From 7821993450ba9d4138f5c2955254adf040df7658 Mon Sep 17 00:00:00 2001
From: Maurice <mauriceboe@icloud.com>
Date: Sun, 5 Apr 2026 15:11:07 +0200
Subject: [PATCH] fix(memories): patch critical bugs from PR #336 Synology
 Photos merge
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Fix missing response on successful addTripPhotos in deprecated immich route
- Fix undefined tripId in asset proxy routes (use query param instead)
- Fix unquoted SQL string in migration 68 (id = memories → id = 'memories')
- Add missing return after error response in synology asset streaming
---
 server/src/db/migrations.ts            |  2 +-
 server/src/routes/immich.ts            | 10 +++++++---
 server/src/routes/memories/synology.ts |  2 +-
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/server/src/db/migrations.ts b/server/src/db/migrations.ts
index bdd5ee1..fdbf25b 100644
--- a/server/src/db/migrations.ts
+++ b/server/src/db/migrations.ts
@@ -734,7 +734,7 @@ function runMigrations(db: Database.Database): void {
       `);
     },
     () => {
-      try {db.exec('UPDATE addons SET enabled = 0 WHERE id = memories');} catch (err) {}
+      try {db.exec("UPDATE addons SET enabled = 0 WHERE id = 'memories'");} catch (err) {}
     },
     // Migration 69: Place region cache for sub-national Atlas regions
     () => {
diff --git a/server/src/routes/immich.ts b/server/src/routes/immich.ts
index 4eef709..1149f62 100644
--- a/server/src/routes/immich.ts
+++ b/server/src/routes/immich.ts
@@ -157,6 +157,7 @@ router.post('/trips/:tripId/photos', authenticate, async (req: Request, res: Res
     };
     const result = await addTripPhotos(tripId, authReq.user.id, shared, [selection], sid);
     if ('error' in result) return res.status(result.error.status!).json({ error: result.error });
+    res.json(result);
 });
 
 router.delete('/trips/:tripId/photos/:assetId', authenticate, async (req: Request, res: Response) => {
@@ -184,7 +185,8 @@ router.get('/assets/:assetId/info', authenticate, async (req: Request, res: Resp
     if (!isValidAssetId(assetId)) return res.status(400).json({ error: 'Invalid asset ID' });
     const queryUserId = req.query.userId ? Number(req.query.userId) : undefined;
     const ownerUserId = queryUserId && queryUserId !== authReq.user.id ? queryUserId : undefined;
-    if (ownerUserId && !canAccessUserPhoto(authReq.user.id, ownerUserId, req.params.tripId, assetId, 'immich')) {
+    const tripId = req.query.tripId as string;
+    if (ownerUserId && tripId && !canAccessUserPhoto(authReq.user.id, ownerUserId, tripId, assetId, 'immich')) {
         return res.status(403).json({ error: 'Forbidden' });
     }
     const result = await getAssetInfo(authReq.user.id, assetId, ownerUserId);
@@ -200,7 +202,8 @@ router.get('/assets/:assetId/thumbnail', authFromQuery, async (req: Request, res
     if (!isValidAssetId(assetId)) return res.status(400).send('Invalid asset ID');
     const queryUserId = req.query.userId ? Number(req.query.userId) : undefined;
     const ownerUserId = queryUserId && queryUserId !== authReq.user.id ? queryUserId : undefined;
-    if (ownerUserId && !canAccessUserPhoto(authReq.user.id, ownerUserId, req.params.tripId, assetId, 'immich')) {
+    const tripId = req.query.tripId as string;
+    if (ownerUserId && tripId && !canAccessUserPhoto(authReq.user.id, ownerUserId, tripId, assetId, 'immich')) {
         return res.status(403).send('Forbidden');
     }
     const result = await proxyThumbnail(authReq.user.id, assetId, ownerUserId);
@@ -216,7 +219,8 @@ router.get('/assets/:assetId/original', authFromQuery, async (req: Request, res:
     if (!isValidAssetId(assetId)) return res.status(400).send('Invalid asset ID');
     const queryUserId = req.query.userId ? Number(req.query.userId) : undefined;
     const ownerUserId = queryUserId && queryUserId !== authReq.user.id ? queryUserId : undefined;
-    if (ownerUserId && !canAccessUserPhoto(authReq.user.id, ownerUserId, req.params.tripId, assetId, 'immich')) {
+    const tripId = req.query.tripId as string;
+    if (ownerUserId && tripId && !canAccessUserPhoto(authReq.user.id, ownerUserId, tripId, assetId, 'immich')) {
         return res.status(403).send('Forbidden');
     }
     const result = await proxyOriginal(authReq.user.id, assetId, ownerUserId);
diff --git a/server/src/routes/memories/synology.ts b/server/src/routes/memories/synology.ts
index de6915a..1dfa4be 100644
--- a/server/src/routes/memories/synology.ts
+++ b/server/src/routes/memories/synology.ts
@@ -116,7 +116,7 @@ router.get('/assets/:tripId/:photoId/:ownerId/:kind', authenticate, async (req:
     const { size = "sm" } = req.query;
 
     if (kind !== 'thumbnail' && kind !== 'original') {
-        handleServiceResult(res, fail('Invalid asset kind', 400));
+        return handleServiceResult(res, fail('Invalid asset kind', 400));
     }
 
     if (!canAccessUserPhoto(authReq.user.id, Number(ownerId), tripId, photoId, 'synologyphotos')) {