lint

CronetImageFetcher sized the response buffer from Content-Length, which is
the compressed wire size. Cronet auto-decompresses gzip/br responses and
writes decompressed bytes into the buffer, exceeding it and throwing
IllegalArgumentException: ByteBuffer is already full on the next read. Use
the growable path; Content-Length becomes an initial alloc hint only,
capped at 128 MB so an untrusted server can't overflow Int.MAX_VALUE or
OOM us upfront. Reuse Cronet's ByteBuffer between reads when no grow is
needed.

.github/workflows/build-mobile.yml

@@ -288,6 +288,7 @@ jobs:
           APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
           APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
           ENVIRONMENT: ${{ inputs.environment || 'development' }}
+          BUNDLE_ID_SUFFIX: ${{ inputs.environment == 'production' && '' || 'development' }}
           GITHUB_REF: ${{ github.ref }}
           FASTLANE_XCODEBUILD_SETTINGS_TIMEOUT: 120
           FASTLANE_XCODEBUILD_SETTINGS_RETRIES: 6

mobile/android/app/src/main/kotlin/app/alextran/immich/core/NetworkApiPlugin.kt

@@ -1,6 +1,7 @@
 package app.alextran.immich.core
 
 import android.app.Activity
+import android.content.Context
 import android.os.OperationCanceledException
 import android.security.KeyChain
 import app.alextran.immich.NativeBuffer

mobile/android/app/src/main/kotlin/app/alextran/immich/images/RemoteImagesImpl.kt

@@ -23,6 +23,8 @@ import java.io.IOException
 import java.nio.ByteBuffer
 import java.util.concurrent.ConcurrentHashMap
 
+private const val MAX_PREALLOC_BYTES = 128 * 1024 * 1024
+
 private class RemoteRequest(val cancellationSignal: CancellationSignal)
 
 class RemoteImagesImpl(context: Context) : RemoteImageApi {
@@ -228,7 +230,6 @@ private class CronetImageFetcher : ImageFetcher {
     private val onComplete: () -> Unit,
   ) : UrlRequest.Callback() {
     private var buffer: NativeByteBuffer? = null
-    private var wrapped: ByteBuffer? = null
     private var error: Exception? = null
 
     override fun onRedirectReceived(request: UrlRequest, info: UrlResponseInfo, newUrl: String) {
@@ -242,15 +243,16 @@ private class CronetImageFetcher : ImageFetcher {
       }
 
       try {
+        // Content-Length is a size hint only. With Content-Encoding (gzip/br/...),
+        // Cronet auto-decompresses and writes decompressed bytes to our buffer, which
+        // may exceed the wire/compressed Content-Length. Always use the growable
+        // buffer path so we can't overflow.
         val contentLength = info.allHeaders["content-length"]?.firstOrNull()?.toIntOrNull() ?: 0
-        if (contentLength > 0) {
-          buffer = NativeByteBuffer(contentLength + 1)
-          wrapped = NativeBuffer.wrap(buffer!!.pointer, contentLength + 1)
-          request.read(wrapped)
-        } else {
-          buffer = NativeByteBuffer(INITIAL_BUFFER_SIZE)
-          request.read(buffer!!.wrapRemaining())
-        }
+        // Cap the up-front alloc: Content-Length is untrusted and can be huge or near
+        // Int.MAX_VALUE (overflowing `+1`). For larger responses the grow path takes over.
+        val initialSize = if (contentLength in 1..MAX_PREALLOC_BYTES) contentLength + 1 else INITIAL_BUFFER_SIZE
+        buffer = NativeByteBuffer(initialSize)
+        request.read(buffer!!.wrapRemaining())
       } catch (e: Exception) {
         error = e
         return request.cancel()
@@ -263,14 +265,18 @@ private class CronetImageFetcher : ImageFetcher {
       byteBuffer: ByteBuffer
     ) {
       try {
-        val buf = if (wrapped == null) {
-          buffer!!.run {
-            advance(byteBuffer.position())
-            ensureHeadroom()
-            wrapRemaining()
-          }
+        val b = buffer!!
+        b.advance(byteBuffer.position())
+        // Reuse the caller-supplied ByteBuffer as long as we don't need to grow.
+        // It already points at our native memory with position advanced past the
+        // written bytes — Cronet can keep writing into the remaining tail.
+        // Only when the buffer is full do we grow (which may realloc + move the
+        // native pointer) and need a fresh wrap.
+        val buf = if (b.offset == b.capacity) {
+          b.ensureHeadroom()
+          b.wrapRemaining()
         } else {
-          wrapped
+          byteBuffer
         }
         request.read(buf)
       } catch (e: Exception) {
@@ -280,7 +286,6 @@ private class CronetImageFetcher : ImageFetcher {
     }
 
