Version v1.70.0

fix: people in shared assets (#3431 )
* fix: people in shared assets * use empty array
2025-12-09 14:21:02 -08:00 · 2023-07-27 03:40:16 +00:00 · 2023-07-26 21:14:50 -05:00 · 2023-07-26 18:29:35 +00:00 · 2023-07-25 09:29:40 -05:00 · 2023-07-25 05:17:59 +00:00
284 changed files with 26600 additions and 23420 deletions
--- a/.github/workflows/docker-cleanup.yml
+++ b/.github/workflows/docker-cleanup.yml
@@ -38,7 +38,7 @@ jobs:
      -
        name: Clean temporary images
        if: "${{ env.TOKEN != '' }}"
-        uses: stumpylog/image-cleaner-action/ephemeral@v0.1.0
+        uses: stumpylog/image-cleaner-action/ephemeral@v0.2.0
        with:
          token: "${{ env.TOKEN }}"
          owner: "immich-app"
@@ -70,7 +70,7 @@ jobs:
      -
        name: Clean untagged images
        if: "${{ env.TOKEN != '' }}"
-        uses: stumpylog/image-cleaner-action/untagged@v0.1.0
+        uses: stumpylog/image-cleaner-action/untagged@v0.2.0
        with:
          token: "${{ env.TOKEN }}"
          owner: "immich-app"
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -136,9 +136,9 @@ jobs:
        run: npm run check:typescript
        if: ${{ !cancelled() }}

-      - name: Run unit tests & coverage
-        run: npm run test:cov
-        if: ${{ !cancelled() }}
+      # - name: Run unit tests & coverage
+      #   run: npm run test:cov
+      #   if: ${{ !cancelled() }}

  mobile-unit-tests:
    name: Run mobile unit tests
--- a/4
+++ b/4
@@ -23,10 +23,10 @@ test-e2e:
 	docker-compose -f ./docker/docker-compose.test.yml --env-file ./docker/.env.test -p immich-test-e2e up  --renew-anon-volumes --abort-on-container-exit --exit-code-from immich-server-test --remove-orphans --build

 prod:
-	docker-compose -f ./docker/docker-compose.yml up --build -V --remove-orphans
+	docker-compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans

 prod-scale:
-	docker-compose -f ./docker/docker-compose.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans
+	docker-compose -f ./docker/docker-compose.prod.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans

 api:
 	cd ./server && npm run api:generate
--- a/cli/asdf
+++ b/cli/asdf
--- a/cli/jest.config.ts
+++ b/cli/jest.config.ts
@@ -1,8 +0,0 @@
-import type { Config } from 'jest';
-
-const config: Config = {
-  preset: 'ts-jest',
-  setupFilesAfterEnv: ['jest-extended/all'],
-};
-
-export default config;
--- a/cli/package-lock.json
+++ b/cli/package-lock.json
@@ -8,9 +8,14 @@
      "name": "immich-cli",
      "dependencies": {
        "axios": "^1.4.0",
+        "byte-size": "^8.1.1",
+        "cli-progress": "^3.12.0",
+        "commander": "^11.0.0",
        "form-data": "^4.0.0",
-        "mime-types": "^2.1.35",
-        "systeminformation": "^5.18.4"
+        "glob": "^10.3.1",
+        "picomatch": "^2.3.1",
+        "systeminformation": "^5.18.4",
+        "yaml": "^2.3.1"
      },
      "devDependencies": {
        "@types/byte-size": "^8.1.0",
@@ -22,28 +27,23 @@
        "@types/mock-fs": "^4.13.1",
        "@types/node": "^20.3.1",
        "@typescript-eslint/eslint-plugin": "^5.60.1",
-        "byte-size": "^8.1.1",
+        "@typescript-eslint/parser": "^5.48.1",
        "chai": "^4.3.7",
-        "cli-progress": "^3.12.0",
-        "commander": "^11.0.0",
        "eslint": "^8.43.0",
        "eslint-config-prettier": "^8.8.0",
        "eslint-plugin-jest": "^27.2.2",
        "eslint-plugin-prettier": "^4.2.1",
        "eslint-plugin-unicorn": "^47.0.0",
-        "glob": "^10.3.1",
        "jest": "^29.5.0",
        "jest-extended": "^4.0.0",
        "jest-message-util": "^29.5.0",
        "jest-mock-axios": "^4.7.2",
        "jest-when": "^3.5.2",
        "mock-fs": "^5.2.0",
-        "picomatch": "^2.3.1",
        "ts-jest": "^29.1.0",
        "ts-node": "^10.9.1",
        "tslib": "^2.5.3",
-        "typescript": "^4.9.4",
-        "yaml": "^2.3.1"
+        "typescript": "^4.9.4"
      }
    },
    "node_modules/@ampproject/remapping": {
@@ -111,9 +111,9 @@
      }
    },
    "node_modules/@babel/core/node_modules/semver": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
-      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
      "dev": true,
      "bin": {
        "semver": "bin/semver.js"
@@ -154,9 +154,9 @@
      }
    },
    "node_modules/@babel/helper-compilation-targets/node_modules/semver": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
-      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
      "dev": true,
      "bin": {
        "semver": "bin/semver.js"
@@ -772,7 +772,6 @@
      "version": "8.0.2",
      "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
      "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==",
-      "dev": true,
      "dependencies": {
        "string-width": "^5.1.2",
        "string-width-cjs": "npm:string-width@^4.2.0",
@@ -789,7 +788,6 @@
      "version": "6.0.1",
      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
      "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==",
-      "dev": true,
      "engines": {
        "node": ">=12"
      },
@@ -801,7 +799,6 @@
      "version": "6.2.1",
      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz",
      "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==",
-      "dev": true,
      "engines": {
        "node": ">=12"
      },
@@ -812,14 +809,12 @@
    "node_modules/@isaacs/cliui/node_modules/emoji-regex": {
      "version": "9.2.2",
      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
-      "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==",
-      "dev": true
+      "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg=="
    },
    "node_modules/@isaacs/cliui/node_modules/string-width": {
      "version": "5.1.2",
      "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
      "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
-      "dev": true,
      "dependencies": {
        "eastasianwidth": "^0.2.0",
        "emoji-regex": "^9.2.2",
@@ -836,7 +831,6 @@
      "version": "7.1.0",
      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz",
      "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==",
-      "dev": true,
      "dependencies": {
        "ansi-regex": "^6.0.1"
      },
@@ -851,7 +845,6 @@
      "version": "8.1.0",
      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
      "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
-      "dev": true,
      "dependencies": {
        "ansi-styles": "^6.1.0",
        "string-width": "^5.0.1",
@@ -1347,7 +1340,6 @@
      "version": "0.11.0",
      "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz",
      "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==",
-      "dev": true,
      "optional": true,
      "engines": {
        "node": ">=14"
@@ -1664,7 +1656,6 @@
      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.60.1.tgz",
      "integrity": "sha512-pHWlc3alg2oSMGwsU/Is8hbm3XFbcrb6P5wIxcQW9NsYBfnrubl/GhVVD/Jm/t8HXhA2WncoIRfBtnCgRGV96Q==",
      "dev": true,
-      "peer": true,
      "dependencies": {
        "@typescript-eslint/scope-manager": "5.60.1",
        "@typescript-eslint/types": "5.60.1",
@@ -1692,7 +1683,6 @@
      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.60.1.tgz",
      "integrity": "sha512-Dn/LnN7fEoRD+KspEOV0xDMynEmR3iSHdgNsarlXNLGGtcUok8L4N71dxUgt3YvlO8si7E+BJ5Fe3wb5yUw7DQ==",
      "dev": true,
-      "peer": true,
      "dependencies": {
        "@typescript-eslint/types": "5.60.1",
        "@typescript-eslint/visitor-keys": "5.60.1"
@@ -1710,7 +1700,6 @@
      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.60.1.tgz",
      "integrity": "sha512-zDcDx5fccU8BA0IDZc71bAtYIcG9PowaOwaD8rjYbqwK7dpe/UMQl3inJ4UtUK42nOCT41jTSCwg76E62JpMcg==",
      "dev": true,
-      "peer": true,
      "engines": {
        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
      },
@@ -1724,7 +1713,6 @@
      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.60.1.tgz",
      "integrity": "sha512-hkX70J9+2M2ZT6fhti5Q2FoU9zb+GeZK2SLP1WZlvUDqdMbEKhexZODD1WodNRyO8eS+4nScvT0dts8IdaBzfw==",
      "dev": true,
-      "peer": true,
      "dependencies": {
        "@typescript-eslint/types": "5.60.1",
        "@typescript-eslint/visitor-keys": "5.60.1",
@@ -1752,7 +1740,6 @@
      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.60.1.tgz",
      "integrity": "sha512-xEYIxKcultP6E/RMKqube11pGjXH1DCo60mQoWhVYyKfLkwbIVVjYxmOenNMxILx0TjCujPTjjnTIVzm09TXIw==",
      "dev": true,
-      "peer": true,
      "dependencies": {
        "@typescript-eslint/types": "5.60.1",
        "eslint-visitor-keys": "^3.3.0"
@@ -2036,7 +2023,6 @@
      "version": "5.0.1",
      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
-      "dev": true,
      "engines": {
        "node": ">=8"
      }
@@ -2045,7 +2031,6 @@
      "version": "4.3.0",
      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dev": true,
      "dependencies": {
        "color-convert": "^2.0.1"
      },
@@ -2211,8 +2196,7 @@
    "node_modules/balanced-match": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
-      "dev": true
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
    },
    "node_modules/brace-expansion": {
      "version": "1.1.11",
@@ -2311,7 +2295,6 @@
      "version": "8.1.1",
      "resolved": "https://registry.npmjs.org/byte-size/-/byte-size-8.1.1.tgz",
      "integrity": "sha512-tUkzZWK0M/qdoLEqikxBWe4kumyuwjl3HO6zHTr4yEI23EojPtLYXdG1+AQY7MN0cGyNDvEaJ8wiYQm6P2bPxg==",
-      "dev": true,
      "engines": {
        "node": ">=12.17"
      }
@@ -2464,7 +2447,6 @@
      "version": "3.12.0",
      "resolved": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz",
      "integrity": "sha512-tRkV3HJ1ASwm19THiiLIXLO7Im7wlTuKnvkYaTkyoAPefqjNg7W7DHKUlGRxy9vxDvbyCYQkQozvptuMkGCg8A==",
-      "dev": true,
      "dependencies": {
        "string-width": "^4.2.3"
      },
@@ -2506,7 +2488,6 @@
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dev": true,
      "dependencies": {
        "color-name": "~1.1.4"
      },
@@ -2517,8 +2498,7 @@
    "node_modules/color-name": {
      "version": "1.1.4",
      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
-      "dev": true
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
    },
    "node_modules/combined-stream": {
      "version": "1.0.8",
@@ -2535,7 +2515,6 @@
      "version": "11.0.0",
      "resolved": "https://registry.npmjs.org/commander/-/commander-11.0.0.tgz",
      "integrity": "sha512-9HMlXtt/BNoYr8ooyjjNRdIilOTkVJXB+GhxMTtOKwk0R4j4lS4NpjuqmRxroBfnfTSHQIHQB7wryHhXarNjmQ==",
-      "dev": true,
      "engines": {
        "node": ">=16"
      }
@@ -2562,7 +2541,6 @@
      "version": "7.0.3",
      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
-      "dev": true,
      "dependencies": {
        "path-key": "^3.1.0",
        "shebang-command": "^2.0.0",
@@ -2675,8 +2653,7 @@
    "node_modules/eastasianwidth": {
      "version": "0.2.0",
      "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
-      "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==",
-      "dev": true
+      "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA=="
    },
    "node_modules/electron-to-chromium": {
      "version": "1.4.440",
@@ -2699,8 +2676,7 @@
    "node_modules/emoji-regex": {
      "version": "8.0.0",
      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
-      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
-      "dev": true
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="
    },
    "node_modules/error-ex": {
      "version": "1.3.2",
@@ -2801,9 +2777,9 @@
      }
    },
    "node_modules/eslint-plugin-jest": {
-      "version": "27.2.2",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-27.2.2.tgz",
-      "integrity": "sha512-euzbp06F934Z7UDl5ZUaRPLAc9MKjh0rMPERrHT7UhlCEwgb25kBj37TvMgWeHZVkR5I9CayswrpoaqZU1RImw==",
+      "version": "27.2.3",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-27.2.3.tgz",
+      "integrity": "sha512-sRLlSCpICzWuje66Gl9zvdF6mwD5X86I4u55hJyFBsxYOsBCmT5+kSUjf+fkFWVMMgpzNEupjW8WzUqi83hJAQ==",
      "dev": true,
      "dependencies": {
        "@typescript-eslint/utils": "^5.10.0"
@@ -2812,7 +2788,7 @@
        "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
      },
      "peerDependencies": {
-        "@typescript-eslint/eslint-plugin": "^5.0.0",
+        "@typescript-eslint/eslint-plugin": "^5.0.0 || ^6.0.0",
        "eslint": "^7.0.0 || ^8.0.0",
        "jest": "*"
      },
@@ -3203,7 +3179,6 @@
      "version": "3.1.1",
      "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz",
      "integrity": "sha512-TMKDUnIte6bfb5nWv7V/caI169OHgvwjb7V4WkeUvbQQdjr5rWKqHFiKWb/fcOwB+CzBT+qbWjvj+DVwRskpIg==",
-      "dev": true,
      "dependencies": {
        "cross-spawn": "^7.0.0",
        "signal-exit": "^4.0.1"
@@ -3219,7 +3194,6 @@
      "version": "4.0.2",
      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.0.2.tgz",
      "integrity": "sha512-MY2/qGx4enyjprQnFaZsHib3Yadh3IXyV2C321GY0pjGfVBu4un0uDJkwgdxqO+Rdx8JMT8IfJIRwbYVz3Ob3Q==",
-      "dev": true,
      "engines": {
        "node": ">=14"
      },
@@ -3318,7 +3292,6 @@
      "version": "10.3.1",
      "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.1.tgz",
      "integrity": "sha512-9BKYcEeIs7QwlCYs+Y3GBvqAMISufUS0i2ELd11zpZjxI5V9iyRj0HgzB5/cLf2NY4vcYBTYzJ7GIui7j/4DOw==",
-      "dev": true,
      "dependencies": {
        "foreground-child": "^3.1.0",
        "jackspeak": "^2.0.3",
@@ -3352,7 +3325,6 @@
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
-      "dev": true,
      "dependencies": {
        "balanced-match": "^1.0.0"
      }
@@ -3361,7 +3333,6 @@
      "version": "9.0.2",
      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.2.tgz",
      "integrity": "sha512-PZOT9g5v2ojiTL7r1xF6plNHLtOeTpSlDI007As2NlA2aYBMfVom17yqa6QzhmDP8QOhn7LjHTg7DFCVSSa6yg==",
-      "dev": true,
      "dependencies": {
        "brace-expansion": "^2.0.1"
      },
@@ -3458,6 +3429,12 @@
        "node": ">=8"
      }
    },
+    "node_modules/hosted-git-info": {
+      "version": "2.8.9",
+      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz",
+      "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==",
+      "dev": true
+    },
    "node_modules/html-escaper": {
      "version": "2.0.2",
      "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz",
@@ -3597,7 +3574,6 @@
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
-      "dev": true,
      "engines": {
        "node": ">=8"
      }
@@ -3656,8 +3632,7 @@
    "node_modules/isexe": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
-      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==",
-      "dev": true
+      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw=="
    },
    "node_modules/istanbul-lib-coverage": {
      "version": "3.2.0",
@@ -3685,9 +3660,9 @@
      }
    },
    "node_modules/istanbul-lib-instrument/node_modules/semver": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
-      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
      "dev": true,
      "bin": {
        "semver": "bin/semver.js"
@@ -3750,7 +3725,6 @@
      "version": "2.2.1",
      "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.2.1.tgz",
      "integrity": "sha512-MXbxovZ/Pm42f6cDIDkl3xpwv1AGwObKwfmjs2nQePiy85tP3fatofl3FC1aBsOtP/6fq5SbtgHwWcMsLP+bDw==",
-      "dev": true,
      "dependencies": {
        "@isaacs/cliui": "^8.0.2"
      },
@@ -3933,24 +3907,6 @@
        "url": "https://github.com/sponsors/isaacs"
      }
    },
-    "node_modules/jest-config/node_modules/parse-json": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz",
-      "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==",
-      "dev": true,
-      "dependencies": {
-        "@babel/code-frame": "^7.0.0",
-        "error-ex": "^1.3.1",
-        "json-parse-even-better-errors": "^2.3.0",
-        "lines-and-columns": "^1.1.6"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
    "node_modules/jest-diff": {
      "version": "29.5.0",
      "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.5.0.tgz",
@@ -4571,9 +4527,9 @@
      }
    },
    "node_modules/make-dir/node_modules/semver": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
-      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
      "dev": true,
      "bin": {
        "semver": "bin/semver.js"
@@ -4675,7 +4631,6 @@
      "version": "6.0.2",
      "resolved": "https://registry.npmjs.org/minipass/-/minipass-6.0.2.tgz",
      "integrity": "sha512-MzWSV5nYVT7mVyWCwn2o7JH13w2TBRmmSqSRCKzTw+lmft9X4z+3wjvs06Tzijo5z4W/kahUCDpRXTF+ZrmF/w==",
-      "dev": true,
      "engines": {
        "node": ">=16 || 14 >=14.17"
      }
@@ -4719,6 +4674,27 @@
      "integrity": "sha512-QzsYKWhXTWx8h1kIvqfnC++o0pEmpRQA/aenALsL2F4pqNVr7YzcdMlDij5WBnwftRbJCNJL/O7zdKaxKPHqgQ==",
      "dev": true
    },
+    "node_modules/normalize-package-data": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz",
+      "integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==",
+      "dev": true,
+      "dependencies": {
+        "hosted-git-info": "^2.1.4",
+        "resolve": "^1.10.0",
+        "semver": "2 || 3 || 4 || 5",
+        "validate-npm-package-license": "^3.0.1"
+      }
+    },
+    "node_modules/normalize-package-data/node_modules/semver": {
+      "version": "5.7.2",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz",
+      "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==",
+      "dev": true,
+      "bin": {
+        "semver": "bin/semver"
+      }
+    },
    "node_modules/normalize-path": {
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
@@ -4838,6 +4814,24 @@
        "node": ">=6"
      }
    },
+    "node_modules/parse-json": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz",
+      "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==",
+      "dev": true,
+      "dependencies": {
+        "@babel/code-frame": "^7.0.0",
+        "error-ex": "^1.3.1",
+        "json-parse-even-better-errors": "^2.3.0",
+        "lines-and-columns": "^1.1.6"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
    "node_modules/path-exists": {
      "version": "4.0.0",
      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
@@ -4860,7 +4854,6 @@
      "version": "3.1.1",
      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
-      "dev": true,
      "engines": {
        "node": ">=8"
      }
@@ -4875,7 +4868,6 @@
      "version": "1.10.0",
      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.0.tgz",
      "integrity": "sha512-tZFEaRQbMLjwrsmidsGJ6wDMv0iazJWk6SfIKnY4Xru8auXgmJkOBa5DUbYFcFD2Rzk2+KDlIiF0GVXNCbgC7g==",
-      "dev": true,
      "dependencies": {
        "lru-cache": "^9.1.1 || ^10.0.0",
        "minipass": "^5.0.0 || ^6.0.2"
@@ -4891,7 +4883,6 @@
      "version": "10.0.0",
      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.0.0.tgz",
      "integrity": "sha512-svTf/fzsKHffP42sujkO/Rjs37BCIsQVRCeNYIm9WN8rgT7ffoUnRtZCqU+6BqcSBdv8gwJeTz8knJpgACeQMw==",
-      "dev": true,
      "engines": {
        "node": "14 || >=16.14"
      }
@@ -4924,7 +4915,6 @@
      "version": "2.3.1",
      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
-      "dev": true,
      "engines": {
        "node": ">=8.6"
      },
@@ -5239,51 +5229,6 @@
        "node": ">=8"
      }
    },
-    "node_modules/read-pkg/node_modules/hosted-git-info": {
-      "version": "2.8.9",
-      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz",
-      "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==",
-      "dev": true
-    },
-    "node_modules/read-pkg/node_modules/normalize-package-data": {
-      "version": "2.5.0",
-      "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz",
-      "integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==",
-      "dev": true,
-      "dependencies": {
-        "hosted-git-info": "^2.1.4",
-        "resolve": "^1.10.0",
-        "semver": "2 || 3 || 4 || 5",
-        "validate-npm-package-license": "^3.0.1"
-      }
-    },
-    "node_modules/read-pkg/node_modules/parse-json": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz",
-      "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==",
-      "dev": true,
-      "dependencies": {
-        "@babel/code-frame": "^7.0.0",
-        "error-ex": "^1.3.1",
-        "json-parse-even-better-errors": "^2.3.0",
-        "lines-and-columns": "^1.1.6"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/read-pkg/node_modules/semver": {
-      "version": "5.7.1",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
-      "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
-      "dev": true,
-      "bin": {
-        "semver": "bin/semver"
-      }
-    },
    "node_modules/read-pkg/node_modules/type-fest": {
      "version": "0.6.0",
      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz",
@@ -5502,7 +5447,6 @@
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
-      "dev": true,
      "dependencies": {
        "shebang-regex": "^3.0.0"
      },
@@ -5514,7 +5458,6 @@
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
-      "dev": true,
      "engines": {
        "node": ">=8"
      }
@@ -5635,7 +5578,6 @@
      "version": "4.2.3",
      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
-      "dev": true,
      "dependencies": {
        "emoji-regex": "^8.0.0",
        "is-fullwidth-code-point": "^3.0.0",
@@ -5650,7 +5592,6 @@
      "version": "4.2.3",
      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
-      "dev": true,
      "dependencies": {
        "emoji-regex": "^8.0.0",
        "is-fullwidth-code-point": "^3.0.0",
@@ -5664,7 +5605,6 @@
      "version": "6.0.1",
      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
-      "dev": true,
      "dependencies": {
        "ansi-regex": "^5.0.1"
      },
@@ -5677,7 +5617,6 @@
      "version": "6.0.1",
      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
-      "dev": true,
      "dependencies": {
        "ansi-regex": "^5.0.1"
      },
@@ -6111,7 +6050,6 @@
      "version": "2.0.2",
      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
-      "dev": true,
      "dependencies": {
        "isexe": "^2.0.0"
      },
@@ -6123,9 +6061,9 @@
      }
    },
    "node_modules/word-wrap": {
-      "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz",
-      "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==",
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.4.tgz",
+      "integrity": "sha512-2V81OA4ugVo5pRo46hAoD2ivUJx8jXmWXfUkY4KFNw0hEptvN0QfH3K4nHiwzGeKl5rFKedV48QVoqYavy4YpA==",
      "dev": true,
      "engines": {
        "node": ">=0.10.0"
@@ -6153,7 +6091,6 @@
      "version": "7.0.0",
      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
-      "dev": true,
      "dependencies": {
        "ansi-styles": "^4.0.0",
        "string-width": "^4.1.0",
@@ -6204,7 +6141,6 @@
      "version": "2.3.1",
      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.1.tgz",
      "integrity": "sha512-2eHWfjaoXgTBC2jNM1LRef62VQa0umtvRiDSk6HSzW7RvS5YtkabJrwYLLEKWBc8a5U2PTSCs+dJjUTJdlHsWQ==",
-      "dev": true,
      "engines": {
        "node": ">= 14"
      }
--- a/cli/package.json
+++ b/cli/package.json
@@ -2,9 +2,14 @@
  "name": "immich-cli",
  "dependencies": {
    "axios": "^1.4.0",
+    "byte-size": "^8.1.1",
+    "cli-progress": "^3.12.0",
+    "commander": "^11.0.0",
    "form-data": "^4.0.0",
-    "mime-types": "^2.1.35",
-    "systeminformation": "^5.18.4"
+    "glob": "^10.3.1",
+    "picomatch": "^2.3.1",
+    "systeminformation": "^5.18.4",
+    "yaml": "^2.3.1"
  },
  "devDependencies": {
    "@types/byte-size": "^8.1.0",
@@ -16,34 +21,48 @@
    "@types/mock-fs": "^4.13.1",
    "@types/node": "^20.3.1",
    "@typescript-eslint/eslint-plugin": "^5.60.1",
-    "byte-size": "^8.1.1",
+    "@typescript-eslint/parser": "^5.48.1",
    "chai": "^4.3.7",
-    "cli-progress": "^3.12.0",
-    "commander": "^11.0.0",
    "eslint": "^8.43.0",
    "eslint-config-prettier": "^8.8.0",
    "eslint-plugin-jest": "^27.2.2",
    "eslint-plugin-prettier": "^4.2.1",
    "eslint-plugin-unicorn": "^47.0.0",
-    "glob": "^10.3.1",
    "jest": "^29.5.0",
    "jest-extended": "^4.0.0",
    "jest-message-util": "^29.5.0",
    "jest-mock-axios": "^4.7.2",
    "jest-when": "^3.5.2",
    "mock-fs": "^5.2.0",
-    "picomatch": "^2.3.1",
    "ts-jest": "^29.1.0",
    "ts-node": "^10.9.1",
    "tslib": "^2.5.3",
-    "typescript": "^4.9.4",
-    "yaml": "^2.3.1"
+    "typescript": "^4.9.4"
  },
  "scripts": {
+    "build": "tsc --project tsconfig.build.json",
    "lint": "eslint \"src/**/*.ts\" --max-warnings 0",
    "prepack": "yarn build ",
    "test": "jest",
    "test:cov": "jest --coverage",
    "format": "prettier --check ."
+  },
+  "jest": {
+    "clearMocks": true,
+    "moduleFileExtensions": [
+      "js",
+      "json",
+      "ts"
+    ],
+    "rootDir": ".",
+    "testRegex": ".*\\.spec\\.ts$",
+    "transform": {
+      "^.+\\.ts$": "ts-jest"
+    },
+    "collectCoverageFrom": [
+      "<rootDir>/src/**/*.(t|j)s"
+    ],
+    "coverageDirectory": "./coverage",
+    "testEnvironment": "node"
  }
 }
--- a/cli/src/api/open-api/api.ts
+++ b/cli/src/api/open-api/api.ts
@@ -4,7 +4,7 @@
 * Immich
 * Immich API
 *
- * The version of the OpenAPI document: 1.67.2
+ * The version of the OpenAPI document: 1.70.0
 * 
 *
 * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
@@ -1777,6 +1777,75 @@ export interface OAuthConfigResponseDto {
     */
    'autoLaunch'?: boolean;
 }
+/**
+ * 
+ * @export
+ * @interface PeopleResponseDto
+ */
+export interface PeopleResponseDto {
+    /**
+     * 
+     * @type {number}
+     * @memberof PeopleResponseDto
+     */
+    'total': number;
+    /**
+     * 
+     * @type {number}
+     * @memberof PeopleResponseDto
+     */
+    'visible': number;
+    /**
+     * 
+     * @type {Array<PersonResponseDto>}
+     * @memberof PeopleResponseDto
+     */
+    'people': Array<PersonResponseDto>;
+}
+/**
+ * 
+ * @export
+ * @interface PeopleUpdateDto
+ */
+export interface PeopleUpdateDto {
+    /**
+     * 
+     * @type {Array<PeopleUpdateItem>}
+     * @memberof PeopleUpdateDto
+     */
+    'people': Array<PeopleUpdateItem>;
+}
+/**
+ * 
+ * @export
+ * @interface PeopleUpdateItem
+ */
+export interface PeopleUpdateItem {
+    /**
+     * Person id.
+     * @type {string}
+     * @memberof PeopleUpdateItem
+     */
+    'id': string;
+    /**
+     * Person name.
+     * @type {string}
+     * @memberof PeopleUpdateItem
+     */
+    'name'?: string;
+    /**
+     * Asset is used to get the feature face thumbnail.
+     * @type {string}
+     * @memberof PeopleUpdateItem
+     */
+    'featureFaceAssetId'?: string;
+    /**
+     * Person visibility
+     * @type {boolean}
+     * @memberof PeopleUpdateItem
+     */
+    'isHidden'?: boolean;
+}
 /**
 * 
 * @export
@@ -1801,6 +1870,12 @@ export interface PersonResponseDto {
     * @memberof PersonResponseDto
     */
    'thumbnailPath': string;
+    /**
+     * 
+     * @type {boolean}
+     * @memberof PersonResponseDto
+     */
+    'isHidden': boolean;
 }
 /**
 * 
@@ -1820,6 +1895,12 @@ export interface PersonUpdateDto {
     * @memberof PersonUpdateDto
     */
    'featureFaceAssetId'?: string;
+    /**
+     * Person visibility
+     * @type {boolean}
+     * @memberof PersonUpdateDto
+     */
+    'isHidden'?: boolean;
 }
 /**
 * 
@@ -2085,6 +2166,31 @@ export interface ServerInfoResponseDto {
     */
    'diskAvailable': string;
 }
+/**
+ * 
+ * @export
+ * @interface ServerMediaTypesResponseDto
+ */
+export interface ServerMediaTypesResponseDto {
+    /**
+     * 
+     * @type {Array<string>}
+     * @memberof ServerMediaTypesResponseDto
+     */
+    'video': Array<string>;
+    /**
+     * 
+     * @type {Array<string>}
+     * @memberof ServerMediaTypesResponseDto
+     */
+    'image': Array<string>;
+    /**
+     * 
+     * @type {Array<string>}
+     * @memberof ServerMediaTypesResponseDto
+     */
+    'sidecar': Array<string>;
+}
 /**
 * 
 * @export
@@ -2596,6 +2702,12 @@ export interface SystemConfigOAuthDto {
     * @memberof SystemConfigOAuthDto
     */
    'scope': string;
+    /**
+     * 
+     * @type {string}
+     * @memberof SystemConfigOAuthDto
+     */
+    'storageLabelClaim': string;
    /**
     * 
     * @type {string}
@@ -8613,10 +8725,11 @@ export const PersonApiAxiosParamCreator = function (configuration?: Configuratio
    return {
        /**
         * 
+         * @param {boolean} [withHidden] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
         */
-        getAllPeople: async (options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
+        getAllPeople: async (withHidden?: boolean, options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
            const localVarPath = `/person`;
            // use dummy base URL string because the URL constructor only accepts absolute URLs.
            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
@@ -8638,6 +8751,10 @@ export const PersonApiAxiosParamCreator = function (configuration?: Configuratio
            // http bearer authentication required
            await setBearerAuthToObject(localVarHeaderParameter, configuration)

