feat(web,server): activity (#4682)

* feat: activity * regenerate api * fix: make asset owner unable to delete comment * fix: merge * fix: tests * feat: use textarea instead of input * fix: do actions only if the album is shared * fix: placeholder opacity * fix(web): improve messages UI * fix(web): improve input message UI * pr feedback * fix: tests * pr feedback * pr feedback * pr feedback * fix permissions * regenerate api * pr feedback * pr feedback * multiple improvements on web * fix: ui colors * WIP * chore: open api * pr feedback * fix: add comment * chore: clean up * pr feedback * refactor: endpoints * chore: open api * fix: filter by type * fix: e2e * feat: e2e remove own comment * fix: web tests * remove console.log * chore: cleanup * fix: ui tweaks * pr feedback * fix web test * fix: unit tests * chore: remove unused code * revert useless changes * fix: grouping messages * fix: remove nullable on updatedAt * fix: text overflow * styling --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com> Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2026-04-24 15:53:45 +00:00 · 2023-11-01 04:13:34 +01:00
parent 68f6446718
commit ce5966c23d
66 changed files with 4487 additions and 38 deletions
--- a/server/immich-openapi-specs.json
+++ b/server/immich-openapi-specs.json
@@ -1,6 +1,194 @@
 {
  "openapi": "3.0.0",
  "paths": {
+    "/activity": {
+      "get": {
+        "operationId": "getActivities",
+        "parameters": [
+          {
+            "name": "albumId",
+            "required": true,
+            "in": "query",
+            "schema": {
+              "format": "uuid",
+              "type": "string"
+            }
+          },
+          {
+            "name": "assetId",
+            "required": false,
+            "in": "query",
+            "schema": {
+              "format": "uuid",
+              "type": "string"
+            }
+          },
+          {
+            "name": "type",
+            "required": false,
+            "in": "query",
+            "schema": {
+              "$ref": "#/components/schemas/ReactionType"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "items": {
+                    "$ref": "#/components/schemas/ActivityResponseDto"
+                  },
+                  "type": "array"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "tags": [
+          "Activity"
+        ]
+      },
+      "post": {
+        "operationId": "createActivity",
+        "parameters": [],
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/ActivityCreateDto"
+              }
+            }
+          },
+          "required": true
+        },
+        "responses": {
+          "201": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ActivityResponseDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "tags": [
+          "Activity"
+        ]
+      }
+    },
+    "/activity/statistics": {
+      "get": {
+        "operationId": "getActivityStatistics",
+        "parameters": [
+          {
+            "name": "albumId",
+            "required": true,
+            "in": "query",
+            "schema": {
+              "format": "uuid",
+              "type": "string"
+            }
+          },
+          {
+            "name": "assetId",
+            "required": false,
+            "in": "query",
+            "schema": {
+              "format": "uuid",
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ActivityStatisticsResponseDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "tags": [
+          "Activity"
+        ]
+      }
+    },
+    "/activity/{id}": {
+      "delete": {
+        "operationId": "deleteActivity",
+        "parameters": [
+          {
+            "name": "id",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "format": "uuid",
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "tags": [
+          "Activity"
+        ]
+      }
+    },
    "/album": {
      "get": {
        "operationId": "getAllAlbums",
@@ -5512,6 +5700,77 @@
        ],
        "type": "object"
      },
+      "ActivityCreateDto": {
+        "properties": {
+          "albumId": {
+            "format": "uuid",
+            "type": "string"
+          },
+          "assetId": {
+            "format": "uuid",
+            "type": "string"
+          },
+          "comment": {
+            "type": "string"
+          },
+          "type": {
+            "$ref": "#/components/schemas/ReactionType"
+          }
+        },
+        "required": [
+          "albumId",
+          "type"
+        ],
+        "type": "object"
+      },
+      "ActivityResponseDto": {
+        "properties": {
+          "assetId": {
+            "nullable": true,
+            "type": "string"
+          },
+          "comment": {
+            "nullable": true,
+            "type": "string"
+          },
+          "createdAt": {
+            "format": "date-time",
+            "type": "string"
+          },
+          "id": {
+            "type": "string"
+          },
+          "type": {
+            "enum": [
+              "comment",
+              "like"
+            ],
+            "type": "string"
+          },
+          "user": {
+            "$ref": "#/components/schemas/UserDto"
+          }
+        },
+        "required": [
+          "id",
+          "createdAt",
+          "type",
+          "user",
+          "assetId"
+        ],
+        "type": "object"
+      },
+      "ActivityStatisticsResponseDto": {
+        "properties": {
+          "comments": {
+            "type": "integer"
+          }
+        },
+        "required": [
+          "comments"
+        ],
+        "type": "object"
+      },
      "AddUsersDto": {
        "properties": {
          "sharedUserIds": {
@@ -7432,6 +7691,13 @@
        ],
        "type": "object"
      },
+      "ReactionType": {
+        "enum": [
+          "comment",
+          "like"
+        ],
+        "type": "string"
+      },
      "RecognitionConfig": {
        "properties": {
          "enabled": {
@@ -8757,6 +9023,33 @@
        ],
        "type": "object"
      },
+      "UserDto": {
+        "properties": {
+          "email": {
+            "type": "string"
+          },
+          "firstName": {
+            "type": "string"
+          },
+          "id": {
+            "type": "string"
+          },
+          "lastName": {
+            "type": "string"
+          },
+          "profileImagePath": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "id",
+          "firstName",
+          "lastName",
+          "email",
+          "profileImagePath"
+        ],
+        "type": "object"
+      },
      "UserResponseDto": {
        "properties": {
          "createdAt": {
@@ -8810,12 +9103,12 @@
        },
        "required": [
          "id",
-          "email",
          "firstName",
          "lastName",
+          "email",
+          "profileImagePath",
          "storageLabel",
          "externalPath",
-          "profileImagePath",
          "shouldChangePassword",
          "isAdmin",
          "createdAt",
--- a/server/src/domain/access/access.core.ts
+++ b/server/src/domain/access/access.core.ts
@@ -3,6 +3,9 @@ import { AuthUserDto } from '../auth';
 import { IAccessRepository } from '../repositories';

 export enum Permission {
+  ACTIVITY_CREATE = 'activity.create',
+  ACTIVITY_DELETE = 'activity.delete',
+
  // ASSET_CREATE = 'asset.create',
  ASSET_READ = 'asset.read',
  ASSET_UPDATE = 'asset.update',
@@ -133,6 +136,20 @@ export class AccessCore {

