refactor(server)*: tsconfigs (#2689)

* refactor(server): tsconfigs

* chore: dummy commit

* fix: start.sh

* chore: restore original entry scripts

server/src/domain/album/album.repository.ts

@@ -0,0 +1,24 @@
+import { AlbumEntity } from '@app/infra/entities';
+
+export const IAlbumRepository = 'IAlbumRepository';
+
+export interface AlbumAssetCount {
+  albumId: string;
+  assetCount: number;
+}
+
+export interface IAlbumRepository {
+  getByIds(ids: string[]): Promise<AlbumEntity[]>;
+  getByAssetId(ownerId: string, assetId: string): Promise<AlbumEntity[]>;
+  hasAsset(id: string, assetId: string): Promise<boolean>;
+  getAssetCountForIds(ids: string[]): Promise<AlbumAssetCount[]>;
+  getInvalidThumbnail(): Promise<string[]>;
+  getOwned(ownerId: string): Promise<AlbumEntity[]>;
+  getShared(ownerId: string): Promise<AlbumEntity[]>;
+  getNotShared(ownerId: string): Promise<AlbumEntity[]>;
+  deleteAll(userId: string): Promise<void>;
+  getAll(): Promise<AlbumEntity[]>;
+  create(album: Partial<AlbumEntity>): Promise<AlbumEntity>;
+  update(album: Partial<AlbumEntity>): Promise<AlbumEntity>;
+  delete(album: AlbumEntity): Promise<void>;
+}

