chore: version v1.116.2

* fix(mobile): incorrect filename is retrieve during upload

* use the same convention to get local id

* revert previous change

* pr feedback

.dockerignore

@@ -22,6 +22,7 @@ open-api/typescript-sdk/node_modules/
 server/coverage/
 server/node_modules/
 server/upload/
+server/src/queries
 server/dist/
 server/www/
 

.github/FUNDING.yml

@@ -0,0 +1 @@
+custom: ['https://buy.immich.app']

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -83,7 +83,6 @@ body:
         2.
         3.
         ...
-      render: bash
     validations:
       required: true
 

.github/ISSUE_TEMPLATE/config.yml

@@ -1,11 +1,14 @@
 blank_issues_enabled: false
 contact_links:
-  - name: I have a question or need support
+  - name: ✋ I have a question or need support
     url: https://discord.immich.app
     about: We use GitHub for tracking bugs, please check out our Discord channel for freaky fast support.
-  - name: Feature Request
+  - name: 📷 My photo or video has a date, time, or timezone problem
+    url: https://github.com/immich-app/immich/discussions/12650
+    about: Upload a sample file to this discussion and we will take a look
+  - name: 🌟 Feature request
     url: https://github.com/immich-app/immich/discussions/new?category=feature-request
     about: Please use our GitHub Discussion for making feature requests.
-  - name: I'm unsure where to go
+  - name: 🫣 I'm unsure where to go
     url: https://discord.immich.app
     about: If you are unsure where to go, then joining our Discord is recommended; Just ask!

.github/labeler.yml

@@ -33,3 +33,6 @@ documentation:
   - changed-files:
       - any-glob-to-any-file:
           - machine-learning/app/**
+
+changelog:translation:
+  - head-branch: ['^chore/translations$']

.github/release.yml

@@ -2,28 +2,28 @@ changelog:
   categories:
     - title: 🚨 Breaking Changes
       labels:
-        - breaking-change
+        - changelog:breaking-change
 
     - title: 🔒 Security
       labels:
-        - security
+        - changelog:security
 
     - title: 🚀 Features
       labels:
-        - feature
+        - changelog:feature
 
     - title: 🌟 Enhancements
       labels:
-        - enhancement
+        - changelog:enhancement
 
     - title: 🐛 Bug fixes
       labels:
-        - bugfix
+        - changelog:bugfix
 
     - title: 📚 Documentation
       labels:
-        - documentation
+        - changelog:documentation
 
     - title: 🌐 Translations
       labels:
-        - translation
+        - changelog:translation

.github/workflows/build-mobile.yml

@@ -16,10 +16,28 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  pre-job:
+    runs-on: ubuntu-latest
+    outputs:
+      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - id: found_paths
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            mobile:
+              - 'mobile/**'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ github.event_name == 'workflow_call' || github.event_name == 'workflow_dispatch' }}" >> "$GITHUB_OUTPUT"
+
   build-sign-android:
     name: Build and sign Android
+    needs: pre-job
     # Skip when PR from a fork
-    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
+    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && needs.pre-job.outputs.should_run == 'true' }}
     runs-on: macos-14
 
     steps:

.github/workflows/cli.yml

@@ -22,7 +22,7 @@ permissions:
 
 jobs:
   publish:
-    name: Publish
+    name: CLI Publish
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -88,7 +88,7 @@ jobs:
             type=raw,value=latest,enable=${{ github.event_name == 'release' }}
 
       - name: Build and push image
-        uses: docker/build-push-action@v6.6.1
+        uses: docker/build-push-action@v6.7.0
         with:
           file: cli/Dockerfile
           platforms: linux/amd64,linux/arm64

.github/workflows/docker.yml

@@ -17,47 +17,105 @@ permissions:
   packages: write
 
 jobs:
-  build_and_push:
-    name: Build and Push
+  pre-job:
     runs-on: ubuntu-latest
+    outputs:
+      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - id: found_paths
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            server:
+              - 'server/**'
+              - 'openapi/**'
+              - 'web/**'
+            machine-learning:
+              - 'machine-learning/**'
+
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ github.event_name == 'workflow_dispatch' || github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"
+
+  retag_ml:
+    name: Re-Tag ML
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'false' && !github.event.pull_request.head.repo.fork }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        suffix: ["", "-cuda", "-openvino", "-armnn"]
+    steps:
+        - name: Login to GitHub Container Registry
+          uses: docker/login-action@v3
+          with:
+            registry: ghcr.io
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+        - name: Re-tag image
+          run: |
+              REGISTRY_NAME="ghcr.io"
+              REPOSITORY=${{ github.repository_owner }}/immich-machine-learning
+              TAG_OLD=main${{ matrix.suffix }}
+              TAG_NEW=${{ github.event.number == 0 && github.ref_name ||  format('pr-{0}', github.event.number)  }}${{ matrix.suffix }}
+              docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_NEW $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
+
+  retag_server:
+    name: Re-Tag Server
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_server == 'false' && !github.event.pull_request.head.repo.fork }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        suffix: [""]
+    steps:
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Re-tag image
+        run: |
+          REGISTRY_NAME="ghcr.io"
+          REPOSITORY=${{ github.repository_owner }}/immich-server
+          TAG_OLD=main${{ matrix.suffix }}
+          TAG_NEW=${{ github.event.number == 0 && github.ref_name ||  format('pr-{0}', github.event.number)  }}${{ matrix.suffix }}
+          docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_NEW $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
+
+
+  build_and_push_ml:
+    name: Build and Push ML
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
+    runs-on: ubuntu-latest
+    env:
+      image: immich-machine-learning
+      context: machine-learning
+      file: machine-learning/Dockerfile
     strategy:
       # Prevent a failure in one image from stopping the other builds
       fail-fast: false
       matrix:
         include:
-          - image: immich-machine-learning
-            context: machine-learning
-            file: machine-learning/Dockerfile
-            platforms: linux/amd64,linux/arm64
+          - platforms: linux/amd64,linux/arm64
             device: cpu
 
-          - image: immich-machine-learning
-            context: machine-learning
-            file: machine-learning/Dockerfile
-            platforms: linux/amd64
+          - platforms: linux/amd64
             device: cuda
             suffix: -cuda
 
-          - image: immich-machine-learning
-            context: machine-learning
-            file: machine-learning/Dockerfile
-            platforms: linux/amd64
+          - platforms: linux/amd64
             device: openvino
             suffix: -openvino
 
-          - image: immich-machine-learning
-            context: machine-learning
-            file: machine-learning/Dockerfile
-            platforms: linux/arm64
+          - platforms: linux/arm64
             device: armnn
             suffix: -armnn
 
-          - image: immich-server
-            context: .
-            file: server/Dockerfile
-            platforms: linux/amd64,linux/arm64
-            device: cpu
-
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -93,8 +151,8 @@ jobs:
             # Disable latest tag
             latest=false
           images: |
-            name=ghcr.io/${{ github.repository_owner }}/${{matrix.image}}
-            name=altran1502/${{matrix.image}},enable=${{ github.event_name == 'release' }}
+            name=ghcr.io/${{ github.repository_owner }}/${{env.image}}
+            name=altran1502/${{env.image}},enable=${{ github.event_name == 'release' }}
           tags: |
             # Tag with branch name
             type=ref,event=branch,suffix=${{ matrix.suffix }}
@@ -111,18 +169,18 @@ jobs:
             # Essentially just ignore the cache output (PR can't write to registry cache)
             echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
           else
-            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ matrix.image }}" >> $GITHUB_OUTPUT
+            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ env.image }}" >> $GITHUB_OUTPUT
           fi
 
       - name: Build and push image
-        uses: docker/build-push-action@v6.6.1
+        uses: docker/build-push-action@v6.7.0
         with:
-          context: ${{ matrix.context }}
-          file: ${{ matrix.file }}
+          context: ${{ env.context }}
+          file: ${{ env.file }}
           platforms: ${{ matrix.platforms }}
           # Skip pushing when PR from a fork
           push: ${{ !github.event.pull_request.head.repo.fork }}
-          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{matrix.image}}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{env.image}}
           cache-to: ${{ steps.cache-target.outputs.cache-to }}
           tags: ${{ steps.metadata.outputs.tags }}
           labels: ${{ steps.metadata.outputs.labels }}
@@ -132,3 +190,120 @@ jobs:
             BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }}
             BUILD_SOURCE_REF=${{ github.ref_name }}
             BUILD_SOURCE_COMMIT=${{ github.sha }}
+
+
+  build_and_push_server:
+    name: Build and Push Server
+    runs-on: ubuntu-latest
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
+    env:
+      image: immich-server
+      context: .
+      file: server/Dockerfile
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platforms: linux/amd64,linux/arm64
+            device: cpu
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3.2.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.6.1
+
+      - name: Login to Docker Hub
+        # Only push to Docker Hub when making a release
+        if: ${{ github.event_name == 'release' }}
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        # Skip when PR from a fork
+        if: ${{ !github.event.pull_request.head.repo.fork }}
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Generate docker image tags
+        id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          flavor: |
+            # Disable latest tag
+            latest=false
+          images: |
+            name=ghcr.io/${{ github.repository_owner }}/${{env.image}}
+            name=altran1502/${{env.image}},enable=${{ github.event_name == 'release' }}
+          tags: |
+            # Tag with branch name
+            type=ref,event=branch,suffix=${{ matrix.suffix }}
+            # Tag with pr-number
+            type=ref,event=pr,suffix=${{ matrix.suffix }}
+            # Tag with git tag on release
+            type=ref,event=tag,suffix=${{ matrix.suffix }}
+            type=raw,value=release,enable=${{ github.event_name == 'release' }},suffix=${{ matrix.suffix }}
+
+      - name: Determine build cache output
+        id: cache-target
+        run: |
+          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+            # Essentially just ignore the cache output (PR can't write to registry cache)
+            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
+          else
+            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ env.image }}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Build and push image
+        uses: docker/build-push-action@v6.7.0
+        with:
+          context: ${{ env.context }}
+          file: ${{ env.file }}
+          platforms: ${{ matrix.platforms }}
+          # Skip pushing when PR from a fork
+          push: ${{ !github.event.pull_request.head.repo.fork }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{env.image}}
+          cache-to: ${{ steps.cache-target.outputs.cache-to }}
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+          build-args: |
+            DEVICE=${{ matrix.device }}
+            BUILD_ID=${{ github.run_id }}
+            BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }}
+            BUILD_SOURCE_REF=${{ github.ref_name }}
+            BUILD_SOURCE_COMMIT=${{ github.sha }}
+
+  success-check-server:
+    name: Docker Build & Push Server Success
+    needs: [build_and_push_server, retag_server]
+    runs-on: ubuntu-latest
+    if: always()
+    steps:
+      - name: Any jobs failed?
+        if: ${{ contains(needs.*.result, 'failure') }}
+        run: exit 1
+      - name: All jobs passed or skipped
+        if: ${{ !(contains(needs.*.result, 'failure')) }}
+        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"
+
+  success-check-ml:
+    name: Docker Build & Push ML Success
+    needs: [build_and_push_ml, retag_ml]
+    runs-on: ubuntu-latest
+    if: always()
+    steps:
+      - name: Any jobs failed?
+        if: ${{ contains(needs.*.result, 'failure') }}
+        run: exit 1
+      - name: All jobs passed or skipped
+        if: ${{ !(contains(needs.*.result, 'failure')) }}
+        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"

.github/workflows/docs-build.yml

@@ -2,12 +2,8 @@ name: Docs build
 on:
   push:
     branches: [main]
-    paths:
-      - "docs/**"
   pull_request:
     branches: [main]
-    paths:
-      - "docs/**"
   release:
     types: [published]
 
@@ -16,7 +12,27 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  pre-job:
+    runs-on: ubuntu-latest
+    outputs:
+      should_run: ${{ steps.found_paths.outputs.docs == 'true' || steps.should_force.outputs.should_force == 'true' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - id: found_paths
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            docs:
+              - 'docs/**'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"
+
   build:
+    name: Docs Build
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
     runs-on: ubuntu-latest
     defaults:
       run:

.github/workflows/docs-deploy.yml

@@ -7,13 +7,32 @@ on:
 
 jobs:
   checks:
+    name: Docs Deploy Checks
     runs-on: ubuntu-latest
     outputs:
       parameters: ${{ steps.parameters.outputs.result }}
+      artifact: ${{ steps.get-artifact.outputs.result }}
     steps:
-      - if: ${{ github.event.workflow_run.conclusion == 'failure' }}
-        run: echo 'The triggering workflow failed' && exit 1
-
+      - if: ${{ github.event.workflow_run.conclusion != 'success' }}
+        run: echo 'The triggering workflow did not succeed' && exit 1
+      - name: Get artifact
+        id: get-artifact
+        uses: actions/github-script@v7
+        with:
+          script: |
+            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: context.payload.workflow_run.id,
+            });
+            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "docs-build-output"
+            })[0];
+            if (!matchArtifact) {
+              console.log("No artifact found with the name docs-build-output, build job was skipped")
+              return { found: false };
+            }
+            return { found: true, id: matchArtifact.id };
       - name: Determine deploy parameters
         id: parameters
         uses: actions/github-script@v7
@@ -73,9 +92,10 @@ jobs:
             return parameters;
 
   deploy:
+    name: Docs Deploy
     runs-on: ubuntu-latest
     needs: checks
-    if: ${{ fromJson(needs.checks.outputs.parameters).shouldDeploy }}
+    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -98,18 +118,11 @@ jobs:
         uses: actions/github-script@v7
         with:
           script: |
-            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: context.payload.workflow_run.id,
-            });
-            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
-              return artifact.name == "docs-build-output"
-            })[0];
+            let artifact = ${{ needs.checks.outputs.artifact }};
             let download = await github.rest.actions.downloadArtifact({
                owner: context.repo.owner,
                repo: context.repo.repo,
-               artifact_id: matchArtifact.id,
+               artifact_id: artifact.id,
                archive_format: 'zip',
             });
             let fs = require('fs');

.github/workflows/docs-destroy.yml

@@ -5,6 +5,7 @@ on:
 
 jobs:
   deploy:
+    name: Docs Destroy
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code

.github/workflows/pr-label-validation.yml

@@ -0,0 +1,21 @@
+name: PR Label Validation
+
+on:
+  pull_request_target:
+    types: [opened, labeled, unlabeled, synchronize]
+
+jobs:
+  validate-release-label:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: read
+    steps:
+      - name: Require PR to have a changelog label
+        uses: mheap/github-action-required-labels@v5
+        with:
+          mode: exactly
+          count: 1
+          use_regex: true
+          labels: "changelog:.*"
+          add_comment: true

.github/workflows/prepare-release.yml

@@ -29,10 +29,17 @@ jobs:
       ref: ${{ steps.push-tag.outputs.commit_long_sha }}
 
     steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
+          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
+
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          token: ${{ secrets.ORG_RELEASE_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
 
       - name: Install Poetry
         run: pipx install poetry
@@ -44,10 +51,8 @@ jobs:
         id: push-tag
         uses: EndBug/add-and-commit@v9
         with:
-          author_name: Alex The Bot
-          author_email: alex.tran1502@gmail.com
-          default_author: user_info
-          message: 'Version ${{ env.IMMICH_VERSION }}'
+          default_author: github_actions
+          message: 'chore: version ${{ env.IMMICH_VERSION }}'
           tag: ${{ env.IMMICH_VERSION }}
           push: true
 

.github/workflows/static_analysis.yml

@@ -10,8 +10,27 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  pre-job:
+    runs-on: ubuntu-latest
+    outputs:
+      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - id: found_paths
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            mobile:
+              - 'mobile/**'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"
+
   mobile-dart-analyze:
     name: Run Dart Code Analysis
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
 
     runs-on: ubuntu-latest
 
@@ -37,6 +56,10 @@ jobs:
         run: dart format lib/ --set-exit-if-changed
         working-directory: ./mobile
 
+      - name: Run dart custom_lint
+        run: dart run custom_lint
+        working-directory: ./mobile
+
       # Enable after riverpod generator migration is completed
       # - name: Run dart custom lint
       #   run: dart run custom_lint

.github/workflows/test.yml

@@ -10,8 +10,47 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  pre-job:
+    runs-on: ubuntu-latest
+    outputs:
+      should_run_web: ${{ steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_cli: ${{ steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e: ${{ steps.found_paths.outputs.e2e == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_mobile: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e_web: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e_server_cli: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.server == 'true' || steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - id: found_paths
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            web:
+              - 'web/**'
+              - 'open-api/typescript-sdk/**'
+            server:
+              - 'server/**'
+            cli:
+              - 'cli/**'
+              - 'open-api/typescript-sdk/**'
+            e2e:
+              - 'e2e/**'
+            mobile:
+              - 'mobile/**'
+            machine-learning:
+              - 'machine-learning/**'
+
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ github.event_name == 'workflow_dispatch' }}" >> "$GITHUB_OUTPUT"
+
   server-unit-tests:
-    name: Server
+    name: Test & Lint Server
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -46,7 +85,9 @@ jobs:
         if: ${{ !cancelled() }}
 
   cli-unit-tests:
-    name: CLI
+    name: Unit Test CLI
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -85,7 +126,9 @@ jobs:
         if: ${{ !cancelled() }}
 
   cli-unit-tests-win:
-    name: CLI (Windows)
+    name: Unit Test CLI (Windows)
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
     runs-on: windows-latest
     defaults:
       run:
@@ -117,7 +160,9 @@ jobs:
         if: ${{ !cancelled() }}
 
   web-unit-tests:
-    name: Web
+    name: Test & Lint Web
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -159,13 +204,54 @@ jobs:
         run: npm run test:cov
         if: ${{ !cancelled() }}
 
-  e2e-tests:
-    name: End-to-End Tests
+  e2e-tests-lint:
+    name: End-to-End Lint
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_e2e == 'true' }}
     runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: ./e2e
 
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './e2e/.nvmrc'
+
+      - name: Run setup typescript-sdk
+        run: npm ci && npm run build
+        working-directory: ./open-api/typescript-sdk
+        if: ${{ !cancelled() }}
+
+      - name: Install dependencies
+        run: npm ci
+        if: ${{ !cancelled() }}
+
+      - name: Run linter
+        run: npm run lint
+        if: ${{ !cancelled() }}
+
+      - name: Run formatter
+        run: npm run format
+        if: ${{ !cancelled() }}
+
+      - name: Run tsc
+        run: npm run check
+        if: ${{ !cancelled() }}
+
+  e2e-tests-server-cli:
+    name: End-to-End Tests (Server & CLI)
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_e2e_server_cli == 'true' }}
+    runs-on: mich
+    defaults:
+      run:
+        working-directory: ./e2e
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -191,16 +277,41 @@ jobs:
         run: npm ci
         if: ${{ !cancelled() }}
 
-      - name: Run linter
-        run: npm run lint
+      - name: Docker build
+        run: docker compose build
         if: ${{ !cancelled() }}
 
-      - name: Run formatter
-        run: npm run format
+      - name: Run e2e tests (api & cli)
+        run: npm run test
         if: ${{ !cancelled() }}
 
-      - name: Run tsc
-        run: npm run check
+  e2e-tests-web:
+    name: End-to-End Tests (Web)
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_e2e_web == 'true' }}
+    runs-on: mich
+    defaults:
+      run:
+        working-directory: ./e2e
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './e2e/.nvmrc'
+
+      - name: Run setup typescript-sdk
+        run: npm ci && npm run build
+        working-directory: ./open-api/typescript-sdk
+        if: ${{ !cancelled() }}
+
+      - name: Install dependencies
+        run: npm ci
         if: ${{ !cancelled() }}
 
       - name: Install Playwright Browsers
@@ -211,16 +322,14 @@ jobs:
         run: docker compose build
         if: ${{ !cancelled() }}
 
-      - name: Run e2e tests (api & cli)
-        run: npm run test
-        if: ${{ !cancelled() }}
-
       - name: Run e2e tests (web)
         run: npx playwright test
         if: ${{ !cancelled() }}
 
   mobile-unit-tests:
-    name: Mobile
+    name: Unit Test Mobile
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_mobile == 'true' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -234,7 +343,9 @@ jobs:
         run: flutter test -j 1
 
   ml-unit-tests:
-    name: Machine Learning
+    name: Unit Test ML
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
     runs-on: ubuntu-latest
     defaults:
       run:

.gitmodules

@@ -1,6 +1,6 @@
 [submodule "mobile/.isar"]
 	path = mobile/.isar
 	url = https://github.com/isar/isar
-[submodule "server/test/assets"]
+[submodule "e2e/test-assets"]
 	path = e2e/test-assets
 	url = https://github.com/immich-app/test-assets

.vscode/launch.json

@@ -5,8 +5,8 @@
       "type": "node",
       "request": "attach",
       "restart": true,
-      "port": 9230,
-      "name": "Immich Server",
+      "port": 9231,
+      "name": "Immich API Server",
       "remoteRoot": "/usr/src/app",
       "localRoot": "${workspaceFolder}/server"
     },
@@ -14,8 +14,8 @@
       "type": "node",
       "request": "attach",
       "restart": true,
-      "port": 9231,
-      "name": "Immich Microservices",
+      "port": 9230,
+      "name": "Immich Workers",
       "remoteRoot": "/usr/src/app",
       "localRoot": "${workspaceFolder}/server"
     }

README.md

@@ -33,6 +33,7 @@
 <a href="readme_i18n/README_pt_BR.md">Português Brasileiro</a>
 <a href="readme_i18n/README_sv_SE.md">Svenska</a>
 <a href="readme_i18n/README_ar_JO.md">العربية</a>
+<a href="readme_i18n/README_vi_VN.md">Tiếng Việt</a>
 
 </p>
 
@@ -92,7 +93,7 @@ For the mobile app, you can use `https://demo.immich.app/api` for the `Server En
 | LivePhoto/MotionPhoto backup and playback    | Yes    | Yes |
 | Support 360 degree image display             | No     | Yes |
 | User-defined storage structure               | Yes    | Yes |
-| Public Sharing                               | No     | Yes |
+| Public Sharing                               | Yes    | Yes |
 | Archive and Favorites                        | Yes    | Yes |
 | Global Map                                   | Yes    | Yes |
 | Partner Sharing                              | Yes    | Yes |

cli/.nvmrc

@@ -1 +1 @@
-20.16.0
+20.17.0

cli/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:20.16.0-alpine3.20@sha256:eb8101caae9ac02229bd64c024919fe3d4504ff7f329da79ca60a04db08cef52 AS core
+FROM node:20.17.0-alpine3.20@sha256:2d07db07a2df6830718ae2a47db6fedce6745f5bcd174c398f2acdda90a11c03 AS core
 
 WORKDIR /usr/src/open-api/typescript-sdk
 COPY open-api/typescript-sdk/package*.json open-api/typescript-sdk/tsconfig*.json ./

cli/README.md

@@ -4,8 +4,18 @@ Please see the [Immich CLI documentation](https://immich.app/docs/features/comma
 
 # For developers
 
+Before building the CLI, you must build the immich server and the open-api client. To build the server run the following in the server folder:
+
+    $ npm install
+    $ npm run build
+
+Then, to build the open-api client run the following in the open-api folder:
+
+    $ ./bin/generate-open-api.sh
+
 To run the Immich CLI from source, run the following in the cli folder:
 
+    $ npm install
     $ npm run build
     $ ts-node .
 
@@ -17,3 +27,4 @@ You can also build and install the CLI using
 
     $ npm run build
     $ npm install -g .
+****

cli/eslint.config.mjs

@@ -55,6 +55,7 @@ export default [
       'unicorn/import-style': 'off',
       curly: 2,
       'prettier/prettier': 0,
+      'object-shorthand': ['error', 'always'],
     },
   },
 ];

cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@immich/cli",
-  "version": "2.2.14",
+  "version": "2.2.22",
   "description": "Command Line Interface (CLI) for Immich",
   "type": "module",
   "exports": "./dist/index.js",
@@ -20,7 +20,7 @@
     "@types/cli-progress": "^3.11.0",
     "@types/lodash-es": "^4.17.12",
     "@types/mock-fs": "^4.13.1",
-    "@types/node": "^20.14.14",
+    "@types/node": "^20.16.5",
     "@typescript-eslint/eslint-plugin": "^8.0.0",
     "@typescript-eslint/parser": "^8.0.0",
     "@vitest/coverage-v8": "^2.0.5",
@@ -67,6 +67,6 @@
     "lodash-es": "^4.17.21"
   },
   "volta": {
-    "node": "20.16.0"
+    "node": "20.17.0"
   }
 }

deployment/modules/cloudflare/docs-release/.terraform.lock.hcl

@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.38.0"
-  constraints = "4.38.0"
+  version     = "4.41.0"
+  constraints = "4.41.0"
   hashes = [
-    "h1:+27KAHKHBDvv3dqyJv5vhtdKQZJzoZXoMqIyronlHNw=",
-    "h1:/uV9RgOUhkxElkHhWs8fs5ZbX9vj6RCBfP0oJO0JF30=",
-    "h1:1DNAdMugJJOAWD/XYiZenYYZLy7fw2ctjT4YZmkRCVQ=",
-    "h1:1wn4PmCLdT7mvd74JkCGmJDJxTQDkcxc+1jNbmwnMHA=",
-    "h1:BIHB4fBxHg2bA9KbL92njhyctxKC8b6hNDp60y5QBss=",
-    "h1:HCQpvKPsMsR4HO5eDqt+Kao7T7CYeEH7KZIO7xMcC6M=",
-    "h1:HTomuzocukpNLwtWzeSF3yteCVsyVKbwKmN66u9iPac=",
-    "h1:YDxsUBhBAwHSXLzVwrSlSBOwv1NvLyry7s5SfCV7VqQ=",
-    "h1:dchVhxo+Acd1l2RuZ88tW9lWj4422QMfgtxKvKCjYrw=",
-    "h1:eypa+P4ZpsEGMPFuCE+6VkRefu0TZRFmVBOpK+PDOPY=",
-    "h1:f3yjse2OsRZj7ZhR7BLintJMlI4fpyt8HyDP/zcEavw=",
-    "h1:mSJ7xj8K+xcnEmGg7lH0jjzyQb157wH94ULTAlIV+HQ=",
-    "h1:tt+2J2Ze8VIdDq2Hr6uHlTJzAMBRpErBwTYx0uD5ilE=",
-    "h1:uQW8SKxmulqrAisO+365mIf2FueINAp5PY28bqCPCug=",
-    "zh:171ab67cccceead4514fafb2d39e4e708a90cce79000aaf3c29aab7ed4457071",
-    "zh:18aa7228447baaaefc49a43e8eff970817a7491a63d8937e796357a3829dd979",
-    "zh:2cbaab6092e81ba6f41fa60a50f14e980c8ec327ee11d0b21f16a478be4b7567",
-    "zh:53b8e49c06f5b31a8c681f8c0669cf43e78abe71657b8182a221d096bb514965",
-    "zh:6037cfc60b4b647aabae155fcb46d649ed7c650e0287f05db52b2068f1e27c8a",
-    "zh:62460982ce1a869eebfca675603fbbd50416cf6b69459fb855bfbe5ae2b97607",
-    "zh:65f6f3a8470917b6398baa5eb4f74b3932b213eac7c0202798bfad6fd1ee17df",
+    "h1:0mc+YrjQrcctGrGYDmzlcqcgSv9MYB74rvMaZylIKC8=",
+    "h1:0zUx4vk4jOORQqn6xHBF7dO6N6bielFHdJ0mgF4Obn8=",
+    "h1:AsIZW3uLFNOZO7kL/K7/Y/S0IYxUV9Hz85NNk/3TTsA=",
+    "h1:FSgYM4+LHMbX/a4Y1kx7FPPWmXqS3/MQYzvjMJHHHWM=",
+    "h1:Tx6Nh3BWP1x9L3KK/Eyi+ET0T26g3+jf1jyiuqpNIis=",
+    "h1:VRI9wu8P43xxfpeTndRwsisLnqncfnmEYMOEH5zH4pQ=",
+    "h1:YxQqmiES/Yanq/VfGqBEqg+VIO7FGhO88aKoWFHyGIg=",
+    "h1:ZWHiaesjgDLKWlfdNj0oKyj/DWdxcfsO6NINu39zfpY=",
+    "h1:a2aCgDDBz3ccrr8YstIMl7VFnKo1xZAp+rOv59PPJ7U=",
+    "h1:aRyv8tB6wBAF9lKsLEdiHyCqnK5LfZq0FqMXCcUB4UU=",
+    "h1:lXpuO7zv2uD2GzPE1ARxznreRAh+QHTc2lAJ7iOoFgY=",
+    "h1:sA1xq0QNQ4fH8SHXouYNq50xirVD18SamKQwPsBQrrY=",
+    "h1:v7sHvKq7oqMYPn47ULHFyIQsKD9o+6Xg/uHbxQUixEw=",
+    "h1:wo/x4atWyXuWGlfR6h5nH0YwBAmBwTRY27HtWP8ycLo=",
+    "zh:339d26e06dc6fb299ea8aad9476a60fd65bb1d40631ae8eeb81cddf2dd2bebc8",
+    "zh:3dec2ad96ac2c283fd34ce65781b55c4edbb4d5c5cb53da8e31537176c0ed562",
+    "zh:5f63a5f8080319a2fff09d4d49944829fa708723436520787cfb60725ced80cf",
+    "zh:67162c28ccea71cb8141ed15c0637e35621354ebe14878e0b75a8f160fc5505d",
+    "zh:6ac1e07f5347b6395aca690ed22101bb25e957d25f986f760ff673a7adfd5ef6",
+    "zh:70282a723c7b52fcabde2baad41c864ed3a8d69f0c4d27a6b6933cac434cffc6",
     "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8b5cebe64bf04105a49178a165b6a8800a9a33bae6767143a47fe4977755f805",
-    "zh:a5596635db0993ee3c3060fbc2227d91b239466e96d2d82642625a5aa2486988",
-    "zh:b3a9c63038441f13c311fd4b2c7e69e571445e5a7365a20c7cc9046b7e6c8aba",
-    "zh:b585e7e4d7648a540b14b9182819214896ca9337729eeb1f2034833b17db754d",
-    "zh:d2c3c545318ac8542369e9fc8228e29ee585febdf203a450fad3e0eded71ce02",
-    "zh:e95dd2d6c3525073af47d47b763cb81b6a51b20cabf76f789c69328922da9ecf",
-    "zh:eee6e590b36d6c6168a7daae8afa74a8721fd7aa9f62a710f04a311975100722",
+    "zh:924cd23abc326c6b3914e2cd9c94c7832c2552e1e9ae258fb9fd9aedaa5f7ce7",
+    "zh:a4b75e4c239879296259e7d54f1befbc7fdc16da2d62d1294e9f73add4cae61e",
+    "zh:a6ceb08feb63b00c7141783b31e45a154c76fd8cdebbdf371074805f0053572d",
+    "zh:afae1843f9ba85f2f6d94108c65cf43a457e83531a632d44d863e935160cb2ba",
+    "zh:bd6628ce60c778960a5755f7010b7e2cc5c6ff0341a21c175341b28058ec843d",
+    "zh:cd30866a1ff99d72b5fa1699db582fa4f25562e6ab21dcc6870324f3056108e0",
+    "zh:df5924cca691a8220aaaebb5cb55c3d6c32ff0a881f198695eff28155eb12b54",
+    "zh:e78d0696c941aba58df1cb36b8a0d25cd5f3963f01d9338fdbda74db58afdd49",
   ]
 }

deployment/modules/cloudflare/docs-release/config.tf

@@ -5,7 +5,7 @@ terraform {
   required_providers {
     cloudflare = {
       source = "cloudflare/cloudflare"
-      version = "4.38.0"
+      version = "4.41.0"
     }
   }
 }

deployment/modules/cloudflare/docs-release/domain.tf

@@ -9,6 +9,6 @@ resource "cloudflare_record" "immich_app_release_domain" {
   proxied = true
   ttl = 1
   type = "CNAME"
-  value = data.terraform_remote_state.cloudflare_immich_app_docs.outputs.immich_app_branch_pages_hostname
+  content = data.terraform_remote_state.cloudflare_immich_app_docs.outputs.immich_app_branch_pages_hostname
   zone_id = data.terraform_remote_state.cloudflare_account.outputs.immich_app_zone_id
 }