     override fun onSucceeded(request: UrlRequest, info: UrlResponseInfo) {
-      wrapped?.let { buffer!!.advance(it.position()) }
       onSuccess(buffer!!)
       onComplete()
     }

mobile/ios/Runner.xcodeproj/project.pbxproj

@@ -718,7 +718,6 @@
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				"CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer";
 				COPY_PHASE_STRIP = NO;
-				CUSTOM_GROUP_ID = group.app.immich.share.profile;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				ENABLE_NS_ASSERTIONS = NO;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
@@ -751,6 +750,7 @@
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 240;
+				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2W7AC6T8T5;
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
@@ -801,7 +801,6 @@
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				"CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer";
 				COPY_PHASE_STRIP = NO;
-				CUSTOM_GROUP_ID = group.app.immich.share.debug;
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_TESTABILITY = YES;
@@ -861,7 +860,6 @@
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				"CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer";
 				COPY_PHASE_STRIP = NO;
-				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				ENABLE_NS_ASSERTIONS = NO;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
@@ -896,6 +894,7 @@
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 240;
+				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2W7AC6T8T5;
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
@@ -925,6 +924,7 @@
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 240;
+				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2W7AC6T8T5;
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
@@ -1080,6 +1080,7 @@
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 240;
+				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2W7AC6T8T5;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu17;
@@ -1123,6 +1124,7 @@
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 240;
+				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2W7AC6T8T5;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu17;
@@ -1163,6 +1165,7 @@
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				CURRENT_PROJECT_VERSION = 240;
+				CUSTOM_GROUP_ID = group.app.immich.share;
 				DEVELOPMENT_TEAM = 2W7AC6T8T5;
 				ENABLE_USER_SCRIPT_SANDBOXING = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu17;

mobile/ios/Runner/AppDelegate.swift

@@ -31,9 +31,6 @@ import native_video_player
     BackgroundWorkerFgHostApiSetup.setUp(binaryMessenger: messenger, api: BackgroundWorkerApiImpl())
     ConnectivityApiSetup.setUp(binaryMessenger: messenger, api: ConnectivityApiImpl())
     NetworkApiSetup.setUp(binaryMessenger: messenger, api: NetworkApiImpl())
-
-    FlutterMethodChannel(name: "home_widget", binaryMessenger: messenger)
-      .invokeMethod("setAppGroupId", arguments: ["groupId": APP_GROUP])
   }
 
   public static func cancelPlugins(with engine: FlutterEngine) {

mobile/ios/Runner/Core/URLSessionManager.swift

@@ -4,7 +4,7 @@ import native_video_player
 let CLIENT_CERT_LABEL = "app.alextran.immich.client_identity"
 let HEADERS_KEY = "immich.request_headers"
 let SERVER_URLS_KEY = "immich.server_urls"
-let APP_GROUP = Bundle.main.object(forInfoDictionaryKey: "AppGroupId") as! String
+let APP_GROUP = "group.app.immich.share"
 let COOKIE_EXPIRY_DAYS: TimeInterval = 400
 
 enum AuthCookie: CaseIterable {

mobile/ios/Runner/Runner.entitlements

@@ -10,7 +10,7 @@
 	<true/>
 	<key>com.apple.security.application-groups</key>
 	<array>
-		<string>$(CUSTOM_GROUP_ID)</string>
+		<string>group.app.immich.share</string>
 	</array>
 </dict>
 </plist>

mobile/ios/Runner/RunnerProfile.entitlements

@@ -12,7 +12,7 @@
 	<true/>
 	<key>com.apple.security.application-groups</key>
 	<array>
-		<string>$(CUSTOM_GROUP_ID)</string>
+		<string>group.app.immich.share</string>
 	</array>
 </dict>
 </plist>

mobile/ios/ShareExtension/ShareExtension.entitlements

@@ -4,7 +4,7 @@
   <dict>
     <key>com.apple.security.application-groups</key>
     <array>
-      <string>$(CUSTOM_GROUP_ID)</string>
+      <string>group.app.immich.share</string>
     </array>
   </dict>
 </plist>

