkForDuplicates', () => {
+  const testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'test-'));
+  const testFilePath = path.join(testDir, 'test.png');
+  const testFileData = 'test';
+  const testFileChecksum = 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3'; // SHA1
+  const retry = 3;
+
+  beforeEach(() => {
+    // Create a test file
+    fs.writeFileSync(testFilePath, testFileData);
+  });
+
+  it('checks duplicates', async () => {
+    vi.mocked(checkBulkUpload).mockResolvedValue({
+      results: [
+        {
+          action: Action.Accept,
+          id: testFilePath,
+        },
+      ],
+    });
+
+    await checkForDuplicates([testFilePath], { concurrency: 1 });
+
+    expect(checkBulkUpload).toHaveBeenCalledWith({
+      assetBulkUploadCheckDto: {
+        assets: [
+          {
+            checksum: testFileChecksum,
+            id: testFilePath,
+          },
+        ],
+      },
+    });
+  });
+
+  it('returns duplicates when check duplicates is rejected', async () => {
+    vi.mocked(checkBulkUpload).mockResolvedValue({
+      results: [
+        {
+          action: Action.Reject,
+          id: testFilePath,
+          assetId: 'fc5621b1-86f6-44a1-9905-403e607df9f5',
+          reason: Reason.Duplicate,
+        },
+      ],
+    });
+
+    await expect(checkForDuplicates([testFilePath], { concurrency: 1 })).resolves.toEqual({
+      duplicates: [
+        {
+          filepath: testFilePath,
+          id: 'fc5621b1-86f6-44a1-9905-403e607df9f5',
+        },
+      ],
+      newFiles: [],
+    });
+  });
+
+  it('returns new assets when check duplicates is accepted', async () => {
+    vi.mocked(checkBulkUpload).mockResolvedValue({
+      results: [
+        {
+          action: Action.Accept,
+          id: testFilePath,
+        },
+      ],
+    });
+
+    await expect(checkForDuplicates([testFilePath], { concurrency: 1 })).resolves.toEqual({
+      duplicates: [],
+      newFiles: [testFilePath],
+    });
+  });
+
+  it('returns results when check duplicates retry is successful', async () => {
+    let mocked = vi.mocked(checkBulkUpload);
+    for (let i = 1; i < retry; i++) {
+      mocked = mocked.mockRejectedValueOnce(new Error('Network error'));
+    }
+    mocked.mockResolvedValue({
+      results: [
+        {
+          action: Action.Accept,
+          id: testFilePath,
+        },
+      ],
+    });
+
+    await expect(checkForDuplicates([testFilePath], { concurrency: 1 })).resolves.toEqual({
+      duplicates: [],
+      newFiles: [testFilePath],
+    });
+  });
+
+  it('returns results when check duplicates retry is failed', async () => {
+    vi.mocked(checkBulkUpload).mockRejectedValue(new Error('Network error'));
+
+    await expect(checkForDuplicates([testFilePath], { concurrency: 1 })).resolves.toEqual({
+      duplicates: [],
+      newFiles: [],
+    });
+  });
+});

cli/src/commands/asset.ts

@@ -15,8 +15,8 @@ import { Presets, SingleBar } from 'cli-progress';
 import { chunk } from 'lodash-es';
 import { Stats, createReadStream } from 'node:fs';
 import { stat, unlink } from 'node:fs/promises';
-import os from 'node:os';
 import path, { basename } from 'node:path';
+import { Queue } from 'src/queue';
 import { BaseOptions, authenticate, crawl, sha1 } from 'src/utils';
 
 const s = (count: number) => (count === 1 ? '' : 's');
@@ -25,7 +25,7 @@ const s = (count: number) => (count === 1 ? '' : 's');
 type AssetBulkUploadCheckResults = Array<AssetBulkUploadCheckResult & { id: string }>;
 type Asset = { id: string; filepath: string };
 
-interface UploadOptionsDto {
+export interface UploadOptionsDto {
   recursive?: boolean;
   ignore?: string;
   dryRun?: boolean;
@@ -84,7 +84,7 @@ const scan = async (pathsToCrawl: string[], options: UploadOptionsDto) => {
   return files;
 };
 
-const checkForDuplicates = async (files: string[], { concurrency, skipHash }: UploadOptionsDto) => {
+export const checkForDuplicates = async (files: string[], { concurrency, skipHash }: UploadOptionsDto) => {
   if (skipHash) {
     console.log('Skipping hash check, assuming all files are new');
     return { newFiles: files, duplicates: [] };
@@ -100,32 +100,50 @@ const checkForDuplicates = async (files: string[], { concurrency, skipHash }: Up
   const newFiles: string[] = [];
   const duplicates: Asset[] = [];
 
-  try {
-    // TODO refactor into a queue
-    for (const items of chunk(files, concurrency)) {
-      const dto = await Promise.all(items.map(async (filepath) => ({ id: filepath, checksum: await sha1(filepath) })));
-      const { results } = await checkBulkUpload({ assetBulkUploadCheckDto: { assets: dto } });
-
-      for (const { id: filepath, assetId, action } of results as AssetBulkUploadCheckResults) {
+  const queue = new Queue<string[], AssetBulkUploadCheckResults>(
+    async (filepaths: string[]) => {
+      const dto = await Promise.all(
+        filepaths.map(async (filepath) => ({ id: filepath, checksum: await sha1(filepath) })),
+      );
+      const response = await checkBulkUpload({ assetBulkUploadCheckDto: { assets: dto } });
+      const results = response.results as AssetBulkUploadCheckResults;
+      for (const { id: filepath, assetId, action } of results) {
         if (action === Action.Accept) {
           newFiles.push(filepath);
         } else {
           // rejects are always duplicates
           duplicates.push({ id: assetId as string, filepath });
         }
-        progressBar.increment();
       }
-    }
-  } finally {
-    progressBar.stop();
+      progressBar.increment(filepaths.length);
+      return results;
+    },
+    { concurrency, retry: 3 },
+  );
+
+  for (const items of chunk(files, concurrency)) {
+    await queue.push(items);
   }
 
+  await queue.drained();
+
+  progressBar.stop();
+
   console.log(`Found ${newFiles.length} new files and ${duplicates.length} duplicate${s(duplicates.length)}`);
 
+  // Report failures
+  const failedTasks = queue.tasks.filter((task) => task.status === 'failed');
+  if (failedTasks.length > 0) {
+    console.log(`Failed to verify ${failedTasks.length} file${s(failedTasks.length)}:`);
+    for (const task of failedTasks) {
+      console.log(`- ${task.data} - ${task.error}`);
+    }
+  }
+
   return { newFiles, duplicates };
 };
 
-const uploadFiles = async (files: string[], { dryRun, concurrency }: UploadOptionsDto): Promise<Asset[]> => {
+export const uploadFiles = async (files: string[], { dryRun, concurrency }: UploadOptionsDto): Promise<Asset[]> => {
   if (files.length === 0) {
     console.log('All assets were already uploaded, nothing to do.');
     return [];
@@ -159,37 +177,52 @@ const uploadFiles = async (files: string[], { dryRun, concurrency }: UploadOptio
 
   const newAssets: Asset[] = [];
 
-  try {
-    for (const items of chunk(files, concurrency)) {
-      await Promise.all(
-        items.map(async (filepath) => {
-          const stats = statsMap.get(filepath) as Stats;
-          const response = await uploadFile(filepath, stats);
+  const queue = new Queue<string, AssetMediaResponseDto>(
+    async (filepath: string) => {
+      const stats = statsMap.get(filepath);
+      if (!stats) {
+        throw new Error(`Stats not found for ${filepath}`);
+      }
 
-          newAssets.push({ id: response.id, filepath });
+      const response = await uploadFile(filepath, stats);
+      newAssets.push({ id: response.id, filepath });
+      if (response.status === AssetMediaStatus.Duplicate) {
+        duplicateCount++;
+        duplicateSize += stats.size ?? 0;
+      } else {
+        successCount++;
+        successSize += stats.size ?? 0;
+      }
 
-          if (response.status === AssetMediaStatus.Duplicate) {
-            duplicateCount++;
-            duplicateSize += stats.size ?? 0;
-          } else {
-            successCount++;
-            successSize += stats.size ?? 0;
-          }
+      uploadProgress.update(successSize, { value_formatted: byteSize(successSize + duplicateSize) });
 
-          uploadProgress.update(successSize, { value_formatted: byteSize(successSize + duplicateSize) });
+      return response;
+    },
+    { concurrency, retry: 3 },
+  );
 
-          return response;
-        }),
-      );
-    }
-  } finally {
-    uploadProgress.stop();
+  for (const filepath of files) {
+    await queue.push(filepath);
   }
 
+  await queue.drained();
+
+  uploadProgress.stop();
+
   console.log(`Successfully uploaded ${successCount} new asset${s(successCount)} (${byteSize(successSize)})`);
   if (duplicateCount > 0) {
     console.log(`Skipped ${duplicateCount} duplicate asset${s(duplicateCount)} (${byteSize(duplicateSize)})`);
   }
+
+  // Report failures
+  const failedTasks = queue.tasks.filter((task) => task.status === 'failed');
+  if (failedTasks.length > 0) {
+    console.log(`Failed to upload ${failedTasks.length} asset${s(failedTasks.length)}:`);
+    for (const task of failedTasks) {
+      console.log(`- ${task.data} - ${task.error}`);
+    }
+  }
+
   return newAssets;
 };
 
@@ -346,7 +379,9 @@ const updateAlbums = async (assets: Asset[], options: UploadOptionsDto) => {
   }
 };
 
-const getAlbumName = (filepath: string, options: UploadOptionsDto) => {
-  const folderName = os.platform() === 'win32' ? filepath.split('\\').at(-2) : filepath.split('/').at(-2);
-  return options.albumName ?? folderName;
+// `filepath` valid format:
+// - Windows: `D:\\test\\Filename.txt` or `D:/test/Filename.txt`
+// - Unix: `/test/Filename.txt`
+export const getAlbumName = (filepath: string, options: UploadOptionsDto) => {
+  return options.albumName ?? path.basename(path.dirname(filepath));
 };

cli/src/queue.ts

@@ -0,0 +1,131 @@
+import * as fastq from 'fastq';
+import { uniqueId } from 'lodash-es';
+
+export type Task<T, R> = {
+  readonly id: string;
+  status: 'idle' | 'processing' | 'succeeded' | 'failed';
+  data: T;
+  error: unknown | undefined;
+  count: number;
+  // TODO: Could be useful to adding progress property.
+  // TODO: Could be useful to adding start_at/end_at/duration properties.
+  result: undefined | R;
+};
+
+export type QueueOptions = {
+  verbose?: boolean;
+  concurrency?: number;
+  retry?: number;
+  // TODO: Could be useful to adding timeout property for retry.
+};
+
+export type ComputedQueueOptions = Required<QueueOptions>;
+
+export const defaultQueueOptions = {
+  concurrency: 1,
+  retry: 0,
+  verbose: false,
+};
+
+/**
+ * An in-memory queue that processes tasks in parallel with a given concurrency.
+ * @see {@link https://www.npmjs.com/package/fastq}
+ * @template T - The type of the worker task data.
+ * @template R - The type of the worker output data.
+ */
+export class Queue<T, R> {
+  private readonly queue: fastq.queueAsPromised<string, Task<T, R>>;
+  private readonly store = new Map<string, Task<T, R>>();
+  readonly options: ComputedQueueOptions;
+  readonly worker: (data: T) => Promise<R>;
+
+  /**
+   * Create a new queue.
+   * @param worker - The worker function that processes the task.
+   * @param options - The queue options.
+   */
+  constructor(worker: (data: T) => Promise<R>, options?: QueueOptions) {
+    this.options = { ...defaultQueueOptions, ...options };
+    this.worker = worker;
+    this.store = new Map<string, Task<T, R>>();
+    this.queue = this.buildQueue();
+  }
+
+  get tasks(): Task<T, R>[] {
+    const tasks: Task<T, R>[] = [];
+    for (const task of this.store.values()) {
+      tasks.push(task);
+    }
+    return tasks;
+  }
+
+  getTask(id: string): Task<T, R> {
+    const task = this.store.get(id);
+    if (!task) {
+      throw new Error(`Task with id ${id} not found`);
+    }
+    return task;
+  }
+
+  /**
+   * Wait for the queue to be empty.
+   * @returns Promise<void> - The returned Promise will be resolved when all tasks in the queue have been processed by a worker.
+   * This promise could be ignored as it will not lead to a `unhandledRejection`.
+   */
+  async drained(): Promise<void> {
+    await this.queue.drain();
+  }
+
+  /**
+   * Add a task at the end of the queue.
+   * @see {@link https://www.npmjs.com/package/fastq}
+   * @param data
+   * @returns Promise<void> - A Promise that will be fulfilled (rejected) when the task is completed successfully (unsuccessfully).
+   * This promise could be ignored as it will not lead to a `unhandledRejection`.
+   */
+  async push(data: T): Promise<Task<T, R>> {
+    const id = uniqueId();
+    const task: Task<T, R> = { id, status: 'idle', error: undefined, count: 0, data, result: undefined };
+    this.store.set(id, task);
+    return this.queue.push(id);
+  }
+
+  // TODO: Support more function delegation to fastq.
+
+  private buildQueue(): fastq.queueAsPromised<string, Task<T, R>> {
+    return fastq.promise((id: string) => {
+      const task = this.getTask(id);
+      return this.work(task);
+    }, this.options.concurrency);
+  }
+
+  private async work(task: Task<T, R>): Promise<Task<T, R>> {
+    task.count += 1;
+    task.error = undefined;
+    task.status = 'processing';
+    if (this.options.verbose) {
+      console.log('[task] processing:', task);
+    }
+    try {
+      task.result = await this.worker(task.data);
+      task.status = 'succeeded';
+      if (this.options.verbose) {
+        console.log('[task] succeeded:', task);
+      }
+      return task;
+    } catch (error) {
+      task.error = error;
+      task.status = 'failed';
+      if (this.options.verbose) {
+        console.log('[task] failed:', task);
+      }
+      if (this.options.retry > 0 && task.count < this.options.retry) {
+        if (this.options.verbose) {
+          console.log('[task] retry:', task);
+        }
+        return this.work(task);
+      }
+      return task;
+    }
+  }
+}

cli/src/utils.spec.ts

@@ -1,4 +1,5 @@
 import mockfs from 'mock-fs';
+import { readFileSync } from 'node:fs';
 import { CrawlOptions, crawl } from 'src/utils';
 
 interface Test {
@@ -9,6 +10,10 @@ interface Test {
 
 const cwd = process.cwd();
 
+const readContent = (path: string) => {
+  return readFileSync(path).toString();
+};
+
 const extensions = [
   '.jpg',
   '.jpeg',
@@ -256,7 +261,8 @@ const tests: Test[] = [
   {
     test: 'should support ignoring absolute paths',
     options: {
-      pathsToCrawl: ['/'],
+      // Currently, fast-glob has some caveat when dealing with `/`.
+      pathsToCrawl: ['/*s'],
       recursive: true,
       exclusionPattern: '/images/**',
     },
@@ -276,14 +282,16 @@ describe('crawl', () => {
   describe('crawl', () => {
     for (const { test, options, files } of tests) {
       it(test, async () => {
-        mockfs(Object.fromEntries(Object.keys(files).map((file) => [file, ''])));
+        // The file contents is the same as the path.
+        mockfs(Object.fromEntries(Object.keys(files).map((file) => [file, file])));
 
         const actual = await crawl({ ...options, extensions });
         const expected = Object.entries(files)
           .filter((entry) => entry[1])
           .map(([file]) => file);
 
-        expect(actual.sort()).toEqual(expected.sort());
+        // Compare file's content instead of path since a file can be represent in multiple ways.
+        expect(actual.map((path) => readContent(path)).sort()).toEqual(expected.sort());
       });
     }
   });

cli/src/utils.ts

@@ -1,8 +1,9 @@
 import { getMyUser, init, isHttpError } from '@immich/sdk';
-import { glob } from 'fast-glob';
+import { convertPathToPattern, glob } from 'fast-glob';
 import { createHash } from 'node:crypto';
 import { createReadStream } from 'node:fs';
 import { readFile, stat, writeFile } from 'node:fs/promises';
+import { platform } from 'node:os';
 import { join, resolve } from 'node:path';
 import yaml from 'yaml';
 
@@ -106,6 +107,11 @@ export interface CrawlOptions {
   exclusionPattern?: string;
   extensions: string[];
 }
+
+const convertPathToPatternOnWin = (path: string) => {
+  return platform() === 'win32' ? convertPathToPattern(path) : path;
+};
+
 export const crawl = async (options: CrawlOptions): Promise<string[]> => {
   const { extensions: extensionsWithPeriod, recursive, pathsToCrawl, exclusionPattern, includeHidden } = options;
   const extensions = extensionsWithPeriod.map((extension) => extension.replace('.', ''));
@@ -124,11 +130,11 @@ export const crawl = async (options: CrawlOptions): Promise<string[]> => {
       if (stats.isFile() || stats.isSymbolicLink()) {
         crawledFiles.push(absolutePath);
       } else {
-        patterns.push(absolutePath);
+        patterns.push(convertPathToPatternOnWin(absolutePath));
       }
     } catch (error: any) {
       if (error.code === 'ENOENT') {
-        patterns.push(currentPath);
+        patterns.push(convertPathToPatternOnWin(currentPath));
       } else {
         throw error;
       }

cli/vite.config.ts

@@ -2,6 +2,7 @@ import { defineConfig } from 'vite';
 import tsconfigPaths from 'vite-tsconfig-paths';
 
 export default defineConfig({
+  resolve: { alias: { src: '/src' } },
   build: {
     rollupOptions: {
       input: 'src/index.ts',

deployment/modules/cloudflare/docs-release/.terraform.lock.hcl

@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.34.0"
-  constraints = "4.34.0"
+  version     = "4.37.0"
+  constraints = "4.37.0"
   hashes = [
-    "h1:+W0+Xe1AUh7yvHjDbgR9T7CY1UbBC3Y6U7Eo+ucLnJM=",
-    "h1:2+1lKObDDdFZRluvROF3RKtXD66CFT3PfnHOvR6CmfA=",
-    "h1:7vluN2wmw8D9nI11YwTgoGv3hGDXlkt8xqQ4L/JABeQ=",
-    "h1:B0Urm8ZKTJ8cXzSCtEpJ+o+LsD8MXaD6LU59qVbh50Q=",
-    "h1:FpGLCm5oF12FaRti3E4iQJlkVbdCC7toyGVuH8og7KY=",
-    "h1:FunTmrCMDy+rom7YskY0WiL5/Y164zFrrD9xnBxU5NY=",
-    "h1:GrxZhEb+5HzmHF/BvZBdGKBJy6Wyjme0+ABVDz/63to=",
-    "h1:J36dda2K42/oTfHuZ4jKkW5+nI6BTWFRUvo60P17NJg=",
-    "h1:Kq0Wyn+j6zoQeghMYixbnfnyP9ZSIEJbOCzMbaCiAQQ=",
-    "h1:TKxunXCiS/z105sN/kBNFwU6tIKD67JKJ3ZKjwzoCuI=",
-    "h1:TR0URKFQxsRO5/v7bKm5hkD/CTTjsG7aVGllL/Mf25c=",
-    "h1:V+3Qs0Reb6r+8p4XjE5ZFDWYrOIN0x5SwORz4wvHOJ4=",
-    "h1:mZB3Ui7V/lPQMQK53eBOjIHcrul74252dT06Kgn3J+s=",
-    "h1:wJwZrIXxoki8omXLJ7XA7B1KaSrtcLMJp090fRtFRAc=",
-    "zh:02aa46743c1585ada8faa7db23af68ea614053a506f88f05d1090ff5e0e68076",
-    "zh:1e1a545e83e6457a0e15357b23139bc288fb4fbd5e9a5ddfedc95a6a0216b08c",
-    "zh:29eef2621e0b1501f620e615bf73b1b90d5417d745e38af63634bc03250faf87",
-    "zh:3c20989d7e1e141882e6091384bf85fdc83f70f3d29e3e047c493a07de992095",
-    "zh:3d39619379ba29c7ffb15196f0ea72a04c84cfcdf4b39ac42ac4cf4c19f3eae2",
-    "zh:805f4a2774e9279c590b8214aabe6df9dcc22bb995df2530513f2f78c647ce75",
+    "h1:0gOI8arnh2CTcHfGH8iwAe6qz2BRSytmbOiNXZjnrHc=",
+    "h1:0h0qRJYPHL92Dx3NYZO2WJ21cxyZGEoldzw9aYhPnew=",
+    "h1:6ri7vZ1MLtQbooicIO4catyIuRq4LHAsIcgd3vGq3AE=",
+    "h1:7BwVaqxSD9VsmLzs6jDJBJvHPq0dz4I8rCeJAK63Dc4=",
+    "h1:8tVm+BJvzI14pRbEyt00AvH6oIyqiLRZQ9KxcBeSDhE=",
+    "h1:FTll1M9rPA7RxEyLB6etQqaqynWWl3WkiwJtHMjPr3Y=",
+    "h1:L7ysGftn0fstXMjCt3/XEz2giRdEwBsGrdvi4Zw8uzM=",
+    "h1:PsbAKy7LdSpwZMJZ7bO3lI04hLDTlXke/LCkrKXYwwE=",
+    "h1:Sjkpr8CKs0rXGcdis5q4Kbqmo5mmosgirnQi65G4sM8=",
+    "h1:YxJRQdVSzMZR5Ce5M3Gs1SPutXpednxuRwtSSiReHDY=",
+    "h1:bJrJeBKWEwt4hGQ+3VJR69dsqHORovE8LzuQt9+NTug=",
+    "h1:hPC7Vk0ZGXCDJ1y5dOepVo1c0PoUulnJUarrMv4gQIQ=",
+    "h1:joMURZCLUJ2eSlj645xqHWKYbRBYqvajCkhaz7qzi8g=",
+    "h1:uqo0WgG5lCcG8+gf99VnsKKbJMM1urNZq1FbAT6u3S0=",
+    "zh:012a6c3e8bf4aca0ebe0884e15bd42fd018659193f2159d5d2bf9948a9be1bc4",
+    "zh:079666c0a079237af46ed19ffc4143655ee0e8920a274868e44fbc3db88f346d",
+    "zh:08e7ff86f6848f3109d59ad46f8c0987178eff2f70c8ef03f2d44ae68e42dfb3",
+    "zh:1ce8a499fdf8f484f7d18ec91566bc0759b07d0ca710990cd60d32b222e416b1",
+    "zh:348e72338095bffccf7c46c7e6b9d0e063a22d9ae761061b0b31dea1aad22cd9",
+    "zh:47d39343dea1ef469a2c8e51c8d5993687af427a132da5379796fec27acb5710",
+    "zh:4cdf8e9579f9af3c72270088fc6e22208f0f91fd4382bc4a860d16040c86917b",
+    "zh:4fbebb21ecebc7e5ac0ea9e341c5dbea3094fc0579e4dc5b40bfe693164e022e",
+    "zh:778578dda7dd98576a3fe228132c8b60f646f4cf113638c94f1c40e2b11c027c",
     "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8af716f8655a57aa986861a8a7fa1d724594a284bd77c870eaea4db5f8b9732d",
-    "zh:a3d13c93b4e6ee6004782debaa9a17f990f2fe8ec8ba545c232818bb6064aba9",
-    "zh:bfa136acf82d3719473c0064446cc16d1b0303d98b06f55f503b7abeebceadb1",
-    "zh:ca6cf9254ae5436f2efbc01a0e3f7e4aa3c08b45182037b3eb3eb9539b2f7aec",
-    "zh:cba32d5de02674004e0a5955bd5222016d9991ca0553d4bd3bea517cd9def6ab",
-    "zh:d22c8cd527c6d0e84567f57be5911792e2fcd5969e3bba3747489f18bb16705b",
-    "zh:e4eeede9b3e72cdadd6cc252d4cbcf41baee6ecfd12bacd927e2dcbe733ab210",
-    "zh:facdaa787a69f86203cd3cc6922baea0b4a18bd9c36b0a8162e2e88ef6c90655",
+    "zh:894071f0f42571f820918d1a4316704923e29c5b2392704c1cbd063a04a641b8",
+    "zh:8d11dd73dd499c74d89f77a7e1b3d4a077ac88b0c9c3412e9a6a1b4efe17d107",
+    "zh:991e088be8381a73872cd33bb659e9dd69d7ab1f1f8d89b3cd17ffe59dffc65f",
+    "zh:9c0848b9c7e6799c9ffcf3afa70ad94a027f3e15a94679d56790714de0b072c5",
+    "zh:ad71ae800065ffc24b94d994250136ae8a9f6da704cf91b0dc9e14989e947369",
   ]
 }

deployment/modules/cloudflare/docs-release/config.tf

@@ -5,7 +5,7 @@ terraform {
   required_providers {
     cloudflare = {
       source = "cloudflare/cloudflare"
-      version = "4.34.0"
+      version = "4.37.0"
     }
   }
 }

