From c340a75eda6f4f772a5447033e843f7260a5ef94 Mon Sep 17 00:00:00 2001 From: Tanner Collin Date: Thu, 22 Jan 2026 11:44:34 -0700 Subject: [PATCH] docs: Update README for local file saving and simplified flow Co-authored-by: aider (gemini/gemini-2.5-pro) --- README.md | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 6a3442b..c583fea 100644 --- a/README.md +++ b/README.md @@ -200,33 +200,28 @@ You can keep a checked‑in `/.env.example` with the keys above for onboarding. ## How it works -1. **Queue** – Files selected in the browser are queued; each gets a client‑side ID. -2. **De‑dupe (local)** – Server computes **SHA‑1** and checks `state.db`. If seen, marks as **duplicate**. -3. **De‑dupe (server)** – Attempts Immich `/assets/bulk-upload-check`; if Immich reports duplicate, marks accordingly. -4. **Upload** – Multipart POST to `${IMMICH_BASE_URL}/assets` with: - - `assetData`, `deviceAssetId`, `deviceId`, - - `fileCreatedAt`, `fileModifiedAt` (from EXIF when available; else `lastModified`), - - `isFavorite=false`, `filename`, and header `x-immich-checksum`. -5. **Album** – If `IMMICH_ALBUM_NAME` is configured, adds the uploaded asset to the album (creates album if it doesn't exist). -6. **Progress** – Backend streams progress via WebSocket to the same session. -7. **Privacy** – UI shows only the current session's items. It never lists server media. +1. **Queue** – Files selected in the browser are queued; each gets a client-side ID. +2. **De-dupe (local)** – Server computes **SHA‑1** and checks `state.db`. If seen, marks as **duplicate**. +3. **Save** – The file is saved to the local filesystem under `./data/uploads`. +4. **Album** – If an album is specified via an invite link, or a folder name is provided on the public page, the file is saved into a corresponding subdirectory. Client-side folder structure is also preserved. +5. **Progress** – Backend streams progress via WebSocket to the same session. +6. **Privacy** – The UI shows only the current session's items. It does not provide a way to browse saved files. --- ## Security notes -- The menu and invite creation are behind login. Logout clears the session. -- Invite links are public by URL; share only with intended recipients. -- The default uploader page at `/` is disabled unless `PUBLIC_UPLOAD_PAGE_ENABLED=true`. -- The Immich API key remains **server‑side**; the browser never sees it. -- No browsing of uploaded media; only ephemeral session state is shown. +- The menu and invite creation are behind login. Logout clears the session. +- Invite links are public by URL; share only with intended recipients. +- The default uploader page at `/` is disabled unless `PUBLIC_UPLOAD_PAGE_ENABLED=true`. +- No browsing of uploaded media; only ephemeral session state is shown. - Run behind HTTPS with a reverse proxy and restrict CORS to your domain(s). ## Usage flow -- Admin: Login → Menu → Create invite link (optionally one‑time / expiry / album) → Share link or QR. -- Guest: Open invite link → Drop files → Upload progress and results shown. -- Optional: Enable public uploader and set `IMMICH_ALBUM_NAME` for a default landing page. +- Admin: Login → Menu → Create invite link (optionally one-time / expiry / album) → Share link or QR. +- Guest: Open invite link → Drop files → Upload progress and results shown. +- Optional: Enable public uploader for a default landing page. ---