chore: update mise lock file

2026-05-22 15:42:32 -04:00 · 2026-05-20 15:32:59 -05:00
24 changed files with 50 additions and 133 deletions
@@ -288,6 +288,7 @@ jobs:
          APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
          APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
          ENVIRONMENT: ${{ inputs.environment || 'development' }}
+          BUNDLE_ID_SUFFIX: ${{ inputs.environment == 'production' && '' || 'development' }}
          GITHUB_REF: ${{ github.ref }}
          FASTLANE_XCODEBUILD_SETTINGS_TIMEOUT: 120
          FASTLANE_XCODEBUILD_SETTINGS_RETRIES: 6
@@ -4,6 +4,28 @@
 version = "3.41.9"
 backend = "aqua:flutter/flutter"

+[tools."aqua:flutter/flutter"."platforms.linux-arm64"]
+url = "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_3.41.9-stable.tar.xz"
+
+[tools."aqua:flutter/flutter"."platforms.linux-arm64-musl"]
+url = "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_3.41.9-stable.tar.xz"
+
+[tools."aqua:flutter/flutter"."platforms.linux-x64"]
+url = "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_3.41.9-stable.tar.xz"
+
+[tools."aqua:flutter/flutter"."platforms.linux-x64-musl"]
+url = "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_3.41.9-stable.tar.xz"
+
+[tools."aqua:flutter/flutter"."platforms.macos-arm64"]
+checksum = "blake3:aa1a8a9794fcbcb38cba1d2fd8a7afd012ca78ee8c367a4063d4131f1f0fea83"
+url = "https://storage.googleapis.com/flutter_infra_release/releases/stable/macos/flutter_macos_arm64_3.41.9-stable.zip"
+
+[tools."aqua:flutter/flutter"."platforms.macos-x64"]
+url = "https://storage.googleapis.com/flutter_infra_release/releases/stable/macos/flutter_macos_3.41.9-stable.zip"
+
+[tools."aqua:flutter/flutter"."platforms.windows-x64"]
+url = "https://storage.googleapis.com/flutter_infra_release/releases/stable/windows/flutter_windows_3.41.9-stable.zip"
+
 [[tools.flutter]]
 version = "3.41.9-stable"
 backend = "asdf:flutter"
@@ -315,7 +315,6 @@ interface NetworkApi {
  fun hasCertificate(): Boolean
  fun getClientPointer(): Long
  fun setRequestHeaders(headers: Map<String, String>, serverUrls: List<String>, token: String?)
-  fun getAppGroupId(): String

  companion object {
    /** The codec used by NetworkApi. */
@@ -431,21 +430,6 @@ interface NetworkApi {
          channel.setMessageHandler(null)
        }
      }
-      run {
-        val channel = BasicMessageChannel<Any?>(binaryMessenger, "dev.flutter.pigeon.immich_mobile.NetworkApi.getAppGroupId$separatedMessageChannelSuffix", codec)
-        if (api != null) {
-          channel.setMessageHandler { _, reply ->
-            val wrapped: List<Any?> = try {
-              listOf(api.getAppGroupId())
-            } catch (exception: Throwable) {
-              NetworkPigeonUtils.wrapError(exception)
-            }
-            reply.reply(wrapped)
-          }
-        } else {
-          channel.setMessageHandler(null)
-        }
-      }
    }
  }
 }
@@ -13,7 +13,7 @@ class NetworkApiPlugin : FlutterPlugin, ActivityAware {
  private var networkApi: NetworkApiImpl? = null

  override fun onAttachedToEngine(binding: FlutterPlugin.FlutterPluginBinding) {
-    networkApi = NetworkApiImpl(binding.applicationContext)
+    networkApi = NetworkApiImpl()
    NetworkApi.setUp(binding.binaryMessenger, networkApi)
  }

@@ -39,11 +39,9 @@ class NetworkApiPlugin : FlutterPlugin, ActivityAware {
  }
 }

-private class NetworkApiImpl(private val context: Context) : NetworkApi {
+private class NetworkApiImpl : NetworkApi {
  var activity: Activity? = null