deployment/modules/cloudflare/docs/.terraform.lock.hcl

@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.34.0"
-  constraints = "4.34.0"
+  version     = "4.37.0"
+  constraints = "4.37.0"
   hashes = [
-    "h1:+W0+Xe1AUh7yvHjDbgR9T7CY1UbBC3Y6U7Eo+ucLnJM=",
-    "h1:2+1lKObDDdFZRluvROF3RKtXD66CFT3PfnHOvR6CmfA=",
-    "h1:7vluN2wmw8D9nI11YwTgoGv3hGDXlkt8xqQ4L/JABeQ=",
-    "h1:B0Urm8ZKTJ8cXzSCtEpJ+o+LsD8MXaD6LU59qVbh50Q=",
-    "h1:FpGLCm5oF12FaRti3E4iQJlkVbdCC7toyGVuH8og7KY=",
-    "h1:FunTmrCMDy+rom7YskY0WiL5/Y164zFrrD9xnBxU5NY=",
-    "h1:GrxZhEb+5HzmHF/BvZBdGKBJy6Wyjme0+ABVDz/63to=",
-    "h1:J36dda2K42/oTfHuZ4jKkW5+nI6BTWFRUvo60P17NJg=",
-    "h1:Kq0Wyn+j6zoQeghMYixbnfnyP9ZSIEJbOCzMbaCiAQQ=",
-    "h1:TKxunXCiS/z105sN/kBNFwU6tIKD67JKJ3ZKjwzoCuI=",
-    "h1:TR0URKFQxsRO5/v7bKm5hkD/CTTjsG7aVGllL/Mf25c=",
-    "h1:V+3Qs0Reb6r+8p4XjE5ZFDWYrOIN0x5SwORz4wvHOJ4=",
-    "h1:mZB3Ui7V/lPQMQK53eBOjIHcrul74252dT06Kgn3J+s=",
-    "h1:wJwZrIXxoki8omXLJ7XA7B1KaSrtcLMJp090fRtFRAc=",
-    "zh:02aa46743c1585ada8faa7db23af68ea614053a506f88f05d1090ff5e0e68076",
-    "zh:1e1a545e83e6457a0e15357b23139bc288fb4fbd5e9a5ddfedc95a6a0216b08c",
-    "zh:29eef2621e0b1501f620e615bf73b1b90d5417d745e38af63634bc03250faf87",
-    "zh:3c20989d7e1e141882e6091384bf85fdc83f70f3d29e3e047c493a07de992095",
-    "zh:3d39619379ba29c7ffb15196f0ea72a04c84cfcdf4b39ac42ac4cf4c19f3eae2",
-    "zh:805f4a2774e9279c590b8214aabe6df9dcc22bb995df2530513f2f78c647ce75",
+    "h1:0gOI8arnh2CTcHfGH8iwAe6qz2BRSytmbOiNXZjnrHc=",
+    "h1:0h0qRJYPHL92Dx3NYZO2WJ21cxyZGEoldzw9aYhPnew=",
+    "h1:6ri7vZ1MLtQbooicIO4catyIuRq4LHAsIcgd3vGq3AE=",
+    "h1:7BwVaqxSD9VsmLzs6jDJBJvHPq0dz4I8rCeJAK63Dc4=",
+    "h1:8tVm+BJvzI14pRbEyt00AvH6oIyqiLRZQ9KxcBeSDhE=",
+    "h1:FTll1M9rPA7RxEyLB6etQqaqynWWl3WkiwJtHMjPr3Y=",
+    "h1:L7ysGftn0fstXMjCt3/XEz2giRdEwBsGrdvi4Zw8uzM=",
+    "h1:PsbAKy7LdSpwZMJZ7bO3lI04hLDTlXke/LCkrKXYwwE=",
+    "h1:Sjkpr8CKs0rXGcdis5q4Kbqmo5mmosgirnQi65G4sM8=",
+    "h1:YxJRQdVSzMZR5Ce5M3Gs1SPutXpednxuRwtSSiReHDY=",
+    "h1:bJrJeBKWEwt4hGQ+3VJR69dsqHORovE8LzuQt9+NTug=",
+    "h1:hPC7Vk0ZGXCDJ1y5dOepVo1c0PoUulnJUarrMv4gQIQ=",
+    "h1:joMURZCLUJ2eSlj645xqHWKYbRBYqvajCkhaz7qzi8g=",
+    "h1:uqo0WgG5lCcG8+gf99VnsKKbJMM1urNZq1FbAT6u3S0=",
+    "zh:012a6c3e8bf4aca0ebe0884e15bd42fd018659193f2159d5d2bf9948a9be1bc4",
+    "zh:079666c0a079237af46ed19ffc4143655ee0e8920a274868e44fbc3db88f346d",
+    "zh:08e7ff86f6848f3109d59ad46f8c0987178eff2f70c8ef03f2d44ae68e42dfb3",
+    "zh:1ce8a499fdf8f484f7d18ec91566bc0759b07d0ca710990cd60d32b222e416b1",
+    "zh:348e72338095bffccf7c46c7e6b9d0e063a22d9ae761061b0b31dea1aad22cd9",
+    "zh:47d39343dea1ef469a2c8e51c8d5993687af427a132da5379796fec27acb5710",
+    "zh:4cdf8e9579f9af3c72270088fc6e22208f0f91fd4382bc4a860d16040c86917b",
+    "zh:4fbebb21ecebc7e5ac0ea9e341c5dbea3094fc0579e4dc5b40bfe693164e022e",
+    "zh:778578dda7dd98576a3fe228132c8b60f646f4cf113638c94f1c40e2b11c027c",
     "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8af716f8655a57aa986861a8a7fa1d724594a284bd77c870eaea4db5f8b9732d",
-    "zh:a3d13c93b4e6ee6004782debaa9a17f990f2fe8ec8ba545c232818bb6064aba9",
-    "zh:bfa136acf82d3719473c0064446cc16d1b0303d98b06f55f503b7abeebceadb1",
-    "zh:ca6cf9254ae5436f2efbc01a0e3f7e4aa3c08b45182037b3eb3eb9539b2f7aec",
-    "zh:cba32d5de02674004e0a5955bd5222016d9991ca0553d4bd3bea517cd9def6ab",
-    "zh:d22c8cd527c6d0e84567f57be5911792e2fcd5969e3bba3747489f18bb16705b",
-    "zh:e4eeede9b3e72cdadd6cc252d4cbcf41baee6ecfd12bacd927e2dcbe733ab210",
-    "zh:facdaa787a69f86203cd3cc6922baea0b4a18bd9c36b0a8162e2e88ef6c90655",
+    "zh:894071f0f42571f820918d1a4316704923e29c5b2392704c1cbd063a04a641b8",
+    "zh:8d11dd73dd499c74d89f77a7e1b3d4a077ac88b0c9c3412e9a6a1b4efe17d107",
+    "zh:991e088be8381a73872cd33bb659e9dd69d7ab1f1f8d89b3cd17ffe59dffc65f",
+    "zh:9c0848b9c7e6799c9ffcf3afa70ad94a027f3e15a94679d56790714de0b072c5",
+    "zh:ad71ae800065ffc24b94d994250136ae8a9f6da704cf91b0dc9e14989e947369",
   ]
 }

deployment/modules/cloudflare/docs/config.tf

@@ -5,7 +5,7 @@ terraform {
   required_providers {
     cloudflare = {
       source = "cloudflare/cloudflare"
-      version = "4.34.0"
+      version = "4.37.0"
     }
   }
 }

docker/docker-compose.dev.yml

@@ -26,6 +26,16 @@ services:
       - /etc/localtime:/etc/localtime:ro
     env_file:
       - .env
+    environment:
+      IMMICH_REPOSITORY: immich-app/immich
+      IMMICH_REPOSITORY_URL: https://github.com/immich-app/immich
+      IMMICH_SOURCE_REF: local
+      IMMICH_SOURCE_COMMIT: af2efbdbbddc27cd06142f22253ccbbbbeec1f55
+      IMMICH_SOURCE_URL: https://github.com/immich-app/immich/commit/af2efbdbbddc27cd06142f22253ccbbbbeec1f55
+      IMMICH_BUILD: '9654404849'
+      IMMICH_BUILD_URL: https://github.com/immich-app/immich/actions/runs/9654404849
+      IMMICH_BUILD_IMAGE: development
+      IMMICH_BUILD_IMAGE_URL: https://github.com/immich-app/immich/pkgs/container/immich-server
     ulimits:
       nofile:
         soft: 1048576
@@ -84,7 +94,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: redis:6.2-alpine@sha256:d6c2911ac51b289db208767581a5d154544f2b2fe4914ea5056443f62dc6e900
+    image: redis:6.2-alpine@sha256:328fe6a5822256d065debb36617a8169dbfbd77b797c525288e465f56c1d392b
     healthcheck:
       test: redis-cli ping || exit 1
 
@@ -103,11 +113,26 @@ services:
     ports:
       - 5432:5432
     healthcheck:
-      test: pg_isready --dbname='${DB_DATABASE_NAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
+      test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
       interval: 5m
       start_interval: 30s
       start_period: 5m
-    command: ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
+    command:
+      [
+        'postgres',
+        '-c',
+        'shared_preload_libraries=vectors.so',
+        '-c',
+        'search_path="$$user", public, vectors',
+        '-c',
+        'logging_collector=on',
+        '-c',
+        'max_wal_size=2GB',
+        '-c',
+        'shared_buffers=512MB',
+        '-c',
+        'wal_compression=on',
+      ]
 
   # set IMMICH_METRICS=true in .env to enable metrics
   # immich-prometheus:

docker/docker-compose.prod.yml

@@ -41,7 +41,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: redis:6.2-alpine@sha256:d6c2911ac51b289db208767581a5d154544f2b2fe4914ea5056443f62dc6e900
+    image: redis:6.2-alpine@sha256:328fe6a5822256d065debb36617a8169dbfbd77b797c525288e465f56c1d392b
     healthcheck:
       test: redis-cli ping || exit 1
     restart: always
@@ -61,7 +61,7 @@ services:
     ports:
       - 5432:5432
     healthcheck:
-      test: pg_isready --dbname='${DB_DATABASE_NAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
+      test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
       interval: 5m
       start_interval: 30s
       start_period: 5m
@@ -73,7 +73,7 @@ services:
     container_name: immich_prometheus
     ports:
       - 9090:9090
-    image: prom/prometheus@sha256:5c435642ca4d8427ca26f4901c11114023004709037880cd7860d5b7176aa731
+    image: prom/prometheus@sha256:f20d3127bf2876f4a1df76246fca576b41ddf1125ed1c546fbd8b16ea55117e6
     volumes:
       - ./prometheus.yml:/etc/prometheus/prometheus.yml
       - prometheus-data:/prometheus
@@ -85,7 +85,7 @@ services:
     command: ['./run.sh', '-disable-reporting']
     ports:
       - 3000:3000
-    image: grafana/grafana:11.0.0-ubuntu@sha256:dcd3ae78713958a862732c3608d32c03f0c279c35a2032d74b80b12c5cdc47b8
+    image: grafana/grafana:11.1.0-ubuntu@sha256:c7fc29ec783d5e7fc1bdfaad6f92345a345cffbc5d21c388ca228175006fc107
     volumes:
       - grafana-data:/var/lib/grafana
 

docker/docker-compose.yml

@@ -43,7 +43,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: docker.io/redis:6.2-alpine@sha256:d6c2911ac51b289db208767581a5d154544f2b2fe4914ea5056443f62dc6e900
+    image: docker.io/redis:6.2-alpine@sha256:328fe6a5822256d065debb36617a8169dbfbd77b797c525288e465f56c1d392b
     healthcheck:
       test: redis-cli ping || exit 1
     restart: always
@@ -59,7 +59,7 @@ services:
     volumes:
       - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
     healthcheck:
-      test: pg_isready --dbname='${DB_DATABASE_NAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
+      test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
       interval: 5m
       start_interval: 30s
       start_period: 5m

docs/.nvmrc

@@ -1 +1 @@
-20.14
+20.15.1

docs/blog/2023/06-24/update.mdx

@@ -94,7 +94,7 @@ Thank you, and I am asking for your support for the project. I hope to be a full
 - Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - Give a project a star - the contributors love gazing at the stars and seeing their creations shining in the sky.
 
-Join our friendly [Discord](https://discord.gg/D8JsnBEuKb) to talk and discuss Immich, tech, or anything
+Join our friendly [Discord](https://discord.immich.app) to talk and discuss Immich, tech, or anything
 
 Cheer!
 

docs/blog/2023/07-29/update.mdx

@@ -142,7 +142,7 @@ Thank you, and I am asking for your support for the project. I hope to be a full
 - Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - Give a project a star - the contributors love gazing at the stars and seeing their creations shining in the sky.
 
-Join our friendly [Discord](https://discord.gg/D8JsnBEuKb) to talk and discuss Immich, tech, or anything
+Join our friendly [Discord](https://discord.immich.app) to talk and discuss Immich, tech, or anything
 
 Cheer!
 

docs/blog/2024/immich-core-team-goes-fulltime.mdx

@@ -1,7 +1,7 @@
 ---
 title: The Immich core team goes full-time
 authors: [alextran]
-tags: [update, announcement, futo]
+tags: [update, announcement, FUTO]
 date: 2024-05-01T00:00
 ---
 

docs/blog/2024/immich-licensing.mdx

@@ -0,0 +1,91 @@
+---
+title: Licensing announcement - Purchase a license to support Immich
+authors: [alextran]
+tags: [update, announcement, FUTO]
+date: 2024-07-18T00:00
+---
+
+Hello everybody,
+
+Firstly, on behalf of the Immich team, I'd like to thank everybody for your continuous support of Immich since the very first day! Your contributions, encouragement, and community engagement have helped bring Immich to its current state. The team and I are forever grateful for that.
+
+Since our [last announcement of the core team joining FUTO to work on Immich full-time](https://immich.app/blog/2024/immich-core-team-goes-fulltime), one of the goals of our new position is to foster a healthy relationship between the developers and the users. We believe that this enables us to create great software, establish transparent policies and build trust.
+
+We want to build a great software application that brings value to you and your loved ones' lives. We are not using you as a product, i.e., selling or tracking your data. We are not putting annoying ads into our software. We respect your privacy. We want to be compensated for the hard work we put in to build Immich for you.
+
+With those notes, we have enabled a way for you to financially support the continued development of Immich, ensuring the software can move forward and will be maintained, by offering a lifetime license of the software. We think if you like and use software, you should pay for it, but _we're never going to force anyone to pay or try to limit Immich for those who don't._
+
+There are two types of license that you can choose to purchase: **Server License** and **Individual License**.
+
+### Server License
+
+This is a lifetime license costing **$99.99**. The license is applied to the whole server. You and all users that use your server are licensed.
+
+### Individual License
+
+This is a lifetime license costing **$24.99**. The license is applied to a single user, and can be used on any server they choose to connect to.
+
+<img
+  width="837"
+  alt="license-social-gh"
+  src="https://github.com/user-attachments/assets/241932ed-ef3b-44ec-a9e2-ee80754e0cca"
+/>
+
+You can purchase the license on [our page - https://buy.immich.app](https://buy.immich.app).
+
+Starting with release `v1.109.0` you can purchase and enter your purchased license key directly in the app.
+
+<img
+  width="1414"
+  alt="license-page-gh"
+  src="https://github.com/user-attachments/assets/364fc32a-f6ef-4594-9fea-28d5a26ad77c"
+/>
+
+## Thank you
+
+Thank you again for your support, this will help create a strong foundation and stability for the Immich team to continue developing and maintaining the project that you love to use.
+
+<p align="center">
+  <img
+    src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExbjY2eWc5Y2F0ZW56MmR4aWE0dDhzZXlidXRmYWZyajl1bWZidXZpcyZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/87CKDqErVfMqY/giphy.gif"
+    width="550"
+    title="SUPPORT THE PROJECT!"
+  />
+</p>
+
+<br />
+<br />
+
+Cheers! 🎉
+
+Immich team
+
+# FAQ
+
+### 1. Where can I purchase a license?
+
+There are several places where you can purchase the license from
+
+- [https://buy.immich.app](https://buy.immich.app)
+- [https://pay.futo.org](https://pay.futo.org/)
+- or directly from the app.
+
+### 2. Do I need both _Individual License_ and _Server License_?
+
+No,
+
+If you are the admin and the sole user, or your instance has less than a total of 4 users, you can buy the **Individual License** for each user.
+
+If your instance has more than 4 users, it is more cost-effective to buy the **Server License**, which will license all the users on your instance.
+
+### 3. What do I do if I don't pay?
+
+You can continue using Immich for an unlimited trial period.
+
+### 4. Will there be any paywalled features?
+
+No, there will never be any paywalled features.
+
+### 5. Where can I get support regarding payment issues?
+
+You can email us with your `orderId` and your email address `billing@futo.org` or on our Discord server.

docs/blog/2024/update-july-2024.mdx

@@ -0,0 +1,77 @@
+---
+title: Immich Update - July 2024
+authors: [alextran]
+tags: [update, v1.106.0]
+---
+
+Hello everybody! Alex from Immich here and I am back with another development progress update for the project.
+
+Summer has returned once again, and the night sky is filled with stars, thank you for **38_000 shining stars** you have sent to our [GitHub repo](https://github.com/immich-app/immich)! Since the last announcement several core contributors have started full time. Everything is going great with development, PRs get merged with _brrrrrrr_ rate, conversation exchange between team members is on a new high, we met and are working with the great engineers at FUTO. The spirit is high and we have a lot of things brewing that we think you will like.
+
+Let's go over some of the updates we had since the last post.
+
+### Container consolidation
+
+Reduced the number of total containers from 5 to 4 by making the microservices thread get spawned directly in the server container. Woohoo, remember when Immich had 7 containers?
+
+### Email notifications
+
+![smtp](https://github.com/immich-app/immich/assets/27055614/949cba85-d3f1-4cd3-b246-a6f5fb5d3ae8)
+
+We added email notifications to the app with SMTP settings that you can configure for the following events
+
+- A new account is created for you.
+- You are added to a shared album.
+- New media is added to an album.
+
+### Versioned docs
+
+You can now jump back into the past or take a peek at the unreleased version of the documentation by selecting the version on the website.
+
+![version-doc](https://github.com/immich-app/immich/assets/27055614/6d22898a-5093-41ad-b416-4573d7ce6e03)
+
+### Similarity deduplication
+
+With more machine learning and CLIP magic, we now have similarity deduplication built into the application where it will search for closely similar images and let you decide what to do with them; i.e keep or trash.
+
+![similarity-deduplication](https://github.com/immich-app/immich/assets/27055614/3cac8478-fbf7-47ea-acb6-0146901dc67e)
+
+### Permanent URL for asset on the web
+
+The detail view for an asset now has a permanent URL so you can easily share them with your loved ones.
+
+### Web app translations
+
+We now have a public Weblate project which the community can use to translate the webapp to their native languages. We are planning to port the mobile app translation to this platform as well. If you would like to contribute, you can take a look [here](https://hosted.weblate.org/projects/immich/immich/). We're already close to 50% translations -- we really appreciate everyone contributing to that!
+
+![web-translation](https://github.com/immich-app/immich/assets/27055614/363df2ed-656c-4584-bd82-0708a693c5bc)
+
+### Read-only/Editor mode on shared album
+
+As the owner of the album, you can choose if the shared user can edit the album or to only view the content of the album without any modification.
+
+![read-only-album](https://github.com/immich-app/immich/assets/27055614/c6f66375-b869-495a-9a86-3e87b316d109)
+
+### Better video thumbnails
+
+Immich now tries to find a descriptive video thumbnail instead of simply using the first frame. No more black images for thumbnails!
+
+### Public Roadmap
+
+We now have a [public roadmap](https://immich.app/roadmap), giving you a high-level overview of things the team is working on. The first goal of this roadmap is to bring Immich to a stable release, which is expected sometime later this year. Some of the highlights include
+
+- Auto stacking - Auto stacking of burst photos
+- Basic editor - Basic photo editing capabilities
+- Workflows - Automate tasks with workflows
+- Fine grained access controls - Granular access controls for users and api keys
+- Better background backups - Rework background backups to be more reliable
+- Private/locked photos - Private assets with extra protections
+
+Beyond the items in the roadmap, we have _many many_ more ideas for Immich. The team and I hope that you are enjoying the application, find it helpful in your life and we have nothing but the intention of building out great software for you all!
+
+Have an amazing Summer or Winter for those in the southern hemisphere! :D
+
+Until next time,
+
+Cheers!
+Alex

docs/docs/FAQ.mdx

@@ -133,40 +133,6 @@ For example, say you have existing transcodes with the policy "Videos higher tha
 
 No. Our design principle is that the original assets should always be untouched.
 
-### How can I move all data (photos, persons, albums, libraries) from one user to another?
-
-This is not officially supported but can be accomplished with some database updates. You can do this on the command line (in the PostgreSQL container using the `psql` command), or you can add, for example, an [Adminer](https://www.adminer.org/) container to the `docker-compose.yml` file so that you can use a web interface.
-
-<details>
-<summary>Steps</summary>
-
-1. **MAKE A BACKUP** - See [backup and restore](/docs/administration/backup-and-restore.md).
-
-2. Find the ID of both the 'source' and the 'destination' user (it's the id column in the `users` table)
-
-3. Four tables need to be updated:
-
-```sql
-BEGIN;
--- reassign albums
-UPDATE albums SET "ownerId" = '<destinationId>' WHERE "ownerId" = '<sourceId>';
-
--- reassign people
-UPDATE person SET "ownerId" = '<destinationId>' WHERE "ownerId" = '<sourceId>';
-
--- reassign assets
-UPDATE assets SET "ownerId" = '<destinationId>' WHERE "ownerId" = '<sourceId>'
- AND CHECKSUM NOT IN (SELECT CHECKSUM FROM assets WHERE "ownerId" = '<destinationId>');
-
--- reassign external libraries
-UPDATE libraries SET "ownerId" = '<destinationId>' WHERE "ownerId" = '<sourceId>';
-COMMIT;
-```
-
-4. There might be left-over assets in the 'source' user's library if they are skipped by the last query because of duplicate checksums. These are probably duplicates anyway, and can probably be removed.
-
-</details>
-
 ---
 
 ## Albums
@@ -201,7 +167,7 @@ Immich uses CLIP models. For more information about CLIP and its capabilities, r
 
 ### How does facial recognition work?
 
-For face detection and recognition, Immich uses [InsightFace models](https://github.com/deepinsight/insightface/tree/master/model_zoo).
+See [How Facial Recognition Works](/docs/features/facial-recognition#How-Facial-Recognition-Works) for details.
 
 ### How can I disable machine learning?
 
@@ -215,19 +181,15 @@ However, disabling all jobs will not disable the machine learning service itself
 
 ### I'm getting errors about models being corrupt or failing to download. What do I do?
 
-You can delete the model cache volume, where models are downloaded. This will give the service a clean environment to download the model again. If models are failing to download entirely, you can manually download them from [Huggingface][huggingface] and place them in the cache folder.
+You can delete the model cache volume, where models are downloaded. This will give the service a clean environment to download the model again. If models are failing to download entirely, you can manually download them from [Hugging Face][huggingface] and place them in the cache folder.
 
 ### Can I use a custom CLIP model?
 
-No, this is not supported. Only models listed in the [Huggingface][huggingface] page are compatible. Feel free to make a feature request if there's a model not listed here that you think should be added.
+No, this is not supported. Only models listed in the [Hugging Face][huggingface] page are compatible. Feel free to make a feature request if there's a model not listed here that you think should be added.
 
 ### I want to be able to search in other languages besides English. How can I do that?
 
-You can change to a multilingual model listed [here](https://huggingface.co/collections/immich-app/multilingual-clip-654eb08c2382f591eeb8c2a7) by going to Administration > Machine Learning Settings > Smart Search and replacing the name of the model. Be sure to re-run Smart Search on all assets after this change. You can then search in over 100 languages.
-
-:::note
-Feel free to make a feature request if there's a model you want to use that isn't in [Immich Huggingface list][huggingface].
-:::
+You can change to a multilingual CLIP model. See [here](/docs/features/smart-search#CLIP-model) for instructions.
 
 ### Does Immich support Facial Recognition for videos?
 
@@ -268,7 +230,7 @@ ls clip/ facial-recognition/
 
 ### Why is Immich slow on low-memory systems like the Raspberry Pi?
 
-Immich optionally uses machine learning for several features. However, it can be too heavy to run on a Raspberry Pi. You can [mitigate](/docs/FAQ#can-i-lower-cpu-and-ram-usage) this or host Immich's machine-learning container on a [more powerful system](/docs/guides/remote-machine-learning), or [disable](/docs/FAQ#how-can-i-disable-machine-learning) machine learning entirely.
+Immich optionally uses transcoding and machine learning for several features. However, it can be too heavy to run on a Raspberry Pi. You can [mitigate](/docs/FAQ#can-i-lower-cpu-and-ram-usage) this or host Immich's machine-learning container on a [more powerful system](/docs/guides/remote-machine-learning), or [disable](/docs/FAQ#how-can-i-disable-machine-learning) machine learning entirely.
 
 ### Can I lower CPU and RAM usage?
 
@@ -277,10 +239,12 @@ The initial backup is the most intensive due to the number of jobs running. The
 - Lower the job concurrency for these jobs to 1.
 - Under Settings > Transcoding Settings > Threads, set the number of threads to a low number like 1 or 2.
 - Under Settings > Machine Learning Settings > Facial Recognition > Model Name, you can change the facial recognition model to `buffalo_s` instead of `buffalo_l`. The former is a smaller and faster model, albeit not as good.
-- For facial recognition on new images to work properly, You must re-run the Face Detection job for all images after this.
+  - For facial recognition on new images to work properly, You must re-run the Face Detection job for all images after this.
+- At the container level, you can [set resource constraints](/docs/FAQ#can-i-limit-cpu-and-ram-usage) to lower usage further.
+  - It's recommended to only apply these constraints _after_ taking some of the measures here for best performance.
 - If these changes are not enough, see [below](/docs/FAQ#how-can-i-disable-machine-learning) for instructions on how to disable machine learning.
 
-### Can I limit the amount of CPU and RAM usage?
+### Can I limit CPU and RAM usage?
 
 By default, a container has no resource constraints and can use as much of a given resource as the host's kernel scheduler allows. To limit this, you can add the following to the `docker-compose.yml` block of any containers that you want to have limited resources.
 
@@ -300,6 +264,8 @@ deploy:
 </details>
 For more details, you can look at the [original docker docs](https://docs.docker.com/config/containers/resource_constraints/) or use this [guide](https://www.baeldung.com/ops/docker-memory-limit).
 
+Note that memory constraints work by terminating the container, so this can introduce instability if set too low.
+
 ### How can I boost machine learning speed?
 
 :::note
@@ -309,21 +275,16 @@ This advice improves throughput, not latency. This is to say that it will make S
 You can increase throughput by increasing the job concurrency for machine learning jobs (Smart Search, Face Detection). With higher concurrency, the host will work on more assets in parallel. You can do this by navigating to Administration > Settings > Job Settings and increasing concurrency as needed.
 
 :::danger
-On a normal machine, 2 or 3 concurrent jobs can probably max the CPU. Beyond this, note that storage speed and latency may quickly become the limiting factor; particularly when using HDDs.
+On a normal machine, 2 or 3 concurrent jobs can probably max the CPU. Storage speed and latency can quickly become the limiting factor beyond this, particularly when using HDDs.
 
-Do not exaggerate with the amount of jobs because you're probably thoroughly overloading the server.
+The concurrency can be increased more comfortably with a GPU, but should still not be above 16 in most cases.
 
-More details can be found [here](https://discord.com/channels/979116623879368755/994044917355663450/1174711719994605708)
+Do not exaggerate with the job concurrency because you're probably thoroughly overloading the server.
 :::
 
-### Why is Immich using so much of my CPU?
+### My server shows Server Status Offline | Version Unknown. What can I do?
 
-When a large number of assets are uploaded to Immich, it makes sense that the CPU and RAM will be heavily used for machine learning work and creating image thumbnails.
-Once this process is completed, the percentage of CPU usage will drop to around 3-5% usage
-
-### My server shows Server Status Offline | Version Unknown what can I do?
-
-You need to enable Websocket on your reverse proxy.
+You need to enable WebSockets on your reverse proxy.
 