+            if (withHidden !== undefined) {
+                localVarQueryParameter['withHidden'] = withHidden;
+            }
+

    
            setSearchParams(localVarUrlObj, localVarQueryParameter);
@@ -8823,6 +8940,50 @@ export const PersonApiAxiosParamCreator = function (configuration?: Configuratio
                options: localVarRequestOptions,
            };
        },
+        /**
+         * 
+         * @param {PeopleUpdateDto} peopleUpdateDto 
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        updatePeople: async (peopleUpdateDto: PeopleUpdateDto, options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
+            // verify required parameter 'peopleUpdateDto' is not null or undefined
+            assertParamExists('updatePeople', 'peopleUpdateDto', peopleUpdateDto)
+            const localVarPath = `/person`;
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'PUT', ...baseOptions, ...options};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+            // authentication cookie required
+
+            // authentication api_key required
+            await setApiKeyToObject(localVarHeaderParameter, "x-api-key", configuration)
+
+            // authentication bearer required
+            // http bearer authentication required
+            await setBearerAuthToObject(localVarHeaderParameter, configuration)
+
+
+    
+            localVarHeaderParameter['Content-Type'] = 'application/json';
+
+            setSearchParams(localVarUrlObj, localVarQueryParameter);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers};
+            localVarRequestOptions.data = serializeDataIfNeeded(peopleUpdateDto, localVarRequestOptions, configuration)
+
+            return {
+                url: toPathString(localVarUrlObj),
+                options: localVarRequestOptions,
+            };
+        },
        /**
         * 
         * @param {string} id 
@@ -8883,11 +9044,12 @@ export const PersonApiFp = function(configuration?: Configuration) {
    return {
        /**
         * 
+         * @param {boolean} [withHidden] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
         */
-        async getAllPeople(options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<Array<PersonResponseDto>>> {
-            const localVarAxiosArgs = await localVarAxiosParamCreator.getAllPeople(options);
+        async getAllPeople(withHidden?: boolean, options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<PeopleResponseDto>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.getAllPeople(withHidden, options);
            return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
        },
        /**
@@ -8931,6 +9093,16 @@ export const PersonApiFp = function(configuration?: Configuration) {
            const localVarAxiosArgs = await localVarAxiosParamCreator.mergePerson(id, mergePersonDto, options);
            return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
        },
+        /**
+         * 
+         * @param {PeopleUpdateDto} peopleUpdateDto 
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        async updatePeople(peopleUpdateDto: PeopleUpdateDto, options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<Array<BulkIdResponseDto>>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.updatePeople(peopleUpdateDto, options);
+            return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
+        },
        /**
         * 
         * @param {string} id 
@@ -8954,11 +9126,12 @@ export const PersonApiFactory = function (configuration?: Configuration, basePat
    return {
        /**
         * 
+         * @param {PersonApiGetAllPeopleRequest} requestParameters Request parameters.
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
         */
-        getAllPeople(options?: AxiosRequestConfig): AxiosPromise<Array<PersonResponseDto>> {
-            return localVarFp.getAllPeople(options).then((request) => request(axios, basePath));
+        getAllPeople(requestParameters: PersonApiGetAllPeopleRequest = {}, options?: AxiosRequestConfig): AxiosPromise<PeopleResponseDto> {
+            return localVarFp.getAllPeople(requestParameters.withHidden, options).then((request) => request(axios, basePath));
        },
        /**
         * 
@@ -8996,6 +9169,15 @@ export const PersonApiFactory = function (configuration?: Configuration, basePat
        mergePerson(requestParameters: PersonApiMergePersonRequest, options?: AxiosRequestConfig): AxiosPromise<Array<BulkIdResponseDto>> {
            return localVarFp.mergePerson(requestParameters.id, requestParameters.mergePersonDto, options).then((request) => request(axios, basePath));
        },
+        /**
+         * 
+         * @param {PersonApiUpdatePeopleRequest} requestParameters Request parameters.
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        updatePeople(requestParameters: PersonApiUpdatePeopleRequest, options?: AxiosRequestConfig): AxiosPromise<Array<BulkIdResponseDto>> {
+            return localVarFp.updatePeople(requestParameters.peopleUpdateDto, options).then((request) => request(axios, basePath));
+        },
        /**
         * 
         * @param {PersonApiUpdatePersonRequest} requestParameters Request parameters.
@@ -9008,6 +9190,20 @@ export const PersonApiFactory = function (configuration?: Configuration, basePat
    };
 };

+/**
+ * Request parameters for getAllPeople operation in PersonApi.
+ * @export
+ * @interface PersonApiGetAllPeopleRequest
+ */
+export interface PersonApiGetAllPeopleRequest {
+    /**
+     * 
+     * @type {boolean}
+     * @memberof PersonApiGetAllPeople
+     */
+    readonly withHidden?: boolean
+}
+
 /**
 * Request parameters for getPerson operation in PersonApi.
 * @export
@@ -9071,6 +9267,20 @@ export interface PersonApiMergePersonRequest {
    readonly mergePersonDto: MergePersonDto
 }

+/**
+ * Request parameters for updatePeople operation in PersonApi.
+ * @export
+ * @interface PersonApiUpdatePeopleRequest
+ */
+export interface PersonApiUpdatePeopleRequest {
+    /**
+     * 
+     * @type {PeopleUpdateDto}
+     * @memberof PersonApiUpdatePeople
+     */
+    readonly peopleUpdateDto: PeopleUpdateDto
+}
+
 /**
 * Request parameters for updatePerson operation in PersonApi.
 * @export
@@ -9101,12 +9311,13 @@ export interface PersonApiUpdatePersonRequest {
 export class PersonApi extends BaseAPI {
    /**
     * 
+     * @param {PersonApiGetAllPeopleRequest} requestParameters Request parameters.
     * @param {*} [options] Override http request option.
     * @throws {RequiredError}
     * @memberof PersonApi
     */
-    public getAllPeople(options?: AxiosRequestConfig) {
-        return PersonApiFp(this.configuration).getAllPeople(options).then((request) => request(this.axios, this.basePath));
+    public getAllPeople(requestParameters: PersonApiGetAllPeopleRequest = {}, options?: AxiosRequestConfig) {
+        return PersonApiFp(this.configuration).getAllPeople(requestParameters.withHidden, options).then((request) => request(this.axios, this.basePath));
    }

    /**
@@ -9153,6 +9364,17 @@ export class PersonApi extends BaseAPI {
        return PersonApiFp(this.configuration).mergePerson(requestParameters.id, requestParameters.mergePersonDto, options).then((request) => request(this.axios, this.basePath));
    }

+    /**
+     * 
+     * @param {PersonApiUpdatePeopleRequest} requestParameters Request parameters.
+     * @param {*} [options] Override http request option.
+     * @throws {RequiredError}
+     * @memberof PersonApi
+     */
+    public updatePeople(requestParameters: PersonApiUpdatePeopleRequest, options?: AxiosRequestConfig) {
+        return PersonApiFp(this.configuration).updatePeople(requestParameters.peopleUpdateDto, options).then((request) => request(this.axios, this.basePath));
+    }
+
    /**
     * 
     * @param {PersonApiUpdatePersonRequest} requestParameters Request parameters.
@@ -9705,6 +9927,35 @@ export const ServerInfoApiAxiosParamCreator = function (configuration?: Configur


    
+            setSearchParams(localVarUrlObj, localVarQueryParameter);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers};
+
+            return {
+                url: toPathString(localVarUrlObj),
+                options: localVarRequestOptions,
+            };
+        },
+        /**
+         * 
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        getSupportedMediaTypes: async (options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
+            const localVarPath = `/server-info/media-types`;
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'GET', ...baseOptions, ...options};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+
+    
            setSearchParams(localVarUrlObj, localVarQueryParameter);
            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers};
@@ -9780,6 +10031,15 @@ export const ServerInfoApiFp = function(configuration?: Configuration) {
            const localVarAxiosArgs = await localVarAxiosParamCreator.getStats(options);
            return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
        },
+        /**
+         * 
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        async getSupportedMediaTypes(options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<ServerMediaTypesResponseDto>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.getSupportedMediaTypes(options);
+            return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
+        },
        /**
         * 
         * @param {*} [options] Override http request option.
@@ -9823,6 +10083,14 @@ export const ServerInfoApiFactory = function (configuration?: Configuration, bas
        getStats(options?: AxiosRequestConfig): AxiosPromise<ServerStatsResponseDto> {
            return localVarFp.getStats(options).then((request) => request(axios, basePath));
        },
+        /**
+         * 
+         * @param {*} [options] Override http request option.
+         * @throws {RequiredError}
+         */
+        getSupportedMediaTypes(options?: AxiosRequestConfig): AxiosPromise<ServerMediaTypesResponseDto> {
+            return localVarFp.getSupportedMediaTypes(options).then((request) => request(axios, basePath));
+        },
        /**
         * 
         * @param {*} [options] Override http request option.
@@ -9871,6 +10139,16 @@ export class ServerInfoApi extends BaseAPI {
        return ServerInfoApiFp(this.configuration).getStats(options).then((request) => request(this.axios, this.basePath));
    }

+    /**
+     * 
+     * @param {*} [options] Override http request option.
+     * @throws {RequiredError}
+     * @memberof ServerInfoApi
+     */
+    public getSupportedMediaTypes(options?: AxiosRequestConfig) {
+        return ServerInfoApiFp(this.configuration).getSupportedMediaTypes(options).then((request) => request(this.axios, this.basePath));
+    }
+
    /**
     * 
     * @param {*} [options] Override http request option.
--- a/cli/src/api/open-api/base.ts
+++ b/cli/src/api/open-api/base.ts
@@ -4,7 +4,7 @@
 * Immich
 * Immich API
 *
- * The version of the OpenAPI document: 1.67.2
+ * The version of the OpenAPI document: 1.70.0
 * 
 *
 * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
--- a/cli/src/api/open-api/common.ts
+++ b/cli/src/api/open-api/common.ts
@@ -4,7 +4,7 @@
 * Immich
 * Immich API
 *
- * The version of the OpenAPI document: 1.67.2
+ * The version of the OpenAPI document: 1.70.0
 * 
 *
 * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
--- a/cli/src/api/open-api/configuration.ts
+++ b/cli/src/api/open-api/configuration.ts
@@ -4,7 +4,7 @@
 * Immich
 * Immich API
 *
- * The version of the OpenAPI document: 1.67.2
+ * The version of the OpenAPI document: 1.70.0
 * 
 *
 * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
--- a/cli/src/api/open-api/index.ts
+++ b/cli/src/api/open-api/index.ts
@@ -4,7 +4,7 @@
 * Immich
 * Immich API
 *
- * The version of the OpenAPI document: 1.67.2
+ * The version of the OpenAPI document: 1.70.0
 * 
 *
 * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
--- a/cli/src/commands/upload.ts
+++ b/cli/src/commands/upload.ts
@@ -70,11 +70,13 @@ export default class Upload extends BaseCommand {
        if (options.import) {
          const importData = {
            assetPath: asset.path,
+            sidecarPath: asset.sidecarPath,
            deviceAssetId: asset.deviceAssetId,
            deviceId: this.deviceId,
            fileCreatedAt: asset.fileCreatedAt,
            fileModifiedAt: asset.fileModifiedAt,
            isFavorite: false,
+            isReadOnly: options.readOnly,
          };

          if (!this.dryRun) {
--- a/cli/src/cores/dto/upload-options-dto.ts
+++ b/cli/src/cores/dto/upload-options-dto.ts
@@ -5,4 +5,5 @@ export class UploadOptionsDto {
  skipHash = false;
  delete = false;
  import = false;
+  readOnly = true;
 }
--- a/cli/src/index.ts
+++ b/cli/src/index.ts
@@ -35,9 +35,11 @@ program
      .default(false),
  )
  .addOption(new Option('-i, --ignore [paths...]', 'Paths to ignore').env('IMMICH_IGNORE_PATHS').default(false))
-  .argument('[paths...]', 'One or more paths to assets to be uploaded')
+  .addOption(new Option('--no-read-only', 'Import files without read-only protection, allowing Immich to manage them'))
+  .argument('[paths...]', 'One or more paths to assets to be imported')
  .action((paths, options) => {
    options.import = true;
+    options.excludePatterns = options.ignore;
    new Upload().run(paths, options);
  });

--- a/cli/test/tsconfig.json
+++ b/cli/test/tsconfig.json
@@ -1,7 +0,0 @@
-{
-  "extends": "../tsconfig",
-  "compilerOptions": {
-    "noEmit": true
-  },
-  "references": [{ "path": ".." }]
-}
--- a/cli/tsconfig.build.json
+++ b/cli/tsconfig.build.json
@@ -0,0 +1,4 @@
+{
+  "extends": "./tsconfig.json",
+  "exclude": ["dist", "node_modules", "upload", "test", "**/*spec.ts"]
+}
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -31,7 +31,6 @@ services:
    build:
      context: ../machine-learning
      dockerfile: Dockerfile
-    command: python main.py
    ports:
      - 3003:3003
    volumes:
@@ -116,7 +115,6 @@ services:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
-      PG_DATA: /var/lib/postgresql/data
    volumes:
      - pgdata:/var/lib/postgresql/data
    ports:
--- a/docker/docker-compose.prod.yml
+++ b/docker/docker-compose.prod.yml
@@ -0,0 +1,113 @@
+version: "3.8"
+
+services:
+  immich-server:
+    container_name: immich_server
+    image: immich-server:latest
+    build:
+      context: ../server
+      dockerfile: Dockerfile
+    command: ["./start-server.sh"]
+    volumes:
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
+    env_file:
+      - .env
+    depends_on:
+      - redis
+      - database
+      - typesense
+
+  immich-machine-learning:
+    container_name: immich_machine_learning
+    image: immich-machine-learning:latest
+    build:
+      context: ../machine-learning
+      dockerfile: Dockerfile
+    volumes:
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
+      - model-cache:/cache
+    env_file:
+      - .env
+    restart: always
+  
+  immich-microservices:
+    container_name: immich_microservices
+    image: immich-microservices:latest
+    build:
+      context: ../server
+      dockerfile: Dockerfile
+    command: ["./start-microservices.sh"]
+    volumes:
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
+    env_file:
+      - .env
+    depends_on:
+      - database
+      - immich-server
+      - typesense
+    restart: always
+
+  immich-web:
+    container_name: immich_web
+    image: immich-web:latest
+    build:
+      context: ../web
+      dockerfile: Dockerfile
+    env_file:
+      - .env
+    restart: always
+    depends_on:
+      - immich-server
+
+  typesense:
+    container_name: immich_typesense
+    image: typesense/typesense:0.24.1@sha256:9bcff2b829f12074426ca044b56160ca9d777a0c488303469143dd9f8259d4dd
+    environment:
+      - TYPESENSE_API_KEY=${TYPESENSE_API_KEY}
+      - TYPESENSE_DATA_DIR=/data
+    logging:
+      driver: none
+    volumes:
+      - tsdata:/data
+    restart: always
+
+  redis:
+    container_name: immich_redis
+    image: redis:6.2-alpine@sha256:70a7a5b641117670beae0d80658430853896b5ef269ccf00d1827427e3263fa3
+    restart: always
+
+  database:
+    container_name: immich_postgres
+    image: postgres:14-alpine@sha256:28407a9961e76f2d285dc6991e8e48893503cc3836a4755bbc2d40bcc272a441
+    env_file:
+      - .env
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    restart: always
+
+  immich-proxy:
+    container_name: immich_proxy
+    image: immich-proxy:latest
+    environment:
+      # Make sure these values get passed through from the env file
+      - IMMICH_SERVER_URL
+      - IMMICH_WEB_URL
+    build:
+      context: ../nginx
+      dockerfile: Dockerfile
+    ports:
+      - 2283:8080
+    logging:
+      driver: none
+    depends_on:
+      - immich-server
+    restart: always
+
+volumes:
+  pgdata:
+  model-cache:
+  tsdata:
--- a/docker/docker-compose.test.yml
+++ b/docker/docker-compose.test.yml
@@ -37,7 +37,6 @@ services:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
-      PG_DATA: /var/lib/postgresql/data
    volumes:
      - /var/lib/postgresql/data
    networks:
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -51,8 +51,6 @@ services:
    environment:
      - TYPESENSE_API_KEY=${TYPESENSE_API_KEY}
      - TYPESENSE_DATA_DIR=/data
-    logging:
-      driver: none
    volumes:
      - tsdata:/data
    restart: always
@@ -71,7 +69,6 @@ services:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
-      PG_DATA: /var/lib/postgresql/data
    volumes:
      - pgdata:/var/lib/postgresql/data
    restart: always
--- a/docs/docs/FAQ.md
+++ b/docs/docs/FAQ.md
@@ -94,7 +94,7 @@ To remove the **Metadata** you can stop Immich and delete the volume.
 docker-compose down -v
 ```

-After removing the the containers and volumes, the **Files** can be cleaned up (if necessary) from the `UPLOAD_LOCATION` by simply deleting an unwanted files or folders.
+After removing the containers and volumes, the **Files** can be cleaned up (if necessary) from the `UPLOAD_LOCATION` by simply deleting an unwanted files or folders.

 ### Why iOS app shows duplicate photos on the timeline while the web doesn't?

--- a/docs/docs/administration/backup-and-restore.md
+++ b/docs/docs/administration/backup-and-restore.md
@@ -2,6 +2,10 @@

 ## Database

+:::caution
+Immich saves [file paths in the database](https://github.com/immich-app/immich/discussions/3299), it does not scan the library folder to update the database so backups are crucial.
+:::
+
 :::info
 Refer to the official [postgres documentation](https://www.postgresql.org/docs/current/backup.html) for details about backing up and restoring a postgres database.
 :::
--- a/docs/docs/install/environment-variables.md
+++ b/docs/docs/install/environment-variables.md
@@ -184,3 +184,24 @@ Typesense URL example JSON before encoding:
 | `MACHINE_LEARNING_CLASSIFICATION_MODEL`     | Classification Model           | `microsoft/resnet-50` | machine learning |
 | `MACHINE_LEARNING_CACHE_FOLDER`             | ML Cache Location              |       `/cache`        | machine learning |
 | `TRANSFORMERS_CACHE`                        | ML Transformers Cache Location |       `/cache`        | machine learning |
+
+## Docker Secrets
+
+The following variables support the use of [Docker secrets](https://docs.docker.com/engine/swarm/secrets/) for additional security.
+
+To use any of these, replace the regular environment variable with the equivalent `_FILE` environment variable. The value of
+the `_FILE` variable should be set to the path of a file containing the variable value.
+
+|  Regular Variable  | Equivalent Docker Secrets '\_FILE' Variable |
+| :----------------: | :-----------------------------------------: |
+|   `DB_HOSTNAME`    |      `DB_HOSTNAME_FILE`<sup>\*1</sup>       |
+| `DB_DATABASE_NAME` |    `DB_DATABASE_NAME_FILE`<sup>\*1</sup>    |
+|   `DB_USERNAME`    |      `DB_USERNAME_FILE`<sup>\*1</sup>       |
+|   `DB_PASSWORD`    |      `DB_PASSWORD_FILE`<sup>\*1</sup>       |
+|  `REDIS_PASSWORD`  |     `REDIS_PASSWORD_FILE`<sup>\*2</sup>     |
+
+\*1: See the [official documentation](https://github.com/docker-library/docs/tree/master/postgres#docker-secrets) for
+details on how to use Docker Secrets in the Postgres image.
+
+\*2: See [this comment](https://github.com/docker-library/redis/issues/46#issuecomment-335326234) for an example of how
+to use use a Docker secret for the password in the Redis container.
--- a/docs/docs/partials/_storage-template.md
+++ b/docs/docs/partials/_storage-template.md
@@ -1,6 +1,6 @@
-Immich allows the admin user to set the pattern of how the files are uploaded to the Immich would look like. Both in the directory and the filename level.
+Immich allows the admin user to set the uploaded filename pattern. Both at the directory and filename level.

-The admin user can set the template by using the template builder in the `Administration -> Settings -> Storage Template`. Immich provides a set of variables that you can use in constructing the template, along with additional custom text.
+The admin user can set the template by using the template builder in the `Administration -> Settings -> Storage Template`. Immich provides a set of variables that you can use in constructing the template, along with additional custom text. If the template produces [multiple files with the same filename, they won't be overwritten](https://github.com/immich-app/immich/discussions/3324) as a sequence number is appended to the filename.

