Version v1.96.0

chore(deps): update dependency @types/node to v20.11.20 (#7476 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-27 20:14:58 +00:00 · 2024-02-27 19:16:37 +00:00 · 2024-02-27 19:09:26 +00:00 · 2024-02-27 14:04:38 -05:00 · 2024-02-27 14:03:34 -05:00 · 2024-02-27 14:03:02 -05:00
775 changed files with 35167 additions and 18708 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -24,5 +24,7 @@ cli/.reverse-geocoding-dump/
 cli/upload/
 cli/dist/

+e2e/
+
 open-api/typescript-sdk/node_modules/
 open-api/typescript-sdk/build/
--- a/.gitattributes
+++ b/.gitattributes
@@ -8,9 +8,9 @@ mobile/openapi/.openapi-generator/FILES linguist-generated=true
 mobile/lib/**/*.g.dart -diff -merge
 mobile/lib/**/*.g.dart linguist-generated=true

-open-api/typescript-sdk/client/**/*.md -diff -merge
-open-api/typescript-sdk/client/**/*.md linguist-generated=true
-open-api/typescript-sdk/client/**/*.ts -diff -merge
-open-api/typescript-sdk/client/**/*.ts linguist-generated=true
+open-api/typescript-sdk/axios-client/**/* -diff -merge
+open-api/typescript-sdk/axios-client/**/* linguist-generated=true
+open-api/typescript-sdk/fetch-client.ts -diff -merge
+open-api/typescript-sdk/fetch-client.ts linguist-generated=true

 *.sh text eol=lf
--- a/.github/workflows/cli-release.yml
+++ b/.github/workflows/cli-release.yml
@@ -1,23 +0,0 @@
-name: CLI Release
-on:
-  workflow_dispatch:
-
-jobs:
-  publish:
-    name: Publish
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./cli
-
-    steps:
-      - uses: actions/checkout@v4
-      # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@v4
-        with:
-          node-version: "20.x"
-          registry-url: "https://registry.npmjs.org"
-      - run: npm ci
-      - run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -0,0 +1,98 @@
+name: CLI Build
+on:
+  workflow_dispatch:
+  push:
+    branches: [main]
+    paths:
+      - "cli/**"
+      - ".github/workflows/cli.yml"
+  pull_request:
+    branches: [main]
+    paths:
+      - "cli/**"
+      - ".github/workflows/cli.yml"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  packages: write
+
+jobs:
+  publish:
+    name: Publish
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./cli
+
+    steps:
+      - uses: actions/checkout@v4
+      # Setup .npmrc file to publish to npm
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20.x"
+          registry-url: "https://registry.npmjs.org"
+      - name: Prepare SDK
+        run: npm ci --prefix ../open-api/typescript-sdk/
+      - name: Build SDK
+        run: npm run build --prefix ../open-api/typescript-sdk/
+      - run: npm ci
+      - run: npm run build
+      - run: npm publish
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  docker:
+    name: Docker
+    runs-on: ubuntu-latest
+    needs: publish
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3.0.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.1.0
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        if: ${{ !github.event.pull_request.head.repo.fork }}
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get package version
+        id: package-version
+        run: |
+          version=$(jq -r '.version' cli/package.json)
+          echo "version=$version" >> "$GITHUB_OUTPUT"
+
+      - name: Generate docker image tags
+        id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          flavor: |
+            latest=false
+          images: |
+            name=ghcr.io/${{ github.repository_owner }}/immich-cli
+          tags: |
+            type=raw,value=${{ steps.package-version.outputs.version }},enable=${{ github.event_name == 'workflow_dispatch' }}
+            type=raw,value=latest,enable=${{ github.event_name == 'workflow_dispatch' }}
+
+      - name: Build and push image
+        uses: docker/build-push-action@v5.1.0
+        with:
+          file: cli/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name == 'workflow_dispatch' }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
--- a/.github/workflows/docker-cleanup.yml
+++ b/.github/workflows/docker-cleanup.yml
@@ -35,7 +35,7 @@ jobs:
    steps:
      - name: Clean temporary images
        if: "${{ env.TOKEN != '' }}"
-        uses: stumpylog/image-cleaner-action/ephemeral@v0.4.0
+        uses: stumpylog/image-cleaner-action/ephemeral@v0.5.0
        with:
          token: "${{ env.TOKEN }}"
          owner: "immich-app"
@@ -64,7 +64,7 @@ jobs:
    steps:
      - name: Clean untagged images
        if: "${{ env.TOKEN != '' }}"
-        uses: stumpylog/image-cleaner-action/untagged@v0.4.0
+        uses: stumpylog/image-cleaner-action/untagged@v0.5.0
        with:
          token: "${{ env.TOKEN }}"
          owner: "immich-app"
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -44,7 +44,7 @@ jobs:
            platforms: linux/amd64
            device: openvino
            suffix: -openvino
-          
+
          - image: immich-machine-learning
            context: machine-learning
            file: machine-learning/Dockerfile
@@ -57,6 +57,7 @@ jobs:
            file: server/Dockerfile
            platforms: linux/amd64,linux/arm64
            device: cpu
+
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -65,7 +66,7 @@ jobs:
        uses: docker/setup-qemu-action@v3.0.0

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.0.0
+        uses: docker/setup-buildx-action@v3.1.0
        # Workaround to fix error:
        # failed to push: failed to copy: io: read/write on closed pipe
        # See https://github.com/docker/build-push-action/issues/761
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -32,7 +32,11 @@ jobs:
      - name: Run dart analyze
        run: dart analyze --fatal-infos
        working-directory: ./mobile
-      
+
+      - name: Run dart format
+        run: dart format lib/ --set-exit-if-changed
+        working-directory: ./mobile
+
      # Enable after riverpod generator migration is completed
      # - name: Run dart custom lint
      #   run: dart run custom_lint
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -12,7 +12,7 @@ concurrency:
 jobs:
  server-e2e-api:
    name: Server (e2e-api)
-    runs-on: mich
+    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./server
@@ -29,7 +29,7 @@ jobs:

  server-e2e-jobs:
    name: Server (e2e-jobs)
-    runs-on: mich
+    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
@@ -103,6 +103,11 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@v4

+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
      - name: Run setup typescript-sdk
        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
@@ -130,33 +135,6 @@ jobs:
        run: npm run test:cov
        if: ${{ !cancelled() }}

-  cli-e2e-tests:
-    name: CLI (e2e)
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./cli
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          submodules: "recursive"
-
-      - name: Run setup typescript-sdk
-        run: npm ci && npm run build
-        working-directory: ./open-api/typescript-sdk
-
-      - name: Run npm install (cli)
-        run: npm ci
-
-      - name: Run npm install (server)
-        run: npm ci && npm run build
-        working-directory: ./server
-
-      - name: Run e2e tests
-        run: npm run test:e2e
-
  web-unit-tests:
    name: Web
    runs-on: ubuntu-latest
@@ -195,6 +173,47 @@ jobs:
        run: npm run test:cov
        if: ${{ !cancelled() }}

+  e2e-tests:
+    name: End-to-End Tests
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./e2e
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: "recursive"
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Run setup typescript-sdk
+        run: npm ci && npm run build
+        working-directory: ./open-api/typescript-sdk
+
+      - name: Run setup cli
+        run: npm ci && npm run build
+        working-directory: ./cli
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Install Playwright Browsers
+        run: npx playwright install --with-deps
+
+      - name: Docker build
+        run: docker compose build
+
+      - name: Run e2e tests (api & cli)
+        run: npm run test
+
+      - name: Run e2e tests (web)
+        run: npx playwright test
+
  mobile-unit-tests:
    name: Mobile
    runs-on: ubuntu-latest
@@ -237,7 +256,20 @@ jobs:
          poetry run mypy --install-types --non-interactive --strict app/
      - name: Run tests and coverage
        run: |
-          poetry run pytest --cov app
+          poetry run pytest app --cov=app --cov-report term-missing
+
+  shellcheck:
+    name: ShellCheck
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run ShellCheck
+        uses: ludeeus/action-shellcheck@master
+        with:
+          ignore_paths: >-
+            **/open-api/**
+            **/openapi/**
+            **/node_modules/**

  generated-api-up-to-date:
    name: OpenAPI Clients
@@ -247,7 +279,7 @@ jobs:
      - name: Run API generation
        run: make open-api
      - name: Find file changes
-        uses: tj-actions/verify-changed-files@v13.1
+        uses: tj-actions/verify-changed-files@v18
        id: verify-changed-files
        with:
          files: |
@@ -265,7 +297,7 @@ jobs:
    runs-on: ubuntu-latest
    services:
      postgres:
-        image: tensorchord/pgvecto-rs:pg14-v0.1.11@sha256:0335a1a22f8c5dd1b697f14f079934f5152eaaa216c09b61e293be285491f8ee
+        image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
@@ -302,7 +334,7 @@ jobs:
        run: npm run typeorm:migrations:generate ./src/infra/migrations/TestMigration

      - name: Find file changes
-        uses: tj-actions/verify-changed-files@v13.1
+        uses: tj-actions/verify-changed-files@v18
        id: verify-changed-files
        with:
          files: |
@@ -320,7 +352,7 @@ jobs:
          DB_URL: postgres://postgres:postgres@localhost:5432/immich

      - name: Find file changes
-        uses: tj-actions/verify-changed-files@v13.1
+        uses: tj-actions/verify-changed-files@v18
        id: verify-changed-sql-files
        with:
          files: |
--- a/633
+++ b/633
@@ -1,21 +1,620 @@
-MIT License
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007

-Copyright (c) 2022 Hau Tran
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.

-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+                            Preamble

-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU Affero General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS

-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
--- a/4
+++ b/4
@@ -22,6 +22,10 @@ server-e2e-jobs:
 server-e2e-api:
 	npm run e2e:api --prefix server

+.PHONY: e2e
+e2e:
+	docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans
+
 prod:
 	docker compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans

