Update ja.ts

* chore: bump version to 3.0.0 [skip ci]

* fix: resolve dead wiki links across install and config pages

* fix(reservations): restore correct day assignment for non-transport bookings

v3.0.0 switched the planner from rendering reservations by
reservation_time to rendering them by day_id (commit 3f61e1c), but
migration 110 only backfilled day_id for transport types. Tours,
restaurants, events and 'other' bookings kept whatever day_id was
stored in the DB — often the trip's first day, from older code paths
that defaulted it there — so after the upgrade those rows all show
up on day 1 regardless of their actual reservation_time.

- Migration 122: for every non-hotel reservation, null out any
  day_id / end_day_id that does not match the reservation's time,
  then backfill it from reservation_time / reservation_end_time.
  Idempotent; leaves already-correct rows alone.
- reservationService.createReservation / updateReservation now
  derive day_id / end_day_id from reservation_time /
  reservation_end_time when the client didn't send one explicitly,
  so the mismatch cannot reappear on new or edited bookings.
  Hotels are skipped because they store their date range on the
  linked day_accommodation.

* chore: bump version to 3.0.1 [skip ci]

* fix(oidc): normalize discovery doc issuer before comparison

Trailing slash in doc.issuer (e.g. Authentik) caused a mismatch against
the already-normalized configured issuer, breaking OIDC login entirely.

Closes #834

* test(systemNotices): exclude v3 upgrade notices from login_count-only tests

Tests that expect an empty notice list were using first_seen_version='0.0.0'
(DB default), which matches the existingUserBeforeVersion('3.0.0') condition
now that the app is at 3.0.1. Set first_seen_version='3.0.0' so only the
firstLogin condition controls visibility in these tests.

* chore: bump version to 3.0.2 [skip ci]

* fix(oidc): normalize id_token iss claim before issuer comparison (#837)

jwt.verify does an exact string match on the issuer. Providers like
Authentik include a trailing slash in the id_token iss claim while the
configured issuer is already normalized (no trailing slash), causing
every login attempt to fail with jwt issuer invalid.

Move the issuer check out of jwt.verify options and apply the same
trailing-slash normalization used in the discovery doc validation.
Also adds OIDC-SVC-033–036 unit tests covering exact match, trailing
slash, wrong issuer, and wrong audience cases.

Closes #834

* chore: bump version to 3.0.3 [skip ci]

* fix(oidc,ui): restore Authentik login and fix mobile delete dialog (#845)

OIDC: when OIDC_DISCOVERY_URL is explicitly set, trust the discovery
doc's issuer for id_token comparison instead of rejecting a path
mismatch as an error. Authentik (and similar realm-path providers)
return a canonical issuer like /application/o/<slug>/ that differs
from the operator's base OIDC_ISSUER. Strict equality blocked login
in 3.x despite working in v2. Default discovery (no custom URL) keeps
the strict check. Adds OIDC-SVC-037/038/039.

UI: ConfirmDialog and CopyTripDialog lacked the --bottom-nav-h
paddingBottom offset that other overlays already use. On mobile portrait
the action buttons were hidden behind the sticky bottom nav bar.

Closes #843
Closes #844

* chore: bump version to 3.0.4 [skip ci]

* fix(files): open attachments only in new tab (#840)

window.open with noreferrer returns null, which triggered the popup-blocked download fallback in addition to the new-tab open. Use a target=_blank anchor click instead.

* chore: bump version to 3.0.5 [skip ci]

* fix(journey,pdf): journey reorder sort_order + PDF multi-day transport (#848)

* fix(journey): make sort_order authoritative for within-day entry ordering

Reorder buttons appeared broken because the server ORDER BY put entry_time
before sort_order, so entries synced from trip places with differing times
would always sort by time regardless of sort_order writes. The client store
mirrored the same comparator, making even the optimistic update invisible.

- Change ORDER BY to (entry_date, sort_order, id) in getJourneyFull and listEntries
- Fix syncTripPlaces and onPlaceCreated to assign MAX+1 sort_order per day instead of day_number/0
- Update client store comparator to match
- Add DB migration to backfill sort_order using old effective key (entry_time, id) so existing journeys retain their visual order
- Add tests: JOURNEY-SVC-089–093, FE-STORE-JOURNEY-018–019

Closes #846

* fix(pdf): include multi-day transport return/arrival in PDF itinerary (#847)

Reservations were matched to days by pickup date only, so the end-day
card (e.g. car Return, flight Arrival) was silently dropped from the PDF.
Add span-aware helpers mirroring DayPlanSidebar logic: match by day_id/end_day_id
span, show reservation_end_time on end days, prefix title with phase label
(Return/Arrival/etc.), and use per-day position for sort order.

* test(pdf): add missing day_id to transport reservation fixture

* chore: bump version to 3.0.6 [skip ci]

* [Snyk] Security upgrade uuid from 9.0.1 to 14.0.0 (#849)

* fix: server/package.json & server/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-UUID-16133035

* fix: bump fast-xml-parser version

---------

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: jubnl <jgunther021@gmail.com>

* chore: bump version to 3.0.7 [skip ci]

* fix: hot fixes 23-04-2026 (#856)

* fix(packing): resolve avatar URL path in bag and category assignees (#854)

packingService was returning raw avatar filenames from the DB instead of
the full /uploads/avatars/<filename> path, causing broken profile images
for users with uploaded avatars.

* fix(budget): use Map.get() to fix category rename no-op (#855)

* fix(security): relax Referrer-Policy and document HSTS_INCLUDE_SUBDOMAINS (#862) (#863)

- Change Helmet default from no-referrer to strict-origin-when-cross-origin
  so browsers send the origin on cross-origin requests, allowing Google Maps
  API key restrictions by HTTP referrer to work correctly
- Document HSTS_INCLUDE_SUBDOMAINS in all deployment artifacts:
  .env.example, docker-compose.yml, README.md, unraid-template.xml,
  charts/values.yaml, charts/configmap.yaml, wiki/Environment-Variables.md

* fix(planner): prefetch budget items on trip page mount (#864)

Loads budgetItems alongside reservations when TripPlannerPage mounts so
the Budget category dropdown in ReservationModal and TransportModal shows
pre-existing categories on first open, regardless of whether the Budget
tab has been visited.

