merge: remote-tracking branch 'immich/main' into feat/integrity-checks-izzy

server/.nvmrc

@@ -1 +1 @@
-24.11.1
+24.12.0

server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "immich",
-  "version": "2.3.1",
+  "version": "2.4.1",
   "description": "",
   "author": "",
   "private": true,
@@ -47,7 +47,7 @@
     "@opentelemetry/context-async-hooks": "^2.0.0",
     "@opentelemetry/exporter-prometheus": "^0.208.0",
     "@opentelemetry/instrumentation-http": "^0.208.0",
-    "@opentelemetry/instrumentation-ioredis": "^0.56.0",
+    "@opentelemetry/instrumentation-ioredis": "^0.57.0",
     "@opentelemetry/instrumentation-nestjs-core": "^0.55.0",
     "@opentelemetry/instrumentation-pg": "^0.61.0",
     "@opentelemetry/resources": "^2.0.1",
@@ -70,7 +70,7 @@
     "cookie": "^1.0.2",
     "cookie-parser": "^1.4.7",
     "cron": "4.3.5",
-    "exiftool-vendored": "^34.0.0",
+    "exiftool-vendored": "^34.3.0",
     "express": "^5.1.0",
     "fast-glob": "^3.3.2",
     "fluent-ffmpeg": "^2.1.2",
@@ -134,7 +134,7 @@
     "@types/luxon": "^3.6.2",
     "@types/mock-fs": "^4.13.1",
     "@types/multer": "^2.0.0",
-    "@types/node": "^24.10.3",
+    "@types/node": "^24.10.4",
     "@types/nodemailer": "^7.0.0",
     "@types/picomatch": "^4.0.0",
     "@types/pngjs": "^6.0.5",
@@ -162,11 +162,11 @@
     "typescript": "^5.9.2",
     "typescript-eslint": "^8.28.0",
     "unplugin-swc": "^1.4.5",
-    "vite-tsconfig-paths": "^5.0.0",
+    "vite-tsconfig-paths": "^6.0.0",
     "vitest": "^3.0.0"
   },
   "volta": {
-    "node": "24.11.1"
+    "node": "24.12.0"
   },
   "overrides": {
     "sharp": "^0.34.5"

server/src/constants.ts

@@ -5,7 +5,7 @@ import { SemVer } from 'semver';
 import { ApiTag, DatabaseExtension, ExifOrientation, VectorIndex } from 'src/enum';
 
 export const POSTGRES_VERSION_RANGE = '>=14.0.0';
-export const VECTORCHORD_VERSION_RANGE = '>=0.3 <0.6';
+export const VECTORCHORD_VERSION_RANGE = '>=0.3 <2';
 export const VECTORS_VERSION_RANGE = '>=0.2 <0.4';
 export const VECTOR_VERSION_RANGE = '>=0.5 <1';
 

server/src/controllers/plugin.controller.ts

@@ -1,7 +1,7 @@
 import { Controller, Get, Param } from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
 import { Endpoint, HistoryBuilder } from 'src/decorators';
-import { PluginResponseDto } from 'src/dtos/plugin.dto';
+import { PluginResponseDto, PluginTriggerResponseDto } from 'src/dtos/plugin.dto';
 import { Permission } from 'src/enum';
 import { Authenticated } from 'src/middleware/auth.guard';
 import { PluginService } from 'src/services/plugin.service';
@@ -12,6 +12,17 @@ import { UUIDParamDto } from 'src/validation';
 export class PluginController {
   constructor(private service: PluginService) {}
 
+  @Get('triggers')
+  @Authenticated({ permission: Permission.PluginRead })
+  @Endpoint({
+    summary: 'List all plugin triggers',
+    description: 'Retrieve a list of all available plugin triggers.',
+    history: new HistoryBuilder().added('v2.3.0').alpha('v2.3.0'),
+  })
+  getPluginTriggers(): PluginTriggerResponseDto[] {
+    return this.service.getTriggers();
+  }
+
   @Get()
   @Authenticated({ permission: Permission.PluginRead })
   @Endpoint({

server/src/database.ts

@@ -240,7 +240,7 @@ export type Session = {
   isPendingSyncReset: boolean;
 };
 
-export type Exif = Omit<Selectable<AssetExifTable>, 'updatedAt' | 'updateId'>;
+export type Exif = Omit<Selectable<AssetExifTable>, 'updatedAt' | 'updateId' | 'lockedProperties'>;
 
 export type Person = {
   createdAt: Date;
@@ -465,3 +465,13 @@ export const columns = {
     'plugin.updatedAt as updatedAt',
   ],
 } as const;
+
+export type LockableProperty = (typeof lockableProperties)[number];
+export const lockableProperties = [
+  'description',
+  'dateTimeOriginal',
+  'latitude',
+  'longitude',
+  'rating',
+  'timeZone',
+] as const;

server/src/dtos/env.dto.ts

@@ -1,6 +1,6 @@
 import { Transform, Type } from 'class-transformer';
 import { IsEnum, IsInt, IsString, Matches } from 'class-validator';
-import { DatabaseSslMode, ImmichEnvironment, LogLevel } from 'src/enum';
+import { DatabaseSslMode, ImmichEnvironment, LogFormat, LogLevel } from 'src/enum';
 import { IsIPRange, Optional, ValidateBoolean } from 'src/validation';
 
 export class EnvDto {
@@ -48,6 +48,10 @@ export class EnvDto {
   @Optional()
   IMMICH_LOG_LEVEL?: LogLevel;
 
+  @IsEnum(LogFormat)
+  @Optional()
+  IMMICH_LOG_FORMAT?: LogFormat;
+
   @Optional()
   @Matches(/^\//, { message: 'IMMICH_MEDIA_LOCATION must be an absolute path' })
   IMMICH_MEDIA_LOCATION?: string;
@@ -58,7 +62,7 @@ export class EnvDto {
   IMMICH_MICROSERVICES_METRICS_PORT?: number;
 
   @ValidateBoolean({ optional: true })
-  IMMICH_PLUGINS_ENABLED?: boolean;
+  IMMICH_ALLOW_EXTERNAL_PLUGINS?: boolean;
 
   @Optional()
   @Matches(/^\//, { message: 'IMMICH_PLUGINS_INSTALL_FOLDER must be an absolute path' })
@@ -113,6 +117,9 @@ export class EnvDto {
   @Optional()
   IMMICH_THIRD_PARTY_SUPPORT_URL?: string;
 
+  @ValidateBoolean({ optional: true })
+  IMMICH_ALLOW_SETUP?: boolean;
+
   @IsIPRange({ requireCIDR: false }, { each: true })
   @Transform(({ value }) =>
     value && typeof value === 'string'

server/src/dtos/plugin.dto.ts

@@ -1,9 +1,16 @@
 import { IsNotEmpty, IsString } from 'class-validator';
 import { PluginAction, PluginFilter } from 'src/database';
-import { PluginContext } from 'src/enum';
+import { PluginContext as PluginContextType, PluginTriggerType } from 'src/enum';
 import type { JSONSchema } from 'src/types/plugin-schema.types';
 import { ValidateEnum } from 'src/validation';
 
+export class PluginTriggerResponseDto {
+  @ValidateEnum({ enum: PluginTriggerType, name: 'PluginTriggerType' })
+  type!: PluginTriggerType;
+  @ValidateEnum({ enum: PluginContextType, name: 'PluginContextType' })
+  contextType!: PluginContextType;
+}
+
 export class PluginResponseDto {
   id!: string;
   name!: string;
@@ -24,8 +31,8 @@ export class PluginFilterResponseDto {
   title!: string;
   description!: string;
 
-  @ValidateEnum({ enum: PluginContext, name: 'PluginContext' })
-  supportedContexts!: PluginContext[];
+  @ValidateEnum({ enum: PluginContextType, name: 'PluginContextType' })
+  supportedContexts!: PluginContextType[];
   schema!: JSONSchema | null;
 }
 
@@ -36,8 +43,8 @@ export class PluginActionResponseDto {
   title!: string;
   description!: string;
 
-  @ValidateEnum({ enum: PluginContext, name: 'PluginContext' })
-  supportedContexts!: PluginContext[];
+  @ValidateEnum({ enum: PluginContextType, name: 'PluginContextType' })
+  supportedContexts!: PluginContextType[];
   schema!: JSONSchema | null;
 }
 

server/src/dtos/shared-link.dto.ts

@@ -1,7 +1,7 @@
 import { ApiProperty } from '@nestjs/swagger';
 import { IsString } from 'class-validator';
-import _ from 'lodash';
 import { SharedLink } from 'src/database';
+import { HistoryBuilder, Property } from 'src/decorators';
 import { AlbumResponseDto, mapAlbumWithoutAssets } from 'src/dtos/album.dto';
 import { AssetResponseDto, mapAsset } from 'src/dtos/asset-response.dto';
 import { SharedLinkType } from 'src/enum';
@@ -10,6 +10,10 @@ import { Optional, ValidateBoolean, ValidateDate, ValidateEnum, ValidateUUID } f
 export class SharedLinkSearchDto {
   @ValidateUUID({ optional: true })
   albumId?: string;
+
+  @ValidateUUID({ optional: true })
+  @Property({ history: new HistoryBuilder().added('v2.5.0') })
+  id?: string;
 }
 
 export class SharedLinkCreateDto {
@@ -113,10 +117,10 @@ export class SharedLinkResponseDto {
   slug!: string | null;
 }
 
-export function mapSharedLink(sharedLink: SharedLink): SharedLinkResponseDto {
-  const linkAssets = sharedLink.assets || [];
+export function mapSharedLink(sharedLink: SharedLink, options: { stripAssetMetadata: boolean }): SharedLinkResponseDto {
+  const assets = sharedLink.assets || [];
 
-  return {
+  const response = {
     id: sharedLink.id,
     description: sharedLink.description,
     password: sharedLink.password,
@@ -125,35 +129,19 @@ export function mapSharedLink(sharedLink: SharedLink): SharedLinkResponseDto {
     type: sharedLink.type,
     createdAt: sharedLink.createdAt,
     expiresAt: sharedLink.expiresAt,
-    assets: linkAssets.map((asset) => mapAsset(asset)),
-    album: sharedLink.album ? mapAlbumWithoutAssets(sharedLink.album) : undefined,
-    allowUpload: sharedLink.allowUpload,
-    allowDownload: sharedLink.allowDownload,
-    showMetadata: sharedLink.showExif,
-    slug: sharedLink.slug,
-  };
-}
-
-export function mapSharedLinkWithoutMetadata(sharedLink: SharedLink): SharedLinkResponseDto {
-  const linkAssets = sharedLink.assets || [];
-  const albumAssets = (sharedLink?.album?.assets || []).map((asset) => asset);
-
-  const assets = _.uniqBy([...linkAssets, ...albumAssets], (asset) => asset.id);
-
-  return {
-    id: sharedLink.id,
-    description: sharedLink.description,
-    password: sharedLink.password,
-    userId: sharedLink.userId,
-    key: sharedLink.key.toString('base64url'),
-    type: sharedLink.type,
-    createdAt: sharedLink.createdAt,
-    expiresAt: sharedLink.expiresAt,
-    assets: assets.map((asset) => mapAsset(asset, { stripMetadata: true })),
+    assets: assets.map((asset) => mapAsset(asset, { stripMetadata: options.stripAssetMetadata })),
     album: sharedLink.album ? mapAlbumWithoutAssets(sharedLink.album) : undefined,
     allowUpload: sharedLink.allowUpload,
     allowDownload: sharedLink.allowDownload,
     showMetadata: sharedLink.showExif,
     slug: sharedLink.slug,
   };
+
+  // unless we select sharedLink.album.sharedLinks this will be wrong
+  if (response.album) {
+    response.album.hasSharedLink = true;
+    response.album.shared = true;
+  }
+
+  return response;
 }

server/src/dtos/workflow.dto.ts

@@ -48,6 +48,9 @@ export class WorkflowCreateDto {
 }
 
 export class WorkflowUpdateDto {
+  @ValidateEnum({ enum: PluginTriggerType, name: 'PluginTriggerType', optional: true })
+  triggerType?: PluginTriggerType;
+
   @IsString()
   @IsNotEmpty()
   @Optional()
@@ -74,6 +77,7 @@ export class WorkflowUpdateDto {
 export class WorkflowResponseDto {
   id!: string;
   ownerId!: string;
+  @ValidateEnum({ enum: PluginTriggerType, name: 'PluginTriggerType' })
   triggerType!: PluginTriggerType;
   name!: string | null;
   description!: string;

server/src/emails/components/footer.template.tsx

@@ -7,14 +7,22 @@ export const ImmichFooter = () => (
       <Column align="center" className="w-6/12 sm:w-full">
         <div>
           <Link href="https://play.google.com/store/apps/details?id=app.alextran.immich" className="object-contain">
-            <Img className="max-w-full" src={`https://immich.app/img/google-play-badge.png`} />
+            <Img
+              alt="Get it on Google Play"
+              className="max-w-full"
+              src={`https://immich.app/img/google-play-badge.png`}
+            />
           </Link>
         </div>
       </Column>
       <Column align="center" className="w-6/12 sm:w-full">
         <div className="h-full p-6">
           <Link href="https://apps.apple.com/sg/app/immich/id1613945652">
-            <Img src={`https://immich.app/img/ios-app-store-badge.png`} alt="Immich" className="max-w-full" />
+            <Img
+              alt="Download on the App Store"
+              className="max-w-full"
+              src={`https://immich.app/img/ios-app-store-badge.png`}
+            />
           </Link>
         </div>
       </Column>

server/src/enum.ts

@@ -470,6 +470,11 @@ export enum LogLevel {
   Fatal = 'fatal',
 }
 
+export enum LogFormat {
+  Console = 'console',
+  Json = 'json',
+}
+
 export enum ApiCustomExtension {
   Permission = 'x-immich-permission',
   AdminOnly = 'x-immich-admin-only',

server/src/maintenance/maintenance-websocket.repository.ts

@@ -37,7 +37,13 @@ export class MaintenanceWebsocketRepository implements OnGatewayConnection, OnGa
 
   afterInit(websocketServer: Server) {
     this.logger.log('Initialized websocket server');
-    websocketServer.on('AppRestart', () => this.appRepository.exitApp());
+
+    websocketServer.on('AppRestart', (event: ArgsOf<'AppRestart'>, ack?: (ok: 'ok') => void) => {
+      this.logger.log(`Restarting due to event... ${JSON.stringify(event)}`);
+
+      ack?.('ok');
+      this.appRepository.exitApp();
+    });
   }
 
   clientBroadcast<T extends keyof ClientEventMap>(event: T, ...data: ClientEventMap[T]) {

server/src/plugins.ts

@@ -1,37 +1,17 @@
 import { PluginContext, PluginTriggerType } from 'src/enum';
-import { JSONSchema } from 'src/types/plugin-schema.types';
 
 export type PluginTrigger = {
-  name: string;
   type: PluginTriggerType;
-  description: string;
-  context: PluginContext;
-  schema: JSONSchema | null;
+  contextType: PluginContext;
 };
 
 export const pluginTriggers: PluginTrigger[] = [
   {
-    name: 'Asset Uploaded',
     type: PluginTriggerType.AssetCreate,
-    description: 'Triggered when a new asset is uploaded',
-    context: PluginContext.Asset,
-    schema: {
-      type: 'object',
-      properties: {
-        assetType: {
-          type: 'string',
-          description: 'Type of the asset',
-          default: 'ALL',
-          enum: ['Image', 'Video', 'All'],
-        },
-      },
-    },
+    contextType: PluginContext.Asset,
   },
   {
-    name: 'Person Recognized',
     type: PluginTriggerType.PersonRecognized,
-    description: 'Triggered when a person is detected in an asset',
-    context: PluginContext.Person,
-    schema: null,
+    contextType: PluginContext.Person,
   },
 ];

server/src/queries/asset.job.repository.sql

@@ -50,9 +50,11 @@ select
         where
           "asset"."id" = "tag_asset"."assetId"
       ) as agg
-  ) as "tags"
+  ) as "tags",
+  to_json("asset_exif") as "exifInfo"
 from
   "asset"
+  inner join "asset_exif" on "asset"."id" = "asset_exif"."assetId"
 where
   "asset"."id" = $2::uuid
 limit
@@ -224,6 +226,14 @@ from
 where
   "asset"."id" = $2
 