deployment/modules/cloudflare/docs/.terraform.lock.hcl

@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.38.0"
-  constraints = "4.38.0"
+  version     = "4.41.0"
+  constraints = "4.41.0"
   hashes = [
-    "h1:+27KAHKHBDvv3dqyJv5vhtdKQZJzoZXoMqIyronlHNw=",
-    "h1:/uV9RgOUhkxElkHhWs8fs5ZbX9vj6RCBfP0oJO0JF30=",
-    "h1:1DNAdMugJJOAWD/XYiZenYYZLy7fw2ctjT4YZmkRCVQ=",
-    "h1:1wn4PmCLdT7mvd74JkCGmJDJxTQDkcxc+1jNbmwnMHA=",
-    "h1:BIHB4fBxHg2bA9KbL92njhyctxKC8b6hNDp60y5QBss=",
-    "h1:HCQpvKPsMsR4HO5eDqt+Kao7T7CYeEH7KZIO7xMcC6M=",
-    "h1:HTomuzocukpNLwtWzeSF3yteCVsyVKbwKmN66u9iPac=",
-    "h1:YDxsUBhBAwHSXLzVwrSlSBOwv1NvLyry7s5SfCV7VqQ=",
-    "h1:dchVhxo+Acd1l2RuZ88tW9lWj4422QMfgtxKvKCjYrw=",
-    "h1:eypa+P4ZpsEGMPFuCE+6VkRefu0TZRFmVBOpK+PDOPY=",
-    "h1:f3yjse2OsRZj7ZhR7BLintJMlI4fpyt8HyDP/zcEavw=",
-    "h1:mSJ7xj8K+xcnEmGg7lH0jjzyQb157wH94ULTAlIV+HQ=",
-    "h1:tt+2J2Ze8VIdDq2Hr6uHlTJzAMBRpErBwTYx0uD5ilE=",
-    "h1:uQW8SKxmulqrAisO+365mIf2FueINAp5PY28bqCPCug=",
-    "zh:171ab67cccceead4514fafb2d39e4e708a90cce79000aaf3c29aab7ed4457071",
-    "zh:18aa7228447baaaefc49a43e8eff970817a7491a63d8937e796357a3829dd979",
-    "zh:2cbaab6092e81ba6f41fa60a50f14e980c8ec327ee11d0b21f16a478be4b7567",
-    "zh:53b8e49c06f5b31a8c681f8c0669cf43e78abe71657b8182a221d096bb514965",
-    "zh:6037cfc60b4b647aabae155fcb46d649ed7c650e0287f05db52b2068f1e27c8a",
-    "zh:62460982ce1a869eebfca675603fbbd50416cf6b69459fb855bfbe5ae2b97607",
-    "zh:65f6f3a8470917b6398baa5eb4f74b3932b213eac7c0202798bfad6fd1ee17df",
+    "h1:0mc+YrjQrcctGrGYDmzlcqcgSv9MYB74rvMaZylIKC8=",
+    "h1:0zUx4vk4jOORQqn6xHBF7dO6N6bielFHdJ0mgF4Obn8=",
+    "h1:AsIZW3uLFNOZO7kL/K7/Y/S0IYxUV9Hz85NNk/3TTsA=",
+    "h1:FSgYM4+LHMbX/a4Y1kx7FPPWmXqS3/MQYzvjMJHHHWM=",
+    "h1:Tx6Nh3BWP1x9L3KK/Eyi+ET0T26g3+jf1jyiuqpNIis=",
+    "h1:VRI9wu8P43xxfpeTndRwsisLnqncfnmEYMOEH5zH4pQ=",
+    "h1:YxQqmiES/Yanq/VfGqBEqg+VIO7FGhO88aKoWFHyGIg=",
+    "h1:ZWHiaesjgDLKWlfdNj0oKyj/DWdxcfsO6NINu39zfpY=",
+    "h1:a2aCgDDBz3ccrr8YstIMl7VFnKo1xZAp+rOv59PPJ7U=",
+    "h1:aRyv8tB6wBAF9lKsLEdiHyCqnK5LfZq0FqMXCcUB4UU=",
+    "h1:lXpuO7zv2uD2GzPE1ARxznreRAh+QHTc2lAJ7iOoFgY=",
+    "h1:sA1xq0QNQ4fH8SHXouYNq50xirVD18SamKQwPsBQrrY=",
+    "h1:v7sHvKq7oqMYPn47ULHFyIQsKD9o+6Xg/uHbxQUixEw=",
+    "h1:wo/x4atWyXuWGlfR6h5nH0YwBAmBwTRY27HtWP8ycLo=",
+    "zh:339d26e06dc6fb299ea8aad9476a60fd65bb1d40631ae8eeb81cddf2dd2bebc8",
+    "zh:3dec2ad96ac2c283fd34ce65781b55c4edbb4d5c5cb53da8e31537176c0ed562",
+    "zh:5f63a5f8080319a2fff09d4d49944829fa708723436520787cfb60725ced80cf",
+    "zh:67162c28ccea71cb8141ed15c0637e35621354ebe14878e0b75a8f160fc5505d",
+    "zh:6ac1e07f5347b6395aca690ed22101bb25e957d25f986f760ff673a7adfd5ef6",
+    "zh:70282a723c7b52fcabde2baad41c864ed3a8d69f0c4d27a6b6933cac434cffc6",
     "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8b5cebe64bf04105a49178a165b6a8800a9a33bae6767143a47fe4977755f805",
-    "zh:a5596635db0993ee3c3060fbc2227d91b239466e96d2d82642625a5aa2486988",
-    "zh:b3a9c63038441f13c311fd4b2c7e69e571445e5a7365a20c7cc9046b7e6c8aba",
-    "zh:b585e7e4d7648a540b14b9182819214896ca9337729eeb1f2034833b17db754d",
-    "zh:d2c3c545318ac8542369e9fc8228e29ee585febdf203a450fad3e0eded71ce02",
-    "zh:e95dd2d6c3525073af47d47b763cb81b6a51b20cabf76f789c69328922da9ecf",
-    "zh:eee6e590b36d6c6168a7daae8afa74a8721fd7aa9f62a710f04a311975100722",
+    "zh:924cd23abc326c6b3914e2cd9c94c7832c2552e1e9ae258fb9fd9aedaa5f7ce7",
+    "zh:a4b75e4c239879296259e7d54f1befbc7fdc16da2d62d1294e9f73add4cae61e",
+    "zh:a6ceb08feb63b00c7141783b31e45a154c76fd8cdebbdf371074805f0053572d",
+    "zh:afae1843f9ba85f2f6d94108c65cf43a457e83531a632d44d863e935160cb2ba",
+    "zh:bd6628ce60c778960a5755f7010b7e2cc5c6ff0341a21c175341b28058ec843d",
+    "zh:cd30866a1ff99d72b5fa1699db582fa4f25562e6ab21dcc6870324f3056108e0",
+    "zh:df5924cca691a8220aaaebb5cb55c3d6c32ff0a881f198695eff28155eb12b54",
+    "zh:e78d0696c941aba58df1cb36b8a0d25cd5f3963f01d9338fdbda74db58afdd49",
   ]
 }

deployment/modules/cloudflare/docs/config.tf

@@ -5,7 +5,7 @@ terraform {
   required_providers {
     cloudflare = {
       source = "cloudflare/cloudflare"
-      version = "4.38.0"
+      version = "4.41.0"
     }
   }
 }

deployment/modules/cloudflare/docs/domain.tf

@@ -9,7 +9,7 @@ resource "cloudflare_record" "immich_app_branch_subdomain" {
   proxied = true
   ttl     = 1
   type    = "CNAME"
-  value   = "${replace(var.prefix_name, "/\\/|\\./", "-")}.${local.is_release ? data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_subdomain : data.terraform_remote_state.cloudflare_account.outputs.immich_app_preview_pages_project_subdomain}"
+  content   = "${replace(var.prefix_name, "/\\/|\\./", "-")}.${local.is_release ? data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_subdomain : data.terraform_remote_state.cloudflare_account.outputs.immich_app_preview_pages_project_subdomain}"
   zone_id = data.terraform_remote_state.cloudflare_account.outputs.immich_app_zone_id
 }
 
@@ -18,7 +18,7 @@ output "immich_app_branch_subdomain" {
 }
 
 output "immich_app_branch_pages_hostname" {
-  value = cloudflare_record.immich_app_branch_subdomain.value
+  value = cloudflare_record.immich_app_branch_subdomain.content
 }
 
 output "pages_project_name" {

docker/docker-compose.dev.yml

@@ -43,6 +43,7 @@ services:
     ports:
       - 3001:3001
       - 9230:9230
+      - 9231:9231
     depends_on:
       - redis
       - database
@@ -98,7 +99,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: redis:6.2-alpine@sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e
+    image: redis:6.2-alpine@sha256:2d1463258f2764328496376f5d965f20c6a67f66ea2b06dc42af351f75248792
     healthcheck:
       test: redis-cli ping || exit 1
 

docker/docker-compose.prod.yml

@@ -47,7 +47,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: redis:6.2-alpine@sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e
+    image: redis:6.2-alpine@sha256:2d1463258f2764328496376f5d965f20c6a67f66ea2b06dc42af351f75248792
     healthcheck:
       test: redis-cli ping || exit 1
     restart: always
@@ -79,7 +79,7 @@ services:
     container_name: immich_prometheus
     ports:
       - 9090:9090
-    image: prom/prometheus@sha256:cafe963e591c872d38f3ea41ff8eb22cee97917b7c97b5c0ccd43a419f11f613
+    image: prom/prometheus@sha256:f6639335d34a77d9d9db382b92eeb7fc00934be8eae81dbc03b31cfe90411a94
     volumes:
       - ./prometheus.yml:/etc/prometheus/prometheus.yml
       - prometheus-data:/prometheus
@@ -91,7 +91,7 @@ services:
     command: ['./run.sh', '-disable-reporting']
     ports:
       - 3000:3000
-    image: grafana/grafana:11.1.3-ubuntu@sha256:e10453733015f31103cb530425f32c994816b50102886fa885dafea2c50a711c
+    image: grafana/grafana:11.2.0-ubuntu@sha256:8e2c13739563c3da9d45de96c6bcb63ba617cac8c571c060112c7fc8ad6914e9
     volumes:
       - grafana-data:/var/lib/grafana
 

docker/docker-compose.yml

@@ -48,7 +48,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: docker.io/redis:6.2-alpine@sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e
+    image: docker.io/redis:6.2-alpine@sha256:2d1463258f2764328496376f5d965f20c6a67f66ea2b06dc42af351f75248792
     healthcheck:
       test: redis-cli ping || exit 1
     restart: always

docker/hwaccel.transcoding.yml

@@ -51,5 +51,4 @@ services:
     volumes:
       - /usr/lib/wsl:/usr/lib/wsl
     environment:
-      - LD_LIBRARY_PATH=/usr/lib/wsl/lib
       - LIBVA_DRIVER_NAME=d3d12

docs/.nvmrc

@@ -1 +1 @@
-20.16.0
+20.17.0

docs/docs/FAQ.mdx

@@ -52,14 +52,25 @@ On iOS (iPhone and iPad), the operating system determines if a particular app ca
 - Disable Background App Refresh for apps that don't need background tasks to run. This will reduce the competition for background task invocation for Immich.
 - Use the Immich app more often.
 
+### Why are features not working with a self-signed cert or mTLS?
+
+Due to limitations in the upstream app/video library, using a self-signed TLS certificate or mutual TLS may break video playback or asset upload (both foreground and/or background).
+We recommend using a real SSL certificate from a free provider, for example [Let's Encrypt](https://letsencrypt.org/).
+
 ---
 
 ## Assets
 
 ### Does Immich change the file?
 
-No, Immich does not touch the original file under any circumstances,  
-all edited metadata are saved in the companion sidecar file and the database.
+No, Immich does not modify the original files.
+All edited metadata is saved in companion `.xmp` sidecar files and the database.
+However, Immich will delete original files that have been trashed when the trash is emptied in the Immich UI.
+
+### Why do my file names appear as a random string in the file manager?
+
+When Storage Template is off (default) Immich saves the file names in a random string (also known as random UUIDs) to prevent duplicate file names. To retrieve the original file names, you must enable the Storage Template and then run the STORAGE TEMPLATE MIGRATION job.
+It is recommended to read about [Storage Template](https://immich.app/docs/administration/storage-template) before activation.
 
 ### Can I add my existing photo library?
 
@@ -157,13 +168,26 @@ We haven't implemented an official mechanism for creating albums from external l
 
 Duplicate checking only exists for upload libraries, using the file hash. Furthermore, duplicate checking is not global, but _per library_. Therefore, a situation where the same file appears twice in the timeline is possible, especially for external libraries.
 
+### Why are my edits to files not being saved in read-only external libraries?
+
+Images in read-write external libraries (the default) can be edited as normal.
+In read-only libraries (`:ro` in the `docker-compose.yml`), Immich is unable to create the `.xmp` sidecar files to store edited file metadata.
+For this reason, the metadata (timestamp, location, description, star rating, etc.) cannot be edited for files in read-only external libraries.
+
+### How are deletions of files handled in external libraries?
+
+Immich will attempt to delete original files that have been trashed when the trash is emptied.
+In read-write external libraries (the default), Immich will delete the original file.
+In read-only libraries (`:ro` in the `docker-compose.yml`), files can still be trashed in the UI.
+However, when the trash is emptied, the files will re-appear in the main timeline since Immich is unable to delete the original file.
+
 ---
 
 ## Machine Learning
 
 ### How does smart search work?
 
-Immich uses CLIP models. For more information about CLIP and its capabilities, read about it [here](https://openai.com/research/clip).
+Immich uses CLIP models. An ML model converts each image to an "embedding", which is essentially a string of numbers that semantically encodes what is in the image. The same is done for the text that you enter when you do a search, and that text embedding is then compared with those of the images to find similar ones. As such, there are no "tags", "labels", or "descriptions" generated that you can look at. For more information about CLIP and its capabilities, read about it [here](https://openai.com/research/clip).
 
 ### How does facial recognition work?
 
@@ -309,7 +333,11 @@ You may need to add mount points or docker volumes for the following internal co
 - `immich-machine-learning:/.cache`
 - `redis:/data`
 
-The non-root user/group needs read/write access to the volume mounts, including `UPLOAD_LOCATION`.
+The non-root user/group needs read/write access to the volume mounts, including `UPLOAD_LOCATION` and `/cache` for machine-learning.
+
+:::note Docker Compose Volumes
+The Docker Compose top level volume element does not support non-root access, all of the above volumes must be local volume mounts.
+:::
 
 For a further hardened system, you can add the following block to every container except for `immich_postgres`.
 

docs/docs/administration/backup-and-restore.md

@@ -21,6 +21,8 @@ The recommended way to backup and restore the Immich database is to use the `pg_
 It is not recommended to directly backup the `DB_DATA_LOCATION` folder. Doing so while the database is running can lead to a corrupted backup that cannot be restored.
 :::
 
+### Manual Backup and Restore
+
 <Tabs>
   <TabItem value="Linux system" label="Linux system" default>
 
@@ -29,10 +31,11 @@ docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgre
 ```
 
 ```bash title='Restore'
-docker compose down -v  # CAUTION! Deletes all Immich data to start from scratch.
-# rm -rf DB_DATA_LOCATION # CAUTION! Deletes all Immich data to start from scratch.
+docker compose down -v  # CAUTION! Deletes all Immich data to start from scratch
+## Uncomment the next line and replace DB_DATA_LOCATION with your Postgres path to permanently reset the Postgres database
+# rm -rf DB_DATA_LOCATION # CAUTION! Deletes all Immich data to start from scratch
 docker compose pull     # Update to latest version of Immich (if desired)
-docker compose create   # Create Docker containers for Immich apps without running them.
+docker compose create   # Create Docker containers for Immich apps without running them
 docker start immich_postgres    # Start Postgres server
 sleep 10    # Wait for Postgres server to start up
 gunzip < "/path/to/backup/dump.sql.gz" \
@@ -45,14 +48,15 @@ docker compose up -d    # Start remainder of Immich apps
   <TabItem value="Windows system (PowerShell)" label="Windows system (PowerShell)">
 
 ```powershell title='Backup'
-docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgres > "\path\to\backup\dump.sql"
+docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgres | Set-Content -Encoding utf8 "C:\path\to\backup\dump.sql"
 ```
 
 ```powershell title='Restore'
-docker compose down -v  # CAUTION! Deletes all Immich data to start from scratch.
-# Remove-Item -Recurse -Force DB_DATA_LOCATION # CAUTION! Deletes all Immich data to start from scratch.
+docker compose down -v  # CAUTION! Deletes all Immich data to start from scratch
+## Uncomment the next line and replace DB_DATA_LOCATION with your Postgres path to permanently reset the Postgres database
+# Remove-Item -Recurse -Force DB_DATA_LOCATION # CAUTION! Deletes all Immich data to start from scratch
 docker compose pull     # Update to latest version of Immich (if desired)
-docker compose create   # Create Docker containers for Immich apps without running them.
+docker compose create   # Create Docker containers for Immich apps without running them
 docker start immich_postgres    # Start Postgres server
 sleep 10    # Wait for Postgres server to start up
 gc "C:\path\to\backup\dump.sql" | docker exec -i immich_postgres psql --username=postgres   # Restore Backup
@@ -68,6 +72,8 @@ Note that for the database restore to proceed properly, it requires a completely
 Some deployment methods make it difficult to start the database without also starting the server or microservices. In these cases, you may set the environmental variable `DB_SKIP_MIGRATIONS=true` before starting the services. This will prevent the server from running migrations that interfere with the restore process. Note that both the server and microservices must have this variable set to prevent the migrations from running. Be sure to remove this variable and restart the services after the database is restored.
 :::
 
+### Automatic Database Backups
+
 The database dumps can also be automated (using [this image](https://github.com/prodrigestivill/docker-postgres-backup-local)) by editing the docker compose file to match the following:
 
 ```yaml
@@ -157,7 +163,7 @@ for more info read the [release notes](https://github.com/immich-app/immich/rele
 
   - The Immich database containing all the information to allow the system to function properly.  
     **Note:** This folder will only appear to users who have made the changes mentioned in [v1.102.0](https://github.com/immich-app/immich/discussions/8930) (an optional, non-mandatory change) or who started with this version.
-  - Stored in `UPLOAD_LOCATION/postgres`.
+  - Stored in `DB_DATA_LOCATION`.
 
   :::danger
   A backup of this folder does not constitute a backup of your database!
@@ -203,7 +209,7 @@ When you turn off the storage template engine, it will leave the assets in `UPLO
 
   - The Immich database containing all the information to allow the system to function properly.  
     **Note:** This folder will only appear to users who have made the changes mentioned in [v1.102.0](https://github.com/immich-app/immich/discussions/8930) (an optional, non-mandatory change) or who started with this version.
-  - Stored in `UPLOAD_LOCATION/postgres`.
+  - Stored in `DB_DATA_LOCATION`.
 
   :::danger
   A backup of this folder does not constitute a backup of your database!

docs/docs/administration/email-notification.mdx

@@ -8,13 +8,11 @@ Immich supports the option to send notifications via Email for the following eve
 
 ## SMTP settings
 
-You can access the settings panel from the web at `Administration -> Settings -> Notification settings`
+You can access the settings panel from the web at `Administration -> Settings -> Notification settings`.
 
-Under Email, enter the following details to connect with SMTP servers.
+Under Email, enter the required details to connect with an SMTP server.
 
-You can use the following [guide](/docs/guides/smtp-gmail) to use Gmail's SMTP server.
-
-<img src={require('./img/email-settings.png').default} width="80%" title="SMTP settings" />
+You can use [this guide](/docs/guides/smtp-gmail) to use Gmail's SMTP server.
 
 ## User's notifications settings
 

docs/docs/administration/jobs-workers.md

@@ -52,4 +52,4 @@ Additionally, some jobs run on a schedule, which is every night at midnight. Thi
 Storage Migration job can be run after changing the [Storage Template](/docs/administration/storage-template.mdx), in order to apply the change to the existing library.
 :::
 
-<img src={require('./img/admin-jobs.png').default} width="80%" title="Admin jobs" />
+<img src={require('./img/admin-jobs.webp').default} width="60%" title="Admin jobs" />

docs/docs/administration/oauth.md

@@ -3,7 +3,7 @@
 This page contains details about using OAuth in Immich.
 
 :::tip
-Unable to set `app.immich:/` as a valid redirect URI? See [Mobile Redirect URI](#mobile-redirect-uri) for an alternative solution.
+Unable to set `app.immich:///oauth-callback` as a valid redirect URI? See [Mobile Redirect URI](#mobile-redirect-uri) for an alternative solution.
 :::
 
 ## Overview
@@ -30,7 +30,7 @@ Before enabling OAuth in Immich, a new client application needs to be configured
 
    The **Sign-in redirect URIs** should include:
 
-   - `app.immich:/` - for logging in with OAuth from the [Mobile App](/docs/features/mobile-app.mdx)
+   - `app.immich:///oauth-callback` - for logging in with OAuth from the [Mobile App](/docs/features/mobile-app.mdx)
    - `http://DOMAIN:PORT/auth/login` - for logging in with OAuth from the Web Client
    - `http://DOMAIN:PORT/user-settings` - for manually linking OAuth in the Web Client
 
@@ -38,7 +38,7 @@ Before enabling OAuth in Immich, a new client application needs to be configured
 
    Mobile
 
-   - `app.immich:/` (You **MUST** include this for iOS and Android mobile apps to work properly)
+   - `app.immich:///oauth-callback` (You **MUST** include this for iOS and Android mobile apps to work properly)
 
    Localhost
 
@@ -96,16 +96,16 @@ When Auto Launch is enabled, the login page will automatically redirect the user
 
 ## Mobile Redirect URI
 
-The redirect URI for the mobile app is `app.immich:/`, which is a [Custom Scheme](https://developer.apple.com/documentation/xcode/defining-a-custom-url-scheme-for-your-app). If this custom scheme is an invalid redirect URI for your OAuth Provider, you can work around this by doing the following:
+The redirect URI for the mobile app is `app.immich:///oauth-callback`, which is a [Custom Scheme](https://developer.apple.com/documentation/xcode/defining-a-custom-url-scheme-for-your-app). If this custom scheme is an invalid redirect URI for your OAuth Provider, you can work around this by doing the following:
 
-1. Configure an http(s) endpoint to forwards requests to `app.immich:/`
+1. Configure an http(s) endpoint to forwards requests to `app.immich:///oauth-callback`
 2. Whitelist the new endpoint as a valid redirect URI with your provider.
 3. Specify the new endpoint as the `Mobile Redirect URI Override`, in the OAuth settings.
 
 With these steps in place, you should be able to use OAuth from the [Mobile App](/docs/features/mobile-app.mdx) without a custom scheme redirect URI.
 
 :::info
-Immich has a route (`/api/oauth/mobile-redirect`) that is already configured to forward requests to `app.immich:/`, and can be used for step 1.
+Immich has a route (`/api/oauth/mobile-redirect`) that is already configured to forward requests to `app.immich:///oauth-callback`, and can be used for step 1.
 :::
 
 ## Example Configuration
@@ -154,21 +154,21 @@ Configuration of Authorised redirect URIs (Google Console)
 
 Configuration of OAuth in Immich System Settings
 
-| Setting                      | Value                                                                                                  |
-| ---------------------------- | ------------------------------------------------------------------------------------------------------ |
-| Issuer URL                   | [https://accounts.google.com](https://accounts.google.com)                                             |
-| Client ID                    | 7\***\*\*\*\*\*\*\***\*\*\***\*\*\*\*\*\*\***vuls.apps.googleusercontent.com                           |
-| Client Secret                | G\***\*\*\*\*\*\*\***\*\*\***\*\*\*\*\*\*\***OO                                                        |
-| Scope                        | openid email profile                                                                                   |
-| Signing Algorithm            | RS256                                                                                                  |
-| Storage Label Claim          | preferred_username                                                                                     |
-| Storage Quota Claim          | immich_quota                                                                                           |
-| Default Storage Quota (GiB)  | 0 (0 for unlimited quota)                                                                              |
-| Button Text                  | Sign in with Google (optional)                                                                         |
-| Auto Register                | Enabled (optional)                                                                                     |
-| Auto Launch                  | Enabled                                                                                                |
-| Mobile Redirect URI Override | Enabled (required)                                                                                     |
-| Mobile Redirect URI          | [https://demo.immich.app/api/oauth/mobile-redirect](https://demo.immich.app/api/oauth/mobile-redirect) |
+| Setting                      | Value                                                                        |
+| ---------------------------- | ---------------------------------------------------------------------------- |
+| Issuer URL                   | `https://accounts.google.com`                                                |
+| Client ID                    | 7\***\*\*\*\*\*\*\***\*\*\***\*\*\*\*\*\*\***vuls.apps.googleusercontent.com |
+| Client Secret                | G\***\*\*\*\*\*\*\***\*\*\***\*\*\*\*\*\*\***OO                              |
+| Scope                        | openid email profile                                                         |
+| Signing Algorithm            | RS256                                                                        |
+| Storage Label Claim          | preferred_username                                                           |
+| Storage Quota Claim          | immich_quota                                                                 |
+| Default Storage Quota (GiB)  | 0 (0 for unlimited quota)                                                    |
+| Button Text                  | Sign in with Google (optional)                                               |
+| Auto Register                | Enabled (optional)                                                           |
+| Auto Launch                  | Enabled                                                                      |
+| Mobile Redirect URI Override | Enabled (required)                                                           |
+| Mobile Redirect URI          | `https://example.immich.app/api/oauth/mobile-redirect`                       |
 