--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 <p align="center"> 
  <br/>  
-  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-green.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: MIT"></a>
+  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: AGPLv3"></a>
  <a href="https://discord.gg/D8JsnBEuKb">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" alt="Discord"/>
  </a>
@@ -69,6 +69,9 @@ password: demo
 Spec: Free-tier Oracle VM - Amsterdam - 2.4Ghz quad-core ARM64 CPU, 24GB RAM
 ```

+## Activities
+![Activities](https://repobeats.axiom.co/api/embed/9e86d9dc3ddd137161f2f6d2e758d7863b1789cb.svg "Repobeats analytics image")
+
 ## Features


@@ -117,7 +120,7 @@ If you feel like this is the right cause and the app is something you are seeing
 - [One-time donation](https://github.com/sponsors/immich-app?frequency=one-time&sponsor=alextran1502) via GitHub Sponsors
 - [Liberapay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - ZCash: u1smm4wvqegcp46zss2jf5xptchgeczp4rx7a0wu3mermf2wxahm26yyz5w9mw3f2p4emwlljxjumg774kgs8rntt9yags0whnzane4n67z4c7gppq4yyvcj404ne3r769prwzd9j8ntvqp44fa6d67sf7rmcfjmds3gmeceff4u8e92rh38nd30cr96xw6vfhk6scu4ws90ldzupr3sz

 ## Contributors
@@ -125,3 +128,9 @@ If you feel like this is the right cause and the app is something you are seeing
 <a href="https://github.com/alextran1502/immich/graphs/contributors">
  <img src="https://contrib.rocks/image?repo=immich-app/immich" width="100%"/>
 </a>
+
+## Star History
+
+<a href="https://star-history.com/#immich-app/immich">
+  <img src="https://api.star-history.com/svg?repos=immich-app/immich&type=Date" alt="Star History Chart" width="100%" />
+</a>
--- a/README_ca_ES.md
+++ b/README_ca_ES.md
@@ -1,6 +1,6 @@
 <p align="center"> 
  <br/>  
-  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-green.svg?color=3F51B5&style=for-the-badge&label=Llicència&logoColor=000000&labelColor=ececec" alt="Llicència: MIT"></a>
+  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=Llicència&logoColor=000000&labelColor=ececec" alt="Llicència: MIT"></a>
  <a href="https://discord.gg/D8JsnBEuKb">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" atl="Discord"/>
  </a>
@@ -110,5 +110,5 @@ Si creieu que aquesta és una causa justa i l'aplicació és alguna cosa que us
 - [Donació única](https://github.com/sponsors/immich-app?frequency=one-time&sponsor=alextran1502) a través de GitHub Sponsors
 - [Librepay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - ZCash: u1smm4wvqegcp46zss2jf5xptchgeczp4rx7a0wu3mermf2wxahm26yyz5w9mw3f2p4emwlljxjumg774kgs8rntt9yags0whnzane4n67z4c7gppq4yyvcj404ne3r769prwzd9j8ntvqp44fa6d67sf7rmcfjmds3gmeceff4u8e92rh38nd30cr96xw6vfhk6scu4ws90ldzupr3sz
--- a/README_de_DE.md
+++ b/README_de_DE.md
@@ -1,6 +1,6 @@
 <p align="center"> 
  <br/>  
-  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-green.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="Lizenz: MIT"></a>
+  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="Lizenz: MIT"></a>
  <a href="https://discord.gg/D8JsnBEuKb">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" alt="Discord"/>
  </a>
@@ -113,7 +113,7 @@ Wenn Du denkst, dass dies die richtige Sache ist und dich selbst die App für ei
 - [Einmalige Spende](https://github.com/sponsors/immich-app?frequency=one-time&sponsor=immich-app) via GitHub Sponsors
 - [Librepay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - ZCash: u1smm4wvqegcp46zss2jf5xptchgeczp4rx7a0wu3mermf2wxahm26yyz5w9mw3f2p4emwlljxjumg774kgs8rntt9yags0whnzane4n67z4c7gppq4yyvcj404ne3r769prwzd9j8ntvqp44fa6d67sf7rmcfjmds3gmeceff4u8e92rh38nd30cr96xw6vfhk6scu4ws90ldzupr3sz

 ## Mitwirkende
--- a/README_es_ES.md
+++ b/README_es_ES.md
@@ -1,6 +1,6 @@
 <p align="center">
  <br/>
-  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-green.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="Licencia: MIT"></a>
+  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="Licencia: MIT"></a>
  <a href="https://discord.gg/D8JsnBEuKb">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" atl="Discord"/>
  </a>
@@ -111,5 +111,5 @@ Si consideras que esta es una causa justa y la aplicación es algo que te gustar
 - [Donación única](https://github.com/sponsors/immich-app?frequency=one-time&sponsor=alextran1502) a través de GitHub Sponsors
 - [Librepay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - ZCash: u1smm4wvqegcp46zss2jf5xptchgeczp4rx7a0wu3mermf2wxahm26yyz5w9mw3f2p4emwlljxjumg774kgs8rntt9yags0whnzane4n67z4c7gppq4yyvcj404ne3r769prwzd9j8ntvqp44fa6d67sf7rmcfjmds3gmeceff4u8e92rh38nd30cr96xw6vfhk6scu4ws90ldzupr3sz
--- a/README_fr_FR.md
+++ b/README_fr_FR.md
@@ -1,6 +1,6 @@
 <p align="center"> 
  <br/>  
-  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-green.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: MIT"></a>
+  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: AGPLv3"></a>
  <a href="https://discord.gg/D8JsnBEuKb">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" atl="Discord"/>
  </a>
@@ -112,5 +112,5 @@ Si vous estimez que c'est pour la bonne cause et que vous prévoyez d'utiliser l
 - [Donation occasionnelle](https://github.com/sponsors/immich-app?frequency=one-time&sponsor=alextran1502) via GitHub Sponsors
 - [Librepay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - ZCash: u1smm4wvqegcp46zss2jf5xptchgeczp4rx7a0wu3mermf2wxahm26yyz5w9mw3f2p4emwlljxjumg774kgs8rntt9yags0whnzane4n67z4c7gppq4yyvcj404ne3r769prwzd9j8ntvqp44fa6d67sf7rmcfjmds3gmeceff4u8e92rh38nd30cr96xw6vfhk6scu4ws90ldzupr3sz
--- a/README_it_IT.md
+++ b/README_it_IT.md
@@ -1,6 +1,6 @@
 <p align="center"> 
  <br/>  
-  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-green.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: MIT"></a>
+  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: AGPLv3"></a>
  <a href="https://discord.gg/D8JsnBEuKb">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" atl="Discord"/>
  </a>
@@ -113,5 +113,5 @@ Se pensi che Immich sia una buona causa e che l'app sia qualcosa che useresti ne
 - [Donazione una tantum](https://github.com/sponsors/immich-app?frequency=one-time&sponsor=alextran1502) tramite GitHub Sponsors
 - [Librepay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - ZCash: u1smm4wvqegcp46zss2jf5xptchgeczp4rx7a0wu3mermf2wxahm26yyz5w9mw3f2p4emwlljxjumg774kgs8rntt9yags0whnzane4n67z4c7gppq4yyvcj404ne3r769prwzd9j8ntvqp44fa6d67sf7rmcfjmds3gmeceff4u8e92rh38nd30cr96xw6vfhk6scu4ws90ldzupr3sz
--- a/README_ja_JP.md
+++ b/README_ja_JP.md
@@ -1,6 +1,6 @@
 <p align="center">
  <br/>
-  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-green.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: MIT"></a>
+  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: AGPLv3"></a>
  <a href="https://discord.gg/D8JsnBEuKb">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" atl="Discord"/>
  </a>
@@ -112,4 +112,4 @@ Spec: Free-tier Oracle VM - Amsterdam - 2.4Ghz quad-core ARM64 CPU, 24GB RAM
 - GitHub スポンサー経由の[一回寄付](https://github.com/sponsors/immich-app?frequency=one-time&sponsor=alextran1502)
 - [Librepay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
--- a/README_ko_KR.md
+++ b/README_ko_KR.md
@@ -1,6 +1,6 @@
 <p align="center"> 
  <br/>  
-  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-green.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: MIT"></a>
+  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: AGPLv3"></a>
  <a href="https://discord.gg/D8JsnBEuKb">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" alt="Discord"/>
  </a>
@@ -113,5 +113,5 @@ password: demo
 - GitHub 스폰서를 통한 [일시 후원](https://github.com/sponsors/immich-app?frequency=one-time&sponsor=alextran1502)
 - [Librepay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - ZCash: u1smm4wvqegcp46zss2jf5xptchgeczp4rx7a0wu3mermf2wxahm26yyz5w9mw3f2p4emwlljxjumg774kgs8rntt9yags0whnzane4n67z4c7gppq4yyvcj404ne3r769prwzd9j8ntvqp44fa6d67sf7rmcfjmds3gmeceff4u8e92rh38nd30cr96xw6vfhk6scu4ws90ldzupr3sz
--- a/README_nl_NL.md
+++ b/README_nl_NL.md
@@ -1,6 +1,6 @@
 <p align="center"> 
  <br/>  
-  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-green.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: MIT"></a>
+  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: AGPLv3"></a>
  <a href="https://discord.gg/D8JsnBEuKb">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" atl="Discord"/>
  </a>
@@ -112,5 +112,5 @@ Als je denkt dat dit het juiste doel is en de app iets is dat je jezelf al heel
 - [Eenmalige donatie](https://github.com/sponsors/immich-app?frequency=one-time&sponsor=alextran1502) via GitHub Sponsors
 - [Librepay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - ZCash: u1smm4wvqegcp46zss2jf5xptchgeczp4rx7a0wu3mermf2wxahm26yyz5w9mw3f2p4emwlljxjumg774kgs8rntt9yags0whnzane4n67z4c7gppq4yyvcj404ne3r769prwzd9j8ntvqp44fa6d67sf7rmcfjmds3gmeceff4u8e92rh38nd30cr96xw6vfhk6scu4ws90ldzupr3sz
--- a/README_ru_RU.md
+++ b/README_ru_RU.md
@@ -1,6 +1,6 @@
 <p align="center"> 
  <br/>  
-  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-green.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: MIT"></a>
+  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: AGPLv3"></a>
  <a href="https://discord.gg/D8JsnBEuKb">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" alt="Discord"/>
  </a>
@@ -115,7 +115,7 @@ Spec: Free-tier Oracle VM - Amsterdam - 2.4Ghz quad-core ARM64 CPU, 24GB RAM
 - [Одноразовое пожертвование](https://github.com/sponsors/immich-app?frequency=one-time&sponsor=alextran1502) via GitHub Sponsors
 - [Librepay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - ZCash: u1smm4wvqegcp46zss2jf5xptchgeczp4rx7a0wu3mermf2wxahm26yyz5w9mw3f2p4emwlljxjumg774kgs8rntt9yags0whnzane4n67z4c7gppq4yyvcj404ne3r769prwzd9j8ntvqp44fa6d67sf7rmcfjmds3gmeceff4u8e92rh38nd30cr96xw6vfhk6scu4ws90ldzupr3sz

 ## Авторы
--- a/README_tr_TR.md
+++ b/README_tr_TR.md
@@ -1,6 +1,6 @@
 <p align="center"> 
  <br/>  
-  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-green.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: MIT"></a>
+  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: AGPLv3"></a>
  <a href="https://discord.gg/D8JsnBEuKb">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" atl="Discord"/>
  </a>
@@ -109,5 +109,5 @@ Eğer bu size doğru bir amaç gibi geliyorsa ve uygulamanın uzun bir süre boy
 - [Bir seferlik bağış](https://github.com/sponsors/immich-app?frequency=one-time&sponsor=alextran1502) via GitHub Sponsors
 - [Librepay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - ZCash: u1smm4wvqegcp46zss2jf5xptchgeczp4rx7a0wu3mermf2wxahm26yyz5w9mw3f2p4emwlljxjumg774kgs8rntt9yags0whnzane4n67z4c7gppq4yyvcj404ne3r769prwzd9j8ntvqp44fa6d67sf7rmcfjmds3gmeceff4u8e92rh38nd30cr96xw6vfhk6scu4ws90ldzupr3sz
--- a/README_zh_CN.md
+++ b/README_zh_CN.md
@@ -1,6 +1,6 @@
 <p align="center"> 
  <br/>  
-  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-green.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: MIT"></a>
+  <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: AGPLv3"></a>
  <a href="https://discord.gg/D8JsnBEuKb">
    <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" atl="Discord"/>
  </a>
@@ -119,7 +119,7 @@
 - 通过 Github Sponsors [单次捐赠](https://github.com/sponsors/immich-app?frequency=one-time&sponsor=alextran1502)
 - [Librepay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- 比特币: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- 比特币: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - ZCash: u1smm4wvqegcp46zss2jf5xptchgeczp4rx7a0wu3mermf2wxahm26yyz5w9mw3f2p4emwlljxjumg774kgs8rntt9yags0whnzane4n67z4c7gppq4yyvcj404ne3r769prwzd9j8ntvqp44fa6d67sf7rmcfjmds3gmeceff4u8e92rh38nd30cr96xw6vfhk6scu4ws90ldzupr3sz

 ## 贡献者
--- a/cli/.eslintrc.cjs
+++ b/cli/.eslintrc.cjs
@@ -6,11 +6,10 @@ module.exports = {
    tsconfigRootDir: __dirname,
  },
  plugins: ['@typescript-eslint/eslint-plugin'],
-  extends: ['plugin:@typescript-eslint/recommended', 'plugin:prettier/recommended'],
+  extends: ['plugin:@typescript-eslint/recommended', 'plugin:prettier/recommended', 'plugin:unicorn/recommended'],
  root: true,
  env: {
    node: true,
-    jest: true,
  },
  ignorePatterns: ['.eslintrc.js'],
  rules: {
@@ -19,6 +18,9 @@ module.exports = {
    '@typescript-eslint/explicit-module-boundary-types': 'off',
    '@typescript-eslint/no-explicit-any': 'off',
    '@typescript-eslint/no-floating-promises': 'error',
+    'unicorn/prefer-module': 'off',
+    curly: 2,
    'prettier/prettier': 0,
+    'unicorn/prevent-abbreviations': 'error',
  },
 };
--- a/cli/.npmignore
+++ b/cli/.npmignore
@@ -1,5 +1,4 @@
 **/*.spec.js
-test/**
 upload/**
 .editorconfig
 .eslintignore
--- a/cli/.prettierrc
+++ b/cli/.prettierrc
@@ -2,5 +2,7 @@
  "singleQuote": true,
  "trailingComma": "all",
  "printWidth": 120,
-  "semi": true
+  "semi": true,
+  "plugins": ["prettier-plugin-organize-imports"],
+  "organizeImportsSkipDestructiveCodeActions": true
 }
--- a/cli/Dockerfile
+++ b/cli/Dockerfile
@@ -1,19 +1,19 @@
-FROM ghcr.io/immich-app/base-server-dev:20240130@sha256:a11ac5c56f0ccce1f218954c07c43caadf489557252ba5b9ca1c5977aaa25999 as test
+FROM node:20-alpine3.19@sha256:c0a3badbd8a0a760de903e00cedbca94588e609299820557e72cba2a53dbaa2c as core

-WORKDIR /usr/src/app/server
-COPY server/package.json server/package-lock.json ./
+WORKDIR /usr/src/open-api/typescript-sdk
+COPY open-api/typescript-sdk/package*.json open-api/typescript-sdk/tsconfig*.json ./
 RUN npm ci
-COPY ./server/ .
+COPY open-api/typescript-sdk/ ./
+RUN npm run build
+
+WORKDIR /usr/src/app

-WORKDIR /usr/src/app/cli
 COPY cli/package.json cli/package-lock.json ./
 RUN npm ci
-COPY ./cli/ .

-FROM ghcr.io/immich-app/base-server-prod:20240130@sha256:ce23a32154540b906df3c971766bcd991561c60331794e0ebb780947ac48113f
+COPY cli .
+RUN npm run build

-VOLUME /usr/src/app/upload
+WORKDIR /import

-EXPOSE 3001
-
-ENTRYPOINT ["tini", "--", "/bin/sh"]
+ENTRYPOINT ["node", "/usr/src/app/dist"]
--- a/cli/LICENSE
+++ b/cli/LICENSE
@@ -1,21 +1,620 @@
-MIT License
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007

-Copyright (c) 2022 Hau Tran
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.

-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+                            Preamble

-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU Affero General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS

-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
--- a/cli/package-lock.json
+++ b/cli/package-lock.json
--- a/cli/package.json
+++ b/cli/package.json
@@ -1,62 +1,64 @@
 {
  "name": "@immich/cli",
-  "version": "2.0.6",
+  "version": "2.0.8",
  "description": "Command Line Interface (CLI) for Immich",
  "type": "module",
  "exports": "./dist/index.js",
  "bin": {
-    "immich": "./dist/src/index.js"
+    "immich": "dist/index.js"
  },
-  "license": "MIT",
+  "license": "GNU Affero General Public License version 3",
  "keywords": [
    "immich",
    "cli"
  ],
-  "dependencies": {
-    "@immich/sdk": "file:../open-api/typescript-sdk",
-    "axios": "^1.6.7",
-    "byte-size": "^8.1.1",
-    "cli-progress": "^3.12.0",
-    "commander": "^11.0.0",
-    "form-data": "^4.0.0",
-    "glob": "^10.3.1",
-    "yaml": "^2.3.1"
-  },
  "devDependencies": {
-    "@testcontainers/postgresql": "^10.4.0",
+    "@immich/sdk": "file:../open-api/typescript-sdk",
+    "@testcontainers/postgresql": "^10.7.1",
    "@types/byte-size": "^8.1.0",
    "@types/cli-progress": "^3.11.0",
+    "@types/lodash-es": "^4.17.12",
    "@types/mock-fs": "^4.13.1",
    "@types/node": "^20.3.1",
-    "@typescript-eslint/eslint-plugin": "^6.0.0",
-    "@typescript-eslint/parser": "^6.0.0",
+    "@typescript-eslint/eslint-plugin": "^7.0.0",
+    "@typescript-eslint/parser": "^7.0.0",
    "@vitest/coverage-v8": "^1.2.2",
-    "eslint": "^8.43.0",
-    "eslint-config-prettier": "^9.0.0",
-    "eslint-plugin-prettier": "^5.0.0",
-    "eslint-plugin-unicorn": "^50.0.0",
-    "immich": "file:../server",
+    "byte-size": "^8.1.1",
+    "cli-progress": "^3.12.0",
+    "commander": "^12.0.0",
+    "eslint": "^8.56.0",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-plugin-prettier": "^5.1.3",
+    "eslint-plugin-unicorn": "^51.0.0",
+    "glob": "^10.3.1",
    "mock-fs": "^5.2.0",
-    "ts-node": "^10.9.1",
-    "tslib": "^2.5.3",
-    "typescript": "^5.0.0",
-    "vitest": "^1.2.1"
+    "prettier": "^3.2.5",
+    "prettier-plugin-organize-imports": "^3.2.4",
+    "typescript": "^5.3.3",
+    "vite": "^5.0.12",
+    "vitest": "^1.2.2",
+    "yaml": "^2.3.1"
  },
  "scripts": {
-    "build": "tsc --project tsconfig.build.json",
-    "lint": "eslint \"src/**/*.ts\" \"test/**/*.ts\" --max-warnings 0",
+    "build": "vite build",
+    "lint": "eslint \"src/**/*.ts\" --max-warnings 0",
    "lint:fix": "npm run lint -- --fix",
    "prepack": "npm run build",
    "test": "vitest",
    "test:cov": "vitest --coverage",
    "format": "prettier --check .",
    "format:fix": "prettier --write .",
-    "check": "tsc --noEmit",
-    "test:e2e": "vitest --config test/e2e/vitest.config.ts"
+    "check": "tsc --noEmit"
  },
  "repository": {
    "type": "git",
-    "url": "github:immich-app/immich",
+    "url": "git+https://github.com/immich-app/immich.git",
    "directory": "cli"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "dependencies": {
+    "lodash-es": "^4.17.21"
  }
 }
--- a/cli/src/commands/base-command.ts
+++ b/cli/src/commands/base-command.ts
@@ -1,21 +1,20 @@
 import { ServerVersionResponseDto, UserResponseDto } from '@immich/sdk';
-import { ImmichApi } from '../services/api.service';
+import { ImmichApi } from 'src/services/api.service';
 import { SessionService } from '../services/session.service';

 export abstract class BaseCommand {
  protected sessionService!: SessionService;
-  protected immichApi!: ImmichApi;
  protected user!: UserResponseDto;
  protected serverVersion!: ServerVersionResponseDto;

-  constructor(options: { config?: string }) {
-    if (!options.config) {
+  constructor(options: { configDirectory?: string }) {
+    if (!options.configDirectory) {
      throw new Error('Config directory is required');
    }
-    this.sessionService = new SessionService(options.config);
+    this.sessionService = new SessionService(options.configDirectory);
  }

-  public async connect(): Promise<void> {
-    this.immichApi = await this.sessionService.connect();
+  public async connect(): Promise<ImmichApi> {
+    return await this.sessionService.connect();
  }
 }
--- a/cli/src/commands/login.command.ts
+++ b/cli/src/commands/login.command.ts
--- a/cli/src/commands/server-info.command.ts
+++ b/cli/src/commands/server-info.command.ts
@@ -2,10 +2,10 @@ import { BaseCommand } from './base-command';

 export class ServerInfoCommand extends BaseCommand {
  public async run() {
-    await this.connect();
-    const { data: versionInfo } = await this.immichApi.serverInfoApi.getServerVersion();
-    const { data: mediaTypes } = await this.immichApi.serverInfoApi.getSupportedMediaTypes();
-    const { data: statistics } = await this.immichApi.assetApi.getAssetStatistics();
+    const api = await this.connect();
+    const versionInfo = await api.getServerVersion();
+    const mediaTypes = await api.getSupportedMediaTypes();
+    const statistics = await api.getAssetStatistics();

    console.log(`Server Version: ${versionInfo.major}.${versionInfo.minor}.${versionInfo.patch}`);
    console.log(`Image Types: ${mediaTypes.image.map((extension) => extension.replace('.', ''))}`);
--- a/cli/src/commands/upload.command.ts
+++ b/cli/src/commands/upload.command.ts
@@ -1,24 +1,33 @@
-import axios, { AxiosRequestConfig, AxiosResponse } from 'axios';
+import { AssetBulkUploadCheckResult } from '@immich/sdk';
 import byteSize from 'byte-size';
 import cliProgress from 'cli-progress';
-import FormData from 'form-data';
-import fs, { ReadStream, createReadStream } from 'node:fs';
+import { chunk, zip } from 'lodash-es';
+import { createHash } from 'node:crypto';
+import fs, { createReadStream } from 'node:fs';
+import { access, constants, stat, unlink } from 'node:fs/promises';
+import os from 'node:os';
+import { basename } from 'node:path';
+import { ImmichApi } from 'src/services/api.service';
 import { CrawlService } from '../services/crawl.service';
 import { BaseCommand } from './base-command';
-import { basename } from 'node:path';
-import { access, constants, stat, unlink } from 'node:fs/promises';
-import { createHash } from 'node:crypto';
-import Os from 'os';
+
+const zipDefined = zip as <T, U>(a: T[], b: U[]) => [T, U][];
+
+enum CheckResponseStatus {
+  ACCEPT = 'accept',
+  REJECT = 'reject',
+  DUPLICATE = 'duplicate',
+}

 class Asset {
  readonly path: string;
-  readonly deviceId!: string;

+  id?: string;
  deviceAssetId?: string;
-  fileCreatedAt?: string;
-  fileModifiedAt?: string;
+  fileCreatedAt?: Date;
+  fileModifiedAt?: Date;
  sidecarPath?: string;
-  fileSize!: number;
+  fileSize?: number;
  albumName?: string;

  constructor(path: string) {
@@ -27,28 +36,34 @@ class Asset {

  async prepare() {
    const stats = await stat(this.path);
-    this.deviceAssetId = `${basename(this.path)}-${stats.size}`.replace(/\s+/g, '');
-    this.fileCreatedAt = stats.mtime.toISOString();
-    this.fileModifiedAt = stats.mtime.toISOString();
+    this.deviceAssetId = `${basename(this.path)}-${stats.size}`.replaceAll(/\s+/g, '');
+    this.fileCreatedAt = stats.mtime;
+    this.fileModifiedAt = stats.mtime;
    this.fileSize = stats.size;
    this.albumName = this.extractAlbumName();
  }

  async getUploadFormData(): Promise<FormData> {
-    if (!this.deviceAssetId) throw new Error('Device asset id not set');
-    if (!this.fileCreatedAt) throw new Error('File created at not set');
-    if (!this.fileModifiedAt) throw new Error('File modified at not set');
+    if (!this.deviceAssetId) {
+      throw new Error('Device asset id not set');
+    }
+    if (!this.fileCreatedAt) {
+      throw new Error('File created at not set');
+    }
+    if (!this.fileModifiedAt) {
+      throw new Error('File modified at not set');
+    }

    // TODO: doesn't xmp replace the file extension? Will need investigation
    const sideCarPath = `${this.path}.xmp`;
-    let sidecarData: ReadStream | undefined = undefined;
+    let sidecarData: Blob | undefined = undefined;
    try {
      await access(sideCarPath, constants.R_OK);
-      sidecarData = createReadStream(sideCarPath);
-    } catch (error) {}
+      sidecarData = new File([await fs.openAsBlob(sideCarPath)], basename(sideCarPath));
+    } catch {}

    const data: any = {
-      assetData: createReadStream(this.path),
+      assetData: new File([await fs.openAsBlob(this.path)], basename(this.path)),
      deviceAssetId: this.deviceAssetId,
      deviceId: 'CLI',
      fileCreatedAt: this.fileCreatedAt,
@@ -57,8 +72,8 @@ class Asset {
    };
    const formData = new FormData();

-    for (const prop in data) {
-      formData.append(prop, data[prop]);
+    for (const property in data) {
+      formData.append(property, data[property]);
    }

    if (sidecarData) {
@@ -86,12 +101,8 @@ class Asset {
    return await sha1(this.path);
  }

-  private extractAlbumName(): string {
-    if (Os.platform() === 'win32') {
-      return this.path.split('\\').slice(-2)[0];
-    } else {
-      return this.path.split('/').slice(-2)[0];
-    }
+  private extractAlbumName(): string | undefined {
+    return os.platform() === 'win32' ? this.path.split('\\').at(-2) : this.path.split('/').at(-2);
  }
 }

@@ -104,17 +115,141 @@ export class UploadOptionsDto {
  album? = false;
  albumName? = '';
  includeHidden? = false;
+  concurrency? = 4;
 }

 export class UploadCommand extends BaseCommand {
-  uploadLength!: number;
+  api!: ImmichApi;

  public async run(paths: string[], options: UploadOptionsDto): Promise<void> {
-    await this.connect();
+    this.api = await this.connect();

-    const formatResponse = await this.immichApi.serverInfoApi.getSupportedMediaTypes();
-    const crawlService = new CrawlService(formatResponse.data.image, formatResponse.data.video);
+    console.log('Crawling for assets...');
+    const files = await this.getFiles(paths, options);

+    if (files.length === 0) {
+      console.log('No assets found, exiting');
+      return;
+    }
+
+    const assetsToCheck = files.map((path) => new Asset(path));
+
+    const { newAssets, duplicateAssets } = await this.checkAssets(assetsToCheck, options.concurrency ?? 4);
+
+    const totalSizeUploaded = await this.upload(newAssets, options);
+    const messageStart = options.dryRun ? 'Would have' : 'Successfully';
+    if (newAssets.length === 0) {
+      console.log('All assets were already uploaded, nothing to do.');
+    } else {
+      console.log(
+        `${messageStart} uploaded ${newAssets.length} asset${newAssets.length === 1 ? '' : 's'} (${byteSize(totalSizeUploaded)})`,
+      );
+    }
+
+    if (options.album || options.albumName) {
+      const { createdAlbumCount, updatedAssetCount } = await this.updateAlbums(
+        [...newAssets, ...duplicateAssets],
+        options,
+      );
+      console.log(`${messageStart} created ${createdAlbumCount} new album${createdAlbumCount === 1 ? '' : 's'}`);
+      console.log(`${messageStart} updated ${updatedAssetCount} asset${updatedAssetCount === 1 ? '' : 's'}`);
+    }
+
+    if (!options.delete) {
+      return;
+    }
+
+    if (options.dryRun) {
+      console.log(`Would now have deleted assets, but skipped due to dry run`);
+      return;
+    }
+
+    console.log('Deleting assets that have been uploaded...');
+
+    await this.deleteAssets(newAssets, options);
+  }
+
+  public async checkAssets(
+    assetsToCheck: Asset[],
+    concurrency: number,
+  ): Promise<{ newAssets: Asset[]; duplicateAssets: Asset[]; rejectedAssets: Asset[] }> {
+    for (const assets of chunk(assetsToCheck, concurrency)) {
+      await Promise.all(assets.map((asset: Asset) => asset.prepare()));
+    }
+
+    const checkProgress = new cliProgress.SingleBar(
+      { format: 'Checking assets | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
+      cliProgress.Presets.shades_classic,
+    );
+    checkProgress.start(assetsToCheck.length, 0);
+
+    const newAssets = [];
+    const duplicateAssets = [];
+    const rejectedAssets = [];
+    try {
+      for (const assets of chunk(assetsToCheck, concurrency)) {
+        const checkedAssets = await this.getStatus(assets);
+        for (const checked of checkedAssets) {
+          if (checked.status === CheckResponseStatus.ACCEPT) {
+            newAssets.push(checked.asset);
+          } else if (checked.status === CheckResponseStatus.DUPLICATE) {
+            duplicateAssets.push(checked.asset);
+          } else {
+            rejectedAssets.push(checked.asset);
+          }
+          checkProgress.increment();
+        }
+      }
+    } finally {
+      checkProgress.stop();
+    }
+
+    return { newAssets, duplicateAssets, rejectedAssets };
+  }
+
+  public async upload(assetsToUpload: Asset[], options: UploadOptionsDto): Promise<number> {
+    let totalSize = 0;
+
+    // Compute total size first
+    for (const asset of assetsToUpload) {
+      totalSize += asset.fileSize ?? 0;
+    }
+
+    if (options.dryRun) {
+      return totalSize;
+    }
+
+    const uploadProgress = new cliProgress.SingleBar(
+      {
+        format: 'Uploading assets | {bar} | {percentage}% | ETA: {eta_formatted} | {value_formatted}/{total_formatted}',
+      },
+      cliProgress.Presets.shades_classic,
+    );
+    uploadProgress.start(totalSize, 0);
+    uploadProgress.update({ value_formatted: 0, total_formatted: byteSize(totalSize) });
+
+    let totalSizeUploaded = 0;
+    try {
+      for (const assets of chunk(assetsToUpload, options.concurrency)) {
+        const ids = await this.uploadAssets(assets);
+        for (const [asset, id] of zipDefined(assets, ids)) {
+          asset.id = id;
+          if (asset.fileSize) {
+            totalSizeUploaded += asset.fileSize ?? 0;
+          } else {
+            console.log(`Could not determine file size for ${asset.path}`);
+          }
+        }
+        uploadProgress.update(totalSizeUploaded, { value_formatted: byteSize(totalSizeUploaded) });
+      }
+    } finally {
+      uploadProgress.stop();
+    }
+
+    return totalSizeUploaded;
+  }
+
+  public async getFiles(paths: string[], options: UploadOptionsDto): Promise<string[]> {
    const inputFiles: string[] = [];
    for (const pathArgument of paths) {
      const fileStat = await fs.promises.lstat(pathArgument);
@@ -123,165 +258,187 @@ export class UploadCommand extends BaseCommand {
      }
    }

-    const files: string[] = await crawlService.crawl({
+    const files: string[] = await this.crawl(paths, options);
+    files.push(...inputFiles);
+    return files;
+  }
+
+  public async getAlbums(): Promise<Map<string, string>> {
+    const existingAlbums = await this.api.getAllAlbums();
+
+    const albumMapping = new Map<string, string>();
+    for (const album of existingAlbums) {
+      albumMapping.set(album.albumName, album.id);
+    }
+
+    return albumMapping;
+  }
+
+  public async updateAlbums(
+    assets: Asset[],
+    options: UploadOptionsDto,
+  ): Promise<{ createdAlbumCount: number; updatedAssetCount: number }> {
+    if (options.albumName) {
+      for (const asset of assets) {
+        asset.albumName = options.albumName;
+      }
+    }
+
+    const existingAlbums = await this.getAlbums();
+    const assetsToUpdate = assets.filter(
+      (asset): asset is Asset & { albumName: string; id: string } => !!(asset.albumName && asset.id),
+    );
+
+    const newAlbumsSet: Set<string> = new Set();
+    for (const asset of assetsToUpdate) {
+      if (!existingAlbums.has(asset.albumName)) {
+        newAlbumsSet.add(asset.albumName);
+      }
+    }
+
+    const newAlbums = [...newAlbumsSet];
+
+    if (options.dryRun) {
+      return { createdAlbumCount: newAlbums.length, updatedAssetCount: assetsToUpdate.length };
+    }
+
+    const albumCreationProgress = new cliProgress.SingleBar(
+      {
+        format: 'Creating albums | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} albums',
+      },
+      cliProgress.Presets.shades_classic,
+    );
+    albumCreationProgress.start(newAlbums.length, 0);
+
+    try {
+      for (const albumNames of chunk(newAlbums, options.concurrency)) {
+        const newAlbumIds = await Promise.all(
+          albumNames.map((albumName: string) => this.api.createAlbum({ albumName }).then((r) => r.id)),
+        );
+
+        for (const [albumName, albumId] of zipDefined(albumNames, newAlbumIds)) {
+          existingAlbums.set(albumName, albumId);
+        }
+
+        albumCreationProgress.increment(albumNames.length);
+      }
+    } finally {
+      albumCreationProgress.stop();
+    }
+
+    const albumToAssets = new Map<string, string[]>();
+    for (const asset of assetsToUpdate) {
+      const albumId = existingAlbums.get(asset.albumName);
+      if (albumId) {
+        if (!albumToAssets.has(albumId)) {
+          albumToAssets.set(albumId, []);
+        }
+        albumToAssets.get(albumId)?.push(asset.id);
+      }
+    }
+
+    const albumUpdateProgress = new cliProgress.SingleBar(
+      {
+        format: 'Adding assets to albums | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets',
+      },
+      cliProgress.Presets.shades_classic,
+    );
+    albumUpdateProgress.start(assetsToUpdate.length, 0);
+
+    try {
+      for (const [albumId, assets] of albumToAssets.entries()) {
+        for (const assetBatch of chunk(assets, Math.min(1000 * (options.concurrency ?? 4), 65_000))) {
+          await this.api.addAssetsToAlbum(albumId, { ids: assetBatch });
+          albumUpdateProgress.increment(assetBatch.length);
+        }
+      }
+    } finally {
+      albumUpdateProgress.stop();
+    }
+
+    return { createdAlbumCount: newAlbums.length, updatedAssetCount: assetsToUpdate.length };
+  }
+
+  public async deleteAssets(assets: Asset[], options: UploadOptionsDto): Promise<void> {
+    const deletionProgress = new cliProgress.SingleBar(
+      {
+        format: 'Deleting local assets | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets',
+      },
+      cliProgress.Presets.shades_classic,
+    );
+    deletionProgress.start(assets.length, 0);
+
+    try {
+      for (const assetBatch of chunk(assets, options.concurrency)) {
+        await Promise.all(assetBatch.map((asset: Asset) => asset.delete()));
+        deletionProgress.update(assetBatch.length);
+      }
+    } finally {
+      deletionProgress.stop();
+    }
+  }
+
+  private async getStatus(assets: Asset[]): Promise<{ asset: Asset; status: CheckResponseStatus }[]> {
+    const checkResponse = await this.checkHashes(assets);
+
+    const responses = [];
+    for (const [check, asset] of zipDefined(checkResponse, assets)) {
+      if (check.assetId) {
+        asset.id = check.assetId;
+      }
+
+      if (check.action === 'accept') {
+        responses.push({ asset, status: CheckResponseStatus.ACCEPT });
+      } else if (check.reason === 'duplicate') {
+        responses.push({ asset, status: CheckResponseStatus.DUPLICATE });
+      } else {
+        responses.push({ asset, status: CheckResponseStatus.REJECT });
+      }
+    }
+
+    return responses;
+  }
+
+  private async checkHashes(assetsToCheck: Asset[]): Promise<AssetBulkUploadCheckResult[]> {
+    const checksums = await Promise.all(assetsToCheck.map((asset) => asset.hash()));
+    const assetBulkUploadCheckDto = {
+      assets: zipDefined(assetsToCheck, checksums).map(([asset, checksum]) => ({ id: asset.path, checksum })),
+    };
+    const checkResponse = await this.api.checkBulkUpload(assetBulkUploadCheckDto);
+    return checkResponse.results;
+  }
+
+  private async uploadAssets(assets: Asset[]): Promise<string[]> {
+    const fileRequests = await Promise.all(assets.map((asset) => asset.getUploadFormData()));
+    return Promise.all(fileRequests.map((request) => this.uploadAsset(request).then((response) => response.id)));
+  }
+
+  private async crawl(paths: string[], options: UploadOptionsDto): Promise<string[]> {
+    const formatResponse = await this.api.getSupportedMediaTypes();
+    const crawlService = new CrawlService(formatResponse.image, formatResponse.video);
+
+    return crawlService.crawl({
      pathsToCrawl: paths,
      recursive: options.recursive,
      exclusionPatterns: options.exclusionPatterns,
      includeHidden: options.includeHidden,
    });
-
-    files.push(...inputFiles);
-
-    if (files.length === 0) {
-      console.log('No assets found, exiting');
-      return;
-    }
-
-    const assetsToUpload = files.map((path) => new Asset(path));
-
-    const uploadProgress = new cliProgress.SingleBar(
-      {
-        format: '{bar} | {percentage}% | ETA: {eta_formatted} | {value_formatted}/{total_formatted}: {filename}',
-      },
-      cliProgress.Presets.shades_classic,
-    );
-
-    let totalSize = 0;
-    let sizeSoFar = 0;
-
-    let totalSizeUploaded = 0;
-    let uploadCounter = 0;
-
-    for (const asset of assetsToUpload) {
-      // Compute total size first
-      await asset.prepare();
-      totalSize += asset.fileSize;
-
-      if (options.albumName) {
-        asset.albumName = options.albumName;
-      }
-    }
-
-    const existingAlbums = (await this.immichApi.albumApi.getAllAlbums()).data;
-
-    uploadProgress.start(totalSize, 0);
-    uploadProgress.update({ value_formatted: 0, total_formatted: byteSize(totalSize) });
-
-    try {
-      for (const asset of assetsToUpload) {
-        uploadProgress.update({
-          filename: asset.path,
-        });
-
-        let skipUpload = false;
-
-        let skipAsset = false;
-        let existingAssetId: string | undefined = undefined;
-
-        if (!options.skipHash) {
-          const assetBulkUploadCheckDto = { assets: [{ id: asset.path, checksum: await asset.hash() }] };
-
-          const checkResponse = await this.immichApi.assetApi.checkBulkUpload({
-            assetBulkUploadCheckDto,
-          });
-
-          skipUpload = checkResponse.data.results[0].action === 'reject';
-
-          const isDuplicate = checkResponse.data.results[0].reason === 'duplicate';
-          if (isDuplicate) {
-            existingAssetId = checkResponse.data.results[0].assetId;
-          }
-
-          skipAsset = skipUpload && !isDuplicate;
-        }
-
-        if (!skipAsset) {
-          if (!options.dryRun) {
-            if (!skipUpload) {
-              const formData = await asset.getUploadFormData();
-              const res = await this.uploadAsset(formData);
-              existingAssetId = res.data.id;
-              uploadCounter++;
-              totalSizeUploaded += asset.fileSize;
-            }
-
-            if ((options.album || options.albumName) && asset.albumName !== undefined) {
-              let album = existingAlbums.find((album) => album.albumName === asset.albumName);
-              if (!album) {
-                const res = await this.immichApi.albumApi.createAlbum({
-                  createAlbumDto: { albumName: asset.albumName },
-                });
-                album = res.data;
-                existingAlbums.push(album);
-              }
-
-              if (existingAssetId) {
-                await this.immichApi.albumApi.addAssetsToAlbum({
-                  id: album.id,
-                  bulkIdsDto: { ids: [existingAssetId] },
-                });
-              }
-            }
-          }
-        }
-
-        sizeSoFar += asset.fileSize;
-
-        uploadProgress.update(sizeSoFar, { value_formatted: byteSize(sizeSoFar) });
-      }
-    } finally {
-      uploadProgress.stop();
-    }
-
-    let messageStart;
-    if (options.dryRun) {
-      messageStart = 'Would have';
-    } else {
-      messageStart = 'Successfully';
-    }
-
-    if (uploadCounter === 0) {
-      console.log('All assets were already uploaded, nothing to do.');
-    } else {
-      console.log(`${messageStart} uploaded ${uploadCounter} assets (${byteSize(totalSizeUploaded)})`);
-    }
-    if (options.delete) {
-      if (options.dryRun) {
-        console.log(`Would now have deleted assets, but skipped due to dry run`);
-      } else {
-        console.log('Deleting assets that have been uploaded...');
-        const deletionProgress = new cliProgress.SingleBar(cliProgress.Presets.shades_classic);
-        deletionProgress.start(files.length, 0);
-
-        for (const asset of assetsToUpload) {
-          if (!options.dryRun) {
-            await asset.delete();
-          }
-          deletionProgress.increment();
-        }
-        deletionProgress.stop();
-        console.log('Deletion complete');
-      }
-    }
  }

-  private async uploadAsset(data: FormData): Promise<AxiosResponse> {
-    const url = this.immichApi.instanceUrl + '/asset/upload';
+  private async uploadAsset(data: FormData): Promise<{ id: string }> {
+    const url = this.api.instanceUrl + '/asset/upload';

-    const config: AxiosRequestConfig = {
+    const response = await fetch(url, {
      method: 'post',
-      maxRedirects: 0,
-      url,
+      redirect: 'error',
      headers: {
-        'x-api-key': this.immichApi.apiKey,
-        ...data.getHeaders(),
+        'x-api-key': this.api.apiKey,
      },
-      maxContentLength: Infinity,
-      maxBodyLength: Infinity,
-      data,
-    };
-
-    const res = await axios(config);
-    return res;
+      body: data,
+    });
+    if (response.status !== 200 && response.status !== 201) {
+      throw new Error(await response.text());
+    }
+    return response.json();
  }
 }
--- a/cli/src/index.ts
+++ b/cli/src/index.ts
@@ -1,21 +1,24 @@
 #! /usr/bin/env node
 import { Command, Option } from 'commander';
+import os from 'node:os';
 import path from 'node:path';
-import os from 'os';
 import { version } from '../package.json';
-import { LoginCommand } from './commands/login';
+import { LoginCommand } from './commands/login.command';
 import { LogoutCommand } from './commands/logout.command';
 import { ServerInfoCommand } from './commands/server-info.command';
 import { UploadCommand } from './commands/upload.command';

-const userHomeDir = os.homedir();
-const configDir = path.join(userHomeDir, '.config/immich/');
+const defaultConfigDirectory = path.join(os.homedir(), '.config/immich/');

 const program = new Command()
  .name('immich')
  .version(version)
  .description('Command line interface for Immich')
-  .addOption(new Option('-d, --config', 'Configuration directory').env('IMMICH_CONFIG_DIR').default(configDir));
+  .addOption(
+    new Option('-d, --config-directory <directory>', 'Configuration directory where auth.yml will be stored')
+      .env('IMMICH_CONFIG_DIR')
+      .default(defaultConfigDirectory),
+  );

 program
  .command('upload')
@@ -24,7 +27,7 @@ program
  .addOption(new Option('-r, --recursive', 'Recursive').env('IMMICH_RECURSIVE').default(false))
  .addOption(new Option('-i, --ignore [paths...]', 'Paths to ignore').env('IMMICH_IGNORE_PATHS'))
  .addOption(new Option('-h, --skip-hash', "Don't hash files before upload").env('IMMICH_SKIP_HASH').default(false))
-  .addOption(new Option('-i, --include-hidden', 'Include hidden folders').env('IMMICH_INCLUDE_HIDDEN').default(false))
+  .addOption(new Option('-H, --include-hidden', 'Include hidden folders').env('IMMICH_INCLUDE_HIDDEN').default(false))
  .addOption(
    new Option('-a, --album', 'Automatically create albums based on folder name')
      .env('IMMICH_AUTO_CREATE_ALBUM')
@@ -40,6 +43,11 @@ program
      .env('IMMICH_DRY_RUN')
      .default(false),
  )
+  .addOption(
+    new Option('-c, --concurrency', 'Number of assets to upload at the same time')
+      .env('IMMICH_UPLOAD_CONCURRENCY')
+      .default(4),
+  )
  .addOption(new Option('--delete', 'Delete local assets after upload').env('IMMICH_DELETE_ASSETS'))
  .argument('[paths...]', 'One or more paths to assets to be uploaded')
  .action(async (paths, options) => {
@@ -57,10 +65,10 @@ program
 program
  .command('login-key')
  .description('Login using an API key')
-  .argument('[instanceUrl]')
-  .argument('[apiKey]')
-  .action(async (paths, options) => {
-    await new LoginCommand(program.opts()).run(paths, options);
+  .argument('url')
+  .argument('key')
+  .action(async (url, key) => {
+    await new LoginCommand(program.opts()).run(url, key);
  });

 program
--- a/cli/src/services/api.service.ts
+++ b/cli/src/services/api.service.ts
@@ -1,57 +1,106 @@
 import {
-  AlbumApi,
-  APIKeyApi,
-  AssetApi,
-  AuthenticationApi,
-  Configuration,
-  JobApi,
-  OAuthApi,
-  ServerInfoApi,
-  SystemConfigApi,
-  UserApi,
+  ApiKeyCreateDto,
+  AssetBulkUploadCheckDto,
+  BulkIdsDto,
+  CreateAlbumDto,
+  CreateAssetDto,
+  LoginCredentialDto,
+  SignUpDto,
+  addAssetsToAlbum,
+  checkBulkUpload,
+  createAlbum,
+  createApiKey,
+  getAllAlbums,
+  getAllAssets,
+  getAssetStatistics,
+  getMyUserInfo,
+  getServerVersion,
+  getSupportedMediaTypes,
+  login,
+  pingServer,
+  signUpAdmin,
+  uploadFile,
 } from '@immich/sdk';
-import FormData from 'form-data';

+/**
+ * Wraps the underlying API to abstract away the options and make API calls mockable for testing.
+ */
 export class ImmichApi {
-  public userApi: UserApi;
-  public albumApi: AlbumApi;
-  public assetApi: AssetApi;
-  public authenticationApi: AuthenticationApi;
-  public oauthApi: OAuthApi;
-  public serverInfoApi: ServerInfoApi;
-  public jobApi: JobApi;
-  public keyApi: APIKeyApi;
-  public systemConfigApi: SystemConfigApi;
-
-  private readonly config;
+  private readonly options;

  constructor(
    public instanceUrl: string,
    public apiKey: string,
  ) {
-    this.config = new Configuration({
-      basePath: instanceUrl,
-      baseOptions: {
-        headers: {
-          'x-api-key': apiKey,
-        },
+    this.options = {
+      baseUrl: instanceUrl,
+      headers: {
+        'x-api-key': apiKey,
      },
-      formDataCtor: FormData,
-    });
-
-    this.userApi = new UserApi(this.config);
-    this.albumApi = new AlbumApi(this.config);
-    this.assetApi = new AssetApi(this.config);
-    this.authenticationApi = new AuthenticationApi(this.config);
-    this.oauthApi = new OAuthApi(this.config);
-    this.serverInfoApi = new ServerInfoApi(this.config);
-    this.jobApi = new JobApi(this.config);
-    this.keyApi = new APIKeyApi(this.config);
-    this.systemConfigApi = new SystemConfigApi(this.config);
+    };
  }

  setApiKey(apiKey: string) {
    this.apiKey = apiKey;
-    this.config.baseOptions.headers['x-api-key'] = apiKey;
+    if (!this.options.headers) {
+      throw new Error('missing headers');
+    }
+    this.options.headers['x-api-key'] = apiKey;
+  }
+
+  addAssetsToAlbum(id: string, bulkIdsDto: BulkIdsDto) {
+    return addAssetsToAlbum({ id, bulkIdsDto }, this.options);
+  }
+
+  checkBulkUpload(assetBulkUploadCheckDto: AssetBulkUploadCheckDto) {
+    return checkBulkUpload({ assetBulkUploadCheckDto }, this.options);
+  }
+
+  createAlbum(createAlbumDto: CreateAlbumDto) {
+    return createAlbum({ createAlbumDto }, this.options);