+-- AssetJobRepository.getLockedPropertiesForMetadataExtraction
+select
+  "asset_exif"."lockedProperties"
+from
+  "asset_exif"
+where
+  "asset_exif"."assetId" = $1
+
 -- AssetJobRepository.getAlbumThumbnailFiles
 select
   "asset_file"."id",
@@ -483,6 +493,9 @@ select
   "asset"."fileCreatedAt",
   "asset_exif"."timeZone",
   "asset_exif"."fileSizeInByte",
+  "asset_exif"."make",
+  "asset_exif"."model",
+  "asset_exif"."lensModel",
   (
     select
       coalesce(json_agg(agg), '[]')
@@ -519,6 +532,9 @@ select
   "asset"."fileCreatedAt",
   "asset_exif"."timeZone",
   "asset_exif"."fileSizeInByte",
+  "asset_exif"."make",
+  "asset_exif"."model",
+  "asset_exif"."lensModel",
   (
     select
       coalesce(json_agg(agg), '[]')

server/src/queries/asset.repository.sql

@@ -1,19 +1,49 @@
 -- NOTE: This file is auto generated by ./sql-generator
 
+-- AssetRepository.upsertExif
+insert into
+  "asset_exif" ("dateTimeOriginal", "lockedProperties")
+values
+  ($1, $2)
+on conflict ("assetId") do update
+set
+  "dateTimeOriginal" = "excluded"."dateTimeOriginal",
+  "lockedProperties" = nullif(
+    array(
+      select distinct
+        unnest("asset_exif"."lockedProperties" || $3)
+    ),
+    '{}'
+  )
+
 -- AssetRepository.updateAllExif
 update "asset_exif"
 set
-  "model" = $1
+  "model" = $1,
+  "lockedProperties" = nullif(
+    array(
+      select distinct
+        unnest("asset_exif"."lockedProperties" || $2)
+    ),
+    '{}'
+  )
 where
-  "assetId" in ($2)
+  "assetId" in ($3)
 
 -- AssetRepository.updateDateTimeOriginal
 update "asset_exif"
 set
   "dateTimeOriginal" = "dateTimeOriginal" + $1::interval,
-  "timeZone" = $2
+  "timeZone" = $2,
+  "lockedProperties" = nullif(
+    array(
+      select distinct
+        unnest("asset_exif"."lockedProperties" || $3)
+    ),
+    '{}'
+  )
 where
-  "assetId" in ($3)
+  "assetId" in ($4)
 returning
   "assetId",
   "dateTimeOriginal",

server/src/queries/workflow.repository.sql

@@ -7,6 +7,8 @@ from
   "workflow"
 where
   "id" = $1
+order by
+  "createdAt" desc
 
 -- WorkflowRepository.getWorkflowsByOwner
 select
@@ -16,7 +18,7 @@ from
 where
   "ownerId" = $1
 order by
-  "name"
+  "createdAt" desc
 
 -- WorkflowRepository.getWorkflowsByTrigger
 select

server/src/repositories/app.repository.ts

@@ -1,5 +1,10 @@
 import { Injectable } from '@nestjs/common';
+import { createAdapter } from '@socket.io/redis-adapter';
+import Redis from 'ioredis';
+import { Server as SocketIO } from 'socket.io';
 import { ExitCode } from 'src/enum';
+import { ConfigRepository } from 'src/repositories/config.repository';
+import { AppRestartEvent } from 'src/repositories/event.repository';
 
 @Injectable()
 export class AppRepository {
@@ -17,4 +22,26 @@ export class AppRepository {
   setCloseFn(fn: () => Promise<void>) {
     this.closeFn = fn;
   }
+
+  async sendOneShotAppRestart(state: AppRestartEvent): Promise<void> {
+    const server = new SocketIO();
+    const { redis } = new ConfigRepository().getEnv();
+    const pubClient = new Redis({ ...redis, lazyConnect: true });
+    const subClient = pubClient.duplicate();
+
+    await Promise.all([pubClient.connect(), subClient.connect()]);
+
+    server.adapter(createAdapter(pubClient, subClient));
+
+    // => corresponds to notification.service.ts#onAppRestart
+    server.emit('AppRestartV1', state, async () => {
+      const responses = await server.serverSideEmitWithAck('AppRestart', state);
+      if (responses.some((response) => response !== 'ok')) {
+        throw new Error("One or more node(s) returned a non-'ok' response to our restart request!");
+      }
+
+      pubClient.disconnect();
+      subClient.disconnect();
+    });
+  }
 }

server/src/repositories/asset-job.repository.ts

@@ -50,6 +50,7 @@ export class AssetJobRepository {
             .whereRef('asset.id', '=', 'tag_asset.assetId'),
         ).as('tags'),
       )
+      .$call(withExifInner)
       .limit(1)
       .executeTakeFirst();
   }
@@ -128,6 +129,16 @@ export class AssetJobRepository {
       .executeTakeFirst();
   }
 
+  @GenerateSql({ params: [DummyValue.UUID] })
+  async getLockedPropertiesForMetadataExtraction(assetId: string) {
+    return this.db
+      .selectFrom('asset_exif')
+      .select('asset_exif.lockedProperties')
+      .where('asset_exif.assetId', '=', assetId)
+      .executeTakeFirst()
+      .then((row) => row?.lockedProperties ?? []);
+  }
+
   @GenerateSql({ params: [DummyValue.UUID, AssetFileType.Thumbnail] })
   getAlbumThumbnailFiles(id: string, fileType?: AssetFileType) {
     return this.db
@@ -313,6 +324,9 @@ export class AssetJobRepository {
         'asset.fileCreatedAt',
         'asset_exif.timeZone',
         'asset_exif.fileSizeInByte',
+        'asset_exif.make',
+        'asset_exif.model',
+        'asset_exif.lensModel',
       ])
       .select((eb) => withFiles(eb, AssetFileType.Sidecar))
       .where('asset.deletedAt', 'is', null);

server/src/repositories/asset.repository.ts

@@ -1,8 +1,8 @@
 import { Injectable } from '@nestjs/common';
-import { Insertable, Kysely, NotNull, Selectable, sql, Updateable, UpdateResult } from 'kysely';
+import { ExpressionBuilder, Insertable, Kysely, NotNull, Selectable, sql, Updateable, UpdateResult } from 'kysely';
 import { isEmpty, isUndefined, omitBy } from 'lodash';
 import { InjectKysely } from 'nestjs-kysely';
-import { Stack } from 'src/database';
+import { LockableProperty, Stack } from 'src/database';
 import { Chunked, ChunkedArray, DummyValue, GenerateSql } from 'src/decorators';
 import { AuthDto } from 'src/dtos/auth.dto';
 import { AssetFileType, AssetMetadataKey, AssetOrder, AssetStatus, AssetType, AssetVisibility } from 'src/enum';
@@ -113,51 +113,77 @@ interface GetByIdsRelations {
   tags?: boolean;
 }
 
+const distinctLocked = <T extends LockableProperty[] | null>(eb: ExpressionBuilder<DB, 'asset_exif'>, columns: T) =>
+  sql<T>`nullif(array(select distinct unnest(${eb.ref('asset_exif.lockedProperties')} || ${columns})), '{}')`;
+
 @Injectable()
 export class AssetRepository {
   constructor(@InjectKysely() private db: Kysely<DB>) {}
 
-  async upsertExif(exif: Insertable<AssetExifTable>): Promise<void> {
-    const value = { ...exif, assetId: asUuid(exif.assetId) };
+  @GenerateSql({
+    params: [
+      { dateTimeOriginal: DummyValue.DATE, lockedProperties: ['dateTimeOriginal'] },
+      { lockedPropertiesBehavior: 'append' },
+    ],
+  })
+  async upsertExif(
+    exif: Insertable<AssetExifTable>,
+    { lockedPropertiesBehavior }: { lockedPropertiesBehavior: 'override' | 'append' | 'skip' },
+  ): Promise<void> {
     await this.db
       .insertInto('asset_exif')
-      .values(value)
+      .values(exif)
       .onConflict((oc) =>
-        oc.column('assetId').doUpdateSet((eb) =>
-          removeUndefinedKeys(
-            {
-              description: eb.ref('excluded.description'),
-              exifImageWidth: eb.ref('excluded.exifImageWidth'),
-              exifImageHeight: eb.ref('excluded.exifImageHeight'),
-              fileSizeInByte: eb.ref('excluded.fileSizeInByte'),
-              orientation: eb.ref('excluded.orientation'),
-              dateTimeOriginal: eb.ref('excluded.dateTimeOriginal'),
-              modifyDate: eb.ref('excluded.modifyDate'),
-              timeZone: eb.ref('excluded.timeZone'),
-              latitude: eb.ref('excluded.latitude'),
-              longitude: eb.ref('excluded.longitude'),
-              projectionType: eb.ref('excluded.projectionType'),
-              city: eb.ref('excluded.city'),
-              livePhotoCID: eb.ref('excluded.livePhotoCID'),
-              autoStackId: eb.ref('excluded.autoStackId'),
-              state: eb.ref('excluded.state'),
-              country: eb.ref('excluded.country'),
-              make: eb.ref('excluded.make'),
-              model: eb.ref('excluded.model'),
-              lensModel: eb.ref('excluded.lensModel'),
-              fNumber: eb.ref('excluded.fNumber'),
-              focalLength: eb.ref('excluded.focalLength'),
-              iso: eb.ref('excluded.iso'),
-              exposureTime: eb.ref('excluded.exposureTime'),
-              profileDescription: eb.ref('excluded.profileDescription'),
-              colorspace: eb.ref('excluded.colorspace'),
-              bitsPerSample: eb.ref('excluded.bitsPerSample'),
-              rating: eb.ref('excluded.rating'),
-              fps: eb.ref('excluded.fps'),
-            },
-            value,
-          ),
-        ),
+        oc.column('assetId').doUpdateSet((eb) => {
+          const updateLocked = <T extends keyof AssetExifTable>(col: T) => eb.ref(`excluded.${col}`);
+          const skipLocked = <T extends keyof AssetExifTable>(col: T) =>
+            eb
+              .case()
+              .when(sql`${col}`, '=', eb.fn.any('asset_exif.lockedProperties'))
+              .then(eb.ref(`asset_exif.${col}`))
+              .else(eb.ref(`excluded.${col}`))
+              .end();
+          const ref = lockedPropertiesBehavior === 'skip' ? skipLocked : updateLocked;
+          return {
+            ...removeUndefinedKeys(
+              {
+                description: ref('description'),
+                exifImageWidth: ref('exifImageWidth'),
+                exifImageHeight: ref('exifImageHeight'),
+                fileSizeInByte: ref('fileSizeInByte'),
+                orientation: ref('orientation'),
+                dateTimeOriginal: ref('dateTimeOriginal'),
+                modifyDate: ref('modifyDate'),
+                timeZone: ref('timeZone'),
+                latitude: ref('latitude'),
+                longitude: ref('longitude'),
+                projectionType: ref('projectionType'),
+                city: ref('city'),
+                livePhotoCID: ref('livePhotoCID'),
+                autoStackId: ref('autoStackId'),
+                state: ref('state'),
+                country: ref('country'),
+                make: ref('make'),
+                model: ref('model'),
+                lensModel: ref('lensModel'),
+                fNumber: ref('fNumber'),
+                focalLength: ref('focalLength'),
+                iso: ref('iso'),
+                exposureTime: ref('exposureTime'),
+                profileDescription: ref('profileDescription'),
+                colorspace: ref('colorspace'),
+                bitsPerSample: ref('bitsPerSample'),
+                rating: ref('rating'),
+                fps: ref('fps'),
+                lockedProperties:
+                  lockedPropertiesBehavior === 'append'
+                    ? distinctLocked(eb, exif.lockedProperties ?? null)
+                    : ref('lockedProperties'),
+              },
+              exif,
+            ),
+          };
+        }),
       )
       .execute();
   }
@@ -169,19 +195,26 @@ export class AssetRepository {
       return;
     }
 
-    await this.db.updateTable('asset_exif').set(options).where('assetId', 'in', ids).execute();
+    await this.db
+      .updateTable('asset_exif')
+      .set((eb) => ({
+        ...options,
+        lockedProperties: distinctLocked(eb, Object.keys(options) as LockableProperty[]),
+      }))
+      .where('assetId', 'in', ids)
+      .execute();
   }
 
   @GenerateSql({ params: [[DummyValue.UUID], DummyValue.NUMBER, DummyValue.STRING] })
   @Chunked()
-  async updateDateTimeOriginal(
-    ids: string[],
-    delta?: number,
-    timeZone?: string,
-  ): Promise<{ assetId: string; dateTimeOriginal: Date | null; timeZone: string | null }[]> {
-    return await this.db
+  updateDateTimeOriginal(ids: string[], delta?: number, timeZone?: string) {
+    return this.db
       .updateTable('asset_exif')
-      .set({ dateTimeOriginal: sql`"dateTimeOriginal" + ${(delta ?? 0) + ' minute'}::interval`, timeZone })
+      .set((eb) => ({
+        dateTimeOriginal: sql`"dateTimeOriginal" + ${(delta ?? 0) + ' minute'}::interval`,
+        timeZone,
+        lockedProperties: distinctLocked(eb, ['dateTimeOriginal', 'timeZone']),
+      }))
       .where('assetId', 'in', ids)
       .returning(['assetId', 'dateTimeOriginal', 'timeZone'])
       .execute();

server/src/repositories/config.repository.spec.ts

@@ -8,6 +8,8 @@ const getEnv = () => {
 
 const resetEnv = () => {
   for (const env of [
+    'IMMICH_ALLOW_EXTERNAL_PLUGINS',
+    'IMMICH_ALLOW_SETUP',
     'IMMICH_ENV',
     'IMMICH_WORKERS_INCLUDE',
     'IMMICH_WORKERS_EXCLUDE',
@@ -75,6 +77,9 @@ describe('getEnv', () => {
       configFile: undefined,
       logLevel: undefined,
     });
+
+    expect(config.plugins.external).toEqual({ allow: false });
+    expect(config.setup).toEqual({ allow: true });
   });
 
   describe('IMMICH_MEDIA_LOCATION', () => {
@@ -84,6 +89,32 @@ describe('getEnv', () => {
     });
   });
 
