Merge pull request #2 from tiquis0290/test-backup

Resolving conflicts with dev

README.md

@@ -147,7 +147,7 @@ services:
       # - COOKIE_SECURE=false # Uncomment if accessing over plain HTTP (no HTTPS). Not recommended for production.
       - TRUST_PROXY=1 # Number of trusted proxies for X-Forwarded-For
       # - ALLOW_INTERNAL_NETWORK=true # Uncomment if Immich or other services are on your local network (RFC-1918 IPs)
-      - APP_URL=${APP_URL:-} # Base URL of this instance — required when OIDC is enabled; must match the redirect URI registered with your IdP
+      - APP_URL=${APP_URL:-} # Base URL of this instance — required when OIDC is enabled; must match the redirect URI registered with your IdP; Also used as the base URL for email notifications and other external links
       # - OIDC_ISSUER=https://auth.example.com # OpenID Connect provider URL
       # - OIDC_CLIENT_ID=trek # OpenID Connect client ID
       # - OIDC_CLIENT_SECRET=supersecret # OpenID Connect client secret
@@ -285,6 +285,7 @@ trek.yourdomain.com {
 | `COOKIE_SECURE` | Set to `false` to allow session cookies over plain HTTP (e.g. accessing via IP without HTTPS). Defaults to `true` in production. **Not recommended to disable in production.** | `true` |
 | `TRUST_PROXY` | Number of trusted reverse proxies for `X-Forwarded-For` | `1` |
 | `ALLOW_INTERNAL_NETWORK` | Allow outbound requests to private/RFC-1918 IP addresses. Set to `true` if Immich or other integrated services are hosted on your local network. Loopback (`127.x`) and link-local/metadata addresses (`169.254.x`) are always blocked regardless of this setting. | `false` |
+| `APP_URL` | Public base URL of this instance (e.g. `https://trek.example.com`). Required when OIDC is enabled — must match the redirect URI registered with your IdP. Also used as the base URL for external links in email notifications. | — |
 | **OIDC / SSO** | | |
 | `OIDC_ISSUER` | OpenID Connect provider URL | — |
 | `OIDC_CLIENT_ID` | OIDC client ID | — |

chart/templates/configmap.yaml

@@ -10,6 +10,9 @@ data:
   {{- if .Values.env.ALLOWED_ORIGINS }}
   ALLOWED_ORIGINS: {{ .Values.env.ALLOWED_ORIGINS | quote }}
   {{- end }}
+  {{- if .Values.env.APP_URL }}
+  APP_URL: {{ .Values.env.APP_URL | quote }}
+  {{- end }}
   {{- if .Values.env.ALLOW_INTERNAL_NETWORK }}
   ALLOW_INTERNAL_NETWORK: {{ .Values.env.ALLOW_INTERNAL_NETWORK | quote }}
   {{- end }}

chart/values.yaml

@@ -17,6 +17,9 @@ env:
   PORT: 3000
   # ALLOWED_ORIGINS: ""
   # NOTE: If using ingress, ensure env.ALLOWED_ORIGINS matches the domains in ingress.hosts for proper CORS configuration.
+  # APP_URL: "https://trek.example.com"
+  # Public base URL of this instance. Required when OIDC is enabled — must match the redirect URI registered with your IdP.
+  # Also used as the base URL for links in email notifications and other external links.
   # ALLOW_INTERNAL_NETWORK: "false"
   # Set to "true" if Immich or other integrated services are hosted on a private/RFC-1918 network address.
   # Loopback (127.x) and link-local/metadata addresses (169.254.x) are always blocked.