+  }
+
+  createApiKey(apiKeyCreateDto: ApiKeyCreateDto, options: { headers: { Authorization: string } }) {
+    return createApiKey({ apiKeyCreateDto }, { ...this.options, ...options });
+  }
+
+  getAllAlbums() {
+    return getAllAlbums({}, this.options);
+  }
+
+  getAllAssets() {
+    return getAllAssets({}, this.options);
+  }
+
+  getAssetStatistics() {
+    return getAssetStatistics({}, this.options);
+  }
+
+  getMyUserInfo() {
+    return getMyUserInfo(this.options);
+  }
+
+  getServerVersion() {
+    return getServerVersion(this.options);
+  }
+
+  getSupportedMediaTypes() {
+    return getSupportedMediaTypes(this.options);
+  }
+
+  login(loginCredentialDto: LoginCredentialDto) {
+    return login({ loginCredentialDto }, this.options);
+  }
+
+  pingServer() {
+    return pingServer(this.options);
+  }
+
+  signUpAdmin(signUpDto: SignUpDto) {
+    return signUpAdmin({ signUpDto }, this.options);
+  }
+
+  uploadFile(createAssetDto: CreateAssetDto) {
+    return uploadFile({ createAssetDto }, this.options);
  }
 }
--- a/cli/src/services/crawl.service.spec.ts
+++ b/cli/src/services/crawl.service.spec.ts
@@ -1,5 +1,5 @@
 import mockfs from 'mock-fs';
-import { CrawlService, CrawlOptions } from './crawl.service';
+import { CrawlOptions, CrawlService } from './crawl.service';

 interface Test {
  test: string;
--- a/cli/src/services/crawl.service.ts
+++ b/cli/src/services/crawl.service.ts
@@ -1,5 +1,5 @@
 import { glob } from 'glob';
-import * as fs from 'fs';
+import * as fs from 'node:fs';

 export class CrawlOptions {
  pathsToCrawl!: string[];
@@ -12,14 +12,14 @@ export class CrawlService {
  private readonly extensions!: string[];

  constructor(image: string[], video: string[]) {
-    this.extensions = image.concat(video).map((extension) => extension.replace('.', ''));
+    this.extensions = [...image, ...video].map((extension) => extension.replace('.', ''));
  }

  async crawl(options: CrawlOptions): Promise<string[]> {
    const { recursive, pathsToCrawl, exclusionPatterns, includeHidden } = options;

    if (!pathsToCrawl) {
-      return Promise.resolve([]);
+      return [];
    }

    const patterns: string[] = [];
@@ -65,8 +65,6 @@ export class CrawlService {
      ignore: exclusionPatterns,
    });

-    const returnedFiles = crawledFiles.concat(globbedFiles);
-    returnedFiles.sort();
-    return returnedFiles;
+    return [...crawledFiles, ...globbedFiles].sort();
  }
 }
--- a/cli/src/services/session.service.spec.ts
+++ b/cli/src/services/session.service.spec.ts
@@ -1,29 +1,55 @@
-import { SessionService } from './session.service';
 import fs from 'node:fs';
+import path from 'node:path';
 import yaml from 'yaml';
-import {
-  TEST_AUTH_FILE,
-  TEST_CONFIG_DIR,
-  TEST_IMMICH_API_KEY,
-  TEST_IMMICH_INSTANCE_URL,
-  createTestAuthFile,
-  deleteAuthFile,
-  readTestAuthFile,
-  spyOnConsole,
-} from '../../test/cli-test-utils';
+import { SessionService } from './session.service';

-const mockPingServer = vi.fn(() => Promise.resolve({ data: { res: 'pong' } }));
-const mockUserInfo = vi.fn(() => Promise.resolve({ data: { email: 'admin@example.com' } }));
+const TEST_CONFIG_DIR = '/tmp/immich/';
+const TEST_AUTH_FILE = path.join(TEST_CONFIG_DIR, 'auth.yml');
+const TEST_IMMICH_INSTANCE_URL = 'https://test/api';
+const TEST_IMMICH_API_KEY = 'pNussssKSYo5WasdgalvKJ1n9kdvaasdfbluPg';

-vi.mock('@immich/sdk', async () => ({
-  ...(await vi.importActual('@immich/sdk')),
-  UserApi: vi.fn().mockImplementation(() => {
-    return { getMyUserInfo: mockUserInfo };
-  }),
-  ServerInfoApi: vi.fn().mockImplementation(() => {
-    return { pingServer: mockPingServer };
-  }),
-}));
+const spyOnConsole = () => vi.spyOn(console, 'log').mockImplementation(() => {});
+
+const createTestAuthFile = async (contents: string) => {
+  if (!fs.existsSync(TEST_CONFIG_DIR)) {
+    // Create config folder if it doesn't exist
+    const created = await fs.promises.mkdir(TEST_CONFIG_DIR, { recursive: true });
+    if (!created) {
+      throw new Error(`Failed to create config folder ${TEST_CONFIG_DIR}`);
+    }
+  }
+
+  fs.writeFileSync(TEST_AUTH_FILE, contents);
+};
+
+const readTestAuthFile = async (): Promise<string> => {
+  return await fs.promises.readFile(TEST_AUTH_FILE, 'utf8');
+};
+
+const deleteAuthFile = () => {
+  try {
+    fs.unlinkSync(TEST_AUTH_FILE);
+  } catch (error: any) {
+    if (error.code !== 'ENOENT') {
+      throw error;
+    }
+  }
+};
+
+const mocks = vi.hoisted(() => {
+  return {
+    getMyUserInfo: vi.fn(() => Promise.resolve({ email: 'admin@example.com' })),
+    pingServer: vi.fn(() => Promise.resolve({ res: 'pong' })),
+  };
+});
+
+vi.mock('./api.service', async (importOriginal) => {
+  const module = await importOriginal<typeof import('./api.service')>();
+  // @ts-expect-error this is only a partial implementation of the return value
+  module.ImmichApi.prototype.getMyUserInfo = mocks.getMyUserInfo;
+  module.ImmichApi.prototype.pingServer = mocks.pingServer;
+  return module;
+});

 describe('SessionService', () => {
  let sessionService: SessionService;
@@ -46,7 +72,7 @@ describe('SessionService', () => {
    );

    await sessionService.connect();
-    expect(mockPingServer).toHaveBeenCalledTimes(1);
+    expect(mocks.pingServer).toHaveBeenCalledTimes(1);
  });

  it('should error if no auth file exists', async () => {
--- a/cli/src/services/session.service.ts
+++ b/cli/src/services/session.service.ts
@@ -1,9 +1,8 @@
-import { existsSync } from 'fs';
+import { existsSync } from 'node:fs';
 import { access, constants, mkdir, readFile, unlink, writeFile } from 'node:fs/promises';
 import path from 'node:path';
 import yaml from 'yaml';
 import { ImmichApi } from './api.service';
-
 class LoginError extends Error {
  constructor(message: string) {
    super(message);
@@ -15,12 +14,12 @@ class LoginError extends Error {
 }

 export class SessionService {
-  readonly configDir!: string;
+  readonly configDirectory!: string;
  readonly authPath!: string;

-  constructor(configDir: string) {
-    this.configDir = configDir;
-    this.authPath = path.join(configDir, '/auth.yml');
+  constructor(configDirectory: string) {
+    this.configDirectory = configDirectory;
+    this.authPath = path.join(configDirectory, '/auth.yml');
  }

  async connect(): Promise<ImmichApi> {
@@ -51,12 +50,12 @@ export class SessionService {

    const api = new ImmichApi(instanceUrl, apiKey);

-    const { data: pingResponse } = await api.serverInfoApi.pingServer().catch((error) => {
-      throw new Error(`Failed to connect to server ${api.instanceUrl}: ${error.message}`);
+    const pingResponse = await api.pingServer().catch((error) => {
+      throw new Error(`Failed to connect to server ${instanceUrl}: ${error.message}`, error);
    });

    if (pingResponse.res !== 'pong') {
-      throw new Error(`Could not parse response. Is Immich listening on ${api.instanceUrl}?`);
+      throw new Error(`Could not parse response. Is Immich listening on ${instanceUrl}?`);
    }

    return api;
@@ -68,21 +67,21 @@ export class SessionService {
    const api = new ImmichApi(instanceUrl, apiKey);

    // Check if server and api key are valid
-    const { data: userInfo } = await api.userApi.getMyUserInfo().catch((error) => {
+    const userInfo = await api.getMyUserInfo().catch((error) => {
      throw new LoginError(`Failed to connect to server ${instanceUrl}: ${error.message}`);
    });

    console.log(`Logged in as ${userInfo.email}`);

-    if (!existsSync(this.configDir)) {
+    if (!existsSync(this.configDirectory)) {
      // Create config folder if it doesn't exist
-      const created = await mkdir(this.configDir, { recursive: true });
+      const created = await mkdir(this.configDirectory, { recursive: true });
      if (!created) {
-        throw new Error(`Failed to create config folder ${this.configDir}`);
+        throw new Error(`Failed to create config folder ${this.configDirectory}`);
      }
    }

-    await writeFile(this.authPath, yaml.stringify({ instanceUrl, apiKey }));
+    await writeFile(this.authPath, yaml.stringify({ instanceUrl, apiKey }), { mode: 0o600 });

    console.log('Wrote auth info to ' + this.authPath);

--- a/cli/src/version.ts
+++ b/cli/src/version.ts
@@ -1,4 +1,4 @@
-import pkg from '../package.json';
+import { version } from '../package.json';

 export interface ICliVersion {
  major: number;
@@ -23,7 +23,7 @@ export class CliVersion implements ICliVersion {
  }

  static fromString(version: string): CliVersion {
-    const regex = /(?:v)?(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)/i;
+    const regex = /v?(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)/i;
    const matchResult = version.match(regex);
    if (matchResult) {
      const [, major, minor, patch] = matchResult.map(Number);
@@ -34,4 +34,4 @@ export class CliVersion implements ICliVersion {
  }
 }

-export const cliVersion = CliVersion.fromString(pkg.version);
+export const cliVersion = CliVersion.fromString(version);
--- a/cli/test/cli-test-utils.ts
+++ b/cli/test/cli-test-utils.ts
@@ -1,56 +0,0 @@
-import fs from 'node:fs';
-import path from 'node:path';
-import { ImmichApi } from '../src/services/api.service';
-
-export const TEST_CONFIG_DIR = '/tmp/immich/';
-export const TEST_AUTH_FILE = path.join(TEST_CONFIG_DIR, 'auth.yml');
-export const TEST_IMMICH_INSTANCE_URL = 'https://test/api';
-export const TEST_IMMICH_API_KEY = 'pNussssKSYo5WasdgalvKJ1n9kdvaasdfbluPg';
-
-export const CLI_BASE_OPTIONS = { config: TEST_CONFIG_DIR };
-
-export const setup = async () => {
-  const api = new ImmichApi(process.env.IMMICH_INSTANCE_URL as string, '');
-  await api.authenticationApi.signUpAdmin({
-    signUpDto: { email: 'cli@immich.app', password: 'password', name: 'Administrator' },
-  });
-  const { data: admin } = await api.authenticationApi.login({
-    loginCredentialDto: { email: 'cli@immich.app', password: 'password' },
-  });
-  const { data: apiKey } = await api.keyApi.createApiKey(
-    { aPIKeyCreateDto: { name: 'CLI Test' } },
-    { headers: { Authorization: `Bearer ${admin.accessToken}` } },
-  );
-
-  api.setApiKey(apiKey.secret);
-
-  return api;
-};
-
-export const spyOnConsole = () => vi.spyOn(console, 'log').mockImplementation(() => {});
-
-export const createTestAuthFile = async (contents: string) => {
-  if (!fs.existsSync(TEST_CONFIG_DIR)) {
-    // Create config folder if it doesn't exist
-    const created = await fs.promises.mkdir(TEST_CONFIG_DIR, { recursive: true });
-    if (!created) {
-      throw new Error(`Failed to create config folder ${TEST_CONFIG_DIR}`);
-    }
-  }
-
-  fs.writeFileSync(TEST_AUTH_FILE, contents);
-};
-
-export const readTestAuthFile = async (): Promise<string> => {
-  return await fs.promises.readFile(TEST_AUTH_FILE, 'utf8');
-};
-
-export const deleteAuthFile = () => {
-  try {
-    fs.unlinkSync(TEST_AUTH_FILE);
-  } catch (error: any) {
-    if (error.code !== 'ENOENT') {
-      throw error;
-    }
-  }
-};
--- a/cli/test/e2e/login-key.e2e-spec.ts
+++ b/cli/test/e2e/login-key.e2e-spec.ts
@@ -1,42 +0,0 @@
-import { restoreTempFolder, testApp } from '@test-utils';
-import { CLI_BASE_OPTIONS, setup, spyOnConsole } from 'test/cli-test-utils';
-import { LoginCommand } from '../../src/commands/login';
-
-describe(`login-key (e2e)`, () => {
-  let apiKey: string;
-  let instanceUrl: string;
-
-  spyOnConsole();
-
-  beforeAll(async () => {
-    await testApp.create();
-    if (!process.env.IMMICH_INSTANCE_URL) {
-      throw new Error('IMMICH_INSTANCE_URL environment variable not set');
-    } else {
-      instanceUrl = process.env.IMMICH_INSTANCE_URL;
-    }
-  });
-
-  afterAll(async () => {
-    await testApp.teardown();
-    await restoreTempFolder();
-  });
-
-  beforeEach(async () => {
-    await testApp.reset();
-    await restoreTempFolder();
-
-    const api = await setup();
-    apiKey = api.apiKey;
-  });
-
-  it('should error when providing an invalid API key', async () => {
-    await expect(new LoginCommand(CLI_BASE_OPTIONS).run(instanceUrl, 'invalid')).rejects.toThrow(
-      `Failed to connect to server ${instanceUrl}: Request failed with status code 401`,
-    );
-  });
-
-  it('should log in when providing the correct API key', async () => {
-    await new LoginCommand(CLI_BASE_OPTIONS).run(instanceUrl, apiKey);
-  });
-});
--- a/cli/test/e2e/server-info.e2e-spec.ts
+++ b/cli/test/e2e/server-info.e2e-spec.ts
@@ -1,34 +0,0 @@
-import { restoreTempFolder, testApp } from '@test-utils';
-import { CLI_BASE_OPTIONS, setup, spyOnConsole } from 'test/cli-test-utils';
-import { ServerInfoCommand } from '../../src/commands/server-info.command';
-
-describe(`server-info (e2e)`, () => {
-  const consoleSpy = spyOnConsole();
-
-  beforeAll(async () => {
-    await testApp.create();
-  });
-
-  afterAll(async () => {
-    await testApp.teardown();
-    await restoreTempFolder();
-  });
-
-  beforeEach(async () => {
-    await testApp.reset();
-    await restoreTempFolder();
-    const api = await setup();
-    process.env.IMMICH_API_KEY = api.apiKey;
-  });
-
-  it('should show server version', async () => {
-    await new ServerInfoCommand(CLI_BASE_OPTIONS).run();
-
-    expect(consoleSpy.mock.calls).toEqual([
-      [expect.stringMatching(new RegExp('Server Version: \\d+.\\d+.\\d+'))],
-      [expect.stringMatching('Image Types: .*')],
-      [expect.stringMatching('Video Types: .*')],
-      ['Statistics:\n  Images: 0\n  Videos: 0\n  Total: 0'],
-    ]);
-  });
-});
--- a/cli/test/e2e/setup.ts
+++ b/cli/test/e2e/setup.ts
@@ -1,42 +0,0 @@
-import path from 'path';
-import { PostgreSqlContainer } from '@testcontainers/postgresql';
-import { access } from 'fs/promises';
-
-export default async () => {
-  let IMMICH_TEST_ASSET_PATH: string = '';
-
-  if (process.env.IMMICH_TEST_ASSET_PATH === undefined) {
-    IMMICH_TEST_ASSET_PATH = path.normalize(`${__dirname}/../../../server/test/assets/`);
-    process.env.IMMICH_TEST_ASSET_PATH = IMMICH_TEST_ASSET_PATH;
-  } else {
-    IMMICH_TEST_ASSET_PATH = process.env.IMMICH_TEST_ASSET_PATH;
-  }
-
-  const directoryExists = async (dirPath: string) =>
-    await access(dirPath)
-      .then(() => true)
-      .catch(() => false);
-
-  if (!(await directoryExists(`${IMMICH_TEST_ASSET_PATH}/albums`))) {
-    throw new Error(
-      `Test assets not found. Please checkout https://github.com/immich-app/test-assets into ${IMMICH_TEST_ASSET_PATH} before testing`,
-    );
-  }
-
-  if (process.env.DB_HOSTNAME === undefined) {
-    // DB hostname not set which likely means we're not running e2e through docker compose. Start a local postgres container.
-    const pg = await new PostgreSqlContainer('tensorchord/pgvecto-rs:pg14-v0.1.11')
-      .withExposedPorts(5432)
-      .withDatabase('immich')
-      .withUsername('postgres')
-      .withPassword('postgres')
-      .withReuse()
-      .start();
-
-    process.env.DB_URL = pg.getConnectionUri();
-  }
-
-  process.env.NODE_ENV = 'development';
-  process.env.IMMICH_CONFIG_FILE = path.normalize(`${__dirname}/../../../server/e2e/jobs/immich-e2e-config.json`);
-  process.env.TZ = 'Z';
-};
--- a/cli/test/e2e/upload.e2e-spec.ts
+++ b/cli/test/e2e/upload.e2e-spec.ts
@@ -1,79 +0,0 @@
-import { IMMICH_TEST_ASSET_PATH, restoreTempFolder, testApp } from '@test-utils';
-import { CLI_BASE_OPTIONS, setup, spyOnConsole } from 'test/cli-test-utils';
-import { UploadCommand } from '../../src/commands/upload.command';
-import { ImmichApi } from '../../src/services/api.service';
-
-describe(`upload (e2e)`, () => {
-  let api: ImmichApi;
-
-  spyOnConsole();
-
-  beforeAll(async () => {
-    await testApp.create();
-  });
-
-  afterAll(async () => {
-    await testApp.teardown();
-    await restoreTempFolder();
-  });
-
-  beforeEach(async () => {
-    await testApp.reset();
-    await restoreTempFolder();
-    api = await setup();
-    process.env.IMMICH_API_KEY = api.apiKey;
-  });
-
-  it('should upload a folder recursively', async () => {
-    await new UploadCommand(CLI_BASE_OPTIONS).run([`${IMMICH_TEST_ASSET_PATH}/albums/nature/`], { recursive: true });
-    const { data: assets } = await api.assetApi.getAllAssets({}, { headers: { 'x-api-key': api.apiKey } });
-    expect(assets.length).toBeGreaterThan(4);
-  });
-
-  it('should not create a new album', async () => {
-    await new UploadCommand(CLI_BASE_OPTIONS).run([`${IMMICH_TEST_ASSET_PATH}/albums/nature/`], { recursive: true });
-    const { data: albums } = await api.albumApi.getAllAlbums({}, { headers: { 'x-api-key': api.apiKey } });
-    expect(albums.length).toEqual(0);
-  });
-
-  it('should create album from folder name', async () => {
-    await new UploadCommand(CLI_BASE_OPTIONS).run([`${IMMICH_TEST_ASSET_PATH}/albums/nature/`], {
-      recursive: true,
-      album: true,
-    });
-
-    const { data: albums } = await api.albumApi.getAllAlbums({}, { headers: { 'x-api-key': api.apiKey } });
-    expect(albums.length).toEqual(1);
-    const natureAlbum = albums[0];
-    expect(natureAlbum.albumName).toEqual('nature');
-  });
-
-  it('should add existing assets to album', async () => {
-    await new UploadCommand(CLI_BASE_OPTIONS).run([`${IMMICH_TEST_ASSET_PATH}/albums/nature/`], {
-      recursive: true,
-    });
-
-    // upload again, but this time add to album
-    await new UploadCommand(CLI_BASE_OPTIONS).run([`${IMMICH_TEST_ASSET_PATH}/albums/nature/`], {
-      recursive: true,
-      album: true,
-    });
-
-    const { data: albums } = await api.albumApi.getAllAlbums({}, { headers: { 'x-api-key': api.apiKey } });
-    expect(albums.length).toEqual(1);
-    const natureAlbum = albums[0];
-    expect(natureAlbum.albumName).toEqual('nature');
-  });
-
-  it('should upload to the specified album name', async () => {
-    await new UploadCommand(CLI_BASE_OPTIONS).run([`${IMMICH_TEST_ASSET_PATH}/albums/nature/`], {
-      recursive: true,
-      albumName: 'testAlbum',
-    });
-
-    const { data: albums } = await api.albumApi.getAllAlbums({}, { headers: { 'x-api-key': api.apiKey } });
-    expect(albums.length).toEqual(1);
-    const testAlbum = albums[0];
-    expect(testAlbum.albumName).toEqual('testAlbum');
-  });
-});
--- a/cli/test/e2e/vitest.config.ts
+++ b/cli/test/e2e/vitest.config.ts
@@ -1,22 +0,0 @@
-import { defineConfig } from 'vitest/config';
-
-export default defineConfig({
-  resolve: {
-    alias: {
-      '@test-utils': new URL('../../../server/dist/test-utils/utils.js', import.meta.url).pathname,
-    },
-  },
-  test: {
-    include: ['**/*.e2e-spec.ts'],
-    globals: true,
-    globalSetup: 'test/e2e/setup.ts',
-    pool: 'forks',
-    poolOptions: {
-      forks: {
-        maxForks: 1,
-        minForks: 1,
-      },
-    },
-    testTimeout: 10000,
-  },
-});
--- a/cli/test/global-setup.js
+++ b/cli/test/global-setup.js
@@ -1,3 +0,0 @@
-module.exports = async () => {
-  process.env.TZ = 'UTC';
-};
--- a/cli/testSetup.js
+++ b/cli/testSetup.js
@@ -1,3 +0,0 @@
-// add all jest-extended matchers
-import * as matchers from 'jest-extended';
-expect.extend(matchers);
--- a/cli/tsconfig.build.json
+++ b/cli/tsconfig.build.json
@@ -1,4 +0,0 @@
-{
-  "extends": "./tsconfig.json",
-  "exclude": ["dist", "node_modules", "upload", "test", "**/*spec.ts"]
-}
--- a/cli/tsconfig.json
+++ b/cli/tsconfig.json
@@ -9,7 +9,7 @@
    "experimentalDecorators": true,
    "allowSyntheticDefaultImports": true,
    "resolveJsonModule": true,
-    "target": "es2021",
+    "target": "es2022",
    "sourceMap": true,
    "outDir": "./dist",
    "incremental": true,
@@ -30,5 +30,5 @@
    },
    "types": ["vitest/globals"]
  },
-  "exclude": ["dist", "node_modules", "upload"]
+  "exclude": ["dist", "node_modules"]
 }
--- a/cli/vite.config.ts
+++ b/cli/vite.config.ts
@@ -0,0 +1,17 @@
+import { defineConfig } from 'vite';
+
+export default defineConfig({
+  build: {
+    rollupOptions: {
+      input: 'src/index.ts',
+      output: {
+        dir: 'dist',
+      },
+    },
+    ssr: true,
+  },
+  ssr: {
+    // bundle everything except for Node built-ins
+    noExternal: /^(?!node:).*$/,
+  },
+});
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -57,7 +57,7 @@ services:
    image: immich-web-dev:latest
    build:
      context: ../web
-    command: "/usr/src/app/bin/immich-web"
+    command: [ "/usr/src/app/bin/immich-web" ]
    env_file:
      - .env
    ports:
@@ -99,11 +99,11 @@ services:

  redis:
    container_name: immich_redis
-    image: redis:6.2-alpine@sha256:afb290a0a0d0b2bd7537b62ebff1eb84d045c757c1c31ca2ca48c79536c0de82
+    image: redis:6.2-alpine@sha256:51d6c56749a4243096327e3fb964a48ed92254357108449cb6e23999c37773c5

  database:
    container_name: immich_postgres
-    image: tensorchord/pgvecto-rs:pg14-v0.1.11@sha256:0335a1a22f8c5dd1b697f14f079934f5152eaaa216c09b61e293be285491f8ee
+    image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    env_file:
      - .env
    environment:
--- a/docker/docker-compose.prod.yml
+++ b/docker/docker-compose.prod.yml
@@ -17,7 +17,7 @@ x-server-build: &server-common
 services:
  immich-server:
    container_name: immich_server
-    command: [ "./start-server.sh" ]
+    command: [ "start.sh", "immich" ]
    <<: *server-common
    ports:
      - 2283:3001
@@ -27,7 +27,7 @@ services:

  immich-microservices:
    container_name: immich_microservices
-    command: [ "./start-microservices.sh" ]
+    command: [ "start.sh", "microservices" ]
    <<: *server-common
    # extends:
    #   file: hwaccel.transcoding.yml
@@ -56,12 +56,12 @@ services:

  redis:
    container_name: immich_redis
-    image: redis:6.2-alpine@sha256:afb290a0a0d0b2bd7537b62ebff1eb84d045c757c1c31ca2ca48c79536c0de82
+    image: redis:6.2-alpine@sha256:51d6c56749a4243096327e3fb964a48ed92254357108449cb6e23999c37773c5
    restart: always

  database:
    container_name: immich_postgres
-    image: tensorchord/pgvecto-rs:pg14-v0.1.11@sha256:0335a1a22f8c5dd1b697f14f079934f5152eaaa216c09b61e293be285491f8ee
+    image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    env_file:
      - .env
    environment:
@@ -70,7 +70,8 @@ services:
      POSTGRES_DB: ${DB_DATABASE_NAME}
    volumes:
      - ${UPLOAD_LOCATION}/postgres:/var/lib/postgresql/data
-    restart: always
+    ports:
+      - 5432:5432

 volumes:
  model-cache:
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -31,7 +31,7 @@ services:
    container_name: immich_microservices
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/hardware-transcoding
-    #   file: hwaccel.transcoding.yml 
+    #   file: hwaccel.transcoding.yml
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    command: [ "start.sh", "microservices" ]
    volumes:
@@ -60,14 +60,12 @@ services:

  redis:
    container_name: immich_redis
-    image: redis:6.2-alpine@sha256:afb290a0a0d0b2bd7537b62ebff1eb84d045c757c1c31ca2ca48c79536c0de82
+    image: redis:6.2-alpine@sha256:51d6c56749a4243096327e3fb964a48ed92254357108449cb6e23999c37773c5
    restart: always

  database:
    container_name: immich_postgres
-    image: tensorchord/pgvecto-rs:pg14-v0.1.11@sha256:0335a1a22f8c5dd1b697f14f079934f5152eaaa216c09b61e293be285491f8ee
-    env_file:
-      - .env
+    image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
--- a/docker/hwaccel.ml.yml
+++ b/docker/hwaccel.ml.yml
@@ -16,7 +16,7 @@ services:
      - /lib/firmware/mali_csffw.bin:/lib/firmware/mali_csffw.bin:ro # Mali firmware for your chipset (not always required depending on the driver)
      - /usr/lib/libmali.so:/usr/lib/libmali.so:ro # Mali driver for your chipset (always required)

-  cpu:
+  cpu: {}

  cuda:
    deploy:
--- a/docker/hwaccel.transcoding.yml
+++ b/docker/hwaccel.transcoding.yml
@@ -9,7 +9,7 @@ version: "3.8"
 # See https://immich.app/docs/features/hardware-transcoding for more info on using hardware transcoding.

 services:
-  cpu:
+  cpu: {}

  nvenc:
    deploy:
@@ -38,12 +38,6 @@ services:
      - /dev/dri:/dev/dri
      - /dev/dma_heap:/dev/dma_heap
      - /dev/mpp_service:/dev/mpp_service
-    volumes:
-      - /usr/bin/ffmpeg:/usr/bin/ffmpeg_mpp:ro
-      - /lib/aarch64-linux-gnu:/lib/ffmpeg-mpp:ro
-      - /lib/aarch64-linux-gnu/libblas.so.3:/lib/ffmpeg-mpp/libblas.so.3:ro # symlink is resolved by mounting
-      - /lib/aarch64-linux-gnu/liblapack.so.3:/lib/ffmpeg-mpp/liblapack.so.3:ro # symlink is resolved by mounting
-      - /lib/aarch64-linux-gnu/pulseaudio/libpulsecommon-15.99.so:/lib/ffmpeg-mpp/libpulsecommon-15.99.so:ro

  vaapi:
    devices:
--- a/docs/blog/2023/06-24/update.mdx
+++ b/docs/blog/2023/06-24/update.mdx
@@ -91,7 +91,7 @@ Thank you, and I am asking for your support for the project. I hope to be a full
 - One-time donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502)
 - [Liberapay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - Give a project a star - the contributors love gazing at the stars and seeing their creations shining in the sky.

 Join our friendly [Discord](https://discord.gg/D8JsnBEuKb) to talk and discuss Immich, tech, or anything
--- a/docs/blog/2023/07-29/update.mdx
+++ b/docs/blog/2023/07-29/update.mdx
@@ -139,7 +139,7 @@ Thank you, and I am asking for your support for the project. I hope to be a full
 - One-time donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502)
 - [Liberapay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - Give a project a star - the contributors love gazing at the stars and seeing their creations shining in the sky.

 Join our friendly [Discord](https://discord.gg/D8JsnBEuKb) to talk and discuss Immich, tech, or anything
--- a/docs/docs/FAQ.mdx
+++ b/docs/docs/FAQ.mdx
@@ -16,18 +16,18 @@ You can see the list of all users by running [list-users](/docs/administration/s

 ### What is the difference between the cloud icons on the mobile app?

-| Icon                               | Description                                                                                                                                     |
-| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
-| ![cloud](/img/cloud.svg)           | Asset is only available in the cloud and was uploaded from some other device (like the web client) or was deleted from this device after upload |
-| ![cloud-cross](/img/cloud-off.svg) | Asset is only available locally and has not yet been backed up                                                                                  |
-| ![cloud-done](/img/cloud-done.svg) | Asset was uploaded from this device and is now backed up to the server; the original file is still on the device                                |
+| Icon                               | Description                                                                                                                                      |
+| ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ |
+| ![cloud](/img/cloud.svg)           | Asset is only available on the server and was uploaded from some other device (like the web client) or was deleted from this device after upload |
+| ![cloud-cross](/img/cloud-off.svg) | Asset is only available locally and has not yet been backed up                                                                                   |
+| ![cloud-done](/img/cloud-done.svg) | Asset was uploaded from this device and is now backed up to the server; the original file is still on the device                                 |

 ### I cannot log into the application after an update. What can I do?

 First, verify that the mobile app and server are both running the same version (major and minor).

 :::note
-App store updates sometimes take longer because the stores (play store; Google and app store; Apple)
+App store updates sometimes take longer because the stores (Google play store and Apple app store)
 need to approve the update first which may take some time.
 :::

@@ -54,7 +54,7 @@ This often happens when using a reverse proxy (such as nginx or Cloudflare tunne

 ### Why are some photos stored in the file system with the wrong date?

-There are a few different scenarios that can lead to this situation. The solution is to simply run the storage migration job again. The job is only _automatically_ run once per asset, after upload. If metadata extraction originally failed, the jobs were cleared/cancelled, etc. the job may not have run automatically the first time.
+There are a few different scenarios that can lead to this situation. The solution is to run the storage migration job again. The job is only _automatically_ run once per asset, after upload. If metadata extraction originally failed, the jobs were cleared/cancelled, etc. the job may not have run automatically the first time.

 ### How can I hide photos from the timeline?

@@ -66,11 +66,11 @@ See [Backup and Restore](/docs/administration/backup-and-restore.md).

 ### Does Immich support reading existing face tag metadata?

-No, it currently does not.
+No, it currently does not. There is an [open feature request on GitHub](https://github.com/immich-app/immich/discussions/4348).

 ### Does Immich support filtering of NSFW images?

-No, it currently does not, but there is an [open discussion about it On Github](https://github.com/immich-app/immich/discussions/2451). You can submit a pull request or vote for the discussion.
+No, it currently does not. There is an [open feature request on Github](https://github.com/immich-app/immich/discussions/2451).

 ### Why are there so many thumbnail generation jobs?

@@ -90,9 +90,13 @@ There are no requirements for assets to be unique across users. If multiple user

 Immich uses a player with known HDR color display issues. We are experimenting with a different player that provides better color profiles for HDR content for future improvements.

+### Why does Immich transcode my videos to a lower quality?
+
+Immich always keeps your original files. Alongside that, it generates a transcoded version for compatibility and performance reasons.
+
 ### How can I delete transcoded videos without deleting the original?

-The transcode of an asset can be deleted by setting a transcode policy that makes it unnecessary, then running a transcoding job for that asset. This can be done on a per-asset basis by starting a transcoding job for an asset (with the _Refresh encoded videos_ button in the asset viewer options. Or, for all assets by running transcoding jobs for all assets.
+The transcoded version of an asset can be deleted by setting a transcode policy that makes it unnecessary, then running a transcoding job for that asset. This can be done on a per-asset basis by starting a transcoding job for a single asset with the _Refresh encoded videos_ button in the asset viewer options, or for all assets by running transcoding jobs for all assets from the administration page.

 To update the transcode policy, navigate to Administration > Video Transcoding Settings > Transcoding Policy and select a policy from the drop-down. This policy will determine whether an existing transcode will be deleted or overwritten in the transcoding job. If a video should be transcoded according to this policy, an existing transcode is overwritten. If not, then it is deleted.

@@ -143,19 +147,19 @@ UPDATE assets SET "ownerId" = '<destinationId>' WHERE "ownerId" = '<sourceId>'

 ### Can I keep my existing album structure while importing assets into Immich?

-Yes. You can by use [Immich CLI](/docs/features/command-line-interface) along with the `--album` flag.
+Yes, by using the [Immich CLI](/docs/features/command-line-interface) along with the `--album` flag.

 ### Is there a way to reorder photos within an album?

-No, not yet. For updates on this planned feature, follow the [GitHub discussion](https://github.com/immich-app/immich/discussions/1689),
+No, not yet. For updates on this planned feature, follow the [GitHub discussion](https://github.com/immich-app/immich/discussions/1689).

 ---

 ## External Library

-### Can I add an external library while keeping the existing albums structure?
+### Can I add an external library while keeping the existing album structure?

-We haven't put in an official mechanism to create albums from external libraries at the moment., but there are some [workarounds from the community](https://github.com/immich-app/immich/discussions/4279) which you can find here to help you achieve that.
+We haven't put in an official mechanism to create albums from external libraries at the moment, but there are some [workarounds from the community](https://github.com/immich-app/immich/discussions/4279) to help you achieve that.

 ### What happens to duplicates in external libraries?

@@ -185,7 +189,7 @@ However, disabling all jobs will not disable the machine learning service itself

 ### I'm getting errors about models being corrupt or failing to download. What do I do?

-You can delete the model cache volume, which is where models are downloaded to. This will give the service a clean environment to download the model again.
+You can delete the model cache volume, which is where models are downloaded to. This will give the service a clean environment to download the model again. If models are failing to download entirely, you can manually download them from [Huggingface](https://huggingface.co/immich-app) and place them in the cache folder.

 ### Why did Immich decide to remove object detection?

@@ -194,7 +198,7 @@ For more info see [here](https://github.com/immich-app/immich/pull/5903)

 ### Can I use a custom CLIP model?

-No, this is not supported. Only models listed in the [Huggingface](https://huggingface.co/immich-app) are compatible. Feel free to make a feature request if there's a model not listed here that you think should be added.
+No, this is not supported. Only models listed in the [Huggingface](https://huggingface.co/immich-app) page are compatible. Feel free to make a feature request if there's a model not listed here that you think should be added.

 ### I want to be able to search in other languages besides English. How can I do that?

@@ -206,9 +210,8 @@ Feel free to make a feature request if there's a model you want to use that isn'

 ### Does Immich support Facial Recognition for videos ?

-This is not currently implemented, but may be in the future.
-
-On the other hand, Immich does scan video thumbnails for faces, so it can perform recognition if the face is clear in the video thumbnail.
+Immich's machine learning feature operate on the generated thumbnail. If a face is visible in the video's thumbnail it will be picked up by facial recognition.
+Scanning the entire video for faces may be implemented in the future.

 ### Does Immich have animal recognition?

@@ -216,7 +219,7 @@ No.

 ### I'm getting a lot of "faces" that aren't faces, what can I do?

-You can increase the MIN DETECTION SCORE to 0.8 to help prevent bad thumbnails. However, a score of 0.9 might filter out too many real faces depending on the library used. If you just want to hide specific faces, you can adjust the 'MIN FACES DETECTED' setting in the administration panel  
+You can increase the MIN DETECTION SCORE to 0.8 to help prevent bad thumbnails. Setting the score too high (above 0.9) might filter out too many real faces depending on the library used. If you just want to hide specific faces, you can adjust the 'MIN FACES DETECTED' setting in the administration panel  
 to increase the bar for what the algorithm considers a "core face" for that person, reducing the chance of bad thumbnails being chosen.

 ### The immich_model-cache volume takes up a lot of space, what could be the problem?
@@ -236,7 +239,7 @@ To do this you can run:

 ### Why is Immich slow on low-memory systems like the Raspberry Pi?

-Immich optionally uses machine learning for several features. However, it can be too heavy to run on a Raspberry Pi. You can [mitigate](/docs/FAQ#can-i-lower-cpu-and-ram-usage) this or transfer to host Immich's machine-learning container on a [more powerful system](/docs/guides/remote-machine-learning) ,or [disable](/docs/FAQ#how-can-i-disable-machine-learning) machine learning entirely.
+Immich optionally uses machine learning for several features. However, it can be too heavy to run on a Raspberry Pi. You can [mitigate](/docs/FAQ#can-i-lower-cpu-and-ram-usage) this or host Immich's machine-learning container on a [more powerful system](/docs/guides/remote-machine-learning), or [disable](/docs/FAQ#how-can-i-disable-machine-learning) machine learning entirely.

 ### Can I lower CPU and RAM usage?

@@ -251,9 +254,9 @@ The initial backup is the most intensive due to the number of jobs running. The
 ### Can I limit the amount of CPU and RAM usage?

 By default, a container has no resource constraints and can use as much of a given resource as the host's kernel scheduler allows.
-You can look at the [original docker docs](https://docs.docker.com/config/containers/resource_constraints/) or use this [guide](https://www.baeldung.com/ops/docker-memory-limit) to learn how to do this.
+You can look at the [original docker docs](https://docs.docker.com/config/containers/resource_constraints/) or use this [guide](https://www.baeldung.com/ops/docker-memory-limit) to learn how to limit this.

-### How an I boost machine learning speed?
+### How can I boost machine learning speed?

 :::note
 This advice improves throughput, not latency. This is to say that it will make Smart Search jobs process more quickly, but it won't make searching faster.
@@ -262,17 +265,17 @@ This advice improves throughput, not latency. This is to say that it will make S
 You can increase throughput by increasing the job concurrency for machine learning jobs (Smart Search, Face Detection). With higher concurrency, the host will work on more assets in parallel. You can do this by navigating to Administration > Settings > Job Settings and increasing concurrency as needed.

 :::danger
-On a normal machine, 2 or 3 concurrent jobs can probably max the CPU, so if you're not hitting those maximums with, say, 30 jobs.
-Note that storage speed and latency may quickly become the limiting factor; particularly when using HDDs.
+On a normal machine, 2 or 3 concurrent jobs can probably max the CPU. Beyond this, note that storage speed and latency may quickly become the limiting factor; particularly when using HDDs.

 Do not exaggerate with the amount of jobs because you're probably thoroughly overloading the server.

-more info [here](https://discord.com/channels/979116623879368755/994044917355663450/1174711719994605708)
+More detail can be found [here](https://discord.com/channels/979116623879368755/994044917355663450/1174711719994605708)
 :::

 ### Why is Immich using so much of my CPU?

-When a large amount of assets are uploaded to Immich it makes sense that the CPU and RAM will be heavily used due to machine learning work and creating image thumbnails after that, the percentage of CPU usage will drop to around 3-5% usage
+When a large amount of assets are uploaded to Immich it makes sense that the CPU and RAM will be heavily used due to machine learning work and creating image thumbnails.
+Once this process completes, the percentage of CPU usage will drop to around 3-5% usage

 ---

@@ -280,13 +283,12 @@ When a large amount of assets are uploaded to Immich it makes sense that the CPU

 ### How can I see Immich logs?

-Most Immich components are typically deployed using docker. To see logs for deployed docker containers, you can use the [Docker CLI](https://docs.docker.com/engine/reference/commandline/cli/), specifically the `docker logs` command. For examples, see [Docker Help](/docs/guides/docker-help.md).
+Immich components are typically deployed using docker. To see logs for deployed docker containers, you can use the [Docker CLI](https://docs.docker.com/engine/reference/commandline/cli/), specifically the `docker logs` command. For examples, see [Docker Help](/docs/guides/docker-help.md).

 ### How can I run Immich as a non-root user?

-1. Set the `PUID`/`PGID` environment variables (in `.env`).
-2. Set the corresponding `user` argument in `docker-compose` for each service.
-3. Add an additional volume to `immich-microservices` that mounts internally to `/usr/src/app/.reverse-geocoding-dump`.
+You can change the user in the container by setting the `user` argument in `docker-compose.yml` for each service.
+You may need to add an additional volume to `immich-microservices` that mounts internally to `/usr/src/app/.reverse-geocoding-dump`.

 The non-root user/group needs read/write access to the volume mounts, including `UPLOAD_LOCATION`.

@@ -299,6 +301,10 @@ Data for Immich comes in two forms:

 To remove the **Metadata** you can stop Immich and delete the volume.

+:::warning
+This will destroy your database and reset your instance, meaning that you start from scratch.
+:::
+
 ```bash title="Remove Immich (containers and volumes)"
 docker compose down -v
 ```
@@ -308,7 +314,7 @@ If you use portainer, bring down the stack in portainer. Go into the volumes sec
 and remove all the volumes related to immcih then restart the stack.
 :::

-After removing the containers and volumes, the **Files** can be cleaned up (if necessary) from the `UPLOAD_LOCATION` by simply deleting any unwanted files or folders.
+After removing the containers and volumes, the **Files** should be removed from the `UPLOAD_LOCATION` to provide a clean start.

 ### Why does the machine learning service report workers crashing?

@@ -324,6 +330,6 @@ If it mentions SIGILL (note the lack of a K) or error code 132, it most likely m

 If your version of Immich is below 1.92.0 and the crash occurs after logs about tracing or exporting a model, consider either upgrading or disabling the Tag Objects job.

-### Why do I get the error "duplicate key value violates unique constraint" in the log files?
+### Why does Immich log migration errors on startup?

-Because of Immich's container structure, this error can be seen when both immich and immich-microservices start at the same time and attempt to migrate or create the database structure. Since the database migration is run sequentially and inside of transactions, this error message does not cause harm to your installation of Immich and can safely be ignored. If needed, you can manually restart Immich by running `docker restart immich immich-microservices`.
+Sometimes Immich logs errors such as "duplicate key value violates unique constraint" or "column (...) of relation (...) already exists". Because of Immich's container structure, this error can be seen when both immich and immich-microservices start at the same time and attempt to migrate or create the database structure. Since the database migration is run sequentially and inside of transactions, this error message does not cause harm to your installation of Immich and can safely be ignored. If needed, you can manually restart Immich by running `docker restart immich immich-microservices`.
--- a/docs/docs/administration/oauth.md
+++ b/docs/docs/administration/oauth.md
@@ -66,8 +66,10 @@ Once you have a new OAuth client application configured, Immich can be configure
 | Client ID                                            | string  | (required)           | Required. Client ID (from previous step)                                            |
 | Client Secret                                        | string  | (required)           | Required. Client Secret (previous step)                                             |
 | Scope                                                | string  | openid email profile | Full list of scopes to send with the request (space delimited)                      |
+| Signing Algorithm                                    | string  | RS256                | The algorithm used to sign the id token (examples: RS256, HS256)                    |
 | Button Text                                          | string  | Login with OAuth     | Text for the OAuth button on the web                                                |
 | Auto Register                                        | boolean | true                 | When true, will automatically register a user the first time they sign in           |
+| Storage Claim                                        | string  | preferred_username   | Claim mapping for the user's storage label                                          |
 | [Auto Launch](#auto-launch)                          | boolean | false                | When true, will skip the login page and automatically start the OAuth login process |
 | [Mobile Redirect URI Override](#mobile-redirect-uri) | URL     | (empty)              | Http(s) alternative mobile redirect URI                                             |

--- a/docs/docs/administration/reverse-proxy.md
+++ b/docs/docs/administration/reverse-proxy.md
@@ -10,7 +10,6 @@ Below is an example config for nginx. Make sure to include `client_max_body_size
 server {
    server_name <snip>

-    # https://github.com/immich-app/immich/blob/main/nginx/templates/default.conf.template#L28
    client_max_body_size 50000M;

    location / {
@@ -45,22 +44,13 @@ Below is an example config for Apache2 site configuration.