+  describe('IMMICH_ALLOW_EXTERNAL_PLUGINS', () => {
+    it('should disable plugins', () => {
+      process.env.IMMICH_ALLOW_EXTERNAL_PLUGINS = 'false';
+      const config = getEnv();
+      expect(config.plugins.external).toEqual({ allow: false });
+    });
+
+    it('should throw an error for invalid value', () => {
+      process.env.IMMICH_ALLOW_EXTERNAL_PLUGINS = 'invalid';
+      expect(() => getEnv()).toThrowError('IMMICH_ALLOW_EXTERNAL_PLUGINS must be a boolean value');
+    });
+  });
+
+  describe('IMMICH_ALLOW_SETUP', () => {
+    it('should disable setup', () => {
+      process.env.IMMICH_ALLOW_SETUP = 'false';
+      const { setup } = getEnv();
+      expect(setup).toEqual({ allow: false });
+    });
+
+    it('should throw an error for invalid value', () => {
+      process.env.IMMICH_ALLOW_SETUP = 'invalid';
+      expect(() => getEnv()).toThrowError('IMMICH_ALLOW_SETUP must be a boolean value');
+    });
+  });
+
   describe('database', () => {
     it('should use defaults', () => {
       const { database } = getEnv();

server/src/repositories/config.repository.ts

@@ -17,6 +17,7 @@ import {
   ImmichHeader,
   ImmichTelemetry,
   ImmichWorker,
+  LogFormat,
   LogLevel,
   QueueName,
 } from 'src/enum';
@@ -29,6 +30,7 @@ export interface EnvData {
   environment: ImmichEnvironment;
   configFile?: string;
   logLevel?: LogLevel;
+  logFormat?: LogFormat;
 
   buildMetadata: {
     build?: string;
@@ -90,6 +92,10 @@ export interface EnvData {
 
   redis: RedisOptions;
 
+  setup: {
+    allow: boolean;
+  };
+
   telemetry: {
     apiPort: number;
     microservicesPort: number;
@@ -104,8 +110,10 @@ export interface EnvData {
   workers: ImmichWorker[];
 
   plugins: {
-    enabled: boolean;
-    installFolder?: string;
+    external: {
+      allow: boolean;
+      installFolder?: string;
+    };
   };
 
   noColor: boolean;
@@ -227,6 +235,7 @@ const getEnv = (): EnvData => {
     environment,
     configFile: dto.IMMICH_CONFIG_FILE,
     logLevel: dto.IMMICH_LOG_LEVEL,
+    logFormat: dto.IMMICH_LOG_FORMAT || LogFormat.Console,
 
     buildMetadata: {
       build: dto.IMMICH_BUILD,
@@ -313,6 +322,10 @@ const getEnv = (): EnvData => {
       corePlugin: join(buildFolder, 'corePlugin'),
     },
 
+    setup: {
+      allow: dto.IMMICH_ALLOW_SETUP ?? true,
+    },
+
     storage: {
       ignoreMountCheckErrors: !!dto.IMMICH_IGNORE_MOUNT_CHECK_ERRORS,
       mediaLocation: dto.IMMICH_MEDIA_LOCATION,
@@ -327,8 +340,10 @@ const getEnv = (): EnvData => {
     workers,
 
     plugins: {
-      enabled: !!dto.IMMICH_PLUGINS_ENABLED,
-      installFolder: dto.IMMICH_PLUGINS_INSTALL_FOLDER,
+      external: {
+        allow: dto.IMMICH_ALLOW_EXTERNAL_PLUGINS ?? false,
+        installFolder: dto.IMMICH_PLUGINS_INSTALL_FOLDER,
+      },
     },
 
     noColor: !!dto.NO_COLOR,

server/src/repositories/database.repository.ts

@@ -358,7 +358,7 @@ export class DatabaseRepository {
   }
 
   async runMigrations(): Promise<void> {
-    this.logger.debug('Running migrations');
+    this.logger.log('Running migrations');
 
     const migrator = this.createMigrator();
 
@@ -379,7 +379,7 @@ export class DatabaseRepository {
       throw error;
     }
 
-    this.logger.debug('Finished running migrations');
+    this.logger.log('Finished running migrations');
   }
 
   async migrateFilePaths(sourceFolder: string, targetFolder: string): Promise<void> {

server/src/repositories/logging.repository.ts

@@ -2,7 +2,7 @@ import { ConsoleLogger, Inject, Injectable, Scope } from '@nestjs/common';
 import { isLogLevelEnabled } from '@nestjs/common/services/utils/is-log-level-enabled.util';
 import { ClsService } from 'nestjs-cls';
 import { Telemetry } from 'src/decorators';
-import { LogLevel } from 'src/enum';
+import { LogFormat, LogLevel } from 'src/enum';
 import { ConfigRepository } from 'src/repositories/config.repository';
 
 type LogDetails = any;
@@ -27,10 +27,12 @@ export class MyConsoleLogger extends ConsoleLogger {
 
   constructor(
     private cls: ClsService | undefined,
-    options?: { color?: boolean; context?: string },
+    options?: { json?: boolean; color?: boolean; context?: string },
   ) {
-    super(options?.context || MyConsoleLogger.name);
-    this.isColorEnabled = options?.color || false;
+    super(options?.context || MyConsoleLogger.name, {
+      json: options?.json ?? false,
+    });
+    this.isColorEnabled = !options?.json && (options?.color || false);
   }
 
   isLevelEnabled(level: LogLevel) {
@@ -79,10 +81,17 @@ export class LoggingRepository {
     @Inject(ConfigRepository) configRepository: ConfigRepository | undefined,
   ) {
     let noColor = false;
+    let logFormat = LogFormat.Console;
     if (configRepository) {
-      noColor = configRepository.getEnv().noColor;
+      const env = configRepository.getEnv();
+      noColor = env.noColor;
+      logFormat = env.logFormat ?? logFormat;
     }
-    this.logger = new MyConsoleLogger(cls, { context: LoggingRepository.name, color: !noColor });
+    this.logger = new MyConsoleLogger(cls, {
+      context: LoggingRepository.name,
+      json: logFormat === LogFormat.Json,
+      color: !noColor,
+    });
   }
 
   static create(context?: string) {

server/src/repositories/shared-link.repository.ts

@@ -12,6 +12,7 @@ import { SharedLinkTable } from 'src/schema/tables/shared-link.table';
 
 export type SharedLinkSearchOptions = {
   userId: string;
+  id?: string;
   albumId?: string;
 };
 
@@ -118,7 +119,7 @@ export class SharedLinkRepository {
   }
 
   @GenerateSql({ params: [{ userId: DummyValue.UUID, albumId: DummyValue.UUID }] })
-  getAll({ userId, albumId }: SharedLinkSearchOptions) {
+  getAll({ userId, id, albumId }: SharedLinkSearchOptions) {
     return this.db
       .selectFrom('shared_link')
       .selectAll('shared_link')
@@ -176,6 +177,7 @@ export class SharedLinkRepository {
       .select((eb) => eb.fn.toJson('album').$castTo<Album | null>().as('album'))
       .where((eb) => eb.or([eb('shared_link.type', '=', SharedLinkType.Individual), eb('album.id', 'is not', null)]))
       .$if(!!albumId, (eb) => eb.where('shared_link.albumId', '=', albumId!))
+      .$if(!!id, (eb) => eb.where('shared_link.id', '=', id!))
       .orderBy('shared_link.createdAt', 'desc')
       .distinctOn(['shared_link.createdAt'])
       .execute();

server/src/repositories/workflow.repository.ts

@@ -12,12 +12,22 @@ export class WorkflowRepository {
 
   @GenerateSql({ params: [DummyValue.UUID] })
   getWorkflow(id: string) {
-    return this.db.selectFrom('workflow').selectAll().where('id', '=', id).executeTakeFirst();
+    return this.db
+      .selectFrom('workflow')
+      .selectAll()
+      .where('id', '=', id)
+      .orderBy('createdAt', 'desc')
+      .executeTakeFirst();
   }
 
   @GenerateSql({ params: [DummyValue.UUID] })
   getWorkflowsByOwner(ownerId: string) {
-    return this.db.selectFrom('workflow').selectAll().where('ownerId', '=', ownerId).orderBy('name').execute();
+    return this.db
+      .selectFrom('workflow')
+      .selectAll()
+      .where('ownerId', '=', ownerId)
+      .orderBy('createdAt', 'desc')
+      .execute();
   }
 
   @GenerateSql({ params: [PluginTriggerType.AssetCreate] })

server/src/schema/migrations/1764957138636-AddLockedPropertiesToAssetExif.ts

@@ -0,0 +1,9 @@
+import { Kysely, sql } from 'kysely';
+
+export async function up(db: Kysely<any>): Promise<void> {
+  await sql`ALTER TABLE "asset_exif" ADD "lockedProperties" character varying[];`.execute(db);
+}
+
+export async function down(db: Kysely<any>): Promise<void> {
+  await sql`ALTER TABLE "asset_exif" DROP COLUMN "lockedProperties";`.execute(db);
+}

server/src/schema/tables/asset-exif.table.ts

@@ -1,3 +1,4 @@
+import { LockableProperty } from 'src/database';
 import { UpdatedAtTrigger, UpdateIdColumn } from 'src/decorators';
 import { AssetTable } from 'src/schema/tables/asset.table';
 import { Column, ForeignKeyColumn, Generated, Int8, Table, Timestamp, UpdateDateColumn } from 'src/sql-tools';
@@ -97,4 +98,7 @@ export class AssetExifTable {
 
   @UpdateIdColumn({ index: true })
   updateId!: Generated<string>;
+
+  @Column({ type: 'character varying', array: true, nullable: true })
+  lockedProperties!: Array<LockableProperty> | null;
 }

server/src/services/asset-media.service.ts

@@ -370,7 +370,10 @@ export class AssetMediaService extends BaseService {
       : this.assetRepository.deleteFile({ assetId, type: AssetFileType.Sidecar }));
 
     await this.storageRepository.utimes(file.originalPath, new Date(), new Date(dto.fileModifiedAt));
-    await this.assetRepository.upsertExif({ assetId, fileSizeInByte: file.size });
+    await this.assetRepository.upsertExif(
+      { assetId, fileSizeInByte: file.size },
+      { lockedPropertiesBehavior: 'override' },
+    );
     await this.jobRepository.queue({
       name: JobName.AssetExtractMetadata,
       data: { id: assetId, source: 'upload' },
@@ -399,7 +402,10 @@ export class AssetMediaService extends BaseService {
     });
 
     const { size } = await this.storageRepository.stat(created.originalPath);
-    await this.assetRepository.upsertExif({ assetId: created.id, fileSizeInByte: size });
+    await this.assetRepository.upsertExif(
+      { assetId: created.id, fileSizeInByte: size },
+      { lockedPropertiesBehavior: 'override' },
+    );
     await this.jobRepository.queue({ name: JobName.AssetExtractMetadata, data: { id: created.id, source: 'copy' } });
     return created;
   }
@@ -440,7 +446,10 @@ export class AssetMediaService extends BaseService {
       await this.storageRepository.utimes(sidecarFile.originalPath, new Date(), new Date(dto.fileModifiedAt));
     }
     await this.storageRepository.utimes(file.originalPath, new Date(), new Date(dto.fileModifiedAt));
-    await this.assetRepository.upsertExif({ assetId: asset.id, fileSizeInByte: file.size });
+    await this.assetRepository.upsertExif(
+      { assetId: asset.id, fileSizeInByte: file.size },
+      { lockedPropertiesBehavior: 'override' },
+    );
 
     await this.eventRepository.emit('AssetCreate', { asset });
 

server/src/services/asset.service.spec.ts

@@ -225,7 +225,10 @@ describe(AssetService.name, () => {
 
       await sut.update(authStub.admin, 'asset-1', { description: 'Test description' });
 
-      expect(mocks.asset.upsertExif).toHaveBeenCalledWith({ assetId: 'asset-1', description: 'Test description' });
+      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
+        { assetId: 'asset-1', description: 'Test description', lockedProperties: ['description'] },
+        { lockedPropertiesBehavior: 'append' },
+      );
     });
 
     it('should update the exif rating', async () => {
@@ -235,7 +238,14 @@ describe(AssetService.name, () => {
 
       await sut.update(authStub.admin, 'asset-1', { rating: 3 });
 
-      expect(mocks.asset.upsertExif).toHaveBeenCalledWith({ assetId: 'asset-1', rating: 3 });
+      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
+        {
+          assetId: 'asset-1',
+          rating: 3,
+          lockedProperties: ['rating'],
+        },
+        { lockedPropertiesBehavior: 'append' },
+      );
     });
 
     it('should fail linking a live video if the motion part could not be found', async () => {
@@ -427,9 +437,7 @@ describe(AssetService.name, () => {
       });
       expect(mocks.asset.updateAll).toHaveBeenCalled();
       expect(mocks.asset.updateAllExif).toHaveBeenCalledWith(['asset-1'], { latitude: 0, longitude: 0 });
-      expect(mocks.job.queueAll).toHaveBeenCalledWith([
-        { name: JobName.SidecarWrite, data: { id: 'asset-1', latitude: 0, longitude: 0 } },
-      ]);
+      expect(mocks.job.queueAll).toHaveBeenCalledWith([{ name: JobName.SidecarWrite, data: { id: 'asset-1' } }]);
     });
 
     it('should update exif table if latitude field is provided', async () => {
@@ -450,9 +458,7 @@ describe(AssetService.name, () => {
         latitude: 30,
         longitude: 50,
       });
-      expect(mocks.job.queueAll).toHaveBeenCalledWith([
-        { name: JobName.SidecarWrite, data: { id: 'asset-1', dateTimeOriginal, latitude: 30, longitude: 50 } },
-      ]);
+      expect(mocks.job.queueAll).toHaveBeenCalledWith([{ name: JobName.SidecarWrite, data: { id: 'asset-1' } }]);
     });
 
     it('should update Assets table if duplicateId is provided as null', async () => {
@@ -482,18 +488,7 @@ describe(AssetService.name, () => {
         timeZone,
       });
       expect(mocks.asset.updateDateTimeOriginal).toHaveBeenCalledWith(['asset-1'], dateTimeRelative, timeZone);
-      expect(mocks.job.queueAll).toHaveBeenCalledWith([
-        {
-          name: JobName.SidecarWrite,
-          data: {
-            id: 'asset-1',
-            dateTimeOriginal: '2020-02-25T06:41:00.000+02:00',
-            description: undefined,
-            latitude: undefined,
-            longitude: undefined,
-          },
-        },
-      ]);
+      expect(mocks.job.queueAll).toHaveBeenCalledWith([{ name: JobName.SidecarWrite, data: { id: 'asset-1' } }]);
     });
   });
 

server/src/services/asset.service.ts

@@ -30,9 +30,10 @@ import {
   QueueName,
 } from 'src/enum';
 import { BaseService } from 'src/services/base.service';
-import { ISidecarWriteJob, JobItem, JobOf } from 'src/types';
+import { JobItem, JobOf } from 'src/types';
 import { requireElevatedPermission } from 'src/utils/access';
 import { getAssetFiles, getMyPartnerIds, onAfterUnlink, onBeforeLink, onBeforeUnlink } from 'src/utils/asset.util';
+import { updateLockedColumns } from 'src/utils/database';
 
