refactor: removed unnecessary import

fix: null contraint with mediaAddedAt; fix psql col type
fix: incorrect current date function
2025-12-24 10:49:30 -05:00 · 2024-12-04 18:23:53 -05:00 · 2024-12-04 18:21:20 -05:00 · 2024-12-04 15:31:30 -05:00 · 2024-11-25 15:40:32 -05:00 · 2024-11-25 12:54:42 -05:00
163 changed files with 4483 additions and 1102 deletions
--- a/.all-contributorsrc
+++ b/.all-contributorsrc
@@ -439,6 +439,78 @@
      "contributions": [
        "code"
      ]
+    },
+    {
+      "login": "M0NsTeRRR",
+      "name": "Ludovic Ortega",
+      "avatar_url": "https://avatars.githubusercontent.com/u/37785089?v=4",
+      "profile": "https://github.com/M0NsTeRRR",
+      "contributions": [
+        "security"
+      ]
+    },
+    {
+      "login": "j0srisk",
+      "name": "Joseph Risk",
+      "avatar_url": "https://avatars.githubusercontent.com/u/18372584?v=4",
+      "profile": "http://josephrisk.com",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Loetwiek",
+      "name": "Loetwiek",
+      "avatar_url": "https://avatars.githubusercontent.com/u/79059734?v=4",
+      "profile": "https://github.com/Loetwiek",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Fuochi",
+      "name": "Fuochi",
+      "avatar_url": "https://avatars.githubusercontent.com/u/4720478?v=4",
+      "profile": "https://github.com/Fuochi",
+      "contributions": [
+        "doc"
+      ]
+    },
+    {
+      "login": "demrich",
+      "name": "David Emrich",
+      "avatar_url": "https://avatars.githubusercontent.com/u/30092389?v=4",
+      "profile": "https://github.com/demrich",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "maxnatamo",
+      "name": "Max T. Kristiansen",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5898152?v=4",
+      "profile": "https://maxtrier.dk",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "DamsDev1",
+      "name": "Damien Fajole",
+      "avatar_url": "https://avatars.githubusercontent.com/u/60252259?v=4",
+      "profile": "https://damsdev.me",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "AhmedNSidd",
+      "name": "Ahmed Siddiqui",
+      "avatar_url": "https://avatars.githubusercontent.com/u/36286128?v=4",
+      "profile": "https://github.com/AhmedNSidd",
+      "contributions": [
+        "code"
+      ]
    }
  ]
 }
--- a/.dockerignore
+++ b/.dockerignore
@@ -18,7 +18,7 @@ config/logs/*
 config/*.json
 dist
 Dockerfile*
-docker-compose.yml
+compose.yaml
 docs
 LICENSE
 node_modules
--- a/.gitattributes
+++ b/.gitattributes
@@ -40,7 +40,7 @@ docs export-ignore
 .all-contributorsrc export-ignore
 .editorconfig export-ignore
 Dockerfile.local export-ignore
-docker-compose.yml export-ignore
+compose.yaml export-ignore
 stylelint.config.js export-ignore

 public/os_logo_filled.png export-ignore
--- a/.github/ISSUE_TEMPLATE/bug.yml
+++ b/.github/ISSUE_TEMPLATE/bug.yml
@@ -1,6 +1,6 @@
 name: 🐛 Bug Report
 description: Report a problem
-labels: ['type:bug', 'awaiting-triage']
+labels: ['bug', 'awaiting triage']
 body:
  - type: markdown
    attributes:
@@ -55,6 +55,14 @@ body:
        - tablet
    validations:
      required: true
+  - type: dropdown
+    id: database
+    attributes:
+      options:
+        - SQLite (default)
+        - PostgreSQL
+      label: Database
+      description: Which database backend are you using?
  - type: input
    id: device
    attributes:
--- a/.github/ISSUE_TEMPLATE/enhancement.yml
+++ b/.github/ISSUE_TEMPLATE/enhancement.yml
@@ -1,6 +1,6 @@
 name: ✨ Feature Request
 description: Suggest an idea
-labels: ['type:enhancement', 'awaiting-triage']
+labels: ['enhancement', 'awaiting triage']
 body:
  - type: markdown
    attributes:
--- a/.gitignore
+++ b/.gitignore
@@ -34,6 +34,7 @@ yarn-error.log*
 # database
 config/db/*.sqlite3*
 config/settings.json
+config/settings.old.json

 # logs
 config/logs/*.log*
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -48,11 +48,11 @@ All help is welcome and greatly appreciated! If you would like to contribute to
 4. Run the development environment:

   ```bash
-   pnpm
+   pnpm install
   pnpm dev
   ```

-   - Alternatively, you can use [Docker](https://www.docker.com/) with `docker-compose up -d`. This method does not require installing NodeJS or Yarn on your machine directly.
+   - Alternatively, you can use [Docker](https://www.docker.com/) with `docker compose up -d`. This method does not require installing NodeJS or Yarn on your machine directly.

 5. Create your patch and test your changes.

--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
 <a href="http://translate.jellyseerr.dev/engage/jellyseerr/"><img src="http://translate.jellyseerr.dev/widget/jellyseerr/jellyseerr-frontend/svg-badge.svg" alt="Translation status" /></a>
 <a href="https://github.com/fallenbagel/jellyseerr/blob/develop/LICENSE"><img alt="GitHub" src="https://img.shields.io/github/license/fallenbagel/jellyseerr"></a>
 <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
-<a href="#contributors-"><img alt="All Contributors" src="https://img.shields.io/badge/all_contributors-47-orange.svg"/></a>
+<a href="#contributors-"><img alt="All Contributors" src="https://img.shields.io/badge/all_contributors-48-orange.svg"/></a>
 <!-- ALL-CONTRIBUTORS-BADGE:END -->

 **Jellyseerr** is a free and open source software application for managing requests for your media library.
@@ -146,6 +146,7 @@ Thanks goes to these wonderful people from Overseerr ([emoji key](https://allcon
      <td align="center" valign="top" width="14.28%"><a href="https://github.com/XDark187"><img src="https://avatars.githubusercontent.com/u/39034192?v=4?s=100" width="100px;" alt="Baraa"/><br /><sub><b>Baraa</b></sub></a><br /><a href="https://github.com/Fallenbagel/jellyseerr/commits?author=XDark187" title="Code">💻</a></td>
      <td align="center" valign="top" width="14.28%"><a href="https://github.com/franciscofsales"><img src="https://avatars.githubusercontent.com/u/7977645?v=4?s=100" width="100px;" alt="Francisco Sales"/><br /><sub><b>Francisco Sales</b></sub></a><br /><a href="https://github.com/Fallenbagel/jellyseerr/commits?author=franciscofsales" title="Code">💻</a></td>
      <td align="center" valign="top" width="14.28%"><a href="https://github.com/myselfolli"><img src="https://avatars.githubusercontent.com/u/37535998?v=4?s=100" width="100px;" alt="Oliver Laing"/><br /><sub><b>Oliver Laing</b></sub></a><br /><a href="https://github.com/Fallenbagel/jellyseerr/commits?author=myselfolli" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/M0NsTeRRR"><img src="https://avatars.githubusercontent.com/u/37785089?v=4?s=100" width="100px;" alt="Ludovic Ortega"/><br /><sub><b>Ludovic Ortega</b></sub></a><br /><a href="#security-M0NsTeRRR" title="Security">🛡️</a></td>
    </tr>
  </tbody>
 </table>
@@ -290,6 +291,12 @@ Thanks goes to these wonderful people from Overseerr ([emoji key](https://allcon
      <td align="center" valign="top" width="14.28%"><a href="http://josephrisk.com"><img src="https://avatars.githubusercontent.com/u/18372584?v=4?s=100" width="100px;" alt="Joseph Risk"/><br /><sub><b>Joseph Risk</b></sub></a><br /><a href="https://github.com/sct/overseerr/commits?author=j0srisk" title="Code">💻</a></td>
      <td align="center" valign="top" width="14.28%"><a href="https://github.com/Loetwiek"><img src="https://avatars.githubusercontent.com/u/79059734?v=4?s=100" width="100px;" alt="Loetwiek"/><br /><sub><b>Loetwiek</b></sub></a><br /><a href="https://github.com/sct/overseerr/commits?author=Loetwiek" title="Code">💻</a></td>
      <td align="center" valign="top" width="14.28%"><a href="https://github.com/Fuochi"><img src="https://avatars.githubusercontent.com/u/4720478?v=4?s=100" width="100px;" alt="Fuochi"/><br /><sub><b>Fuochi</b></sub></a><br /><a href="https://github.com/sct/overseerr/commits?author=Fuochi" title="Documentation">📖</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/demrich"><img src="https://avatars.githubusercontent.com/u/30092389?v=4?s=100" width="100px;" alt="David Emrich"/><br /><sub><b>David Emrich</b></sub></a><br /><a href="https://github.com/sct/overseerr/commits?author=demrich" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://maxtrier.dk"><img src="https://avatars.githubusercontent.com/u/5898152?v=4?s=100" width="100px;" alt="Max T. Kristiansen"/><br /><sub><b>Max T. Kristiansen</b></sub></a><br /><a href="https://github.com/sct/overseerr/commits?author=maxnatamo" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://damsdev.me"><img src="https://avatars.githubusercontent.com/u/60252259?v=4?s=100" width="100px;" alt="Damien Fajole"/><br /><sub><b>Damien Fajole</b></sub></a><br /><a href="https://github.com/sct/overseerr/commits?author=DamsDev1" title="Code">💻</a></td>
+    </tr>
+    <tr>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/AhmedNSidd"><img src="https://avatars.githubusercontent.com/u/36286128?v=4?s=100" width="100px;" alt="Ahmed Siddiqui"/><br /><sub><b>Ahmed Siddiqui</b></sub></a><br /><a href="https://github.com/sct/overseerr/commits?author=AhmedNSidd" title="Code">💻</a></td>
    </tr>
  </tbody>
 </table>
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,3 @@
-version: '3'
 services:
  jellyseerr:
    build:
--- a/cypress/config/settings.cypress.json
+++ b/cypress/config/settings.cypress.json
@@ -75,6 +75,7 @@
        "types": 0,
        "options": {
          "webhookUrl": "",
+          "webhookRoleId": "",
          "enableMentions": true
        }
      },
--- a/docker-compose.postgres.yaml
+++ b/docker-compose.postgres.yaml
@@ -0,0 +1,38 @@
+---
+version: '3.8'
+services:
+  jellyseerr:
+    build:
+      context: .
+      dockerfile: Dockerfile.local
+    ports:
+      - '5055:5055'
+    environment:
+      DB_TYPE: 'postgres' # Which DB engine to use. The default is "sqlite". To use postgres, this needs to be set to "postgres"
+      DB_HOST: 'postgres' # The host (url) of the database
+      DB_PORT: '5432' # The port to connect to
+      DB_USER: 'jellyseerr' # Username used to connect to the database
+      DB_PASS: 'jellyseerr' # Password of the user used to connect to the database
+      DB_NAME: 'jellyseerr' # The name of the database to connect to
+      DB_LOG_QUERIES: 'false' # Whether to log the DB queries for debugging
+      DB_USE_SSL: 'false' # Whether to enable ssl for database connection
+    volumes:
+      - .:/app:rw,cached
+      - /app/node_modules
+      - /app/.next
+    depends_on:
+      - postgres
+    links:
+      - postgres
+  postgres:
+    image: postgres
+    environment:
+      POSTGRES_USER: jellyseerr
+      POSTGRES_PASSWORD: jellyseerr
+      POSTGRES_DB: jellyseerr
+    ports:
+      - '5432:5432'
+    volumes:
+      - postgres:/var/lib/postgresql/data
+volumes:
+  postgres:
--- a/docs/README.md
+++ b/docs/README.md
@@ -17,6 +17,7 @@ Welcome to the Jellyseerr Documentation.
 - **Mobile-friendly design**, for when you need to approve requests on the go.
 - Granular permission system.
 - Localization into other languages.
+- Support for PostgreSQL and SQLite databases.
 - More features to come!

 ## Motivation
--- a/docs/extending-jellyseerr/database-config.mdx
+++ b/docs/extending-jellyseerr/database-config.mdx
@@ -0,0 +1,56 @@
+---
+title: Configuring the Database (Advanced)
+description: Configure the database for Jellyseerr
+sidebar_position: 2
+---
+# Configuring the Database
+
+Jellyseerr supports SQLite and PostgreSQL. The database connection can be configured using the following environment variables:
+
+## SQLite Options
+
+```dotenv
+DB_TYPE="sqlite" # Which DB engine to use, either "sqlite" or "postgres". The default is "sqlite".
+CONFIG_DIRECTORY="config" # (optional) The path to the config directory where the db file is stored. The default is "config".
+DB_LOG_QUERIES="false" # (optional) Whether to log the DB queries for debugging. The default is "false".
+```
+
+## PostgreSQL Options
+
+```dotenv
+DB_TYPE="postgres" # Which DB engine to use, either "sqlite" or "postgres". The default is "sqlite". To use postgres, this needs to be set to "postgres"
+DB_HOST="localhost" # (optional) The host (url) of the database. The default is "localhost".
+DB_PORT="5432" # (optional) The port to connect to. The default is "5432".
+DB_USER= # (required) Username used to connect to the database
+DB_PASS= # (required) Password of the user used to connect to the database
+DB_NAME="jellyseerr" # (optional) The name of the database to connect to. The default is "jellyseerr".
+DB_LOG_QUERIES="false" # (optional) Whether to log the DB queries for debugging. The default is "false".
+```
+
+### SSL configuration
+The following options can be used to further configure ssl. Certificates can be provided as a string or a file path, with the string version taking precedence.
+
+```dotenv
+DB_USE_SSL="false" # (optional) Whether to enable ssl for database connection. This must be "true" to use the other ssl options. The default is "false".
+DB_SSL_REJECT_UNAUTHORIZED="true" # (optional) Whether to reject ssl connections with unverifiable certificates i.e. self-signed certificates without providing the below settings. The default is "true".
+DB_SSL_CA= # (optional) The CA certificate to verify the connection, provided as a string. The default is "".
+DB_SSL_CA_FILE= # (optional) The path to a CA certificate to verify the connection. The default is "".
+DB_SSL_KEY= # (optional) The private key for the connection in PEM format, provided as a string. The default is "".
+DB_SSL_KEY_FILE= # (optinal) Path to the private key for the connection in PEM format. The default is "".
+DB_SSL_CERT= # (optional) Certificate chain in pem format for the private key, provided as a string. The default is "".
+DB_SSL_CERT_FILE= # (optional) Path to certificate chain in pem format for the private key. The default is "".
+```
+
+### Migrating from SQLite to PostgreSQL
+
+1. Set up your PostgreSQL database and configure Jellyseerr to use it
+2. Run Jellyseerr to create the tables in the PostgreSQL database
+3. Stop Jellyseerr
+4. Run the following command to export the data from the SQLite database and import it into the PostgreSQL database:
+- Edit the postgres connection string to match your setup
+- WARNING: The most recent release of pgloader has an issue quoting the table columns. Use the version in the docker container to avoid this issue.
+- "I don't have or don't want to use docker" - You can build the working pgloader version [in this PR](https://github.com/dimitri/pgloader/pull/1531) from source and use the same options as below.
+```bash
+docker run --rm -v config/db.sqlite3:/db.sqlite3:ro -v pgloader/pgloader.load:/pgloader.load ghcr.io/ralgar/pgloader:pr-1531 pgloader --with "quote identifiers" --with "data only" /db.sqlite3 postgresql://{{DB_USER}}:{{DB_PASS}}@{{DB_HOST}}:{{DB_PORT}}/{{DB_NAME}}
+   ```
+5. Start Jellyseerr
--- a/docs/extending-jellyseerr/reverse-proxy.mdx
+++ b/docs/extending-jellyseerr/reverse-proxy.mdx
@@ -95,6 +95,8 @@ location ^~ /jellyseerr {
    sub_filter '/api/v1' '/$app/api/v1';
    sub_filter '/login/plex/loading' '/$app/login/plex/loading';
    sub_filter '/images/' '/$app/images/';
+    sub_filter '/imageproxy/' '/$app/imageproxy/';
+    sub_filter '/avatarproxy/' '/$app/avatarproxy/';
    sub_filter '/android-' '/$app/android-';
    sub_filter '/apple-' '/$app/apple-';
    sub_filter '/favicon' '/$app/favicon';
@@ -190,7 +192,7 @@ Caddy will automatically obtain and renew SSL certificates for your domain.

 ## Traefik (v2)

-Add the following labels to the Jellyseerr service in your `docker-compose.yml` file:
+Add the following labels to the Jellyseerr service in your `compose.yaml` file:

 ```yaml
 labels:
--- a/docs/getting-started/aur.mdx
+++ b/docs/getting-started/aur.mdx
@@ -6,6 +6,10 @@ sidebar_position: 4

 # AUR (Arch User Repository)

+:::note Disclaimer
+This AUR package is not maintained by us but by a third party. Please refer to the maintainer for any issues.
+:::
+
 :::info
 This method is not recommended for most users. It is intended for advanced users who are using Arch Linux or an Arch-based distribution.
 :::
--- a/docs/getting-started/buildfromsource.mdx
+++ b/docs/getting-started/buildfromsource.mdx
@@ -12,49 +12,12 @@ import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';

 ### Prerequisites
-<Tabs groupId="versions" queryString>
-  <TabItem value="latest" label="Latest">
-    - [Node.js 18.x](https://nodejs.org/en/download/)
-    - [Yarn 1.x](https://classic.yarnpkg.com/lang/en/docs/install)
-    - [Git](https://git-scm.com/downloads)
-  </TabItem>
-
-  <TabItem value="develop" label="Develop">
    - [Node.js 20.x](https://nodejs.org/en/download/)
    - [Pnpm 9.x](https://pnpm.io/installation)
    - [Git](https://git-scm.com/downloads)
-  </TabItem>
-</Tabs>
-

 ## Unix (Linux, macOS)
 ### Installation
-<Tabs groupId="versions" queryString>
-  <TabItem value="latest" label="latest">
-1. Assuming you want the working directory to be `/opt/jellyseerr`, create the directory and navigate to it:
-```bash
-sudo mkdir -p /opt/jellyseerr && cd /opt/jellyseerr
-```
-2. Clone the Jellyseerr repository and checkout the latest release:
-```bash
-git clone https://github.com/Fallenbagel/jellyseerr.git
-cd jellyseerr
-git checkout main
-```
-3. Install the dependencies:
-```bash
-CYPRESS_INSTALL_BINARY=0 yarn install --frozen-lockfile --network-timeout 1000000
-```
-4. Build the project:
-```bash
-yarn build
-```
-5. Start Jellyseerr:
-```bash
-yarn start
-```
-  </TabItem>
-  <TabItem value="develop" label="develop">
 1. Assuming you want the working directory to be `/opt/jellyseerr`, create the directory and navigate to it:
 ```bash
 sudo mkdir -p /opt/jellyseerr && cd /opt/jellyseerr
@@ -77,8 +40,6 @@ pnpm build
 ```bash
 pnpm start
 ```
-  </TabItem>
-</Tabs>

 :::info
 You can now access Jellyseerr by visiting `http://localhost:5055` in your web browser.
@@ -234,33 +195,6 @@ pm2 status jellyseerr

 ## Windows
 ### Installation
-<Tabs groupId="versions" queryString>
-  <TabItem value="latest" label="latest">
-1. Assuming you want the working directory to be `C:\jellyseerr`, create the directory and navigate to it:
-```powershell
-mkdir C:\jellyseerr
-cd C:\jellyseerr
-```
-2. Clone the Jellyseerr repository and checkout the latest release:
-```powershell
-git clone https://github.com/Fallenbagel/jellyseerr.git .
-git checkout main
-```
-3. Install the dependencies:
-```powershell
-npm install -g win-node-env
-set CYPRESS_INSTALL_BINARY=0 && yarn install --frozen-lockfile --network-timeout 1000000
-```
-4. Build the project:
-```powershell
-yarn build
-```
-5. Start Jellyseerr:
-```powershell
-yarn start
-```
-  </TabItem>
-  <TabItem value="develop" label="develop">
 1. Assuming you want the working directory to be `C:\jellyseerr`, create the directory and navigate to it:
 ```powershell
 mkdir C:\jellyseerr
@@ -284,8 +218,6 @@ pnpm build
 ```powershell
 pnpm start
 ```
-  </TabItem>
-</Tabs>

 :::tip
 You can add the environment variables to a `.env` file in the Jellyseerr directory.
@@ -313,6 +245,7 @@ node dist/index.js
 - Set the trigger to "When the computer starts"
 - Set the action to "Start a program"
 - Set the program/script to the path of the `start-jellyseerr.bat` file
+- Set the "Start in" to the jellyseerr directory.
 - Click "Finish"

 Now, Jellyseerr will start when the computer boots up in the background.
--- a/docs/getting-started/docker.mdx
+++ b/docs/getting-started/docker.mdx
@@ -71,7 +71,7 @@ You could also use [diun](https://github.com/crazy-max/diun) to receive notifica
 For details on how to use Docker Compose, please [review the official Compose documentation](https://docs.docker.com/compose/reference/).