 </details>
 

docs/docs/administration/reverse-proxy.md

@@ -64,3 +64,43 @@ Below is an example config for Apache2 site configuration.
    ProxyPreserveHost On
 </VirtualHost>
 ```
+
+### Traefik Proxy example config
+
+The example below is for Traefik version 3.
+
+The most important is to increase the `respondingTimeouts` of the entrypoint used by immich. In this example of entrypoint `websecure` for port `443`. Per default it's set to 60s which leeds to videos stop uploading after 1 minute (Error Code 499). With this config it will fail after 10 minutes which is in most cases enough. Increase it if needed.
+
+`traefik.yaml`
+
+```yaml
+[...]
+entryPoints:
+  websecure:
+    address: :443
+    # this section needs to be added
+    transport:
+      respondingTimeouts:
+        readTimeout: 600s
+        idleTimeout: 600s
+        writeTimeout: 600s
+```
+
+The second part is in the `docker-compose.yml` file where immich is in. Add the Traefik specific labels like in the example.
+
+`docker-compose.yml`
+
+```yaml
+services:
+  immich-server:
+    [...]
+    labels:
+      traefik.enable: true
+      # increase readingTimeouts for the entrypoint used here
+      traefik.http.routers.immich.entrypoints: websecure
+      traefik.http.routers.immich.rule: Host(`immich.your-domain.com`)
+      traefik.http.services.immich.loadbalancer.server.port: 3001
+```
+
+Keep in mind, that Traefik needs to communicate with the network where immich is in, usually done
+by adding the Traefik network to the `immich-server`.

docs/docs/administration/system-settings.md

@@ -104,7 +104,7 @@ You can choose to disable a certain type of machine learning, for example smart
 
 ### Smart Search
 
-The smart search settings are designed to allow the search tool to be used using [CLIP](https://openai.com/research/clip) models that [can be changed](/docs/FAQ#can-i-use-a-custom-clip-model), different models will necessarily give better results but may consume more processing power, when changing a model it is mandatory to re-run the
+The [smart search](/docs/features/smart-search) settings are designed to allow the search tool to be used using [CLIP](https://openai.com/research/clip) models that [can be changed](/docs/FAQ#can-i-use-a-custom-clip-model), different models will necessarily give better results but may consume more processing power, when changing a model it is mandatory to re-run the
 Smart Search job on all images to fully apply the change.
 
 :::info Internet connection
@@ -113,15 +113,23 @@ After downloading, there is no need for Immich to connect to the network
 Unless version checking has been enabled in the settings.
 :::
 
+### Duplicate Detection
+
+Use CLIP embeddings to find likely duplicates. The maximum detection distance can be configured in order to improve / reduce the level of accuracy.
+
+- **Maximum detection distance -** Maximum distance between two images to consider them duplicates, ranging from 0.001-0.1. Higher values will detect more duplicates, but may result in false positives.
+
 ### Facial Recognition
 
 Under these settings, you can change the facial recognition settings
 Editable settings:
 
-- **Facial Recognition Model -** Models are listed in descending order of size. Larger models are slower and use more memory, but produce better results. Note that you must re-run the Face Detection job for all images upon changing a model.
-- **Min Detection Score -** Minimum confidence score for a face to be detected from 0-1. Lower values will detect more faces but may result in false positives.
-- **Max Recognition Distance -** Maximum distance between two faces to be considered the same person, ranging from 0-2. Lowering this can prevent labeling two people as the same person, while raising it can prevent labeling the same person as two different people. Note that it is easier to merge two people than to split one person in two, so err on the side of a lower threshold when possible.
-- **Min Recognized Faces -** The minimum number of recognized faces for a person to be created (AKA: Core face). Increasing this makes Facial Recognition more precise at the cost of increasing the chance that a face is not assigned to a person.
+- **Facial Recognition Model**
+- **Min Detection Score**
+- **Max Recognition Distance**
+- **Min Recognized Faces**
+
+You can learn more about these options on the [Facial Recognition page](/docs/features/facial-recognition#how-face-detection-works)
 
 :::info
 When changing the values in Min Detection Score, Max Recognition Distance, and Min Recognized Faces.
@@ -153,7 +161,7 @@ SMTP server setup, for user creation notifications, new albums, etc. More inform
 
 ### External Domain
 
-When set, will override the domain name used when viewing and copying a shared link.
+Overrides the domain name in shared links and email notifications. The URL should not include a trailing slash.
 
 ### Welcome Message
 

docs/docs/developer/architecture.mdx

@@ -3,6 +3,7 @@ sidebar_position: 1
 ---
 
 import AppArchitecture from './img/app-architecture.png';
+import MobileArchitecture from './img/immich_mobile_architecture.svg';
 
 # Architecture
 
@@ -28,7 +29,14 @@ All three clients use [OpenAPI](./open-api.md) to auto-generate rest clients for
 
 ### Mobile App
 
-The mobile app is written in [Flutter](https://flutter.dev/). It uses [Isar Database](https://isar.dev/) for a local database and [Riverpod](https://riverpod.dev/) for state management.
+The mobile app is written in [Dart](https://dart.dev/) using [Flutter](https://flutter.dev/). Below is an architecture overview:
+
+<MobileArchitecture className="p-4 dark:bg-immich-dark-primary my-4" />
+
+The diagrams shows the target architecture, the current state of the code-base is not always following the architecture yet. New code and contributions should follow this architecture.
+Currently, it uses [Isar Database](https://isar.dev/) for a local database and [Riverpod](https://riverpod.dev/) for state management (providers).
+Entities and Models are the two types of data classes used. While entities are stored in the on-device database, models are ephemeral and only kept in memory.
+The Repositories should be the only place where other data classes are used internally (such as OpenAPI DTOs). However, their interfaces must not use foreign data classes!
 
 ### Web Client
 

docs/docs/developer/img/immich_mobile_architecture.drawio

@@ -0,0 +1,104 @@
+<mxfile host="app.diagrams.net" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36" version="24.7.16">
+  <diagram name="Page-1" id="Bp2gX--FtC4sSMWxsLrs">
+    <mxGraphModel dx="1728" dy="954" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="0" pageScale="1" pageWidth="850" pageHeight="1100" background="none" math="0" shadow="0">
+      <root>
+        <mxCell id="0" />
+        <mxCell id="1" parent="0" />
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-1" value="" style="verticalLabelPosition=bottom;verticalAlign=top;html=1;shape=mxgraph.basic.polygon;polyCoords=[[0.25,0],[0.75,0],[1,0.25],[1,0.75],[0.75,1],[0.25,1],[0,0.75],[0,0.25]];polyline=0;strokeWidth=4;rounded=1;fillColor=#4251B0;" vertex="1" parent="1">
+          <mxGeometry x="280" y="217.5" width="465" height="465" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-2" value="&lt;b&gt;&lt;font style=&quot;font-size: 22px;&quot;&gt;Mobile App&lt;/font&gt;&lt;/b&gt;" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;rounded=1;fontColor=#ffffff;" vertex="1" parent="1">
+          <mxGeometry x="442.5" y="225" width="140" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-25" style="edgeStyle=none;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" edge="1" parent="1" source="zHhczcy2-Jv_nqmJUiNH-4" target="zHhczcy2-Jv_nqmJUiNH-5">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-4" value="Services" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#FFB400;" vertex="1" parent="1">
+          <mxGeometry x="530" y="420" width="80" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-26" style="edgeStyle=none;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" edge="1" parent="1" source="zHhczcy2-Jv_nqmJUiNH-5" target="zHhczcy2-Jv_nqmJUiNH-12">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-5" value="Repositories" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#1E83F7;" vertex="1" parent="1">
+          <mxGeometry x="650" y="420" width="80" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-24" style="edgeStyle=none;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" edge="1" parent="1" source="zHhczcy2-Jv_nqmJUiNH-6" target="zHhczcy2-Jv_nqmJUiNH-4">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-6" value="Providers" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#ED79B5;" vertex="1" parent="1">
+          <mxGeometry x="410" y="420" width="80" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-29" style="edgeStyle=none;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" edge="1" parent="1" source="zHhczcy2-Jv_nqmJUiNH-7" target="zHhczcy2-Jv_nqmJUiNH-8">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-30" style="edgeStyle=none;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;" edge="1" parent="1" source="zHhczcy2-Jv_nqmJUiNH-7" target="zHhczcy2-Jv_nqmJUiNH-6">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-7" value="Pages" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#FA2921;" vertex="1" parent="1">
+          <mxGeometry x="290" y="480" width="80" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-31" style="edgeStyle=none;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.25;entryDx=0;entryDy=0;" edge="1" parent="1" source="zHhczcy2-Jv_nqmJUiNH-8" target="zHhczcy2-Jv_nqmJUiNH-6">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-8" value="Widgets" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#FA2921;" vertex="1" parent="1">
+          <mxGeometry x="290" y="360" width="80" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-11" value="User" style="shape=umlActor;verticalLabelPosition=bottom;verticalAlign=top;html=1;outlineConnect=0;rounded=1;fillColor=#4251B0;" vertex="1" parent="1">
+          <mxGeometry x="180" y="368.5" width="81.5" height="163" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-12" value="platform&lt;div&gt;system&lt;/div&gt;" style="rhombus;whiteSpace=wrap;html=1;rounded=1;fillColor=#ED79B5;" vertex="1" parent="1">
+          <mxGeometry x="800" y="410" width="80" height="80" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-13" value="on-device&lt;div&gt;database&lt;/div&gt;" style="shape=cylinder3;whiteSpace=wrap;html=1;boundedLbl=1;backgroundOutline=1;size=15;rounded=1;fillColor=#FA2921;" vertex="1" parent="1">
+          <mxGeometry x="810" y="310" width="60" height="80" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-14" value="server" style="ellipse;shape=cloud;whiteSpace=wrap;html=1;rounded=1;fillColor=#FFB400;" vertex="1" parent="1">
+          <mxGeometry x="780" y="500" width="120" height="80" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-16" style="edgeStyle=none;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.75;exitDx=0;exitDy=0;entryX=0.07;entryY=0.4;entryDx=0;entryDy=0;entryPerimeter=0;" edge="1" parent="1" source="zHhczcy2-Jv_nqmJUiNH-5" target="zHhczcy2-Jv_nqmJUiNH-14">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-39" value="OpenAPI" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];rounded=1;labelBackgroundColor=#1E83F7;" vertex="1" connectable="0" parent="zHhczcy2-Jv_nqmJUiNH-16">
+          <mxGeometry x="0.0697" y="1" relative="1" as="geometry">
+            <mxPoint x="8" y="10" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-23" style="edgeStyle=none;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.75;exitY=1;exitDx=0;exitDy=0;" edge="1" parent="1" source="zHhczcy2-Jv_nqmJUiNH-6" target="zHhczcy2-Jv_nqmJUiNH-6">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-27" style="edgeStyle=none;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.25;exitDx=0;exitDy=0;entryX=0;entryY=1;entryDx=0;entryDy=-15;entryPerimeter=0;" edge="1" parent="1" source="zHhczcy2-Jv_nqmJUiNH-5" target="zHhczcy2-Jv_nqmJUiNH-13">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-34" style="edgeStyle=none;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;dashed=1;" edge="1" parent="1" source="zHhczcy2-Jv_nqmJUiNH-3">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="810" y="360" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-36" value="" style="endArrow=none;dashed=1;html=1;rounded=1;" edge="1" parent="1" source="zHhczcy2-Jv_nqmJUiNH-9">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="512.08" y="665" as="sourcePoint" />
+            <mxPoint x="512.08" y="265" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-37" value="UI part" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;fontStyle=1;fontSize=14;fontColor=#FFFFFF;" vertex="1" parent="1">
+          <mxGeometry x="387.5" y="640" width="70" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-38" value="non-UI part" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;fontStyle=1;fontSize=14;fontColor=#FFFFFF;" vertex="1" parent="1">
+          <mxGeometry x="550" y="640" width="90" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-41" value="" style="endArrow=none;dashed=1;html=1;rounded=1;" edge="1" parent="1" target="zHhczcy2-Jv_nqmJUiNH-9">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="512.08" y="665" as="sourcePoint" />
+            <mxPoint x="512.08" y="265" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-9" value="Models" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#18C249;" vertex="1" parent="1">
+          <mxGeometry x="470" y="510" width="80" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="zHhczcy2-Jv_nqmJUiNH-3" value="Entities" style="rounded=1;whiteSpace=wrap;html=1;gradientColor=none;fillColor=#18C249;" vertex="1" parent="1">
+          <mxGeometry x="472.5" y="330" width="80" height="60" as="geometry" />
+        </mxCell>
+      </root>
+    </mxGraphModel>
+  </diagram>
+</mxfile>

docs/docs/developer/setup.md

@@ -106,7 +106,7 @@ in User `settings.json` (`cmd + shift + p` and search for `Open User Settings JS
     "editor.suggest.snippetsPreventQuickSuggestions": false,
     "editor.suggestSelection": "first",
     "editor.tabCompletion": "onlySnippets",
-    "editor.wordBasedSuggestions": false,
+    "editor.wordBasedSuggestions": "off",
     "editor.defaultFormatter": "Dart-Code.dart-code"
   }
 }

docs/docs/features/libraries.md

@@ -1,18 +1,14 @@
-# Libraries
+# External Libraries
 
-## Overview
+External libraries track assets stored in the filesystem outside of Immich. When the external library is scanned, Immich will load videos and photos from disk and create the corresponding assets. These assets will then be shown in the main timeline, and they will look and behave like any other asset, including viewing on the map, adding to albums, etc. Later, if a file is modified outside of Immich, you need to scan the library for the changes to show up.
 
-Immich supports the creation of libraries which is a top-level asset container. Currently, there are two types of libraries: traditional upload libraries that can sync with a mobile device, and external libraries, that keeps up to date with files on disk. Libraries are different from albums in that an asset can belong to multiple albums but only one library, and deleting a library deletes all assets contained within. As of August 2023, this is a new feature and libraries have a lot of potential for future development beyond what is documented here. This document attempts to describe the current state of libraries.
+If an external asset is deleted from disk, Immich will move it to trash on rescan. To restore the asset, you need to restore the original file. After 30 days the file will be removed from trash, and any changes to metadata within Immich will be lost.
 
-## External Libraries
+:::caution
 
-External libraries tracks assets stored outside of Immich, i.e. in the file system. When the external library is scanned, Immich will read the metadata from the file and create an asset in the library for each image or video file. These items will then be shown in the main timeline, and they will look and behave like any other asset, including viewing on the map, adding to albums, etc.
+If you add metadata to an external asset in any way (i.e. add it to an album or edit the description), that metadata is only stored inside Immich and will not be persisted to the external asset file. If you move an asset to another location within the library all such metadata will be lost upon rescan. This is because the asset is considered a new asset after the move. This is a known issue and will be fixed in a future release.
 
-If a file is modified outside of Immich, the changes will not be reflected in immich until the library is scanned again. There are different ways to scan a library depending on the use case:
-
-- Scan Library Files: This is the default scan method and also the quickest. It will scan all files in the library and add new files to the library. It will notice if any files are missing (see below) but not check existing assets
-- Scan All Library Files: Same as above, but will check each existing asset to see if the modification time has changed. If it has, the asset will be updated. Since it has to check each asset, this is slower than Scan Library Files.
-- Force Scan All Library Files: Same as above, but will read each asset from disk no matter the modification time. This is useful in some cases where an asset has been modified externally but the modification time has not changed. This is the slowest way to scan because it reads each asset from disk.
+:::
 
 :::caution
 
@@ -20,22 +16,6 @@ Due to aggressive caching it can take some time for a refreshed asset to appear
 
 :::
 
-In external libraries, the file path is used for duplicate detection. This means that if a file is moved to a different location, it will be added as a new asset. If the file is moved back to its original location, it will be added as a new asset. In contrast to upload libraries, two identical files can be uploaded if they are in different locations. This is a deliberate design choice to make Immich reflect the file system as closely as possible. Remember that duplication detection is only done within the same library, so if you have multiple external libraries, the same file can be added to multiple libraries.
-
-:::caution
-
-If you add assets from an external library to an album and then move the asset to another location within the library, the asset will be removed from the album upon rescan. This is because the asset is considered a new asset after the move. This is a known issue and will be fixed in a future release.
-
-:::
-
-### Deleted External Assets
-
-Note: Either a manual or scheduled library scan must have been performed to identify offline assets before this process will work.
-
-In all above scan methods, Immich will check if any files are missing. This can happen if files are deleted, or if they are on a storage location that is currently unavailable, like a network drive that is not mounted, or a USB drive that has been unplugged. In order to prevent accidental deletion of assets, Immich will not immediately delete an asset from the library if the file is missing. Instead, the asset will be internally marked as offline and will still be visible in the main timeline. If the file is moved back to its original location and the library is scanned again, the asset will be restored.
-
-Finally, files can be deleted from Immich via the `Remove Offline Files` job. This job can be found by the three dots menu for the associated external storage that was configured under Administration > Libraries (the same location described at [create external libraries](#create-external-libraries)). When this job is run, any assets marked as offline will then be removed from Immich. Run this job whenever files have been deleted from the file system and you want to remove them from Immich.
-
 ### Import Paths
 
 External libraries use import paths to determine which files to scan. Each library can have multiple import paths so that files from different locations can be added to the same library. Import paths are scanned recursively, and if a file is in multiple import paths, it will only be added once. Each import file must be a readable directory that exists on the filesystem; the import path dialog will alert you of any paths that are not accessible.
@@ -66,9 +46,13 @@ Some basic examples:
 - `**/Raw/**` will exclude all files in any directory named `Raw`
 - `**/*.{tif,jpg}` will exclude all files with the extension `.tif` or `.jpg`
 
+Special characters such as @ should be escaped, for instance:
+
+- `**/\@eadir/**` will exclude all files in any directory named `@eadir`
+
 ### Automatic watching (EXPERIMENTAL)
 
-This feature - currently hidden in the config file - is considered experimental and for advanced users only. If enabled, it will allow automatic watching of the filesystem which means new assets are automatically imported to Immich without needing to rescan. Deleted assets are, as always, marked as offline and can be removed with the "Remove offline files" button.
+This feature - currently hidden in the config file - is considered experimental and for advanced users only. If enabled, it will allow automatic watching of the filesystem which means new assets are automatically imported to Immich without needing to rescan.
 
 If your photos are on a network drive, automatic file watching likely won't work. In that case, you will have to rely on a periodic library refresh to pull in your changes.
 
@@ -84,7 +68,7 @@ In rare cases, the library watcher can hang, preventing Immich from starting up.
 
 ### Nightly job
 
-There is an automatic job that's run once a day and refreshes all modified files in all libraries as well as cleans up any libraries stuck in deletion.
+There is an automatic scan job that is scheduled to run once a day. This job also cleans up any libraries stuck in deletion.
 
 ## Usage
 
@@ -104,22 +88,23 @@ The `immich-server` container will need access to the gallery. Modify your docke
   immich-server:
     volumes:
       - ${UPLOAD_LOCATION}:/usr/src/app/upload
-+     - /mnt/nas/christmas-trip:/mnt/nas/christmas-trip:ro
-+     - /home/user/old-pics:/home/user/old-pics:ro
++     - /mnt/nas/christmas-trip:/mnt/media/christmas-trip:ro
++     - /home/user/old-pics:/mnt/media/old-pics:ro
 +     - /mnt/media/videos:/mnt/media/videos:ro
 +     - /mnt/media/videos2:/mnt/media/videos2 # the files in this folder can be deleted, as it does not end with :ro
 +     - "C:/Users/user_name/Desktop/my media:/mnt/media/my-media:ro" # import path in Windows system.
 ```
 
 :::tip
-The `ro` flag at the end only gives read-only access to the volumes. This will disallow the images from being deleted in the web UI.
+The `ro` flag at the end only gives read-only access to the volumes.
+This will disallow the images from being deleted in the web UI, or adding metadata to the library ([XMP sidecars](/docs/features/xmp-sidecars)).
 :::
 
 :::info
 _Remember to run `docker compose up -d` to register the changes. Make sure you can see the mounted path in the container._
 :::
 
-### Create External Libraries
+### Create A New Library
 
 These actions must be performed by the Immich administrator.
 
@@ -143,7 +128,7 @@ Next, we'll add an exclusion pattern to filter out raw files.
 - Enter `**/Raw/**` and click save.
 - Click save
 - Click the drop-down menu on the newly created library
-- Click on Scan Library Files
+- Click on Scan
 
 The christmas trip library will now be scanned in the background. In the meantime, let's add the videos and old photos to another library.
 
@@ -160,7 +145,7 @@ If you get an error here, please rename the other external library to something
 - Click on Add Path
 - Enter `/mnt/media/videos` then click Add
 - Click Save
-- Click on Scan Library Files
+- Click on Scan
 
 Within seconds, the assets from the old-pics and videos folders should show up in the main timeline.
 

docs/docs/features/ml-hardware-acceleration.md

@@ -38,7 +38,7 @@ You do not need to redo any machine learning jobs after enabling hardware accele
 
 - The GPU must have compute capability 5.2 or greater.
 - The server must have the official NVIDIA driver installed.
-- The installed driver must be >= 545 (it must support CUDA 12.3.2).
+- The installed driver must be >= 535 (it must support CUDA 12.2).
 - On Linux (except for WSL2), you also need to have [NVIDIA Container Toolkit][nvct] installed.
 
 #### OpenVINO

docs/docs/features/shared-albums.md

@@ -16,7 +16,7 @@ When sharing shared albums, whats shared is:
 
 - Download all assets as zip file (Web only).
   :::info Archive size limited.
-  If the size of the album exceeds 4GB, the archive files will be divided into 4GB each.
+  If the size of the album exceeds 4GB, the archive files will by default be divided into 4GB each. This can be changed on the user settings page.
   :::
 - Add a description to the album (Web only).
 - Slideshow view (Web only).
@@ -73,14 +73,14 @@ You can edit the link properties, options include;
 - **Allow public user to download -** whether to allow whoever has the link to download all the images or a certain image (optional).
 - **Allow public user to upload -** whether to allow whoever has the link to upload assets to the album (optional).
   :::info
-  whoever has the link and have uploaded files cannot delete them.
+  Whoever has the link and have uploaded files cannot delete them.
   :::
 - **Expire after -** adding an expiration date to the link (optional).
 
 ## Share Specific Assets
 
 A user can share specific assets without linking them to a specific album.
-in order to do so;
+In order to do this:
 
 1. Go to the timeline
 2. Select the assets (Shift can be used for multiple selection)
@@ -152,7 +152,7 @@ Some of the features are not available on mobile, to understand what the full fe
 
 ## Sharing Between Users
 
-#### Add or remove users from the album.
+#### Add or remove users from the album
 
 :::info remove user(s)
 When a user is removed from the album, the photos he uploaded will still appear in the album.

docs/docs/guides/database-queries.md

@@ -23,7 +23,7 @@ SELECT * FROM "assets" WHERE "originalFileName" LIKE '%_2023_%'; -- all files wi
 ```
 
 ```sql title="Find by path"
-SELECT * FROM "assets" WHERE "originalPath" = 'upload/library/admin/2023/2023-09-03/PXL_20230903_232542848.jpg';
+SELECT * FROM "assets" WHERE "originalPath" = 'upload/library/admin/2023/2023-09-03/PXL_2023.jpg';
 SELECT * FROM "assets" WHERE "originalPath" LIKE 'upload/library/admin/2023/%';
 ```
 
@@ -37,6 +37,12 @@ SELECT * FROM "assets" WHERE "checksum" = decode('69de19c87658c4c15d9cacb9967b8e
 SELECT * FROM "assets" WHERE "checksum" = '\x69de19c87658c4c15d9cacb9967b8e033bf74dd1'; -- alternate notation
 ```
 
+```sql title="Find duplicate assets with identical checksum (SHA-1) (excluding trashed files)"
+SELECT T1."checksum", array_agg(T2."id") ids FROM "assets" T1
+  INNER JOIN "assets" T2 ON T1."checksum" = T2."checksum" AND T1."id" != T2."id" AND T2."deletedAt" IS NULL
+  WHERE T1."deletedAt" IS NULL GROUP BY T1."checksum";
+```
+
 ```sql title="Live photos"
 SELECT * FROM "assets" WHERE "livePhotoVideoId" IS NOT NULL;
 ```
@@ -79,8 +85,7 @@ SELECT "assets"."type", COUNT(*) FROM "assets" GROUP BY "assets"."type";
 ```sql title="Count by type (per user)"
 SELECT "users"."email", "assets"."type", COUNT(*) FROM "assets"
   JOIN "users" ON "assets"."ownerId" = "users"."id"
-  GROUP BY "assets"."type", "users"."email"
-  ORDER BY "users"."email";
+  GROUP BY "assets"."type", "users"."email" ORDER BY "users"."email";
 ```
 
 ```sql title="Failed file movements"

docs/docs/guides/external-library.md

@@ -7,7 +7,7 @@ in a directory on the same machine.
 # Mount the directory into the containers.
 
 Edit `docker-compose.yml` to add one or more new mount points in the section `immich-server:` under `volumes:`.
-If you want Immich to be able to delete the images in the external library, remove `:ro` from the end of the mount point.
+If you want Immich to be able to delete the images in the external library or add metadata ([XMP sidecars](/docs/features/xmp-sidecars)), remove `:ro` from the end of the mount point.
 
 ```diff
 immich-server:

docs/docs/guides/remote-access.md

@@ -11,13 +11,13 @@ Never forward port 2283 directly to the internet without additional configuratio
 
 You may use a VPN service to open an encrypted connection to your Immich instance. OpenVPN and Wireguard are two popular VPN solutions. Here is a guide on setting up VPN access to your server - [Pihole documentation](https://docs.pi-hole.net/guides/vpn/wireguard/overview/)
 
-### Pros:
+### Pros
 
 - Simple to set up and very secure.
 - Single point of potential failure, i.e., the VPN software itself. Even if there is a zero-day vulnerability on Immich, you will not be at risk.
 - Both Wireguard and OpenVPN are independently security-audited, so the risk of serious zero-day exploits are minimal.
 
-### Cons:
+### Cons
 
 - If you don't have a static IP address, you would need to set up a [Dynamic DNS](https://www.cloudflare.com/learning/dns/glossary/dynamic-dns/). [DuckDNS](https://www.duckdns.org/) is a free DDNS provider.
 - VPN software needs to be installed and active on both server-side and client-side.
@@ -27,6 +27,10 @@ You may use a VPN service to open an encrypted connection to your Immich instanc
 
 If you are unable to open a port on your router for Wireguard or OpenVPN to your server, [Tailscale](https://tailscale.com/) is a good option. Tailscale mediates a peer-to-peer wireguard tunnel between your server and remote device, even if one or both of them are behind a [NAT firewall](https://en.wikipedia.org/wiki/Network_address_translation).
 
+:::tip Video tutorial
+You can learn how to set up Tailscale together with Immich with the [tutorial video](https://www.youtube.com/watch?v=Vt4PDUXB_fg) they created.
+:::
+
 ### Pros
 
 - Minimal configuration needed on server and client sides.
@@ -44,7 +48,7 @@ A reverse proxy is a service that sits between web servers and clients. A revers
 
 If you're hosting your own reverse proxy, [Nginx](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) is a great option. An example configuration for Nginx is provided [here](/docs/administration/reverse-proxy.md).
 
-You'll also need your own certificate to authenticate https connections. If you're making Immich publicly accesible, [Let's Encrypt](https://letsencrypt.org/) can provide a free certificate for your domain and is the recommended option. Alternatively, a [self-signed certificate](https://en.wikipedia.org/wiki/Self-signed_certificate) allows you to encrypt your connection to Immich, but it raises a security warning on the client's browser.
+You'll also need your own certificate to authenticate https connections. If you're making Immich publicly accessible, [Let's Encrypt](https://letsencrypt.org/) can provide a free certificate for your domain and is the recommended option. Alternatively, a [self-signed certificate](https://en.wikipedia.org/wiki/Self-signed_certificate) allows you to encrypt your connection to Immich, but it raises a security warning on the client's browser.
 
 A remote reverse proxy like [Cloudflare](https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/) increases security by hiding the server IP address, which makes targeted attacks like [DDoS](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/) harder.
 

docs/docs/guides/remote-machine-learning.md

@@ -11,6 +11,10 @@ To alleviate [performance issues on low-memory systems](/docs/FAQ.mdx#why-is-imm
 Smart Search and Face Detection will use this feature, but Facial Recognition is handled in the server.
 :::
 
+:::danger
+When using remote machine learning, the thumbnails are sent to the remote machine learning container. Use this option carefully when running this on a public computer or a paid processing cloud.
+:::
+
 ```yaml
 name: immich_remote_ml
 

docs/docs/guides/scaling-immich.md

@@ -0,0 +1,19 @@
+# Scaling Immich
+
+Immich is built with modern deployment practices in mind, and the backend is designed to be able to run multiple instances in parallel. When doing this, the only requirement you need to be aware of is that every instance needs to be connected to the shared infrastructure. That means they should all have access to the same Postgres and Redis instances, and have the same files mounted into the containers.
+
+Scaling can be useful for many reasons. Maybe you have a gaming PC that you want to use for transcoding and thumbnail generation, or perhaps you run a Kubernetes cluster across a handful of powerful servers that you want to make use of.
+
+:::info
+If you only have a single machine to run Immich on, scaling to multiple containers is unlikely to provide any benefit. An Immich container will run multiple background tasks at once, and you can increase their number from the admin panel.
+:::
+
+The details of how to scale across multiple machines will vary widely between different environments and require some knowledge to set up, and as such this guide gives no specific instructions. In some cases scaling up can be as easy as incrementing the amount of replicas on a Kubernetes deployment, in others it might need you to configure network tunnels or NFS mounts. The details are left as an exercise for the reader ;)
+
+## Workers
+
+By default, each running `immich-server` container comes with multiple internal workers. If you're scaling up only to handle more background tasks, you can choose to disable the worker responsible for the API. See [workers](../administration/jobs-workers.md) for more detail.
+
+## Scaling down
+
+In the same way you can scale up to multiple containers, you can also choose to scale down. All state is stored in Postgres, Redis, and the filesystem so there is no risk in stopping a running immich-server container, for example if you want to use your GPU to play some games. As long as there is an API worker running you will still be able to browse Immich, and jobs will wait to be processed until there is a worker available for them.

docs/docs/guides/template-backup-script.md

@@ -78,4 +78,4 @@ borg mount "$REMOTE_HOST:$REMOTE_BACKUP_PATH"/immich-borg /tmp/immich-mountpoint
 cd /tmp/immich-mountpoint
 ```
 
-You can find available snapshots in seperate sub-directories at `/tmp/immich-mountpoint`. Restore the files you need, and unmount the Borg repository using `borg umount /tmp/immich-mountpoint`
+You can find available snapshots in separate sub-directories at `/tmp/immich-mountpoint`. Restore the files you need, and unmount the Borg repository using `borg umount /tmp/immich-mountpoint`

docs/docs/install/docker-compose.mdx

@@ -58,6 +58,7 @@ Optionally, you can enable hardware acceleration for machine learning and transc
 - Populate `UPLOAD_LOCATION` with your preferred location for storing backup assets.
 - Consider changing `DB_PASSWORD` to a custom value. Postgres is not publically exposed, so this password is only used for local authentication.
   To avoid issues with Docker parsing this value, it is best to use only the characters `A-Za-z0-9`.
+- Set your timezone by uncommenting the `TZ=` line.
 
 ### Step 3 - Start the containers
 
@@ -80,6 +81,10 @@ The Compose file './docker-compose.yml' is invalid because:
 See the previous paragraph about installing from the official docker repository.
 :::
 
+:::info Health check start interval
+If you get an error `can't set healthcheck.start_interval as feature require Docker Engine v25 or later`, it helps to comment out the line for `start_interval` in the `database` section of the `docker-compose.yml` file.
+:::
+
 :::tip
 For more information on how to use the application, please refer to the [Post Installation](/docs/install/post-install.mdx) guide.
 :::
@@ -109,7 +114,7 @@ Immich is currently under heavy development, which means you can expect [breakin
 [compose-file]: https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
 [env-file]: https://github.com/immich-app/immich/releases/latest/download/example.env
 [watchtower]: https://containrrr.dev/watchtower/
-[breaking]: https://github.com/immich-app/immich/discussions?discussions_q=label%3Abreaking-change+sort%3Adate_created
+[breaking]: https://github.com/immich-app/immich/discussions?discussions_q=label%3Achangelog%3Abreaking-change+sort%3Adate_created
 [container-auth]: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry
 [releases]: https://github.com/immich-app/immich/releases
 [docker-repo]: https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository

docs/docs/install/environment-variables.md

@@ -27,23 +27,14 @@ If this should not work, try running `docker compose up -d --force-recreate`.
 These environment variables are used by the `docker-compose.yml` file and do **NOT** affect the containers directly.
 :::
 
-### Supported filesystems
-
-The Immich Postgres database (`DB_DATA_LOCATION`) must be located on a filesystem that supports user/group
-ownership and permissions (EXT2/3/4, ZFS, APFS, BTRFS, XFS, etc.). It will not work on any filesystem formatted in NTFS or ex/FAT/32.
-It will not work in WSL (Windows Subsystem for Linux) when using a mounted host directory (commonly under `/mnt`).
-If this is an issue, you can change the bind mount to a Docker volume instead.
-
-Regardless of filesystem, it is not recommended to use a network share for your database location due to performance and possible data loss issues.
-
 ## General
 
 | Variable                            | Description                                                                               |           Default            | Containers               | Workers            |
 | :---------------------------------- | :---------------------------------------------------------------------------------------- | :--------------------------: | :----------------------- | :----------------- |
-| `TZ`                                | Timezone                                                                                  |                              | server                   | microservices      |
+| `TZ`                                | Timezone                                                                                  |        <sup>\*1</sup>        | server                   | microservices      |
 | `IMMICH_ENV`                        | Environment (production, development)                                                     |         `production`         | server, machine learning | api, microservices |
 | `IMMICH_LOG_LEVEL`                  | Log Level (verbose, debug, log, warn, error)                                              |            `log`             | server, machine learning | api, microservices |
-| `IMMICH_MEDIA_LOCATION`             | Media Location inside the container ⚠️**You probably shouldn't set this**<sup>\*1</sup>⚠️ |   `./upload`<sup>\*2</sup>   | server                   | api, microservices |
+| `IMMICH_MEDIA_LOCATION`             | Media Location inside the container ⚠️**You probably shouldn't set this**<sup>\*2</sup>⚠️ |   `./upload`<sup>\*3</sup>   | server                   | api, microservices |
 | `IMMICH_CONFIG_FILE`                | Path to config file                                                                       |                              | server                   | api, microservices |
 | `NO_COLOR`                          | Set to `true` to disable color-coded log output                                           |           `false`            | server, machine learning |                    |
 | `CPU_CORES`                         | Amount of cores available to the immich server                                            | auto-detected cpu core count | server                   |                    |
@@ -52,16 +43,13 @@ Regardless of filesystem, it is not recommended to use a network share for your
 | `IMMICH_PROCESS_INVALID_IMAGES`     | When `true`, generate thumbnails for invalid images                                       |                              | server                   | microservices      |
 | `IMMICH_TRUSTED_PROXIES`            | List of comma separated IPs set as trusted proxies                                        |                              | server                   | api                |
 
-\*1: This path is where the Immich code looks for the files, which is internal to the docker container. Setting it to a path on your host will certainly break things, you should use the `UPLOAD_LOCATION` variable instead.
-
-\*2: With the default `WORKDIR` of `/usr/src/app`, this path will resolve to `/usr/src/app/upload`.
-It only need to be set if the Immich deployment method is changing.
-
-:::tip
-`TZ` should be set to a `TZ identifier` from [this list][tz-list]. For example, `TZ="Etc/UTC"`.
-
+\*1: `TZ` should be set to a `TZ identifier` from [this list][tz-list]. For example, `TZ="Etc/UTC"`.
 `TZ` is used by `exiftool` as a fallback in case the timezone cannot be determined from the image metadata. It is also used for logfile timestamps and cron job execution.
-:::
+
+\*2: This path is where the Immich code looks for the files, which is internal to the docker container. Setting it to a path on your host will certainly break things, you should use the `UPLOAD_LOCATION` variable instead.
+
+\*3: With the default `WORKDIR` of `/usr/src/app`, this path will resolve to `/usr/src/app/upload`.
+It only need to be set if the Immich deployment method is changing.
 
 ## Workers
 
@@ -125,7 +113,7 @@ When `DB_URL` is defined, the `DB_HOSTNAME`, `DB_PORT`, `DB_USERNAME`, `DB_PASSW
 All `REDIS_` variables must be provided to all Immich workers, including `api` and `microservices`.
 
 `REDIS_URL` must start with `ioredis://` and then include a `base64` encoded JSON string for the configuration.
-More info can be found in the upstream [ioredis][redis-api] documentation.
+More info can be found in the upstream [ioredis] documentation.
 