  private async hasOtherAccess(authUser: AuthUserDto, permission: Permission, id: string) {
    switch (permission) {
+      // uses album id
+      case Permission.ACTIVITY_CREATE:
+        return (
+          (await this.repository.album.hasOwnerAccess(authUser.id, id)) ||
+          (await this.repository.album.hasSharedAlbumAccess(authUser.id, id))
+        );
+
+      // uses activity id
+      case Permission.ACTIVITY_DELETE:
+        return (
+          (await this.repository.activity.hasOwnerAccess(authUser.id, id)) ||
+          (await this.repository.activity.hasAlbumOwnerAccess(authUser.id, id))
+        );
+
      case Permission.ASSET_READ:
        return (
          (await this.repository.asset.hasOwnerAccess(authUser.id, id)) ||
--- a/server/src/domain/activity/activity.dto.ts
+++ b/server/src/domain/activity/activity.dto.ts
@@ -0,0 +1,65 @@
+import { ActivityEntity } from '@app/infra/entities';
+import { ApiProperty } from '@nestjs/swagger';
+import { IsEnum, IsNotEmpty, IsString, ValidateIf } from 'class-validator';
+import { Optional, ValidateUUID } from '../domain.util';
+import { UserDto, mapSimpleUser } from '../user/response-dto';
+
+export enum ReactionType {
+  COMMENT = 'comment',
+  LIKE = 'like',
+}
+
+export type MaybeDuplicate<T> = { duplicate: boolean; value: T };
+
+export class ActivityResponseDto {
+  id!: string;
+  createdAt!: Date;
+  type!: ReactionType;
+  user!: UserDto;
+  assetId!: string | null;
+  comment?: string | null;
+}
+
+export class ActivityStatisticsResponseDto {
+  @ApiProperty({ type: 'integer' })
+  comments!: number;
+}
+
+export class ActivityDto {
+  @ValidateUUID()
+  albumId!: string;
+
+  @ValidateUUID({ optional: true })
+  assetId?: string;
+}
+
+export class ActivitySearchDto extends ActivityDto {
+  @IsEnum(ReactionType)
+  @Optional()
+  @ApiProperty({ enumName: 'ReactionType', enum: ReactionType })
+  type?: ReactionType;
+}
+
+const isComment = (dto: ActivityCreateDto) => dto.type === 'comment';
+
+export class ActivityCreateDto extends ActivityDto {
+  @IsEnum(ReactionType)
+  @ApiProperty({ enumName: 'ReactionType', enum: ReactionType })
+  type!: ReactionType;
+
+  @ValidateIf(isComment)
+  @IsNotEmpty()
+  @IsString()
+  comment?: string;
+}
+
+export function mapActivity(activity: ActivityEntity): ActivityResponseDto {
+  return {
+    id: activity.id,
+    assetId: activity.assetId,
+    createdAt: activity.createdAt,
+    comment: activity.comment,
+    type: activity.isLiked ? ReactionType.LIKE : ReactionType.COMMENT,
+    user: mapSimpleUser(activity.user),
+  };
+}
--- a/server/src/domain/activity/activity.service.ts
+++ b/server/src/domain/activity/activity.service.ts
@@ -0,0 +1,80 @@
+import { ActivityEntity } from '@app/infra/entities';
+import { Inject, Injectable } from '@nestjs/common';
+import { AccessCore, Permission } from '../access';
+import { AuthUserDto } from '../auth';
+import { IAccessRepository, IActivityRepository } from '../repositories';
+import {
+  ActivityCreateDto,
+  ActivityDto,
+  ActivityResponseDto,
+  ActivitySearchDto,
+  ActivityStatisticsResponseDto,
+  MaybeDuplicate,
+  ReactionType,
+  mapActivity,
+} from './activity.dto';
+
+@Injectable()
+export class ActivityService {
+  private access: AccessCore;
+
+  constructor(
+    @Inject(IAccessRepository) accessRepository: IAccessRepository,
+    @Inject(IActivityRepository) private repository: IActivityRepository,
+  ) {
+    this.access = AccessCore.create(accessRepository);
+  }
+
+  async getAll(authUser: AuthUserDto, dto: ActivitySearchDto): Promise<ActivityResponseDto[]> {
+    await this.access.requirePermission(authUser, Permission.ALBUM_READ, dto.albumId);
+    const activities = await this.repository.search({
+      albumId: dto.albumId,
+      assetId: dto.assetId,
+      isLiked: dto.type && dto.type === ReactionType.LIKE,
+    });
+
+    return activities.map(mapActivity);
+  }
+
+  async getStatistics(authUser: AuthUserDto, dto: ActivityDto): Promise<ActivityStatisticsResponseDto> {
+    await this.access.requirePermission(authUser, Permission.ALBUM_READ, dto.albumId);
+    return { comments: await this.repository.getStatistics(dto.assetId, dto.albumId) };
+  }
+
+  async create(authUser: AuthUserDto, dto: ActivityCreateDto): Promise<MaybeDuplicate<ActivityResponseDto>> {
+    await this.access.requirePermission(authUser, Permission.ACTIVITY_CREATE, dto.albumId);
+
+    const common = {
+      userId: authUser.id,
+      assetId: dto.assetId,
+      albumId: dto.albumId,
+    };
+
+    let activity: ActivityEntity | null = null;
+    let duplicate = false;
+
+    if (dto.type === 'like') {
+      delete dto.comment;
+      [activity] = await this.repository.search({
+        ...common,
+        isLiked: true,
+      });
+      duplicate = !!activity;
+    }
+
+    if (!activity) {
+      activity = await this.repository.create({
+        ...common,
+        isLiked: dto.type === ReactionType.LIKE,
+        comment: dto.comment,
+      });
+    }
+
+    return { duplicate, value: mapActivity(activity) };
+  }
+
+  async delete(authUser: AuthUserDto, id: string): Promise<void> {
+    await this.access.requirePermission(authUser, Permission.ACTIVITY_DELETE, id);
+    await this.repository.delete(id);
+  }
+}
--- a/server/src/domain/activity/activity.spec.ts
+++ b/server/src/domain/activity/activity.spec.ts
@@ -0,0 +1,168 @@
+import { BadRequestException } from '@nestjs/common';
+import { authStub, IAccessRepositoryMock, newAccessRepositoryMock } from '@test';
+import { activityStub } from '@test/fixtures/activity.stub';
+import { newActivityRepositoryMock } from '@test/repositories/activity.repository.mock';
+import { IActivityRepository } from '../repositories';
+import { ReactionType } from './activity.dto';
+import { ActivityService } from './activity.service';
+
+describe(ActivityService.name, () => {