server/src/domain/album/album.service.spec.ts

@@ -0,0 +1,393 @@
+import { BadRequestException, ForbiddenException } from '@nestjs/common';
+import _ from 'lodash';
+import {
+  albumStub,
+  authStub,
+  newAlbumRepositoryMock,
+  newAssetRepositoryMock,
+  newJobRepositoryMock,
+  newUserRepositoryMock,
+  userEntityStub,
+} from '@test';
+import { IAssetRepository } from '../asset';
+import { IJobRepository, JobName } from '../job';
+import { IUserRepository } from '../user';
+import { IAlbumRepository } from './album.repository';
+import { AlbumService } from './album.service';
+
+describe(AlbumService.name, () => {
+  let sut: AlbumService;
+  let albumMock: jest.Mocked<IAlbumRepository>;
+  let assetMock: jest.Mocked<IAssetRepository>;
+  let jobMock: jest.Mocked<IJobRepository>;
+  let userMock: jest.Mocked<IUserRepository>;
+
+  beforeEach(async () => {
+    albumMock = newAlbumRepositoryMock();
+    assetMock = newAssetRepositoryMock();
+    jobMock = newJobRepositoryMock();
+    userMock = newUserRepositoryMock();
+
+    sut = new AlbumService(albumMock, assetMock, jobMock, userMock);
+  });
+
+  it('should work', () => {
+    expect(sut).toBeDefined();
+  });
+
+  describe('getAll', () => {
+    it('gets list of albums for auth user', async () => {
+      albumMock.getOwned.mockResolvedValue([albumStub.empty, albumStub.sharedWithUser]);
+      albumMock.getAssetCountForIds.mockResolvedValue([
+        { albumId: albumStub.empty.id, assetCount: 0 },
+        { albumId: albumStub.sharedWithUser.id, assetCount: 0 },
+      ]);
+      albumMock.getInvalidThumbnail.mockResolvedValue([]);
+
+      const result = await sut.getAll(authStub.admin, {});
+      expect(result).toHaveLength(2);
+      expect(result[0].id).toEqual(albumStub.empty.id);
+      expect(result[1].id).toEqual(albumStub.sharedWithUser.id);
+    });
+
+    it('gets list of albums that have a specific asset', async () => {
+      albumMock.getByAssetId.mockResolvedValue([albumStub.oneAsset]);
+      albumMock.getAssetCountForIds.mockResolvedValue([{ albumId: albumStub.oneAsset.id, assetCount: 1 }]);
+      albumMock.getInvalidThumbnail.mockResolvedValue([]);
+
+      const result = await sut.getAll(authStub.admin, { assetId: albumStub.oneAsset.id });
+      expect(result).toHaveLength(1);
+      expect(result[0].id).toEqual(albumStub.oneAsset.id);
+      expect(albumMock.getByAssetId).toHaveBeenCalledTimes(1);
+    });
+
+    it('gets list of albums that are shared', async () => {
+      albumMock.getShared.mockResolvedValue([albumStub.sharedWithUser]);
+      albumMock.getAssetCountForIds.mockResolvedValue([{ albumId: albumStub.sharedWithUser.id, assetCount: 0 }]);
+      albumMock.getInvalidThumbnail.mockResolvedValue([]);
+
+      const result = await sut.getAll(authStub.admin, { shared: true });
+      expect(result).toHaveLength(1);
+      expect(result[0].id).toEqual(albumStub.sharedWithUser.id);
+      expect(albumMock.getShared).toHaveBeenCalledTimes(1);
+    });
+
+    it('gets list of albums that are NOT shared', async () => {
+      albumMock.getNotShared.mockResolvedValue([albumStub.empty]);
+      albumMock.getAssetCountForIds.mockResolvedValue([{ albumId: albumStub.empty.id, assetCount: 0 }]);
+      albumMock.getInvalidThumbnail.mockResolvedValue([]);
+
+      const result = await sut.getAll(authStub.admin, { shared: false });
+      expect(result).toHaveLength(1);
+      expect(result[0].id).toEqual(albumStub.empty.id);
+      expect(albumMock.getNotShared).toHaveBeenCalledTimes(1);
+    });
+  });
+
+  it('counts assets correctly', async () => {
+    albumMock.getOwned.mockResolvedValue([albumStub.oneAsset]);
+    albumMock.getAssetCountForIds.mockResolvedValue([{ albumId: albumStub.oneAsset.id, assetCount: 1 }]);
+    albumMock.getInvalidThumbnail.mockResolvedValue([]);
+
+    const result = await sut.getAll(authStub.admin, {});