-  override fun getAppGroupId(): String = context.packageName
-
  override fun addCertificate(clientData: ClientCertData, callback: (Result<Unit>) -> Unit) {
    try {
      HttpClientManager.setKeyEntry(clientData.data, clientData.password.toCharArray())
@@ -718,7 +718,6 @@
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				"CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer";
 				COPY_PHASE_STRIP = NO;
-				CUSTOM_GROUP_ID = group.app.immich.share.profile;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				ENABLE_NS_ASSERTIONS = NO;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
@@ -751,6 +750,7 @@
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 240;
+				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2W7AC6T8T5;
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
@@ -801,7 +801,6 @@
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				"CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer";
 				COPY_PHASE_STRIP = NO;
-				CUSTOM_GROUP_ID = group.app.immich.share.debug;
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_TESTABILITY = YES;
@@ -861,7 +860,6 @@
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				"CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer";
 				COPY_PHASE_STRIP = NO;
-				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				ENABLE_NS_ASSERTIONS = NO;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
@@ -896,6 +894,7 @@
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 240;
+				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2W7AC6T8T5;
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
@@ -925,6 +924,7 @@
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 240;
+				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2W7AC6T8T5;
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
@@ -1080,6 +1080,7 @@
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 240;
+				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2W7AC6T8T5;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu17;
@@ -1123,6 +1124,7 @@
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 240;
+				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2W7AC6T8T5;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu17;
@@ -1163,6 +1165,7 @@
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 240;
+				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2W7AC6T8T5;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu17;
@@ -288,7 +288,6 @@ protocol NetworkApi {
  func hasCertificate() throws -> Bool
  func getClientPointer() throws -> Int64
  func setRequestHeaders(headers: [String: String], serverUrls: [String], token: String?) throws
-  func getAppGroupId() throws -> String
 }

 /// Generated setup class from Pigeon to handle messages through the `binaryMessenger`.
@@ -389,18 +388,5 @@ class NetworkApiSetup {
    } else {
      setRequestHeadersChannel.setMessageHandler(nil)
    }
-    let getAppGroupIdChannel = FlutterBasicMessageChannel(name: "dev.flutter.pigeon.immich_mobile.NetworkApi.getAppGroupId\(channelSuffix)", binaryMessenger: binaryMessenger, codec: codec)
-    if let api = api {
-      getAppGroupIdChannel.setMessageHandler { _, reply in
-        do {
-          let result = try api.getAppGroupId()
-          reply(wrapResult(result))
-        } catch {
-          reply(wrapError(error))
-        }
-      }
-    } else {
-      getAppGroupIdChannel.setMessageHandler(nil)
-    }
  }
 }
@@ -61,10 +61,6 @@ class NetworkApiImpl: NetworkApi {
    return Int64(Int(bitPattern: pointer))
  }
  
-  func getAppGroupId() throws -> String {
-    return Bundle.main.object(forInfoDictionaryKey: "AppGroupId") as! String
-  }
-
  func setRequestHeaders(headers: [String : String], serverUrls: [String], token: String?) throws {
    URLSessionManager.setServerUrls(serverUrls)

@@ -4,7 +4,7 @@ import native_video_player
 let CLIENT_CERT_LABEL = "app.alextran.immich.client_identity"
 let HEADERS_KEY = "immich.request_headers"
 let SERVER_URLS_KEY = "immich.server_urls"
-let APP_GROUP = Bundle.main.object(forInfoDictionaryKey: "AppGroupId") as! String
+let APP_GROUP = "group.app.immich.share"
 let COOKIE_EXPIRY_DAYS: TimeInterval = 400

 enum AuthCookie: CaseIterable {
@@ -10,7 +10,7 @@
 	<true/>
 	<key>com.apple.security.application-groups</key>
 	<array>
-		<string>$(CUSTOM_GROUP_ID)</string>
+		<string>group.app.immich.share</string>
 	</array>
 </dict>
 </plist>
@@ -12,7 +12,7 @@
 	<true/>
 	<key>com.apple.security.application-groups</key>
 	<array>
-		<string>$(CUSTOM_GROUP_ID)</string>
+		<string>group.app.immich.share</string>
 	</array>
 </dict>
 </plist>
@@ -4,7 +4,7 @@
  <dict>
    <key>com.apple.security.application-groups</key>
    <array>
-      <string>$(CUSTOM_GROUP_ID)</string>
+      <string>group.app.immich.share</string>
    </array>
  </dict>
 </plist>
@@ -2,7 +2,7 @@ import Foundation
 import SwiftUI
 import WidgetKit

-let IMMICH_SHARE_GROUP = Bundle.main.object(forInfoDictionaryKey: "AppGroupId") as! String
+let IMMICH_SHARE_GROUP = "group.app.immich.share"

 enum WidgetError: Error, Codable {
  case noLogin
@@ -2,8 +2,6 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
-	<key>AppGroupId</key>
-	<string>$(CUSTOM_GROUP_ID)</string>
 	<key>NSAppTransportSecurity</key>
 	<dict>
 		<key>NSAllowsArbitraryLoads</key>
@@ -4,7 +4,7 @@
  <dict>
    <key>com.apple.security.application-groups</key>
    <array>
-      <string>$(CUSTOM_GROUP_ID)</string>
+      <string>group.app.immich.share</string>
    </array>
  </dict>
 </plist>
@@ -21,7 +21,6 @@ platform :ios do
  CODE_SIGN_IDENTITY = "Apple Distribution: FUTO Holdings, Inc. (#{TEAM_ID})"
  BASE_BUNDLE_ID = "app.alextran.immich"
  DEV_BUNDLE_ID  = "tech.futo.immich.testflight"
-  DEV_GROUP_ID   = "group.app.immich.share.testflight"