+  let sut: ActivityService;
+  let accessMock: IAccessRepositoryMock;
+  let activityMock: jest.Mocked<IActivityRepository>;
+
+  beforeEach(async () => {
+    accessMock = newAccessRepositoryMock();
+    activityMock = newActivityRepositoryMock();
+
+    sut = new ActivityService(accessMock, activityMock);
+  });
+
+  it('should work', () => {
+    expect(sut).toBeDefined();
+  });
+
+  describe('getAll', () => {
+    it('should get all', async () => {
+      accessMock.album.hasOwnerAccess.mockResolvedValue(true);
+      activityMock.search.mockResolvedValue([]);
+
+      await expect(sut.getAll(authStub.admin, { assetId: 'asset-id', albumId: 'album-id' })).resolves.toEqual([]);
+
+      expect(activityMock.search).toHaveBeenCalledWith({
+        assetId: 'asset-id',
+        albumId: 'album-id',
+        isLiked: undefined,
+      });
+    });
+
+    it('should filter by type=like', async () => {
+      accessMock.album.hasOwnerAccess.mockResolvedValue(true);
+      activityMock.search.mockResolvedValue([]);
+
+      await expect(
+        sut.getAll(authStub.admin, { assetId: 'asset-id', albumId: 'album-id', type: ReactionType.LIKE }),
+      ).resolves.toEqual([]);
+
+      expect(activityMock.search).toHaveBeenCalledWith({
+        assetId: 'asset-id',
+        albumId: 'album-id',
+        isLiked: true,
+      });
+    });
+
+    it('should filter by type=comment', async () => {
+      accessMock.album.hasOwnerAccess.mockResolvedValue(true);
+      activityMock.search.mockResolvedValue([]);
+
+      await expect(
+        sut.getAll(authStub.admin, { assetId: 'asset-id', albumId: 'album-id', type: ReactionType.COMMENT }),
+      ).resolves.toEqual([]);
+
+      expect(activityMock.search).toHaveBeenCalledWith({
+        assetId: 'asset-id',
+        albumId: 'album-id',
+        isLiked: false,
+      });
+    });
+  });
+
+  describe('getStatistics', () => {
+    it('should get the comment count', async () => {
+      activityMock.getStatistics.mockResolvedValue(1);
+      accessMock.album.hasOwnerAccess.mockResolvedValue(true);
+      await expect(
+        sut.getStatistics(authStub.admin, {
+          assetId: 'asset-id',
+          albumId: activityStub.oneComment.albumId,
+        }),
+      ).resolves.toEqual({ comments: 1 });
+    });
+  });
+
+  describe('addComment', () => {
+    it('should require access to the album', async () => {
+      accessMock.album.hasOwnerAccess.mockResolvedValue(false);
+      await expect(
+        sut.create(authStub.admin, {
+          albumId: 'album-id',
+          assetId: 'asset-id',
+          type: ReactionType.COMMENT,
+          comment: 'comment',
+        }),
+      ).rejects.toBeInstanceOf(BadRequestException);
+    });
+
+    it('should create a comment', async () => {
+      accessMock.album.hasOwnerAccess.mockResolvedValue(true);
+      activityMock.create.mockResolvedValue(activityStub.oneComment);
+
+      await sut.create(authStub.admin, {
+        albumId: 'album-id',
+        assetId: 'asset-id',
+        type: ReactionType.COMMENT,
+        comment: 'comment',
+      });
+
+      expect(activityMock.create).toHaveBeenCalledWith({
+        userId: 'admin_id',
+        albumId: 'album-id',
+        assetId: 'asset-id',
+        comment: 'comment',
+        isLiked: false,
+      });
+    });
+
+    it('should create a like', async () => {
+      accessMock.album.hasOwnerAccess.mockResolvedValue(true);
+      activityMock.create.mockResolvedValue(activityStub.liked);
+      activityMock.search.mockResolvedValue([]);
+
+      await sut.create(authStub.admin, {
+        albumId: 'album-id',
+        assetId: 'asset-id',
+        type: ReactionType.LIKE,
+      });
+
+      expect(activityMock.create).toHaveBeenCalledWith({
+        userId: 'admin_id',
+        albumId: 'album-id',
+        assetId: 'asset-id',
+        isLiked: true,
+      });
+    });
+
+    it('should skip if like exists', async () => {
+      accessMock.album.hasOwnerAccess.mockResolvedValue(true);
+      activityMock.search.mockResolvedValue([activityStub.liked]);
+
+      await sut.create(authStub.admin, {
+        albumId: 'album-id',
+        assetId: 'asset-id',
+        type: ReactionType.LIKE,
+      });
+
+      expect(activityMock.create).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('delete', () => {
+    it('should require access', async () => {
+      accessMock.activity.hasOwnerAccess.mockResolvedValue(false);
+      await expect(sut.delete(authStub.admin, activityStub.oneComment.id)).rejects.toBeInstanceOf(BadRequestException);
+      expect(activityMock.delete).not.toHaveBeenCalled();
+    });
+
+    it('should let the activity owner delete a comment', async () => {
+      accessMock.activity.hasOwnerAccess.mockResolvedValue(true);
+      await sut.delete(authStub.admin, 'activity-id');
+      expect(activityMock.delete).toHaveBeenCalledWith('activity-id');
+    });
+
+    it('should let the album owner delete a comment', async () => {
+      accessMock.activity.hasAlbumOwnerAccess.mockResolvedValue(true);
+      await sut.delete(authStub.admin, 'activity-id');
+      expect(activityMock.delete).toHaveBeenCalledWith('activity-id');
+    });
+  });
+});
--- a/server/src/domain/activity/index.ts
+++ b/server/src/domain/activity/index.ts
@@ -0,0 +1,2 @@
+export * from './activity.dto';
+export * from './activity.service';
--- a/server/src/domain/domain.module.ts
+++ b/server/src/domain/domain.module.ts
@@ -1,4 +1,5 @@
 import { DynamicModule, Global, Module, ModuleMetadata, OnApplicationShutdown, Provider } from '@nestjs/common';
+import { ActivityService } from './activity';
 import { AlbumService } from './album';
 import { APIKeyService } from './api-key';
 import { AssetService } from './asset';
@@ -21,6 +22,7 @@ import { TagService } from './tag';
 import { UserService } from './user';

