Merge a8979103d9e01fe404cecff0227fb8a321d912f1 into dc07dc413daf5da43dfed4fffec9c8db320bf928

2026-05-03 06:51:16 +00:00 · 2025-11-24 22:41:06 -08:00
59 changed files with 330 additions and 1582 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@ -9,19 +9,12 @@ ARG INSTALL_NODE="true"
 ARG NODE_VERSION="lts/*"
 RUN if [ "${INSTALL_NODE}" = "true" ]; then su vscode -c "source /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"; fi

-# Install additional OS packages
+# [Optional] Uncomment this section to install additional OS packages.
 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
-    && apt-get -y install --no-install-recommends ffmpeg
+    && apt-get -y install --no-install-recommends libtag1-dev ffmpeg

-# Install TagLib from cross-taglib releases
-ARG CROSS_TAGLIB_VERSION="2.1.1-1"
-ARG TARGETARCH
-RUN DOWNLOAD_ARCH="linux-${TARGETARCH}" \
-    && wget -q "https://github.com/navidrome/cross-taglib/releases/download/v${CROSS_TAGLIB_VERSION}/taglib-${DOWNLOAD_ARCH}.tar.gz" -O /tmp/cross-taglib.tar.gz \
-    && tar -xzf /tmp/cross-taglib.tar.gz -C /usr --strip-components=1 \
-    && mv /usr/include/taglib/* /usr/include/ \
-    && rmdir /usr/include/taglib \
-    && rm /tmp/cross-taglib.tar.gz /usr/provenance.json
+# [Optional] Uncomment the next line to use go get to install anything else you need
+# RUN go get -x <your-dependency-or-tool>

 # [Optional] Uncomment this line to install global node packages.
 # RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g <your-package-here>" 2>&1
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -7,8 +7,7 @@
 			"VARIANT": "1.25",
 			// Options
 			"INSTALL_NODE": "true",
-			"NODE_VERSION": "v24",
-			"CROSS_TAGLIB_VERSION": "2.1.1-1"
+			"NODE_VERSION": "v24"
 		}
 	},
 	"workspaceMount": "",
@ -55,10 +54,12 @@
 		4533,
 		4633
 	],
+	// Use 'postCreateCommand' to run commands after the container is created.
+	// "postCreateCommand": "make setup-dev",
 	// Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
 	"remoteUser": "vscode",
 	"remoteEnv": {
 		"ND_MUSICFOLDER": "./music",
 		"ND_DATAFOLDER": "./data"
 	}
-}
+}
--- a/cmd/root.go
+++ b/cmd/root.go
@ -346,7 +346,7 @@ func startPluginManager(ctx context.Context) func() error {
 // TODO: Implement some struct tags to map flags to viper
 func init() {
 	cobra.OnInitialize(func() {
-		conf.InitConfig(cfgFile, true)
+		conf.InitConfig(cfgFile)
 	})

 	rootCmd.PersistentFlags().StringVarP(&cfgFile, "configfile", "c", "", `config file (default "./navidrome.toml")`)
@ -374,7 +374,6 @@ func init() {
 	rootCmd.Flags().Duration("scaninterval", viper.GetDuration("scaninterval"), "how frequently to scan for changes in your music library")
 	rootCmd.Flags().String("uiloginbackgroundurl", viper.GetString("uiloginbackgroundurl"), "URL to a backaground image used in the Login page")
 	rootCmd.Flags().Bool("enabletranscodingconfig", viper.GetBool("enabletranscodingconfig"), "enables transcoding configuration in the UI")
-	rootCmd.Flags().Bool("enabletranscodingcancellation", viper.GetBool("enabletranscodingcancellation"), "enables transcoding context cancellation")
 	rootCmd.Flags().String("transcodingcachesize", viper.GetString("transcodingcachesize"), "size of transcoding cache")
 	rootCmd.Flags().String("imagecachesize", viper.GetString("imagecachesize"), "size of image (art work) cache. set to 0 to disable cache")
 	rootCmd.Flags().String("albumplaycountmode", viper.GetString("albumplaycountmode"), "how to compute playcount for albums. absolute (default) or normalized")
@ -398,7 +397,6 @@ func init() {
 	_ = viper.BindPFlag("prometheus.metricspath", rootCmd.Flags().Lookup("prometheus.metricspath"))

 	_ = viper.BindPFlag("enabletranscodingconfig", rootCmd.Flags().Lookup("enabletranscodingconfig"))
-	_ = viper.BindPFlag("enabletranscodingcancellation", rootCmd.Flags().Lookup("enabletranscodingcancellation"))
 	_ = viper.BindPFlag("transcodingcachesize", rootCmd.Flags().Lookup("transcodingcachesize"))
 	_ = viper.BindPFlag("imagecachesize", rootCmd.Flags().Lookup("imagecachesize"))
 }
--- a/conf/configuration.go
+++ b/conf/configuration.go
@ -41,7 +41,6 @@ type configOptions struct {
 	UIWelcomeMessage                string
 	MaxSidebarPlaylists             int
 	EnableTranscodingConfig         bool
-	EnableTranscodingCancellation   bool
 	EnableDownloads                 bool
 	EnableExternalServices          bool
 	EnableInsightsCollector         bool
@ -87,7 +86,8 @@ type configOptions struct {
 	AuthRequestLimit                int
 	AuthWindowLength                time.Duration
 	PasswordEncryptionKey           string
-	ExtAuth                         extAuthOptions
+	ReverseProxyUserHeader          string
+	ReverseProxyWhitelist           string
 	Plugins                         pluginsOptions
 	PluginConfig                    map[string]map[string]string
 	HTTPSecurityHeaders             secureOptions       `json:",omitzero"`
@ -106,33 +106,31 @@ type configOptions struct {
 	Agents                          string

 	// DevFlags. These are used to enable/disable debugging and incomplete features
-	DevLogLevels                      map[string]string `json:",omitempty"`
-	DevLogSourceLine                  bool
-	DevEnableProfiler                 bool
-	DevAutoCreateAdminPassword        string
-	DevAutoLoginUsername              string
-	DevActivityPanel                  bool
-	DevActivityPanelUpdateRate        time.Duration
-	DevSidebarPlaylists               bool
-	DevShowArtistPage                 bool
-	DevUIShowConfig                   bool
-	DevNewEventStream                 bool
-	DevOffsetOptimize                 int
-	DevArtworkMaxRequests             int
-	DevArtworkThrottleBacklogLimit    int
-	DevArtworkThrottleBacklogTimeout  time.Duration
-	DevArtistInfoTimeToLive           time.Duration
-	DevAlbumInfoTimeToLive            time.Duration
-	DevExternalScanner                bool
-	DevScannerThreads                 uint
-	DevSelectiveWatcher               bool
-	DevInsightsInitialDelay           time.Duration
-	DevEnablePlayerInsights           bool
-	DevEnablePluginsInsights          bool
-	DevPluginCompilationTimeout       time.Duration
-	DevExternalArtistFetchMultiplier  float64
-	DevOptimizeDB                     bool
-	DevPreserveUnicodeInExternalCalls bool
+	DevLogLevels                     map[string]string `json:",omitempty"`
+	DevLogSourceLine                 bool
+	DevEnableProfiler                bool
+	DevAutoCreateAdminPassword       string
+	DevAutoLoginUsername             string
+	DevActivityPanel                 bool
+	DevActivityPanelUpdateRate       time.Duration
+	DevSidebarPlaylists              bool
+	DevShowArtistPage                bool
+	DevUIShowConfig                  bool
+	DevNewEventStream                bool
+	DevOffsetOptimize                int
+	DevArtworkMaxRequests            int
+	DevArtworkThrottleBacklogLimit   int
+	DevArtworkThrottleBacklogTimeout time.Duration
+	DevArtistInfoTimeToLive          time.Duration
+	DevAlbumInfoTimeToLive           time.Duration
+	DevExternalScanner               bool
+	DevScannerThreads                uint
+	DevSelectiveWatcher              bool
+	DevInsightsInitialDelay          time.Duration
+	DevEnablePlayerInsights          bool
+	DevEnablePluginsInsights         bool
+	DevPluginCompilationTimeout      time.Duration
+	DevExternalArtistFetchMultiplier float64
 }

 type scannerOptions struct {
@ -230,11 +228,6 @@ type pluginsOptions struct {
 	CacheSize string
 }

-type extAuthOptions struct {
-	TrustedSources string
-	UserHeader     string
-}
-
 var (
 	Server = &configOptions{}
 	hooks  []func()
@ -253,10 +246,6 @@ func LoadFromFile(confFile string) {
 func Load(noConfigDump bool) {
 	parseIniFileConfiguration()

-	// Map deprecated options to their new names for backwards compatibility
-	mapDeprecatedOption("ReverseProxyWhitelist", "ExtAuth.TrustedSources")
-	mapDeprecatedOption("ReverseProxyUserHeader", "ExtAuth.UserHeader")
-
 	err := viper.Unmarshal(&Server)
 	if err != nil {
 		_, _ = fmt.Fprintln(os.Stderr, "FATAL: Error parsing config:", err)
@ -340,16 +329,9 @@ func Load(noConfigDump bool) {
 		Server.BaseScheme = u.Scheme
 	}