 ---
 
@@ -442,4 +403,11 @@ docker exec -it immich_postgres psql --dbname=immich --username=<DB_USERNAME> --
 
 </details>
 
+If corruption is detected, you should immediately make a backup before performing any other work in the database.
+To do so, you may need to set the `zero_damaged_pages=on` flag for the database server to allow `pg_dumpall` to succeed.
+After taking a backup, the recommended next step is to restore the database from a healthy backup before corruption was detected.
+The damaged database dump can be used to manually recover any changes made since the last backup, if needed.
+
+The causes of possible corruption are many, but can include unexpected poweroffs or unmounts, use of a network share for Postgres data, or a poor storage medium such an SD card or failing HDD/SSD.
+
 [huggingface]: https://huggingface.co/immich-app

docs/docs/administration/backup-and-restore.md

@@ -76,6 +76,7 @@ services:
   backup:
     container_name: immich_db_dumper
     image: prodrigestivill/postgres-backup-local:14
+    restart: always
     env_file:
       - .env
     environment:
@@ -191,6 +192,6 @@ When you turn off the storage template engine, it will leave the assets in `UPLO
 </Tabs>
 
 :::danger
-Do not touch the files inside these folders under any circumstances except taking a backup, changing or removing an asset can cause untracked and missing files.
+Do not touch the files inside these folders under any circumstances except taking a backup. Changing or removing an asset can cause untracked and missing files.
 You can think of it as App-Which-Must-Not-Be-Named, the only access to viewing, changing and deleting assets is only through the mobile or browser interface.
 :::

docs/docs/administration/jobs-workers.md

@@ -27,7 +27,7 @@ Copy the entire `immich-server` block as a new service and make the following ch
 +   container_name: immich_microservices
 ```
 
-Once you have two copies of the immich-server service, make the following chnages to each one. This will allow one container to only serve the web UI and API, and the other one to handle all other tasks.
+Once you have two copies of the immich-server service, make the following changes to each one. This will allow one container to only serve the web UI and API, and the other one to handle all other tasks.
 
 ```diff
 services:

docs/docs/developer/translations.md

@@ -0,0 +1,21 @@
+# Translations
+
+:::tip
+You can request a new language [here](https://hosted.weblate.org/new-lang/immich/immich/).
+:::
+
+## Weblate
+
+[Weblate](https://weblate.org/) is a "libre software web-based continuous localization system". Immich localization efforts are managed on their [hosted platform](https://hosted.weblate.org/projects/immich/immich/).
+
+## International message format
+
+Plurals, numbers, dates and other locale specific message formats can be handled by using the [ICU message format](https://unicode-org.github.io/icu/userguide/format_parse/messages/). Internally, this is handled by the [intl-messageformat](https://www.npmjs.com/package/intl-messageformat) library. Their [documentation](https://formatjs.io/docs/intl-messageformat/) includes common, editable examples via a "live editor" feature, which can be useful to test and debug message formats.
+
+## Progress
+
+Immich currently supports the following languages:
+
+<a href="https://hosted.weblate.org/engage/immich/">
+<img src="https://hosted.weblate.org/widget/immich/immich/multi-auto.svg" alt="Translation status" />
+</a>

docs/docs/developer/troubleshooting.md

@@ -1,7 +1,7 @@
 # Troubleshooting
 
 :::tip
-A great option to get assistance with troubleshooting is to join our [Discord](https://discord.gg/D8JsnBEuKb) server, where we have a dedicated channel for `#contributing`.
+A great option to get assistance with troubleshooting is to join our [Discord](https://discord.immich.app) server, where we have a dedicated channel for `#contributing`.
 :::
 
 ## Known Issues

docs/docs/features/facial-recognition.md

@@ -2,7 +2,7 @@
 
 ## Overview
 
-Immich recognizes faces in your photos and videos and groups them together. You can then assign names to the faces and search for them.
+Immich recognizes faces in your photos and videos and groups them together into people. You can then assign names to these people and search for them.
 
 The list of people is shown in the Explore page.
 
@@ -18,13 +18,75 @@ The asset detail view will also show the faces that are recognized in the asset.
 
 ## Actions
 
-Additional actions you can do with a detected person are:
+Additional actions you can do include:
 
-- Change the feature face photo of the person
-- Set date of birth
-- Merge two or more detected faces into one person
-- Hide face
+- Changing the feature photo of the person
+- Setting a person's date of birth
+- Merging two or more detected faces into one person
+- Hiding the faces of a person from the Explore page and detail view
+- Assigning an unrecognized face to a person
 
 It can be found from the app bar when you access the detail view of a person.
 
 <img src={require('./img/facial-recognition-4.png').default} title='Facial Recognition 4' width="70%"/>
+
+## How Face Detection Works
+
+Face detection sends the generated preview image to the machine learning service for processing. The service checks if it has the relevant model downloaded and downloads it if not. The image is decoded, pre-processed and passed to the face detection model (with hardware acceleration if configured). The bounding boxes and scores outputted from this model are used to crop and preprocess the image once again to be passed to a facial recognition model (also accelerated if configured). The embeddings from the recognition model, together with the bounding boxes and scores from the face detection model, are then sent back to the server to be added to the database. The embeddings in particular are indexed so they can be searched quickly during facial recognition clustering.
+
+## How Facial Recognition Works
+
+The facial recognition algorithm we use is derived from DBSCAN, a popular clustering algorithm. It essentially treats each detected face as a point in a graph and aims to group points that are close to each other.
+
+:::note
+An important concept is whether something is a _core point_. A core point has a minimum number of points around it within a certain distance. A non-core point can only be assigned to a cluster if it can reach a core point; a non-core point can't be used to extend a cluster even if it's part of one. In Immich, the _Minimum Recognized Faces_ setting controls the threshold to be considered a core point.
+:::
+
+For each face, it looks around it to find other faces within a certain distance. Faces within this distance are considered similar, so it then checks if any of these faces are associated with a person.
+
+If there is an existing person, it assigns the person of the most similar face to the face being processed.
+
+If there is none, then it has to determine something from the DBSCAN algorithm: whether the face is a _core point_. If there are a certain number of similar faces (by default 3, including the face being considered), then this face is a core point. A new person is created for this face and the face is assigned to it. When other faces are processed, if they're similar to this face, they'll see that it has an associated person and can be assigned to that person.
+
+However, if there aren't enough similar faces, no new person will be created. Instead, the face will wait for all the other faces to be processed to see if any matches that previously didn't have an associated person now do. If they do, then the face will be assigned to that person. If not, this face will be considered an outlier, such as a stranger in the background of an image.
+
+The algorithm has some subtle differences compared to DBSCAN:
+
+- DBSCAN doesn't have a concept of incremental clustering: it clusters all points at once. In contrast, facial recognition has to evolve as more assets are added without re-clustering everything each time.
+  - The algorithm described above works within a set of queued assets. Once these faces are processed and a new round of faces are detected, the behavior will not be the same as traditional DBSCAN since it preserves the clusters (people) generated from the previous round.
+    - Facial recognition tries to wait for face detection and thumbnail generation to complete before starting for this reason: the larger the set of faces in the queue, the better the results will be.
+    - Re-running facial recognition on all assets afterwards does behave like DBSCAN, however.
+- DBSCAN is designed for range-based searches (i.e. points within a distance), but high-dimensional vector indices are generally optimized for getting the closest K results. The recognition algorithm doesn't try to get _all_ similar faces within a distance for performance reasons. Instead, it searches for a small number of matches for each face. The end result should be very similar if not identical, but with possibly different performance characteristics.
+  - Because of this, part of the recognition process is handled during a nightly job to ensure that unassigned faces with potential matches can be recognized.
+
+:::tip
+If you didn't import your assets at once or if the server was able to process jobs faster than you could upload them, it's possible that the clustering was suboptimal. If you haven't put effort into the current results, it may be worth re-running facial recognition on all assets for the best starting point. If it's too late for that, you can also manually assign a selection of unassigned faces and queue _Missing_ for Facial Recognition to help it learn and assign more faces automatically.
+:::
+
+## Configuration
+
+Navigating to Administration > Settings > Machine Learning Settings > Facial Recognition will show the options available.
+
+:::tip
+It's better to only tweak the parameters here than to set them to something very different unless you're ready to test a variety of options. If you do need to set a parameter to a strict setting, relaxing other settings can be a good option to compensate, and vice versa.
+:::
+
+### Facial recognition model
+
+There are a few different models available; the default is typically considered the best. On more constrained systems where the default is too intensive, you can choose a smaller model instead.
+
+### Minimum detection score
+
+This setting affects whether a result from the face detecton model is filtered out as a false positive. It may seem tempting to set this low to detect more faces, but it can lead to false positives that are difficult to deal with and can harm facial recognition. It is strongly recommended not to go below 0.5 for this setting. Setting it to a very high number like 0.9 is also not recommended: the default is already biased toward precision, so a threshold that high leads to many undetected faces.
+
+After changing this setting, it will only apply to new face detection jobs. To apply the new setting to all assets, you need to re-run face detection for all assets.
+
+### Maximum recognition distance
+
+The distance threshold described in How Facial Recognition Works. The default works well for most people, but it may be worth lowering it if the library has twins or otherwise very similar looking people. A threshold that's too low just means needing to merge duplicate people after facial recognition, whereas a threshold too high can produce unsalvageable results. It is strongly recommended not to go below 0.3 or above 0.7.
+
+### Minimum recognized faces
+
+The core point threshold described in How Facial Recognition Works. This setting has a few implications. First, it takes effect immediately in that people with fewer faces than this are hidden from view. Secondly, it makes clustering more robust as it prevents loosely-related faces from being linked to each other by requiring a certain level of density.
+
+Increasing this setting is a good idea if you increase the recognition distance or reduce the minimum detection score. Setting it to 1 effectively disables the concept of core points, but can be an option if you prefer a more hands-on approach.

docs/docs/features/hardware-transcoding.md

@@ -123,6 +123,7 @@ Once this is done, you can continue to step 3 of "Basic Setup".
 
 - You may want to choose a slower preset than for software transcoding to maintain quality and efficiency
 - While you can use VAAPI with NVIDIA and Intel devices, prefer the more specific APIs since they're more optimized for their respective devices
+- You can confirm the device is being recognized and used by checking its utilization (via `nvtop` for NVIDIA, `intel_gpu_top` for Intel, etc.) when transcoding. A lack of error logs when transcoding also indicates that it's being used.
 
 [hw-file]: https://github.com/immich-app/immich/releases/latest/download/hwaccel.transcoding.yml
 [nvct]: https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html

docs/docs/features/libraries.md

@@ -104,18 +104,19 @@ The `immich-server` container will need access to the gallery. Modify your docke
   immich-server:
     volumes:
       - ${UPLOAD_LOCATION}:/usr/src/app/upload
-+     - /mnt/nas/christmas-trip:/mnt/media/christmas-trip:ro
-+     - /home/user/old-pics:/mnt/media/old-pics:ro
++     - /mnt/nas/christmas-trip:/mnt/nas/christmas-trip:ro
++     - /home/user/old-pics:/home/user/old-pics:ro
 +     - /mnt/media/videos:/mnt/media/videos:ro
++     - /mnt/media/videos2:/mnt/media/videos2 # the files in this folder can be deleted, as it does not end with :ro
 +     - "C:/Users/user_name/Desktop/my media:/mnt/media/my-media:ro" # import path in Windows system.
 ```
 
 :::tip
-The `ro` flag at the end only gives read-only access to the volumes. While Immich does not modify files, it's a good practice to mount read-only.
+The `ro` flag at the end only gives read-only access to the volumes. This will disallow the images from being deleted in the web UI.
 :::
 
 :::info
-_Remember to bring the container `docker compose down/up` to register the changes. Make sure you can see the mounted path in the container._
+_Remember to run `docker compose up -d` to register the changes. Make sure you can see the mounted path in the container._
 :::
 
 ### Create External Libraries

docs/docs/features/smart-search.md

@@ -7,29 +7,30 @@ Immich uses Postgres as its search database for both metadata and smart search.
 
 Smart search is powered by the [pgvecto.rs](https://github.com/tensorchord/pgvecto.rs) extension, utilizing machine learning models like [CLIP](https://openai.com/research/clip) to provide relevant search results. This allows for freeform searches without requiring specific keywords in the image or video metadata.
 
-Archived photos are not included in search results by default. To include them, mark the checkbox in [advanced search filters](/docs/features/smart-search#advanced-search-filters).
-
-:::tip Alternative CLIP Models
-More powerful models can be used for more accurate search results. For more information, see the related [FAQ](/docs/FAQ#can-i-use-a-custom-clip-model).
-:::
-
-:::info
-Smart Search is currently limited to 5,000 results for a single search on the web.
-:::
-
 ## Advanced Search Filters
 
 In addition, Immich offers advanced search functionality, allowing you to find specific content using customizable search filters. These filters include location, one or more faces, specific albums, and more. You can try out the search filters on the [Demo site](https://demo.immich.app).
 
-Smart search features include:
+The filters smart search allows you to search by include:
 
-- Search for one or more faces (with or without context search).
-- Search by Country or State or City or by all three.
-- Search by camera make and model.
-- Search by date range.
-- Search by file name.
-- Search by media types: image, video or all (**Note:** Image includes live images).
-- Search by condition: not in any album or archive or Favorite or all conditions.
+- People
+- Location
+  - Country
+  - State
+  - City
+- Camera
+  - Make
+  - Model
+- Date range
+- File name or extension
+- Media type
+  - Image (including live/motion photos)
+  - Video
+  - All
+- Condition
+  - Not in any album
+  - Archived
+  - Favorited
 
 <Tabs>
   <TabItem value="Computer" label="Computer" default>
@@ -47,3 +48,27 @@ Some search examples:
 
 </TabItem>
 </Tabs>
+
+## Configuration
+
+Navigating to `Administration > Settings > Machine Learning Settings > Smart Search` will show the options available.
+
+### CLIP model
+
+More powerful models can be used for more accurate search results, but are slower and can require more server resources. Check out the models [here][huggingface-clip] for more options!
+
+[Multilingual models][huggingface-multilingual-clip] are also available so users can search in their native language. These models support over 100 languages; the `nllb` models in particular support 200.
+:::note
+Multilingual models are much slower and larger and perform slightly worse for English than English-only models. For this reason, only use them if you actually intend to search in a language besides English.
+
+As a special case, the `ViT-H-14-quickgelu__dfn5b` and `ViT-H-14-378-quickgelu__dfn5b` models are excellent at many European languages despite not specifically being multilingual. They're very intensive regardless, however - especially the latter.
+:::
+
+Once you've chosen a model, change this setting to the name of the model you chose. Be sure to re-run Smart Search on all assets after this change.
+
+:::note
+Feel free to make a feature request if there's a model you want to use that we don't currently support.
+:::
+
+[huggingface-clip]: https://huggingface.co/collections/immich-app/clip-654eaefb077425890874cd07
+[huggingface-multilingual-clip]: https://huggingface.co/collections/immich-app/multilingual-clip-654eb08c2382f591eeb8c2a7

docs/docs/guides/external-library.md

@@ -6,36 +6,18 @@ in a directory on the same machine.
 
 # Mount the directory into the containers.
 
-Edit `docker-compose.yml` to add two new mount points in the section `immich-server:` under `volumes:`
+Edit `docker-compose.yml` to add one or more new mount points in the section `immich-server:` under `volumes:`.
+If you want Immich to be able to delete the images in the external library, remove `:ro` from the end of the mount point.
 
 ```diff
 immich-server:
     volumes:
-+       - ${EXTERNAL_PATH}:/usr/src/app/external
+        - ${UPLOAD_LOCATION}:/usr/src/app/upload
++       - /home/user/photos1:/home/user/photos1:ro
++       - /mnt/photos2:/mnt/photos2:ro # you can delete this line if you only have one mount point, or you can add more lines if you have more than two
 ```
 
-Edit `.env` to define `EXTERNAL_PATH`, substituting in the correct path for your computer:
-
-```
-EXTERNAL_PATH=<your-path-here>
-```
-
-On my computer, for example, I use this path:
-
-```
-EXTERNAL_PATH=/home/tenino/photos
-```
-
-:::info EXTERNAL_PATH design
-The design choice to put the EXTERNAL_PATH into .env rather than put two copies of the absolute path in the yml file in order to make everything easier, so if you have two copies of the same path that have to be kept in sync, then someday later when you move the data, update only one of the paths, without everything will break mysteriously.
-:::
-
-Restart Immich.
-
-```
-docker compose down
-docker compose up -d
-```
+Restart Immich by running `docker compose up -d`.
 
 # Create the library
 

docs/docs/guides/remote-access.md

@@ -4,7 +4,7 @@ This page gives a few pointers on how to access your Immich instance from outsid
 You can read the [full discussion in Discord](https://discord.com/channels/979116623879368755/1122615710846308484)
 
 :::danger
-Never forward port 2283 directly to the internet without additional configuration. This will expose the web interface via http to the internet, making you succeptible to [man in the middle](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) attacks.
+Never forward port 2283 directly to the internet without additional configuration. This will expose the web interface via http to the internet, making you susceptible to [man in the middle](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) attacks.
 :::
 
 ## Option 1: VPN to home network

docs/docs/guides/remote-machine-learning.md

@@ -4,14 +4,11 @@ To alleviate [performance issues on low-memory systems](/docs/FAQ.mdx#why-is-imm
 
 - Set the URL in Machine Learning Settings on the Admin Settings page to point to the designated ML system, e.g. `http://workstation:3003`.
 - Copy the following `docker-compose.yml` to your ML system.
+  - If using [hardware acceleration](/docs/features/ml-hardware-acceleration), the [hwaccel.ml.yml](https://github.com/immich-app/immich/releases/latest/download/hwaccel.ml.yml) file also needs to be added
 - Start the container by running `docker compose up -d`.
 
 :::info
-Starting with version v1.93.0 face detection work and face recognize were split. From now on face detection is done in the immich_machine_learning container, but facial recognition is done in the `microservices` worker.
-:::
-
-:::note
-The [hwaccel.ml.yml](https://github.com/immich-app/immich/releases/latest/download/hwaccel.ml.yml) file also needs to be in the same folder if trying to use [hardware acceleration](/docs/features/ml-hardware-acceleration).
+Smart Search and Face Detection will use this feature, but Facial Recognition is handled in the server.
 :::
 
 ```yaml
@@ -37,3 +34,7 @@ volumes:
 ```
 
 Please note that version mismatches between both hosts may cause instabilities and bugs, so make sure to always perform updates together.
+
+:::caution
+As an internal service, the machine learning container has no security measures whatsoever. Please be mindful of where it's deployed and who can access it.
+:::

docs/docs/install/environment-variables.md

@@ -38,19 +38,18 @@ Regardless of filesystem, it is not recommended to use a network share for your
 
 ## General
 
-| Variable                            | Description                                     |           Default            | Containers               | Workers            |
-| :---------------------------------- | :---------------------------------------------- | :--------------------------: | :----------------------- | :----------------- |
-| `TZ`                                | Timezone                                        |                              | server                   | microservices      |
-| `IMMICH_ENV`                        | Environment (production, development)           |         `production`         | server, machine learning | api, microservices |
-| `IMMICH_LOG_LEVEL`                  | Log Level (verbose, debug, log, warn, error)    |            `log`             | server, machine learning | api, microservices |
-| `IMMICH_MEDIA_LOCATION`             | Media Location                                  |   `./upload`<sup>\*1</sup>   | server                   | api, microservices |
-| `IMMICH_CONFIG_FILE`                | Path to config file                             |                              | server                   | api, microservices |
-| `IMMICH_WEB_ROOT`                   | Path of root index.html                         |      `/usr/src/app/www`      | server                   | api                |
-| `IMMICH_REVERSE_GEOCODING_ROOT`     | Path of reverse geocoding dump directory        |     `/usr/src/resources`     | server                   | microservices      |
-| `NO_COLOR`                          | Set to `true` to disable color-coded log output |           `false`            | server, machine learning |                    |
-| `CPU_CORES`                         | Amount of cores available to the immich server  | auto-detected cpu core count | server                   |                    |
-| `IMMICH_API_METRICS_PORT`           | Port for the OTEL metrics                       |            `8081`            | server                   | api                |
-| `IMMICH_MICROSERVICES_METRICS_PORT` | Port for the OTEL metrics                       |            `8082`            | server                   | microservices      |
+| Variable                            | Description                                         |           Default            | Containers               | Workers            |
+| :---------------------------------- | :-------------------------------------------------- | :--------------------------: | :----------------------- | :----------------- |
+| `TZ`                                | Timezone                                            |                              | server                   | microservices      |
+| `IMMICH_ENV`                        | Environment (production, development)               |         `production`         | server, machine learning | api, microservices |
+| `IMMICH_LOG_LEVEL`                  | Log Level (verbose, debug, log, warn, error)        |            `log`             | server, machine learning | api, microservices |
+| `IMMICH_MEDIA_LOCATION`             | Media Location                                      |   `./upload`<sup>\*1</sup>   | server                   | api, microservices |
+| `IMMICH_CONFIG_FILE`                | Path to config file                                 |                              | server                   | api, microservices |
+| `NO_COLOR`                          | Set to `true` to disable color-coded log output     |           `false`            | server, machine learning |                    |
+| `CPU_CORES`                         | Amount of cores available to the immich server      | auto-detected cpu core count | server                   |                    |
+| `IMMICH_API_METRICS_PORT`           | Port for the OTEL metrics                           |            `8081`            | server                   | api                |
+| `IMMICH_MICROSERVICES_METRICS_PORT` | Port for the OTEL metrics                           |            `8082`            | server                   | microservices      |
+| `IMMICH_PROCESS_INVALID_IMAGES`     | When `true`, generate thumbnails for invalid images |                              | server                   | microservices      |
 
 \*1: With the default `WORKDIR` of `/usr/src/app`, this path will resolve to `/usr/src/app/upload`.
 It only need to be set if the Immich deployment method is changing.
@@ -157,18 +156,18 @@ Redis (Sentinel) URL example JSON before encoding:
 
 ## Machine Learning
 
-| Variable                                         | Description                                                          |       Default       | Containers       |
-| :----------------------------------------------- | :------------------------------------------------------------------- | :-----------------: | :--------------- |
-| `MACHINE_LEARNING_MODEL_TTL`                     | Inactivity time (s) before a model is unloaded (disabled if \<= 0)   |        `300`        | machine learning |
-| `MACHINE_LEARNING_MODEL_TTL_POLL_S`              | Interval (s) between checks for the model TTL (disabled if \<= 0)    |        `10`         | machine learning |
-| `MACHINE_LEARNING_CACHE_FOLDER`                  | Directory where models are downloaded                                |      `/cache`       | machine learning |
-| `MACHINE_LEARNING_REQUEST_THREADS`<sup>\*1</sup> | Thread count of the request thread pool (disabled if \<= 0)          | number of CPU cores | machine learning |
-| `MACHINE_LEARNING_MODEL_INTER_OP_THREADS`        | Number of parallel model operations                                  |         `1`         | machine learning |
-| `MACHINE_LEARNING_MODEL_INTRA_OP_THREADS`        | Number of threads for each model operation                           |         `2`         | machine learning |
-| `MACHINE_LEARNING_WORKERS`<sup>\*2</sup>         | Number of worker processes to spawn                                  |         `1`         | machine learning |
-| `MACHINE_LEARNING_WORKER_TIMEOUT`                | Maximum time (s) of unresponsiveness before a worker is killed       |        `120`        | machine learning |
-| `MACHINE_LEARNING_PRELOAD__CLIP`                 | Name of a CLIP model to be preloaded and kept in cache               |                     | machine learning |
-| `MACHINE_LEARNING_PRELOAD__FACIAL_RECOGNITION`   | Name of a facial recognition model to be preloaded and kept in cache |                     | machine learning |
+| Variable                                         | Description                                                          |                Default                | Containers       |
+| :----------------------------------------------- | :------------------------------------------------------------------- | :-----------------------------------: | :--------------- |
+| `MACHINE_LEARNING_MODEL_TTL`                     | Inactivity time (s) before a model is unloaded (disabled if \<= 0)   |                 `300`                 | machine learning |
+| `MACHINE_LEARNING_MODEL_TTL_POLL_S`              | Interval (s) between checks for the model TTL (disabled if \<= 0)    |                 `10`                  | machine learning |
+| `MACHINE_LEARNING_CACHE_FOLDER`                  | Directory where models are downloaded                                |               `/cache`                | machine learning |
+| `MACHINE_LEARNING_REQUEST_THREADS`<sup>\*1</sup> | Thread count of the request thread pool (disabled if \<= 0)          |          number of CPU cores          | machine learning |
+| `MACHINE_LEARNING_MODEL_INTER_OP_THREADS`        | Number of parallel model operations                                  |                  `1`                  | machine learning |
+| `MACHINE_LEARNING_MODEL_INTRA_OP_THREADS`        | Number of threads for each model operation                           |                  `2`                  | machine learning |
+| `MACHINE_LEARNING_WORKERS`<sup>\*2</sup>         | Number of worker processes to spawn                                  |                  `1`                  | machine learning |
+| `MACHINE_LEARNING_WORKER_TIMEOUT`                | Maximum time (s) of unresponsiveness before a worker is killed       | `120` (`300` if using OpenVINO image) | machine learning |
+| `MACHINE_LEARNING_PRELOAD__CLIP`                 | Name of a CLIP model to be preloaded and kept in cache               |                                       | machine learning |
+| `MACHINE_LEARNING_PRELOAD__FACIAL_RECOGNITION`   | Name of a facial recognition model to be preloaded and kept in cache |                                       | machine learning |
 
 \*1: It is recommended to begin with this parameter when changing the concurrency levels of the machine learning service and then tune the other ones.
 

docs/docs/install/script.md

@@ -8,6 +8,10 @@ sidebar_position: 20
 This method is experimental and not currently recommended for production use. For production, please refer to installing with [Docker Compose](/docs/install/docker-compose.mdx).
 :::
 
+:::note
+The install script only supports Linux operating systems and requires Docker to be already installed on the system.
+:::
+
 In the shell, from a directory of your choice, run the following command:
 
 ```bash

docs/docs/install/unraid.md

@@ -27,7 +27,7 @@ For more information about setting up the community image see [here](https://git
 
 :::info
 
-- Guide was written using Unraid v6.12.10
+- Guide was written using Unraid v6.12.10.
 - Requires you to have installed the plugin: [Docker Compose Manager](https://forums.unraid.net/topic/114415-plugin-docker-compose-manager/)
 - An Unraid share created for your images
 - There has been a [report](https://forums.unraid.net/topic/130006-errortraps-traps-node27707-trap-invalid-opcode-ip14fcfc8d03c0-sp7fff32889dd8-more/#comment-1189395) of this not working if your Unraid server doesn't support AVX _(e.g. using a T610)_
@@ -46,7 +46,8 @@ alt="Select Plugins > Compose.Manager > Add New Stack > Label it Immich"
 />
 
 3.  Select the cog ⚙️ next to Immich then click "**Edit Stack**"
-4.  Click "**Compose File**" and then paste the entire contents of the [Immich Docker Compose](https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml) file into the Unraid editor. Remove any text that may be in the text area by default.
+4.  Click "**Compose File**" and then paste the entire contents of the [Immich Docker Compose](https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml) file into the Unraid editor. Remove any text that may be in the text area by default. Note that Unraid v6.12.10 uses version 24.0.9 of the Docker Engine, which does not support healthcheck `start_interval` as defined in the `database` service of the Docker compose file (version 25 or higher is needed). This parameter defines an initial waiting period before starting health checks, to give the container time to start up. Commenting out the `start_interval` and `start_period` parameters will allow the containers to start up normally. The only downside to this is that the database container will not receive an initial health check until `interval` time has passed.
+
     <details >
         <summary>Using an existing Postgres container? Click me! Otherwise proceed to step 5.</summary>
         <ul>
@@ -70,6 +71,7 @@ alt="Select Plugins > Compose.Manager > Add New Stack > Label it Immich"
             />
         </ul>
     </details>
+
 5.  Click "**Save Changes**", you will be promoted to edit stack UI labels, just leave this blank and click "**Ok**"
 6.  Select the cog ⚙️ next to Immich, click "**Edit Stack**", then click "**Env File**"
 7.  Paste the entire contents of the [Immich example.env](https://github.com/immich-app/immich/releases/latest/download/example.env) file into the Unraid editor, then **before saving** edit the following:

docs/docs/overview/help.md

@@ -13,4 +13,4 @@ Running into an issue or have a question? Try the following:
 
 [github-issues]: https://github.com/immich-app/immich/issues
 [github-releases]: https://github.com/immich-app/immich/releases
-[discord-link]: https://discord.com/invite/D8JsnBEuKb
+[discord-link]: https://discord.immich.app

docs/docs/overview/quick-start.mdx

@@ -5,21 +5,21 @@ sidebar_position: 3
 # Quick Start
 
 Here is a quick, no-choices path to install Immich and take it for a test drive.
-Once you've tried it, perhaps you'll use one of the many other ways
+Once you've tried it, you might use one of the many other ways
 to install and use it.
 