 #### Installation:
-Define the `jellyseerr` service in your `docker-compose.yml` as follows:
+Define the `jellyseerr` service in your `compose.yaml` as follows:
 ```yaml
 ---
 services:
@@ -94,17 +94,17 @@ If you are using emby, make sure to set the `JELLYFIN_TYPE` environment variable

 Then, start all services defined in the Compose file:
 ```bash
-docker-compose up -d
+docker compose up -d
 ```

 #### Updating:
 Pull the latest image:
 ```bash
-docker-compose pull jellyseerr
+docker compose pull jellyseerr
 ```
 Then, restart all services defined in the Compose file:
 ```bash
-docker-compose up -d
+docker compose up -d
 ```
 :::tip
 You may alternatively use a third-party mechanism like [dockge](https://github.com/louislam/dockge) to manage your docker compose files.
--- a/docs/using-jellyseerr/notifications/discord.md
+++ b/docs/using-jellyseerr/notifications/discord.md
@@ -18,6 +18,10 @@ Users can optionally opt-in to being mentioned in Discord notifications by confi

 You can find the webhook URL in the Discord application, at **Server Settings &rarr; Integrations &rarr; Webhooks**.

+### Notification Role ID (optional)
+
+If a role ID is specified, it will be included in the webhook message. See [Discord role ID](https://support.discord.com/hc/en-us/articles/206346498-Where-can-I-find-my-User-Server-Message-ID).
+
 ### Bot Username (optional)

 If you would like to override the name you configured for your bot in Discord, you may set this value to whatever you like!
--- a/next.config.js
+++ b/next.config.js
@@ -10,7 +10,7 @@ module.exports = {
    remotePatterns: [
      { hostname: 'gravatar.com' },
      { hostname: 'image.tmdb.org' },
-      { hostname: '*', protocol: 'https' },
+      { hostname: 'artworks.thetvdb.com' },
    ],
  },
  webpack(config) {
--- a/overseerr-api.yml
+++ b/overseerr-api.yml
@@ -38,6 +38,8 @@ tags:
    description: Endpoints related to getting service (Radarr/Sonarr) details.
  - name: watchlist
    description: Collection of media to watch later
+  - name: blacklist
+    description: Blacklisted media from discovery page.
 servers:
  - url: '{server}/api/v1'
    variables:
@@ -46,6 +48,19 @@ servers:

 components:
  schemas:
+    Blacklist:
+      type: object
+      properties:
+        tmdbId:
+          type: number
+          example: 1
+        title:
+          type: string
+        media:
+          $ref: '#/components/schemas/MediaInfo'
+        userId:
+          type: number
+          example: 1
    Watchlist:
      type: object
      properties:
@@ -1258,6 +1273,8 @@ components:
              type: string
            webhookUrl:
              type: string
+            webhookRoleId:
+              type: string
            enableMentions:
              type: boolean
    SlackSettings:
@@ -1973,6 +1990,9 @@ paths:
                  appDataPath:
                    type: string
                    example: /app/config
+                  appDataPermissions:
+                    type: boolean
+                    example: true
  /settings/main:
    get:
      summary: Get main settings
@@ -2775,6 +2795,15 @@ paths:
                          imageCount:
                            type: number
                            example: 123
+                      avatar:
+                        type: object
+                        properties:
+                          size:
+                            type: number
+                            example: 123456
+                          imageCount:
+                            type: number
+                            example: 123
                  apiCaches:
                    type: array
                    items:
@@ -4042,6 +4071,109 @@ paths:
                      restricted:
                        type: boolean
                        example: false
+  /blacklist:
+    get:
+      summary: Returns blacklisted items
+      description: Returns list of all blacklisted media
+      tags:
+        - settings
+      parameters:
+        - in: query
+          name: take
+          schema:
+            type: number
+            nullable: true
+            example: 25
+        - in: query
+          name: skip
+          schema:
+            type: number
+            nullable: true
+            example: 0
+        - in: query
+          name: search
+          schema:
+            type: string
+            nullable: true
+            example: dune
+      responses:
+        '200':
+          description: Blacklisted items returned
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  pageInfo:
+                    $ref: '#/components/schemas/PageInfo'
+                  results:
+                    type: array
+                    items:
+                      type: object
+                      properties:
+                        user:
+                          $ref: '#/components/schemas/User'
+                        createdAt:
+                          type: string
+                          example: 2024-04-21T01:55:44.000Z
+                        id:
+                          type: number
+                          example: 1
+                        mediaType:
+                          type: string
+                          example: movie
+                        title:
+                          type: string
+                          example: Dune
+                        tmdbId:
+                          type: number
+                          example: 438631
+    post:
+      summary: Add media to blacklist
+      tags:
+        - blacklist
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Blacklist'
+      responses:
+        '201':
+          description: Item succesfully blacklisted
+        '412':
+          description: Item has already been blacklisted
+  /blacklist/{tmdbId}:
+    get:
+      summary: Get media from blacklist
+      tags:
+        - blacklist
+      parameters:
+        - in: path
+          name: tmdbId
+          description: tmdbId ID
+          required: true
+          example: '1'
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Blacklist details in JSON
+    delete:
+      summary: Remove media from blacklist
+      tags:
+        - blacklist
+      parameters:
+        - in: path
+          name: tmdbId
+          description: tmdbId ID
+          required: true
+          example: '1'
+          schema:
+            type: string
+      responses:
+        '204':
+          description: Succesfully removed media item
  /watchlist:
    post:
      summary: Add media to watchlist
@@ -5354,7 +5486,7 @@ paths:
                    - type: array
                      items:
                        type: number
-                        minimum: 1
+                        minimum: 0
                    - type: string
                      enum: [all]
                is4k:
@@ -5460,7 +5592,7 @@ paths:
                  type: array
                  items:
                    type: number
-                    minimum: 1
+                    minimum: 0
                is4k:
                  type: boolean
                  example: false
--- a/package.json
+++ b/package.json
@@ -62,12 +62,14 @@
    "formik": "^2.4.6",
    "gravatar-url": "3.1.0",
    "lodash": "4.17.21",
+    "mime": "3",
    "next": "^14.2.4",
    "node-cache": "5.1.2",
    "node-gyp": "9.3.1",
    "node-schedule": "2.1.1",
    "nodemailer": "6.9.1",
    "openpgp": "5.7.0",
+    "pg": "8.11.0",
    "plex-api": "5.3.2",
    "pug": "3.0.2",
    "react": "^18.3.1",
@@ -92,7 +94,8 @@
    "sqlite3": "5.1.4",
    "swagger-ui-express": "4.6.2",
    "swr": "2.2.5",
-    "typeorm": "0.3.12",
+    "typeorm": "0.3.11",
+    "undici": "^6.20.1",
    "web-push": "3.5.0",
    "winston": "3.8.2",
    "winston-daily-rotate-file": "4.7.1",
@@ -119,6 +122,7 @@
    "@types/express": "4.17.17",
    "@types/express-session": "1.17.6",
    "@types/lodash": "4.14.191",
+    "@types/mime": "3",
    "@types/node": "20.14.8",
    "@types/node-schedule": "2.1.0",
    "@types/nodemailer": "6.4.7",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -49,7 +49,7 @@ importers:
        version: 2.11.0
      connect-typeorm:
        specifier: 1.1.4
-        version: 1.1.4(typeorm@0.3.12(sqlite3@5.1.4(encoding@0.1.13))(ts-node@10.9.1(@swc/core@1.6.5(@swc/helpers@0.5.11))(@types/node@20.14.8)(typescript@4.9.5)))
+        version: 1.1.4(typeorm@0.3.11(pg@8.11.0)(sqlite3@5.1.4(encoding@0.1.13))(ts-node@10.9.1(@swc/core@1.6.5(@swc/helpers@0.5.11))(@types/node@20.14.8)(typescript@4.9.5)))
      cookie-parser:
        specifier: 1.4.6
        version: 1.4.6
@@ -98,6 +98,9 @@ importers:
      lodash:
        specifier: 4.17.21
        version: 4.17.21
+      mime:
+        specifier: '3'
+        version: 3.0.0
      next:
        specifier: ^14.2.4
        version: 14.2.4(@babel/core@7.24.7)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
@@ -116,6 +119,9 @@ importers:
      openpgp:
        specifier: 5.7.0
        version: 5.7.0
+      pg:
+        specifier: 8.11.0
+        version: 8.11.0
      plex-api:
        specifier: 5.3.2
        version: 5.3.2
@@ -189,8 +195,11 @@ importers:
        specifier: 2.2.5
        version: 2.2.5(react@18.3.1)
      typeorm:
-        specifier: 0.3.12
-        version: 0.3.12(sqlite3@5.1.4(encoding@0.1.13))(ts-node@10.9.1(@swc/core@1.6.5(@swc/helpers@0.5.11))(@types/node@20.14.8)(typescript@4.9.5))
+        specifier: 0.3.11
+        version: 0.3.11(pg@8.11.0)(sqlite3@5.1.4(encoding@0.1.13))(ts-node@10.9.1(@swc/core@1.6.5(@swc/helpers@0.5.11))(@types/node@20.14.8)(typescript@4.9.5))
+      undici:
+        specifier: ^6.20.1
+        version: 6.20.1
      web-push:
        specifier: 3.5.0
        version: 3.5.0
@@ -264,6 +273,9 @@ importers:
      '@types/lodash':
        specifier: 4.14.191
        version: 4.14.191
+      '@types/mime':
+        specifier: '3'
+        version: 3.0.4
      '@types/node':
        specifier: 20.14.8
        version: 20.14.8
@@ -2848,6 +2860,9 @@ packages:
  '@types/mime@1.3.5':
    resolution: {integrity: sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w==}

+  '@types/mime@3.0.4':
+    resolution: {integrity: sha512-iJt33IQnVRkqeqC7PzBHPTC6fDlRNRW8vjrgqtScAhrmMwe8c4Eo7+fUGTa+XdWrpEgpyKWMYmi2dIwMAYRzPw==}
+
  '@types/minimatch@3.0.5':
    resolution: {integrity: sha512-Klz949h02Gz2uZCMGwDUSDS1YBlTdDDgbWHi+81l29tQALUtvz4rAYi5uoVhE5Lagoq6DeqAUlbrHvW/mXDgdQ==}

@@ -3518,6 +3533,10 @@ packages:
  buffer-from@1.1.2:
    resolution: {integrity: sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==}

+  buffer-writer@2.0.0:
+    resolution: {integrity: sha512-a7ZpuTZU1TRtnwyCNW3I5dc0wWNC3VR9S++Ewyk2HHZdrO3CQJqSpd+95Us590V6AL7JqUAH2IwZ/398PmNFgw==}
+    engines: {node: '>=4'}
+
  buffer@5.7.1:
    resolution: {integrity: sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==}

@@ -4255,10 +4274,6 @@ packages:
    resolution: {integrity: sha512-dDCnyH2WnnKusqvZZ6+jA1O51Ibt8ZMRNkDZdyAyK4YfbDwa/cEmuztzG5pk6hqlp9aSBPYcjOlktquahGwGeA==}
    engines: {node: '>=0.11'}

-  date-fns@2.30.0:
-    resolution: {integrity: sha512-fnULvOpxnC5/Vg3NCiWelDsLiUc9bRwAPs/+LfTLNvetFCtCTN+yQz15C/fs4AwX1R9K5GLtLfn8QW+dWisaAw==}
-    engines: {node: '>=0.11'}
-
  dateformat@3.0.3:
    resolution: {integrity: sha512-jyCETtSl3VMZMWeRo7iY1FL19ges1t55hMo5yaam4Jrsm5EPL89UQkoQRyiI+Yf4k8r2ZpdngkV8hr1lIdjb3Q==}

@@ -5380,8 +5395,8 @@ packages:
    resolution: {integrity: sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==}
    engines: {node: '>= 6'}

-  https-proxy-agent@7.0.4:
-    resolution: {integrity: sha512-wlwpilI7YdjSkWaQ/7omYBMTliDcmCN8OLihO6I9B86g06lMyAoqgoDpV0XqoaPOKj+0DIdAvnsWfyAAhmimcg==}
+  https-proxy-agent@7.0.5:
+    resolution: {integrity: sha512-1e4Wqeblerz+tMKPIq2EMGiiWW1dIjZOksyHWSUm1rmuvw/how9hBHZ38lAGj5ID4Ik6EdkOw7NmWPy6LAwalw==}
    engines: {node: '>= 14'}

  human-signals@1.1.1:
@@ -6545,11 +6560,6 @@ packages:
    engines: {node: '>=10'}
    hasBin: true

-  mkdirp@2.1.6:
-    resolution: {integrity: sha512-+hEnITedc8LAtIP9u3HJDFIdcLV2vXP33sqLLIzkv1Db1zO/1OxbvYf0Y1OC/S/Qo5dxHXepofhmxL02PsKe+A==}
-    engines: {node: '>=10'}
-    hasBin: true
-
  modify-values@1.0.1:
    resolution: {integrity: sha512-xV2bxeN6F7oYjZWTe/YPAy6MN2M+sL4u/Rlm2AHCIVGfo2p1yGmBHQ6vHehl4bRTZBdHu3TSkWdYgkwpYzAGSw==}
    engines: {node: '>=0.10.0'}
@@ -7047,6 +7057,9 @@ packages:
    resolution: {integrity: sha512-wpgERjNkLrBiFmkMEjuZJEWKKDrNfHCKA1OhyN1wg1FrLkULbviEy6py1AyJUgZ72YWFbZ38FIpnqvVqAlDUwA==}
    engines: {node: '>=8'}

+  packet-reader@1.0.0:
+    resolution: {integrity: sha512-HAKu/fG3HpHFO0AA8WE8q2g+gBJaZ9MG7fcKk+IJPLTGAD6Psw4443l+9DGRbOIh3/aXr7Phy0TjilYivJo5XQ==}
+
  parent-module@1.0.1:
    resolution: {integrity: sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==}
    engines: {node: '>=6'}
@@ -7138,6 +7151,40 @@ packages:
  performance-now@2.1.0:
    resolution: {integrity: sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow==}

+  pg-cloudflare@1.1.1:
+    resolution: {integrity: sha512-xWPagP/4B6BgFO+EKz3JONXv3YDgvkbVrGw2mTo3D6tVDQRh1e7cqVGvyR3BE+eQgAvx1XhW/iEASj4/jCWl3Q==}
+
+  pg-connection-string@2.7.0:
+    resolution: {integrity: sha512-PI2W9mv53rXJQEOb8xNR8lH7Hr+EKa6oJa38zsK0S/ky2er16ios1wLKhZyxzD7jUReiWokc9WK5nxSnC7W1TA==}
+
+  pg-int8@1.0.1:
+    resolution: {integrity: sha512-WCtabS6t3c8SkpDBUlb1kjOs7l66xsGdKpIPZsg4wR+B3+u9UAum2odSsF9tnvxg80h4ZxLWMy4pRjOsFIqQpw==}
+    engines: {node: '>=4.0.0'}
+
+  pg-pool@3.7.0:
+    resolution: {integrity: sha512-ZOBQForurqh4zZWjrgSwwAtzJ7QiRX0ovFkZr2klsen3Nm0aoh33Ls0fzfv3imeH/nw/O27cjdz5kzYJfeGp/g==}
+    peerDependencies:
+      pg: '>=8.0'
+
+  pg-protocol@1.7.0:
+    resolution: {integrity: sha512-hTK/mE36i8fDDhgDFjy6xNOG+LCorxLG3WO17tku+ij6sVHXh1jQUJ8hYAnRhNla4QVD2H8er/FOjc/+EgC6yQ==}
+
+  pg-types@2.2.0:
+    resolution: {integrity: sha512-qTAAlrEsl8s4OiEQY69wDvcMIdQN6wdz5ojQiOy6YRMuynxenON0O5oCpJI6lshc6scgAY8qvJ2On/p+CXY0GA==}
+    engines: {node: '>=4'}
+
+  pg@8.11.0:
+    resolution: {integrity: sha512-meLUVPn2TWgJyLmy7el3fQQVwft4gU5NGyvV0XbD41iU9Jbg8lCH4zexhIkihDzVHJStlt6r088G6/fWeNjhXA==}
+    engines: {node: '>= 8.0.0'}
+    peerDependencies:
+      pg-native: '>=3.0.1'
+    peerDependenciesMeta:
+      pg-native:
+        optional: true
+
+  pgpass@1.0.5:
+    resolution: {integrity: sha512-FdW9r/jQZhSeohs1Z3sI1yxFQNFvMcnmfuj4WBMUTxOrAyLMaTcE1aAMBiTlbMNaXvBCQuVi0R7hd8udDSP7ug==}
+
  picocolors@1.0.1:
    resolution: {integrity: sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew==}

@@ -7243,6 +7290,22 @@ packages:
    resolution: {integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==}
    engines: {node: ^10 || ^12 || >=14}

+  postgres-array@2.0.0:
+    resolution: {integrity: sha512-VpZrUqU5A69eQyW2c5CA1jtLecCsN2U/bD6VilrFDWq5+5UIEVO7nazS3TEcHf1zuPYO/sqGvUvW62g86RXZuA==}
+    engines: {node: '>=4'}
+
+  postgres-bytea@1.0.0:
+    resolution: {integrity: sha512-xy3pmLuQqRBZBXDULy7KbaitYqLcmxigw14Q5sj8QBVLqEwXfeybIKVWiqAXTlcvdvb0+xkOtDbfQMOf4lST1w==}
+    engines: {node: '>=0.10.0'}
+
+  postgres-date@1.0.7:
+    resolution: {integrity: sha512-suDmjLVQg78nMK2UZ454hAG+OAW+HQPZ6n++TNDUX+L0+uUlLywnoxJKDou51Zm+zTCjrCl0Nq6J9C5hP9vK/Q==}
+    engines: {node: '>=0.10.0'}
+
+  postgres-interval@1.2.0:
+    resolution: {integrity: sha512-9ZhXKM/rw350N1ovuWHbGxnGh/SNJ4cnxHiM0rxE4VN41wsg8P8zWn9hv/buK00RP4WvlOyr/RBDiptyxVbkZQ==}
+    engines: {node: '>=0.10.0'}
+
  prelude-ls@1.2.1:
    resolution: {integrity: sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==}
    engines: {node: '>= 0.8.0'}
@@ -7721,9 +7784,6 @@ packages:
  reflect-metadata@0.1.13:
    resolution: {integrity: sha512-Ts1Y/anZELhSsjMcU605fU9RE4Oi3p5ORujwbIKXfWa+0Zxs510Qrmrce5/Jowq3cHSZSJqBjypxmHarc+vEWg==}

-  reflect-metadata@0.1.14:
-    resolution: {integrity: sha512-ZhYeb6nRaXCfhnndflDK8qI6ZQ/YcWZCISRAWICW9XYqMUwjZM9Z0DveWX/ABN01oxSHwVxKQmxeYZSsm0jh5A==}
-
  reflect.getprototypeof@1.0.6:
    resolution: {integrity: sha512-fmfw4XgoDke3kdI6h4xcUz1dG8uaiv5q9gcEwLS4Pnth2kxT+GZ7YehS1JTMGBQmtV7Y4GFGbs2re2NqhdozUg==}
    engines: {node: '>= 0.4'}
@@ -8156,6 +8216,10 @@ packages:
  split2@3.2.2:
    resolution: {integrity: sha512-9NThjpgZnifTkJpzTZ7Eue85S49QwpNhZTq6GRJwObb6jnLFNGB7Qm73V5HewTROPyxD0C29xqmaI68bQtV+hg==}

+  split2@4.2.0:
+    resolution: {integrity: sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==}
+    engines: {node: '>= 10.x'}
+
  split@1.0.1:
    resolution: {integrity: sha512-mTyOoPbrivtXnwnIxZRFYRrPNtEFKlpB2fvjSnCQUiAA6qAZzqwna5envK4uk6OIeP17CsdF3rSBGYVBsU0Tkg==}

@@ -8661,8 +8725,8 @@ packages:
  typedarray@0.0.6:
    resolution: {integrity: sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==}

-  typeorm@0.3.12:
-    resolution: {integrity: sha512-sYSxBmCf1nJLLTcYtwqZ+lQIRtLPyUoO93rHTOKk9vJCyT4UfRtU7oRsJvfvKP3nnZTD1hzz2SEy2zwPEN6OyA==}
+  typeorm@0.3.11:
+    resolution: {integrity: sha512-pzdOyWbVuz/z8Ww6gqvBW4nylsM0KLdUCDExr2gR20/x1khGSVxQkjNV/3YqliG90jrWzrknYbYscpk8yxFJVg==}
    engines: {node: '>= 12.9.0'}
    hasBin: true
    peerDependencies:
@@ -8673,7 +8737,7 @@ packages:
      ioredis: ^5.0.4
      mongodb: ^3.6.0
      mssql: ^7.3.0
-      mysql2: ^2.2.5 || ^3.0.1
+      mysql2: ^2.2.5
      oracledb: ^5.1.0
      pg: ^8.5.1
      pg-native: ^3.0.0
@@ -8759,6 +8823,10 @@ packages:
  undici-types@5.26.5:
    resolution: {integrity: sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==}

+  undici@6.20.1:
+    resolution: {integrity: sha512-AjQF1QsmqfJys+LXfGTNum+qw4S88CojRInG/6t31W/1fk6G59s92bnAvGz5Cmur+kQv2SURXEvvudLmbrE8QA==}
+    engines: {node: '>=18.17'}
+
  unicode-canonical-property-names-ecmascript@2.0.0:
    resolution: {integrity: sha512-yY5PpDlfVIU5+y/BSCxAJRBIS1Zc2dDG3Ujq+sR0U+JjUevW2JhocOF+soROYDSaAezOzOKuyyixhD6mBknSmQ==}
    engines: {node: '>=4'}
@@ -10836,7 +10904,7 @@ snapshots:
      nopt: 5.0.0
      npmlog: 5.0.1
      rimraf: 3.0.2
-      semver: 7.6.2
+      semver: 7.3.8
      tar: 6.2.1
    transitivePeerDependencies:
      - encoding
@@ -10911,13 +10979,13 @@ snapshots:
  '@npmcli/fs@1.1.1':
    dependencies:
      '@gar/promisify': 1.1.3
-      semver: 7.6.2
+      semver: 7.3.8
    optional: true

  '@npmcli/fs@2.1.2':
    dependencies:
      '@gar/promisify': 1.1.3
-      semver: 7.6.2
+      semver: 7.3.8

  '@npmcli/move-file@1.1.2':
    dependencies:
@@ -12301,7 +12369,7 @@ snapshots:
      fs-extra: 11.2.0
      globby: 11.1.0
      http-proxy-agent: 7.0.2
-      https-proxy-agent: 7.0.4
+      https-proxy-agent: 7.0.5
      issue-parser: 6.0.0
      lodash: 4.17.21
      mime: 3.0.0
@@ -12326,7 +12394,7 @@ snapshots:
      read-pkg: 5.2.0
      registry-auth-token: 5.0.2
      semantic-release: 19.0.5(encoding@0.1.13)
-      semver: 7.6.2
+      semver: 7.3.8
      tempy: 1.0.1

  '@semantic-release/release-notes-generator@10.0.3(semantic-release@19.0.5(encoding@0.1.13))':
@@ -12670,6 +12738,8 @@ snapshots:

  '@types/mime@1.3.5': {}

+  '@types/mime@3.0.4': {}
+
  '@types/minimatch@3.0.5': {}