 ```bash title="Default template"
 Year/Year-Month-Day/Filename.Extension
@@ -8,4 +8,4 @@ Year/Year-Month-Day/Filename.Extension

 <img src={require('./img/storage-template.png').default} width="100%" title="Storage Template Setting" />

-Immich also provides a mechanism to migrate between template so that if the template you set now doesn't work in the future, you can always migrate all the existing files to the new template. The mechanism is run as a job in the Job page.
+Immich also provides a mechanism to migrate between templates so that if the template you set now doesn't work in the future, you can always migrate all the existing files to the new template. The mechanism is run as a job on the Job page.
--- a/machine-learning/Dockerfile
+++ b/machine-learning/Dockerfile
@@ -15,6 +15,8 @@ RUN poetry install --sync --no-interaction --no-ansi --no-root --only main

 FROM python:3.11.4-slim-bullseye@sha256:91d194f58f50594cda71dcd2e8fdefd90e7ecc57d07823813b67c8521e565dcd

+RUN apt-get update && apt-get install -y --no-install-recommends tini && rm -rf /var/lib/apt/lists/*
+
 WORKDIR /usr/src/app
 ENV NODE_ENV=production \
  TRANSFORMERS_CACHE=/cache \
@@ -25,4 +27,5 @@ ENV NODE_ENV=production \

 COPY --from=builder /opt/venv /opt/venv
 COPY app .
-ENTRYPOINT ["python", "-m", "app.main"]
+ENTRYPOINT ["tini", "--"]
+CMD ["python", "-m", "app.main"]
--- a/machine-learning/poetry.lock
+++ b/machine-learning/poetry.lock
--- a/machine-learning/pyproject.toml
+++ b/machine-learning/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "machine-learning"
-version = "1.67.2"
+version = "1.70.0"
 description = ""
 authors = ["Hau Tran <alex.tran1502@gmail.com>"]
 readme = "README.md"
@@ -22,8 +22,6 @@ fastapi = "^0.95.2"
 uvicorn = {extras = ["standard"], version = "^0.22.0"}
 pydantic = "^1.10.8"
 aiocache = "^0.12.1"
-pytest-cov = "^4.1.0"
-ruff = "^0.0.272"

 [tool.poetry.group.dev.dependencies]
 mypy = "^1.3.0"
@@ -33,6 +31,8 @@ locust = "^2.15.1"
 gunicorn = "^20.1.0"
 httpx = "^0.24.1"
 pytest-asyncio = "^0.21.0"
+pytest-cov = "^4.1.0"
+ruff = "^0.0.272"

 [[tool.poetry.source]]
 name = "pytorch-cpu"
--- a/mobile/android/fastlane/Fastfile
+++ b/mobile/android/fastlane/Fastfile
@@ -35,8 +35,8 @@ platform :android do
      task: 'bundle', 
      build_type: 'Release',
      properties: {
-        "android.injected.version.code" => 90,
-        "android.injected.version.name" => "1.67.2",
+        "android.injected.version.code" => 93,
+        "android.injected.version.name" => "1.70.0",
      }
    )
    upload_to_play_store(skip_upload_apk: true, skip_upload_images: true, skip_upload_screenshots: true, aab: '../build/app/outputs/bundle/release/app-release.aab')
--- a/mobile/android/fastlane/report.xml
+++ b/mobile/android/fastlane/report.xml
@@ -5,17 +5,17 @@
    
    
      
-      <testcase classname="fastlane.lanes" name="0: default_platform" time="0.000296">
+      <testcase classname="fastlane.lanes" name="0: default_platform" time="0.000283">
        
      </testcase>
    
      
-      <testcase classname="fastlane.lanes" name="1: bundleRelease" time="64.042552">
+      <testcase classname="fastlane.lanes" name="1: bundleRelease" time="68.955404">
        
      </testcase>
    
      
-      <testcase classname="fastlane.lanes" name="2: upload_to_play_store" time="29.676557">
+      <testcase classname="fastlane.lanes" name="2: upload_to_play_store" time="24.147531">
        
      </testcase>
    
--- a/mobile/assets/i18n/en-US.json
+++ b/mobile/assets/i18n/en-US.json
@@ -186,6 +186,7 @@
  "login_form_save_login": "Stay logged in",
  "login_form_server_empty": "Enter a server URL.",
  "login_form_server_error": "Could not connect to server.",
+  "login_disabled": "Login has been disabled",
  "monthly_title_text_date_format": "MMMM y",
  "motion_photos_page_title": "Motion Photos",
  "notification_permission_dialog_cancel": "Cancel",
@@ -290,4 +291,4 @@
  "version_announcement_overlay_text_2": "please take your time to visit the ",
  "version_announcement_overlay_text_3": " and ensure your docker-compose and .env setup is up-to-date to prevent any misconfigurations, especially if you use WatchTower or any mechanism that handles updating your server application automatically.",
  "version_announcement_overlay_title": "New Server Version Available \uD83C\uDF89"
-}
+}
--- a/mobile/ios/Podfile.lock
+++ b/mobile/ios/Podfile.lock
@@ -157,4 +157,4 @@ SPEC CHECKSUMS:

 PODFILE CHECKSUM: 599d8aeb73728400c15364e734525722250a5382

-COCOAPODS: 1.11.3
+COCOAPODS: 1.12.1
--- a/mobile/ios/Runner.xcodeproj/project.pbxproj
+++ b/mobile/ios/Runner.xcodeproj/project.pbxproj
@@ -379,7 +379,7 @@
 				CODE_SIGN_ENTITLEMENTS = Runner/RunnerProfile.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 97;
+				CURRENT_PROJECT_VERSION = 109;
 				DEVELOPMENT_TEAM = 2F67MQ8R79;
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
@@ -515,7 +515,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 97;
+				CURRENT_PROJECT_VERSION = 109;
 				DEVELOPMENT_TEAM = 2F67MQ8R79;
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
@@ -543,7 +543,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 97;
+				CURRENT_PROJECT_VERSION = 109;
 				DEVELOPMENT_TEAM = 2F67MQ8R79;
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
--- a/mobile/ios/Runner/Info.plist
+++ b/mobile/ios/Runner/Info.plist
@@ -59,11 +59,11 @@
    <key>CFBundlePackageType</key>
    <string>APPL</string>
    <key>CFBundleShortVersionString</key>
-    <string>1.57.0</string>
+    <string>1.69.0</string>
    <key>CFBundleSignature</key>
    <string>????</string>
    <key>CFBundleVersion</key>
-    <string>97</string>
+    <string>109</string>
    <key>FLTEnableImpeller</key>
    <true />
    <key>ITSAppUsesNonExemptEncryption</key>
--- a/mobile/ios/fastlane/Fastfile
+++ b/mobile/ios/fastlane/Fastfile
@@ -19,7 +19,7 @@ platform :ios do
  desc "iOS Beta"
  lane :beta do
    increment_version_number(
-      version_number: "1.67.2"
+      version_number: "1.70.0"
    )
    increment_build_number(
      build_number: latest_testflight_build_number + 1,
--- a/mobile/ios/fastlane/report.xml
+++ b/mobile/ios/fastlane/report.xml
@@ -5,32 +5,32 @@
    
    
      
-      <testcase classname="fastlane.lanes" name="0: default_platform" time="0.000407">
+      <testcase classname="fastlane.lanes" name="0: default_platform" time="0.000218">
        
      </testcase>
    
      
-      <testcase classname="fastlane.lanes" name="1: increment_version_number" time="2.988375">
+      <testcase classname="fastlane.lanes" name="1: increment_version_number" time="2.314237">
        
      </testcase>
    
      
-      <testcase classname="fastlane.lanes" name="2: latest_testflight_build_number" time="45.42439">
+      <testcase classname="fastlane.lanes" name="2: latest_testflight_build_number" time="5.025464">
        
      </testcase>
    
      
-      <testcase classname="fastlane.lanes" name="3: increment_build_number" time="2.381359">
+      <testcase classname="fastlane.lanes" name="3: increment_build_number" time="1.890539">
        
      </testcase>
    
      
-      <testcase classname="fastlane.lanes" name="4: build_app" time="94.653021">
+      <testcase classname="fastlane.lanes" name="4: build_app" time="101.284714">
        
      </testcase>
    
      
-      <testcase classname="fastlane.lanes" name="5: upload_to_testflight" time="58.237354">
+      <testcase classname="fastlane.lanes" name="5: upload_to_testflight" time="59.342932">
        
      </testcase>
    
--- a/mobile/lib/main.dart
+++ b/mobile/lib/main.dart
@@ -14,6 +14,7 @@ import 'package:immich_mobile/modules/backup/models/duplicated_asset.model.dart'
 import 'package:immich_mobile/modules/backup/providers/backup.provider.dart';
 import 'package:immich_mobile/modules/backup/providers/ios_background_settings.provider.dart';
 import 'package:immich_mobile/modules/login/providers/authentication.provider.dart';
+import 'package:immich_mobile/modules/memories/providers/memory.provider.dart';
 import 'package:immich_mobile/modules/onboarding/providers/gallery_permission.provider.dart';
 import 'package:immich_mobile/modules/settings/providers/notification_permission.provider.dart';
 import 'package:immich_mobile/routing/router.dart';
@@ -156,6 +157,8 @@ class ImmichAppState extends ConsumerState<ImmichApp>

        ref.read(iOSBackgroundSettingsProvider.notifier).refresh();

+        ref.invalidate(memoryFutureProvider);
+
        break;

      case AppLifecycleState.inactive:
--- a/mobile/lib/modules/asset_viewer/views/gallery_viewer.dart
+++ b/mobile/lib/modules/asset_viewer/views/gallery_viewer.dart
@@ -412,7 +412,11 @@ class GalleryViewerPage extends HookConsumerWidget {
                showUnselectedLabels: false,
                items: [
                  BottomNavigationBarItem(
-                    icon: const Icon(Icons.ios_share_rounded),
+                    icon: Icon(
+                      Platform.isAndroid
+                          ? Icons.share_rounded
+                          : Icons.ios_share_rounded,
+                    ),
                    label: 'control_bottom_app_bar_share'.tr(),
                    tooltip: 'control_bottom_app_bar_share'.tr(),
                  ),
@@ -495,6 +499,7 @@ class GalleryViewerPage extends HookConsumerWidget {
            PhotoViewGallery.builder(
              scaleStateChangedCallback: (state) {
                isZoomed.value = state != PhotoViewScaleState.initial;
+                ref.read(showControlsProvider.notifier).show = !isZoomed.value;
              },
              pageController: controller,
              scrollPhysics: isZoomed.value
--- a/mobile/lib/modules/backup/providers/backup.provider.dart
+++ b/mobile/lib/modules/backup/providers/backup.provider.dart
@@ -207,6 +207,9 @@ class BackupNotifier extends StateNotifier<BackUpState> {
      type: RequestType.common,
    );

+    // Map of id -> album for quick album lookup later on.
+    Map<String, AssetPathEntity> albumMap = {};
+
    log.info('Found ${albums.length} local albums');

    for (AssetPathEntity album in albums) {
@@ -235,6 +238,8 @@ class BackupNotifier extends StateNotifier<BackUpState> {
        }

        availableAlbums.add(availableAlbum);
+
+        albumMap[album.id] = album;
      }
    }

@@ -270,30 +275,37 @@ class BackupNotifier extends StateNotifier<BackUpState> {
    }

    // Generate AssetPathEntity from id to add to local state
-    try {
-      final Set<AvailableAlbum> selectedAlbums = {};
-      for (final BackupAlbum ba in selectedBackupAlbums) {
-        final albumAsset = await AssetPathEntity.fromId(ba.id);
+    final Set<AvailableAlbum> selectedAlbums = {};
+    for (final BackupAlbum ba in selectedBackupAlbums) {
+      final albumAsset = albumMap[ba.id];
+
+      if (albumAsset != null) {
        selectedAlbums.add(
          AvailableAlbum(albumEntity: albumAsset, lastBackup: ba.lastBackup),
        );
+      } else {
+        log.severe('Selected album not found');
      }
+    }

-      final Set<AvailableAlbum> excludedAlbums = {};
-      for (final BackupAlbum ba in excludedBackupAlbums) {
-        final albumAsset = await AssetPathEntity.fromId(ba.id);
+    final Set<AvailableAlbum> excludedAlbums = {};
+    for (final BackupAlbum ba in excludedBackupAlbums) {
+      final albumAsset = albumMap[ba.id];
+
+      if (albumAsset != null) {
        excludedAlbums.add(
          AvailableAlbum(albumEntity: albumAsset, lastBackup: ba.lastBackup),
        );
+      } else {
+        log.severe('Excluded album not found');
      }
-      state = state.copyWith(
-        selectedBackupAlbums: selectedAlbums,
-        excludedBackupAlbums: excludedAlbums,
-      );
-    } catch (e, stackTrace) {
-      log.severe("Failed to generate album from id", e, stackTrace);
    }

+    state = state.copyWith(
+      selectedBackupAlbums: selectedAlbums,
+      excludedBackupAlbums: excludedAlbums,
+    );
+
    debugPrint("_getBackupAlbumsInfo takes ${stopwatch.elapsedMilliseconds}ms");
  }

--- a/mobile/lib/modules/home/ui/asset_grid/immich_asset_grid_view.dart
+++ b/mobile/lib/modules/home/ui/asset_grid/immich_asset_grid_view.dart
@@ -341,8 +341,8 @@ class ImmichAssetGridViewState extends State<ImmichAssetGridView> {
            backgroundColor: Theme.of(context).hintColor,
            labelTextBuilder: _labelBuilder,
            labelConstraints: const BoxConstraints(maxHeight: 28),
-            scrollbarAnimationDuration: const Duration(seconds: 1),
-            scrollbarTimeToFade: const Duration(seconds: 4),
+            scrollbarAnimationDuration: const Duration(milliseconds: 300),
+            scrollbarTimeToFade: const Duration(milliseconds: 1000),
            child: listWidget,
          )
        : listWidget;
--- a/mobile/lib/modules/home/ui/control_bottom_app_bar.dart
+++ b/mobile/lib/modules/home/ui/control_bottom_app_bar.dart
@@ -1,3 +1,5 @@
+import 'dart:io';
+
 import 'package:easy_localization/easy_localization.dart';
 import 'package:flutter/material.dart';
 import 'package:hooks_riverpod/hooks_riverpod.dart';
@@ -39,7 +41,9 @@ class ControlBottomAppBar extends ConsumerWidget {
      return Row(
        children: [
          ControlBoxButton(
-            iconData: Icons.ios_share_rounded,
+            iconData: Platform.isAndroid
+                ? Icons.share_rounded
+                : Icons.ios_share_rounded,
            label: "control_bottom_app_bar_share".tr(),
            onPressed: enabled ? onShare : null,
          ),
--- a/mobile/lib/modules/home/ui/profile_drawer/profile_drawer.dart
+++ b/mobile/lib/modules/home/ui/profile_drawer/profile_drawer.dart
@@ -33,14 +33,12 @@ class ProfileDrawer extends HookConsumerWidget {
              ?.copyWith(fontWeight: FontWeight.bold),
        ).tr(),
        onTap: () async {
-          bool res = await ref.watch(authenticationProvider.notifier).logout();
+          await ref.watch(authenticationProvider.notifier).logout();

-          if (res) {
-            ref.watch(backupProvider.notifier).cancelBackup();
-            ref.watch(assetProvider.notifier).clearAllAsset();
-            ref.watch(websocketProvider.notifier).disconnect();
-            AutoRouter.of(context).replace(const LoginRoute());
-          }
+          ref.watch(backupProvider.notifier).cancelBackup();
+          ref.watch(assetProvider.notifier).clearAllAsset();
+          ref.watch(websocketProvider.notifier).disconnect();
+          AutoRouter.of(context).replace(const LoginRoute());
        },
      );
    }
--- a/mobile/lib/modules/login/providers/authentication.provider.dart
+++ b/mobile/lib/modules/login/providers/authentication.provider.dart
@@ -14,6 +14,7 @@ import 'package:immich_mobile/shared/services/api.service.dart';
 import 'package:immich_mobile/utils/db.dart';
 import 'package:immich_mobile/utils/hash.dart';
 import 'package:isar/isar.dart';
+import 'package:logging/logging.dart';
 import 'package:openapi/api.dart';

 class AuthenticationNotifier extends StateNotifier<AuthenticationState> {
@@ -92,21 +93,29 @@ class AuthenticationNotifier extends StateNotifier<AuthenticationState> {
    }
  }

-  Future<bool> logout() async {
+  Future<void> logout() async {
+    var log = Logger('AuthenticationNotifier');
    try {
+
+      String? userEmail = Store.tryGet(StoreKey.currentUser)?.email;
+
+      _apiService.authenticationApi
+          .logout()
+          .then((_) => log.info("Logout was successfull for $userEmail"))
+          .onError(
+            (error, stackTrace) =>
+                log.severe("Error logging out $userEmail", error, stackTrace),
+          );
+
      await Future.wait([
-        _apiService.authenticationApi.logout(),
        clearAssetsAndAlbums(_db),
        Store.delete(StoreKey.currentUser),
        Store.delete(StoreKey.accessToken),
      ]);

      state = state.copyWith(isAuthenticated: false);
-
-      return true;
    } catch (e) {
-      debugPrint("Error logging out $e");
-      return false;
+      log.severe("Error logging out $e");
    }
  }

--- a/mobile/lib/modules/login/ui/change_password_form.dart
+++ b/mobile/lib/modules/login/ui/change_password_form.dart
@@ -75,18 +75,15 @@ class ChangePasswordForm extends HookConsumerWidget {
                              .changePassword(passwordController.value.text);

                          if (isSuccess) {
-                            bool res = await ref
+                            await ref
                                .read(authenticationProvider.notifier)
                                .logout();

-                            if (res) {
-                              ref.read(backupProvider.notifier).cancelBackup();
-                              ref.read(assetProvider.notifier).clearAllAsset();
-                              ref.read(websocketProvider.notifier).disconnect();
+                            ref.read(backupProvider.notifier).cancelBackup();
+                            ref.read(assetProvider.notifier).clearAllAsset();
+                            ref.read(websocketProvider.notifier).disconnect();

-                              AutoRouter.of(context)
-                                  .replace(const LoginRoute());
-                            }
+                            AutoRouter.of(context).replace(const LoginRoute());
                          }
                        }
                      },
--- a/mobile/lib/modules/login/ui/login_form.dart
+++ b/mobile/lib/modules/login/ui/login_form.dart
@@ -36,6 +36,7 @@ class LoginForm extends HookConsumerWidget {
    final isLoading = useState<bool>(false);
    final isLoadingServer = useState<bool>(false);
    final isOauthEnable = useState<bool>(false);
+    final isPasswordLoginEnable = useState<bool>(false);
    final oAuthButtonLabel = useState<String>('OAuth');
    final logoAnimationController = useAnimationController(
      duration: const Duration(seconds: 60),
@@ -69,9 +70,11 @@ class LoginForm extends HookConsumerWidget {

        if (loginConfig != null) {
          isOauthEnable.value = loginConfig.enabled;
+          isPasswordLoginEnable.value = loginConfig.passwordLoginEnabled;
          oAuthButtonLabel.value = loginConfig.buttonText ?? 'OAuth';
        } else {
          isOauthEnable.value = false;
+          isPasswordLoginEnable.value = true;
        }

        serverEndpoint.value = endpoint;
@@ -82,6 +85,7 @@ class LoginForm extends HookConsumerWidget {
          toastType: ToastType.error,
        );
        isOauthEnable.value = false;
+        isPasswordLoginEnable.value = true;
        isLoadingServer.value = false;
        return false;
      } catch (e) {
@@ -91,6 +95,7 @@ class LoginForm extends HookConsumerWidget {
          toastType: ToastType.error,
        );
        isOauthEnable.value = false;
+        isPasswordLoginEnable.value = true;
        isLoadingServer.value = false;
        return false;
      }
@@ -262,18 +267,20 @@ class LoginForm extends HookConsumerWidget {
              style: Theme.of(context).textTheme.displaySmall,
              textAlign: TextAlign.center,
            ),
-            const SizedBox(height: 18),
-            EmailInput(
-              controller: usernameController,
-              focusNode: emailFocusNode,
-              onSubmit: passwordFocusNode.requestFocus,
-            ),
-            const SizedBox(height: 8),
-            PasswordInput(
-              controller: passwordController,
-              focusNode: passwordFocusNode,
-              onSubmit: login,
-            ),
+            if (isPasswordLoginEnable.value) ...[
+              const SizedBox(height: 18),
+              EmailInput(
+                controller: usernameController,
+                focusNode: emailFocusNode,
+                onSubmit: passwordFocusNode.requestFocus,
+              ),
+              const SizedBox(height: 8),
+              PasswordInput(
+                controller: passwordController,
+                focusNode: passwordFocusNode,
+                onSubmit: login,
+              ),
+            ],

            // Note: This used to have an AnimatedSwitcher, but was removed
            // because of https://github.com/flutter/flutter/issues/120874
@@ -295,19 +302,21 @@ class LoginForm extends HookConsumerWidget {
                    mainAxisAlignment: MainAxisAlignment.center,
                    children: [
                      const SizedBox(height: 18),
-                      LoginButton(onPressed: login),
+                      if (isPasswordLoginEnable.value)
+                        LoginButton(onPressed: login),
                      if (isOauthEnable.value) ...[
-                        Padding(
-                          padding: const EdgeInsets.symmetric(
-                            horizontal: 16.0,
+                        if (isPasswordLoginEnable.value)
+                          Padding(
+                            padding: const EdgeInsets.symmetric(
+                              horizontal: 16.0,
+                            ),
+                            child: Divider(
+                              color: Brightness.dark ==
+                                      Theme.of(context).brightness
+                                  ? Colors.white
+                                  : Colors.black,
+                            ),
                          ),
-                          child: Divider(
-                            color:
-                                Brightness.dark == Theme.of(context).brightness
-                                    ? Colors.white
-                                    : Colors.black,
-                          ),
-                        ),
                        OAuthLoginButton(
                          serverEndpointController: serverEndpointController,
                          buttonLabel: oAuthButtonLabel.value,
@@ -317,6 +326,10 @@ class LoginForm extends HookConsumerWidget {
                      ],
                    ],
                  ),
+            if (!isOauthEnable.value && !isPasswordLoginEnable.value)
+              Center(
+                child: const Text('login_disabled').tr(),
+              ),
            const SizedBox(height: 12),
            TextButton.icon(
              icon: const Icon(Icons.arrow_back),
--- a/mobile/lib/modules/memories/views/memory_page.dart
+++ b/mobile/lib/modules/memories/views/memory_page.dart
@@ -5,7 +5,10 @@ import 'package:flutter_hooks/flutter_hooks.dart';
 import 'package:hooks_riverpod/hooks_riverpod.dart';
 import 'package:immich_mobile/modules/memories/models/memory.dart';
 import 'package:immich_mobile/modules/memories/ui/memory_card.dart';
+import 'package:immich_mobile/shared/models/asset.dart';
+import 'package:immich_mobile/shared/ui/immich_image.dart';
 import 'package:intl/intl.dart';
+import 'package:openapi/api.dart' as api;

 class MemoryPage extends HookConsumerWidget {
  final List<Memory> memories;
@@ -22,6 +25,7 @@ class MemoryPage extends HookConsumerWidget {
    final memoryPageController = usePageController(initialPage: memoryIndex);
    final memoryAssetPageController = usePageController();
    final currentMemory = useState(memories[memoryIndex]);
+    final previousMemoryIndex = useState(memoryIndex);
    final currentAssetPage = useState(0);
    final assetProgress = useState(
      "${currentAssetPage.value + 1}|${currentMemory.value.assets.length}",
@@ -36,11 +40,16 @@ class MemoryPage extends HookConsumerWidget {
    }

    toNextAsset(int currentAssetIndex) {
-      (currentAssetIndex + 1 < currentMemory.value.assets.length)
-          ? memoryAssetPageController.jumpToPage(
-              (currentAssetIndex + 1),
-            )
-          : toNextMemory();
+      if (currentAssetIndex + 1 < currentMemory.value.assets.length) {
+        // Go to the next asset
+        memoryAssetPageController.nextPage(
+          curve: Curves.easeInOut,
+          duration: const Duration(milliseconds: 500),
+        );
+      } else {
+        // Go to the next memory since we are at the end of our assets
+        toNextMemory();
+      }
    }

    updateProgressText() {
@@ -48,21 +57,71 @@ class MemoryPage extends HookConsumerWidget {
          "${currentAssetPage.value + 1}|${currentMemory.value.assets.length}";
    }

-    onMemoryChanged(int otherIndex) {
-      HapticFeedback.mediumImpact();
-      currentMemory.value = memories[otherIndex];
-      currentAssetPage.value = 0;
-      updateProgressText();
+    /// Downloads and caches the image for the asset at this [currentMemory]'s index
+    precacheAsset(int index) async {
+      // Guard index out of range
+      if (index < 0) {
+        return;
+      }
+
+      late Asset asset;
+      if (index < currentMemory.value.assets.length) {
+        // Uses the next asset in this current memory
+        asset = currentMemory.value.assets[index];
+      } else {
+        // Precache the first asset in the next memory if available
+        final currentMemoryIndex = memories.indexOf(currentMemory.value);
+
+        // Guard no memory found
+        if (currentMemoryIndex == -1) {
+          return;
+        }
+
+        final nextMemoryIndex = currentMemoryIndex + 1;
+        // Guard no next memory
+        if (nextMemoryIndex >= memories.length) {
+          return;
+        }
+
+        // Get the first asset from the next memory
+        asset = memories[nextMemoryIndex].assets.first;
+      }
+
+      // Gets the thumbnail url and precaches it
+      final precaches = <Future<dynamic>>[];
+
+      precaches.add(
+        ImmichImage.precacheAsset(
+          asset,
+          context,
+          type: api.ThumbnailFormat.WEBP,
+        ),
+      );
+      precaches.add(
+        ImmichImage.precacheAsset(
+          asset,
+          context,
+          type: api.ThumbnailFormat.JPEG,
+        ),
+      );
+
+      await Future.wait(precaches);
+    }
+
+    // Precache the next page right away if we are on the first page
+    if (currentAssetPage.value == 0) {
+      Future.delayed(const Duration(milliseconds: 200))
+          .then((_) => precacheAsset(1));
    }

    onAssetChanged(int otherIndex) {
      HapticFeedback.selectionClick();
-
      currentAssetPage.value = otherIndex;
+      precacheAsset(otherIndex + 1);
      updateProgressText();
    }

-    buildBottomInfo() {
+    buildBottomInfo(Memory memory) {
      return Padding(
        padding: const EdgeInsets.all(16.0),
        child: Row(
@@ -71,7 +130,7 @@ class MemoryPage extends HookConsumerWidget {
              crossAxisAlignment: CrossAxisAlignment.start,
              children: [
                Text(
-                  currentMemory.value.title,
+                  memory.title,
                  style: TextStyle(
                    color: Colors.grey[400],
                    fontSize: 11.0,
@@ -80,7 +139,7 @@ class MemoryPage extends HookConsumerWidget {
                ),
                Text(
                  DateFormat.yMMMMd().format(
-                    currentMemory.value.assets[0].fileCreatedAt,
+                    memory.assets[0].fileCreatedAt,
                  ),
                  style: const TextStyle(
                    color: Colors.white,
@@ -95,44 +154,66 @@ class MemoryPage extends HookConsumerWidget {
      );
    }