 const providers: Provider[] = [
+  ActivityService,
  AlbumService,
  APIKeyService,
  AssetService,
--- a/server/src/domain/index.ts
+++ b/server/src/domain/index.ts
@@ -1,4 +1,5 @@
 export * from './access';
+export * from './activity';
 export * from './album';
 export * from './api-key';
 export * from './asset';
--- a/server/src/domain/repositories/access.repository.ts
+++ b/server/src/domain/repositories/access.repository.ts
@@ -1,6 +1,10 @@
 export const IAccessRepository = 'IAccessRepository';

 export interface IAccessRepository {
+  activity: {
+    hasOwnerAccess(userId: string, albumId: string): Promise<boolean>;
+    hasAlbumOwnerAccess(userId: string, albumId: string): Promise<boolean>;
+  };
  asset: {
    hasOwnerAccess(userId: string, assetId: string): Promise<boolean>;
    hasAlbumAccess(userId: string, assetId: string): Promise<boolean>;
--- a/server/src/domain/repositories/activity.repository.ts
+++ b/server/src/domain/repositories/activity.repository.ts
@@ -0,0 +1,11 @@
+import { ActivityEntity } from '@app/infra/entities/activity.entity';
+import { ActivitySearch } from '@app/infra/repositories';
+
+export const IActivityRepository = 'IActivityRepository';
+
+export interface IActivityRepository {
+  search(options: ActivitySearch): Promise<ActivityEntity[]>;
+  create(activity: Partial<ActivityEntity>): Promise<ActivityEntity>;
+  delete(id: string): Promise<void>;
+  getStatistics(assetId: string | undefined, albumId: string): Promise<number>;
+}
--- a/server/src/domain/repositories/index.ts
+++ b/server/src/domain/repositories/index.ts
@@ -1,4 +1,5 @@
 export * from './access.repository';
+export * from './activity.repository';
 export * from './album.repository';
 export * from './api-key.repository';
 export * from './asset.repository';
--- a/server/src/domain/user/response-dto/user-response.dto.ts
+++ b/server/src/domain/user/response-dto/user-response.dto.ts
@@ -1,13 +1,16 @@
 import { UserEntity } from '@app/infra/entities';

-export class UserResponseDto {
+export class UserDto {
  id!: string;
-  email!: string;
  firstName!: string;
  lastName!: string;
+  email!: string;
+  profileImagePath!: string;
+}
+
+export class UserResponseDto extends UserDto {
  storageLabel!: string | null;
  externalPath!: string | null;
-  profileImagePath!: string;
  shouldChangePassword!: boolean;
  isAdmin!: boolean;
  createdAt!: Date;
@@ -17,15 +20,21 @@ export class UserResponseDto {
  memoriesEnabled?: boolean;
 }

-export function mapUser(entity: UserEntity): UserResponseDto {
+export const mapSimpleUser = (entity: UserEntity): UserDto => {
  return {
    id: entity.id,
    email: entity.email,
    firstName: entity.firstName,
    lastName: entity.lastName,
+    profileImagePath: entity.profileImagePath,
+  };
+};
+
+export function mapUser(entity: UserEntity): UserResponseDto {
+  return {
+    ...mapSimpleUser(entity),
    storageLabel: entity.storageLabel,
    externalPath: entity.externalPath,
-    profileImagePath: entity.profileImagePath,
    shouldChangePassword: entity.shouldChangePassword,
    isAdmin: entity.isAdmin,
    createdAt: entity.createdAt,
--- a/server/src/immich/app.module.ts
+++ b/server/src/immich/app.module.ts
@@ -13,6 +13,7 @@ import { FileUploadInterceptor } from './app.interceptor';
 import { AppService } from './app.service';
 import {
  APIKeyController,
+  ActivityController,
  AlbumController,
  AppController,
  AssetController,
@@ -39,6 +40,7 @@ import {
    TypeOrmModule.forFeature([AssetEntity]),
  ],
  controllers: [
+    ActivityController,
    AssetController,
    AssetControllerV1,
    AppController,
--- a/server/src/immich/controllers/activity.controller.ts
+++ b/server/src/immich/controllers/activity.controller.ts
@@ -0,0 +1,52 @@
+import { AuthUserDto } from '@app/domain';
+import {
+  ActivityDto,
+  ActivitySearchDto,
+  ActivityService,
+  ActivityCreateDto as CreateDto,
+  ActivityResponseDto as ResponseDto,
+  ActivityStatisticsResponseDto as StatsResponseDto,
+} from '@app/domain/activity';
+import { Body, Controller, Delete, Get, HttpCode, HttpStatus, Param, Post, Query, Res } from '@nestjs/common';
+import { ApiTags } from '@nestjs/swagger';
+import { Response } from 'express';
+import { AuthUser, Authenticated } from '../app.guard';
+import { UseValidation } from '../app.utils';
+import { UUIDParamDto } from './dto/uuid-param.dto';
+
+@ApiTags('Activity')
+@Controller('activity')
+@Authenticated()
+@UseValidation()
+export class ActivityController {
+  constructor(private service: ActivityService) {}
+
+  @Get()
+  getActivities(@AuthUser() authUser: AuthUserDto, @Query() dto: ActivitySearchDto): Promise<ResponseDto[]> {
+    return this.service.getAll(authUser, dto);
+  }
+
+  @Get('statistics')
+  getActivityStatistics(@AuthUser() authUser: AuthUserDto, @Query() dto: ActivityDto): Promise<StatsResponseDto> {
+    return this.service.getStatistics(authUser, dto);
+  }
+
+  @Post()
+  async createActivity(
+    @AuthUser() authUser: AuthUserDto,
+    @Body() dto: CreateDto,
+    @Res({ passthrough: true }) res: Response,
+  ): Promise<ResponseDto> {
+    const { duplicate, value } = await this.service.create(authUser, dto);
+    if (duplicate) {
+      res.status(HttpStatus.OK);
+    }
+    return value;
+  }
+
+  @Delete(':id')
+  @HttpCode(HttpStatus.NO_CONTENT)
+  deleteActivity(@AuthUser() authUser: AuthUserDto, @Param() { id }: UUIDParamDto): Promise<void> {
+    return this.service.delete(authUser, id);
+  }
+}
--- a/server/src/immich/controllers/index.ts
+++ b/server/src/immich/controllers/index.ts
@@ -1,3 +1,4 @@
+export * from './activity.controller';
 export * from './album.controller';
 export * from './api-key.controller';
 export * from './app.controller';
--- a/server/src/infra/entities/activity.entity.ts
+++ b/server/src/infra/entities/activity.entity.ts
@@ -0,0 +1,51 @@
+import {
+  Check,
+  Column,
+  CreateDateColumn,
+  Entity,
+  Index,
+  ManyToOne,
+  PrimaryGeneratedColumn,
+  UpdateDateColumn,
+} from 'typeorm';
+import { AlbumEntity } from './album.entity';
+import { AssetEntity } from './asset.entity';
+import { UserEntity } from './user.entity';
+
+@Entity('activity')
+@Index('IDX_activity_like', ['assetId', 'userId', 'albumId'], { unique: true, where: '("isLiked" = true)' })
+@Check(`("comment" IS NULL AND "isLiked" = true) OR ("comment" IS NOT NULL AND "isLiked" = false)`)
+export class ActivityEntity {
+  @PrimaryGeneratedColumn('uuid')
+  id!: string;
+
+  @CreateDateColumn({ type: 'timestamptz' })
+  createdAt!: Date;
+
+  @UpdateDateColumn({ type: 'timestamptz' })
+  updatedAt!: Date;
+
+  @Column()
+  albumId!: string;
+
+  @Column()
+  userId!: string;
+
+  @Column({ nullable: true, type: 'uuid' })
+  assetId!: string | null;
+
+  @Column({ type: 'text', default: null })
+  comment!: string | null;
+
+  @Column({ type: 'boolean', default: false })
+  isLiked!: boolean;
+
+  @ManyToOne(() => AssetEntity, { onDelete: 'CASCADE', onUpdate: 'CASCADE', nullable: true })
+  asset!: AssetEntity | null;
+
+  @ManyToOne(() => UserEntity, { onDelete: 'CASCADE', onUpdate: 'CASCADE' })
+  user!: UserEntity;
+
+  @ManyToOne(() => AlbumEntity, { onDelete: 'CASCADE', onUpdate: 'CASCADE' })
+  album!: AlbumEntity;
+}
--- a/server/src/infra/entities/index.ts
+++ b/server/src/infra/entities/index.ts
@@ -1,3 +1,4 @@
+import { ActivityEntity } from './activity.entity';
 import { AlbumEntity } from './album.entity';
 import { APIKeyEntity } from './api-key.entity';
 import { AssetFaceEntity } from './asset-face.entity';
@@ -15,6 +16,7 @@ import { TagEntity } from './tag.entity';
 import { UserTokenEntity } from './user-token.entity';
 import { UserEntity } from './user.entity';