-	// Log configuration source
-	if Server.ConfigFile != "" {
-		log.Info("Loaded configuration", "file", Server.ConfigFile)
-	} else {
-		log.Warn("No configuration file found. Using default values. To specify a config file, use the --configfile flag or set the ND_CONFIGFILE environment variable.")
-	}
-
 	// Print current configuration if log level is Debug
 	if log.IsGreaterOrEqualTo(log.LevelDebug) && !noConfigDump {
-		prettyConf := pretty.Sprintf("Configuration: %# v", Server)
+		prettyConf := pretty.Sprintf("Loaded configuration from '%s': %# v", Server.ConfigFile, Server)
 		if Server.EnableLogRedacting {
 			prettyConf = log.Redact(prettyConf)
 		}
@ -367,7 +349,6 @@ func Load(noConfigDump bool) {
 	logDeprecatedOptions("Scanner.GenreSeparators")
 	logDeprecatedOptions("Scanner.GroupAlbumReleases")
 	logDeprecatedOptions("DevEnableBufferedScrobble") // Deprecated: Buffered scrobbling is now always enabled and this option is ignored
-	logDeprecatedOptions("ReverseProxyWhitelist", "ReverseProxyUserHeader")

 	// Call init hooks
 	for _, hook := range hooks {
@ -387,14 +368,6 @@ func logDeprecatedOptions(options ...string) {
 	}
 }

-// mapDeprecatedOption is used to provide backwards compatibility for deprecated options. It should be called after
-// the config has been read by viper, but before unmarshalling it into the Config struct.
-func mapDeprecatedOption(legacyName, newName string) {
-	if viper.IsSet(legacyName) {
-		viper.Set(newName, viper.Get(legacyName))
-	}
-}
-
 // parseIniFileConfiguration is used to parse the config file when it is in INI format. For INI files, it
 // would require a nested structure, so instead we unmarshal it to a map and then merge the nested [default]
 // section into the root level.
@ -454,7 +427,7 @@ func validatePurgeMissingOption() error {
 		}
 	}
 	if !valid {
-		err := fmt.Errorf("invalid Scanner.PurgeMissing value: '%s'. Must be one of: %v", Server.Scanner.PurgeMissing, allowedValues)
+		err := fmt.Errorf("Invalid Scanner.PurgeMissing value: '%s'. Must be one of: %v", Server.Scanner.PurgeMissing, allowedValues)
 		log.Error(err.Error())
 		Server.Scanner.PurgeMissing = consts.PurgeMissingNever
 		return err
@ -518,7 +491,6 @@ func setViperDefaults() {
 	viper.SetDefault("uiwelcomemessage", "")
 	viper.SetDefault("maxsidebarplaylists", consts.DefaultMaxSidebarPlaylists)
 	viper.SetDefault("enabletranscodingconfig", false)
-	viper.SetDefault("enabletranscodingcancellation", false)
 	viper.SetDefault("transcodingcachesize", "100MB")
 	viper.SetDefault("imagecachesize", "100MB")
 	viper.SetDefault("albumplaycountmode", consts.AlbumPlayCountModeAbsolute)
@ -563,8 +535,8 @@ func setViperDefaults() {
 	viper.SetDefault("authrequestlimit", 5)
 	viper.SetDefault("authwindowlength", 20*time.Second)
 	viper.SetDefault("passwordencryptionkey", "")
-	viper.SetDefault("extauth.userheader", "Remote-User")
-	viper.SetDefault("extauth.trustedsources", "")
+	viper.SetDefault("reverseproxyuserheader", "Remote-User")
+	viper.SetDefault("reverseproxywhitelist", "")
 	viper.SetDefault("prometheus.enabled", false)
 	viper.SetDefault("prometheus.metricspath", consts.PrometheusDefaultPath)
 	viper.SetDefault("prometheus.password", "")
@ -637,15 +609,13 @@ func setViperDefaults() {
 	viper.SetDefault("devenablepluginsinsights", true)
 	viper.SetDefault("devplugincompilationtimeout", time.Minute)
 	viper.SetDefault("devexternalartistfetchmultiplier", 1.5)
-	viper.SetDefault("devoptimizedb", true)
-	viper.SetDefault("devpreserveunicodeinexternalcalls", false)
 }

 func init() {
 	setViperDefaults()
 }

-func InitConfig(cfgFile string, loadEnvVars bool) {
+func InitConfig(cfgFile string) {
 	codecRegistry := viper.NewCodecRegistry()
 	_ = codecRegistry.RegisterCodec("ini", ini.Codec{
 		LoadOptions: ini.LoadOptions{
@ -666,12 +636,10 @@ func InitConfig(cfgFile string, loadEnvVars bool) {
 	}

 	_ = viper.BindEnv("port")
-	if loadEnvVars {
-		viper.SetEnvPrefix("ND")
-		replacer := strings.NewReplacer(".", "_")
-		viper.SetEnvKeyReplacer(replacer)
-		viper.AutomaticEnv()
-	}
+	viper.SetEnvPrefix("ND")
+	replacer := strings.NewReplacer(".", "_")
+	viper.SetEnvKeyReplacer(replacer)
+	viper.AutomaticEnv()

 	err := viper.ReadInConfig()
 	if viper.ConfigFileUsed() != "" && err != nil {
--- a/conf/configuration_test.go
+++ b/conf/configuration_test.go
@ -31,7 +31,7 @@ var _ = Describe("Configuration", func() {
 			filename := filepath.Join("testdata", "cfg."+format)

 			// Initialize config with the test file
-			conf.InitConfig(filename, false)
+			conf.InitConfig(filename)
 			// Load the configuration (with noConfigDump=true)
 			conf.Load(true)

@ -41,9 +41,6 @@ var _ = Describe("Configuration", func() {
 			Expect(conf.Server.Tags["custom"].Aliases).To(Equal([]string{format, "test"}))
 			Expect(conf.Server.Tags["artist"].Split).To(Equal([]string{";"}))

-			// Check deprecated option mapping
-			Expect(conf.Server.ExtAuth.UserHeader).To(Equal("X-Auth-User"))
-
 			// The config file used should be the one we created
 			Expect(conf.Server.ConfigFile).To(Equal(filename))
 		},
--- a/conf/testdata/cfg.ini
+++ b/conf/testdata/cfg.ini
@ -1,7 +1,6 @@
 [default]
 MusicFolder = /ini/music
 UIWelcomeMessage = 'Welcome ini' ; Just a comment to test the LoadOptions
-ReverseProxyUserHeader = 'X-Auth-User'

 [Tags]
 Custom.Aliases = ini,test
--- a/conf/testdata/cfg.json
+++ b/conf/testdata/cfg.json
@ -1,7 +1,6 @@
 {
  "musicFolder": "/json/music",
  "uiWelcomeMessage": "Welcome json",
-  "reverseProxyUserHeader": "X-Auth-User",
  "Tags": {
    "artist": {
      "split": ";"
--- a/conf/testdata/cfg.toml
+++ b/conf/testdata/cfg.toml
@ -1,6 +1,5 @@
 musicFolder = "/toml/music"
 uiWelcomeMessage = "Welcome toml"
-ReverseProxyUserHeader = "X-Auth-User"

 Tags.artist.Split = ';'

--- a/conf/testdata/cfg.yaml
+++ b/conf/testdata/cfg.yaml
@ -1,6 +1,5 @@
 musicFolder: "/yaml/music"
 uiWelcomeMessage: "Welcome yaml"
-reverseProxyUserHeader: "X-Auth-User"
 Tags:
  artist:
    split:  [";"]
--- a/core/auth/auth.go
+++ b/core/auth/auth.go
@ -113,9 +113,9 @@ func WithAdminUser(ctx context.Context, ds model.DataStore) context.Context {
 	if err != nil {
 		c, err := ds.User(ctx).CountAll()
 		if c == 0 && err == nil {
-			log.Debug(ctx, "No admin user yet!", err)
+			log.Debug(ctx, "Scanner: No admin user yet!", err)
 		} else {
-			log.Error(ctx, "No admin user found!", err)
+			log.Error(ctx, "Scanner: No admin user found!", err)
 		}
 		u = &model.User{}
 	}
--- a/core/external/provider.go
+++ b/core/external/provider.go
@ -51,28 +51,12 @@ type provider struct {

 type auxAlbum struct {
 	model.Album
-}
-
-// Name returns the appropriate album name for external API calls
-// based on the DevPreserveUnicodeInExternalCalls configuration option
-func (a *auxAlbum) Name() string {
-	if conf.Server.DevPreserveUnicodeInExternalCalls {
-		return a.Album.Name
-	}
-	return str.Clear(a.Album.Name)
+	Name string
 }

 type auxArtist struct {
 	model.Artist
-}
-
-// Name returns the appropriate artist name for external API calls
-// based on the DevPreserveUnicodeInExternalCalls configuration option
-func (a *auxArtist) Name() string {
-	if conf.Server.DevPreserveUnicodeInExternalCalls {
-		return a.Artist.Name
-	}
-	return str.Clear(a.Artist.Name)
+	Name string
 }

 type Agents interface {
@ -104,6 +88,7 @@ func (e *provider) getAlbum(ctx context.Context, id string) (auxAlbum, error) {
 	switch v := entity.(type) {
 	case *model.Album:
 		album.Album = *v
+		album.Name = str.Clear(v.Name)
 	case *model.MediaFile:
 		return e.getAlbum(ctx, v.AlbumID)
 	default:
@ -121,9 +106,8 @@ func (e *provider) UpdateAlbumInfo(ctx context.Context, id string) (*model.Album
 	}

 	updatedAt := V(album.ExternalInfoUpdatedAt)
-	albumName := album.Name()
 	if updatedAt.IsZero() {
-		log.Debug(ctx, "AlbumInfo not cached. Retrieving it now", "updatedAt", updatedAt, "id", id, "name", albumName)
+		log.Debug(ctx, "AlbumInfo not cached. Retrieving it now", "updatedAt", updatedAt, "id", id, "name", album.Name)
 		album, err = e.populateAlbumInfo(ctx, album)
 		if err != nil {
 			return nil, err
@ -132,7 +116,7 @@ func (e *provider) UpdateAlbumInfo(ctx context.Context, id string) (*model.Album