 When `REDIS_URL` or `REDIS_SOCKET` are defined, the `REDIS_HOSTNAME`, `REDIS_PORT`, `REDIS_USERNAME`, `REDIS_PASSWORD`, and `REDIS_DBINDEX` variables are ignored.
 :::
@@ -159,26 +147,29 @@ Redis (Sentinel) URL example JSON before encoding:
 
 ## Machine Learning
 
-| Variable                                         | Description                                                                                         |                Default                | Containers       |
-| :----------------------------------------------- | :-------------------------------------------------------------------------------------------------- | :-----------------------------------: | :--------------- |
-| `MACHINE_LEARNING_MODEL_TTL`                     | Inactivity time (s) before a model is unloaded (disabled if \<= 0)                                  |                 `300`                 | machine learning |
-| `MACHINE_LEARNING_MODEL_TTL_POLL_S`              | Interval (s) between checks for the model TTL (disabled if \<= 0)                                   |                 `10`                  | machine learning |
-| `MACHINE_LEARNING_CACHE_FOLDER`                  | Directory where models are downloaded                                                               |               `/cache`                | machine learning |
-| `MACHINE_LEARNING_REQUEST_THREADS`<sup>\*1</sup> | Thread count of the request thread pool (disabled if \<= 0)                                         |          number of CPU cores          | machine learning |
-| `MACHINE_LEARNING_MODEL_INTER_OP_THREADS`        | Number of parallel model operations                                                                 |                  `1`                  | machine learning |
-| `MACHINE_LEARNING_MODEL_INTRA_OP_THREADS`        | Number of threads for each model operation                                                          |                  `2`                  | machine learning |
-| `MACHINE_LEARNING_WORKERS`<sup>\*2</sup>         | Number of worker processes to spawn                                                                 |                  `1`                  | machine learning |
-| `MACHINE_LEARNING_WORKER_TIMEOUT`                | Maximum time (s) of unresponsiveness before a worker is killed                                      | `120` (`300` if using OpenVINO image) | machine learning |
-| `MACHINE_LEARNING_PRELOAD__CLIP`                 | Name of a CLIP model to be preloaded and kept in cache                                              |                                       | machine learning |
-| `MACHINE_LEARNING_PRELOAD__FACIAL_RECOGNITION`   | Name of a facial recognition model to be preloaded and kept in cache                                |                                       | machine learning |
-| `MACHINE_LEARNING_ANN`                           | Enable ARM-NN hardware acceleration if supported                                                    |                `True`                 | machine learning |
-| `MACHINE_LEARNING_ANN_FP16_TURBO`                | Execute operations in FP16 precision: increasing speed, reducing precision (applies only to ARM-NN) |                `False`                | machine learning |
-| `MACHINE_LEARNING_ANN_TUNING_LEVEL`              | ARM-NN GPU tuning level (1: rapid, 2: normal, 3: exhaustive)                                        |                  `2`                  | machine learning |
+| Variable                                                  | Description                                                                                         |                Default                | Containers       |
+| :-------------------------------------------------------- | :-------------------------------------------------------------------------------------------------- | :-----------------------------------: | :--------------- |
+| `MACHINE_LEARNING_MODEL_TTL`                              | Inactivity time (s) before a model is unloaded (disabled if \<= 0)                                  |                 `300`                 | machine learning |
+| `MACHINE_LEARNING_MODEL_TTL_POLL_S`                       | Interval (s) between checks for the model TTL (disabled if \<= 0)                                   |                 `10`                  | machine learning |
+| `MACHINE_LEARNING_CACHE_FOLDER`                           | Directory where models are downloaded                                                               |               `/cache`                | machine learning |
+| `MACHINE_LEARNING_REQUEST_THREADS`<sup>\*1</sup>          | Thread count of the request thread pool (disabled if \<= 0)                                         |          number of CPU cores          | machine learning |
+| `MACHINE_LEARNING_MODEL_INTER_OP_THREADS`                 | Number of parallel model operations                                                                 |                  `1`                  | machine learning |
+| `MACHINE_LEARNING_MODEL_INTRA_OP_THREADS`                 | Number of threads for each model operation                                                          |                  `2`                  | machine learning |
+| `MACHINE_LEARNING_WORKERS`<sup>\*2</sup>                  | Number of worker processes to spawn                                                                 |                  `1`                  | machine learning |
+| `MACHINE_LEARNING_HTTP_KEEPALIVE_TIMEOUT_S`<sup>\*3</sup> | HTTP Keep-alive time in seconds                                                                     |                  `2`                  | machine learning |
+| `MACHINE_LEARNING_WORKER_TIMEOUT`                         | Maximum time (s) of unresponsiveness before a worker is killed                                      | `120` (`300` if using OpenVINO image) | machine learning |
+| `MACHINE_LEARNING_PRELOAD__CLIP`                          | Name of a CLIP model to be preloaded and kept in cache                                              |                                       | machine learning |
+| `MACHINE_LEARNING_PRELOAD__FACIAL_RECOGNITION`            | Name of a facial recognition model to be preloaded and kept in cache                                |                                       | machine learning |
+| `MACHINE_LEARNING_ANN`                                    | Enable ARM-NN hardware acceleration if supported                                                    |                `True`                 | machine learning |
+| `MACHINE_LEARNING_ANN_FP16_TURBO`                         | Execute operations in FP16 precision: increasing speed, reducing precision (applies only to ARM-NN) |                `False`                | machine learning |
+| `MACHINE_LEARNING_ANN_TUNING_LEVEL`                       | ARM-NN GPU tuning level (1: rapid, 2: normal, 3: exhaustive)                                        |                  `2`                  | machine learning |
 
 \*1: It is recommended to begin with this parameter when changing the concurrency levels of the machine learning service and then tune the other ones.
 
 \*2: Since each process duplicates models in memory, changing this is not recommended unless you have abundant memory to go around.
 
+\*3: For scenarios like HPA in K8S. https://github.com/immich-app/immich/discussions/12064
+
 :::info
 
 Other machine learning parameters can be tuned from the admin UI.
@@ -223,4 +214,4 @@ to use use a Docker secret for the password in the Redis container.
 [docker-secrets-example]: https://github.com/docker-library/redis/issues/46#issuecomment-335326234
 [docker-secrets-docs]: https://github.com/docker-library/docs/tree/master/postgres#docker-secrets
 [docker-secrets]: https://docs.docker.com/engine/swarm/secrets/
-[redis-api]: https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository
+[ioredis]: https://ioredis.readthedocs.io/en/latest/README/#connect-to-redis

docs/docs/install/post-install.mdx

@@ -8,6 +8,7 @@ import StorageTemplate from '/docs/partials/_storage-template.md';
 import MobileAppDownload from '/docs/partials/_mobile-app-download.md';
 import MobileAppLogin from '/docs/partials/_mobile-app-login.md';
 import MobileAppBackup from '/docs/partials/_mobile-app-backup.md';
+import ServerBackup from '/docs/partials/_server-backup.md';
 
 # Post Install Steps
 
@@ -33,6 +34,10 @@ A list of common steps to take after installing Immich include:
 
 <MobileAppLogin />
 
-## Step 6 - Backup Your Library
+## Step 6 - Upload Your Library
 
 <MobileAppBackup />
+
+## Step 7 - Setup Server Backups
+
+<ServerBackup />

docs/docs/install/requirements.md

@@ -4,7 +4,7 @@ sidebar_position: 10
 
 # Requirements
 
-Hardware and software requirements for Immich
+Hardware and software requirements for Immich:
 
 ## Software
 
@@ -23,7 +23,33 @@ Immich requires the command `docker compose` - the similarly named `docker-compo
 - **RAM**: Minimum 4GB, recommended 6GB.
 - **CPU**: Minimum 2 cores, recommended 4 cores.
 - **Storage**: Recommended Unix-compatible filesystem (EXT4, ZFS, APFS, etc.) with support for user/group ownership and permissions.
-  - This can present an issue for Windows users. See [here](/docs/install/environment-variables#supported-filesystems)
-    for more details and alternatives.
+  - This can present an issue for Windows users. See below for details and an alternative setup.
   - The generation of thumbnails and transcoded video can increase the size of the photo library by 10-20% on average.
-  - Network shares are supported for the storage of image and video assets only.
+  - Network shares are supported for the storage of image and video assets only. It is not recommended to use a network share for your database location due to performance and possible data loss issues.
+
+### Special requirements for Windows users
+
+<details>
+<summary>Database storage on Windows systems</summary>
+  
+The Immich Postgres database (`DB_DATA_LOCATION`) must be located on a filesystem that supports user/group
+ownership and permissions (EXT2/3/4, ZFS, APFS, BTRFS, XFS, etc.). It will not work on any filesystem formatted in NTFS or ex/FAT/32.
+It will not work in WSL (Windows Subsystem for Linux) when using a mounted host directory (commonly under `/mnt`).
+If this is an issue, you can change the bind mount to a Docker volume instead as follows:
+
+Make the following change to `.env`:
+
+```diff
+- DB_DATA_LOCATION=./postgres
++ DB_DATA_LOCATION=pgdata
+```
+
+Add the following line to the bottom of `docker-compose.yml`:
+
+```diff
+volumes:
+  model-cache:
++ pgdata:
+```
+
+</details>

docs/docs/install/unraid.md

@@ -45,7 +45,7 @@ width="70%"
 alt="Select Plugins > Compose.Manager > Add New Stack > Label it Immich"
 />
 
-3.  Select the cog ⚙️ next to Immich then click "**Edit Stack**"
+3.  Select the cogwheel ⚙️ next to Immich and click "**Edit Stack**"
 4.  Click "**Compose File**" and then paste the entire contents of the [Immich Docker Compose](https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml) file into the Unraid editor. Remove any text that may be in the text area by default. Note that Unraid v6.12.10 uses version 24.0.9 of the Docker Engine, which does not support healthcheck `start_interval` as defined in the `database` service of the Docker compose file (version 25 or higher is needed). This parameter defines an initial waiting period before starting health checks, to give the container time to start up. Commenting out the `start_interval` and `start_period` parameters will allow the containers to start up normally. The only downside to this is that the database container will not receive an initial health check until `interval` time has passed.
 
     <details >
@@ -130,7 +130,7 @@ For more information on how to use the application once installed, please refer
 
 ## Updating Steps
 
-Updating is extremely easy however it's important to be aware that containers managed via the Docker Compose Manager plugin do not integrate with Unraid's native dockerman ui, the label "_update ready_" will always be present on containers installed via the Docker Compose Manager.
+Updating is extremely easy however it's important to be aware that containers managed via the Docker Compose Manager plugin do not integrate with Unraid's native dockerman UI, the label "_update ready_" will always be present on containers installed via the Docker Compose Manager.
 
 <img
 src={require('./img/unraid09.png').default}

docs/docs/partials/_server-backup.md

@@ -0,0 +1,2 @@
+Now that you have imported some pictures, you should setup server backups to preserve your memories.
+You can do so by following our [backup guide](/docs/administration/backup-and-restore.md).

docs/docs/partials/_storage-template.md

@@ -27,3 +27,9 @@ If an asset is in multiple albums, `{{album}}` will be set to the name of the al
 :::
 
 Immich also provides a mechanism to migrate between templates so that if the template you set now doesn't work in the future, you can always migrate all the existing files to the new template. The mechanism is run as a job on the Job page.
+
+If you want to store assets in album folders, but you also have assets that do not belong to any album, you can use `{{#if album}}`, `{{else}}` and `{{/if}}` to create a conditional statement. For example, the following template will store assets in album folders if they belong to an album, and in a folder named "Other/Month" if they do not belong to an album:
+
+```
+{{y}}/{{#if album}}{{album}}{{else}}Other/{{MM}}{{/if}}/{{filename}}
+```

docs/package-lock.json

@@ -2155,9 +2155,9 @@
       }
     },
     "node_modules/@docusaurus/core": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/core/-/core-3.4.0.tgz",
-      "integrity": "sha512-g+0wwmN2UJsBqy2fQRQ6fhXruoEa62JDeEa5d8IdTJlMoaDaEDfHh7WjwGRn4opuTQWpjAwP/fbcgyHKlE+64w==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/core/-/core-3.5.2.tgz",
+      "integrity": "sha512-4Z1WkhCSkX4KO0Fw5m/Vuc7Q3NxBG53NE5u59Rs96fWkMPZVSrzEPP16/Nk6cWb/shK7xXPndTmalJtw7twL/w==",
       "license": "MIT",
       "dependencies": {
         "@babel/core": "^7.23.3",
@@ -2170,12 +2170,12 @@
         "@babel/runtime": "^7.22.6",
         "@babel/runtime-corejs3": "^7.22.6",
         "@babel/traverse": "^7.22.8",
-        "@docusaurus/cssnano-preset": "3.4.0",
-        "@docusaurus/logger": "3.4.0",
-        "@docusaurus/mdx-loader": "3.4.0",
-        "@docusaurus/utils": "3.4.0",
-        "@docusaurus/utils-common": "3.4.0",
-        "@docusaurus/utils-validation": "3.4.0",
+        "@docusaurus/cssnano-preset": "3.5.2",
+        "@docusaurus/logger": "3.5.2",
+        "@docusaurus/mdx-loader": "3.5.2",
+        "@docusaurus/utils": "3.5.2",
+        "@docusaurus/utils-common": "3.5.2",
+        "@docusaurus/utils-validation": "3.5.2",
         "autoprefixer": "^10.4.14",
         "babel-loader": "^9.1.3",
         "babel-plugin-dynamic-import-node": "^2.3.3",
@@ -2236,14 +2236,15 @@
         "node": ">=18.0"
       },
       "peerDependencies": {
+        "@mdx-js/react": "^3.0.0",
         "react": "^18.0.0",
         "react-dom": "^18.0.0"
       }
     },
     "node_modules/@docusaurus/cssnano-preset": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/cssnano-preset/-/cssnano-preset-3.4.0.tgz",
-      "integrity": "sha512-qwLFSz6v/pZHy/UP32IrprmH5ORce86BGtN0eBtG75PpzQJAzp9gefspox+s8IEOr0oZKuQ/nhzZ3xwyc3jYJQ==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/cssnano-preset/-/cssnano-preset-3.5.2.tgz",
+      "integrity": "sha512-D3KiQXOMA8+O0tqORBrTOEQyQxNIfPm9jEaJoALjjSjc2M/ZAWcUfPQEnwr2JB2TadHw2gqWgpZckQmrVWkytA==",
       "license": "MIT",
       "dependencies": {
         "cssnano-preset-advanced": "^6.1.2",
@@ -2256,9 +2257,9 @@
       }
     },
     "node_modules/@docusaurus/logger": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/logger/-/logger-3.4.0.tgz",
-      "integrity": "sha512-bZwkX+9SJ8lB9kVRkXw+xvHYSMGG4bpYHKGXeXFvyVc79NMeeBSGgzd4TQLHH+DYeOJoCdl8flrFJVxlZ0wo/Q==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/logger/-/logger-3.5.2.tgz",
+      "integrity": "sha512-LHC540SGkeLfyT3RHK3gAMK6aS5TRqOD4R72BEU/DE2M/TY8WwEUAMY576UUc/oNJXv8pGhBmQB6N9p3pt8LQw==",
       "license": "MIT",
       "dependencies": {
         "chalk": "^4.1.2",
@@ -2269,14 +2270,14 @@
       }
     },
     "node_modules/@docusaurus/mdx-loader": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.4.0.tgz",
-      "integrity": "sha512-kSSbrrk4nTjf4d+wtBA9H+FGauf2gCax89kV8SUSJu3qaTdSIKdWERlngsiHaCFgZ7laTJ8a67UFf+xlFPtuTw==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.5.2.tgz",
+      "integrity": "sha512-ku3xO9vZdwpiMIVd8BzWV0DCqGEbCP5zs1iHfKX50vw6jX8vQo0ylYo1YJMZyz6e+JFJ17HYHT5FzVidz2IflA==",
       "license": "MIT",
       "dependencies": {
-        "@docusaurus/logger": "3.4.0",
-        "@docusaurus/utils": "3.4.0",
-        "@docusaurus/utils-validation": "3.4.0",
+        "@docusaurus/logger": "3.5.2",
+        "@docusaurus/utils": "3.5.2",
+        "@docusaurus/utils-validation": "3.5.2",
         "@mdx-js/mdx": "^3.0.0",
         "@slorber/remark-comment": "^1.0.0",
         "escape-html": "^1.0.3",
@@ -2308,12 +2309,12 @@
       }
     },
     "node_modules/@docusaurus/module-type-aliases": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/module-type-aliases/-/module-type-aliases-3.4.0.tgz",
-      "integrity": "sha512-A1AyS8WF5Bkjnb8s+guTDuYmUiwJzNrtchebBHpc0gz0PyHJNMaybUlSrmJjHVcGrya0LKI4YcR3lBDQfXRYLw==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/module-type-aliases/-/module-type-aliases-3.5.2.tgz",
+      "integrity": "sha512-Z+Xu3+2rvKef/YKTMxZHsEXp1y92ac0ngjDiExRdqGTmEKtCUpkbNYH8v5eXo5Ls+dnW88n6WTa+Q54kLOkwPg==",
       "license": "MIT",
       "dependencies": {
-        "@docusaurus/types": "3.4.0",
+        "@docusaurus/types": "3.5.2",
         "@types/history": "^4.7.11",
         "@types/react": "*",
         "@types/react-router-config": "*",
@@ -2326,52 +2327,21 @@
         "react-dom": "*"
       }
     },
-    "node_modules/@docusaurus/plugin-content-blog": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.4.0.tgz",
-      "integrity": "sha512-vv6ZAj78ibR5Jh7XBUT4ndIjmlAxkijM3Sx5MAAzC1gyv0vupDQNhzuFg1USQmQVj3P5I6bquk12etPV3LJ+Xw==",
-      "license": "MIT",
-      "dependencies": {
-        "@docusaurus/core": "3.4.0",
-        "@docusaurus/logger": "3.4.0",
-        "@docusaurus/mdx-loader": "3.4.0",
-        "@docusaurus/types": "3.4.0",
-        "@docusaurus/utils": "3.4.0",
-        "@docusaurus/utils-common": "3.4.0",
-        "@docusaurus/utils-validation": "3.4.0",
-        "cheerio": "^1.0.0-rc.12",
-        "feed": "^4.2.2",
-        "fs-extra": "^11.1.1",
-        "lodash": "^4.17.21",
-        "reading-time": "^1.5.0",
-        "srcset": "^4.0.0",
-        "tslib": "^2.6.0",
-        "unist-util-visit": "^5.0.0",
-        "utility-types": "^3.10.0",
-        "webpack": "^5.88.1"
-      },
-      "engines": {
-        "node": ">=18.0"
-      },
-      "peerDependencies": {
-        "react": "^18.0.0",
-        "react-dom": "^18.0.0"
-      }
-    },
     "node_modules/@docusaurus/plugin-content-docs": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.4.0.tgz",
-      "integrity": "sha512-HkUCZffhBo7ocYheD9oZvMcDloRnGhBMOZRyVcAQRFmZPmNqSyISlXA1tQCIxW+r478fty97XXAGjNYzBjpCsg==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.5.2.tgz",
+      "integrity": "sha512-Bt+OXn/CPtVqM3Di44vHjE7rPCEsRCB/DMo2qoOuozB9f7+lsdrHvD0QCHdBs0uhz6deYJDppAr2VgqybKPlVQ==",
       "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.4.0",
-        "@docusaurus/logger": "3.4.0",
-        "@docusaurus/mdx-loader": "3.4.0",
-        "@docusaurus/module-type-aliases": "3.4.0",
-        "@docusaurus/types": "3.4.0",
-        "@docusaurus/utils": "3.4.0",
-        "@docusaurus/utils-common": "3.4.0",
-        "@docusaurus/utils-validation": "3.4.0",
+        "@docusaurus/core": "3.5.2",
+        "@docusaurus/logger": "3.5.2",
+        "@docusaurus/mdx-loader": "3.5.2",
+        "@docusaurus/module-type-aliases": "3.5.2",
+        "@docusaurus/theme-common": "3.5.2",
+        "@docusaurus/types": "3.5.2",
+        "@docusaurus/utils": "3.5.2",
+        "@docusaurus/utils-common": "3.5.2",
+        "@docusaurus/utils-validation": "3.5.2",
         "@types/react-router-config": "^5.0.7",
         "combine-promises": "^1.1.0",
         "fs-extra": "^11.1.1",
@@ -2389,38 +2359,15 @@
         "react-dom": "^18.0.0"
       }
     },
-    "node_modules/@docusaurus/plugin-content-pages": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.4.0.tgz",
-      "integrity": "sha512-h2+VN/0JjpR8fIkDEAoadNjfR3oLzB+v1qSXbIAKjQ46JAHx3X22n9nqS+BWSQnTnp1AjkjSvZyJMekmcwxzxg==",
-      "license": "MIT",
-      "dependencies": {
-        "@docusaurus/core": "3.4.0",
-        "@docusaurus/mdx-loader": "3.4.0",
-        "@docusaurus/types": "3.4.0",
-        "@docusaurus/utils": "3.4.0",
-        "@docusaurus/utils-validation": "3.4.0",
-        "fs-extra": "^11.1.1",
-        "tslib": "^2.6.0",
-        "webpack": "^5.88.1"
-      },
-      "engines": {
-        "node": ">=18.0"
-      },
-      "peerDependencies": {
-        "react": "^18.0.0",
-        "react-dom": "^18.0.0"
-      }
-    },
     "node_modules/@docusaurus/plugin-debug": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-debug/-/plugin-debug-3.4.0.tgz",
-      "integrity": "sha512-uV7FDUNXGyDSD3PwUaf5YijX91T5/H9SX4ErEcshzwgzWwBtK37nUWPU3ZLJfeTavX3fycTOqk9TglpOLaWkCg==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-debug/-/plugin-debug-3.5.2.tgz",
+      "integrity": "sha512-kBK6GlN0itCkrmHuCS6aX1wmoWc5wpd5KJlqQ1FyrF0cLDnvsYSnh7+ftdwzt7G6lGBho8lrVwkkL9/iQvaSOA==",
       "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.4.0",
-        "@docusaurus/types": "3.4.0",
-        "@docusaurus/utils": "3.4.0",
+        "@docusaurus/core": "3.5.2",
+        "@docusaurus/types": "3.5.2",
+        "@docusaurus/utils": "3.5.2",
         "fs-extra": "^11.1.1",
         "react-json-view-lite": "^1.2.0",
         "tslib": "^2.6.0"
@@ -2434,14 +2381,14 @@
       }
     },
     "node_modules/@docusaurus/plugin-google-analytics": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.4.0.tgz",
-      "integrity": "sha512-mCArluxEGi3cmYHqsgpGGt3IyLCrFBxPsxNZ56Mpur0xSlInnIHoeLDH7FvVVcPJRPSQ9/MfRqLsainRw+BojA==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.5.2.tgz",
+      "integrity": "sha512-rjEkJH/tJ8OXRE9bwhV2mb/WP93V441rD6XnM6MIluu7rk8qg38iSxS43ga2V2Q/2ib53PcqbDEJDG/yWQRJhQ==",
       "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.4.0",
-        "@docusaurus/types": "3.4.0",
-        "@docusaurus/utils-validation": "3.4.0",
+        "@docusaurus/core": "3.5.2",
+        "@docusaurus/types": "3.5.2",
+        "@docusaurus/utils-validation": "3.5.2",
         "tslib": "^2.6.0"
       },
       "engines": {
@@ -2453,14 +2400,14 @@
       }
     },
     "node_modules/@docusaurus/plugin-google-gtag": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.4.0.tgz",
-      "integrity": "sha512-Dsgg6PLAqzZw5wZ4QjUYc8Z2KqJqXxHxq3vIoyoBWiLEEfigIs7wHR+oiWUQy3Zk9MIk6JTYj7tMoQU0Jm3nqA==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.5.2.tgz",
+      "integrity": "sha512-lm8XL3xLkTPHFKKjLjEEAHUrW0SZBSHBE1I+i/tmYMBsjCcUB5UJ52geS5PSiOCFVR74tbPGcPHEV/gaaxFeSA==",
       "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.4.0",
-        "@docusaurus/types": "3.4.0",
-        "@docusaurus/utils-validation": "3.4.0",
+        "@docusaurus/core": "3.5.2",
+        "@docusaurus/types": "3.5.2",
+        "@docusaurus/utils-validation": "3.5.2",
         "@types/gtag.js": "^0.0.12",
         "tslib": "^2.6.0"
       },
@@ -2473,14 +2420,14 @@
       }
     },
     "node_modules/@docusaurus/plugin-google-tag-manager": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.4.0.tgz",
-      "integrity": "sha512-O9tX1BTwxIhgXpOLpFDueYA9DWk69WCbDRrjYoMQtFHSkTyE7RhNgyjSPREUWJb9i+YUg3OrsvrBYRl64FCPCQ==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.5.2.tgz",
+      "integrity": "sha512-QkpX68PMOMu10Mvgvr5CfZAzZQFx8WLlOiUQ/Qmmcl6mjGK6H21WLT5x7xDmcpCoKA/3CegsqIqBR+nA137lQg==",
       "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.4.0",
-        "@docusaurus/types": "3.4.0",
-        "@docusaurus/utils-validation": "3.4.0",
+        "@docusaurus/core": "3.5.2",
+        "@docusaurus/types": "3.5.2",
+        "@docusaurus/utils-validation": "3.5.2",
         "tslib": "^2.6.0"
       },
       "engines": {
@@ -2492,17 +2439,17 @@
       }
     },
     "node_modules/@docusaurus/plugin-sitemap": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.4.0.tgz",
-      "integrity": "sha512-+0VDvx9SmNrFNgwPoeoCha+tRoAjopwT0+pYO1xAbyLcewXSemq+eLxEa46Q1/aoOaJQ0qqHELuQM7iS2gp33Q==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.5.2.tgz",
+      "integrity": "sha512-DnlqYyRAdQ4NHY28TfHuVk414ft2uruP4QWCH//jzpHjqvKyXjj2fmDtI8RPUBh9K8iZKFMHRnLtzJKySPWvFA==",
       "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.4.0",
-        "@docusaurus/logger": "3.4.0",
-        "@docusaurus/types": "3.4.0",
-        "@docusaurus/utils": "3.4.0",
-        "@docusaurus/utils-common": "3.4.0",
-        "@docusaurus/utils-validation": "3.4.0",
+        "@docusaurus/core": "3.5.2",
+        "@docusaurus/logger": "3.5.2",
+        "@docusaurus/types": "3.5.2",
+        "@docusaurus/utils": "3.5.2",
+        "@docusaurus/utils-common": "3.5.2",
+        "@docusaurus/utils-validation": "3.5.2",
         "fs-extra": "^11.1.1",
         "sitemap": "^7.1.1",
         "tslib": "^2.6.0"
@@ -2516,24 +2463,81 @@
       }
     },
     "node_modules/@docusaurus/preset-classic": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/preset-classic/-/preset-classic-3.4.0.tgz",
-      "integrity": "sha512-Ohj6KB7siKqZaQhNJVMBBUzT3Nnp6eTKqO+FXO3qu/n1hJl3YLwVKTWBg28LF7MWrKu46UuYavwMRxud0VyqHg==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/preset-classic/-/preset-classic-3.5.2.tgz",
+      "integrity": "sha512-3ihfXQ95aOHiLB5uCu+9PRy2gZCeSZoDcqpnDvf3B+sTrMvMTr8qRUzBvWkoIqc82yG5prCboRjk1SVILKx6sg==",
       "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.4.0",
-        "@docusaurus/plugin-content-blog": "3.4.0",
-        "@docusaurus/plugin-content-docs": "3.4.0",
-        "@docusaurus/plugin-content-pages": "3.4.0",
-        "@docusaurus/plugin-debug": "3.4.0",
-        "@docusaurus/plugin-google-analytics": "3.4.0",
-        "@docusaurus/plugin-google-gtag": "3.4.0",
-        "@docusaurus/plugin-google-tag-manager": "3.4.0",
-        "@docusaurus/plugin-sitemap": "3.4.0",
-        "@docusaurus/theme-classic": "3.4.0",
-        "@docusaurus/theme-common": "3.4.0",
-        "@docusaurus/theme-search-algolia": "3.4.0",
-        "@docusaurus/types": "3.4.0"
+        "@docusaurus/core": "3.5.2",
+        "@docusaurus/plugin-content-blog": "3.5.2",
+        "@docusaurus/plugin-content-docs": "3.5.2",
+        "@docusaurus/plugin-content-pages": "3.5.2",
+        "@docusaurus/plugin-debug": "3.5.2",
+        "@docusaurus/plugin-google-analytics": "3.5.2",
+        "@docusaurus/plugin-google-gtag": "3.5.2",
+        "@docusaurus/plugin-google-tag-manager": "3.5.2",
+        "@docusaurus/plugin-sitemap": "3.5.2",
+        "@docusaurus/theme-classic": "3.5.2",
+        "@docusaurus/theme-common": "3.5.2",
+        "@docusaurus/theme-search-algolia": "3.5.2",
+        "@docusaurus/types": "3.5.2"
+      },
+      "engines": {
+        "node": ">=18.0"
+      },
+      "peerDependencies": {
+        "react": "^18.0.0",
+        "react-dom": "^18.0.0"
+      }
+    },
+    "node_modules/@docusaurus/preset-classic/node_modules/@docusaurus/plugin-content-blog": {
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.5.2.tgz",
+      "integrity": "sha512-R7ghWnMvjSf+aeNDH0K4fjyQnt5L0KzUEnUhmf1e3jZrv3wogeytZNN6n7X8yHcMsuZHPOrctQhXWnmxu+IRRg==",
+      "license": "MIT",
+      "dependencies": {
+        "@docusaurus/core": "3.5.2",
+        "@docusaurus/logger": "3.5.2",
+        "@docusaurus/mdx-loader": "3.5.2",
+        "@docusaurus/theme-common": "3.5.2",
+        "@docusaurus/types": "3.5.2",
+        "@docusaurus/utils": "3.5.2",
+        "@docusaurus/utils-common": "3.5.2",
+        "@docusaurus/utils-validation": "3.5.2",
+        "cheerio": "1.0.0-rc.12",
+        "feed": "^4.2.2",
+        "fs-extra": "^11.1.1",
+        "lodash": "^4.17.21",
+        "reading-time": "^1.5.0",
+        "srcset": "^4.0.0",
+        "tslib": "^2.6.0",
+        "unist-util-visit": "^5.0.0",
+        "utility-types": "^3.10.0",
+        "webpack": "^5.88.1"
+      },
+      "engines": {
+        "node": ">=18.0"
+      },
+      "peerDependencies": {
+        "@docusaurus/plugin-content-docs": "*",
+        "react": "^18.0.0",
+        "react-dom": "^18.0.0"
+      }
+    },
+    "node_modules/@docusaurus/preset-classic/node_modules/@docusaurus/plugin-content-pages": {
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.5.2.tgz",
+      "integrity": "sha512-WzhHjNpoQAUz/ueO10cnundRz+VUtkjFhhaQ9jApyv1a46FPURO4cef89pyNIOMny1fjDz/NUN2z6Yi+5WUrCw==",
+      "license": "MIT",
+      "dependencies": {
+        "@docusaurus/core": "3.5.2",
+        "@docusaurus/mdx-loader": "3.5.2",
+        "@docusaurus/types": "3.5.2",
+        "@docusaurus/utils": "3.5.2",
+        "@docusaurus/utils-validation": "3.5.2",
+        "fs-extra": "^11.1.1",
+        "tslib": "^2.6.0",
+        "webpack": "^5.88.1"
       },
       "engines": {
         "node": ">=18.0"
@@ -2544,27 +2548,27 @@
       }
     },
     "node_modules/@docusaurus/theme-classic": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/theme-classic/-/theme-classic-3.4.0.tgz",
-      "integrity": "sha512-0IPtmxsBYv2adr1GnZRdMkEQt1YW6tpzrUPj02YxNpvJ5+ju4E13J5tB4nfdaen/tfR1hmpSPlTFPvTf4kwy8Q==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/theme-classic/-/theme-classic-3.5.2.tgz",
+      "integrity": "sha512-XRpinSix3NBv95Rk7xeMF9k4safMkwnpSgThn0UNQNumKvmcIYjfkwfh2BhwYh/BxMXQHJ/PdmNh22TQFpIaYg==",
       "license": "MIT",
       "dependencies": {
-        "@docusaurus/core": "3.4.0",
-        "@docusaurus/mdx-loader": "3.4.0",
-        "@docusaurus/module-type-aliases": "3.4.0",
-        "@docusaurus/plugin-content-blog": "3.4.0",
-        "@docusaurus/plugin-content-docs": "3.4.0",
-        "@docusaurus/plugin-content-pages": "3.4.0",
-        "@docusaurus/theme-common": "3.4.0",
-        "@docusaurus/theme-translations": "3.4.0",
-        "@docusaurus/types": "3.4.0",
-        "@docusaurus/utils": "3.4.0",
-        "@docusaurus/utils-common": "3.4.0",
-        "@docusaurus/utils-validation": "3.4.0",
+        "@docusaurus/core": "3.5.2",
+        "@docusaurus/mdx-loader": "3.5.2",
+        "@docusaurus/module-type-aliases": "3.5.2",
+        "@docusaurus/plugin-content-blog": "3.5.2",
+        "@docusaurus/plugin-content-docs": "3.5.2",
+        "@docusaurus/plugin-content-pages": "3.5.2",
+        "@docusaurus/theme-common": "3.5.2",
+        "@docusaurus/theme-translations": "3.5.2",
+        "@docusaurus/types": "3.5.2",
+        "@docusaurus/utils": "3.5.2",
+        "@docusaurus/utils-common": "3.5.2",
+        "@docusaurus/utils-validation": "3.5.2",
         "@mdx-js/react": "^3.0.0",
         "clsx": "^2.0.0",
         "copy-text-to-clipboard": "^3.2.0",
-        "infima": "0.2.0-alpha.43",
+        "infima": "0.2.0-alpha.44",
         "lodash": "^4.17.21",
         "nprogress": "^0.2.0",
         "postcss": "^8.4.26",
@@ -2583,19 +2587,73 @@
         "react-dom": "^18.0.0"
       }
     },
-    "node_modules/@docusaurus/theme-common": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/theme-common/-/theme-common-3.4.0.tgz",
-      "integrity": "sha512-0A27alXuv7ZdCg28oPE8nH/Iz73/IUejVaCazqu9elS4ypjiLhK3KfzdSQBnL/g7YfHSlymZKdiOHEo8fJ0qMA==",
+    "node_modules/@docusaurus/theme-classic/node_modules/@docusaurus/plugin-content-blog": {
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.5.2.tgz",
+      "integrity": "sha512-R7ghWnMvjSf+aeNDH0K4fjyQnt5L0KzUEnUhmf1e3jZrv3wogeytZNN6n7X8yHcMsuZHPOrctQhXWnmxu+IRRg==",
       "license": "MIT",
       "dependencies": {
-        "@docusaurus/mdx-loader": "3.4.0",
-        "@docusaurus/module-type-aliases": "3.4.0",
-        "@docusaurus/plugin-content-blog": "3.4.0",
-        "@docusaurus/plugin-content-docs": "3.4.0",
-        "@docusaurus/plugin-content-pages": "3.4.0",
-        "@docusaurus/utils": "3.4.0",
-        "@docusaurus/utils-common": "3.4.0",
+        "@docusaurus/core": "3.5.2",
+        "@docusaurus/logger": "3.5.2",
+        "@docusaurus/mdx-loader": "3.5.2",
+        "@docusaurus/theme-common": "3.5.2",
+        "@docusaurus/types": "3.5.2",
+        "@docusaurus/utils": "3.5.2",
+        "@docusaurus/utils-common": "3.5.2",
+        "@docusaurus/utils-validation": "3.5.2",
+        "cheerio": "1.0.0-rc.12",
+        "feed": "^4.2.2",
+        "fs-extra": "^11.1.1",
+        "lodash": "^4.17.21",
+        "reading-time": "^1.5.0",
+        "srcset": "^4.0.0",
+        "tslib": "^2.6.0",
+        "unist-util-visit": "^5.0.0",
+        "utility-types": "^3.10.0",
+        "webpack": "^5.88.1"
+      },
+      "engines": {
+        "node": ">=18.0"
+      },
+      "peerDependencies": {
+        "@docusaurus/plugin-content-docs": "*",
+        "react": "^18.0.0",
+        "react-dom": "^18.0.0"
+      }
+    },
+    "node_modules/@docusaurus/theme-classic/node_modules/@docusaurus/plugin-content-pages": {
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.5.2.tgz",
+      "integrity": "sha512-WzhHjNpoQAUz/ueO10cnundRz+VUtkjFhhaQ9jApyv1a46FPURO4cef89pyNIOMny1fjDz/NUN2z6Yi+5WUrCw==",
+      "license": "MIT",
+      "dependencies": {
+        "@docusaurus/core": "3.5.2",
+        "@docusaurus/mdx-loader": "3.5.2",
+        "@docusaurus/types": "3.5.2",
+        "@docusaurus/utils": "3.5.2",
+        "@docusaurus/utils-validation": "3.5.2",
+        "fs-extra": "^11.1.1",
+        "tslib": "^2.6.0",
+        "webpack": "^5.88.1"
+      },
+      "engines": {
+        "node": ">=18.0"
+      },
+      "peerDependencies": {
+        "react": "^18.0.0",
+        "react-dom": "^18.0.0"
+      }
+    },
+    "node_modules/@docusaurus/theme-common": {
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/theme-common/-/theme-common-3.5.2.tgz",
+      "integrity": "sha512-QXqlm9S6x9Ibwjs7I2yEDgsCocp708DrCrgHgKwg2n2AY0YQ6IjU0gAK35lHRLOvAoJUfCKpQAwUykB0R7+Eew==",
+      "license": "MIT",
+      "dependencies": {
+        "@docusaurus/mdx-loader": "3.5.2",
+        "@docusaurus/module-type-aliases": "3.5.2",
+        "@docusaurus/utils": "3.5.2",
+        "@docusaurus/utils-common": "3.5.2",
         "@types/history": "^4.7.11",
         "@types/react": "*",
         "@types/react-router-config": "*",
@@ -2609,24 +2667,25 @@
         "node": ">=18.0"
       },
       "peerDependencies": {
+        "@docusaurus/plugin-content-docs": "*",
         "react": "^18.0.0",
         "react-dom": "^18.0.0"
       }
     },
     "node_modules/@docusaurus/theme-search-algolia": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.4.0.tgz",
-      "integrity": "sha512-aiHFx7OCw4Wck1z6IoShVdUWIjntC8FHCw9c5dR8r3q4Ynh+zkS8y2eFFunN/DL6RXPzpnvKCg3vhLQYJDmT9Q==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.5.2.tgz",
+      "integrity": "sha512-qW53kp3VzMnEqZGjakaV90sst3iN1o32PH+nawv1uepROO8aEGxptcq2R5rsv7aBShSRbZwIobdvSYKsZ5pqvA==",
       "license": "MIT",
       "dependencies": {
         "@docsearch/react": "^3.5.2",
-        "@docusaurus/core": "3.4.0",
-        "@docusaurus/logger": "3.4.0",
-        "@docusaurus/plugin-content-docs": "3.4.0",
-        "@docusaurus/theme-common": "3.4.0",
-        "@docusaurus/theme-translations": "3.4.0",
-        "@docusaurus/utils": "3.4.0",
-        "@docusaurus/utils-validation": "3.4.0",
+        "@docusaurus/core": "3.5.2",
+        "@docusaurus/logger": "3.5.2",
+        "@docusaurus/plugin-content-docs": "3.5.2",
+        "@docusaurus/theme-common": "3.5.2",
+        "@docusaurus/theme-translations": "3.5.2",
+        "@docusaurus/utils": "3.5.2",
+        "@docusaurus/utils-validation": "3.5.2",
         "algoliasearch": "^4.18.0",
         "algoliasearch-helper": "^3.13.3",
         "clsx": "^2.0.0",
@@ -2645,9 +2704,9 @@
       }
     },
     "node_modules/@docusaurus/theme-translations": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/theme-translations/-/theme-translations-3.4.0.tgz",
-      "integrity": "sha512-zSxCSpmQCCdQU5Q4CnX/ID8CSUUI3fvmq4hU/GNP/XoAWtXo9SAVnM3TzpU8Gb//H3WCsT8mJcTfyOk3d9ftNg==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/theme-translations/-/theme-translations-3.5.2.tgz",
+      "integrity": "sha512-GPZLcu4aT1EmqSTmbdpVrDENGR2yObFEX8ssEFYTCiAIVc0EihNSdOIBTazUvgNqwvnoU1A8vIs1xyzc3LITTw==",
       "license": "MIT",
       "dependencies": {
         "fs-extra": "^11.1.1",
@@ -2658,9 +2717,9 @@
       }
     },
     "node_modules/@docusaurus/types": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/types/-/types-3.4.0.tgz",
-      "integrity": "sha512-4jcDO8kXi5Cf9TcyikB/yKmz14f2RZ2qTRerbHAsS+5InE9ZgSLBNLsewtFTcTOXSVcbU3FoGOzcNWAmU1TR0A==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/types/-/types-3.5.2.tgz",
+      "integrity": "sha512-N6GntLXoLVUwkZw7zCxwy9QiuEXIcTVzA9AkmNw16oc0AP3SXLrMmDMMBIfgqwuKWa6Ox6epHol9kMtJqekACw==",
       "license": "MIT",
       "dependencies": {
         "@mdx-js/mdx": "^3.0.0",
@@ -2679,13 +2738,13 @@
       }
     },
     "node_modules/@docusaurus/utils": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/utils/-/utils-3.4.0.tgz",
-      "integrity": "sha512-fRwnu3L3nnWaXOgs88BVBmG1yGjcQqZNHG+vInhEa2Sz2oQB+ZjbEMO5Rh9ePFpZ0YDiDUhpaVjwmS+AU2F14g==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/utils/-/utils-3.5.2.tgz",
+      "integrity": "sha512-33QvcNFh+Gv+C2dP9Y9xWEzMgf3JzrpL2nW9PopidiohS1nDcyknKRx2DWaFvyVTTYIkkABVSr073VTj/NITNA==",
       "license": "MIT",
       "dependencies": {
-        "@docusaurus/logger": "3.4.0",
-        "@docusaurus/utils-common": "3.4.0",
+        "@docusaurus/logger": "3.5.2",
+        "@docusaurus/utils-common": "3.5.2",
         "@svgr/webpack": "^8.1.0",
         "escape-string-regexp": "^4.0.0",
         "file-loader": "^6.2.0",
@@ -2718,9 +2777,9 @@
       }
     },
     "node_modules/@docusaurus/utils-common": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/utils-common/-/utils-common-3.4.0.tgz",
-      "integrity": "sha512-NVx54Wr4rCEKsjOH5QEVvxIqVvm+9kh7q8aYTU5WzUU9/Hctd6aTrcZ3G0Id4zYJ+AeaG5K5qHA4CY5Kcm2iyQ==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/utils-common/-/utils-common-3.5.2.tgz",
+      "integrity": "sha512-i0AZjHiRgJU6d7faQngIhuHKNrszpL/SHQPgF1zH4H+Ij6E9NBYGy6pkcGWToIv7IVPbs+pQLh1P3whn0gWXVg==",
       "license": "MIT",
       "dependencies": {
         "tslib": "^2.6.0"
@@ -2738,14 +2797,14 @@
       }
     },
     "node_modules/@docusaurus/utils-validation": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/@docusaurus/utils-validation/-/utils-validation-3.4.0.tgz",
-      "integrity": "sha512-hYQ9fM+AXYVTWxJOT1EuNaRnrR2WGpRdLDQG07O8UOpsvCPWUVOeo26Rbm0JWY2sGLfzAb+tvJ62yF+8F+TV0g==",
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/@docusaurus/utils-validation/-/utils-validation-3.5.2.tgz",
+      "integrity": "sha512-m+Foq7augzXqB6HufdS139PFxDC5d5q2QKZy8q0qYYvGdI6nnlNsGH4cIGsgBnV7smz+mopl3g4asbSDvMV0jA==",
       "license": "MIT",
       "dependencies": {
-        "@docusaurus/logger": "3.4.0",
-        "@docusaurus/utils": "3.4.0",
-        "@docusaurus/utils-common": "3.4.0",
+        "@docusaurus/logger": "3.5.2",
+        "@docusaurus/utils": "3.5.2",
+        "@docusaurus/utils-common": "3.5.2",
         "fs-extra": "^11.2.0",
         "joi": "^17.9.2",
         "js-yaml": "^4.1.0",
@@ -6009,9 +6068,10 @@
       }
     },
     "node_modules/docusaurus-lunr-search": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/docusaurus-lunr-search/-/docusaurus-lunr-search-3.4.0.tgz",
-      "integrity": "sha512-GfllnNXCLgTSPH9TAKWmbn8VMfwpdOAZ1xl3T2GgX8Pm26qSDLfrrdVwjguaLfMJfzciFL97RKrAJlgrFM48yw==",
+      "version": "3.5.0",
+      "resolved": "https://registry.npmjs.org/docusaurus-lunr-search/-/docusaurus-lunr-search-3.5.0.tgz",
+      "integrity": "sha512-k3zN4jYMi/prWInJILGKOxE+BVcgYinwj9+gcECsYm52tS+4ZKzXQzbPnVJAEXmvKOfFMcDFvS3MSmm6cEaxIQ==",
+      "license": "MIT",
       "dependencies": {
         "autocomplete.js": "^0.37.0",
         "clsx": "^1.2.1",
@@ -6038,14 +6098,16 @@
       }
     },
     "node_modules/docusaurus-lunr-search/node_modules/@types/unist": {
-      "version": "2.0.10",
-      "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.10.tgz",
-      "integrity": "sha512-IfYcSBWE3hLpBg8+X2SEa8LVkJdJEkT2Ese2aaLs3ptGdVtABxndrMaxuFlQ1qdFf9Q5rDvDpxI3WwgvKFAsQA=="
+      "version": "2.0.11",
+      "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.11.tgz",
+      "integrity": "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==",
+      "license": "MIT"
     },
     "node_modules/docusaurus-lunr-search/node_modules/bail": {
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/bail/-/bail-1.0.5.tgz",
       "integrity": "sha512-xFbRxM1tahm08yHBP16MMjVUAvDaBMD38zsM9EMAUN61omwLmKlOpB/Zku5QkjZ8TZ4vn53pj+t518cH0S03RQ==",
+      "license": "MIT",
       "funding": {
         "type": "github",
         "url": "https://github.com/sponsors/wooorm"
@@ -6055,6 +6117,7 @@
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/clsx/-/clsx-1.2.1.tgz",
       "integrity": "sha512-EcR6r5a8bj6pu3ycsa/E/cKVGuTgZJZdsyUYHOksG/UHIiKfjxzRxYJpyVBwYaQeOvghal9fcc4PidlgzugAQg==",
+      "license": "MIT",
       "engines": {
         "node": ">=6"
       }
@@ -6063,6 +6126,7 @@
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz",
       "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==",
+      "license": "MIT",
       "engines": {
         "node": ">=8"
       }
@@ -6071,6 +6135,7 @@
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/trough/-/trough-1.0.5.tgz",
       "integrity": "sha512-rvuRbTarPXmMb79SmzEp8aqXNKcK+y0XaB298IXueQ8I2PsrATcPBCSPyK/dDNa2iWOhKlfNnOjdAOTBU/nkFA==",
+      "license": "MIT",
       "funding": {
         "type": "github",
         "url": "https://github.com/sponsors/wooorm"
@@ -6080,6 +6145,7 @@
       "version": "9.2.2",
       "resolved": "https://registry.npmjs.org/unified/-/unified-9.2.2.tgz",
       "integrity": "sha512-Sg7j110mtefBD+qunSLO1lqOEKdrwBFBrR6Qd8f4uwkhWNlbkaqwHse6e7QvD3AP/MNoJdEDLaf8OxYyoWgorQ==",
+      "license": "MIT",
       "dependencies": {
         "bail": "^1.0.0",
         "extend": "^3.0.0",
@@ -6097,6 +6163,7 @@
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/unist-util-stringify-position/-/unist-util-stringify-position-2.0.3.tgz",
       "integrity": "sha512-3faScn5I+hy9VleOq/qNbAd6pAx7iH5jYBMS9I1HgQVijz/4mv5Bvw5iw1sC/90CODiKo81G/ps8AJrISn687g==",
+      "license": "MIT",
       "dependencies": {
         "@types/unist": "^2.0.2"
       },
@@ -6109,6 +6176,7 @@
       "version": "4.2.1",
       "resolved": "https://registry.npmjs.org/vfile/-/vfile-4.2.1.tgz",
       "integrity": "sha512-O6AE4OskCG5S1emQ/4gl8zK586RqA3srz3nfK/Viy0UPToBc5Trp9BVFb1u0CjsKrAWwnpr4ifM/KBXPWwJbCA==",
+      "license": "MIT",
       "dependencies": {
         "@types/unist": "^2.0.0",
         "is-buffer": "^2.0.0",
@@ -6124,6 +6192,7 @@
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/vfile-message/-/vfile-message-2.0.4.tgz",
       "integrity": "sha512-DjssxRGkMvifUOJre00juHoP9DPWuzjxKuMDrhNbk2TdaYYBNMStsNhEOt3idrtI12VQYM/1+iM0KOzXi4pxwQ==",
+      "license": "MIT",
       "dependencies": {
         "@types/unist": "^2.0.0",
         "unist-util-stringify-position": "^2.0.0"
@@ -8767,9 +8836,10 @@
       }
     },
     "node_modules/infima": {
-      "version": "0.2.0-alpha.43",
-      "resolved": "https://registry.npmjs.org/infima/-/infima-0.2.0-alpha.43.tgz",
-      "integrity": "sha512-2uw57LvUqW0rK/SWYnd/2rRfxNA5DDNOh33jxF7fy46VWoNhGxiUQyVZHbBMjQ33mQem0cjdDVwgWVAmlRfgyQ==",
+      "version": "0.2.0-alpha.44",
+      "resolved": "https://registry.npmjs.org/infima/-/infima-0.2.0-alpha.44.tgz",
+      "integrity": "sha512-tuRkUSO/lB3rEhLJk25atwAjgLuzq070+pOW8XcvpHky/YbENnRRdPd85IBkyeTgttmOy5ah+yHYsK1HhUd4lQ==",
+      "license": "MIT",
       "engines": {
         "node": ">=12"
       }
@@ -13638,9 +13708,10 @@
       }
     },
     "node_modules/prism-react-renderer": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/prism-react-renderer/-/prism-react-renderer-2.3.1.tgz",
-      "integrity": "sha512-Rdf+HzBLR7KYjzpJ1rSoxT9ioO85nZngQEoFIhL07XhtJHlCU3SOz0GJ6+qvMyQe0Se+BV3qpe6Yd/NmQF5Juw==",
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/prism-react-renderer/-/prism-react-renderer-2.4.0.tgz",
+      "integrity": "sha512-327BsVCD/unU4CNLZTWVHyUHKnsqcvj2qbPlQ8MiBE2eq2rgctjigPA1Gp9HLF83kZ20zNN6jgizHJeEsyFYOw==",
+      "license": "MIT",
       "dependencies": {
         "@types/prismjs": "^1.26.0",
         "clsx": "^2.0.0"
@@ -16020,9 +16091,9 @@
       }
     },
     "node_modules/tailwindcss": {
-      "version": "3.4.9",
-      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.9.tgz",
-      "integrity": "sha512-1SEOvRr6sSdV5IDf9iC+NU4dhwdqzF4zKKq3sAbasUWHEM6lsMhX+eNN5gkPx1BvLFEnZQEUFbXnGj8Qlp83Pg==",
+      "version": "3.4.12",
+      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.12.tgz",
+      "integrity": "sha512-Htf/gHj2+soPb9UayUNci/Ja3d8pTmu9ONTfh4QY8r3MATTZOzmv6UYWF7ZwikEIC8okpfqmGqrmDehua8mF8w==",
       "license": "MIT",
       "dependencies": {
         "@alloc/quick-lru": "^5.2.0",
@@ -16382,9 +16453,9 @@
       }
     },
     "node_modules/typescript": {
-      "version": "5.5.4",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.5.4.tgz",
-      "integrity": "sha512-Mtq29sKDAEYP7aljRgtPOpTvOfbwRWlS6dPRzwjdE+C0R4brX/GUyhHSecbHMFLNBLcJIPt9nl9yG5TZ1weH+Q==",
+      "version": "5.6.2",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.2.tgz",
+      "integrity": "sha512-NW8ByodCSNCwZeghjN3o+JX5OFH0Ojg6sadjEKY4huZ52TqbJTJnDo5+Tw98lSy63NZvi4n+ez5m2u5d4PkZyw==",
       "license": "Apache-2.0",
       "bin": {
         "tsc": "bin/tsc",