 ```
 <VirtualHost *:80>
-    ServerName <snip>
+   ServerName <snip>
+   ProxyRequests Off
+   ProxyPass / http://127.0.0.1:2283/ timeout=600 upgrade=websocket
+   ProxyPassReverse / http://127.0.0.1:2283/
+   ProxyPreserveHost On

-    ProxyRequests off
-    ProxyVia on
-
-    RewriteEngine On
-    RewriteCond %{REQUEST_URI}  ^/api/socket.io            [NC]
-    RewriteCond %{QUERY_STRING} transport=websocket    [NC]
-    RewriteRule /(.*)           ws://localhost:2283/$1 [P,L]
-
-    ProxyPass        /api/socket.io ws://localhost:2283/api/socket.io
-    ProxyPassReverse /api/socket.io ws://localhost:2283/api/socket.io
-
-    <Location />
-        ProxyPass http://localhost:2283/
-        ProxyPassReverse http://localhost:2283/
-    </Location>
 </VirtualHost>
 ```
+
+**timeout:** is measured in seconds, and it is particularly useful when long operations are triggered (i.e. Repair), so the server doesn't return an error.
--- a/docs/docs/developer/pr-checklist.md
+++ b/docs/docs/developer/pr-checklist.md
@@ -7,7 +7,7 @@ When contributing code through a pull request, please check the following:
 - [ ] `npm run lint` (linting via ESLint)
 - [ ] `npm run format` (formatting via Prettier)
 - [ ] `npm run check:svelte` (Type checking via SvelteKit)
- [ ] `npm test` (Tests via Jest)
+- [ ] `npm test` (unit tests)

 :::tip
 Run all web checks with `npm run check:all`
@@ -18,7 +18,7 @@ Run all web checks with `npm run check:all`
 - [ ] `npm run lint` (linting via ESLint)
 - [ ] `npm run format` (formatting via Prettier)
 - [ ] `npm run check` (Type checking via `tsc`)
- [ ] `npm test` (Tests via Jest)
+- [ ] `npm test` (unit tests)

 :::tip
 Run all server checks with `npm run check:all`
--- a/docs/docs/developer/setup.md
+++ b/docs/docs/developer/setup.md
@@ -58,12 +58,13 @@ Please refer to the [Flutter's official documentation](https://flutter.dev/docs/

 If you only want to do web development connected to an existing, remote backend, follow these steps:

-1. Enter the web directory - `cd web/`
-2. Install web dependencies - `npm i`
-3. Start the web development server
+1. Build the Immich SDK - `cd open-api/typescript-sdk && npm i && npm run build && cd -`
+2. Enter the web directory - `cd web/`
+3. Install web dependencies - `npm i`
+4. Start the web development server

-```
-IMMICH_SERVER_URL=https://demo.immich.app/api npm run dev
+```bash
+IMMICH_SERVER_URL=https://demo.immich.app/ npm run dev
 ```

 ## IDE setup
--- a/docs/docs/features/command-line-interface.md
+++ b/docs/docs/features/command-line-interface.md
@@ -15,10 +15,12 @@ If you are looking to import your Google Photos takeout, we recommend this commu

 ## Requirements

- Node.js 20.0 or above
+- Node.js 20 or above
 - Npm

-## Installation
+If you can't install node/npm, there is also a Docker version available below.
+
+## Installation (NPM)

 ```bash
 npm i -g @immich/cli
@@ -30,6 +32,16 @@ NOTE: if you previously installed the legacy CLI, you will need to uninstall it
 npm uninstall -g immich
 ```

+## Installation (Docker)
+
+If npm is not available on your system you can try the Docker version
+
+```bash
+docker run -it -v "$(pwd)":/import:ro -e IMMICH_INSTANCE_URL=https://your-immich-instance/api -e IMMICH_API_KEY=your-api-key ghcr.io/immich-app/immich-cli:latest
+```
+
+Please modify the `IMMICH_INSTANCE_URL` and `IMMICH_API_KEY` environment variables as suitable. You can also use a Docker env file to store your sensitive API key.
+
 ## Usage

 ```
@@ -39,10 +51,11 @@ immich
 ```
 Usage: immich [options] [command]

-Immich command line interface
+Command line interface for Immich

 Options:
  -V, --version                     output the version number
+  -d, --config                      Configuration directory (env: IMMICH_CONFIG_DIR)
  -h, --help                        display help for command

 Commands:
@@ -69,7 +82,9 @@ Options:
  -r, --recursive          Recursive (default: false, env: IMMICH_RECURSIVE)
  -i, --ignore [paths...]  Paths to ignore (env: IMMICH_IGNORE_PATHS)
  -h, --skip-hash          Don't hash files before upload (default: false, env: IMMICH_SKIP_HASH)
+  -H, --include-hidden     Include hidden folders (default: false, env: IMMICH_INCLUDE_HIDDEN)
  -a, --album              Automatically create albums based on folder name (default: false, env: IMMICH_AUTO_CREATE_ALBUM)
+  -A, --album-name <name>  Add all assets to specified album (env: IMMICH_ALBUM_NAME)
  -n, --dry-run            Don't perform any actions, just show what will be done (default: false, env: IMMICH_DRY_RUN)
  --delete                 Delete local assets after upload (env: IMMICH_DELETE_ASSETS)
  --help                   display help for command
@@ -91,7 +106,7 @@ For instance,
 immich login-key http://192.168.1.216:2283/api HFEJ38DNSDUEG
 ```

-This will store your credentials in a file in your home directory. Please keep the file secure, either by performing the logout command after you are done, or deleting it manually.
+This will store your credentials in a `auth.yml` file in the configuration directory which defaults to `~/.config/`. The directory can be set with the `-d` option or the environment variable `IMMICH_CONFIG_DIR`. Please keep the file secure, either by performing the logout command after you are done, or deleting it manually.

 Once you are authenticated, you can upload assets to your Immich server.

@@ -123,6 +138,12 @@ You can automatically create albums based on the folder name by passing the `--a
 immich upload --album --recursive directory/
 ```

+You can also choose to upload all assets to a specific album with the `--album-name` option.
+
+```bash
+immich upload --album-name "My summer holiday" --recursive directory/
+```
+
 It is possible to skip assets matching a glob pattern by passing the `--ignore` option. See [the library documentation](docs/features/libraries.md) on how to use glob patterns. You can add several exclusion patterns if needed.

 ```bash
@@ -133,6 +154,12 @@ immich upload --ignore **/Raw/** --recursive directory/
 immich upload --ignore **/Raw/** **/*.tif --recursive directory/
 ```

+By default, hidden files are skipped. If you want to include hidden files, use the `--include-hidden` option:
+
+```bash
+immich upload --include-hidden --recursive directory/
+```
+
 ### Obtain the API Key

 The API key can be obtained in the user setting panel on the web interface.
--- a/docs/docs/features/hardware-transcoding.md
+++ b/docs/docs/features/hardware-transcoding.md
@@ -1,17 +1,19 @@
 # Hardware Transcoding [Experimental]

-This feature allows you to use a GPU or Intel Quick Sync to accelerate transcoding and reduce CPU load.
+This feature allows you to use a GPU to accelerate transcoding and reduce CPU load.
 Note that hardware transcoding is much less efficient for file sizes.
 As this is a new feature, it is still experimental and may not work on all systems.

+:::info
+You do not need to redo any transcoding jobs after enabling hardware acceleration. The acceleration device will be used for any jobs that run after enabling it.
+:::
+
 ## Supported APIs

- NVENC
-  - NVIDIA GPUs
- Quick Sync
-  - Intel CPUs
- VAAPI
-  - GPUs
+- NVENC (NVIDIA)
+- Quick Sync (Intel)
+- RKMPP (Rockchip)
+- VAAPI (AMD / NVIDIA / Intel)

 ## Limitations

@@ -20,8 +22,7 @@ As this is a new feature, it is still experimental and may not work on all syste
 - WSL2 does not support Quick Sync.
 - Raspberry Pi is currently not supported.
 - Two-pass mode is only supported for NVENC. Other APIs will ignore this setting.
- Only encoding is currently hardware accelerated, so the CPU is still used for software decoding.
-  - This is mainly because the original video may not be hardware-decodable.
+- Only encoding is currently hardware accelerated, so the CPU is still used for software decoding and tone-mapping.
 - Hardware dependent
  - Codec support varies, but H.264 and HEVC are usually supported.
    - Notably, NVIDIA and AMD GPUs do not support VP9 encoding.
@@ -43,34 +44,65 @@ As this is a new feature, it is still experimental and may not work on all syste

 ## Setup

-#### Initial Setup
+#### Basic Setup

-1. If you do not already have it, download the latest [`hwaccel.yml`][hw-file] file and ensure it's in the same folder as the `docker-compose.yml`.
-2. Uncomment the lines that apply to your system and desired usage.
-3. In the `docker-compose.yml` under `immich-microservices`, uncomment the lines relating to the `hwaccel.yml` file.
-4. Redeploy the `immich-microservices` container with these updated settings.
-5. In the Admin page under `FFmpeg settings`, change the hardware acceleration setting to the appropriate option and save.
+1. If you do not already have it, download the latest [`hwaccel.transcoding.yml`][hw-file] file and ensure it's in the same folder as the `docker-compose.yml`.
+2. In the `docker-compose.yml` under `immich-microservices`, uncomment the `extends` section and change `cpu` to the appropriate backend.
+
+- For VAAPI on WSL2, be sure to use `vaapi-wsl` rather than `vaapi`
+
+3. Redeploy the `immich-microservices` container with these updated settings.
+4. In the Admin page under `Video transcoding settings`, change the hardware acceleration setting to the appropriate option and save.
+
+#### Single Compose File
+
+Some platforms, including Unraid and Portainer, do not support multiple Compose files as of writing. As an alternative, you can "inline" the relevant contents of the [`hwaccel.transcoding.yml`][hw-file] file into the `immich-microservices` service directly.
+
+For example, the `qsv` section in this file is:
+
+```yaml
+devices:
+  - /dev/dri:/dev/dri
+```
+
+You can add this to the `immich-microservices` service instead of extending from `hwaccel.transcoding.yml`:
+
+```yaml
+immich-microservices:
+  container_name: immich_microservices
+  image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
+  # Note the lack of an `extends` section
+  devices:
+    - /dev/dri:/dev/dri
+  command: ['start.sh', 'microservices']
+  volumes:
+    - ${UPLOAD_LOCATION}:/usr/src/app/upload
+    - /etc/localtime:/etc/localtime:ro
+  env_file:
+    - .env
+  depends_on:
+    - redis
+    - database
+  restart: always
+```
+
+Once this is done, you can continue to step 3 of "Basic Setup".

 #### All-In-One - Unraid Setup

 ##### NVENC - NVIDIA GPUs

- If you are using other backends. You will still need to implement [`hwaccel.yml`][hw-file] file into the `immich-microservices` service directly, please see the "Initial Setup" section above on how to do that.
- As of v1.92.0, steps 1 and 2 are no longer necessary. If your version of Immich is below that or missing the environment variables, please follow these steps. Otherwise, skip to step 3.
- Please note that`NVIDIA_DRIVER_CAPABILITIES` is no longer required to enter as a variable.
-
-1. Assuming you already have the Nvidia Driver Plugin installed on your Unraid Server. Please confirm that your Nvida GPU is showing up with its GPU ID in the Nvidia Driver Plugin. The ID will be `GPU-LONG_STRING_OF_CHARACTERS`. Copy the GPU ID.
-2. In the Imagegenius/Immich Docker Container app, add two new variables: Key=`NVIDIA_VISIBLE_DEVICES` Value=`GPU-LONG_STRING_OF_CHARACTERS` and Key=`NVIDIA_DRIVER_CAPABILITIES` Value=`all`
-3. While you are in the docker container app, change the Container from Basic Mode to Advanced Mode and add the following parameter to the Extra Parameters field: `--runtime=nvidia`
-4. Restart the Imagegenius/Immich Docker Container app.
-5. In the Admin page under FFmpeg settings, change the hardware acceleration setting to the appropriate option and save.
+1. In the container app, add this environmental variable: Key=`NVIDIA_VISIBLE_DEVICES` Value=`all`
+2. While still in the container app, change the container from Basic Mode to Advanced Mode and add the following parameter to the Extra Parameters field: `--runtime=nvidia`
+3. Restart the container app.
+4. Continue to step 4 of "Basic Setup".

 ## Tips

 - You may want to choose a slower preset than for software transcoding to maintain quality and efficiency
- While you can use VAAPI with Nvidia GPUs and Intel CPUs, prefer the more specific APIs since they're more optimized for their respective devices
+- While you can use VAAPI with NVIDIA and Intel devices, prefer the more specific APIs since they're more optimized for their respective devices

-[hw-file]: https://github.com/immich-app/immich/releases/latest/download/hwaccel.yml
+[hw-file]: https://github.com/immich-app/immich/releases/latest/download/hwaccel.transcoding.yml
 [nvcr]: https://github.com/NVIDIA/nvidia-container-runtime/
 [jellyfin-lp]: https://jellyfin.org/docs/general/administration/hardware-acceleration/intel/#configure-and-verify-lp-mode-on-linux
 [jellyfin-kernel-bug]: https://jellyfin.org/docs/general/administration/hardware-acceleration/intel/#known-issues-and-limitations
--- a/docs/docs/features/libraries.md
+++ b/docs/docs/features/libraries.md
@@ -42,23 +42,24 @@ Finally, files can be deleted from Immich via the `Remove Offline Files` job. Th

 ### Import Paths

-External libraries use import paths to determine which files to scan. Each library can have multiple import paths so that files from different locations can be added to the same library. Import paths are scanned recursively, and if a file is in multiple import paths, it will only be added once. If the import paths are edited in a way that an external file is no longer in any import path, it will be removed from the library in the same way a deleted file would. If the file is moved back to an import path, it will be added again as if it was a new file.
+External libraries use import paths to determine which files to scan. Each library can have multiple import paths so that files from different locations can be added to the same library. Import paths are scanned recursively, and if a file is in multiple import paths, it will only be added once. Each import file must be a readable directory that exists on the filesystem; the import path dialog will alert you of any paths that are not accessible.
+
+If the import paths are edited in a way that an external file is no longer in any import path, it will be removed from the library in the same way a deleted file would. If the file is moved back to an import path, it will be added again as if it was a new file.

 ### Troubleshooting

-Sometimes, an external library will not scan correctly. This can happen if the immich_server or immich_microservices can't access the files. Here are some things to check:
+Sometimes, an external library will not scan correctly. This can happen if immich_server or immich_microservices can't access the files. Here are some things to check:

- Is the external path set correctly?
+- Is the external path set correctly? Each import path must be contained in the external path.
+- Make sure the external path does not contain spaces
 - In the docker-compose file, are the volumes mounted correctly?
 - Are the volumes identical between the `server` and `microservices` container?
 - Are the import paths set correctly, and do they match the path set in docker-compose file?
- Are you using symbolic link in your import library?
+- Make sure you don't use symlinks in your import libraries, and that you aren't linking across docker mounts.
 - Are the permissions set correctly?
- Are you using forward slashes everywhere? (`/`)
- Are you using symlink across docker mounts?
- Are you using [spaces in the internal path](/docs/features/libraries#:~:text=can%20be%20accessed.-,NOTE,-Spaces%20in%20the)?
+- Make sure you are using forward slashes (`/`) and not backward slashes.

-If all else fails, you can always start a shell inside the container and check if the path is accessible. For example, `docker exec -it immich_microservices /bin/bash` will start a bash shell. If your import path, for instance, is `/data/import/photos`, you can check if the files are accessible by running `ls /data/import/photos`. Also check the `immich_server` container in the same way.
+To validate that Immich can reach your external library, start a shell inside the container. Run `docker exec -it immich_microservices /bin/bash` to a bash shell. If your import path is `/data/import/photos`, check it with `ls /data/import/photos`. Do the same check for the `immich_server` container. If you cannot access this directory in both the `microservices` and `server` containers, Immich won't be able to import files.

 ### Security Considerations

--- a/docs/docs/features/ml-hardware-acceleration.md
+++ b/docs/docs/features/ml-hardware-acceleration.md
@@ -0,0 +1,104 @@
+# Hardware-Accelerated Machine Learning [Experimental]
+
+This feature allows you to use a GPU to accelerate machine learning tasks, such as Smart Search and Facial Recognition, while reducing CPU load.
+As this is a new feature, it is still experimental and may not work on all systems.
+
+:::info
+You do not need to redo any machine learning jobs after enabling hardware acceleration. The acceleration device will be used for any jobs that run after enabling it.
+:::
+
+## Supported Backends
+
+- ARM NN (Mali)
+- CUDA (NVIDIA)
+- OpenVINO (Intel)
+
+## Limitations
+
+- The instructions and configurations here are specific to Docker Compose. Other container engines may require different configuration.
+- Only Linux and Windows (through WSL2) servers are supported.
+- ARM NN is only supported on devices with Mali GPUs. Other Arm devices are not supported.
+- There is currently an upstream issue with OpenVINO, so whether it will work is device-dependent.
+- Some models may not be compatible with certain backends. CUDA is the most reliable.
+
+## Prerequisites
+
+#### ARM NN
+
+- Make sure you have the appropriate linux kernel driver installed
+  - This is usually pre-installed on the device vendor's Linux images
+- `/dev/mali0` must be available in the host server
+  - You may confirm this by running `ls /dev` to check that it exists
+- You must have the closed-source `libmali.so` firmware (possibly with an additional firmware file)
+  - Where and how you can get this file depends on device and vendor, but typically, the device vendor also supplies these
+  - The `hwaccel.ml.yml` file assumes the path to it is `/usr/lib/libmali.so`, so update accordingly if it is elsewhere
+  - The `hwaccel.ml.yml` file assumes an additional file `/lib/firmware/mali_csffw.bin`, so update accordingly if your device's driver does not require this file
+
+#### CUDA
+
+- You must have the official NVIDIA driver installed on the server.
+- On Linux (except for WSL2), you also need to have [NVIDIA Container Runtime][nvcr] installed.
+
+## Setup
+
+1. If you do not already have it, download the latest [`hwaccel.ml.yml`][hw-file] file and ensure it's in the same folder as the `docker-compose.yml`.
+2. In the `docker-compose.yml` under `immich-machine-learning`, uncomment the `extends` section and change `cpu` to the appropriate backend.
+3. Redeploy the `immich-machine-learning` container with these updated settings.
+
+#### Single Compose File
+
+Some platforms, including Unraid and Portainer, do not support multiple Compose files as of writing. As an alternative, you can "inline" the relevant contents of the [`hwaccel.ml.yml`][hw-file] file into the `immich-machine-learning` service directly.
+
+For example, the `cuda` section in this file is:
+
+```yaml
+deploy:
+  resources:
+    reservations:
+      devices:
+        - driver: nvidia
+          count: 1
+          capabilities:
+            - gpu
+            - compute
+            - video
+```
+
+You can add this to the `immich-machine-learning` service instead of extending from `hwaccel.ml.yml`:
+
+```yaml
+immich-machine-learning:
+  container_name: immich_machine_learning
+  image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}-cuda
+  # Note the lack of an `extends` section
+  deploy:
+    resources:
+      reservations:
+        devices:
+          - driver: nvidia
+            count: 1
+            capabilities:
+              - gpu
+              - compute
+              - video
+  volumes:
+    - model-cache:/cache
+  env_file:
+    - .env
+  restart: always
+```
+
+Once this is done, you can redeploy the `immich-machine-learning` container.
+
+:::info
+You can confirm the device is being recognized and used by checking its utilization (via `nvtop` for CUDA, `intel_gpu_top` for OpenVINO, etc.). You can also enable debug logging by setting `LOG_LEVEL=debug` in the `.env` file and restarting the `immich-machine-learning` container. When a Smart Search or Face Detection job begins, you should see a log for `Available ORT providers` containing the relevant provider. In the case of ARM NN, the absence of a `Could not load ANN shared libraries` log entry means it loaded successfully.
+:::
+
+[hw-file]: https://github.com/immich-app/immich/releases/latest/download/hwaccel.ml.yml
+[nvcr]: https://github.com/NVIDIA/nvidia-container-runtime/
+
+## Tips
+
+- If you encounter an error when a model is running, try a different model to see if the issue is model-specific.
+- You may want to increase concurrency past the default for higher utilization. However, keep in mind that this will also increase VRAM consumption.
+- Larger models benefit more from hardware acceleration, if you have the VRAM for them.
--- a/docs/docs/install/docker-compose.mdx
+++ b/docs/docs/install/docker-compose.mdx
@@ -28,8 +28,12 @@ wget https://github.com/immich-app/immich/releases/latest/download/docker-compos
 wget -O .env https://github.com/immich-app/immich/releases/latest/download/example.env
 ```

-```bash title="(Optional) Get hwaccel.yml file"
-wget https://github.com/immich-app/immich/releases/latest/download/hwaccel.yml
+```bash title="(Optional) Get hwaccel.transcoding.yml file"
+wget https://github.com/immich-app/immich/releases/latest/download/hwaccel.transcoding.yml
+```
+
+```bash title="(Optional) Get hwaccel.ml.yml file"
+wget https://github.com/immich-app/immich/releases/latest/download/hwaccel.ml.yml
 ```

 or by downloading from your browser and moving the files to the directory that you created.
@@ -37,7 +41,7 @@ or by downloading from your browser and moving the files to the directory that y
 Note: If you downloaded the files from your browser, also ensure that you rename `example.env` to `.env`.

 :::info
-Optionally, you can use the [`hwaccel.yml`][hw-file] file to enable hardware acceleration for transcoding. See the [Hardware Transcoding](/docs/features/hardware-transcoding.md) guide for info on how to set this up.
+Optionally, you can enable hardware acceleration for machine learning and transcoding. See the [Hardware Transcoding](/docs/features/hardware-transcoding.md) and [Hardware-Accelerated Machine Learning](/docs/features/ml-hardware-acceleration.md) guides for info on how to set these up.
 :::

 ### Step 2 - Populate the .env file with custom values
@@ -98,5 +102,4 @@ Immich is currently under heavy development, which means you can expect breaking

 [compose-file]: https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
 [env-file]: https://github.com/immich-app/immich/releases/latest/download/example.env
-[hw-file]: https://github.com/immich-app/immich/releases/latest/download/hwaccel.yml
 [watchtower]: https://containrrr.dev/watchtower/
--- a/docs/docs/install/environment-variables.md
+++ b/docs/docs/install/environment-variables.md
@@ -60,14 +60,17 @@ These environment variables are used by the `docker-compose.yml` file and do **N

 ## Database

-| Variable      | Description       |   Default   | Services              |
-| :------------ | :---------------- | :---------: | :-------------------- |
-| `DB_URL`      | Database URL      |             | server, microservices |
-| `DB_HOSTNAME` | Database Host     | `localhost` | server, microservices |
-| `DB_PORT`     | Database Port     |   `5432`    | server, microservices |
-| `DB_USERNAME` | Database User     | `postgres`  | server, microservices |
-| `DB_PASSWORD` | Database Password | `postgres`  | server, microservices |
-| `DB_DATABASE` | Database Name     |  `immich`   | server, microservices |
+| Variable                            | Description                                                   |   Default    | Services              |
+| :---------------------------------- | :------------------------------------------------------------ | :----------: | :-------------------- |
+| `DB_URL`                            | Database URL                                                  |              | server, microservices |
+| `DB_HOSTNAME`                       | Database Host                                                 | `localhost`  | server, microservices |
+| `DB_PORT`                           | Database Port                                                 |    `5432`    | server, microservices |
+| `DB_USERNAME`                       | Database User                                                 |  `postgres`  | server, microservices |
+| `DB_PASSWORD`                       | Database Password                                             |  `postgres`  | server, microservices |
+| `DB_DATABASE`                       | Database Name                                                 |   `immich`   | server, microservices |
+| `DB_VECTOR_EXTENSION`<sup>\*1</sup> | Database Vector Extension (one of [`pgvector`, `pgvecto.rs`]) | `pgvecto.rs` | server, microservices |
+
+\*1: This setting cannot be changed after the server has successfully started up

 :::info

--- a/docs/docs/overview/support-the-project.md
+++ b/docs/docs/overview/support-the-project.md
@@ -16,7 +16,7 @@ If you feel like this is the right cause and the app is something you see yourse
 - One-time donation via [GitHub Sponsors](https://github.com/sponsors/immich-app?frequency=one-time)
 - [Librepay](https://liberapay.com/alex.tran1502/)
 - [buymeacoffee](https://www.buymeacoffee.com/altran1502)
- Bitcoin: 1FvEp6P6NM8EZEkpGUFAN2LqJ1gxusNxZX
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7

 ## Contributing

--- a/docs/docs/partials/_storage-template.md
+++ b/docs/docs/partials/_storage-template.md
@@ -17,7 +17,7 @@ Year/Year-Month-Day/Filename.Extension
 <img src={require('./img/storage-template.png').default} width="100%" title="Storage Template Setting" />

 :::tip
-By default, special characters will be converted to an HTML entity (for example, `&` -> `&amp;`). To prevent this, wrap the variable in an extra set of braces (for example, `{{{album}}}`). You can learn more about this [here](https://handlebarsjs.com/guide/expressions.html#html-escaping) and [here](https://github.com/immich-app/immich/issues/4917).
+If an asset is in multiple albums, `{{album}}` will be set to the name of the album which was most recently created. By default, special characters will be converted to an HTML entity (for example, `&` -> `&amp;`). To prevent this, wrap the variable in an extra set of braces (for example, `{{{album}}}`). You can learn more about this [here](https://handlebarsjs.com/guide/expressions.html#html-escaping) and [here](https://github.com/immich-app/immich/issues/4917).
 :::

 Immich also provides a mechanism to migrate between templates so that if the template you set now doesn't work in the future, you can always migrate all the existing files to the new template. The mechanism is run as a job on the Job page.
--- a/docs/docusaurus.config.js
+++ b/docs/docusaurus.config.js
@@ -161,7 +161,7 @@ const config = {
            ],
          },
        ],
-        copyright: `Immich is available as open source under the terms of the MIT License.`,
+        copyright: `Immich is available as open source under the terms of the GNU AGPL v3 License.`,
      },
      prism: {
        theme: prism.themes.github,
--- a/docs/package-lock.json
+++ b/docs/package-lock.json
@@ -2964,9 +2964,9 @@
      }
    },
    "node_modules/@mdx-js/react": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/@mdx-js/react/-/react-3.0.0.tgz",
-      "integrity": "sha512-nDctevR9KyYFyV+m+/+S4cpzCWHqj+iHDHq3QrsWezcC+B17uZdIWgCguESUkwFhM3n/56KxWVE3V6EokrmONQ==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/@mdx-js/react/-/react-3.0.1.tgz",
+      "integrity": "sha512-9ZrPIU4MGf6et1m1ov3zKf+q9+deetI51zprKB1D/z3NOb+rUxxtEl3mCjW5wTGh6VhRdwPueh1oRzi6ezkA8A==",
      "dependencies": {
        "@types/mdx": "^2.0.0"
      },
@@ -12691,9 +12691,9 @@
      }
    },
    "node_modules/postcss": {
-      "version": "8.4.33",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.33.tgz",
-      "integrity": "sha512-Kkpbhhdjw2qQs2O2DGX+8m5OVqEcbB9HRBvuYM9pgrjEFUg30A9LmXNlTAUj4S9kgtGyrMbTzVjH7E+s5Re2yg==",
+      "version": "8.4.35",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.35.tgz",
+      "integrity": "sha512-u5U8qYpBCpN13BsiEB0CbR1Hhh4Gc0zLFuedrHJKMctHCHAGrMdG0PRM/KErzAL3CU6/eckEtmHNB3x6e3c0vA==",
      "funding": [
        {
          "type": "opencollective",
@@ -13488,9 +13488,9 @@
      }
    },
    "node_modules/prettier": {
-      "version": "3.2.4",
-      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.2.4.tgz",
-      "integrity": "sha512-FWu1oLHKCrtpO1ypU6J0SbK2d9Ckwysq6bHj/uaCP26DxrPpppCLQRGVuqAxSTvhF00AcvDRyYrLNW7ocBhFFQ==",
+      "version": "3.2.5",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.2.5.tgz",
+      "integrity": "sha512-3/GWa9aOC0YeD7LUfvOG2NiDyhOWRvt1k+rcKhOuYnMY24iiCphgneUfJDyFXd6rZCAnuLBv6UeAULtrhT/F4A==",
      "dev": true,
      "bin": {
        "prettier": "bin/prettier.cjs"
--- a/docs/src/pages/index.tsx
+++ b/docs/src/pages/index.tsx
@@ -71,7 +71,7 @@ export default function Home(): JSX.Element {
    >
      <HomepageHeader />
      <div className="flex flex-col place-items-center place-content-center">
-        <p>This project is available under MIT license.</p>
+        <p>This project is available under GNU AGPL v3 license.</p>
        <p className="text-xs">Privacy should not be a luxury</p>
      </div>
    </Layout>
--- a/docs/tsconfig.json
+++ b/docs/tsconfig.json
@@ -4,6 +4,6 @@