+
+    expect(result).toHaveLength(1);
+    expect(result[0].assetCount).toEqual(1);
+    expect(albumMock.getOwned).toHaveBeenCalledTimes(1);
+  });
+
+  it('updates the album thumbnail by listing all albums', async () => {
+    albumMock.getOwned.mockResolvedValue([albumStub.oneAssetInvalidThumbnail]);
+    albumMock.getAssetCountForIds.mockResolvedValue([
+      { albumId: albumStub.oneAssetInvalidThumbnail.id, assetCount: 1 },
+    ]);
+    albumMock.getInvalidThumbnail.mockResolvedValue([albumStub.oneAssetInvalidThumbnail.id]);
+    albumMock.update.mockResolvedValue(albumStub.oneAssetValidThumbnail);
+    assetMock.getFirstAssetForAlbumId.mockResolvedValue(albumStub.oneAssetInvalidThumbnail.assets[0]);
+
+    const result = await sut.getAll(authStub.admin, {});
+
+    expect(result).toHaveLength(1);
+    expect(albumMock.getInvalidThumbnail).toHaveBeenCalledTimes(1);
+    expect(albumMock.update).toHaveBeenCalledTimes(1);
+  });
+
+  it('removes the thumbnail for an empty album', async () => {
+    albumMock.getOwned.mockResolvedValue([albumStub.emptyWithInvalidThumbnail]);
+    albumMock.getAssetCountForIds.mockResolvedValue([
+      { albumId: albumStub.emptyWithInvalidThumbnail.id, assetCount: 1 },
+    ]);
+    albumMock.getInvalidThumbnail.mockResolvedValue([albumStub.emptyWithInvalidThumbnail.id]);
+    albumMock.update.mockResolvedValue(albumStub.emptyWithValidThumbnail);
+    assetMock.getFirstAssetForAlbumId.mockResolvedValue(null);
+
+    const result = await sut.getAll(authStub.admin, {});
+
+    expect(result).toHaveLength(1);
+    expect(albumMock.getInvalidThumbnail).toHaveBeenCalledTimes(1);
+    expect(albumMock.update).toHaveBeenCalledTimes(1);
+  });
+
+  describe('create', () => {
+    it('creates album', async () => {
+      albumMock.create.mockResolvedValue(albumStub.empty);
+
+      await expect(sut.create(authStub.admin, { albumName: 'Empty album' })).resolves.toEqual({
+        albumName: 'Empty album',
+        albumThumbnailAssetId: null,
+        assetCount: 0,
+        assets: [],
+        createdAt: expect.anything(),
+        id: 'album-1',
+        owner: {
+          email: 'admin@test.com',
+          firstName: 'admin_first_name',
+          id: 'admin_id',
+          isAdmin: true,
+          lastName: 'admin_last_name',
+          oauthId: '',
+          profileImagePath: '',
+          shouldChangePassword: false,
+          storageLabel: 'admin',
+          createdAt: new Date('2021-01-01'),
+          deletedAt: null,
+          updatedAt: new Date('2021-01-01'),
+        },
+        ownerId: 'admin_id',
+        shared: false,
+        sharedUsers: [],
+        updatedAt: expect.anything(),
+      });
+
+      expect(jobMock.queue).toHaveBeenCalledWith({
+        name: JobName.SEARCH_INDEX_ALBUM,
+        data: { ids: [albumStub.empty.id] },
+      });
+    });
+
+    it('should require valid userIds', async () => {
+      userMock.get.mockResolvedValue(null);
+      await expect(
+        sut.create(authStub.admin, {
+          albumName: 'Empty album',
+          sharedWithUserIds: ['user-3'],
+        }),
+      ).rejects.toBeInstanceOf(BadRequestException);
+      expect(userMock.get).toHaveBeenCalledWith('user-3');
+      expect(albumMock.create).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('update', () => {
+    it('should prevent updating an album that does not exist', async () => {
+      albumMock.getByIds.mockResolvedValue([]);
+
+      await expect(
+        sut.update(authStub.user1, 'invalid-id', {
+          albumName: 'new album name',
+        }),
+      ).rejects.toBeInstanceOf(BadRequestException);
+
+      expect(albumMock.update).not.toHaveBeenCalled();
+    });
+
+    it('should prevent updating a not owned album (shared with auth user)', async () => {
+      albumMock.getByIds.mockResolvedValue([albumStub.sharedWithAdmin]);