Closes #861

* fix(reservations): prevent Invalid Date when end time is set without end date (#866)

When reservation_end_time held a bare time string ("HH:MM"), fmtDate()
produced Invalid Date on the reservation card.

- Modal: when end date is blank but end time is filled, construct a
  same-day ISO datetime using the start date (prevents time-only strings
  from ever being persisted)
- Panel: derive endDatePart via regex so date-only end values ("YYYY-MM-DD")
  still show the multi-day range, while bare time strings are skipped and
  handled correctly by the existing time column logic

Closes #860

* fix(planner): format reservation end time instead of rendering raw ISO string (#867)

Closes #859

* fix(planner): wire Route toggle into mobile day sidebar (#850) (#868)

The per-booking Route icon was missing on mobile because the mobile
DayPlanSidebar invocation in TripPlannerPage didn't pass
visibleConnectionIds or onToggleConnection. Mobile PWA users couldn't
activate reservation map overlays without forcing desktop mode.

Also corrects the Map-Features wiki: fixes the setting name
("Booking route labels" not "Show connection labels"), documents the
route_calculation requirement for travel-time pills, and explains that
overlays are off by default and must be toggled per reservation.

* chore: bump version to 3.0.8 [skip ci]

* docs(wiki): add MCP OAuth troubleshooting entry for missing APP_URL

* Fix demo banner overlapping bottom tab bar on mobile

The demo welcome modal extended below the mobile bottom tab bar,
hiding the dismiss button so visitors couldn't close it.

- Use dvh so mobile URL bar is accounted for correctly
- Reserve ~80px of bottom padding for the tab bar
- Make the footer sticky so the dismiss button stays visible
  while scrolling through the modal content
- Bump z-index to ensure the overlay sits above the tab bar

* Fix 500 on reservation edit after DB reinit (issue #883)

saveEndpoints was bound at module load via db.transaction(...). When the
demo-mode hourly reset (or a self-hoster's backup restore) closes the DB
connection and reinitialises it, the bound transaction still references
the now-closed connection — every subsequent reservation save with an
endpoints field throws "The database connection is not open", which the
client surfaces as "Internal server error".

Bind the transaction lazily on each call so it always runs against the
current connection.

* Fix exit code 132 on old CPUs by replacing sharp with jimp (issue #888) (#895)

sharp's prebuilt Linux x64 binary requires SSE4.2 (x86-64-v2), causing a
SIGILL crash on older hardware (e.g. AMD A6-3420M). Replace with jimp, a
pure-JS image library with no native binaries. Also skip thumbnail generation
entirely when the Journey addon is disabled (the default), preventing the
issue for most installs regardless of the image library used.

* chore: Add Trademark policy

* chore: Add Trademark policy

* chore: bump version to 3.0.9 [skip ci]

---------

Co-authored-by: Maurice <61554723+mauriceboe@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Maurice <mauriceboe@icloud.com>
Co-authored-by: Xre0uS <36565320+Xre0uS@users.noreply.github.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>

charts/trek/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
 name: trek
-version: 3.0.21
+version: 3.0.18
 description: Minimal Helm chart for TREK app
-appVersion: "3.0.21"
+appVersion: "3.0.18"

client/package-lock.json

@@ -1,17 +1,16 @@
 {
   "name": "trek-client",
-  "version": "3.0.21",
+  "version": "3.0.18",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "trek-client",
-      "version": "3.0.21",
+      "version": "3.0.18",
       "dependencies": {
         "@react-pdf/renderer": "^4.3.2",
         "axios": "^1.6.7",
         "dexie": "^4.4.2",
-        "heic-to": "^1.4.2",
         "leaflet": "^1.9.4",
         "lucide-react": "^0.344.0",
         "mapbox-gl": "^3.22.0",
@@ -5828,12 +5827,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/heic-to": {
-      "version": "1.4.2",
-      "resolved": "https://registry.npmjs.org/heic-to/-/heic-to-1.4.2.tgz",
-      "integrity": "sha512-y69thwxfNcEm2Vk8lbOD/cMabnvMJyOREfJYiCHcXCDqlfcPyJoBhyRc8+iDe1B95LRfpbTOpzxzY1xbRkdwBA==",
-      "license": "LGPL-3.0"
-    },
     "node_modules/hsl-to-hex": {
       "version": "1.0.0",
       "license": "MIT",

client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "trek-client",
-  "version": "3.0.21",
+  "version": "3.0.18",
   "private": true,
   "type": "module",
   "scripts": {
@@ -18,7 +18,6 @@
     "@react-pdf/renderer": "^4.3.2",
     "axios": "^1.6.7",
     "dexie": "^4.4.2",
-    "heic-to": "^1.4.2",
     "leaflet": "^1.9.4",
     "lucide-react": "^0.344.0",
     "mapbox-gl": "^3.22.0",

client/src/components/Map/mapboxSetup.ts

@@ -8,15 +8,13 @@ export function isStandardFamily(style: string): boolean {
   return style === 'mapbox://styles/mapbox/standard' || style === 'mapbox://styles/mapbox/standard-satellite'
 }
 
-// Terrain is only genuinely useful for styles that benefit from elevation
-// data. On flat vector styles (streets/light/dark) it nudges route lines
-// onto the DEM while HTML markers stay at Z=0, causing a visible drift
-// when the map is pitched. Satellite and Outdoors are the intended styles
-// for terrain; markers are re-pinned by syncMarkerAltitudes().
+// Terrain is only genuinely useful for the satellite imagery styles — on
+// clean flat styles like streets/light/dark it nudges route lines onto
+// the DEM while our HTML markers stay at Z=0, which causes the visible
+// offset when the map is pitched. Restrict terrain to satellite.
 export function wantsTerrain(style: string): boolean {
   return style === 'mapbox://styles/mapbox/satellite-v9'
       || style === 'mapbox://styles/mapbox/satellite-streets-v12'
-      || style === 'mapbox://styles/mapbox/outdoors-v12'
 }
 