-    return Scaffold(
-      backgroundColor: bgColor,
-      body: SafeArea(
-        child: PageView.builder(
-          scrollDirection: Axis.vertical,
-          controller: memoryPageController,
-          onPageChanged: onMemoryChanged,
-          itemCount: memories.length,
-          itemBuilder: (context, mIndex) {
-            // Build horizontal page
-            return Column(
-              children: [
-                Expanded(
-                  child: PageView.builder(
-                    controller: memoryAssetPageController,
-                    onPageChanged: onAssetChanged,
-                    scrollDirection: Axis.horizontal,
-                    itemCount: memories[mIndex].assets.length,
-                    itemBuilder: (context, index) {
-                      final asset = memories[mIndex].assets[index];
-                      return Container(
-                        color: Colors.black,
-                        child: MemoryCard(
-                          asset: asset,
-                          onTap: () => toNextAsset(index),
-                          onClose: () => AutoRouter.of(context).pop(),
-                          rightCornerText: assetProgress.value,
-                          title: memories[mIndex].title,
-                          showTitle: index == 0,
-                        ),
-                      );
-                    },
+    /* Notification listener is used instead of OnPageChanged callback since OnPageChanged is called
+     * when the page in the **center** of the viewer changes. We want to reset currentAssetPage only when the final
+     * page during the end of scroll is different than the current page
+     */
+    return NotificationListener<ScrollNotification>(
+      onNotification: (ScrollNotification notification) {
+        if (notification.depth == 0) {
+          var currentPageNumber = memoryPageController.page!.toInt();
+          currentMemory.value = memories[currentPageNumber];
+          if (notification is ScrollStartNotification) {
+            assetProgress.value = "";
+          } else if (notification is ScrollEndNotification) {
+            HapticFeedback.mediumImpact();
+            if (currentPageNumber != previousMemoryIndex.value) {
+              currentAssetPage.value = 0;
+              previousMemoryIndex.value = currentPageNumber;
+            }
+            updateProgressText();
+          }
+        }
+        return false;
+      },
+      child: Scaffold(
+        backgroundColor: bgColor,
+        body: SafeArea(
+          child: PageView.builder(
+            scrollDirection: Axis.vertical,
+            controller: memoryPageController,
+            itemCount: memories.length,
+            itemBuilder: (context, mIndex) {
+              // Build horizontal page
+              return Column(
+                children: [
+                  Expanded(
+                    child: PageView.builder(
+                      controller: memoryAssetPageController,
+                      onPageChanged: onAssetChanged,
+                      scrollDirection: Axis.horizontal,
+                      itemCount: memories[mIndex].assets.length,
+                      itemBuilder: (context, index) {
+                        final asset = memories[mIndex].assets[index];
+                        return Container(
+                          color: Colors.black,
+                          child: MemoryCard(
+                            asset: asset,
+                            onTap: () => toNextAsset(index),
+                            onClose: () => AutoRouter.of(context).pop(),
+                            rightCornerText: assetProgress.value,
+                            title: memories[mIndex].title,
+                            showTitle: index == 0,
+                          ),
+                        );
+                      },
+                    ),
                  ),
-                ),
-                buildBottomInfo(),
-              ],
-            );
-          },
+                  buildBottomInfo(memories[mIndex]),
+                ],
+              );
+            },
+          ),
        ),
      ),
    );
--- a/mobile/lib/modules/search/providers/search_page_state.provider.dart
+++ b/mobile/lib/modules/search/providers/search_page_state.provider.dart
@@ -63,12 +63,3 @@ final getCuratedLocationProvider =
  var curatedLocation = await searchService.getCuratedLocation();
  return curatedLocation ?? [];
 });
-
-final getCuratedObjectProvider =
-    FutureProvider.autoDispose<List<CuratedObjectsResponseDto>>((ref) async {
-  final SearchService searchService = ref.watch(searchServiceProvider);
-
-  var curatedObject = await searchService.getCuratedObjects();
-
-  return curatedObject ?? [];
-});
--- a/mobile/lib/modules/search/services/person.service.dart
+++ b/mobile/lib/modules/search/services/person.service.dart
@@ -18,7 +18,8 @@ class PersonService {

  Future<List<PersonResponseDto>?> getCuratedPeople() async {
    try {
-      return await _apiService.personApi.getAllPeople();
+      final peopleResponseDto = await _apiService.personApi.getAllPeople();
+      return peopleResponseDto?.people;
    } catch (e) {
      debugPrint("Error [getCuratedPeople] ${e.toString()}");
      return null;
--- a/mobile/lib/modules/search/views/curated_object_page.dart
+++ b/mobile/lib/modules/search/views/curated_object_page.dart
@@ -1,55 +0,0 @@
-import 'package:auto_route/auto_route.dart';
-import 'package:easy_localization/easy_localization.dart';
-import 'package:flutter/material.dart';
-import 'package:hooks_riverpod/hooks_riverpod.dart';
-import 'package:immich_mobile/modules/search/models/curated_content.dart';
-import 'package:immich_mobile/modules/search/providers/search_page_state.provider.dart';
-import 'package:immich_mobile/modules/search/ui/explore_grid.dart';
-import 'package:immich_mobile/shared/ui/immich_loading_indicator.dart';
-import 'package:immich_mobile/utils/capitalize.dart';
-import 'package:openapi/api.dart';
-
-class CuratedObjectPage extends HookConsumerWidget {
-  const CuratedObjectPage({
-    super.key,
-  });
-
-  @override
-  Widget build(BuildContext context, WidgetRef ref) {
-    AsyncValue<List<CuratedObjectsResponseDto>> curatedObjects =
-        ref.watch(getCuratedObjectProvider);
-
-    return Scaffold(
-      appBar: AppBar(
-        title: Text(
-          'curated_object_page_title',
-          style: TextStyle(
-            color: Theme.of(context).primaryColor,
-            fontWeight: FontWeight.bold,
-            fontSize: 16.0,
-          ),
-        ).tr(),
-        leading: IconButton(
-          onPressed: () => AutoRouter.of(context).pop(),
-          icon: const Icon(Icons.arrow_back_ios_rounded),
-        ),
-      ),
-      body: curatedObjects.when(
-        loading: () => const Center(child: ImmichLoadingIndicator()),
-        error: (err, stack) => Center(
-          child: Text('Error: $err'),
-        ),
-        data: (curatedLocations) => ExploreGrid(
-          curatedContent: curatedLocations
-              .map(
-                (l) => CuratedContent(
-                  label: l.object.capitalize(),
-                  id: l.id,
-                ),
-              )
-              .toList(),
-        ),
-      ),
-    );
-  }
-}
--- a/mobile/lib/modules/search/views/search_page.dart
+++ b/mobile/lib/modules/search/views/search_page.dart
@@ -25,7 +25,6 @@ class SearchPage extends HookConsumerWidget {
  Widget build(BuildContext context, WidgetRef ref) {
    final isSearchEnabled = ref.watch(searchPageStateProvider).isSearchEnabled;
    final curatedLocation = ref.watch(getCuratedLocationProvider);
-    final curatedObjects = ref.watch(getCuratedObjectProvider);
    final curatedPeople = ref.watch(getCuratedPeopleProvider);
    var isDarkTheme = Theme.of(context).brightness == Brightness.dark;
    double imageSize = MediaQuery.of(context).size.width / 3;
@@ -128,40 +127,6 @@ class SearchPage extends HookConsumerWidget {
      );
    }

-    buildThings() {
-      return SizedBox(
-        height: imageSize,
-        child: curatedObjects.when(
-          loading: () => SizedBox(
-            height: imageSize,
-            child: const Center(child: ImmichLoadingIndicator()),
-          ),
-          error: (err, stack) => SizedBox(
-            height: imageSize,
-            child: Center(child: Text('Error: $err')),
-          ),
-          data: (objects) => CuratedRow(
-            content: objects
-                .map(
-                  (o) => CuratedContent(
-                    id: o.id,
-                    label: o.object,
-                  ),
-                )
-                .toList(),
-            imageSize: imageSize,
-            onTap: (content, index) {
-              AutoRouter.of(context).push(
-                SearchResultRoute(
-                  searchTerm: 'm:${content.label}',
-                ),
-              );
-            },
-          ),
-        ),
-      );
-    }
-
    return Scaffold(
      appBar: ImmichSearchBar(
        searchFocusNode: searchFocusNode,
@@ -191,13 +156,6 @@ class SearchPage extends HookConsumerWidget {
                  top: 0,
                ),
                buildPlaces(),
-                SearchRowTitle(
-                  title: "search_page_things".tr(),
-                  onViewAllPressed: () => AutoRouter.of(context).push(
-                    const CuratedObjectRoute(),
-                  ),
-                ),
-                buildThings(),
                const SizedBox(height: 24.0),
                Padding(
                  padding: const EdgeInsets.symmetric(horizontal: 16),
--- a/mobile/lib/routing/router.dart
+++ b/mobile/lib/routing/router.dart
@@ -30,7 +30,6 @@ import 'package:immich_mobile/modules/search/views/all_motion_videos_page.dart';
 import 'package:immich_mobile/modules/search/views/all_people_page.dart';
 import 'package:immich_mobile/modules/search/views/all_videos_page.dart';
 import 'package:immich_mobile/modules/search/views/curated_location_page.dart';
-import 'package:immich_mobile/modules/search/views/curated_object_page.dart';
 import 'package:immich_mobile/modules/search/views/person_result_page.dart';
 import 'package:immich_mobile/modules/search/views/recently_added_page.dart';
 import 'package:immich_mobile/modules/search/views/search_page.dart';
@@ -87,7 +86,6 @@ part 'router.gr.dart';
    AutoRoute(page: BackupControllerPage, guards: [AuthGuard, DuplicateGuard]),
    AutoRoute(page: SearchResultPage, guards: [AuthGuard, DuplicateGuard]),
    AutoRoute(page: CuratedLocationPage, guards: [AuthGuard, DuplicateGuard]),
-    AutoRoute(page: CuratedObjectPage, guards: [AuthGuard, DuplicateGuard]),
    AutoRoute(page: CreateAlbumPage, guards: [AuthGuard, DuplicateGuard]),
    AutoRoute(page: FavoritesPage, guards: [AuthGuard, DuplicateGuard]),
    AutoRoute(page: AllVideosPage, guards: [AuthGuard, DuplicateGuard]),
--- a/mobile/lib/routing/router.gr.dart
+++ b/mobile/lib/routing/router.gr.dart
@@ -111,12 +111,6 @@ class _$AppRouter extends RootStackRouter {
        child: const CuratedLocationPage(),
      );
    },
-    CuratedObjectRoute.name: (routeData) {
-      return MaterialPageX<dynamic>(
-        routeData: routeData,
-        child: const CuratedObjectPage(),
-      );
-    },
    CreateAlbumRoute.name: (routeData) {
      final args = routeData.argsAs<CreateAlbumRouteArgs>();
      return MaterialPageX<dynamic>(
@@ -441,14 +435,6 @@ class _$AppRouter extends RootStackRouter {
            duplicateGuard,
          ],
        ),
-        RouteConfig(
-          CuratedObjectRoute.name,
-          path: '/curated-object-page',
-          guards: [
-            authGuard,
-            duplicateGuard,
-          ],
-        ),
        RouteConfig(
          CreateAlbumRoute.name,
          path: '/create-album-page',
@@ -507,7 +493,7 @@ class _$AppRouter extends RootStackRouter {
        ),
        RouteConfig(
          AlbumViewerRoute.name,
-          path: '/',
+          path: '/album-viewer-page',
          guards: [
            authGuard,
            duplicateGuard,
@@ -839,18 +825,6 @@ class CuratedLocationRoute extends PageRouteInfo<void> {
  static const String name = 'CuratedLocationRoute';
 }

-/// generated route for
-/// [CuratedObjectPage]
-class CuratedObjectRoute extends PageRouteInfo<void> {
-  const CuratedObjectRoute()
-      : super(
-          CuratedObjectRoute.name,
-          path: '/curated-object-page',
-        );
-
-  static const String name = 'CuratedObjectRoute';
-}
-
 /// generated route for
 /// [CreateAlbumPage]
 class CreateAlbumRoute extends PageRouteInfo<CreateAlbumRouteArgs> {
@@ -1020,7 +994,7 @@ class AlbumViewerRoute extends PageRouteInfo<AlbumViewerRouteArgs> {
    required int albumId,
  }) : super(
          AlbumViewerRoute.name,
-          path: '/',
+          path: '/album-viewer-page',
          args: AlbumViewerRouteArgs(
            key: key,
            albumId: albumId,
--- a/mobile/lib/routing/tab_navigation_observer.dart
+++ b/mobile/lib/routing/tab_navigation_observer.dart
@@ -33,7 +33,6 @@ class TabNavigationObserver extends AutoRouterObserver {
    if (route.name == 'SearchRoute') {
      // Refresh Location State
      ref.invalidate(getCuratedLocationProvider);
-      ref.invalidate(getCuratedObjectProvider);
      ref.invalidate(getCuratedPeopleProvider);
    }

--- a/mobile/lib/shared/ui/immich_image.dart
+++ b/mobile/lib/shared/ui/immich_image.dart
@@ -16,11 +16,13 @@ class ImmichImage extends StatelessWidget {
    this.height,
    this.fit = BoxFit.cover,
    this.useGrayBoxPlaceholder = false,
+    this.useProgressIndicator = false,
    this.type = api.ThumbnailFormat.WEBP,
    super.key,
  });
  final Asset? asset;
  final bool useGrayBoxPlaceholder;
+  final bool useProgressIndicator;
  final double? width;
  final double? height;
  final BoxFit fit;
@@ -58,17 +60,23 @@ class ImmichImage extends StatelessWidget {
          if (wasSynchronouslyLoaded || frame != null) {
            return child;
          }
-          return (useGrayBoxPlaceholder
-              ? const SizedBox.square(
+
+          // Show loading if desired
+          return Stack(
+            children: [
+              if (useGrayBoxPlaceholder)
+                const SizedBox.square(
                  dimension: 250,
                  child: DecoratedBox(
                    decoration: BoxDecoration(color: Colors.grey),
                  ),
-                )
-              : Transform.scale(
-                  scale: 0.2,
-                  child: const CircularProgressIndicator(),
-                ));
+                ),
+              if (useProgressIndicator)
+                const Center(
+                  child: CircularProgressIndicator(),
+                ),
+            ],
+          );
        },
        errorBuilder: (context, error, stackTrace) {
          if (error is PlatformException &&
@@ -102,16 +110,27 @@ class ImmichImage extends StatelessWidget {
      fit: fit,
      fadeInDuration: const Duration(milliseconds: 250),
      progressIndicatorBuilder: (context, url, downloadProgress) {
-        if (useGrayBoxPlaceholder) {
-          return const DecoratedBox(
-            decoration: BoxDecoration(color: Colors.grey),
-          );
-        }
-        return Transform.scale(
-          scale: 0.2,
-          child: CircularProgressIndicator.adaptive(
-            value: downloadProgress.progress,
-          ),
+        // Show loading if desired
+        return Stack(
+          children: [
+            if (useGrayBoxPlaceholder)
+              const SizedBox.square(
+                dimension: 250,
+                child: DecoratedBox(
+                  decoration: BoxDecoration(color: Colors.grey),
+                ),
+              ),
+            if (useProgressIndicator)
+              Transform.scale(
+                scale: 2,
+                child: Center(
+                  child: CircularProgressIndicator.adaptive(
+                    strokeWidth: 1,
+                    value: downloadProgress.progress,
+                  ),
+                ),
+              ),
+          ],
        );
      },
      errorWidget: (context, url, error) {
@@ -128,4 +147,46 @@ class ImmichImage extends StatelessWidget {
      },
    );
  }
+
+  /// Precaches this asset for instant load the next time it is shown
+  static Future<void> precacheAsset(
+    Asset asset,
+    BuildContext context, {
+    type = api.ThumbnailFormat.WEBP,
+  }) {
+    final authToken = 'Bearer ${Store.get(StoreKey.accessToken)}';
+
+    if (type == api.ThumbnailFormat.WEBP) {
+      final thumbnailUrl = getThumbnailUrl(asset);
+      final thumbnailCacheKey = getThumbnailCacheKey(asset);
+      final thumbnailProvider = CachedNetworkImageProvider(
+        thumbnailUrl,
+        cacheKey: thumbnailCacheKey,
+        headers: {"Authorization": authToken},
+      );
+      return precacheImage(thumbnailProvider, context);
+    }
+    // Precache the local image
+    if (!asset.isRemote &&
+        (asset.isLocal || !Store.get(StoreKey.preferRemoteImage, false))) {
+      final provider = AssetEntityImageProvider(
+        asset.local!,
+        isOriginal: false,
+        thumbnailSize: const ThumbnailSize.square(250), // like server thumbs
+      );
+      return precacheImage(provider, context);
+    } else {
+      // Precache the remote image since we are not using local images
+      final url = getThumbnailUrl(asset, type: api.ThumbnailFormat.JPEG);
+      final cacheKey =
+          getThumbnailCacheKey(asset, type: api.ThumbnailFormat.JPEG);
+      final provider = CachedNetworkImageProvider(
+        url,
+        cacheKey: cacheKey,
+        headers: {"Authorization": authToken},
+      );
+
+      return precacheImage(provider, context);
+    }
+  }
 }
--- a/mobile/openapi/.openapi-generator/FILES
+++ b/mobile/openapi/.openapi-generator/FILES
@@ -71,6 +71,9 @@ doc/OAuthCallbackDto.md
 doc/OAuthConfigDto.md
 doc/OAuthConfigResponseDto.md
 doc/PartnerApi.md
+doc/PeopleResponseDto.md
+doc/PeopleUpdateDto.md
+doc/PeopleUpdateItem.md
 doc/PersonApi.md
 doc/PersonResponseDto.md
 doc/PersonUpdateDto.md
@@ -88,6 +91,7 @@ doc/SearchFacetResponseDto.md
 doc/SearchResponseDto.md
 doc/ServerInfoApi.md
 doc/ServerInfoResponseDto.md
+doc/ServerMediaTypesResponseDto.md
 doc/ServerPingResponse.md
 doc/ServerStatsResponseDto.md
 doc/ServerVersionReponseDto.md
@@ -207,6 +211,9 @@ lib/model/merge_person_dto.dart
 lib/model/o_auth_callback_dto.dart
 lib/model/o_auth_config_dto.dart
 lib/model/o_auth_config_response_dto.dart
+lib/model/people_response_dto.dart
+lib/model/people_update_dto.dart
+lib/model/people_update_item.dart
 lib/model/person_response_dto.dart
 lib/model/person_update_dto.dart
 lib/model/queue_status_dto.dart
@@ -221,6 +228,7 @@ lib/model/search_facet_count_response_dto.dart
 lib/model/search_facet_response_dto.dart
 lib/model/search_response_dto.dart
 lib/model/server_info_response_dto.dart
+lib/model/server_media_types_response_dto.dart
 lib/model/server_ping_response.dart
 lib/model/server_stats_response_dto.dart
 lib/model/server_version_reponse_dto.dart
@@ -320,6 +328,9 @@ test/o_auth_callback_dto_test.dart
 test/o_auth_config_dto_test.dart
 test/o_auth_config_response_dto_test.dart
 test/partner_api_test.dart
+test/people_response_dto_test.dart
+test/people_update_dto_test.dart
+test/people_update_item_test.dart
 test/person_api_test.dart
 test/person_response_dto_test.dart
 test/person_update_dto_test.dart
@@ -337,6 +348,7 @@ test/search_facet_response_dto_test.dart
 test/search_response_dto_test.dart
 test/server_info_api_test.dart
 test/server_info_response_dto_test.dart
+test/server_media_types_response_dto_test.dart
 test/server_ping_response_test.dart
 test/server_stats_response_dto_test.dart
 test/server_version_reponse_dto_test.dart
--- a/mobile/openapi/README.md
+++ b/mobile/openapi/README.md
@@ -3,7 +3,7 @@ Immich API

 This Dart package is automatically generated by the [OpenAPI Generator](https://openapi-generator.tech) project:

- API version: 1.67.2
+- API version: 1.70.0
 - Build package: org.openapitools.codegen.languages.DartClientCodegen

 ## Requirements
@@ -134,6 +134,7 @@ Class | Method | HTTP request | Description
 *PersonApi* | [**getPersonAssets**](doc//PersonApi.md#getpersonassets) | **GET** /person/{id}/assets | 
 *PersonApi* | [**getPersonThumbnail**](doc//PersonApi.md#getpersonthumbnail) | **GET** /person/{id}/thumbnail | 
 *PersonApi* | [**mergePerson**](doc//PersonApi.md#mergeperson) | **POST** /person/{id}/merge | 
+*PersonApi* | [**updatePeople**](doc//PersonApi.md#updatepeople) | **PUT** /person | 
 *PersonApi* | [**updatePerson**](doc//PersonApi.md#updateperson) | **PUT** /person/{id} | 
 *SearchApi* | [**getExploreData**](doc//SearchApi.md#getexploredata) | **GET** /search/explore | 
 *SearchApi* | [**getSearchConfig**](doc//SearchApi.md#getsearchconfig) | **GET** /search/config | 
@@ -141,6 +142,7 @@ Class | Method | HTTP request | Description
 *ServerInfoApi* | [**getServerInfo**](doc//ServerInfoApi.md#getserverinfo) | **GET** /server-info | 
 *ServerInfoApi* | [**getServerVersion**](doc//ServerInfoApi.md#getserverversion) | **GET** /server-info/version | 
 *ServerInfoApi* | [**getStats**](doc//ServerInfoApi.md#getstats) | **GET** /server-info/stats | 
+*ServerInfoApi* | [**getSupportedMediaTypes**](doc//ServerInfoApi.md#getsupportedmediatypes) | **GET** /server-info/media-types | 
 *ServerInfoApi* | [**pingServer**](doc//ServerInfoApi.md#pingserver) | **GET** /server-info/ping | 
 *SharedLinkApi* | [**addSharedLinkAssets**](doc//SharedLinkApi.md#addsharedlinkassets) | **PUT** /shared-link/{id}/assets | 
 *SharedLinkApi* | [**createSharedLink**](doc//SharedLinkApi.md#createsharedlink) | **POST** /shared-link | 
@@ -237,6 +239,9 @@ Class | Method | HTTP request | Description
 - [OAuthCallbackDto](doc//OAuthCallbackDto.md)
 - [OAuthConfigDto](doc//OAuthConfigDto.md)
 - [OAuthConfigResponseDto](doc//OAuthConfigResponseDto.md)
+ - [PeopleResponseDto](doc//PeopleResponseDto.md)
+ - [PeopleUpdateDto](doc//PeopleUpdateDto.md)
+ - [PeopleUpdateItem](doc//PeopleUpdateItem.md)
 - [PersonResponseDto](doc//PersonResponseDto.md)
 - [PersonUpdateDto](doc//PersonUpdateDto.md)
 - [QueueStatusDto](doc//QueueStatusDto.md)
@@ -251,6 +256,7 @@ Class | Method | HTTP request | Description
 - [SearchFacetResponseDto](doc//SearchFacetResponseDto.md)
 - [SearchResponseDto](doc//SearchResponseDto.md)
 - [ServerInfoResponseDto](doc//ServerInfoResponseDto.md)
+ - [ServerMediaTypesResponseDto](doc//ServerMediaTypesResponseDto.md)
 - [ServerPingResponse](doc//ServerPingResponse.md)
 - [ServerStatsResponseDto](doc//ServerStatsResponseDto.md)
 - [ServerVersionReponseDto](doc//ServerVersionReponseDto.md)
--- a/mobile/openapi/doc/PeopleResponseDto.md
+++ b/mobile/openapi/doc/PeopleResponseDto.md
@@ -0,0 +1,17 @@
+# openapi.model.PeopleResponseDto
+
+## Load the model package
+```dart
+import 'package:openapi/api.dart';
+```
+
+## Properties
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**total** | **num** |  | 
+**visible** | **num** |  | 
+**people** | [**List<PersonResponseDto>**](PersonResponseDto.md) |  | [default to const []]
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
--- a/mobile/openapi/doc/PeopleUpdateDto.md
+++ b/mobile/openapi/doc/PeopleUpdateDto.md
@@ -0,0 +1,15 @@
+# openapi.model.PeopleUpdateDto
+
+## Load the model package
+```dart
+import 'package:openapi/api.dart';
+```
+
+## Properties
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**people** | [**List<PeopleUpdateItem>**](PeopleUpdateItem.md) |  | [default to const []]
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
--- a/mobile/openapi/doc/PeopleUpdateItem.md
+++ b/mobile/openapi/doc/PeopleUpdateItem.md
@@ -0,0 +1,18 @@
+# openapi.model.PeopleUpdateItem
+
+## Load the model package
+```dart
+import 'package:openapi/api.dart';
+```
+
+## Properties
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**id** | **String** | Person id. | 
+**name** | **String** | Person name. | [optional] 
+**featureFaceAssetId** | **String** | Asset is used to get the feature face thumbnail. | [optional] 
+**isHidden** | **bool** | Person visibility | [optional] 
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
--- a/mobile/openapi/doc/PersonApi.md
+++ b/mobile/openapi/doc/PersonApi.md
@@ -14,11 +14,12 @@ Method | HTTP request | Description
 [**getPersonAssets**](PersonApi.md#getpersonassets) | **GET** /person/{id}/assets | 
 [**getPersonThumbnail**](PersonApi.md#getpersonthumbnail) | **GET** /person/{id}/thumbnail | 
 [**mergePerson**](PersonApi.md#mergeperson) | **POST** /person/{id}/merge | 
+[**updatePeople**](PersonApi.md#updatepeople) | **PUT** /person | 
 [**updatePerson**](PersonApi.md#updateperson) | **PUT** /person/{id} | 