 ## Requirements
 
 Check the [requirements page](/docs/install/requirements) to get started.
 
-## Install and launch via Docker Compose
+## Install and Launch via Docker Compose
 
 Follow the [Docker Compose (Recommended)](/docs/install/docker-compose) instructions
 to install the server.
 
 - Where random passwords are required, `pwgen` is a handy utility.
 - `UPLOAD_LOCATION` should be set to some new directory on the server
-  with free space.
+  with enough free space.
 - You may ignore "Step 4 - Upgrading".
 
 ## Try the Web UI
@@ -48,26 +48,26 @@ import MobileAppLogin from '/docs/partials/_mobile-app-login.md';
 
 In the mobile app, you should see the photo you uploaded from the web UI.
 
-### Transfer Photos from your Mobile Device
+### Transfer Photos from Your Mobile Device
 
 import MobileAppBackup from '/docs/partials/_mobile-app-backup.md';
 
 <MobileAppBackup />
 
-Depending on how many photos are on your mobile device, this backup may
+The backup time differs depending on how many photos are on your mobile device. Large uploads may
 take quite a while.
 
-You can select the Jobs tab to see Immich processing your photos.
+You can select the **Jobs** tab to see Immich processing your photos.
 
 <img src={require('/docs/guides/img/jobs-tab.png').default} title="Jobs tab" />
 
-## Set up your backups
+## Set up Your Backups
 
 You may want to back up the content of your Immich instance
 along with other parts of your server; be sure to read about
 [database backup](/docs/administration/backup-and-restore).
 
-## Where to go from here?
+## Where to Go From Here
 
 You may decide you'd like to install the server a different way;
 the Install category on the left menu provides many options.

docs/docs/overview/support-the-project.md

@@ -4,11 +4,17 @@ sidebar_position: 5
 
 # Support The Project
 
-## Contributing
+## Report issues
 
-1. Testing - Using Immich and reporting bugs is a great way to help support the project. Found a bug? [Open an issue on GitHub][github-issue].
-1. Translations - The Immich mobile app has been translated into [17 languages][github-langs] so far! To contribute with translations, email me at alex.tran1502@gmail.com or send me a message on discord.
-1. Development - If you are a programmer or developer, take a look at Immich's [technology stack](/docs/developer/architecture.mdx) and consider fixing bugs or building new features. The team and I are always looking for new contributors. For information about how to contribute as a developer, see the [Developer](/docs/developer/architecture.mdx) section.
+By far the easiest way to help make Immich better it to use it and report issues and bugs. Found a bug? [Open an issue on GitHub][github-issue].
+
+## Translations
+
+Support the project by localizing on [Weblate](https://hosted.weblate.org/projects/immich/immich/). For more information, see the [Translations](/docs/developer/translations) section.
+
+## Development
+
+If you are a programmer or developer, take a look at Immich's [technology stack](/docs/developer/architecture.mdx) and consider fixing bugs or building new features. The team and I are always looking for new contributors. For information about how to contribute as a developer, see the [Developer](/docs/developer/architecture.mdx) section.
 
 [github-issue]: https://github.com/immich-app/immich/issues/new/choose
 [github-langs]: https://github.com/immich-app/immich/tree/main/mobile/assets/i18n

docs/docusaurus.config.js

@@ -92,6 +92,7 @@ const config = {
           alt: 'Immich Logo',
           src: 'img/immich-logo-inline-light.png',
           srcDark: 'img/immich-logo-inline-dark.png',
+          className: 'rounded-none',
         },
         items: [
           {
@@ -124,7 +125,7 @@ const config = {
             position: 'right',
           },
           {
-            href: 'https://discord.gg/D8JsnBEuKb',
+            href: 'https://discord.immich.app',
             label: 'Discord',
             position: 'right',
           },
@@ -151,7 +152,7 @@ const config = {
             items: [
               {
                 label: 'Discord',
-                href: 'https://discord.com/invite/D8JsnBEuKb',
+                href: 'https://discord.immich.app',
               },
               {
                 label: 'Reddit',

docs/package-lock.json

@@ -2155,9 +2155,10 @@
       }
     },
     "node_modules/@docusaurus/core": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/core/-/core-3.3.2.tgz",
-      "integrity": "sha512-PzKMydKI3IU1LmeZQDi+ut5RSuilbXnA8QdowGeJEgU8EJjmx3rBHNT1LxQxOVqNEwpWi/csLwd9bn7rUjggPA==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/core/-/core-3.4.0.tgz",
+      "integrity": "sha512-g+0wwmN2UJsBqy2fQRQ6fhXruoEa62JDeEa5d8IdTJlMoaDaEDfHh7WjwGRn4opuTQWpjAwP/fbcgyHKlE+64w==",
+      "license": "MIT",
       "dependencies": {
         "@babel/core": "^7.23.3",
         "@babel/generator": "^7.23.3",
@@ -2169,12 +2170,12 @@
         "@babel/runtime": "^7.22.6",
         "@babel/runtime-corejs3": "^7.22.6",
         "@babel/traverse": "^7.22.8",
-        "@docusaurus/cssnano-preset": "3.3.2",
-        "@docusaurus/logger": "3.3.2",
-        "@docusaurus/mdx-loader": "3.3.2",
-        "@docusaurus/utils": "3.3.2",
-        "@docusaurus/utils-common": "3.3.2",
-        "@docusaurus/utils-validation": "3.3.2",
+        "@docusaurus/cssnano-preset": "3.4.0",
+        "@docusaurus/logger": "3.4.0",
+        "@docusaurus/mdx-loader": "3.4.0",
+        "@docusaurus/utils": "3.4.0",
+        "@docusaurus/utils-common": "3.4.0",
+        "@docusaurus/utils-validation": "3.4.0",
         "autoprefixer": "^10.4.14",
         "babel-loader": "^9.1.3",
         "babel-plugin-dynamic-import-node": "^2.3.3",
@@ -2240,9 +2241,10 @@
       }
     },
     "node_modules/@docusaurus/cssnano-preset": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/cssnano-preset/-/cssnano-preset-3.3.2.tgz",
-      "integrity": "sha512-+5+epLk/Rp4vFML4zmyTATNc3Is+buMAL6dNjrMWahdJCJlMWMPd/8YfU+2PA57t8mlSbhLJ7vAZVy54cd1vRQ==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/cssnano-preset/-/cssnano-preset-3.4.0.tgz",
+      "integrity": "sha512-qwLFSz6v/pZHy/UP32IrprmH5ORce86BGtN0eBtG75PpzQJAzp9gefspox+s8IEOr0oZKuQ/nhzZ3xwyc3jYJQ==",
+      "license": "MIT",
       "dependencies": {
         "cssnano-preset-advanced": "^6.1.2",
         "postcss": "^8.4.38",
@@ -2254,9 +2256,10 @@
       }
     },
     "node_modules/@docusaurus/logger": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/logger/-/logger-3.3.2.tgz",
-      "integrity": "sha512-Ldu38GJ4P8g4guN7d7pyCOJ7qQugG7RVyaxrK8OnxuTlaImvQw33aDRwaX2eNmX8YK6v+//Z502F4sOZbHHCHQ==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/logger/-/logger-3.4.0.tgz",
+      "integrity": "sha512-bZwkX+9SJ8lB9kVRkXw+xvHYSMGG4bpYHKGXeXFvyVc79NMeeBSGgzd4TQLHH+DYeOJoCdl8flrFJVxlZ0wo/Q==",
+      "license": "MIT",
       "dependencies": {
         "chalk": "^4.1.2",
         "tslib": "^2.6.0"
@@ -2266,13 +2269,14 @@
       }
     },
     "node_modules/@docusaurus/mdx-loader": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.3.2.tgz",
-      "integrity": "sha512-AFRxj/aOk3/mfYDPxE3wTbrjeayVRvNSZP7mgMuUlrb2UlPRbSVAFX1k2RbgAJrnTSwMgb92m2BhJgYRfptN3g==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.4.0.tgz",
+      "integrity": "sha512-kSSbrrk4nTjf4d+wtBA9H+FGauf2gCax89kV8SUSJu3qaTdSIKdWERlngsiHaCFgZ7laTJ8a67UFf+xlFPtuTw==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/logger": "3.3.2",
-        "@docusaurus/utils": "3.3.2",
-        "@docusaurus/utils-validation": "3.3.2",
+        "@docusaurus/logger": "3.4.0",
+        "@docusaurus/utils": "3.4.0",
+        "@docusaurus/utils-validation": "3.4.0",
         "@mdx-js/mdx": "^3.0.0",
         "@slorber/remark-comment": "^1.0.0",
         "escape-html": "^1.0.3",
@@ -2304,11 +2308,12 @@
       }
     },
     "node_modules/@docusaurus/module-type-aliases": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/module-type-aliases/-/module-type-aliases-3.3.2.tgz",
-      "integrity": "sha512-b/XB0TBJah5yKb4LYuJT4buFvL0MGAb0+vJDrJtlYMguRtsEBkf2nWl5xP7h4Dlw6ol0hsHrCYzJ50kNIOEclw==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/module-type-aliases/-/module-type-aliases-3.4.0.tgz",
+      "integrity": "sha512-A1AyS8WF5Bkjnb8s+guTDuYmUiwJzNrtchebBHpc0gz0PyHJNMaybUlSrmJjHVcGrya0LKI4YcR3lBDQfXRYLw==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/types": "3.3.2",
+        "@docusaurus/types": "3.4.0",
         "@types/history": "^4.7.11",
         "@types/react": "*",
         "@types/react-router-config": "*",
@@ -2322,17 +2327,18 @@
       }
     },
     "node_modules/@docusaurus/plugin-content-blog": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.3.2.tgz",
-      "integrity": "sha512-fJU+dmqp231LnwDJv+BHVWft8pcUS2xVPZdeYH6/ibH1s2wQ/sLcmUrGWyIv/Gq9Ptj8XWjRPMghlxghuPPoxg==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.4.0.tgz",
+      "integrity": "sha512-vv6ZAj78ibR5Jh7XBUT4ndIjmlAxkijM3Sx5MAAzC1gyv0vupDQNhzuFg1USQmQVj3P5I6bquk12etPV3LJ+Xw==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.3.2",
-        "@docusaurus/logger": "3.3.2",
-        "@docusaurus/mdx-loader": "3.3.2",
-        "@docusaurus/types": "3.3.2",
-        "@docusaurus/utils": "3.3.2",
-        "@docusaurus/utils-common": "3.3.2",
-        "@docusaurus/utils-validation": "3.3.2",
+        "@docusaurus/core": "3.4.0",
+        "@docusaurus/logger": "3.4.0",
+        "@docusaurus/mdx-loader": "3.4.0",
+        "@docusaurus/types": "3.4.0",
+        "@docusaurus/utils": "3.4.0",
+        "@docusaurus/utils-common": "3.4.0",
+        "@docusaurus/utils-validation": "3.4.0",
         "cheerio": "^1.0.0-rc.12",
         "feed": "^4.2.2",
         "fs-extra": "^11.1.1",
@@ -2353,18 +2359,19 @@
       }
     },
     "node_modules/@docusaurus/plugin-content-docs": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.3.2.tgz",
-      "integrity": "sha512-Dm1ri2VlGATTN3VGk1ZRqdRXWa1UlFubjaEL6JaxaK7IIFqN/Esjpl+Xw10R33loHcRww/H76VdEeYayaL76eg==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.4.0.tgz",
+      "integrity": "sha512-HkUCZffhBo7ocYheD9oZvMcDloRnGhBMOZRyVcAQRFmZPmNqSyISlXA1tQCIxW+r478fty97XXAGjNYzBjpCsg==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.3.2",
-        "@docusaurus/logger": "3.3.2",
-        "@docusaurus/mdx-loader": "3.3.2",
-        "@docusaurus/module-type-aliases": "3.3.2",
-        "@docusaurus/types": "3.3.2",
-        "@docusaurus/utils": "3.3.2",
-        "@docusaurus/utils-common": "3.3.2",
-        "@docusaurus/utils-validation": "3.3.2",
+        "@docusaurus/core": "3.4.0",
+        "@docusaurus/logger": "3.4.0",
+        "@docusaurus/mdx-loader": "3.4.0",
+        "@docusaurus/module-type-aliases": "3.4.0",
+        "@docusaurus/types": "3.4.0",
+        "@docusaurus/utils": "3.4.0",
+        "@docusaurus/utils-common": "3.4.0",
+        "@docusaurus/utils-validation": "3.4.0",
         "@types/react-router-config": "^5.0.7",
         "combine-promises": "^1.1.0",
         "fs-extra": "^11.1.1",
@@ -2383,15 +2390,16 @@
       }
     },
     "node_modules/@docusaurus/plugin-content-pages": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.3.2.tgz",
-      "integrity": "sha512-EKc9fQn5H2+OcGER8x1aR+7URtAGWySUgULfqE/M14+rIisdrBstuEZ4lUPDRrSIexOVClML82h2fDS+GSb8Ew==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.4.0.tgz",
+      "integrity": "sha512-h2+VN/0JjpR8fIkDEAoadNjfR3oLzB+v1qSXbIAKjQ46JAHx3X22n9nqS+BWSQnTnp1AjkjSvZyJMekmcwxzxg==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.3.2",
-        "@docusaurus/mdx-loader": "3.3.2",
-        "@docusaurus/types": "3.3.2",
-        "@docusaurus/utils": "3.3.2",
-        "@docusaurus/utils-validation": "3.3.2",
+        "@docusaurus/core": "3.4.0",
+        "@docusaurus/mdx-loader": "3.4.0",
+        "@docusaurus/types": "3.4.0",
+        "@docusaurus/utils": "3.4.0",
+        "@docusaurus/utils-validation": "3.4.0",
         "fs-extra": "^11.1.1",
         "tslib": "^2.6.0",
         "webpack": "^5.88.1"
@@ -2405,13 +2413,14 @@
       }
     },
     "node_modules/@docusaurus/plugin-debug": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-debug/-/plugin-debug-3.3.2.tgz",
-      "integrity": "sha512-oBIBmwtaB+YS0XlmZ3gCO+cMbsGvIYuAKkAopoCh0arVjtlyPbejzPrHuCoRHB9G7abjNZw7zoONOR8+8LM5+Q==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-debug/-/plugin-debug-3.4.0.tgz",
+      "integrity": "sha512-uV7FDUNXGyDSD3PwUaf5YijX91T5/H9SX4ErEcshzwgzWwBtK37nUWPU3ZLJfeTavX3fycTOqk9TglpOLaWkCg==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.3.2",
-        "@docusaurus/types": "3.3.2",
-        "@docusaurus/utils": "3.3.2",
+        "@docusaurus/core": "3.4.0",
+        "@docusaurus/types": "3.4.0",
+        "@docusaurus/utils": "3.4.0",
         "fs-extra": "^11.1.1",
         "react-json-view-lite": "^1.2.0",
         "tslib": "^2.6.0"
@@ -2425,13 +2434,14 @@
       }
     },
     "node_modules/@docusaurus/plugin-google-analytics": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.3.2.tgz",
-      "integrity": "sha512-jXhrEIhYPSClMBK6/IA8qf1/FBoxqGXZvg7EuBax9HaK9+kL3L0TJIlatd8jQJOMtds8mKw806TOCc3rtEad1A==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.4.0.tgz",
+      "integrity": "sha512-mCArluxEGi3cmYHqsgpGGt3IyLCrFBxPsxNZ56Mpur0xSlInnIHoeLDH7FvVVcPJRPSQ9/MfRqLsainRw+BojA==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.3.2",
-        "@docusaurus/types": "3.3.2",
-        "@docusaurus/utils-validation": "3.3.2",
+        "@docusaurus/core": "3.4.0",
+        "@docusaurus/types": "3.4.0",
+        "@docusaurus/utils-validation": "3.4.0",
         "tslib": "^2.6.0"
       },
       "engines": {
@@ -2443,13 +2453,14 @@
       }
     },
     "node_modules/@docusaurus/plugin-google-gtag": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.3.2.tgz",
-      "integrity": "sha512-vcrKOHGbIDjVnNMrfbNpRQR1x6Jvcrb48kVzpBAOsKbj9rXZm/idjVAXRaewwobHdOrJkfWS/UJoxzK8wyLRBQ==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.4.0.tgz",
+      "integrity": "sha512-Dsgg6PLAqzZw5wZ4QjUYc8Z2KqJqXxHxq3vIoyoBWiLEEfigIs7wHR+oiWUQy3Zk9MIk6JTYj7tMoQU0Jm3nqA==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.3.2",
-        "@docusaurus/types": "3.3.2",
-        "@docusaurus/utils-validation": "3.3.2",
+        "@docusaurus/core": "3.4.0",
+        "@docusaurus/types": "3.4.0",
+        "@docusaurus/utils-validation": "3.4.0",
         "@types/gtag.js": "^0.0.12",
         "tslib": "^2.6.0"
       },
@@ -2462,13 +2473,14 @@
       }
     },
     "node_modules/@docusaurus/plugin-google-tag-manager": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.3.2.tgz",
-      "integrity": "sha512-ldkR58Fdeks0vC+HQ+L+bGFSJsotQsipXD+iKXQFvkOfmPIV6QbHRd7IIcm5b6UtwOiK33PylNS++gjyLUmaGw==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.4.0.tgz",
+      "integrity": "sha512-O9tX1BTwxIhgXpOLpFDueYA9DWk69WCbDRrjYoMQtFHSkTyE7RhNgyjSPREUWJb9i+YUg3OrsvrBYRl64FCPCQ==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.3.2",
-        "@docusaurus/types": "3.3.2",
-        "@docusaurus/utils-validation": "3.3.2",
+        "@docusaurus/core": "3.4.0",
+        "@docusaurus/types": "3.4.0",
+        "@docusaurus/utils-validation": "3.4.0",
         "tslib": "^2.6.0"
       },
       "engines": {
@@ -2480,16 +2492,17 @@
       }
     },
     "node_modules/@docusaurus/plugin-sitemap": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.3.2.tgz",
-      "integrity": "sha512-/ZI1+bwZBhAgC30inBsHe3qY9LOZS+79fRGkNdTcGHRMcdAp6Vw2pCd1gzlxd/xU+HXsNP6cLmTOrggmRp3Ujg==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.4.0.tgz",
+      "integrity": "sha512-+0VDvx9SmNrFNgwPoeoCha+tRoAjopwT0+pYO1xAbyLcewXSemq+eLxEa46Q1/aoOaJQ0qqHELuQM7iS2gp33Q==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.3.2",
-        "@docusaurus/logger": "3.3.2",
-        "@docusaurus/types": "3.3.2",
-        "@docusaurus/utils": "3.3.2",
-        "@docusaurus/utils-common": "3.3.2",
-        "@docusaurus/utils-validation": "3.3.2",
+        "@docusaurus/core": "3.4.0",
+        "@docusaurus/logger": "3.4.0",
+        "@docusaurus/types": "3.4.0",
+        "@docusaurus/utils": "3.4.0",
+        "@docusaurus/utils-common": "3.4.0",
+        "@docusaurus/utils-validation": "3.4.0",
         "fs-extra": "^11.1.1",
         "sitemap": "^7.1.1",
         "tslib": "^2.6.0"
@@ -2503,23 +2516,24 @@
       }
     },
     "node_modules/@docusaurus/preset-classic": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/preset-classic/-/preset-classic-3.3.2.tgz",
-      "integrity": "sha512-1SDS7YIUN1Pg3BmD6TOTjhB7RSBHJRpgIRKx9TpxqyDrJ92sqtZhomDc6UYoMMLQNF2wHFZZVGFjxJhw2VpL+Q==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/preset-classic/-/preset-classic-3.4.0.tgz",
+      "integrity": "sha512-Ohj6KB7siKqZaQhNJVMBBUzT3Nnp6eTKqO+FXO3qu/n1hJl3YLwVKTWBg28LF7MWrKu46UuYavwMRxud0VyqHg==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.3.2",
-        "@docusaurus/plugin-content-blog": "3.3.2",
-        "@docusaurus/plugin-content-docs": "3.3.2",
-        "@docusaurus/plugin-content-pages": "3.3.2",
-        "@docusaurus/plugin-debug": "3.3.2",
-        "@docusaurus/plugin-google-analytics": "3.3.2",
-        "@docusaurus/plugin-google-gtag": "3.3.2",
-        "@docusaurus/plugin-google-tag-manager": "3.3.2",
-        "@docusaurus/plugin-sitemap": "3.3.2",
-        "@docusaurus/theme-classic": "3.3.2",
-        "@docusaurus/theme-common": "3.3.2",
-        "@docusaurus/theme-search-algolia": "3.3.2",
-        "@docusaurus/types": "3.3.2"
+        "@docusaurus/core": "3.4.0",
+        "@docusaurus/plugin-content-blog": "3.4.0",
+        "@docusaurus/plugin-content-docs": "3.4.0",
+        "@docusaurus/plugin-content-pages": "3.4.0",
+        "@docusaurus/plugin-debug": "3.4.0",
+        "@docusaurus/plugin-google-analytics": "3.4.0",
+        "@docusaurus/plugin-google-gtag": "3.4.0",
+        "@docusaurus/plugin-google-tag-manager": "3.4.0",
+        "@docusaurus/plugin-sitemap": "3.4.0",
+        "@docusaurus/theme-classic": "3.4.0",
+        "@docusaurus/theme-common": "3.4.0",
+        "@docusaurus/theme-search-algolia": "3.4.0",
+        "@docusaurus/types": "3.4.0"
       },
       "engines": {
         "node": ">=18.0"
@@ -2530,22 +2544,23 @@
       }
     },
     "node_modules/@docusaurus/theme-classic": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/theme-classic/-/theme-classic-3.3.2.tgz",
-      "integrity": "sha512-gepHFcsluIkPb4Im9ukkiO4lXrai671wzS3cKQkY9BXQgdVwsdPf/KS0Vs4Xlb0F10fTz+T3gNjkxNEgSN9M0A==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/theme-classic/-/theme-classic-3.4.0.tgz",
+      "integrity": "sha512-0IPtmxsBYv2adr1GnZRdMkEQt1YW6tpzrUPj02YxNpvJ5+ju4E13J5tB4nfdaen/tfR1hmpSPlTFPvTf4kwy8Q==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.3.2",
-        "@docusaurus/mdx-loader": "3.3.2",
-        "@docusaurus/module-type-aliases": "3.3.2",
-        "@docusaurus/plugin-content-blog": "3.3.2",
-        "@docusaurus/plugin-content-docs": "3.3.2",
-        "@docusaurus/plugin-content-pages": "3.3.2",
-        "@docusaurus/theme-common": "3.3.2",
-        "@docusaurus/theme-translations": "3.3.2",
-        "@docusaurus/types": "3.3.2",
-        "@docusaurus/utils": "3.3.2",
-        "@docusaurus/utils-common": "3.3.2",
-        "@docusaurus/utils-validation": "3.3.2",
+        "@docusaurus/core": "3.4.0",
+        "@docusaurus/mdx-loader": "3.4.0",
+        "@docusaurus/module-type-aliases": "3.4.0",
+        "@docusaurus/plugin-content-blog": "3.4.0",
+        "@docusaurus/plugin-content-docs": "3.4.0",
+        "@docusaurus/plugin-content-pages": "3.4.0",
+        "@docusaurus/theme-common": "3.4.0",
+        "@docusaurus/theme-translations": "3.4.0",
+        "@docusaurus/types": "3.4.0",
+        "@docusaurus/utils": "3.4.0",
+        "@docusaurus/utils-common": "3.4.0",
+        "@docusaurus/utils-validation": "3.4.0",
         "@mdx-js/react": "^3.0.0",
         "clsx": "^2.0.0",
         "copy-text-to-clipboard": "^3.2.0",
@@ -2569,17 +2584,18 @@
       }
     },
     "node_modules/@docusaurus/theme-common": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/theme-common/-/theme-common-3.3.2.tgz",
-      "integrity": "sha512-kXqSaL/sQqo4uAMQ4fHnvRZrH45Xz2OdJ3ABXDS7YVGPSDTBC8cLebFrRR4YF9EowUHto1UC/EIklJZQMG/usA==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/theme-common/-/theme-common-3.4.0.tgz",
+      "integrity": "sha512-0A27alXuv7ZdCg28oPE8nH/Iz73/IUejVaCazqu9elS4ypjiLhK3KfzdSQBnL/g7YfHSlymZKdiOHEo8fJ0qMA==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/mdx-loader": "3.3.2",
-        "@docusaurus/module-type-aliases": "3.3.2",
-        "@docusaurus/plugin-content-blog": "3.3.2",
-        "@docusaurus/plugin-content-docs": "3.3.2",
-        "@docusaurus/plugin-content-pages": "3.3.2",
-        "@docusaurus/utils": "3.3.2",
-        "@docusaurus/utils-common": "3.3.2",
+        "@docusaurus/mdx-loader": "3.4.0",
+        "@docusaurus/module-type-aliases": "3.4.0",
+        "@docusaurus/plugin-content-blog": "3.4.0",
+        "@docusaurus/plugin-content-docs": "3.4.0",
+        "@docusaurus/plugin-content-pages": "3.4.0",
+        "@docusaurus/utils": "3.4.0",
+        "@docusaurus/utils-common": "3.4.0",
         "@types/history": "^4.7.11",
         "@types/react": "*",
         "@types/react-router-config": "*",
@@ -2598,18 +2614,19 @@
       }
     },
     "node_modules/@docusaurus/theme-search-algolia": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.3.2.tgz",
-      "integrity": "sha512-qLkfCl29VNBnF1MWiL9IyOQaHxUvicZp69hISyq/xMsNvFKHFOaOfk9xezYod2Q9xx3xxUh9t/QPigIei2tX4w==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.4.0.tgz",
+      "integrity": "sha512-aiHFx7OCw4Wck1z6IoShVdUWIjntC8FHCw9c5dR8r3q4Ynh+zkS8y2eFFunN/DL6RXPzpnvKCg3vhLQYJDmT9Q==",
+      "license": "MIT",
       "dependencies": {
         "@docsearch/react": "^3.5.2",
-        "@docusaurus/core": "3.3.2",
-        "@docusaurus/logger": "3.3.2",
-        "@docusaurus/plugin-content-docs": "3.3.2",
-        "@docusaurus/theme-common": "3.3.2",
-        "@docusaurus/theme-translations": "3.3.2",
-        "@docusaurus/utils": "3.3.2",
-        "@docusaurus/utils-validation": "3.3.2",
+        "@docusaurus/core": "3.4.0",
+        "@docusaurus/logger": "3.4.0",
+        "@docusaurus/plugin-content-docs": "3.4.0",
+        "@docusaurus/theme-common": "3.4.0",
+        "@docusaurus/theme-translations": "3.4.0",
+        "@docusaurus/utils": "3.4.0",
+        "@docusaurus/utils-validation": "3.4.0",
         "algoliasearch": "^4.18.0",
         "algoliasearch-helper": "^3.13.3",
         "clsx": "^2.0.0",
@@ -2628,9 +2645,10 @@
       }
     },
     "node_modules/@docusaurus/theme-translations": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/theme-translations/-/theme-translations-3.3.2.tgz",
-      "integrity": "sha512-bPuiUG7Z8sNpGuTdGnmKl/oIPeTwKr0AXLGu9KaP6+UFfRZiyWbWE87ti97RrevB2ffojEdvchNujparR3jEZQ==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/theme-translations/-/theme-translations-3.4.0.tgz",
+      "integrity": "sha512-zSxCSpmQCCdQU5Q4CnX/ID8CSUUI3fvmq4hU/GNP/XoAWtXo9SAVnM3TzpU8Gb//H3WCsT8mJcTfyOk3d9ftNg==",
+      "license": "MIT",
       "dependencies": {
         "fs-extra": "^11.1.1",
         "tslib": "^2.6.0"
@@ -2640,9 +2658,10 @@
       }
     },
     "node_modules/@docusaurus/types": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/types/-/types-3.3.2.tgz",
-      "integrity": "sha512-5p201S7AZhliRxTU7uMKtSsoC8mgPA9bs9b5NQg1IRdRxJfflursXNVsgc3PcMqiUTul/v1s3k3rXXFlRE890w==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/types/-/types-3.4.0.tgz",
+      "integrity": "sha512-4jcDO8kXi5Cf9TcyikB/yKmz14f2RZ2qTRerbHAsS+5InE9ZgSLBNLsewtFTcTOXSVcbU3FoGOzcNWAmU1TR0A==",
+      "license": "MIT",
       "dependencies": {
         "@mdx-js/mdx": "^3.0.0",
         "@types/history": "^4.7.11",
@@ -2660,12 +2679,13 @@
       }
     },
     "node_modules/@docusaurus/utils": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/utils/-/utils-3.3.2.tgz",
-      "integrity": "sha512-f4YMnBVymtkSxONv4Y8js3Gez9IgHX+Lcg6YRMOjVbq8sgCcdYK1lf6SObAuz5qB/mxiSK7tW0M9aaiIaUSUJg==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/utils/-/utils-3.4.0.tgz",
+      "integrity": "sha512-fRwnu3L3nnWaXOgs88BVBmG1yGjcQqZNHG+vInhEa2Sz2oQB+ZjbEMO5Rh9ePFpZ0YDiDUhpaVjwmS+AU2F14g==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/logger": "3.3.2",
-        "@docusaurus/utils-common": "3.3.2",
+        "@docusaurus/logger": "3.4.0",
+        "@docusaurus/utils-common": "3.4.0",
         "@svgr/webpack": "^8.1.0",
         "escape-string-regexp": "^4.0.0",
         "file-loader": "^6.2.0",
@@ -2682,6 +2702,7 @@
         "shelljs": "^0.8.5",
         "tslib": "^2.6.0",
         "url-loader": "^4.1.1",
+        "utility-types": "^3.10.0",
         "webpack": "^5.88.1"
       },
       "engines": {
@@ -2697,9 +2718,10 @@
       }
     },
     "node_modules/@docusaurus/utils-common": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/utils-common/-/utils-common-3.3.2.tgz",
-      "integrity": "sha512-QWFTLEkPYsejJsLStgtmetMFIA3pM8EPexcZ4WZ7b++gO5jGVH7zsipREnCHzk6+eDgeaXfkR6UPaTt86bp8Og==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/utils-common/-/utils-common-3.4.0.tgz",
+      "integrity": "sha512-NVx54Wr4rCEKsjOH5QEVvxIqVvm+9kh7q8aYTU5WzUU9/Hctd6aTrcZ3G0Id4zYJ+AeaG5K5qHA4CY5Kcm2iyQ==",
+      "license": "MIT",
       "dependencies": {
         "tslib": "^2.6.0"
       },
@@ -2716,15 +2738,18 @@
       }
     },
     "node_modules/@docusaurus/utils-validation": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/@docusaurus/utils-validation/-/utils-validation-3.3.2.tgz",
-      "integrity": "sha512-itDgFs5+cbW9REuC7NdXals4V6++KifgVMzoGOOOSIifBQw+8ULhy86u5e1lnptVL0sv8oAjq2alO7I40GR7pA==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@docusaurus/utils-validation/-/utils-validation-3.4.0.tgz",
+      "integrity": "sha512-hYQ9fM+AXYVTWxJOT1EuNaRnrR2WGpRdLDQG07O8UOpsvCPWUVOeo26Rbm0JWY2sGLfzAb+tvJ62yF+8F+TV0g==",
+      "license": "MIT",
       "dependencies": {
-        "@docusaurus/logger": "3.3.2",
-        "@docusaurus/utils": "3.3.2",
-        "@docusaurus/utils-common": "3.3.2",
+        "@docusaurus/logger": "3.4.0",
+        "@docusaurus/utils": "3.4.0",
+        "@docusaurus/utils-common": "3.4.0",
+        "fs-extra": "^11.2.0",
         "joi": "^17.9.2",
         "js-yaml": "^4.1.0",
+        "lodash": "^4.17.21",
         "tslib": "^2.6.0"
       },
       "engines": {
@@ -12615,9 +12640,10 @@
       }
     },
     "node_modules/picocolors": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz",
-      "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ=="
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.1.tgz",
+      "integrity": "sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew==",
+      "license": "ISC"
     },
     "node_modules/picomatch": {
       "version": "2.3.1",
@@ -12728,9 +12754,9 @@
       }
     },
     "node_modules/postcss": {
-      "version": "8.4.38",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz",
-      "integrity": "sha512-Wglpdk03BSfXkHoQa3b/oulrotAkwrlLDRSOb9D0bN86FdRyE9lppSp33aHNPgBa0JKCoB+drFLZkQoRRYae5A==",
+      "version": "8.4.39",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.39.tgz",
+      "integrity": "sha512-0vzE+lAiG7hZl1/9I8yzKLx3aR9Xbof3fBHKunvMfOCYAtMhrsnccJY2iTURb9EZd5+pLuiNV9/c/GZJOHsgIw==",
       "funding": [
         {
           "type": "opencollective",
@@ -12745,9 +12771,10 @@
           "url": "https://github.com/sponsors/ai"
         }
       ],
+      "license": "MIT",
       "dependencies": {
         "nanoid": "^3.3.7",
-        "picocolors": "^1.0.0",
+        "picocolors": "^1.0.1",
         "source-map-js": "^1.2.0"
       },
       "engines": {
@@ -13573,10 +13600,11 @@
       }
     },
     "node_modules/prettier": {
-      "version": "3.2.5",
-      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.2.5.tgz",
-      "integrity": "sha512-3/GWa9aOC0YeD7LUfvOG2NiDyhOWRvt1k+rcKhOuYnMY24iiCphgneUfJDyFXd6rZCAnuLBv6UeAULtrhT/F4A==",
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.2.tgz",
+      "integrity": "sha512-rAVeHYMcv8ATV5d508CFdn+8/pHPpXeIid1DdrPwXnaAdH7cqjVbpJaT5eq4yRAFU/lsbwYwSF/n5iNrdJHPQA==",
       "dev": true,
+      "license": "MIT",
       "bin": {
         "prettier": "bin/prettier.cjs"
       },
@@ -15986,9 +16014,10 @@
       }
     },
     "node_modules/tailwindcss": {
-      "version": "3.4.3",
-      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.3.tgz",
-      "integrity": "sha512-U7sxQk/n397Bmx4JHbJx/iSOOv5G+II3f1kpLpY2QeUv5DcPdcTsYLlusZfq1NthHS1c1cZoyFmmkex1rzke0A==",
+      "version": "3.4.4",
+      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.4.tgz",
+      "integrity": "sha512-ZoyXOdJjISB7/BcLTR6SEsLgKtDStYyYZVLsUtWChO4Ps20CBad7lfJKVDiejocV4ME1hLmyY0WJE3hSDcmQ2A==",
+      "license": "MIT",
       "dependencies": {
         "@alloc/quick-lru": "^5.2.0",
         "arg": "^5.0.2",
@@ -16025,6 +16054,7 @@
       "version": "6.0.2",
       "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz",
       "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==",
+      "license": "ISC",
       "dependencies": {
         "is-glob": "^4.0.3"
       },
@@ -16346,9 +16376,10 @@
       }
     },
     "node_modules/typescript": {
-      "version": "5.4.5",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.4.5.tgz",
-      "integrity": "sha512-vcI4UpRgg81oIRUFwR0WSIHKt11nJ7SAVlYNIu+QpqeyXP+gpQJy/Z4+F0aGxSE4MqwjyXvW/TzgkLAx2AGHwQ==",
+      "version": "5.5.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.5.3.tgz",
+      "integrity": "sha512-/hreyEujaB0w76zKo6717l3L0o/qEUtRgdvUBvlkhoWeOVMjMuHNHk0BRBzikzuGDqNmPQbg5ifMEqsHLiIUcQ==",
+      "license": "Apache-2.0",
       "bin": {
         "tsc": "bin/tsc",
         "tsserver": "bin/tsserver"