 	// If info is expired, trigger a populateAlbumInfo in the background
 	if time.Since(updatedAt) > conf.Server.DevAlbumInfoTimeToLive {
-		log.Debug("Found expired cached AlbumInfo, refreshing in the background", "updatedAt", album.ExternalInfoUpdatedAt, "name", albumName)
+		log.Debug("Found expired cached AlbumInfo, refreshing in the background", "updatedAt", album.ExternalInfoUpdatedAt, "name", album.Name)
 		e.albumQueue.enqueue(&album)
 	}

@ -141,13 +125,12 @@ func (e *provider) UpdateAlbumInfo(ctx context.Context, id string) (*model.Album

 func (e *provider) populateAlbumInfo(ctx context.Context, album auxAlbum) (auxAlbum, error) {
 	start := time.Now()
-	albumName := album.Name()
-	info, err := e.ag.GetAlbumInfo(ctx, albumName, album.AlbumArtist, album.MbzAlbumID)
+	info, err := e.ag.GetAlbumInfo(ctx, album.Name, album.AlbumArtist, album.MbzAlbumID)
 	if errors.Is(err, agents.ErrNotFound) {
 		return album, nil
 	}
 	if err != nil {
-		log.Error("Error refreshing AlbumInfo", "id", album.ID, "name", albumName, "artist", album.AlbumArtist,
+		log.Error("Error refreshing AlbumInfo", "id", album.ID, "name", album.Name, "artist", album.AlbumArtist,
 			"elapsed", time.Since(start), err)
 		return album, err
 	}
@ -159,7 +142,7 @@ func (e *provider) populateAlbumInfo(ctx context.Context, album auxAlbum) (auxAl
 		album.Description = info.Description
 	}

-	images, err := e.ag.GetAlbumImages(ctx, albumName, album.AlbumArtist, album.MbzAlbumID)
+	images, err := e.ag.GetAlbumImages(ctx, album.Name, album.AlbumArtist, album.MbzAlbumID)
 	if err == nil && len(images) > 0 {
 		sort.Slice(images, func(i, j int) bool {
 			return images[i].Size > images[j].Size
@ -178,7 +161,7 @@ func (e *provider) populateAlbumInfo(ctx context.Context, album auxAlbum) (auxAl

 	err = e.ds.Album(ctx).UpdateExternalInfo(&album.Album)
 	if err != nil {
-		log.Error(ctx, "Error trying to update album external information", "id", album.ID, "name", albumName,
+		log.Error(ctx, "Error trying to update album external information", "id", album.ID, "name", album.Name,
 			"elapsed", time.Since(start), err)
 	} else {
 		log.Trace(ctx, "AlbumInfo collected", "album", album, "elapsed", time.Since(start))
@ -198,6 +181,7 @@ func (e *provider) getArtist(ctx context.Context, id string) (auxArtist, error)
 	switch v := entity.(type) {
 	case *model.Artist:
 		artist.Artist = *v
+		artist.Name = str.Clear(v.Name)
 	case *model.MediaFile:
 		return e.getArtist(ctx, v.ArtistID)
 	case *model.Album:
@ -226,9 +210,8 @@ func (e *provider) refreshArtistInfo(ctx context.Context, id string) (auxArtist,

 	// If we don't have any info, retrieves it now
 	updatedAt := V(artist.ExternalInfoUpdatedAt)
-	artistName := artist.Name()
 	if updatedAt.IsZero() {
-		log.Debug(ctx, "ArtistInfo not cached. Retrieving it now", "updatedAt", updatedAt, "id", id, "name", artistName)
+		log.Debug(ctx, "ArtistInfo not cached. Retrieving it now", "updatedAt", updatedAt, "id", id, "name", artist.Name)
 		artist, err = e.populateArtistInfo(ctx, artist)
 		if err != nil {
 			return auxArtist{}, err
@ -237,7 +220,7 @@ func (e *provider) refreshArtistInfo(ctx context.Context, id string) (auxArtist,

 	// If info is expired, trigger a populateArtistInfo in the background
 	if time.Since(updatedAt) > conf.Server.DevArtistInfoTimeToLive {
-		log.Debug("Found expired cached ArtistInfo, refreshing in the background", "updatedAt", updatedAt, "name", artistName)
+		log.Debug("Found expired cached ArtistInfo, refreshing in the background", "updatedAt", updatedAt, "name", artist.Name)
 		e.artistQueue.enqueue(&artist)
 	}
 	return artist, nil
@ -246,9 +229,8 @@ func (e *provider) refreshArtistInfo(ctx context.Context, id string) (auxArtist,
 func (e *provider) populateArtistInfo(ctx context.Context, artist auxArtist) (auxArtist, error) {
 	start := time.Now()
 	// Get MBID first, if it is not yet available
-	artistName := artist.Name()
 	if artist.MbzArtistID == "" {
-		mbid, err := e.ag.GetArtistMBID(ctx, artist.ID, artistName)
+		mbid, err := e.ag.GetArtistMBID(ctx, artist.ID, artist.Name)
 		if mbid != "" && err == nil {
 			artist.MbzArtistID = mbid
 		}
@ -264,14 +246,14 @@ func (e *provider) populateArtistInfo(ctx context.Context, artist auxArtist) (au
 	_ = g.Wait()

 	if utils.IsCtxDone(ctx) {
-		log.Warn(ctx, "ArtistInfo update canceled", "id", artist.ID, "name", artistName, "elapsed", time.Since(start), ctx.Err())
+		log.Warn(ctx, "ArtistInfo update canceled", "elapsed", "id", artist.ID, "name", artist.Name, time.Since(start), ctx.Err())
 		return artist, ctx.Err()
 	}

 	artist.ExternalInfoUpdatedAt = P(time.Now())
 	err := e.ds.Artist(ctx).UpdateExternalInfo(&artist.Artist)
 	if err != nil {
-		log.Error(ctx, "Error trying to update artist external information", "id", artist.ID, "name", artistName,
+		log.Error(ctx, "Error trying to update artist external information", "id", artist.ID, "name", artist.Name,
 			"elapsed", time.Since(start), err)
 	} else {
 		log.Trace(ctx, "ArtistInfo collected", "artist", artist, "elapsed", time.Since(start))
@ -299,7 +281,7 @@ func (e *provider) ArtistRadio(ctx context.Context, id string, count int) (model
 		}

 		topCount := max(count, 20)
-		topSongs, err := e.getMatchingTopSongs(ctx, e.ag, &auxArtist{Artist: a}, topCount)
+		topSongs, err := e.getMatchingTopSongs(ctx, e.ag, &auxArtist{Name: a.Name, Artist: a}, topCount)
 		if err != nil {
 			log.Warn(ctx, "Error getting artist's top songs", "artist", a.Name, err)
 			return nil
@ -362,23 +344,22 @@ func (e *provider) AlbumImage(ctx context.Context, id string) (*url.URL, error)
 		return nil, err
 	}

-	albumName := album.Name()
-	images, err := e.ag.GetAlbumImages(ctx, albumName, album.AlbumArtist, album.MbzAlbumID)
+	images, err := e.ag.GetAlbumImages(ctx, album.Name, album.AlbumArtist, album.MbzAlbumID)
 	if err != nil {
 		switch {
 		case errors.Is(err, agents.ErrNotFound):
-			log.Trace(ctx, "Album not found in agent", "albumID", id, "name", albumName, "artist", album.AlbumArtist)
+			log.Trace(ctx, "Album not found in agent", "albumID", id, "name", album.Name, "artist", album.AlbumArtist)
 			return nil, model.ErrNotFound
 		case errors.Is(err, context.Canceled):
 			log.Debug(ctx, "GetAlbumImages call canceled", err)
 		default:
-			log.Warn(ctx, "Error getting album images from agent", "albumID", id, "name", albumName, "artist", album.AlbumArtist, err)
+			log.Warn(ctx, "Error getting album images from agent", "albumID", id, "name", album.Name, "artist", album.AlbumArtist, err)
 		}
 		return nil, err
 	}

 	if len(images) == 0 {
-		log.Warn(ctx, "Agent returned no images without error", "albumID", id, "name", albumName, "artist", album.AlbumArtist)
+		log.Warn(ctx, "Agent returned no images without error", "albumID", id, "name", album.Name, "artist", album.AlbumArtist)
 		return nil, model.ErrNotFound
 	}