 @Injectable()
 export class AssetService extends BaseService {
@@ -142,56 +143,40 @@ export class AssetService extends BaseService {
     } = dto;
     await this.requireAccess({ auth, permission: Permission.AssetUpdate, ids });
 
-    const assetDto = { isFavorite, visibility, duplicateId };
-    const exifDto = { latitude, longitude, rating, description, dateTimeOriginal };
+    const assetDto = _.omitBy({ isFavorite, visibility, duplicateId }, _.isUndefined);
+    const exifDto = _.omitBy(
+      {
+        latitude,
+        longitude,
+        rating,
+        description,
+        dateTimeOriginal,
+      },
+      _.isUndefined,
+    );
+    const extractedTimeZone = dateTimeOriginal ? DateTime.fromISO(dateTimeOriginal, { setZone: true }).zone : undefined;
 
-    const isExifChanged = Object.values(exifDto).some((v) => v !== undefined);
-    if (isExifChanged) {
+    if (Object.keys(exifDto).length > 0) {
       await this.assetRepository.updateAllExif(ids, exifDto);
     }
 
-    const assets =
-      (dateTimeRelative !== undefined && dateTimeRelative !== 0) || timeZone !== undefined
-        ? await this.assetRepository.updateDateTimeOriginal(ids, dateTimeRelative, timeZone)
-        : undefined;
-
-    const dateTimesWithTimezone = assets
-      ? assets.map((asset) => {
-          const isoString = asset.dateTimeOriginal?.toISOString();
-          let dateTime = isoString ? DateTime.fromISO(isoString) : null;
-
-          if (dateTime && asset.timeZone) {
-            dateTime = dateTime.setZone(asset.timeZone);
-          }
-
-          return {
-            assetId: asset.assetId,
-            dateTimeOriginal: dateTime?.toISO() ?? null,
-          };
-        })
-      : ids.map((id) => ({ assetId: id, dateTimeOriginal }));
-
-    if (dateTimesWithTimezone.length > 0) {
-      await this.jobRepository.queueAll(
-        dateTimesWithTimezone.map(({ assetId: id, dateTimeOriginal }) => ({
-          name: JobName.SidecarWrite,
-          data: {
-            ...exifDto,
-            id,
-            dateTimeOriginal: dateTimeOriginal ?? undefined,
-          },
-        })),
-      );
+    if (
+      (dateTimeRelative !== undefined && dateTimeRelative !== 0) ||
+      timeZone !== undefined ||
+      extractedTimeZone?.type === 'fixed'
+    ) {
+      await this.assetRepository.updateDateTimeOriginal(ids, dateTimeRelative, timeZone ?? extractedTimeZone?.name);
     }
 
-    const isAssetChanged = Object.values(assetDto).some((v) => v !== undefined);
-    if (isAssetChanged) {
+    if (Object.keys(assetDto).length > 0) {
       await this.assetRepository.updateAll(ids, assetDto);
-
-      if (visibility === AssetVisibility.Locked) {
-        await this.albumRepository.removeAssetsFromAll(ids);
-      }
     }
+
+    if (visibility === AssetVisibility.Locked) {
+      await this.albumRepository.removeAssetsFromAll(ids);
+    }
+
+    await this.jobRepository.queueAll(ids.map((id) => ({ name: JobName.SidecarWrite, data: { id } })));
   }
 
   async copy(
@@ -456,12 +441,37 @@ export class AssetService extends BaseService {
     return asset;
   }
 
-  private async updateExif(dto: ISidecarWriteJob) {
+  private async updateExif(dto: {
+    id: string;
+    description?: string;
+    dateTimeOriginal?: string;
+    latitude?: number;
+    longitude?: number;
+    rating?: number;
+  }) {
     const { id, description, dateTimeOriginal, latitude, longitude, rating } = dto;
-    const writes = _.omitBy({ description, dateTimeOriginal, latitude, longitude, rating }, _.isUndefined);
+    const extractedTimeZone = dateTimeOriginal ? DateTime.fromISO(dateTimeOriginal, { setZone: true }).zone : undefined;
+    const writes = _.omitBy(
+      {
+        description,
+        dateTimeOriginal,
+        timeZone: extractedTimeZone?.type === 'fixed' ? extractedTimeZone.name : undefined,
+        latitude,
+        longitude,
+        rating,
+      },
+      _.isUndefined,
+    );
+
     if (Object.keys(writes).length > 0) {
-      await this.assetRepository.upsertExif({ assetId: id, ...writes });
-      await this.jobRepository.queue({ name: JobName.SidecarWrite, data: { id, ...writes } });
+      await this.assetRepository.upsertExif(
+        updateLockedColumns({
+          assetId: id,
+          ...writes,
+        }),
+        { lockedPropertiesBehavior: 'append' },
+      );
+      await this.jobRepository.queue({ name: JobName.SidecarWrite, data: { id } });
     }
   }
 }

server/src/services/auth.service.ts

@@ -165,6 +165,11 @@ export class AuthService extends BaseService {
   }
 
   async adminSignUp(dto: SignUpDto): Promise<UserAdminResponseDto> {
+    const { setup } = this.configRepository.getEnv();
+    if (!setup.allow) {
+      throw new BadRequestException('Admin setup is disabled');
+    }
+
     const adminUser = await this.userRepository.getAdmin();
     if (adminUser) {
       throw new BadRequestException('The server already has an admin');

server/src/services/cli.service.spec.ts

@@ -89,6 +89,7 @@ describe(CliService.name, () => {
         alreadyDisabled: true,
       });
 
+      expect(mocks.app.sendOneShotAppRestart).toHaveBeenCalledTimes(0);
       expect(mocks.systemMetadata.set).toHaveBeenCalledTimes(0);
       expect(mocks.event.emit).toHaveBeenCalledTimes(0);
     });
@@ -99,6 +100,7 @@ describe(CliService.name, () => {
         alreadyDisabled: false,
       });
 
+      expect(mocks.app.sendOneShotAppRestart).toHaveBeenCalled();
       expect(mocks.systemMetadata.set).toHaveBeenCalledWith(SystemMetadataKey.MaintenanceMode, {
         isMaintenanceMode: false,
       });
@@ -114,6 +116,7 @@ describe(CliService.name, () => {
         }),
       );
 
+      expect(mocks.app.sendOneShotAppRestart).toHaveBeenCalledTimes(0);
       expect(mocks.systemMetadata.set).toHaveBeenCalledTimes(0);
       expect(mocks.event.emit).toHaveBeenCalledTimes(0);
     });
@@ -126,6 +129,7 @@ describe(CliService.name, () => {
         }),
       );
 
+      expect(mocks.app.sendOneShotAppRestart).toHaveBeenCalled();
       expect(mocks.systemMetadata.set).toHaveBeenCalledWith(SystemMetadataKey.MaintenanceMode, {
         isMaintenanceMode: true,
         secret: expect.stringMatching(/^\w{128}$/),

server/src/services/cli.service.ts

@@ -5,7 +5,7 @@ import { MaintenanceAuthDto } from 'src/dtos/maintenance.dto';
 import { UserAdminResponseDto, mapUserAdmin } from 'src/dtos/user.dto';
 import { SystemMetadataKey } from 'src/enum';
 import { BaseService } from 'src/services/base.service';
-import { createMaintenanceLoginUrl, generateMaintenanceSecret, sendOneShotAppRestart } from 'src/utils/maintenance';
+import { createMaintenanceLoginUrl, generateMaintenanceSecret } from 'src/utils/maintenance';
 import { getExternalDomain } from 'src/utils/misc';
 
 @Injectable()
@@ -55,8 +55,7 @@ export class CliService extends BaseService {
 
     const state = { isMaintenanceMode: false as const };
     await this.systemMetadataRepository.set(SystemMetadataKey.MaintenanceMode, state);
-
-    sendOneShotAppRestart(state);
+    await this.appRepository.sendOneShotAppRestart(state);
 
     return {
       alreadyDisabled: false,
@@ -89,7 +88,7 @@ export class CliService extends BaseService {
       secret,
     });
 
-    sendOneShotAppRestart({
+    await this.appRepository.sendOneShotAppRestart({
       isMaintenanceMode: true,
     });
 

server/src/services/maintenance.service.ts

@@ -2,6 +2,7 @@ import { Injectable } from '@nestjs/common';
 import { OnEvent } from 'src/decorators';
 import { MaintenanceAuthDto } from 'src/dtos/maintenance.dto';
 import { SystemMetadataKey } from 'src/enum';
+import { ArgOf } from 'src/repositories/event.repository';
 import { BaseService } from 'src/services/base.service';
 import { MaintenanceModeState } from 'src/types';
 import { createMaintenanceLoginUrl, generateMaintenanceSecret, signMaintenanceJwt } from 'src/utils/maintenance';
@@ -31,7 +32,10 @@ export class MaintenanceService extends BaseService {
   }
 
   @OnEvent({ name: 'AppRestart', server: true })
-  onRestart(): void {
+  onRestart(event: ArgOf<'AppRestart'>, ack?: (ok: 'ok') => void): void {
+    this.logger.log(`Restarting due to event... ${JSON.stringify(event)}`);
+
+    ack?.('ok');
     this.appRepository.exitApp();
   }
 

server/src/services/media.service.ts

@@ -158,7 +158,7 @@ export class MediaService extends BaseService {
   async handleGenerateThumbnails({ id }: JobOf<JobName.AssetGenerateThumbnails>): Promise<JobStatus> {
     const asset = await this.assetJobRepository.getForGenerateThumbnailJob(id);
     if (!asset) {
-      this.logger.warn(`Thumbnail generation failed for asset ${id}: not found`);
+      this.logger.warn(`Thumbnail generation failed for asset ${id}: not found in database or missing metadata`);
       return JobStatus.Failed;
     }
 

server/src/services/memory.service.ts

@@ -28,6 +28,7 @@ export class MemoryService extends BaseService {
           continue;
         }
 
+        this.logger.log(`Creating memories for ${target.toISO()}`);
         try {
           await Promise.all(users.map((owner) => this.createOnThisDayMemories(owner.id, target)));
         } catch (error) {

server/src/services/metadata.service.spec.ts

@@ -187,7 +187,9 @@ describe(MetadataService.name, () => {
 
       await sut.handleMetadataExtraction({ id: assetStub.image.id });
       expect(mocks.assetJob.getForMetadataExtraction).toHaveBeenCalledWith(assetStub.sidecar.id);
-      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(expect.objectContaining({ dateTimeOriginal: sidecarDate }));
+      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(expect.objectContaining({ dateTimeOriginal: sidecarDate }), {
+        lockedPropertiesBehavior: 'skip',
+      });
       expect(mocks.asset.update).toHaveBeenCalledWith(
         expect.objectContaining({
           id: assetStub.image.id,
@@ -214,6 +216,7 @@ describe(MetadataService.name, () => {
       expect(mocks.assetJob.getForMetadataExtraction).toHaveBeenCalledWith(assetStub.image.id);
       expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
         expect.objectContaining({ dateTimeOriginal: fileModifiedAt }),
+        { lockedPropertiesBehavior: 'skip' },
       );
       expect(mocks.asset.update).toHaveBeenCalledWith({
         id: assetStub.image.id,
@@ -238,7 +241,10 @@ describe(MetadataService.name, () => {
 
       await sut.handleMetadataExtraction({ id: assetStub.image.id });
       expect(mocks.assetJob.getForMetadataExtraction).toHaveBeenCalledWith(assetStub.image.id);
-      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(expect.objectContaining({ dateTimeOriginal: fileCreatedAt }));
+      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
+        expect.objectContaining({ dateTimeOriginal: fileCreatedAt }),
+        { lockedPropertiesBehavior: 'skip' },
+      );
       expect(mocks.asset.update).toHaveBeenCalledWith({
         id: assetStub.image.id,
         duration: null,
@@ -258,6 +264,7 @@ describe(MetadataService.name, () => {
         expect.objectContaining({
           dateTimeOriginal: new Date('2022-01-01T00:00:00.000Z'),
         }),
+        { lockedPropertiesBehavior: 'skip' },
       );
 
       expect(mocks.asset.update).toHaveBeenCalledWith(
@@ -281,7 +288,9 @@ describe(MetadataService.name, () => {
 
       await sut.handleMetadataExtraction({ id: assetStub.image.id });
       expect(mocks.assetJob.getForMetadataExtraction).toHaveBeenCalledWith(assetStub.image.id);
-      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(expect.objectContaining({ iso: 160 }));
+      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(expect.objectContaining({ iso: 160 }), {
+        lockedPropertiesBehavior: 'skip',
+      });
       expect(mocks.asset.update).toHaveBeenCalledWith({
         id: assetStub.image.id,
         duration: null,
@@ -310,6 +319,7 @@ describe(MetadataService.name, () => {
       expect(mocks.assetJob.getForMetadataExtraction).toHaveBeenCalledWith(assetStub.image.id);
       expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
         expect.objectContaining({ city: null, state: null, country: null }),
+        { lockedPropertiesBehavior: 'skip' },
       );
       expect(mocks.asset.update).toHaveBeenCalledWith({
         id: assetStub.withLocation.id,
@@ -339,6 +349,7 @@ describe(MetadataService.name, () => {
       expect(mocks.assetJob.getForMetadataExtraction).toHaveBeenCalledWith(assetStub.image.id);
       expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
         expect.objectContaining({ city: 'City', state: 'State', country: 'Country' }),
+        { lockedPropertiesBehavior: 'skip' },
       );
       expect(mocks.asset.update).toHaveBeenCalledWith({
         id: assetStub.withLocation.id,
@@ -358,7 +369,10 @@ describe(MetadataService.name, () => {
 
       await sut.handleMetadataExtraction({ id: assetStub.image.id });
       expect(mocks.assetJob.getForMetadataExtraction).toHaveBeenCalledWith(assetStub.image.id);
-      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(expect.objectContaining({ latitude: null, longitude: null }));
+      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
+        expect.objectContaining({ latitude: null, longitude: null }),
+        { lockedPropertiesBehavior: 'skip' },
+      );
     });
 
     it('should extract tags from TagsList', async () => {
@@ -571,6 +585,7 @@ describe(MetadataService.name, () => {
       expect(mocks.assetJob.getForMetadataExtraction).toHaveBeenCalledWith(assetStub.video.id);
       expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
         expect.objectContaining({ orientation: ExifOrientation.Rotate270CW.toString() }),
+        { lockedPropertiesBehavior: 'skip' },
       );
     });
 