docs/package.json

@@ -56,6 +56,6 @@
     "node": ">=20"
   },
   "volta": {
-    "node": "20.16.0"
+    "node": "20.17.0"
   }
 }

docs/src/components/community-guides.tsx

@@ -43,6 +43,11 @@ const guides: CommunityGuidesProps[] = [
     description: 'Access your local Immich installation over the internet using your own domain',
     url: 'https://github.com/ppr88/immich-guides/blob/main/open-immich-custom-domain.md',
   },
+  {
+    title: 'Nginx caching map server',
+    description: 'Increase privacy by using nginx as a caching proxy in front of a map tile server',
+    url: 'https://github.com/pcouy/pcouy.github.io/blob/main/_posts/2024-08-30-proxying-a-map-tile-server-for-increased-privacy.md',
+  },
 ];
 
 function CommunityGuide({ title, description, url }: CommunityGuidesProps): JSX.Element {

docs/src/components/community-projects.tsx

@@ -28,11 +28,6 @@ const projects: CommunityProjectProps[] = [
     description: 'A simple way to remove orphaned offline assets from the Immich database',
     url: 'https://github.com/Thoroslives/immich_remove_offline_files',
   },
-  {
-    title: 'Create albums from folders',
-    description: 'A Python script to create albums based on the folder structure of an external library.',
-    url: 'https://github.com/Salvoxia/immich-folder-album-creator',
-  },
   {
     title: 'Immich-Tools',
     description: 'Provides scripts for handling problems on the repair page.',
@@ -43,6 +38,11 @@ const projects: CommunityProjectProps[] = [
     description: 'Lightroom plugin to publish photos from Lightroom collections to Immich albums.',
     url: 'https://github.com/midzelis/mi.Immich.Publisher',
   },
+  {
+    title: 'Lightroom Immich Plugin: lrc-immich-plugin',
+    description: 'Another Lightroom plugin to publish or export photos from Lightroom to Immich.',
+    url: 'https://github.com/bmachek/lrc-immich-plugin',
+  },
   {
     title: 'Immich Duplicate Finder',
     description: 'Webapp that uses machine learning to identify near-duplicate images.',
@@ -58,6 +58,11 @@ const projects: CommunityProjectProps[] = [
     description: 'Unofficial Immich Android TV app.',
     url: 'https://github.com/giejay/Immich-Android-TV',
   },
+  {
+    title: 'Create albums from folders',
+    description: 'A Python script to create albums based on the folder structure of an external library.',
+    url: 'https://github.com/Salvoxia/immich-folder-album-creator',
+  },
   {
     title: 'Powershell Module PSImmich',
     description: 'Powershell Module for the Immich API',
@@ -68,6 +73,16 @@ const projects: CommunityProjectProps[] = [
     description: 'Snap package for easy install and zero-care auto updates of Immich. Self-hosted photo management.',
     url: 'https://immich-distribution.nsg.cc',
   },
+  {
+    title: 'Immich Kiosk',
+    description: 'Lightweight slideshow to run on kiosk devices and browsers.',
+    url: 'https://github.com/damongolding/immich-kiosk',
+  },
+  {
+    title: 'Immich Power Tools',
+    description: 'Power tools for organizing your immich library.',
+    url: 'https://github.com/varun-raj/immich-power-tools',
+  },
 ];
 
 function CommunityProject({ title, description, url }: CommunityProjectProps): JSX.Element {

docs/src/components/version-switcher.tsx

@@ -1,4 +1,3 @@
-import '@docusaurus/theme-classic/lib/theme/Unlisted/index';
 import { useWindowSize } from '@docusaurus/theme-common';
 import DropdownNavbarItem from '@theme/NavbarItem/DropdownNavbarItem';
 import React, { useEffect, useState } from 'react';

docs/src/pages/cursed-knowledge.tsx

@@ -1,22 +1,39 @@
 import {
+  mdiBug,
   mdiCalendarToday,
   mdiCrosshairsOff,
+  mdiDatabase,
   mdiLeadPencil,
   mdiLockOff,
   mdiLockOutline,
+  mdiMicrosoftWindows,
+  mdiSecurity,
   mdiSpeedometerSlow,
+  mdiTrashCan,
   mdiWeb,
   mdiWrap,
 } from '@mdi/js';
 import Layout from '@theme/Layout';
 import React from 'react';
-import { Item as TimelineItem, Timeline } from '../components/timeline';
+import { Timeline, Item as TimelineItem } from '../components/timeline';
 
 const withLanguage = (date: Date) => (language: string) => date.toLocaleDateString(language);
 
 type Item = Omit<TimelineItem, 'done' | 'getDateLabel'> & { date: Date };
 
 const items: Item[] = [
+  {
+    icon: mdiMicrosoftWindows,
+    iconColor: '#357EC7',
+    title: 'Hidden files in Windows are cursed',
+    description:
+      'Hidden files in Windows cannot be opened with the "w" flag. That, combined with SMB option "hide dot files" leads to a lot of confusion.',
+    link: {
+      url: 'https://github.com/immich-app/immich/pull/12812',
+      text: '#12812',
+    },
+    date: new Date(2024, 8, 20),
+  },
   {
     icon: mdiWrap,
     iconColor: 'gray',
@@ -96,6 +113,51 @@ const items: Item[] = [
     link: { url: 'https://github.com/immich-app/immich/pull/6787', text: '#6787' },
     date: new Date(2024, 0, 31),
   },
+  {
+    icon: mdiBug,
+    iconColor: 'green',
+    title: 'ESM imports are cursed',
+    description:
+      'Prior to Node.js v20.8 using --experimental-vm-modules in a CommonJS project that imported an ES module that imported a CommonJS modules would create a segfault and crash Node.js',
+    link: {
+      url: 'https://github.com/immich-app/immich/pull/6719',
+      text: '#6179',
+    },
+    date: new Date(2024, 0, 9),
+  },
+  {
+    icon: mdiDatabase,
+    iconColor: 'gray',
+    title: 'PostgreSQL parameters are cursed',
+    description: `PostgresSQL has a limit of ${Number(65535).toLocaleString()} parameters, so bulk inserts can fail with large datasets.`,
+    link: {
+      url: 'https://github.com/immich-app/immich/pull/6034',
+      text: '#6034',
+    },
+    date: new Date(2023, 11, 28),
+  },
+  {
+    icon: mdiSecurity,
+    iconColor: 'gold',
+    title: 'Secure contexts are cursed',
+    description: `Some web features like the clipboard API only work in "secure contexts" (ie. https or localhost)`,
+    link: {
+      url: 'https://github.com/immich-app/immich/issues/2981',
+      text: '#2981',
+    },
+    date: new Date(2023, 5, 26),
+  },
+  {
+    icon: mdiTrashCan,
+    iconColor: 'gray',
+    title: 'TypeORM deletes are cursed',
+    description: `The remove implementation in TypeORM mutates the input, deleting the id property from the original object.`,
+    link: {
+      url: 'https://github.com/typeorm/typeorm/issues/7024#issuecomment-948519328',
+      text: 'typeorm#6034',
+    },
+    date: new Date(2023, 1, 23),
+  },
 ];
 
 export default function CursedKnowledgePage(): JSX.Element {

docs/src/pages/roadmap.tsx

@@ -15,6 +15,7 @@ import {
   mdiCloudUploadOutline,
   mdiCollage,
   mdiContentDuplicate,
+  mdiCrop,
   mdiDevices,
   mdiEmailOutline,
   mdiExpansionCard,
@@ -26,6 +27,7 @@ import {
   mdiFileSearch,
   mdiFlash,
   mdiFolder,
+  mdiFolderMultiple,
   mdiForum,
   mdiHandshakeOutline,
   mdiHeart,
@@ -36,6 +38,7 @@ import {
   mdiImageMultipleOutline,
   mdiImageSearch,
   mdiKeyboardSettingsOutline,
+  mdiLicense,
   mdiLockOutline,
   mdiMagnify,
   mdiMagnifyScan,
@@ -55,25 +58,29 @@ import {
   mdiScaleBalance,
   mdiSecurity,
   mdiServer,
+  mdiShare,
   mdiShareAll,
   mdiShareCircle,
   mdiStar,
+  mdiStarOutline,
   mdiTableKey,
   mdiTag,
+  mdiTagMultiple,
   mdiText,
   mdiThemeLightDark,
   mdiTrashCanOutline,
   mdiVectorCombine,
   mdiVideo,
   mdiWeb,
-  mdiLicense,
 } from '@mdi/js';
 import Layout from '@theme/Layout';
 import React from 'react';
 import { Item, Timeline } from '../components/timeline';
 
 const releases = {
-  // TODO
+  'v1.113.0': new Date(2024, 7, 30),
+  'v1.112.0': new Date(2024, 7, 14),
+  'v1.111.0': new Date(2024, 6, 26),
   'v1.110.0': new Date(2024, 5, 11),
   'v1.109.0': new Date(2024, 6, 18),
   'v1.106.1': new Date(2024, 5, 11),
@@ -224,6 +231,47 @@ const roadmap: Item[] = [
 ];
 
 const milestones: Item[] = [
+  withRelease({
+    icon: mdiTagMultiple,
+    iconColor: 'orange',
+    title: 'Tags',
+    description: 'Tag your photos and videos',
+    release: 'v1.113.0',
+  }),
+  withRelease({
+    icon: mdiFolderMultiple,
+    iconColor: 'brown',
+    title: 'Folders',
+    description: 'View your photos and videos in folders',
+    release: 'v1.113.0',
+  }),
+  withRelease({
+    icon: mdiPalette,
+    title: 'Theming (mobile)',
+    description: 'Pick a primary color for the mobile app',
+    release: 'v1.112.0',
+  }),
+  withRelease({
+    icon: mdiStarOutline,
+    iconColor: 'gold',
+    title: 'Star rating',
+    description: 'Rate your photos and videos',
+    release: 'v1.112.0',
+  }),
+  withRelease({
+    icon: mdiCrop,
+    iconColor: 'royalblue',
+    title: 'Editor (mobile)',
+    description: 'Crop and rotate on mobile',
+    release: 'v1.111.0',
+  }),
+  withRelease({
+    icon: mdiMap,
+    iconColor: 'green',
+    title: 'Deploy tiles.immich.cloud',
+    description: 'Dedicated tile server for Immich',
+    release: 'v1.111.0',
+  }),
   {
     icon: mdiStar,
     iconColor: 'gold',
@@ -231,6 +279,12 @@ const milestones: Item[] = [
     description: 'Reached 40K Stars on GitHub!',
     getDateLabel: withLanguage(new Date(2024, 6, 21)),
   },
+  withRelease({
+    icon: mdiShare,
+    title: 'Deploy my.immich.app',
+    description: 'Url router for immich links',
+    release: 'v1.109.0',
+  }),
   withRelease({
     icon: mdiLicense,
     iconColor: 'gold',

docs/static/archived-versions.json

@@ -1,4 +1,36 @@
 [
+  {
+    "label": "v1.116.2",
+    "url": "https://v1.116.2.archive.immich.app"
+  },
+  {
+    "label": "v1.116.1",
+    "url": "https://v1.116.1.archive.immich.app"
+  },
+  {
+    "label": "v1.116.0",
+    "url": "https://v1.116.0.archive.immich.app"
+  },
+  {
+    "label": "v1.115.0",
+    "url": "https://v1.115.0.archive.immich.app"
+  },
+  {
+    "label": "v1.114.0",
+    "url": "https://v1.114.0.archive.immich.app"
+  },
+  {
+    "label": "v1.113.1",
+    "url": "https://v1.113.1.archive.immich.app"
+  },
+  {
+    "label": "v1.113.0",
+    "url": "https://v1.113.0.archive.immich.app"
+  },
+  {
+    "label": "v1.112.1",
+    "url": "https://v1.112.1.archive.immich.app"
+  },
   {
     "label": "v1.112.0",
     "url": "https://v1.112.0.archive.immich.app"

docs/tailwind.config.js

@@ -4,7 +4,7 @@ module.exports = {
   corePlugins: {
     preflight: false, // disable Tailwind's reset
   },
-  content: ['./src/**/*.{js,jsx,ts,tsx}', '../docs/**/*.mdx'], // my markdown stuff is in ../docs, not /src
+  content: ['./src/**/*.{js,jsx,ts,tsx}', './{docs,blog}/**/*.{md,mdx}'], // my markdown stuff is in ../docs, not /src
   darkMode: ['class', '[data-theme="dark"]'], // hooks into docusaurus' dark mode settigns
   theme: {
     extend: {

e2e/.nvmrc

@@ -1 +1 @@
-20.16.0
+20.17.0

e2e/docker-compose.yml

@@ -1,5 +1,3 @@
-version: '3.8'
-
 name: immich-e2e
 
 services:
@@ -24,7 +22,6 @@ services:
       - IMMICH_METRICS=true
       - IMMICH_ENV=testing
     volumes:
-      - upload:/usr/src/app/upload
       - ./test-assets:/test-assets
     extra_hosts:
       - 'auth-server:host-gateway'
@@ -32,10 +29,10 @@ services:
       - redis
       - database
     ports:
-      - 2283:3001
+      - 2285:3001
 
   redis:
-    image: redis:6.2-alpine@sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e
+    image: redis:6.2-alpine@sha256:2d1463258f2764328496376f5d965f20c6a67f66ea2b06dc42af351f75248792
 
   database:
     image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
@@ -45,8 +42,4 @@ services:
       POSTGRES_USER: postgres
       POSTGRES_DB: immich
     ports:
-      - 5433:5432
-
-volumes:
-  model-cache:
-  upload:
+      - 5435:5432

e2e/eslint.config.mjs

@@ -59,6 +59,7 @@ export default [
       'unicorn/prefer-top-level-await': 'off',
       'unicorn/prefer-event-target': 'off',
       'unicorn/no-thenable': 'off',
+      'object-shorthand': ['error', 'always'],
     },
   },
 ];

e2e/package.json

@@ -1,6 +1,6 @@
 {
   "name": "immich-e2e",
-  "version": "1.112.0",
+  "version": "1.116.2",
   "description": "",
   "main": "index.js",
   "type": "module",
@@ -25,7 +25,7 @@
     "@immich/sdk": "file:../open-api/typescript-sdk",
     "@playwright/test": "^1.44.1",
     "@types/luxon": "^3.4.2",
-    "@types/node": "^20.14.14",
+    "@types/node": "^20.16.5",
     "@types/oidc-provider": "^8.5.1",
     "@types/pg": "^8.11.0",
     "@types/pngjs": "^6.0.4",
@@ -53,6 +53,6 @@
     "vitest": "^2.0.5"
   },
   "volta": {
-    "node": "20.16.0"
+    "node": "20.17.0"
   }
 }

e2e/playwright.config.ts

@@ -8,7 +8,7 @@ export default defineConfig({
   workers: 1,
   reporter: 'html',
   use: {
-    baseURL: 'http://127.0.0.1:2283',
+    baseURL: 'http://127.0.0.1:2285',
     trace: 'on-first-retry',
   },
 