@ -420,10 +401,9 @@ func (e *provider) TopSongs(ctx context.Context, artistName string, count int) (
 }

 func (e *provider) getMatchingTopSongs(ctx context.Context, agent agents.ArtistTopSongsRetriever, artist *auxArtist, count int) (model.MediaFiles, error) {
-	artistName := artist.Name()
-	songs, err := agent.GetArtistTopSongs(ctx, artist.ID, artistName, artist.MbzArtistID, count)
+	songs, err := agent.GetArtistTopSongs(ctx, artist.ID, artist.Name, artist.MbzArtistID, count)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get top songs for artist %s: %w", artistName, err)
+		return nil, fmt.Errorf("failed to get top songs for artist %s: %w", artist.Name, err)
 	}

 	mbidMatches, err := e.loadTracksByMBID(ctx, songs)
@ -435,13 +415,13 @@ func (e *provider) getMatchingTopSongs(ctx context.Context, agent agents.ArtistT
 		return nil, fmt.Errorf("failed to load tracks by title: %w", err)
 	}

-	log.Trace(ctx, "Top Songs loaded", "name", artistName, "numSongs", len(songs), "numMBIDMatches", len(mbidMatches), "numTitleMatches", len(titleMatches))
+	log.Trace(ctx, "Top Songs loaded", "name", artist.Name, "numSongs", len(songs), "numMBIDMatches", len(mbidMatches), "numTitleMatches", len(titleMatches))
 	mfs := e.selectTopSongs(songs, mbidMatches, titleMatches, count)

 	if len(mfs) == 0 {
-		log.Debug(ctx, "No matching top songs found", "name", artistName)
+		log.Debug(ctx, "No matching top songs found", "name", artist.Name)
 	} else {
-		log.Debug(ctx, "Found matching top songs", "name", artistName, "numSongs", len(mfs))
+		log.Debug(ctx, "Found matching top songs", "name", artist.Name, "numSongs", len(mfs))
 	}

 	return mfs, nil
@ -538,7 +518,7 @@ func (e *provider) selectTopSongs(songs []agents.Song, byMBID, byTitle map[strin
 }

 func (e *provider) callGetURL(ctx context.Context, agent agents.ArtistURLRetriever, artist *auxArtist) {
-	artisURL, err := agent.GetArtistURL(ctx, artist.ID, artist.Name(), artist.MbzArtistID)
+	artisURL, err := agent.GetArtistURL(ctx, artist.ID, artist.Name, artist.MbzArtistID)
 	if err != nil {
 		return
 	}
@ -546,7 +526,7 @@ func (e *provider) callGetURL(ctx context.Context, agent agents.ArtistURLRetriev
 }

 func (e *provider) callGetBiography(ctx context.Context, agent agents.ArtistBiographyRetriever, artist *auxArtist) {
-	bio, err := agent.GetArtistBiography(ctx, artist.ID, artist.Name(), artist.MbzArtistID)
+	bio, err := agent.GetArtistBiography(ctx, artist.ID, str.Clear(artist.Name), artist.MbzArtistID)
 	if err != nil {
 		return
 	}
@ -556,7 +536,7 @@ func (e *provider) callGetBiography(ctx context.Context, agent agents.ArtistBiog
 }

 func (e *provider) callGetImage(ctx context.Context, agent agents.ArtistImageRetriever, artist *auxArtist) {
-	images, err := agent.GetArtistImages(ctx, artist.ID, artist.Name(), artist.MbzArtistID)
+	images, err := agent.GetArtistImages(ctx, artist.ID, artist.Name, artist.MbzArtistID)
 	if err != nil {
 		return
 	}
@ -575,14 +555,13 @@ func (e *provider) callGetImage(ctx context.Context, agent agents.ArtistImageRet

 func (e *provider) callGetSimilar(ctx context.Context, agent agents.ArtistSimilarRetriever, artist *auxArtist,
 	limit int, includeNotPresent bool) {
-	artistName := artist.Name()
-	similar, err := agent.GetSimilarArtists(ctx, artist.ID, artistName, artist.MbzArtistID, limit)
+	similar, err := agent.GetSimilarArtists(ctx, artist.ID, artist.Name, artist.MbzArtistID, limit)
 	if len(similar) == 0 || err != nil {
 		return
 	}
 	start := time.Now()
 	sa, err := e.mapSimilarArtists(ctx, similar, limit, includeNotPresent)
-	log.Debug(ctx, "Mapped Similar Artists", "artist", artistName, "numSimilar", len(sa), "elapsed", time.Since(start))
+	log.Debug(ctx, "Mapped Similar Artists", "artist", artist.Name, "numSimilar", len(sa), "elapsed", time.Since(start))
 	if err != nil {
 		return
 	}
@ -656,7 +635,11 @@ func (e *provider) findArtistByName(ctx context.Context, artistName string) (*au
 	if len(artists) == 0 {
 		return nil, model.ErrNotFound
 	}
-	return &auxArtist{Artist: artists[0]}, nil
+	artist := &auxArtist{
+		Artist: artists[0],
+		Name:   str.Clear(artists[0].Name),
+	}
+	return artist, nil
 }

 func (e *provider) loadSimilar(ctx context.Context, artist *auxArtist, count int, includeNotPresent bool) error {
@ -672,7 +655,7 @@ func (e *provider) loadSimilar(ctx context.Context, artist *auxArtist, count int
 		Filters: squirrel.Eq{"artist.id": ids},
 	})
 	if err != nil {
-		log.Error("Error loading similar artists", "id", artist.ID, "name", artist.Name(), err)
+		log.Error("Error loading similar artists", "id", artist.ID, "name", artist.Name, err)
 		return err
 	}

--- a/core/external/provider_albumimage_test.go
+++ b/core/external/provider_albumimage_test.go
@ -260,69 +260,6 @@ var _ = Describe("Provider - AlbumImage", func() {
 		mockMediaFileRepo.AssertCalled(GinkgoT(), "Get", "not-found")
 		mockAlbumAgent.AssertNotCalled(GinkgoT(), "GetAlbumImages", mock.Anything, mock.Anything, mock.Anything)
 	})
-
-	Context("Unicode handling in album names", func() {
-		var albumWithEnDash *model.Album
-		var expectedURL *url.URL
-
-		const (
-			originalAlbumName   = "Raising Hell–Deluxe" // Album name with en dash
-			normalizedAlbumName = "Raising Hell-Deluxe" // Normalized version with hyphen
-		)
-
-		BeforeEach(func() {
-			// Test with en dash (–) in album name
-			albumWithEnDash = &model.Album{ID: "album-endash", Name: originalAlbumName, AlbumArtistID: "artist-1"}
-			mockArtistRepo.Mock = mock.Mock{} // Reset default expectations
-			mockAlbumRepo.Mock = mock.Mock{}  // Reset default expectations
-			mockArtistRepo.On("Get", "album-endash").Return(nil, model.ErrNotFound).Once()
-			mockAlbumRepo.On("Get", "album-endash").Return(albumWithEnDash, nil).Once()
-
-			expectedURL, _ = url.Parse("http://example.com/album.jpg")
-
-			// Mock the album agent to return an image for the album
-			mockAlbumAgent.On("GetAlbumImages", ctx, mock.AnythingOfType("string"), "", "").
-				Return([]agents.ExternalImage{
-					{URL: "http://example.com/album.jpg", Size: 1000},
-				}, nil).Once()
-		})
-
-		When("DevPreserveUnicodeInExternalCalls is true", func() {
-			BeforeEach(func() {
-				conf.Server.DevPreserveUnicodeInExternalCalls = true
-			})
-
-			It("preserves Unicode characters in album names", func() {
-				// Act
-				imgURL, err := provider.AlbumImage(ctx, "album-endash")
-
-				// Assert
-				Expect(err).ToNot(HaveOccurred())
-				Expect(imgURL).To(Equal(expectedURL))
-				mockAlbumRepo.AssertCalled(GinkgoT(), "Get", "album-endash")
-				// This is the key assertion: ensure the original Unicode name is used
-				mockAlbumAgent.AssertCalled(GinkgoT(), "GetAlbumImages", ctx, originalAlbumName, "", "")
-			})
-		})
-
-		When("DevPreserveUnicodeInExternalCalls is false", func() {
-			BeforeEach(func() {
-				conf.Server.DevPreserveUnicodeInExternalCalls = false
-			})
-
-			It("normalizes Unicode characters", func() {
-				// Act
-				imgURL, err := provider.AlbumImage(ctx, "album-endash")
-
-				// Assert
-				Expect(err).ToNot(HaveOccurred())
-				Expect(imgURL).To(Equal(expectedURL))
-				mockAlbumRepo.AssertCalled(GinkgoT(), "Get", "album-endash")
-				// This assertion ensures the normalized name is used (en dash → hyphen)
-				mockAlbumAgent.AssertCalled(GinkgoT(), "GetAlbumImages", ctx, normalizedAlbumName, "", "")
-			})
-		})
-	})
 })