  '@types/minimist@1.2.5': {}
@@ -12887,7 +12957,7 @@ snapshots:
      debug: 4.3.5(supports-color@8.1.1)
      globby: 11.1.0
      is-glob: 4.0.3
-      semver: 7.6.2
+      semver: 7.3.8
      tsutils: 3.21.0(typescript@4.9.5)
    optionalDependencies:
      typescript: 4.9.5
@@ -13423,6 +13493,8 @@ snapshots:

  buffer-from@1.1.2: {}

+  buffer-writer@2.0.0: {}
+
  buffer@5.7.1:
    dependencies:
      base64-js: 1.5.1
@@ -13813,13 +13885,13 @@ snapshots:
      ini: 1.3.8
      proto-list: 1.2.4

-  connect-typeorm@1.1.4(typeorm@0.3.12(sqlite3@5.1.4(encoding@0.1.13))(ts-node@10.9.1(@swc/core@1.6.5(@swc/helpers@0.5.11))(@types/node@20.14.8)(typescript@4.9.5))):
+  connect-typeorm@1.1.4(typeorm@0.3.11(pg@8.11.0)(sqlite3@5.1.4(encoding@0.1.13))(ts-node@10.9.1(@swc/core@1.6.5(@swc/helpers@0.5.11))(@types/node@20.14.8)(typescript@4.9.5))):
    dependencies:
      '@types/debug': 0.0.31
      '@types/express-session': 1.17.6
      debug: 4.3.5(supports-color@8.1.1)
      express-session: 1.18.0
-      typeorm: 0.3.12(sqlite3@5.1.4(encoding@0.1.13))(ts-node@10.9.1(@swc/core@1.6.5(@swc/helpers@0.5.11))(@types/node@20.14.8)(typescript@4.9.5))
+      typeorm: 0.3.11(pg@8.11.0)(sqlite3@5.1.4(encoding@0.1.13))(ts-node@10.9.1(@swc/core@1.6.5(@swc/helpers@0.5.11))(@types/node@20.14.8)(typescript@4.9.5))
    transitivePeerDependencies:
      - supports-color

@@ -14170,10 +14242,6 @@ snapshots:

  date-fns@2.29.3: {}

-  date-fns@2.30.0:
-    dependencies:
-      '@babel/runtime': 7.24.7
-
  dateformat@3.0.3: {}

  dayjs@1.11.11: {}
@@ -15728,7 +15796,7 @@ snapshots:
    transitivePeerDependencies:
      - supports-color

-  https-proxy-agent@7.0.4:
+  https-proxy-agent@7.0.5:
    dependencies:
      agent-base: 7.1.1
      debug: 4.3.5(supports-color@8.1.1)
@@ -17138,8 +17206,6 @@ snapshots:

  mkdirp@1.0.4: {}

-  mkdirp@2.1.6: {}
-
  modify-values@1.0.1: {}

  moment@2.30.1: {}
@@ -17269,7 +17335,7 @@ snapshots:
      nopt: 5.0.0
      npmlog: 6.0.2
      rimraf: 3.0.2
-      semver: 7.6.2
+      semver: 7.3.8
      tar: 6.2.1
      which: 2.0.2
    transitivePeerDependencies:
@@ -17348,7 +17414,7 @@ snapshots:
    dependencies:
      hosted-git-info: 4.1.0
      is-core-module: 2.14.0
-      semver: 7.6.2
+      semver: 7.3.8
      validate-npm-package-license: 3.0.4

  normalize-path@3.0.0: {}
@@ -17578,6 +17644,8 @@ snapshots:
    dependencies:
      p-timeout: 3.2.0

+  packet-reader@1.0.0: {}
+
  parent-module@1.0.1:
    dependencies:
      callsites: 3.1.0
@@ -17656,6 +17724,43 @@ snapshots:

  performance-now@2.1.0: {}

+  pg-cloudflare@1.1.1:
+    optional: true
+
+  pg-connection-string@2.7.0: {}
+
+  pg-int8@1.0.1: {}
+
+  pg-pool@3.7.0(pg@8.11.0):
+    dependencies:
+      pg: 8.11.0
+
+  pg-protocol@1.7.0: {}
+
+  pg-types@2.2.0:
+    dependencies:
+      pg-int8: 1.0.1
+      postgres-array: 2.0.0
+      postgres-bytea: 1.0.0
+      postgres-date: 1.0.7
+      postgres-interval: 1.2.0
+
+  pg@8.11.0:
+    dependencies:
+      buffer-writer: 2.0.0
+      packet-reader: 1.0.0
+      pg-connection-string: 2.7.0
+      pg-pool: 3.7.0(pg@8.11.0)
+      pg-protocol: 1.7.0
+      pg-types: 2.2.0
+      pgpass: 1.0.5
+    optionalDependencies:
+      pg-cloudflare: 1.1.1
+
+  pgpass@1.0.5:
+    dependencies:
+      split2: 4.2.0
+
  picocolors@1.0.1: {}

  picomatch@2.3.1: {}
@@ -17753,6 +17858,16 @@ snapshots:
      picocolors: 1.0.1
      source-map-js: 1.2.0

+  postgres-array@2.0.0: {}
+
+  postgres-bytea@1.0.0: {}
+
+  postgres-date@1.0.7: {}
+
+  postgres-interval@1.2.0:
+    dependencies:
+      xtend: 4.0.2
+
  prelude-ls@1.2.1: {}

  prettier-linter-helpers@1.0.0:
@@ -18361,8 +18476,6 @@ snapshots:

  reflect-metadata@0.1.13: {}

-  reflect-metadata@0.1.14: {}
-
  reflect.getprototypeof@1.0.6:
    dependencies:
      call-bind: 1.0.7
@@ -18884,6 +18997,8 @@ snapshots:
    dependencies:
      readable-stream: 3.6.2

+  split2@4.2.0: {}
+
  split@1.0.1:
    dependencies:
      through: 2.3.8
@@ -19420,26 +19535,27 @@ snapshots:

  typedarray@0.0.6: {}

-  typeorm@0.3.12(sqlite3@5.1.4(encoding@0.1.13))(ts-node@10.9.1(@swc/core@1.6.5(@swc/helpers@0.5.11))(@types/node@20.14.8)(typescript@4.9.5)):
+  typeorm@0.3.11(pg@8.11.0)(sqlite3@5.1.4(encoding@0.1.13))(ts-node@10.9.1(@swc/core@1.6.5(@swc/helpers@0.5.11))(@types/node@20.14.8)(typescript@4.9.5)):
    dependencies:
      '@sqltools/formatter': 1.2.5
      app-root-path: 3.1.0
      buffer: 6.0.3
      chalk: 4.1.2
      cli-highlight: 2.1.11
-      date-fns: 2.30.0
+      date-fns: 2.29.3
      debug: 4.3.5(supports-color@8.1.1)
      dotenv: 16.4.5
-      glob: 8.1.0
+      glob: 7.2.3
      js-yaml: 4.1.0
-      mkdirp: 2.1.6
-      reflect-metadata: 0.1.14
+      mkdirp: 1.0.4
+      reflect-metadata: 0.1.13
      sha.js: 2.4.11
      tslib: 2.6.3
-      uuid: 9.0.1
+      uuid: 8.3.2
      xml2js: 0.4.23
      yargs: 17.7.2
    optionalDependencies:
+      pg: 8.11.0
      sqlite3: 5.1.4(encoding@0.1.13)
      ts-node: 10.9.1(@swc/core@1.6.5(@swc/helpers@0.5.11))(@types/node@20.14.8)(typescript@4.9.5)
    transitivePeerDependencies:
@@ -19475,6 +19591,8 @@ snapshots:

  undici-types@5.26.5: {}

+  undici@6.20.1: {}
+
  unicode-canonical-property-names-ecmascript@2.0.0: {}

  unicode-emoji-utils@1.2.0:
--- a/server/api/externalapi.ts
+++ b/server/api/externalapi.ts
@@ -32,13 +32,27 @@ class ExternalAPI {
      this.fetch = fetch;
    }

-    this.baseUrl = baseUrl;
-    this.params = params;
+    const url = new URL(baseUrl);
+
    this.defaultHeaders = {
      'Content-Type': 'application/json',
      Accept: 'application/json',
+      ...((url.username || url.password) && {
+        Authorization: `Basic ${Buffer.from(
+          `${url.username}:${url.password}`
+        ).toString('base64')}`,
+      }),
      ...options.headers,
    };
+
+    if (url.username || url.password) {
+      url.username = '';
+      url.password = '';
+      baseUrl = url.toString();
+    }
+
+    this.baseUrl = baseUrl;
+    this.params = params;
    this.cache = options.nodeCache;
  }

@@ -76,7 +90,7 @@ class ExternalAPI {
    }
    const data = await this.getDataFromResponse(response);

-    if (this.cache) {
+    if (this.cache && ttl !== 0) {
      this.cache.set(cacheKey, data, ttl ?? DEFAULT_TTL);
    }

@@ -120,7 +134,7 @@ class ExternalAPI {
    }
    const resData = await this.getDataFromResponse(response);

-    if (this.cache) {
+    if (this.cache && ttl !== 0) {
      this.cache.set(cacheKey, resData, ttl ?? DEFAULT_TTL);
    }

@@ -164,7 +178,7 @@ class ExternalAPI {
    }
    const resData = await this.getDataFromResponse(response);

-    if (this.cache) {
+    if (this.cache && ttl !== 0) {
      this.cache.set(cacheKey, resData, ttl ?? DEFAULT_TTL);
    }

--- a/server/api/jellyfin.ts
+++ b/server/api/jellyfin.ts
@@ -138,39 +138,38 @@ class JellyfinAPI extends ExternalAPI {
    try {
      return await authenticate(true);
    } catch (e) {
-      logger.debug(`Failed to authenticate with headers: ${e.message}`, {
+      logger.debug('Failed to authenticate with headers', {
        label: 'Jellyfin API',
+        error: e.cause.message ?? e.cause.statusText,
        ip: ClientIP,
      });
+
+      if (!e.cause.status) {
+        throw new ApiError(404, ApiErrorCode.InvalidUrl);
+      }
+
+      if (e.cause.status === 401) {
+        throw new ApiError(e.cause.status, ApiErrorCode.InvalidCredentials);
+      }
    }

    try {
      return await authenticate(false);
    } catch (e) {
-      const status = e.cause?.status;
-
-      const networkErrorCodes = new Set([
-        'ECONNREFUSED',
-        'EHOSTUNREACH',
-        'ENOTFOUND',
-        'ETIMEDOUT',
-        'ECONNRESET',
-        'EADDRINUSE',
-        'ENETDOWN',
-        'ENETUNREACH',
-        'EPIPE',
-        'ECONNABORTED',
-        'EPROTO',
-        'EHOSTDOWN',
-        'EAI_AGAIN',
-        'ERR_INVALID_URL',
-      ]);
-
-      if (networkErrorCodes.has(e.code) || status === 404) {
-        throw new ApiError(status, ApiErrorCode.InvalidUrl);
+      if (e.cause.status === 401) {
+        throw new ApiError(e.cause.status, ApiErrorCode.InvalidCredentials);
      }

-      throw new ApiError(status, ApiErrorCode.InvalidCredentials);
+      logger.error(
+        'Something went wrong while authenticating with the Jellyfin server',
+        {
+          label: 'Jellyfin API',
+          error: e.cause.message ?? e.cause.statusText,
+          ip: ClientIP,
+        }
+      );
+
+      throw new ApiError(e.cause.status, ApiErrorCode.Unknown);
    }
  }

@@ -198,8 +197,8 @@ class JellyfinAPI extends ExternalAPI {
      return serverResponse.ServerName;
    } catch (e) {
      logger.error(
-        `Something went wrong while getting the server name from the Jellyfin server: ${e.message}`,
-        { label: 'Jellyfin API' }
+        'Something went wrong while getting the server name from the Jellyfin server',
+        { label: 'Jellyfin API', error: e.cause.message ?? e.cause.statusText }
      );

      throw new ApiError(e.cause?.status, ApiErrorCode.Unknown);
@@ -213,8 +212,8 @@ class JellyfinAPI extends ExternalAPI {
      return { users: userReponse };
    } catch (e) {
      logger.error(
-        `Something went wrong while getting the account from the Jellyfin server: ${e.message}`,
-        { label: 'Jellyfin API' }
+        'Something went wrong while getting the account from the Jellyfin server',
+        { label: 'Jellyfin API', error: e.cause.message ?? e.cause.statusText }
      );

      throw new ApiError(e.cause?.status, ApiErrorCode.InvalidAuthToken);
@@ -229,8 +228,8 @@ class JellyfinAPI extends ExternalAPI {
      return userReponse;
    } catch (e) {
      logger.error(
-        `Something went wrong while getting the account from the Jellyfin server: ${e.message}`,
-        { label: 'Jellyfin API' }
+        'Something went wrong while getting the account from the Jellyfin server',
+        { label: 'Jellyfin API', error: e.cause.message ?? e.cause.statusText }
      );

      throw new ApiError(e.cause?.status, ApiErrorCode.InvalidAuthToken);
@@ -253,8 +252,11 @@ class JellyfinAPI extends ExternalAPI {
        return this.mapLibraries(mediaFolderResponse.Items);
      } catch (e) {
        logger.error(
-          `Something went wrong while getting libraries from the Jellyfin server: ${e.message}`,
-          { label: 'Jellyfin API' }
+          'Something went wrong while getting libraries from the Jellyfin server',
+          {
+            label: 'Jellyfin API',
+            error: e.cause.message ?? e.cause.statusText,
+          }
        );

        return [];
@@ -308,8 +310,8 @@ class JellyfinAPI extends ExternalAPI {
      );
    } catch (e) {
      logger.error(
-        `Something went wrong while getting library content from the Jellyfin server: ${e.message}`,
-        { label: 'Jellyfin API' }
+        'Something went wrong while getting library content from the Jellyfin server',
+        { label: 'Jellyfin API', error: e.cause.message ?? e.cause.statusText }
      );

      throw new ApiError(e.cause?.status, ApiErrorCode.InvalidAuthToken);
@@ -329,8 +331,8 @@ class JellyfinAPI extends ExternalAPI {
      return itemResponse;
    } catch (e) {
      logger.error(
-        `Something went wrong while getting library content from the Jellyfin server: ${e.message}`,
-        { label: 'Jellyfin API' }
+        'Something went wrong while getting library content from the Jellyfin server',
+        { label: 'Jellyfin API', error: e.cause.message ?? e.cause.statusText }
      );

      throw new ApiError(e.cause?.status, ApiErrorCode.InvalidAuthToken);
@@ -354,8 +356,8 @@ class JellyfinAPI extends ExternalAPI {
      }

      logger.error(
-        `Something went wrong while getting library content from the Jellyfin server: ${e.message}`,
-        { label: 'Jellyfin API' }
+        'Something went wrong while getting library content from the Jellyfin server',
+        { label: 'Jellyfin API', error: e.cause.message ?? e.cause.statusText }
      );
      throw new ApiError(e.cause?.status, ApiErrorCode.InvalidAuthToken);
    }
@@ -368,8 +370,8 @@ class JellyfinAPI extends ExternalAPI {
      return seasonResponse.Items;
    } catch (e) {
      logger.error(
-        `Something went wrong while getting the list of seasons from the Jellyfin server: ${e.message}`,
-        { label: 'Jellyfin API' }
+        'Something went wrong while getting the list of seasons from the Jellyfin server',
+        { label: 'Jellyfin API', error: e.cause.message ?? e.cause.statusText }
      );

      throw new ApiError(e.cause?.status, ApiErrorCode.InvalidAuthToken);
@@ -393,8 +395,8 @@ class JellyfinAPI extends ExternalAPI {
      );
    } catch (e) {
      logger.error(
-        `Something went wrong while getting the list of episodes from the Jellyfin server: ${e.message}`,
-        { label: 'Jellyfin API' }
+        'Something went wrong while getting the list of episodes from the Jellyfin server',
+        { label: 'Jellyfin API', error: e.cause.message ?? e.cause.statusText }
      );

      throw new ApiError(e.cause?.status, ApiErrorCode.InvalidAuthToken);
@@ -410,8 +412,8 @@ class JellyfinAPI extends ExternalAPI {
      ).AccessToken;
    } catch (e) {
      logger.error(
-        `Something went wrong while creating an API key the Jellyfin server: ${e.message}`,
-        { label: 'Jellyfin API' }
+        'Something went wrong while creating an API key from the Jellyfin server',
+        { label: 'Jellyfin API', error: e.cause.message ?? e.cause.statusText }
      );

      throw new ApiError(e.response?.status, ApiErrorCode.InvalidAuthToken);
--- a/server/api/plexapi.ts
+++ b/server/api/plexapi.ts
@@ -180,7 +180,7 @@ class PlexAPI {
      settings.plex.libraries = [];
    }

-    settings.save();
+    await settings.save();
  }

  public async getLibraryContents(
--- a/server/api/plextv.ts
+++ b/server/api/plextv.ts
@@ -3,6 +3,7 @@ import type { PlexDevice } from '@server/interfaces/api/plexInterfaces';
 import cacheManager from '@server/lib/cache';
 import { getSettings } from '@server/lib/settings';
 import logger from '@server/logger';
+import { randomUUID } from 'node:crypto';
 import xml2js from 'xml2js';

 interface PlexAccountResponse {
@@ -127,6 +128,11 @@ export interface PlexWatchlistItem {
  title: string;
 }

+export interface PlexWatchlistCache {
+  etag: string;
+  response: WatchlistResponse;
+}
+
 class PlexTvAPI extends ExternalAPI {
  private authToken: string;

@@ -261,6 +267,11 @@ class PlexTvAPI extends ExternalAPI {
    items: PlexWatchlistItem[];
  }> {
    try {
+      const watchlistCache = cacheManager.getCache('plexwatchlist');
+      let cachedWatchlist = watchlistCache.data.get<PlexWatchlistCache>(
+        this.authToken
+      );
+
      const params = new URLSearchParams({
        'X-Plex-Container-Start': offset.toString(),
        'X-Plex-Container-Size': size.toString(),
@@ -268,42 +279,62 @@ class PlexTvAPI extends ExternalAPI {
      const response = await this.fetch(
        `https://metadata.provider.plex.tv/library/sections/watchlist/all?${params.toString()}`,
        {
-          headers: this.defaultHeaders,
+          headers: {
+            ...this.defaultHeaders,
+            ...(cachedWatchlist?.etag
+              ? { 'If-None-Match': cachedWatchlist.etag }
+              : {}),
+          },
        }
      );
      const data = (await response.json()) as WatchlistResponse;

+      // If we don't recieve HTTP 304, the watchlist has been updated and we need to update the cache.
+      if (response.status >= 200 && response.status <= 299) {
+        cachedWatchlist = {
+          etag: response.headers.get('etag') ?? '',
+          response: data,
+        };
+
+        watchlistCache.data.set<PlexWatchlistCache>(
+          this.authToken,
+          cachedWatchlist
+        );
+      }
+
      const watchlistDetails = await Promise.all(
-        (data.MediaContainer.Metadata ?? []).map(async (watchlistItem) => {
-          const detailedResponse = await this.getRolling<MetadataResponse>(
-            `/library/metadata/${watchlistItem.ratingKey}`,
-            {},
-            undefined,
-            {},
-            'https://metadata.provider.plex.tv'
-          );
+        (cachedWatchlist?.response.MediaContainer.Metadata ?? []).map(
+          async (watchlistItem) => {
+            const detailedResponse = await this.getRolling<MetadataResponse>(
+              `/library/metadata/${watchlistItem.ratingKey}`,
+              {},
+              undefined,
+              {},
+              'https://metadata.provider.plex.tv'
+            );

-          const metadata = detailedResponse.MediaContainer.Metadata[0];
+            const metadata = detailedResponse.MediaContainer.Metadata[0];

-          const tmdbString = metadata.Guid.find((guid) =>
-            guid.id.startsWith('tmdb')
-          );
-          const tvdbString = metadata.Guid.find((guid) =>
-            guid.id.startsWith('tvdb')
-          );
+            const tmdbString = metadata.Guid.find((guid) =>
+              guid.id.startsWith('tmdb')
+            );
+            const tvdbString = metadata.Guid.find((guid) =>
+              guid.id.startsWith('tvdb')
+            );

-          return {
-            ratingKey: metadata.ratingKey,
-            // This should always be set? But I guess it also cannot be?
-            // We will filter out the 0's afterwards
-            tmdbId: tmdbString ? Number(tmdbString.id.split('//')[1]) : 0,
-            tvdbId: tvdbString
-              ? Number(tvdbString.id.split('//')[1])
-              : undefined,
-            title: metadata.title,
-            type: metadata.type,
-          };
-        })
+            return {
+              ratingKey: metadata.ratingKey,
+              // This should always be set? But I guess it also cannot be?
+              // We will filter out the 0's afterwards
+              tmdbId: tmdbString ? Number(tmdbString.id.split('//')[1]) : 0,
+              tvdbId: tvdbString
+                ? Number(tvdbString.id.split('//')[1])
+                : undefined,
+              title: metadata.title,
+              type: metadata.type,
+            };
+          }
+        )
      );

      const filteredList = watchlistDetails.filter((detail) => detail.tmdbId);
@@ -311,7 +342,7 @@ class PlexTvAPI extends ExternalAPI {
      return {
        offset,
        size,
-        totalSize: data.MediaContainer.totalSize,
+        totalSize: cachedWatchlist?.response.MediaContainer.totalSize ?? 0,
        items: filteredList,
      };
    } catch (e) {
@@ -327,6 +358,29 @@ class PlexTvAPI extends ExternalAPI {
      };
    }
  }
+
+  public async pingToken() {
+    try {
+      const data: { pong: unknown } = await this.get(
+        '/api/v2/ping',
+        {},
+        undefined,
+        {
+          headers: {