+export * from './activity.entity';
 export * from './album.entity';
 export * from './api-key.entity';
 export * from './asset-face.entity';
@@ -33,6 +35,7 @@ export * from './user-token.entity';
 export * from './user.entity';

 export const databaseEntities = [
+  ActivityEntity,
  AlbumEntity,
  APIKeyEntity,
  AssetEntity,
--- a/server/src/infra/infra.module.ts
+++ b/server/src/infra/infra.module.ts
@@ -1,5 +1,6 @@
 import {
  IAccessRepository,
+  IActivityRepository,
  IAlbumRepository,
  IAssetRepository,
  IAuditRepository,
@@ -35,6 +36,7 @@ import { bullConfig, bullQueues } from './infra.config';
 import {
  APIKeyRepository,
  AccessRepository,
+  ActivityRepository,
  AlbumRepository,
  AssetRepository,
  AuditRepository,
@@ -60,6 +62,7 @@ import {
 } from './repositories';

 const providers: Provider[] = [
+  { provide: IActivityRepository, useClass: ActivityRepository },
  { provide: IAccessRepository, useClass: AccessRepository },
  { provide: IAlbumRepository, useClass: AlbumRepository },
  { provide: IAssetRepository, useClass: AssetRepository },
--- a/server/src/infra/migrations/1698693294632-AddActivity.ts
+++ b/server/src/infra/migrations/1698693294632-AddActivity.ts
@@ -0,0 +1,22 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class AddActivity1698693294632 implements MigrationInterface {
+    name = 'AddActivity1698693294632'
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`CREATE TABLE "activity" ("id" uuid NOT NULL DEFAULT uuid_generate_v4(), "createdAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), "updatedAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), "albumId" uuid NOT NULL, "userId" uuid NOT NULL, "assetId" uuid, "comment" text, "isLiked" boolean NOT NULL DEFAULT false, CONSTRAINT "CHK_2ab1e70f113f450eb40c1e3ec8" CHECK (("comment" IS NULL AND "isLiked" = true) OR ("comment" IS NOT NULL AND "isLiked" = false)), CONSTRAINT "PK_24625a1d6b1b089c8ae206fe467" PRIMARY KEY ("id"))`);
+        await queryRunner.query(`CREATE UNIQUE INDEX "IDX_activity_like" ON "activity" ("assetId", "userId", "albumId") WHERE ("isLiked" = true)`);
+        await queryRunner.query(`ALTER TABLE "activity" ADD CONSTRAINT "FK_8091ea76b12338cb4428d33d782" FOREIGN KEY ("assetId") REFERENCES "assets"("id") ON DELETE CASCADE ON UPDATE CASCADE`);
+        await queryRunner.query(`ALTER TABLE "activity" ADD CONSTRAINT "FK_3571467bcbe021f66e2bdce96ea" FOREIGN KEY ("userId") REFERENCES "users"("id") ON DELETE CASCADE ON UPDATE CASCADE`);
+        await queryRunner.query(`ALTER TABLE "activity" ADD CONSTRAINT "FK_1af8519996fbfb3684b58df280b" FOREIGN KEY ("albumId") REFERENCES "albums"("id") ON DELETE CASCADE ON UPDATE CASCADE`);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE "activity" DROP CONSTRAINT "FK_1af8519996fbfb3684b58df280b"`);
+        await queryRunner.query(`ALTER TABLE "activity" DROP CONSTRAINT "FK_3571467bcbe021f66e2bdce96ea"`);
+        await queryRunner.query(`ALTER TABLE "activity" DROP CONSTRAINT "FK_8091ea76b12338cb4428d33d782"`);
+        await queryRunner.query(`DROP INDEX "public"."IDX_activity_like"`);
+        await queryRunner.query(`DROP TABLE "activity"`);
+    }
+
+}
--- a/server/src/infra/repositories/access.repository.ts
+++ b/server/src/infra/repositories/access.repository.ts
@@ -2,6 +2,7 @@ import { IAccessRepository } from '@app/domain';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Repository } from 'typeorm';
 import {
+  ActivityEntity,
  AlbumEntity,
  AssetEntity,
  LibraryEntity,
@@ -13,6 +14,7 @@ import {

 export class AccessRepository implements IAccessRepository {
  constructor(
+    @InjectRepository(ActivityEntity) private activityRepository: Repository<ActivityEntity>,
    @InjectRepository(AssetEntity) private assetRepository: Repository<AssetEntity>,
    @InjectRepository(AlbumEntity) private albumRepository: Repository<AlbumEntity>,
    @InjectRepository(LibraryEntity) private libraryRepository: Repository<LibraryEntity>,
@@ -22,6 +24,26 @@ export class AccessRepository implements IAccessRepository {
    @InjectRepository(UserTokenEntity) private tokenRepository: Repository<UserTokenEntity>,
  ) {}