 // mockAlbumInfoAgent implementation
--- a/core/external/provider_artistimage_test.go
+++ b/core/external/provider_artistimage_test.go
@ -265,67 +265,6 @@ var _ = Describe("Provider - ArtistImage", func() {
 		mockArtistRepo.AssertCalled(GinkgoT(), "Get", "artist-1")
 		mockImageAgent.AssertCalled(GinkgoT(), "GetArtistImages", ctx, "artist-1", "Artist One", "")
 	})
-
-	Context("Unicode handling in artist names", func() {
-		var artistWithEnDash *model.Artist
-		var expectedURL *url.URL
-
-		const (
-			originalArtistName   = "Run–D.M.C." // Artist name with en dash
-			normalizedArtistName = "Run-D.M.C." // Normalized version with hyphen
-		)
-
-		BeforeEach(func() {
-			// Test with en dash (–) in artist name like "Run–D.M.C."
-			artistWithEnDash = &model.Artist{ID: "artist-endash", Name: originalArtistName}
-			mockArtistRepo.Mock = mock.Mock{} // Reset default expectations
-			mockArtistRepo.On("Get", "artist-endash").Return(artistWithEnDash, nil).Once()
-
-			expectedURL, _ = url.Parse("http://example.com/rundmc.jpg")
-
-			// Mock the image agent to return an image for the artist
-			mockImageAgent.On("GetArtistImages", ctx, "artist-endash", mock.AnythingOfType("string"), "").
-				Return([]agents.ExternalImage{
-					{URL: "http://example.com/rundmc.jpg", Size: 1000},
-				}, nil).Once()
-
-		})
-
-		When("DevPreserveUnicodeInExternalCalls is true", func() {
-			BeforeEach(func() {
-				conf.Server.DevPreserveUnicodeInExternalCalls = true
-			})
-			It("preserves Unicode characters in artist names", func() {
-				// Act
-				imgURL, err := provider.ArtistImage(ctx, "artist-endash")
-
-				// Assert
-				Expect(err).ToNot(HaveOccurred())
-				Expect(imgURL).To(Equal(expectedURL))
-				mockArtistRepo.AssertCalled(GinkgoT(), "Get", "artist-endash")
-				// This is the key assertion: ensure the original Unicode name is used
-				mockImageAgent.AssertCalled(GinkgoT(), "GetArtistImages", ctx, "artist-endash", originalArtistName, "")
-			})
-		})
-
-		When("DevPreserveUnicodeInExternalCalls is false", func() {
-			BeforeEach(func() {
-				conf.Server.DevPreserveUnicodeInExternalCalls = false
-			})
-
-			It("normalizes Unicode characters", func() {
-				// Act
-				imgURL, err := provider.ArtistImage(ctx, "artist-endash")
-
-				// Assert
-				Expect(err).ToNot(HaveOccurred())
-				Expect(imgURL).To(Equal(expectedURL))
-				mockArtistRepo.AssertCalled(GinkgoT(), "Get", "artist-endash")
-				// This assertion ensures the normalized name is used (en dash → hyphen)
-				mockImageAgent.AssertCalled(GinkgoT(), "GetArtistImages", ctx, "artist-endash", normalizedArtistName, "")
-			})
-		})
-	})
 })

 // mockArtistImageAgent implementation using testify/mock
--- a/core/ffmpeg/ffmpeg.go
+++ b/core/ffmpeg/ffmpeg.go
@ -112,7 +112,7 @@ func (e *ffmpeg) start(ctx context.Context, args []string) (io.ReadCloser, error
 	log.Trace(ctx, "Executing ffmpeg command", "cmd", args)
 	j := &ffCmd{args: args}
 	j.PipeReader, j.out = io.Pipe()
-	err := j.start(ctx)
+	err := j.start()
 	if err != nil {
 		return nil, err
 	}
@ -127,8 +127,8 @@ type ffCmd struct {
 	cmd  *exec.Cmd
 }

-func (j *ffCmd) start(ctx context.Context) error {
-	cmd := exec.CommandContext(ctx, j.args[0], j.args[1:]...) // #nosec
+func (j *ffCmd) start() error {
+	cmd := exec.Command(j.args[0], j.args[1:]...) // #nosec
 	cmd.Stdout = j.out
 	if log.IsGreaterOrEqualTo(log.LevelTrace) {
 		cmd.Stderr = os.Stderr
--- a/core/ffmpeg/ffmpeg_test.go
+++ b/core/ffmpeg/ffmpeg_test.go
@ -1,11 +1,7 @@
 package ffmpeg

 import (
-	"context"
-	"runtime"
-	sync "sync"
 	"testing"
-	"time"

 	"github.com/navidrome/navidrome/log"
 	"github.com/navidrome/navidrome/tests"
@ -69,98 +65,4 @@ var _ = Describe("ffmpeg", func() {
 			Expect(args).To(Equal([]string{"/usr/bin/with spaces/ffmpeg.exe", "-i", "one.mp3", "-f", "ffmetadata"}))
 		})
 	})
-
-	Describe("FFmpeg", func() {
-		Context("when FFmpeg is available", func() {
-			var ff FFmpeg
-
-			BeforeEach(func() {
-				ffOnce = sync.Once{}
-				ff = New()
-				// Skip if FFmpeg is not available
-				if !ff.IsAvailable() {
-					Skip("FFmpeg not available on this system")
-				}
-			})
-
-			It("should interrupt transcoding when context is cancelled", func() {
-				ctx, cancel := context.WithTimeout(GinkgoT().Context(), 5*time.Second)
-				defer cancel()
-
-				// Use a command that generates audio indefinitely
-				// -f lavfi uses FFmpeg's built-in audio source
-				// -t 0 means no time limit (runs forever)
-				command := "ffmpeg -f lavfi -i sine=frequency=1000:duration=0 -f mp3 -"
-
-				// The input file is not used here, but we need to provide a valid path to the Transcode function
-				stream, err := ff.Transcode(ctx, command, "tests/fixtures/test.mp3", 128, 0)
-				Expect(err).ToNot(HaveOccurred())
-				defer stream.Close()
-
-				// Read some data first to ensure FFmpeg is running
-				buf := make([]byte, 1024)
-				_, err = stream.Read(buf)
-				Expect(err).ToNot(HaveOccurred())
-
-				// Cancel the context
-				cancel()
-
-				// Next read should fail due to cancelled context
-				_, err = stream.Read(buf)
-				Expect(err).To(HaveOccurred())
-			})
-
-			It("should handle immediate context cancellation", func() {
-				ctx, cancel := context.WithCancel(GinkgoT().Context())
-				cancel() // Cancel immediately
-
-				// This should fail immediately
-				_, err := ff.Transcode(ctx, "ffmpeg -i %s -f mp3 -", "tests/fixtures/test.mp3", 128, 0)
-				Expect(err).To(MatchError(context.Canceled))
-			})
-		})
-
-		Context("with mock process behavior", func() {
-			var longRunningCmd string
-			BeforeEach(func() {
-				// Use a long-running command for testing cancellation
-				switch runtime.GOOS {
-				case "windows":
-					// Use PowerShell's Start-Sleep
-					ffmpegPath = "powershell"
-					longRunningCmd = "powershell -Command Start-Sleep -Seconds 10"
-				default:
-					// Use sleep on Unix-like systems
-					ffmpegPath = "sleep"
-					longRunningCmd = "sleep 10"
-				}
-			})
-
-			It("should terminate the underlying process when context is cancelled", func() {
-				ff := New()
-				ctx, cancel := context.WithTimeout(GinkgoT().Context(), 5*time.Second)
-				defer cancel()
-
-				// Start a process that will run for a while
-				stream, err := ff.Transcode(ctx, longRunningCmd, "tests/fixtures/test.mp3", 0, 0)
-				Expect(err).ToNot(HaveOccurred())
-				defer stream.Close()
-
-				// Give the process time to start
-				time.Sleep(50 * time.Millisecond)
-
-				// Cancel the context
-				cancel()
-
-				// Try to read from the stream, which should fail
-				buf := make([]byte, 100)
-				_, err = stream.Read(buf)
-				Expect(err).To(HaveOccurred(), "Expected stream to be closed due to process termination")
-
-				// Verify the stream is closed by attempting another read
-				_, err = stream.Read(buf)
-				Expect(err).To(HaveOccurred())
-			})
-		})
-	})
 })
--- a/core/media_streamer.go
+++ b/core/media_streamer.go
@ -204,20 +204,7 @@ func NewTranscodingCache() TranscodingCache {
 				log.Error(ctx, "Error loading transcoding command", "format", job.format, err)
 				return nil, os.ErrInvalid
 			}
-
-			// Choose the appropriate context based on EnableTranscodingCancellation configuration.
-			// This is where we decide whether transcoding processes should be cancellable or not.
-			var transcodingCtx context.Context
-			if conf.Server.EnableTranscodingCancellation {
-				// Use the request context directly, allowing cancellation when client disconnects
-				transcodingCtx = ctx
-			} else {
-				// Use background context with request values preserved.
-				// This prevents cancellation but maintains request metadata (user, client, etc.)
-				transcodingCtx = request.AddValues(context.Background(), ctx)
-			}
-
-			out, err := job.ms.transcoder.Transcode(transcodingCtx, t.Command, job.filePath, job.bitRate, job.offset)
+			out, err := job.ms.transcoder.Transcode(ctx, t.Command, job.filePath, job.bitRate, job.offset)
 			if err != nil {
 				log.Error(ctx, "Error starting transcoder", "id", job.mf.ID, err)
 				return nil, os.ErrInvalid
--- a/core/metrics/insights.go
+++ b/core/metrics/insights.go
@ -22,7 +22,6 @@ import (
 	"github.com/navidrome/navidrome/core/metrics/insights"
 	"github.com/navidrome/navidrome/log"
 	"github.com/navidrome/navidrome/model"
-	"github.com/navidrome/navidrome/model/request"
 	"github.com/navidrome/navidrome/plugins/schema"
 	"github.com/navidrome/navidrome/utils/singleton"
 )
@ -65,16 +64,9 @@ func GetInstance(ds model.DataStore, pluginLoader PluginLoader) Insights {
 }