docs/package.json

@@ -56,6 +56,6 @@
     "node": ">=20"
   },
   "volta": {
-    "node": "20.14.0"
+    "node": "20.15.1"
   }
 }

docs/src/components/community-guides.tsx

@@ -38,6 +38,11 @@ const guides: CommunityGuidesProps[] = [
     description: 'Import your Google Photos files into Immich and add your albums',
     url: 'https://github.com/immich-app/immich/discussions/1340',
   },
+  {
+    title: 'Access Immich with custom domain',
+    description: 'Access your local Immich installation over the internet using your own domain',
+    url: 'https://github.com/ppr88/immich-guides/blob/main/open-immich-custom-domain.md',
+  },
 ];
 
 function CommunityGuide({ title, description, url }: CommunityGuidesProps): JSX.Element {

docs/src/components/timeline.tsx

@@ -49,7 +49,7 @@ export function Timeline({ items }: Props): JSX.Element {
               <div className="flex flex-col flex-grow justify-between gap-2">
                 <div className="flex gap-2 items-center">
                   {cardIcon === 'immich' ? (
-                    <img src="img/immich-logo.svg" height="30" />
+                    <img src="img/immich-logo.svg" height="30" className="rounded-none" />
                   ) : (
                     <Icon path={cardIcon} size={1} color={item.iconColor} />
                   )}

docs/src/css/custom.css

@@ -8,7 +8,6 @@
 @tailwind utilities;
 
 @import url('https://fonts.googleapis.com/css2?family=Overpass:ital,wght@0,300;0,400;0,500;0,600;0,700;1,300;1,400;1,500;1,600;1,700&display=swap');
-@import url('https://fonts.googleapis.com/css2?family=Snowburst+One&display=swap');
 
 html,
 button {
@@ -48,7 +47,3 @@ img {
 div[class^='announcementBar_'] {
   min-height: 2rem;
 }
-
-.navbar__brand .navbar__title {
-  @apply font-immich-title text-2xl font-normal text-immich-primary dark:text-immich-dark-primary;
-}

docs/src/pages/cursed-knowledge.tsx

@@ -0,0 +1,77 @@
+import { mdiCalendarToday, mdiLeadPencil, mdiLockOutline, mdiSpeedometerSlow, mdiWeb } from '@mdi/js';
+import Layout from '@theme/Layout';
+import React from 'react';
+import { Item as TimelineItem, Timeline } from '../components/timeline';
+
+const withLanguage = (date: Date) => (language: string) => date.toLocaleDateString(language);
+
+type Item = Omit<TimelineItem, 'done' | 'getDateLabel'> & { date: Date };
+
+const items: Item[] = [
+  {
+    icon: mdiLeadPencil,
+    iconColor: 'gold',
+    title: 'PostgreSQL NOTIFY is cursed',
+    description:
+      'PostgreSQL does everything in a transaction, including NOTIFY. This means using the socket.io postgres-adapter writes to WAL every 5 seconds.',
+    link: { url: 'https://github.com/immich-app/immich/pull/10801', text: '#10801' },
+    date: new Date(2024, 6, 3),
+  },
+  {
+    icon: mdiWeb,
+    iconColor: 'lightskyblue',
+    title: 'npm scripts are cursed',
+    description:
+      'npm scripts make a http call to the npm registry each time they run, which means they are a terrible way to execute a health check.',
+    link: { url: 'https://github.com/immich-app/immich/issues/10796', text: '#10796' },
+    date: new Date(2024, 6, 3),
+  },
+  {
+    icon: mdiSpeedometerSlow,
+    iconColor: 'brown',
+    title: '50 extra packages are cursed',
+    description:
+      'There is a user in the JavaScript community who goes around adding "backwards compatibility" to projects. They do this by adding 50 extra package dependencies to your project, which are maintained by them.',
+    link: { url: 'https://github.com/immich-app/immich/pull/10690', text: '#10690' },
+    date: new Date(2024, 5, 28),
+  },
+  {
+    icon: mdiLockOutline,
+    iconColor: 'gold',
+    title: 'Long passwords are cursed',
+    description:
+      'The bcrypt implementation only uses the first 72 bytes of a string. Any characters after that are ignored.',
+    // link: GHSA-4p64-9f7h-3432
+    date: new Date(2024, 5, 25),
+  },
+  {
+    icon: mdiCalendarToday,
+    iconColor: 'greenyellow',
+    title: 'JavaScript Date objects are cursed',
+    description: 'JavaScript date objects are 1 indexed for years and days, but 0 indexed for months.',
+    link: { url: 'https://github.com/immich-app/immich/pull/6787', text: '#6787' },
+    date: new Date(2024, 0, 31),
+  },
+];
+
+export default function CursedKnowledgePage(): JSX.Element {
+  return (
+    <Layout title="Cursed Knowledge" description="Things we wish we didn't know">
+      <section className="my-8">
+        <h1 className="md:text-6xl text-center mb-10 text-immich-primary dark:text-immich-dark-primary px-2">
+          Cursed Knowledge
+        </h1>
+        <p className="text-center text-xl px-2">
+          Cursed knowledge we have learned as a result of building Immich that we wish we never knew.
+        </p>
+        <div className="flex justify-around mt-8 w-full max-w-full">
+          <Timeline
+            items={items
+              .sort((a, b) => b.date.getTime() - a.date.getTime())
+              .map((item) => ({ ...item, getDateLabel: withLanguage(item.date) }))}
+          />
+        </div>
+      </section>
+    </Layout>
+  );
+}

docs/src/pages/index.tsx

@@ -10,7 +10,7 @@ function HomepageHeader() {
       <section className="text-center m-6 p-12 border border-red-400 rounded-[50px] bg-slate-200 dark:bg-immich-dark-gray">
         <img
           src={isDarkTheme ? 'img/immich-logo-stacked-dark.svg' : 'img/immich-logo-stacked-light.svg'}
-          className="md:h-60 h-44 mb-2 antialiased"
+          className="md:h-60 h-44 mb-2 antialiased rounded-none"
           alt="Immich logo"
         />
         <div className="sm:text-2xl text-lg md:text-4xl mb-12 sm:leading-tight">
@@ -36,7 +36,7 @@ function HomepageHeader() {
 
           <Link
             className="flex place-items-center place-content-center py-3 px-8 border bg-immich-dark-primary dark:bg-immich-primary  rounded-full hover:no-underline text-immich-primary dark:text-immich-dark-bg font-bold uppercase"
-            to="https://discord.gg/D8JsnBEuKb"
+            to="https://discord.immich.app"
           >
             Discord
           </Link>

docs/src/pages/roadmap.tsx

@@ -14,6 +14,7 @@ import {
   mdiCheckboxMarked,
   mdiCloudUploadOutline,
   mdiCollage,
+  mdiContentDuplicate,
   mdiDevices,
   mdiEmailOutline,
   mdiExpansionCard,
@@ -28,12 +29,14 @@ import {
   mdiForum,
   mdiHandshakeOutline,
   mdiHeart,
+  mdiHistory,
   mdiImage,
   mdiImageAlbum,
   mdiImageEdit,
   mdiImageMultipleOutline,
   mdiImageSearch,
   mdiKeyboardSettingsOutline,
+  mdiLockOutline,
   mdiMagnify,
   mdiMagnifyScan,
   mdiMap,
@@ -63,14 +66,13 @@ import {
   mdiVectorCombine,
   mdiVideo,
   mdiWeb,
-  mdiContentDuplicate,
 } from '@mdi/js';
 import Layout from '@theme/Layout';
 import React from 'react';
 import { Item, Timeline } from '../components/timeline';
 
 const releases = {
-  'v1.106.0': new Date(2024, 5, 11),
+  'v1.106.1': new Date(2024, 5, 11),
   'v1.104.0': new Date(2024, 4, 13),
   'v1.103.0': new Date(2024, 3, 29),
   'v1.102.0': new Date(2024, 3, 15),
@@ -159,6 +161,14 @@ const withRelease = ({
 };
 
 const roadmap: Item[] = [
+  {
+    done: false,
+    icon: mdiLockOutline,
+    iconColor: 'sandybrown',
+    title: 'Private/locked photos',
+    description: 'Private assets with extra protections',
+    getDateLabel: () => 'Planned for 2024',
+  },
   {
     done: false,
     icon: mdiRocketLaunch,
@@ -199,14 +209,6 @@ const roadmap: Item[] = [
     description: 'Granular access controls for users and api keys',
     getDateLabel: () => 'Planned for 2024',
   },
-  {
-    done: false,
-    icon: mdiWeb,
-    iconColor: 'royalblue',
-    title: 'Web translations',
-    description: 'Translate the web application to multiple languages',
-    getDateLabel: () => 'Planned for 2024',
-  },
   {
     done: false,
     icon: mdiCameraBurst,
@@ -218,18 +220,31 @@ const roadmap: Item[] = [
 ];
 
 const milestones: Item[] = [
+  withRelease({
+    icon: mdiHistory,
+    title: 'Versioned documentation',
+    description: 'View documentation as it was at the time of past releases',
+    release: 'v1.106.1',
+  }),
+  withRelease({
+    icon: mdiWeb,
+    iconColor: 'royalblue',
+    title: 'Web translations',
+    description: 'Translate the web application to multiple languages',
+    release: 'v1.106.1',
+  }),
   withRelease({
     icon: mdiContentDuplicate,
     title: 'Similar image detection',
     description: 'Detect duplicate assets that aren’t exactly identical',
-    release: 'v1.106.0',
+    release: 'v1.106.1',
   }),
   withRelease({
     icon: mdiVectorCombine,
     title: 'Container consolidation',
     description:
       'The microservices container can be run as a worker within the server image, allowing us to remove it from the default stack.',
-    release: 'v1.106.0',
+    release: 'v1.106.1',
   }),
   withRelease({
     icon: mdiPencil,

docs/static/archived-versions.json

@@ -1,4 +1,32 @@
 [
+  {
+    "label": "v1.109.1",
+    "url": "https://v1.109.1.archive.immich.app"
+  },
+  {
+    "label": "v1.109.0",
+    "url": "https://v1.109.0.archive.immich.app"
+  },
+  {
+    "label": "v1.108.0",
+    "url": "https://v1.108.0.archive.immich.app"
+  },
+  {
+    "label": "v1.107.2",
+    "url": "https://v1.107.2.archive.immich.app"
+  },
+  {
+    "label": "v1.107.1",
+    "url": "https://v1.107.1.archive.immich.app"
+  },
+  {
+    "label": "v1.107.0",
+    "url": "https://v1.107.0.archive.immich.app"
+  },
+  {
+    "label": "v1.106.4",
+    "url": "https://v1.106.4.archive.immich.app"
+  },
   {
     "label": "v1.106.3",
     "url": "https://v1.106.3.archive.immich.app"

docs/tailwind.config.js

@@ -21,9 +21,6 @@ module.exports = {
         'immich-dark-fg': '#e5e7eb',
         'immich-dark-gray': '#212121',
       },
-      fontFamily: {
-        'immich-title': ['Snowburst One', 'cursive'],
-      },
     },
   },
   plugins: [],

e2e/.nvmrc

@@ -1 +1 @@
-20.14
+20.15.1

e2e/docker-compose.yml

@@ -10,6 +10,11 @@ services:
     build:
       context: ../
       dockerfile: server/Dockerfile
+      args:
+        - BUILD_ID=1234567890
+        - BUILD_IMAGE=e2e
+        - BUILD_SOURCE_REF=e2e
+        - BUILD_SOURCE_COMMIT=e2eeeeeeeeeeeeeeeeee
     environment:
       - DB_HOSTNAME=database
       - DB_USERNAME=postgres
@@ -17,9 +22,12 @@ services:
       - DB_DATABASE_NAME=immich
       - IMMICH_MACHINE_LEARNING_ENABLED=false
       - IMMICH_METRICS=true
+      - IMMICH_ENV=testing
     volumes:
       - upload:/usr/src/app/upload
       - ./test-assets:/test-assets
+    extra_hosts:
+      - 'auth-server:host-gateway'
     depends_on:
       - redis
       - database
@@ -27,7 +35,7 @@ services:
       - 2283:3001
 
   redis:
-    image: redis:6.2-alpine@sha256:d6c2911ac51b289db208767581a5d154544f2b2fe4914ea5056443f62dc6e900
+    image: redis:6.2-alpine@sha256:328fe6a5822256d065debb36617a8169dbfbd77b797c525288e465f56c1d392b
 
   database:
     image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0

e2e/package.json

@@ -1,6 +1,6 @@
 {
   "name": "immich-e2e",
-  "version": "1.106.3",
+  "version": "1.109.1",
   "description": "",
   "main": "index.js",
   "type": "module",
@@ -23,7 +23,8 @@
     "@immich/sdk": "file:../open-api/typescript-sdk",
     "@playwright/test": "^1.44.1",
     "@types/luxon": "^3.4.2",
-    "@types/node": "^20.11.17",
+    "@types/node": "^20.14.10",
+    "@types/oidc-provider": "^8.5.1",
     "@types/pg": "^8.11.0",
     "@types/pngjs": "^6.0.4",
     "@types/supertest": "^6.0.2",
@@ -33,13 +34,15 @@
     "eslint": "^8.57.0",
     "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^53.0.0",
-    "exiftool-vendored": "^26.0.0",
+    "eslint-plugin-unicorn": "^54.0.0",
+    "exiftool-vendored": "^27.0.0",
+    "jose": "^5.6.3",
     "luxon": "^3.4.4",
+    "oidc-provider": "^8.5.1",
     "pg": "^8.11.3",
     "pngjs": "^7.0.0",
     "prettier": "^3.2.5",
-    "prettier-plugin-organize-imports": "^3.2.4",
+    "prettier-plugin-organize-imports": "^4.0.0",
     "socket.io-client": "^4.7.4",
     "supertest": "^7.0.0",
     "typescript": "^5.3.3",
@@ -47,6 +50,6 @@
     "vitest": "^1.3.0"
   },
   "volta": {
-    "node": "20.14.0"
+    "node": "20.15.1"
   }
 }

e2e/src/api/specs/album.e2e-spec.ts

@@ -88,7 +88,7 @@ describe('/albums', () => {
     });
 
     await addAssetsToAlbum(
-      { id: user2Albums[0].id, bulkIdsDto: { ids: [user1Asset1.id] } },
+      { id: user2Albums[0].id, bulkIdsDto: { ids: [user1Asset1.id, user1Asset2.id] } },
       { headers: asBearerAuth(user1.accessToken) },
     );
 
@@ -261,7 +261,7 @@ describe('/albums', () => {
         .get(`/albums?assetId=${user1Asset2.id}`)
         .set('Authorization', `Bearer ${user1.accessToken}`);
       expect(status).toBe(200);
-      expect(body).toHaveLength(1);
+      expect(body).toHaveLength(2);
     });
 
     it('should return the album collection filtered by assetId and ignores shared=true', async () => {
@@ -509,7 +509,17 @@ describe('/albums', () => {
       expect(body).toEqual(errorDto.unauthorized);
     });
 
-    it('should not be able to remove foreign asset from own album', async () => {
+    it('should require authorization', async () => {
+      const { status, body } = await request(app)
+        .delete(`/albums/${user1Albums[1].id}/assets`)
+        .set('Authorization', `Bearer ${user2.accessToken}`)
+        .send({ ids: [user1Asset1.id] });
+
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.noPermission);
+    });
+
+    it('should be able to remove foreign asset from owned album', async () => {
       const { status, body } = await request(app)
         .delete(`/albums/${user2Albums[0].id}/assets`)
         .set('Authorization', `Bearer ${user2.accessToken}`)
@@ -519,8 +529,7 @@ describe('/albums', () => {
       expect(body).toEqual([
         expect.objectContaining({
           id: user1Asset1.id,
-          success: false,
-          error: 'no_permission',
+          success: true,
         }),
       ]);
     });
@@ -555,10 +564,10 @@ describe('/albums', () => {
       const { status, body } = await request(app)
         .delete(`/albums/${user2Albums[0].id}/assets`)
         .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ ids: [user1Asset1.id] });
+        .send({ ids: [user1Asset2.id] });
 
       expect(status).toBe(200);
-      expect(body).toEqual([expect.objectContaining({ id: user1Asset1.id, success: true })]);
+      expect(body).toEqual([expect.objectContaining({ id: user1Asset2.id, success: true })]);
     });
 
     it('should not be able to remove assets from album as a viewer', async () => {

e2e/src/api/specs/asset.e2e-spec.ts

@@ -507,6 +507,22 @@ describe('/asset', () => {
       expect(status).toEqual(200);
     });
 