 // 3D can be added to every style now — the standard family has it built-in

client/src/components/Planner/PlaceInspector.tsx

@@ -169,10 +169,7 @@ export default function PlaceInspector({
 
   const category = categories?.find(c => c.id === place.category_id)
   const dayAssignments = selectedDayId ? (assignments[String(selectedDayId)] || []) : []
-  const assignmentInDay = selectedDayId
-    ? ((selectedAssignmentId ? dayAssignments.find(a => a.id === selectedAssignmentId) : null)
-      ?? dayAssignments.find(a => a.place?.id === place.id))
-    : null
+  const assignmentInDay = selectedDayId ? dayAssignments.find(a => a.place?.id === place.id) : null
 
   const openingHours = googleDetails?.opening_hours || null
   const openNow = googleDetails?.open_now ?? null

client/src/i18n/TranslationContext.tsx

@@ -15,6 +15,7 @@ import ar from './translations/ar'
 import br from './translations/br'
 import cs from './translations/cs'
 import pl from './translations/pl'
+import ja from './translations/ja'
 import { SUPPORTED_LANGUAGES, SupportedLanguageCode } from './supportedLanguages'
 
 export { SUPPORTED_LANGUAGES }
@@ -23,7 +24,7 @@ type TranslationStrings = Record<string, string | { name: string; category: stri
 
 // Keyed by SupportedLanguageCode so TypeScript enforces all languages have a translation.
 const translations: Record<SupportedLanguageCode, TranslationStrings> = {
-  de, en, es, fr, hu, it, ru, zh, 'zh-TW': zhTw, nl, id, ar, br, cs, pl,
+  de, en, es, fr, hu, it, ru, zh, 'zh-TW': zhTw, nl, id, ar, br, cs, pl, ja,
 }
 
 // Derived from SUPPORTED_LANGUAGES — add new languages there, not here.
@@ -38,7 +39,7 @@ export function getLocaleForLanguage(language: string): string {
 
 export function getIntlLanguage(language: string): string {
   if (language === 'br') return 'pt-BR'
-  return ['de', 'es', 'fr', 'hu', 'it', 'ru', 'zh', 'zh-TW', 'nl', 'ar', 'cs', 'pl', 'id'].includes(language) ? language : 'en'
+  return ['de', 'es', 'fr', 'hu', 'it', 'ru', 'zh', 'zh-TW', 'nl', 'ar', 'cs', 'pl', 'id', 'ja' ].includes(language) ? language : 'en'
 }
 
 export function isRtlLanguage(language: string): boolean {

client/src/i18n/supportedLanguages.ts

@@ -12,8 +12,9 @@ export const SUPPORTED_LANGUAGES = [
   { value: 'zh',    label: '简体中文',              locale: 'zh-CN' },
   { value: 'zh-TW', label: '繁體中文',              locale: 'zh-TW' },
   { value: 'it',    label: 'Italiano',             locale: 'it-IT' },
-  { value: 'ar',    label: 'العربية',              locale: 'ar-SA' },
+  { value: 'ar',    label: 'العربية',                 locale: 'ar-SA' },
   { value: 'id',    label: 'Bahasa Indonesia',     locale: 'id-ID' },
+  { value: 'ja',    label: '日本語',                locale: 'ja-JP' },
 ] as const
 
 export type SupportedLanguageCode = typeof SUPPORTED_LANGUAGES[number]['value']

client/src/i18n/translations/ar.ts

@@ -1674,7 +1674,6 @@ const ar: Record<string, string | { name: string; category: string }[]> = {
   'journey.settings.failedToDelete': 'فشل في الحذف',
   'journey.entries.deleteTitle': 'حذف الإدخال',
   'journey.photosUploaded': 'تم رفع {count} صورة',
-  'journey.photosUploadFailed': 'فشل رفع بعض الصور',
   'journey.photosAdded': 'تمت إضافة {count} صورة',
   'journey.picker.tripPeriod': 'فترة الرحلة',
   'journey.picker.dateRange': 'نطاق التاريخ',
@@ -1706,7 +1705,6 @@ const ar: Record<string, string | { name: string; category: string }[]> = {
 
   // Journey Entry Editor
   'journey.editor.discardChangesConfirm': 'لديك تغييرات غير محفوظة. هل تريد تجاهلها؟',
-  'journey.editor.uploadFailed': 'فشل رفع الصور',
   'journey.editor.uploadPhotos': 'رفع صور',
   'journey.editor.uploading': '...جارٍ الرفع',
   'journey.editor.fromGallery': 'من المعرض',

client/src/i18n/translations/br.ts

@@ -2077,7 +2077,6 @@ const br: Record<string, string | { name: string; category: string }[]> = {
   'journey.synced.places': 'lugares',
   'journey.synced.synced': 'sincronizado',
   'journey.editor.discardChangesConfirm': 'Você tem alterações não salvas. Descartá-las?',
-  'journey.editor.uploadFailed': 'Falha ao enviar fotos',
   'journey.editor.uploadPhotos': 'Enviar fotos',
   'journey.editor.uploading': 'Enviando...',
   'journey.editor.fromGallery': 'Da galeria',
@@ -2170,7 +2169,6 @@ const br: Record<string, string | { name: string; category: string }[]> = {
   'journey.settings.failedToDelete': 'Falha ao excluir',
   'journey.entries.deleteTitle': 'Excluir entrada',
   'journey.photosUploaded': '{count} fotos enviadas',
-  'journey.photosUploadFailed': 'Algumas fotos não foram enviadas',
   'journey.photosAdded': '{count} fotos adicionadas',
   'journey.public.notFound': 'Não encontrado',
   'journey.public.notFoundMessage': 'Esta jornada não existe ou o link expirou.',

client/src/i18n/translations/cs.ts

@@ -2082,7 +2082,6 @@ const cs: Record<string, string | { name: string; category: string }[]> = {
   'journey.synced.places': 'místa',
   'journey.synced.synced': 'synchronizováno',
   'journey.editor.discardChangesConfirm': 'Máte neuložené změny. Zahodit?',
-  'journey.editor.uploadFailed': 'Nahrávání fotek selhalo',
   'journey.editor.uploadPhotos': 'Nahrát fotky',
   'journey.editor.uploading': 'Nahrávání...',
   'journey.editor.fromGallery': 'Z galerie',
@@ -2175,7 +2174,6 @@ const cs: Record<string, string | { name: string; category: string }[]> = {
   'journey.settings.failedToDelete': 'Smazání se nezdařilo',
   'journey.entries.deleteTitle': 'Smazat záznam',
   'journey.photosUploaded': '{count} fotografií nahráno',
-  'journey.photosUploadFailed': 'Některé fotky se nepodařilo nahrát',
   'journey.photosAdded': '{count} fotografií přidáno',
   'journey.public.notFound': 'Nenalezeno',
   'journey.public.notFoundMessage': 'Tento cestovní deník neexistuje nebo odkaz vypršel.',