 func (c *insightsCollector) Run(ctx context.Context) {
+	ctx = auth.WithAdminUser(ctx, c.ds)
 	for {
-		// Refresh admin context on each iteration to handle cases where
-		// admin user wasn't available on previous runs
-		insightsCtx := auth.WithAdminUser(ctx, c.ds)
-		u, _ := request.UserFrom(insightsCtx)
-		if !u.IsAdmin {
-			log.Trace(insightsCtx, "No admin user available, skipping insights collection")
-		} else {
-			c.sendInsights(insightsCtx)
-		}
+		c.sendInsights(ctx)
 		select {
 		case <-time.After(consts.InsightsUpdateInterval):
 			continue
@ -223,7 +215,7 @@ var staticData = sync.OnceValue(func() insights.Data {
 	data.Config.ScanSchedule = conf.Server.Scanner.Schedule
 	data.Config.ScanWatcherWait = uint64(math.Trunc(conf.Server.Scanner.WatcherWait.Seconds()))
 	data.Config.ScanOnStartup = conf.Server.Scanner.ScanOnStartup
-	data.Config.ReverseProxyConfigured = conf.Server.ExtAuth.TrustedSources != ""
+	data.Config.ReverseProxyConfigured = conf.Server.ReverseProxyWhitelist != ""
 	data.Config.HasCustomPID = conf.Server.PID.Track != "" || conf.Server.PID.Album != ""
 	data.Config.HasCustomTags = len(conf.Server.Tags) > 0

--- a/core/metrics/insights_linux.go
+++ b/core/metrics/insights_linux.go
@ -42,7 +42,6 @@ type MountInfo struct {

 var fsTypeMap = map[int64]string{
 	0x5346414f: "afs",
-	0x187:      "autofs",
 	0x61756673: "aufs",
 	0x9123683E: "btrfs",
 	0xc36400:   "ceph",
@ -56,11 +55,9 @@ var fsTypeMap = map[int64]string{
 	0x6a656a63: "fakeowner", // FS inside a container
 	0x65735546: "fuse",
 	0x4244:     "hfs",
-	0x482b:     "hfs+",
 	0x9660:     "iso9660",
 	0x3153464a: "jfs",
 	0x00006969: "nfs",
-	0x5346544e: "ntfs", // NTFS_SB_MAGIC
 	0x7366746e: "ntfs",
 	0x794c7630: "overlayfs",
 	0x9fa0:     "proc",
@ -72,16 +69,8 @@ var fsTypeMap = map[int64]string{
 	0x01021997: "v9fs",
 	0x786f4256: "vboxsf",
 	0x4d44:     "vfat",
-	0xca451a4e: "virtiofs",
 	0x58465342: "xfs",
 	0x2FC12FC1: "zfs",
-	0x7c7c6673: "prlfs", // Parallels Shared Folders
-
-	// Signed/unsigned conversion issues (negative hex values converted to uint32)
-	-0x6edc97c2: "btrfs", // 0x9123683e
-	-0x1acb2be:  "smb2",  // 0xfe534d42
-	-0xacb2be:   "cifs",  // 0xff534d42
-	-0xd0adff0:  "f2fs",  // 0xf2f52010
 }

 func getFilesystemType(path string) (string, error) {
--- a/core/scrobbler/buffered_scrobbler_test.go
+++ b/core/scrobbler/buffered_scrobbler_test.go
@ -38,9 +38,9 @@ var _ = Describe("BufferedScrobbler", func() {
 	It("forwards NowPlaying calls", func() {
 		track := &model.MediaFile{ID: "123", Title: "Test Track"}
 		Expect(bs.NowPlaying(ctx, "user1", track, 0)).To(Succeed())
-		Expect(scr.GetNowPlayingCalled()).To(BeTrue())
-		Expect(scr.GetUserID()).To(Equal("user1"))
-		Expect(scr.GetTrack()).To(Equal(track))
+		Expect(scr.NowPlayingCalled).To(BeTrue())
+		Expect(scr.UserID).To(Equal("user1"))
+		Expect(scr.Track).To(Equal(track))
 	})

 	It("enqueues scrobbles to buffer", func() {
@ -51,10 +51,9 @@ var _ = Describe("BufferedScrobbler", func() {
 		Expect(scr.ScrobbleCalled.Load()).To(BeFalse())

 		Expect(bs.Scrobble(ctx, "user1", scrobble)).To(Succeed())
+		Expect(buffer.Length()).To(Equal(int64(1)))

-		// Wait for the background goroutine to process the scrobble.
-		// We don't check buffer.Length() here because the background goroutine
-		// may dequeue the entry before we can observe it.
+		// Wait for the scrobble to be sent
 		Eventually(scr.ScrobbleCalled.Load).Should(BeTrue())

 		lastScrobble := scr.LastScrobble.Load()
--- a/core/scrobbler/play_tracker.go
+++ b/core/scrobbler/play_tracker.go
@ -31,12 +31,6 @@ type Submission struct {
 	Timestamp time.Time
 }

-type nowPlayingEntry struct {
-	userId   string
-	track    *model.MediaFile
-	position int
-}
-
 type PlayTracker interface {
 	NowPlaying(ctx context.Context, playerId string, playerName string, trackId string, position int) error
 	GetNowPlaying(ctx context.Context) ([]NowPlayingInfo, error)
@ -58,11 +52,6 @@ type playTracker struct {
 	pluginScrobblers  map[string]Scrobbler
 	pluginLoader      PluginLoader
 	mu                sync.RWMutex
-	npQueue           map[string]nowPlayingEntry
-	npMu              sync.Mutex
-	npSignal          chan struct{}
-	shutdown          chan struct{}
-	workerDone        chan struct{}
 }

 func GetPlayTracker(ds model.DataStore, broker events.Broker, pluginManager PluginLoader) PlayTracker {
@ -82,10 +71,6 @@ func newPlayTracker(ds model.DataStore, broker events.Broker, pluginManager Plug
 		builtinScrobblers: make(map[string]Scrobbler),
 		pluginScrobblers:  make(map[string]Scrobbler),
 		pluginLoader:      pluginManager,
-		npQueue:           make(map[string]nowPlayingEntry),
-		npSignal:          make(chan struct{}, 1),
-		shutdown:          make(chan struct{}),
-		workerDone:        make(chan struct{}),
 	}
 	if conf.Server.EnableNowPlaying {
 		m.OnExpiration(func(_ string, _ NowPlayingInfo) {
@ -105,16 +90,9 @@ func newPlayTracker(ds model.DataStore, broker events.Broker, pluginManager Plug
 		p.builtinScrobblers[name] = s
 	}
 	log.Debug("List of builtin scrobblers enabled", "names", enabled)
-	go p.nowPlayingWorker()
 	return p
 }

-// stopNowPlayingWorker stops the background worker. This is primarily for testing.
-func (p *playTracker) stopNowPlayingWorker() {
-	close(p.shutdown)
-	<-p.workerDone // Wait for worker to finish
-}
-
 // pluginNamesMatchScrobblers returns true if the set of pluginNames matches the keys in pluginScrobblers
 func pluginNamesMatchScrobblers(pluginNames []string, scrobblers map[string]Scrobbler) bool {
 	if len(pluginNames) != len(scrobblers) {
@ -220,58 +198,11 @@ func (p *playTracker) NowPlaying(ctx context.Context, playerId string, playerNam
 	}
 	player, _ := request.PlayerFrom(ctx)
 	if player.ScrobbleEnabled {
-		p.enqueueNowPlaying(playerId, user.ID, mf, position)
+		p.dispatchNowPlaying(ctx, user.ID, mf, position)
 	}
 	return nil
 }