@@ -879,37 +894,40 @@ describe(MetadataService.name, () => {
 
       await sut.handleMetadataExtraction({ id: assetStub.image.id });
       expect(mocks.assetJob.getForMetadataExtraction).toHaveBeenCalledWith(assetStub.image.id);
-      expect(mocks.asset.upsertExif).toHaveBeenCalledWith({
-        assetId: assetStub.image.id,
-        bitsPerSample: expect.any(Number),
-        autoStackId: null,
-        colorspace: tags.ColorSpace,
-        dateTimeOriginal: dateForTest,
-        description: tags.ImageDescription,
-        exifImageHeight: null,
-        exifImageWidth: null,
-        exposureTime: tags.ExposureTime,
-        fNumber: null,
-        fileSizeInByte: 123_456,
-        focalLength: tags.FocalLength,
-        fps: null,
-        iso: tags.ISO,
-        latitude: null,
-        lensModel: tags.LensModel,
-        livePhotoCID: tags.MediaGroupUUID,
-        longitude: null,
-        make: tags.Make,
-        model: tags.Model,
-        modifyDate: expect.any(Date),
-        orientation: tags.Orientation?.toString(),
-        profileDescription: tags.ProfileDescription,
-        projectionType: 'EQUIRECTANGULAR',
-        timeZone: tags.tz,
-        rating: tags.Rating,
-        country: null,
-        state: null,
-        city: null,
-      });
+      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(
+        {
+          assetId: assetStub.image.id,
+          bitsPerSample: expect.any(Number),
+          autoStackId: null,
+          colorspace: tags.ColorSpace,
+          dateTimeOriginal: dateForTest,
+          description: tags.ImageDescription,
+          exifImageHeight: null,
+          exifImageWidth: null,
+          exposureTime: tags.ExposureTime,
+          fNumber: null,
+          fileSizeInByte: 123_456,
+          focalLength: tags.FocalLength,
+          fps: null,
+          iso: tags.ISO,
+          latitude: null,
+          lensModel: tags.LensModel,
+          livePhotoCID: tags.MediaGroupUUID,
+          longitude: null,
+          make: tags.Make,
+          model: tags.Model,
+          modifyDate: expect.any(Date),
+          orientation: tags.Orientation?.toString(),
+          profileDescription: tags.ProfileDescription,
+          projectionType: 'EQUIRECTANGULAR',
+          timeZone: tags.tz,
+          rating: tags.Rating,
+          country: null,
+          state: null,
+          city: null,
+        },
+        { lockedPropertiesBehavior: 'skip' },
+      );
       expect(mocks.asset.update).toHaveBeenCalledWith(
         expect.objectContaining({
           id: assetStub.image.id,
@@ -943,6 +961,7 @@ describe(MetadataService.name, () => {
         expect.objectContaining({
           timeZone: 'UTC+0',
         }),
+        { lockedPropertiesBehavior: 'skip' },
       );
     });
 
@@ -1103,6 +1122,7 @@ describe(MetadataService.name, () => {
         expect.objectContaining({
           description: '',
         }),
+        { lockedPropertiesBehavior: 'skip' },
       );
 
       mockReadTags({ ImageDescription: ' my\n description' });
@@ -1111,6 +1131,7 @@ describe(MetadataService.name, () => {
         expect.objectContaining({
           description: 'my\n description',
         }),
+        { lockedPropertiesBehavior: 'skip' },
       );
     });
 
@@ -1123,6 +1144,7 @@ describe(MetadataService.name, () => {
         expect.objectContaining({
           description: '1000',
         }),
+        { lockedPropertiesBehavior: 'skip' },
       );
     });
 
@@ -1346,6 +1368,7 @@ describe(MetadataService.name, () => {
         expect.objectContaining({
           modifyDate: expect.any(Date),
         }),
+        { lockedPropertiesBehavior: 'skip' },
       );
     });
 
@@ -1358,6 +1381,7 @@ describe(MetadataService.name, () => {
         expect.objectContaining({
           rating: null,
         }),
+        { lockedPropertiesBehavior: 'skip' },
       );
     });
 
@@ -1370,6 +1394,7 @@ describe(MetadataService.name, () => {
         expect.objectContaining({
           rating: 5,
         }),
+        { lockedPropertiesBehavior: 'skip' },
       );
     });
 
@@ -1382,6 +1407,7 @@ describe(MetadataService.name, () => {
         expect.objectContaining({
           rating: -1,
         }),
+        { lockedPropertiesBehavior: 'skip' },
       );
     });
 
@@ -1503,7 +1529,9 @@ describe(MetadataService.name, () => {
       mockReadTags(exif);
 
       await sut.handleMetadataExtraction({ id: assetStub.image.id });
-      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(expect.objectContaining(expected));
+      expect(mocks.asset.upsertExif).toHaveBeenCalledWith(expect.objectContaining(expected), {
+        lockedPropertiesBehavior: 'skip',
+      });
     });
 
     it.each([
@@ -1529,6 +1557,7 @@ describe(MetadataService.name, () => {
         expect.objectContaining({
           lensModel: expected,
         }),
+        { lockedPropertiesBehavior: 'skip' },
       );
     });
   });
@@ -1637,12 +1666,14 @@ describe(MetadataService.name, () => {
 
   describe('handleSidecarWrite', () => {
     it('should skip assets that no longer exist', async () => {
+      mocks.assetJob.getLockedPropertiesForMetadataExtraction.mockResolvedValue([]);
       mocks.assetJob.getForSidecarWriteJob.mockResolvedValue(void 0);
       await expect(sut.handleSidecarWrite({ id: 'asset-123' })).resolves.toBe(JobStatus.Failed);
       expect(mocks.metadata.writeTags).not.toHaveBeenCalled();
     });
 
     it('should skip jobs with no metadata', async () => {
+      mocks.assetJob.getLockedPropertiesForMetadataExtraction.mockResolvedValue([]);
       const asset = factory.jobAssets.sidecarWrite();
       mocks.assetJob.getForSidecarWriteJob.mockResolvedValue(asset);
       await expect(sut.handleSidecarWrite({ id: asset.id })).resolves.toBe(JobStatus.Skipped);
@@ -1655,20 +1686,22 @@ describe(MetadataService.name, () => {
       const gps = 12;
       const date = '2023-11-22T04:56:12.196Z';
 
+      mocks.assetJob.getLockedPropertiesForMetadataExtraction.mockResolvedValue([
+        'description',
+        'latitude',
+        'longitude',
+        'dateTimeOriginal',
+      ]);
       mocks.assetJob.getForSidecarWriteJob.mockResolvedValue(asset);
       await expect(
         sut.handleSidecarWrite({
           id: asset.id,
-          description,
-          latitude: gps,
-          longitude: gps,
-          dateTimeOriginal: date,
         }),
       ).resolves.toBe(JobStatus.Success);
       expect(mocks.metadata.writeTags).toHaveBeenCalledWith(asset.files[0].path, {
+        DateTimeOriginal: date,
         Description: description,
         ImageDescription: description,
-        DateTimeOriginal: date,
         GPSLatitude: gps,
         GPSLongitude: gps,
       });

server/src/services/metadata.service.ts

@@ -290,7 +290,7 @@ export class MetadataService extends BaseService {
     };
 
     const promises: Promise<unknown>[] = [
-      this.assetRepository.upsertExif(exifData),
+      this.assetRepository.upsertExif(exifData, { lockedPropertiesBehavior: 'skip' }),
       this.assetRepository.update({
         id: asset.id,
         duration: this.getDuration(exifTags),
@@ -366,9 +366,13 @@ export class MetadataService extends BaseService {
 
     const isChanged = sidecarPath !== sidecarFile?.path;
 
-    this.logger.debug(
-      `Sidecar check found old=${sidecarFile?.path}, new=${sidecarPath} will ${isChanged ? 'update' : 'do nothing for'}  asset ${asset.id}: ${asset.originalPath}`,
-    );
+    if (sidecarFile?.path || sidecarPath) {
+      this.logger.debug(
+        `Sidecar check found old=${sidecarFile?.path}, new=${sidecarPath} will ${isChanged ? 'update' : 'do nothing for'} asset ${asset.id}: ${asset.originalPath}`,
+      );
+    } else {
+      this.logger.verbose(`No sidecars found for asset ${asset.id}: ${asset.originalPath}`);
+    }
 
     if (!isChanged) {
       return JobStatus.Skipped;
@@ -393,22 +397,34 @@ export class MetadataService extends BaseService {
 
   @OnJob({ name: JobName.SidecarWrite, queue: QueueName.Sidecar })
   async handleSidecarWrite(job: JobOf<JobName.SidecarWrite>): Promise<JobStatus> {
-    const { id, description, dateTimeOriginal, latitude, longitude, rating, tags } = job;
+    const { id, tags } = job;
     const asset = await this.assetJobRepository.getForSidecarWriteJob(id);
     if (!asset) {
       return JobStatus.Failed;
     }
 
+    const lockedProperties = await this.assetJobRepository.getLockedPropertiesForMetadataExtraction(id);
     const tagsList = (asset.tags || []).map((tag) => tag.value);
 
     const { sidecarFile } = getAssetFiles(asset.files);
     const sidecarPath = sidecarFile?.path || `${asset.originalPath}.xmp`;
 
+    const { description, dateTimeOriginal, latitude, longitude, rating } = _.pick(
+      {
+        description: asset.exifInfo.description,
+        dateTimeOriginal: asset.exifInfo.dateTimeOriginal,
+        latitude: asset.exifInfo.latitude,
+        longitude: asset.exifInfo.longitude,
+        rating: asset.exifInfo.rating,
+      },
+      lockedProperties,
+    );
+
     const exif = _.omitBy(
       <Tags>{
         Description: description,
         ImageDescription: description,
-        DateTimeOriginal: dateTimeOriginal,
+        DateTimeOriginal: dateTimeOriginal ? String(dateTimeOriginal) : undefined,
         GPSLatitude: latitude,
         GPSLongitude: longitude,
         Rating: rating,
@@ -846,9 +862,13 @@ export class MetadataService extends BaseService {
     const result = firstDateTime(exifTags);
     const tag = result?.tag;
     const dateTime = result?.dateTime;
-    this.logger.verbose(
-      `Date and time is ${dateTime} using exifTag ${tag} for asset ${asset.id}: ${asset.originalPath}`,
-    );
+    if (dateTime) {
+      this.logger.verbose(
+        `Date and time is ${dateTime} using exifTag ${tag} for asset ${asset.id}: ${asset.originalPath}`,
+      );
+    } else {
+      this.logger.verbose(`No exif date time information found for asset ${asset.id}: ${asset.originalPath}`);
+    }
 
     // timezone
     let timeZone = exifTags.tz ?? null;

server/src/services/plugin.service.ts

@@ -6,8 +6,9 @@ import { join } from 'node:path';
 import { Asset, WorkflowAction, WorkflowFilter } from 'src/database';
 import { OnEvent, OnJob } from 'src/decorators';
 import { PluginManifestDto } from 'src/dtos/plugin-manifest.dto';
-import { mapPlugin, PluginResponseDto } from 'src/dtos/plugin.dto';
+import { mapPlugin, PluginResponseDto, PluginTriggerResponseDto } from 'src/dtos/plugin.dto';
 import { JobName, JobStatus, PluginTriggerType, QueueName } from 'src/enum';
+import { pluginTriggers } from 'src/plugins';
 import { ArgOf } from 'src/repositories/event.repository';
 import { BaseService } from 'src/services/base.service';
 import { PluginHostFunctions } from 'src/services/plugin-host.functions';
@@ -50,6 +51,10 @@ export class PluginService extends BaseService {
     await this.loadPlugins();
   }
 
+  getTriggers(): PluginTriggerResponseDto[] {
+    return pluginTriggers;
+  }
+
   //
   // CRUD operations for plugins
   //
@@ -80,8 +85,8 @@ export class PluginService extends BaseService {
     this.logger.log(`Successfully processed core plugin: ${coreManifest.name} (version ${coreManifest.version})`);
 
     // Load external plugins
-    if (plugins.enabled && plugins.installFolder) {
-      await this.loadExternalPlugins(plugins.installFolder);
+    if (plugins.external.allow && plugins.external.installFolder) {
+      await this.loadExternalPlugins(plugins.external.installFolder);
     }
   }
 

server/src/services/server.service.ts

@@ -115,8 +115,9 @@ export class ServerService extends BaseService {
   }
 
   async getSystemConfig(): Promise<ServerConfigDto> {
+    const { setup } = this.configRepository.getEnv();
     const config = await this.getConfig({ withCache: false });
-    const isInitialized = await this.userRepository.hasAdmin();
+    const isInitialized = !setup.allow || (await this.userRepository.hasAdmin());
     const onboarding = await this.systemMetadataRepository.get(SystemMetadataKey.AdminOnboarding);
 
     return {

server/src/services/shared-link.service.spec.ts

@@ -55,7 +55,8 @@ describe(SharedLinkService.name, () => {
         },
       });
       mocks.sharedLink.get.mockResolvedValue(sharedLinkStub.readonlyNoExif);
-      await expect(sut.getMine(authDto, {})).resolves.toEqual(sharedLinkResponseStub.readonlyNoMetadata);
+      const response = await sut.getMine(authDto, {});
+      expect(response.assets[0]).toMatchObject({ hasMetadata: false });
       expect(mocks.sharedLink.get).toHaveBeenCalledWith(authDto.user.id, authDto.sharedLink?.id);
     });
 

server/src/services/shared-link.service.ts

@@ -6,7 +6,6 @@ import { AssetIdsDto } from 'src/dtos/asset.dto';
 import { AuthDto } from 'src/dtos/auth.dto';
 import {
   mapSharedLink,
-  mapSharedLinkWithoutMetadata,
   SharedLinkCreateDto,
   SharedLinkEditDto,
   SharedLinkPasswordDto,
@@ -19,10 +18,10 @@ import { getExternalDomain, OpenGraphTags } from 'src/utils/misc';
 
 @Injectable()
 export class SharedLinkService extends BaseService {
-  async getAll(auth: AuthDto, { albumId }: SharedLinkSearchDto): Promise<SharedLinkResponseDto[]> {
+  async getAll(auth: AuthDto, { id, albumId }: SharedLinkSearchDto): Promise<SharedLinkResponseDto[]> {
     return this.sharedLinkRepository
-      .getAll({ userId: auth.user.id, albumId })
-      .then((links) => links.map((link) => mapSharedLink(link)));
+      .getAll({ userId: auth.user.id, id, albumId })
+      .then((links) => links.map((link) => mapSharedLink(link, { stripAssetMetadata: false })));
   }
 
   async getMine(auth: AuthDto, dto: SharedLinkPasswordDto): Promise<SharedLinkResponseDto> {
@@ -31,7 +30,7 @@ export class SharedLinkService extends BaseService {
     }
 
     const sharedLink = await this.findOrFail(auth.user.id, auth.sharedLink.id);
-    const response = this.mapToSharedLink(sharedLink, { withExif: sharedLink.showExif });
+    const response = mapSharedLink(sharedLink, { stripAssetMetadata: !sharedLink.showExif });
     if (sharedLink.password) {
       response.token = this.validateAndRefreshToken(sharedLink, dto);
     }
@@ -41,7 +40,7 @@ export class SharedLinkService extends BaseService {
 
   async get(auth: AuthDto, id: string): Promise<SharedLinkResponseDto> {
     const sharedLink = await this.findOrFail(auth.user.id, id);
-    return this.mapToSharedLink(sharedLink, { withExif: true });
+    return mapSharedLink(sharedLink, { stripAssetMetadata: false });
   }
 
   async create(auth: AuthDto, dto: SharedLinkCreateDto): Promise<SharedLinkResponseDto> {
@@ -81,7 +80,7 @@ export class SharedLinkService extends BaseService {
         slug: dto.slug || null,
       });
 