client/src/i18n/translations/de.ts

@@ -2085,7 +2085,6 @@ const de: Record<string, string | { name: string; category: string }[]> = {
   'journey.synced.places': 'Orte',
   'journey.synced.synced': 'synchronisiert',
   'journey.editor.discardChangesConfirm': 'Du hast ungespeicherte Änderungen. Verwerfen?',
-  'journey.editor.uploadFailed': 'Foto-Upload fehlgeschlagen',
   'journey.editor.uploadPhotos': 'Fotos hochladen',
   'journey.editor.uploading': 'Hochladen...',
   'journey.editor.fromGallery': 'Aus Galerie',
@@ -2182,7 +2181,6 @@ const de: Record<string, string | { name: string; category: string }[]> = {
   'journey.settings.failedToDelete': 'Löschen fehlgeschlagen',
   'journey.entries.deleteTitle': 'Eintrag löschen',
   'journey.photosUploaded': '{count} Fotos hochgeladen',
-  'journey.photosUploadFailed': 'Einige Fotos konnten nicht hochgeladen werden',
   'journey.photosAdded': '{count} Fotos hinzugefügt',
   'journey.public.notFound': 'Nicht gefunden',
   'journey.public.notFoundMessage': 'Diese Journey existiert nicht oder der Link ist abgelaufen.',

client/src/i18n/translations/en.ts

@@ -2111,7 +2111,6 @@ const en: Record<string, string | { name: string; category: string }[]> = {
 
   // Journey Entry Editor
   'journey.editor.discardChangesConfirm': 'You have unsaved changes. Discard them?',
-  'journey.editor.uploadFailed': 'Photo upload failed',
   'journey.editor.uploadPhotos': 'Upload photos',
   'journey.editor.uploading': 'Uploading...',
   'journey.editor.fromGallery': 'From Gallery',
@@ -2220,7 +2219,6 @@ const en: Record<string, string | { name: string; category: string }[]> = {
   'journey.settings.failedToDelete': 'Failed to delete',
   'journey.entries.deleteTitle': 'Delete Entry',
   'journey.photosUploaded': '{count} photos uploaded',
-  'journey.photosUploadFailed': 'Some photos failed to upload',
   'journey.photosAdded': '{count} photos added',
 
   // Journey — Public Page

client/src/i18n/translations/es.ts

@@ -2084,7 +2084,6 @@ const es: Record<string, string> = {
   'journey.synced.places': 'lugares',
   'journey.synced.synced': 'sincronizado',
   'journey.editor.discardChangesConfirm': 'Tienes cambios sin guardar. ¿Descartarlos?',
-  'journey.editor.uploadFailed': 'Error al subir fotos',
   'journey.editor.uploadPhotos': 'Subir fotos',
   'journey.editor.uploading': 'Subiendo...',
   'journey.editor.fromGallery': 'Desde galería',
@@ -2177,7 +2176,6 @@ const es: Record<string, string> = {
   'journey.settings.failedToDelete': 'Error al eliminar',
   'journey.entries.deleteTitle': 'Eliminar entrada',
   'journey.photosUploaded': '{count} fotos subidas',
-  'journey.photosUploadFailed': 'Algunas fotos no se pudieron subir',
   'journey.photosAdded': '{count} fotos añadidas',
   'journey.public.notFound': 'No encontrado',
   'journey.public.notFoundMessage': 'Esta travesía no existe o el enlace ha expirado.',

client/src/i18n/translations/fr.ts

@@ -2078,7 +2078,6 @@ const fr: Record<string, string> = {
   'journey.synced.places': 'lieux',
   'journey.synced.synced': 'synchronisé',
   'journey.editor.discardChangesConfirm': 'Vous avez des modifications non enregistrées. Les ignorer ?',
-  'journey.editor.uploadFailed': 'Échec du téléversement des photos',
   'journey.editor.uploadPhotos': 'Téléverser des photos',
   'journey.editor.uploading': 'Envoi...',
   'journey.editor.fromGallery': 'Depuis la galerie',
@@ -2171,7 +2170,6 @@ const fr: Record<string, string> = {
   'journey.settings.failedToDelete': 'Échec de la suppression',
   'journey.entries.deleteTitle': "Supprimer l'entrée",
   'journey.photosUploaded': '{count} photos téléversées',
-  'journey.photosUploadFailed': "Certaines photos n'ont pas pu être téléversées",
   'journey.photosAdded': '{count} photos ajoutées',
   'journey.public.notFound': 'Introuvable',
   'journey.public.notFoundMessage': 'Ce journal n\'existe pas ou le lien a expiré.',

client/src/i18n/translations/hu.ts

@@ -2079,7 +2079,6 @@ const hu: Record<string, string | { name: string; category: string }[]> = {
   'journey.synced.places': 'helyszín',
   'journey.synced.synced': 'szinkronizálva',
   'journey.editor.discardChangesConfirm': 'Mentetlen módosításaid vannak. Elveted?',
-  'journey.editor.uploadFailed': 'A fotók feltöltése sikertelen',
   'journey.editor.uploadPhotos': 'Fotók feltöltése',
   'journey.editor.uploading': 'Feltöltés...',
   'journey.editor.fromGallery': 'Galériából',
@@ -2172,7 +2171,6 @@ const hu: Record<string, string | { name: string; category: string }[]> = {
   'journey.settings.failedToDelete': 'Törlés sikertelen',
   'journey.entries.deleteTitle': 'Bejegyzés törlése',
   'journey.photosUploaded': '{count} fotó feltöltve',
-  'journey.photosUploadFailed': 'Néhány fotót nem sikerült feltölteni',
   'journey.photosAdded': '{count} fotó hozzáadva',
   'journey.public.notFound': 'Nem található',
   'journey.public.notFoundMessage': 'Ez az útinapló nem létezik vagy a link lejárt.',

client/src/i18n/translations/id.ts

@@ -2094,7 +2094,6 @@ const id: Record<string, string | { name: string; category: string }[]> = {
 