-func (p *playTracker) enqueueNowPlaying(playerId string, userId string, track *model.MediaFile, position int) {
-	p.npMu.Lock()
-	defer p.npMu.Unlock()
-	p.npQueue[playerId] = nowPlayingEntry{
-		userId:   userId,
-		track:    track,
-		position: position,
-	}
-	p.sendNowPlayingSignal()
-}
-
-func (p *playTracker) sendNowPlayingSignal() {
-	// Don't block if the previous signal was not read yet
-	select {
-	case p.npSignal <- struct{}{}:
-	default:
-	}
-}
-
-func (p *playTracker) nowPlayingWorker() {
-	defer close(p.workerDone)
-	for {
-		select {
-		case <-p.shutdown:
-			return
-		case <-time.After(time.Second):
-		case <-p.npSignal:
-		}
-
-		p.npMu.Lock()
-		if len(p.npQueue) == 0 {
-			p.npMu.Unlock()
-			continue
-		}
-
-		// Keep a copy of the entries to process and clear the queue
-		entries := p.npQueue
-		p.npQueue = make(map[string]nowPlayingEntry)
-		p.npMu.Unlock()
-
-		// Process entries without holding lock
-		for _, entry := range entries {
-			p.dispatchNowPlaying(context.Background(), entry.userId, entry.track, entry.position)
-		}
-	}
-}
-
 func (p *playTracker) dispatchNowPlaying(ctx context.Context, userId string, t *model.MediaFile, position int) {
 	if t.Artist == consts.UnknownArtist {
 		log.Debug(ctx, "Ignoring external NowPlaying update for track with unknown artist", "track", t.Title, "artist", t.Artist)
--- a/core/scrobbler/play_tracker_test.go
+++ b/core/scrobbler/play_tracker_test.go
@ -24,26 +24,15 @@ import (
 // Moved to top-level scope to avoid linter issues

 type mockPluginLoader struct {
-	mu         sync.RWMutex
 	names      []string
 	scrobblers map[string]Scrobbler
 }

 func (m *mockPluginLoader) PluginNames(service string) []string {
-	m.mu.RLock()
-	defer m.mu.RUnlock()
 	return m.names
 }

-func (m *mockPluginLoader) SetNames(names []string) {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-	m.names = names
-}
-
 func (m *mockPluginLoader) LoadScrobbler(name string) (Scrobbler, bool) {
-	m.mu.RLock()
-	defer m.mu.RUnlock()
 	s, ok := m.scrobblers[name]
 	return s, ok
 }
@ -57,7 +46,7 @@ var _ = Describe("PlayTracker", func() {
 	var album model.Album
 	var artist1 model.Artist
 	var artist2 model.Artist
-	var fake *fakeScrobbler
+	var fake fakeScrobbler

 	BeforeEach(func() {
 		DeferCleanup(configtest.SetupConfig())
@ -65,16 +54,16 @@ var _ = Describe("PlayTracker", func() {
 		ctx = request.WithUser(ctx, model.User{ID: "u-1"})
 		ctx = request.WithPlayer(ctx, model.Player{ScrobbleEnabled: true})
 		ds = &tests.MockDataStore{}
-		fake = &fakeScrobbler{Authorized: true}
+		fake = fakeScrobbler{Authorized: true}
 		Register("fake", func(model.DataStore) Scrobbler {
-			return fake
+			return &fake
 		})
 		Register("disabled", func(model.DataStore) Scrobbler {
 			return nil
 		})
 		eventBroker = &fakeEventBroker{}
 		tracker = newPlayTracker(ds, eventBroker, nil)
-		tracker.(*playTracker).builtinScrobblers["fake"] = fake // Bypass buffering for tests
+		tracker.(*playTracker).builtinScrobblers["fake"] = &fake // Bypass buffering for tests

 		track = model.MediaFile{
 			ID:             "123",
@ -97,11 +86,6 @@ var _ = Describe("PlayTracker", func() {
 		_ = ds.Album(ctx).(*tests.MockAlbumRepo).Put(&album)
 	})

-	AfterEach(func() {
-		// Stop the worker goroutine to prevent data races between tests
-		tracker.(*playTracker).stopNowPlayingWorker()
-	})
-
 	It("does not register disabled scrobblers", func() {
 		Expect(tracker.(*playTracker).builtinScrobblers).To(HaveKey("fake"))
 		Expect(tracker.(*playTracker).builtinScrobblers).ToNot(HaveKey("disabled"))
@ -111,10 +95,10 @@ var _ = Describe("PlayTracker", func() {
 		It("sends track to agent", func() {
 			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)
 			Expect(err).ToNot(HaveOccurred())
-			Eventually(func() bool { return fake.GetNowPlayingCalled() }).Should(BeTrue())
-			Expect(fake.GetUserID()).To(Equal("u-1"))
-			Expect(fake.GetTrack().ID).To(Equal("123"))
-			Expect(fake.GetTrack().Participants).To(Equal(track.Participants))
+			Expect(fake.NowPlayingCalled).To(BeTrue())
+			Expect(fake.UserID).To(Equal("u-1"))
+			Expect(fake.Track.ID).To(Equal("123"))
+			Expect(fake.Track.Participants).To(Equal(track.Participants))
 		})
 		It("does not send track to agent if user has not authorized", func() {
 			fake.Authorized = false
@ -122,7 +106,7 @@ var _ = Describe("PlayTracker", func() {
 			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)

 			Expect(err).ToNot(HaveOccurred())
-			Expect(fake.GetNowPlayingCalled()).To(BeFalse())
+			Expect(fake.NowPlayingCalled).To(BeFalse())
 		})
 		It("does not send track to agent if player is not enabled to send scrobbles", func() {
 			ctx = request.WithPlayer(ctx, model.Player{ScrobbleEnabled: false})
@ -130,7 +114,7 @@ var _ = Describe("PlayTracker", func() {
 			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)

 			Expect(err).ToNot(HaveOccurred())
-			Expect(fake.GetNowPlayingCalled()).To(BeFalse())
+			Expect(fake.NowPlayingCalled).To(BeFalse())
 		})
 		It("does not send track to agent if artist is unknown", func() {
 			track.Artist = consts.UnknownArtist
@ -138,7 +122,7 @@ var _ = Describe("PlayTracker", func() {
 			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)

 			Expect(err).ToNot(HaveOccurred())
-			Expect(fake.GetNowPlayingCalled()).To(BeFalse())
+			Expect(fake.NowPlayingCalled).To(BeFalse())
 		})

 		It("stores position when greater than zero", func() {
@ -146,12 +130,11 @@ var _ = Describe("PlayTracker", func() {
 			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", pos)
 			Expect(err).ToNot(HaveOccurred())

-			Eventually(func() int { return fake.GetPosition() }).Should(Equal(pos))
-
 			playing, err := tracker.GetNowPlaying(ctx)
 			Expect(err).ToNot(HaveOccurred())
 			Expect(playing).To(HaveLen(1))
 			Expect(playing[0].Position).To(Equal(pos))
+			Expect(fake.Position).To(Equal(pos))
 		})

 		It("sends event with count", func() {
@ -227,7 +210,7 @@ var _ = Describe("PlayTracker", func() {

 			Expect(err).ToNot(HaveOccurred())
 			Expect(fake.ScrobbleCalled.Load()).To(BeTrue())
-			Expect(fake.GetUserID()).To(Equal("u-1"))
+			Expect(fake.UserID).To(Equal("u-1"))
 			lastScrobble := fake.LastScrobble.Load()
 			Expect(lastScrobble.TimeStamp).To(BeTemporally("~", ts, 1*time.Second))
 			Expect(lastScrobble.ID).To(Equal("123"))
@ -295,46 +278,45 @@ var _ = Describe("PlayTracker", func() {

 	Describe("Plugin scrobbler logic", func() {
 		var pluginLoader *mockPluginLoader
-		var pluginFake *fakeScrobbler
+		var pluginFake fakeScrobbler

 		BeforeEach(func() {
-			pluginFake = &fakeScrobbler{Authorized: true}
+			pluginFake = fakeScrobbler{Authorized: true}
 			pluginLoader = &mockPluginLoader{
 				names:      []string{"plugin1"},
-				scrobblers: map[string]Scrobbler{"plugin1": pluginFake},
+				scrobblers: map[string]Scrobbler{"plugin1": &pluginFake},
 			}
 			tracker = newPlayTracker(ds, events.GetBroker(), pluginLoader)

 			// Bypass buffering for both built-in and plugin scrobblers
-			tracker.(*playTracker).builtinScrobblers["fake"] = fake
-			tracker.(*playTracker).pluginScrobblers["plugin1"] = pluginFake
+			tracker.(*playTracker).builtinScrobblers["fake"] = &fake
+			tracker.(*playTracker).pluginScrobblers["plugin1"] = &pluginFake
 		})

 		It("registers and uses plugin scrobbler for NowPlaying", func() {
 			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)
 			Expect(err).ToNot(HaveOccurred())
-			Eventually(func() bool { return pluginFake.GetNowPlayingCalled() }).Should(BeTrue())
+			Expect(pluginFake.NowPlayingCalled).To(BeTrue())
 		})

 		It("removes plugin scrobbler if not present anymore", func() {
 			// First call: plugin present
 			_ = tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)
-			Eventually(func() bool { return pluginFake.GetNowPlayingCalled() }).Should(BeTrue())
-			pluginFake.nowPlayingCalled.Store(false)
+			Expect(pluginFake.NowPlayingCalled).To(BeTrue())
+			pluginFake.NowPlayingCalled = false
 			// Remove plugin
-			pluginLoader.SetNames([]string{})
+			pluginLoader.names = []string{}
 			_ = tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)
-			// Should not be called since plugin was removed
-			Consistently(func() bool { return pluginFake.GetNowPlayingCalled() }).Should(BeFalse())
+			Expect(pluginFake.NowPlayingCalled).To(BeFalse())
 		})