+    it.skip('should geocode country from gps data in the middle of nowhere', async () => {
+      const { status } = await request(app)
+        .put(`/assets/${user1Assets[0].id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ latitude: 42, longitude: 69 });
+      expect(status).toEqual(200);
+
+      await utils.waitForQueueFinish(admin.accessToken, 'metadataExtraction');
+
+      const asset = await getAssetInfo({ id: user1Assets[0].id }, { headers: asBearerAuth(user1.accessToken) });
+      expect(asset).toMatchObject({
+        id: user1Assets[0].id,
+        exifInfo: expect.objectContaining({ city: null, country: 'Kazakhstan' }),
+      });
+    });
+
     it('should set the description', async () => {
       const { status, body } = await request(app)
         .put(`/assets/${user1Assets[0].id}`)
@@ -588,6 +604,58 @@ describe('/asset', () => {
       const after = await utils.getAssetInfo(admin.accessToken, assetId);
       expect(after.isTrashed).toBe(true);
     });
+
+    it('should clean up live photos', async () => {
+      const { id: motionId } = await utils.createAsset(admin.accessToken, {
+        assetData: { filename: 'test.mp4', bytes: makeRandomImage() },
+      });
+      const { id: photoId } = await utils.createAsset(admin.accessToken, { livePhotoVideoId: motionId });
+
+      await utils.waitForWebsocketEvent({ event: 'assetUpload', id: photoId });
+      await utils.waitForWebsocketEvent({ event: 'assetHidden', id: motionId });
+
+      const asset = await utils.getAssetInfo(admin.accessToken, photoId);
+      expect(asset.livePhotoVideoId).toBe(motionId);
+
+      const { status } = await request(app)
+        .delete('/assets')
+        .send({ ids: [photoId], force: true })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(204);
+
+      await utils.waitForWebsocketEvent({ event: 'assetDelete', id: photoId });
+      await utils.waitForWebsocketEvent({ event: 'assetDelete', id: motionId });
+    });
+
+    it('should not delete a shared motion asset', async () => {
+      const { id: motionId } = await utils.createAsset(admin.accessToken, {
+        assetData: { filename: 'test.mp4', bytes: makeRandomImage() },
+      });
+      const { id: asset1 } = await utils.createAsset(admin.accessToken, { livePhotoVideoId: motionId });
+      const { id: asset2 } = await utils.createAsset(admin.accessToken, { livePhotoVideoId: motionId });
+
+      await utils.waitForWebsocketEvent({ event: 'assetUpload', id: asset1 });
+      await utils.waitForWebsocketEvent({ event: 'assetUpload', id: asset2 });
+      await utils.waitForWebsocketEvent({ event: 'assetHidden', id: motionId });
+
+      const asset = await utils.getAssetInfo(admin.accessToken, asset1);
+      expect(asset.livePhotoVideoId).toBe(motionId);
+
+      const { status } = await request(app)
+        .delete('/assets')
+        .send({ ids: [asset1], force: true })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(204);
+
+      await utils.waitForWebsocketEvent({ event: 'assetDelete', id: asset1 });
+      await utils.waitForQueueFinish(admin.accessToken, 'backgroundTask');
+
+      await expect(utils.getAssetInfo(admin.accessToken, motionId)).resolves.toMatchObject({ id: motionId });
+      await expect(utils.getAssetInfo(admin.accessToken, asset2)).resolves.toMatchObject({
+        id: asset2,
+        livePhotoVideoId: motionId,
+      });
+    });
   });
 
   describe('GET /assets/:id/thumbnail', () => {
@@ -1118,17 +1186,25 @@ describe('/asset', () => {
     // into the test here.
     it.each([
       {
-        filepath: 'formats/motionphoto/Samsung One UI 5.jpg',
+        filepath: 'formats/motionphoto/samsung-one-ui-5.jpg',
         checksum: 'fr14niqCq6N20HB8rJYEvpsUVtI=',
       },
       {
-        filepath: 'formats/motionphoto/Samsung One UI 6.jpg',
+        filepath: 'formats/motionphoto/samsung-one-ui-6.jpg',
         checksum: 'lT9Uviw/FFJYCjfIxAGPTjzAmmw=',
       },
       {
-        filepath: 'formats/motionphoto/Samsung One UI 6.heic',
+        filepath: 'formats/motionphoto/samsung-one-ui-6.heic',
         checksum: '/ejgzywvgvzvVhUYVfvkLzFBAF0=',
       },
+      {
+        filepath: 'formats/motionphoto/pixel-6-pro.jpg',
+        checksum: 'bFhLGbdK058PSk4FTfrSnoKWykc=',
+      },
+      {
+        filepath: 'formats/motionphoto/pixel-8a.jpg',
+        checksum: '7YdY+WF0h+CXHbiXpi0HiCMTTjs=',
+      },
     ])(`should extract motionphoto video from $filepath`, async ({ filepath, checksum }) => {
       const response = await utils.createAsset(admin.accessToken, {
         assetData: {

e2e/src/api/specs/auth.e2e-spec.ts

@@ -100,6 +100,12 @@ describe('/auth/*', () => {
         expect(status).toBe(400);
         expect(body).toEqual(errorDto.badRequest());
       });
+
+      it('should reject an invalid email', async () => {
+        const { status, body } = await request(app).post('/auth/login').send({ email: [], password });
+        expect(status).toBe(400);
+        expect(body).toEqual(errorDto.invalidEmail);
+      });
     }
 
     it('should accept a correct password', async () => {

e2e/src/api/specs/oauth.e2e-spec.ts

@@ -1,12 +1,85 @@
+import {
+  LoginResponseDto,
+  SystemConfigOAuthDto,
+  getConfigDefaults,
+  getMyUser,
+  startOAuth,
+  updateConfig,
+} from '@immich/sdk';
 import { errorDto } from 'src/responses';
-import { app, utils } from 'src/utils';
+import { OAuthClient, OAuthUser } from 'src/setup/auth-server';
+import { app, asBearerAuth, baseUrl, utils } from 'src/utils';
 import request from 'supertest';
 import { beforeAll, describe, expect, it } from 'vitest';
 
+const authServer = {
+  internal: 'http://auth-server:3000',
+  external: 'http://127.0.0.1:3000',
+};
+
+const redirect = async (url: string, cookies?: string[]) => {
+  const { headers } = await request(url)
+    .get('/')
+    .set('Cookie', cookies || []);
+  return { cookies: (headers['set-cookie'] as unknown as string[]) || [], location: headers.location };
+};
+
+const loginWithOAuth = async (sub: OAuthUser | string) => {
+  const { url } = await startOAuth({ oAuthConfigDto: { redirectUri: `${baseUrl}/auth/login` } });
+
+  // login
+  const response1 = await redirect(url.replace(authServer.internal, authServer.external));
+  const response2 = await request(authServer.external + response1.location)
+    .post('/')
+    .set('Cookie', response1.cookies)
+    .type('form')
+    .send({ prompt: 'login', login: sub, password: 'password' });
+
+  // approve
+  const response3 = await redirect(response2.header.location, response1.cookies);
+  const response4 = await request(authServer.external + response3.location)
+    .post('/')
+    .type('form')
+    .set('Cookie', response3.cookies)
+    .send({ prompt: 'consent' });
+
+  const response5 = await redirect(response4.header.location, response3.cookies.slice(1));
+  const redirectUrl = response5.location;
+
+  expect(redirectUrl).toBeDefined();
+  const params = new URL(redirectUrl).searchParams;
+  expect(params.get('code')).toBeDefined();
+  expect(params.get('state')).toBeDefined();
+
+  return redirectUrl;
+};
+
+const setupOAuth = async (token: string, dto: Partial<SystemConfigOAuthDto>) => {
+  const options = { headers: asBearerAuth(token) };
+  const defaults = await getConfigDefaults(options);
+  const merged = {
+    ...defaults.oauth,
+    buttonText: 'Login with Immich',
+    issuerUrl: `${authServer.internal}/.well-known/openid-configuration`,
+    ...dto,
+  };
+  await updateConfig({ systemConfigDto: { ...defaults, oauth: merged } }, options);
+};
+
 describe(`/oauth`, () => {
+  let admin: LoginResponseDto;
+
   beforeAll(async () => {
     await utils.resetDatabase();
-    await utils.adminSetup();
+    admin = await utils.adminSetup();
+
+    await setupOAuth(admin.accessToken, {
+      enabled: true,
+      clientId: OAuthClient.DEFAULT,
+      clientSecret: OAuthClient.DEFAULT,
+      buttonText: 'Login with Immich',
+      storageLabelClaim: 'immich_username',
+    });
   });
 
   describe('POST /oauth/authorize', () => {
@@ -15,5 +88,171 @@ describe(`/oauth`, () => {
       expect(status).toBe(400);
       expect(body).toEqual(errorDto.badRequest(['redirectUri must be a string', 'redirectUri should not be empty']));
     });
+
+    it('should return a redirect uri', async () => {
+      const { status, body } = await request(app)
+        .post('/oauth/authorize')
+        .send({ redirectUri: 'http://127.0.0.1:2283/auth/login' });
+      expect(status).toBe(201);
+      expect(body).toEqual({ url: expect.stringContaining(`${authServer.internal}/auth?`) });
+
+      const params = new URL(body.url).searchParams;
+      expect(params.get('client_id')).toBe('client-default');
+      expect(params.get('response_type')).toBe('code');
+      expect(params.get('redirect_uri')).toBe('http://127.0.0.1:2283/auth/login');
+      expect(params.get('state')).toBeDefined();
+    });
+  });
+
+  describe('POST /oauth/callback', () => {
+    it(`should throw an error if a url is not provided`, async () => {
+      const { status, body } = await request(app).post('/oauth/callback').send({});
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest(['url must be a string', 'url should not be empty']));
+    });
+
+    it(`should throw an error if the url is empty`, async () => {
+      const { status, body } = await request(app).post('/oauth/callback').send({ url: '' });
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest(['url should not be empty']));
+    });
+
+    it('should auto register the user by default', async () => {
+      const url = await loginWithOAuth('oauth-auto-register');
+      const { status, body } = await request(app).post('/oauth/callback').send({ url });
+      expect(status).toBe(201);
+      expect(body).toMatchObject({
+        accessToken: expect.any(String),
+        isAdmin: false,
+        name: 'OAuth User',
+        userEmail: 'oauth-auto-register@immich.app',
+        userId: expect.any(String),
+      });
+    });
+
+    it('should handle a user without an email', async () => {
+      const url = await loginWithOAuth(OAuthUser.NO_EMAIL);
+      const { status, body } = await request(app).post('/oauth/callback').send({ url });
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest('OAuth profile does not have an email address'));
+    });
+
+    it('should set the quota from a claim', async () => {
+      const url = await loginWithOAuth(OAuthUser.WITH_QUOTA);
+      const { status, body } = await request(app).post('/oauth/callback').send({ url });
+      expect(status).toBe(201);
+      expect(body).toMatchObject({
+        accessToken: expect.any(String),
+        userId: expect.any(String),
+        userEmail: 'oauth-with-quota@immich.app',
+      });
+
+      const user = await getMyUser({ headers: asBearerAuth(body.accessToken) });
+      expect(user.quotaSizeInBytes).toBe(25 * 2 ** 30); // 25 GiB;
+    });
+
+    it('should set the storage label from a claim', async () => {
+      const url = await loginWithOAuth(OAuthUser.WITH_USERNAME);
+      const { status, body } = await request(app).post('/oauth/callback').send({ url });
+      expect(status).toBe(201);
+      expect(body).toMatchObject({
+        accessToken: expect.any(String),
+        userId: expect.any(String),
+        userEmail: 'oauth-with-username@immich.app',
+      });
+
+      const user = await getMyUser({ headers: asBearerAuth(body.accessToken) });
+      expect(user.storageLabel).toBe('user-username');
+    });
+
+    it('should work with RS256 signed tokens', async () => {
+      await setupOAuth(admin.accessToken, {
+        enabled: true,
+        clientId: OAuthClient.RS256_TOKENS,
+        clientSecret: OAuthClient.RS256_TOKENS,
+        autoRegister: true,
+        buttonText: 'Login with Immich',
+        signingAlgorithm: 'RS256',
+      });
+      const url = await loginWithOAuth('oauth-RS256-token');
+      const { status, body } = await request(app).post('/oauth/callback').send({ url });
+      expect(status).toBe(201);
+      expect(body).toMatchObject({
+        accessToken: expect.any(String),
+        isAdmin: false,
+        name: 'OAuth User',
+        userEmail: 'oauth-RS256-token@immich.app',
+        userId: expect.any(String),
+      });
+    });
+
+    it('should work with RS256 signed user profiles', async () => {
+      await setupOAuth(admin.accessToken, {
+        enabled: true,
+        clientId: OAuthClient.RS256_PROFILE,
+        clientSecret: OAuthClient.RS256_PROFILE,
+        buttonText: 'Login with Immich',
+        profileSigningAlgorithm: 'RS256',
+      });
+      const url = await loginWithOAuth('oauth-signed-profile');
+      const { status, body } = await request(app).post('/oauth/callback').send({ url });
+      expect(status).toBe(201);
+      expect(body).toMatchObject({
+        userId: expect.any(String),
+        userEmail: 'oauth-signed-profile@immich.app',
+      });
+    });
+
+    it('should throw an error for an invalid token algorithm', async () => {
+      await setupOAuth(admin.accessToken, {
+        enabled: true,
+        clientId: OAuthClient.DEFAULT,
+        clientSecret: OAuthClient.DEFAULT,
+        buttonText: 'Login with Immich',
+        signingAlgorithm: 'something-that-does-not-work',
+      });
+      const url = await loginWithOAuth('oauth-signed-bad');
+      const { status, body } = await request(app).post('/oauth/callback').send({ url });
+      expect(status).toBe(500);
+      expect(body).toMatchObject({
+        error: 'Internal Server Error',
+        message: 'Failed to finish oauth',
+        statusCode: 500,
+      });
+    });
+
+    describe('autoRegister: false', () => {
+      beforeAll(async () => {
+        await setupOAuth(admin.accessToken, {
+          enabled: true,
+          clientId: OAuthClient.DEFAULT,
+          clientSecret: OAuthClient.DEFAULT,
+          autoRegister: false,
+          buttonText: 'Login with Immich',
+        });
+      });
+
+      it('should not auto register the user', async () => {
+        const url = await loginWithOAuth('oauth-no-auto-register');
+        const { status, body } = await request(app).post('/oauth/callback').send({ url });
+        expect(status).toBe(400);
+        expect(body).toEqual(errorDto.badRequest('User does not exist and auto registering is disabled.'));
+      });
+
+      it('should link to an existing user by email', async () => {
+        const { userId } = await utils.userSetup(admin.accessToken, {
+          name: 'OAuth User 3',
+          email: 'oauth-user3@immich.app',
+          password: 'password',
+        });
+        const url = await loginWithOAuth('oauth-user3');
+        const { status, body } = await request(app).post('/oauth/callback').send({ url });
+        expect(status).toBe(201);
+        expect(body).toMatchObject({
+          userId,
+          userEmail: 'oauth-user3@immich.app',
+        });
+      });
+    });
   });
 });

e2e/src/api/specs/person.e2e-spec.ts

@@ -230,4 +230,21 @@ describe('/people', () => {
       expect(body).toMatchObject({ birthDate: null });
     });
   });
+
+  describe('POST /people/:id/merge', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).post(`/people/${uuidDto.notFound}/merge`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should not supporting merging a person into themselves', async () => {
+      const { status, body } = await request(app)
+        .post(`/people/${visiblePerson.id}/merge`)
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ ids: [visiblePerson.id] });
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest('Cannot merge a person into themselves'));
+    });
+  });
 });

e2e/src/api/specs/search.e2e-spec.ts

@@ -49,9 +49,9 @@ describe('/search', () => {
       { filename: '/albums/nature/silver_fir.jpg' },
       { filename: '/formats/heic/IMG_2682.heic' },
       { filename: '/formats/jpg/el_torcal_rocks.jpg' },
-      { filename: '/formats/motionphoto/Samsung One UI 6.jpg' },
-      { filename: '/formats/motionphoto/Samsung One UI 6.heic' },
-      { filename: '/formats/motionphoto/Samsung One UI 5.jpg' },
+      { filename: '/formats/motionphoto/samsung-one-ui-6.jpg' },
+      { filename: '/formats/motionphoto/samsung-one-ui-6.heic' },
+      { filename: '/formats/motionphoto/samsung-one-ui-5.jpg' },
 
       { filename: '/metadata/gps-position/thompson-springs.jpg', dto: { isArchived: true } },
 
@@ -315,7 +315,7 @@ describe('/search', () => {
       {
         should: 'should search by originalFilename with spaces',
         deferred: () => ({
-          dto: { originalFileName: 'Samsung One', type: 'IMAGE' },
+          dto: { originalFileName: 'samsung-one', type: 'IMAGE' },
           assets: [assetOneJpg5, assetOneJpg6, assetOneHeic6],
         }),
       },
@@ -339,6 +339,13 @@ describe('/search', () => {
         should: 'should search by model',
         deferred: () => ({ dto: { model: 'Canon EOS 7D' }, assets: [assetDenali] }),
       },
+      {
+        should: 'should allow searching the upload library (libraryId: null)',
+        deferred: () => ({
+          dto: { libraryId: null, size: 1 },
+          assets: [assetLast],
+        }),
+      },
     ];
 
     for (const { should, deferred } of searchTests) {

e2e/src/api/specs/server-info.e2e-spec.ts

@@ -15,6 +15,40 @@ describe('/server-info', () => {
     nonAdmin = await utils.userSetup(admin.accessToken, createUserDto.user1);
   });
 
+  describe('GET /server-info/about', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/server-info/about');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should return about information', async () => {
+      const { status, body } = await request(app)
+        .get('/server-info/about')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        version: expect.any(String),
+        versionUrl: expect.any(String),
+        repository: 'immich-app/immich',
+        repositoryUrl: 'https://github.com/immich-app/immich',
+        build: '1234567890',
+        buildUrl: 'https://github.com/immich-app/immich/actions/runs/1234567890',
+        buildImage: 'e2e',
+        buildImageUrl: 'https://github.com/immich-app/immich/pkgs/container/immich-server',
+        sourceRef: 'e2e',
+        sourceCommit: 'e2eeeeeeeeeeeeeeeeee',
+        sourceUrl: 'https://github.com/immich-app/immich/commit/e2eeeeeeeeeeeeeeeeee',
+        nodejs: expect.any(String),
+        ffmpeg: expect.any(String),
+        imagemagick: expect.any(String),
+        libvips: expect.any(String),
+        exiftool: expect.any(String),
+        licensed: false,
+      });
+    });
+  });
+
   describe('GET /server-info/storage', () => {
     it('should require authentication', async () => {
       const { status, body } = await request(app).get('/server-info/storage');

e2e/src/api/specs/server.e2e-spec.ts

@@ -0,0 +1,307 @@
+import { LoginResponseDto } from '@immich/sdk';
+import { createUserDto } from 'src/fixtures';
+import { errorDto } from 'src/responses';
+import { app, utils } from 'src/utils';
+import request from 'supertest';
+import { beforeAll, describe, expect, it } from 'vitest';
+
+const serverLicense = {
+  licenseKey: 'IMSV-6ECZ-91TE-WZRM-Q7AQ-MBN4-UW48-2CPT-71X9',
+  activationKey:
+    '4kJUNUWMq13J14zqPFm1NodRcI6MV6DeOGvQNIgrM8Sc9nv669wyEVvFw1Nz4Kb1W7zLWblOtXEQzpRRqC4r4fKjewJxfbpeo9sEsqAVIfl4Ero-Vp1Dg21-sVdDGZEAy2oeTCXAyCT5d1JqrqR6N1qTAm4xOx9ujXQRFYhjRG8uwudw7_Q49pF18Tj5OEv9qCqElxztoNck4i6O_azsmsoOQrLIENIWPh3EynBN3ESpYERdCgXO8MlWeuG14_V1HbNjnJPZDuvYg__YfMzoOEtfm1sCqEaJ2Ww-BaX7yGfuCL4XsuZlCQQNHjfscy_WywVfIZPKCiW8QR74i0cSzQ',
+};
+
+describe('/server', () => {
+  let admin: LoginResponseDto;
+  let nonAdmin: LoginResponseDto;
+
+  beforeAll(async () => {
+    await utils.resetDatabase();
+    admin = await utils.adminSetup({ onboarding: false });
+    nonAdmin = await utils.userSetup(admin.accessToken, createUserDto.user1);
+  });
+
+  describe('GET /server/about', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/server/about');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should return about information', async () => {
+      const { status, body } = await request(app)
+        .get('/server/about')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        version: expect.any(String),
+        versionUrl: expect.any(String),
+        repository: 'immich-app/immich',
+        repositoryUrl: 'https://github.com/immich-app/immich',
+        build: '1234567890',
+        buildUrl: 'https://github.com/immich-app/immich/actions/runs/1234567890',
+        buildImage: 'e2e',
+        buildImageUrl: 'https://github.com/immich-app/immich/pkgs/container/immich-server',
+        sourceRef: 'e2e',
+        sourceCommit: 'e2eeeeeeeeeeeeeeeeee',
+        sourceUrl: 'https://github.com/immich-app/immich/commit/e2eeeeeeeeeeeeeeeeee',
+        nodejs: expect.any(String),
+        ffmpeg: expect.any(String),
+        imagemagick: expect.any(String),
+        libvips: expect.any(String),
+        exiftool: expect.any(String),
+        licensed: false,
+      });
+    });
+  });
+
+  describe('GET /server/storage', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/server/storage');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should return the disk information', async () => {
+      const { status, body } = await request(app)
+        .get('/server/storage')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        diskAvailable: expect.any(String),
+        diskAvailableRaw: expect.any(Number),
+        diskSize: expect.any(String),
+        diskSizeRaw: expect.any(Number),
+        diskUsagePercentage: expect.any(Number),
+        diskUse: expect.any(String),
+        diskUseRaw: expect.any(Number),
+      });
+    });
+  });
+
+  describe('GET /server/ping', () => {
+    it('should respond with pong', async () => {
+      const { status, body } = await request(app).get('/server/ping');
+      expect(status).toBe(200);
+      expect(body).toEqual({ res: 'pong' });
+    });
+  });
+
+  describe('GET /server/version', () => {
+    it('should respond with the server version', async () => {
+      const { status, body } = await request(app).get('/server/version');
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        major: expect.any(Number),
+        minor: expect.any(Number),
+        patch: expect.any(Number),
+      });
+    });
+  });
+
+  describe('GET /server/features', () => {
+    it('should respond with the server features', async () => {
+      const { status, body } = await request(app).get('/server/features');
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        smartSearch: false,
+        configFile: false,
+        duplicateDetection: false,
+        facialRecognition: false,
+        map: true,
+        reverseGeocoding: true,
+        oauth: false,
+        oauthAutoLaunch: false,
+        passwordLogin: true,
+        search: true,
+        sidecar: true,
+        trash: true,
+        email: false,
+      });
+    });
+  });
+
+  describe('GET /server/config', () => {
+    it('should respond with the server configuration', async () => {
+      const { status, body } = await request(app).get('/server/config');
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        loginPageMessage: '',
+        oauthButtonText: 'Login with OAuth',
+        trashDays: 30,
+        userDeleteDelay: 7,
+        isInitialized: true,
+        externalDomain: '',
+        isOnboarded: false,
+      });
+    });
+  });
+
+  describe('GET /server/statistics', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/server/statistics');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should only work for admins', async () => {
+      const { status, body } = await request(app)
+        .get('/server/statistics')
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.forbidden);
+    });
+
+    it('should return the server stats', async () => {
+      const { status, body } = await request(app)
+        .get('/server/statistics')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        photos: 0,
+        usage: 0,
+        usageByUser: [
+          {
+            quotaSizeInBytes: null,
+            photos: 0,
+            usage: 0,
+            userName: 'Immich Admin',
+            userId: admin.userId,
+            videos: 0,
+          },
+          {
+            quotaSizeInBytes: null,
+            photos: 0,
+            usage: 0,
+            userName: 'User 1',
+            userId: nonAdmin.userId,
+            videos: 0,
+          },
+        ],
+        videos: 0,
+      });
+    });
+  });
+
+  describe('GET /server/media-types', () => {
+    it('should return accepted media types', async () => {
+      const { status, body } = await request(app).get('/server/media-types');
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        sidecar: ['.xmp'],
+        image: expect.any(Array),
+        video: expect.any(Array),
+      });
+    });
+  });
+
+  describe('GET /server/theme', () => {
+    it('should respond with the server theme', async () => {
+      const { status, body } = await request(app).get('/server/theme');
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        customCss: '',
+      });
+    });
+  });
+
+  describe('GET /server/license', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/server/license');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should only work for admins', async () => {
+      const { status, body } = await request(app)
+        .get('/server/license')
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.forbidden);
+    });
+
+    it('should return the server license', async () => {
+      await request(app).put('/server/license').set('Authorization', `Bearer ${admin.accessToken}`).send(serverLicense);
+      const { status, body } = await request(app)
+        .get('/server/license')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        ...serverLicense,
+        activatedAt: expect.any(String),
+      });
+    });
+  });
+
+  describe('DELETE /server/license', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).delete('/server/license');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should only work for admins', async () => {
+      const { status, body } = await request(app)
+        .delete('/server/license')
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.forbidden);
+    });
+
+    it('should delete the server license', async () => {
+      await request(app)
+        .delete('/server/license')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send(serverLicense);
+      const { status } = await request(app).get('/server/license').set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+    });
+  });
+
+  describe('PUT /server/license', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).put('/server/license');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should only work for admins', async () => {
+      const { status, body } = await request(app)
+        .put('/server/license')
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.forbidden);
+    });
+
+    it('should set the server license', async () => {
+      const { status, body } = await request(app)
+        .put('/server/license')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send(serverLicense);
+      expect(status).toBe(200);
+      expect(body).toEqual({ ...serverLicense, activatedAt: expect.any(String) });
+      const { body: licenseBody } = await request(app)
+        .get('/server/license')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(licenseBody).toEqual({ ...serverLicense, activatedAt: expect.any(String) });
+    });
+
+    it('should reject license not starting with IMSV-', async () => {
+      const { status, body } = await request(app)
+        .put('/server/license')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ licenseKey: 'IMCL-ABCD-ABCD-ABCD-ABCD-ABCD-ABCD-ABCD-ABCD', activationKey: 'activationKey' });
+      expect(status).toBe(400);
+      expect(body.message).toBe('Invalid license key');
+    });
+
+    it('should reject license with invalid activation key', async () => {
+      const { status, body } = await request(app)
+        .put('/server/license')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ licenseKey: serverLicense.licenseKey, activationKey: `invalid${serverLicense.activationKey}` });
+      expect(status).toBe(400);
+      expect(body.message).toBe('Invalid license key');
+    });
+  });
+});

e2e/src/api/specs/user-admin.e2e-spec.ts

@@ -5,6 +5,7 @@ import {
   getUserAdmin,
   getUserPreferencesAdmin,
   login,
+  updateAssets,
 } from '@immich/sdk';
 import { Socket } from 'socket.io-client';
 import { createUserDto, uuidDto } from 'src/fixtures';
@@ -20,18 +21,16 @@ describe('/admin/users', () => {
   let nonAdmin: LoginResponseDto;
   let deletedUser: LoginResponseDto;
   let userToDelete: LoginResponseDto;
-  let userToHardDelete: LoginResponseDto;
 
   beforeAll(async () => {
     await utils.resetDatabase();
     admin = await utils.adminSetup({ onboarding: false });
 