  # Helper method to get App Store Connect API key
  def get_api_key
@@ -34,13 +33,6 @@ platform :ios do
    )
  end
  
-  # Helper method to assemble xcargs with optional CUSTOM_GROUP_ID override
-  def build_xcargs(group_id: nil)
-    args = "-skipMacroValidation CODE_SIGN_IDENTITY='#{CODE_SIGN_IDENTITY}' CODE_SIGN_STYLE=Manual"
-    args += " CUSTOM_GROUP_ID='#{group_id}'" if group_id
-    args
-  end
-
  # Helper method to get version from pubspec.yaml
 def get_version_from_pubspec
  require 'yaml'
@@ -97,8 +89,7 @@ end
    version_number: nil,
    profile_name_main:,
    profile_name_share:,
-    profile_name_widget:,
-    group_id: nil
+    profile_name_widget:
  )
    app_identifier = base_bundle_id

@@ -106,7 +97,7 @@ end
    if version_number
      increment_version_number(version_number: version_number)
    end
-
+    
    # Increment build number
    increment_build_number(
      build_number: latest_testflight_build_number(
@@ -115,14 +106,14 @@ end
      ) + 1,
      xcodeproj: "./Runner.xcodeproj"
    )
-
+    
    # Build the app
    build_app(
      scheme: "Runner",
      workspace: "Runner.xcworkspace",
      configuration: configuration,
      export_method: "app-store",
-      xcargs: build_xcargs(group_id: group_id),
+      xcargs: "-skipMacroValidation CODE_SIGN_IDENTITY='#{CODE_SIGN_IDENTITY}' CODE_SIGN_STYLE=Manual",
      export_options: {
        provisioningProfiles: {
          "#{app_identifier}" => profile_name_main,
@@ -174,8 +165,7 @@ end
      distribute_external: false,
      profile_name_main: main_profile_name,
      profile_name_share: share_profile_name,
-      profile_name_widget: widget_profile_name,
-      group_id: DEV_GROUP_ID
+      profile_name_widget: widget_profile_name
    )
  end

@@ -284,7 +274,7 @@ end
      configuration: "Release",
      export_method: "app-store",
      skip_package_ipa: true,
-      xcargs: build_xcargs(group_id: DEV_GROUP_ID),
+      xcargs: "-skipMacroValidation CODE_SIGN_IDENTITY='#{CODE_SIGN_IDENTITY}' CODE_SIGN_STYLE=Manual",
      export_options: {
        provisioningProfiles: {
          DEV_BUNDLE_ID => main_profile_name,
@@ -30,6 +30,7 @@ const int kTimelineAssetLoadBatchSize = 1024;
 const int kTimelineAssetLoadOppositeSize = 64;

 // Widget keys
+const String appShareGroupId = "group.app.immich.share";
 const String kWidgetAuthToken = "widget_auth_token";
 const String kWidgetServerEndpoint = "widget_server_url";
 const String kWidgetCustomHeaders = "widget_custom_headers";
@@ -309,23 +309,4 @@ class NetworkApi {

    _extractReplyValueOrThrow(pigeonVar_replyList, pigeonVar_channelName, isNullValid: true);
  }
-
-  Future<String> getAppGroupId() async {
-    final pigeonVar_channelName =
-        'dev.flutter.pigeon.immich_mobile.NetworkApi.getAppGroupId$pigeonVar_messageChannelSuffix';
-    final pigeonVar_channel = BasicMessageChannel<Object?>(
-      pigeonVar_channelName,
-      pigeonChannelCodec,
-      binaryMessenger: pigeonVar_binaryMessenger,
-    );
-    final Future<Object?> pigeonVar_sendFuture = pigeonVar_channel.send(null);
-    final pigeonVar_replyList = await pigeonVar_sendFuture as List<Object?>?;
-
-    final Object? pigeonVar_replyValue = _extractReplyValueOrThrow(
-      pigeonVar_replyList,
-      pigeonVar_channelName,
-      isNullValid: false,
-    );
-    return pigeonVar_replyValue! as String;
-  }
 }
@@ -1,6 +1,5 @@
 import 'package:home_widget/home_widget.dart';
 import 'package:hooks_riverpod/hooks_riverpod.dart';
-import 'package:immich_mobile/providers/infrastructure/platform.provider.dart';

 final widgetRepositoryProvider = Provider((_) => const WidgetRepository());