  "compilerOptions": {
    "baseUrl": ".",
-    "module": "Node16",
-  },
+    "module": "Node16"
+  }
 }
--- a/e2e/.gitignore
+++ b/e2e/.gitignore
@@ -0,0 +1,5 @@
+node_modules/
+/test-results/
+/playwright-report/
+/blob-report/
+/playwright/.cache/
--- a/e2e/docker-compose.yml
+++ b/e2e/docker-compose.yml
@@ -0,0 +1,51 @@
+version: "3.8"
+
+name: immich-e2e
+
+x-server-build: &server-common
+  image: immich-server:latest
+  build:
+    context: ../
+    dockerfile: server/Dockerfile
+  environment:
+    - DB_HOSTNAME=database
+    - DB_USERNAME=postgres
+    - DB_PASSWORD=postgres
+    - DB_DATABASE_NAME=immich
+    - REDIS_HOSTNAME=redis
+    - IMMICH_MACHINE_LEARNING_ENABLED=false
+  volumes:
+    - upload:/usr/src/app/upload
+  depends_on:
+    - redis
+    - database
+
+services:
+  immich-server:
+    container_name: immich-e2e-server
+    command: [ "./start.sh", "immich" ]
+    <<: *server-common
+    ports:
+      - 2283:3001
+
+  immich-microservices:
+    container_name: immich-e2e-microservices
+    command: [ "./start.sh", "microservices" ]
+    <<: *server-common
+
+  redis:
+    image: redis:6.2-alpine@sha256:51d6c56749a4243096327e3fb964a48ed92254357108449cb6e23999c37773c5
+
+  database:
+    image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
+    command: -c fsync=off -c shared_preload_libraries=vectors.so
+    environment:
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_USER: postgres
+      POSTGRES_DB: immich
+    ports:
+      - 5433:5432
+
+volumes:
+  model-cache:
+  upload:
--- a/e2e/package-lock.json
+++ b/e2e/package-lock.json
--- a/e2e/package.json
+++ b/e2e/package.json
@@ -0,0 +1,31 @@
+{
+  "name": "immich-e2e",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "type": "module",
+  "scripts": {
+    "test": "vitest --config vitest.config.ts",
+    "test:web": "npx playwright test",
+    "start:web": "npx playwright test --ui"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "GNU Affero General Public License version 3",
+  "devDependencies": {
+    "@immich/cli": "file:../cli",
+    "@immich/sdk": "file:../open-api/typescript-sdk",
+    "@playwright/test": "^1.41.2",
+    "@types/luxon": "^3.4.2",
+    "@types/node": "^20.11.17",
+    "@types/pg": "^8.11.0",
+    "@types/supertest": "^6.0.2",
+    "@vitest/coverage-v8": "^1.3.0",
+    "luxon": "^3.4.4",
+    "pg": "^8.11.3",
+    "socket.io-client": "^4.7.4",
+    "supertest": "^6.3.4",
+    "typescript": "^5.3.3",
+    "vitest": "^1.3.0"
+  }
+}
--- a/e2e/playwright.config.ts
+++ b/e2e/playwright.config.ts
@@ -0,0 +1,60 @@
+import { defineConfig, devices } from '@playwright/test';
+
+export default defineConfig({
+  testDir: './src/web/specs',
+  fullyParallel: false,
+  forbidOnly: !!process.env.CI,
+  retries: process.env.CI ? 2 : 0,
+  workers: 1,
+  reporter: 'html',
+  use: {
+    baseURL: 'http://127.0.0.1:2283',
+    trace: 'on-first-retry',
+  },
+
+  testMatch: /.*\.e2e-spec\.ts/,
+
+  projects: [
+    {
+      name: 'chromium',
+      use: { ...devices['Desktop Chrome'] },
+    },
+
+    // {
+    //   name: 'firefox',
+    //   use: { ...devices['Desktop Firefox'] },
+    // },
+
+    // {
+    //   name: 'webkit',
+    //   use: { ...devices['Desktop Safari'] },
+    // },
+
+    /* Test against mobile viewports. */
+    // {
+    //   name: 'Mobile Chrome',
+    //   use: { ...devices['Pixel 5'] },
+    // },
+    // {
+    //   name: 'Mobile Safari',
+    //   use: { ...devices['iPhone 12'] },
+    // },
+
+    /* Test against branded browsers. */
+    // {
+    //   name: 'Microsoft Edge',
+    //   use: { ...devices['Desktop Edge'], channel: 'msedge' },
+    // },
+    // {
+    //   name: 'Google Chrome',
+    //   use: { ...devices['Desktop Chrome'], channel: 'chrome' },
+    // },
+  ],
+
+  /* Run your local dev server before starting the tests */
+  webServer: {
+    command: 'docker compose up --build -V --remove-orphans',
+    url: 'http://127.0.0.1:2283',
+    reuseExistingServer: true,
+  },
+});
--- a/server/e2e/api/specs/activity.e2e-spec.ts
+++ b/server/e2e/api/specs/activity.e2e-spec.ts
@@ -1,79 +1,94 @@
-import { AlbumResponseDto, LoginResponseDto, ReactionType } from '@app/domain';
-import { ActivityController } from '@app/immich';
-import { AssetFileUploadResponseDto } from '@app/immich/api-v1/asset/response-dto/asset-file-upload-response.dto';
-import { ActivityEntity } from '@app/infra/entities';
-import { errorStub, userDto, uuidStub } from '@test/fixtures';
+import {
+  ActivityCreateDto,
+  AlbumResponseDto,
+  AssetFileUploadResponseDto,
+  LoginResponseDto,
+  ReactionType,
+  createActivity as create,
+  createAlbum,
+} from '@immich/sdk';
+import { createUserDto, uuidDto } from 'src/fixtures';
+import { errorDto } from 'src/responses';
+import { apiUtils, app, asBearerAuth, dbUtils } from 'src/utils';
 import request from 'supertest';
-import { api } from '../../client';
-import { testApp } from '../utils';
+import { beforeAll, beforeEach, describe, expect, it } from 'vitest';

-describe(`${ActivityController.name} (e2e)`, () => {
-  let server: any;
+describe('/activity', () => {
  let admin: LoginResponseDto;
+  let nonOwner: LoginResponseDto;
  let asset: AssetFileUploadResponseDto;
  let album: AlbumResponseDto;
-  let nonOwner: LoginResponseDto;
+
+  const createActivity = (dto: ActivityCreateDto, accessToken?: string) =>
+    create(
+      { activityCreateDto: dto },
+      { headers: asBearerAuth(accessToken || admin.accessToken) },
+    );

  beforeAll(async () => {
-    server = (await testApp.create()).getHttpServer();
-    await testApp.reset();
-    await api.authApi.adminSignUp(server);
-    admin = await api.authApi.adminLogin(server);
-    asset = await api.assetApi.upload(server, admin.accessToken, 'example');
+    apiUtils.setup();
+    await dbUtils.reset();

-    await api.userApi.create(server, admin.accessToken, userDto.user1);
-    nonOwner = await api.authApi.login(server, userDto.user1);
-
-    album = await api.albumApi.create(server, admin.accessToken, {
-      albumName: 'Album 1',
-      assetIds: [asset.id],
-      sharedWithUserIds: [nonOwner.userId],
-    });
-  });
-
-  afterAll(async () => {
-    await testApp.teardown();
+    admin = await apiUtils.adminSetup();
+    nonOwner = await apiUtils.userSetup(admin.accessToken, createUserDto.user1);
+    asset = await apiUtils.createAsset(admin.accessToken);
+    album = await createAlbum(
+      {
+        createAlbumDto: {
+          albumName: 'Album 1',
+          assetIds: [asset.id],
+          sharedWithUserIds: [nonOwner.userId],
+        },
+      },
+      { headers: asBearerAuth(admin.accessToken) },
+    );
  });

  beforeEach(async () => {
-    await testApp.reset({ entities: [ActivityEntity] });
+    await dbUtils.reset(['activity']);
  });

  describe('GET /activity', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).get('/activity');
+      const { status, body } = await request(app).get('/activity');
      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should require an albumId', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/activity')
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toEqual(400);
-      expect(body).toEqual(errorStub.badRequest(expect.arrayContaining(['albumId must be a UUID'])));
+      expect(body).toEqual(
+        errorDto.badRequest(expect.arrayContaining(['albumId must be a UUID'])),
+      );
    });

    it('should reject an invalid albumId', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/activity')
-        .query({ albumId: uuidStub.invalid })
+        .query({ albumId: uuidDto.invalid })
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toEqual(400);
-      expect(body).toEqual(errorStub.badRequest(expect.arrayContaining(['albumId must be a UUID'])));
+      expect(body).toEqual(
+        errorDto.badRequest(expect.arrayContaining(['albumId must be a UUID'])),
+      );
    });

    it('should reject an invalid assetId', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/activity')
-        .query({ albumId: uuidStub.notFound, assetId: uuidStub.invalid })
+        .query({ albumId: uuidDto.notFound, assetId: uuidDto.invalid })
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toEqual(400);
-      expect(body).toEqual(errorStub.badRequest(expect.arrayContaining(['assetId must be a UUID'])));
+      expect(body).toEqual(
+        errorDto.badRequest(expect.arrayContaining(['assetId must be a UUID'])),
+      );
    });

    it('should start off empty', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/activity')
        .query({ albumId: album.id })
        .set('Authorization', `Bearer ${admin.accessToken}`);
@@ -82,22 +97,22 @@ describe(`${ActivityController.name} (e2e)`, () => {
    });

    it('should filter by album id', async () => {
-      const album2 = await api.albumApi.create(server, admin.accessToken, {
-        albumName: 'Album 2',
-        assetIds: [asset.id],
-      });
+      const album2 = await createAlbum(
+        {
+          createAlbumDto: {
+            albumName: 'Album 2',
+            assetIds: [asset.id],
+          },
+        },
+        { headers: asBearerAuth(admin.accessToken) },
+      );
+
      const [reaction] = await Promise.all([
-        api.activityApi.create(server, admin.accessToken, {
-          albumId: album.id,
-          type: ReactionType.LIKE,
-        }),
-        api.activityApi.create(server, admin.accessToken, {
-          albumId: album2.id,
-          type: ReactionType.LIKE,
-        }),
+        createActivity({ albumId: album.id, type: ReactionType.Like }),
+        createActivity({ albumId: album2.id, type: ReactionType.Like }),
      ]);

-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/activity')
        .query({ albumId: album.id })
        .set('Authorization', `Bearer ${admin.accessToken}`);
@@ -108,15 +123,15 @@ describe(`${ActivityController.name} (e2e)`, () => {

    it('should filter by type=comment', async () => {
      const [reaction] = await Promise.all([
-        api.activityApi.create(server, admin.accessToken, {
+        createActivity({
          albumId: album.id,
-          type: ReactionType.COMMENT,
+          type: ReactionType.Comment,
          comment: 'comment',
        }),
-        api.activityApi.create(server, admin.accessToken, { albumId: album.id, type: ReactionType.LIKE }),
+        createActivity({ albumId: album.id, type: ReactionType.Like }),
      ]);

-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/activity')
        .query({ albumId: album.id, type: 'comment' })
        .set('Authorization', `Bearer ${admin.accessToken}`);
@@ -127,15 +142,15 @@ describe(`${ActivityController.name} (e2e)`, () => {

    it('should filter by type=like', async () => {
      const [reaction] = await Promise.all([
-        api.activityApi.create(server, admin.accessToken, { albumId: album.id, type: ReactionType.LIKE }),
-        api.activityApi.create(server, admin.accessToken, {
+        createActivity({ albumId: album.id, type: ReactionType.Like }),
+        createActivity({
          albumId: album.id,
-          type: ReactionType.COMMENT,
+          type: ReactionType.Comment,
          comment: 'comment',
        }),
      ]);

-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/activity')
        .query({ albumId: album.id, type: 'like' })
        .set('Authorization', `Bearer ${admin.accessToken}`);
@@ -146,18 +161,18 @@ describe(`${ActivityController.name} (e2e)`, () => {

    it('should filter by userId', async () => {
      const [reaction] = await Promise.all([
-        api.activityApi.create(server, admin.accessToken, { albumId: album.id, type: ReactionType.LIKE }),
+        createActivity({ albumId: album.id, type: ReactionType.Like }),
      ]);

-      const response1 = await request(server)
+      const response1 = await request(app)
        .get('/activity')
-        .query({ albumId: album.id, userId: uuidStub.notFound })
+        .query({ albumId: album.id, userId: uuidDto.notFound })
        .set('Authorization', `Bearer ${admin.accessToken}`);

      expect(response1.status).toEqual(200);
      expect(response1.body.length).toBe(0);

-      const response2 = await request(server)
+      const response2 = await request(app)
        .get('/activity')
        .query({ albumId: album.id, userId: admin.userId })
        .set('Authorization', `Bearer ${admin.accessToken}`);
@@ -169,15 +184,15 @@ describe(`${ActivityController.name} (e2e)`, () => {

    it('should filter by assetId', async () => {
      const [reaction] = await Promise.all([
-        api.activityApi.create(server, admin.accessToken, {
+        createActivity({
          albumId: album.id,
          assetId: asset.id,
-          type: ReactionType.LIKE,
+          type: ReactionType.Like,
        }),
-        api.activityApi.create(server, admin.accessToken, { albumId: album.id, type: ReactionType.LIKE }),
+        createActivity({ albumId: album.id, type: ReactionType.Like }),
      ]);

-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/activity')
        .query({ albumId: album.id, assetId: asset.id })
        .set('Authorization', `Bearer ${admin.accessToken}`);
@@ -189,34 +204,45 @@ describe(`${ActivityController.name} (e2e)`, () => {

  describe('POST /activity', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).post('/activity');
+      const { status, body } = await request(app).post('/activity');
      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should require an albumId', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .post('/activity')
        .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({ albumId: uuidStub.invalid });
+        .send({ albumId: uuidDto.invalid });
      expect(status).toEqual(400);
-      expect(body).toEqual(errorStub.badRequest(expect.arrayContaining(['albumId must be a UUID'])));
+      expect(body).toEqual(
+        errorDto.badRequest(expect.arrayContaining(['albumId must be a UUID'])),
+      );
    });

    it('should require a comment when type is comment', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .post('/activity')
        .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({ albumId: uuidStub.notFound, type: 'comment', comment: null });
+        .send({ albumId: uuidDto.notFound, type: 'comment', comment: null });
      expect(status).toEqual(400);
-      expect(body).toEqual(errorStub.badRequest(['comment must be a string', 'comment should not be empty']));
+      expect(body).toEqual(
+        errorDto.badRequest([
+          'comment must be a string',
+          'comment should not be empty',
+        ]),
+      );
    });

    it('should add a comment to an album', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .post('/activity')
        .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({ albumId: album.id, type: 'comment', comment: 'This is my first comment' });
+        .send({
+          albumId: album.id,
+          type: 'comment',
+          comment: 'This is my first comment',
+        });
      expect(status).toEqual(201);
      expect(body).toEqual({
        id: expect.any(String),
@@ -229,7 +255,7 @@ describe(`${ActivityController.name} (e2e)`, () => {
    });

    it('should add a like to an album', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .post('/activity')
        .set('Authorization', `Bearer ${admin.accessToken}`)
        .send({ albumId: album.id, type: 'like' });
@@ -245,11 +271,11 @@ describe(`${ActivityController.name} (e2e)`, () => {
    });

    it('should return a 200 for a duplicate like on the album', async () => {
-      const reaction = await api.activityApi.create(server, admin.accessToken, {
-        albumId: album.id,
-        type: ReactionType.LIKE,
-      });
-      const { status, body } = await request(server)
+      const [reaction] = await Promise.all([
+        createActivity({ albumId: album.id, type: ReactionType.Like }),
+      ]);
+
+      const { status, body } = await request(app)
        .post('/activity')
        .set('Authorization', `Bearer ${admin.accessToken}`)
        .send({ albumId: album.id, type: 'like' });
@@ -258,12 +284,14 @@ describe(`${ActivityController.name} (e2e)`, () => {
    });

    it('should not confuse an album like with an asset like', async () => {
-      const reaction = await api.activityApi.create(server, admin.accessToken, {
-        albumId: album.id,
-        assetId: asset.id,
-        type: ReactionType.LIKE,
-      });
-      const { status, body } = await request(server)
+      const [reaction] = await Promise.all([
+        createActivity({
+          albumId: album.id,
+          assetId: asset.id,
+          type: ReactionType.Like,
+        }),
+      ]);
+      const { status, body } = await request(app)
        .post('/activity')
        .set('Authorization', `Bearer ${admin.accessToken}`)
        .send({ albumId: album.id, type: 'like' });
@@ -272,10 +300,15 @@ describe(`${ActivityController.name} (e2e)`, () => {
    });

    it('should add a comment to an asset', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .post('/activity')
        .set('Authorization', `Bearer ${admin.accessToken}`)
-        .send({ albumId: album.id, assetId: asset.id, type: 'comment', comment: 'This is my first comment' });
+        .send({
+          albumId: album.id,
+          assetId: asset.id,
+          type: 'comment',
+          comment: 'This is my first comment',
+        });
      expect(status).toEqual(201);
      expect(body).toEqual({
        id: expect.any(String),
@@ -288,7 +321,7 @@ describe(`${ActivityController.name} (e2e)`, () => {
    });

    it('should add a like to an asset', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .post('/activity')
        .set('Authorization', `Bearer ${admin.accessToken}`)
        .send({ albumId: album.id, assetId: asset.id, type: 'like' });
@@ -304,12 +337,15 @@ describe(`${ActivityController.name} (e2e)`, () => {
    });

    it('should return a 200 for a duplicate like on an asset', async () => {
-      const reaction = await api.activityApi.create(server, admin.accessToken, {
-        albumId: album.id,
-        assetId: asset.id,
-        type: ReactionType.LIKE,
-      });
-      const { status, body } = await request(server)
+      const [reaction] = await Promise.all([
+        createActivity({
+          albumId: album.id,
+          assetId: asset.id,
+          type: ReactionType.Like,
+        }),
+      ]);
+
+      const { status, body } = await request(app)
        .post('/activity')
        .set('Authorization', `Bearer ${admin.accessToken}`)
        .send({ albumId: album.id, assetId: asset.id, type: 'like' });
@@ -320,50 +356,52 @@ describe(`${ActivityController.name} (e2e)`, () => {

  describe('DELETE /activity/:id', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).delete(`/activity/${uuidStub.notFound}`);
+      const { status, body } = await request(app).delete(
+        `/activity/${uuidDto.notFound}`,
+      );
      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should require a valid uuid', async () => {
-      const { status, body } = await request(server)
-        .delete(`/activity/${uuidStub.invalid}`)
+      const { status, body } = await request(app)
+        .delete(`/activity/${uuidDto.invalid}`)
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(400);
-      expect(body).toEqual(errorStub.badRequest(['id must be a UUID']));
+      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
    });

    it('should remove a comment from an album', async () => {
-      const reaction = await api.activityApi.create(server, admin.accessToken, {
+      const reaction = await createActivity({
        albumId: album.id,
-        type: ReactionType.COMMENT,
+        type: ReactionType.Comment,
        comment: 'This is a test comment',
      });
-      const { status } = await request(server)
+      const { status } = await request(app)
        .delete(`/activity/${reaction.id}`)
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toEqual(204);
    });

    it('should remove a like from an album', async () => {
-      const reaction = await api.activityApi.create(server, admin.accessToken, {
+      const reaction = await createActivity({
        albumId: album.id,
-        type: ReactionType.LIKE,
+        type: ReactionType.Like,
      });
-      const { status } = await request(server)
+      const { status } = await request(app)
        .delete(`/activity/${reaction.id}`)
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toEqual(204);
    });

    it('should let the owner remove a comment by another user', async () => {
-      const reaction = await api.activityApi.create(server, nonOwner.accessToken, {
+      const reaction = await createActivity({
        albumId: album.id,
-        type: ReactionType.COMMENT,
+        type: ReactionType.Comment,
        comment: 'This is a test comment',
      });

-      const { status } = await request(server)
+      const { status } = await request(app)
        .delete(`/activity/${reaction.id}`)
        .set('Authorization', `Bearer ${admin.accessToken}`);

@@ -371,28 +409,33 @@ describe(`${ActivityController.name} (e2e)`, () => {
    });

    it('should not let a user remove a comment by another user', async () => {
-      const reaction = await api.activityApi.create(server, admin.accessToken, {
+      const reaction = await createActivity({
        albumId: album.id,
-        type: ReactionType.COMMENT,
+        type: ReactionType.Comment,
        comment: 'This is a test comment',
      });

-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .delete(`/activity/${reaction.id}`)
        .set('Authorization', `Bearer ${nonOwner.accessToken}`);

      expect(status).toBe(400);
-      expect(body).toEqual(errorStub.badRequest('Not found or no activity.delete access'));
+      expect(body).toEqual(
+        errorDto.badRequest('Not found or no activity.delete access'),
+      );
    });

    it('should let a non-owner remove their own comment', async () => {
-      const reaction = await api.activityApi.create(server, nonOwner.accessToken, {
-        albumId: album.id,
-        type: ReactionType.COMMENT,
-        comment: 'This is a test comment',
-      });
+      const reaction = await createActivity(
+        {
+          albumId: album.id,
+          type: ReactionType.Comment,
+          comment: 'This is a test comment',
+        },
+        nonOwner.accessToken,
+      );

-      const { status } = await request(server)
+      const { status } = await request(app)
        .delete(`/activity/${reaction.id}`)
        .set('Authorization', `Bearer ${nonOwner.accessToken}`);

--- a/server/e2e/api/specs/album.e2e-spec.ts
+++ b/server/e2e/api/specs/album.e2e-spec.ts
@@ -1,11 +1,15 @@
-import { AlbumResponseDto, LoginResponseDto } from '@app/domain';
-import { AlbumController } from '@app/immich';
-import { AssetFileUploadResponseDto } from '@app/immich/api-v1/asset/response-dto/asset-file-upload-response.dto';
-import { SharedLinkType } from '@app/infra/entities';
-import { errorStub, userDto, uuidStub } from '@test/fixtures';
+import {
+  AlbumResponseDto,
+  AssetFileUploadResponseDto,
+  LoginResponseDto,
+  SharedLinkType,
+  deleteUser,
+} from '@immich/sdk';
+import { createUserDto, uuidDto } from 'src/fixtures';
+import { errorDto } from 'src/responses';
+import { apiUtils, app, asBearerAuth, dbUtils } from 'src/utils';
 import request from 'supertest';
-import { api } from '../../client';
-import { testApp } from '../utils';
+import { beforeAll, beforeEach, describe, expect, it } from 'vitest';

 const user1SharedUser = 'user1SharedUser';
 const user1SharedLink = 'user1SharedLink';
@@ -14,193 +18,327 @@ const user2SharedUser = 'user2SharedUser';
 const user2SharedLink = 'user2SharedLink';
 const user2NotShared = 'user2NotShared';

-describe(`${AlbumController.name} (e2e)`, () => {
-  let server: any;
+describe('/album', () => {
  let admin: LoginResponseDto;
  let user1: LoginResponseDto;
-  let user1Asset: AssetFileUploadResponseDto;
+  let user1Asset1: AssetFileUploadResponseDto;
+  let user1Asset2: AssetFileUploadResponseDto;
  let user1Albums: AlbumResponseDto[];
  let user2: LoginResponseDto;
  let user2Albums: AlbumResponseDto[];
+  let user3: LoginResponseDto; // deleted

  beforeAll(async () => {
-    server = (await testApp.create()).getHttpServer();
-  });
+    apiUtils.setup();
+    await dbUtils.reset();

-  afterAll(async () => {
-    await testApp.teardown();
-  });
+    admin = await apiUtils.adminSetup();

-  beforeEach(async () => {
-    await testApp.reset();
-    await api.authApi.adminSignUp(server);
-    admin = await api.authApi.adminLogin(server);
-
-    await Promise.all([
-      api.userApi.create(server, admin.accessToken, userDto.user1),
-      api.userApi.create(server, admin.accessToken, userDto.user2),
+    [user1, user2, user3] = await Promise.all([
+      apiUtils.userSetup(admin.accessToken, createUserDto.user1),
+      apiUtils.userSetup(admin.accessToken, createUserDto.user2),
+      apiUtils.userSetup(admin.accessToken, createUserDto.user3),
    ]);

-    [user1, user2] = await Promise.all([
-      api.authApi.login(server, userDto.user1),
-      api.authApi.login(server, userDto.user2),
+    [user1Asset1, user1Asset2] = await Promise.all([
+      apiUtils.createAsset(user1.accessToken),
+      apiUtils.createAsset(user1.accessToken),
    ]);

-    user1Asset = await api.assetApi.upload(server, user1.accessToken, 'example');
-
    const albums = await Promise.all([
      // user 1
-      api.albumApi.create(server, user1.accessToken, {
+      apiUtils.createAlbum(user1.accessToken, {
        albumName: user1SharedUser,
        sharedWithUserIds: [user2.userId],
-        assetIds: [user1Asset.id],
+        assetIds: [user1Asset1.id],
+      }),
+      apiUtils.createAlbum(user1.accessToken, {
+        albumName: user1SharedLink,
+        assetIds: [user1Asset1.id],
+      }),
+      apiUtils.createAlbum(user1.accessToken, {
+        albumName: user1NotShared,
+        assetIds: [user1Asset1.id, user1Asset2.id],
      }),
-      api.albumApi.create(server, user1.accessToken, { albumName: user1SharedLink, assetIds: [user1Asset.id] }),
-      api.albumApi.create(server, user1.accessToken, { albumName: user1NotShared, assetIds: [user1Asset.id] }),

      // user 2
-      api.albumApi.create(server, user2.accessToken, {
+      apiUtils.createAlbum(user2.accessToken, {
        albumName: user2SharedUser,
        sharedWithUserIds: [user1.userId],
-        assetIds: [user1Asset.id],
+        assetIds: [user1Asset1.id],
+      }),
+      apiUtils.createAlbum(user2.accessToken, { albumName: user2SharedLink }),
+      apiUtils.createAlbum(user2.accessToken, { albumName: user2NotShared }),
+
+      // user 3
+      apiUtils.createAlbum(user3.accessToken, {
+        albumName: 'Deleted',
+        sharedWithUserIds: [user1.userId],
      }),
-      api.albumApi.create(server, user2.accessToken, { albumName: user2SharedLink }),
-      api.albumApi.create(server, user2.accessToken, { albumName: user2NotShared }),
    ]);

    user1Albums = albums.slice(0, 3);
-    user2Albums = albums.slice(3);
+    user2Albums = albums.slice(3, 6);

    await Promise.all([
      // add shared link to user1SharedLink album
-      api.sharedLinkApi.create(server, user1.accessToken, {
-        type: SharedLinkType.ALBUM,
+      apiUtils.createSharedLink(user1.accessToken, {
+        type: SharedLinkType.Album,
        albumId: user1Albums[1].id,
      }),
-
      // add shared link to user2SharedLink album
-      api.sharedLinkApi.create(server, user2.accessToken, {
-        type: SharedLinkType.ALBUM,
+      apiUtils.createSharedLink(user2.accessToken, {
+        type: SharedLinkType.Album,
        albumId: user2Albums[1].id,
      }),
    ]);
+
+    await deleteUser(
+      { id: user3.userId },
+      { headers: asBearerAuth(admin.accessToken) },
+    );
  });

  describe('GET /album', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).get('/album');
+      const { status, body } = await request(app).get('/album');
      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should reject an invalid shared param', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/album?shared=invalid')
        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(status).toEqual(400);
-      expect(body).toEqual(errorStub.badRequest(['shared must be a boolean value']));
+      expect(body).toEqual(
+        errorDto.badRequest(['shared must be a boolean value']),
+      );
    });

    it('should reject an invalid assetId param', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/album?assetId=invalid')
        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(status).toEqual(400);
-      expect(body).toEqual(errorStub.badRequest(['assetId must be a UUID']));
+      expect(body).toEqual(errorDto.badRequest(['assetId must be a UUID']));
    });

    it('should not return shared albums with a deleted owner', async () => {
-      await api.userApi.delete(server, admin.accessToken, user1.userId);
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/album?shared=true')
-        .set('Authorization', `Bearer ${user2.accessToken}`);
+        .set('Authorization', `Bearer ${user1.accessToken}`);

      expect(status).toBe(200);
-      expect(body).toHaveLength(1);
+      expect(body).toHaveLength(3);
      expect(body).toEqual(
        expect.arrayContaining([
-          expect.objectContaining({ ownerId: user2.userId, albumName: user2SharedLink, shared: true }),
+          expect.objectContaining({
+            ownerId: user1.userId,
+            albumName: user1SharedLink,
+            shared: true,
+          }),
+          expect.objectContaining({
+            ownerId: user1.userId,
+            albumName: user1SharedUser,
+            shared: true,
+          }),
+          expect.objectContaining({
+            ownerId: user2.userId,
+            albumName: user2SharedUser,
+            shared: true,
+          }),
        ]),
      );
    });

    it('should return the album collection including owned and shared', async () => {
-      const { status, body } = await request(server).get('/album').set('Authorization', `Bearer ${user1.accessToken}`);
+      const { status, body } = await request(app)
+        .get('/album')
+        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(status).toBe(200);
      expect(body).toHaveLength(3);
      expect(body).toEqual(
        expect.arrayContaining([
-          expect.objectContaining({ ownerId: user1.userId, albumName: user1SharedUser, shared: true }),
-          expect.objectContaining({ ownerId: user1.userId, albumName: user1SharedLink, shared: true }),
-          expect.objectContaining({ ownerId: user1.userId, albumName: user1NotShared, shared: false }),
+          expect.objectContaining({
+            ownerId: user1.userId,
+            albumName: user1SharedUser,
+            shared: true,
+          }),
+          expect.objectContaining({
+            ownerId: user1.userId,
+            albumName: user1SharedLink,
+            shared: true,
+          }),
+          expect.objectContaining({
+            ownerId: user1.userId,
+            albumName: user1NotShared,
+            shared: false,
+          }),
        ]),
      );
    });

    it('should return the album collection filtered by shared', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/album?shared=true')
        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(status).toBe(200);
      expect(body).toHaveLength(3);
      expect(body).toEqual(
        expect.arrayContaining([
-          expect.objectContaining({ ownerId: user1.userId, albumName: user1SharedUser, shared: true }),
-          expect.objectContaining({ ownerId: user1.userId, albumName: user1SharedLink, shared: true }),
-          expect.objectContaining({ ownerId: user2.userId, albumName: user2SharedUser, shared: true }),
+          expect.objectContaining({
+            ownerId: user1.userId,
+            albumName: user1SharedUser,
+            shared: true,
+          }),
+          expect.objectContaining({
+            ownerId: user1.userId,
+            albumName: user1SharedLink,
+            shared: true,
+          }),
+          expect.objectContaining({
+            ownerId: user2.userId,
+            albumName: user2SharedUser,
+            shared: true,
+          }),
        ]),
      );
    });

    it('should return the album collection filtered by NOT shared', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/album?shared=false')
        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(status).toBe(200);
      expect(body).toHaveLength(1);
      expect(body).toEqual(
        expect.arrayContaining([
-          expect.objectContaining({ ownerId: user1.userId, albumName: user1NotShared, shared: false }),
+          expect.objectContaining({
+            ownerId: user1.userId,
+            albumName: user1NotShared,
+            shared: false,
+          }),
        ]),
      );
    });

    it('should return the album collection filtered by assetId', async () => {
-      const asset = await api.assetApi.upload(server, user1.accessToken, 'example2');
-      await api.albumApi.addAssets(server, user1.accessToken, user1Albums[0].id, { ids: [asset.id] });
-      const { status, body } = await request(server)
-        .get(`/album?assetId=${asset.id}`)
+      const { status, body } = await request(app)
+        .get(`/album?assetId=${user1Asset2.id}`)
        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(status).toBe(200);
      expect(body).toHaveLength(1);
    });

    it('should return the album collection filtered by assetId and ignores shared=true', async () => {
-      const { status, body } = await request(server)
-        .get(`/album?shared=true&assetId=${user1Asset.id}`)
+      const { status, body } = await request(app)
+        .get(`/album?shared=true&assetId=${user1Asset1.id}`)
        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(status).toBe(200);
      expect(body).toHaveLength(4);
    });

    it('should return the album collection filtered by assetId and ignores shared=false', async () => {
-      const { status, body } = await request(server)
-        .get(`/album?shared=false&assetId=${user1Asset.id}`)
+      const { status, body } = await request(app)
+        .get(`/album?shared=false&assetId=${user1Asset1.id}`)
        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(status).toBe(200);
      expect(body).toHaveLength(4);
    });
  });