+            'X-Plex-Client-Identifier': randomUUID(),
+          },
+        }
+      );
+      if (!data?.pong) {
+        throw new Error('No pong response');
+      }
+    } catch (e) {
+      logger.error('Failed to ping token', {
+        label: 'Plex Refresh Token',
+        errorMessage: e.message,
+      });
+    }
+  }
 }

 export default PlexTvAPI;
--- a/server/api/rating/rottentomatoes.ts
+++ b/server/api/rating/rottentomatoes.ts
@@ -182,7 +182,7 @@ class RottenTomatoes extends ExternalAPI {
        );
      }

-      if (!tvshow) {
+      if (!tvshow || !tvshow.rottenTomatoes) {
        return null;
      }

--- a/server/api/servarr/base.ts
+++ b/server/api/servarr/base.ts
@@ -157,9 +157,13 @@ class ServarrBase<QueueItemAppendT> extends ExternalAPI {

  public getQueue = async (): Promise<(QueueItem & QueueItemAppendT)[]> => {
    try {
-      const data = await this.get<QueueResponse<QueueItemAppendT>>(`/queue`, {
-        includeEpisode: 'true',
-      });
+      const data = await this.get<QueueResponse<QueueItemAppendT>>(
+        `/queue`,
+        {
+          includeEpisode: 'true',
+        },
+        0
+      );

      return data.records;
    } catch (e) {
@@ -193,15 +197,24 @@ class ServarrBase<QueueItemAppendT> extends ExternalAPI {
    }
  };

+  async refreshMonitoredDownloads(): Promise<void> {
+    await this.runCommand('RefreshMonitoredDownloads', {});
+  }
+
  protected async runCommand(
    commandName: string,
    options: Record<string, unknown>
  ): Promise<void> {
    try {
-      await this.post(`/command`, {
-        name: commandName,
-        ...options,
-      });
+      await this.post(
+        `/command`,
+        {
+          name: commandName,
+          ...options,
+        },
+        {},
+        0
+      );
    } catch (e) {
      throw new Error(`[${this.apiName}] Failed to run command: ${e.message}`);
    }
--- a/server/constants/media.ts
+++ b/server/constants/media.ts
@@ -16,4 +16,5 @@ export enum MediaStatus {
  PROCESSING,
  PARTIALLY_AVAILABLE,
  AVAILABLE,
+  BLACKLISTED,
 }
--- a/server/datasource.ts
+++ b/server/datasource.ts
@@ -1,7 +1,43 @@
-import 'reflect-metadata';
+import fs from 'fs';
+import type { TlsOptions } from 'tls';
 import type { DataSourceOptions, EntityTarget, Repository } from 'typeorm';
 import { DataSource } from 'typeorm';

+const DB_SSL_PREFIX = 'DB_SSL_';
+
+function boolFromEnv(envVar: string, defaultVal = false) {
+  if (process.env[envVar]) {
+    return process.env[envVar]?.toLowerCase() === 'true';
+  }
+  return defaultVal;
+}
+
+function stringOrReadFileFromEnv(envVar: string): Buffer | string | undefined {
+  if (process.env[envVar]) {
+    return process.env[envVar];
+  }
+  const filePath = process.env[`${envVar}_FILE`];
+  if (filePath) {
+    return fs.readFileSync(filePath);
+  }
+  return undefined;
+}
+
+function buildSslConfig(): TlsOptions | undefined {
+  if (process.env.DB_USE_SSL?.toLowerCase() !== 'true') {
+    return undefined;
+  }
+  return {
+    rejectUnauthorized: boolFromEnv(
+      `${DB_SSL_PREFIX}REJECT_UNAUTHORIZED`,
+      true
+    ),
+    ca: stringOrReadFileFromEnv(`${DB_SSL_PREFIX}CA`),
+    key: stringOrReadFileFromEnv(`${DB_SSL_PREFIX}KEY`),
+    cert: stringOrReadFileFromEnv(`${DB_SSL_PREFIX}CERT`),
+  };
+}
+
 const devConfig: DataSourceOptions = {
  type: 'sqlite',
  database: process.env.CONFIG_DIRECTORY
@@ -9,10 +45,10 @@ const devConfig: DataSourceOptions = {
    : 'config/db/db.sqlite3',
  synchronize: true,
  migrationsRun: false,
-  logging: false,
+  logging: boolFromEnv('DB_LOG_QUERIES'),
  enableWAL: true,
  entities: ['server/entity/**/*.ts'],
-  migrations: ['server/migration/**/*.ts'],
+  migrations: ['server/migration/sqlite/**/*.ts'],
  subscribers: ['server/subscriber/**/*.ts'],
 };

@@ -23,16 +59,56 @@ const prodConfig: DataSourceOptions = {
    : 'config/db/db.sqlite3',
  synchronize: false,
  migrationsRun: false,
-  logging: false,
+  logging: boolFromEnv('DB_LOG_QUERIES'),
  enableWAL: true,
  entities: ['dist/entity/**/*.js'],
-  migrations: ['dist/migration/**/*.js'],
+  migrations: ['dist/migration/sqlite/**/*.js'],
  subscribers: ['dist/subscriber/**/*.js'],
 };

-const dataSource = new DataSource(
-  process.env.NODE_ENV !== 'production' ? devConfig : prodConfig
-);
+const postgresDevConfig: DataSourceOptions = {
+  type: 'postgres',
+  host: process.env.DB_HOST,
+  port: parseInt(process.env.DB_PORT ?? '5432'),
+  username: process.env.DB_USER,
+  password: process.env.DB_PASS,
+  database: process.env.DB_NAME ?? 'jellyseerr',
+  ssl: buildSslConfig(),
+  synchronize: false,
+  migrationsRun: true,
+  logging: boolFromEnv('DB_LOG_QUERIES'),
+  entities: ['server/entity/**/*.ts'],
+  migrations: ['server/migration/postgres/**/*.ts'],
+  subscribers: ['server/subscriber/**/*.ts'],
+};
+
+const postgresProdConfig: DataSourceOptions = {
+  type: 'postgres',
+  host: process.env.DB_HOST,
+  port: parseInt(process.env.DB_PORT ?? '5432'),
+  username: process.env.DB_USER,
+  password: process.env.DB_PASS,
+  database: process.env.DB_NAME ?? 'jellyseerr',
+  ssl: buildSslConfig(),
+  synchronize: false,
+  migrationsRun: false,
+  logging: boolFromEnv('DB_LOG_QUERIES'),
+  entities: ['dist/entity/**/*.js'],
+  migrations: ['dist/migration/postgres/**/*.js'],
+  subscribers: ['dist/subscriber/**/*.js'],
+};
+
+export const isPgsql = process.env.DB_TYPE === 'postgres';
+
+function getDataSource(): DataSourceOptions {
+  if (process.env.NODE_ENV === 'production') {
+    return isPgsql ? postgresProdConfig : prodConfig;
+  } else {
+    return isPgsql ? postgresDevConfig : devConfig;
+  }
+}
+
+const dataSource = new DataSource(getDataSource());

 export const getRepository = <Entity extends object>(
  target: EntityTarget<Entity>
--- a/server/entity/Blacklist.ts
+++ b/server/entity/Blacklist.ts
@@ -0,0 +1,95 @@
+import { MediaStatus, type MediaType } from '@server/constants/media';
+import { getRepository } from '@server/datasource';
+import Media from '@server/entity/Media';
+import { User } from '@server/entity/User';
+import type { BlacklistItem } from '@server/interfaces/api/blacklistInterfaces';
+import {
+  Column,
+  CreateDateColumn,
+  Entity,
+  Index,
+  JoinColumn,
+  ManyToOne,
+  OneToOne,
+  PrimaryGeneratedColumn,
+  Unique,
+} from 'typeorm';
+import type { ZodNumber, ZodOptional, ZodString } from 'zod';
+
+@Entity()
+@Unique(['tmdbId'])
+export class Blacklist implements BlacklistItem {
+  @PrimaryGeneratedColumn()
+  public id: number;
+
+  @Column({ type: 'varchar' })
+  public mediaType: MediaType;
+
+  @Column({ nullable: true, type: 'varchar' })
+  title?: string;
+
+  @Column()
+  @Index()
+  public tmdbId: number;
+
+  @ManyToOne(() => User, (user) => user.id, {
+    eager: true,
+  })
+  user: User;
+
+  @OneToOne(() => Media, (media) => media.blacklist, {
+    onDelete: 'CASCADE',
+  })
+  @JoinColumn()
+  public media: Media;
+
+  @CreateDateColumn()
+  public createdAt: Date;
+
+  constructor(init?: Partial<Blacklist>) {
+    Object.assign(this, init);
+  }
+
+  public static async addToBlacklist({
+    blacklistRequest,
+  }: {
+    blacklistRequest: {
+      mediaType: MediaType;
+      title?: ZodOptional<ZodString>['_output'];
+      tmdbId: ZodNumber['_output'];
+    };
+  }): Promise<void> {
+    const blacklist = new this({
+      ...blacklistRequest,
+    });
+
+    const mediaRepository = getRepository(Media);
+    let media = await mediaRepository.findOne({
+      where: {
+        tmdbId: blacklistRequest.tmdbId,
+      },
+    });
+
+    const blacklistRepository = getRepository(this);
+
+    await blacklistRepository.save(blacklist);
+
+    if (!media) {
+      media = new Media({
+        tmdbId: blacklistRequest.tmdbId,
+        status: MediaStatus.BLACKLISTED,
+        status4k: MediaStatus.BLACKLISTED,
+        mediaType: blacklistRequest.mediaType,
+        blacklist: Promise.resolve(blacklist),
+      });
+
+      await mediaRepository.save(media);
+    } else {
+      media.blacklist = Promise.resolve(blacklist);
+      media.status = MediaStatus.BLACKLISTED;
+      media.status4k = MediaStatus.BLACKLISTED;
+
+      await mediaRepository.save(media);
+    }
+  }
+}
--- a/server/entity/Media.ts
+++ b/server/entity/Media.ts
@@ -3,12 +3,14 @@ import SonarrAPI from '@server/api/servarr/sonarr';
 import { MediaStatus, MediaType } from '@server/constants/media';
 import { MediaServerType } from '@server/constants/server';
 import { getRepository } from '@server/datasource';
+import { Blacklist } from '@server/entity/Blacklist';
 import type { User } from '@server/entity/User';
 import { Watchlist } from '@server/entity/Watchlist';
 import type { DownloadingItem } from '@server/lib/downloadtracker';
 import downloadTracker from '@server/lib/downloadtracker';
 import { getSettings } from '@server/lib/settings';
 import logger from '@server/logger';
+import { DbAwareColumn } from '@server/utils/DbColumnHelper';
 import { getHostname } from '@server/utils/getHostname';
 import {
  AfterLoad,
@@ -17,6 +19,7 @@ import {
  Entity,
  Index,
  OneToMany,
+  OneToOne,
  PrimaryGeneratedColumn,
  UpdateDateColumn,
 } from 'typeorm';
@@ -40,6 +43,10 @@ class Media {
        finalIds = tmdbIds;
      }

+      if (finalIds.length === 0) {
+        return [];
+      }
+
      const media = await mediaRepository
        .createQueryBuilder('media')
        .leftJoinAndSelect(
@@ -66,7 +73,7 @@ class Media {

    try {
      const media = await mediaRepository.findOne({
-        where: { tmdbId: id, mediaType },
+        where: { tmdbId: id, mediaType: mediaType },
        relations: { requests: true, issues: true },
      });

@@ -116,16 +123,32 @@ class Media {
  @OneToMany(() => Issue, (issue) => issue.media, { cascade: true })
  public issues: Issue[];

+  @OneToOne(() => Blacklist, (blacklist) => blacklist.media)
+  public blacklist: Promise<Blacklist>;
+
  @CreateDateColumn()
  public createdAt: Date;

  @UpdateDateColumn()
  public updatedAt: Date;

-  @Column({ type: 'datetime', default: () => 'CURRENT_TIMESTAMP' })
+  /**
+   * The `lastSeasonChange` column stores the date and time when the media was added to the library.
+   * It needs to be database-aware because SQLite supports `datetime` while PostgreSQL supports `timestamp with timezone (timestampz)`.
+   */
+  @DbAwareColumn({ type: 'datetime', default: () => 'CURRENT_TIMESTAMP' })
  public lastSeasonChange: Date;

-  @Column({ type: 'datetime', nullable: true })
+  /**
+   * The `mediaAddedAt` column stores the date and time when the media was added to the library.
+   * It needs to be database-aware because SQLite supports `datetime` while PostgreSQL supports `timestamp with timezone (timestampz)`.
+   * This column is nullable because it can be null when the media is not yet synced to the library.
+   */
+  @DbAwareColumn({
+    type: 'datetime',
+    default: () => 'CURRENT_TIMESTAMP',
+    nullable: true,
+  })
  public mediaAddedAt: Date;

  @Column({ nullable: true, type: 'int' })
@@ -224,7 +247,7 @@ class Media {
        this.mediaUrl = `${jellyfinHost}/web/index.html#!/${pageName}?id=${this.jellyfinMediaId}&context=home&serverId=${serverId}`;
      }
      if (this.jellyfinMediaId4k) {
-        this.mediaUrl4k = `${jellyfinHost}/web/index.html#!/${pageName}?id=${this.jellyfinMediaId}&context=home&serverId=${serverId}`;
+        this.mediaUrl4k = `${jellyfinHost}/web/index.html#!/${pageName}?id=${this.jellyfinMediaId4k}&context=home&serverId=${serverId}`;
      }
    }
  }
--- a/server/entity/MediaRequest.ts
+++ b/server/entity/MediaRequest.ts
@@ -40,6 +40,7 @@ export class RequestPermissionError extends Error {}
 export class QuotaRestrictedError extends Error {}
 export class DuplicateMediaRequestError extends Error {}
 export class NoSeasonsAvailableError extends Error {}
+export class BlacklistedMediaError extends Error {}

 type MediaRequestOptions = {
  isAutoRequest?: boolean;
@@ -143,6 +144,16 @@ export class MediaRequest {
        mediaType: requestBody.mediaType,
      });
    } else {
+      if (media.status === MediaStatus.BLACKLISTED) {
+        logger.warn('Request for media blocked due to being blacklisted', {
+          tmdbId: tmdbMedia.id,
+          mediaType: requestBody.mediaType,
+          label: 'Media Request',
+        });
+
+        throw new BlacklistedMediaError('This media is blacklisted.');
+      }
+
      if (media.status === MediaStatus.UNKNOWN && !requestBody.is4k) {
        media.status = MediaStatus.PENDING;
      }
@@ -246,9 +257,7 @@ export class MediaRequest {
      >;
      const requestedSeasons =
        requestBody.seasons === 'all'
-          ? tmdbMediaShow.seasons
-              .map((season) => season.season_number)
-              .filter((sn) => sn > 0)
+          ? tmdbMediaShow.seasons.map((season) => season.season_number)
          : (requestBody.seasons as number[]);
      let existingSeasons: number[] = [];

@@ -376,6 +385,7 @@ export class MediaRequest {
  @ManyToOne(() => Media, (media) => media.requests, {
    eager: true,
    onDelete: 'CASCADE',
+    nullable: false,
  })
  public media: Media;

@@ -848,7 +858,7 @@ export class MediaRequest {
            const requestRepository = getRepository(MediaRequest);

            this.status = MediaRequestStatus.FAILED;
-            requestRepository.save(this);
+            await requestRepository.save(this);

            logger.warn(
              'Something went wrong sending movie request to Radarr, marking status as FAILED',
@@ -1123,13 +1133,14 @@ export class MediaRequest {
            media[this.is4k ? 'externalServiceSlug4k' : 'externalServiceSlug'] =
              sonarrSeries.titleSlug;
            media[this.is4k ? 'serviceId4k' : 'serviceId'] = sonarrSettings?.id;
+
            await mediaRepository.save(media);
          })
          .catch(async () => {
            const requestRepository = getRepository(MediaRequest);

            this.status = MediaRequestStatus.FAILED;
-            requestRepository.save(this);
+            await requestRepository.save(this);

            logger.warn(
              'Something went wrong sending series request to Sonarr, marking status as FAILED',
--- a/server/entity/Season.ts
+++ b/server/entity/Season.ts
@@ -23,7 +23,10 @@ class Season {
  @Column({ type: 'int', default: MediaStatus.UNKNOWN })
  public status4k: MediaStatus;

-  @ManyToOne(() => Media, (media) => media.seasons, { onDelete: 'CASCADE' })
+  @ManyToOne(() => Media, (media) => media.seasons, {
+    onDelete: 'CASCADE',
+    nullable: false,
+  })
  public media: Promise<Media>;

  @CreateDateColumn()
--- a/server/entity/Watchlist.ts
+++ b/server/entity/Watchlist.ts
@@ -53,6 +53,7 @@ export class Watchlist implements WatchlistItem {
  @ManyToOne(() => Media, (media) => media.watchlists, {
    eager: true,
    onDelete: 'CASCADE',
+    nullable: false,
  })
  public media: Media;

--- a/server/index.ts
+++ b/server/index.ts
@@ -1,5 +1,5 @@
 import PlexAPI from '@server/api/plexapi';
-import dataSource, { getRepository } from '@server/datasource';
+import dataSource, { getRepository, isPgsql } from '@server/datasource';
 import DiscoverSlider from '@server/entity/DiscoverSlider';
 import { Session } from '@server/entity/Session';
 import { User } from '@server/entity/User';
@@ -19,8 +19,11 @@ import { getSettings } from '@server/lib/settings';
 import logger from '@server/logger';
 import clearCookies from '@server/middleware/clearcookies';
 import routes from '@server/routes';
+import avatarproxy from '@server/routes/avatarproxy';
 import imageproxy from '@server/routes/imageproxy';
+import { appDataPermissions } from '@server/utils/appDataVolume';
 import { getAppVersion } from '@server/utils/appVersion';
+import createCustomProxyAgent from '@server/utils/customProxyAgent';
 import restartFlag from '@server/utils/restartFlag';
 import { getClientIp } from '@supercharge/request-ip';
 import { TypeormStore } from 'connect-typeorm/out';
@@ -50,6 +53,12 @@ const dev = process.env.NODE_ENV !== 'production';
 const app = next({ dev });
 const handle = app.getRequestHandler();

+if (!appDataPermissions()) {
+  logger.error(
+    'Something went wrong while checking config folder! Please ensure the config folder is set up properly.\nhttps://docs.jellyseerr.dev/getting-started'
+  );
+}
+
 app
  .prepare()
  .then(async () => {
@@ -57,15 +66,24 @@ app

    // Run migrations in production
    if (process.env.NODE_ENV === 'production') {
-      await dbConnection.query('PRAGMA foreign_keys=OFF');
-      await dbConnection.runMigrations();
-      await dbConnection.query('PRAGMA foreign_keys=ON');
+      if (isPgsql) {
+        await dbConnection.runMigrations();
+      } else {
+        await dbConnection.query('PRAGMA foreign_keys=OFF');
+        await dbConnection.runMigrations();
+        await dbConnection.query('PRAGMA foreign_keys=ON');
+      }
    }

    // Load Settings
    const settings = await getSettings().load();
    restartFlag.initializeSettings(settings.main);

+    // Register HTTP proxy
+    if (settings.main.proxy.enabled) {
+      await createCustomProxyAgent(settings.main.proxy);
+    }
+
    // Migrate library types
    if (
      settings.plex.libraries.length > 1 &&
@@ -174,7 +192,7 @@ app
        },
        store: new TypeormStore({
          cleanupLimit: 2,
-          ttl: 1000 * 60 * 60 * 24 * 30,
+          ttl: 60 * 60 * 24 * 30,
        }).connect(sessionRespository) as Store,
      })
    );
@@ -202,6 +220,7 @@ app

    // Do not set cookies so CDNs can cache them
    server.use('/imageproxy', clearCookies, imageproxy);
+    server.use('/avatarproxy', clearCookies, avatarproxy);

    server.get('*', (req, res) => handle(req, res));
    server.use(
--- a/server/interfaces/api/blacklistInterfaces.ts
+++ b/server/interfaces/api/blacklistInterfaces.ts
@@ -0,0 +1,14 @@
+import type { User } from '@server/entity/User';
+import type { PaginatedResponse } from '@server/interfaces/api/common';
+
+export interface BlacklistItem {
+  tmdbId: number;
+  mediaType: 'movie' | 'tv';
+  title?: string;
+  createdAt?: Date;
+  user: User;
+}
+
+export interface BlacklistResultsResponse extends PaginatedResponse {
+  results: BlacklistItem[];
+}
--- a/server/interfaces/api/settingsInterfaces.ts
+++ b/server/interfaces/api/settingsInterfaces.ts
@@ -58,7 +58,7 @@ export interface CacheItem {

 export interface CacheResponse {
  apiCaches: CacheItem[];
-  imageCache: Record<'tmdb', { size: number; imageCount: number }>;
+  imageCache: Record<'tmdb' | 'avatar', { size: number; imageCount: number }>;
 }

 export interface StatusResponse {
--- a/server/job/schedule.ts
+++ b/server/job/schedule.ts
@@ -2,6 +2,7 @@ import { MediaServerType } from '@server/constants/server';
 import availabilitySync from '@server/lib/availabilitySync';
 import downloadTracker from '@server/lib/downloadtracker';
 import ImageProxy from '@server/lib/imageproxy';