mobile/ios/WidgetExtension/ImmichAPI.swift

@@ -2,7 +2,7 @@ import Foundation
 import SwiftUI
 import WidgetKit
 
-let IMMICH_SHARE_GROUP = Bundle.main.object(forInfoDictionaryKey: "AppGroupId") as! String
+let IMMICH_SHARE_GROUP = "group.app.immich.share"
 
 enum WidgetError: Error, Codable {
   case noLogin

mobile/ios/WidgetExtension/Info.plist

@@ -2,8 +2,6 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
-	<key>AppGroupId</key>
-	<string>$(CUSTOM_GROUP_ID)</string>
 	<key>NSAppTransportSecurity</key>
 	<dict>
 		<key>NSAllowsArbitraryLoads</key>

mobile/ios/WidgetExtension/WidgetExtension.entitlements

@@ -4,7 +4,7 @@
   <dict>
     <key>com.apple.security.application-groups</key>
     <array>
-      <string>$(CUSTOM_GROUP_ID)</string>
+      <string>group.app.immich.share</string>
     </array>
   </dict>
 </plist>

mobile/ios/fastlane/Fastfile

@@ -21,7 +21,6 @@ platform :ios do
   CODE_SIGN_IDENTITY = "Apple Distribution: FUTO Holdings, Inc. (#{TEAM_ID})"
   BASE_BUNDLE_ID = "app.alextran.immich"
   DEV_BUNDLE_ID  = "tech.futo.immich.testflight"
-  DEV_GROUP_ID   = "group.app.immich.share.testflight"
 
   # Helper method to get App Store Connect API key
   def get_api_key
@@ -34,13 +33,6 @@ platform :ios do
     )
   end
   
-  # Helper method to assemble xcargs with optional CUSTOM_GROUP_ID override
-  def build_xcargs(group_id: nil)
-    args = "-skipMacroValidation CODE_SIGN_IDENTITY='#{CODE_SIGN_IDENTITY}' CODE_SIGN_STYLE=Manual"
-    args += " CUSTOM_GROUP_ID='#{group_id}'" if group_id
-    args
-  end
-
   # Helper method to get version from pubspec.yaml
 def get_version_from_pubspec
   require 'yaml'
@@ -97,8 +89,7 @@ end
     version_number: nil,
     profile_name_main:,
     profile_name_share:,
-    profile_name_widget:,
-    group_id: nil
+    profile_name_widget:
   )
     app_identifier = base_bundle_id
 
@@ -106,7 +97,7 @@ end
     if version_number
       increment_version_number(version_number: version_number)
     end
-
+    
     # Increment build number
     increment_build_number(
       build_number: latest_testflight_build_number(
@@ -115,14 +106,14 @@ end
       ) + 1,
       xcodeproj: "./Runner.xcodeproj"
     )
-
+    
     # Build the app
     build_app(
       scheme: "Runner",
       workspace: "Runner.xcworkspace",
       configuration: configuration,
       export_method: "app-store",
-      xcargs: build_xcargs(group_id: group_id),
+      xcargs: "-skipMacroValidation CODE_SIGN_IDENTITY='#{CODE_SIGN_IDENTITY}' CODE_SIGN_STYLE=Manual",
       export_options: {
         provisioningProfiles: {
           "#{app_identifier}" => profile_name_main,
@@ -174,8 +165,7 @@ end
       distribute_external: false,
       profile_name_main: main_profile_name,
       profile_name_share: share_profile_name,
-      profile_name_widget: widget_profile_name,
-      group_id: DEV_GROUP_ID
+      profile_name_widget: widget_profile_name
     )
   end
 
@@ -284,7 +274,7 @@ end
       configuration: "Release",
       export_method: "app-store",
       skip_package_ipa: true,
-      xcargs: build_xcargs(group_id: DEV_GROUP_ID),
+      xcargs: "-skipMacroValidation CODE_SIGN_IDENTITY='#{CODE_SIGN_IDENTITY}' CODE_SIGN_STYLE=Manual",
       export_options: {
         provisioningProfiles: {
           DEV_BUNDLE_ID => main_profile_name,

mobile/lib/constants/constants.dart

@@ -30,6 +30,7 @@ const int kTimelineAssetLoadBatchSize = 1024;
 const int kTimelineAssetLoadOppositeSize = 64;
 