+  describe('GET /album/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get(
+        `/album/${user1Albums[0].id}`,
+      );
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should return album info for own album', async () => {
+      const { status, body } = await request(app)
+        .get(`/album/${user1Albums[0].id}?withoutAssets=false`)
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        ...user1Albums[0],
+        assets: [expect.objectContaining(user1Albums[0].assets[0])],
+      });
+    });
+
+    it('should return album info for shared album', async () => {
+      const { status, body } = await request(app)
+        .get(`/album/${user2Albums[0].id}?withoutAssets=false`)
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        ...user2Albums[0],
+        assets: [expect.objectContaining(user2Albums[0].assets[0])],
+      });
+    });
+
+    it('should return album info with assets when withoutAssets is undefined', async () => {
+      const { status, body } = await request(app)
+        .get(`/album/${user1Albums[0].id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        ...user1Albums[0],
+        assets: [expect.objectContaining(user1Albums[0].assets[0])],
+      });
+    });
+
+    it('should return album info without assets when withoutAssets is true', async () => {
+      const { status, body } = await request(app)
+        .get(`/album/${user1Albums[0].id}?withoutAssets=true`)
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        ...user1Albums[0],
+        assets: [],
+        assetCount: 1,
+      });
+    });
+  });
+
+  describe('GET /album/count', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/album/count');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should return total count of albums the user has access to', async () => {
+      const { status, body } = await request(app)
+        .get('/album/count')
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toEqual({ owned: 3, shared: 3, notShared: 1 });
+    });
+  });
+
  describe('POST /album', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).post('/album').send({ albumName: 'New album' });
+      const { status, body } = await request(app)
+        .post('/album')
+        .send({ albumName: 'New album' });
      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should create an album', async () => {
-      const body = await api.albumApi.create(server, user1.accessToken, { albumName: 'New album' });
+      const { status, body } = await request(app)
+        .post('/album')
+        .send({ albumName: 'New album' })
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+      expect(status).toBe(201);
      expect(body).toEqual({
        id: expect.any(String),
        createdAt: expect.any(String),
@@ -220,113 +358,56 @@ describe(`${AlbumController.name} (e2e)`, () => {
    });
  });

-  describe('GET /album/count', () => {
-    it('should require authentication', async () => {
-      const { status, body } = await request(server).get('/album/count');
-      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
-    });
-
-    it('should return total count of albums the user has access to', async () => {
-      const { status, body } = await request(server)
-        .get('/album/count')
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toEqual({ owned: 3, shared: 3, notShared: 1 });
-    });
-  });
-
-  describe('GET /album/:id', () => {
-    it('should require authentication', async () => {
-      const { status, body } = await request(server).get(`/album/${user1Albums[0].id}`);
-      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
-    });
-
-    it('should return album info for own album', async () => {
-      const { status, body } = await request(server)
-        .get(`/album/${user1Albums[0].id}?withoutAssets=false`)
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toEqual({ ...user1Albums[0], assets: [expect.objectContaining(user1Albums[0].assets[0])] });
-    });
-
-    it('should return album info for shared album', async () => {
-      const { status, body } = await request(server)
-        .get(`/album/${user2Albums[0].id}?withoutAssets=false`)
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toEqual({ ...user2Albums[0], assets: [expect.objectContaining(user2Albums[0].assets[0])] });
-    });
-
-    it('should return album info with assets when withoutAssets is undefined', async () => {
-      const { status, body } = await request(server)
-        .get(`/album/${user1Albums[0].id}`)
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toEqual({ ...user1Albums[0], assets: [expect.objectContaining(user1Albums[0].assets[0])] });
-    });
-
-    it('should return album info without assets when withoutAssets is true', async () => {
-      const { status, body } = await request(server)
-        .get(`/album/${user1Albums[0].id}?withoutAssets=true`)
-        .set('Authorization', `Bearer ${user1.accessToken}`);
-
-      expect(status).toBe(200);
-      expect(body).toEqual({
-        ...user1Albums[0],
-        assets: [],
-        assetCount: 1,
-      });
-    });
-  });
-
  describe('PUT /album/:id/assets', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).put(`/album/${user1Albums[0].id}/assets`);
+      const { status, body } = await request(app).put(
+        `/album/${user1Albums[0].id}/assets`,
+      );
      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should be able to add own asset to own album', async () => {
-      const asset = await api.assetApi.upload(server, user1.accessToken, 'example1');
-      const { status, body } = await request(server)
+      const asset = await apiUtils.createAsset(user1.accessToken);
+      const { status, body } = await request(app)
        .put(`/album/${user1Albums[0].id}/assets`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .send({ ids: [asset.id] });

      expect(status).toBe(200);
-      expect(body).toEqual([expect.objectContaining({ id: asset.id, success: true })]);
+      expect(body).toEqual([
+        expect.objectContaining({ id: asset.id, success: true }),
+      ]);
    });

    it('should be able to add own asset to shared album', async () => {
-      const asset = await api.assetApi.upload(server, user1.accessToken, 'example1');
-      const { status, body } = await request(server)
+      const asset = await apiUtils.createAsset(user1.accessToken);
+      const { status, body } = await request(app)
        .put(`/album/${user2Albums[0].id}/assets`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .send({ ids: [asset.id] });

      expect(status).toBe(200);
-      expect(body).toEqual([expect.objectContaining({ id: asset.id, success: true })]);
+      expect(body).toEqual([
+        expect.objectContaining({ id: asset.id, success: true }),
+      ]);
    });
  });

  describe('PATCH /album/:id', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server)
-        .patch(`/album/${uuidStub.notFound}`)
+      const { status, body } = await request(app)
+        .patch(`/album/${uuidDto.notFound}`)
        .send({ albumName: 'New album name' });
      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should update an album', async () => {
-      const album = await api.albumApi.create(server, user1.accessToken, { albumName: 'New album' });
-      const { status, body } = await request(server)
+      const album = await apiUtils.createAlbum(user1.accessToken, {
+        albumName: 'New album',
+      });
+      const { status, body } = await request(app)
        .patch(`/album/${album.id}`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .send({
@@ -345,52 +426,68 @@ describe(`${AlbumController.name} (e2e)`, () => {

  describe('DELETE /album/:id/assets', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .delete(`/album/${user1Albums[0].id}/assets`)
-        .send({ ids: [user1Asset.id] });
+        .send({ ids: [user1Asset1.id] });

      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
-    });
-
-    it('should be able to remove own asset from own album', async () => {
-      const { status, body } = await request(server)
-        .delete(`/album/${user1Albums[0].id}/assets`)
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ ids: [user1Asset.id] });
-
-      expect(status).toBe(200);
-      expect(body).toEqual([expect.objectContaining({ id: user1Asset.id, success: true })]);
-    });
-
-    it('should be able to remove own asset from shared album', async () => {
-      const { status, body } = await request(server)
-        .delete(`/album/${user2Albums[0].id}/assets`)
-        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ ids: [user1Asset.id] });
-
-      expect(status).toBe(200);
-      expect(body).toEqual([expect.objectContaining({ id: user1Asset.id, success: true })]);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should not be able to remove foreign asset from own album', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .delete(`/album/${user2Albums[0].id}/assets`)
        .set('Authorization', `Bearer ${user2.accessToken}`)
-        .send({ ids: [user1Asset.id] });
+        .send({ ids: [user1Asset1.id] });

      expect(status).toBe(200);
-      expect(body).toEqual([expect.objectContaining({ id: user1Asset.id, success: false, error: 'no_permission' })]);
+      expect(body).toEqual([
+        expect.objectContaining({
+          id: user1Asset1.id,
+          success: false,
+          error: 'no_permission',
+        }),
+      ]);
    });

    it('should not be able to remove foreign asset from foreign album', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .delete(`/album/${user1Albums[0].id}/assets`)
        .set('Authorization', `Bearer ${user2.accessToken}`)
-        .send({ ids: [user1Asset.id] });
+        .send({ ids: [user1Asset1.id] });

      expect(status).toBe(200);
-      expect(body).toEqual([expect.objectContaining({ id: user1Asset.id, success: false, error: 'no_permission' })]);
+      expect(body).toEqual([
+        expect.objectContaining({
+          id: user1Asset1.id,
+          success: false,
+          error: 'no_permission',
+        }),
+      ]);
+    });
+
+    it('should be able to remove own asset from own album', async () => {
+      const { status, body } = await request(app)
+        .delete(`/album/${user1Albums[0].id}/assets`)
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ ids: [user1Asset1.id] });
+
+      expect(status).toBe(200);
+      expect(body).toEqual([
+        expect.objectContaining({ id: user1Asset1.id, success: true }),
+      ]);
+    });
+
+    it('should be able to remove own asset from shared album', async () => {
+      const { status, body } = await request(app)
+        .delete(`/album/${user2Albums[0].id}/assets`)
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ ids: [user1Asset1.id] });
+
+      expect(status).toBe(200);
+      expect(body).toEqual([
+        expect.objectContaining({ id: user1Asset1.id, success: true }),
+      ]);
    });
  });

@@ -398,51 +495,57 @@ describe(`${AlbumController.name} (e2e)`, () => {
    let album: AlbumResponseDto;

    beforeEach(async () => {
-      album = await api.albumApi.create(server, user1.accessToken, { albumName: 'testAlbum' });
+      album = await apiUtils.createAlbum(user1.accessToken, {
+        albumName: 'testAlbum',
+      });
    });

    it('should require authentication', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .put(`/album/${user1Albums[0].id}/users`)
        .send({ sharedUserIds: [] });

      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should be able to add user to own album', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .put(`/album/${album.id}/users`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .send({ sharedUserIds: [user2.userId] });

      expect(status).toBe(200);
-      expect(body).toEqual(expect.objectContaining({ sharedUsers: [expect.objectContaining({ id: user2.userId })] }));
+      expect(body).toEqual(
+        expect.objectContaining({
+          sharedUsers: [expect.objectContaining({ id: user2.userId })],
+        }),
+      );
    });

    it('should not be able to share album with owner', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .put(`/album/${album.id}/users`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .send({ sharedUserIds: [user1.userId] });

      expect(status).toBe(400);
-      expect(body).toEqual(errorStub.badRequest('Cannot be shared with owner'));
+      expect(body).toEqual(errorDto.badRequest('Cannot be shared with owner'));
    });

    it('should not be able to add existing user to shared album', async () => {
-      await request(server)
+      await request(app)
        .put(`/album/${album.id}/users`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .send({ sharedUserIds: [user2.userId] });

-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .put(`/album/${album.id}/users`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .send({ sharedUserIds: [user2.userId] });

      expect(status).toBe(400);
-      expect(body).toEqual(errorStub.badRequest('User already added'));
+      expect(body).toEqual(errorDto.badRequest('User already added'));
    });
  });
 });
--- a/e2e/src/api/specs/asset.e2e-spec.ts
+++ b/e2e/src/api/specs/asset.e2e-spec.ts
@@ -0,0 +1,481 @@
+import {
+  AssetFileUploadResponseDto,
+  AssetResponseDto,
+  LoginResponseDto,
+  SharedLinkType,
+} from '@immich/sdk';
+import { DateTime } from 'luxon';
+import { Socket } from 'socket.io-client';
+import { createUserDto, uuidDto } from 'src/fixtures';
+import { errorDto } from 'src/responses';
+import { apiUtils, app, dbUtils } from 'src/utils';
+import request from 'supertest';
+import { beforeAll, describe, expect, it } from 'vitest';
+
+const today = DateTime.fromObject({
+  year: 2023,
+  month: 11,
+  day: 3,
+}) as DateTime<true>;
+const yesterday = today.minus({ days: 1 });
+
+describe('/asset', () => {
+  let admin: LoginResponseDto;
+  let user1: LoginResponseDto;
+  let user2: LoginResponseDto;
+  let userStats: LoginResponseDto;
+  let asset1: AssetFileUploadResponseDto;
+  let asset2: AssetFileUploadResponseDto;
+  let asset3: AssetFileUploadResponseDto;
+  let asset4: AssetFileUploadResponseDto; // user2 asset
+  let asset5: AssetFileUploadResponseDto;
+  let asset6: AssetFileUploadResponseDto;
+  let ws: Socket;
+
+  beforeAll(async () => {
+    apiUtils.setup();
+    await dbUtils.reset();
+    admin = await apiUtils.adminSetup({ onboarding: false });
+    [user1, user2, userStats] = await Promise.all([
+      apiUtils.userSetup(admin.accessToken, createUserDto.user1),
+      apiUtils.userSetup(admin.accessToken, createUserDto.user2),
+      apiUtils.userSetup(admin.accessToken, createUserDto.user3),
+    ]);
+
+    [asset1, asset2, asset3, asset4, asset5, asset6] = await Promise.all([
+      apiUtils.createAsset(user1.accessToken),
+      apiUtils.createAsset(user1.accessToken),
+      apiUtils.createAsset(
+        user1.accessToken,
+        {
+          isFavorite: true,
+          isExternal: true,
+          isReadOnly: true,
+          fileCreatedAt: yesterday.toISO(),
+          fileModifiedAt: yesterday.toISO(),
+        },
+        { filename: 'example.mp4' },
+      ),
+      apiUtils.createAsset(user2.accessToken),
+      apiUtils.createAsset(user1.accessToken),
+      apiUtils.createAsset(user1.accessToken),
+
+      // stats
+      apiUtils.createAsset(userStats.accessToken),
+      apiUtils.createAsset(userStats.accessToken, { isFavorite: true }),
+      apiUtils.createAsset(userStats.accessToken, { isArchived: true }),
+      apiUtils.createAsset(
+        userStats.accessToken,
+        {
+          isArchived: true,
+          isFavorite: true,
+        },
+        { filename: 'example.mp4' },
+      ),
+    ]);
+
+    const person1 = await apiUtils.createPerson(user1.accessToken, {
+      name: 'Test Person',
+    });
+    await dbUtils.createFace({ assetId: asset1.id, personId: person1.id });
+  });
+
+  describe('GET /asset/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get(
+        `/asset/${uuidDto.notFound}`,
+      );
+      expect(body).toEqual(errorDto.unauthorized);
+      expect(status).toBe(401);
+    });
+
+    it('should require a valid id', async () => {
+      const { status, body } = await request(app)
+        .get(`/asset/${uuidDto.invalid}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
+    });
+
+    it('should require access', async () => {
+      const { status, body } = await request(app)
+        .get(`/asset/${asset4.id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.noPermission);
+    });
+
+    it('should get the asset info', async () => {
+      const { status, body } = await request(app)
+        .get(`/asset/${asset1.id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ id: asset1.id });
+    });
+
+    it('should work with a shared link', async () => {
+      const sharedLink = await apiUtils.createSharedLink(user1.accessToken, {
+        type: SharedLinkType.Individual,
+        assetIds: [asset1.id],
+      });
+
+      const { status, body } = await request(app).get(
+        `/asset/${asset1.id}?key=${sharedLink.key}`,
+      );
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ id: asset1.id });
+    });
+
+    it('should not send people data for shared links for un-authenticated users', async () => {
+      const { status, body } = await request(app)
+        .get(`/asset/${asset1.id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toEqual(200);
+      expect(body).toMatchObject({
+        id: asset1.id,
+        isFavorite: false,
+        people: [
+          {
+            birthDate: null,
+            id: expect.any(String),
+            isHidden: false,
+            name: 'Test Person',
+            thumbnailPath: '/my/awesome/thumbnail.jpg',
+          },
+        ],
+      });
+
+      const sharedLink = await apiUtils.createSharedLink(user1.accessToken, {
+        type: SharedLinkType.Individual,
+        assetIds: [asset1.id],
+      });
+
+      const data = await request(app).get(
+        `/asset/${asset1.id}?key=${sharedLink.key}`,
+      );
+      expect(data.status).toBe(200);
+      expect(data.body).toMatchObject({ people: [] });
+    });
+  });
+
+  describe('GET /asset/statistics', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/asset/statistics');
+
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should return stats of all assets', async () => {
+      const { status, body } = await request(app)
+        .get('/asset/statistics')
+        .set('Authorization', `Bearer ${userStats.accessToken}`);
+
+      expect(body).toEqual({ images: 3, videos: 1, total: 4 });
+      expect(status).toBe(200);
+    });
+
+    it('should return stats of all favored assets', async () => {
+      const { status, body } = await request(app)
+        .get('/asset/statistics')
+        .set('Authorization', `Bearer ${userStats.accessToken}`)
+        .query({ isFavorite: true });
+
+      expect(status).toBe(200);
+      expect(body).toEqual({ images: 1, videos: 1, total: 2 });
+    });
+
+    it('should return stats of all archived assets', async () => {
+      const { status, body } = await request(app)
+        .get('/asset/statistics')
+        .set('Authorization', `Bearer ${userStats.accessToken}`)
+        .query({ isArchived: true });
+
+      expect(status).toBe(200);
+      expect(body).toEqual({ images: 1, videos: 1, total: 2 });
+    });
+
+    it('should return stats of all favored and archived assets', async () => {
+      const { status, body } = await request(app)
+        .get('/asset/statistics')
+        .set('Authorization', `Bearer ${userStats.accessToken}`)
+        .query({ isFavorite: true, isArchived: true });
+
+      expect(status).toBe(200);
+      expect(body).toEqual({ images: 0, videos: 1, total: 1 });
+    });
+
+    it('should return stats of all assets neither favored nor archived', async () => {
+      const { status, body } = await request(app)
+        .get('/asset/statistics')
+        .set('Authorization', `Bearer ${userStats.accessToken}`)
+        .query({ isFavorite: false, isArchived: false });
+
+      expect(status).toBe(200);
+      expect(body).toEqual({ images: 1, videos: 0, total: 1 });
+    });
+  });
+
+  describe('GET /asset/random', () => {
+    beforeAll(async () => {
+      await Promise.all([
+        apiUtils.createAsset(user1.accessToken),
+        apiUtils.createAsset(user1.accessToken),
+        apiUtils.createAsset(user1.accessToken),
+        apiUtils.createAsset(user1.accessToken),
+        apiUtils.createAsset(user1.accessToken),
+        apiUtils.createAsset(user1.accessToken),
+      ]);
+    });
+
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/asset/random');
+
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it.each(Array(10))('should return 1 random assets', async () => {
+      const { status, body } = await request(app)
+        .get('/asset/random')
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toBe(200);
+
+      const assets: AssetResponseDto[] = body;
+      expect(assets.length).toBe(1);
+      expect(assets[0].ownerId).toBe(user1.userId);
+      //
+      // assets owned by user2
+      expect(assets[0].id).not.toBe(asset4.id);
+      // assets owned by user1
+      expect([asset1.id, asset2.id, asset3.id]).toContain(assets[0].id);
+    });
+
+    it.each(Array(10))('should return 2 random assets', async () => {
+      const { status, body } = await request(app)
+        .get('/asset/random?count=2')
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toBe(200);
+
+      const assets: AssetResponseDto[] = body;
+      expect(assets.length).toBe(2);
+
+      for (const asset of assets) {
+        expect(asset.ownerId).toBe(user1.userId);
+        // assets owned by user1
+        expect([asset1.id, asset2.id, asset3.id]).toContain(asset.id);
+        // assets owned by user2
+        expect(asset.id).not.toBe(asset4.id);
+      }
+    });
+
+    it.each(Array(10))(
+      'should return 1 asset if there are 10 assets in the database but user 2 only has 1',
+      async () => {
+        const { status, body } = await request(app)
+          .get('/[]asset/random')
+          .set('Authorization', `Bearer ${user2.accessToken}`);
+
+        expect(status).toBe(200);
+        expect(body).toEqual([expect.objectContaining({ id: asset4.id })]);
+      },
+    );
+
+    it('should return error', async () => {
+      const { status } = await request(app)
+        .get('/asset/random?count=ABC')
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+
+      expect(status).toBe(400);
+    });
+  });
+
+  describe('PUT /asset/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).put(
+        `/asset/:${uuidDto.notFound}`,
+      );
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require a valid id', async () => {
+      const { status, body } = await request(app)
+        .put(`/asset/${uuidDto.invalid}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
+    });
+
+    it('should require access', async () => {
+      const { status, body } = await request(app)
+        .put(`/asset/${asset4.id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.noPermission);
+    });
+
+    it('should favorite an asset', async () => {
+      const before = await apiUtils.getAssetInfo(user1.accessToken, asset1.id);
+      expect(before.isFavorite).toBe(false);
+
+      const { status, body } = await request(app)
+        .put(`/asset/${asset1.id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ isFavorite: true });
+      expect(body).toMatchObject({ id: asset1.id, isFavorite: true });
+      expect(status).toEqual(200);
+    });
+
+    it('should archive an asset', async () => {
+      const before = await apiUtils.getAssetInfo(user1.accessToken, asset1.id);
+      expect(before.isArchived).toBe(false);
+
+      const { status, body } = await request(app)
+        .put(`/asset/${asset1.id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ isArchived: true });
+      expect(body).toMatchObject({ id: asset1.id, isArchived: true });
+      expect(status).toEqual(200);
+    });
+
+    it('should update date time original', async () => {
+      const { status, body } = await request(app)
+        .put(`/asset/${asset1.id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ dateTimeOriginal: '2023-11-19T18:11:00.000-07:00' });
+
+      expect(body).toMatchObject({
+        id: asset1.id,
+        exifInfo: expect.objectContaining({
+          dateTimeOriginal: '2023-11-20T01:11:00.000Z',
+        }),
+      });
+      expect(status).toEqual(200);
+    });
+
+    it('should reject invalid gps coordinates', async () => {
+      for (const test of [
+        { latitude: 12 },
+        { longitude: 12 },
+        { latitude: 12, longitude: 'abc' },
+        { latitude: 'abc', longitude: 12 },
+        { latitude: null, longitude: 12 },
+        { latitude: 12, longitude: null },
+        { latitude: 91, longitude: 12 },
+        { latitude: -91, longitude: 12 },
+        { latitude: 12, longitude: -181 },
+        { latitude: 12, longitude: 181 },
+      ]) {
+        const { status, body } = await request(app)
+          .put(`/asset/${asset1.id}`)
+          .send(test)
+          .set('Authorization', `Bearer ${user1.accessToken}`);
+        expect(status).toBe(400);
+        expect(body).toEqual(errorDto.badRequest());
+      }
+    });
+
+    it('should update gps data', async () => {
+      const { status, body } = await request(app)
+        .put(`/asset/${asset1.id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ latitude: 12, longitude: 12 });
+
+      expect(body).toMatchObject({
+        id: asset1.id,
+        exifInfo: expect.objectContaining({ latitude: 12, longitude: 12 }),
+      });
+      expect(status).toEqual(200);
+    });
+
+    it('should set the description', async () => {
+      const { status, body } = await request(app)
+        .put(`/asset/${asset1.id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ description: 'Test asset description' });
+      expect(body).toMatchObject({
+        id: asset1.id,
+        exifInfo: expect.objectContaining({
+          description: 'Test asset description',
+        }),
+      });
+      expect(status).toEqual(200);
+    });
+
+    it('should return tagged people', async () => {
+      const { status, body } = await request(app)
+        .put(`/asset/${asset1.id}`)
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .send({ isFavorite: true });
+      expect(status).toEqual(200);
+      expect(body).toMatchObject({
+        id: asset1.id,
+        isFavorite: true,
+        people: [
+          {
+            birthDate: null,
+            id: expect.any(String),
+            isHidden: false,
+            name: 'Test Person',
+            thumbnailPath: '/my/awesome/thumbnail.jpg',
+          },
+        ],
+      });
+    });
+  });
+
+  describe('DELETE /asset', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app)
+        .delete(`/asset`)
+        .send({ ids: [uuidDto.notFound] });
+
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require a valid uuid', async () => {
+      const { status, body } = await request(app)
+        .delete(`/asset`)
+        .send({ ids: [uuidDto.invalid] })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(400);
+      expect(body).toEqual(
+        errorDto.badRequest(['each value in ids must be a UUID']),
+      );
+    });
+
+    it('should throw an error when the id is not found', async () => {
+      const { status, body } = await request(app)
+        .delete(`/asset`)
+        .send({ ids: [uuidDto.notFound] })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(400);
+      expect(body).toEqual(
+        errorDto.badRequest('Not found or no asset.delete access'),
+      );
+    });
+
+    it('should move an asset to the trash', async () => {
+      const { id: assetId } = await apiUtils.createAsset(admin.accessToken);
+
+      const before = await apiUtils.getAssetInfo(admin.accessToken, assetId);
+      expect(before.isTrashed).toBe(false);
+
+      const { status } = await request(app)
+        .delete('/asset')
+        .send({ ids: [assetId] })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(204);
+
+      const after = await apiUtils.getAssetInfo(admin.accessToken, assetId);
+      expect(after.isTrashed).toBe(true);
+    });
+  });
+});
--- a/e2e/src/api/specs/audit.e2e-spec.ts
+++ b/e2e/src/api/specs/audit.e2e-spec.ts
@@ -0,0 +1,51 @@
+import {
+  deleteAssets,
+  getAuditFiles,
+  updateAsset,
+  type LoginResponseDto,
+} from '@immich/sdk';
+import { apiUtils, asBearerAuth, dbUtils, fileUtils } from 'src/utils';
+import { beforeAll, describe, expect, it } from 'vitest';
+
+describe('/audit', () => {
+  let admin: LoginResponseDto;
+
+  beforeAll(async () => {
+    apiUtils.setup();
+    await dbUtils.reset();
+    await fileUtils.reset();
+
+    admin = await apiUtils.adminSetup();
+  });
+
+  describe('GET :/file-report', () => {
+    it('excludes assets without issues from report', async () => {
+      const [trashedAsset, archivedAsset, _] = await Promise.all([
+        apiUtils.createAsset(admin.accessToken),
+        apiUtils.createAsset(admin.accessToken),
+        apiUtils.createAsset(admin.accessToken),
+      ]);
+
+      await Promise.all([
+        deleteAssets(
+          { assetBulkDeleteDto: { ids: [trashedAsset.id] } },
+          { headers: asBearerAuth(admin.accessToken) }
+        ),
+        updateAsset(
+          {
+            id: archivedAsset.id,
+            updateAssetDto: { isArchived: true },
+          },
+          { headers: asBearerAuth(admin.accessToken) }
+        ),
+      ]);
+
+      const body = await getAuditFiles({
+        headers: asBearerAuth(admin.accessToken),
+      });
+
+      expect(body.orphans).toHaveLength(0);
+      expect(body.extras).toHaveLength(0);
+    });
+  });
+});
--- a/e2e/src/api/specs/auth.e2e-spec.ts
+++ b/e2e/src/api/specs/auth.e2e-spec.ts
@@ -0,0 +1,291 @@
+import {
+  LoginResponseDto,
+  getAuthDevices,
+  login,
+  signUpAdmin,
+} from '@immich/sdk';
+import { loginDto, signupDto, uuidDto } from 'src/fixtures';
+import {
+  deviceDto,
+  errorDto,
+  loginResponseDto,
+  signupResponseDto,
+} from 'src/responses';
+import { apiUtils, app, asBearerAuth, dbUtils } from 'src/utils';
+import request from 'supertest';
+import { beforeAll, beforeEach, describe, expect, it } from 'vitest';
+
+const { name, email, password } = signupDto.admin;
+
+describe(`/auth/admin-sign-up`, () => {
+  beforeAll(() => {
+    apiUtils.setup();
+  });
+
+  beforeEach(async () => {
+    await dbUtils.reset();
+  });
+
+  describe('POST /auth/admin-sign-up', () => {
+    const invalid = [
+      {
+        should: 'require an email address',
+        data: { name, password },
+      },
+      {
+        should: 'require a password',
+        data: { name, email },
+      },
+      {
+        should: 'require a name',
+        data: { email, password },
+      },
+      {
+        should: 'require a valid email',
+        data: { name, email: 'immich', password },
+      },
+    ];
+
+    for (const { should, data } of invalid) {
+      it(`should ${should}`, async () => {
+        const { status, body } = await request(app)
+          .post('/auth/admin-sign-up')
+          .send(data);
+        expect(status).toEqual(400);
+        expect(body).toEqual(errorDto.badRequest());
+      });
+    }
+
+    it(`should sign up the admin`, async () => {
+      const { status, body } = await request(app)
+        .post('/auth/admin-sign-up')
+        .send(signupDto.admin);
+      expect(status).toBe(201);
+      expect(body).toEqual(signupResponseDto.admin);
+    });
+
+    it('should sign up the admin with a local domain', async () => {
+      const { status, body } = await request(app)
+        .post('/auth/admin-sign-up')
+        .send({ ...signupDto.admin, email: 'admin@local' });
+      expect(status).toEqual(201);
+      expect(body).toEqual({
+        ...signupResponseDto.admin,
+        email: 'admin@local',
+      });
+    });
+
+    it('should transform email to lower case', async () => {
+      const { status, body } = await request(app)
+        .post('/auth/admin-sign-up')
+        .send({ ...signupDto.admin, email: 'aDmIn@IMMICH.cloud' });
+      expect(status).toEqual(201);
+      expect(body).toEqual(signupResponseDto.admin);
+    });
+
+    it('should not allow a second admin to sign up', async () => {
+      await signUpAdmin({ signUpDto: signupDto.admin });
+
+      const { status, body } = await request(app)
+        .post('/auth/admin-sign-up')
+        .send(signupDto.admin);
+
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.alreadyHasAdmin);
+    });
+  });
+});
+
+describe('/auth/*', () => {
+  let admin: LoginResponseDto;
+
+  beforeEach(async () => {
+    await dbUtils.reset();
+    await signUpAdmin({ signUpDto: signupDto.admin });
+    admin = await login({ loginCredentialDto: loginDto.admin });
+  });
+
+  describe(`POST /auth/login`, () => {
+    it('should reject an incorrect password', async () => {
+      const { status, body } = await request(app)
+        .post('/auth/login')
+        .send({ email, password: 'incorrect' });
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.incorrectLogin);
+    });
+
+    for (const key of Object.keys(loginDto.admin)) {
+      it(`should not allow null ${key}`, async () => {
+        const { status, body } = await request(app)
+          .post('/auth/login')
+          .send({ ...loginDto.admin, [key]: null });
+        expect(status).toBe(400);
+        expect(body).toEqual(errorDto.badRequest());
+      });
+    }
+
+    it('should accept a correct password', async () => {
+      const { status, body, headers } = await request(app)
+        .post('/auth/login')
+        .send({ email, password });
+      expect(status).toBe(201);
+      expect(body).toEqual(loginResponseDto.admin);
+
+      const token = body.accessToken;
+      expect(token).toBeDefined();
+
+      const cookies = headers['set-cookie'];
+      expect(cookies).toHaveLength(3);
+      expect(cookies[0]).toEqual(
+        `immich_access_token=${token}; HttpOnly; Path=/; Max-Age=34560000; SameSite=Lax;`
+      );
+      expect(cookies[1]).toEqual(
+        'immich_auth_type=password; HttpOnly; Path=/; Max-Age=34560000; SameSite=Lax;'
+      );
+      expect(cookies[2]).toEqual(
+        'immich_is_authenticated=true; Path=/; Max-Age=34560000; SameSite=Lax;'
+      );
+    });
+  });
+
+  describe('GET /auth/devices', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/auth/devices');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should get a list of authorized devices', async () => {
+      const { status, body } = await request(app)
+        .get('/auth/devices')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual([deviceDto.current]);
+    });
+  });
+
+  describe('DELETE /auth/devices', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).delete(`/auth/devices`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should logout all devices (except the current one)', async () => {
+      for (let i = 0; i < 5; i++) {
+        await login({ loginCredentialDto: loginDto.admin });
+      }
+
+      await expect(
+        getAuthDevices({ headers: asBearerAuth(admin.accessToken) })
+      ).resolves.toHaveLength(6);
+
+      const { status } = await request(app)
+        .delete(`/auth/devices`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(204);
+
+      await expect(
+        getAuthDevices({ headers: asBearerAuth(admin.accessToken) })
+      ).resolves.toHaveLength(1);
+    });
+
+    it('should throw an error for a non-existent device id', async () => {
+      const { status, body } = await request(app)
+        .delete(`/auth/devices/${uuidDto.notFound}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(
+        errorDto.badRequest('Not found or no authDevice.delete access')
+      );
+    });
+
+    it('should logout a device', async () => {
+      const [device] = await getAuthDevices({
+        headers: asBearerAuth(admin.accessToken),
+      });
+      const { status } = await request(app)
+        .delete(`/auth/devices/${device.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(204);
+
+      const response = await request(app)
+        .post('/auth/validateToken')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(response.body).toEqual(errorDto.invalidToken);
+      expect(response.status).toBe(401);
+    });
+  });
+
+  describe('POST /auth/validateToken', () => {
+    it('should reject an invalid token', async () => {
+      const { status, body } = await request(app)
+        .post(`/auth/validateToken`)
+        .set('Authorization', 'Bearer 123');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.invalidToken);
+    });
+
+    it('should accept a valid token', async () => {
+      const { status, body } = await request(app)
+        .post(`/auth/validateToken`)
+        .send({})
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({ authStatus: true });
+    });
+  });
+
+  describe('POST /auth/change-password', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app)
+        .post(`/auth/change-password`)
+        .send({ password, newPassword: 'Password1234' });
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should require the current password', async () => {
+      const { status, body } = await request(app)
+        .post(`/auth/change-password`)
+        .send({ password: 'wrong-password', newPassword: 'Password1234' })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.wrongPassword);
+    });
+
+    it('should change the password', async () => {
+      const { status } = await request(app)
+        .post(`/auth/change-password`)
+        .send({ password, newPassword: 'Password1234' })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+
+      await login({
+        loginCredentialDto: {
+          email: 'admin@immich.cloud',
+          password: 'Password1234',
+        },
+      });
+    });
+  });
+
+  describe('POST /auth/logout', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).post(`/auth/logout`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should logout the user', async () => {
+      const { status, body } = await request(app)
+        .post(`/auth/logout`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        successful: true,
+        redirectUri: '/auth/login?autoLaunch=0',
+      });
+    });
+  });
+});
--- a/e2e/src/api/specs/download.e2e-spec.ts
+++ b/e2e/src/api/specs/download.e2e-spec.ts
@@ -0,0 +1,62 @@
+import { AssetFileUploadResponseDto, LoginResponseDto } from '@immich/sdk';
+import { errorDto } from 'src/responses';
+import { apiUtils, app, dbUtils } from 'src/utils';
+import request from 'supertest';
+import { beforeAll, describe, expect, it } from 'vitest';
+
+describe('/download', () => {
+  let admin: LoginResponseDto;
+  let asset1: AssetFileUploadResponseDto;
+
+  beforeAll(async () => {
+    apiUtils.setup();
+    await dbUtils.reset();
+    admin = await apiUtils.adminSetup();
+    asset1 = await apiUtils.createAsset(admin.accessToken);
+  });
+
+  describe('POST /download/info', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app)
+        .post(`/download/info`)
+        .send({ assetIds: [asset1.id] });
+
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should download info', async () => {
+      const { status, body } = await request(app)
+        .post('/download/info')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ assetIds: [asset1.id] });
+
+      expect(status).toBe(201);
+      expect(body).toEqual(
+        expect.objectContaining({
+          archives: [expect.objectContaining({ assetIds: [asset1.id] })],
+        }),
+      );
+    });
+  });
+
+  describe('POST /download/asset/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).post(
+        `/download/asset/${asset1.id}`,
+      );
+
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should download file', async () => {
+      const response = await request(app)
+        .post(`/download/asset/${asset1.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(response.status).toBe(200);
+      expect(response.headers['content-type']).toEqual('image/jpeg');
+    });
+  });
+});
--- a/e2e/src/api/specs/oauth.e2e-spec.ts
+++ b/e2e/src/api/specs/oauth.e2e-spec.ts
@@ -0,0 +1,30 @@
+import { errorDto } from 'src/responses';
+import { apiUtils, app, dbUtils } from 'src/utils';
+import request from 'supertest';
+import { beforeAll, beforeEach, describe, expect, it } from 'vitest';
+
+describe(`/oauth`, () => {
+  beforeAll(() => {
+    apiUtils.setup();
+  });
+
+  beforeEach(async () => {
+    await dbUtils.reset();
+    await apiUtils.adminSetup();
+  });
+
+  describe('POST /oauth/authorize', () => {
+    it(`should throw an error if a redirect uri is not provided`, async () => {
+      const { status, body } = await request(app)
+        .post('/oauth/authorize')
+        .send({});
+      expect(status).toBe(400);
+      expect(body).toEqual(
+        errorDto.badRequest([
+          'redirectUri must be a string',
+          'redirectUri should not be empty',
+        ])
+      );
+    });
+  });
+});
--- a/server/e2e/api/specs/partner.e2e-spec.ts
+++ b/server/e2e/api/specs/partner.e2e-spec.ts
@@ -1,68 +1,63 @@
-import { LoginResponseDto, PartnerDirection } from '@app/domain';
-import { PartnerController } from '@app/immich';
-import { errorStub, userDto } from '@test/fixtures';
+import { LoginResponseDto, createPartner } from '@immich/sdk';
+import { createUserDto } from 'src/fixtures';
+import { errorDto } from 'src/responses';
+import { apiUtils, app, asBearerAuth, dbUtils } from 'src/utils';
 import request from 'supertest';
-import { api } from '../../client';
-import { testApp } from '../utils';
+import { beforeAll, describe, expect, it } from 'vitest';