client/src/components/Vacay/VacayMonthCard.tsx

@@ -81,6 +81,7 @@ export default function VacayMonthCard({
               return (
                 <div
                   key={di}
+                  title={holiday ? (holiday.label ? `${holiday.label}: ${holiday.localName}` : holiday.localName) : undefined}
                   className="relative flex items-center justify-center cursor-pointer transition-colors"
                   style={{
                     height: 28,

client/src/i18n/translations/ar.ts

@@ -85,6 +85,7 @@ const ar: Record<string, string | { name: string; category: string }[]> = {
   'dashboard.sharedBy': 'شاركها {name}',
   'dashboard.days': 'الأيام',
   'dashboard.places': 'الأماكن',
+  'dashboard.members': 'ال חברים',
   'dashboard.archive': 'أرشفة',
   'dashboard.restore': 'استعادة',
   'dashboard.archived': 'مؤرشفة',

client/src/i18n/translations/br.ts

@@ -80,6 +80,7 @@ const br: Record<string, string | { name: string; category: string }[]> = {
   'dashboard.sharedBy': 'Compartilhada por {name}',
   'dashboard.days': 'Dias',
   'dashboard.places': 'Lugares',
+  'dashboard.members': 'Parceiros de viagem',
   'dashboard.archive': 'Arquivar',
   'dashboard.restore': 'Restaurar',
   'dashboard.archived': 'Arquivada',

client/src/i18n/translations/cs.ts

@@ -81,6 +81,7 @@ const cs: Record<string, string | { name: string; category: string }[]> = {
   'dashboard.sharedBy': 'Sdílí {name}',
   'dashboard.days': 'Dní',
   'dashboard.places': 'Míst',
+  'dashboard.members': 'Cestovní parťáci',
   'dashboard.archive': 'Archivovat',
   'dashboard.restore': 'Obnovit',
   'dashboard.archived': 'Archivováno',

client/src/i18n/translations/de.ts

@@ -80,6 +80,7 @@ const de: Record<string, string | { name: string; category: string }[]> = {
   'dashboard.sharedBy': 'Geteilt von {name}',
   'dashboard.days': 'Tage',
   'dashboard.places': 'Orte',
+  'dashboard.members': 'Reise-Buddies',
   'dashboard.archive': 'Archivieren',
   'dashboard.restore': 'Wiederherstellen',
   'dashboard.archived': 'Archiviert',

client/src/i18n/translations/en.ts

@@ -80,6 +80,7 @@ const en: Record<string, string | { name: string; category: string }[]> = {
   'dashboard.sharedBy': 'Shared by {name}',
   'dashboard.days': 'Days',
   'dashboard.places': 'Places',
+  'dashboard.members': 'Buddies',
   'dashboard.archive': 'Archive',
   'dashboard.restore': 'Restore',
   'dashboard.archived': 'Archived',

client/src/i18n/translations/es.ts

@@ -81,6 +81,7 @@ const es: Record<string, string> = {
   'dashboard.sharedBy': 'Compartido por {name}',
   'dashboard.days': 'Días',
   'dashboard.places': 'Lugares',
+  'dashboard.members': 'Compañeros de viaje',
   'dashboard.archive': 'Archivar',
   'dashboard.restore': 'Restaurar',
   'dashboard.archived': 'Archivado',

client/src/i18n/translations/fr.ts

@@ -80,6 +80,7 @@ const fr: Record<string, string> = {
   'dashboard.sharedBy': 'Partagé par {name}',
   'dashboard.days': 'Jours',
   'dashboard.places': 'Lieux',
+  'dashboard.members': 'Compagnons de voyage',
   'dashboard.archive': 'Archiver',
   'dashboard.restore': 'Restaurer',
   'dashboard.archived': 'Archivé',

client/src/i18n/translations/hu.ts

@@ -80,6 +80,7 @@ const hu: Record<string, string | { name: string; category: string }[]> = {
   'dashboard.sharedBy': 'Megosztotta: {name}',
   'dashboard.days': 'nap',
   'dashboard.places': 'hely',
+  'dashboard.members': 'Útitársak',
   'dashboard.archive': 'Archiválás',
   'dashboard.restore': 'Visszaállítás',
   'dashboard.archived': 'Archivált',