 # **getAllPeople**
-> List<PersonResponseDto> getAllPeople()
+> PeopleResponseDto getAllPeople(withHidden)



@@ -41,9 +42,10 @@ import 'package:openapi/api.dart';
 //defaultApiClient.getAuthentication<HttpBearerAuth>('bearer').setAccessToken(yourTokenGeneratorFunction);

 final api_instance = PersonApi();
+final withHidden = true; // bool | 

 try {
-    final result = api_instance.getAllPeople();
+    final result = api_instance.getAllPeople(withHidden);
    print(result);
 } catch (e) {
    print('Exception when calling PersonApi->getAllPeople: $e\n');
@@ -51,11 +53,14 @@ try {
 ```

 ### Parameters
-This endpoint does not need any parameter.
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **withHidden** | **bool**|  | [optional] [default to false]

 ### Return type

-[**List<PersonResponseDto>**](PersonResponseDto.md)
+[**PeopleResponseDto**](PeopleResponseDto.md)

 ### Authorization

@@ -290,6 +295,61 @@ Name | Type | Description  | Notes

 [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)

+# **updatePeople**
+> List<BulkIdResponseDto> updatePeople(peopleUpdateDto)
+
+
+
+### Example
+```dart
+import 'package:openapi/api.dart';
+// TODO Configure API key authorization: cookie
+//defaultApiClient.getAuthentication<ApiKeyAuth>('cookie').apiKey = 'YOUR_API_KEY';
+// uncomment below to setup prefix (e.g. Bearer) for API key, if needed
+//defaultApiClient.getAuthentication<ApiKeyAuth>('cookie').apiKeyPrefix = 'Bearer';
+// TODO Configure API key authorization: api_key
+//defaultApiClient.getAuthentication<ApiKeyAuth>('api_key').apiKey = 'YOUR_API_KEY';
+// uncomment below to setup prefix (e.g. Bearer) for API key, if needed
+//defaultApiClient.getAuthentication<ApiKeyAuth>('api_key').apiKeyPrefix = 'Bearer';
+// TODO Configure HTTP Bearer authorization: bearer
+// Case 1. Use String Token
+//defaultApiClient.getAuthentication<HttpBearerAuth>('bearer').setAccessToken('YOUR_ACCESS_TOKEN');
+// Case 2. Use Function which generate token.
+// String yourTokenGeneratorFunction() { ... }
+//defaultApiClient.getAuthentication<HttpBearerAuth>('bearer').setAccessToken(yourTokenGeneratorFunction);
+
+final api_instance = PersonApi();
+final peopleUpdateDto = PeopleUpdateDto(); // PeopleUpdateDto | 
+
+try {
+    final result = api_instance.updatePeople(peopleUpdateDto);
+    print(result);
+} catch (e) {
+    print('Exception when calling PersonApi->updatePeople: $e\n');
+}
+```
+
+### Parameters
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **peopleUpdateDto** | [**PeopleUpdateDto**](PeopleUpdateDto.md)|  | 
+
+### Return type
+
+[**List<BulkIdResponseDto>**](BulkIdResponseDto.md)
+
+### Authorization
+
+[cookie](../README.md#cookie), [api_key](../README.md#api_key), [bearer](../README.md#bearer)
+
+### HTTP request headers
+
+ - **Content-Type**: application/json
+ - **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
+
 # **updatePerson**
 > PersonResponseDto updatePerson(id, personUpdateDto)

--- a/mobile/openapi/doc/PersonResponseDto.md
+++ b/mobile/openapi/doc/PersonResponseDto.md
@@ -11,6 +11,7 @@ Name | Type | Description | Notes
 **id** | **String** |  | 
 **name** | **String** |  | 
 **thumbnailPath** | **String** |  | 
+**isHidden** | **bool** |  | 

 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

--- a/mobile/openapi/doc/PersonUpdateDto.md
+++ b/mobile/openapi/doc/PersonUpdateDto.md
@@ -10,6 +10,7 @@ Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **name** | **String** | Person name. | [optional] 
 **featureFaceAssetId** | **String** | Asset is used to get the feature face thumbnail. | [optional] 
+**isHidden** | **bool** | Person visibility | [optional] 

 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

--- a/mobile/openapi/doc/ServerInfoApi.md
+++ b/mobile/openapi/doc/ServerInfoApi.md
@@ -12,6 +12,7 @@ Method | HTTP request | Description
 [**getServerInfo**](ServerInfoApi.md#getserverinfo) | **GET** /server-info | 
 [**getServerVersion**](ServerInfoApi.md#getserverversion) | **GET** /server-info/version | 
 [**getStats**](ServerInfoApi.md#getstats) | **GET** /server-info/stats | 
+[**getSupportedMediaTypes**](ServerInfoApi.md#getsupportedmediatypes) | **GET** /server-info/media-types | 
 [**pingServer**](ServerInfoApi.md#pingserver) | **GET** /server-info/ping | 


@@ -154,6 +155,43 @@ This endpoint does not need any parameter.

 [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)

+# **getSupportedMediaTypes**
+> ServerMediaTypesResponseDto getSupportedMediaTypes()
+
+
+
+### Example
+```dart
+import 'package:openapi/api.dart';
+
+final api_instance = ServerInfoApi();
+
+try {
+    final result = api_instance.getSupportedMediaTypes();
+    print(result);
+} catch (e) {
+    print('Exception when calling ServerInfoApi->getSupportedMediaTypes: $e\n');
+}
+```
+
+### Parameters
+This endpoint does not need any parameter.
+
+### Return type
+
+[**ServerMediaTypesResponseDto**](ServerMediaTypesResponseDto.md)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+ - **Content-Type**: Not defined
+ - **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
+
 # **pingServer**
 > ServerPingResponse pingServer()

--- a/mobile/openapi/doc/ServerMediaTypesResponseDto.md
+++ b/mobile/openapi/doc/ServerMediaTypesResponseDto.md
@@ -0,0 +1,17 @@
+# openapi.model.ServerMediaTypesResponseDto
+
+## Load the model package
+```dart
+import 'package:openapi/api.dart';
+```
+
+## Properties
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**video** | **List<String>** |  | [default to const []]
+**image** | **List<String>** |  | [default to const []]
+**sidecar** | **List<String>** |  | [default to const []]
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
--- a/mobile/openapi/doc/SystemConfigOAuthDto.md
+++ b/mobile/openapi/doc/SystemConfigOAuthDto.md
@@ -13,6 +13,7 @@ Name | Type | Description | Notes
 **clientId** | **String** |  | 
 **clientSecret** | **String** |  | 
 **scope** | **String** |  | 
+**storageLabelClaim** | **String** |  | 
 **buttonText** | **String** |  | 
 **autoRegister** | **bool** |  | 
 **autoLaunch** | **bool** |  | 
--- a/mobile/openapi/lib/api.dart
+++ b/mobile/openapi/lib/api.dart
@@ -104,6 +104,9 @@ part 'model/merge_person_dto.dart';
 part 'model/o_auth_callback_dto.dart';
 part 'model/o_auth_config_dto.dart';
 part 'model/o_auth_config_response_dto.dart';
+part 'model/people_response_dto.dart';
+part 'model/people_update_dto.dart';
+part 'model/people_update_item.dart';
 part 'model/person_response_dto.dart';
 part 'model/person_update_dto.dart';
 part 'model/queue_status_dto.dart';
@@ -118,6 +121,7 @@ part 'model/search_facet_count_response_dto.dart';
 part 'model/search_facet_response_dto.dart';
 part 'model/search_response_dto.dart';
 part 'model/server_info_response_dto.dart';
+part 'model/server_media_types_response_dto.dart';
 part 'model/server_ping_response.dart';
 part 'model/server_stats_response_dto.dart';
 part 'model/server_version_reponse_dto.dart';
--- a/mobile/openapi/lib/api/person_api.dart
+++ b/mobile/openapi/lib/api/person_api.dart
@@ -17,7 +17,10 @@ class PersonApi {
  final ApiClient apiClient;

  /// Performs an HTTP 'GET /person' operation and returns the [Response].
-  Future<Response> getAllPeopleWithHttpInfo() async {
+  /// Parameters:
+  ///
+  /// * [bool] withHidden:
+  Future<Response> getAllPeopleWithHttpInfo({ bool? withHidden, }) async {
    // ignore: prefer_const_declarations
    final path = r'/person';

@@ -28,6 +31,10 @@ class PersonApi {
    final headerParams = <String, String>{};
    final formParams = <String, String>{};

+    if (withHidden != null) {
+      queryParams.addAll(_queryParams('', 'withHidden', withHidden));
+    }
+
    const contentTypes = <String>[];


@@ -42,8 +49,11 @@ class PersonApi {
    );
  }

-  Future<List<PersonResponseDto>?> getAllPeople() async {
-    final response = await getAllPeopleWithHttpInfo();
+  /// Parameters:
+  ///
+  /// * [bool] withHidden:
+  Future<PeopleResponseDto?> getAllPeople({ bool? withHidden, }) async {
+    final response = await getAllPeopleWithHttpInfo( withHidden: withHidden, );
    if (response.statusCode >= HttpStatus.badRequest) {
      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
    }
@@ -51,11 +61,8 @@ class PersonApi {
    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
    // FormatException when trying to decode an empty string.
    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
-      final responseBody = await _decodeBodyBytes(response);
-      return (await apiClient.deserializeAsync(responseBody, 'List<PersonResponseDto>') as List)
-        .cast<PersonResponseDto>()
-        .toList();
-
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'PeopleResponseDto',) as PeopleResponseDto;
+    
    }
    return null;
  }
@@ -262,6 +269,56 @@ class PersonApi {
    return null;
  }

+  /// Performs an HTTP 'PUT /person' operation and returns the [Response].
+  /// Parameters:
+  ///
+  /// * [PeopleUpdateDto] peopleUpdateDto (required):
+  Future<Response> updatePeopleWithHttpInfo(PeopleUpdateDto peopleUpdateDto,) async {
+    // ignore: prefer_const_declarations
+    final path = r'/person';
+
+    // ignore: prefer_final_locals
+    Object? postBody = peopleUpdateDto;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    const contentTypes = <String>['application/json'];
+
+
+    return apiClient.invokeAPI(
+      path,
+      'PUT',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+    );
+  }
+
+  /// Parameters:
+  ///
+  /// * [PeopleUpdateDto] peopleUpdateDto (required):
+  Future<List<BulkIdResponseDto>?> updatePeople(PeopleUpdateDto peopleUpdateDto,) async {
+    final response = await updatePeopleWithHttpInfo(peopleUpdateDto,);
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+    // When a remote server returns no body with a status of 204, we shall not decode it.
+    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
+    // FormatException when trying to decode an empty string.
+    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
+      final responseBody = await _decodeBodyBytes(response);
+      return (await apiClient.deserializeAsync(responseBody, 'List<BulkIdResponseDto>') as List)
+        .cast<BulkIdResponseDto>()
+        .toList();
+
+    }
+    return null;
+  }
+
  /// Performs an HTTP 'PUT /person/{id}' operation and returns the [Response].
  /// Parameters:
  ///
--- a/mobile/openapi/lib/api/server_info_api.dart
+++ b/mobile/openapi/lib/api/server_info_api.dart
@@ -139,6 +139,47 @@ class ServerInfoApi {
    return null;
  }

+  /// Performs an HTTP 'GET /server-info/media-types' operation and returns the [Response].
+  Future<Response> getSupportedMediaTypesWithHttpInfo() async {
+    // ignore: prefer_const_declarations
+    final path = r'/server-info/media-types';
+
+    // ignore: prefer_final_locals
+    Object? postBody;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    const contentTypes = <String>[];
+
+
+    return apiClient.invokeAPI(
+      path,
+      'GET',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+    );
+  }
+
+  Future<ServerMediaTypesResponseDto?> getSupportedMediaTypes() async {
+    final response = await getSupportedMediaTypesWithHttpInfo();
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+    // When a remote server returns no body with a status of 204, we shall not decode it.
+    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
+    // FormatException when trying to decode an empty string.
+    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'ServerMediaTypesResponseDto',) as ServerMediaTypesResponseDto;
+    
+    }
+    return null;
+  }
+
  /// Performs an HTTP 'GET /server-info/ping' operation and returns the [Response].
  Future<Response> pingServerWithHttpInfo() async {
    // ignore: prefer_const_declarations
--- a/mobile/openapi/lib/api_client.dart
+++ b/mobile/openapi/lib/api_client.dart
@@ -303,6 +303,12 @@ class ApiClient {
          return OAuthConfigDto.fromJson(value);
        case 'OAuthConfigResponseDto':
          return OAuthConfigResponseDto.fromJson(value);
+        case 'PeopleResponseDto':
+          return PeopleResponseDto.fromJson(value);
+        case 'PeopleUpdateDto':
+          return PeopleUpdateDto.fromJson(value);
+        case 'PeopleUpdateItem':
+          return PeopleUpdateItem.fromJson(value);
        case 'PersonResponseDto':
          return PersonResponseDto.fromJson(value);
        case 'PersonUpdateDto':
@@ -331,6 +337,8 @@ class ApiClient {
          return SearchResponseDto.fromJson(value);
        case 'ServerInfoResponseDto':
          return ServerInfoResponseDto.fromJson(value);
+        case 'ServerMediaTypesResponseDto':
+          return ServerMediaTypesResponseDto.fromJson(value);
        case 'ServerPingResponse':
          return ServerPingResponse.fromJson(value);
        case 'ServerStatsResponseDto':
--- a/mobile/openapi/lib/model/people_response_dto.dart
+++ b/mobile/openapi/lib/model/people_response_dto.dart
@@ -0,0 +1,114 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.12
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+class PeopleResponseDto {
+  /// Returns a new [PeopleResponseDto] instance.
+  PeopleResponseDto({
+    required this.total,
+    required this.visible,
+    this.people = const [],
+  });
+
+  num total;
+
+  num visible;
+
+  List<PersonResponseDto> people;
+
+  @override
+  bool operator ==(Object other) => identical(this, other) || other is PeopleResponseDto &&
+     other.total == total &&
+     other.visible == visible &&
+     other.people == people;
+
+  @override
+  int get hashCode =>
+    // ignore: unnecessary_parenthesis
+    (total.hashCode) +
+    (visible.hashCode) +
+    (people.hashCode);
+
+  @override
+  String toString() => 'PeopleResponseDto[total=$total, visible=$visible, people=$people]';
+
+  Map<String, dynamic> toJson() {
+    final json = <String, dynamic>{};
+      json[r'total'] = this.total;
+      json[r'visible'] = this.visible;
+      json[r'people'] = this.people;
+    return json;
+  }
+
+  /// Returns a new [PeopleResponseDto] instance and imports its values from
+  /// [value] if it's a [Map], null otherwise.
+  // ignore: prefer_constructors_over_static_methods
+  static PeopleResponseDto? fromJson(dynamic value) {
+    if (value is Map) {
+      final json = value.cast<String, dynamic>();
+
+      return PeopleResponseDto(
+        total: num.parse('${json[r'total']}'),
+        visible: num.parse('${json[r'visible']}'),
+        people: PersonResponseDto.listFromJson(json[r'people']),
+      );
+    }
+    return null;
+  }
+
+  static List<PeopleResponseDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <PeopleResponseDto>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = PeopleResponseDto.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+
+  static Map<String, PeopleResponseDto> mapFromJson(dynamic json) {
+    final map = <String, PeopleResponseDto>{};
+    if (json is Map && json.isNotEmpty) {
+      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
+      for (final entry in json.entries) {
+        final value = PeopleResponseDto.fromJson(entry.value);
+        if (value != null) {
+          map[entry.key] = value;
+        }
+      }
+    }
+    return map;
+  }
+
+  // maps a json object with a list of PeopleResponseDto-objects as value to a dart map
+  static Map<String, List<PeopleResponseDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<PeopleResponseDto>>{};
+    if (json is Map && json.isNotEmpty) {
+      // ignore: parameter_assignments
+      json = json.cast<String, dynamic>();
+      for (final entry in json.entries) {
+        map[entry.key] = PeopleResponseDto.listFromJson(entry.value, growable: growable,);
+      }
+    }
+    return map;
+  }
+
+  /// The list of required keys that must be present in a JSON.
+  static const requiredKeys = <String>{
+    'total',
+    'visible',
+    'people',
+  };
+}
+
--- a/mobile/openapi/lib/model/people_update_dto.dart
+++ b/mobile/openapi/lib/model/people_update_dto.dart
@@ -0,0 +1,98 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.12
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+class PeopleUpdateDto {
+  /// Returns a new [PeopleUpdateDto] instance.
+  PeopleUpdateDto({
+    this.people = const [],
+  });
+
+  List<PeopleUpdateItem> people;
+
+  @override
+  bool operator ==(Object other) => identical(this, other) || other is PeopleUpdateDto &&
+     other.people == people;
+
+  @override
+  int get hashCode =>
+    // ignore: unnecessary_parenthesis
+    (people.hashCode);
+
+  @override
+  String toString() => 'PeopleUpdateDto[people=$people]';
+
+  Map<String, dynamic> toJson() {
+    final json = <String, dynamic>{};
+      json[r'people'] = this.people;
+    return json;
+  }
+
+  /// Returns a new [PeopleUpdateDto] instance and imports its values from
+  /// [value] if it's a [Map], null otherwise.
+  // ignore: prefer_constructors_over_static_methods
+  static PeopleUpdateDto? fromJson(dynamic value) {
+    if (value is Map) {
+      final json = value.cast<String, dynamic>();
+
+      return PeopleUpdateDto(
+        people: PeopleUpdateItem.listFromJson(json[r'people']),
+      );
+    }
+    return null;
+  }
+
+  static List<PeopleUpdateDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <PeopleUpdateDto>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = PeopleUpdateDto.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+
+  static Map<String, PeopleUpdateDto> mapFromJson(dynamic json) {
+    final map = <String, PeopleUpdateDto>{};
+    if (json is Map && json.isNotEmpty) {
+      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
+      for (final entry in json.entries) {
+        final value = PeopleUpdateDto.fromJson(entry.value);
+        if (value != null) {
+          map[entry.key] = value;
+        }
+      }
+    }
+    return map;
+  }
+
+  // maps a json object with a list of PeopleUpdateDto-objects as value to a dart map
+  static Map<String, List<PeopleUpdateDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<PeopleUpdateDto>>{};
+    if (json is Map && json.isNotEmpty) {
+      // ignore: parameter_assignments
+      json = json.cast<String, dynamic>();
+      for (final entry in json.entries) {
+        map[entry.key] = PeopleUpdateDto.listFromJson(entry.value, growable: growable,);
+      }
+    }
+    return map;
+  }
+
+  /// The list of required keys that must be present in a JSON.
+  static const requiredKeys = <String>{
+    'people',
+  };
+}
+
--- a/mobile/openapi/lib/model/people_update_item.dart
+++ b/mobile/openapi/lib/model/people_update_item.dart
@@ -0,0 +1,153 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.12
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+class PeopleUpdateItem {
+  /// Returns a new [PeopleUpdateItem] instance.
+  PeopleUpdateItem({
+    required this.id,
+    this.name,
+    this.featureFaceAssetId,
+    this.isHidden,
+  });
+
+  /// Person id.
+  String id;
+
+  /// Person name.
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  String? name;
+
+  /// Asset is used to get the feature face thumbnail.
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  String? featureFaceAssetId;
+
+  /// Person visibility
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  bool? isHidden;
+
+  @override
+  bool operator ==(Object other) => identical(this, other) || other is PeopleUpdateItem &&
+     other.id == id &&
+     other.name == name &&
+     other.featureFaceAssetId == featureFaceAssetId &&
+     other.isHidden == isHidden;
+
+  @override
+  int get hashCode =>
+    // ignore: unnecessary_parenthesis
+    (id.hashCode) +
+    (name == null ? 0 : name!.hashCode) +
+    (featureFaceAssetId == null ? 0 : featureFaceAssetId!.hashCode) +
+    (isHidden == null ? 0 : isHidden!.hashCode);
+
+  @override
+  String toString() => 'PeopleUpdateItem[id=$id, name=$name, featureFaceAssetId=$featureFaceAssetId, isHidden=$isHidden]';
+
+  Map<String, dynamic> toJson() {
+    final json = <String, dynamic>{};
+      json[r'id'] = this.id;
+    if (this.name != null) {
+      json[r'name'] = this.name;
+    } else {
+    //  json[r'name'] = null;
+    }
+    if (this.featureFaceAssetId != null) {
+      json[r'featureFaceAssetId'] = this.featureFaceAssetId;
+    } else {
+    //  json[r'featureFaceAssetId'] = null;
+    }
+    if (this.isHidden != null) {
+      json[r'isHidden'] = this.isHidden;
+    } else {
+    //  json[r'isHidden'] = null;
+    }
+    return json;
+  }
+
+  /// Returns a new [PeopleUpdateItem] instance and imports its values from
+  /// [value] if it's a [Map], null otherwise.
+  // ignore: prefer_constructors_over_static_methods
+  static PeopleUpdateItem? fromJson(dynamic value) {
+    if (value is Map) {
+      final json = value.cast<String, dynamic>();
+
+      return PeopleUpdateItem(
+        id: mapValueOfType<String>(json, r'id')!,
+        name: mapValueOfType<String>(json, r'name'),
+        featureFaceAssetId: mapValueOfType<String>(json, r'featureFaceAssetId'),
+        isHidden: mapValueOfType<bool>(json, r'isHidden'),
+      );
+    }
+    return null;
+  }
+
+  static List<PeopleUpdateItem> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <PeopleUpdateItem>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = PeopleUpdateItem.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+
+  static Map<String, PeopleUpdateItem> mapFromJson(dynamic json) {
+    final map = <String, PeopleUpdateItem>{};
+    if (json is Map && json.isNotEmpty) {
+      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
+      for (final entry in json.entries) {
+        final value = PeopleUpdateItem.fromJson(entry.value);
+        if (value != null) {
+          map[entry.key] = value;
+        }
+      }
+    }
+    return map;
+  }
+
+  // maps a json object with a list of PeopleUpdateItem-objects as value to a dart map
+  static Map<String, List<PeopleUpdateItem>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<PeopleUpdateItem>>{};
+    if (json is Map && json.isNotEmpty) {
+      // ignore: parameter_assignments
+      json = json.cast<String, dynamic>();
+      for (final entry in json.entries) {
+        map[entry.key] = PeopleUpdateItem.listFromJson(entry.value, growable: growable,);
+      }
+    }
+    return map;
+  }
+
+  /// The list of required keys that must be present in a JSON.
+  static const requiredKeys = <String>{
+    'id',
+  };
+}
+
--- a/mobile/openapi/lib/model/person_response_dto.dart
+++ b/mobile/openapi/lib/model/person_response_dto.dart
@@ -16,6 +16,7 @@ class PersonResponseDto {
    required this.id,
    required this.name,
    required this.thumbnailPath,
+    required this.isHidden,
  });

  String id;
@@ -24,27 +25,32 @@ class PersonResponseDto {

  String thumbnailPath;

+  bool isHidden;
+
  @override
  bool operator ==(Object other) => identical(this, other) || other is PersonResponseDto &&
     other.id == id &&
     other.name == name &&
-     other.thumbnailPath == thumbnailPath;
+     other.thumbnailPath == thumbnailPath &&
+     other.isHidden == isHidden;

  @override
  int get hashCode =>
    // ignore: unnecessary_parenthesis
    (id.hashCode) +
    (name.hashCode) +
-    (thumbnailPath.hashCode);
+    (thumbnailPath.hashCode) +
+    (isHidden.hashCode);

  @override
-  String toString() => 'PersonResponseDto[id=$id, name=$name, thumbnailPath=$thumbnailPath]';
+  String toString() => 'PersonResponseDto[id=$id, name=$name, thumbnailPath=$thumbnailPath, isHidden=$isHidden]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
      json[r'id'] = this.id;
      json[r'name'] = this.name;
      json[r'thumbnailPath'] = this.thumbnailPath;
+      json[r'isHidden'] = this.isHidden;
    return json;
  }

@@ -59,6 +65,7 @@ class PersonResponseDto {
        id: mapValueOfType<String>(json, r'id')!,
        name: mapValueOfType<String>(json, r'name')!,
        thumbnailPath: mapValueOfType<String>(json, r'thumbnailPath')!,
+        isHidden: mapValueOfType<bool>(json, r'isHidden')!,
      );
    }
    return null;
@@ -109,6 +116,7 @@ class PersonResponseDto {
    'id',
    'name',
    'thumbnailPath',
+    'isHidden',
  };
 }

--- a/mobile/openapi/lib/model/person_update_dto.dart
+++ b/mobile/openapi/lib/model/person_update_dto.dart
@@ -15,6 +15,7 @@ class PersonUpdateDto {
  PersonUpdateDto({
    this.name,
    this.featureFaceAssetId,
+    this.isHidden,
  });

  /// Person name.
@@ -35,19 +36,30 @@ class PersonUpdateDto {
  ///
  String? featureFaceAssetId;

+  /// Person visibility
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  bool? isHidden;
+
  @override
  bool operator ==(Object other) => identical(this, other) || other is PersonUpdateDto &&
     other.name == name &&
-     other.featureFaceAssetId == featureFaceAssetId;
+     other.featureFaceAssetId == featureFaceAssetId &&
+     other.isHidden == isHidden;

  @override
  int get hashCode =>
    // ignore: unnecessary_parenthesis
    (name == null ? 0 : name!.hashCode) +
-    (featureFaceAssetId == null ? 0 : featureFaceAssetId!.hashCode);
+    (featureFaceAssetId == null ? 0 : featureFaceAssetId!.hashCode) +
+    (isHidden == null ? 0 : isHidden!.hashCode);

  @override
-  String toString() => 'PersonUpdateDto[name=$name, featureFaceAssetId=$featureFaceAssetId]';