-describe(`${PartnerController.name} (e2e)`, () => {
-  let server: any;
+describe('/partner', () => {
+  let admin: LoginResponseDto;
  let user1: LoginResponseDto;
  let user2: LoginResponseDto;
  let user3: LoginResponseDto;

  beforeAll(async () => {
-    server = (await testApp.create()).getHttpServer();
+    apiUtils.setup();
+    await dbUtils.reset();

-    await testApp.reset();
-    await api.authApi.adminSignUp(server);
-    const admin = await api.authApi.adminLogin(server);
-
-    await Promise.all([
-      api.userApi.create(server, admin.accessToken, userDto.user1),
-      api.userApi.create(server, admin.accessToken, userDto.user2),
-      api.userApi.create(server, admin.accessToken, userDto.user3),
-    ]);
+    admin = await apiUtils.adminSetup();

    [user1, user2, user3] = await Promise.all([
-      api.authApi.login(server, userDto.user1),
-      api.authApi.login(server, userDto.user2),
-      api.authApi.login(server, userDto.user3),
+      apiUtils.userSetup(admin.accessToken, createUserDto.user1),
+      apiUtils.userSetup(admin.accessToken, createUserDto.user2),
+      apiUtils.userSetup(admin.accessToken, createUserDto.user3),
    ]);

    await Promise.all([
-      api.partnerApi.create(server, user1.accessToken, user2.userId),
-      api.partnerApi.create(server, user2.accessToken, user1.userId),
+      createPartner(
+        { id: user2.userId },
+        { headers: asBearerAuth(user1.accessToken) }
+      ),
+      createPartner(
+        { id: user1.userId },
+        { headers: asBearerAuth(user2.accessToken) }
+      ),
    ]);
  });

-  afterAll(async () => {
-    await testApp.teardown();
-  });
-
  describe('GET /partner', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).get('/partner');
+      const { status, body } = await request(app).get('/partner');

      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should get all partners shared by user', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/partner')
        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .query({ direction: PartnerDirection.SharedBy });
+        .query({ direction: 'shared-by' });

      expect(status).toBe(200);
      expect(body).toEqual([expect.objectContaining({ id: user2.userId })]);
    });

    it('should get all partners that share with user', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/partner')
        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .query({ direction: PartnerDirection.SharedWith });
+        .query({ direction: 'shared-with' });

      expect(status).toBe(200);
      expect(body).toEqual([expect.objectContaining({ id: user2.userId })]);
@@ -71,14 +66,16 @@ describe(`${PartnerController.name} (e2e)`, () => {

  describe('POST /partner/:id', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).post(`/partner/${user3.userId}`);
+      const { status, body } = await request(app).post(
+        `/partner/${user3.userId}`
+      );

      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should share with new partner', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .post(`/partner/${user3.userId}`)
        .set('Authorization', `Bearer ${user1.accessToken}`);

@@ -87,44 +84,52 @@ describe(`${PartnerController.name} (e2e)`, () => {
    });

    it('should not share with new partner if already sharing with this partner', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .post(`/partner/${user2.userId}`)
        .set('Authorization', `Bearer ${user1.accessToken}`);

      expect(status).toBe(400);
-      expect(body).toEqual(expect.objectContaining({ message: 'Partner already exists' }));
+      expect(body).toEqual(
+        expect.objectContaining({ message: 'Partner already exists' })
+      );
    });
  });

  describe('PUT /partner/:id', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).put(`/partner/${user2.userId}`);
+      const { status, body } = await request(app).put(
+        `/partner/${user2.userId}`
+      );

      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should update partner', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .put(`/partner/${user2.userId}`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .send({ inTimeline: false });

      expect(status).toBe(200);
-      expect(body).toEqual(expect.objectContaining({ id: user2.userId, inTimeline: false }));
+      expect(body).toEqual(
+        expect.objectContaining({ id: user2.userId, inTimeline: false })
+      );
    });
  });

  describe('DELETE /partner/:id', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).delete(`/partner/${user3.userId}`);
+      const { status, body } = await request(app).delete(
+        `/partner/${user3.userId}`
+      );

      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should delete partner', async () => {
-      const { status } = await request(server)
+      const { status } = await request(app)
        .delete(`/partner/${user3.userId}`)
        .set('Authorization', `Bearer ${user1.accessToken}`);

@@ -132,12 +137,14 @@ describe(`${PartnerController.name} (e2e)`, () => {
    });

    it('should throw a bad request if partner not found', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .delete(`/partner/${user3.userId}`)
        .set('Authorization', `Bearer ${user1.accessToken}`);

      expect(status).toBe(400);
-      expect(body).toEqual(expect.objectContaining({ message: 'Partner not found' }));
+      expect(body).toEqual(
+        expect.objectContaining({ message: 'Partner not found' })
+      );
    });
  });
 });
--- a/e2e/src/api/specs/person.e2e-spec.ts
+++ b/e2e/src/api/specs/person.e2e-spec.ts
@@ -0,0 +1,178 @@
+import { LoginResponseDto, PersonResponseDto } from '@immich/sdk';
+import { uuidDto } from 'src/fixtures';
+import { errorDto } from 'src/responses';
+import { apiUtils, app, dbUtils } from 'src/utils';
+import request from 'supertest';
+import { beforeAll, beforeEach, describe, expect, it } from 'vitest';
+
+describe('/activity', () => {
+  let admin: LoginResponseDto;
+  let visiblePerson: PersonResponseDto;
+  let hiddenPerson: PersonResponseDto;
+
+  beforeAll(async () => {
+    apiUtils.setup();
+    await dbUtils.reset();
+    admin = await apiUtils.adminSetup();
+  });
+
+  beforeEach(async () => {
+    await dbUtils.reset(['person']);
+
+    [visiblePerson, hiddenPerson] = await Promise.all([
+      apiUtils.createPerson(admin.accessToken, {
+        name: 'visible_person',
+      }),
+      apiUtils.createPerson(admin.accessToken, {
+        name: 'hidden_person',
+        isHidden: true,
+      }),
+    ]);
+
+    const asset = await apiUtils.createAsset(admin.accessToken);
+
+    await Promise.all([
+      dbUtils.createFace({ assetId: asset.id, personId: visiblePerson.id }),
+      dbUtils.createFace({ assetId: asset.id, personId: hiddenPerson.id }),
+    ]);
+  });
+
+  describe('GET /person', () => {
+    beforeEach(async () => {});
+
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/person');
+
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should return all people (including hidden)', async () => {
+      const { status, body } = await request(app)
+        .get('/person')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .query({ withHidden: true });
+
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        total: 2,
+        hidden: 1,
+        people: [
+          expect.objectContaining({ name: 'visible_person' }),
+          expect.objectContaining({ name: 'hidden_person' }),
+        ],
+      });
+    });
+
+    it('should return only visible people', async () => {
+      const { status, body } = await request(app)
+        .get('/person')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        total: 2,
+        hidden: 1,
+        people: [expect.objectContaining({ name: 'visible_person' })],
+      });
+    });
+  });
+
+  describe('GET /person/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get(
+        `/person/${uuidDto.notFound}`
+      );
+
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should throw error if person with id does not exist', async () => {
+      const { status, body } = await request(app)
+        .get(`/person/${uuidDto.notFound}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest());
+    });
+
+    it('should return person information', async () => {
+      const { status, body } = await request(app)
+        .get(`/person/${visiblePerson.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toEqual(expect.objectContaining({ id: visiblePerson.id }));
+    });
+  });
+
+  describe('PUT /person/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).put(
+        `/person/${uuidDto.notFound}`
+      );
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    for (const { key, type } of [
+      { key: 'name', type: 'string' },
+      { key: 'featureFaceAssetId', type: 'string' },
+      { key: 'isHidden', type: 'boolean value' },
+    ]) {
+      it(`should not allow null ${key}`, async () => {
+        const { status, body } = await request(app)
+          .put(`/person/${visiblePerson.id}`)
+          .set('Authorization', `Bearer ${admin.accessToken}`)
+          .send({ [key]: null });
+        expect(status).toBe(400);
+        expect(body).toEqual(errorDto.badRequest([`${key} must be a ${type}`]));
+      });
+    }
+
+    it('should not accept invalid birth dates', async () => {
+      for (const { birthDate, response } of [
+        { birthDate: false, response: 'Not found or no person.write access' },
+        { birthDate: 'false', response: ['birthDate must be a Date instance'] },
+        {
+          birthDate: '123567',
+          response: 'Not found or no person.write access',
+        },
+        { birthDate: 123567, response: 'Not found or no person.write access' },
+      ]) {
+        const { status, body } = await request(app)
+          .put(`/person/${uuidDto.notFound}`)
+          .set('Authorization', `Bearer ${admin.accessToken}`)
+          .send({ birthDate });
+        expect(status).toBe(400);
+        expect(body).toEqual(errorDto.badRequest(response));
+      }
+    });
+
+    it('should update a date of birth', async () => {
+      const { status, body } = await request(app)
+        .put(`/person/${visiblePerson.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ birthDate: '1990-01-01T05:00:00.000Z' });
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ birthDate: '1990-01-01' });
+    });
+
+    it('should clear a date of birth', async () => {
+      // TODO ironically this uses the update endpoint to create the person
+      const person = await apiUtils.createPerson(admin.accessToken, {
+        birthDate: new Date('1990-01-01').toISOString(),
+      });
+
+      expect(person.birthDate).toBeDefined();
+
+      const { status, body } = await request(app)
+        .put(`/person/${person.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ birthDate: null });
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ birthDate: null });
+    });
+  });
+});
--- a/server/e2e/api/specs/server-info.e2e-spec.ts
+++ b/server/e2e/api/specs/server-info.e2e-spec.ts
@@ -1,38 +1,30 @@
-import { LoginResponseDto } from '@app/domain';
-import { ServerInfoController } from '@app/immich';
-import { errorStub, userDto } from '@test/fixtures';
+import { LoginResponseDto, getServerConfig } from '@immich/sdk';
+import { createUserDto } from 'src/fixtures';
+import { errorDto } from 'src/responses';
+import { apiUtils, app, dbUtils } from 'src/utils';
 import request from 'supertest';
-import { api } from '../../client';
-import { testApp } from '../utils';
+import { beforeAll, describe, expect, it } from 'vitest';

-describe(`${ServerInfoController.name} (e2e)`, () => {
-  let server: any;
+describe('/server-info', () => {
  let admin: LoginResponseDto;
  let nonAdmin: LoginResponseDto;

  beforeAll(async () => {
-    server = (await testApp.create()).getHttpServer();
-
-    await testApp.reset();
-    await api.authApi.adminSignUp(server);
-    admin = await api.authApi.adminLogin(server);
-    await api.userApi.create(server, admin.accessToken, userDto.user1);
-    nonAdmin = await api.authApi.login(server, userDto.user1);
-  });
-
-  afterAll(async () => {
-    await testApp.teardown();
+    apiUtils.setup();
+    await dbUtils.reset();
+    admin = await apiUtils.adminSetup({ onboarding: false });
+    nonAdmin = await apiUtils.userSetup(admin.accessToken, createUserDto.user1);
  });

  describe('GET /server-info', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).get('/server-info');
+      const { status, body } = await request(app).get('/server-info');
      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should return the disk information', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/server-info')
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(200);
@@ -50,7 +42,7 @@ describe(`${ServerInfoController.name} (e2e)`, () => {

  describe('GET /server-info/ping', () => {
    it('should respond with pong', async () => {
-      const { status, body } = await request(server).get('/server-info/ping');
+      const { status, body } = await request(app).get('/server-info/ping');
      expect(status).toBe(200);
      expect(body).toEqual({ res: 'pong' });
    });
@@ -58,7 +50,7 @@ describe(`${ServerInfoController.name} (e2e)`, () => {

  describe('GET /server-info/version', () => {
    it('should respond with the server version', async () => {
-      const { status, body } = await request(server).get('/server-info/version');
+      const { status, body } = await request(app).get('/server-info/version');
      expect(status).toBe(200);
      expect(body).toEqual({
        major: expect.any(Number),
@@ -70,12 +62,12 @@ describe(`${ServerInfoController.name} (e2e)`, () => {

  describe('GET /server-info/features', () => {
    it('should respond with the server features', async () => {
-      const { status, body } = await request(server).get('/server-info/features');
+      const { status, body } = await request(app).get('/server-info/features');
      expect(status).toBe(200);
      expect(body).toEqual({
-        smartSearch: true,
+        smartSearch: false,
        configFile: false,
-        facialRecognition: true,
+        facialRecognition: false,
        map: true,
        reverseGeocoding: true,
        oauth: false,
@@ -90,7 +82,7 @@ describe(`${ServerInfoController.name} (e2e)`, () => {

  describe('GET /server-info/config', () => {
    it('should respond with the server configuration', async () => {
-      const { status, body } = await request(server).get('/server-info/config');
+      const { status, body } = await request(app).get('/server-info/config');
      expect(status).toBe(200);
      expect(body).toEqual({
        loginPageMessage: '',
@@ -105,21 +97,23 @@ describe(`${ServerInfoController.name} (e2e)`, () => {

  describe('GET /server-info/statistics', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).get('/server-info/statistics');
+      const { status, body } = await request(app).get(
+        '/server-info/statistics'
+      );
      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should only work for admins', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/server-info/statistics')
        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
      expect(status).toBe(403);
-      expect(body).toEqual(errorStub.forbidden);
+      expect(body).toEqual(errorDto.forbidden);
    });

    it('should return the server stats', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/server-info/statistics')
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(200);
@@ -151,7 +145,9 @@ describe(`${ServerInfoController.name} (e2e)`, () => {

  describe('GET /server-info/media-types', () => {
    it('should return accepted media types', async () => {
-      const { status, body } = await request(server).get('/server-info/media-types');
+      const { status, body } = await request(app).get(
+        '/server-info/media-types'
+      );
      expect(status).toBe(200);
      expect(body).toEqual({
        sidecar: ['.xmp'],
@@ -163,7 +159,7 @@ describe(`${ServerInfoController.name} (e2e)`, () => {

  describe('GET /server-info/theme', () => {
    it('should respond with the server theme', async () => {
-      const { status, body } = await request(server).get('/server-info/theme');
+      const { status, body } = await request(app).get('/server-info/theme');
      expect(status).toBe(200);
      expect(body).toEqual({
        customCss: '',
@@ -173,15 +169,15 @@ describe(`${ServerInfoController.name} (e2e)`, () => {

  describe('POST /server-info/admin-onboarding', () => {
    it('should set admin onboarding', async () => {
-      const config = await api.serverInfoApi.getConfig(server);
+      const config = await getServerConfig({});
      expect(config.isOnboarded).toBe(false);

-      const { status } = await request(server)
+      const { status } = await request(app)
        .post('/server-info/admin-onboarding')
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(204);

-      const newConfig = await api.serverInfoApi.getConfig(server);
+      const newConfig = await getServerConfig({});
      expect(newConfig.isOnboarded).toBe(true);
    });
  });
--- a/server/e2e/api/specs/shared-link.e2e-spec.ts
+++ b/server/e2e/api/specs/shared-link.e2e-spec.ts
@@ -1,24 +1,22 @@
 import {
  AlbumResponseDto,
-  AssetResponseDto,
-  IAssetRepository,
+  AssetFileUploadResponseDto,
  LoginResponseDto,
  SharedLinkResponseDto,
-} from '@app/domain';
-import { SharedLinkController } from '@app/immich';
-import { SharedLinkType } from '@app/infra/entities';
-import { INestApplication } from '@nestjs/common';
-import { errorStub, userDto, uuidStub } from '@test/fixtures';
-import { DateTime } from 'luxon';
+  SharedLinkType,
+  createAlbum,
+  deleteUser,
+} from '@immich/sdk';
+import { createUserDto, uuidDto } from 'src/fixtures';
+import { errorDto } from 'src/responses';
+import { apiUtils, app, asBearerAuth, dbUtils } from 'src/utils';
 import request from 'supertest';
-import { api } from '../../client';
-import { testApp } from '../utils';
+import { beforeAll, describe, expect, it } from 'vitest';

-describe(`${SharedLinkController.name} (e2e)`, () => {
-  let server: any;
+describe('/shared-link', () => {
  let admin: LoginResponseDto;
-  let asset1: AssetResponseDto;
-  let asset2: AssetResponseDto;
+  let asset1: AssetFileUploadResponseDto;
+  let asset2: AssetFileUploadResponseDto;
  let user1: LoginResponseDto;
  let user2: LoginResponseDto;
  let album: AlbumResponseDto;
@@ -30,97 +28,96 @@ describe(`${SharedLinkController.name} (e2e)`, () => {
  let linkWithAssets: SharedLinkResponseDto;
  let linkWithMetadata: SharedLinkResponseDto;
  let linkWithoutMetadata: SharedLinkResponseDto;
-  let app: INestApplication<any>;

  beforeAll(async () => {
-    app = await testApp.create();
-    server = app.getHttpServer();
-    const assetRepository = app.get<IAssetRepository>(IAssetRepository);
+    apiUtils.setup();
+    await dbUtils.reset();

-    await testApp.reset();
-    await api.authApi.adminSignUp(server);
-    admin = await api.authApi.adminLogin(server);
-
-    await Promise.all([
-      api.userApi.create(server, admin.accessToken, userDto.user1),
-      api.userApi.create(server, admin.accessToken, userDto.user2),
-    ]);
+    admin = await apiUtils.adminSetup();

    [user1, user2] = await Promise.all([
-      api.authApi.login(server, userDto.user1),
-      api.authApi.login(server, userDto.user2),
+      apiUtils.userSetup(admin.accessToken, createUserDto.user1),
+      apiUtils.userSetup(admin.accessToken, createUserDto.user2),
    ]);

    [asset1, asset2] = await Promise.all([
-      api.assetApi.create(server, user1.accessToken),
-      api.assetApi.create(server, user1.accessToken),
+      apiUtils.createAsset(user1.accessToken),
+      apiUtils.createAsset(user1.accessToken),
    ]);

-    await assetRepository.upsertExif({
-      assetId: asset1.id,
-      longitude: -108.400968333333,
-      latitude: 39.115,
-      orientation: '1',
-      dateTimeOriginal: DateTime.fromISO('2022-01-10T19:15:44.310Z').toJSDate(),
-      timeZone: 'UTC-4',
-      state: 'Mesa County, Colorado',
-      country: 'United States of America',
-    });
-
    [album, deletedAlbum, metadataAlbum] = await Promise.all([
-      api.albumApi.create(server, user1.accessToken, { albumName: 'album' }),
-      api.albumApi.create(server, user2.accessToken, { albumName: 'deleted album' }),
-      api.albumApi.create(server, user1.accessToken, { albumName: 'metadata album', assetIds: [asset1.id] }),
+      createAlbum(
+        { createAlbumDto: { albumName: 'album' } },
+        { headers: asBearerAuth(user1.accessToken) },
+      ),
+      createAlbum(
+        { createAlbumDto: { albumName: 'deleted album' } },
+        { headers: asBearerAuth(user2.accessToken) },
+      ),
+      createAlbum(
+        {
+          createAlbumDto: {
+            albumName: 'metadata album',
+            assetIds: [asset1.id],
+          },
+        },
+        { headers: asBearerAuth(user1.accessToken) },
+      ),
    ]);

-    [linkWithDeletedAlbum, linkWithAlbum, linkWithAssets, linkWithPassword, linkWithMetadata, linkWithoutMetadata] =
-      await Promise.all([
-        api.sharedLinkApi.create(server, user2.accessToken, {
-          type: SharedLinkType.ALBUM,
-          albumId: deletedAlbum.id,
-        }),
-        api.sharedLinkApi.create(server, user1.accessToken, {
-          type: SharedLinkType.ALBUM,
-          albumId: album.id,
-        }),
-        api.sharedLinkApi.create(server, user1.accessToken, {
-          type: SharedLinkType.INDIVIDUAL,
-          assetIds: [asset1.id],
-        }),
-        api.sharedLinkApi.create(server, user1.accessToken, {
-          type: SharedLinkType.ALBUM,
-          albumId: album.id,
-          password: 'foo',
-        }),
-        api.sharedLinkApi.create(server, user1.accessToken, {
-          type: SharedLinkType.ALBUM,
-          albumId: metadataAlbum.id,
-          showMetadata: true,
-        }),
-        api.sharedLinkApi.create(server, user1.accessToken, {
-          type: SharedLinkType.ALBUM,
-          albumId: metadataAlbum.id,
-          showMetadata: false,
-        }),
-      ]);
+    [
+      linkWithDeletedAlbum,
+      linkWithAlbum,
+      linkWithAssets,
+      linkWithPassword,
+      linkWithMetadata,
+      linkWithoutMetadata,
+    ] = await Promise.all([
+      apiUtils.createSharedLink(user2.accessToken, {
+        type: SharedLinkType.Album,
+        albumId: deletedAlbum.id,
+      }),
+      apiUtils.createSharedLink(user1.accessToken, {
+        type: SharedLinkType.Album,
+        albumId: album.id,
+      }),
+      apiUtils.createSharedLink(user1.accessToken, {
+        type: SharedLinkType.Individual,
+        assetIds: [asset1.id],
+      }),
+      apiUtils.createSharedLink(user1.accessToken, {
+        type: SharedLinkType.Album,
+        albumId: album.id,
+        password: 'foo',
+      }),
+      apiUtils.createSharedLink(user1.accessToken, {
+        type: SharedLinkType.Album,
+        albumId: metadataAlbum.id,
+        showMetadata: true,
+      }),
+      apiUtils.createSharedLink(user1.accessToken, {
+        type: SharedLinkType.Album,
+        albumId: metadataAlbum.id,
+        showMetadata: false,
+      }),
+    ]);

-    await api.userApi.delete(server, admin.accessToken, user2.userId);
-  });
-
-  afterAll(async () => {
-    await testApp.teardown();
+    await deleteUser(
+      { id: user2.userId },
+      { headers: asBearerAuth(admin.accessToken) },
+    );
  });

  describe('GET /shared-link', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).get('/shared-link');
+      const { status, body } = await request(app).get('/shared-link');

      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should get all shared links created by user', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/shared-link')
        .set('Authorization', `Bearer ${user1.accessToken}`);

@@ -138,7 +135,7 @@ describe(`${SharedLinkController.name} (e2e)`, () => {
    });

    it('should not get shared links created by other users', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/shared-link')
        .set('Authorization', `Bearer ${admin.accessToken}`);

@@ -149,7 +146,7 @@ describe(`${SharedLinkController.name} (e2e)`, () => {

  describe('GET /shared-link/me', () => {
    it('should not require admin authentication', async () => {
-      const { status } = await request(server)
+      const { status } = await request(app)
        .get('/shared-link/me')
        .set('Authorization', `Bearer ${admin.accessToken}`);

@@ -157,52 +154,66 @@ describe(`${SharedLinkController.name} (e2e)`, () => {
    });

    it('should get data for correct shared link', async () => {
-      const { status, body } = await request(server).get('/shared-link/me').query({ key: linkWithAlbum.key });
+      const { status, body } = await request(app)
+        .get('/shared-link/me')
+        .query({ key: linkWithAlbum.key });

      expect(status).toBe(200);
      expect(body).toEqual(
        expect.objectContaining({
          album,
          userId: user1.userId,
-          type: SharedLinkType.ALBUM,
+          type: SharedLinkType.Album,
        }),
      );
    });

    it('should return unauthorized for incorrect shared link', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/shared-link/me')
        .query({ key: linkWithAlbum.key + 'foo' });

      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.invalidShareKey);
+      expect(body).toEqual(errorDto.invalidShareKey);
    });

    it('should return unauthorized if target has been soft deleted', async () => {
-      const { status, body } = await request(server).get('/shared-link/me').query({ key: linkWithDeletedAlbum.key });
+      const { status, body } = await request(app)
+        .get('/shared-link/me')
+        .query({ key: linkWithDeletedAlbum.key });

      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.invalidShareKey);
+      expect(body).toEqual(errorDto.invalidShareKey);
    });

    it('should return unauthorized for password protected link', async () => {
-      const { status, body } = await request(server).get('/shared-link/me').query({ key: linkWithPassword.key });
+      const { status, body } = await request(app)
+        .get('/shared-link/me')
+        .query({ key: linkWithPassword.key });

      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.invalidSharePassword);
+      expect(body).toEqual(errorDto.invalidSharePassword);
    });

    it('should get data for correct password protected link', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/shared-link/me')
        .query({ key: linkWithPassword.key, password: 'foo' });

      expect(status).toBe(200);
-      expect(body).toEqual(expect.objectContaining({ album, userId: user1.userId, type: SharedLinkType.ALBUM }));
+      expect(body).toEqual(
+        expect.objectContaining({
+          album,
+          userId: user1.userId,
+          type: SharedLinkType.Album,
+        }),
+      );
    });

    it('should return metadata for album shared link', async () => {
-      const { status, body } = await request(server).get('/shared-link/me').query({ key: linkWithMetadata.key });
+      const { status, body } = await request(app)
+        .get('/shared-link/me')
+        .query({ key: linkWithMetadata.key });

      expect(status).toBe(200);
      expect(body.assets).toHaveLength(1);
@@ -211,22 +222,16 @@ describe(`${SharedLinkController.name} (e2e)`, () => {
          originalFileName: 'example',
          localDateTime: expect.any(String),
          fileCreatedAt: expect.any(String),
-          exifInfo: expect.objectContaining({
-            longitude: -108.400968333333,
-            latitude: 39.115,
-            orientation: '1',
-            dateTimeOriginal: expect.any(String),
-            timeZone: 'UTC-4',
-            state: 'Mesa County, Colorado',
-            country: 'United States of America',
-          }),
+          exifInfo: expect.any(Object),
        }),
      );
      expect(body.album).toBeDefined();
    });

    it('should not return metadata for album shared link without metadata', async () => {
-      const { status, body } = await request(server).get('/shared-link/me').query({ key: linkWithoutMetadata.key });
+      const { status, body } = await request(app)
+        .get('/shared-link/me')
+        .query({ key: linkWithoutMetadata.key });

      expect(status).toBe(200);
      expect(body.assets).toHaveLength(1);
@@ -242,127 +247,150 @@ describe(`${SharedLinkController.name} (e2e)`, () => {

  describe('GET /shared-link/:id', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).get(`/shared-link/${linkWithAlbum.id}`);
+      const { status, body } = await request(app).get(
+        `/shared-link/${linkWithAlbum.id}`,
+      );

      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should get shared link by id', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get(`/shared-link/${linkWithAlbum.id}`)
        .set('Authorization', `Bearer ${user1.accessToken}`);

      expect(status).toBe(200);
-      expect(body).toEqual(expect.objectContaining({ album, userId: user1.userId, type: SharedLinkType.ALBUM }));
+      expect(body).toEqual(
+        expect.objectContaining({
+          album,
+          userId: user1.userId,
+          type: SharedLinkType.Album,
+        }),
+      );
    });

    it('should not get shared link by id if user has not created the link or it does not exist', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get(`/shared-link/${linkWithAlbum.id}`)
        .set('Authorization', `Bearer ${admin.accessToken}`);

      expect(status).toBe(400);
-      expect(body).toEqual(expect.objectContaining({ message: 'Shared link not found' }));
+      expect(body).toEqual(
+        expect.objectContaining({ message: 'Shared link not found' }),
+      );
    });
  });

  describe('POST /shared-link', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .post('/shared-link')
-        .send({ type: SharedLinkType.ALBUM, albumId: uuidStub.notFound });
+        .send({ type: SharedLinkType.Album, albumId: uuidDto.notFound });

      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should require a type and the correspondent asset/album id', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .post('/shared-link')
        .set('Authorization', `Bearer ${user1.accessToken}`);

      expect(status).toBe(400);
-      expect(body).toEqual(errorStub.badRequest());
+      expect(body).toEqual(errorDto.badRequest());
    });

    it('should require an asset/album id', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .post('/shared-link')
        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ type: SharedLinkType.ALBUM });
+        .send({ type: SharedLinkType.Album });

      expect(status).toBe(400);
-      expect(body).toEqual(expect.objectContaining({ message: 'Invalid albumId' }));
+      expect(body).toEqual(
+        expect.objectContaining({ message: 'Invalid albumId' }),
+      );
    });

    it('should require a valid asset id', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .post('/shared-link')
        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ type: SharedLinkType.INDIVIDUAL, assetId: uuidStub.notFound });
+        .send({ type: SharedLinkType.Individual, assetId: uuidDto.notFound });

      expect(status).toBe(400);
-      expect(body).toEqual(expect.objectContaining({ message: 'Invalid assetIds' }));
+      expect(body).toEqual(
+        expect.objectContaining({ message: 'Invalid assetIds' }),
+      );
    });

    it('should create a shared link', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .post('/shared-link')
        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ type: SharedLinkType.ALBUM, albumId: album.id });
+        .send({ type: SharedLinkType.Album, albumId: album.id });

      expect(status).toBe(201);
-      expect(body).toEqual(expect.objectContaining({ type: SharedLinkType.ALBUM, userId: user1.userId }));
+      expect(body).toEqual(
+        expect.objectContaining({
+          type: SharedLinkType.Album,
+          userId: user1.userId,
+        }),
+      );
    });
  });

  describe('PATCH /shared-link/:id', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .patch(`/shared-link/${linkWithAlbum.id}`)
        .send({ description: 'foo' });