client/src/i18n/translations/it.ts

@@ -80,6 +80,7 @@ const it: Record<string, string | { name: string; category: string }[]> = {
   'dashboard.sharedBy': 'Condiviso da {name}',
   'dashboard.days': 'Giorni',
   'dashboard.places': 'Luoghi',
+  'dashboard.members': 'Compagni di viaggio',
   'dashboard.archive': 'Archivia',
   'dashboard.restore': 'Ripristina',
   'dashboard.archived': 'Archiviati',

client/src/i18n/translations/nl.ts

@@ -80,6 +80,7 @@ const nl: Record<string, string> = {
   'dashboard.sharedBy': 'Gedeeld door {name}',
   'dashboard.days': 'Dagen',
   'dashboard.places': 'Plaatsen',
+  'dashboard.members': 'Reisgenoten',
   'dashboard.archive': 'Archiveren',
   'dashboard.restore': 'Herstellen',
   'dashboard.archived': 'Gearchiveerd',

client/src/i18n/translations/ru.ts

@@ -80,6 +80,7 @@ const ru: Record<string, string> = {
   'dashboard.sharedBy': 'Поделился {name}',
   'dashboard.days': 'Дни',
   'dashboard.places': 'Места',
+  'dashboard.members': 'Попутчики',
   'dashboard.archive': 'Архивировать',
   'dashboard.restore': 'Восстановить',
   'dashboard.archived': 'В архиве',

client/src/i18n/translations/zh.ts

@@ -80,6 +80,7 @@ const zh: Record<string, string> = {
   'dashboard.sharedBy': '由 {name} 分享',
   'dashboard.days': '天',
   'dashboard.places': '地点',
+  'dashboard.members': '旅伴',
   'dashboard.archive': '归档',
   'dashboard.restore': '恢复',
   'dashboard.archived': '已归档',

client/src/pages/DashboardPage.tsx

@@ -14,7 +14,7 @@ import ConfirmDialog from '../components/shared/ConfirmDialog'
 import { useToast } from '../components/shared/Toast'
 import {
   Plus, Calendar, Trash2, Edit2, Map, ChevronDown, ChevronUp,
-  Archive, ArchiveRestore, Clock, MapPin, Settings, X, ArrowRightLeft,
+  Archive, ArchiveRestore, Clock, MapPin, Settings, X, ArrowRightLeft, Users,
   LayoutGrid, List,
 } from 'lucide-react'
 import { useCanDo } from '../store/permissionsStore'
@@ -31,6 +31,7 @@ interface DashboardTrip {
   owner_username?: string
   day_count?: number
   place_count?: number
+  shared_count?: number
   [key: string]: string | number | boolean | null | undefined
 }
 
@@ -224,6 +225,9 @@ function SpotlightCard({ trip, onEdit, onDelete, onArchive, onClick, t, locale,
             <div style={{ display: 'flex', alignItems: 'center', gap: 5, color: 'rgba(255,255,255,0.8)', fontSize: 13 }}>
               <MapPin size={13} /> {trip.place_count || 0} {t('dashboard.places')}
             </div>
+            <div className="hidden md:flex" style={{ alignItems: 'center', gap: 5, color: 'rgba(255,255,255,0.8)', fontSize: 13 }}>
+              <Users size={13} /> {trip.shared_count+1 || 0} {t('dashboard.members')}
+            </div>
           </div>
         </div>
       </div>
@@ -307,6 +311,7 @@ function TripCard({ trip, onEdit, onDelete, onArchive, onClick, t, locale }: Omi
         <div style={{ display: 'flex', gap: 8, marginBottom: 10 }}>
           <Stat label={t('dashboard.days')} value={trip.day_count || 0} />
           <Stat label={t('dashboard.places')} value={trip.place_count || 0} />
+          <Stat label={t('dashboard.members')} value={trip.shared_count+1 || 0} />
         </div>
 