   // Journey Entry Editor
   'journey.editor.discardChangesConfirm': 'Anda memiliki perubahan yang belum disimpan. Buang?',
-  'journey.editor.uploadFailed': 'Gagal mengunggah foto',
   'journey.editor.uploadPhotos': 'Unggah foto',
   'journey.editor.uploading': 'Mengunggah...',
   'journey.editor.fromGallery': 'Dari Galeri',
@@ -2199,7 +2198,6 @@ const id: Record<string, string | { name: string; category: string }[]> = {
   'journey.settings.failedToDelete': 'Gagal menghapus',
   'journey.entries.deleteTitle': 'Hapus Entri',
   'journey.photosUploaded': '{count} foto diunggah',
-  'journey.photosUploadFailed': 'Beberapa foto gagal diunggah',
   'journey.photosAdded': '{count} foto ditambahkan',
 
   // Journey — Public Page

client/src/i18n/translations/it.ts

@@ -2079,7 +2079,6 @@ const it: Record<string, string | { name: string; category: string }[]> = {
   'journey.synced.places': 'luoghi',
   'journey.synced.synced': 'sincronizzato',
   'journey.editor.discardChangesConfirm': 'Hai modifiche non salvate. Vuoi scartarle?',
-  'journey.editor.uploadFailed': 'Caricamento foto non riuscito',
   'journey.editor.uploadPhotos': 'Carica foto',
   'journey.editor.uploading': 'Caricamento...',
   'journey.editor.fromGallery': 'Dalla galleria',
@@ -2172,7 +2171,6 @@ const it: Record<string, string | { name: string; category: string }[]> = {
   'journey.settings.failedToDelete': 'Eliminazione non riuscita',
   'journey.entries.deleteTitle': 'Elimina voce',
   'journey.photosUploaded': '{count} foto caricate',
-  'journey.photosUploadFailed': 'Alcune foto non sono state caricate',
   'journey.photosAdded': '{count} foto aggiunte',
   'journey.public.notFound': 'Non trovato',
   'journey.public.notFoundMessage': 'Questo diario non esiste o il link è scaduto.',

client/src/i18n/translations/nl.ts

@@ -2078,7 +2078,6 @@ const nl: Record<string, string> = {
   'journey.synced.places': 'plaatsen',
   'journey.synced.synced': 'gesynchroniseerd',
   'journey.editor.discardChangesConfirm': 'Je hebt niet-opgeslagen wijzigingen. Verwerpen?',
-  'journey.editor.uploadFailed': 'Foto uploaden mislukt',
   'journey.editor.uploadPhotos': 'Foto\'s uploaden',
   'journey.editor.uploading': 'Uploaden...',
   'journey.editor.fromGallery': 'Uit galerij',
@@ -2171,7 +2170,6 @@ const nl: Record<string, string> = {
   'journey.settings.failedToDelete': 'Verwijderen mislukt',
   'journey.entries.deleteTitle': 'Vermelding verwijderen',
   'journey.photosUploaded': "{count} foto's geüpload",
-  'journey.photosUploadFailed': "Sommige foto's konden niet worden geüpload",
   'journey.photosAdded': "{count} foto's toegevoegd",
   'journey.public.notFound': 'Niet gevonden',
   'journey.public.notFoundMessage': 'Dit reisverslag bestaat niet of de link is verlopen.',

client/src/i18n/translations/pl.ts

@@ -2071,7 +2071,6 @@ const pl: Record<string, string | { name: string; category: string }[]> = {
   'journey.synced.places': 'miejsca',
   'journey.synced.synced': 'zsynchronizowane',
   'journey.editor.discardChangesConfirm': 'Masz niezapisane zmiany. Odrzucić?',
-  'journey.editor.uploadFailed': 'Przesyłanie zdjęć nie powiodło się',
   'journey.editor.uploadPhotos': 'Prześlij zdjęcia',
   'journey.editor.uploading': 'Przesyłanie...',
   'journey.editor.fromGallery': 'Z galerii',
@@ -2164,7 +2163,6 @@ const pl: Record<string, string | { name: string; category: string }[]> = {
   'journey.settings.failedToDelete': 'Nie udało się usunąć',
   'journey.entries.deleteTitle': 'Usuń wpis',
   'journey.photosUploaded': '{count} zdjęć przesłanych',
-  'journey.photosUploadFailed': 'Nie udało się przesłać niektórych zdjęć',
   'journey.photosAdded': '{count} zdjęć dodanych',
   'journey.public.notFound': 'Nie znaleziono',
   'journey.public.notFoundMessage': 'Ten dziennik podróży nie istnieje lub link wygasł.',

client/src/i18n/translations/ru.ts

@@ -2078,7 +2078,6 @@ const ru: Record<string, string> = {
   'journey.synced.places': 'мест',
   'journey.synced.synced': 'синхронизировано',
   'journey.editor.discardChangesConfirm': 'У вас есть несохранённые изменения. Отменить?',
-  'journey.editor.uploadFailed': 'Не удалось загрузить фото',
   'journey.editor.uploadPhotos': 'Загрузить фото',
   'journey.editor.uploading': 'Загрузка...',
   'journey.editor.fromGallery': 'Из галереи',
@@ -2171,7 +2170,6 @@ const ru: Record<string, string> = {
   'journey.settings.failedToDelete': 'Не удалось удалить',
   'journey.entries.deleteTitle': 'Удалить запись',
   'journey.photosUploaded': '{count} фото загружено',
-  'journey.photosUploadFailed': 'Некоторые фото не удалось загрузить',
   'journey.photosAdded': '{count} фото добавлено',
   'journey.public.notFound': 'Не найдено',
   'journey.public.notFoundMessage': 'Это путешествие не существует или ссылка устарела.',