+  String toString() => 'PersonUpdateDto[name=$name, featureFaceAssetId=$featureFaceAssetId, isHidden=$isHidden]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
@@ -61,6 +73,11 @@ class PersonUpdateDto {
    } else {
    //  json[r'featureFaceAssetId'] = null;
    }
+    if (this.isHidden != null) {
+      json[r'isHidden'] = this.isHidden;
+    } else {
+    //  json[r'isHidden'] = null;
+    }
    return json;
  }

@@ -74,6 +91,7 @@ class PersonUpdateDto {
      return PersonUpdateDto(
        name: mapValueOfType<String>(json, r'name'),
        featureFaceAssetId: mapValueOfType<String>(json, r'featureFaceAssetId'),
+        isHidden: mapValueOfType<bool>(json, r'isHidden'),
      );
    }
    return null;
--- a/mobile/openapi/lib/model/server_media_types_response_dto.dart
+++ b/mobile/openapi/lib/model/server_media_types_response_dto.dart
@@ -0,0 +1,120 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.12
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+class ServerMediaTypesResponseDto {
+  /// Returns a new [ServerMediaTypesResponseDto] instance.
+  ServerMediaTypesResponseDto({
+    this.video = const [],
+    this.image = const [],
+    this.sidecar = const [],
+  });
+
+  List<String> video;
+
+  List<String> image;
+
+  List<String> sidecar;
+
+  @override
+  bool operator ==(Object other) => identical(this, other) || other is ServerMediaTypesResponseDto &&
+     other.video == video &&
+     other.image == image &&
+     other.sidecar == sidecar;
+
+  @override
+  int get hashCode =>
+    // ignore: unnecessary_parenthesis
+    (video.hashCode) +
+    (image.hashCode) +
+    (sidecar.hashCode);
+
+  @override
+  String toString() => 'ServerMediaTypesResponseDto[video=$video, image=$image, sidecar=$sidecar]';
+
+  Map<String, dynamic> toJson() {
+    final json = <String, dynamic>{};
+      json[r'video'] = this.video;
+      json[r'image'] = this.image;
+      json[r'sidecar'] = this.sidecar;
+    return json;
+  }
+
+  /// Returns a new [ServerMediaTypesResponseDto] instance and imports its values from
+  /// [value] if it's a [Map], null otherwise.
+  // ignore: prefer_constructors_over_static_methods
+  static ServerMediaTypesResponseDto? fromJson(dynamic value) {
+    if (value is Map) {
+      final json = value.cast<String, dynamic>();
+
+      return ServerMediaTypesResponseDto(
+        video: json[r'video'] is Iterable
+            ? (json[r'video'] as Iterable).cast<String>().toList(growable: false)
+            : const [],
+        image: json[r'image'] is Iterable
+            ? (json[r'image'] as Iterable).cast<String>().toList(growable: false)
+            : const [],
+        sidecar: json[r'sidecar'] is Iterable
+            ? (json[r'sidecar'] as Iterable).cast<String>().toList(growable: false)
+            : const [],
+      );
+    }
+    return null;
+  }
+
+  static List<ServerMediaTypesResponseDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <ServerMediaTypesResponseDto>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = ServerMediaTypesResponseDto.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+
+  static Map<String, ServerMediaTypesResponseDto> mapFromJson(dynamic json) {
+    final map = <String, ServerMediaTypesResponseDto>{};
+    if (json is Map && json.isNotEmpty) {
+      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
+      for (final entry in json.entries) {
+        final value = ServerMediaTypesResponseDto.fromJson(entry.value);
+        if (value != null) {
+          map[entry.key] = value;
+        }
+      }
+    }
+    return map;
+  }
+
+  // maps a json object with a list of ServerMediaTypesResponseDto-objects as value to a dart map
+  static Map<String, List<ServerMediaTypesResponseDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<ServerMediaTypesResponseDto>>{};
+    if (json is Map && json.isNotEmpty) {
+      // ignore: parameter_assignments
+      json = json.cast<String, dynamic>();
+      for (final entry in json.entries) {
+        map[entry.key] = ServerMediaTypesResponseDto.listFromJson(entry.value, growable: growable,);
+      }
+    }
+    return map;
+  }
+
+  /// The list of required keys that must be present in a JSON.
+  static const requiredKeys = <String>{
+    'video',
+    'image',
+    'sidecar',
+  };
+}
+
--- a/mobile/openapi/lib/model/system_config_o_auth_dto.dart
+++ b/mobile/openapi/lib/model/system_config_o_auth_dto.dart
@@ -18,6 +18,7 @@ class SystemConfigOAuthDto {
    required this.clientId,
    required this.clientSecret,
    required this.scope,
+    required this.storageLabelClaim,
    required this.buttonText,
    required this.autoRegister,
    required this.autoLaunch,
@@ -35,6 +36,8 @@ class SystemConfigOAuthDto {

  String scope;

+  String storageLabelClaim;
+
  String buttonText;

  bool autoRegister;
@@ -52,6 +55,7 @@ class SystemConfigOAuthDto {
     other.clientId == clientId &&
     other.clientSecret == clientSecret &&
     other.scope == scope &&
+     other.storageLabelClaim == storageLabelClaim &&
     other.buttonText == buttonText &&
     other.autoRegister == autoRegister &&
     other.autoLaunch == autoLaunch &&
@@ -66,6 +70,7 @@ class SystemConfigOAuthDto {
    (clientId.hashCode) +
    (clientSecret.hashCode) +
    (scope.hashCode) +
+    (storageLabelClaim.hashCode) +
    (buttonText.hashCode) +
    (autoRegister.hashCode) +
    (autoLaunch.hashCode) +
@@ -73,7 +78,7 @@ class SystemConfigOAuthDto {
    (mobileRedirectUri.hashCode);

  @override
-  String toString() => 'SystemConfigOAuthDto[enabled=$enabled, issuerUrl=$issuerUrl, clientId=$clientId, clientSecret=$clientSecret, scope=$scope, buttonText=$buttonText, autoRegister=$autoRegister, autoLaunch=$autoLaunch, mobileOverrideEnabled=$mobileOverrideEnabled, mobileRedirectUri=$mobileRedirectUri]';
+  String toString() => 'SystemConfigOAuthDto[enabled=$enabled, issuerUrl=$issuerUrl, clientId=$clientId, clientSecret=$clientSecret, scope=$scope, storageLabelClaim=$storageLabelClaim, buttonText=$buttonText, autoRegister=$autoRegister, autoLaunch=$autoLaunch, mobileOverrideEnabled=$mobileOverrideEnabled, mobileRedirectUri=$mobileRedirectUri]';

  Map<String, dynamic> toJson() {
    final json = <String, dynamic>{};
@@ -82,6 +87,7 @@ class SystemConfigOAuthDto {
      json[r'clientId'] = this.clientId;
      json[r'clientSecret'] = this.clientSecret;
      json[r'scope'] = this.scope;
+      json[r'storageLabelClaim'] = this.storageLabelClaim;
      json[r'buttonText'] = this.buttonText;
      json[r'autoRegister'] = this.autoRegister;
      json[r'autoLaunch'] = this.autoLaunch;
@@ -103,6 +109,7 @@ class SystemConfigOAuthDto {
        clientId: mapValueOfType<String>(json, r'clientId')!,
        clientSecret: mapValueOfType<String>(json, r'clientSecret')!,
        scope: mapValueOfType<String>(json, r'scope')!,
+        storageLabelClaim: mapValueOfType<String>(json, r'storageLabelClaim')!,
        buttonText: mapValueOfType<String>(json, r'buttonText')!,
        autoRegister: mapValueOfType<bool>(json, r'autoRegister')!,
        autoLaunch: mapValueOfType<bool>(json, r'autoLaunch')!,
@@ -160,6 +167,7 @@ class SystemConfigOAuthDto {
    'clientId',
    'clientSecret',
    'scope',
+    'storageLabelClaim',
    'buttonText',
    'autoRegister',
    'autoLaunch',
--- a/mobile/openapi/test/people_response_dto_test.dart
+++ b/mobile/openapi/test/people_response_dto_test.dart
@@ -0,0 +1,37 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.12
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+import 'package:openapi/api.dart';
+import 'package:test/test.dart';
+
+// tests for PeopleResponseDto
+void main() {
+  // final instance = PeopleResponseDto();
+
+  group('test PeopleResponseDto', () {
+    // num total
+    test('to test the property `total`', () async {
+      // TODO
+    });
+
+    // num visible
+    test('to test the property `visible`', () async {
+      // TODO
+    });
+
+    // List<PersonResponseDto> people (default value: const [])
+    test('to test the property `people`', () async {
+      // TODO
+    });
+
+
+  });
+
+}
--- a/mobile/openapi/test/people_update_dto_test.dart
+++ b/mobile/openapi/test/people_update_dto_test.dart
@@ -0,0 +1,27 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.12
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+import 'package:openapi/api.dart';
+import 'package:test/test.dart';
+
+// tests for PeopleUpdateDto
+void main() {
+  // final instance = PeopleUpdateDto();
+
+  group('test PeopleUpdateDto', () {
+    // List<PeopleUpdateItem> people (default value: const [])
+    test('to test the property `people`', () async {
+      // TODO
+    });
+
+
+  });
+
+}
--- a/mobile/openapi/test/people_update_item_test.dart
+++ b/mobile/openapi/test/people_update_item_test.dart
@@ -0,0 +1,46 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.12
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+import 'package:openapi/api.dart';
+import 'package:test/test.dart';
+
+// tests for PeopleUpdateItem
+void main() {
+  // final instance = PeopleUpdateItem();
+
+  group('test PeopleUpdateItem', () {
+    // Person id.
+    // String id
+    test('to test the property `id`', () async {
+      // TODO
+    });
+
+    // Person name.
+    // String name
+    test('to test the property `name`', () async {
+      // TODO
+    });
+
+    // Asset is used to get the feature face thumbnail.
+    // String featureFaceAssetId
+    test('to test the property `featureFaceAssetId`', () async {
+      // TODO
+    });
+
+    // Person visibility
+    // bool isHidden
+    test('to test the property `isHidden`', () async {
+      // TODO
+    });
+
+
+  });
+
+}
--- a/mobile/openapi/test/person_api_test.dart
+++ b/mobile/openapi/test/person_api_test.dart
@@ -17,7 +17,7 @@ void main() {
  // final instance = PersonApi();

  group('tests for PersonApi', () {
-    //Future<List<PersonResponseDto>> getAllPeople() async
+    //Future<PeopleResponseDto> getAllPeople({ bool withHidden }) async
    test('test getAllPeople', () async {
      // TODO
    });
@@ -42,6 +42,11 @@ void main() {
      // TODO
    });

+    //Future<List<BulkIdResponseDto>> updatePeople(PeopleUpdateDto peopleUpdateDto) async
+    test('test updatePeople', () async {
+      // TODO
+    });
+
    //Future<PersonResponseDto> updatePerson(String id, PersonUpdateDto personUpdateDto) async
    test('test updatePerson', () async {
      // TODO
--- a/mobile/openapi/test/person_response_dto_test.dart
+++ b/mobile/openapi/test/person_response_dto_test.dart
@@ -31,6 +31,11 @@ void main() {
      // TODO
    });

+    // bool isHidden
+    test('to test the property `isHidden`', () async {
+      // TODO
+    });
+

  });

--- a/mobile/openapi/test/person_update_dto_test.dart
+++ b/mobile/openapi/test/person_update_dto_test.dart
@@ -28,6 +28,12 @@ void main() {
      // TODO
    });

+    // Person visibility
+    // bool isHidden
+    test('to test the property `isHidden`', () async {
+      // TODO
+    });
+

  });

--- a/mobile/openapi/test/server_info_api_test.dart
+++ b/mobile/openapi/test/server_info_api_test.dart
@@ -32,6 +32,11 @@ void main() {
      // TODO
    });

+    //Future<ServerMediaTypesResponseDto> getSupportedMediaTypes() async
+    test('test getSupportedMediaTypes', () async {
+      // TODO
+    });
+
    //Future<ServerPingResponse> pingServer() async
    test('test pingServer', () async {
      // TODO
--- a/mobile/openapi/test/server_media_types_response_dto_test.dart
+++ b/mobile/openapi/test/server_media_types_response_dto_test.dart
@@ -0,0 +1,37 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.12
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+import 'package:openapi/api.dart';
+import 'package:test/test.dart';
+
+// tests for ServerMediaTypesResponseDto
+void main() {
+  // final instance = ServerMediaTypesResponseDto();
+
+  group('test ServerMediaTypesResponseDto', () {
+    // List<String> video (default value: const [])
+    test('to test the property `video`', () async {
+      // TODO
+    });
+
+    // List<String> image (default value: const [])
+    test('to test the property `image`', () async {
+      // TODO
+    });
+
+    // List<String> sidecar (default value: const [])
+    test('to test the property `sidecar`', () async {
+      // TODO
+    });
+
+
+  });
+
+}
--- a/mobile/openapi/test/system_config_o_auth_dto_test.dart
+++ b/mobile/openapi/test/system_config_o_auth_dto_test.dart
@@ -41,6 +41,11 @@ void main() {
      // TODO
    });

+    // String storageLabelClaim
+    test('to test the property `storageLabelClaim`', () async {
+      // TODO
+    });
+
    // String buttonText
    test('to test the property `buttonText`', () async {
      // TODO
--- a/mobile/pubspec.yaml
+++ b/mobile/pubspec.yaml
@@ -2,7 +2,7 @@ name: immich_mobile
 description: Immich - selfhosted backup media file on mobile phone

 publish_to: "none"
-version: 1.67.2+90
+version: 1.70.0+93
 isar_version: &isar_version 3.1.0+1

 environment:
--- a/server/Dockerfile
+++ b/server/Dockerfile
@@ -22,7 +22,7 @@ ENV NODE_ENV=production

 WORKDIR /usr/src/app

-RUN apk add --no-cache ffmpeg imagemagick-dev libraw-dev perl vips-dev vips-heif vips-jxl vips-magick
+RUN apk add --no-cache ffmpeg imagemagick-dev libraw-dev perl tini vips-dev vips-heif vips-jxl vips-magick

 COPY --from=prod /usr/src/app/node_modules ./node_modules
 COPY --from=prod /usr/src/app/dist ./dist
@@ -39,4 +39,4 @@ VOLUME /usr/src/app/upload

 EXPOSE 3001

-ENTRYPOINT ["/bin/sh"]
+ENTRYPOINT ["tini", "--", "/bin/sh"]
--- a/server/immich-openapi-specs.json
+++ b/server/immich-openapi-specs.json
@@ -2509,7 +2509,57 @@
    "/person": {
      "get": {
        "operationId": "getAllPeople",
+        "parameters": [
+          {
+            "name": "withHidden",
+            "required": false,
+            "in": "query",
+            "schema": {
+              "default": false,
+              "type": "boolean"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/PeopleResponseDto"
+                }
+              }
+            }
+          }
+        },
+        "tags": [
+          "Person"
+        ],
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ]
+      },
+      "put": {
+        "operationId": "updatePeople",
        "parameters": [],
+        "requestBody": {
+          "required": true,
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/PeopleUpdateDto"
+              }
+            }
+          }
+        },
        "responses": {
          "200": {
            "description": "",
@@ -2518,7 +2568,7 @@
                "schema": {
                  "type": "array",
                  "items": {
-                    "$ref": "#/components/schemas/PersonResponseDto"
+                    "$ref": "#/components/schemas/BulkIdResponseDto"
                  }
                }
              }
@@ -3040,6 +3090,27 @@
        ]
      }
    },
+    "/server-info/media-types": {
+      "get": {
+        "operationId": "getSupportedMediaTypes",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "description": "",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ServerMediaTypesResponseDto"
+                }
+              }
+            }
+          }
+        },
+        "tags": [
+          "Server Info"
+        ]
+      }
+    },
    "/server-info/ping": {
      "get": {
        "operationId": "pingServer",
@@ -4368,7 +4439,7 @@
  "info": {
    "title": "Immich",
    "description": "Immich API",
-    "version": "1.67.2",
+    "version": "1.70.0",
    "contact": {}
  },
  "tags": [],
@@ -5000,13 +5071,13 @@
            "type": "boolean"
          },
          "error": {
-            "type": "string",
            "enum": [
              "duplicate",
              "no_permission",
              "not_found",
              "unknown"
-            ]
+            ],
+            "type": "string"
          }
        },
        "required": [
@@ -5856,6 +5927,66 @@
          "passwordLoginEnabled"
        ]
      },
+      "PeopleResponseDto": {
+        "type": "object",
+        "properties": {
+          "total": {
+            "type": "number"
+          },
+          "visible": {
+            "type": "number"
+          },
+          "people": {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/PersonResponseDto"
+            }
+          }
+        },
+        "required": [
+          "total",
+          "visible",
+          "people"
+        ]
+      },
+      "PeopleUpdateDto": {
+        "type": "object",
+        "properties": {
+          "people": {
+            "type": "array",
+            "items": {
+              "$ref": "#/components/schemas/PeopleUpdateItem"
+            }
+          }
+        },
+        "required": [
+          "people"
+        ]
+      },
+      "PeopleUpdateItem": {
+        "type": "object",
+        "properties": {
+          "id": {
+            "type": "string",
+            "description": "Person id."
+          },
+          "name": {
+            "type": "string",
+            "description": "Person name."
+          },
+          "featureFaceAssetId": {
+            "type": "string",
+            "description": "Asset is used to get the feature face thumbnail."
+          },
+          "isHidden": {
+            "type": "boolean",
+            "description": "Person visibility"
+          }
+        },
+        "required": [
+          "id"
+        ]
+      },
      "PersonResponseDto": {
        "type": "object",
        "properties": {
@@ -5867,12 +5998,16 @@
          },
          "thumbnailPath": {
            "type": "string"
+          },
+          "isHidden": {
+            "type": "boolean"
          }
        },
        "required": [
          "id",
          "name",
-          "thumbnailPath"
+          "thumbnailPath",
+          "isHidden"
        ]
      },
      "PersonUpdateDto": {
@@ -5885,6 +6020,10 @@
          "featureFaceAssetId": {
            "type": "string",
            "description": "Asset is used to get the feature face thumbnail."
+          },
+          "isHidden": {
+            "type": "boolean",
+            "description": "Person visibility"
          }
        }
      },
@@ -6118,6 +6257,34 @@
          "diskAvailable"
        ]
      },
+      "ServerMediaTypesResponseDto": {
+        "type": "object",
+        "properties": {
+          "video": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "image": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "sidecar": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        },
+        "required": [
+          "video",
+          "image",
+          "sidecar"
+        ]
+      },
      "ServerPingResponse": {
        "type": "object",
        "properties": {
@@ -6503,6 +6670,9 @@
          "scope": {
            "type": "string"
          },
+          "storageLabelClaim": {
+            "type": "string"
+          },
          "buttonText": {
            "type": "string"
          },
@@ -6525,6 +6695,7 @@
          "clientId",
          "clientSecret",
          "scope",
+          "storageLabelClaim",
          "buttonText",
          "autoRegister",
          "autoLaunch",
--- a/server/package-lock.json
+++ b/server/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "immich",
-  "version": "1.67.2",
+  "version": "1.70.0",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "immich",
-      "version": "1.67.2",
+      "version": "1.70.0",
      "license": "UNLICENSED",
      "dependencies": {
        "@babel/runtime": "^7.20.13",
@@ -33,7 +33,7 @@
        "fluent-ffmpeg": "^2.1.2",
        "handlebars": "^4.7.7",
        "i18n-iso-countries": "^7.5.0",
-        "immich": "^0.39.0",
+        "immich": "^0.40.1",
        "ioredis": "^5.3.1",
        "joi": "^17.5.0",
        "local-reverse-geocoder": "0.12.5",
@@ -7003,9 +7003,9 @@
      }
    },
    "node_modules/immich": {
-      "version": "0.39.0",
-      "resolved": "https://registry.npmjs.org/immich/-/immich-0.39.0.tgz",
-      "integrity": "sha512-FoIj/ZV7QrjuBC7F6o6YZ8jqLZDJCZwrr80CxkzERPI7qX8YrSjR1GM4ocA/9oT7p7iA+dIxT//BF5MKNPkn4g==",
+      "version": "0.40.1",
+      "resolved": "https://registry.npmjs.org/immich/-/immich-0.40.1.tgz",
+      "integrity": "sha512-pU0Ua+FAsOiqrPC8NbSA521QW0k56Sw0GZ5rrPyqEMb2dcYPDOqEFcEk/1INqoQpPxy+CF9ZOCHNWxsEc7L1Rw==",
      "dependencies": {
        "axios": "^0.26.0",
        "chalk": "^2.4.1",
@@ -17786,9 +17786,9 @@
      "dev": true
    },
    "immich": {
-      "version": "0.39.0",
-      "resolved": "https://registry.npmjs.org/immich/-/immich-0.39.0.tgz",
-      "integrity": "sha512-FoIj/ZV7QrjuBC7F6o6YZ8jqLZDJCZwrr80CxkzERPI7qX8YrSjR1GM4ocA/9oT7p7iA+dIxT//BF5MKNPkn4g==",
+      "version": "0.40.1",
+      "resolved": "https://registry.npmjs.org/immich/-/immich-0.40.1.tgz",
+      "integrity": "sha512-pU0Ua+FAsOiqrPC8NbSA521QW0k56Sw0GZ5rrPyqEMb2dcYPDOqEFcEk/1INqoQpPxy+CF9ZOCHNWxsEc7L1Rw==",
      "requires": {
        "axios": "^0.26.0",
        "chalk": "^2.4.1",
--- a/server/package.json
+++ b/server/package.json
@@ -1,6 +1,6 @@
 {
  "name": "immich",
-  "version": "1.67.2",
+  "version": "1.70.0",
  "description": "",
  "author": "",
  "private": true,
@@ -63,7 +63,7 @@
    "fluent-ffmpeg": "^2.1.2",
    "handlebars": "^4.7.7",
    "i18n-iso-countries": "^7.5.0",
-    "immich": "^0.39.0",
+    "immich": "^0.40.1",
    "ioredis": "^5.3.1",
    "joi": "^17.5.0",
    "local-reverse-geocoder": "0.12.5",
--- a/server/src/domain/asset/asset.repository.ts
+++ b/server/src/domain/asset/asset.repository.ts
@@ -11,6 +11,7 @@ export interface AssetStatsOptions {
 export interface AssetSearchOptions {
  isVisible?: boolean;
  type?: AssetType;
+  order?: 'ASC' | 'DESC';
 }

 export interface LivePhotoSearchOptions {
--- a/server/src/domain/asset/asset.service.spec.ts
+++ b/server/src/domain/asset/asset.service.spec.ts
@@ -1,18 +1,20 @@
 import { AssetType } from '@app/infra/entities';
-import { BadRequestException } from '@nestjs/common';
+import { BadRequestException, UnauthorizedException } from '@nestjs/common';
 import {
  assetEntityStub,
  authStub,
  IAccessRepositoryMock,
  newAccessRepositoryMock,
  newAssetRepositoryMock,
+  newCryptoRepositoryMock,
  newStorageRepositoryMock,
 } from '@test';
 import { when } from 'jest-when';
 import { Readable } from 'stream';
+import { ICryptoRepository } from '../crypto';
 import { IStorageRepository } from '../storage';
 import { AssetStats, IAssetRepository } from './asset.repository';
-import { AssetService } from './asset.service';
+import { AssetService, UploadFieldName } from './asset.service';
 import { AssetStatsResponseDto, DownloadResponseDto } from './dto';
 import { mapAsset } from './response-dto';

@@ -39,10 +41,110 @@ const statResponse: AssetStatsResponseDto = {
  total: 33,
 };

+const uploadFile = {
+  nullAuth: {
+    authUser: null,
+    fieldName: UploadFieldName.ASSET_DATA,
+    file: {
+      checksum: Buffer.from('checksum', 'utf8'),
+      originalPath: 'upload/admin/image.jpeg',
+      originalName: 'image.jpeg',
+    },
+  },
+  filename: (fieldName: UploadFieldName, filename: string) => {
+    return {
+      authUser: authStub.admin,
+      fieldName,
+      file: {
+        mimeType: 'image/jpeg',
+        checksum: Buffer.from('checksum', 'utf8'),
+        originalPath: `upload/admin/${filename}`,
+        originalName: filename,
+      },
+    };
+  },
+};
+
+const validImages = [
+  '.3fr',
+  '.ari',
+  '.arw',
+  '.avif',
+  '.cap',
+  '.cin',
+  '.cr2',
+  '.cr3',
+  '.crw',
+  '.dcr',
+  '.dng',
+  '.erf',
+  '.fff',
+  '.gif',
+  '.heic',
+  '.heif',
+  '.iiq',
+  '.jpeg',
+  '.jpg',
+  '.jxl',
+  '.k25',
+  '.kdc',
+  '.mrw',
+  '.nef',
+  '.orf',
+  '.ori',
+  '.pef',
+  '.png',
+  '.raf',
+  '.raw',
+  '.rwl',
+  '.sr2',
+  '.srf',
+  '.srw',
+  '.tiff',
+  '.webp',
+  '.x3f',
+];
+
+const validVideos = ['.3gp', '.avi', '.flv', '.m2ts', '.mkv', '.mov', '.mp4', '.mpg', '.mts', '.webm', '.wmv'];
+
+const uploadTests = [
+  {
+    label: 'asset images',
+    fieldName: UploadFieldName.ASSET_DATA,
+    valid: validImages,
+    invalid: ['.html', '.xml'],
+  },
+  {
+    label: 'asset videos',
+    fieldName: UploadFieldName.ASSET_DATA,
+    valid: validVideos,
+    invalid: ['.html', '.xml'],
+  },
+  {
+    label: 'live photo',
+    fieldName: UploadFieldName.LIVE_PHOTO_DATA,
+    valid: validVideos,
+    invalid: ['.html', '.jpeg', '.jpg', '.xml'],
+  },
+  {
+    label: 'sidecar',
+    fieldName: UploadFieldName.SIDECAR_DATA,
+    valid: ['.xmp'],
+    invalid: ['.html', '.jpeg', '.jpg', '.mov', '.mp4', '.xml'],
+  },
+  {
+    label: 'profile',
+    fieldName: UploadFieldName.PROFILE_DATA,
+    valid: ['.avif', '.dng', '.heic', '.heif', '.jpeg', '.jpg', '.png', '.webp'],
+    invalid: ['.arf', '.cr2', '.html', '.mov', '.mp4', '.xml'],
+  },
+];
+
 describe(AssetService.name, () => {
  let sut: AssetService;
  let accessMock: IAccessRepositoryMock;
  let assetMock: jest.Mocked<IAssetRepository>;
+  let cryptoMock: jest.Mocked<ICryptoRepository>;
  let storageMock: jest.Mocked<IStorageRepository>;

  it('should work', () => {
@@ -52,8 +154,93 @@ describe(AssetService.name, () => {
  beforeEach(async () => {
    accessMock = newAccessRepositoryMock();
    assetMock = newAssetRepositoryMock();
+    cryptoMock = newCryptoRepositoryMock();