+
+      await expect(
+        sut.update(authStub.admin, albumStub.sharedWithAdmin.id, {
+          albumName: 'new album name',
+        }),
+      ).rejects.toBeInstanceOf(ForbiddenException);
+    });
+
+    it('should require a valid thumbnail asset id', async () => {
+      albumMock.getByIds.mockResolvedValue([albumStub.oneAsset]);
+      albumMock.update.mockResolvedValue(albumStub.oneAsset);
+      albumMock.hasAsset.mockResolvedValue(false);
+
+      await expect(
+        sut.update(authStub.admin, albumStub.oneAsset.id, {
+          albumThumbnailAssetId: 'not-in-album',
+        }),
+      ).rejects.toBeInstanceOf(BadRequestException);
+
+      expect(albumMock.hasAsset).toHaveBeenCalledWith(albumStub.oneAsset.id, 'not-in-album');
+      expect(albumMock.update).not.toHaveBeenCalled();
+    });
+
+    it('should allow the owner to update the album', async () => {
+      albumMock.getByIds.mockResolvedValue([albumStub.oneAsset]);
+      albumMock.update.mockResolvedValue(albumStub.oneAsset);
+
+      await sut.update(authStub.admin, albumStub.oneAsset.id, {
+        albumName: 'new album name',
+      });
+
+      expect(albumMock.update).toHaveBeenCalledTimes(1);
+      expect(albumMock.update).toHaveBeenCalledWith({
+        id: 'album-4',
+        albumName: 'new album name',
+      });
+      expect(jobMock.queue).toHaveBeenCalledWith({
+        name: JobName.SEARCH_INDEX_ALBUM,
+        data: { ids: [albumStub.oneAsset.id] },
+      });
+    });
+  });
+
+  describe('delete', () => {
+    it('should throw an error for an album not found', async () => {
+      albumMock.getByIds.mockResolvedValue([]);
+
+      await expect(sut.delete(authStub.admin, albumStub.sharedWithAdmin.id)).rejects.toBeInstanceOf(
+        BadRequestException,
+      );
+
+      expect(albumMock.delete).not.toHaveBeenCalled();
+    });
+
+    it('should not let a shared user delete the album', async () => {
+      albumMock.getByIds.mockResolvedValue([albumStub.sharedWithAdmin]);
+
+      await expect(sut.delete(authStub.admin, albumStub.sharedWithAdmin.id)).rejects.toBeInstanceOf(ForbiddenException);
+
+      expect(albumMock.delete).not.toHaveBeenCalled();
+    });
+
+    it('should let the owner delete an album', async () => {
+      albumMock.getByIds.mockResolvedValue([albumStub.empty]);
+
+      await sut.delete(authStub.admin, albumStub.empty.id);
+
+      expect(albumMock.delete).toHaveBeenCalledTimes(1);
+      expect(albumMock.delete).toHaveBeenCalledWith(albumStub.empty);
+    });
+  });
+
+  describe('addUsers', () => {
+    it('should require a valid album id', async () => {
+      albumMock.getByIds.mockResolvedValue([]);
+      await expect(sut.addUsers(authStub.admin, 'album-1', { sharedUserIds: ['user-1'] })).rejects.toBeInstanceOf(
+        BadRequestException,
+      );
+      expect(albumMock.update).not.toHaveBeenCalled();
+    });
+
+    it('should require the user to be the owner', async () => {
+      albumMock.getByIds.mockResolvedValue([albumStub.sharedWithAdmin]);
+      await expect(
+        sut.addUsers(authStub.admin, albumStub.sharedWithAdmin.id, { sharedUserIds: ['user-1'] }),
+      ).rejects.toBeInstanceOf(ForbiddenException);
+      expect(albumMock.update).not.toHaveBeenCalled();
+    });
+
+    it('should throw an error if the userId is already added', async () => {
+      albumMock.getByIds.mockResolvedValue([albumStub.sharedWithAdmin]);
+      await expect(
+        sut.addUsers(authStub.user1, albumStub.sharedWithAdmin.id, { sharedUserIds: [authStub.admin.id] }),
+      ).rejects.toBeInstanceOf(BadRequestException);
+      expect(albumMock.update).not.toHaveBeenCalled();
+    });
+
+    it('should throw an error if the userId does not exist', async () => {
+      albumMock.getByIds.mockResolvedValue([albumStub.sharedWithAdmin]);