client/src/i18n/translations/zh.ts

@@ -2078,7 +2078,6 @@ const zh: Record<string, string> = {
   'journey.synced.places': '个地点',
   'journey.synced.synced': '已同步',
   'journey.editor.discardChangesConfirm': '您有未保存的更改。要放弃吗？',
-  'journey.editor.uploadFailed': '照片上传失败',
   'journey.editor.uploadPhotos': '上传照片',
   'journey.editor.uploading': '上传中...',
   'journey.editor.fromGallery': '从相册',
@@ -2171,7 +2170,6 @@ const zh: Record<string, string> = {
   'journey.settings.failedToDelete': '删除失败',
   'journey.entries.deleteTitle': '删除条目',
   'journey.photosUploaded': '{count} 张照片已上传',
-  'journey.photosUploadFailed': '部分照片上传失败',
   'journey.photosAdded': '{count} 张照片已添加',
   'journey.public.notFound': '未找到',
   'journey.public.notFoundMessage': '此旅程不存在或链接已过期。',

client/src/i18n/translations/zhTw.ts

@@ -2036,7 +2036,6 @@ const zhTw: Record<string, string> = {
   'journey.synced.places': '個地點',
   'journey.synced.synced': '已同步',
   'journey.editor.discardChangesConfirm': '您有未儲存的變更。要放棄嗎？',
-  'journey.editor.uploadFailed': '照片上傳失敗',
   'journey.editor.uploadPhotos': '上傳照片',
   'journey.editor.uploading': '上傳中...',
   'journey.editor.fromGallery': '從相簿',
@@ -2129,7 +2128,6 @@ const zhTw: Record<string, string> = {
   'journey.settings.failedToDelete': '刪除失敗',
   'journey.entries.deleteTitle': '刪除條目',
   'journey.photosUploaded': '{count} 張照片已上傳',
-  'journey.photosUploadFailed': '部分照片上傳失敗',
   'journey.photosAdded': '{count} 張照片已新增',
   'journey.public.notFound': '未找到',
   'journey.public.notFoundMessage': '此旅程不存在或連結已過期。',

client/src/pages/JourneyDetailPage.tsx

@@ -1,6 +1,5 @@
 import { useEffect, useState, useRef, useCallback, useMemo } from 'react'
 import { formatLocationName } from '../utils/formatters'
-import { normalizeImageFiles } from '../utils/convertHeic'
 import { createPortal } from 'react-dom'
 import { useParams, useNavigate } from 'react-router-dom'
 import { useJourneyStore } from '../store/journeyStore'
@@ -30,7 +29,6 @@ import MobileEntryView from '../components/Journey/MobileEntryView'
 import { useIsMobile } from '../hooks/useIsMobile'
 import type { JourneyEntry, JourneyPhoto, GalleryPhoto, JourneyTrip, JourneyDetail } from '../store/journeyStore'
 import { computeJourneyLifecycle } from '../utils/journeyLifecycle'
-import { getApiErrorMessage } from '../types'
 
 const GRADIENTS = [
   'linear-gradient(135deg, #0F172A 0%, #6366F1 45%, #EC4899 100%)',
@@ -1029,14 +1027,13 @@ function GalleryView({ entries, gallery, journeyId, userId, trips, onPhotoClick,
     if (!files?.length) return
     setGalleryUploading(true)
     try {
-      const normalized = await normalizeImageFiles(files)
       const formData = new FormData()
-      for (const f of normalized) formData.append('photos', f)
+      for (const f of files) formData.append('photos', f)
       await journeyApi.uploadGalleryPhotos(journeyId, formData)
       toast.success(t('journey.photosUploaded', { count: files.length }))
       onRefresh()
-    } catch (err) {
-      toast.error(getApiErrorMessage(err, t('journey.photosUploadFailed')))
+    } catch {
+      toast.error(t('journey.settings.coverFailed'))
     } finally {
       setGalleryUploading(false)
     }
@@ -2176,7 +2173,6 @@ function EntryEditor({ entry, journeyId, tripDates, galleryPhotos, onClose, onSa
   onDone: () => void
 }) {
   const { t } = useTranslation()
-  const toast = useToast()
   const isMobile = useIsMobile()
   const [title, setTitle] = useState(entry.title || '')
   const [story, setStory] = useState(entry.story || '')
@@ -2250,11 +2246,7 @@ function EntryEditor({ entry, journeyId, tripDates, galleryPhotos, onClose, onSa
       if (pendingFiles.length > 0 && entryId) {
         const formData = new FormData()
         for (const f of pendingFiles) formData.append('photos', f)
-        try {
-          await onUploadPhotos(entryId, formData)
-        } catch (err) {
-          toast.error(getApiErrorMessage(err, t('journey.editor.uploadFailed')))
-        }
+        await onUploadPhotos(entryId, formData)
       }
       // link gallery photos that were picked before save
       if (pendingLinkIds.length > 0 && entryId) {
@@ -2273,8 +2265,7 @@ function EntryEditor({ entry, journeyId, tripDates, galleryPhotos, onClose, onSa
     if (!files?.length) return
     // Queue files locally until Save so cancel/close actually discards. This
     // keeps photo behavior consistent with text fields — no silent persistence.
-    const normalized = await normalizeImageFiles(files)
-    setPendingFiles(prev => [...prev, ...normalized])
+    setPendingFiles(prev => [...prev, ...Array.from(files)])
   }
 
   return (

client/src/utils/convertHeic.ts

@@ -1,17 +0,0 @@
-function looksLikeHeic(file: File): boolean {
-  const ext = file.name.split('.').pop()?.toLowerCase() ?? ''
-  return ext === 'heic' || ext === 'heif' || file.type === 'image/heic' || file.type === 'image/heif'
-}
-
-export async function normalizeImageFile(file: File): Promise<File> {
-  if (!looksLikeHeic(file)) return file
-  const { isHeic, heicTo } = await import('heic-to')
-  if (!(await isHeic(file))) return file
-  const blob = await heicTo({ blob: file, type: 'image/jpeg', quality: 0.92 })
-  const jpegName = file.name.replace(/\.(heic|heif)$/i, '.jpg')
-  return new File([blob], jpegName, { type: 'image/jpeg' })
-}
-
-export async function normalizeImageFiles(files: FileList | File[]): Promise<File[]> {
-  return Promise.all(Array.from(files).map(normalizeImageFile))
-}