-      return this.mapToSharedLink(sharedLink, { withExif: true });
+      return mapSharedLink(sharedLink, { stripAssetMetadata: false });
     } catch (error) {
       this.handleError(error);
     }
@@ -108,7 +107,7 @@ export class SharedLinkService extends BaseService {
         showExif: dto.showMetadata,
         slug: dto.slug || null,
       });
-      return this.mapToSharedLink(sharedLink, { withExif: true });
+      return mapSharedLink(sharedLink, { stripAssetMetadata: false });
     } catch (error) {
       this.handleError(error);
     }
@@ -214,10 +213,6 @@ export class SharedLinkService extends BaseService {
     };
   }
 
-  private mapToSharedLink(sharedLink: SharedLink, { withExif }: { withExif: boolean }) {
-    return withExif ? mapSharedLink(sharedLink) : mapSharedLinkWithoutMetadata(sharedLink);
-  }
-
   private validateAndRefreshToken(sharedLink: SharedLink, dto: SharedLinkPasswordDto): string {
     const token = this.cryptoRepository.hashSha256(`${sharedLink.id}-${sharedLink.password}`);
     const sharedLinkTokens = dto.token?.split(',') || [];

server/src/services/storage-template.service.spec.ts

@@ -84,6 +84,7 @@ describe(StorageTemplateService.name, () => {
           '{{y}}/{{y}}-{{MM}}/{{assetId}}',
           '{{y}}/{{y}}-{{WW}}/{{assetId}}',
           '{{album}}/{{filename}}',
+          '{{make}}/{{model}}/{{lensModel}}/{{filename}}',
         ],
         secondOptions: ['s', 'ss', 'SSS'],
         weekOptions: ['W', 'WW'],
@@ -615,6 +616,39 @@ describe(StorageTemplateService.name, () => {
       );
       expect(mocks.asset.update).not.toHaveBeenCalled();
     });
+
+    it('should migrate live photo motion video alongside the still image', async () => {
+      const newMotionPicturePath = `/data/library/${motionAsset.ownerId}/2022/2022-06-19/${motionAsset.originalFileName}`;
+      const newStillPicturePath = `/data/library/${stillAsset.ownerId}/2022/2022-06-19/${stillAsset.originalFileName}`;
+
+      mocks.assetJob.streamForStorageTemplateJob.mockReturnValue(makeStream([stillAsset]));
+      mocks.user.getList.mockResolvedValue([userStub.user1]);
+      mocks.assetJob.getForStorageTemplateJob.mockResolvedValueOnce(motionAsset);
+
+      mocks.move.create.mockResolvedValueOnce({
+        id: '123',
+        entityId: stillAsset.id,
+        pathType: AssetPathType.Original,
+        oldPath: stillAsset.originalPath,
+        newPath: newStillPicturePath,
+      });
+
+      mocks.move.create.mockResolvedValueOnce({
+        id: '124',
+        entityId: motionAsset.id,
+        pathType: AssetPathType.Original,
+        oldPath: motionAsset.originalPath,
+        newPath: newMotionPicturePath,
+      });
+
+      await sut.handleMigration();
+
+      expect(mocks.assetJob.streamForStorageTemplateJob).toHaveBeenCalled();
+      expect(mocks.assetJob.getForStorageTemplateJob).toHaveBeenCalledWith(motionAsset.id);
+      expect(mocks.storage.checkFileExists).toHaveBeenCalledTimes(2);
+      expect(mocks.asset.update).toHaveBeenCalledWith({ id: stillAsset.id, originalPath: newStillPicturePath });
+      expect(mocks.asset.update).toHaveBeenCalledWith({ id: motionAsset.id, originalPath: newMotionPicturePath });
+    });
   });
 
   describe('file rename correctness', () => {

server/src/services/storage-template.service.ts

@@ -53,6 +53,7 @@ const storagePresets = [
   '{{y}}/{{y}}-{{MM}}/{{assetId}}',
   '{{y}}/{{y}}-{{WW}}/{{assetId}}',
   '{{album}}/{{filename}}',
+  '{{make}}/{{model}}/{{lensModel}}/{{filename}}',
 ];
 
 export interface MoveAssetMetadata {
@@ -67,6 +68,9 @@ interface RenderMetadata {
   albumName: string | null;
   albumStartDate: Date | null;
   albumEndDate: Date | null;
+  make: string | null;
+  model: string | null;
+  lensModel: string | null;
 }
 
 @Injectable()
@@ -115,6 +119,9 @@ export class StorageTemplateService extends BaseService {
         albumName: 'album',
         albumStartDate: new Date(),
         albumEndDate: new Date(),
+        make: 'FUJIFILM',
+        model: 'X-T50',
+        lensModel: 'XF27mm F2.8 R WR',
       });
     } catch (error) {
       this.logger.warn(`Storage template validation failed: ${JSON.stringify(error)}`);
@@ -181,6 +188,15 @@ export class StorageTemplateService extends BaseService {
       const storageLabel = user?.storageLabel || null;
       const filename = asset.originalFileName || asset.id;
       await this.moveAsset(asset, { storageLabel, filename });
+
+      // move motion part of live photo
+      if (asset.livePhotoVideoId) {
+        const livePhotoVideo = await this.assetJobRepository.getForStorageTemplateJob(asset.livePhotoVideoId);
+        if (livePhotoVideo) {
+          const motionFilename = getLivePhotoMotionFilename(filename, livePhotoVideo.originalPath);
+          await this.moveAsset(livePhotoVideo, { storageLabel, filename: motionFilename });
+        }
+      }
     }
 
     this.logger.debug('Cleaning up empty directories...');
@@ -301,6 +317,9 @@ export class StorageTemplateService extends BaseService {
         albumName,
         albumStartDate,
         albumEndDate,
+        make: asset.make,
+        model: asset.model,
+        lensModel: asset.lensModel,
       });
       const fullPath = path.normalize(path.join(rootPath, storagePath));
       let destination = `${fullPath}.${extension}`;
@@ -365,7 +384,7 @@ export class StorageTemplateService extends BaseService {
   }
 
   private render(template: HandlebarsTemplateDelegate<any>, options: RenderMetadata) {
-    const { filename, extension, asset, albumName, albumStartDate, albumEndDate } = options;
+    const { filename, extension, asset, albumName, albumStartDate, albumEndDate, make, model, lensModel } = options;
     const substitutions: Record<string, string> = {
       filename,
       ext: extension,
@@ -375,6 +394,9 @@ export class StorageTemplateService extends BaseService {
       assetIdShort: asset.id.slice(-12),
       //just throw into the root if it doesn't belong to an album
       album: (albumName && sanitize(albumName.replaceAll(/\.+/g, ''))) || '',
+      make: make ?? '',
+      model: model ?? '',
+      lensModel: lensModel ?? '',
     };
 
     const systemTimeZone = Intl.DateTimeFormat().resolvedOptions().timeZone;

server/src/services/workflow.service.ts

@@ -16,10 +16,10 @@ import { BaseService } from 'src/services/base.service';
 @Injectable()
 export class WorkflowService extends BaseService {
   async create(auth: AuthDto, dto: WorkflowCreateDto): Promise<WorkflowResponseDto> {
-    const trigger = this.getTriggerOrFail(dto.triggerType);
+    const context = this.getContextForTrigger(dto.triggerType);
 
-    const filterInserts = await this.validateAndMapFilters(dto.filters, trigger.context);
-    const actionInserts = await this.validateAndMapActions(dto.actions, trigger.context);
+    const filterInserts = await this.validateAndMapFilters(dto.filters, context);
+    const actionInserts = await this.validateAndMapActions(dto.actions, context);
 
     const workflow = await this.workflowRepository.createWorkflow(
       {
@@ -56,11 +56,11 @@ export class WorkflowService extends BaseService {
     }
 
     const workflow = await this.findOrFail(id);
-    const trigger = this.getTriggerOrFail(workflow.triggerType);
+    const context = this.getContextForTrigger(dto.triggerType ?? workflow.triggerType);
 
     const { filters, actions, ...workflowUpdate } = dto;
-    const filterInserts = filters && (await this.validateAndMapFilters(filters, trigger.context));
-    const actionInserts = actions && (await this.validateAndMapActions(actions, trigger.context));
+    const filterInserts = filters && (await this.validateAndMapFilters(filters, context));
+    const actionInserts = actions && (await this.validateAndMapActions(actions, context));
 
     const updatedWorkflow = await this.workflowRepository.updateWorkflow(
       id,
@@ -124,12 +124,12 @@ export class WorkflowService extends BaseService {
     }));
   }
 
-  private getTriggerOrFail(triggerType: PluginTriggerType) {
-    const trigger = pluginTriggers.find((t) => t.type === triggerType);
+  private getContextForTrigger(type: PluginTriggerType) {
+    const trigger = pluginTriggers.find((t) => t.type === type);
     if (!trigger) {
-      throw new BadRequestException(`Invalid trigger type: ${triggerType}`);
+      throw new BadRequestException(`Invalid trigger type: ${type}`);
     }
-    return trigger;
+    return trigger.contextType;
   }
 
   private async findOrFail(id: string) {

server/src/types.ts

@@ -223,11 +223,6 @@ export interface IDeleteFilesJob extends IBaseJob {
 }
 
 export interface ISidecarWriteJob extends IEntityJob {
-  description?: string;
-  dateTimeOriginal?: string;
-  latitude?: number;
-  longitude?: number;
-  rating?: number;
   tags?: true;
 }
 
@@ -529,6 +524,9 @@ export type StorageAsset = {
   originalFileName: string;
   fileSizeInByte: number | null;
   files: AssetFile[];
+  make: string | null;
+  model: string | null;
+  lensModel: string | null;
 };
 
 export type OnThisDayData = { year: number };

server/src/utils/database.ts

@@ -15,7 +15,7 @@ import { PostgresJSDialect } from 'kysely-postgres-js';
 import { jsonArrayFrom, jsonObjectFrom } from 'kysely/helpers/postgres';
 import { parse } from 'pg-connection-string';
 import postgres, { Notice, PostgresError } from 'postgres';
-import { columns, Exif, Person } from 'src/database';
+import { columns, Exif, lockableProperties, LockableProperty, Person } from 'src/database';
 import { AssetFileType, AssetVisibility, DatabaseExtension, DatabaseSslMode } from 'src/enum';
 import { AssetSearchBuilderOptions } from 'src/repositories/search.repository';
 import { DB } from 'src/schema';
@@ -446,7 +446,7 @@ export function searchAssetBuilder(kysely: Kysely<DB>, options: AssetSearchBuild
       qb.where((eb) => eb.not(eb.exists((eb) => eb.selectFrom('album_asset').whereRef('assetId', '=', 'asset.id')))),
     )
     .$if(!!options.withExif, withExifInner)
-    .$if(!!(options.withFaces || options.withPeople || options.personIds), (qb) => qb.select(withFacesAndPeople))
+    .$if(!!(options.withFaces || options.withPeople), (qb) => qb.select(withFacesAndPeople))
     .$if(!options.withDeleted, (qb) => qb.where('asset.deletedAt', 'is', null));
 }
 
@@ -488,3 +488,10 @@ export function vectorIndexQuery({ vectorExtension, table, indexName, lists }: V
     }
   }
 }
+
+export const updateLockedColumns = <T extends Record<string, unknown> & { lockedProperties?: LockableProperty[] }>(
+  exif: T,
+) => {
+  exif.lockedProperties = lockableProperties.filter((property) => property in exif);
+  return exif;
+};

server/src/utils/maintenance.ts

@@ -1,55 +1,6 @@
-import { createAdapter } from '@socket.io/redis-adapter';
-import Redis from 'ioredis';
 import { SignJWT } from 'jose';
 import { randomBytes } from 'node:crypto';
-import { Server as SocketIO } from 'socket.io';
 import { MaintenanceAuthDto } from 'src/dtos/maintenance.dto';
-import { ConfigRepository } from 'src/repositories/config.repository';
-import { AppRestartEvent } from 'src/repositories/event.repository';
-
-export function sendOneShotAppRestart(state: AppRestartEvent): void {
-  const server = new SocketIO();
-  const { redis } = new ConfigRepository().getEnv();
-  const pubClient = new Redis(redis);
-  const subClient = pubClient.duplicate();
-  server.adapter(createAdapter(pubClient, subClient));
-
-  /**
-   * Keep trying until we manage to stop Immich
-   *
-   * Sometimes there appear to be communication
-   * issues between to the other servers.
-   *
-   * This issue only occurs with this method.
-   */
-  async function tryTerminate() {
-    while (true) {
-      try {
-        const responses = await server.serverSideEmitWithAck('AppRestart', state);
-        if (responses.length > 0) {
-          return;
-        }
-      } catch (error) {
-        console.error(error);
-        console.error('Encountered an error while telling Immich to stop.');
-      }
-
-      console.info(
-        "\nIt doesn't appear that Immich stopped, trying again in a moment.\nIf Immich is already not running, you can ignore this error.",
-      );
-
-      await new Promise((r) => setTimeout(r, 1e3));
-    }
-  }
-
-  // => corresponds to notification.service.ts#onAppRestart
-  server.emit('AppRestartV1', state, () => {
-    void tryTerminate().finally(() => {
-      pubClient.disconnect();
-      subClient.disconnect();
-    });
-  });
-}
 
 export async function createMaintenanceLoginUrl(
   baseUrl: string,

server/test/fixtures/asset.stub.ts

@@ -65,6 +65,9 @@ export const assetStub = {
     originalFileName: 'IMG_123.jpg',
     fileSizeInByte: 12_345,
     files: [],
+    make: 'FUJIFILM',
+    model: 'X-T50',
+    lensModel: 'XF27mm F2.8 R WR',
     ...asset,
   }),
   noResizePath: Object.freeze({

server/test/fixtures/shared-link.stub.ts

@@ -1,10 +1,7 @@
 import { UserAdmin } from 'src/database';
-import { AlbumResponseDto } from 'src/dtos/album.dto';
-import { AssetResponseDto, MapAsset } from 'src/dtos/asset-response.dto';
-import { ExifResponseDto } from 'src/dtos/exif.dto';
+import { MapAsset } from 'src/dtos/asset-response.dto';
 import { SharedLinkResponseDto } from 'src/dtos/shared-link.dto';
-import { mapUser } from 'src/dtos/user.dto';
-import { AssetOrder, AssetStatus, AssetType, AssetVisibility, SharedLinkType } from 'src/enum';
+import { AssetStatus, AssetType, AssetVisibility, SharedLinkType } from 'src/enum';
 import { assetStub } from 'test/fixtures/asset.stub';
 import { authStub } from 'test/fixtures/auth.stub';
 import { userStub } from 'test/fixtures/user.stub';
@@ -20,89 +17,6 @@ const sharedLinkBytes = Buffer.from(
   'hex',
 );
 