-    [websocket, nonAdmin, deletedUser, userToDelete, userToHardDelete] = await Promise.all([
+    [websocket, nonAdmin, deletedUser, userToDelete] = await Promise.all([
       utils.connectWebsocket(admin.accessToken),
       utils.userSetup(admin.accessToken, createUserDto.user1),
       utils.userSetup(admin.accessToken, createUserDto.user2),
       utils.userSetup(admin.accessToken, createUserDto.user3),
-      utils.userSetup(admin.accessToken, createUserDto.user4),
     ]);
 
     await deleteUserAdmin(
@@ -64,13 +63,12 @@ describe('/admin/users', () => {
         .get(`/admin/users`)
         .set('Authorization', `Bearer ${admin.accessToken}`);
       expect(status).toBe(200);
-      expect(body).toHaveLength(4);
+      expect(body).toHaveLength(3);
       expect(body).toEqual(
         expect.arrayContaining([
           expect.objectContaining({ email: admin.userEmail }),
           expect.objectContaining({ email: nonAdmin.userEmail }),
           expect.objectContaining({ email: userToDelete.userEmail }),
-          expect.objectContaining({ email: userToHardDelete.userEmail }),
         ]),
       );
     });
@@ -81,13 +79,12 @@ describe('/admin/users', () => {
         .set('Authorization', `Bearer ${admin.accessToken}`);
 
       expect(status).toBe(200);
-      expect(body).toHaveLength(5);
+      expect(body).toHaveLength(4);
       expect(body).toEqual(
         expect.arrayContaining([
           expect.objectContaining({ email: admin.userEmail }),
           expect.objectContaining({ email: nonAdmin.userEmail }),
           expect.objectContaining({ email: userToDelete.userEmail }),
-          expect.objectContaining({ email: userToHardDelete.userEmail }),
           expect.objectContaining({ email: deletedUser.userEmail }),
         ]),
       );
@@ -250,18 +247,23 @@ describe('/admin/users', () => {
         .set('Authorization', `Bearer ${admin.accessToken}`);
 
       expect(status).toBe(200);
-      expect(body).toEqual({
-        avatar: { color: 'orange' },
-        memories: { enabled: false },
-        emailNotifications: { enabled: true, albumInvite: true, albumUpdate: true },
-      });
+      expect(body).toMatchObject({ avatar: { color: 'orange' } });
 
       const after = await getUserPreferencesAdmin({ id: admin.userId }, { headers: asBearerAuth(admin.accessToken) });
-      expect(after).toEqual({
-        avatar: { color: 'orange' },
-        memories: { enabled: false },
-        emailNotifications: { enabled: true, albumInvite: true, albumUpdate: true },
-      });
+      expect(after).toMatchObject({ avatar: { color: 'orange' } });
+    });
+
+    it('should update download archive size', async () => {
+      const { status, body } = await request(app)
+        .put(`/admin/users/${admin.userId}/preferences`)
+        .send({ download: { archiveSize: 1_234_567 } })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ download: { archiveSize: 1_234_567 } });
+
+      const after = await getUserPreferencesAdmin({ id: admin.userId }, { headers: asBearerAuth(admin.accessToken) });
+      expect(after).toMatchObject({ download: { archiveSize: 1_234_567 } });
     });
   });
 
@@ -294,19 +296,49 @@ describe('/admin/users', () => {
     });
 
     it('should hard delete a user', async () => {
+      const user = await utils.userSetup(admin.accessToken, createUserDto.create('hard-delete-1'));
+
       const { status, body } = await request(app)
-        .delete(`/admin/users/${userToHardDelete.userId}`)
+        .delete(`/admin/users/${user.userId}`)
         .send({ force: true })
         .set('Authorization', `Bearer ${admin.accessToken}`);
 
       expect(status).toBe(200);
       expect(body).toMatchObject({
-        id: userToHardDelete.userId,
+        id: user.userId,
         updatedAt: expect.any(String),
         deletedAt: expect.any(String),
       });
 
-      await utils.waitForWebsocketEvent({ event: 'userDelete', id: userToHardDelete.userId, timeout: 5000 });
+      await utils.waitForWebsocketEvent({ event: 'userDelete', id: user.userId, timeout: 5000 });
+    });
+
+    it('should hard delete a user with stacked assets', async () => {
+      const user = await utils.userSetup(admin.accessToken, createUserDto.create('hard-delete-1'));
+
+      const [asset1, asset2] = await Promise.all([
+        utils.createAsset(user.accessToken),
+        utils.createAsset(user.accessToken),
+      ]);
+
+      await updateAssets(
+        { assetBulkUpdateDto: { stackParentId: asset1.id, ids: [asset2.id] } },
+        { headers: asBearerAuth(user.accessToken) },
+      );
+
+      const { status, body } = await request(app)
+        .delete(`/admin/users/${user.userId}`)
+        .send({ force: true })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({
+        id: user.userId,
+        updatedAt: expect.any(String),
+        deletedAt: expect.any(String),
+      });
+
+      await utils.waitForWebsocketEvent({ event: 'userDelete', id: user.userId, timeout: 5000 });
     });
   });
 

e2e/src/api/specs/user.e2e-spec.ts

@@ -5,6 +5,12 @@ import { app, asBearerAuth, utils } from 'src/utils';
 import request from 'supertest';
 import { beforeAll, describe, expect, it } from 'vitest';
 
+const userLicense = {
+  licenseKey: 'IMCL-FF69-TUK1-RWZU-V9Q8-QGQS-S5GC-X4R2-UFK4',
+  activationKey:
+    'KuX8KsktrBSiXpQMAH0zLgA5SpijXVr_PDkzLdWUlAogCTMBZ0I3KCHXK0eE9EEd7harxup8_EHMeqAWeHo5VQzol6LGECpFv585U9asXD4Zc-UXt3mhJr2uhazqipBIBwJA2YhmUCDy8hiyiGsukDQNu9Rg9C77UeoKuZBWVjWUBWG0mc1iRqfvF0faVM20w53czAzlhaMxzVGc3Oimbd7xi_CAMSujF_2y8QpA3X2fOVkQkzdcH9lV0COejl7IyH27zQQ9HrlrXv3Lai5Hw67kNkaSjmunVBxC5PS0TpKoc9SfBJMaAGWnaDbjhjYUrm-8nIDQnoeEAidDXVAdPw',
+};
+
 describe('/users', () => {
   let admin: LoginResponseDto;
   let deletedUser: LoginResponseDto;
@@ -72,6 +78,24 @@ describe('/users', () => {
         quotaUsageInBytes: 0,
       });
     });
+
+    it('should get my user with license info', async () => {
+      const { status: licenseStatus } = await request(app)
+        .put(`/users/me/license`)
+        .send(userLicense)
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+      expect(licenseStatus).toBe(200);
+      const { status, body } = await request(app)
+        .get(`/users/me`)
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toMatchObject({
+        id: nonAdmin.userId,
+        email: nonAdmin.userEmail,
+        quotaUsageInBytes: 0,
+        license: userLicense,
+      });
+    });
   });
 
   describe('PUT /users/me', () => {
@@ -173,6 +197,45 @@ describe('/users', () => {
       const after = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
       expect(after).toMatchObject({ memories: { enabled: false } });
     });
+
+    it('should update avatar color', async () => {
+      const { status, body } = await request(app)
+        .put(`/users/me/preferences`)
+        .send({ avatar: { color: 'blue' } })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ avatar: { color: 'blue' } });
+
+      const after = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
+      expect(after).toMatchObject({ avatar: { color: 'blue' } });
+    });
+
+    it('should require an integer for download archive size', async () => {
+      const { status, body } = await request(app)
+        .put(`/users/me/preferences`)
+        .send({ download: { archiveSize: 1_234_567.89 } })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest(['download.archiveSize must be an integer number']));
+    });
+
+    it('should update download archive size', async () => {
+      const before = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
+      expect(before).toMatchObject({ download: { archiveSize: 4 * 2 ** 30 } });
+
+      const { status, body } = await request(app)
+        .put(`/users/me/preferences`)
+        .send({ download: { archiveSize: 1_234_567 } })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ download: { archiveSize: 1_234_567 } });
+
+      const after = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
+      expect(after).toMatchObject({ download: { archiveSize: 1_234_567 } });
+    });
   });
 
   describe('GET /users/:id', () => {
@@ -197,4 +260,81 @@ describe('/users', () => {
       });
     });
   });
+
+  describe('GET /server/license', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/users/me/license');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should return the user license', async () => {
+      await request(app)
+        .put('/users/me/license')
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`)
+        .send(userLicense);
+      const { status, body } = await request(app)
+        .get('/users/me/license')
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        ...userLicense,
+        activatedAt: expect.any(String),
+      });
+    });
+  });
+
+  describe('PUT /users/me/license', () => {
+    it('should require authentication', async () => {
+      const { status } = await request(app).put(`/users/me/license`);
+      expect(status).toEqual(401);
+    });
+
+    it('should set the user license', async () => {
+      const { status, body } = await request(app)
+        .put(`/users/me/license`)
+        .send(userLicense)
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ ...userLicense, activatedAt: expect.any(String) });
+      expect(status).toBe(200);
+      expect(body).toEqual({ ...userLicense, activatedAt: expect.any(String) });
+      const { body: licenseBody } = await request(app)
+        .get('/users/me/license')
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+      expect(licenseBody).toEqual({ ...userLicense, activatedAt: expect.any(String) });
+    });
+
+    it('should reject license not starting with IMCL-', async () => {
+      const { status, body } = await request(app)
+        .put('/users/me/license')
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`)
+        .send({ licenseKey: 'IMSV-ABCD-ABCD-ABCD-ABCD-ABCD-ABCD-ABCD-ABCD', activationKey: 'activationKey' });
+      expect(status).toBe(400);
+      expect(body.message).toBe('Invalid license key');
+    });
+
+    it('should reject license with invalid activation key', async () => {
+      const { status, body } = await request(app)
+        .put('/users/me/license')
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`)
+        .send({ licenseKey: userLicense.licenseKey, activationKey: `invalid${userLicense.activationKey}` });
+      expect(status).toBe(400);
+      expect(body.message).toBe('Invalid license key');
+    });
+  });
+
+  describe('DELETE /users/me/license', () => {
+    it('should require authentication', async () => {
+      const { status } = await request(app).put(`/users/me/license`);
+      expect(status).toEqual(401);
+    });
+
+    it('should delete the user license', async () => {
+      const { status } = await request(app)
+        .delete(`/users/me/license`)
+        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
+      expect(status).toBe(200);
+    });
+  });
 });

e2e/src/immich-admin/specs/immich-admin.e2e-spec.ts

@@ -9,11 +9,30 @@ describe(`immich-admin`, () => {
 
   describe('list-users', () => {
     it('should list the admin user', async () => {
-      const { stdout, stderr, exitCode } = await immichAdmin(['list-users']);
+      const { stdout, stderr, exitCode } = await immichAdmin(['list-users']).promise;
       expect(exitCode).toBe(0);
       expect(stderr).toBe('');
       expect(stdout).toContain("email: 'admin@immich.cloud'");
       expect(stdout).toContain("name: 'Immich Admin'");
     });
   });
+
+  describe('reset-admin-password', () => {
+    it('should reset admin password', async () => {
+      const { child, promise } = immichAdmin(['reset-admin-password']);
+
+      let data = '';
+      child.stdout.on('data', (chunk) => {
+        data += chunk;
+        if (data.includes('Please choose a new password (optional)')) {
+          child.stdin.end('\n');
+        }
+      });
+
+      const { stderr, stdout, exitCode } = await promise;
+      expect(exitCode).toBe(0);
+      expect(stderr).toBe('');
+      expect(stdout).toContain('The admin password has been updated to:');
+    });
+  });
 });

e2e/src/responses.ts

@@ -61,6 +61,12 @@ export const errorDto = {
     message: 'The server already has an admin',
     correlationId: expect.any(String),
   },
+  invalidEmail: {
+    error: 'Bad Request',
+    statusCode: 400,
+    message: ['email must be an email'],
+    correlationId: expect.any(String),
+  },
 };
 
 export const signupResponseDto = {
@@ -81,6 +87,7 @@ export const signupResponseDto = {
     quotaUsageInBytes: 0,
     quotaSizeInBytes: null,
     status: 'active',
+    license: null,
   },
 };
 

e2e/src/setup/auth-server.ts

@@ -0,0 +1,117 @@
+import { exportJWK, generateKeyPair } from 'jose';
+import Provider from 'oidc-provider';
+
+export enum OAuthClient {
+  DEFAULT = 'client-default',
+  RS256_TOKENS = 'client-RS256-tokens',
+  RS256_PROFILE = 'client-RS256-profile',
+}
+
+export enum OAuthUser {
+  NO_EMAIL = 'no-email',
+  NO_NAME = 'no-name',
+  WITH_QUOTA = 'with-quota',
+  WITH_USERNAME = 'with-username',
+}
+
+const claims = [
+  { sub: OAuthUser.NO_EMAIL },
+  {
+    sub: OAuthUser.NO_NAME,
+    email: 'oauth-no-name@immich.app',
+    email_verified: true,
+  },
+  {
+    sub: OAuthUser.WITH_USERNAME,
+    email: 'oauth-with-username@immich.app',
+    email_verified: true,
+    immich_username: 'user-username',
+  },
+  {
+    sub: OAuthUser.WITH_QUOTA,
+    email: 'oauth-with-quota@immich.app',
+    email_verified: true,
+    preferred_username: 'user-quota',
+    immich_quota: 25,
+  },
+];
+
+const withDefaultClaims = (sub: string) => ({
+  sub,
+  email: `${sub}@immich.app`,
+  name: 'OAuth User',
+  given_name: `OAuth`,
+  family_name: 'User',
+  email_verified: true,
+});
+
+const getClaims = (sub: string) => claims.find((user) => user.sub === sub) || withDefaultClaims(sub);
+
+const setup = async () => {
+  const { privateKey, publicKey } = await generateKeyPair('RS256');
+
+  const port = 3000;
+  const host = '0.0.0.0';
+  const oidc = new Provider(`http://${host}:${port}`, {
+    renderError: async (ctx, out, error) => {
+      console.error(out);
+      console.error(error);
+      ctx.body = 'Internal Server Error';
+    },
+    findAccount: (ctx, sub) => ({ accountId: sub, claims: () => getClaims(sub) }),
+    scopes: ['openid', 'email', 'profile'],
+    claims: {
+      openid: ['sub'],
+      email: ['email', 'email_verified'],
+      profile: ['name', 'given_name', 'family_name', 'preferred_username', 'immich_quota', 'immich_username'],
+    },
+    features: {
+      jwtUserinfo: {
+        enabled: true,
+      },
+    },
+    cookies: {
+      names: {
+        session: 'oidc.session',
+        interaction: 'oidc.interaction',
+        resume: 'oidc.resume',
+        state: 'oidc.state',
+      },
+    },
+    pkce: {
+      required: () => false,
+    },
+    jwks: { keys: [await exportJWK(privateKey)] },
+    clients: [
+      {
+        client_id: OAuthClient.DEFAULT,
+        client_secret: OAuthClient.DEFAULT,
+        redirect_uris: ['http://127.0.0.1:2283/auth/login'],
+        grant_types: ['authorization_code'],
+        response_types: ['code'],
+      },
+      {
+        client_id: OAuthClient.RS256_TOKENS,
+        client_secret: OAuthClient.RS256_TOKENS,
+        redirect_uris: ['http://127.0.0.1:2283/auth/login'],
+        grant_types: ['authorization_code'],
+        id_token_signed_response_alg: 'RS256',
+        jwks: { keys: [await exportJWK(publicKey)] },
+      },
+      {
+        client_id: OAuthClient.RS256_PROFILE,
+        client_secret: OAuthClient.RS256_PROFILE,
+        redirect_uris: ['http://127.0.0.1:2283/auth/login'],
+        grant_types: ['authorization_code'],
+        userinfo_signed_response_alg: 'RS256',
+        jwks: { keys: [await exportJWK(publicKey)] },
+      },
+    ],
+  });
+
+  const onStart = () => console.log(`[auth-server] http://${host}:${port}/.well-known/openid-configuration`);
+  const app = oidc.listen(port, host, onStart);
+  return () => app.close();
+};
+
+export default setup;

e2e/src/utils.ts

@@ -47,14 +47,13 @@ import { makeRandomImage } from 'src/generators';
 import request from 'supertest';
 
 type CommandResponse = { stdout: string; stderr: string; exitCode: number | null };
-type EventType = 'assetUpload' | 'assetUpdate' | 'assetDelete' | 'userDelete';
+type EventType = 'assetUpload' | 'assetUpdate' | 'assetDelete' | 'userDelete' | 'assetHidden';
 type WaitOptions = { event: EventType; id?: string; total?: number; timeout?: number };
 type AdminSetupOptions = { onboarding?: boolean };
 type AssetData = { bytes?: Buffer; filename: string };
 
 const dbUrl = 'postgres://postgres:postgres@127.0.0.1:5433/immich';
-const baseUrl = 'http://127.0.0.1:2283';
-
+export const baseUrl = 'http://127.0.0.1:2283';
 export const shareUrl = `${baseUrl}/share`;
 export const app = `${baseUrl}/api`;
 // TODO move test assets into e2e/assets
@@ -64,13 +63,13 @@ export const tempDir = tmpdir();
 export const asBearerAuth = (accessToken: string) => ({ Authorization: `Bearer ${accessToken}` });
 export const asKeyAuth = (key: string) => ({ 'x-api-key': key });
 export const immichCli = (args: string[]) =>
-  executeCommand('node', ['node_modules/.bin/immich', '-d', `/${tempDir}/immich/`, ...args]);
+  executeCommand('node', ['node_modules/.bin/immich', '-d', `/${tempDir}/immich/`, ...args]).promise;
 export const immichAdmin = (args: string[]) =>
   executeCommand('docker', ['exec', '-i', 'immich-e2e-server', '/bin/bash', '-c', `immich-admin ${args.join(' ')}`]);
 
 const executeCommand = (command: string, args: string[]) => {
   let _resolve: (value: CommandResponse) => void;
-  const deferred = new Promise<CommandResponse>((resolve) => (_resolve = resolve));
+  const promise = new Promise<CommandResponse>((resolve) => (_resolve = resolve));
   const child = spawn(command, args, { stdio: 'pipe' });
 
   let stdout = '';
@@ -86,12 +85,13 @@ const executeCommand = (command: string, args: string[]) => {
     });
   });
 
-  return deferred;
+  return { promise, child };
 };
 
 let client: pg.Client | null = null;
 
 const events: Record<EventType, Set<string>> = {
+  assetHidden: new Set<string>(),
   assetUpload: new Set<string>(),
   assetUpdate: new Set<string>(),
   assetDelete: new Set<string>(),
@@ -151,10 +151,6 @@ export const utils = {
 
       const sql: string[] = [];
 
-      if (tables.includes('asset_stack')) {
-        sql.push('UPDATE "assets" SET "stackId" = NULL;');
-      }
-
       for (const table of tables) {
         if (table === 'system_metadata') {
           // prevent reverse geocoder from being re-initialized
@@ -203,6 +199,7 @@ export const utils = {
         .on('connect', () => resolve(websocket))
         .on('on_upload_success', (data: AssetResponseDto) => onEvent({ event: 'assetUpload', id: data.id }))
         .on('on_asset_update', (data: AssetResponseDto) => onEvent({ event: 'assetUpdate', id: data.id }))
+        .on('on_asset_hidden', (assetId: string) => onEvent({ event: 'assetHidden', id: assetId }))
         .on('on_asset_delete', (assetId: string) => onEvent({ event: 'assetDelete', id: assetId }))
         .on('on_user_delete', (userId: string) => onEvent({ event: 'userDelete', id: userId }))
         .connect();
@@ -398,14 +395,7 @@ export const utils = {
       return;
     }
 
-    const vector = Array.from({ length: 512 }, Math.random);
-    const embedding = `[${vector.join(',')}]`;
-
-    await client.query('INSERT INTO asset_faces ("assetId", "personId", "embedding") VALUES ($1, $2, $3)', [
-      assetId,
-      personId,
-      embedding,
-    ]);
+    await client.query('INSERT INTO asset_faces ("assetId", "personId") VALUES ($1, $2)', [assetId, personId]);
   },
 
   setPersonThumbnail: async (personId: string) => {

e2e/src/web/specs/shared-link.e2e-spec.ts

@@ -51,6 +51,13 @@ test.describe('Shared Links', () => {
     await page.getByText('DOWNLOADING', { exact: true }).waitFor();
   });
 
+  test('download all from shared link', async ({ page }) => {
+    await page.goto(`/share/${sharedLink.key}`);
+    await page.getByRole('heading', { name: 'Test Album' }).waitFor();
+    await page.getByRole('button', { name: 'Download' }).click();
+    await page.getByText('DOWNLOADING', { exact: true }).waitFor();
+  });
+
   test('enter password for a shared link', async ({ page }) => {
     await page.goto(`/share/${sharedLinkPassword.key}`);
     await page.getByPlaceholder('Password').fill('test-password');

e2e/vitest.config.ts

@@ -1,11 +1,11 @@
 import { defineConfig } from 'vitest/config';
 
 // skip `docker compose up` if `make e2e` was already run
-const globalSetup: string[] = [];
+const globalSetup: string[] = ['src/setup/auth-server.ts'];
 try {
   await fetch('http://127.0.0.1:2283/api/server-info/ping');
 } catch {
-  globalSetup.push('src/setup.ts');
+  globalSetup.push('src/setup/docker-compose.ts');
 }
 
 export default defineConfig({

machine-learning/Dockerfile

@@ -1,6 +1,6 @@
 ARG DEVICE=cpu
 
-FROM python:3.11-bookworm@sha256:96de1ea4821d73fd2c1853d1fdc3cf794ccfe2fae4c3f08579e846de51760a61 as builder-cpu
+FROM python:3.11-bookworm@sha256:7bec1574675e7fd9e3a540a03cd7d6811c59ca261bd300cd665369d8f435298a as builder-cpu
 
 FROM openvino/ubuntu22_runtime:2023.3.0@sha256:176646df619032ea6c10faf842867119c393e7497b7f88b5e307e932a0fd5aa8 as builder-openvino
 USER root
@@ -36,7 +36,7 @@ RUN python3 -m venv /opt/venv
 COPY poetry.lock pyproject.toml ./
 RUN poetry install --sync --no-interaction --no-ansi --no-root --with ${DEVICE} --without dev
 
-FROM python:3.11-slim-bookworm@sha256:fc39d2e68b554c3f0a5cb8a776280c0b3d73b4c04b83dbade835e2a171ca27ef as prod-cpu
+FROM python:3.11-slim-bookworm@sha256:17ec9dc2367aa748559d0212f34665ec4df801129de32db705ea34654b5bc77a as prod-cpu
 
 FROM openvino/ubuntu22_runtime:2023.3.0@sha256:176646df619032ea6c10faf842867119c393e7497b7f88b5e307e932a0fd5aa8 as prod-openvino
 USER root
@@ -77,6 +77,7 @@ RUN apt-get update && \
     rm -rf /var/lib/apt/lists/*
 
 WORKDIR /usr/src/app
+ARG DEVICE
 ENV TRANSFORMERS_CACHE=/cache \
     PYTHONDONTWRITEBYTECODE=1 \
     PYTHONUNBUFFERED=1 \

machine-learning/ann/ann.py

@@ -52,8 +52,6 @@ class Ann(metaclass=_Singleton):
     def __init__(self, log_level: int = 3, tuning_level: int = 1, tuning_file: str | None = None) -> None:
         if not is_available:
             raise RuntimeError("libann is not available!")
-        if tuning_file and not exists(tuning_file):
-            raise ValueError("tuning_file must point to an existing (possibly empty) file!")
         if tuning_level == 0 and tuning_file is None:
             raise ValueError("tuning_level == 0 reads existing tuning information and requires a tuning_file")
         if tuning_level < 0 or tuning_level > 3:
@@ -67,6 +65,12 @@ class Ann(metaclass=_Singleton):
         self.input_shapes: dict[int, tuple[tuple[int], ...]] = {}
         self.ann: int | None = None
         self.new()
+        
+        if self.tuning_file is not None:
+            # make sure tuning file exists (without clearing contents)
+            # once filled, the tuning file reduces the cost/time of the first
+            # inference after model load by 10s of seconds
+            open(self.tuning_file, "a").close()
 
     def new(self) -> None:
         if self.ann is None:
@@ -95,17 +99,19 @@ class Ann(metaclass=_Singleton):
         model_path: str,
         fast_math: bool = True,
         fp16: bool = False,
-        save_cached_network: bool = False,
         cached_network_path: str | None = None,
     ) -> int:
         if not model_path.endswith((".armnn", ".tflite", ".onnx")):
             raise ValueError("model_path must be a file with extension .armnn, .tflite or .onnx")
         if not exists(model_path):
             raise ValueError("model_path must point to an existing file!")
+        
+        save_cached_network = False
         if cached_network_path is not None and not exists(cached_network_path):
-            raise ValueError("cached_network_path must point to an existing (possibly empty) file!")
-        if save_cached_network and cached_network_path is None:
-            raise ValueError("save_cached_network is True, cached_network_path must be specified!")
+            save_cached_network = True
+            # create empty model cache file
+            open(cached_network_path, "a").close()
+
         net_id: int = libann.load(
             self.ann,
             model_path.encode(),

machine-learning/app/conftest.py

@@ -8,6 +8,8 @@ from fastapi.testclient import TestClient
 from numpy.typing import NDArray
 from PIL import Image
 
+from app.config import log
+
 from .main import app
 
 
@@ -96,12 +98,83 @@ def clip_tokenizer_cfg() -> dict[str, Any]:
 