+  activity = {
+    hasOwnerAccess: (userId: string, activityId: string): Promise<boolean> => {
+      return this.activityRepository.exist({
+        where: {
+          id: activityId,
+          userId,
+        },
+      });
+    },
+    hasAlbumOwnerAccess: (userId: string, activityId: string): Promise<boolean> => {
+      return this.activityRepository.exist({
+        where: {
+          id: activityId,
+          album: {
+            ownerId: userId,
+          },
+        },
+      });
+    },
+  };
  library = {
    hasOwnerAccess: (userId: string, libraryId: string): Promise<boolean> => {
      return this.libraryRepository.exist({
--- a/server/src/infra/repositories/activity.repository.ts
+++ b/server/src/infra/repositories/activity.repository.ts
@@ -0,0 +1,64 @@
+import { IActivityRepository } from '@app/domain';
+import { Injectable } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { ActivityEntity } from '../entities/activity.entity';
+
+export interface ActivitySearch {
+  albumId?: string;
+  assetId?: string;
+  userId?: string;
+  isLiked?: boolean;
+}
+
+@Injectable()
+export class ActivityRepository implements IActivityRepository {
+  constructor(@InjectRepository(ActivityEntity) private repository: Repository<ActivityEntity>) {}
+
+  search(options: ActivitySearch): Promise<ActivityEntity[]> {
+    const { userId, assetId, albumId, isLiked } = options;
+    return this.repository.find({
+      where: {
+        userId,
+        assetId,
+        albumId,
+        isLiked,
+      },
+      relations: {
+        user: true,
+      },
+      order: {
+        createdAt: 'ASC',
+      },
+    });
+  }
+
+  create(entity: Partial<ActivityEntity>): Promise<ActivityEntity> {
+    return this.save(entity);
+  }
+
+  async delete(id: string): Promise<void> {
+    await this.repository.delete(id);
+  }
+
+  getStatistics(assetId: string, albumId: string): Promise<number> {
+    return this.repository.count({
+      where: { assetId, albumId, isLiked: false },
+      relations: {
+        user: true,
+      },
+    });
+  }
+
+  private async save(entity: Partial<ActivityEntity>) {
+    const { id } = await this.repository.save(entity);
+    return this.repository.findOneOrFail({
+      where: {
+        id,
+      },
+      relations: {
+        user: true,
+      },
+    });
+  }
+}
--- a/server/src/infra/repositories/index.ts
+++ b/server/src/infra/repositories/index.ts
@@ -1,4 +1,5 @@
 export * from './access.repository';
+export * from './activity.repository';
 export * from './album.repository';
 export * from './api-key.repository';
 export * from './asset.repository';
--- a/server/test/api/activity-api.ts
+++ b/server/test/api/activity-api.ts
@@ -0,0 +1,14 @@
+import { ActivityCreateDto, ActivityResponseDto } from '@app/domain';
+import request from 'supertest';
+
+export const activityApi = {
+  create: async (server: any, accessToken: string, dto: ActivityCreateDto) => {
+    const res = await request(server).post('/activity').set('Authorization', `Bearer ${accessToken}`).send(dto);
+    expect(res.status === 200 || res.status === 201).toBe(true);
+    return res.body as ActivityResponseDto;
+  },
+  delete: async (server: any, accessToken: string, id: string) => {
+    const res = await request(server).delete(`/activity/${id}`).set('Authorization', `Bearer ${accessToken}`);
+    expect(res.status).toEqual(204);
+  },
+};
--- a/server/test/api/album-api.ts
+++ b/server/test/api/album-api.ts
@@ -1,4 +1,4 @@
-import { AlbumResponseDto, BulkIdResponseDto, BulkIdsDto, CreateAlbumDto } from '@app/domain';
+import { AddUsersDto, AlbumResponseDto, BulkIdResponseDto, BulkIdsDto, CreateAlbumDto } from '@app/domain';
 import request from 'supertest';

 export const albumApi = {
@@ -15,4 +15,9 @@ export const albumApi = {
    expect(res.status).toEqual(200);
    return res.body as BulkIdResponseDto[];
  },
+  addUsers: async (server: any, accessToken: string, id: string, dto: AddUsersDto) => {
+    const res = await request(server).put(`/album/${id}/users`).set('Authorization', `Bearer ${accessToken}`).send(dto);
+    expect(res.status).toEqual(200);
+    return res.body as AlbumResponseDto;
+  },
 };
--- a/server/test/api/index.ts
+++ b/server/test/api/index.ts
@@ -1,3 +1,4 @@
+import { activityApi } from './activity-api';
 import { albumApi } from './album-api';
 import { assetApi } from './asset-api';
 import { authApi } from './auth-api';
@@ -6,6 +7,7 @@ import { sharedLinkApi } from './shared-link-api';
 import { userApi } from './user-api';