-const assetInfo: ExifResponseDto = {
-  make: 'camera-make',
-  model: 'camera-model',
-  exifImageWidth: 500,
-  exifImageHeight: 500,
-  fileSizeInByte: 100,
-  orientation: 'orientation',
-  dateTimeOriginal: today,
-  modifyDate: today,
-  timeZone: 'America/Los_Angeles',
-  lensModel: 'fancy',
-  fNumber: 100,
-  focalLength: 100,
-  iso: 100,
-  exposureTime: '1/16',
-  latitude: 100,
-  longitude: 100,
-  city: 'city',
-  state: 'state',
-  country: 'country',
-  description: 'description',
-  projectionType: null,
-};
-
-const assetResponse: AssetResponseDto = {
-  id: 'id_1',
-  createdAt: today,
-  deviceAssetId: 'device_asset_id_1',
-  ownerId: 'user_id_1',
-  deviceId: 'device_id_1',
-  type: AssetType.Video,
-  originalMimeType: 'image/jpeg',
-  originalPath: 'fake_path/jpeg',
-  originalFileName: 'asset_1.jpeg',
-  thumbhash: null,
-  fileModifiedAt: today,
-  isOffline: false,
-  fileCreatedAt: today,
-  localDateTime: today,
-  updatedAt: today,
-  isFavorite: false,
-  isArchived: false,
-  duration: '0:00:00.00000',
-  exifInfo: assetInfo,
-  livePhotoVideoId: null,
-  tags: [],
-  people: [],
-  checksum: 'ZmlsZSBoYXNo',
-  isTrashed: false,
-  libraryId: 'library-id',
-  hasMetadata: true,
-  visibility: AssetVisibility.Timeline,
-};
-
-const assetResponseWithoutMetadata = {
-  id: 'id_1',
-  type: AssetType.Video,
-  originalMimeType: 'image/jpeg',
-  thumbhash: null,
-  localDateTime: today,
-  duration: '0:00:00.00000',
-  livePhotoVideoId: null,
-  hasMetadata: false,
-} as AssetResponseDto;
-
-const albumResponse: AlbumResponseDto = {
-  albumName: 'Test Album',
-  description: '',
-  albumThumbnailAssetId: null,
-  createdAt: today,
-  updatedAt: today,
-  id: 'album-123',
-  ownerId: 'admin_id',
-  owner: mapUser(userStub.admin),
-  albumUsers: [],
-  shared: false,
-  hasSharedLink: false,
-  assets: [],
-  assetCount: 1,
-  isActivityEnabled: true,
-  order: AssetOrder.Desc,
-};
-
 export const sharedLinkStub = {
   individual: Object.freeze({
     id: '123',
@@ -161,7 +75,7 @@ export const sharedLinkStub = {
     id: '123',
     userId: authStub.admin.user.id,
     key: sharedLinkBytes,
-    type: SharedLinkType.Album,
+    type: SharedLinkType.Individual,
     createdAt: today,
     expiresAt: tomorrow,
     allowUpload: false,
@@ -169,97 +83,80 @@ export const sharedLinkStub = {
     showExif: false,
     description: null,
     password: null,
-    assets: [],
-    slug: null,
-    albumId: 'album-123',
-    album: {
-      id: 'album-123',
-      updateId: '42',
-      ownerId: authStub.admin.user.id,
-      owner: userStub.admin,
-      albumName: 'Test Album',
-      description: '',
-      createdAt: today,
-      updatedAt: today,
-      deletedAt: null,
-      albumThumbnailAsset: null,
-      albumThumbnailAssetId: null,
-      albumUsers: [],
-      sharedLinks: [],
-      isActivityEnabled: true,
-      order: AssetOrder.Desc,
-      assets: [
-        {
-          id: 'id_1',
-          status: AssetStatus.Active,
-          owner: undefined as unknown as UserAdmin,
-          ownerId: 'user_id_1',
-          deviceAssetId: 'device_asset_id_1',
-          deviceId: 'device_id_1',
-          type: AssetType.Video,
-          originalPath: 'fake_path/jpeg',
-          checksum: Buffer.from('file hash', 'utf8'),
-          fileModifiedAt: today,
-          fileCreatedAt: today,
-          localDateTime: today,
-          createdAt: today,
+    assets: [
+      {
+        id: 'id_1',
+        status: AssetStatus.Active,
+        owner: undefined as unknown as UserAdmin,
+        ownerId: 'user_id_1',
+        deviceAssetId: 'device_asset_id_1',
+        deviceId: 'device_id_1',
+        type: AssetType.Video,
+        originalPath: 'fake_path/jpeg',
+        checksum: Buffer.from('file hash', 'utf8'),
+        fileModifiedAt: today,
+        fileCreatedAt: today,
+        localDateTime: today,
+        createdAt: today,
+        updatedAt: today,
+        isFavorite: false,
+        isArchived: false,
+        isExternal: false,
+        isOffline: false,
+        files: [],
+        thumbhash: null,
+        encodedVideoPath: '',
+        duration: null,
+        livePhotoVideo: null,
+        livePhotoVideoId: null,
+        originalFileName: 'asset_1.jpeg',
+        exifInfo: {
+          projectionType: null,
+          livePhotoCID: null,
+          assetId: 'id_1',
+          description: 'description',
+          exifImageWidth: 500,
+          exifImageHeight: 500,
+          fileSizeInByte: 100,
+          orientation: 'orientation',
+          dateTimeOriginal: today,
+          modifyDate: today,
+          timeZone: 'America/Los_Angeles',
+          latitude: 100,
+          longitude: 100,
+          city: 'city',
+          state: 'state',
+          country: 'country',
+          make: 'camera-make',
+          model: 'camera-model',
+          lensModel: 'fancy',
+          fNumber: 100,
+          focalLength: 100,
+          iso: 100,
+          exposureTime: '1/16',
+          fps: 100,
+          profileDescription: 'sRGB',
+          bitsPerSample: 8,
+          colorspace: 'sRGB',
+          autoStackId: null,
+          rating: 3,
           updatedAt: today,
-          isFavorite: false,
-          isArchived: false,
-          isExternal: false,
-          isOffline: false,
-          files: [],
-          thumbhash: null,
-          encodedVideoPath: '',
-          duration: null,
-          livePhotoVideo: null,
-          livePhotoVideoId: null,
-          originalFileName: 'asset_1.jpeg',
-          exifInfo: {
-            projectionType: null,
-            livePhotoCID: null,
-            assetId: 'id_1',
-            description: 'description',
-            exifImageWidth: 500,
-            exifImageHeight: 500,
-            fileSizeInByte: 100,
-            orientation: 'orientation',
-            dateTimeOriginal: today,
-            modifyDate: today,
-            timeZone: 'America/Los_Angeles',
-            latitude: 100,
-            longitude: 100,
-            city: 'city',
-            state: 'state',
-            country: 'country',
-            make: 'camera-make',
-            model: 'camera-model',
-            lensModel: 'fancy',
-            fNumber: 100,
-            focalLength: 100,
-            iso: 100,
-            exposureTime: '1/16',
-            fps: 100,
-            profileDescription: 'sRGB',
-            bitsPerSample: 8,
-            colorspace: 'sRGB',
-            autoStackId: null,
-            rating: 3,
-            updatedAt: today,
-            updateId: '42',
-          },
-          sharedLinks: [],
-          faces: [],
-          sidecarPath: null,
-          deletedAt: null,
-          duplicateId: null,
           updateId: '42',
-          libraryId: null,
-          stackId: null,
-          visibility: AssetVisibility.Timeline,
         },
-      ],
-    },
+        sharedLinks: [],
+        faces: [],
+        sidecarPath: null,
+        deletedAt: null,
+        duplicateId: null,
+        updateId: '42',
+        libraryId: null,
+        stackId: null,
+        visibility: AssetVisibility.Timeline,
+      },
+    ],
+    albumId: null,
+    album: null,
+    slug: null,
   }),
   passwordRequired: Object.freeze({
     id: '123',
@@ -312,20 +209,4 @@ export const sharedLinkResponseStub = {
     userId: 'admin_id',
     slug: null,
   }),
-  readonlyNoMetadata: Object.freeze<SharedLinkResponseDto>({
-    id: '123',
-    userId: 'admin_id',
-    key: sharedLinkBytes.toString('base64url'),
-    type: SharedLinkType.Album,
-    createdAt: today,
-    expiresAt: tomorrow,
-    description: null,
-    password: null,
-    allowUpload: false,
-    allowDownload: false,
-    showMetadata: false,
-    slug: null,
-    album: { ...albumResponse, startDate: assetResponse.localDateTime, endDate: assetResponse.localDateTime },
-    assets: [{ ...assetResponseWithoutMetadata, exifInfo: undefined }],
-  }),
 };

server/test/medium.factory.ts

@@ -202,7 +202,7 @@ export class MediumTestContext<S extends BaseService = BaseService> {
   }
 
   async newExif(dto: Insertable<AssetExifTable>) {
-    const result = await this.get(AssetRepository).upsertExif(dto);
+    const result = await this.get(AssetRepository).upsertExif(dto, { lockedPropertiesBehavior: 'override' });
     return { result };
   }
 

server/test/medium/specs/repositories/asset.repository.spec.ts

@@ -0,0 +1,90 @@
+import { Kysely } from 'kysely';
+import { AssetRepository } from 'src/repositories/asset.repository';
+import { LoggingRepository } from 'src/repositories/logging.repository';
+import { DB } from 'src/schema';
+import { BaseService } from 'src/services/base.service';
+import { newMediumService } from 'test/medium.factory';
+import { getKyselyDB } from 'test/utils';
+
+let defaultDatabase: Kysely<DB>;
+
+const setup = (db?: Kysely<DB>) => {
+  const { ctx } = newMediumService(BaseService, {
+    database: db || defaultDatabase,
+    real: [],
+    mock: [LoggingRepository],
+  });
+  return { ctx, sut: ctx.get(AssetRepository) };
+};
+
+beforeAll(async () => {
+  defaultDatabase = await getKyselyDB();
+});
+
+describe(AssetRepository.name, () => {
+  describe('upsertExif', () => {
+    it('should append to locked columns', async () => {
+      const { ctx, sut } = setup();
+      const { user } = await ctx.newUser();
+      const { asset } = await ctx.newAsset({ ownerId: user.id });
+      await ctx.newExif({
+        assetId: asset.id,
+        dateTimeOriginal: '2023-11-19T18:11:00',
+        lockedProperties: ['dateTimeOriginal'],
+      });
+
+      await expect(
+        ctx.database
+          .selectFrom('asset_exif')
+          .select('lockedProperties')
+          .where('assetId', '=', asset.id)
+          .executeTakeFirstOrThrow(),
+      ).resolves.toEqual({ lockedProperties: ['dateTimeOriginal'] });
+
+      await sut.upsertExif(
+        { assetId: asset.id, lockedProperties: ['description'] },
+        { lockedPropertiesBehavior: 'append' },
+      );
+
+      await expect(
+        ctx.database
+          .selectFrom('asset_exif')
+          .select('lockedProperties')
+          .where('assetId', '=', asset.id)
+          .executeTakeFirstOrThrow(),
+      ).resolves.toEqual({ lockedProperties: ['description', 'dateTimeOriginal'] });
+    });
+
+    it('should deduplicate locked columns', async () => {
+      const { ctx, sut } = setup();
+      const { user } = await ctx.newUser();
+      const { asset } = await ctx.newAsset({ ownerId: user.id });
+      await ctx.newExif({
+        assetId: asset.id,
+        dateTimeOriginal: '2023-11-19T18:11:00',
+        lockedProperties: ['dateTimeOriginal', 'description'],
+      });
+
+      await expect(
+        ctx.database
+          .selectFrom('asset_exif')
+          .select('lockedProperties')
+          .where('assetId', '=', asset.id)
+          .executeTakeFirstOrThrow(),
+      ).resolves.toEqual({ lockedProperties: ['dateTimeOriginal', 'description'] });
+
+      await sut.upsertExif(
+        { assetId: asset.id, lockedProperties: ['description'] },
+        { lockedPropertiesBehavior: 'append' },
+      );
+
+      await expect(
+        ctx.database
+          .selectFrom('asset_exif')
+          .select('lockedProperties')
+          .where('assetId', '=', asset.id)
+          .executeTakeFirstOrThrow(),
+      ).resolves.toEqual({ lockedProperties: ['description', 'dateTimeOriginal'] });
+    });
+  });
+});