+      userMock.get.mockResolvedValue(null);
+      await expect(
+        sut.addUsers(authStub.user1, albumStub.sharedWithAdmin.id, { sharedUserIds: ['user-3'] }),
+      ).rejects.toBeInstanceOf(BadRequestException);
+      expect(albumMock.update).not.toHaveBeenCalled();
+    });
+
+    it('should add valid shared users', async () => {
+      albumMock.getByIds.mockResolvedValue([_.cloneDeep(albumStub.sharedWithAdmin)]);
+      albumMock.update.mockResolvedValue(albumStub.sharedWithAdmin);
+      userMock.get.mockResolvedValue(userEntityStub.user2);
+      await sut.addUsers(authStub.user1, albumStub.sharedWithAdmin.id, { sharedUserIds: [authStub.user2.id] });
+      expect(albumMock.update).toHaveBeenCalledWith({
+        id: albumStub.sharedWithAdmin.id,
+        updatedAt: expect.any(Date),
+        sharedUsers: [userEntityStub.admin, { id: authStub.user2.id }],
+      });
+    });
+  });
+
+  describe('removeUser', () => {
+    it('should require a valid album id', async () => {
+      albumMock.getByIds.mockResolvedValue([]);
+      await expect(sut.removeUser(authStub.admin, 'album-1', 'user-1')).rejects.toBeInstanceOf(BadRequestException);
+      expect(albumMock.update).not.toHaveBeenCalled();
+    });
+
+    it('should remove a shared user from an owned album', async () => {
+      albumMock.getByIds.mockResolvedValue([albumStub.sharedWithUser]);
+
+      await expect(
+        sut.removeUser(authStub.admin, albumStub.sharedWithUser.id, userEntityStub.user1.id),
+      ).resolves.toBeUndefined();
+
+      expect(albumMock.update).toHaveBeenCalledTimes(1);
+      expect(albumMock.update).toHaveBeenCalledWith({
+        id: albumStub.sharedWithUser.id,
+        updatedAt: expect.any(Date),
+        sharedUsers: [],
+      });
+    });
+
+    it('should prevent removing a shared user from a not-owned album (shared with auth user)', async () => {
+      albumMock.getByIds.mockResolvedValue([albumStub.sharedWithMultiple]);
+
+      await expect(
+        sut.removeUser(authStub.user1, albumStub.sharedWithMultiple.id, authStub.user2.id),
+      ).rejects.toBeInstanceOf(ForbiddenException);
+
+      expect(albumMock.update).not.toHaveBeenCalled();
+    });
+
+    it('should allow a shared user to remove themselves', async () => {
+      albumMock.getByIds.mockResolvedValue([albumStub.sharedWithUser]);
+
+      await sut.removeUser(authStub.user1, albumStub.sharedWithUser.id, authStub.user1.id);
+
+      expect(albumMock.update).toHaveBeenCalledTimes(1);
+      expect(albumMock.update).toHaveBeenCalledWith({
+        id: albumStub.sharedWithUser.id,
+        updatedAt: expect.any(Date),
+        sharedUsers: [],
+      });
+    });
+
+    it('should allow a shared user to remove themselves using "me"', async () => {
+      albumMock.getByIds.mockResolvedValue([albumStub.sharedWithUser]);
+
+      await sut.removeUser(authStub.user1, albumStub.sharedWithUser.id, 'me');
+
+      expect(albumMock.update).toHaveBeenCalledTimes(1);
+      expect(albumMock.update).toHaveBeenCalledWith({
+        id: albumStub.sharedWithUser.id,
+        updatedAt: expect.any(Date),
+        sharedUsers: [],
+      });
+    });
+
+    it('should not allow the owner to be removed', async () => {
+      albumMock.getByIds.mockResolvedValue([albumStub.empty]);
+
+      await expect(sut.removeUser(authStub.admin, albumStub.empty.id, authStub.admin.id)).rejects.toBeInstanceOf(
+        BadRequestException,
+      );
+
+      expect(albumMock.update).not.toHaveBeenCalled();
+    });
+
+    it('should throw an error for a user not in the album', async () => {
+      albumMock.getByIds.mockResolvedValue([albumStub.empty]);
+
+      await expect(sut.removeUser(authStub.admin, albumStub.empty.id, 'user-3')).rejects.toBeInstanceOf(
+        BadRequestException,
+      );
+
+      expect(albumMock.update).not.toHaveBeenCalled();
+    });
+  });
+});