client/tests/unit/i18n/index.test.ts

@@ -91,7 +91,7 @@ describe('isRtlLanguage', () => {
 describe('SUPPORTED_LANGUAGES', () => {
   it('FE-COMP-I18N-009: contains expected entries with value/label shape', () => {
     expect(Array.isArray(SUPPORTED_LANGUAGES)).toBe(true)
-    expect(SUPPORTED_LANGUAGES).toHaveLength(15)
+    expect(SUPPORTED_LANGUAGES).toHaveLength(16)
     expect(SUPPORTED_LANGUAGES).toContainEqual(expect.objectContaining({ value: 'en', label: 'English' }))
     expect(SUPPORTED_LANGUAGES).toContainEqual(expect.objectContaining({ value: 'ar', label: 'العربية' }))
   })

server/package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "trek-server",
-  "version": "3.0.21",
+  "version": "3.0.18",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "trek-server",
-      "version": "3.0.21",
+      "version": "3.0.18",
       "dependencies": {
         "@modelcontextprotocol/sdk": "^1.28.0",
         "archiver": "^6.0.1",

server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "trek-server",
-  "version": "3.0.21",
+  "version": "3.0.18",
   "main": "src/index.ts",
   "scripts": {
     "start": "node --import tsx src/index.ts",

server/src/app.ts

@@ -5,7 +5,6 @@ import cookieParser from 'cookie-parser';
 import path from 'node:path';
 import fs from 'node:fs';
 
-import multer from 'multer';
 import { logDebug, logWarn, logError } from './services/auditLog';
 import { enforceGlobalMfaPolicy } from './middleware/mfaPolicy';
 import { authenticate, verifyJwtAndLoadUser } from './middleware/auth';
@@ -123,7 +122,7 @@ export function createApp(): express.Application {
     contentSecurityPolicy: {
       directives: {
         defaultSrc: ["'self'"],
-        scriptSrc: ["'self'", "'wasm-unsafe-eval'", "'unsafe-eval'"],
+        scriptSrc: ["'self'", "'wasm-unsafe-eval'"],
         styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com", "https://unpkg.com"],
         imgSrc: ["'self'", "data:", "blob:", "https:"],
         connectSrc: [
@@ -508,10 +507,6 @@ export function createApp(): express.Application {
     } else {
       console.error('Unhandled error:', err);
     }
-    if (err instanceof multer.MulterError) {
-      const status = err.code === 'LIMIT_FILE_SIZE' ? 413 : 400;
-      return res.status(status).json({ error: err.message });
-    }
     const status = err.statusCode || err.status || 500;
     // Expose the message for client errors (4xx); keep 'Internal server error' for 5xx.
     const message = status < 500 ? err.message : 'Internal server error';

server/src/mcp/oauthProvider.ts

@@ -147,8 +147,7 @@ export const trekOAuthProvider: OAuthServerProvider = {
         if (params.state) qs.set('state', params.state);
         if (params.resource) qs.set('resource', params.resource.href);
 
-        const base = getMcpSafeUrl().replace(/\/+$/, '');
-        res.redirect(302, `${base}/oauth/consent?${qs.toString()}`);
+        res.redirect(302, `/oauth/consent?${qs.toString()}`);
     },
 
     // Not called because skipLocalPkceValidation = true.

server/src/routes/journey.ts

@@ -98,7 +98,7 @@ router.delete('/entries/:entryId', authenticate, (req: Request, res: Response) =
 
 // ── Photos (prefix /photos and /entries — before /:id) ───────────────────
 
-router.post('/entries/:entryId/photos', authenticate, upload.array('photos'), async (req: Request, res: Response) => {
+router.post('/entries/:entryId/photos', authenticate, upload.array('photos', 10), async (req: Request, res: Response) => {
   const authReq = req as AuthRequest;
   const files = req.files as Express.Multer.File[];
   if (!files?.length) return res.status(400).json({ error: 'No files uploaded' });
@@ -201,7 +201,7 @@ router.delete('/photos/:photoId', authenticate, async (req: Request, res: Respon
 // ── Gallery (prefix /:id/gallery — before /:id) ──────────────────────────
 
 // Upload photos directly to the journey gallery (no entry association)
-router.post('/:id/gallery/photos', authenticate, upload.array('photos'), async (req: Request, res: Response) => {
+router.post('/:id/gallery/photos', authenticate, upload.array('photos', 20), async (req: Request, res: Response) => {
   const authReq = req as AuthRequest;
   const files = req.files as Express.Multer.File[];
   if (!files?.length) return res.status(400).json({ error: 'No files uploaded' });

server/src/services/mapsService.ts

@@ -1,7 +1,6 @@
 import { db } from '../db/database';
 import { decrypt_api_key } from './apiKeyCrypto';
 import { checkSsrf } from '../utils/ssrfGuard';
-import { getAppUrl } from './notifications';
 
 // ── Google API call counter ───────────────────────────────────────────────────
 
@@ -13,11 +12,7 @@ export function resetGoogleApiCallCount(): void { googleApiCallCount = 0; }
 function googleFetch(endpoint: string, label: string, init?: RequestInit): Promise<Response> {
   googleApiCallCount++;
   console.debug(`[Google API] #${googleApiCallCount} ${label} → ${endpoint}`);
-  const referer = process.env.APP_URL ? getAppUrl() : undefined;
-  return fetch(endpoint, {
-    ...init,
-    headers: { ...(referer ? { Referer: referer } : {}), ...(init?.headers as Record<string, string> ?? {}) },
-  });
+  return fetch(endpoint, init);
 }
 
 // ── Interfaces ───────────────────────────────────────────────────────────────

server/src/services/notifications.ts

@@ -316,12 +316,12 @@ export function getEventText(lang: string, event: NotifEventType, params: Record
 
 // ── Email HTML builder ─────────────────────────────────────────────────────
 
-export function buildEmailHtml(subject: string, body: string, lang: string, navigateTarget?: string, rawBody = false): string {
+export function buildEmailHtml(subject: string, body: string, lang: string, navigateTarget?: string): string {
   const s = I18N[lang] || I18N.en;
   const appUrl = getAppUrl();
   const ctaHref = escapeHtml(navigateTarget ? `${appUrl}${navigateTarget}` : (appUrl || ''));
   const safeSubject = escapeHtml(subject);
-  const safeBody = rawBody ? body : escapeHtml(body);
+  const safeBody = escapeHtml(body);
 
   return `<!DOCTYPE html>
 <html>
@@ -396,7 +396,7 @@ function buildPasswordResetHtml(subject: string, strings: PasswordResetStrings,
     <p style="margin:0 0 10px 0; font-size:13px; color:#6B7280;">${safeExpiry}</p>
     <p style="margin:0; font-size:13px; color:#6B7280;">${safeIgnore}</p>
   `;
-  return buildEmailHtml(subject, block, lang, undefined, true);
+  return buildEmailHtml(subject, block, lang);
 }
 
