test(server): full backend end-to-end testing with microservices (#4225)

* feat: asset e2e with job option

* feat: checkout test assets

* feat: library e2e tests

* fix: use node 21 in e2e

* fix: tests

* fix: use normalized external path

* feat: more external path tests

* chore: use parametrized tests

* chore: remove unused test code

* chore: refactor test asset path

* feat: centralize test app creation

* fix: correct error message for missing assets

* feat: test file formats

* fix: don't compare checksum

* feat: build libvips

* fix: install meson

* fix: use immich test asset repo

* feat: test nikon raw files

* fix: set Z timezone

* feat: test offline library files

* feat: richer metadata tests

* feat: e2e tests in docker

* feat: e2e test with arm64 docker

* fix: manual docker compose run

* fix: remove metadata processor import

* fix: run e2e tests in test.yml

* fix: checkout e2e assets

* fix: typo

* fix: checkout files in app directory

* fix: increase e2e memory

* fix: rm submodules

* fix: revert action name

* test: mark file offline when external path changes

* feat: rename env var to TEST_ENV

* docs: new test procedures

* feat: can run docker e2e tests manually if needed

* chore: use new node 20.8 for e2e

* chore: bump exiftool-vendored

* feat: simplify test launching

* fix: rename env vars to use immich_ prefix

* feat: asset folder is submodule

* chore: cleanup after 20.8 upgrade

* fix: don't log postgres in e2e

* fix: better warning about not running all tests

---------

Co-authored-by: Jonathan Jogenfors <jonathan@jogenfors.se>

server/test/e2e/asset.e2e-spec.ts

@@ -6,13 +6,12 @@ import {
   LoginResponseDto,
   TimeBucketSize,
 } from '@app/domain';
-import { AppModule, AssetController } from '@app/immich';
+import { AssetController } from '@app/immich';
 import { AssetEntity, AssetType } from '@app/infra/entities';
 import { INestApplication } from '@nestjs/common';
-import { Test, TestingModule } from '@nestjs/testing';
 import { api } from '@test/api';
-import { db } from '@test/db';
 import { errorStub, uuidStub } from '@test/fixtures';
+import { createTestApp, db } from '@test/test-utils';
 import { randomBytes } from 'crypto';
 import request from 'supertest';
 
@@ -85,11 +84,8 @@ describe(`${AssetController.name} (e2e)`, () => {
   let asset4: AssetEntity;
 
   beforeAll(async () => {
-    const moduleFixture: TestingModule = await Test.createTestingModule({
-      imports: [AppModule],
-    }).compile();
+    app = await createTestApp();
 
-    app = await moduleFixture.createNestApplication().init();
     server = app.getHttpServer();
     assetRepository = app.get<IAssetRepository>(IAssetRepository);
   });
@@ -200,6 +196,27 @@ describe(`${AssetController.name} (e2e)`, () => {
       expect(status).toBe(200);
       expect(body.duplicate).toBe(true);
     });
+
+    it("should not upload to another user's library", async () => {
+      const content = randomBytes(32);
+      const library = (await api.libraryApi.getAll(server, user2.accessToken))[0];
+      await api.assetApi.upload(server, user1.accessToken, 'example-image', { content });
+
+      const { body, status } = await request(server)
+        .post('/asset/upload')
+        .set('Authorization', `Bearer ${user1.accessToken}`)
+        .field('libraryId', library.id)
+        .field('deviceAssetId', 'example-image')
+        .field('deviceId', 'TEST')
+        .field('fileCreatedAt', new Date().toISOString())
+        .field('fileModifiedAt', new Date().toISOString())
+        .field('isFavorite', false)
+        .field('duration', '0:00:00.000000')
+        .attach('assetData', content, 'example.jpg');
+
+      expect(status).toBe(400);
+      expect(body).toEqual(errorStub.badRequest('Not found or no asset.upload access'));
+    });
   });
 
   describe('PUT /asset/:id', () => {