server/src/domain/album/album.service.ts

@@ -0,0 +1,188 @@
+import { AlbumEntity, AssetEntity, UserEntity } from '@app/infra/entities';
+import { BadRequestException, ForbiddenException, Inject, Injectable } from '@nestjs/common';
+import { IAssetRepository, mapAsset } from '../asset';
+import { AuthUserDto } from '../auth';
+import { IJobRepository, JobName } from '../job';
+import { IUserRepository } from '../user';
+import { IAlbumRepository } from './album.repository';
+import { AddUsersDto, CreateAlbumDto, GetAlbumsDto, UpdateAlbumDto } from './dto';
+import { AlbumResponseDto, mapAlbum } from './response-dto';
+
+@Injectable()
+export class AlbumService {
+  constructor(
+    @Inject(IAlbumRepository) private albumRepository: IAlbumRepository,
+    @Inject(IAssetRepository) private assetRepository: IAssetRepository,
+    @Inject(IJobRepository) private jobRepository: IJobRepository,
+    @Inject(IUserRepository) private userRepository: IUserRepository,
+  ) {}
+
+  async getAll({ id: ownerId }: AuthUserDto, { assetId, shared }: GetAlbumsDto): Promise<AlbumResponseDto[]> {
+    await this.updateInvalidThumbnails();
+
+    let albums: AlbumEntity[];
+    if (assetId) {
+      albums = await this.albumRepository.getByAssetId(ownerId, assetId);
+    } else if (shared === true) {
+      albums = await this.albumRepository.getShared(ownerId);
+    } else if (shared === false) {
+      albums = await this.albumRepository.getNotShared(ownerId);
+    } else {
+      albums = await this.albumRepository.getOwned(ownerId);
+    }
+
+    // Get asset count for each album. Then map the result to an object:
+    // { [albumId]: assetCount }
+    const albumsAssetCount = await this.albumRepository.getAssetCountForIds(albums.map((album) => album.id));
+    const albumsAssetCountObj = albumsAssetCount.reduce((obj: Record<string, number>, { albumId, assetCount }) => {
+      obj[albumId] = assetCount;
+      return obj;
+    }, {});
+
+    return albums.map((album) => {
+      return {
+        ...album,
+        assets: album?.assets?.map(mapAsset),
+        sharedLinks: undefined, // Don't return shared links
+        shared: album.sharedLinks?.length > 0 || album.sharedUsers?.length > 0,
+        assetCount: albumsAssetCountObj[album.id],
+      } as AlbumResponseDto;
+    });
+  }
+
+  private async updateInvalidThumbnails(): Promise<number> {
+    const invalidAlbumIds = await this.albumRepository.getInvalidThumbnail();
+
+    for (const albumId of invalidAlbumIds) {
+      const newThumbnail = await this.assetRepository.getFirstAssetForAlbumId(albumId);
+      await this.albumRepository.update({ id: albumId, albumThumbnailAsset: newThumbnail });
+    }
+
+    return invalidAlbumIds.length;
+  }
+
+  async create(authUser: AuthUserDto, dto: CreateAlbumDto): Promise<AlbumResponseDto> {
+    for (const userId of dto.sharedWithUserIds || []) {
+      const exists = await this.userRepository.get(userId);
+      if (!exists) {
+        throw new BadRequestException('User not found');
+      }
+    }
+
+    const album = await this.albumRepository.create({
+      ownerId: authUser.id,
+      albumName: dto.albumName,
+      sharedUsers: dto.sharedWithUserIds?.map((value) => ({ id: value } as UserEntity)) ?? [],
+      assets: (dto.assetIds || []).map((id) => ({ id } as AssetEntity)),
+      albumThumbnailAssetId: dto.assetIds?.[0] || null,
+    });
+
+    await this.jobRepository.queue({ name: JobName.SEARCH_INDEX_ALBUM, data: { ids: [album.id] } });
+    return mapAlbum(album);
+  }
+
+  async update(authUser: AuthUserDto, id: string, dto: UpdateAlbumDto): Promise<AlbumResponseDto> {
+    const album = await this.get(id);
+    this.assertOwner(authUser, album);
+
+    if (dto.albumThumbnailAssetId) {
+      const valid = await this.albumRepository.hasAsset(id, dto.albumThumbnailAssetId);
+      if (!valid) {
+        throw new BadRequestException('Invalid album thumbnail');
+      }
+    }
+
+    const updatedAlbum = await this.albumRepository.update({
+      id: album.id,
+      albumName: dto.albumName,
+      albumThumbnailAssetId: dto.albumThumbnailAssetId,
+    });
+
+    await this.jobRepository.queue({ name: JobName.SEARCH_INDEX_ALBUM, data: { ids: [updatedAlbum.id] } });
+
+    return mapAlbum(updatedAlbum);
+  }
+
+  async delete(authUser: AuthUserDto, id: string): Promise<void> {
+    const [album] = await this.albumRepository.getByIds([id]);
+    if (!album) {
+      throw new BadRequestException('Album not found');
+    }
+
+    if (album.ownerId !== authUser.id) {
+      throw new ForbiddenException('Album not owned by user');
+    }
+
+    await this.albumRepository.delete(album);
+    await this.jobRepository.queue({ name: JobName.SEARCH_REMOVE_ALBUM, data: { ids: [id] } });
+  }
+
+  async addUsers(authUser: AuthUserDto, id: string, dto: AddUsersDto) {
+    const album = await this.get(id);
+    this.assertOwner(authUser, album);
+
+    for (const userId of dto.sharedUserIds) {
+      const exists = album.sharedUsers.find((user) => user.id === userId);
+      if (exists) {
+        throw new BadRequestException('User already added');
+      }
+
+      const user = await this.userRepository.get(userId);
+      if (!user) {
+        throw new BadRequestException('User not found');
+      }
+
+      album.sharedUsers.push({ id: userId } as UserEntity);
+    }
+
+    return this.albumRepository
+      .update({
+        id: album.id,
+        updatedAt: new Date(),
+        sharedUsers: album.sharedUsers,
+      })
+      .then(mapAlbum);
+  }
+
+  async removeUser(authUser: AuthUserDto, id: string, userId: string | 'me'): Promise<void> {
+    if (userId === 'me') {
+      userId = authUser.id;
+    }
+
+    const album = await this.get(id);
+
+    if (album.ownerId === userId) {
+      throw new BadRequestException('Cannot remove album owner');
+    }
+
+    const exists = album.sharedUsers.find((user) => user.id === userId);
+    if (!exists) {
+      throw new BadRequestException('Album not shared with user');
+    }
+
+    // non-admin can remove themselves
+    if (authUser.id !== userId) {
+      this.assertOwner(authUser, album);
+    }
+
+    await this.albumRepository.update({
+      id: album.id,
+      updatedAt: new Date(),
+      sharedUsers: album.sharedUsers.filter((user) => user.id !== userId),
+    });
+  }
+
+  private async get(id: string) {
+    const [album] = await this.albumRepository.getByIds([id]);
+    if (!album) {
+      throw new BadRequestException('Album not found');
+    }
+    return album;
+  }
+
+  private assertOwner(authUser: AuthUserDto, album: AlbumEntity) {
+    if (album.ownerId !== authUser.id) {
+      throw new ForbiddenException('Album not owned by user');
+    }
+  }
+}