@@ -53,8 +53,10 @@ export default defineConfig({
 
   /* Run your local dev server before starting the tests */
   webServer: {
-    command: 'docker compose up --build -V --remove-orphans',
-    url: 'http://127.0.0.1:2283',
+    command: 'docker compose up --build --renew-anon-volumes --force-recreate --remove-orphans',
+    url: 'http://127.0.0.1:2285',
+    stdout: 'pipe',
+    stderr: 'pipe',
     reuseExistingServer: true,
   },
 });

e2e/src/api/specs/album.e2e-spec.ts

@@ -344,16 +344,16 @@ describe('/albums', () => {
     });
   });
 
-  describe('GET /albums/count', () => {
+  describe('GET /albums/statistics', () => {
     it('should require authentication', async () => {
-      const { status, body } = await request(app).get('/albums/count');
+      const { status, body } = await request(app).get('/albums/statistics');
       expect(status).toBe(401);
       expect(body).toEqual(errorDto.unauthorized);
     });
 
     it('should return total count of albums the user has access to', async () => {
       const { status, body } = await request(app)
-        .get('/albums/count')
+        .get('/albums/statistics')
         .set('Authorization', `Bearer ${user1.accessToken}`);
 
       expect(status).toBe(200);

e2e/src/api/specs/api-key.e2e-spec.ts

@@ -0,0 +1,258 @@
+import { LoginResponseDto, Permission, createApiKey } from '@immich/sdk';
+import { createUserDto, uuidDto } from 'src/fixtures';
+import { errorDto } from 'src/responses';
+import { app, asBearerAuth, utils } from 'src/utils';
+import request from 'supertest';
+import { beforeAll, beforeEach, describe, expect, it } from 'vitest';
+
+const create = (accessToken: string, permissions: Permission[]) =>
+  createApiKey({ apiKeyCreateDto: { name: 'api key', permissions } }, { headers: asBearerAuth(accessToken) });
+
+describe('/api-keys', () => {
+  let admin: LoginResponseDto;
+  let user: LoginResponseDto;
+
+  beforeAll(async () => {
+    await utils.resetDatabase();
+
+    admin = await utils.adminSetup();
+    user = await utils.userSetup(admin.accessToken, createUserDto.user1);
+  });
+
+  beforeEach(async () => {
+    await utils.resetDatabase(['api_keys']);
+  });
+
+  describe('POST /api-keys', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).post('/api-keys').send({ name: 'API Key' });
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should not work without permission', async () => {
+      const { secret } = await create(user.accessToken, [Permission.ApiKeyRead]);
+      const { status, body } = await request(app).post('/api-keys').set('x-api-key', secret).send({ name: 'API Key' });
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.missingPermission('apiKey.create'));
+    });
+
+    it('should work with apiKey.create', async () => {
+      const { secret } = await create(user.accessToken, [Permission.ApiKeyCreate, Permission.ApiKeyRead]);
+      const { status, body } = await request(app)
+        .post('/api-keys')
+        .set('x-api-key', secret)
+        .send({
+          name: 'API Key',
+          permissions: [Permission.ApiKeyRead],
+        });
+      expect(body).toEqual({
+        secret: expect.any(String),
+        apiKey: {
+          id: expect.any(String),
+          name: 'API Key',
+          permissions: [Permission.ApiKeyRead],
+          createdAt: expect.any(String),
+          updatedAt: expect.any(String),
+        },
+      });
+      expect(status).toBe(201);
+    });
+
+    it('should not create an api key with all permissions', async () => {
+      const { secret } = await create(user.accessToken, [Permission.ApiKeyCreate]);
+      const { status, body } = await request(app)
+        .post('/api-keys')
+        .set('x-api-key', secret)
+        .send({ name: 'API Key', permissions: [Permission.All] });
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest('Cannot grant permissions you do not have'));
+    });
+
+    it('should not create an api key with more permissions', async () => {
+      const { secret } = await create(user.accessToken, [Permission.ApiKeyCreate]);
+      const { status, body } = await request(app)
+        .post('/api-keys')
+        .set('x-api-key', secret)
+        .send({ name: 'API Key', permissions: [Permission.ApiKeyRead] });
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest('Cannot grant permissions you do not have'));
+    });
+
+    it('should create an api key', async () => {
+      const { status, body } = await request(app)
+        .post('/api-keys')
+        .send({ name: 'API Key', permissions: [Permission.All] })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(body).toEqual({
+        apiKey: {
+          id: expect.any(String),
+          name: 'API Key',
+          permissions: [Permission.All],
+          createdAt: expect.any(String),
+          updatedAt: expect.any(String),
+        },
+        secret: expect.any(String),
+      });
+      expect(status).toEqual(201);
+    });
+  });
+
+  describe('GET /api-keys', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/api-keys');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should start off empty', async () => {
+      const { status, body } = await request(app).get('/api-keys').set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(body).toEqual([]);
+      expect(status).toEqual(200);
+    });
+
+    it('should return a list of api keys', async () => {
+      const [{ apiKey: apiKey1 }, { apiKey: apiKey2 }, { apiKey: apiKey3 }] = await Promise.all([
+        create(admin.accessToken, [Permission.All]),
+        create(admin.accessToken, [Permission.All]),
+        create(admin.accessToken, [Permission.All]),
+      ]);
+      const { status, body } = await request(app).get('/api-keys').set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(body).toHaveLength(3);
+      expect(body).toEqual(expect.arrayContaining([apiKey1, apiKey2, apiKey3]));
+      expect(status).toEqual(200);
+    });
+  });
+
+  describe('GET /api-keys/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get(`/api-keys/${uuidDto.notFound}`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization', async () => {
+      const { apiKey } = await create(user.accessToken, [Permission.All]);
+      const { status, body } = await request(app)
+        .get(`/api-keys/${apiKey.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest('API Key not found'));
+    });
+
+    it('should require a valid uuid', async () => {
+      const { status, body } = await request(app)
+        .get(`/api-keys/${uuidDto.invalid}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
+    });
+
+    it('should get api key details', async () => {
+      const { apiKey } = await create(user.accessToken, [Permission.All]);
+      const { status, body } = await request(app)
+        .get(`/api-keys/${apiKey.id}`)
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        id: expect.any(String),
+        name: 'api key',
+        permissions: [Permission.All],
+        createdAt: expect.any(String),
+        updatedAt: expect.any(String),
+      });
+    });
+  });
+
+  describe('PUT /api-keys/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).put(`/api-keys/${uuidDto.notFound}`).send({ name: 'new name' });
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization', async () => {
+      const { apiKey } = await create(user.accessToken, [Permission.All]);
+      const { status, body } = await request(app)
+        .put(`/api-keys/${apiKey.id}`)
+        .send({ name: 'new name' })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest('API Key not found'));
+    });
+
+    it('should require a valid uuid', async () => {
+      const { status, body } = await request(app)
+        .put(`/api-keys/${uuidDto.invalid}`)
+        .send({ name: 'new name' })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
+    });
+
+    it('should update api key details', async () => {
+      const { apiKey } = await create(user.accessToken, [Permission.All]);
+      const { status, body } = await request(app)
+        .put(`/api-keys/${apiKey.id}`)
+        .send({ name: 'new name' })
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        id: expect.any(String),
+        name: 'new name',
+        permissions: [Permission.All],
+        createdAt: expect.any(String),
+        updatedAt: expect.any(String),
+      });
+    });
+  });
+
+  describe('DELETE /api-keys/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).delete(`/api-keys/${uuidDto.notFound}`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization', async () => {
+      const { apiKey } = await create(user.accessToken, [Permission.All]);
+      const { status, body } = await request(app)
+        .delete(`/api-keys/${apiKey.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest('API Key not found'));
+    });
+
+    it('should require a valid uuid', async () => {
+      const { status, body } = await request(app)
+        .delete(`/api-keys/${uuidDto.invalid}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
+    });
+
+    it('should delete an api key', async () => {
+      const { apiKey } = await create(user.accessToken, [Permission.All]);
+      const { status } = await request(app)
+        .delete(`/api-keys/${apiKey.id}`)
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(204);
+    });
+  });
+
+  describe('authentication', () => {
+    it('should work as a header', async () => {
+      const { secret } = await create(user.accessToken, [Permission.All]);
+      const { status, body } = await request(app).get('/api-keys').set('x-api-key', secret);
+      expect(body).toHaveLength(1);
+      expect(status).toBe(200);
+    });
+
+    it('should work as a query param', async () => {
+      const { secret } = await create(user.accessToken, [Permission.All]);
+      const { status, body } = await request(app).get(`/api-keys?apiKey=${secret}`);
+      expect(body).toHaveLength(1);
+      expect(status).toBe(200);
+    });
+  });
+});

e2e/src/api/specs/asset.e2e-spec.ts

@@ -6,8 +6,9 @@ import {
   LoginResponseDto,
   SharedLinkType,
   getAssetInfo,
+  getConfig,
   getMyUser,
-  updateAssets,
+  updateConfig,
 } from '@immich/sdk';
 import { exiftool } from 'exiftool-vendored';
 import { DateTime } from 'luxon';
@@ -44,6 +45,9 @@ const TEN_TIMES = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9];
 
 const locationAssetFilepath = `${testAssetDir}/metadata/gps-position/thompson-springs.jpg`;
 const ratingAssetFilepath = `${testAssetDir}/metadata/rating/mongolels.jpg`;
+const facesAssetFilepath = `${testAssetDir}/metadata/faces/portrait.jpg`;
+
+const getSystemConfig = (accessToken: string) => getConfig({ headers: asBearerAuth(accessToken) });
 
 const readTags = async (bytes: Buffer, filename: string) => {
   const filepath = join(tempDir, filename);
@@ -67,26 +71,24 @@ describe('/asset', () => {
   let timeBucketUser: LoginResponseDto;
   let quotaUser: LoginResponseDto;
   let statsUser: LoginResponseDto;
-  let stackUser: LoginResponseDto;
 
   let user1Assets: AssetMediaResponseDto[];
   let user2Assets: AssetMediaResponseDto[];
-  let stackAssets: AssetMediaResponseDto[];
   let locationAsset: AssetMediaResponseDto;
   let ratingAsset: AssetMediaResponseDto;
+  let facesAsset: AssetMediaResponseDto;
 
   const setupTests = async () => {
     await utils.resetDatabase();
     admin = await utils.adminSetup({ onboarding: false });
 
-    [websocket, user1, user2, statsUser, quotaUser, timeBucketUser, stackUser] = await Promise.all([
+    [websocket, user1, user2, statsUser, quotaUser, timeBucketUser] = await Promise.all([
       utils.connectWebsocket(admin.accessToken),
       utils.userSetup(admin.accessToken, createUserDto.create('1')),
       utils.userSetup(admin.accessToken, createUserDto.create('2')),
       utils.userSetup(admin.accessToken, createUserDto.create('stats')),
       utils.userSetup(admin.accessToken, createUserDto.userQuota),
       utils.userSetup(admin.accessToken, createUserDto.create('time-bucket')),
-      utils.userSetup(admin.accessToken, createUserDto.create('stack')),
     ]);
 
     await utils.createPartner(user1.accessToken, user2.userId);
@@ -149,20 +151,6 @@ describe('/asset', () => {
       }),
     ]);
 
-    // stacks
-    stackAssets = await Promise.all([
-      utils.createAsset(stackUser.accessToken),
-      utils.createAsset(stackUser.accessToken),
-      utils.createAsset(stackUser.accessToken),
-      utils.createAsset(stackUser.accessToken),
-      utils.createAsset(stackUser.accessToken),
-    ]);
-
-    await updateAssets(
-      { assetBulkUpdateDto: { stackParentId: stackAssets[0].id, ids: [stackAssets[1].id, stackAssets[2].id] } },
-      { headers: asBearerAuth(stackUser.accessToken) },
-    );
-
     const person1 = await utils.createPerson(user1.accessToken, {
       name: 'Test Person',
     });
@@ -242,6 +230,64 @@ describe('/asset', () => {
       });
     });
 
+    it('should get the asset faces', async () => {
+      const config = await getSystemConfig(admin.accessToken);
+      config.metadata.faces.import = true;
+      await updateConfig({ systemConfigDto: config }, { headers: asBearerAuth(admin.accessToken) });
+
+      // asset faces
+      facesAsset = await utils.createAsset(admin.accessToken, {
+        assetData: {
+          filename: 'portrait.jpg',
+          bytes: await readFile(facesAssetFilepath),
+        },
+      });
+
+      await utils.waitForWebsocketEvent({ event: 'assetUpload', id: facesAsset.id });
+
+      const { status, body } = await request(app)
+        .get(`/assets/${facesAsset.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body.id).toEqual(facesAsset.id);
+      expect(body.people).toMatchObject([
+        {
+          name: 'Marie Curie',
+          birthDate: null,
+          thumbnailPath: '',
+          isHidden: false,
+          faces: [
+            {
+              imageHeight: 700,
+              imageWidth: 840,
+              boundingBoxX1: 261,
+              boundingBoxX2: 356,
+              boundingBoxY1: 146,
+              boundingBoxY2: 284,
+              sourceType: 'exif',
+            },
+          ],
+        },
+        {
+          name: 'Pierre Curie',
+          birthDate: null,
+          thumbnailPath: '',
+          isHidden: false,
+          faces: [
+            {
+              imageHeight: 700,
+              imageWidth: 840,
+              boundingBoxX1: 536,
+              boundingBoxX2: 618,
+              boundingBoxY1: 83,
+              boundingBoxY2: 252,
+              sourceType: 'exif',
+            },
+          ],
+        },
+      ]);
+    });
+
     it('should work with a shared link', async () => {
       const sharedLink = await utils.createSharedLink(user1.accessToken, {
         type: SharedLinkType.Individual,
@@ -381,6 +427,8 @@ describe('/asset', () => {
         utils.createAsset(user1.accessToken),
         utils.createAsset(user1.accessToken),
       ]);
+
+      await utils.waitForQueueFinish(admin.accessToken, 'thumbnailGeneration');
     });
 
     it('should require authentication', async () => {
@@ -417,17 +465,14 @@ describe('/asset', () => {
       }
     });
 
-    it.each(TEN_TIMES)(
-      'should return 1 asset if there are 10 assets in the database but user 2 only has 1',
-      async () => {
-        const { status, body } = await request(app)
-          .get('/assets/random')
-          .set('Authorization', `Bearer ${user2.accessToken}`);
+    it.skip('should return 1 asset if there are 10 assets in the database but user 2 only has 1', async () => {
+      const { status, body } = await request(app)
+        .get('/assets/random')
+        .set('Authorization', `Bearer ${user2.accessToken}`);
 
-        expect(status).toBe(200);
-        expect(body).toEqual([expect.objectContaining({ id: user2Assets[0].id })]);
-      },
-    );
+      expect(status).toBe(200);
+      expect(body).toEqual([expect.objectContaining({ id: user2Assets[0].id })]);
+    });
 
     it('should return error', async () => {
       const { status } = await request(app)
@@ -500,6 +545,48 @@ describe('/asset', () => {
       expect(status).toEqual(200);
     });
 
+    it('should not allow linking two photos', async () => {
+      const { status, body } = await request(app)
+        .put(`/assets/${user1Assets[0].id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ livePhotoVideoId: user1Assets[1].id });
+
+      expect(body).toEqual(errorDto.badRequest('Live photo video must be a video'));
+      expect(status).toEqual(400);
+    });
+
+    it('should not allow linking a video owned by another user', async () => {
+      const asset = await utils.createAsset(user2.accessToken, { assetData: { filename: 'example.mp4' } });
+      const { status, body } = await request(app)
+        .put(`/assets/${user1Assets[0].id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ livePhotoVideoId: asset.id });
+
+      expect(body).toEqual(errorDto.badRequest('Live photo video does not belong to the user'));
+      expect(status).toEqual(400);
+    });
+
+    it('should link a motion photo', async () => {
+      const asset = await utils.createAsset(user1.accessToken, { assetData: { filename: 'example.mp4' } });
+      const { status, body } = await request(app)
+        .put(`/assets/${user1Assets[0].id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ livePhotoVideoId: asset.id });
+
+      expect(status).toEqual(200);
+      expect(body).toMatchObject({ id: user1Assets[0].id, livePhotoVideoId: asset.id });
+    });
+
+    it('should unlink a motion photo', async () => {
+      const { status, body } = await request(app)
+        .put(`/assets/${user1Assets[0].id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ livePhotoVideoId: null });
+
+      expect(status).toEqual(200);
+      expect(body).toMatchObject({ id: user1Assets[0].id, livePhotoVideoId: null });
+    });
+
     it('should update date time original when sidecar file contains DateTimeOriginal', async () => {
       const sidecarData = `<?xpacket begin='?' id='W5M0MpCehiHzreSzNTczkc9d'?>
 <x:xmpmeta xmlns:x='adobe:ns:meta/' x:xmptk='Image::ExifTool 12.40'>
@@ -826,145 +913,8 @@ describe('/asset', () => {
       expect(status).toBe(401);
       expect(body).toEqual(errorDto.unauthorized);
     });
-
-    it('should require a valid parent id', async () => {
-      const { status, body } = await request(app)
-        .put('/assets')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ stackParentId: uuidDto.invalid, ids: [stackAssets[0].id] });
-
-      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest(['stackParentId must be a UUID']));
-    });
-
-    it('should require access to the parent', async () => {
-      const { status, body } = await request(app)
-        .put('/assets')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ stackParentId: stackAssets[3].id, ids: [user1Assets[0].id] });
-
-      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.noPermission);
-    });
-
-    it('should add stack children', async () => {
-      const { status } = await request(app)
-        .put('/assets')
-        .set('Authorization', `Bearer ${stackUser.accessToken}`)
-        .send({ stackParentId: stackAssets[0].id, ids: [stackAssets[3].id] });
-
-      expect(status).toBe(204);
-
-      const asset = await getAssetInfo({ id: stackAssets[0].id }, { headers: asBearerAuth(stackUser.accessToken) });
-      expect(asset.stack).not.toBeUndefined();
-      expect(asset.stack).toEqual(expect.arrayContaining([expect.objectContaining({ id: stackAssets[3].id })]));
-    });
-
-    it('should remove stack children', async () => {
-      const { status } = await request(app)
-        .put('/assets')
-        .set('Authorization', `Bearer ${stackUser.accessToken}`)
-        .send({ removeParent: true, ids: [stackAssets[1].id] });
-
-      expect(status).toBe(204);
-
-      const asset = await getAssetInfo({ id: stackAssets[0].id }, { headers: asBearerAuth(stackUser.accessToken) });
-      expect(asset.stack).not.toBeUndefined();
-      expect(asset.stack).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({ id: stackAssets[2].id }),
-          expect.objectContaining({ id: stackAssets[3].id }),
-        ]),
-      );
-    });
-
-    it('should remove all stack children', async () => {
-      const { status } = await request(app)
-        .put('/assets')
-        .set('Authorization', `Bearer ${stackUser.accessToken}`)
-        .send({ removeParent: true, ids: [stackAssets[2].id, stackAssets[3].id] });
-
-      expect(status).toBe(204);
-
-      const asset = await getAssetInfo({ id: stackAssets[0].id }, { headers: asBearerAuth(stackUser.accessToken) });
-      expect(asset.stack).toBeUndefined();
-    });
-
-    it('should merge stack children', async () => {
-      // create stack after previous test removed stack children
-      await updateAssets(
-        { assetBulkUpdateDto: { stackParentId: stackAssets[0].id, ids: [stackAssets[1].id, stackAssets[2].id] } },
-        { headers: asBearerAuth(stackUser.accessToken) },
-      );
-
-      const { status } = await request(app)
-        .put('/assets')
-        .set('Authorization', `Bearer ${stackUser.accessToken}`)
-        .send({ stackParentId: stackAssets[3].id, ids: [stackAssets[0].id] });
-
-      expect(status).toBe(204);
-
-      const asset = await getAssetInfo({ id: stackAssets[3].id }, { headers: asBearerAuth(stackUser.accessToken) });
-      expect(asset.stack).not.toBeUndefined();
-      expect(asset.stack).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({ id: stackAssets[0].id }),
-          expect.objectContaining({ id: stackAssets[1].id }),
-          expect.objectContaining({ id: stackAssets[2].id }),
-        ]),
-      );
-    });
   });
 
-  describe('PUT /assets/stack/parent', () => {
-    it('should require authentication', async () => {
-      const { status, body } = await request(app).put('/assets/stack/parent');
-
-      expect(status).toBe(401);
-      expect(body).toEqual(errorDto.unauthorized);
-    });
-
-    it('should require a valid id', async () => {
-      const { status, body } = await request(app)
-        .put('/assets/stack/parent')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ oldParentId: uuidDto.invalid, newParentId: uuidDto.invalid });
-
-      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.badRequest());
-    });
-
-    it('should require access', async () => {
-      const { status, body } = await request(app)
-        .put('/assets/stack/parent')
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ oldParentId: stackAssets[3].id, newParentId: stackAssets[0].id });
-
-      expect(status).toBe(400);
-      expect(body).toEqual(errorDto.noPermission);
-    });
-
-    it('should make old parent child of new parent', async () => {
-      const { status } = await request(app)
-        .put('/assets/stack/parent')
-        .set('Authorization', `Bearer ${stackUser.accessToken}`)
-        .send({ oldParentId: stackAssets[3].id, newParentId: stackAssets[0].id });
-
-      expect(status).toBe(200);
-
-      const asset = await getAssetInfo({ id: stackAssets[0].id }, { headers: asBearerAuth(stackUser.accessToken) });
-
-      // new parent
-      expect(asset.stack).not.toBeUndefined();
-      expect(asset.stack).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({ id: stackAssets[1].id }),
-          expect.objectContaining({ id: stackAssets[2].id }),
-          expect.objectContaining({ id: stackAssets[3].id }),
-        ]),
-      );
-    });
-  });
   describe('POST /assets', () => {
     beforeAll(setupTests, 30_000);
 
@@ -993,13 +943,12 @@ describe('/asset', () => {
       expect(body).toEqual(errorDto.badRequest());
     });
 
-    it.each([
+    const tests = [
       {
         input: 'formats/avif/8bit-sRGB.avif',
         expected: {
           type: AssetTypeEnum.Image,
           originalFileName: '8bit-sRGB.avif',
-          resized: true,
           exifInfo: {
             description: '',
             exifImageHeight: 1080,
@@ -1015,7 +964,6 @@ describe('/asset', () => {
         expected: {
           type: AssetTypeEnum.Image,
           originalFileName: 'el_torcal_rocks.jpg',
-          resized: true,
           exifInfo: {
             dateTimeOriginal: '2012-08-05T11:39:59.000Z',
             exifImageWidth: 512,
@@ -1039,7 +987,6 @@ describe('/asset', () => {
         expected: {
           type: AssetTypeEnum.Image,
           originalFileName: '8bit-sRGB.jxl',
-          resized: true,
           exifInfo: {
             description: '',
             exifImageHeight: 1080,
@@ -1055,7 +1002,6 @@ describe('/asset', () => {
         expected: {
           type: AssetTypeEnum.Image,
           originalFileName: 'IMG_2682.heic',
-          resized: true,
           fileCreatedAt: '2019-03-21T16:04:22.348Z',
           exifInfo: {
             dateTimeOriginal: '2019-03-21T16:04:22.348Z',
@@ -1080,7 +1026,6 @@ describe('/asset', () => {
         expected: {
           type: AssetTypeEnum.Image,
           originalFileName: 'density_plot.png',
-          resized: true,
           exifInfo: {
             exifImageWidth: 800,
             exifImageHeight: 800,
@@ -1095,7 +1040,6 @@ describe('/asset', () => {
         expected: {
           type: AssetTypeEnum.Image,
           originalFileName: 'glarus.nef',
-          resized: true,
           fileCreatedAt: '2010-07-20T17:27:12.000Z',
           exifInfo: {
             make: 'NIKON CORPORATION',
@@ -1117,7 +1061,6 @@ describe('/asset', () => {
         expected: {
           type: AssetTypeEnum.Image,
           originalFileName: 'philadelphia.nef',
-          resized: true,
           fileCreatedAt: '2016-09-22T22:10:29.060Z',
           exifInfo: {
             make: 'NIKON CORPORATION',
@@ -1140,7 +1083,6 @@ describe('/asset', () => {
         expected: {
           type: AssetTypeEnum.Image,
           originalFileName: '4_3.rw2',
-          resized: true,
           fileCreatedAt: '2018-05-10T08:42:37.842Z',
           exifInfo: {
             make: 'Panasonic',
@@ -1164,7 +1106,6 @@ describe('/asset', () => {
         expected: {
           type: AssetTypeEnum.Image,
           originalFileName: '12bit-compressed-(3_2).arw',
-          resized: true,
           fileCreatedAt: '2016-09-27T10:51:44.000Z',
           exifInfo: {
             make: 'SONY',
@@ -1189,7 +1130,6 @@ describe('/asset', () => {
         expected: {
           type: AssetTypeEnum.Image,
           originalFileName: '14bit-uncompressed-(3_2).arw',
-          resized: true,
           fileCreatedAt: '2016-01-08T14:08:01.000Z',
           exifInfo: {
             make: 'SONY',
@@ -1209,21 +1149,32 @@ describe('/asset', () => {
           },
         },
       },
-    ])(`should upload and generate a thumbnail for $input`, async ({ input, expected }) => {
-      const filepath = join(testAssetDir, input);
-      const { id, status } = await utils.createAsset(admin.accessToken, {
-        assetData: { bytes: await readFile(filepath), filename: basename(filepath) },
-      });
+    ];
 
-      expect(status).toBe(AssetMediaStatus.Created);
+    it(`should upload and generate a thumbnail for different file types`, async () => {
+      // upload in parallel
+      const assets = await Promise.all(
+        tests.map(async ({ input }) => {
+          const filepath = join(testAssetDir, input);
+          return utils.createAsset(admin.accessToken, {
+            assetData: { bytes: await readFile(filepath), filename: basename(filepath) },
+          });
+        }),
+      );
 
-      await utils.waitForWebsocketEvent({ event: 'assetUpload', id: id });
+      for (const { id, status } of assets) {
+        expect(status).toBe(AssetMediaStatus.Created);
+        await utils.waitForWebsocketEvent({ event: 'assetUpload', id });
+      }
 
-      const asset = await utils.getAssetInfo(admin.accessToken, id);
+      for (const [i, { id }] of assets.entries()) {
+        const { expected } = tests[i];
+        const asset = await utils.getAssetInfo(admin.accessToken, id);
 
-      expect(asset.exifInfo).toBeDefined();
-      expect(asset.exifInfo).toMatchObject(expected.exifInfo);
-      expect(asset).toMatchObject(expected);
+        expect(asset.exifInfo).toBeDefined();
+        expect(asset.exifInfo).toMatchObject(expected.exifInfo);
+        expect(asset).toMatchObject(expected);
+      }
     });
 
     it('should handle a duplicate', async () => {

e2e/src/api/specs/library.e2e-spec.ts

@@ -1,11 +1,4 @@
-import {
-  LibraryResponseDto,
-  LoginResponseDto,
-  ScanLibraryDto,
-  getAllLibraries,
-  removeOfflineFiles,
-  scanLibrary,
-} from '@immich/sdk';
+import { LibraryResponseDto, LoginResponseDto, getAllLibraries, scanLibrary } from '@immich/sdk';
 import { cpSync, existsSync } from 'node:fs';
 import { Socket } from 'socket.io-client';
 import { userDto, uuidDto } from 'src/fixtures';
@@ -15,8 +8,7 @@ import request from 'supertest';
 import { utimes } from 'utimes';
 import { afterAll, beforeAll, beforeEach, describe, expect, it } from 'vitest';
 
-const scan = async (accessToken: string, id: string, dto: ScanLibraryDto = {}) =>
-  scanLibrary({ id, scanLibraryDto: dto }, { headers: asBearerAuth(accessToken) });
+const scan = async (accessToken: string, id: string) => scanLibrary({ id }, { headers: asBearerAuth(accessToken) });
 
 describe('/libraries', () => {
   let admin: LoginResponseDto;
@@ -83,7 +75,7 @@ describe('/libraries', () => {
           refreshedAt: null,
           assetCount: 0,
           importPaths: [],
-          exclusionPatterns: [],
+          exclusionPatterns: expect.any(Array),
         }),
       );
     });
@@ -270,7 +262,7 @@ describe('/libraries', () => {
           refreshedAt: null,
           assetCount: 0,
           importPaths: [],
-          exclusionPatterns: [],
+          exclusionPatterns: expect.any(Array),
         }),
       );
     });
@@ -293,14 +285,19 @@ describe('/libraries', () => {
       expect(body).toEqual(errorDto.unauthorized);
     });
 
-    it('should scan external library', async () => {
+    it('should import new asset when scanning external library', async () => {
       const library = await utils.createLibrary(admin.accessToken, {
         ownerId: admin.userId,
         importPaths: [`${testAssetDirInternal}/temp/directoryA`],
       });
 
-      await scan(admin.accessToken, library.id);
-      await utils.waitForWebsocketEvent({ event: 'assetUpload', total: 1 });
+      const { status } = await request(app)
+        .post(`/libraries/${library.id}/scan`)
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send();
+      expect(status).toBe(204);
+
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
 
       const { assets } = await utils.metadataSearch(admin.accessToken, {
         originalPath: `${testAssetDirInternal}/temp/directoryA/assetA.png`,
@@ -315,8 +312,13 @@ describe('/libraries', () => {
         exclusionPatterns: ['**/directoryA'],
       });
 
-      await scan(admin.accessToken, library.id);
-      await utils.waitForWebsocketEvent({ event: 'assetUpload', total: 1 });
+      const { status } = await request(app)
+        .post(`/libraries/${library.id}/scan`)
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send();
+      expect(status).toBe(204);
+
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
 
       const { assets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
 
@@ -330,8 +332,13 @@ describe('/libraries', () => {
         importPaths: [`${testAssetDirInternal}/temp/directoryA`, `${testAssetDirInternal}/temp/directoryB`],
       });
 
-      await scan(admin.accessToken, library.id);
-      await utils.waitForWebsocketEvent({ event: 'assetUpload', total: 2 });
+      const { status } = await request(app)
+        .post(`/libraries/${library.id}/scan`)
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send();
+      expect(status).toBe(204);
+
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
 
       const { assets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
 
@@ -340,263 +347,181 @@ describe('/libraries', () => {
       expect(assets.items.find((asset) => asset.originalPath.includes('directoryB'))).toBeDefined();
     });
 
-    it('should pick up new files', async () => {
+    it('should reimport a modified file', async () => {
       const library = await utils.createLibrary(admin.accessToken, {
         ownerId: admin.userId,
         importPaths: [`${testAssetDirInternal}/temp`],
       });
 