      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should fail if invalid link', async () => {
-      const { status, body } = await request(server)
-        .patch(`/shared-link/${uuidStub.notFound}`)
+      const { status, body } = await request(app)
+        .patch(`/shared-link/${uuidDto.notFound}`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .send({ description: 'foo' });

      expect(status).toBe(400);
-      expect(body).toEqual(errorStub.badRequest());
+      expect(body).toEqual(errorDto.badRequest());
    });

    it('should update shared link', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .patch(`/shared-link/${linkWithAlbum.id}`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .send({ description: 'foo' });

      expect(status).toBe(200);
      expect(body).toEqual(
-        expect.objectContaining({ type: SharedLinkType.ALBUM, userId: user1.userId, description: 'foo' }),
+        expect.objectContaining({
+          type: SharedLinkType.Album,
+          userId: user1.userId,
+          description: 'foo',
+        }),
      );
    });
  });

  describe('PUT /shared-link/:id/assets', () => {
    it('should not add assets to shared link (album)', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .put(`/shared-link/${linkWithAlbum.id}/assets`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .send({ assetIds: [asset2.id] });

      expect(status).toBe(400);
-      expect(body).toEqual(errorStub.badRequest('Invalid shared link type'));
+      expect(body).toEqual(errorDto.badRequest('Invalid shared link type'));
    });

    it('should add an assets to a shared link (individual)', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .put(`/shared-link/${linkWithAssets.id}/assets`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .send({ assetIds: [asset2.id] });
@@ -374,17 +402,17 @@ describe(`${SharedLinkController.name} (e2e)`, () => {

  describe('DELETE /shared-link/:id/assets', () => {
    it('should not remove assets from a shared link (album)', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .delete(`/shared-link/${linkWithAlbum.id}/assets`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .send({ assetIds: [asset2.id] });

      expect(status).toBe(400);
-      expect(body).toEqual(errorStub.badRequest('Invalid shared link type'));
+      expect(body).toEqual(errorDto.badRequest('Invalid shared link type'));
    });

    it('should remove assets from a shared link (individual)', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .delete(`/shared-link/${linkWithAssets.id}/assets`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .send({ assetIds: [asset2.id] });
@@ -396,23 +424,25 @@ describe(`${SharedLinkController.name} (e2e)`, () => {

  describe('DELETE /shared-link/:id', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).delete(`/shared-link/${linkWithAlbum.id}`);
+      const { status, body } = await request(app).delete(
+        `/shared-link/${linkWithAlbum.id}`,
+      );

      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should fail if invalid link', async () => {
-      const { status, body } = await request(server)
-        .delete(`/shared-link/${uuidStub.notFound}`)
+      const { status, body } = await request(app)
+        .delete(`/shared-link/${uuidDto.notFound}`)
        .set('Authorization', `Bearer ${user1.accessToken}`);

      expect(status).toBe(400);
-      expect(body).toEqual(errorStub.badRequest());
+      expect(body).toEqual(errorDto.badRequest());
    });

    it('should delete a shared link', async () => {
-      const { status } = await request(server)
+      const { status } = await request(app)
        .delete(`/shared-link/${linkWithAlbum.id}`)
        .set('Authorization', `Bearer ${user1.accessToken}`);

--- a/server/e2e/api/specs/system-config.e2e-spec.ts
+++ b/server/e2e/api/specs/system-config.e2e-spec.ts
@@ -1,49 +1,47 @@
-import { LoginResponseDto } from '@app/domain';
-import { SystemConfigController } from '@app/immich';
-import { errorStub, userDto } from '@test/fixtures';
+import { LoginResponseDto } from '@immich/sdk';
+import { createUserDto } from 'src/fixtures';
+import { errorDto } from 'src/responses';
+import { apiUtils, app, dbUtils } from 'src/utils';
 import request from 'supertest';
-import { api } from '../../client';
-import { testApp } from '../utils';
+import { beforeAll, describe, expect, it } from 'vitest';

-describe(`${SystemConfigController.name} (e2e)`, () => {
-  let server: any;
+describe('/system-config', () => {
  let admin: LoginResponseDto;
  let nonAdmin: LoginResponseDto;

  beforeAll(async () => {
-    server = (await testApp.create()).getHttpServer();
-
-    await testApp.reset();
-    await api.authApi.adminSignUp(server);
-    admin = await api.authApi.adminLogin(server);
-    await api.userApi.create(server, admin.accessToken, userDto.user1);
-    nonAdmin = await api.authApi.login(server, userDto.user1);
-  });
-
-  afterAll(async () => {
-    await testApp.teardown();
+    apiUtils.setup();
+    await dbUtils.reset();
+    admin = await apiUtils.adminSetup();
+    nonAdmin = await apiUtils.userSetup(admin.accessToken, createUserDto.user1);
  });

  describe('GET /system-config/map/style.json', () => {
    it('should require authentication', async () => {
-      const { status, body } = await request(server).get('/system-config/map/style.json');
+      const { status, body } = await request(app).get(
+        '/system-config/map/style.json'
+      );
      expect(status).toBe(401);
-      expect(body).toEqual(errorStub.unauthorized);
+      expect(body).toEqual(errorDto.unauthorized);
    });

    it('should throw an error if a theme is not light or dark', async () => {
      for (const theme of ['dark1', true, 123, '', null, undefined]) {
-        const { status, body } = await request(server)
+        const { status, body } = await request(app)
          .get('/system-config/map/style.json')
          .query({ theme })
          .set('Authorization', `Bearer ${admin.accessToken}`);
        expect(status).toBe(400);
-        expect(body).toEqual(errorStub.badRequest(['theme must be one of the following values: light, dark']));
+        expect(body).toEqual(
+          errorDto.badRequest([
+            'theme must be one of the following values: light, dark',
+          ])
+        );
      }
    });

    it('should return the light style.json', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/system-config/map/style.json')
        .query({ theme: 'light' })
        .set('Authorization', `Bearer ${admin.accessToken}`);
@@ -52,7 +50,7 @@ describe(`${SystemConfigController.name} (e2e)`, () => {
    });

    it('should return the dark style.json', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/system-config/map/style.json')
        .query({ theme: 'dark' })
        .set('Authorization', `Bearer ${admin.accessToken}`);
@@ -61,7 +59,7 @@ describe(`${SystemConfigController.name} (e2e)`, () => {
    });

    it('should not require admin authentication', async () => {
-      const { status, body } = await request(server)
+      const { status, body } = await request(app)
        .get('/system-config/map/style.json')
        .query({ theme: 'dark' })
        .set('Authorization', `Bearer ${nonAdmin.accessToken}`);
--- a/e2e/src/api/specs/trash.e2e-spec.ts
+++ b/e2e/src/api/specs/trash.e2e-spec.ts
@@ -0,0 +1,107 @@
+import { LoginResponseDto, getAllAssets } from '@immich/sdk';
+import { Socket } from 'socket.io-client';
+import { errorDto } from 'src/responses';
+import { apiUtils, app, asBearerAuth, dbUtils, wsUtils } from 'src/utils';
+import request from 'supertest';
+import { afterAll, beforeAll, describe, expect, it } from 'vitest';
+
+describe('/trash', () => {
+  let admin: LoginResponseDto;
+  let ws: Socket;
+
+  beforeAll(async () => {
+    apiUtils.setup();
+    await dbUtils.reset();
+    admin = await apiUtils.adminSetup({ onboarding: false });
+    ws = await wsUtils.connect(admin.accessToken);
+  });
+
+  afterAll(() => {
+    wsUtils.disconnect(ws);
+  });
+
+  describe('POST /trash/empty', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).post('/trash/empty');
+
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should empty the trash', async () => {
+      const { id: assetId } = await apiUtils.createAsset(admin.accessToken);
+      await apiUtils.deleteAssets(admin.accessToken, [assetId]);
+
+      const before = await getAllAssets(
+        {},
+        { headers: asBearerAuth(admin.accessToken) },
+      );
+
+      expect(before.length).toBeGreaterThanOrEqual(1);
+
+      const { status } = await request(app)
+        .post('/trash/empty')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(204);
+
+      await wsUtils.once(ws, 'on_asset_delete');
+
+      const after = await getAllAssets(
+        {},
+        { headers: asBearerAuth(admin.accessToken) },
+      );
+      expect(after.length).toBe(0);
+    });
+  });
+
+  describe('POST /trash/restore', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).post('/trash/restore');
+
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should restore all trashed assets', async () => {
+      const { id: assetId } = await apiUtils.createAsset(admin.accessToken);
+      await apiUtils.deleteAssets(admin.accessToken, [assetId]);
+
+      const before = await apiUtils.getAssetInfo(admin.accessToken, assetId);
+      expect(before.isTrashed).toBe(true);
+
+      const { status } = await request(app)
+        .post('/trash/restore')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(204);
+
+      const after = await apiUtils.getAssetInfo(admin.accessToken, assetId);
+      expect(after.isTrashed).toBe(false);
+    });
+  });
+
+  describe('POST /trash/restore/assets', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).post('/trash/restore/assets');
+
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should restore a trashed asset by id', async () => {
+      const { id: assetId } = await apiUtils.createAsset(admin.accessToken);
+      await apiUtils.deleteAssets(admin.accessToken, [assetId]);
+
+      const before = await apiUtils.getAssetInfo(admin.accessToken, assetId);
+      expect(before.isTrashed).toBe(true);
+
+      const { status } = await request(app)
+        .post('/trash/restore/assets')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ ids: [assetId] });
+      expect(status).toBe(204);
+
+      const after = await apiUtils.getAssetInfo(admin.accessToken, assetId);
+      expect(after.isTrashed).toBe(false);
+    });
+  });
+});
--- a/e2e/src/api/specs/user.e2e-spec.ts
+++ b/e2e/src/api/specs/user.e2e-spec.ts
@@ -0,0 +1,308 @@
+import { LoginResponseDto, deleteUser, getUserById } from '@immich/sdk';
+import { createUserDto, userDto } from 'src/fixtures';
+import { errorDto } from 'src/responses';
+import { apiUtils, app, asBearerAuth, dbUtils } from 'src/utils';
+import request from 'supertest';
+import { beforeAll, describe, expect, it } from 'vitest';
+
+describe('/server-info', () => {
+  let admin: LoginResponseDto;
+  let deletedUser: LoginResponseDto;
+  let userToDelete: LoginResponseDto;
+  let nonAdmin: LoginResponseDto;
+
+  beforeAll(async () => {
+    apiUtils.setup();
+    await dbUtils.reset();
+    admin = await apiUtils.adminSetup({ onboarding: false });
+
+    [deletedUser, nonAdmin, userToDelete] = await Promise.all([
+      apiUtils.userSetup(admin.accessToken, createUserDto.user1),
+      apiUtils.userSetup(admin.accessToken, createUserDto.user2),
+      apiUtils.userSetup(admin.accessToken, createUserDto.user3),
+    ]);
+
+    await deleteUser(
+      { id: deletedUser.userId },
+      { headers: asBearerAuth(admin.accessToken) }
+    );
+  });
+
+  describe('GET /user', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get('/user');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should get users', async () => {
+      const { status, body } = await request(app)
+        .get('/user')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toEqual(200);
+      expect(body).toHaveLength(4);
+      expect(body).toEqual(
+        expect.arrayContaining([
+          expect.objectContaining({ email: 'admin@immich.cloud' }),
+          expect.objectContaining({ email: 'user1@immich.cloud' }),
+          expect.objectContaining({ email: 'user2@immich.cloud' }),
+          expect.objectContaining({ email: 'user3@immich.cloud' }),
+        ])
+      );
+    });
+
+    it('should hide deleted users', async () => {
+      const { status, body } = await request(app)
+        .get(`/user`)
+        .query({ isAll: true })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toHaveLength(3);
+      expect(body).toEqual(
+        expect.arrayContaining([
+          expect.objectContaining({ email: 'admin@immich.cloud' }),
+          expect.objectContaining({ email: 'user2@immich.cloud' }),
+          expect.objectContaining({ email: 'user3@immich.cloud' }),
+        ])
+      );
+    });
+
+    it('should include deleted users', async () => {
+      const { status, body } = await request(app)
+        .get(`/user`)
+        .query({ isAll: false })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toHaveLength(4);
+      expect(body).toEqual(
+        expect.arrayContaining([
+          expect.objectContaining({ email: 'admin@immich.cloud' }),
+          expect.objectContaining({ email: 'user1@immich.cloud' }),
+          expect.objectContaining({ email: 'user2@immich.cloud' }),
+          expect.objectContaining({ email: 'user3@immich.cloud' }),
+        ])
+      );
+    });
+  });
+
+  describe('GET /user/info/:id', () => {
+    it('should require authentication', async () => {
+      const { status } = await request(app).get(`/user/info/${admin.userId}`);
+      expect(status).toEqual(401);
+    });
+
+    it('should get the user info', async () => {
+      const { status, body } = await request(app)
+        .get(`/user/info/${admin.userId}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toMatchObject({
+        id: admin.userId,
+        email: 'admin@immich.cloud',
+      });
+    });
+  });
+
+  describe('GET /user/me', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).get(`/user/me`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should get my info', async () => {
+      const { status, body } = await request(app)
+        .get(`/user/me`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toMatchObject({
+        id: admin.userId,
+        email: 'admin@immich.cloud',
+      });
+    });
+  });
+
+  describe('POST /user', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app)
+        .post(`/user`)
+        .send(createUserDto.user1);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    for (const key of Object.keys(createUserDto.user1)) {
+      it(`should not allow null ${key}`, async () => {
+        const { status, body } = await request(app)
+          .post(`/user`)
+          .set('Authorization', `Bearer ${admin.accessToken}`)
+          .send({ ...createUserDto.user1, [key]: null });
+        expect(status).toBe(400);
+        expect(body).toEqual(errorDto.badRequest());
+      });
+    }
+
+    it('should ignore `isAdmin`', async () => {
+      const { status, body } = await request(app)
+        .post(`/user`)
+        .send({
+          isAdmin: true,
+          email: 'user4@immich.cloud',
+          password: 'password123',
+          name: 'Immich',
+        })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(body).toMatchObject({
+        email: 'user4@immich.cloud',
+        isAdmin: false,
+        shouldChangePassword: true,
+      });
+      expect(status).toBe(201);
+    });
+
+    it('should create a user without memories enabled', async () => {
+      const { status, body } = await request(app)
+        .post(`/user`)
+        .send({
+          email: 'no-memories@immich.cloud',
+          password: 'Password123',
+          name: 'No Memories',
+          memoriesEnabled: false,
+        })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(body).toMatchObject({
+        email: 'no-memories@immich.cloud',
+        memoriesEnabled: false,
+      });
+      expect(status).toBe(201);
+    });
+  });
+
+  describe('DELETE /user/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).delete(
+        `/user/${userToDelete.userId}`
+      );
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    it('should delete user', async () => {
+      const { status, body } = await request(app)
+        .delete(`/user/${userToDelete.userId}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({
+        id: userToDelete.userId,
+        updatedAt: expect.any(String),
+        deletedAt: expect.any(String),
+      });
+    });
+  });
+
+  describe('PUT /user', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(app).put(`/user`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorDto.unauthorized);
+    });
+
+    for (const key of Object.keys(userDto.admin)) {
+      it(`should not allow null ${key}`, async () => {
+        const { status, body } = await request(app)
+          .put(`/user`)
+          .set('Authorization', `Bearer ${admin.accessToken}`)
+          .send({ ...userDto.admin, [key]: null });
+        expect(status).toBe(400);
+        expect(body).toEqual(errorDto.badRequest());
+      });
+    }
+
+    it('should not allow a non-admin to become an admin', async () => {
+      const { status, body } = await request(app)
+        .put(`/user`)
+        .send({ isAdmin: true, id: nonAdmin.userId })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.alreadyHasAdmin);
+    });
+
+    it('ignores updates to profileImagePath', async () => {
+      const { status, body } = await request(app)
+        .put(`/user`)
+        .send({ id: admin.userId, profileImagePath: 'invalid.jpg' })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({ id: admin.userId, profileImagePath: '' });
+    });
+
+    it('should ignore updates to createdAt, updatedAt and deletedAt', async () => {
+      const before = await getUserById(
+        { id: admin.userId },
+        { headers: asBearerAuth(admin.accessToken) }
+      );
+
+      const { status, body } = await request(app)
+        .put(`/user`)
+        .send({
+          id: admin.userId,
+          createdAt: '2023-01-01T00:00:00.000Z',
+          updatedAt: '2023-01-01T00:00:00.000Z',
+          deletedAt: '2023-01-01T00:00:00.000Z',
+        })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toStrictEqual(before);
+    });
+
+    it('should update first and last name', async () => {
+      const before = await getUserById(
+        { id: admin.userId },
+        { headers: asBearerAuth(admin.accessToken) }
+      );
+
+      const { status, body } = await request(app)
+        .put(`/user`)
+        .send({
+          id: admin.userId,
+          name: 'Name',
+        })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        ...before,
+        updatedAt: expect.any(String),
+        name: 'Name',
+      });
+      expect(before.updatedAt).not.toEqual(body.updatedAt);
+    });
+
+    it('should update memories enabled', async () => {
+      const before = await getUserById(
+        { id: admin.userId },
+        { headers: asBearerAuth(admin.accessToken) }
+      );
+      const { status, body } = await request(app)
+        .put(`/user`)
+        .send({
+          id: admin.userId,
+          memoriesEnabled: false,
+        })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(status).toBe(200);
+      expect(body).toMatchObject({
+        ...before,
+        updatedAt: expect.anything(),
+        memoriesEnabled: false,
+      });
+      expect(before.updatedAt).not.toEqual(body.updatedAt);
+    });
+  });
+});
--- a/e2e/src/cli/specs/login.e2e-spec.ts
+++ b/e2e/src/cli/specs/login.e2e-spec.ts
@@ -0,0 +1,58 @@
+import { stat } from 'node:fs/promises';
+import { apiUtils, app, dbUtils, immichCli } from 'src/utils';
+import { beforeEach, beforeAll, describe, expect, it } from 'vitest';
+
+describe(`immich login-key`, () => {
+  beforeAll(() => {
+    apiUtils.setup();
+  });
+
+  beforeEach(async () => {
+    await dbUtils.reset();
+  });
+
+  it('should require a url', async () => {
+    const { stderr, exitCode } = await immichCli(['login-key']);
+    expect(stderr).toBe("error: missing required argument 'url'");
+    expect(exitCode).toBe(1);
+  });
+
+  it('should require a key', async () => {
+    const { stderr, exitCode } = await immichCli(['login-key', app]);
+    expect(stderr).toBe("error: missing required argument 'key'");
+    expect(exitCode).toBe(1);
+  });
+
+  it('should require a valid key', async () => {
+    const { stderr, exitCode } = await immichCli([
+      'login-key',
+      app,
+      'immich-is-so-cool',
+    ]);
+    expect(stderr).toContain(
+      'Failed to connect to server http://127.0.0.1:2283/api: Error: 401'
+    );
+    expect(exitCode).toBe(1);
+  });
+
+  it('should login', async () => {
+    const admin = await apiUtils.adminSetup();
+    const key = await apiUtils.createApiKey(admin.accessToken);
+    const { stdout, stderr, exitCode } = await immichCli([
+      'login-key',
+      app,
+      `${key.secret}`,
+    ]);
+    expect(stdout.split('\n')).toEqual([
+      'Logging in...',
+      'Logged in as admin@immich.cloud',
+      'Wrote auth info to /tmp/immich/auth.yml',
+    ]);
+    expect(stderr).toBe('');
+    expect(exitCode).toBe(0);
+
+    const stats = await stat('/tmp/immich/auth.yml');
+    const mode = (stats.mode & 0o777).toString(8);
+    expect(mode).toEqual('600');
+  });
+});
--- a/e2e/src/cli/specs/server-info.e2e-spec.ts
+++ b/e2e/src/cli/specs/server-info.e2e-spec.ts
@@ -0,0 +1,25 @@
+import { apiUtils, cliUtils, dbUtils, immichCli } from 'src/utils';
+import { beforeAll, describe, expect, it } from 'vitest';
+
+describe(`immich server-info`, () => {
+  beforeAll(async () => {
+    apiUtils.setup();
+    await dbUtils.reset();
+    await cliUtils.login();
+  });
+
+  it('should return the server info', async () => {
+    const { stderr, stdout, exitCode } = await immichCli(['server-info']);
+    expect(stdout.split('\n')).toEqual([
+      expect.stringContaining('Server Version:'),
+      expect.stringContaining('Image Types:'),
+      expect.stringContaining('Video Types:'),
+      'Statistics:',
+      '  Images: 0',
+      '  Videos: 0',
+      '  Total: 0',
+    ]);
+    expect(stderr).toBe('');
+    expect(exitCode).toBe(0);
+  });
+});
--- a/e2e/src/cli/specs/upload.e2e-spec.ts
+++ b/e2e/src/cli/specs/upload.e2e-spec.ts
@@ -0,0 +1,179 @@
+import { getAllAlbums, getAllAssets } from '@immich/sdk';
+import { mkdir, readdir, rm, symlink } from 'fs/promises';
+import {
+  apiUtils,
+  asKeyAuth,
+  cliUtils,
+  dbUtils,
+  immichCli,
+  testAssetDir,
+} from 'src/utils';
+import { beforeAll, beforeEach, describe, expect, it } from 'vitest';
+
+describe(`immich upload`, () => {
+  let key: string;
+
+  beforeAll(async () => {
+    apiUtils.setup();
+    await dbUtils.reset();
+    key = await cliUtils.login();
+  });
+
+  beforeEach(async () => {
+    await dbUtils.reset(['assets', 'albums']);
+  });
+
+  describe('immich upload --recursive', () => {
+    it('should upload a folder recursively', async () => {
+      const { stderr, stdout, exitCode } = await immichCli([
+        'upload',
+        `${testAssetDir}/albums/nature/`,
+        '--recursive',
+      ]);
+      expect(stderr).toBe('');
+      expect(stdout.split('\n')).toEqual(
+        expect.arrayContaining([
+          expect.stringContaining('Successfully uploaded 9 assets'),
+        ]),
+      );
+      expect(exitCode).toBe(0);
+
+      const assets = await getAllAssets({}, { headers: asKeyAuth(key) });
+      expect(assets.length).toBe(9);
+    });
+  });
+
+  describe('immich upload --recursive --album', () => {
+    it('should create albums from folder names', async () => {
+      const { stderr, stdout, exitCode } = await immichCli([
+        'upload',
+        `${testAssetDir}/albums/nature/`,
+        '--recursive',
+        '--album',
+      ]);
+      expect(stdout.split('\n')).toEqual(
+        expect.arrayContaining([
+          expect.stringContaining('Successfully uploaded 9 assets'),
+          expect.stringContaining('Successfully created 1 new album'),
+          expect.stringContaining('Successfully updated 9 assets'),
+        ]),
+      );
+      expect(stderr).toBe('');
+      expect(exitCode).toBe(0);
+
+      const assets = await getAllAssets({}, { headers: asKeyAuth(key) });
+      expect(assets.length).toBe(9);
+
+      const albums = await getAllAlbums({}, { headers: asKeyAuth(key) });
+      expect(albums.length).toBe(1);
+      expect(albums[0].albumName).toBe('nature');
+    });
+
+    it('should add existing assets to albums', async () => {
+      const response1 = await immichCli([
+        'upload',
+        `${testAssetDir}/albums/nature/`,
+        '--recursive',
+      ]);
+      expect(response1.stdout.split('\n')).toEqual(
+        expect.arrayContaining([
+          expect.stringContaining('Successfully uploaded 9 assets'),
+        ]),
+      );
+      expect(response1.stderr).toBe('');
+      expect(response1.exitCode).toBe(0);
+
+      const assets1 = await getAllAssets({}, { headers: asKeyAuth(key) });
+      expect(assets1.length).toBe(9);
+
+      const albums1 = await getAllAlbums({}, { headers: asKeyAuth(key) });
+      expect(albums1.length).toBe(0);
+
+      const response2 = await immichCli([
+        'upload',
+        `${testAssetDir}/albums/nature/`,
+        '--recursive',
+        '--album',
+      ]);
+      expect(response2.stdout.split('\n')).toEqual(
+        expect.arrayContaining([
+          expect.stringContaining(
+            'All assets were already uploaded, nothing to do.',
+          ),
+          expect.stringContaining('Successfully updated 9 assets'),
+        ]),
+      );
+      expect(response2.stderr).toBe('');
+      expect(response2.exitCode).toBe(0);
+
+      const assets2 = await getAllAssets({}, { headers: asKeyAuth(key) });
+      expect(assets2.length).toBe(9);
+
+      const albums2 = await getAllAlbums({}, { headers: asKeyAuth(key) });
+      expect(albums2.length).toBe(1);
+      expect(albums2[0].albumName).toBe('nature');
+    });
+  });
+
+  describe('immich upload --recursive --album-name=e2e', () => {
+    it('should create a named album', async () => {
+      const { stderr, stdout, exitCode } = await immichCli([
+        'upload',
+        `${testAssetDir}/albums/nature/`,
+        '--recursive',
+        '--album-name=e2e',
+      ]);
+      expect(stdout.split('\n')).toEqual(
+        expect.arrayContaining([
+          expect.stringContaining('Successfully uploaded 9 assets'),
+          expect.stringContaining('Successfully created 1 new album'),
+          expect.stringContaining('Successfully updated 9 assets'),
+        ]),
+      );
+      expect(stderr).toBe('');
+      expect(exitCode).toBe(0);
+
+      const assets = await getAllAssets({}, { headers: asKeyAuth(key) });
+      expect(assets.length).toBe(9);
+
+      const albums = await getAllAlbums({}, { headers: asKeyAuth(key) });
+      expect(albums.length).toBe(1);
+      expect(albums[0].albumName).toBe('e2e');
+    });
+  });
+
+  describe('immich upload --delete', () => {
+    it('should delete local files if specified', async () => {
+      await mkdir(`/tmp/albums/nature`, { recursive: true });
+      const filesToLink = await readdir(`${testAssetDir}/albums/nature`);
+      for (const file of filesToLink) {
+        await symlink(
+          `${testAssetDir}/albums/nature/${file}`,
+          `/tmp/albums/nature/${file}`,
+        );
+      }
+
+      const { stderr, stdout, exitCode } = await immichCli([
+        'upload',
+        `/tmp/albums/nature`,
+        '--delete',
+      ]);
+
+      const files = await readdir(`/tmp/albums/nature`);
+      await rm(`/tmp/albums/nature`, { recursive: true });
+      expect(files).toEqual([]);
+
+      expect(stdout.split('\n')).toEqual(
+        expect.arrayContaining([
+          expect.stringContaining('Successfully uploaded 9 assets'),
+          expect.stringContaining('Deleting assets that have been uploaded'),
+        ]),
+      );
+      expect(stderr).toBe('');
+      expect(exitCode).toBe(0);
+
+      const assets = await getAllAssets({}, { headers: asKeyAuth(key) });
+      expect(assets.length).toBe(9);
+    });
+  });
+});
--- a/e2e/src/cli/specs/version.e2e-spec.ts
+++ b/e2e/src/cli/specs/version.e2e-spec.ts
@@ -0,0 +1,29 @@
+import { readFileSync } from 'node:fs';
+import { apiUtils, immichCli } from 'src/utils';
+import { beforeAll, describe, expect, it } from 'vitest';
+
+const pkg = JSON.parse(readFileSync('../cli/package.json', 'utf8'));
+
+describe(`immich --version`, () => {
+  beforeAll(() => {
+    apiUtils.setup();
+  });
+
+  describe('immich --version', () => {
+    it('should print the cli version', async () => {
+      const { stdout, stderr, exitCode } = await immichCli(['--version']);
+      expect(stdout).toEqual(pkg.version);
+      expect(stderr).toEqual('');
+      expect(exitCode).toBe(0);
+    });
+  });
+
+  describe('immich -V', () => {
+    it('should print the cli version', async () => {
+      const { stdout, stderr, exitCode } = await immichCli(['-V']);
+      expect(stdout).toEqual(pkg.version);
+      expect(stderr).toEqual('');
+      expect(exitCode).toBe(0);
+    });
+  });
+});
--- a/e2e/src/fixtures.ts
+++ b/e2e/src/fixtures.ts
@@ -0,0 +1,80 @@
+import { UserAvatarColor } from '@immich/sdk';
+
+export const uuidDto = {
+  invalid: 'invalid-uuid',
+  // valid uuid v4
+  notFound: '00000000-0000-4000-a000-000000000000',
+};
+
+const adminLoginDto = {
+  email: 'admin@immich.cloud',
+  password: 'password',
+};
+const adminSignupDto = { ...adminLoginDto, name: 'Immich Admin' };
+
+export const loginDto = {
+  admin: adminLoginDto,
+};
+
+export const signupDto = {
+  admin: adminSignupDto,
+};
+
+export const createUserDto = {
+  user1: {
+    email: 'user1@immich.cloud',
+    name: 'User 1',
+    password: 'password1',
+  },
+  user2: {
+    email: 'user2@immich.cloud',
+    name: 'User 2',
+    password: 'password12',
+  },
+  user3: {
+    email: 'user3@immich.cloud',
+    name: 'User 3',
+    password: 'password123',
+  },
+};
+
+export const userDto = {
+  admin: {
+    name: signupDto.admin.name,
+    email: signupDto.admin.email,
+    password: signupDto.admin.password,
+    storageLabel: 'admin',
+    externalPath: null,
+    oauthId: '',
+    shouldChangePassword: false,
+    profileImagePath: '',
+    createdAt: new Date('2021-01-01'),
+    deletedAt: null,
+    updatedAt: new Date('2021-01-01'),
+    tags: [],
+    assets: [],
+    memoriesEnabled: true,
+    avatarColor: UserAvatarColor.Primary,
+    quotaSizeInBytes: null,
+    quotaUsageInBytes: 0,
+  },
+  user1: {
+    name: createUserDto.user1.name,
+    email: createUserDto.user1.email,
+    password: createUserDto.user1.password,
+    storageLabel: null,
+    externalPath: null,
+    oauthId: '',
+    shouldChangePassword: false,
+    profileImagePath: '',
+    createdAt: new Date('2021-01-01'),
+    deletedAt: null,
+    updatedAt: new Date('2021-01-01'),
+    tags: [],
+    assets: [],
+    memoriesEnabled: true,
+    avatarColor: UserAvatarColor.Primary,
+    quotaSizeInBytes: null,
+    quotaUsageInBytes: 0,
+  },
+};
--- a/e2e/src/responses.ts
+++ b/e2e/src/responses.ts
@@ -0,0 +1,103 @@
+import { expect } from 'vitest';
+
+export const errorDto = {
+  unauthorized: {
+    error: 'Unauthorized',
+    statusCode: 401,
+    message: 'Authentication required',
+  },
+  forbidden: {
+    error: 'Forbidden',
+    statusCode: 403,
+    message: expect.any(String),
+  },
+  wrongPassword: {
+    error: 'Bad Request',
+    statusCode: 400,
+    message: 'Wrong password',
+  },
+  invalidToken: {
+    error: 'Unauthorized',
+    statusCode: 401,
+    message: 'Invalid user token',
+  },
+  invalidShareKey: {
+    error: 'Unauthorized',
+    statusCode: 401,
+    message: 'Invalid share key',
+  },
+  invalidSharePassword: {
+    error: 'Unauthorized',
+    statusCode: 401,
+    message: 'Invalid password',
+  },
+  badRequest: (message: any = null) => ({
+    error: 'Bad Request',
+    statusCode: 400,
+    message: message ?? expect.anything(),
+  }),
+  noPermission: {
+    error: 'Bad Request',
+    statusCode: 400,
+    message: expect.stringContaining('Not found or no'),
+  },
+  incorrectLogin: {
+    error: 'Unauthorized',
+    statusCode: 401,
+    message: 'Incorrect email or password',
+  },
+  alreadyHasAdmin: {
+    error: 'Bad Request',
+    statusCode: 400,
+    message: 'The server already has an admin',
+  },
+  noDeleteUploadLibrary: {
+    error: 'Bad Request',
+    statusCode: 400,
+    message: 'Cannot delete the last upload library',
+  },
+};
+
+export const signupResponseDto = {
+  admin: {
+    avatarColor: expect.any(String),
+    id: expect.any(String),
+    name: 'Immich Admin',
+    email: 'admin@immich.cloud',
+    storageLabel: 'admin',
+    externalPath: null,
+    profileImagePath: '',
+    // why? lol
+    shouldChangePassword: true,
+    isAdmin: true,
+    createdAt: expect.any(String),
+    updatedAt: expect.any(String),
+    deletedAt: null,
+    oauthId: '',
+    memoriesEnabled: true,
+    quotaUsageInBytes: 0,
+    quotaSizeInBytes: null,
+  },
+};
+
+export const loginResponseDto = {
+  admin: {
+    accessToken: expect.any(String),
+    name: 'Immich Admin',
+    isAdmin: true,
+    profileImagePath: '',
+    shouldChangePassword: true,
+    userEmail: 'admin@immich.cloud',
+    userId: expect.any(String),
+  },
+};
+export const deviceDto = {
+  current: {
+    id: expect.any(String),
+    createdAt: expect.any(String),
+    updatedAt: expect.any(String),
+    current: true,
+    deviceOS: '',
+    deviceType: '',
+  },
+};
--- a/Show More
+++ b/Show More