+import refreshToken from '@server/lib/refreshToken';
 import {
  jellyfinFullScanner,
  jellyfinRecentScanner,
@@ -13,7 +14,6 @@ import type { JobId } from '@server/lib/settings';
 import { getSettings } from '@server/lib/settings';
 import watchlistSync from '@server/lib/watchlistsync';
 import logger from '@server/logger';
-import random from 'lodash/random';
 import schedule from 'node-schedule';

 interface ScheduledJob {
@@ -113,30 +113,20 @@ export const startJobs = (): void => {
  }

  // Watchlist Sync
-  const watchlistSyncJob: ScheduledJob = {
+  scheduledJobs.push({
    id: 'plex-watchlist-sync',
    name: 'Plex Watchlist Sync',
    type: 'process',
-    interval: 'fixed',
+    interval: 'seconds',
    cronSchedule: jobs['plex-watchlist-sync'].schedule,
-    job: schedule.scheduleJob(new Date(Date.now() + 1000 * 60 * 20), () => {
+    job: schedule.scheduleJob(jobs['plex-watchlist-sync'].schedule, () => {
      logger.info('Starting scheduled job: Plex Watchlist Sync', {
        label: 'Jobs',
      });
      watchlistSync.syncWatchlist();
    }),
-  };
-
-  // To help alleviate load on Plex's servers, we will add some fuzziness to the next schedule
-  // after each run
-  watchlistSyncJob.job.on('run', () => {
-    watchlistSyncJob.job.schedule(
-      new Date(Math.floor(Date.now() + 1000 * 60 * random(14, 24, true)))
-    );
  });

-  scheduledJobs.push(watchlistSyncJob);
-
  // Run full radarr scan every 24 hours
  scheduledJobs.push({
    id: 'radarr-scan',
@@ -227,6 +217,23 @@ export const startJobs = (): void => {
      });
      // Clean TMDB image cache
      ImageProxy.clearCache('tmdb');
+
+      // Clean users avatar image cache
+      ImageProxy.clearCache('avatar');
+    }),
+  });
+
+  scheduledJobs.push({
+    id: 'plex-refresh-token',
+    name: 'Plex Refresh Token',
+    type: 'process',
+    interval: 'fixed',
+    cronSchedule: jobs['plex-refresh-token'].schedule,
+    job: schedule.scheduleJob(jobs['plex-refresh-token'].schedule, () => {
+      logger.info('Starting scheduled job: Plex Refresh Token', {
+        label: 'Jobs',
+      });
+      refreshToken.run();
    }),
  });

--- a/server/lib/cache.ts
+++ b/server/lib/cache.ts
@@ -8,7 +8,8 @@ export type AvailableCacheIds =
  | 'imdb'
  | 'github'
  | 'plexguid'
-  | 'plextv';
+  | 'plextv'
+  | 'plexwatchlist';

 const DEFAULT_TTL = 300;
 const DEFAULT_CHECK_PERIOD = 120;
@@ -68,6 +69,7 @@ class CacheManager {
      stdTtl: 86400 * 7, // 1 week cache
      checkPeriod: 60,
    }),
+    plexwatchlist: new Cache('plexwatchlist', 'Plex Watchlist'),
  };

  public getCache(id: AvailableCacheIds): Cache {
--- a/server/lib/downloadtracker.ts
+++ b/server/lib/downloadtracker.ts
@@ -85,6 +85,7 @@ class DownloadTracker {
          });

          try {
+            await radarr.refreshMonitoredDownloads();
            const queueItems = await radarr.getQueue();

            this.radarrServers[server.id] = queueItems.map((item) => ({
@@ -162,6 +163,7 @@ class DownloadTracker {
          });

          try {
+            await sonarr.refreshMonitoredDownloads();
            const queueItems = await sonarr.getQueue();

            this.sonarrServers[server.id] = queueItems.map((item) => ({
--- a/server/lib/imageproxy.ts
+++ b/server/lib/imageproxy.ts
@@ -3,6 +3,7 @@ import type { RateLimitOptions } from '@server/utils/rateLimit';
 import rateLimit from '@server/utils/rateLimit';
 import { createHash } from 'crypto';
 import { promises } from 'fs';
+import mime from 'mime/lite';
 import path, { join } from 'path';

 type ImageResponse = {
@@ -11,7 +12,7 @@ type ImageResponse = {
    curRevalidate: number;
    isStale: boolean;
    etag: string;
-    extension: string;
+    extension: string | null;
    cacheKey: string;
    cacheMiss: boolean;
  };
@@ -27,29 +28,45 @@ class ImageProxy {
    let deletedImages = 0;
    const cacheDirectory = path.join(baseCacheDirectory, key);

-    const files = await promises.readdir(cacheDirectory);
+    try {
+      const files = await promises.readdir(cacheDirectory);

-    for (const file of files) {
-      const filePath = path.join(cacheDirectory, file);
-      const stat = await promises.lstat(filePath);
+      for (const file of files) {
+        const filePath = path.join(cacheDirectory, file);
+        const stat = await promises.lstat(filePath);

-      if (stat.isDirectory()) {
-        const imageFiles = await promises.readdir(filePath);
+        if (stat.isDirectory()) {
+          const imageFiles = await promises.readdir(filePath);

-        for (const imageFile of imageFiles) {
-          const [, expireAtSt] = imageFile.split('.');
-          const expireAt = Number(expireAtSt);
-          const now = Date.now();
+          for (const imageFile of imageFiles) {
+            const [, expireAtSt] = imageFile.split('.');
+            const expireAt = Number(expireAtSt);
+            const now = Date.now();

-          if (now > expireAt) {
-            await promises.rm(path.join(filePath, imageFile));
-            deletedImages += 1;
+            if (now > expireAt) {
+              await promises.rm(path.join(filePath), {
+                recursive: true,
+              });
+              deletedImages += 1;
+            }
          }
        }
      }
+    } catch (e) {
+      if (e.code === 'ENOENT') {
+        logger.error('Directory not found', {
+          label: 'Image Cache',
+          message: e.message,
+        });
+      } else {
+        logger.error('Failed to read directory', {
+          label: 'Image Cache',
+          message: e.message,
+        });
+      }
    }

-    logger.info(`Cleared ${deletedImages} stale image(s) from cache`, {
+    logger.info(`Cleared ${deletedImages} stale image(s) from cache '${key}'`, {
      label: 'Image Cache',
    });
  }
@@ -69,39 +86,56 @@ class ImageProxy {
  }

  private static async getDirectorySize(dir: string): Promise<number> {
-    const files = await promises.readdir(dir, {
-      withFileTypes: true,
-    });
+    try {
+      const files = await promises.readdir(dir, {
+        withFileTypes: true,
+      });

-    const paths = files.map(async (file) => {
-      const path = join(dir, file.name);
+      const paths = files.map(async (file) => {
+        const path = join(dir, file.name);

-      if (file.isDirectory()) return await ImageProxy.getDirectorySize(path);
+        if (file.isDirectory()) return await ImageProxy.getDirectorySize(path);

-      if (file.isFile()) {
-        const { size } = await promises.stat(path);
+        if (file.isFile()) {
+          const { size } = await promises.stat(path);

-        return size;
+          return size;
+        }
+
+        return 0;
+      });
+
+      return (await Promise.all(paths))
+        .flat(Infinity)
+        .reduce((i, size) => i + size, 0);
+    } catch (e) {
+      if (e.code === 'ENOENT') {
+        return 0;
      }
+    }

-      return 0;
-    });
-
-    return (await Promise.all(paths))
-      .flat(Infinity)
-      .reduce((i, size) => i + size, 0);
+    return 0;
  }

  private static async getImageCount(dir: string) {
-    const files = await promises.readdir(dir);
+    try {
+      const files = await promises.readdir(dir);

-    return files.length;
+      return files.length;
+    } catch (e) {
+      if (e.code === 'ENOENT') {
+        return 0;
+      }
+    }
+
+    return 0;
  }

  private fetch: typeof fetch;
  private cacheVersion;
  private key;
  private baseUrl;
+  private headers: HeadersInit | null = null;

  constructor(
    key: string,
@@ -109,6 +143,7 @@ class ImageProxy {
    options: {
      cacheVersion?: number;
      rateLimitOptions?: RateLimitOptions;
+      headers?: HeadersInit;
    } = {}
  ) {
    this.cacheVersion = options.cacheVersion ?? 1;
@@ -122,9 +157,13 @@ class ImageProxy {
    } else {
      this.fetch = fetch;
    }
+    this.headers = options.headers || null;
  }

-  public async getImage(path: string): Promise<ImageResponse> {
+  public async getImage(
+    path: string,
+    fallbackPath?: string
+  ): Promise<ImageResponse> {
    const cacheKey = this.getCacheKey(path);

    const imageResponse = await this.get(cacheKey);
@@ -133,7 +172,11 @@ class ImageProxy {
      const newImage = await this.set(path, cacheKey);

      if (!newImage) {
-        throw new Error('Failed to load image');
+        if (fallbackPath) {
+          return await this.getImage(fallbackPath);
+        } else {
+          throw new Error('Failed to load image');
+        }
      }

      return newImage;
@@ -147,6 +190,27 @@ class ImageProxy {
    return imageResponse;
  }

+  public async clearCachedImage(path: string) {
+    // find cacheKey
+    const cacheKey = this.getCacheKey(path);
+
+    try {
+      const directory = join(this.getCacheDirectory(), cacheKey);
+      const files = await promises.readdir(directory);
+
+      await promises.rm(directory, { recursive: true });
+
+      logger.info(`Cleared ${files[0]} from cache 'avatar'`, {
+        label: 'Image Cache',
+      });
+    } catch (e) {
+      logger.error('Failed to clear cached image', {
+        label: 'Image Cache',
+        message: e.message,
+      });
+    }
+  }
+
  private async get(cacheKey: string): Promise<ImageResponse | null> {
    try {
      const directory = join(this.getCacheDirectory(), cacheKey);
@@ -187,16 +251,30 @@ class ImageProxy {
      const directory = join(this.getCacheDirectory(), cacheKey);
      const href =
        this.baseUrl +
-        (this.baseUrl.endsWith('/') ? '' : '/') +
+        (this.baseUrl.length > 0
+          ? this.baseUrl.endsWith('/')
+            ? ''
+            : '/'
+          : '') +
        (path.startsWith('/') ? path.slice(1) : path);
-      const response = await this.fetch(href);
+      const response = await this.fetch(href, {
+        headers: this.headers || undefined,
+      });
+      if (!response.ok) {
+        return null;
+      }
      const arrayBuffer = await response.arrayBuffer();
      const buffer = Buffer.from(arrayBuffer);

-      const extension = path.split('.').pop() ?? '';
-      const maxAge = Number(
+      const extension = mime.getExtension(
+        response.headers.get('content-type') ?? ''
+      );
+
+      let maxAge = Number(
        (response.headers.get('cache-control') ?? '0').split('=')[1]
      );
+
+      if (!maxAge) maxAge = 86400;
      const expireAt = Date.now() + maxAge * 1000;
      const etag = (response.headers.get('etag') ?? '').replace(/"/g, '');

@@ -232,7 +310,7 @@ class ImageProxy {

  private async writeToCacheDir(
    dir: string,
-    extension: string,
+    extension: string | null,
    maxAge: number,
    expireAt: number,
    buffer: Buffer,
--- a/server/lib/notifications/agents/discord.ts
+++ b/server/lib/notifications/agents/discord.ts
@@ -291,6 +291,10 @@ class DiscordAgent
        }
      }

+      if (settings.options.webhookRoleId) {
+        userMentions.push(`<@&${settings.options.webhookRoleId}>`);
+      }
+
      const response = await fetch(settings.options.webhookUrl, {
        method: 'POST',
        headers: {
--- a/server/lib/permissions.ts
+++ b/server/lib/permissions.ts
@@ -27,6 +27,8 @@ export enum Permission {
  AUTO_REQUEST_TV = 33554432,
  RECENT_VIEW = 67108864,
  WATCHLIST_VIEW = 134217728,
+  MANAGE_BLACKLIST = 268435456,
+  VIEW_BLACKLIST = 1073741824,
 }

 export interface PermissionCheckOptions {
--- a/server/lib/refreshToken.ts
+++ b/server/lib/refreshToken.ts
@@ -0,0 +1,37 @@
+import PlexTvAPI from '@server/api/plextv';
+import { getRepository } from '@server/datasource';
+import { User } from '@server/entity/User';
+import logger from '@server/logger';
+
+class RefreshToken {
+  public async run() {
+    const userRepository = getRepository(User);
+
+    const users = await userRepository
+      .createQueryBuilder('user')
+      .addSelect('user.plexToken')
+      .where("user.plexToken != ''")
+      .getMany();
+
+    for (const user of users) {
+      await this.refreshUserToken(user);
+    }
+  }
+
+  private async refreshUserToken(user: User) {
+    if (!user.plexToken) {
+      logger.warn('Skipping user refresh token for user without plex token', {
+        label: 'Plex Refresh Token',
+        user: user.displayName,
+      });
+      return;
+    }
+
+    const plexTvApi = new PlexTvAPI(user.plexToken);
+    plexTvApi.pingToken();
+  }
+}
+
+const refreshToken = new RefreshToken();
+
+export default refreshToken;
--- a/server/lib/scanners/plex/index.ts
+++ b/server/lib/scanners/plex/index.ts
@@ -129,7 +129,7 @@ class PlexScanner
          });

          settings.plex.libraries = newLibraries;
-          settings.save();
+          await settings.save();
        }
      } else {
        for (const library of this.libraries) {
@@ -278,9 +278,7 @@ class PlexScanner
    const seasons = tvShow.seasons;
    const processableSeasons: ProcessableSeason[] = [];

-    const filteredSeasons = seasons.filter((sn) => sn.season_number !== 0);
-
-    for (const season of filteredSeasons) {
+    for (const season of seasons) {
      const matchedPlexSeason = metadata.Children?.Metadata.find(
        (md) => Number(md.index) === season.season_number
      );
--- a/server/lib/scanners/sonarr/index.ts
+++ b/server/lib/scanners/sonarr/index.ts
@@ -103,10 +103,8 @@ class SonarrScanner

      const tmdbId = tvShow.id;

-      const filteredSeasons = sonarrSeries.seasons.filter(
-        (sn) =>
-          sn.seasonNumber !== 0 &&
-          tvShow.seasons.find((s) => s.season_number === sn.seasonNumber)
+      const filteredSeasons = sonarrSeries.seasons.filter((sn) =>
+        tvShow.seasons.find((s) => s.season_number === sn.seasonNumber)
      );

      for (const season of filteredSeasons) {
--- a/server/lib/settings/index.ts
+++ b/server/lib/settings/index.ts
@@ -2,7 +2,7 @@ import { MediaServerType } from '@server/constants/server';
 import { Permission } from '@server/lib/permissions';
 import { runMigrations } from '@server/lib/settings/migrator';
 import { randomUUID } from 'crypto';
-import fs from 'fs';
+import fs from 'fs/promises';
 import { merge } from 'lodash';
 import path from 'path';
 import webpush from 'web-push';
@@ -99,6 +99,17 @@ interface Quota {
  quotaDays?: number;
 }

+export interface ProxySettings {
+  enabled: boolean;
+  hostname: string;
+  port: number;
+  useSsl: boolean;
+  user: string;
+  password: string;
+  bypassFilter: string;
+  bypassLocalAddresses: boolean;
+}
+
 export interface MainSettings {
  apiKey: string;
  applicationTitle: string;
@@ -119,6 +130,7 @@ export interface MainSettings {
  mediaServerType: number;
  partialRequestsEnabled: boolean;
  locale: string;
+  proxy: ProxySettings;
 }

 interface PublicSettings {
@@ -158,6 +170,7 @@ export interface NotificationAgentDiscord extends NotificationAgentConfig {
    botUsername?: string;
    botAvatarUrl?: string;
    webhookUrl: string;
+    webhookRoleId?: string;
    enableMentions: boolean;
  };
 }
@@ -269,6 +282,7 @@ export type JobId =
  | 'plex-recently-added-scan'
  | 'plex-full-scan'
  | 'plex-watchlist-sync'
+  | 'plex-refresh-token'
  | 'radarr-scan'
  | 'sonarr-scan'
  | 'download-sync'
@@ -325,6 +339,16 @@ class Settings {
        mediaServerType: MediaServerType.NOT_CONFIGURED,
        partialRequestsEnabled: true,
        locale: 'en',
+        proxy: {
+          enabled: false,
+          hostname: '',
+          port: 8080,
+          useSsl: false,
+          user: '',
+          password: '',
+          bypassFilter: '',
+          bypassLocalAddresses: true,
+        },
      },
      plex: {
        name: '',
@@ -372,6 +396,7 @@ class Settings {
            types: 0,
            options: {
              webhookUrl: '',
+              webhookRoleId: '',
              enableMentions: true,
            },
          },
@@ -445,7 +470,10 @@ class Settings {
          schedule: '0 0 3 * * *',
        },
        'plex-watchlist-sync': {
-          schedule: '0 */10 * * * *',
+          schedule: '0 */3 * * * *',
+        },
+        'plex-refresh-token': {
+          schedule: '0 0 5 * * *',
        },
        'radarr-scan': {
          schedule: '0 0 4 * * *',
@@ -479,10 +507,6 @@ class Settings {
  }

  get main(): MainSettings {
-    if (!this.data.main.apiKey) {
-      this.data.main.apiKey = this.generateApiKey();
-      this.save();
-    }
    return this.data.main;
  }

@@ -584,29 +608,20 @@ class Settings {
  }

  get clientId(): string {
-    if (!this.data.clientId) {
-      this.data.clientId = randomUUID();
-      this.save();
-    }
-
    return this.data.clientId;
  }

  get vapidPublic(): string {
-    this.generateVapidKeys();
-
    return this.data.vapidPublic;
  }

  get vapidPrivate(): string {
-    this.generateVapidKeys();
-
    return this.data.vapidPrivate;
  }

-  public regenerateApiKey(): MainSettings {
+  public async regenerateApiKey(): Promise<MainSettings> {
    this.main.apiKey = this.generateApiKey();
-    this.save();
+    await this.save();
    return this.main;
  }

@@ -618,15 +633,6 @@ class Settings {
    }
  }

-  private generateVapidKeys(force = false): void {
-    if (!this.data.vapidPublic || !this.data.vapidPrivate || force) {
-      const vapidKeys = webpush.generateVAPIDKeys();
-      this.data.vapidPrivate = vapidKeys.privateKey;
-      this.data.vapidPublic = vapidKeys.publicKey;
-      this.save();
-    }
-  }
-
  /**
   * Settings Load
   *
@@ -641,30 +647,51 @@ class Settings {
      return this;
    }

-    if (!fs.existsSync(SETTINGS_PATH)) {
-      this.save();
+    let data;
+    try {
+      data = await fs.readFile(SETTINGS_PATH, 'utf-8');
+    } catch {
+      await this.save();
    }
-    const data = fs.readFileSync(SETTINGS_PATH, 'utf-8');

    if (data) {
      const parsedJson = JSON.parse(data);
-      this.data = await runMigrations(parsedJson);
-
-      this.data = merge(this.data, parsedJson);
-
-      if (process.env.API_KEY) {
-        if (this.main.apiKey != process.env.API_KEY) {
-          this.main.apiKey = process.env.API_KEY;
-        }
-      }
-
-      this.save();
+      const migratedData = await runMigrations(parsedJson, SETTINGS_PATH);
+      this.data = merge(this.data, migratedData);
    }
+
+    // generate keys and ids if it's missing
+    let change = false;
+    if (!this.data.main.apiKey) {
+      this.data.main.apiKey = this.generateApiKey();
+      change = true;
+    } else if (process.env.API_KEY) {
+      if (this.main.apiKey != process.env.API_KEY) {
+        this.main.apiKey = process.env.API_KEY;
+      }
+    }
+    if (!this.data.clientId) {
+      this.data.clientId = randomUUID();
+      change = true;
+    }
+    if (!this.data.vapidPublic || !this.data.vapidPrivate) {
+      const vapidKeys = webpush.generateVAPIDKeys();
+      this.data.vapidPrivate = vapidKeys.privateKey;
+      this.data.vapidPublic = vapidKeys.publicKey;
+      change = true;