@@ -15,7 +14,7 @@ class WidgetRepository {
    await HomeWidget.updateWidget(iOSName: iosName, qualifiedAndroidName: androidName);
  }

-  Future<void> setAppGroupId() async {
-    await HomeWidget.setAppGroupId(await networkApi.getAppGroupId());
+  Future<void> setAppGroupId(String appGroupId) async {
+    await HomeWidget.setAppGroupId(appGroupId);
  }
 }
@@ -12,7 +12,7 @@ class WidgetService {
  const WidgetService(this._repository);

  Future<void> writeCredentials(String serverURL, String sessionKey, String? customHeaders) async {
-    await _repository.setAppGroupId();
+    await _repository.setAppGroupId(appShareGroupId);
    await _repository.saveData(kWidgetServerEndpoint, serverURL);
    await _repository.saveData(kWidgetAuthToken, sessionKey);

@@ -25,7 +25,7 @@ class WidgetService {
  }

  Future<void> clearCredentials() async {
-    await _repository.setAppGroupId();
+    await _repository.setAppGroupId(appShareGroupId);
    await _repository.saveData(kWidgetServerEndpoint, "");
    await _repository.saveData(kWidgetAuthToken, "");
    await _repository.saveData(kWidgetCustomHeaders, "");
@@ -44,6 +44,4 @@ abstract class NetworkApi {
  int getClientPointer();

  void setRequestHeaders(Map<String, String> headers, List<String> serverUrls, String? token);
-
-  String getAppGroupId();
 }
@@ -1,16 +0,0 @@
-import { Kysely, sql } from 'kysely';
-
-export async function up(db: Kysely<any>): Promise<void> {
-  // Delete unauthorized cross-owner asset faces
-  await sql`
-    DELETE FROM asset_face
-    USING person, asset
-    WHERE asset_face."personId" = person.id
-      AND asset_face."assetId" = asset.id
-      AND person."ownerId" <> asset."ownerId"
-  `.execute(db);
-}
-
-export async function down(): Promise<void> {
-  // Not implemented: the deleted rows were unauthorized cross-owner entries
-}
@@ -454,30 +454,6 @@ describe(PersonService.name, () => {
      expect(mocks.person.update).not.toHaveBeenCalled();
      expect(mocks.job.queueAll).not.toHaveBeenCalled();
    });
-
-    it('should reject creating a face on an asset the user does not own', async () => {
-      const auth = AuthFactory.create();
-      const asset = AssetFactory.create();
-      const person = PersonFactory.create({ faceAssetId: null });
-
-      mocks.access.asset.checkOwnerAccess.mockResolvedValue(new Set());
-      mocks.access.person.checkOwnerAccess.mockResolvedValue(new Set([person.id]));
-
-      await expect(
-        sut.createFace(auth, {
-          assetId: asset.id,
-          personId: person.id,
-          imageHeight: 500,
-          imageWidth: 400,
-          x: 10,
-          y: 20,
-          width: 100,
-          height: 110,
-        }),
-      ).rejects.toBeInstanceOf(BadRequestException);
-
-      expect(mocks.person.createAssetFace).not.toHaveBeenCalled();
-    });
  });

  describe('createNewFeaturePhoto', () => {
@@ -627,7 +627,7 @@ export class PersonService extends BaseService {
  // TODO return a asset face response
  async createFace(auth: AuthDto, dto: AssetFaceCreateDto): Promise<void> {
    await Promise.all([
-      this.requireAccess({ auth, permission: Permission.AssetUpdate, ids: [dto.assetId] }),
+      this.requireAccess({ auth, permission: Permission.AssetRead, ids: [dto.assetId] }),
      this.requireAccess({ auth, permission: Permission.PersonRead, ids: [dto.personId] }),
    ]);

@@ -34,7 +34,7 @@
 }

@utility immich-form-input {
-  @apply bg-gray-100 ring-1 ring-gray-200 transition outline-none focus-within:ring-primary focus-within:ring-1 disabled:cursor-not-allowed dark:bg-gray-800 dark:ring-neutral-900 dark:focus-within:ring-primary flex w-full items-center rounded-lg disabled:bg-gray-300 disabled:text-dark dark:disabled:bg-gray-900 dark:disabled:text-gray-200 flex-1 py-2.5 text-base pl-4 pr-4;
+  @apply bg-gray-100 ring-1 ring-gray-200 transition outline-none focus-within:ring-1 disabled:cursor-not-allowed dark:bg-gray-800 dark:ring-neutral-900 flex w-full items-center rounded-lg disabled:bg-gray-300 disabled:text-dark dark:disabled:bg-gray-900 dark:disabled:text-gray-200 flex-1 py-2.5 text-base pl-4 pr-4;
 }

@utility immich-form-label {