server/test/medium/specs/services/asset.service.spec.ts

@@ -268,4 +268,166 @@ describe(AssetService.name, () => {
       });
     });
   });
+
+  describe('update', () => {
+    it('should automatically lock lockable columns', async () => {
+      const { sut, ctx } = setup();
+      ctx.getMock(JobRepository).queue.mockResolvedValue();
+      const { user } = await ctx.newUser();
+      const auth = factory.auth({ user });
+      const { asset } = await ctx.newAsset({ ownerId: user.id });
+      await ctx.newExif({ assetId: asset.id, dateTimeOriginal: '2023-11-19T18:11:00' });
+
+      await expect(
+        ctx.database
+          .selectFrom('asset_exif')
+          .select('lockedProperties')
+          .where('assetId', '=', asset.id)
+          .executeTakeFirstOrThrow(),
+      ).resolves.toEqual({ lockedProperties: null });
+
+      await sut.update(auth, asset.id, {
+        latitude: 42,
+        longitude: 42,
+        rating: 3,
+        description: 'foo',
+        dateTimeOriginal: '2023-11-19T18:11:00+01:00',
+      });
+
+      await expect(
+        ctx.database
+          .selectFrom('asset_exif')
+          .select('lockedProperties')
+          .where('assetId', '=', asset.id)
+          .executeTakeFirstOrThrow(),
+      ).resolves.toEqual({
+        lockedProperties: ['timeZone', 'rating', 'description', 'latitude', 'longitude', 'dateTimeOriginal'],
+      });
+    });
+
+    it('should update dateTimeOriginal', async () => {
+      const { sut, ctx } = setup();
+      ctx.getMock(JobRepository).queue.mockResolvedValue();
+      const { user } = await ctx.newUser();
+      const auth = factory.auth({ user });
+      const { asset } = await ctx.newAsset({ ownerId: user.id });
+      await ctx.newExif({ assetId: asset.id, description: 'test' });
+
+      await sut.update(auth, asset.id, { dateTimeOriginal: '2023-11-19T18:11:00' });
+
+      await expect(ctx.get(AssetRepository).getById(asset.id, { exifInfo: true })).resolves.toEqual(
+        expect.objectContaining({
+          exifInfo: expect.objectContaining({ dateTimeOriginal: '2023-11-19T18:11:00+00:00', timeZone: null }),
+        }),
+      );
+    });
+
+    it('should update dateTimeOriginal with time zone', async () => {
+      const { sut, ctx } = setup();
+      ctx.getMock(JobRepository).queue.mockResolvedValue();
+      const { user } = await ctx.newUser();
+      const auth = factory.auth({ user });
+      const { asset } = await ctx.newAsset({ ownerId: user.id });
+      await ctx.newExif({ assetId: asset.id, description: 'test' });
+
+      await sut.update(auth, asset.id, { dateTimeOriginal: '2023-11-19T18:11:00.000-07:00' });
+
+      await expect(ctx.get(AssetRepository).getById(asset.id, { exifInfo: true })).resolves.toEqual(
+        expect.objectContaining({
+          exifInfo: expect.objectContaining({ dateTimeOriginal: '2023-11-20T01:11:00+00:00', timeZone: 'UTC-7' }),
+        }),
+      );
+    });
+  });
+
+  describe('updateAll', () => {
+    it('should automatically lock lockable columns', async () => {
+      const { sut, ctx } = setup();
+      ctx.getMock(JobRepository).queueAll.mockResolvedValue();
+      const { user } = await ctx.newUser();
+      const auth = factory.auth({ user });
+      const { asset } = await ctx.newAsset({ ownerId: user.id });
+      await ctx.newExif({ assetId: asset.id, dateTimeOriginal: '2023-11-19T18:11:00' });
+
+      await expect(
+        ctx.database
+          .selectFrom('asset_exif')
+          .select('lockedProperties')
+          .where('assetId', '=', asset.id)
+          .executeTakeFirstOrThrow(),
+      ).resolves.toEqual({ lockedProperties: null });
+
+      await sut.updateAll(auth, {
+        ids: [asset.id],
+        latitude: 42,
+        description: 'foo',
+        longitude: 42,
+        rating: 3,
+        dateTimeOriginal: '2023-11-19T18:11:00+01:00',
+      });
+
+      await expect(
+        ctx.database
+          .selectFrom('asset_exif')
+          .select('lockedProperties')
+          .where('assetId', '=', asset.id)
+          .executeTakeFirstOrThrow(),
+      ).resolves.toEqual({
+        lockedProperties: ['timeZone', 'rating', 'description', 'latitude', 'longitude', 'dateTimeOriginal'],
+      });
+    });
+
+    it('should relatively update assets', async () => {
+      const { sut, ctx } = setup();
+      ctx.getMock(JobRepository).queueAll.mockResolvedValue();
+      const { user } = await ctx.newUser();
+      const auth = factory.auth({ user });
+      const { asset } = await ctx.newAsset({ ownerId: user.id });
+      await ctx.newExif({ assetId: asset.id, dateTimeOriginal: '2023-11-19T18:11:00' });
+
+      await sut.updateAll(auth, { ids: [asset.id], dateTimeRelative: -11 });
+
+      await expect(ctx.get(AssetRepository).getById(asset.id, { exifInfo: true })).resolves.toEqual(
+        expect.objectContaining({
+          exifInfo: expect.objectContaining({
+            dateTimeOriginal: '2023-11-19T18:00:00+00:00',
+          }),
+        }),
+      );
+    });
+
+    it('should update dateTimeOriginal', async () => {
+      const { sut, ctx } = setup();
+      ctx.getMock(JobRepository).queueAll.mockResolvedValue();
+      const { user } = await ctx.newUser();
+      const auth = factory.auth({ user });
+      const { asset } = await ctx.newAsset({ ownerId: user.id });
+      await ctx.newExif({ assetId: asset.id, description: 'test' });
+
+      await sut.updateAll(auth, { ids: [asset.id], dateTimeOriginal: '2023-11-19T18:11:00' });
+
+      await expect(ctx.get(AssetRepository).getById(asset.id, { exifInfo: true })).resolves.toEqual(
+        expect.objectContaining({
+          exifInfo: expect.objectContaining({ dateTimeOriginal: '2023-11-19T18:11:00+00:00', timeZone: null }),
+        }),
+      );
+    });
+
+    it('should update dateTimeOriginal with time zone', async () => {
+      const { sut, ctx } = setup();
+      ctx.getMock(JobRepository).queueAll.mockResolvedValue();
+      const { user } = await ctx.newUser();
+      const auth = factory.auth({ user });
+      const { asset } = await ctx.newAsset({ ownerId: user.id });
+      await ctx.newExif({ assetId: asset.id, description: 'test' });
+
+      await sut.updateAll(auth, { ids: [asset.id], dateTimeOriginal: '2023-11-19T18:11:00.000-07:00' });
+
+      await expect(ctx.get(AssetRepository).getById(asset.id, { exifInfo: true })).resolves.toEqual(
+        expect.objectContaining({
+          exifInfo: expect.objectContaining({ dateTimeOriginal: '2023-11-20T01:11:00+00:00', timeZone: 'UTC-7' }),
+        }),
+      );
+    });
+  });
 });

server/test/medium/specs/services/metadata.service.spec.ts

@@ -95,6 +95,7 @@ describe(MetadataService.name, () => {
           dateTimeOriginal: new Date(expected.dateTimeOriginal),
           timeZone: expected.timeZone,
         }),
+        { lockedPropertiesBehavior: 'skip' },
       );
 
       expect(mocks.asset.update).toHaveBeenCalledWith(

server/test/medium/specs/services/search.service.spec.ts

@@ -1,5 +1,6 @@
 import { Kysely } from 'kysely';
 import { AccessRepository } from 'src/repositories/access.repository';
+import { AssetRepository } from 'src/repositories/asset.repository';
 import { DatabaseRepository } from 'src/repositories/database.repository';
 import { LoggingRepository } from 'src/repositories/logging.repository';
 import { PartnerRepository } from 'src/repositories/partner.repository';
@@ -16,7 +17,14 @@ let defaultDatabase: Kysely<DB>;
 const setup = (db?: Kysely<DB>) => {
   return newMediumService(SearchService, {
     database: db || defaultDatabase,
-    real: [AccessRepository, DatabaseRepository, SearchRepository, PartnerRepository, PersonRepository],
+    real: [
+      AccessRepository,
+      AssetRepository,
+      DatabaseRepository,
+      SearchRepository,
+      PartnerRepository,
+      PersonRepository,
+    ],
     mock: [LoggingRepository],
   });
 };
@@ -52,4 +60,32 @@ describe(SearchService.name, () => {
       expect.objectContaining({ id: assets[1].id }),
     ]);
   });
+
+  describe('searchStatistics', () => {
+    it('should return statistics when filtering by personIds', async () => {
+      const { sut, ctx } = setup();
+      const { user } = await ctx.newUser();
+      const { asset } = await ctx.newAsset({ ownerId: user.id });
+      const { person } = await ctx.newPerson({ ownerId: user.id });
+      await ctx.newAssetFace({ assetId: asset.id, personId: person.id });
+
+      const auth = factory.auth({ user: { id: user.id } });
+
+      const result = await sut.searchStatistics(auth, { personIds: [person.id] });
+
+      expect(result).toEqual({ total: 1 });
+    });
+
+    it('should return zero when no assets match the personIds filter', async () => {
+      const { sut, ctx } = setup();
+      const { user } = await ctx.newUser();
+      const { person } = await ctx.newPerson({ ownerId: user.id });
+
+      const auth = factory.auth({ user: { id: user.id } });
+
+      const result = await sut.searchStatistics(auth, { personIds: [person.id] });
+
+      expect(result).toEqual({ total: 0 });
+    });
+  });
 });

server/test/medium/specs/services/workflow.service.spec.ts

@@ -611,6 +611,100 @@ describe(WorkflowService.name, () => {
         sut.update(auth, created.id, { actions: [{ pluginActionId: factory.uuid(), actionConfig: {} }] }),
       ).rejects.toThrow();
     });
+
+    it('should update trigger type', async () => {
+      const { sut, ctx } = setup();
+      const { user } = await ctx.newUser();
+      const auth = factory.auth({ user });
+
+      const created = await sut.create(auth, {
+        triggerType: PluginTriggerType.PersonRecognized,
+        name: 'test-workflow',
+        description: 'Test',
+        enabled: true,
+        filters: [],
+        actions: [],
+      });
+
+      await sut.update(auth, created.id, {
+        triggerType: PluginTriggerType.AssetCreate,
+      });
+
+      const fetched = await sut.get(auth, created.id);
+      expect(fetched.triggerType).toBe(PluginTriggerType.AssetCreate);
+    });
+
+    it('should add filters', async () => {
+      const { sut, ctx } = setup();
+      const { user } = await ctx.newUser();
+      const auth = factory.auth({ user });
+
+      const created = await sut.create(auth, {
+        triggerType: PluginTriggerType.AssetCreate,
+        name: 'test-workflow',
+        description: 'Test',
+        enabled: true,
+        filters: [],
+        actions: [],
+      });
+
+      await sut.update(auth, created.id, {
+        filters: [
+          { pluginFilterId: testFilterId, filterConfig: { first: true } },
+          { pluginFilterId: testFilterId, filterConfig: { second: true } },
+        ],
+      });
+
+      const fetched = await sut.get(auth, created.id);
+      expect(fetched.filters).toHaveLength(2);
+      expect(fetched.filters[0].filterConfig).toEqual({ first: true });
+      expect(fetched.filters[1].filterConfig).toEqual({ second: true });
+    });
+
+    it('should replace existing filters', async () => {
+      const { sut, ctx } = setup();
+      const { user } = await ctx.newUser();
+      const auth = factory.auth({ user });
+
+      const created = await sut.create(auth, {
+        triggerType: PluginTriggerType.AssetCreate,
+        name: 'test-workflow',
+        description: 'Test',
+        enabled: true,
+        filters: [{ pluginFilterId: testFilterId, filterConfig: { original: true } }],
+        actions: [],
+      });
+
+      await sut.update(auth, created.id, {
+        filters: [{ pluginFilterId: testFilterId, filterConfig: { replaced: true } }],
+      });
+
+      const fetched = await sut.get(auth, created.id);
+      expect(fetched.filters).toHaveLength(1);
+      expect(fetched.filters[0].filterConfig).toEqual({ replaced: true });
+    });
+
+    it('should remove existing filters', async () => {
+      const { sut, ctx } = setup();
+      const { user } = await ctx.newUser();
+      const auth = factory.auth({ user });
+
+      const created = await sut.create(auth, {
+        triggerType: PluginTriggerType.AssetCreate,
+        name: 'test-workflow',
+        description: 'Test',
+        enabled: true,
+        filters: [{ pluginFilterId: testFilterId, filterConfig: { toRemove: true } }],
+        actions: [],
+      });
+
+      await sut.update(auth, created.id, {
+        filters: [],
+      });
+
+      const fetched = await sut.get(auth, created.id);
+      expect(fetched.filters).toHaveLength(0);
+    });
   });
 
   describe('delete', () => {

server/test/medium/specs/sync/sync-album-asset-exif.spec.ts

@@ -2,6 +2,7 @@ import { Kysely } from 'kysely';
 import { AlbumUserRole, SyncEntityType, SyncRequestType } from 'src/enum';
 import { AssetRepository } from 'src/repositories/asset.repository';
 import { DB } from 'src/schema';
+import { updateLockedColumns } from 'src/utils/database';
 import { SyncTestContext } from 'test/medium.factory';
 import { factory } from 'test/small.factory';
 import { getKyselyDB, wait } from 'test/utils';
@@ -288,10 +289,13 @@ describe(SyncRequestType.AlbumAssetExifsV1, () => {
 
     // update the asset
     const assetRepository = ctx.get(AssetRepository);
-    await assetRepository.upsertExif({
-      assetId: asset.id,
-      city: 'New City',
-    });
+    await assetRepository.upsertExif(
+      updateLockedColumns({
+        assetId: asset.id,
+        city: 'New City',
+      }),
+      { lockedPropertiesBehavior: 'append' },
+    );
 
     await expect(ctx.syncStream(auth, [SyncRequestType.AlbumAssetExifsV1])).resolves.toEqual([
       {
@@ -346,10 +350,13 @@ describe(SyncRequestType.AlbumAssetExifsV1, () => {
 
     // update the asset
     const assetRepository = ctx.get(AssetRepository);
-    await assetRepository.upsertExif({
-      assetId: assetDelayedExif.id,
-      city: 'Delayed Exif',
-    });
+    await assetRepository.upsertExif(
+      updateLockedColumns({
+        assetId: assetDelayedExif.id,
+        city: 'Delayed Exif',
+      }),
+      { lockedPropertiesBehavior: 'append' },
+    );
 
     await expect(ctx.syncStream(auth, [SyncRequestType.AlbumAssetExifsV1])).resolves.toEqual([
       {

server/test/repositories/config.repository.mock.ts

@@ -1,4 +1,4 @@
-import { DatabaseExtension, ImmichEnvironment, ImmichWorker } from 'src/enum';
+import { DatabaseExtension, ImmichEnvironment, ImmichWorker, LogFormat } from 'src/enum';
 import { ConfigRepository, EnvData } from 'src/repositories/config.repository';
 import { RepositoryInterface } from 'src/types';
 import { Mocked, vitest } from 'vitest';
@@ -6,6 +6,7 @@ import { Mocked, vitest } from 'vitest';
 const envData: EnvData = {
   port: 2283,
   environment: ImmichEnvironment.Production,
+  logFormat: LogFormat.Console,
 
   buildMetadata: {},
   bull: {
@@ -75,6 +76,10 @@ const envData: EnvData = {
     corePlugin: '/build/corePlugin',
   },
 
+  setup: {
+    allow: true,
+  },
+
   storage: {
     ignoreMountCheckErrors: false,
   },
@@ -88,8 +93,10 @@ const envData: EnvData = {
   workers: [ImmichWorker.Api, ImmichWorker.Microservices],
 
   plugins: {
-    enabled: true,
-    installFolder: '/app/data/plugins',
+    external: {
+      allow: true,
+      installFolder: '/app/data/plugins',
+    },
   },
 
   noColor: false,

server/test/small.factory.ts

@@ -4,6 +4,7 @@ import {
   AuthApiKey,
   AuthSharedLink,
   AuthUser,
+  Exif,
   Library,
   Memory,
   Partner,
@@ -319,18 +320,28 @@ const versionHistoryFactory = () => ({
   version: '1.123.45',
 });
 
-const assetSidecarWriteFactory = () => ({
-  id: newUuid(),
-  originalPath: '/path/to/original-path.jpg.xmp',
-  tags: [],
-  files: [
-    {
-      id: newUuid(),
-      path: '/path/to/original-path.jpg.xmp',
-      type: AssetFileType.Sidecar,
-    },
-  ],
-});
+const assetSidecarWriteFactory = () => {
+  const id = newUuid();
+  return {
+    id,
+    originalPath: '/path/to/original-path.jpg.xmp',
+    tags: [],
+    files: [
+      {
+        id: newUuid(),
+        path: '/path/to/original-path.jpg.xmp',
+        type: AssetFileType.Sidecar,
+      },
+    ],
+    exifInfo: {
+      assetId: id,
+      description: 'this is a description',
+      latitude: 12,
+      longitude: 12,
+      dateTimeOriginal: '2023-11-22T04:56:12.196Z',
+    } as unknown as Exif,
+  };
+};
 
 const assetOcrFactory = (
   ocr: {