 // Widget keys
+const String appShareGroupId = "group.app.immich.share";
 const String kWidgetAuthToken = "widget_auth_token";
 const String kWidgetServerEndpoint = "widget_server_url";
 const String kWidgetCustomHeaders = "widget_custom_headers";

mobile/lib/repositories/widget.repository.dart

@@ -13,4 +13,8 @@ class WidgetRepository {
   Future<void> refresh(String iosName, String androidName) async {
     await HomeWidget.updateWidget(iOSName: iosName, qualifiedAndroidName: androidName);
   }
+
+  Future<void> setAppGroupId(String appGroupId) async {
+    await HomeWidget.setAppGroupId(appGroupId);
+  }
 }

mobile/lib/services/widget.service.dart

@@ -12,6 +12,7 @@ class WidgetService {
   const WidgetService(this._repository);
 
   Future<void> writeCredentials(String serverURL, String sessionKey, String? customHeaders) async {
+    await _repository.setAppGroupId(appShareGroupId);
     await _repository.saveData(kWidgetServerEndpoint, serverURL);
     await _repository.saveData(kWidgetAuthToken, sessionKey);
 
@@ -24,6 +25,7 @@ class WidgetService {
   }
 
   Future<void> clearCredentials() async {
+    await _repository.setAppGroupId(appShareGroupId);
     await _repository.saveData(kWidgetServerEndpoint, "");
     await _repository.saveData(kWidgetAuthToken, "");
     await _repository.saveData(kWidgetCustomHeaders, "");

open-api/immich-openapi-specs.json

@@ -11,9 +11,6 @@
             "required": true,
             "in": "query",
             "description": "Album ID",
-            "x-nestjs_zod-parent-metadata": {
-              "description": "Activity search"
-            },
             "schema": {
               "format": "uuid",
               "pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$",
@@ -25,9 +22,6 @@
             "required": false,
             "in": "query",
             "description": "Asset ID (if activity is for an asset)",
-            "x-nestjs_zod-parent-metadata": {
-              "description": "Activity search"
-            },
             "schema": {
               "format": "uuid",
               "pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$",
@@ -38,9 +32,6 @@
             "name": "level",
             "required": false,
             "in": "query",
-            "x-nestjs_zod-parent-metadata": {
-              "description": "Activity search"
-            },
             "schema": {
               "$ref": "#/components/schemas/ReactionLevel"
             }
@@ -49,9 +40,6 @@
             "name": "type",
             "required": false,
             "in": "query",
-            "x-nestjs_zod-parent-metadata": {
-              "description": "Activity search"
-            },
             "schema": {
               "$ref": "#/components/schemas/ReactionType"
             }
@@ -61,9 +49,6 @@
             "required": false,
             "in": "query",
             "description": "Filter by user ID",
-            "x-nestjs_zod-parent-metadata": {
-              "description": "Activity search"
-            },
             "schema": {
               "format": "uuid",
               "pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$",
@@ -187,9 +172,6 @@
             "required": true,
             "in": "query",
             "description": "Album ID",
-            "x-nestjs_zod-parent-metadata": {
-              "description": "Activity"
-            },
             "schema": {
               "format": "uuid",
               "pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$",
@@ -201,9 +183,6 @@
             "required": false,
             "in": "query",
             "description": "Asset ID (if activity is for an asset)",
-            "x-nestjs_zod-parent-metadata": {
-              "description": "Activity"
-            },
             "schema": {
               "format": "uuid",
               "pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$",

server/src/dtos/activity.dto.ts

@@ -36,18 +36,16 @@ const ActivityStatisticsResponseSchema = z
   })
   .meta({ id: 'ActivityStatisticsResponseDto' });
 
-const ActivitySchema = z
-  .object({
-    albumId: z.uuidv4().describe('Album ID'),
-    assetId: z.uuidv4().optional().describe('Asset ID (if activity is for an asset)'),
-  })
-  .describe('Activity');
+const ActivitySchema = z.object({
+  albumId: z.uuidv4().describe('Album ID'),
+  assetId: z.uuidv4().optional().describe('Asset ID (if activity is for an asset)'),
+});
 
 const ActivitySearchSchema = ActivitySchema.extend({
   type: ReactionTypeSchema.optional(),
   level: ReactionLevelSchema.optional(),
   userId: z.uuidv4().optional().describe('Filter by user ID'),
-}).describe('Activity search');
+});
 
 const ActivityCreateSchema = ActivitySchema.extend({
   type: ReactionTypeSchema,