+    }
+    if (change) {
+      await this.save();
+    }
+
    return this;
  }

-  public save(): void {
-    fs.writeFileSync(SETTINGS_PATH, JSON.stringify(this.data, undefined, ' '));
+  public async save(): Promise<void> {
+    await fs.writeFile(
+      SETTINGS_PATH,
+      JSON.stringify(this.data, undefined, ' ')
+    );
  }
 }

--- a/server/lib/settings/migrations/0001_migrate_hostname.ts
+++ b/server/lib/settings/migrations/0001_migrate_hostname.ts
@@ -1,15 +1,14 @@
 import type { AllSettings } from '@server/lib/settings';

 const migrateHostname = (settings: any): AllSettings => {
-  const oldJellyfinSettings = settings.jellyfin;
-  if (oldJellyfinSettings && oldJellyfinSettings.hostname) {
-    const { hostname } = oldJellyfinSettings;
+  if (settings.jellyfin?.hostname) {
+    const { hostname } = settings.jellyfin;
    const protocolMatch = hostname.match(/^(https?):\/\//i);
    const useSsl = protocolMatch && protocolMatch[1].toLowerCase() === 'https';
    const remainingUrl = hostname.replace(/^(https?):\/\//i, '');
    const urlMatch = remainingUrl.match(/^([^:]+)(:([0-9]+))?(\/.*)?$/);

-    delete oldJellyfinSettings.hostname;
+    delete settings.jellyfin.hostname;
    if (urlMatch) {
      const [, ip, , port, urlBase] = urlMatch;
      settings.jellyfin = {
@@ -21,9 +20,7 @@ const migrateHostname = (settings: any): AllSettings => {
      };
    }
  }
-  if (settings.jellyfin && settings.jellyfin.hostname) {
-    delete settings.jellyfin.hostname;
-  }
+
  return settings;
 };

--- a/server/lib/settings/migrations/0002_migrate_apitokens.ts
+++ b/server/lib/settings/migrations/0002_migrate_apitokens.ts
@@ -27,8 +27,14 @@ const migrateApiTokens = async (settings: any): Promise<AllSettings> => {
      admin.jellyfinDeviceId
    );
    jellyfinClient.setUserId(admin.jellyfinUserId ?? '');
-    const apiKey = await jellyfinClient.createApiToken('Jellyseerr');
-    settings.jellyfin.apiKey = apiKey;
+    try {
+      const apiKey = await jellyfinClient.createApiToken('Jellyseerr');
+      settings.jellyfin.apiKey = apiKey;
+    } catch {
+      throw new Error(
+        "Failed to create Jellyfin API token from admin account. Please check your network configuration or edit your settings.json by adding an 'apiKey' field inside of the 'jellyfin' section to fix this issue."
+      );
+    }
  }
  return settings;
 };
--- a/server/lib/settings/migrator.ts
+++ b/server/lib/settings/migrator.ts
@@ -1,30 +1,100 @@
 import type { AllSettings } from '@server/lib/settings';
 import logger from '@server/logger';
-import fs from 'fs';
+import fs from 'fs/promises';
 import path from 'path';

 const migrationsDir = path.join(__dirname, 'migrations');

 export const runMigrations = async (
-  settings: AllSettings
+  settings: AllSettings,
+  SETTINGS_PATH: string
 ): Promise<AllSettings> => {
-  const migrations = fs
-    .readdirSync(migrationsDir)
-    .filter((file) => file.endsWith('.js') || file.endsWith('.ts'))
-    // eslint-disable-next-line @typescript-eslint/no-var-requires
-    .map((file) => require(path.join(migrationsDir, file)).default);
-
  let migrated = settings;

  try {
+    // we read old backup and create a backup of currents settings
+    const BACKUP_PATH = SETTINGS_PATH.replace('.json', '.old.json');
+    let oldBackup: string | null = null;
+    try {
+      oldBackup = await fs.readFile(BACKUP_PATH, 'utf-8');
+    } catch {
+      /* empty */
+    }
+    await fs.writeFile(BACKUP_PATH, JSON.stringify(settings, undefined, ' '));
+
+    const migrations = (await fs.readdir(migrationsDir)).filter(
+      (file) => file.endsWith('.js') || file.endsWith('.ts')
+    );
+
+    const settingsBefore = JSON.stringify(migrated);
+
    for (const migration of migrations) {
-      migrated = await migration(migrated);
+      try {
+        logger.debug(`Checking migration '${migration}'...`, {
+          label: 'Settings Migrator',
+        });
+        const { default: migrationFn } = await import(
+          path.join(migrationsDir, migration)
+        );
+        const newSettings = await migrationFn(structuredClone(migrated));
+        if (JSON.stringify(migrated) !== JSON.stringify(newSettings)) {
+          logger.debug(`Migration '${migration}' has been applied.`, {
+            label: 'Settings Migrator',
+          });
+        }
+        migrated = newSettings;
+      } catch (e) {
+        // we stop jellyseerr if the migration failed
+        logger.error(
+          `Error while running migration '${migration}': ${e.message}`,
+          {
+            label: 'Settings Migrator',
+          }
+        );
+        logger.error(
+          'A common cause for this error is a permission issue with your configuration folder, a network issue or a corrupted database.',
+          {
+            label: 'Settings Migrator',
+          }
+        );
+        process.exit();
+      }
+    }
+
+    const settingsAfter = JSON.stringify(migrated);
+
+    if (settingsBefore !== settingsAfter) {
+      // a migration occured
+      // we check that the new config will be saved
+      await fs.writeFile(
+        SETTINGS_PATH,
+        JSON.stringify(migrated, undefined, ' ')
+      );
+      const fileSaved = JSON.parse(await fs.readFile(SETTINGS_PATH, 'utf-8'));
+      if (JSON.stringify(fileSaved) !== settingsAfter) {
+        // something went wrong while saving file
+        throw new Error('Unable to save settings after migration.');
+      }
+    } else if (oldBackup) {
+      // no migration occured
+      // we save the old backup (to avoid settings.json and settings.old.json being the same)
+      await fs.writeFile(BACKUP_PATH, oldBackup.toString());
    }
  } catch (e) {
+    // we stop jellyseerr if the migration failed
    logger.error(
      `Something went wrong while running settings migrations: ${e.message}`,
-      { label: 'Settings Migrator' }
+      {
+        label: 'Settings Migrator',
+      }
    );
+    logger.error(
+      'A common cause for this issue is a permission error of your configuration folder.',
+      {
+        label: 'Settings Migrator',
+      }
+    );
+    process.exit();
  }

  return migrated;
--- a/server/lib/watchlistsync.ts
+++ b/server/lib/watchlistsync.ts
@@ -62,7 +62,7 @@ class WatchlistSync {

    const plexTvApi = new PlexTvAPI(user.plexToken);

-    const response = await plexTvApi.getWatchlist({ size: 200 });
+    const response = await plexTvApi.getWatchlist({ size: 20 });

    const mediaItems = await Media.getRelatedMedia(
      user,
--- a/server/migration/postgres/1705599190375-InitialMigration.ts
+++ b/server/migration/postgres/1705599190375-InitialMigration.ts
@@ -0,0 +1,304 @@
+import type { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class InitialMigration1705599190375 implements MigrationInterface {
+  name = 'InitialMigration1705599190375';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `create table if not exists session
+       (
+         "expiredAt" bigint,
+         id          text,
+         json        text
+       );`
+    );
+    await queryRunner.query(
+      `create index if not exists "idx_194703_IDX_28c5d1d16da7908c97c9bc2f74"
+        on session ("expiredAt");`
+    );
+    await queryRunner.query(
+      `create unique index if not exists idx_194703_sqlite_autoindex_session_1
+        on session (id);`
+    );
+    await queryRunner.query(
+      `create table if not exists media
+       (
+         id                      serial,
+         "mediaType"             text,
+         "tmdbId"                int,
+         "tvdbId"                int,
+         "imdbId"                text,
+         status                  int default '1'::int,
+         status4k                int default '1'::int,
+         "createdAt"             timestamp with time zone default CURRENT_TIMESTAMP,
+         "updatedAt"             timestamp with time zone default CURRENT_TIMESTAMP,
+         "lastSeasonChange"      timestamp with time zone default CURRENT_TIMESTAMP,
+         "mediaAddedAt"          timestamp with time zone,
+         "serviceId"             int,
+         "serviceId4k"           int,
+         "externalServiceId"     int,
+         "externalServiceId4k"   int,
+         "externalServiceSlug"   text,
+         "externalServiceSlug4k" text,
+         "ratingKey"             text,
+         "ratingKey4k"           text,
+         "jellyfinMediaId"       text,
+         "jellyfinMediaId4k"     text,
+         constraint idx_194722_media_pkey
+           primary key (id)
+       );`
+    );
+    await queryRunner.query(
+      `create table if not exists season
+       (
+         id             serial,
+         "seasonNumber" int,
+         status         int default '1'::int,
+         "createdAt"    timestamp with time zone  default CURRENT_TIMESTAMP,
+         "updatedAt"    timestamp with time zone  default CURRENT_TIMESTAMP,
+         "mediaId"      int not null,
+         status4k       int default '1'::int,
+         constraint idx_194715_season_pkey
+           primary key (id),
+         foreign key ("mediaId") references media
+           on delete cascade
+       );`
+    );
+    await queryRunner.query(
+      `create index if not exists "idx_194722_IDX_7ff2d11f6a83cb52386eaebe74"
+        on media ("imdbId");`
+    );
+    await queryRunner.query(
+      `create index if not exists "idx_194722_IDX_41a289eb1fa489c1bc6f38d9c3"
+        on media ("tvdbId");`
+    );
+    await queryRunner.query(
+      `create index if not exists "idx_194722_IDX_7157aad07c73f6a6ae3bbd5ef5"
+        on media ("tmdbId");`
+    );
+    await queryRunner.query(
+      `create unique index if not exists idx_194722_sqlite_autoindex_media_1
+        on media ("tvdbId");`
+    );
+    await queryRunner.query(
+      `create table if not exists "user"
+       (
+         id                           serial,
+         email                        text,
+         username                     text,
+         "plexId"                     int,
+         "plexToken"                  text,
+         permissions                  int default '0'::int,
+         avatar                       text,
+         "createdAt"                  timestamp with time zone  default CURRENT_TIMESTAMP,
+         "updatedAt"                  timestamp with time zone  default CURRENT_TIMESTAMP,
+         password                     text,
+         "userType"                   int default '1'::int,
+         "plexUsername"               text,
+         "resetPasswordGuid"          text,
+         "recoveryLinkExpirationDate" date,
+         "movieQuotaLimit"            int,
+         "movieQuotaDays"             int,
+         "tvQuotaLimit"               int,
+         "tvQuotaDays"                int,
+         "jellyfinUsername"           text,
+         "jellyfinAuthToken"          text,
+         "jellyfinUserId"             text,
+         "jellyfinDeviceId"           text,
+         constraint idx_194731_user_pkey
+           primary key (id)
+       );`
+    );
+    await queryRunner.query(
+      `create unique index if not exists idx_194731_sqlite_autoindex_user_1
+        on "user" (email);`
+    );
+    await queryRunner.query(
+      `create table if not exists user_push_subscription
+       (
+         id       serial,
+         endpoint text,
+         p256dh   text,
+         auth     text,
+         "userId" int,
+         constraint idx_194740_user_push_subscription_pkey
+           primary key (id),
+         foreign key ("userId") references "user"
+           on delete cascade
+       );`
+    );
+    await queryRunner.query(
+      `create unique index if not exists idx_194740_sqlite_autoindex_user_push_subscription_1
+        on user_push_subscription (auth);`
+    );
+    await queryRunner.query(
+      `create table if not exists issue
+       (
+         id               serial,
+         "issueType"      int,
+         status           int default '1'::int,
+         "problemSeason"  int default '0'::int,
+         "problemEpisode" int default '0'::int,
+         "createdAt"      timestamp with time zone  default CURRENT_TIMESTAMP,
+         "updatedAt"      timestamp with time zone  default CURRENT_TIMESTAMP,
+         "mediaId"        int not null,
+         "createdById"    int,
+         "modifiedById"   int,
+         constraint idx_194747_issue_pkey
+           primary key (id),
+         foreign key ("modifiedById") references "user"
+           on delete cascade,
+         foreign key ("createdById") references "user"
+           on delete cascade,
+         foreign key ("mediaId") references media
+           on delete cascade
+       );`
+    );
+    await queryRunner.query(
+      `create table if not exists issue_comment
+       (
+         id          serial,
+         message     text,
+         "createdAt" timestamp with time zone default CURRENT_TIMESTAMP,
+         "updatedAt" timestamp with time zone default CURRENT_TIMESTAMP,
+         "userId"    int,
+         "issueId"   int,
+         constraint idx_194755_issue_comment_pkey
+           primary key (id),
+         foreign key ("issueId") references issue
+           on delete cascade,
+         foreign key ("userId") references "user"
+           on delete cascade
+       );`
+    );
+    await queryRunner.query(
+      `create table if not exists user_settings
+       (
+           id                         serial,
+           "notificationTypes"        text,
+           "discordId"                text,
+           "userId"                   int,
+           region                     text,
+           "originalLanguage"         text,
+           "telegramChatId"           text,
+           "telegramSendSilently"     boolean,
+           "pgpKey"                   text,
+           locale                     text default ''::text,
+           "pushbulletAccessToken"    text,
+           "pushoverApplicationToken" text,
+           "pushoverUserKey"          text,
+           "watchlistSyncMovies"      boolean,
+           "watchlistSyncTv"          boolean,
+           "pushoverSound"            varchar,
+           constraint idx_194762_user_settings_pkey
+               primary key (id),
+           foreign key ("userId") references "user"
+               on delete cascade
+       );`
+    );
+    await queryRunner.query(
+      `create unique index if not exists idx_194762_sqlite_autoindex_user_settings_1
+        on user_settings ("userId");`
+    );
+    await queryRunner.query(
+      `create table if not exists media_request
+       (
+         id                  serial,
+         status              int,
+         "createdAt"         timestamp with time zone  default CURRENT_TIMESTAMP,
+         "updatedAt"         timestamp with time zone  default CURRENT_TIMESTAMP,
+         type                text,
+         "mediaId"           int not null,
+         "requestedById"     int,
+         "modifiedById"      int,
+         is4k                boolean default false,
+         "serverId"          int,
+         "profileId"         int,
+         "rootFolder"        text,
+         "languageProfileId" int,
+         tags                text,
+         "isAutoRequest"     boolean default false,
+         constraint idx_194770_media_request_pkey
+           primary key (id),
+         foreign key ("modifiedById") references "user"
+           on delete set null,
+         foreign key ("requestedById") references "user"
+           on delete cascade,
+         foreign key ("mediaId") references media
+           on delete cascade
+       );`
+    );
+    await queryRunner.query(
+      `create table if not exists season_request
+       (
+         id             serial NOT NULL,
+         "seasonNumber" int,
+         status         int                      default '1'::int,
+         "createdAt"    timestamp with time zone default now(),
+         "updatedAt"    timestamp with time zone default now(),
+         "requestId"    int,
+         constraint idx_194709_season_request_pkey
+           primary key (id),
+         foreign key ("requestId") references media_request
+           on delete cascade
+       );`
+    );
+    await queryRunner.query(
+      `create table if not exists discover_slider
+       (
+         id          serial,
+         type        integer,
+         "order"     integer,
+         "isBuiltIn" boolean default false,
+         enabled     boolean default true,
+         title       text,
+         data        text,
+         "createdAt" timestamp with time zone default CURRENT_TIMESTAMP,
+         "updatedAt" timestamp with time zone default CURRENT_TIMESTAMP,
+         constraint idx_194779_discover_slider_pkey
+           primary key (id)
+       );`
+    );
+    await queryRunner.query(
+      `create table if not exists watchlist
+       (
+         id              serial,
+         "ratingKey"     text,
+         "mediaType"     text,
+         title           text,
+         "tmdbId"        int,
+         "createdAt"     timestamp with time zone default CURRENT_TIMESTAMP,
+         "updatedAt"     timestamp with time zone default CURRENT_TIMESTAMP,
+         "requestedById" int,
+         "mediaId"       int not null,
+         constraint idx_194788_watchlist_pkey
+           primary key (id)
+       );`
+    );
+    await queryRunner.query(
+      `create index if not exists "idx_194788_IDX_939f205946256cc0d2a1ac51a8"
+        on watchlist ("tmdbId");`
+    );
+    await queryRunner.query(
+      `create unique index if not exists idx_194788_sqlite_autoindex_watchlist_1
+        on watchlist ("tmdbId", "requestedById");`
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`drop table if exists session cascade`);
+    await queryRunner.query(`drop table if exists season_request cascade`);
+    await queryRunner.query(`drop table if exists season cascade`);
+    await queryRunner.query(
+      `drop table if exists user_push_subscription cascade`
+    );
+    await queryRunner.query(`drop table if exists issue_comment cascade`);
+    await queryRunner.query(`drop table if exists issue cascade`);
+    await queryRunner.query(`drop table if exists user_settings cascade`);
+    await queryRunner.query(`drop table if exists media_request cascade`);
+    await queryRunner.query(`drop table if exists media cascade`);
+    await queryRunner.query(`drop table if exists "user" cascade`);
+    await queryRunner.query(`drop table if exists discover_slider cascade`);
+    await queryRunner.query(`drop table if exists watchlist cascade`);
+  }
+}
--- a/server/migration/postgres/1730770837441-AddBlacklist.ts
+++ b/server/migration/postgres/1730770837441-AddBlacklist.ts
@@ -0,0 +1,32 @@
+import type { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddBlacklist1730770837441 implements MigrationInterface {