    storageMock = newStorageRepositoryMock();
-    sut = new AssetService(accessMock, assetMock, storageMock);
+    sut = new AssetService(accessMock, assetMock, cryptoMock, storageMock);
+  });
+
+  describe('canUpload', () => {
+    it('should require an authenticated user', () => {
+      expect(() => sut.canUploadFile(uploadFile.nullAuth)).toThrowError(UnauthorizedException);
+    });
+
+    for (const { fieldName, valid, invalid } of uploadTests) {
+      describe(fieldName, () => {
+        for (const filetype of valid) {
+          it(`should accept ${filetype}`, () => {
+            expect(sut.canUploadFile(uploadFile.filename(fieldName, `asset${filetype}`))).toEqual(true);
+          });
+        }
+
+        for (const filetype of invalid) {
+          it(`should reject ${filetype}`, () => {
+            expect(() => sut.canUploadFile(uploadFile.filename(fieldName, `asset${filetype}`))).toThrowError(
+              BadRequestException,
+            );
+          });
+        }
+
+        it('should be sorted (valid)', () => {
+          // TODO: use toSorted in NodeJS 20.
+          expect(valid).toEqual([...valid].sort());
+        });
+
+        it('should be sorted (invalid)', () => {
+          // TODO: use toSorted in NodeJS 20.
+          expect(invalid).toEqual([...invalid].sort());
+        });
+      });
+    }
+  });
+
+  describe('getUploadFilename', () => {
+    it('should require authentication', () => {
+      expect(() => sut.getUploadFilename(uploadFile.nullAuth)).toThrowError(UnauthorizedException);
+    });
+
+    it('should be the original extension for asset upload', () => {
+      expect(sut.getUploadFilename(uploadFile.filename(UploadFieldName.ASSET_DATA, 'image.jpg'))).toEqual(
+        'random-uuid.jpg',
+      );
+    });
+
+    it('should be the mov extension for live photo upload', () => {
+      expect(sut.getUploadFilename(uploadFile.filename(UploadFieldName.LIVE_PHOTO_DATA, 'image.mp4'))).toEqual(
+        'random-uuid.mov',
+      );
+    });
+
+    it('should be the xmp extension for sidecar upload', () => {
+      expect(sut.getUploadFilename(uploadFile.filename(UploadFieldName.SIDECAR_DATA, 'image.html'))).toEqual(
+        'random-uuid.xmp',
+      );
+    });
+
+    it('should be the original extension for profile upload', () => {
+      expect(sut.getUploadFilename(uploadFile.filename(UploadFieldName.PROFILE_DATA, 'image.jpg'))).toEqual(
+        'random-uuid.jpg',
+      );
+    });
+  });
+
+  describe('getUploadFolder', () => {
+    it('should require authentication', () => {
+      expect(() => sut.getUploadFolder(uploadFile.nullAuth)).toThrowError(UnauthorizedException);
+    });
+
+    it('should return profile for profile uploads', () => {
+      expect(sut.getUploadFolder(uploadFile.filename(UploadFieldName.PROFILE_DATA, 'image.jpg'))).toEqual(
+        'upload/profile/admin_id',
+      );
+      expect(storageMock.mkdirSync).toHaveBeenCalledWith('upload/profile/admin_id');
+    });
+
+    it('should return upload for everything else', () => {
+      expect(sut.getUploadFolder(uploadFile.filename(UploadFieldName.ASSET_DATA, 'image.jpg'))).toEqual(
+        'upload/upload/admin_id',
+      );
+      expect(storageMock.mkdirSync).toHaveBeenCalledWith('upload/upload/admin_id');
+    });
  });

  describe('getMapMarkers', () => {
--- a/server/src/domain/asset/asset.service.ts
+++ b/server/src/domain/asset/asset.service.ts
@@ -1,12 +1,14 @@
 import { AssetEntity } from '@app/infra/entities';
-import { BadRequestException, Inject } from '@nestjs/common';
+import { BadRequestException, Inject, Logger } from '@nestjs/common';
 import { DateTime } from 'luxon';
 import { extname } from 'path';
+import sanitize from 'sanitize-filename';
 import { AccessCore, IAccessRepository, Permission } from '../access';
 import { AuthUserDto } from '../auth';
+import { ICryptoRepository } from '../crypto';
 import { mimeTypes } from '../domain.constant';
 import { HumanReadableSize, usePagination } from '../domain.util';
-import { ImmichReadStream, IStorageRepository } from '../storage';
+import { ImmichReadStream, IStorageRepository, StorageCore, StorageFolder } from '../storage';
 import { IAssetRepository } from './asset.repository';
 import { AssetIdsDto, DownloadArchiveInfo, DownloadDto, DownloadResponseDto, MemoryLaneDto } from './dto';
 import { AssetStatsDto, mapStats } from './dto/asset-statistics.dto';
@@ -21,6 +23,12 @@ export enum UploadFieldName {
  PROFILE_DATA = 'file',
 }

+export interface UploadRequest {
+  authUser: AuthUserDto | null;
+  fieldName: UploadFieldName;
+  file: UploadFile;
+}
+
 export interface UploadFile {
  checksum: Buffer;
  originalPath: string;
@@ -28,16 +36,82 @@ export interface UploadFile {
 }

 export class AssetService {
+  private logger = new Logger(AssetService.name);
  private access: AccessCore;
+  private storageCore = new StorageCore();

  constructor(
    @Inject(IAccessRepository) accessRepository: IAccessRepository,
    @Inject(IAssetRepository) private assetRepository: IAssetRepository,
+    @Inject(ICryptoRepository) private cryptoRepository: ICryptoRepository,
    @Inject(IStorageRepository) private storageRepository: IStorageRepository,
  ) {
    this.access = new AccessCore(accessRepository);
  }

+  canUploadFile({ authUser, fieldName, file }: UploadRequest): true {
+    this.access.requireUploadAccess(authUser);
+
+    const filename = file.originalName;
+
+    switch (fieldName) {
+      case UploadFieldName.ASSET_DATA:
+        if (mimeTypes.isAsset(filename)) {
+          return true;
+        }
+        break;
+
+      case UploadFieldName.LIVE_PHOTO_DATA:
+        if (mimeTypes.isVideo(filename)) {
+          return true;
+        }
+        break;
+
+      case UploadFieldName.SIDECAR_DATA:
+        if (mimeTypes.isSidecar(filename)) {
+          return true;
+        }
+        break;
+
+      case UploadFieldName.PROFILE_DATA:
+        if (mimeTypes.isProfile(filename)) {
+          return true;
+        }
+        break;
+    }
+
+    this.logger.error(`Unsupported file type ${filename}`);
+    throw new BadRequestException(`Unsupported file type ${filename}`);
+  }
+
+  getUploadFilename({ authUser, fieldName, file }: UploadRequest): string {
+    this.access.requireUploadAccess(authUser);
+
+    const originalExt = extname(file.originalName);
+
+    const lookup = {
+      [UploadFieldName.ASSET_DATA]: originalExt,
+      [UploadFieldName.LIVE_PHOTO_DATA]: '.mov',
+      [UploadFieldName.SIDECAR_DATA]: '.xmp',
+      [UploadFieldName.PROFILE_DATA]: originalExt,
+    };
+
+    return sanitize(`${this.cryptoRepository.randomUUID()}${lookup[fieldName]}`);
+  }
+
+  getUploadFolder({ authUser, fieldName }: UploadRequest): string {
+    authUser = this.access.requireUploadAccess(authUser);
+
+    let folder = this.storageCore.getFolderLocation(StorageFolder.UPLOAD, authUser.id);
+    if (fieldName === UploadFieldName.PROFILE_DATA) {
+      folder = this.storageCore.getFolderLocation(StorageFolder.PROFILE, authUser.id);
+    }
+
+    this.storageRepository.mkdirSync(folder);
+
+    return folder;
+  }
+
  getMapMarkers(authUser: AuthUserDto, options: MapMarkerDto): Promise<MapMarkerResponseDto[]> {
    return this.assetRepository.getMapMarkers(authUser.id, options);
  }
--- a/server/src/domain/asset/response-dto/asset-response.dto.ts
+++ b/server/src/domain/asset/response-dto/asset-response.dto.ts
@@ -54,7 +54,7 @@ export function mapAsset(entity: AssetEntity): AssetResponseDto {
    smartInfo: entity.smartInfo ? mapSmartInfo(entity.smartInfo) : undefined,
    livePhotoVideoId: entity.livePhotoVideoId,
    tags: entity.tags?.map(mapTag),
-    people: entity.faces?.map(mapFace),
+    people: entity.faces?.map(mapFace).filter((person) => !person.isHidden),
    checksum: entity.checksum.toString('base64'),
  };
 }
--- a/server/src/domain/auth/auth.constant.ts
+++ b/server/src/domain/auth/auth.constant.ts
@@ -1,3 +1,5 @@
+export const MOBILE_REDIRECT = 'app.immich:/';
+export const LOGIN_URL = '/auth/login?autoLaunch=0';
 export const IMMICH_ACCESS_COOKIE = 'immich_access_token';
 export const IMMICH_AUTH_TYPE_COOKIE = 'immich_auth_type';
 export const IMMICH_API_KEY_NAME = 'api_key';
--- a/server/src/domain/auth/auth.core.ts
+++ b/server/src/domain/auth/auth.core.ts
@@ -1,62 +0,0 @@
-import { SystemConfig, UserEntity } from '@app/infra/entities';
-import { ICryptoRepository } from '../crypto/crypto.repository';
-import { ISystemConfigRepository } from '../system-config';
-import { SystemConfigCore } from '../system-config/system-config.core';
-import { IUserTokenRepository, UserTokenCore } from '../user-token';
-import { AuthType, IMMICH_ACCESS_COOKIE, IMMICH_AUTH_TYPE_COOKIE } from './auth.constant';
-import { LoginResponseDto, mapLoginResponse } from './response-dto';
-
-export interface LoginDetails {
-  isSecure: boolean;
-  clientIp: string;
-  deviceType: string;
-  deviceOS: string;
-}
-
-export class AuthCore {
-  private userTokenCore: UserTokenCore;
-  constructor(
-    private cryptoRepository: ICryptoRepository,
-    configRepository: ISystemConfigRepository,
-    userTokenRepository: IUserTokenRepository,
-    private config: SystemConfig,
-  ) {
-    this.userTokenCore = new UserTokenCore(cryptoRepository, userTokenRepository);
-    const configCore = new SystemConfigCore(configRepository);
-    configCore.config$.subscribe((config) => (this.config = config));
-  }
-
-  isPasswordLoginEnabled() {
-    return this.config.passwordLogin.enabled;
-  }
-
-  getCookies(loginResponse: LoginResponseDto, authType: AuthType, { isSecure }: LoginDetails) {
-    const maxAge = 400 * 24 * 3600; // 400 days
-
-    let authTypeCookie = '';
-    let accessTokenCookie = '';
-
-    if (isSecure) {
-      accessTokenCookie = `${IMMICH_ACCESS_COOKIE}=${loginResponse.accessToken}; HttpOnly; Secure; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
-      authTypeCookie = `${IMMICH_AUTH_TYPE_COOKIE}=${authType}; HttpOnly; Secure; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
-    } else {
-      accessTokenCookie = `${IMMICH_ACCESS_COOKIE}=${loginResponse.accessToken}; HttpOnly; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
-      authTypeCookie = `${IMMICH_AUTH_TYPE_COOKIE}=${authType}; HttpOnly; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
-    }
-    return [accessTokenCookie, authTypeCookie];
-  }
-
-  async createLoginResponse(user: UserEntity, authType: AuthType, loginDetails: LoginDetails) {
-    const accessToken = await this.userTokenCore.create(user, loginDetails);
-    const response = mapLoginResponse(user, accessToken);
-    const cookie = this.getCookies(response, authType, loginDetails);
-    return { response, cookie };
-  }
-
-  validatePassword(inputPassword: string, user: UserEntity): boolean {
-    if (!user || !user.password) {
-      return false;
-    }
-    return this.cryptoRepository.compareBcrypt(inputPassword, user.password);
-  }
-}
--- a/server/src/domain/auth/auth.service.spec.ts
+++ b/server/src/domain/auth/auth.service.spec.ts
@@ -1,4 +1,4 @@
-import { SystemConfig, UserEntity } from '@app/infra/entities';
+import { UserEntity } from '@app/infra/entities';
 import { BadRequestException, UnauthorizedException } from '@nestjs/common';
 import {
  authStub,
@@ -23,10 +23,10 @@ import { ICryptoRepository } from '../crypto/crypto.repository';
 import { ISharedLinkRepository } from '../shared-link';
 import { ISystemConfigRepository } from '../system-config';
 import { IUserRepository } from '../user';
-import { IUserTokenRepository } from '../user-token';
 import { AuthType } from './auth.constant';
 import { AuthService } from './auth.service';
 import { AuthUserDto, SignUpDto } from './dto';
+import { IUserTokenRepository } from './user-token.repository';

 // const token = Buffer.from('my-api-key', 'utf8').toString('base64');

@@ -55,7 +55,6 @@ describe('AuthService', () => {
  let shareMock: jest.Mocked<ISharedLinkRepository>;
  let keyMock: jest.Mocked<IKeyRepository>;
  let callbackMock: jest.Mock;
-  let create: (config: SystemConfig) => AuthService;

  afterEach(() => {
    jest.resetModules();
@@ -87,9 +86,7 @@ describe('AuthService', () => {
    shareMock = newSharedLinkRepositoryMock();
    keyMock = newKeyRepositoryMock();

-    create = (config) => new AuthService(cryptoMock, configMock, userMock, userTokenMock, shareMock, keyMock, config);
-
-    sut = create(systemConfigStub.enabled);
+    sut = new AuthService(cryptoMock, configMock, userMock, userTokenMock, shareMock, keyMock);
  });

  it('should be defined', () => {
@@ -98,8 +95,7 @@ describe('AuthService', () => {

  describe('login', () => {
    it('should throw an error if password login is disabled', async () => {
-      sut = create(systemConfigStub.disabled);
-
+      configMock.load.mockResolvedValue(systemConfigStub.disabled);
      await expect(sut.login(fixtures.login, loginDetails)).rejects.toBeInstanceOf(UnauthorizedException);
    });

@@ -191,8 +187,8 @@ describe('AuthService', () => {

  describe('logout', () => {
    it('should return the end session endpoint', async () => {
+      configMock.load.mockResolvedValue(systemConfigStub.enabled);
      const authUser = { id: '123' } as AuthUserDto;
-
      await expect(sut.logout(authUser, AuthType.OAUTH)).resolves.toEqual({
        successful: true,
        redirectUri: 'http://end-session-endpoint',
@@ -385,4 +381,132 @@ describe('AuthService', () => {
      expect(userTokenMock.delete).toHaveBeenCalledWith(authStub.user1.id, 'token-1');
    });
  });
+
+  describe('getMobileRedirect', () => {
+    it('should pass along the query params', () => {
+      expect(sut.getMobileRedirect('http://immich.app?code=123&state=456')).toEqual('app.immich:/?code=123&state=456');
+    });
+
+    it('should work if called without query params', () => {
+      expect(sut.getMobileRedirect('http://immich.app')).toEqual('app.immich:/?');
+    });
+  });
+
+  describe('generateConfig', () => {
+    it('should work when oauth is not configured', async () => {
+      configMock.load.mockResolvedValue(systemConfigStub.disabled);
+      await expect(sut.generateConfig({ redirectUri: 'http://callback' })).resolves.toEqual({
+        enabled: false,
+        passwordLoginEnabled: false,
+      });
+    });
+
+    it('should generate the config', async () => {
+      configMock.load.mockResolvedValue(systemConfigStub.enabled);
+      await expect(sut.generateConfig({ redirectUri: 'http://redirect' })).resolves.toEqual({
+        enabled: true,
+        buttonText: 'OAuth',
+        url: 'http://authorization-url',
+        autoLaunch: false,
+        passwordLoginEnabled: true,
+      });
+    });
+  });
+
+  describe('callback', () => {
+    it('should throw an error if OAuth is not enabled', async () => {
+      await expect(sut.callback({ url: '' }, loginDetails)).rejects.toBeInstanceOf(BadRequestException);
+    });
+
+    it('should not allow auto registering', async () => {
+      configMock.load.mockResolvedValue(systemConfigStub.noAutoRegister);
+      userMock.getByEmail.mockResolvedValue(null);
+      await expect(sut.callback({ url: 'http://immich/auth/login?code=abc123' }, loginDetails)).rejects.toBeInstanceOf(
+        BadRequestException,
+      );
+      expect(userMock.getByEmail).toHaveBeenCalledTimes(1);
+    });
+
+    it('should link an existing user', async () => {
+      configMock.load.mockResolvedValue(systemConfigStub.noAutoRegister);
+      userMock.getByEmail.mockResolvedValue(userEntityStub.user1);
+      userMock.update.mockResolvedValue(userEntityStub.user1);
+      userTokenMock.create.mockResolvedValue(userTokenEntityStub.userToken);
+
+      await expect(sut.callback({ url: 'http://immich/auth/login?code=abc123' }, loginDetails)).resolves.toEqual(
+        loginResponseStub.user1oauth,
+      );
+
+      expect(userMock.getByEmail).toHaveBeenCalledTimes(1);
+      expect(userMock.update).toHaveBeenCalledWith(userEntityStub.user1.id, { oauthId: sub });
+    });
+
+    it('should allow auto registering by default', async () => {
+      configMock.load.mockResolvedValue(systemConfigStub.enabled);
+      userMock.getByEmail.mockResolvedValue(null);
+      userMock.getAdmin.mockResolvedValue(userEntityStub.user1);
+      userMock.create.mockResolvedValue(userEntityStub.user1);
+      userTokenMock.create.mockResolvedValue(userTokenEntityStub.userToken);
+
+      await expect(sut.callback({ url: 'http://immich/auth/login?code=abc123' }, loginDetails)).resolves.toEqual(
+        loginResponseStub.user1oauth,
+      );
+
+      expect(userMock.getByEmail).toHaveBeenCalledTimes(2); // second call is for domain check before create
+      expect(userMock.create).toHaveBeenCalledTimes(1);
+    });
+
+    it('should use the mobile redirect override', async () => {
+      configMock.load.mockResolvedValue(systemConfigStub.override);
+      userMock.getByOAuthId.mockResolvedValue(userEntityStub.user1);
+      userTokenMock.create.mockResolvedValue(userTokenEntityStub.userToken);
+
+      await sut.callback({ url: `app.immich:/?code=abc123` }, loginDetails);
+
+      expect(callbackMock).toHaveBeenCalledWith('http://mobile-redirect', { state: 'state' }, { state: 'state' });
+    });
+
+    it('should use the mobile redirect override for ios urls with multiple slashes', async () => {
+      configMock.load.mockResolvedValue(systemConfigStub.override);
+      userMock.getByOAuthId.mockResolvedValue(userEntityStub.user1);
+      userTokenMock.create.mockResolvedValue(userTokenEntityStub.userToken);
+
+      await sut.callback({ url: `app.immich:///?code=abc123` }, loginDetails);
+
+      expect(callbackMock).toHaveBeenCalledWith('http://mobile-redirect', { state: 'state' }, { state: 'state' });
+    });
+  });
+
+  describe('link', () => {
+    it('should link an account', async () => {
+      configMock.load.mockResolvedValue(systemConfigStub.enabled);
+      userMock.update.mockResolvedValue(userEntityStub.user1);
+
+      await sut.link(authStub.user1, { url: 'http://immich/user-settings?code=abc123' });
+
+      expect(userMock.update).toHaveBeenCalledWith(authStub.user1.id, { oauthId: sub });
+    });
+
+    it('should not link an already linked oauth.sub', async () => {
+      configMock.load.mockResolvedValue(systemConfigStub.enabled);
+      userMock.getByOAuthId.mockResolvedValue({ id: 'other-user' } as UserEntity);
+
+      await expect(sut.link(authStub.user1, { url: 'http://immich/user-settings?code=abc123' })).rejects.toBeInstanceOf(
+        BadRequestException,
+      );
+
+      expect(userMock.update).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('unlink', () => {
+    it('should unlink an account', async () => {
+      configMock.load.mockResolvedValue(systemConfigStub.enabled);
+      userMock.update.mockResolvedValue(userEntityStub.user1);
+
+      await sut.unlink(authStub.user1);
+
+      expect(userMock.update).toHaveBeenCalledWith(authStub.user1.id, { oauthId: '' });
+    });
+  });
 });
--- a/server/src/domain/auth/auth.service.ts
+++ b/server/src/domain/auth/auth.service.ts
@@ -1,4 +1,4 @@
-import { SystemConfig } from '@app/infra/entities';
+import { SystemConfig, UserEntity } from '@app/infra/entities';
 import {
  BadRequestException,
  Inject,
@@ -9,99 +9,112 @@ import {
 } from '@nestjs/common';
 import cookieParser from 'cookie';
 import { IncomingHttpHeaders } from 'http';
+import { DateTime } from 'luxon';
+import { ClientMetadata, custom, generators, Issuer, UserinfoResponse } from 'openid-client';
 import { IKeyRepository } from '../api-key';
 import { ICryptoRepository } from '../crypto/crypto.repository';
-import { OAuthCore } from '../oauth/oauth.core';
 import { ISharedLinkRepository } from '../shared-link';
-import { INITIAL_SYSTEM_CONFIG, ISystemConfigRepository } from '../system-config';
-import { IUserRepository, UserCore } from '../user';
-import { IUserTokenRepository, UserTokenCore } from '../user-token';
-import { AuthType, IMMICH_ACCESS_COOKIE, IMMICH_API_KEY_HEADER } from './auth.constant';
-import { AuthCore, LoginDetails } from './auth.core';
-import { AuthUserDto, ChangePasswordDto, LoginCredentialDto, SignUpDto } from './dto';
+import { ISystemConfigRepository } from '../system-config';
+import { SystemConfigCore } from '../system-config/system-config.core';
+import { IUserRepository, UserCore, UserResponseDto } from '../user';
+import {
+  AuthType,
+  IMMICH_ACCESS_COOKIE,
+  IMMICH_API_KEY_HEADER,
+  IMMICH_AUTH_TYPE_COOKIE,
+  LOGIN_URL,
+  MOBILE_REDIRECT,
+} from './auth.constant';
+import { AuthUserDto, ChangePasswordDto, LoginCredentialDto, OAuthCallbackDto, OAuthConfigDto, SignUpDto } from './dto';
 import {
  AdminSignupResponseDto,
  AuthDeviceResponseDto,
  LoginResponseDto,
  LogoutResponseDto,
  mapAdminSignupResponse,
+  mapLoginResponse,
  mapUserToken,
+  OAuthConfigResponseDto,
 } from './response-dto';
+import { IUserTokenRepository } from './user-token.repository';
+
+export interface LoginDetails {
+  isSecure: boolean;
+  clientIp: string;
+  deviceType: string;
+  deviceOS: string;
+}
+
+interface LoginResponse {
+  response: LoginResponseDto;
+  cookie: string[];
+}
+
+interface OAuthProfile extends UserinfoResponse {
+  email: string;
+}

@Injectable()
 export class AuthService {
-  private userTokenCore: UserTokenCore;
-  private authCore: AuthCore;
-  private oauthCore: OAuthCore;
  private userCore: UserCore;
-
+  private configCore: SystemConfigCore;
  private logger = new Logger(AuthService.name);

  constructor(
    @Inject(ICryptoRepository) private cryptoRepository: ICryptoRepository,
    @Inject(ISystemConfigRepository) configRepository: ISystemConfigRepository,
    @Inject(IUserRepository) userRepository: IUserRepository,
-    @Inject(IUserTokenRepository) userTokenRepository: IUserTokenRepository,
+    @Inject(IUserTokenRepository) private userTokenRepository: IUserTokenRepository,
    @Inject(ISharedLinkRepository) private sharedLinkRepository: ISharedLinkRepository,
    @Inject(IKeyRepository) private keyRepository: IKeyRepository,
-    @Inject(INITIAL_SYSTEM_CONFIG)
-    initialConfig: SystemConfig,
  ) {
-    this.userTokenCore = new UserTokenCore(cryptoRepository, userTokenRepository);
-    this.authCore = new AuthCore(cryptoRepository, configRepository, userTokenRepository, initialConfig);
-    this.oauthCore = new OAuthCore(configRepository, initialConfig);
+    this.configCore = new SystemConfigCore(configRepository);
    this.userCore = new UserCore(userRepository, cryptoRepository);
+
+    custom.setHttpOptionsDefaults({ timeout: 30000 });
  }

-  public async login(
-    loginCredential: LoginCredentialDto,
-    loginDetails: LoginDetails,
-  ): Promise<{ response: LoginResponseDto; cookie: string[] }> {
-    if (!this.authCore.isPasswordLoginEnabled()) {
+  async login(dto: LoginCredentialDto, details: LoginDetails): Promise<LoginResponse> {
+    const config = await this.configCore.getConfig();
+    if (!config.passwordLogin.enabled) {
      throw new UnauthorizedException('Password login has been disabled');
    }

-    let user = await this.userCore.getByEmail(loginCredential.email, true);
+    let user = await this.userCore.getByEmail(dto.email, true);
    if (user) {
-      const isAuthenticated = this.authCore.validatePassword(loginCredential.password, user);
+      const isAuthenticated = this.validatePassword(dto.password, user);
      if (!isAuthenticated) {
        user = null;
      }
    }

    if (!user) {
-      this.logger.warn(
-        `Failed login attempt for user ${loginCredential.email} from ip address ${loginDetails.clientIp}`,
-      );
+      this.logger.warn(`Failed login attempt for user ${dto.email} from ip address ${details.clientIp}`);
      throw new BadRequestException('Incorrect email or password');
    }

-    return this.authCore.createLoginResponse(user, AuthType.PASSWORD, loginDetails);
+    return this.createLoginResponse(user, AuthType.PASSWORD, details);
  }

-  public async logout(authUser: AuthUserDto, authType: AuthType): Promise<LogoutResponseDto> {
+  async logout(authUser: AuthUserDto, authType: AuthType): Promise<LogoutResponseDto> {
    if (authUser.accessTokenId) {
-      await this.userTokenCore.delete(authUser.id, authUser.accessTokenId);
+      await this.userTokenRepository.delete(authUser.id, authUser.accessTokenId);
    }

-    if (authType === AuthType.OAUTH) {
-      const url = await this.oauthCore.getLogoutEndpoint();
-      if (url) {
-        return { successful: true, redirectUri: url };
-      }
-    }
-
-    return { successful: true, redirectUri: '/auth/login?autoLaunch=0' };
+    return {
+      successful: true,
+      redirectUri: await this.getLogoutEndpoint(authType),
+    };
  }

-  public async changePassword(authUser: AuthUserDto, dto: ChangePasswordDto) {
+  async changePassword(authUser: AuthUserDto, dto: ChangePasswordDto) {
    const { password, newPassword } = dto;
    const user = await this.userCore.getByEmail(authUser.email, true);
    if (!user) {
      throw new UnauthorizedException();
    }

-    const valid = this.authCore.validatePassword(password, user);
+    const valid = this.validatePassword(password, user);
    if (!valid) {
      throw new BadRequestException('Wrong password');
    }