         {(onEdit || onArchive || onDelete) && (
@@ -406,6 +411,9 @@ function TripListItem({ trip, onEdit, onDelete, onArchive, onClick, t, locale }:
         <div className="hidden md:flex" style={{ alignItems: 'center', gap: 4, fontSize: 12, color: 'var(--text-muted)' }}>
           <MapPin size={11} /> {trip.place_count || 0}
         </div>
+        <div className="hidden md:flex" style={{ alignItems: 'center', gap: 4, fontSize: 12, color: 'var(--text-muted)' }}>
+          <Users size={11} /> {trip.shared_count+1 || 0}
+        </div>
       </div>
 
       {/* Actions */}

client/src/pages/LoginPage.tsx

@@ -50,7 +50,6 @@ export default function LoginPage(): React.ReactElement {
         setError('Invalid or expired invite link')
       })
       window.history.replaceState({}, '', window.location.pathname)
-      return
     }
 
     if (oidcCode) {
@@ -87,7 +86,7 @@ export default function LoginPage(): React.ReactElement {
       if (config) {
         setAppConfig(config)
         if (!config.has_users) setMode('register')
-        if (config.oidc_only_mode && config.oidc_configured && config.has_users) {
+        if (config.oidc_only_mode && config.oidc_configured && config.has_users && !invite) {
           window.location.href = '/api/auth/oidc/login'
         }
       }

docker-compose.yml

@@ -26,6 +26,7 @@ services:
 #     - COOKIE_SECURE=false # Uncomment if accessing over plain HTTP (no HTTPS). Not recommended for production.
       - TRUST_PROXY=1 # Number of trusted proxies (for X-Forwarded-For / real client IP)
       - ALLOW_INTERNAL_NETWORK=false # Set to true if Immich or other services are hosted on your local network (RFC-1918 IPs). Loopback and link-local addresses remain blocked regardless.
+#      - APP_URL=https://trek.example.com # Public base URL — required when OIDC is enabled (must match the redirect URI registered with your IdP); also used as base URL for links in email notifications
 #      - OIDC_ISSUER=https://auth.example.com # OpenID Connect provider URL
 #      - OIDC_CLIENT_ID=trek # OpenID Connect client ID
 #      - OIDC_CLIENT_SECRET=supersecret # OpenID Connect client secret

server/src/routes/admin.ts

@@ -379,12 +379,9 @@ router.post('/rotate-jwt-secret', (req: Request, res: Response) => {
   if (result.error) return res.status(result.status!).json({ error: result.error });
   const authReq = req as AuthRequest;
   writeAudit({
-    user_id: authReq.user?.id ?? null,
+    userId: authReq.user?.id ?? null,
-    username: authReq.user?.username ?? 'unknown',
     action: 'admin.rotate_jwt_secret',
-    target_type: 'system',
+    resource: 'system',
-    target_id: null,
-    details: null,
     ip: getClientIp(req),
   });
   res.json({ success: true });

server/src/routes/immich.ts

@@ -30,7 +30,6 @@ import {
 const router = express.Router();
 
 // ── Dual auth middleware (JWT or ephemeral token for <img> src) ─────────────
-
 function authFromQuery(req: Request, res: Response, next: NextFunction) {
   const queryToken = req.query.token as string | undefined;
   if (queryToken) {
@@ -178,7 +177,6 @@ router.get('/albums', authenticate, async (req: Request, res: Response) => {
     res.status(502).json({ error: 'Could not reach Immich' });
   }
 });
-
 router.post('/trips/:tripId/album-links', authenticate, async (req: Request, res: Response) => {
   const authReq = req as AuthRequest;
   const { tripId } = req.params;