 export const api = {
+  activityApi,
  authApi,
  assetApi,
  libraryApi,
--- a/server/test/e2e/activity.e2e-spec.ts
+++ b/server/test/e2e/activity.e2e-spec.ts
@@ -0,0 +1,376 @@
+import { AlbumResponseDto, LoginResponseDto, ReactionType } from '@app/domain';
+import { ActivityController } from '@app/immich';
+import { AssetFileUploadResponseDto } from '@app/immich/api-v1/asset/response-dto/asset-file-upload-response.dto';
+import { api } from '@test/api';
+import { db } from '@test/db';
+import { errorStub, uuidStub } from '@test/fixtures';
+import { testApp } from '@test/test-utils';
+import request from 'supertest';
+
+describe(`${ActivityController.name} (e2e)`, () => {
+  let server: any;
+  let admin: LoginResponseDto;
+  let asset: AssetFileUploadResponseDto;
+  let album: AlbumResponseDto;
+
+  beforeAll(async () => {
+    [server] = await testApp.create();
+  });
+
+  afterAll(async () => {
+    await testApp.teardown();
+  });
+
+  beforeEach(async () => {
+    await db.reset();
+    await api.authApi.adminSignUp(server);
+    admin = await api.authApi.adminLogin(server);
+    asset = await api.assetApi.upload(server, admin.accessToken, 'example');
+    album = await api.albumApi.create(server, admin.accessToken, { albumName: 'Album 1', assetIds: [asset.id] });
+  });
+
+  describe('GET /activity', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(server).get('/activity');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorStub.unauthorized);
+    });
+
+    it('should require an albumId', async () => {
+      const { status, body } = await request(server)
+        .get('/activity')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toEqual(400);
+      expect(body).toEqual(errorStub.badRequest(expect.arrayContaining(['albumId must be a UUID'])));
+    });
+
+    it('should reject an invalid albumId', async () => {
+      const { status, body } = await request(server)
+        .get('/activity')
+        .query({ albumId: uuidStub.invalid })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toEqual(400);
+      expect(body).toEqual(errorStub.badRequest(expect.arrayContaining(['albumId must be a UUID'])));
+    });
+
+    it('should reject an invalid assetId', async () => {
+      const { status, body } = await request(server)
+        .get('/activity')
+        .query({ albumId: uuidStub.notFound, assetId: uuidStub.invalid })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toEqual(400);
+      expect(body).toEqual(errorStub.badRequest(expect.arrayContaining(['assetId must be a UUID'])));
+    });
+
+    it('should start off empty', async () => {
+      const { status, body } = await request(server)
+        .get('/activity')
+        .query({ albumId: album.id })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(body).toEqual([]);
+      expect(status).toEqual(200);
+    });
+
+    it('should filter by album id', async () => {
+      const album2 = await api.albumApi.create(server, admin.accessToken, {
+        albumName: 'Album 2',
+        assetIds: [asset.id],
+      });
+      const [reaction] = await Promise.all([
+        api.activityApi.create(server, admin.accessToken, {
+          albumId: album.id,
+          type: ReactionType.LIKE,
+        }),
+        api.activityApi.create(server, admin.accessToken, {
+          albumId: album2.id,
+          type: ReactionType.LIKE,
+        }),
+      ]);
+
+      const { status, body } = await request(server)
+        .get('/activity')
+        .query({ albumId: album.id })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toEqual(200);
+      expect(body.length).toBe(1);
+      expect(body[0]).toEqual(reaction);
+    });
+
+    it('should filter by type=comment', async () => {
+      const [reaction] = await Promise.all([
+        api.activityApi.create(server, admin.accessToken, {
+          albumId: album.id,
+          type: ReactionType.COMMENT,
+          comment: 'comment',
+        }),
+        api.activityApi.create(server, admin.accessToken, { albumId: album.id, type: ReactionType.LIKE }),
+      ]);
+
+      const { status, body } = await request(server)
+        .get('/activity')
+        .query({ albumId: album.id, type: 'comment' })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toEqual(200);
+      expect(body.length).toBe(1);
+      expect(body[0]).toEqual(reaction);
+    });
+
+    it('should filter by type=like', async () => {
+      const [reaction] = await Promise.all([
+        api.activityApi.create(server, admin.accessToken, { albumId: album.id, type: ReactionType.LIKE }),
+        api.activityApi.create(server, admin.accessToken, {
+          albumId: album.id,
+          type: ReactionType.COMMENT,
+          comment: 'comment',
+        }),
+      ]);
+
+      const { status, body } = await request(server)
+        .get('/activity')
+        .query({ albumId: album.id, type: 'like' })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toEqual(200);
+      expect(body.length).toBe(1);
+      expect(body[0]).toEqual(reaction);
+    });
+
+    it('should filter by assetId', async () => {
+      const [reaction] = await Promise.all([
+        api.activityApi.create(server, admin.accessToken, {
+          albumId: album.id,
+          assetId: asset.id,
+          type: ReactionType.LIKE,
+        }),
+        api.activityApi.create(server, admin.accessToken, { albumId: album.id, type: ReactionType.LIKE }),
+      ]);
+
+      const { status, body } = await request(server)
+        .get('/activity')
+        .query({ albumId: album.id, assetId: asset.id })
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toEqual(200);
+      expect(body.length).toBe(1);
+      expect(body[0]).toEqual(reaction);
+    });
+  });
+
+  describe('POST /activity', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(server).post('/activity');
+      expect(status).toBe(401);
+      expect(body).toEqual(errorStub.unauthorized);
+    });
+
+    it('should require an albumId', async () => {
+      const { status, body } = await request(server)
+        .post('/activity')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ albumId: uuidStub.invalid });
+      expect(status).toEqual(400);
+      expect(body).toEqual(errorStub.badRequest(expect.arrayContaining(['albumId must be a UUID'])));
+    });
+
+    it('should require a comment when type is comment', async () => {
+      const { status, body } = await request(server)
+        .post('/activity')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ albumId: uuidStub.notFound, type: 'comment', comment: null });
+      expect(status).toEqual(400);
+      expect(body).toEqual(errorStub.badRequest(['comment must be a string', 'comment should not be empty']));
+    });
+
+    it('should add a comment to an album', async () => {
+      const { status, body } = await request(server)
+        .post('/activity')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ albumId: album.id, type: 'comment', comment: 'This is my first comment' });
+      expect(status).toEqual(201);
+      expect(body).toEqual({
+        id: expect.any(String),
+        assetId: null,
+        createdAt: expect.any(String),
+        type: 'comment',
+        comment: 'This is my first comment',
+        user: expect.objectContaining({ email: admin.userEmail }),
+      });
+    });
+
+    it('should add a like to an album', async () => {
+      const { status, body } = await request(server)
+        .post('/activity')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ albumId: album.id, type: 'like' });
+      expect(status).toEqual(201);
+      expect(body).toEqual({
+        id: expect.any(String),
+        assetId: null,
+        createdAt: expect.any(String),
+        type: 'like',
+        comment: null,
+        user: expect.objectContaining({ email: admin.userEmail }),
+      });
+    });
+
+    it('should return a 200 for a duplicate like on the album', async () => {
+      const reaction = await api.activityApi.create(server, admin.accessToken, {
+        albumId: album.id,
+        type: ReactionType.LIKE,
+      });
+      const { status, body } = await request(server)
+        .post('/activity')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ albumId: album.id, type: 'like' });