@@ -109,7 +122,7 @@ export class AuthService {
    return this.userCore.updateUser(authUser, authUser.id, { password: newPassword });
  }

-  public async adminSignUp(dto: SignUpDto): Promise<AdminSignupResponseDto> {
+  async adminSignUp(dto: SignUpDto): Promise<AdminSignupResponseDto> {
    const adminUser = await this.userCore.getAdmin();

    if (adminUser) {
@@ -133,7 +146,7 @@ export class AuthService {
    }
  }

-  public async validate(headers: IncomingHttpHeaders, params: Record<string, string>): Promise<AuthUserDto | null> {
+  async validate(headers: IncomingHttpHeaders, params: Record<string, string>): Promise<AuthUserDto | null> {
    const shareKey = (headers['x-immich-share-key'] || params.key) as string;
    const userToken = (headers['x-immich-user-token'] ||
      params.userToken ||
@@ -146,7 +159,7 @@ export class AuthService {
    }

    if (userToken) {
-      return this.userTokenCore.validate(userToken);
+      return this.validateUserToken(userToken);
    }

    if (apiKey) {
@@ -157,24 +170,163 @@ export class AuthService {
  }

  async getDevices(authUser: AuthUserDto): Promise<AuthDeviceResponseDto[]> {
-    const userTokens = await this.userTokenCore.getAll(authUser.id);
+    const userTokens = await this.userTokenRepository.getAll(authUser.id);
    return userTokens.map((userToken) => mapUserToken(userToken, authUser.accessTokenId));
  }

  async logoutDevice(authUser: AuthUserDto, deviceId: string): Promise<void> {
-    await this.userTokenCore.delete(authUser.id, deviceId);
+    await this.userTokenRepository.delete(authUser.id, deviceId);
  }

  async logoutDevices(authUser: AuthUserDto): Promise<void> {
-    const devices = await this.userTokenCore.getAll(authUser.id);
+    const devices = await this.userTokenRepository.getAll(authUser.id);
    for (const device of devices) {
      if (device.id === authUser.accessTokenId) {
        continue;
      }
-      await this.userTokenCore.delete(authUser.id, device.id);
+      await this.userTokenRepository.delete(authUser.id, device.id);
    }
  }

+  getMobileRedirect(url: string) {
+    return `${MOBILE_REDIRECT}?${url.split('?')[1] || ''}`;
+  }
+
+  async generateConfig(dto: OAuthConfigDto): Promise<OAuthConfigResponseDto> {
+    const config = await this.configCore.getConfig();
+    const response = {
+      enabled: config.oauth.enabled,
+      passwordLoginEnabled: config.passwordLogin.enabled,
+    };
+
+    if (!response.enabled) {
+      return response;
+    }
+
+    const { scope, buttonText, autoLaunch } = config.oauth;
+    const url = (await this.getOAuthClient(config)).authorizationUrl({
+      redirect_uri: this.normalize(config, dto.redirectUri),
+      scope,
+      state: generators.state(),
+    });
+
+    return { ...response, buttonText, url, autoLaunch };
+  }
+
+  async callback(
+    dto: OAuthCallbackDto,
+    loginDetails: LoginDetails,
+  ): Promise<{ response: LoginResponseDto; cookie: string[] }> {
+    const config = await this.configCore.getConfig();
+    const profile = await this.getOAuthProfile(config, dto.url);
+    this.logger.debug(`Logging in with OAuth: ${JSON.stringify(profile)}`);
+    let user = await this.userCore.getByOAuthId(profile.sub);
+
+    // link existing user
+    if (!user) {
+      const emailUser = await this.userCore.getByEmail(profile.email);
+      if (emailUser) {
+        user = await this.userCore.updateUser(emailUser, emailUser.id, { oauthId: profile.sub });
+      }
+    }
+
+    // register new user
+    if (!user) {
+      if (!config.oauth.autoRegister) {
+        this.logger.warn(
+          `Unable to register ${profile.email}. To enable set OAuth Auto Register to true in admin settings.`,
+        );
+        throw new BadRequestException(`User does not exist and auto registering is disabled.`);
+      }
+
+      this.logger.log(`Registering new user: ${profile.email}/${profile.sub}`);
+      this.logger.verbose(`OAuth Profile: ${JSON.stringify(profile)}`);
+
+      let storageLabel: string | null = profile[config.oauth.storageLabelClaim as keyof OAuthProfile] as string;
+      if (typeof storageLabel !== 'string') {
+        storageLabel = null;
+      }
+
+      user = await this.userCore.createUser({
+        firstName: profile.given_name || '',
+        lastName: profile.family_name || '',
+        email: profile.email,
+        oauthId: profile.sub,
+        storageLabel,
+      });
+    }
+
+    return this.createLoginResponse(user, AuthType.OAUTH, loginDetails);
+  }
+
+  async link(user: AuthUserDto, dto: OAuthCallbackDto): Promise<UserResponseDto> {
+    const config = await this.configCore.getConfig();
+    const { sub: oauthId } = await this.getOAuthProfile(config, dto.url);
+    const duplicate = await this.userCore.getByOAuthId(oauthId);
+    if (duplicate && duplicate.id !== user.id) {
+      this.logger.warn(`OAuth link account failed: sub is already linked to another user (${duplicate.email}).`);
+      throw new BadRequestException('This OAuth account has already been linked to another user.');
+    }
+    return this.userCore.updateUser(user, user.id, { oauthId });
+  }
+
+  async unlink(user: AuthUserDto): Promise<UserResponseDto> {
+    return this.userCore.updateUser(user, user.id, { oauthId: '' });
+  }
+
+  private async getLogoutEndpoint(authType: AuthType): Promise<string> {
+    if (authType !== AuthType.OAUTH) {
+      return LOGIN_URL;
+    }
+
+    const config = await this.configCore.getConfig();
+    if (!config.oauth.enabled) {
+      return LOGIN_URL;
+    }
+
+    const client = await this.getOAuthClient(config);
+    return client.issuer.metadata.end_session_endpoint || LOGIN_URL;
+  }
+
+  private async getOAuthProfile(config: SystemConfig, url: string): Promise<OAuthProfile> {
+    const redirectUri = this.normalize(config, url.split('?')[0]);
+    const client = await this.getOAuthClient(config);
+    const params = client.callbackParams(url);
+    const tokens = await client.callback(redirectUri, params, { state: params.state });
+    return client.userinfo<OAuthProfile>(tokens.access_token || '');
+  }
+
+  private async getOAuthClient(config: SystemConfig) {
+    const { enabled, clientId, clientSecret, issuerUrl } = config.oauth;
+
+    if (!enabled) {
+      throw new BadRequestException('OAuth2 is not enabled');
+    }
+
+    const metadata: ClientMetadata = {
+      client_id: clientId,
+      client_secret: clientSecret,
+      response_types: ['code'],
+    };
+
+    const issuer = await Issuer.discover(issuerUrl);
+    const algorithms = (issuer.id_token_signing_alg_values_supported || []) as string[];
+    if (algorithms[0] === 'HS256') {
+      metadata.id_token_signed_response_alg = algorithms[0];
+    }
+
+    return new issuer.Client(metadata);
+  }
+
+  private normalize(config: SystemConfig, redirectUri: string) {
+    const isMobile = redirectUri.startsWith(MOBILE_REDIRECT);
+    const { mobileRedirectUri, mobileOverrideEnabled } = config.oauth;
+    if (isMobile && mobileOverrideEnabled && mobileRedirectUri) {
+      return mobileRedirectUri;
+    }
+    return redirectUri;
+  }
+
  private getBearerToken(headers: IncomingHttpHeaders): string | null {
    const [type, token] = (headers.authorization || '').split(' ');
    if (type.toLowerCase() === 'bearer') {
@@ -232,4 +384,68 @@ export class AuthService {

    throw new UnauthorizedException('Invalid API key');
  }
+
+  private validatePassword(inputPassword: string, user: UserEntity): boolean {
+    if (!user || !user.password) {
+      return false;
+    }
+    return this.cryptoRepository.compareBcrypt(inputPassword, user.password);
+  }
+
+  private async validateUserToken(tokenValue: string): Promise<AuthUserDto> {
+    const hashedToken = this.cryptoRepository.hashSha256(tokenValue);
+    let token = await this.userTokenRepository.getByToken(hashedToken);
+
+    if (token?.user) {
+      const now = DateTime.now();
+      const updatedAt = DateTime.fromJSDate(token.updatedAt);
+      const diff = now.diff(updatedAt, ['hours']);
+      if (diff.hours > 1) {
+        token = await this.userTokenRepository.save({ ...token, updatedAt: new Date() });
+      }
+
+      return {
+        ...token.user,
+        isPublicUser: false,
+        isAllowUpload: true,
+        isAllowDownload: true,
+        isShowExif: true,
+        accessTokenId: token.id,
+      };
+    }
+
+    throw new UnauthorizedException('Invalid user token');
+  }
+
+  private async createLoginResponse(user: UserEntity, authType: AuthType, loginDetails: LoginDetails) {
+    const key = this.cryptoRepository.randomBytes(32).toString('base64').replace(/\W/g, '');
+    const token = this.cryptoRepository.hashSha256(key);
+
+    await this.userTokenRepository.create({
+      token,
+      user,
+      deviceOS: loginDetails.deviceOS,
+      deviceType: loginDetails.deviceType,
+    });
+
+    const response = mapLoginResponse(user, key);
+    const cookie = this.getCookies(response, authType, loginDetails);
+    return { response, cookie };
+  }
+
+  private getCookies(loginResponse: LoginResponseDto, authType: AuthType, { isSecure }: LoginDetails) {
+    const maxAge = 400 * 24 * 3600; // 400 days
+
+    let authTypeCookie = '';
+    let accessTokenCookie = '';
+
+    if (isSecure) {
+      accessTokenCookie = `${IMMICH_ACCESS_COOKIE}=${loginResponse.accessToken}; HttpOnly; Secure; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
+      authTypeCookie = `${IMMICH_AUTH_TYPE_COOKIE}=${authType}; HttpOnly; Secure; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
+    } else {
+      accessTokenCookie = `${IMMICH_ACCESS_COOKIE}=${loginResponse.accessToken}; HttpOnly; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
+      authTypeCookie = `${IMMICH_AUTH_TYPE_COOKIE}=${authType}; HttpOnly; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
+    }
+    return [accessTokenCookie, authTypeCookie];
+  }
 }
--- a/server/src/domain/auth/dto/index.ts
+++ b/server/src/domain/auth/dto/index.ts
@@ -1,4 +1,6 @@
 export * from './auth-user.dto';
 export * from './change-password.dto';
 export * from './login-credential.dto';
+export * from './oauth-auth-code.dto';
+export * from './oauth-config.dto';
 export * from './sign-up.dto';
--- a/server/src/domain/oauth/dto/oauth-auth-code.dto.ts
+++ b/server/src/domain/oauth/dto/oauth-auth-code.dto.ts
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Alex The Bot	2872886e77	Version v1.70.0	2023-07-27 03:40:16 +00:00
martin	a21112e4ab	fix: people in shared assets (#3431 ) * fix: people in shared assets * use empty array	2023-07-26 21:14:50 -05:00
Jason Rasmussen	f3edf43158	chore: log listen address (#3428 )	2023-07-26 18:29:35 +00:00
martin	1c5926553a	fix: dialog overflow when creating a user (#3422 )	2023-07-25 09:29:40 -05:00
faupau	05fa3092bf	fix(web): fixes previous pull request: set asset as profile image (#3415 ) * set photoviewer 100% width, fixes transparent ede * remove unnecessary class * format fix --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>	2023-07-25 05:17:59 +00:00
martyfuhry	7d3ec8af37	fix(mobile): Memory lane now updates to the correct day if the app is resumed the next day (#3414 ) * Adds todayProvider to memory lane * Revert "Adds todayProvider to memory lane" This reverts commit `67ae58b513`. * Invalidate memory provider on app resume	2023-07-24 11:39:10 -05:00
Mark Monteiro	8db008ef0b	Remove unnecessary PG_DATA environement variable from docker-compose.yml (#3394 ) * Remove unnecessary PG_DATA environement variable from docker-compose.yml There is no need to set the PostgreSQL data directory to the default location, it just adds an additional unnecessary line to the docker-compose file. In addition, the PG_DATA isn't even the correct environment variable name (it should be PGDATA, see: https://hub.docker.com/_/postgres/), so this environment variable was never doing anything to begin with. * Update docker-compose.dev.yml * Update docker-compose.prod.yml * Update docker-compose.test.yml	2023-07-23 21:11:27 -05:00
Alex	e493e05e99	fix(server): better facial recognition order (#3386 )	2023-07-23 21:10:56 -05:00
martin	b83e535010	feat(web): show available shortcuts (#3342 ) * feat(web): show available shortcuts * pr feeback * feat: new shortcut for deselect * fix: remove new shortcut * responsive	2023-07-23 21:09:06 -05:00
Daniele Ricci	111372edc1	fix(cli): fix wording in usage guide (#3378 )	2023-07-23 21:06:27 -05:00
Mark Monteiro	625a899f64	Update environment-variables.md (#3402 ) Add documentation for the environment variables that enable Docker secrets support Support for these variables was implemented in #1254 and #3282	2023-07-23 17:53:52 -05:00
Alex	aaf0496f74	chore(server): Update Immich CLI version (#3403 )	2023-07-23 17:53:20 -05:00
Alex	4977926c88	post mobile release	2023-07-23 13:51:48 -05:00
Alex The Bot	f41e1159d1	Version v1.69.0	2023-07-23 17:40:02 +00:00
Brian Di Palma	670107373b	Update backup-and-restore.md (#3389 ) * Update backup-and-restore.md * Update backup-and-restore.md --------- Co-authored-by: Alex <alex.tran1502@gmail.com>	2023-07-23 12:01:36 -05:00
Brian Di Palma	e660f05c31	Update _storage-template.md (#3388 ) * Update _storage-template.md * Update _storage-template.md --------- Co-authored-by: Alex <alex.tran1502@gmail.com>	2023-07-23 11:53:58 -05:00
Dhrumil Shah	baf1ea313e	feat(mobile): render login fields/buttons based on server configuration (#3339 ) * WIP: Show login fields/buttons based on server configuration * PR: change login disabled message to use translation * added localization string) * text --------- Co-authored-by: Alex Tran <Alex.Tran@conductix.com>	2023-07-22 23:04:17 -05:00
martin	ed64c91da6	fix: hide faces (#3352 ) * fix: hide faces * remove unused variable * fix: work even if one fails * better style for hidden people * add hide face in the menu dropdown * add buttons to toggle visibility for all faces * add server test * close modal with escape key * fix: explore page * improve show & hide faces modal * keep name on people card * simplify layout * sticky app bar in show-hide page * fix format --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>	2023-07-22 22:00:43 -05:00
Alex Phillips	c40aa4399b	fix(cli): read-only and sidecar support for import (#3372 ) * added flag to support toggling read-only mode (read-only true by default), added sidecarPath to import request payload * removed default on --no-read-only to prevent confusion since true is the default	2023-07-22 21:11:00 -05:00
Mert	8f08100a30	moved deps (#3379 )	2023-07-22 15:04:52 -05:00
shalong-tanwen	337cd33042	fix(mobile): Decrease ScrollBar Fade timeout to a second (#3370 )	2023-07-22 15:00:22 -05:00
martyfuhry	1e8fc7266c	Fixes hide controls when zoomed and shows them when not zoomed (#3366 )	2023-07-22 14:56:49 -05:00
martyfuhry	7f35583c2c	feat(mobile): Precaches next image in memories (#3365 ) * Precaches images in memories * Fixes jumps and precaches images * refactors to move precacheAsset over to ImmichImage to keep logic in same place --------- Co-authored-by: Alex Tran <Alex.Tran@conductix.com>	2023-07-22 14:51:25 -05:00
Alex	ace755f264	fix(server): merged faces cannot be recognized in new photos (#3381 ) * fix(server): merged faces cannot be recognized in new photos * fix: delete stale documents	2023-07-22 14:42:12 -05:00
martyfuhry	7b25c9d0a7	fix(mobile): Uses gray box placeholder for loading images by default and fixes odd spinner (#3364 ) * image loading * Use gray box placeholder by default and fix odd spinner with normal spinner * Progress indicator is separate * Fixes loading for cached network image too --------- Co-authored-by: Alex Tran <Alex.Tran@conductix.com>	2023-07-22 10:03:31 -05:00
shalong-tanwen	c0bee2a6b7	fix(mobile): AssetCount reset and Elliptical progress in Memories (#3355 ) * fix: Constraint CircularProgressIndicator in Memories * fix(mobile): Asset count reset when scroll cancelled midway in Memories	2023-07-21 23:56:49 -05:00
oddlama	b48d5cab22	fix(cli): move runtime dependencies to correct section (#3371 ) and add missing dependency on typescript-eslint/parser	2023-07-21 23:01:20 -05:00
Simon Shields	4f59e6c7ab	feat(server): Google Pixel motion photos (#3175 ) * feat(server): Google Pixel motion photos Add support for motion photos taken on Pixel phones. They have the exif property 'MotionPhoto' set to 1, and an embedded mp4 file appended to the JPEG file. The implementation works like this: - on metadata extraction, if a live photo is detected, examine the metadata to determine where in the file the embedded MP4 is. - extract this MP4 and write it next to the JPEG. - link it using the existing mechanism for live photos. There is a "MotionPhotoPresentationTimestampUs" exif property, which we don't do anything with - I imagine that it refers to the timepoint in the video that the photo was taken at, but it probably warrants more investigation. * fix format * fix test --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>	2023-07-21 22:52:59 -05:00
Alex	82a5d54d2c	fix(web): cannot upload file with uppercase extension (#3374 ) * fix(web): cannot upload file with uppercase extension * actual fix * remove console log	2023-07-21 22:52:28 -05:00
Alex	5e6d830ecd	fix(ml): startup issue in dev (#3373 )	2023-07-21 21:10:08 -05:00
oddlama	f700f3427b	feat(cli): add build script and unify tests (#3369 )	2023-07-21 13:10:01 -05:00
dependabot[bot]	0c07c0ba4e	chore(deps): bump stumpylog/image-cleaner-action from 0.1.0 to 0.2.0 (#3361 ) Bumps [stumpylog/image-cleaner-action](https://github.com/stumpylog/image-cleaner-action) from 0.1.0 to 0.2.0. - [Release notes](https://github.com/stumpylog/image-cleaner-action/releases) - [Changelog](https://github.com/stumpylog/image-cleaner-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/stumpylog/image-cleaner-action/compare/v0.1.0...v0.2.0) --- updated-dependencies: - dependency-name: stumpylog/image-cleaner-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-21 11:32:12 -05:00
bt90	bc885f3644	fix(server): properly handle SIGTERM (#3350 ) * use tini init * Move python into CMD * Use tini as entrypoint * Toggle executable bit * Avoid compose changes * Adapt web entrypoint	2023-07-21 09:20:04 -05:00
Mert	6668964d92	transcode live photos on upload (#3354 )	2023-07-20 20:21:38 -05:00
Alex The Bot	1835fbae49	Version v1.68.0	2023-07-20 03:06:12 +00:00
Alex	593489a14c	fix(web): cannot use shift-select (#3343 )	2023-07-19 21:15:22 -05:00
Alex	9f7bf36786	fix(web): cannot use semicolon on the search bar in asset grid page (#3334 ) * fix(web): cannot use semicolon on the search bar * fix(web): cannot use semicolon on the search bar * remove console log * fix: disable hotkey when search is enable * format * fix event listener removal	2023-07-19 11:03:23 -05:00
Thomas	f0302670d2	fix(server): add missing extensions and mime types (#3318 ) Add extensions and mime types which were accidentally removed in #3197. Fixes: #3300	2023-07-19 09:27:25 -05:00
Mert	4b8cc7b533	chore: docker compose for prod build (#3333 ) * added docker compose for prod build * updated makefile	2023-07-18 23:41:02 -05:00
Jason Rasmussen	6e953ff5eb	fix(server): cancel error (#3332 )	2023-07-18 23:40:20 -05:00
Alex	7316ad5a72	chore(web): sort tailwindcss class automatically (#3330 )	2023-07-18 13:19:39 -05:00
martin	f28fc8fa5c	feat(server,web): hide faces (#3262 ) * feat: hide faces * fix: types * pr feedback * fix: svelte checks * feat: new server endpoint * refactor: rename person count dto * fix(server): linter * fix: remove duplicate button * docs: add comments * pr feedback * fix: get unhidden faces * fix: do not use PersonCountResponseDto * fix: transition * pr feedback * pr feedback * fix: remove unused check * add server tests * rename persons to people * feat: add exit button * pr feedback * add server tests * pr feedback * pr feedback * fix: show & hide faces * simplify * fix: close button * pr feeback * pr feeback --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>	2023-07-18 13:09:43 -05:00
Alex	02b70e693c	feat(web): add better face management UI action (#3328 ) * add better face management menu * context menu * change name form * change name * navigate to merge face * fix web	2023-07-18 12:36:20 -05:00
bo0tzz	b2e06477f8	chore: Enable logging on typesense container (#3326 )	2023-07-18 11:19:16 -05:00
martin	632971a2ac	fix: allow edit to empty name (#3322 )	2023-07-17 21:20:28 -05:00
Thomas	8045fd3f14	fix(web): remove dependency on rxjs (#3301 ) The dependency on rxjs has been removed in favour of iterators as it's clearer and the nature of the workload is inherently non-reactive. The uncaught error when the list of files is empty has also been implicitly fixed by this change. Fixes: #3300	2023-07-17 11:22:29 -05:00
Alex	a2568f711f	chore(mobile): remove things sections (#3309 ) Co-authored-by: Alex Tran <Alex.Tran@conductix.com>	2023-07-17 11:20:05 -05:00
martin	f9032866e7	feat(web): new shortcuts (#3111 ) * feat: shortcuts Signed-off-by: martabal <74269598+martabal@users.noreply.github.com> * fix: remove listener on component destroy Signed-off-by: martabal <74269598+martabal@users.noreply.github.com> * revert delete shortcut Signed-off-by: martabal <74269598+martabal@users.noreply.github.com> * feat: new notifications Signed-off-by: martabal <74269598+martabal@users.noreply.github.com> * fix: use handleError Signed-off-by: martabal <74269598+martabal@users.noreply.github.com> --------- Signed-off-by: martabal <74269598+martabal@users.noreply.github.com>	2023-07-16 22:16:14 -05:00
Adam Cigánek	e287b18435	fix(mobile): fix forgetting backup albums (#3108 ) (#3244 )	2023-07-17 03:08:58 +00:00
oddlama	c415ee82d1	chore: adjust loglevel of reverse geocoding intializer to LOG (#3303 )	2023-07-16 21:57:20 -05:00
KailashGanesh	c8f1a15f21	fix(web): adjusted offset value to match header height (#3302 )	2023-07-16 19:23:01 +00:00
Dhrumil Shah	9012cf6946	fix(mobile) - Allow sign out if server is down, or device is offline (#3275 ) * WIP: Allow app sign out when server cannot be reached * WIP: import logging lib * WIP: move log out up	2023-07-15 20:52:41 -05:00
faupau	7595d01956	feat(web): set asset as profile picture (#3106 ) * add profile-image-cropper component * add dom-to-image library * add store to update user profile picture when set * dom-to-image * remove console.logs, add svelte binding * fix format, unused vars * change caching of profile image * set hash after profile image change * remove unnecessary store * remove unecesarry changes * set types/dom-to-image as devDependency * remove unecessary type declarations use handleError * remove error notification which is already handled by handleError * Revert "set types/dom-to-image as devDependency" This reverts commit `ca8b3ed1bb`. * add types do dev dependencies * use on:close instead of on:close={()=>...} * add newline * sort imports * bind photo-viewer imgElement directly, not working * remove console.log, fix binding * make imgElement optional * fix element as optional prop * fix type * check for transparency * small changes * fix img.decode * add bg, remove publicsharedkey * fix omit publicSharedKey --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>	2023-07-15 20:31:33 -05:00
Sergey Kondrikov	ed3c239b7e	fix(web): navigation buttons z-order (#3286 ) * Fix navigation styling * z-index * refactor transition and hover * Add NavigationButton and NavigationArea components * Use group-hover to simplify hover styling * fix check * fix check --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>	2023-07-15 20:25:59 -05:00
Alex	c254a04aec	feat(server): add endpoint to get supported media types on the server (#3284 ) * feat(server): add endpoint to get supported media types on the server * api generation * remove xmp format * change dto * openapi * dev	2023-07-15 20:24:46 -05:00
Alex	d5b96c0257	chore(web): Update to Svelte 4 (#3196 ) * trying to update to svelte 4 * update dependencies * remove global transition * suppress wrning * chore: install from github * revert material icon change * Supress a11y warning * update * remove coverage test on web --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com>	2023-07-15 20:13:04 -05:00
Alex	436a2e9bf3	chore(mobile): share logo platform consistency (#3290 )	2023-07-15 20:11:51 -05:00
Brian Di Palma	b34f4345e1	Update _storage-template.md (#3291 )	2023-07-15 17:27:27 -05:00
Jason Rasmussen	f55d63fae8	feat(server): storage label claim (#3278 ) * feat: storage label claim * chore: open api	2023-07-15 14:50:29 -05:00
abhi-chakrab	ed594c1987	Update start.sh (#3282 ) Adding ability to use docker secrets file for REDIS_PASSWORD	2023-07-15 10:30:52 -05:00
Skkay	ab85dd9fa8	chore(docs): Remove a duplicate word (#3285 )	2023-07-15 10:06:34 -05:00
Jason Rasmussen	08c7054845	refactor(server): auth/oauth (#3242 ) * refactor(server): auth/oauth * fix: show server error message on login failure	2023-07-14 23:03:56 -05:00
Harry Tran	9ef41bf1c7	fix(web): update style of rows in user administration table (#3277 )	2023-07-14 22:38:16 -05:00
Jason Rasmussen	1064128fde	refactor(server): upload config (#3252 )	2023-07-14 20:31:42 -05:00
Jason Rasmussen	382341f550	feat(web): show download size (#3270 ) * feat(web): show download size * chore: never over 100% * chore: use percentage * fix: unselect assets before download finishes	2023-07-14 20:25:13 -05:00