server/src/services/adminService.ts

@@ -465,17 +465,92 @@ export function deleteTemplateItem(itemId: string) {
 
 export function listAddons() {
   const addons = db.prepare('SELECT * FROM addons ORDER BY sort_order, id').all() as Addon[];
-  return addons.map(a => ({ ...a, enabled: !!a.enabled, config: JSON.parse(a.config || '{}') }));
+  const providers = db.prepare(`
+    SELECT id, name, description, icon, enabled, config, sort_order
+    FROM photo_providers
+    ORDER BY sort_order, id
+  `).all() as Array<{ id: string; name: string; description?: string | null; icon: string; enabled: number; config: string; sort_order: number }>;
+  const fields = db.prepare(`
+    SELECT provider_id, field_key, label, input_type, placeholder, required, secret, settings_key, payload_key, sort_order
+    FROM photo_provider_fields
+    ORDER BY sort_order, id
+  `).all() as Array<{
+    provider_id: string;
+    field_key: string;
+    label: string;
+    input_type: string;
+    placeholder?: string | null;
+    required: number;
+    secret: number;
+    settings_key?: string | null;
+    payload_key?: string | null;
+    sort_order: number;
+  }>;
+  const fieldsByProvider = new Map<string, typeof fields>();
+  for (const field of fields) {
+    const arr = fieldsByProvider.get(field.provider_id) || [];
+    arr.push(field);
+    fieldsByProvider.set(field.provider_id, arr);
+  }
+
+  return [
+    ...addons.map(a => ({ ...a, enabled: !!a.enabled, config: JSON.parse(a.config || '{}') })),
+    ...providers.map(p => ({
+      id: p.id,
+      name: p.name,
+      description: p.description,
+      type: 'photo_provider',
+      icon: p.icon,
+      enabled: !!p.enabled,
+      config: JSON.parse(p.config || '{}'),
+      fields: (fieldsByProvider.get(p.id) || []).map(f => ({
+        key: f.field_key,
+        label: f.label,
+        input_type: f.input_type,
+        placeholder: f.placeholder || '',
+        required: !!f.required,
+        secret: !!f.secret,
+        settings_key: f.settings_key || null,
+        payload_key: f.payload_key || null,
+        sort_order: f.sort_order,
+      })),
+      sort_order: p.sort_order,
+    })),
+  ];
 }
 
 export function updateAddon(id: string, data: { enabled?: boolean; config?: Record<string, unknown> }) {
-  const addon = db.prepare('SELECT * FROM addons WHERE id = ?').get(id);
+  const addon = db.prepare('SELECT * FROM addons WHERE id = ?').get(id) as Addon | undefined;
-  if (!addon) return { error: 'Addon not found', status: 404 };
+  const provider = db.prepare('SELECT * FROM photo_providers WHERE id = ?').get(id) as { id: string; name: string; description?: string | null; icon: string; enabled: number; config: string; sort_order: number } | undefined;
-  if (data.enabled !== undefined) db.prepare('UPDATE addons SET enabled = ? WHERE id = ?').run(data.enabled ? 1 : 0, id);
+  if (!addon && !provider) return { error: 'Addon not found', status: 404 };
-  if (data.config !== undefined) db.prepare('UPDATE addons SET config = ? WHERE id = ?').run(JSON.stringify(data.config), id);
+
-  const updated = db.prepare('SELECT * FROM addons WHERE id = ?').get(id) as Addon;
+  if (addon) {
+    if (data.enabled !== undefined) db.prepare('UPDATE addons SET enabled = ? WHERE id = ?').run(data.enabled ? 1 : 0, id);
+    if (data.config !== undefined) db.prepare('UPDATE addons SET config = ? WHERE id = ?').run(JSON.stringify(data.config), id);
+  } else {
+    if (data.enabled !== undefined) db.prepare('UPDATE photo_providers SET enabled = ? WHERE id = ?').run(data.enabled ? 1 : 0, id);
+    if (data.config !== undefined) db.prepare('UPDATE photo_providers SET config = ? WHERE id = ?').run(JSON.stringify(data.config), id);
+  }
+
+  const updatedAddon = db.prepare('SELECT * FROM addons WHERE id = ?').get(id) as Addon | undefined;
+  const updatedProvider = db.prepare('SELECT * FROM photo_providers WHERE id = ?').get(id) as { id: string; name: string; description?: string | null; icon: string; enabled: number; config: string; sort_order: number } | undefined;
+  const updated = updatedAddon
+    ? { ...updatedAddon, enabled: !!updatedAddon.enabled, config: JSON.parse(updatedAddon.config || '{}') }
+    : updatedProvider
+      ? {
+        id: updatedProvider.id,
+        name: updatedProvider.name,
+        description: updatedProvider.description,
+        type: 'photo_provider',
+        icon: updatedProvider.icon,
+        enabled: !!updatedProvider.enabled,
+        config: JSON.parse(updatedProvider.config || '{}'),
+        sort_order: updatedProvider.sort_order,
+      }
+      : null;
+
   return {
-    addon: { ...updated, enabled: !!updated.enabled, config: JSON.parse(updated.config || '{}') },
+    addon: updated,
     auditDetails: { enabled: data.enabled !== undefined ? !!data.enabled : undefined, config_changed: data.config !== undefined },
   };
 }