-      await scan(admin.accessToken, library.id);
-      await utils.waitForWebsocketEvent({ event: 'assetUpload', total: 2 });
-
-      const { assets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
-
-      expect(assets.count).toBe(2);
-
-      utils.createImageFile(`${testAssetDir}/temp/directoryA/assetB.png`);
-
-      await scan(admin.accessToken, library.id);
-      await utils.waitForWebsocketEvent({ event: 'assetUpload', total: 3 });
-
-      const { assets: newAssets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
-
-      expect(newAssets.count).toBe(3);
-      utils.removeImageFile(`${testAssetDir}/temp/directoryA/assetB.png`);
-    });
-
-    it('should offline missing files', async () => {
-      utils.createImageFile(`${testAssetDir}/temp/directoryA/assetB.png`);
-      const library = await utils.createLibrary(admin.accessToken, {
-        ownerId: admin.userId,
-        importPaths: [`${testAssetDirInternal}/temp`],
-      });
+      utils.createImageFile(`${testAssetDir}/temp/directoryA/assetB.jpg`);
+      await utimes(`${testAssetDir}/temp/directoryA/assetB.jpg`, 447_775_200_000);
 
       await scan(admin.accessToken, library.id);
       await utils.waitForQueueFinish(admin.accessToken, 'library');
 
-      utils.removeImageFile(`${testAssetDir}/temp/directoryA/assetB.png`);
-
-      await scan(admin.accessToken, library.id);
-      await utils.waitForQueueFinish(admin.accessToken, 'library');
-
-      const { assets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
-
-      expect(assets.items).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            isOffline: true,
-            originalFileName: 'assetB.png',
-          }),
-        ]),
-      );
-    });
-
-    it('should not try to delete offline files', async () => {
-      utils.createImageFile(`${testAssetDir}/temp/offline1/assetA.png`);
-
-      const library = await utils.createLibrary(admin.accessToken, {
-        ownerId: admin.userId,
-        importPaths: [`${testAssetDirInternal}/temp/offline1`],
-      });
-
-      await scan(admin.accessToken, library.id);
-      await utils.waitForQueueFinish(admin.accessToken, 'library');
-
-      const { assets: initialAssets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
-      expect(initialAssets).toEqual({
-        count: 1,
-        total: 1,
-        facets: [],
-        items: [expect.objectContaining({ originalFileName: 'assetA.png' })],
-        nextPage: null,
-      });
-
-      utils.removeImageFile(`${testAssetDir}/temp/offline1/assetA.png`);
-
-      await scan(admin.accessToken, library.id);
-      await utils.waitForQueueFinish(admin.accessToken, 'library');
-
-      const { assets: offlineAssets } = await utils.metadataSearch(admin.accessToken, {
-        libraryId: library.id,
-        isOffline: true,
-      });
-      expect(offlineAssets).toEqual({
-        count: 1,
-        total: 1,
-        facets: [],
-        items: [expect.objectContaining({ originalFileName: 'assetA.png' })],
-        nextPage: null,
-      });
-
-      utils.createImageFile(`${testAssetDir}/temp/offline1/assetA.png`);
-      await removeOfflineFiles({ id: library.id }, { headers: asBearerAuth(admin.accessToken) });
-      await utils.waitForQueueFinish(admin.accessToken, 'library');
-      await utils.waitForWebsocketEvent({ event: 'assetDelete', total: 1 });
-
-      expect(existsSync(`${testAssetDir}/temp/offline1/assetA.png`)).toBe(true);
-    });
-
-    it('should scan new files', async () => {
-      const library = await utils.createLibrary(admin.accessToken, {
-        ownerId: admin.userId,
-        importPaths: [`${testAssetDirInternal}/temp`],
-      });
-
-      await scan(admin.accessToken, library.id);
-      await utils.waitForQueueFinish(admin.accessToken, 'library');
-
-      utils.createImageFile(`${testAssetDir}/temp/directoryA/assetC.png`);
-
-      await scan(admin.accessToken, library.id);
-      await utils.waitForQueueFinish(admin.accessToken, 'library');
-
-      utils.removeImageFile(`${testAssetDir}/temp/directoryA/assetC.png`);
-      const { assets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
-
-      expect(assets.items).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            originalFileName: 'assetC.png',
-          }),
-        ]),
-      );
-    });
-
-    describe('with refreshModifiedFiles=true', () => {
-      it('should reimport modified files', async () => {
-        const library = await utils.createLibrary(admin.accessToken, {
-          ownerId: admin.userId,
-          importPaths: [`${testAssetDirInternal}/temp`],
-        });
-
-        utils.createImageFile(`${testAssetDir}/temp/directoryA/assetB.jpg`);
-        await utimes(`${testAssetDir}/temp/directoryA/assetB.jpg`, 447_775_200_000);
-
-        await scan(admin.accessToken, library.id);
-        await utils.waitForQueueFinish(admin.accessToken, 'library');
-
-        cpSync(`${testAssetDir}/albums/nature/tanners_ridge.jpg`, `${testAssetDir}/temp/directoryA/assetB.jpg`);
-        await utimes(`${testAssetDir}/temp/directoryA/assetB.jpg`, 447_775_200_001);
-
-        await scan(admin.accessToken, library.id, { refreshModifiedFiles: true });
-        await utils.waitForQueueFinish(admin.accessToken, 'library');
-        await utils.waitForQueueFinish(admin.accessToken, 'metadataExtraction');
-        utils.removeImageFile(`${testAssetDir}/temp/directoryA/assetB.jpg`);
-
-        const { assets } = await utils.metadataSearch(admin.accessToken, {
-          libraryId: library.id,
-          model: 'NIKON D750',
-        });
-        expect(assets.count).toBe(1);
-      });
-
-      it('should not reimport unmodified files', async () => {
-        const library = await utils.createLibrary(admin.accessToken, {
-          ownerId: admin.userId,
-          importPaths: [`${testAssetDirInternal}/temp`],
-        });
-
-        utils.createImageFile(`${testAssetDir}/temp/directoryA/assetB.jpg`);
-        await utimes(`${testAssetDir}/temp/directoryA/assetB.jpg`, 447_775_200_000);
-
-        await scan(admin.accessToken, library.id);
-        await utils.waitForQueueFinish(admin.accessToken, 'library');
-
-        cpSync(`${testAssetDir}/albums/nature/tanners_ridge.jpg`, `${testAssetDir}/temp/directoryA/assetB.jpg`);
-        await utimes(`${testAssetDir}/temp/directoryA/assetB.jpg`, 447_775_200_000);
-
-        await scan(admin.accessToken, library.id, { refreshModifiedFiles: true });
-        await utils.waitForQueueFinish(admin.accessToken, 'library');
-        await utils.waitForQueueFinish(admin.accessToken, 'metadataExtraction');
-        utils.removeImageFile(`${testAssetDir}/temp/directoryA/assetB.jpg`);
-
-        const { assets } = await utils.metadataSearch(admin.accessToken, {
-          libraryId: library.id,
-          model: 'NIKON D750',
-        });
-        expect(assets.count).toBe(0);
-      });
-    });
-
-    describe('with refreshAllFiles=true', () => {
-      it('should reimport all files', async () => {
-        const library = await utils.createLibrary(admin.accessToken, {
-          ownerId: admin.userId,
-          importPaths: [`${testAssetDirInternal}/temp`],
-        });
-
-        utils.createImageFile(`${testAssetDir}/temp/directoryA/assetB.jpg`);
-        await utimes(`${testAssetDir}/temp/directoryA/assetB.jpg`, 447_775_200_000);
-
-        await scan(admin.accessToken, library.id);
-        await utils.waitForQueueFinish(admin.accessToken, 'library');
-
-        cpSync(`${testAssetDir}/albums/nature/tanners_ridge.jpg`, `${testAssetDir}/temp/directoryA/assetB.jpg`);
-        await utimes(`${testAssetDir}/temp/directoryA/assetB.jpg`, 447_775_200_000);
-
-        await scan(admin.accessToken, library.id, { refreshAllFiles: true });
-        await utils.waitForQueueFinish(admin.accessToken, 'library');
-        await utils.waitForQueueFinish(admin.accessToken, 'metadataExtraction');
-        utils.removeImageFile(`${testAssetDir}/temp/directoryA/assetB.jpg`);
-
-        const { assets } = await utils.metadataSearch(admin.accessToken, {
-          libraryId: library.id,
-          model: 'NIKON D750',
-        });
-        expect(assets.count).toBe(1);
-      });
-    });
-  });
-
-  describe('POST /libraries/:id/removeOffline', () => {
-    it('should require authentication', async () => {
-      const { status, body } = await request(app).post(`/libraries/${uuidDto.notFound}/removeOffline`).send({});
-
-      expect(status).toBe(401);
-      expect(body).toEqual(errorDto.unauthorized);
-    });
-
-    it('should remove offline files', async () => {
-      const library = await utils.createLibrary(admin.accessToken, {
-        ownerId: admin.userId,
-        importPaths: [`${testAssetDirInternal}/temp/offline2`],
-      });
-
-      utils.createImageFile(`${testAssetDir}/temp/offline2/assetA.png`);
-
-      await scan(admin.accessToken, library.id);
-      await utils.waitForQueueFinish(admin.accessToken, 'library');
-
-      const { assets: initialAssets } = await utils.metadataSearch(admin.accessToken, {
-        libraryId: library.id,
-      });
-      expect(initialAssets.count).toBe(1);
-
-      utils.removeImageFile(`${testAssetDir}/temp/offline2/assetA.png`);
-
-      await scan(admin.accessToken, library.id);
-      await utils.waitForQueueFinish(admin.accessToken, 'library');
-
-      const { assets: offlineAssets } = await utils.metadataSearch(admin.accessToken, {
-        libraryId: library.id,
-        isOffline: true,
-      });
-      expect(offlineAssets.count).toBe(1);
+      cpSync(`${testAssetDir}/albums/nature/tanners_ridge.jpg`, `${testAssetDir}/temp/directoryA/assetB.jpg`);
+      await utimes(`${testAssetDir}/temp/directoryA/assetB.jpg`, 447_775_200_001);
 
       const { status } = await request(app)
-        .post(`/libraries/${library.id}/removeOffline`)
+        .post(`/libraries/${library.id}/scan`)
         .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send();
+        .send({ refreshModifiedFiles: true });
       expect(status).toBe(204);
+
       await utils.waitForQueueFinish(admin.accessToken, 'library');
-      await utils.waitForQueueFinish(admin.accessToken, 'backgroundTask');
+      await utils.waitForQueueFinish(admin.accessToken, 'metadataExtraction');
+      utils.removeImageFile(`${testAssetDir}/temp/directoryA/assetB.jpg`);
 
-      const { assets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
+      const { assets } = await utils.metadataSearch(admin.accessToken, {
+        libraryId: library.id,
+        model: 'NIKON D750',
+      });
+      expect(assets.count).toBe(1);
+    });
 
+    it('should not reimport unmodified files', async () => {
+      const library = await utils.createLibrary(admin.accessToken, {
+        ownerId: admin.userId,
+        importPaths: [`${testAssetDirInternal}/temp`],
+      });
+
+      utils.createImageFile(`${testAssetDir}/temp/directoryA/assetB.jpg`);
+      await utimes(`${testAssetDir}/temp/directoryA/assetB.jpg`, 447_775_200_000);
+
+      await scan(admin.accessToken, library.id);
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
+
+      cpSync(`${testAssetDir}/albums/nature/tanners_ridge.jpg`, `${testAssetDir}/temp/directoryA/assetB.jpg`);
+      await utimes(`${testAssetDir}/temp/directoryA/assetB.jpg`, 447_775_200_000);
+
+      const { status } = await request(app)
+        .post(`/libraries/${library.id}/scan`)
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ refreshModifiedFiles: true });
+      expect(status).toBe(204);
+
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
+      await utils.waitForQueueFinish(admin.accessToken, 'metadataExtraction');
+      utils.removeImageFile(`${testAssetDir}/temp/directoryA/assetB.jpg`);
+
+      const { assets } = await utils.metadataSearch(admin.accessToken, {
+        libraryId: library.id,
+        model: 'NIKON D750',
+      });
       expect(assets.count).toBe(0);
     });
 
-    it('should not remove online files', async () => {
+    it('should set an asset offline if its file is missing', async () => {
+      const library = await utils.createLibrary(admin.accessToken, {
+        ownerId: admin.userId,
+        importPaths: [`${testAssetDirInternal}/temp/offline`],
+      });
+
+      utils.createImageFile(`${testAssetDir}/temp/offline/offline.png`);
+
+      await scan(admin.accessToken, library.id);
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
+
+      const { assets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
+      expect(assets.count).toBe(1);
+
+      utils.removeImageFile(`${testAssetDir}/temp/offline/offline.png`);
+
+      const { status } = await request(app)
+        .post(`/libraries/${library.id}/scan`)
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send();
+      expect(status).toBe(204);
+
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
+
+      const trashedAsset = await utils.getAssetInfo(admin.accessToken, assets.items[0].id);
+      expect(trashedAsset.originalPath).toBe(`${testAssetDirInternal}/temp/offline/offline.png`);
+      expect(trashedAsset.isOffline).toEqual(true);
+
+      const { assets: newAssets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
+      expect(newAssets.items).toEqual([]);
+    });
+
+    it('should set an asset offline its file is not in any import path', async () => {
+      const library = await utils.createLibrary(admin.accessToken, {
+        ownerId: admin.userId,
+        importPaths: [`${testAssetDirInternal}/temp/offline`],
+      });
+
+      utils.createImageFile(`${testAssetDir}/temp/offline/offline.png`);
+
+      await scan(admin.accessToken, library.id);
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
+
+      const { assets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
+      expect(assets.count).toBe(1);
+
+      utils.createDirectory(`${testAssetDir}/temp/another-path/`);
+
+      await request(app)
+        .put(`/libraries/${library.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ importPaths: [`${testAssetDirInternal}/temp/another-path/`] });
+
+      const { status } = await request(app)
+        .post(`/libraries/${library.id}/scan`)
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send();
+      expect(status).toBe(204);
+
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
+
+      const trashedAsset = await utils.getAssetInfo(admin.accessToken, assets.items[0].id);
+      expect(trashedAsset.originalPath).toBe(`${testAssetDirInternal}/temp/offline/offline.png`);
+      expect(trashedAsset.isOffline).toBe(true);
+
+      const { assets: newAssets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
+
+      expect(newAssets.items).toEqual([]);
+
+      utils.removeImageFile(`${testAssetDir}/temp/offline/offline.png`);
+      utils.removeDirectory(`${testAssetDir}/temp/another-path/`);
+    });
+
+    it('should set an asset offline if its file is covered by an exclusion pattern', async () => {
+      const library = await utils.createLibrary(admin.accessToken, {
+        ownerId: admin.userId,
+        importPaths: [`${testAssetDirInternal}/temp`],
+      });
+
+      await scan(admin.accessToken, library.id);
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
+
+      const { assets } = await utils.metadataSearch(admin.accessToken, {
+        libraryId: library.id,
+        originalFileName: 'assetB.png',
+      });
+      expect(assets.count).toBe(1);
+
+      await request(app)
+        .put(`/libraries/${library.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ exclusionPatterns: ['**/directoryB/**'] });
+
+      await scan(admin.accessToken, library.id);
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
+
+      const trashedAsset = await utils.getAssetInfo(admin.accessToken, assets.items[0].id);
+      expect(trashedAsset.isTrashed).toBe(true);
+      expect(trashedAsset.originalPath).toBe(`${testAssetDirInternal}/temp/directoryB/assetB.png`);
+      expect(trashedAsset.isOffline).toBe(true);
+
+      const { assets: newAssets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
+
+      expect(newAssets.items).toEqual([
+        expect.objectContaining({
+          originalFileName: 'assetA.png',
+        }),
+      ]);
+    });
+
+    it('should not trash an online asset', async () => {
       const library = await utils.createLibrary(admin.accessToken, {
         ownerId: admin.userId,
         importPaths: [`${testAssetDirInternal}/temp`],
@@ -609,10 +534,11 @@ describe('/libraries', () => {
       expect(assetsBefore.count).toBeGreaterThan(1);
 
       const { status } = await request(app)
-        .post(`/libraries/${library.id}/removeOffline`)
+        .post(`/libraries/${library.id}/scan`)
         .set('Authorization', `Bearer ${admin.accessToken}`)
         .send();
       expect(status).toBe(204);
+
       await utils.waitForQueueFinish(admin.accessToken, 'library');
 
       const { assets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
@@ -704,7 +630,7 @@ describe('/libraries', () => {
       });
 
       await scan(admin.accessToken, library.id);
-      await utils.waitForWebsocketEvent({ event: 'assetUpload', total: 2 });
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
 
       const { status, body } = await request(app)
         .delete(`/libraries/${library.id}`)

e2e/src/api/specs/map.e2e-spec.ts

@@ -1,8 +1,7 @@
-import { AssetMediaResponseDto, LoginResponseDto, SharedLinkType } from '@immich/sdk';
+import { LoginResponseDto } from '@immich/sdk';
 import { readFile } from 'node:fs/promises';
 import { basename, join } from 'node:path';
 import { Socket } from 'socket.io-client';
-import { createUserDto } from 'src/fixtures';
 import { errorDto } from 'src/responses';
 import { app, testAssetDir, utils } from 'src/utils';
 import request from 'supertest';
@@ -11,18 +10,13 @@ import { afterAll, beforeAll, describe, expect, it } from 'vitest';
 describe('/map', () => {
   let websocket: Socket;
   let admin: LoginResponseDto;
-  let nonAdmin: LoginResponseDto;
-  let asset: AssetMediaResponseDto;
 
   beforeAll(async () => {
     await utils.resetDatabase();
     admin = await utils.adminSetup({ onboarding: false });
-    nonAdmin = await utils.userSetup(admin.accessToken, createUserDto.user1);
 
     websocket = await utils.connectWebsocket(admin.accessToken);
 
-    asset = await utils.createAsset(admin.accessToken);
-
     const files = ['formats/heic/IMG_2682.heic', 'metadata/gps-position/thompson-springs.jpg'];
     utils.resetEvents();
     const uploadFile = async (input: string) => {
@@ -103,63 +97,6 @@ describe('/map', () => {
     });
   });
 
-  describe('GET /map/style.json', () => {
-    it('should require authentication', async () => {
-      const { status, body } = await request(app).get('/map/style.json');
-      expect(status).toBe(401);
-      expect(body).toEqual(errorDto.unauthorized);
-    });
-
-    it('should allow shared link access', async () => {
-      const sharedLink = await utils.createSharedLink(admin.accessToken, {
-        type: SharedLinkType.Individual,
-        assetIds: [asset.id],
-      });
-      const { status, body } = await request(app).get(`/map/style.json?key=${sharedLink.key}`).query({ theme: 'dark' });
-
-      expect(status).toBe(200);
-      expect(body).toEqual(expect.objectContaining({ id: 'immich-map-dark' }));
-    });
-
-    it('should throw an error if a theme is not light or dark', async () => {
-      for (const theme of ['dark1', true, 123, '', null, undefined]) {
-        const { status, body } = await request(app)
-          .get('/map/style.json')
-          .query({ theme })
-          .set('Authorization', `Bearer ${admin.accessToken}`);
-        expect(status).toBe(400);
-        expect(body).toEqual(errorDto.badRequest(['theme must be one of the following values: light, dark']));
-      }
-    });
-
-    it('should return the light style.json', async () => {
-      const { status, body } = await request(app)
-        .get('/map/style.json')
-        .query({ theme: 'light' })
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-      expect(status).toBe(200);
-      expect(body).toEqual(expect.objectContaining({ id: 'immich-map-light' }));
-    });
-
-    it('should return the dark style.json', async () => {
-      const { status, body } = await request(app)
-        .get('/map/style.json')
-        .query({ theme: 'dark' })
-        .set('Authorization', `Bearer ${admin.accessToken}`);
-      expect(status).toBe(200);
-      expect(body).toEqual(expect.objectContaining({ id: 'immich-map-dark' }));
-    });
-
-    it('should not require admin authentication', async () => {
-      const { status, body } = await request(app)
-        .get('/map/style.json')
-        .query({ theme: 'dark' })
-        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
-      expect(status).toBe(200);
-      expect(body).toEqual(expect.objectContaining({ id: 'immich-map-dark' }));
-    });
-  });
-
   describe('GET /map/reverse-geocode', () => {
     it('should require authentication', async () => {
       const { status, body } = await request(app).get('/map/reverse-geocode');

e2e/src/api/specs/oauth.e2e-spec.ts

@@ -92,14 +92,14 @@ describe(`/oauth`, () => {
     it('should return a redirect uri', async () => {
       const { status, body } = await request(app)
         .post('/oauth/authorize')
-        .send({ redirectUri: 'http://127.0.0.1:2283/auth/login' });
+        .send({ redirectUri: 'http://127.0.0.1:2285/auth/login' });
       expect(status).toBe(201);
       expect(body).toEqual({ url: expect.stringContaining(`${authServer.internal}/auth?`) });
 
       const params = new URL(body.url).searchParams;
       expect(params.get('client_id')).toBe('client-default');
       expect(params.get('response_type')).toBe('code');
-      expect(params.get('redirect_uri')).toBe('http://127.0.0.1:2283/auth/login');
+      expect(params.get('redirect_uri')).toBe('http://127.0.0.1:2285/auth/login');
       expect(params.get('state')).toBeDefined();
     });
   });

e2e/src/api/specs/search.e2e-spec.ts

@@ -181,7 +181,7 @@ describe('/search', () => {
         dto: { size: -1.5 },
         expected: ['size must not be less than 1', 'size must be an integer number'],
       },
-      ...['isArchived', 'isFavorite', 'isEncoded', 'isMotion', 'isOffline', 'isVisible'].map((value) => ({
+      ...['isArchived', 'isFavorite', 'isEncoded', 'isOffline', 'isMotion', 'isVisible'].map((value) => ({
         should: `should reject ${value} not a boolean`,
         dto: { [value]: 'immich' },
         expected: [`${value} must be a boolean value`],

e2e/src/api/specs/server-info.e2e-spec.ts

@@ -102,6 +102,7 @@ describe('/server-info', () => {
         configFile: false,
         duplicateDetection: false,
         facialRecognition: false,
+        importFaces: false,
         map: true,
         reverseGeocoding: true,
         oauth: false,
@@ -127,6 +128,8 @@ describe('/server-info', () => {
         isInitialized: true,
         externalDomain: '',
         isOnboarded: false,
+        mapDarkStyleUrl: 'https://tiles.immich.cloud/v1/style/dark.json',
+        mapLightStyleUrl: 'https://tiles.immich.cloud/v1/style/light.json',
       });
     });
   });

e2e/src/api/specs/server.e2e-spec.ts

@@ -110,6 +110,7 @@ describe('/server', () => {
         facialRecognition: false,
         map: true,
         reverseGeocoding: true,
+        importFaces: false,
         oauth: false,
         oauthAutoLaunch: false,
         passwordLogin: true,
@@ -133,6 +134,8 @@ describe('/server', () => {
         isInitialized: true,
         externalDomain: '',
         isOnboarded: false,
+        mapDarkStyleUrl: 'https://tiles.immich.cloud/v1/style/dark.json',
+        mapLightStyleUrl: 'https://tiles.immich.cloud/v1/style/light.json',
       });
     });
   });

e2e/src/api/specs/stack.e2e-spec.ts

@@ -0,0 +1,211 @@
+import { AssetMediaResponseDto, LoginResponseDto, searchStacks } from '@immich/sdk';
+import { createUserDto, uuidDto } from 'src/fixtures';
+import { errorDto } from 'src/responses';
+import { app, asBearerAuth, utils } from 'src/utils';
+import request from 'supertest';
+import { beforeAll, describe, expect, it } from 'vitest';
+
+describe('/stacks', () => {
+  let admin: LoginResponseDto;
+  let user1: LoginResponseDto;
+  let user2: LoginResponseDto;
+  let asset: AssetMediaResponseDto;
+
+  beforeAll(async () => {
+    await utils.resetDatabase();
+
+    admin = await utils.adminSetup();
+
+    [user1, user2] = await Promise.all([
+      utils.userSetup(admin.accessToken, createUserDto.user1),
+      utils.userSetup(admin.accessToken, createUserDto.user2),
+    ]);
+
+    asset = await utils.createAsset(user1.accessToken);
+  });
+
+  describe('POST /stacks', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app)
+        .post('/stacks')
+        .send({ assetIds: [asset.id] });
+
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require at least two assets', async () => {
+      const { status, body } = await request(app)
+        .post('/stacks')
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ assetIds: [asset.id] });
+
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest());
+    });
+
+    it('should require a valid id', async () => {
+      const { status, body } = await request(app)
+        .post('/stacks')
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ assetIds: [uuidDto.invalid, uuidDto.invalid] });
+
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest());
+    });
+
+    it('should require access', async () => {
+      const user2Asset = await utils.createAsset(user2.accessToken);
+      const { status, body } = await request(app)
+        .post('/stacks')
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ assetIds: [asset.id, user2Asset.id] });
+
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.noPermission);
+    });
+
+    it('should create a stack', async () => {
+      const [asset1, asset2] = await Promise.all([
+        utils.createAsset(user1.accessToken),
+        utils.createAsset(user1.accessToken),
+      ]);
+
+      const { status, body } = await request(app)
+        .post('/stacks')
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ assetIds: [asset1.id, asset2.id] });
+
+      expect(status).toBe(201);
+      expect(body).toEqual({
+        id: expect.any(String),
+        primaryAssetId: asset1.id,
+        assets: [expect.objectContaining({ id: asset1.id }), expect.objectContaining({ id: asset2.id })],
+      });
+    });
+
+    it('should merge an existing stack', async () => {
+      const [asset1, asset2, asset3] = await Promise.all([
+        utils.createAsset(user1.accessToken),
+        utils.createAsset(user1.accessToken),
+        utils.createAsset(user1.accessToken),
+      ]);
+
+      const response1 = await request(app)
+        .post('/stacks')
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ assetIds: [asset1.id, asset2.id] });
+
+      expect(response1.status).toBe(201);
+
+      const stacksBefore = await searchStacks({}, { headers: asBearerAuth(user1.accessToken) });
+
+      const { status, body } = await request(app)
+        .post('/stacks')
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ assetIds: [asset1.id, asset3.id] });
+
+      expect(status).toBe(201);
+      expect(body).toEqual({
+        id: expect.any(String),
+        primaryAssetId: asset1.id,
+        assets: expect.arrayContaining([
+          expect.objectContaining({ id: asset1.id }),
+          expect.objectContaining({ id: asset2.id }),
+          expect.objectContaining({ id: asset3.id }),
+        ]),
+      });
+
+      const stacksAfter = await searchStacks({}, { headers: asBearerAuth(user1.accessToken) });
+      expect(stacksAfter.length).toBe(stacksBefore.length);
+    });
+
+    // it('should require a valid parent id', async () => {
+    //   const { status, body } = await request(app)
+    //     .put('/assets')
+    //     .set('Authorization', `Bearer ${user1.accessToken}`)
+    //     .send({ stackParentId: uuidDto.invalid, ids: [stackAssets[0].id] });
+
+    //   expect(status).toBe(400);
+    //   expect(body).toEqual(errorDto.badRequest(['stackParentId must be a UUID']));
+    // });
+  });
+
+  // it('should require access to the parent', async () => {
+  //   const { status, body } = await request(app)
+  //     .put('/assets')
+  //     .set('Authorization', `Bearer ${user1.accessToken}`)
+  //     .send({ stackParentId: stackAssets[3].id, ids: [user1Assets[0].id] });
+
+  //   expect(status).toBe(400);
+  //   expect(body).toEqual(errorDto.noPermission);
+  // });
+
+  // it('should add stack children', async () => {
+  //   const { status } = await request(app)
+  //     .put('/assets')
+  //     .set('Authorization', `Bearer ${stackUser.accessToken}`)
+  //     .send({ stackParentId: stackAssets[0].id, ids: [stackAssets[3].id] });
+
+  //   expect(status).toBe(204);
+
+  //   const asset = await getAssetInfo({ id: stackAssets[0].id }, { headers: asBearerAuth(stackUser.accessToken) });
+  //   expect(asset.stack).not.toBeUndefined();
+  //   expect(asset.stack).toEqual(expect.arrayContaining([expect.objectContaining({ id: stackAssets[3].id })]));
+  // });
+
+  // it('should remove stack children', async () => {
+  //   const { status } = await request(app)
+  //     .put('/assets')
+  //     .set('Authorization', `Bearer ${stackUser.accessToken}`)
+  //     .send({ removeParent: true, ids: [stackAssets[1].id] });
+
+  //   expect(status).toBe(204);
+
+  //   const asset = await getAssetInfo({ id: stackAssets[0].id }, { headers: asBearerAuth(stackUser.accessToken) });
+  //   expect(asset.stack).not.toBeUndefined();
+  //   expect(asset.stack).toEqual(
+  //     expect.arrayContaining([
+  //       expect.objectContaining({ id: stackAssets[2].id }),
+  //       expect.objectContaining({ id: stackAssets[3].id }),
+  //     ]),
+  //   );
+  // });
+
+  // it('should remove all stack children', async () => {
+  //   const { status } = await request(app)
+  //     .put('/assets')
+  //     .set('Authorization', `Bearer ${stackUser.accessToken}`)
+  //     .send({ removeParent: true, ids: [stackAssets[2].id, stackAssets[3].id] });
+
+  //   expect(status).toBe(204);
+
+  //   const asset = await getAssetInfo({ id: stackAssets[0].id }, { headers: asBearerAuth(stackUser.accessToken) });
+  //   expect(asset.stack).toBeUndefined();
+  // });
+
+  // it('should merge stack children', async () => {
+  //   // create stack after previous test removed stack children
+  //   await updateAssets(
+  //     { assetBulkUpdateDto: { stackParentId: stackAssets[0].id, ids: [stackAssets[1].id, stackAssets[2].id] } },
+  //     { headers: asBearerAuth(stackUser.accessToken) },
+  //   );
+
+  //   const { status } = await request(app)
+  //     .put('/assets')
+  //     .set('Authorization', `Bearer ${stackUser.accessToken}`)
+  //     .send({ stackParentId: stackAssets[3].id, ids: [stackAssets[0].id] });
+
+  //   expect(status).toBe(204);
+
+  //   const asset = await getAssetInfo({ id: stackAssets[3].id }, { headers: asBearerAuth(stackUser.accessToken) });
+  //   expect(asset.stack).not.toBeUndefined();
+  //   expect(asset.stack).toEqual(
+  //     expect.arrayContaining([
+  //       expect.objectContaining({ id: stackAssets[0].id }),
+  //       expect.objectContaining({ id: stackAssets[1].id }),
+  //       expect.objectContaining({ id: stackAssets[2].id }),
+  //     ]),
+  //   );
+  // });
+});