 /**

wiki/Journey-Journal.md

@@ -37,7 +37,6 @@ Each entry corresponds to a day in your journey. The entry editor provides:
 
 - **Weather** — choose one of six values: Sunny, Partly cloudy, Cloudy, Rainy, Stormy, Cold.
 - **Photos** — attach photos to the entry. The first photo becomes the card thumbnail in list views.
-  > **Note on HEIC files:** HEIC is an Apple-only format that many browsers and platforms do not recognise as an image. To ensure broad compatibility, HEIC/HEIF files are automatically converted to JPEG before upload. This conversion may result in the loss of embedded metadata (EXIF data such as GPS coordinates, camera information, etc.).
 - **Pros / Cons** — optional verdict cards. Add items to a **Pros** list (thumbs-up) or a **Cons** list (thumbs-down) to summarise what you loved or what could have been better. These are stored in the `pros_cons.pros` and `pros_cons.cons` arrays on the entry.
 - **Tags** — free-form labels (e.g. "hidden gem", "best meal").
 - **Location** — pin the entry to a map location.

wiki/Photo-Providers.md

@@ -44,7 +44,6 @@ When generating the API key in Immich (**Account Settings → API Keys**), grant
 | `asset.read` | Read photo metadata and search results |
 | `asset.view` | Load thumbnails and preview images |
 | `album.read` | List owned + shared albums and their contents |
-| `asset.download` | Download the assets |
 | `asset.upload` | *Only if you enable "Mirror journey photos to Immich on upload"* — push TREK uploads back to your library |
 
 TREK never modifies or deletes anything in Immich, so no `update`, `delete`, or admin scopes are needed.
@@ -95,4 +94,4 @@ Once a provider is connected, you can browse and attach photos to your trips. Se
 ## See also
 
 - [Admin-Addons](Admin-Addons)
-- [Internal-Network-Access](Internal-Network-Access)
+- [Internal-Network-Access](Internal-Network-Access)

wiki/Places-and-Search.md

@@ -21,8 +21,6 @@ Type in the search box at the top of the form. After 2 or more characters, with
 
 When a key is present, the autocomplete uses the Google Places API, which can return ratings, opening hours, photos, and phone numbers from Google's database.
 
-> **API key restrictions:** TREK calls the Google Places API from the server, not the browser. If you apply **HTTP referrers** restrictions to your key in Google Cloud Console, you must also set `APP_URL` in your environment — TREK sends it as the `Referer` header on every outbound Google API request. Without it, Google will reject all server-side calls with `REQUEST_DENIED`. For server-side deployments, **IP address** restrictions are simpler and require no extra configuration. See [Troubleshooting](Troubleshooting) if photos are missing after adding a key.
-
 ### Without a Google Maps API key
 
 TREK falls back to OpenStreetMap (Nominatim) automatically — no API key needed. A notice appears above the search box explaining that OpenStreetMap is in use and that photos, ratings, and opening hours are unavailable. Results include name, address, and coordinates.

wiki/Troubleshooting.md

@@ -223,45 +223,6 @@ If `ALLOWED_ORIGINS` is not set, TREK allows all origins (development default).
 
 ---
 
-## Place photos not loading / place thumbnail shows default map pin (Google Maps API key configured)
-
-**Cause:** When a Google Maps API key is set, TREK fetches photo references and image bytes from the Google Places API on the server side. If the server-side call is rejected or returns no photos, the `/place-photo/:id` endpoint returns 404 and the place falls back to the default map-pin thumbnail. The most common causes are:
-
-1. **HTTP referrer restriction on the API key.** Google Cloud Console lets you restrict a key to specific HTTP referrers. Because TREK calls Google from the server (not the browser), it sends a `Referer` header derived from `APP_URL`. If `APP_URL` is not set, the fallback is `http://localhost:<PORT>`, which will not match any domain whitelist in GCP.
-
-2. **Wrong key restriction type.** API keys restricted by **HTTP referrers** are designed for browser-side JavaScript. For a self-hosted server application, use **IP address** restrictions instead — add the public IP of your TREK server and no `APP_URL` configuration is needed.
-
-3. **Places API (New) not enabled.** The key must have **Places API (New)** enabled in Google Cloud Console under APIs & Services → Enabled APIs. Enabling only the legacy Places API is not sufficient.
-
-4. **Billing not set up.** Google requires a billing account to be linked to the project even within the free tier. Without it, photo and details requests return `REQUEST_DENIED`.
-
-**Fix for HTTP referrer restriction:**
-
-Set `APP_URL` to the public URL of your instance and add that URL (or its domain with a wildcard, e.g. `https://trek.example.com/*`) to the allowed referrers in GCP:
-
-```yaml
-environment:
-  - APP_URL=https://trek.example.com
-```
-
-**Fix for wrong restriction type:**
-
-Switch the key's "Application restrictions" from **HTTP referrers** to **IP addresses** in Google Cloud Console, and add your server's public IP. No `APP_URL` change needed.
-
-**Verifying the issue:**
-
-Run the following curl command using your key to check whether Google returns photo references:
-
-```bash
-curl "https://places.googleapis.com/v1/places/<PLACE_ID>" \
-  -H "X-Goog-Api-Key: YOUR_API_KEY" \
-  -H "X-Goog-FieldMask: photos"
-```
-
-If the response is `{}` or `{"error": {...}}`, the key or its restrictions are blocking the request. If it returns a `photos` array, the key is valid and the issue is elsewhere.
-
----
-
 ## MCP OAuth flow does not initiate / "Connect" redirects but authentication never starts
 
 **Cause:** TREK builds the OAuth 2.1 redirect URI from `APP_URL`. If `APP_URL` is not set, the authorization URL is constructed from a localhost fallback that external clients (Claude.ai, Claude Desktop) cannot reach, so the OAuth handshake never completes.