server/src/services/authService.ts

@@ -981,7 +981,7 @@ export function createWsToken(userId: number): { error?: string; status?: number
 }
 
 export function createResourceToken(userId: number, purpose?: string): { error?: string; status?: number; token?: string } {
-  if (purpose !== 'download' && purpose !== 'immich') {
+  if (purpose !== 'download' && purpose !== 'immich' && purpose !== 'synologyphotos') {
     return { error: 'Invalid purpose', status: 400 };
   }
   const token = createEphemeralToken(userId, purpose);

server/src/services/immichService.ts

@@ -175,11 +175,12 @@ export async function searchPhotos(
 
 export function listTripPhotos(tripId: string, userId: number) {
   return db.prepare(`
-    SELECT tp.immich_asset_id, tp.user_id, tp.shared, tp.added_at,
+    SELECT tp.asset_id AS immich_asset_id, tp.user_id, tp.shared, tp.added_at,
            u.username, u.avatar, u.immich_url
     FROM trip_photos tp
     JOIN users u ON tp.user_id = u.id
     WHERE tp.trip_id = ?
+    AND tp.provider = 'immich'
     AND (tp.user_id = ? OR tp.shared = 1)
     ORDER BY tp.added_at ASC
   `).all(tripId, userId);
@@ -191,25 +192,23 @@ export function addTripPhotos(
   assetIds: string[],
   shared: boolean
 ): number {
-  const insert = db.prepare(
+  const insert = db.prepare('INSERT OR IGNORE INTO trip_photos (trip_id, user_id, asset_id, provider, shared) VALUES (?, ?, ?, ?, ?)');
-    'INSERT OR IGNORE INTO trip_photos (trip_id, user_id, immich_asset_id, shared) VALUES (?, ?, ?, ?)'
-  );
   let added = 0;
   for (const assetId of assetIds) {
-    const result = insert.run(tripId, userId, assetId, shared ? 1 : 0);
+    const result = insert.run(tripId, userId, assetId, 'immich', shared ? 1 : 0);
     if (result.changes > 0) added++;
   }
   return added;
 }
 
 export function removeTripPhoto(tripId: string, userId: number, assetId: string) {
-  db.prepare('DELETE FROM trip_photos WHERE trip_id = ? AND user_id = ? AND immich_asset_id = ?')
+  db.prepare('DELETE FROM trip_photos WHERE trip_id = ? AND user_id = ? AND asset_id = ? AND provider = ?')
-    .run(tripId, userId, assetId);
+    .run(tripId, userId, assetId, 'immich');
 }
 
 export function togglePhotoSharing(tripId: string, userId: number, assetId: string, shared: boolean) {
-  db.prepare('UPDATE trip_photos SET shared = ? WHERE trip_id = ? AND user_id = ? AND immich_asset_id = ?')
+  db.prepare('UPDATE trip_photos SET shared = ? WHERE trip_id = ? AND user_id = ? AND asset_id = ? AND provider = ?')
-    .run(shared ? 1 : 0, tripId, userId, assetId);
+    .run(shared ? 1 : 0, tripId, userId, assetId, 'immich');
 }
 