+  name = 'AddBlacklist1730770837441';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `CREATE TABLE "blacklist"
+       (
+         "id"        SERIAL PRIMARY KEY,
+         "mediaType" VARCHAR   NOT NULL,
+         "title"     VARCHAR,
+         "tmdbId"    INTEGER   NOT NULL,
+         "createdAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW(),
+         "userId"    INTEGER,
+         "mediaId"   INTEGER,
+         CONSTRAINT "UQ_6bbafa28411e6046421991ea21c" UNIQUE ("tmdbId", "userId")
+       )`
+    );
+
+    await queryRunner.query(
+      `CREATE INDEX "IDX_6bbafa28411e6046421991ea21" ON "blacklist" ("tmdbId")`
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `DROP INDEX IF EXISTS "IDX_6bbafa28411e6046421991ea21"`
+    );
+    await queryRunner.query(`DROP TABLE IF EXISTS "blacklist"`);
+  }
+}
--- a/server/migration/sqlite/1603944374840-InitialMigration.ts
+++ b/server/migration/sqlite/1603944374840-InitialMigration.ts
--- a/server/migration/sqlite/1605085519544-SeasonStatus.ts
+++ b/server/migration/sqlite/1605085519544-SeasonStatus.ts
--- a/server/migration/sqlite/1606730060700-CascadeMigration.ts
+++ b/server/migration/sqlite/1606730060700-CascadeMigration.ts
--- a/server/migration/sqlite/1607928251245-DropImdbIdConstraint.ts
+++ b/server/migration/sqlite/1607928251245-DropImdbIdConstraint.ts
--- a/server/migration/sqlite/1608217312474-AddUserRequestDeleteCascades.ts
+++ b/server/migration/sqlite/1608217312474-AddUserRequestDeleteCascades.ts
--- a/server/migration/sqlite/1608477467935-AddLastSeasonChangeMedia.ts
+++ b/server/migration/sqlite/1608477467935-AddLastSeasonChangeMedia.ts
--- a/server/migration/sqlite/1608477467936-ForceDropImdbUniqueConstraint.ts
+++ b/server/migration/sqlite/1608477467936-ForceDropImdbUniqueConstraint.ts
--- a/server/migration/sqlite/1609236552057-RemoveTmdbIdUniqueConstraint.ts
+++ b/server/migration/sqlite/1609236552057-RemoveTmdbIdUniqueConstraint.ts
--- a/server/migration/sqlite/1610070934506-LocalUsers.ts
+++ b/server/migration/sqlite/1610070934506-LocalUsers.ts
--- a/server/migration/sqlite/1610370640747-Add4kStatusFields.ts
+++ b/server/migration/sqlite/1610370640747-Add4kStatusFields.ts
--- a/server/migration/sqlite/1610522845513-AddMediaAddedFieldToMedia.ts
+++ b/server/migration/sqlite/1610522845513-AddMediaAddedFieldToMedia.ts
--- a/server/migration/sqlite/1611508672722-AddDisplayNameToUser.ts
+++ b/server/migration/sqlite/1611508672722-AddDisplayNameToUser.ts
--- a/server/migration/sqlite/1611757511674-SonarrRadarrSyncServiceFields.ts
+++ b/server/migration/sqlite/1611757511674-SonarrRadarrSyncServiceFields.ts
--- a/server/migration/sqlite/1611801511397-AddRatingKeysToMedia.ts
+++ b/server/migration/sqlite/1611801511397-AddRatingKeysToMedia.ts
--- a/server/migration/sqlite/1612482778137-AddResetPasswordGuidAndExpiryDate.ts
+++ b/server/migration/sqlite/1612482778137-AddResetPasswordGuidAndExpiryDate.ts
--- a/server/migration/sqlite/1612571545781-AddLanguageProfileId.ts
+++ b/server/migration/sqlite/1612571545781-AddLanguageProfileId.ts
--- a/server/migration/sqlite/1613379909641-AddJellyfinUserParams.ts
+++ b/server/migration/sqlite/1613379909641-AddJellyfinUserParams.ts
--- a/server/migration/sqlite/1613412948344-ServerTypeEnum.ts
+++ b/server/migration/sqlite/1613412948344-ServerTypeEnum.ts
--- a/server/migration/sqlite/1613615266968-CreateUserSettings.ts
+++ b/server/migration/sqlite/1613615266968-CreateUserSettings.ts
--- a/server/migration/sqlite/1613670041760-AddJellyfinDeviceId.ts
+++ b/server/migration/sqlite/1613670041760-AddJellyfinDeviceId.ts
--- a/server/migration/sqlite/1613955393450-UpdateUserSettingsRegions.ts
+++ b/server/migration/sqlite/1613955393450-UpdateUserSettingsRegions.ts
--- a/server/migration/sqlite/1614334195680-AddTelegramSettingsToUserSettings.ts
+++ b/server/migration/sqlite/1614334195680-AddTelegramSettingsToUserSettings.ts
--- a/server/migration/sqlite/1615333940450-AddPGPToUserSettings.ts
+++ b/server/migration/sqlite/1615333940450-AddPGPToUserSettings.ts
--- a/server/migration/sqlite/1616576677254-AddUserQuotaFields.ts
+++ b/server/migration/sqlite/1616576677254-AddUserQuotaFields.ts
--- a/server/migration/sqlite/1617624225464-CreateTagsFieldonMediaRequest.ts
+++ b/server/migration/sqlite/1617624225464-CreateTagsFieldonMediaRequest.ts
--- a/server/migration/sqlite/1617730837489-AddUserSettingsNotificationAgentsField.ts
+++ b/server/migration/sqlite/1617730837489-AddUserSettingsNotificationAgentsField.ts
--- a/server/migration/sqlite/1618912653565-CreateUserPushSubscriptions.ts
+++ b/server/migration/sqlite/1618912653565-CreateUserPushSubscriptions.ts
--- a/server/migration/sqlite/1619239659754-AddUserSettingsLocale.ts
+++ b/server/migration/sqlite/1619239659754-AddUserSettingsLocale.ts
--- a/server/migration/sqlite/1619339817343-AddUserSettingsNotificationTypes.ts
+++ b/server/migration/sqlite/1619339817343-AddUserSettingsNotificationTypes.ts
--- a/server/migration/sqlite/1634904083966-AddIssues.ts
+++ b/server/migration/sqlite/1634904083966-AddIssues.ts
--- a/server/migration/sqlite/1635079863457-AddPushbulletPushoverUserSettings.ts
+++ b/server/migration/sqlite/1635079863457-AddPushbulletPushoverUserSettings.ts
--- a/server/migration/sqlite/1660632269368-AddWatchlistSyncUserSetting.ts
+++ b/server/migration/sqlite/1660632269368-AddWatchlistSyncUserSetting.ts
--- a/server/migration/sqlite/1660714479373-AddMediaRequestIsAutoRequestedField.ts
+++ b/server/migration/sqlite/1660714479373-AddMediaRequestIsAutoRequestedField.ts
--- a/server/migration/sqlite/1672041273674-AddDiscoverSlider.ts
+++ b/server/migration/sqlite/1672041273674-AddDiscoverSlider.ts
--- a/server/migration/sqlite/1682608634546-AddWatchlists.ts
+++ b/server/migration/sqlite/1682608634546-AddWatchlists.ts
--- a/server/migration/sqlite/1697393491630-AddUserPushoverSound.ts
+++ b/server/migration/sqlite/1697393491630-AddUserPushoverSound.ts
--- a/server/migration/sqlite/1699901142442-AddBlacklist.ts
+++ b/server/migration/sqlite/1699901142442-AddBlacklist.ts
@@ -0,0 +1,20 @@
+import type { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddBlacklist1699901142442 implements MigrationInterface {
+  name = 'AddBlacklist1699901142442';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `CREATE TABLE "blacklist" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "mediaType" varchar NOT NULL, "title" varchar, "tmdbId" integer NOT NULL, "createdAt" datetime NOT NULL DEFAULT (datetime('now')),"userId" integer, "mediaId" integer,CONSTRAINT "UQ_6bbafa28411e6046421991ea21c" UNIQUE ("tmdbId", "userId"))`
+    );
+
+    await queryRunner.query(
+      `CREATE INDEX "IDX_6bbafa28411e6046421991ea21" ON "blacklist" ("tmdbId") `
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`DROP TABLE "blacklist"`);
+    await queryRunner.query(`DROP INDEX "IDX_6bbafa28411e6046421991ea21"`);
+  }
+}
--- a/server/routes/auth.ts
+++ b/server/routes/auth.ts
@@ -14,7 +14,6 @@ import { ApiError } from '@server/types/error';
 import { getHostname } from '@server/utils/getHostname';
 import * as EmailValidator from 'email-validator';
 import { Router } from 'express';
-import gravatarUrl from 'gravatar-url';
 import net from 'net';

 const authRoutes = Router();
@@ -88,7 +87,7 @@ authRoutes.post('/plex', async (req, res, next) => {
      });

      settings.main.mediaServerType = MediaServerType.PLEX;
-      settings.save();
+      await settings.save();
      startJobs();

      await userRepository.save(user);
@@ -261,8 +260,6 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
            urlBase: body.urlBase,
          });

-    const { externalHostname } = getSettings().jellyfin;
-
    // Try to find deviceId that corresponds to jellyfin user, else generate a new one
    let user = await userRepository.findOne({
      where: { jellyfinUsername: body.username },
@@ -280,11 +277,6 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
    // First we need to attempt to log the user in to jellyfin
    const jellyfinserver = new JellyfinAPI(hostname ?? '', undefined, deviceId);

-    const jellyfinHost =
-      externalHostname && externalHostname.length > 0
-        ? externalHostname
-        : hostname;
-
    const ip = req.ip;
    let clientIp;

@@ -307,62 +299,84 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
      where: { jellyfinUserId: account.User.Id },
    });

-    if (!user && !(await userRepository.count())) {
+    const missingAdminUser = !user && !(await userRepository.count());
+    if (
+      missingAdminUser ||
+      settings.main.mediaServerType === MediaServerType.NOT_CONFIGURED
+    ) {
      // Check if user is admin on jellyfin
      if (account.User.Policy.IsAdministrator === false) {
        throw new ApiError(403, ApiErrorCode.NotAdmin);
      }

-      logger.info(
-        'Sign-in attempt from Jellyfin user with access to the media server; creating initial admin user for Overseerr',
-        {
-          label: 'API',
-          ip: req.ip,
-          jellyfinUsername: account.User.Name,
-        }
-      );
+      if (
+        body.serverType !== MediaServerType.JELLYFIN &&
+        body.serverType !== MediaServerType.EMBY
+      ) {
+        throw new Error('select_server_type');
+      }
+      settings.main.mediaServerType = body.serverType;

-      // User doesn't exist, and there are no users in the database, we'll create the user
-      // with admin permissions
-      switch (body.serverType) {
-        case MediaServerType.EMBY:
-          settings.main.mediaServerType = MediaServerType.EMBY;
-          user = new User({
-            email: body.email || account.User.Name,
+      if (missingAdminUser) {
+        logger.info(
+          'Sign-in attempt from Jellyfin user with access to the media server; creating initial admin user for Jellyseerr',
+          {
+            label: 'API',
+            ip: req.ip,
            jellyfinUsername: account.User.Name,
-            jellyfinUserId: account.User.Id,
-            jellyfinDeviceId: deviceId,
-            jellyfinAuthToken: account.AccessToken,
-            permissions: Permission.ADMIN,
-            avatar: account.User.PrimaryImageTag
-              ? `${jellyfinHost}/Users/${account.User.Id}/Images/Primary/?tag=${account.User.PrimaryImageTag}&quality=90`
-              : gravatarUrl(body.email || account.User.Name, {
-                  default: 'mm',
-                  size: 200,
-                }),
-            userType: UserType.EMBY,
-          });
-          break;
-        case MediaServerType.JELLYFIN:
-          settings.main.mediaServerType = MediaServerType.JELLYFIN;
-          user = new User({
-            email: body.email || account.User.Name,
+          }
+        );
+
+        // User doesn't exist, and there are no users in the database, we'll create the user
+        // with admin permissions
+
+        user = new User({
+          id: 1,
+          email: body.email || account.User.Name,
+          jellyfinUsername: account.User.Name,
+          jellyfinUserId: account.User.Id,
+          jellyfinDeviceId: deviceId,
+          jellyfinAuthToken: account.AccessToken,
+          permissions: Permission.ADMIN,
+          avatar: `/avatarproxy/${account.User.Id}`,
+          userType:
+            body.serverType === MediaServerType.JELLYFIN
+              ? UserType.JELLYFIN
+              : UserType.EMBY,
+        });
+
+        await userRepository.save(user);
+      } else {
+        logger.info(
+          'Sign-in attempt from Jellyfin user with access to the media server; editing admin user for Jellyseerr',
+          {
+            label: 'API',
+            ip: req.ip,
            jellyfinUsername: account.User.Name,
-            jellyfinUserId: account.User.Id,
-            jellyfinDeviceId: deviceId,
-            jellyfinAuthToken: account.AccessToken,
-            permissions: Permission.ADMIN,
-            avatar: account.User.PrimaryImageTag
-              ? `${jellyfinHost}/Users/${account.User.Id}/Images/Primary/?tag=${account.User.PrimaryImageTag}&quality=90`
-              : gravatarUrl(body.email || account.User.Name, {
-                  default: 'mm',
-                  size: 200,
-                }),
-            userType: UserType.JELLYFIN,
-          });
-          break;
-        default:
-          throw new Error('select_server_type');
+          }
+        );
+
+        // User alread exist but settings.json is not configured, we'll edit the admin user
+
+        user = await userRepository.findOne({
+          where: { id: 1 },
+        });
+        if (!user) {
+          throw new Error('Unable to find admin user to edit');
+        }
+        user.email = body.email || account.User.Name;
+        user.jellyfinUsername = account.User.Name;
+        user.jellyfinUserId = account.User.Id;
+        user.jellyfinDeviceId = deviceId;
+        user.jellyfinAuthToken = account.AccessToken;
+        user.permissions = Permission.ADMIN;
+        user.avatar = `/avatarproxy/${account.User.Id}`;
+        user.userType =
+          body.serverType === MediaServerType.JELLYFIN
+            ? UserType.JELLYFIN
+            : UserType.EMBY;
+
+        await userRepository.save(user);
      }

      // Create an API key on Jellyfin from this admin user
@@ -382,10 +396,8 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
      settings.jellyfin.urlBase = body.urlBase ?? '';
      settings.jellyfin.useSsl = body.useSsl ?? false;
      settings.jellyfin.apiKey = apiKey;
-      settings.save();
+      await settings.save();
      startJobs();
-
-      await userRepository.save(user);
    }
    // User already exists, let's update their information
    else if (account.User.Id === user?.jellyfinUserId) {
@@ -405,15 +417,7 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
          jellyfinUsername: account.User.Name,
        }
      );
-      // Update the users avatar with their jellyfin profile pic (incase it changed)
-      if (account.User.PrimaryImageTag) {
-        user.avatar = `${jellyfinHost}/Users/${account.User.Id}/Images/Primary/?tag=${account.User.PrimaryImageTag}&quality=90`;
-      } else {
-        user.avatar = gravatarUrl(user.email || account.User.Name, {
-          default: 'mm',
-          size: 200,
-        });
-      }
+      user.avatar = `/avatarproxy/${account.User.Id}`;
      user.jellyfinUsername = account.User.Name;

      if (user.username === account.User.Name) {
@@ -451,17 +455,13 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
        jellyfinUserId: account.User.Id,
        jellyfinDeviceId: deviceId,
        permissions: settings.main.defaultPermissions,
-        avatar: account.User.PrimaryImageTag
-          ? `${jellyfinHost}/Users/${account.User.Id}/Images/Primary/?tag=${account.User.PrimaryImageTag}&quality=90`
-          : gravatarUrl(body.email || account.User.Name, {
-              default: 'mm',
-              size: 200,
-            }),
+        avatar: `/avatarproxy/${account.User.Id}`,
        userType:
          settings.main.mediaServerType === MediaServerType.JELLYFIN
            ? UserType.JELLYFIN
            : UserType.EMBY,
      });
+
      //initialize Jellyfin/Emby users with local login
      const passedExplicitPassword = body.password && body.password.length > 0;
      if (passedExplicitPassword) {
--- a/server/routes/avatarproxy.ts
+++ b/server/routes/avatarproxy.ts
@@ -0,0 +1,86 @@
+import { MediaServerType } from '@server/constants/server';
+import { getRepository } from '@server/datasource';
+import { User } from '@server/entity/User';
+import ImageProxy from '@server/lib/imageproxy';
+import { getSettings } from '@server/lib/settings';
+import logger from '@server/logger';
+import { getAppVersion } from '@server/utils/appVersion';
+import { getHostname } from '@server/utils/getHostname';
+import { Router } from 'express';
+import gravatarUrl from 'gravatar-url';
+
+const router = Router();
+
+let _avatarImageProxy: ImageProxy | null = null;
+async function initAvatarImageProxy() {
+  if (!_avatarImageProxy) {
+    const userRepository = getRepository(User);
+    const admin = await userRepository.findOne({
+      where: { id: 1 },
+      select: ['id', 'jellyfinUserId', 'jellyfinDeviceId'],
+      order: { id: 'ASC' },
+    });
+    const deviceId = admin?.jellyfinDeviceId;
+    const authToken = getSettings().jellyfin.apiKey;
+    _avatarImageProxy = new ImageProxy('avatar', '', {
+      headers: {
+        'X-Emby-Authorization': `MediaBrowser Client="Jellyseerr", Device="Jellyseerr", DeviceId="${deviceId}", Version="${getAppVersion()}", Token="${authToken}"`,
+      },
+    });
+  }
+  return _avatarImageProxy;
+}
+
+router.get('/:jellyfinUserId', async (req, res) => {
+  try {
+    if (!req.params.jellyfinUserId.match(/^[a-f0-9]{32}$/)) {
+      const mediaServerType = getSettings().main.mediaServerType;
+      throw new Error(
+        `Provided URL is not ${
+          mediaServerType === MediaServerType.JELLYFIN
+            ? 'a Jellyfin'
+            : 'an Emby'
+        } avatar.`
+      );
+    }
+
+    const avatarImageCache = await initAvatarImageProxy();
+
+    const user = await getRepository(User).findOne({
+      where: { jellyfinUserId: req.params.jellyfinUserId },
+    });
+
+    const fallbackUrl = gravatarUrl(user?.email || 'none', {
+      default: 'mm',
+      size: 200,
+    });
+    const jellyfinAvatarUrl = `${getHostname()}/UserImage?UserId=${
+      req.params.jellyfinUserId
+    }`;
+    let imageData = await avatarImageCache.getImage(
+      jellyfinAvatarUrl,
+      fallbackUrl
+    );
+
+    if (imageData.meta.extension === 'json') {
+      // this is a 404
+      imageData = await avatarImageCache.getImage(fallbackUrl);
+    }
+
+    res.writeHead(200, {
+      'Content-Type': `image/${imageData.meta.extension}`,
+      'Content-Length': imageData.imageBuffer.length,
+      'Cache-Control': `public, max-age=${imageData.meta.curRevalidate}`,
+      'OS-Cache-Key': imageData.meta.cacheKey,
+      'OS-Cache-Status': imageData.meta.cacheMiss ? 'MISS' : 'HIT',
+    });
+
+    res.end(imageData.imageBuffer);
+  } catch (e) {
+    logger.error('Failed to proxy avatar image', {
+      errorMessage: e.message,
+    });
+  }
+});
+
+export default router;
--- a/server/routes/blacklist.ts
+++ b/server/routes/blacklist.ts
@@ -0,0 +1,171 @@
+import { MediaType } from '@server/constants/media';
+import { getRepository } from '@server/datasource';
+import { Blacklist } from '@server/entity/Blacklist';
+import Media from '@server/entity/Media';
+import type { BlacklistResultsResponse } from '@server/interfaces/api/blacklistInterfaces';
+import { Permission } from '@server/lib/permissions';
+import logger from '@server/logger';
+import { isAuthenticated } from '@server/middleware/auth';
+import { Router } from 'express';
+import { EntityNotFoundError, QueryFailedError } from 'typeorm';
+import { z } from 'zod';
+
+const blacklistRoutes = Router();