server/src/domain/album/dto/album-add-users.dto.ts

@@ -0,0 +1,8 @@
+import { ArrayNotEmpty } from 'class-validator';
+import { ValidateUUID } from '@app/immich/decorators/validate-uuid.decorator';
+
+export class AddUsersDto {
+  @ValidateUUID({ each: true })
+  @ArrayNotEmpty()
+  sharedUserIds!: string[];
+}

server/src/domain/album/dto/album-create.dto.ts

@@ -0,0 +1,16 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { ValidateUUID } from '@app/immich/decorators/validate-uuid.decorator';
+import { IsNotEmpty, IsString } from 'class-validator';
+
+export class CreateAlbumDto {
+  @IsNotEmpty()
+  @IsString()
+  @ApiProperty()
+  albumName!: string;
+
+  @ValidateUUID({ optional: true, each: true })
+  sharedWithUserIds?: string[];
+
+  @ValidateUUID({ optional: true, each: true })
+  assetIds?: string[];
+}

server/src/domain/album/dto/album-update.dto.ts

@@ -0,0 +1,12 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsOptional } from 'class-validator';
+import { ValidateUUID } from '@app/immich/decorators/validate-uuid.decorator';
+
+export class UpdateAlbumDto {
+  @IsOptional()
+  @ApiProperty()
+  albumName?: string;
+
+  @ValidateUUID({ optional: true })
+  albumThumbnailAssetId?: string;
+}