+      expect(status).toEqual(200);
+      expect(body).toEqual(reaction);
+    });
+
+    it('should add a comment to an asset', async () => {
+      const { status, body } = await request(server)
+        .post('/activity')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ albumId: album.id, assetId: asset.id, type: 'comment', comment: 'This is my first comment' });
+      expect(status).toEqual(201);
+      expect(body).toEqual({
+        id: expect.any(String),
+        assetId: asset.id,
+        createdAt: expect.any(String),
+        type: 'comment',
+        comment: 'This is my first comment',
+        user: expect.objectContaining({ email: admin.userEmail }),
+      });
+    });
+
+    it('should add a like to an asset', async () => {
+      const { status, body } = await request(server)
+        .post('/activity')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ albumId: album.id, assetId: asset.id, type: 'like' });
+      expect(status).toEqual(201);
+      expect(body).toEqual({
+        id: expect.any(String),
+        assetId: asset.id,
+        createdAt: expect.any(String),
+        type: 'like',
+        comment: null,
+        user: expect.objectContaining({ email: admin.userEmail }),
+      });
+    });
+
+    it('should return a 200 for a duplicate like on an asset', async () => {
+      const reaction = await api.activityApi.create(server, admin.accessToken, {
+        albumId: album.id,
+        assetId: asset.id,
+        type: ReactionType.LIKE,
+      });
+      const { status, body } = await request(server)
+        .post('/activity')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ albumId: album.id, assetId: asset.id, type: 'like' });
+      expect(status).toEqual(200);
+      expect(body).toEqual(reaction);
+    });
+  });
+
+  describe('DELETE /activity/:id', () => {
+    it('should require authentication', async () => {
+      const { status, body } = await request(server).delete(`/activity/${uuidStub.notFound}`);
+      expect(status).toBe(401);
+      expect(body).toEqual(errorStub.unauthorized);
+    });
+
+    it('should require a valid uuid', async () => {
+      const { status, body } = await request(server)
+        .delete(`/activity/${uuidStub.invalid}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorStub.badRequest(['id must be a UUID']));
+    });
+
+    it('should remove a comment from an album', async () => {
+      const reaction = await api.activityApi.create(server, admin.accessToken, {
+        albumId: album.id,
+        type: ReactionType.COMMENT,
+        comment: 'This is a test comment',
+      });
+      const { status } = await request(server)
+        .delete(`/activity/${reaction.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toEqual(204);
+    });
+
+    it('should remove a like from an album', async () => {
+      const reaction = await api.activityApi.create(server, admin.accessToken, {
+        albumId: album.id,
+        type: ReactionType.LIKE,
+      });
+      const { status } = await request(server)
+        .delete(`/activity/${reaction.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toEqual(204);
+    });
+
+    it('should let the owner remove a comment by another user', async () => {
+      const { id: userId } = await api.userApi.create(server, admin.accessToken, {
+        email: 'user1@immich.app',
+        password: 'Password123',
+        firstName: 'User 1',
+        lastName: 'Test',
+      });
+      await api.albumApi.addUsers(server, admin.accessToken, album.id, { sharedUserIds: [userId] });
+      const nonOwner = await api.authApi.login(server, { email: 'user1@immich.app', password: 'Password123' });
+      const reaction = await api.activityApi.create(server, nonOwner.accessToken, {
+        albumId: album.id,
+        type: ReactionType.COMMENT,
+        comment: 'This is a test comment',
+      });
+
+      const { status } = await request(server)
+        .delete(`/activity/${reaction.id}`)
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toEqual(204);
+    });
+
+    it('should not let a user remove a comment by another user', async () => {
+      const { id: userId } = await api.userApi.create(server, admin.accessToken, {
+        email: 'user1@immich.app',
+        password: 'Password123',
+        firstName: 'User 1',
+        lastName: 'Test',
+      });
+      await api.albumApi.addUsers(server, admin.accessToken, album.id, { sharedUserIds: [userId] });
+      const nonOwner = await api.authApi.login(server, { email: 'user1@immich.app', password: 'Password123' });
+      const reaction = await api.activityApi.create(server, admin.accessToken, {
+        albumId: album.id,
+        type: ReactionType.COMMENT,
+        comment: 'This is a test comment',
+      });
+
+      const { status, body } = await request(server)
+        .delete(`/activity/${reaction.id}`)
+        .set('Authorization', `Bearer ${nonOwner.accessToken}`);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorStub.badRequest('Not found or no activity.delete access'));
+    });
+
+    it('should let a non-owner remove their own comment', async () => {
+      const { id: userId } = await api.userApi.create(server, admin.accessToken, {
+        email: 'user1@immich.app',
+        password: 'Password123',
+        firstName: 'User 1',
+        lastName: 'Test',
+      });
+      await api.albumApi.addUsers(server, admin.accessToken, album.id, { sharedUserIds: [userId] });
+      const nonOwner = await api.authApi.login(server, { email: 'user1@immich.app', password: 'Password123' });
+      const reaction = await api.activityApi.create(server, nonOwner.accessToken, {
+        albumId: album.id,
+        type: ReactionType.COMMENT,
+        comment: 'This is a test comment',
+      });
+
+      const { status } = await request(server)
+        .delete(`/activity/${reaction.id}`)
+        .set('Authorization', `Bearer ${nonOwner.accessToken}`);
+      expect(status).toBe(204);
+    });
+  });
+});
--- a/server/test/fixtures/activity.stub.ts
+++ b/server/test/fixtures/activity.stub.ts
@@ -0,0 +1,34 @@
+import { ActivityEntity } from '@app/infra/entities';
+import { albumStub } from './album.stub';
+import { assetStub } from './asset.stub';
+import { authStub } from './auth.stub';
+import { userStub } from './user.stub';
+
+export const activityStub = {
+  oneComment: Object.freeze<ActivityEntity>({
+    id: 'activity-1',
+    comment: 'comment',
+    isLiked: false,
+    userId: authStub.admin.id,
+    user: userStub.admin,
+    assetId: assetStub.image.id,
+    asset: assetStub.image,
+    albumId: albumStub.oneAsset.id,
+    album: albumStub.oneAsset,
+    createdAt: new Date(),
+    updatedAt: new Date(),
+  }),
+  liked: Object.freeze<ActivityEntity>({
+    id: 'activity-2',
+    comment: null,
+    isLiked: true,
+    userId: authStub.admin.id,
+    user: userStub.admin,
+    assetId: assetStub.image.id,
+    asset: assetStub.image,
+    albumId: albumStub.oneAsset.id,
+    album: albumStub.oneAsset,
+    createdAt: new Date(),
+    updatedAt: new Date(),
+  }),
+};
--- a/server/test/repositories/access.repository.mock.ts
+++ b/server/test/repositories/access.repository.mock.ts
@@ -1,6 +1,7 @@
 import { AccessCore, IAccessRepository } from '@app/domain';

 export interface IAccessRepositoryMock {
+  activity: jest.Mocked<IAccessRepository['activity']>;
  asset: jest.Mocked<IAccessRepository['asset']>;
  album: jest.Mocked<IAccessRepository['album']>;
  authDevice: jest.Mocked<IAccessRepository['authDevice']>;
@@ -15,6 +16,10 @@ export const newAccessRepositoryMock = (reset = true): IAccessRepositoryMock =>
  }

  return {
+    activity: {
+      hasOwnerAccess: jest.fn(),
+      hasAlbumOwnerAccess: jest.fn(),
+    },
    asset: {
      hasOwnerAccess: jest.fn(),
      hasAlbumAccess: jest.fn(),
--- a/server/test/repositories/activity.repository.mock.ts
+++ b/server/test/repositories/activity.repository.mock.ts
@@ -0,0 +1,10 @@
+import { IActivityRepository } from '@app/domain';
+
+export const newActivityRepositoryMock = (): jest.Mocked<IActivityRepository> => {
+  return {
+    search: jest.fn(),
+    create: jest.fn(),
+    delete: jest.fn(),
+    getStatistics: jest.fn(),
+  };
+};