+
+export const blacklistAdd = z.object({
+  tmdbId: z.coerce.number(),
+  mediaType: z.nativeEnum(MediaType),
+  title: z.coerce.string().optional(),
+  user: z.coerce.number(),
+});
+
+blacklistRoutes.get(
+  '/',
+  isAuthenticated([Permission.MANAGE_BLACKLIST, Permission.VIEW_BLACKLIST], {
+    type: 'or',
+  }),
+  async (req, res, next) => {
+    const pageSize = req.query.take ? Number(req.query.take) : 25;
+    const skip = req.query.skip ? Number(req.query.skip) : 0;
+    const search = (req.query.search as string) ?? '';
+
+    try {
+      let query = getRepository(Blacklist)
+        .createQueryBuilder('blacklist')
+        .leftJoinAndSelect('blacklist.user', 'user');
+
+      if (search.length > 0) {
+        query = query.where('blacklist.title like :title', {
+          title: `%${search}%`,
+        });
+      }
+
+      const [blacklistedItems, itemsCount] = await query
+        .orderBy('blacklist.createdAt', 'DESC')
+        .take(pageSize)
+        .skip(skip)
+        .getManyAndCount();
+
+      return res.status(200).json({
+        pageInfo: {
+          pages: Math.ceil(itemsCount / pageSize),
+          pageSize,
+          results: itemsCount,
+          page: Math.ceil(skip / pageSize) + 1,
+        },
+        results: blacklistedItems,
+      } as BlacklistResultsResponse);
+    } catch (error) {
+      logger.error('Something went wrong while retrieving blacklisted items', {
+        label: 'Blacklist',
+        errorMessage: error.message,
+      });
+      return next({
+        status: 500,
+        message: 'Unable to retrieve blacklisted items.',
+      });
+    }
+  }
+);
+
+blacklistRoutes.get(
+  '/:id',
+  isAuthenticated([Permission.MANAGE_BLACKLIST], {
+    type: 'or',
+  }),
+  async (req, res, next) => {
+    try {
+      const blacklisteRepository = getRepository(Blacklist);
+
+      const blacklistItem = await blacklisteRepository.findOneOrFail({
+        where: { tmdbId: Number(req.params.id) },
+      });
+
+      return res.status(200).send(blacklistItem);
+    } catch (e) {
+      if (e instanceof EntityNotFoundError) {
+        return next({
+          status: 401,
+          message: e.message,
+        });
+      }
+      return next({ status: 500, message: e.message });
+    }
+  }
+);
+
+blacklistRoutes.post(
+  '/',
+  isAuthenticated([Permission.MANAGE_BLACKLIST], {
+    type: 'or',
+  }),
+  async (req, res, next) => {
+    try {
+      const values = blacklistAdd.parse(req.body);
+
+      await Blacklist.addToBlacklist({
+        blacklistRequest: values,
+      });
+
+      return res.status(201).send();
+    } catch (error) {
+      if (!(error instanceof Error)) {
+        return;
+      }
+
+      if (error instanceof QueryFailedError) {
+        switch (error.driverError.errno) {
+          case 19:
+            return next({ status: 412, message: 'Item already blacklisted' });
+          default:
+            logger.warn('Something wrong with data blacklist', {
+              tmdbId: req.body.tmdbId,
+              mediaType: req.body.mediaType,
+              label: 'Blacklist',
+            });
+            return next({ status: 409, message: 'Something wrong' });
+        }
+      }
+
+      return next({ status: 500, message: error.message });
+    }
+  }
+);
+
+blacklistRoutes.delete(
+  '/:id',
+  isAuthenticated([Permission.MANAGE_BLACKLIST], {
+    type: 'or',
+  }),
+  async (req, res, next) => {
+    try {
+      const blacklisteRepository = getRepository(Blacklist);
+
+      const blacklistItem = await blacklisteRepository.findOneOrFail({
+        where: { tmdbId: Number(req.params.id) },
+      });
+
+      await blacklisteRepository.remove(blacklistItem);
+
+      const mediaRepository = getRepository(Media);
+
+      const mediaItem = await mediaRepository.findOneOrFail({
+        where: { tmdbId: Number(req.params.id) },
+      });
+
+      await mediaRepository.remove(mediaItem);
+
+      return res.status(204).send();
+    } catch (e) {
+      if (e instanceof EntityNotFoundError) {
+        return next({
+          status: 401,
+          message: e.message,
+        });
+      }
+      return next({ status: 500, message: e.message });
+    }
+  }
+);
+
+export default blacklistRoutes;
--- a/server/routes/index.ts
+++ b/server/routes/index.ts
@@ -17,12 +17,17 @@ import { mapProductionCompany } from '@server/models/Movie';
 import { mapNetwork } from '@server/models/Tv';
 import settingsRoutes from '@server/routes/settings';
 import watchlistRoutes from '@server/routes/watchlist';
-import { appDataPath, appDataStatus } from '@server/utils/appDataVolume';
+import {
+  appDataPath,
+  appDataPermissions,
+  appDataStatus,
+} from '@server/utils/appDataVolume';
 import { getAppVersion, getCommitTag } from '@server/utils/appVersion';
 import restartFlag from '@server/utils/restartFlag';
 import { isPerson } from '@server/utils/typeHelpers';
 import { Router } from 'express';
 import authRoutes from './auth';
+import blacklistRoutes from './blacklist';
 import collectionRoutes from './collection';
 import discoverRoutes, { createTmdbWithRegionLanguage } from './discover';
 import issueRoutes from './issue';
@@ -92,6 +97,7 @@ router.get('/status/appdata', (_req, res) => {
  return res.status(200).json({
    appData: appDataStatus(),
    appDataPath: appDataPath(),
+    appDataPermissions: appDataPermissions(),
  });
 });

@@ -144,6 +150,7 @@ router.use('/search', isAuthenticated(), searchRoutes);
 router.use('/discover', isAuthenticated(), discoverRoutes);
 router.use('/request', isAuthenticated(), requestRoutes);
 router.use('/watchlist', isAuthenticated(), watchlistRoutes);
+router.use('/blacklist', isAuthenticated(), blacklistRoutes);
 router.use('/movie', isAuthenticated(), movieRoutes);
 router.use('/tv', isAuthenticated(), tvRoutes);
 router.use('/media', isAuthenticated(), mediaRoutes);
--- a/server/routes/request.ts
+++ b/server/routes/request.ts
@@ -8,6 +8,7 @@ import {
 import { getRepository } from '@server/datasource';
 import Media from '@server/entity/Media';
 import {
+  BlacklistedMediaError,
  DuplicateMediaRequestError,
  MediaRequest,
  NoSeasonsAvailableError,
@@ -112,7 +113,7 @@ requestRoutes.get<Record<string, unknown>, RequestResultsResponse>(
          requestStatus: statusFilter,
        })
        .andWhere(
-          '((request.is4k = 0 AND media.status IN (:...mediaStatus)) OR (request.is4k = 1 AND media.status4k IN (:...mediaStatus)))',
+          '((request.is4k = false AND media.status IN (:...mediaStatus)) OR (request.is4k = true AND media.status4k IN (:...mediaStatus)))',
          {
            mediaStatus: mediaStatusFilter,
          }
@@ -243,6 +244,8 @@ requestRoutes.post<never, MediaRequest, MediaRequestBody>(
          return next({ status: 409, message: error.message });
        case NoSeasonsAvailableError:
          return next({ status: 202, message: error.message });
+        case BlacklistedMediaError:
+          return next({ status: 403, message: error.message });
        default:
          return next({ status: 500, message: error.message });
      }
--- a/server/routes/service.ts
+++ b/server/routes/service.ts
@@ -123,9 +123,13 @@ serviceRoutes.get<{ sonarrId: string }>(
    });

    try {
+      const systemStatus = await sonarr.getSystemStatus();
+      const sonarrMajorVersion = Number(systemStatus.version.split('.')[0]);
+
      const profiles = await sonarr.getProfiles();
      const rootFolders = await sonarr.getRootFolders();
-      const languageProfiles = await sonarr.getLanguageProfiles();
+      const languageProfiles =
+        sonarrMajorVersion <= 3 ? await sonarr.getLanguageProfiles() : null;
      const tags = await sonarr.getTags();

      return res.status(200).json({
--- a/server/routes/settings/index.ts
+++ b/server/routes/settings/index.ts
@@ -32,7 +32,6 @@ import { getHostname } from '@server/utils/getHostname';
 import { Router } from 'express';
 import rateLimit from 'express-rate-limit';
 import fs from 'fs';
-import gravatarUrl from 'gravatar-url';
 import { escapeRegExp, merge, omit, set, sortBy } from 'lodash';
 import { rescheduleJob } from 'node-schedule';
 import path from 'path';
@@ -70,19 +69,19 @@ settingsRoutes.get('/main', (req, res, next) => {
  res.status(200).json(filteredMainSettings(req.user, settings.main));
 });

-settingsRoutes.post('/main', (req, res) => {
+settingsRoutes.post('/main', async (req, res) => {
  const settings = getSettings();

  settings.main = merge(settings.main, req.body);
-  settings.save();
+  await settings.save();

  return res.status(200).json(settings.main);
 });

-settingsRoutes.post('/main/regenerate', (req, res, next) => {
+settingsRoutes.post('/main/regenerate', async (req, res, next) => {
  const settings = getSettings();

-  const main = settings.regenerateApiKey();
+  const main = await settings.regenerateApiKey();

  if (!req.user) {
    return next({ status: 500, message: 'User missing from request.' });
@@ -119,7 +118,7 @@ settingsRoutes.post('/plex', async (req, res, next) => {
    settings.plex.machineId = result.MediaContainer.machineIdentifier;
    settings.plex.name = result.MediaContainer.friendlyName;

-    settings.save();
+    await settings.save();
  } catch (e) {
    logger.error('Something went wrong testing Plex connection', {
      label: 'API',
@@ -232,7 +231,7 @@ settingsRoutes.get('/plex/library', async (req, res) => {
    ...library,
    enabled: enabledLibraries.includes(library.id),
  }));
-  settings.save();
+  await settings.save();
  return res.status(200).json(settings.plex.libraries);
 });

@@ -283,7 +282,7 @@ settingsRoutes.post('/jellyfin', async (req, res, next) => {
    Object.assign(settings.jellyfin, req.body);
    settings.jellyfin.serverId = result.Id;
    settings.jellyfin.name = result.ServerName;
-    settings.save();
+    await settings.save();
  } catch (e) {
    if (e instanceof ApiError) {
      logger.error('Something went wrong testing Jellyfin connection', {
@@ -371,17 +370,12 @@ settingsRoutes.get('/jellyfin/library', async (req, res, next) => {
    ...library,
    enabled: enabledLibraries.includes(library.id),
  }));
-  settings.save();
+  await settings.save();
  return res.status(200).json(settings.jellyfin.libraries);
 });

 settingsRoutes.get('/jellyfin/users', async (req, res) => {
  const settings = getSettings();
-  const { externalHostname } = settings.jellyfin;
-  const jellyfinHost =
-    externalHostname && externalHostname.length > 0
-      ? externalHostname
-      : getHostname();

  const userRepository = getRepository(User);
  const admin = await userRepository.findOneOrFail({
@@ -400,9 +394,7 @@ settingsRoutes.get('/jellyfin/users', async (req, res) => {
  const users = resp.users.map((user) => ({
    username: user.Name,
    id: user.Id,
-    thumb: user.PrimaryImageTag
-      ? `${jellyfinHost}/Users/${user.Id}/Images/Primary/?tag=${user.PrimaryImageTag}&quality=90`
-      : gravatarUrl(user.Name, { default: 'mm', size: 200 }),
+    thumb: `/avatarproxy/${user.Id}`,
    email: user.Name,
  }));

@@ -442,7 +434,7 @@ settingsRoutes.post('/tautulli', async (req, res, next) => {
        throw new Error('Tautulli version not supported');
      }

-      settings.save();
+      await settings.save();
    } catch (e) {
      logger.error('Something went wrong testing Tautulli connection', {
        label: 'API',
@@ -703,7 +695,7 @@ settingsRoutes.post<{ jobId: JobId }>(

 settingsRoutes.post<{ jobId: JobId }>(
  '/jobs/:jobId/schedule',
-  (req, res, next) => {
+  async (req, res, next) => {
    const scheduledJob = scheduledJobs.find(
      (job) => job.id === req.params.jobId
    );
@@ -717,7 +709,7 @@ settingsRoutes.post<{ jobId: JobId }>(

    if (result) {
      settings.jobs[scheduledJob.id].schedule = req.body.schedule;
-      settings.save();
+      await settings.save();

      scheduledJob.cronSchedule = req.body.schedule;

@@ -746,11 +738,13 @@ settingsRoutes.get('/cache', async (_req, res) => {
  }));

  const tmdbImageCache = await ImageProxy.getImageStats('tmdb');
+  const avatarImageCache = await ImageProxy.getImageStats('avatar');

  return res.status(200).json({
    apiCaches,
    imageCache: {
      tmdb: tmdbImageCache,
+      avatar: avatarImageCache,
    },
  });
 });
@@ -772,11 +766,11 @@ settingsRoutes.post<{ cacheId: AvailableCacheIds }>(
 settingsRoutes.post(
  '/initialize',
  isAuthenticated(Permission.ADMIN),
-  (_req, res) => {
+  async (_req, res) => {
    const settings = getSettings();

    settings.public.initialized = true;
-    settings.save();
+    await settings.save();

    return res.status(200).json(settings.public);
  }
--- a/server/routes/settings/notifications.ts
+++ b/server/routes/settings/notifications.ts
@@ -31,11 +31,11 @@ notificationRoutes.get('/discord', (_req, res) => {
  res.status(200).json(settings.notifications.agents.discord);
 });

-notificationRoutes.post('/discord', (req, res) => {
+notificationRoutes.post('/discord', async (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.discord = req.body;
-  settings.save();
+  await settings.save();

  res.status(200).json(settings.notifications.agents.discord);
 });
@@ -65,11 +65,11 @@ notificationRoutes.get('/slack', (_req, res) => {
  res.status(200).json(settings.notifications.agents.slack);
 });

-notificationRoutes.post('/slack', (req, res) => {
+notificationRoutes.post('/slack', async (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.slack = req.body;
-  settings.save();
+  await settings.save();

  res.status(200).json(settings.notifications.agents.slack);
 });
@@ -99,11 +99,11 @@ notificationRoutes.get('/telegram', (_req, res) => {
  res.status(200).json(settings.notifications.agents.telegram);
 });

-notificationRoutes.post('/telegram', (req, res) => {
+notificationRoutes.post('/telegram', async (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.telegram = req.body;
-  settings.save();
+  await settings.save();

  res.status(200).json(settings.notifications.agents.telegram);
 });
@@ -133,11 +133,11 @@ notificationRoutes.get('/pushbullet', (_req, res) => {
  res.status(200).json(settings.notifications.agents.pushbullet);
 });

-notificationRoutes.post('/pushbullet', (req, res) => {
+notificationRoutes.post('/pushbullet', async (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.pushbullet = req.body;
-  settings.save();
+  await settings.save();

  res.status(200).json(settings.notifications.agents.pushbullet);
 });
@@ -167,11 +167,11 @@ notificationRoutes.get('/pushover', (_req, res) => {
  res.status(200).json(settings.notifications.agents.pushover);
 });

-notificationRoutes.post('/pushover', (req, res) => {
+notificationRoutes.post('/pushover', async (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.pushover = req.body;
-  settings.save();
+  await settings.save();

  res.status(200).json(settings.notifications.agents.pushover);
 });
@@ -201,11 +201,11 @@ notificationRoutes.get('/email', (_req, res) => {
  res.status(200).json(settings.notifications.agents.email);
 });

-notificationRoutes.post('/email', (req, res) => {
+notificationRoutes.post('/email', async (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.email = req.body;
-  settings.save();
+  await settings.save();

  res.status(200).json(settings.notifications.agents.email);
 });
@@ -235,11 +235,11 @@ notificationRoutes.get('/webpush', (_req, res) => {
  res.status(200).json(settings.notifications.agents.webpush);
 });

-notificationRoutes.post('/webpush', (req, res) => {
+notificationRoutes.post('/webpush', async (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.webpush = req.body;
-  settings.save();
+  await settings.save();

  res.status(200).json(settings.notifications.agents.webpush);
 });
@@ -284,7 +284,7 @@ notificationRoutes.get('/webhook', (_req, res) => {
  res.status(200).json(response);
 });

-notificationRoutes.post('/webhook', (req, res, next) => {
+notificationRoutes.post('/webhook', async (req, res, next) => {
  const settings = getSettings();
  try {
    JSON.parse(req.body.options.jsonPayload);
@@ -300,7 +300,7 @@ notificationRoutes.post('/webhook', (req, res, next) => {
        authHeader: req.body.options.authHeader,
      },
    };
-    settings.save();
+    await settings.save();

    res.status(200).json(settings.notifications.agents.webhook);
  } catch (e) {
@@ -351,11 +351,11 @@ notificationRoutes.get('/lunasea', (_req, res) => {
  res.status(200).json(settings.notifications.agents.lunasea);
 });

-notificationRoutes.post('/lunasea', (req, res) => {
+notificationRoutes.post('/lunasea', async (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.lunasea = req.body;
-  settings.save();
+  await settings.save();

  res.status(200).json(settings.notifications.agents.lunasea);
 });
@@ -385,11 +385,11 @@ notificationRoutes.get('/gotify', (_req, res) => {
  res.status(200).json(settings.notifications.agents.gotify);
 });

-notificationRoutes.post('/gotify', (req, res) => {
+notificationRoutes.post('/gotify', async (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.gotify = req.body;
-  settings.save();
+  await settings.save();

  res.status(200).json(settings.notifications.agents.gotify);
 });
--- a/server/routes/settings/radarr.ts
+++ b/server/routes/settings/radarr.ts
@@ -12,7 +12,7 @@ radarrRoutes.get('/', (_req, res) => {
  res.status(200).json(settings.radarr);
 });

-radarrRoutes.post('/', (req, res) => {
+radarrRoutes.post('/', async (req, res) => {
  const settings = getSettings();

  const newRadarr = req.body as RadarrSettings;
@@ -31,7 +31,7 @@ radarrRoutes.post('/', (req, res) => {
  }

  settings.radarr = [...settings.radarr, newRadarr];
-  settings.save();
+  await settings.save();

  return res.status(201).json(newRadarr);
 });
@@ -76,7 +76,7 @@ radarrRoutes.post<

 radarrRoutes.put<{ id: string }, RadarrSettings, RadarrSettings>(
  '/:id',
-  (req, res, next) => {
+  async (req, res, next) => {
    const settings = getSettings();

    const radarrIndex = settings.radarr.findIndex(
@@ -102,7 +102,7 @@ radarrRoutes.put<{ id: string }, RadarrSettings, RadarrSettings>(
      ...req.body,
      id: Number(req.params.id),
    } as RadarrSettings;
-    settings.save();
+    await settings.save();

    return res.status(200).json(settings.radarr[radarrIndex]);
  }
@@ -134,7 +134,7 @@ radarrRoutes.get<{ id: string }>('/:id/profiles', async (req, res, next) => {
  );
 });

-radarrRoutes.delete<{ id: string }>('/:id', (req, res, next) => {
+radarrRoutes.delete<{ id: string }>('/:id', async (req, res, next) => {
  const settings = getSettings();

  const radarrIndex = settings.radarr.findIndex(
@@ -146,7 +146,7 @@ radarrRoutes.delete<{ id: string }>('/:id', (req, res, next) => {
  }

  const removed = settings.radarr.splice(radarrIndex, 1);
-  settings.save();
+  await settings.save();

  return res.status(200).json(removed[0]);
 });
--- a/Show More
+++ b/Show More