server/src/domain/album/dto/get-albums.dto.ts

@@ -0,0 +1,26 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { Transform } from 'class-transformer';
+import { IsBoolean, IsOptional } from 'class-validator';
+import { ValidateUUID } from '@app/immich/decorators/validate-uuid.decorator';
+import { toBoolean } from '@app/immich/utils/transform.util';
+
+export class GetAlbumsDto {
+  @IsOptional()
+  @IsBoolean()
+  @Transform(toBoolean)
+  @ApiProperty()
+  /**
+   * true: only shared albums
+   * false: only non-shared own albums
+   * undefined: shared and owned albums
+   */
+  shared?: boolean;
+
+  /**
+   * Only returns albums that contain the asset
+   * Ignores the shared parameter
+   * undefined: get all albums
+   */
+  @ValidateUUID({ optional: true })
+  assetId?: string;
+}

server/src/domain/album/dto/index.ts

@@ -0,0 +1,4 @@
+export * from './album-add-users.dto';
+export * from './album-create.dto';
+export * from './album-update.dto';
+export * from './get-albums.dto';

server/src/domain/album/index.ts

@@ -0,0 +1,4 @@
+export * from './album.repository';
+export * from './album.service';
+export * from './dto';
+export * from './response-dto';

server/src/domain/album/response-dto/album-response.dto.ts

@@ -0,0 +1,65 @@
+import { AlbumEntity } from '@app/infra/entities';
+import { ApiProperty } from '@nestjs/swagger';
+import { AssetResponseDto, mapAsset } from '../../asset';
+import { mapUser, UserResponseDto } from '../../user';
+
+export class AlbumResponseDto {
+  id!: string;
+  ownerId!: string;
+  albumName!: string;
+  createdAt!: Date;
+  updatedAt!: Date;
+  albumThumbnailAssetId!: string | null;
+  shared!: boolean;
+  sharedUsers!: UserResponseDto[];
+  assets!: AssetResponseDto[];
+  owner!: UserResponseDto;
+  @ApiProperty({ type: 'integer' })
+  assetCount!: number;
+}
+
+export function mapAlbum(entity: AlbumEntity): AlbumResponseDto {
+  const sharedUsers: UserResponseDto[] = [];
+
+  entity.sharedUsers?.forEach((user) => {
+    const userDto = mapUser(user);
+    sharedUsers.push(userDto);
+  });
+
+  return {
+    albumName: entity.albumName,
+    albumThumbnailAssetId: entity.albumThumbnailAssetId,
+    createdAt: entity.createdAt,
+    updatedAt: entity.updatedAt,
+    id: entity.id,
+    ownerId: entity.ownerId,
+    owner: mapUser(entity.owner),
+    sharedUsers,
+    shared: sharedUsers.length > 0 || entity.sharedLinks?.length > 0,
+    assets: entity.assets?.map((asset) => mapAsset(asset)) || [],
+    assetCount: entity.assets?.length || 0,
+  };
+}
+
+export function mapAlbumExcludeAssetInfo(entity: AlbumEntity): AlbumResponseDto {
+  const sharedUsers: UserResponseDto[] = [];
+
+  entity.sharedUsers?.forEach((user) => {
+    const userDto = mapUser(user);
+    sharedUsers.push(userDto);
+  });
+
+  return {
+    albumName: entity.albumName,
+    albumThumbnailAssetId: entity.albumThumbnailAssetId,
+    createdAt: entity.createdAt,
+    updatedAt: entity.updatedAt,
+    id: entity.id,
+    ownerId: entity.ownerId,
+    owner: mapUser(entity.owner),
+    sharedUsers,
+    shared: sharedUsers.length > 0 || entity.sharedLinks?.length > 0,
+    assets: [],
+    assetCount: entity.assets?.length || 0,
+  };
+}

server/src/domain/album/response-dto/index.ts

@@ -0,0 +1 @@
+export * from './album-response.dto';