e2e/src/api/specs/tag.e2e-spec.ts

@@ -0,0 +1,603 @@
+import {
+  AssetMediaResponseDto,
+  LoginResponseDto,
+  Permission,
+  TagCreateDto,
+  TagResponseDto,
+  createTag,
+  getAllTags,
+  tagAssets,
+  upsertTags,
+} from '@immich/sdk';
+import { createUserDto, uuidDto } from 'src/fixtures';
+import { errorDto } from 'src/responses';
+import { app, asBearerAuth, utils } from 'src/utils';
+import request from 'supertest';
+import { beforeAll, beforeEach, describe, expect, it } from 'vitest';
+
+const create = (accessToken: string, dto: TagCreateDto) =>
+  createTag({ tagCreateDto: dto }, { headers: asBearerAuth(accessToken) });
+
+const upsert = (accessToken: string, tags: string[]) =>
+  upsertTags({ tagUpsertDto: { tags } }, { headers: asBearerAuth(accessToken) });
+
+describe('/tags', () => {
+  let admin: LoginResponseDto;
+  let user: LoginResponseDto;
+  let userAsset: AssetMediaResponseDto;
+
+  beforeAll(async () => {
+    await utils.resetDatabase();
+
+    admin = await utils.adminSetup();
+    user = await utils.userSetup(admin.accessToken, createUserDto.user1);
+    userAsset = await utils.createAsset(user.accessToken);
+  });
+
+  beforeEach(async () => {
+    //  tagging assets eventually triggers metadata extraction which can impact other tests
+    await utils.waitForQueueFinish(admin.accessToken, 'metadataExtraction');
+    await utils.resetDatabase(['tags']);
+  });
+
+  describe('POST /tags', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).post('/tags').send({ name: 'TagA' });
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization (api key)', async () => {
+      const { secret } = await utils.createApiKey(user.accessToken, [Permission.AssetRead]);
+      const { status, body } = await request(app).post('/tags').set('x-api-key', secret).send({ name: 'TagA' });
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.missingPermission('tag.create'));
+    });
+
+    it('should work with tag.create', async () => {
+      const { secret } = await utils.createApiKey(user.accessToken, [Permission.TagCreate]);
+      const { status, body } = await request(app).post('/tags').set('x-api-key', secret).send({ name: 'TagA' });
+      expect(body).toEqual({
+        id: expect.any(String),
+        name: 'TagA',
+        value: 'TagA',
+        createdAt: expect.any(String),
+        updatedAt: expect.any(String),
+      });
+      expect(status).toBe(201);
+    });
+
+    it('should create a tag', async () => {
+      const { status, body } = await request(app)
+        .post('/tags')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ name: 'TagA' });
+      expect(body).toEqual({
+        id: expect.any(String),
+        name: 'TagA',
+        value: 'TagA',
+        createdAt: expect.any(String),
+        updatedAt: expect.any(String),
+      });
+      expect(status).toBe(201);
+    });
+
+    it('should allow multiple users to create tags with the same value', async () => {
+      await create(admin.accessToken, { name: 'TagA' });
+      const { status, body } = await request(app)
+        .post('/tags')
+        .set('Authorization', `Bearer ${user.accessToken}`)
+        .send({ name: 'TagA' });
+      expect(body).toEqual({
+        id: expect.any(String),
+        name: 'TagA',
+        value: 'TagA',
+        createdAt: expect.any(String),
+        updatedAt: expect.any(String),
+      });
+      expect(status).toBe(201);
+    });
+
+    it('should create a nested tag', async () => {
+      const parent = await create(admin.accessToken, { name: 'TagA' });
+      const { status, body } = await request(app)
+        .post('/tags')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ name: 'TagB', parentId: parent.id });
+      expect(body).toEqual({
+        id: expect.any(String),
+        parentId: parent.id,
+        name: 'TagB',
+        value: 'TagA/TagB',
+        createdAt: expect.any(String),
+        updatedAt: expect.any(String),
+      });
+      expect(status).toBe(201);
+    });
+  });
+
+  describe('GET /tags', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/tags');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization (api key)', async () => {
+      const { secret } = await utils.createApiKey(user.accessToken, [Permission.AssetRead]);
+      const { status, body } = await request(app).get('/tags').set('x-api-key', secret);
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.missingPermission('tag.read'));
+    });
+
+    it('should start off empty', async () => {
+      const { status, body } = await request(app).get('/tags').set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(body).toEqual([]);
+      expect(status).toEqual(200);
+    });
+
+    it('should return a list of tags', async () => {
+      const [tagA, tagB, tagC] = await Promise.all([
+        create(admin.accessToken, { name: 'TagA' }),
+        create(admin.accessToken, { name: 'TagB' }),
+        create(admin.accessToken, { name: 'TagC' }),
+      ]);
+      const { status, body } = await request(app).get('/tags').set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(body).toHaveLength(3);
+      expect(body).toEqual([tagA, tagB, tagC]);
+      expect(status).toEqual(200);
+    });
+
+    it('should return a nested tags', async () => {
+      await upsert(admin.accessToken, ['TagA/TagB/TagC', 'TagD']);
+      const { status, body } = await request(app).get('/tags').set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(body).toHaveLength(4);
+      expect(status).toEqual(200);
+
+      const tags = body as TagResponseDto[];
+      const tagA = tags.find((tag) => tag.value === 'TagA') as TagResponseDto;
+      const tagB = tags.find((tag) => tag.value === 'TagA/TagB') as TagResponseDto;
+      const tagC = tags.find((tag) => tag.value === 'TagA/TagB/TagC') as TagResponseDto;
+      const tagD = tags.find((tag) => tag.value === 'TagD') as TagResponseDto;
+
+      expect(tagA).toEqual(expect.objectContaining({ name: 'TagA', value: 'TagA' }));
+      expect(tagB).toEqual(expect.objectContaining({ name: 'TagB', value: 'TagA/TagB', parentId: tagA.id }));
+      expect(tagC).toEqual(expect.objectContaining({ name: 'TagC', value: 'TagA/TagB/TagC', parentId: tagB.id }));
+      expect(tagD).toEqual(expect.objectContaining({ name: 'TagD', value: 'TagD' }));
+    });
+  });
+
+  describe('PUT /tags', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).put(`/tags`).send({ name: 'TagA/TagB' });
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization (api key)', async () => {
+      const { secret } = await utils.createApiKey(user.accessToken, [Permission.AssetRead]);
+      const { status, body } = await request(app).put('/tags').set('x-api-key', secret).send({ name: 'TagA' });
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.missingPermission('tag.create'));
+    });
+
+    it('should upsert tags', async () => {
+      const { status, body } = await request(app)
+        .put(`/tags`)
+        .send({ tags: ['TagA/TagB/TagC/TagD'] })
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual([expect.objectContaining({ name: 'TagD', value: 'TagA/TagB/TagC/TagD' })]);
+    });
+
+    it('should upsert tags in parallel without conflicts', async () => {
+      const [[tag1], [tag2], [tag3], [tag4]] = await Promise.all([
+        upsert(admin.accessToken, ['TagA/TagB/TagC/TagD']),
+        upsert(admin.accessToken, ['TagA/TagB/TagC/TagD']),
+        upsert(admin.accessToken, ['TagA/TagB/TagC/TagD']),
+        upsert(admin.accessToken, ['TagA/TagB/TagC/TagD']),
+      ]);
+
+      const { id, parentId, createdAt } = tag1;
+      for (const tag of [tag1, tag2, tag3, tag4]) {
+        expect(tag).toMatchObject({
+          id,
+          parentId,
+          createdAt,
+          name: 'TagD',
+          value: 'TagA/TagB/TagC/TagD',
+        });
+      }
+    });
+  });
+
+  describe('PUT /tags/assets', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).put(`/tags/assets`).send({ tagIds: [], assetIds: [] });
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization (api key)', async () => {
+      const { secret } = await utils.createApiKey(user.accessToken, [Permission.AssetRead]);
+      const { status, body } = await request(app)
+        .put('/tags/assets')
+        .set('x-api-key', secret)
+        .send({ assetIds: [], tagIds: [] });
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.missingPermission('tag.asset'));
+    });
+
+    it('should skip assets that are not owned by the user', async () => {
+      const [tagA, tagB, tagC, assetA, assetB] = await Promise.all([
+        create(user.accessToken, { name: 'TagA' }),
+        create(user.accessToken, { name: 'TagB' }),
+        create(user.accessToken, { name: 'TagC' }),
+        utils.createAsset(user.accessToken),
+        utils.createAsset(admin.accessToken),
+      ]);
+      const { status, body } = await request(app)
+        .put(`/tags/assets`)
+        .send({ tagIds: [tagA.id, tagB.id, tagC.id], assetIds: [assetA.id, assetB.id] })
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({ count: 3 });
+    });
+
+    it('should skip tags that are not owned by the user', async () => {
+      const [tagA, tagB, tagC, assetA, assetB] = await Promise.all([
+        create(user.accessToken, { name: 'TagA' }),
+        create(user.accessToken, { name: 'TagB' }),
+        create(admin.accessToken, { name: 'TagC' }),
+        utils.createAsset(user.accessToken),
+        utils.createAsset(user.accessToken),
+      ]);
+      const { status, body } = await request(app)
+        .put(`/tags/assets`)
+        .send({ tagIds: [tagA.id, tagB.id, tagC.id], assetIds: [assetA.id, assetB.id] })
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({ count: 4 });
+    });
+
+    it('should bulk tag assets', async () => {
+      const [tagA, tagB, tagC, assetA, assetB] = await Promise.all([
+        create(user.accessToken, { name: 'TagA' }),
+        create(user.accessToken, { name: 'TagB' }),
+        create(user.accessToken, { name: 'TagC' }),
+        utils.createAsset(user.accessToken),
+        utils.createAsset(user.accessToken),
+      ]);
+      const { status, body } = await request(app)
+        .put(`/tags/assets`)
+        .send({ tagIds: [tagA.id, tagB.id, tagC.id], assetIds: [assetA.id, assetB.id] })
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({ count: 6 });
+    });
+  });
+
+  describe('GET /tags/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get(`/tags/${uuidDto.notFound}`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization', async () => {
+      const tag = await create(user.accessToken, { name: 'TagA' });
+      const { status, body } = await request(app)
+        .get(`/tags/${tag.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.noPermission);
+    });
+
+    it('should require authorization (api key)', async () => {
+      const { secret } = await utils.createApiKey(user.accessToken, [Permission.AssetRead]);
+      const { status, body } = await request(app)
+        .get(`/tags/${uuidDto.notFound}`)
+        .set('x-api-key', secret)
+        .send({ assetIds: [], tagIds: [] });
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.missingPermission('tag.read'));
+    });
+
+    it('should require a valid uuid', async () => {
+      const { status, body } = await request(app)
+        .get(`/tags/${uuidDto.invalid}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
+    });
+
+    it('should get tag details', async () => {
+      const tag = await create(user.accessToken, { name: 'TagA' });
+      const { status, body } = await request(app)
+        .get(`/tags/${tag.id}`)
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        id: expect.any(String),
+        name: 'TagA',
+        value: 'TagA',
+        createdAt: expect.any(String),
+        updatedAt: expect.any(String),
+      });
+    });
+
+    it('should get nested tag details', async () => {
+      const tagA = await create(user.accessToken, { name: 'TagA' });
+      const tagB = await create(user.accessToken, { name: 'TagB', parentId: tagA.id });
+      const tagC = await create(user.accessToken, { name: 'TagC', parentId: tagB.id });
+      const tagD = await create(user.accessToken, { name: 'TagD', parentId: tagC.id });
+
+      const { status, body } = await request(app)
+        .get(`/tags/${tagD.id}`)
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        id: expect.any(String),
+        parentId: tagC.id,
+        name: 'TagD',
+        value: 'TagA/TagB/TagC/TagD',
+        createdAt: expect.any(String),
+        updatedAt: expect.any(String),
+      });
+    });
+  });
+
+  describe('PUT /tags/:id', () => {
+    it('should require authentication', async () => {
+      const tag = await create(user.accessToken, { name: 'TagA' });
+      const { status, body } = await request(app).put(`/tags/${tag.id}`).send({ color: '#000000' });
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization', async () => {
+      const tag = await create(admin.accessToken, { name: 'tagA' });
+      const { status, body } = await request(app)
+        .put(`/tags/${tag.id}`)
+        .send({ color: '#000000' })
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.noPermission);
+    });
+
+    it('should require authorization (api key)', async () => {
+      const tag = await create(user.accessToken, { name: 'TagA' });
+      const { secret } = await utils.createApiKey(user.accessToken, [Permission.AssetRead]);
+      const { status, body } = await request(app)
+        .put(`/tags/${tag.id}`)
+        .set('x-api-key', secret)
+        .send({ color: '#000000' });
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.missingPermission('tag.update'));
+    });
+
+    it('should update a tag', async () => {
+      const tag = await create(user.accessToken, { name: 'tagA' });
+      const { status, body } = await request(app)
+        .put(`/tags/${tag.id}`)
+        .send({ color: '#000000' })
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual(expect.objectContaining({ color: `#000000` }));
+    });
+
+    it('should update a tag color without a # prefix', async () => {
+      const tag = await create(user.accessToken, { name: 'tagA' });
+      const { status, body } = await request(app)
+        .put(`/tags/${tag.id}`)
+        .send({ color: '000000' })
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual(expect.objectContaining({ color: `#000000` }));
+    });
+  });
+
+  describe('DELETE /tags/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).delete(`/tags/${uuidDto.notFound}`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization', async () => {
+      const tag = await create(user.accessToken, { name: 'TagA' });
+      const { status, body } = await request(app)
+        .delete(`/tags/${tag.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.noPermission);
+    });
+
+    it('should require authorization (api key)', async () => {
+      const tag = await create(user.accessToken, { name: 'TagA' });
+      const { secret } = await utils.createApiKey(user.accessToken, [Permission.AssetRead]);
+      const { status, body } = await request(app).delete(`/tags/${tag.id}`).set('x-api-key', secret);
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.missingPermission('tag.delete'));
+    });
+
+    it('should require a valid uuid', async () => {
+      const { status, body } = await request(app)
+        .delete(`/tags/${uuidDto.invalid}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
+    });
+
+    it('should delete a tag', async () => {
+      const tag = await create(user.accessToken, { name: 'TagA' });
+      const { status } = await request(app)
+        .delete(`/tags/${tag.id}`)
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(204);
+    });
+
+    it('should delete a nested tag (root)', async () => {
+      const tagA = await create(user.accessToken, { name: 'TagA' });
+      await create(user.accessToken, { name: 'TagB', parentId: tagA.id });
+      const { status } = await request(app)
+        .delete(`/tags/${tagA.id}`)
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(204);
+      const tags = await getAllTags({ headers: asBearerAuth(user.accessToken) });
+      expect(tags.length).toBe(0);
+    });
+
+    it('should delete a nested tag (leaf)', async () => {
+      const tagA = await create(user.accessToken, { name: 'TagA' });
+      const tagB = await create(user.accessToken, { name: 'TagB', parentId: tagA.id });
+      const { status } = await request(app)
+        .delete(`/tags/${tagB.id}`)
+        .set('Authorization', `Bearer ${user.accessToken}`);
+      expect(status).toBe(204);
+      const tags = await getAllTags({ headers: asBearerAuth(user.accessToken) });
+      expect(tags.length).toBe(1);
+      expect(tags[0]).toEqual(tagA);
+    });
+  });
+
+  describe('PUT /tags/:id/assets', () => {
+    it('should require authentication', async () => {
+      const tagA = await create(user.accessToken, { name: 'TagA' });
+      const { status, body } = await request(app)
+        .put(`/tags/${tagA.id}/assets`)
+        .send({ ids: [userAsset.id] });
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization', async () => {
+      const tag = await create(user.accessToken, { name: 'TagA' });
+      const { status, body } = await request(app)
+        .put(`/tags/${tag.id}/assets`)
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ ids: [userAsset.id] });
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.noPermission);
+    });
+
+    it('should require authorization (api key)', async () => {
+      const tag = await create(user.accessToken, { name: 'TagA' });
+      const { secret } = await utils.createApiKey(user.accessToken, [Permission.AssetRead]);
+      const { status, body } = await request(app)
+        .put(`/tags/${tag.id}/assets`)
+        .set('x-api-key', secret)
+        .send({ ids: [userAsset.id] });
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.missingPermission('tag.asset'));
+    });
+
+    it('should be able to tag own asset', async () => {
+      const tagA = await create(user.accessToken, { name: 'TagA' });
+      const { status, body } = await request(app)
+        .put(`/tags/${tagA.id}/assets`)
+        .set('Authorization', `Bearer ${user.accessToken}`)
+        .send({ ids: [userAsset.id] });
+
+      expect(status).toBe(200);
+      expect(body).toEqual([expect.objectContaining({ id: userAsset.id, success: true })]);
+    });
+
+    it("should not be able to add assets to another user's tag", async () => {
+      const tagA = await create(admin.accessToken, { name: 'TagA' });
+      const { status, body } = await request(app)
+        .put(`/tags/${tagA.id}/assets`)
+        .set('Authorization', `Bearer ${user.accessToken}`)
+        .send({ ids: [userAsset.id] });
+
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest('Not found or no tag.asset access'));
+    });
+
+    it('should add duplicate assets only once', async () => {
+      const tagA = await create(user.accessToken, { name: 'TagA' });
+      const { status, body } = await request(app)
+        .put(`/tags/${tagA.id}/assets`)
+        .set('Authorization', `Bearer ${user.accessToken}`)
+        .send({ ids: [userAsset.id, userAsset.id] });
+
+      expect(status).toBe(200);
+      expect(body).toEqual([
+        expect.objectContaining({ id: userAsset.id, success: true }),
+        expect.objectContaining({ id: userAsset.id, success: false, error: 'duplicate' }),
+      ]);
+    });
+  });
+
+  describe('DELETE /tags/:id/assets', () => {
+    it('should require authentication', async () => {
+      const tagA = await create(admin.accessToken, { name: 'TagA' });
+      const { status, body } = await request(app)
+        .delete(`/tags/${tagA}/assets`)
+        .send({ ids: [userAsset.id] });
+
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require authorization', async () => {
+      const tagA = await create(user.accessToken, { name: 'TagA' });
+      await tagAssets(
+        { id: tagA.id, bulkIdsDto: { ids: [userAsset.id] } },
+        { headers: asBearerAuth(user.accessToken) },
+      );
+      const { status, body } = await request(app)
+        .delete(`/tags/${tagA.id}/assets`)
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ ids: [userAsset.id] });
+
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.noPermission);
+    });
+
+    it('should require authorization (api key)', async () => {
+      const tag = await create(user.accessToken, { name: 'TagA' });
+      const { secret } = await utils.createApiKey(user.accessToken, [Permission.AssetRead]);
+      const { status, body } = await request(app)
+        .delete(`/tags/${tag.id}/assets`)
+        .set('x-api-key', secret)
+        .send({ ids: [userAsset.id] });
+      expect(status).toBe(403);
+      expect(body).toEqual(errorDto.missingPermission('tag.asset'));
+    });
+
+    it('should be able to remove own asset from own tag', async () => {
+      const tagA = await create(user.accessToken, { name: 'TagA' });
+      await tagAssets(
+        { id: tagA.id, bulkIdsDto: { ids: [userAsset.id] } },
+        { headers: asBearerAuth(user.accessToken) },
+      );
+      const { status, body } = await request(app)
+        .delete(`/tags/${tagA.id}/assets`)
+        .set('Authorization', `Bearer ${user.accessToken}`)
+        .send({ ids: [userAsset.id] });
+
+      expect(status).toBe(200);
+      expect(body).toEqual([expect.objectContaining({ id: userAsset.id, success: true })]);
+    });
+
+    it('should remove duplicate assets only once', async () => {
+      const tagA = await create(user.accessToken, { name: 'TagA' });
+      await tagAssets(
+        { id: tagA.id, bulkIdsDto: { ids: [userAsset.id] } },
+        { headers: asBearerAuth(user.accessToken) },
+      );
+      const { status, body } = await request(app)
+        .delete(`/tags/${tagA.id}/assets`)
+        .set('Authorization', `Bearer ${user.accessToken}`)
+        .send({ ids: [userAsset.id, userAsset.id] });
+
+      expect(status).toBe(200);
+      expect(body).toEqual([
+        expect.objectContaining({ id: userAsset.id, success: true }),
+        expect.objectContaining({ id: userAsset.id, success: false, error: 'not_found' }),
+      ]);
+    });
+  });
+});

e2e/src/api/specs/trash.e2e-spec.ts

@@ -1,10 +1,13 @@
-import { LoginResponseDto, getAssetInfo, getAssetStatistics } from '@immich/sdk';
+import { LoginResponseDto, getAssetInfo, getAssetStatistics, scanLibrary } from '@immich/sdk';
+import { existsSync } from 'node:fs';
 import { Socket } from 'socket.io-client';
 import { errorDto } from 'src/responses';
-import { app, asBearerAuth, utils } from 'src/utils';
+import { app, asBearerAuth, testAssetDir, testAssetDirInternal, utils } from 'src/utils';
 import request from 'supertest';
 import { afterAll, beforeAll, describe, expect, it } from 'vitest';
 
+const scan = async (accessToken: string, id: string) => scanLibrary({ id }, { headers: asBearerAuth(accessToken) });
+
 describe('/trash', () => {
   let admin: LoginResponseDto;
   let ws: Socket;
@@ -34,13 +37,78 @@ describe('/trash', () => {
       const before = await getAssetInfo({ id: assetId }, { headers: asBearerAuth(admin.accessToken) });
       expect(before).toStrictEqual(expect.objectContaining({ id: assetId, isTrashed: true }));
 
-      const { status } = await request(app).post('/trash/empty').set('Authorization', `Bearer ${admin.accessToken}`);
-      expect(status).toBe(204);
+      const { status, body } = await request(app)
+        .post('/trash/empty')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({ count: 1 });
 
       await utils.waitForWebsocketEvent({ event: 'assetDelete', id: assetId });
 
       const after = await getAssetStatistics({ isTrashed: true }, { headers: asBearerAuth(admin.accessToken) });
       expect(after.total).toBe(0);
+
+      expect(existsSync(before.originalPath)).toBe(false);
+    });
+
+    it('should empty the trash with archived assets', async () => {
+      const { id: assetId } = await utils.createAsset(admin.accessToken);
+      await utils.archiveAssets(admin.accessToken, [assetId]);
+      await utils.deleteAssets(admin.accessToken, [assetId]);
+
+      const before = await getAssetInfo({ id: assetId }, { headers: asBearerAuth(admin.accessToken) });
+      expect(before).toStrictEqual(expect.objectContaining({ id: assetId, isTrashed: true, isArchived: true }));
+
+      const { status, body } = await request(app)
+        .post('/trash/empty')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({ count: 1 });
+
+      await utils.waitForWebsocketEvent({ event: 'assetDelete', id: assetId });
+
+      const after = await getAssetStatistics({ isTrashed: true }, { headers: asBearerAuth(admin.accessToken) });
+      expect(after.total).toBe(0);
+
+      expect(existsSync(before.originalPath)).toBe(false);
+    });
+
+    it('should not delete offline-trashed assets from disk', async () => {
+      const library = await utils.createLibrary(admin.accessToken, {
+        ownerId: admin.userId,
+        importPaths: [`${testAssetDirInternal}/temp/offline`],
+      });
+
+      utils.createImageFile(`${testAssetDir}/temp/offline/offline.png`);
+
+      await scan(admin.accessToken, library.id);
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
+
+      const { assets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
+      expect(assets.items.length).toBe(1);
+      const asset = assets.items[0];
+
+      utils.removeImageFile(`${testAssetDir}/temp/offline/offline.png`);
+
+      await scan(admin.accessToken, library.id);
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
+
+      const assetBefore = await utils.getAssetInfo(admin.accessToken, asset.id);
+      expect(assetBefore).toMatchObject({ isTrashed: true, isOffline: true });
+
+      utils.createImageFile(`${testAssetDir}/temp/offline/offline.png`);
+
+      const { status } = await request(app).post('/trash/empty').set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+
+      await utils.waitForQueueFinish(admin.accessToken, 'backgroundTask');
+
+      const assetAfter = await utils.getAssetInfo(admin.accessToken, asset.id);
+      expect(assetAfter).toMatchObject({ isTrashed: true, isOffline: true });
+
+      expect(existsSync(`${testAssetDir}/temp/offline/offline.png`)).toBe(true);
+
+      utils.removeImageFile(`${testAssetDir}/temp/offline/offline.png`);
     });
   });
 
@@ -59,12 +127,46 @@ describe('/trash', () => {
       const before = await getAssetInfo({ id: assetId }, { headers: asBearerAuth(admin.accessToken) });
       expect(before).toStrictEqual(expect.objectContaining({ id: assetId, isTrashed: true }));
 
-      const { status } = await request(app).post('/trash/restore').set('Authorization', `Bearer ${admin.accessToken}`);
-      expect(status).toBe(204);
+      const { status, body } = await request(app)
+        .post('/trash/restore')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({ count: 1 });
 
       const after = await getAssetInfo({ id: assetId }, { headers: asBearerAuth(admin.accessToken) });
       expect(after).toStrictEqual(expect.objectContaining({ id: assetId, isTrashed: false }));
     });
+
+    it('should not restore offline-trashed assets', async () => {
+      const library = await utils.createLibrary(admin.accessToken, {
+        ownerId: admin.userId,
+        importPaths: [`${testAssetDirInternal}/temp/offline`],
+      });
+
+      utils.createImageFile(`${testAssetDir}/temp/offline/offline.png`);
+
+      await scan(admin.accessToken, library.id);
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
+
+      const { assets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
+      expect(assets.count).toBe(1);
+      const assetId = assets.items[0].id;
+
+      utils.removeImageFile(`${testAssetDir}/temp/offline/offline.png`);
+
+      await scan(admin.accessToken, library.id);
+
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
+
+      const before = await getAssetInfo({ id: assetId }, { headers: asBearerAuth(admin.accessToken) });
+      expect(before).toStrictEqual(expect.objectContaining({ id: assetId, isOffline: true }));
+
+      const { status } = await request(app).post('/trash/restore').set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+
+      const after = await getAssetInfo({ id: assetId }, { headers: asBearerAuth(admin.accessToken) });
+      expect(after).toStrictEqual(expect.objectContaining({ id: assetId, isOffline: true }));
+    });
   });
 
   describe('POST /trash/restore/assets', () => {
@@ -82,14 +184,48 @@ describe('/trash', () => {
       const before = await utils.getAssetInfo(admin.accessToken, assetId);
       expect(before.isTrashed).toBe(true);
 
-      const { status } = await request(app)
+      const { status, body } = await request(app)
         .post('/trash/restore/assets')
         .set('Authorization', `Bearer ${admin.accessToken}`)
         .send({ ids: [assetId] });
-      expect(status).toBe(204);
+      expect(status).toBe(200);
+      expect(body).toEqual({ count: 1 });
 
       const after = await utils.getAssetInfo(admin.accessToken, assetId);
       expect(after.isTrashed).toBe(false);
     });
+
+    it('should not restore an offline-trashed asset', async () => {
+      const library = await utils.createLibrary(admin.accessToken, {
+        ownerId: admin.userId,
+        importPaths: [`${testAssetDirInternal}/temp/offline`],
+      });
+
+      utils.createImageFile(`${testAssetDir}/temp/offline/offline.png`);
+
+      await scan(admin.accessToken, library.id);
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
+
+      const { assets } = await utils.metadataSearch(admin.accessToken, { libraryId: library.id });
+      expect(assets.count).toBe(1);
+      const assetId = assets.items[0].id;
+
+      utils.removeImageFile(`${testAssetDir}/temp/offline/offline.png`);
+
+      await scan(admin.accessToken, library.id);
+      await utils.waitForQueueFinish(admin.accessToken, 'library');
+
+      const before = await utils.getAssetInfo(admin.accessToken, assetId);
+      expect(before.isTrashed).toBe(true);
+
+      const { status } = await request(app)
+        .post('/trash/restore/assets')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ ids: [assetId] });
+      expect(status).toBe(200);
+
+      const after = await utils.getAssetInfo(admin.accessToken, assetId);
+      expect(after.isTrashed).toBe(true);
+    });
   });
 });

e2e/src/api/specs/user-admin.e2e-spec.ts

@@ -1,11 +1,11 @@
 import {
   LoginResponseDto,
+  createStack,
   deleteUserAdmin,
   getMyUser,
   getUserAdmin,
   getUserPreferencesAdmin,
   login,
-  updateAssets,
 } from '@immich/sdk';
 import { Socket } from 'socket.io-client';
 import { createUserDto, uuidDto } from 'src/fixtures';
@@ -321,8 +321,8 @@ describe('/admin/users', () => {
         utils.createAsset(user.accessToken),
       ]);
 
-      await updateAssets(
-        { assetBulkUpdateDto: { stackParentId: asset1.id, ids: [asset2.id] } },
+      await createStack(
+        { stackCreateDto: { assetIds: [asset1.id, asset2.id] } },
         { headers: asBearerAuth(user.accessToken) },
       );
 

e2e/src/api/specs/user.e2e-spec.ts

@@ -236,6 +236,32 @@ describe('/users', () => {
       const after = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
       expect(after).toMatchObject({ download: { archiveSize: 1_234_567 } });
     });
+
+    it('should require a boolean for download include embedded videos', async () => {
+      const { status, body } = await request(app)
+        .put(`/users/me/preferences`)
+        .send({ download: { includeEmbeddedVideos: 1_234_567.89 } })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest(['download.includeEmbeddedVideos must be a boolean value']));
+    });
+
+    it('should update download include embedded videos', async () => {
+      const before = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
+      expect(before).toMatchObject({ download: { includeEmbeddedVideos: false } });
+
+      const { status, body } = await request(app)
+        .put(`/users/me/preferences`)
+        .send({ download: { includeEmbeddedVideos: true } })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ download: { includeEmbeddedVideos: true } });
+
+      const after = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
+      expect(after).toMatchObject({ download: { includeEmbeddedVideos: true } });
+    });
   });
 
   describe('GET /users/:id', () => {

e2e/src/cli/specs/login.e2e-spec.ts

@@ -1,3 +1,4 @@
+import { Permission } from '@immich/sdk';
 import { stat } from 'node:fs/promises';
 import { app, immichCli, utils } from 'src/utils';
 import { beforeEach, describe, expect, it } from 'vitest';
@@ -29,10 +30,10 @@ describe(`immich login`, () => {
 
   it('should login and save auth.yml with 600', async () => {
     const admin = await utils.adminSetup();
-    const key = await utils.createApiKey(admin.accessToken);
+    const key = await utils.createApiKey(admin.accessToken, [Permission.All]);
     const { stdout, stderr, exitCode } = await immichCli(['login', app, `${key.secret}`]);
     expect(stdout.split('\n')).toEqual([
-      'Logging in to http://127.0.0.1:2283/api',
+      'Logging in to http://127.0.0.1:2285/api',
       'Logged in as admin@immich.cloud',
       'Wrote auth info to /tmp/immich/auth.yml',
     ]);
@@ -46,11 +47,11 @@ describe(`immich login`, () => {
 
   it('should login without /api in the url', async () => {
     const admin = await utils.adminSetup();
-    const key = await utils.createApiKey(admin.accessToken);
+    const key = await utils.createApiKey(admin.accessToken, [Permission.All]);
     const { stdout, stderr, exitCode } = await immichCli(['login', app.replaceAll('/api', ''), `${key.secret}`]);
     expect(stdout.split('\n')).toEqual([
-      'Logging in to http://127.0.0.1:2283',
-      'Discovered API at http://127.0.0.1:2283/api',
+      'Logging in to http://127.0.0.1:2285',
+      'Discovered API at http://127.0.0.1:2285/api',
       'Logged in as admin@immich.cloud',
       'Wrote auth info to /tmp/immich/auth.yml',
     ]);

e2e/src/cli/specs/server-info.e2e-spec.ts

@@ -12,7 +12,7 @@ describe(`immich server-info`, () => {
     const { stderr, stdout, exitCode } = await immichCli(['server-info']);
     expect(stdout.split('\n')).toEqual([
       expect.stringContaining('Server Info (via admin@immich.cloud'),
-      '  Url: http://127.0.0.1:2283/api',
+      '  Url: http://127.0.0.1:2285/api',
       expect.stringContaining('Version:'),
       '  Formats:',
       expect.stringContaining('Images:'),

e2e/src/responses.ts

@@ -13,6 +13,12 @@ export const errorDto = {
     message: expect.any(String),
     correlationId: expect.any(String),
   },
+  missingPermission: (permission: string) => ({
+    error: 'Forbidden',
+    statusCode: 403,
+    message: `Missing required permission: ${permission}`,
+    correlationId: expect.any(String),
+  }),
   wrongPassword: {
     error: 'Bad Request',
     statusCode: 400,
@@ -88,6 +94,7 @@ export const signupResponseDto = {
     quotaSizeInBytes: null,
     status: 'active',
     license: null,
+    profileChangedAt: expect.any(String),
   },
 };
 

e2e/src/setup/auth-server.ts

@@ -86,14 +86,14 @@ const setup = async () => {
       {
         client_id: OAuthClient.DEFAULT,
         client_secret: OAuthClient.DEFAULT,
-        redirect_uris: ['http://127.0.0.1:2283/auth/login'],
+        redirect_uris: ['http://127.0.0.1:2285/auth/login'],
         grant_types: ['authorization_code'],
         response_types: ['code'],
       },
       {
         client_id: OAuthClient.RS256_TOKENS,
         client_secret: OAuthClient.RS256_TOKENS,
-        redirect_uris: ['http://127.0.0.1:2283/auth/login'],
+        redirect_uris: ['http://127.0.0.1:2285/auth/login'],
         grant_types: ['authorization_code'],
         id_token_signed_response_alg: 'RS256',
         jwks: { keys: [await exportJWK(publicKey)] },
@@ -101,7 +101,7 @@ const setup = async () => {
       {
         client_id: OAuthClient.RS256_PROFILE,
         client_secret: OAuthClient.RS256_PROFILE,
-        redirect_uris: ['http://127.0.0.1:2283/auth/login'],
+        redirect_uris: ['http://127.0.0.1:2285/auth/login'],
         grant_types: ['authorization_code'],
         userinfo_signed_response_alg: 'RS256',
         jwks: { keys: [await exportJWK(publicKey)] },