 
 @pytest.fixture(scope="function")
-def providers(request: pytest.FixtureRequest) -> Iterator[dict[str, Any]]:
+def providers(request: pytest.FixtureRequest) -> Iterator[mock.Mock]:
     marker = request.node.get_closest_marker("providers")
     if marker is None:
         raise ValueError("Missing marker 'providers'")
 
     providers = marker.args[0]
-    with mock.patch("app.models.base.ort.get_available_providers") as mocked:
+    with mock.patch("app.sessions.ort.ort.get_available_providers") as mocked:
         mocked.return_value = providers
         yield providers
+
+
+@pytest.fixture(scope="function")
+def ort_pybind() -> Iterator[mock.Mock]:
+    with mock.patch("app.sessions.ort.ort.capi._pybind_state") as mocked:
+        yield mocked
+
+
+@pytest.fixture(scope="function")
+def ov_device_ids(request: pytest.FixtureRequest, ort_pybind: mock.Mock) -> Iterator[mock.Mock]:
+    marker = request.node.get_closest_marker("ov_device_ids")
+    if marker is None:
+        raise ValueError("Missing marker 'ov_device_ids'")
+    ort_pybind.get_available_openvino_device_ids.return_value = marker.args[0]
+    return ort_pybind
+
+
+@pytest.fixture(scope="function")
+def ort_session() -> Iterator[mock.Mock]:
+    with mock.patch("app.sessions.ort.ort.InferenceSession") as mocked:
+        yield mocked
+
+
+@pytest.fixture(scope="function")
+def ann_session() -> Iterator[mock.Mock]:
+    with mock.patch("app.sessions.ann.Ann") as mocked:
+        yield mocked
+
+
+@pytest.fixture(scope="function")
+def rmtree() -> Iterator[mock.Mock]:
+    with mock.patch("app.models.base.rmtree", autospec=True) as mocked:
+        mocked.avoids_symlink_attacks = True
+        yield mocked
+
+
+@pytest.fixture(scope="function")
+def path() -> Iterator[mock.Mock]:
+    path = mock.MagicMock()
+    path.exists.return_value = True
+    path.is_dir.return_value = True
+    path.is_file.return_value = True
+    path.with_suffix.return_value = path
+    path.return_value = path
+
+    with mock.patch("app.models.base.Path", return_value=path) as mocked:
+        yield mocked
+
+
+@pytest.fixture(scope="function")
+def info() -> Iterator[mock.Mock]:
+    with mock.patch.object(log, "info") as mocked:
+        yield mocked
+
+
+@pytest.fixture(scope="function")
+def warning() -> Iterator[mock.Mock]:
+    with mock.patch.object(log, "warning") as mocked:
+        yield mocked
+
+
+@pytest.fixture(scope="function")
+def exception() -> Iterator[mock.Mock]:
+    with mock.patch.object(log, "exception") as mocked:
+        yield mocked
+
+
+@pytest.fixture(scope="function")
+def snapshot_download() -> Iterator[mock.Mock]:
+    with mock.patch("app.models.base.snapshot_download") as mocked:
+        yield mocked

machine-learning/app/main.py

@@ -29,6 +29,7 @@ from .schemas import (
     InferenceEntry,
     InferenceResponse,
     MessageResponse,
+    ModelFormat,
     ModelIdentity,
     ModelTask,
     ModelType,
@@ -192,23 +193,28 @@ async def load(model: InferenceModel) -> InferenceModel:
         return model
 
     def _load(model: InferenceModel) -> InferenceModel:
+        if model.load_attempts > 1:
+            raise HTTPException(500, f"Failed to load model '{model.model_name}'")
         with lock:
-            model.load()
+            try:
+                model.load()
+            except FileNotFoundError as e:
+                if model.model_format == ModelFormat.ONNX:
+                    raise e
+                log.exception(e)
+                log.warning(
+                    f"{model.model_format.upper()} is available, but model '{model.model_name}' does not support it."
+                )
+                model.model_format = ModelFormat.ONNX
+                model.load()
         return model
 
     try:
-        await run(_load, model)
-        return model
+        return await run(_load, model)
     except (OSError, InvalidProtobuf, BadZipFile, NoSuchFile):
-        log.warning(
-            (
-                f"Failed to load {model.model_type.replace('_', ' ')} model '{model.model_name}'."
-                "Clearing cache and retrying."
-            )
-        )
+        log.warning(f"Failed to load {model.model_type.replace('_', ' ')} model '{model.model_name}'. Clearing cache.")
         model.clear_cache()
-        await run(_load, model)
-        return model
+        return await run(_load, model)
 
 
 async def idle_shutdown_task() -> None:

machine-learning/app/models/base.py

@@ -5,15 +5,14 @@ from pathlib import Path
 from shutil import rmtree
 from typing import Any, ClassVar
 
-import onnxruntime as ort
 from huggingface_hub import snapshot_download
 
 import ann.ann
-from app.models.constants import SUPPORTED_PROVIDERS
+from app.sessions.ort import OrtSession
 
 from ..config import clean_name, log, settings
 from ..schemas import ModelFormat, ModelIdentity, ModelSession, ModelTask, ModelType
-from .ann import AnnSession
+from ..sessions.ann import AnnSession
 
 
 class InferenceModel(ABC):
@@ -24,19 +23,17 @@ class InferenceModel(ABC):
         self,
         model_name: str,
         cache_dir: Path | str | None = None,
-        providers: list[str] | None = None,
-        provider_options: list[dict[str, Any]] | None = None,
-        sess_options: ort.SessionOptions | None = None,
-        preferred_format: ModelFormat | None = None,
+        model_format: ModelFormat | None = None,
+        session: ModelSession | None = None,
         **model_kwargs: Any,
     ) -> None:
-        self.loaded = False
+        self.loaded = session is not None
+        self.load_attempts = 0
         self.model_name = clean_name(model_name)
-        self.cache_dir = Path(cache_dir) if cache_dir is not None else self.cache_dir_default
-        self.providers = providers if providers is not None else self.providers_default
-        self.provider_options = provider_options if provider_options is not None else self.provider_options_default
-        self.sess_options = sess_options if sess_options is not None else self.sess_options_default
-        self.preferred_format = preferred_format if preferred_format is not None else self.preferred_format_default
+        self.cache_dir = Path(cache_dir) if cache_dir is not None else self._cache_dir_default
+        self.model_format = model_format if model_format is not None else self._model_format_default
+        if session is not None:
+            self.session = session
 
     def download(self) -> None:
         if not self.cached:
@@ -48,9 +45,11 @@ class InferenceModel(ABC):
     def load(self) -> None:
         if self.loaded:
             return
+        self.load_attempts += 1
 
         self.download()
-        log.info(f"Loading {self.model_type.replace('-', ' ')} model '{self.model_name}' to memory")
+        attempt = f"Attempt #{self.load_attempts} to load" if self.load_attempts > 1 else "Loading"
+        log.info(f"{attempt} {self.model_type.replace('-', ' ')} model '{self.model_name}' to memory")
         self.session = self._load()
         self.loaded = True
 
@@ -67,7 +66,7 @@ class InferenceModel(ABC):
         pass
 
     def _download(self) -> None:
-        ignore_patterns = [] if self.preferred_format == ModelFormat.ARMNN else ["*.armnn"]
+        ignore_patterns = [] if self.model_format == ModelFormat.ARMNN else ["*.armnn"]
         snapshot_download(
             f"immich-app/{clean_name(self.model_name)}",
             cache_dir=self.cache_dir,
@@ -103,25 +102,13 @@ class InferenceModel(ABC):
 
     def _make_session(self, model_path: Path) -> ModelSession:
         if not model_path.is_file():
-            onnx_path = model_path.with_suffix(".onnx")
-            if not onnx_path.is_file():
-                raise ValueError(f"Model path '{model_path}' does not exist")
-
-            log.warning(
-                f"Could not find model path '{model_path}'. " f"Falling back to ONNX model path '{onnx_path}' instead.",
-            )
-            model_path = onnx_path
+            raise FileNotFoundError(f"Model file not found: {model_path}")
 
         match model_path.suffix:
             case ".armnn":
-                session = AnnSession(model_path)
+                session: ModelSession = AnnSession(model_path)
             case ".onnx":
-                session = ort.InferenceSession(
-                    model_path.as_posix(),
-                    sess_options=self.sess_options,
-                    providers=self.providers,
-                    provider_options=self.provider_options,
-                )
+                session = OrtSession(model_path)
             case _:
                 raise ValueError(f"Unsupported model file type: {model_path.suffix}")
         return session
@@ -132,7 +119,7 @@ class InferenceModel(ABC):
 
     @property
     def model_path(self) -> Path:
-        return self.model_dir / f"model.{self.preferred_format}"
+        return self.model_dir / f"model.{self.model_format}"
 
     @property
     def model_task(self) -> ModelTask:
@@ -151,7 +138,7 @@ class InferenceModel(ABC):
         self._cache_dir = cache_dir
 
     @property
-    def cache_dir_default(self) -> Path:
+    def _cache_dir_default(self) -> Path:
         return settings.cache_folder / self.model_task.value / self.model_name
 
     @property
@@ -159,95 +146,14 @@ class InferenceModel(ABC):
         return self.model_path.is_file()
 
     @property
-    def providers(self) -> list[str]:
-        return self._providers
+    def model_format(self) -> ModelFormat:
+        return self._model_format
 
-    @providers.setter
-    def providers(self, providers: list[str]) -> None:
-        log.info(
-            (f"Setting '{self.model_name}' execution providers to {providers}, " "in descending order of preference"),
-        )
-        self._providers = providers
+    @model_format.setter
+    def model_format(self, model_format: ModelFormat) -> None:
+        log.debug(f"Setting model format to {model_format}")
+        self._model_format = model_format
 
     @property
-    def providers_default(self) -> list[str]:
-        available_providers = set(ort.get_available_providers())
-        log.debug(f"Available ORT providers: {available_providers}")
-        if (openvino := "OpenVINOExecutionProvider") in available_providers:
-            device_ids: list[str] = ort.capi._pybind_state.get_available_openvino_device_ids()
-            log.debug(f"Available OpenVINO devices: {device_ids}")
-
-            gpu_devices = [device_id for device_id in device_ids if device_id.startswith("GPU")]
-            if not gpu_devices:
-                log.warning("No GPU device found in OpenVINO. Falling back to CPU.")
-                available_providers.remove(openvino)
-        return [provider for provider in SUPPORTED_PROVIDERS if provider in available_providers]
-
-    @property
-    def provider_options(self) -> list[dict[str, Any]]:
-        return self._provider_options
-
-    @provider_options.setter
-    def provider_options(self, provider_options: list[dict[str, Any]]) -> None:
-        log.debug(f"Setting execution provider options to {provider_options}")
-        self._provider_options = provider_options
-
-    @property
-    def provider_options_default(self) -> list[dict[str, Any]]:
-        options = []
-        for provider in self.providers:
-            match provider:
-                case "CPUExecutionProvider" | "CUDAExecutionProvider":
-                    option = {"arena_extend_strategy": "kSameAsRequested"}
-                case "OpenVINOExecutionProvider":
-                    option = {"device_type": "GPU_FP32", "cache_dir": (self.cache_dir / "openvino").as_posix()}
-                case _:
-                    option = {}
-            options.append(option)
-        return options
-
-    @property
-    def sess_options(self) -> ort.SessionOptions:
-        return self._sess_options
-
-    @sess_options.setter
-    def sess_options(self, sess_options: ort.SessionOptions) -> None:
-        log.debug(f"Setting execution_mode to {sess_options.execution_mode.name}")
-        log.debug(f"Setting inter_op_num_threads to {sess_options.inter_op_num_threads}")
-        log.debug(f"Setting intra_op_num_threads to {sess_options.intra_op_num_threads}")
-        self._sess_options = sess_options
-
-    @property
-    def sess_options_default(self) -> ort.SessionOptions:
-        sess_options = ort.SessionOptions()
-        sess_options.enable_cpu_mem_arena = False
-
-        # avoid thread contention between models
-        if settings.model_inter_op_threads > 0:
-            sess_options.inter_op_num_threads = settings.model_inter_op_threads
-        # these defaults work well for CPU, but bottleneck GPU
-        elif settings.model_inter_op_threads == 0 and self.providers == ["CPUExecutionProvider"]:
-            sess_options.inter_op_num_threads = 1
-
-        if settings.model_intra_op_threads > 0:
-            sess_options.intra_op_num_threads = settings.model_intra_op_threads
-        elif settings.model_intra_op_threads == 0 and self.providers == ["CPUExecutionProvider"]:
-            sess_options.intra_op_num_threads = 2
-
-        if sess_options.inter_op_num_threads > 1:
-            sess_options.execution_mode = ort.ExecutionMode.ORT_PARALLEL
-
-        return sess_options
-
-    @property
-    def preferred_format(self) -> ModelFormat:
-        return self._preferred_format
-
-    @preferred_format.setter
-    def preferred_format(self, preferred_format: ModelFormat) -> None:
-        log.debug(f"Setting preferred format to {preferred_format}")
-        self._preferred_format = preferred_format
-
-    @property
-    def preferred_format_default(self) -> ModelFormat:
+    def _model_format_default(self) -> ModelFormat:
         return ModelFormat.ARMNN if ann.ann.is_available and settings.ann else ModelFormat.ONNX

machine-learning/app/models/clip/textual.py

@@ -22,11 +22,12 @@ class BaseCLIPTextualEncoder(InferenceModel):
         return res
 
     def _load(self) -> ModelSession:
+        session = super()._load()
         log.debug(f"Loading tokenizer for CLIP model '{self.model_name}'")
         self.tokenizer = self._load_tokenizer()
         log.debug(f"Loaded tokenizer for CLIP model '{self.model_name}'")
 
-        return super()._load()
+        return session
 
     @abstractmethod
     def _load_tokenizer(self) -> Tokenizer:

machine-learning/app/models/facial_recognition/detection.py

@@ -1,4 +1,3 @@
-from pathlib import Path
 from typing import Any
 
 import numpy as np
@@ -14,15 +13,9 @@ class FaceDetector(InferenceModel):
     depends = []
     identity = (ModelType.DETECTION, ModelTask.FACIAL_RECOGNITION)
 
-    def __init__(
-        self,
-        model_name: str,
-        min_score: float = 0.7,
-        cache_dir: Path | str | None = None,
-        **model_kwargs: Any,
-    ) -> None:
+    def __init__(self, model_name: str, min_score: float = 0.7, **model_kwargs: Any) -> None:
         self.min_score = model_kwargs.pop("minScore", min_score)
-        super().__init__(model_name, cache_dir, **model_kwargs)
+        super().__init__(model_name, **model_kwargs)
 
     def _load(self) -> ModelSession:
         session = self._make_session(self.model_path)

machine-learning/app/models/facial_recognition/recognition.py

@@ -3,37 +3,32 @@ from typing import Any
 
 import numpy as np
 import onnx
-import onnxruntime as ort
 from insightface.model_zoo import ArcFaceONNX
 from insightface.utils.face_align import norm_crop
 from numpy.typing import NDArray
 from onnx.tools.update_model_dims import update_inputs_outputs_dims
 from PIL import Image
 
-from app.config import clean_name, log
+from app.config import log
 from app.models.base import InferenceModel
 from app.models.transforms import decode_cv2
-from app.schemas import FaceDetectionOutput, FacialRecognitionOutput, ModelSession, ModelTask, ModelType
+from app.schemas import FaceDetectionOutput, FacialRecognitionOutput, ModelFormat, ModelSession, ModelTask, ModelType
+from app.sessions import has_batch_axis
 
 
 class FaceRecognizer(InferenceModel):
     depends = [(ModelType.DETECTION, ModelTask.FACIAL_RECOGNITION)]
     identity = (ModelType.RECOGNITION, ModelTask.FACIAL_RECOGNITION)
 
-    def __init__(
-        self,
-        model_name: str,
-        min_score: float = 0.7,
-        cache_dir: Path | str | None = None,
-        **model_kwargs: Any,
-    ) -> None:
+    def __init__(self, model_name: str, min_score: float = 0.7, **model_kwargs: Any) -> None:
+        super().__init__(model_name, **model_kwargs)
         self.min_score = model_kwargs.pop("minScore", min_score)
-        super().__init__(clean_name(model_name), cache_dir, **model_kwargs)
+        self.batch = self.model_format == ModelFormat.ONNX
 
     def _load(self) -> ModelSession:
         session = self._make_session(self.model_path)
-        if not self._has_batch_dim(session):
-            self._add_batch_dim(self.model_path)
+        if self.batch and not has_batch_axis(session):
+            self._add_batch_axis(self.model_path)
             session = self._make_session(self.model_path)
         self.model = ArcFaceONNX(
             self.model_path.with_suffix(".onnx").as_posix(),
@@ -47,9 +42,20 @@ class FaceRecognizer(InferenceModel):
         if faces["boxes"].shape[0] == 0:
             return []
         inputs = decode_cv2(inputs)
-        embeddings: NDArray[np.float32] = self.model.get_feat(self._crop(inputs, faces))
+        cropped_faces = self._crop(inputs, faces)
+        embeddings = self._predict_batch(cropped_faces) if self.batch else self._predict_single(cropped_faces)
         return self.postprocess(faces, embeddings)
 
+    def _predict_batch(self, cropped_faces: list[NDArray[np.uint8]]) -> NDArray[np.float32]:
+        embeddings: NDArray[np.float32] = self.model.get_feat(cropped_faces)
+        return embeddings
+
+    def _predict_single(self, cropped_faces: list[NDArray[np.uint8]]) -> NDArray[np.float32]:
+        embeddings: list[NDArray[np.float32]] = []
+        for face in cropped_faces:
+            embeddings.append(self.model.get_feat(face))
+        return np.concatenate(embeddings, axis=0)
+
     def postprocess(self, faces: FaceDetectionOutput, embeddings: NDArray[np.float32]) -> FacialRecognitionOutput:
         return [
             {
@@ -63,11 +69,8 @@ class FaceRecognizer(InferenceModel):
     def _crop(self, image: NDArray[np.uint8], faces: FaceDetectionOutput) -> list[NDArray[np.uint8]]:
         return [norm_crop(image, landmark) for landmark in faces["landmarks"]]
 
-    def _has_batch_dim(self, session: ort.InferenceSession) -> bool:
-        return not isinstance(session, ort.InferenceSession) or session.get_inputs()[0].shape[0] == "batch"
-
-    def _add_batch_dim(self, model_path: Path) -> None:
-        log.debug(f"Adding batch dimension to model {model_path}")
+    def _add_batch_axis(self, model_path: Path) -> None:
+        log.debug(f"Adding batch axis to model {model_path}")
         proto = onnx.load(model_path)
         static_input_dims = [shape.dim_value for shape in proto.graph.input[0].type.tensor_type.shape.dim[1:]]
         static_output_dims = [shape.dim_value for shape in proto.graph.output[0].type.tensor_type.shape.dim[1:]]

machine-learning/app/schemas.py

@@ -54,6 +54,14 @@ class ModelSource(StrEnum):
 ModelIdentity = tuple[ModelType, ModelTask]
 
 
+class SessionNode(Protocol):
+    @property
+    def name(self) -> str | None: ...
+
+    @property
+    def shape(self) -> tuple[int, ...]: ...
+
+
 class ModelSession(Protocol):
     def run(
         self,
@@ -62,6 +70,10 @@ class ModelSession(Protocol):
         run_options: Any = None,
     ) -> list[npt.NDArray[np.float32]]: ...
 
+    def get_inputs(self) -> list[SessionNode]: ...
+
+    def get_outputs(self) -> list[SessionNode]: ...
+
 
 class HasProfiling(Protocol):
     profiling: dict[str, float]

machine-learning/app/sessions/__init__.py

@@ -0,0 +1,5 @@
+from app.schemas import ModelSession
+
+
+def has_batch_axis(session: ModelSession) -> bool:
+    return not isinstance(session.get_inputs()[0].shape[0], int) or session.get_inputs()[0].shape[0] < 0

machine-learning/app/sessions/ann.py

@@ -7,6 +7,7 @@ import numpy as np
 from numpy.typing import NDArray
 
 from ann.ann import Ann
+from app.schemas import SessionNode
 
 from ..config import log, settings
 
@@ -16,27 +17,15 @@ class AnnSession:
     Wrapper for ANN to be drop-in replacement for ONNX session.
     """
 
-    def __init__(self, model_path: Path):
-        tuning_file = Path(settings.cache_folder) / "gpu-tuning.ann"
-        with tuning_file.open(mode="a"):
-            # make sure tuning file exists (without clearing contents)
-            # once filled, the tuning file reduces the cost/time of the first
-            # inference after model load by 10s of seconds
-            pass
-        self.ann = Ann(tuning_level=3, tuning_file=tuning_file.as_posix())
-        log.info("Loading ANN model %s ...", model_path)
-        cache_file = model_path.with_suffix(".anncache")
-        save = False
-        if not cache_file.is_file():
-            save = True
-            with cache_file.open(mode="a"):
-                # create empty model cache file
-                pass
+    def __init__(self, model_path: Path, cache_dir: Path = settings.cache_folder) -> None:
+        self.model_path = model_path
+        self.cache_dir = cache_dir
+        self.ann = Ann(tuning_level=3, tuning_file=(cache_dir / "gpu-tuning.ann").as_posix())
 
+        log.info("Loading ANN model %s ...", model_path)
         self.model = self.ann.load(
             model_path.as_posix(),
-            save_cached_network=save,
-            cached_network_path=cache_file.as_posix(),
+            cached_network_path=model_path.with_suffix(".anncache").as_posix(),
         )
         log.info("Loaded ANN model with ID %d", self.model)
 
@@ -45,11 +34,11 @@ class AnnSession:
         log.info("Unloaded ANN model %d", self.model)
         self.ann.destroy()
 
-    def get_inputs(self) -> list[AnnNode]:
+    def get_inputs(self) -> list[SessionNode]:
         shapes = self.ann.input_shapes[self.model]
         return [AnnNode(None, s) for s in shapes]
 
-    def get_outputs(self) -> list[AnnNode]:
+    def get_outputs(self) -> list[SessionNode]:
         shapes = self.ann.output_shapes[self.model]
         return [AnnNode(None, s) for s in shapes]
 

machine-learning/app/sessions/ort.py

@@ -0,0 +1,129 @@
+from __future__ import annotations
+
+from pathlib import Path
+from typing import Any
+
+import numpy as np
+import onnxruntime as ort
+from numpy.typing import NDArray
+
+from app.models.constants import SUPPORTED_PROVIDERS
+from app.schemas import SessionNode
+
+from ..config import log, settings
+
+
+class OrtSession:
+    def __init__(
+        self,
+        model_path: Path | str,
+        providers: list[str] | None = None,
+        provider_options: list[dict[str, Any]] | None = None,
+        sess_options: ort.SessionOptions | None = None,
+    ):
+        self.model_path = Path(model_path)
+        self.providers = providers if providers is not None else self._providers_default
+        self.provider_options = provider_options if provider_options is not None else self._provider_options_default
+        self.sess_options = sess_options if sess_options is not None else self._sess_options_default
+        self.session = ort.InferenceSession(
+            self.model_path.as_posix(),
+            providers=self.providers,
+            provider_options=self.provider_options,
+            sess_options=self.sess_options,
+        )
+
+    def get_inputs(self) -> list[SessionNode]:
+        inputs: list[SessionNode] = self.session.get_inputs()
+        return inputs
+
+    def get_outputs(self) -> list[SessionNode]:
+        outputs: list[SessionNode] = self.session.get_outputs()
+        return outputs
+
+    def run(
+        self,
+        output_names: list[str] | None,
+        input_feed: dict[str, NDArray[np.float32]] | dict[str, NDArray[np.int32]],
+        run_options: Any = None,
+    ) -> list[NDArray[np.float32]]:
+        outputs: list[NDArray[np.float32]] = self.session.run(output_names, input_feed, run_options)
+        return outputs
+
+    @property
+    def providers(self) -> list[str]:
+        return self._providers
+
+    @providers.setter
+    def providers(self, providers: list[str]) -> None:
+        log.info(f"Setting execution providers to {providers}, in descending order of preference")
+        self._providers = providers
+
+    @property
+    def _providers_default(self) -> list[str]:
+        available_providers = set(ort.get_available_providers())
+        log.debug(f"Available ORT providers: {available_providers}")
+        if (openvino := "OpenVINOExecutionProvider") in available_providers:
+            device_ids: list[str] = ort.capi._pybind_state.get_available_openvino_device_ids()
+            log.debug(f"Available OpenVINO devices: {device_ids}")
+
+            gpu_devices = [device_id for device_id in device_ids if device_id.startswith("GPU")]
+            if not gpu_devices:
+                log.warning("No GPU device found in OpenVINO. Falling back to CPU.")
+                available_providers.remove(openvino)
+        return [provider for provider in SUPPORTED_PROVIDERS if provider in available_providers]
+
+    @property
+    def provider_options(self) -> list[dict[str, Any]]:
+        return self._provider_options
+
+    @provider_options.setter
+    def provider_options(self, provider_options: list[dict[str, Any]]) -> None:
+        log.debug(f"Setting execution provider options to {provider_options}")
+        self._provider_options = provider_options
+
+    @property
+    def _provider_options_default(self) -> list[dict[str, Any]]:
+        options = []
+        for provider in self.providers:
+            match provider:
+                case "CPUExecutionProvider" | "CUDAExecutionProvider":
+                    option = {"arena_extend_strategy": "kSameAsRequested"}
+                case "OpenVINOExecutionProvider":
+                    option = {"device_type": "GPU_FP32", "cache_dir": (self.model_path.parent / "openvino").as_posix()}
+                case _:
+                    option = {}
+            options.append(option)
+        return options
+
+    @property
+    def sess_options(self) -> ort.SessionOptions:
+        return self._sess_options
+
+    @sess_options.setter
+    def sess_options(self, sess_options: ort.SessionOptions) -> None:
+        log.debug(f"Setting execution_mode to {sess_options.execution_mode.name}")
+        log.debug(f"Setting inter_op_num_threads to {sess_options.inter_op_num_threads}")
+        log.debug(f"Setting intra_op_num_threads to {sess_options.intra_op_num_threads}")
+        self._sess_options = sess_options
+
+    @property
+    def _sess_options_default(self) -> ort.SessionOptions:
+        sess_options = ort.SessionOptions()
+        sess_options.enable_cpu_mem_arena = False
+
+        # avoid thread contention between models
+        if settings.model_inter_op_threads > 0:
+            sess_options.inter_op_num_threads = settings.model_inter_op_threads
+        # these defaults work well for CPU, but bottleneck GPU
+        elif settings.model_inter_op_threads == 0 and self.providers == ["CPUExecutionProvider"]:
+            sess_options.inter_op_num_threads = 1
+
+        if settings.model_intra_op_threads > 0:
+            sess_options.intra_op_num_threads = settings.model_intra_op_threads
+        elif settings.model_intra_op_threads == 0 and self.providers == ["CPUExecutionProvider"]:
+            sess_options.intra_op_num_threads = 2
+
+        if sess_options.inter_op_num_threads > 1:
+            sess_options.execution_mode = ort.ExecutionMode.ORT_PARALLEL
+
+        return sess_options