 // ── Asset Info / Proxy ─────────────────────────────────────────────────────
@@ -329,7 +328,7 @@ export function listAlbumLinks(tripId: string) {
     SELECT tal.*, u.username
     FROM trip_album_links tal
     JOIN users u ON tal.user_id = u.id
-    WHERE tal.trip_id = ?
+    WHERE tal.trip_id = ? AND tal.provider = 'immich'
     ORDER BY tal.created_at ASC
   `).all(tripId);
 }
@@ -342,8 +341,8 @@ export function createAlbumLink(
 ): { success: boolean; error?: string } {
   try {
     db.prepare(
-      'INSERT OR IGNORE INTO trip_album_links (trip_id, user_id, immich_album_id, album_name) VALUES (?, ?, ?, ?)'
+      'INSERT OR IGNORE INTO trip_album_links (trip_id, user_id, provider, album_id, album_name) VALUES (?, ?, ?, ?, ?)'
-    ).run(tripId, userId, albumId, albumName || '');
+    ).run(tripId, userId, 'immich', albumId, albumName || '');
     return { success: true };
   } catch {
     return { success: false, error: 'Album already linked' };
@@ -360,15 +359,15 @@ export async function syncAlbumAssets(
   linkId: string,
   userId: number
 ): Promise<{ success?: boolean; added?: number; total?: number; error?: string; status?: number }> {
-  const link = db.prepare('SELECT * FROM trip_album_links WHERE id = ? AND trip_id = ? AND user_id = ?')
+  const link = db.prepare('SELECT * FROM trip_album_links WHERE id = ? AND trip_id = ? AND user_id = ? AND provider = ?')
-    .get(linkId, tripId, userId) as any;
+    .get(linkId, tripId, userId, 'immich') as any;
   if (!link) return { error: 'Album link not found', status: 404 };
 
   const creds = getImmichCredentials(userId);
   if (!creds) return { error: 'Immich not configured', status: 400 };
 
   try {
-    const resp = await fetch(`${creds.immich_url}/api/albums/${link.immich_album_id}`, {
+    const resp = await fetch(`${creds.immich_url}/api/albums/${link.album_id}`, {
       headers: { 'x-api-key': creds.immich_api_key, 'Accept': 'application/json' },
       signal: AbortSignal.timeout(15000),
     });
@@ -376,9 +375,7 @@ export async function syncAlbumAssets(
     const albumData = await resp.json() as { assets?: any[] };
     const assets = (albumData.assets || []).filter((a: any) => a.type === 'IMAGE');
 
-    const insert = db.prepare(
+    const insert = db.prepare("INSERT OR IGNORE INTO trip_photos (trip_id, user_id, asset_id, provider, shared) VALUES (?, ?, ?, 'immich', 1)");
-      'INSERT OR IGNORE INTO trip_photos (trip_id, user_id, immich_asset_id, shared) VALUES (?, ?, ?, 1)'
-    );
     let added = 0;
     for (const asset of assets) {
       const r = insert.run(tripId, userId, asset.id);

server/src/services/notifications.ts

@@ -44,6 +44,7 @@ function getWebhookUrl(): string | null {
 }
 
 function getAppUrl(): string {
+  if (process.env.APP_URL) return process.env.APP_URL;
   const origins = process.env.ALLOWED_ORIGINS;
   if (origins) {
     const first = origins.split(',')[0]?.trim();

server/src/services/shareService.ts

@@ -175,7 +175,7 @@ export function getSharedTripData(token: string): Record<string, any> | null {
 
   // Collab messages (only if owner chose to share)
   const collabMessages = permissions.share_collab
-    ? db.prepare('SELECT m.*, u.username, u.avatar FROM collab_messages m JOIN users u ON m.user_id = u.id WHERE m.trip_id = ? ORDER BY m.created_at ASC').all(tripId)
+    ? db.prepare('SELECT m.*, u.username, u.avatar FROM collab_messages m JOIN users u ON m.user_id = u.id WHERE m.trip_id = ? AND m.deleted = 0 ORDER BY m.created_at').all(tripId)
     : [];
 
   return {