 		It("calls both builtin and plugin scrobblers for NowPlaying", func() {
-			fake.nowPlayingCalled.Store(false)
-			pluginFake.nowPlayingCalled.Store(false)
+			fake.NowPlayingCalled = false
+			pluginFake.NowPlayingCalled = false
 			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)
 			Expect(err).ToNot(HaveOccurred())
-			Eventually(func() bool { return fake.GetNowPlayingCalled() }).Should(BeTrue())
-			Eventually(func() bool { return pluginFake.GetNowPlayingCalled() }).Should(BeTrue())
+			Expect(fake.NowPlayingCalled).To(BeTrue())
+			Expect(pluginFake.NowPlayingCalled).To(BeTrue())
 		})

 		It("calls plugin scrobbler for Submit", func() {
@ -377,7 +359,7 @@ var _ = Describe("PlayTracker", func() {

 		It("calls Stop on scrobblers when removing them", func() {
 			// Change the plugin names to simulate a plugin being removed
-			mockPlugin.SetNames([]string{})
+			mockPlugin.names = []string{}

 			// Call refreshPluginScrobblers which should detect the removed plugin
 			pTracker.refreshPluginScrobblers()
@ -393,51 +375,32 @@ var _ = Describe("PlayTracker", func() {

 type fakeScrobbler struct {
 	Authorized       bool
-	nowPlayingCalled atomic.Bool
+	NowPlayingCalled bool
 	ScrobbleCalled   atomic.Bool
-	userID           atomic.Pointer[string]
-	track            atomic.Pointer[model.MediaFile]
-	position         atomic.Int32
+	UserID           string
+	Track            *model.MediaFile
+	Position         int
 	LastScrobble     atomic.Pointer[Scrobble]
 	Error            error
 }

-func (f *fakeScrobbler) GetNowPlayingCalled() bool {
-	return f.nowPlayingCalled.Load()
-}
-
-func (f *fakeScrobbler) GetUserID() string {
-	if p := f.userID.Load(); p != nil {
-		return *p
-	}
-	return ""
-}
-
-func (f *fakeScrobbler) GetTrack() *model.MediaFile {
-	return f.track.Load()
-}
-
-func (f *fakeScrobbler) GetPosition() int {
-	return int(f.position.Load())
-}
-
 func (f *fakeScrobbler) IsAuthorized(ctx context.Context, userId string) bool {
 	return f.Error == nil && f.Authorized
 }

 func (f *fakeScrobbler) NowPlaying(ctx context.Context, userId string, track *model.MediaFile, position int) error {
-	f.nowPlayingCalled.Store(true)
+	f.NowPlayingCalled = true
 	if f.Error != nil {
 		return f.Error
 	}
-	f.userID.Store(&userId)
-	f.track.Store(track)
-	f.position.Store(int32(position))
+	f.UserID = userId
+	f.Track = track
+	f.Position = position
 	return nil
 }

 func (f *fakeScrobbler) Scrobble(ctx context.Context, userId string, s Scrobble) error {
-	f.userID.Store(&userId)
+	f.UserID = userId
 	f.LastScrobble.Store(&s)
 	f.ScrobbleCalled.Store(true)
 	if f.Error != nil {
--- a/db/db.go
+++ b/db/db.go
@ -45,12 +45,10 @@ func Db() *sql.DB {
 		if err != nil {
 			log.Fatal("Error opening database", err)
 		}
-		if conf.Server.DevOptimizeDB {
-			_, err = db.Exec("PRAGMA optimize=0x10002")
-			if err != nil {
-				log.Error("Error applying PRAGMA optimize", err)
-				return nil
-			}
+		_, err = db.Exec("PRAGMA optimize=0x10002")
+		if err != nil {
+			log.Error("Error applying PRAGMA optimize", err)
+			return nil
 		}
 		return db
 	})
@ -101,7 +99,7 @@ func Init(ctx context.Context) func() {
 		log.Fatal(ctx, "Failed to apply new migrations", err)
 	}

-	if hasSchemaChanges && conf.Server.DevOptimizeDB {
+	if hasSchemaChanges {
 		log.Debug(ctx, "Applying PRAGMA optimize after schema changes")
 		_, err = db.ExecContext(ctx, "PRAGMA optimize")
 		if err != nil {
@ -116,9 +114,6 @@ func Init(ctx context.Context) func() {

 // Optimize runs PRAGMA optimize on each connection in the pool
 func Optimize(ctx context.Context) {
-	if !conf.Server.DevOptimizeDB {
-		return
-	}
 	numConns := Db().Stats().OpenConnections
 	if numConns == 0 {
 		log.Debug(ctx, "No open connections to optimize")
--- a/db/migrations/migration.go
+++ b/db/migrations/migration.go
@ -7,7 +7,6 @@ import (
 	"strings"
 	"sync"

-	"github.com/navidrome/navidrome/conf"
 	"github.com/navidrome/navidrome/consts"
 )

@ -22,13 +21,11 @@ func notice(tx *sql.Tx, msg string) {
 // Call this in migrations that requires a full rescan
 func forceFullRescan(tx *sql.Tx) error {
 	// If a full scan is required, most probably the query optimizer is outdated, so we run `analyze`.
-	if conf.Server.DevOptimizeDB {
-		_, err := tx.Exec(`ANALYZE;`)
-		if err != nil {
-			return err
-		}
+	_, err := tx.Exec(`ANALYZE;`)
+	if err != nil {
+		return err
 	}
-	_, err := tx.Exec(fmt.Sprintf(`
+	_, err = tx.Exec(fmt.Sprintf(`
 INSERT OR REPLACE into property (id, value) values ('%s', '1');
 `, consts.FullScanAfterMigrationFlagKey))
 	return err
--- a/log/log.go
+++ b/log/log.go
@ -29,8 +29,8 @@ var redacted = &Hook{
 		"(Secret:\")[\\w]*",
 		"(Spotify.*ID:\")[\\w]*",
 		"(PasswordEncryptionKey:[\\s]*\")[^\"]*",
-		"(UserHeader:[\\s]*\")[^\"]*",
-		"(TrustedSources:[\\s]*\")[^\"]*",
+		"(ReverseProxyUserHeader:[\\s]*\")[^\"]*",
+		"(ReverseProxyWhitelist:[\\s]*\")[^\"]*",
 		"(MetricsPath:[\\s]*\")[^\"]*",
 		"(DevAutoCreateAdminPassword:[\\s]*\")[^\"]*",
 		"(DevAutoLoginUsername:[\\s]*\")[^\"]*",
--- a/persistence/library_repository.go
+++ b/persistence/library_repository.go
@ -179,9 +179,7 @@ func (r *libraryRepository) ScanEnd(id int) error {
 	// https://www.sqlite.org/pragma.html#pragma_optimize
 	// Use mask 0x10000 to check table sizes without running ANALYZE
 	// Running ANALYZE can cause query planner issues with expression-based collation indexes
-	if conf.Server.DevOptimizeDB {
-		_, err = r.executeSQL(Expr("PRAGMA optimize=0x10000;"))
-	}
+	_, err = r.executeSQL(Expr("PRAGMA optimize=0x10000;"))
 	return err
 }

--- a/persistence/playlist_repository.go
+++ b/persistence/playlist_repository.go
@ -264,11 +264,6 @@ func (r *playlistRepository) refreshSmartPlaylist(pls *model.Playlist) bool {
 		"annotation.item_id = media_file.id" +
 		" AND annotation.item_type = 'media_file'" +
 		" AND annotation.user_id = '" + usr.ID + "')")
-
-	// Only include media files from libraries the user has access to
-	sq = r.applyLibraryFilter(sq, "media_file")
-
-	// Apply the criteria rules
 	sq = r.addCriteria(sq, rules)
 	insSql := Insert("playlist_tracks").Columns("id", "playlist_id", "media_file_id").Select(sq)
 	_, err = r.executeSQL(insSql)
--- a/persistence/playlist_repository_test.go
+++ b/persistence/playlist_repository_test.go
@ -366,136 +366,4 @@ var _ = Describe("PlaylistRepository", func() {
 			Expect(foundWithoutGrouping).To(BeTrue())
 		})
 	})
-
-	Describe("Smart Playlists Library Filtering", func() {
-		var mfRepo model.MediaFileRepository
-		var testPlaylistID string
-		var lib2ID int
-		var restrictedUserID string
-		var uniqueLibPath string
-
-		BeforeEach(func() {
-			db := GetDBXBuilder()
-
-			// Generate unique IDs for this test run
-			uniqueSuffix := time.Now().Format("20060102150405.000")
-			restrictedUserID = "restricted-user-" + uniqueSuffix
-			uniqueLibPath = "/music/lib2-" + uniqueSuffix
-
-			// Create a second library with unique name and path to avoid conflicts with other tests
-			_, err := db.DB().Exec("INSERT INTO library (name, path, created_at, updated_at) VALUES (?, ?, datetime('now'), datetime('now'))", "Library 2-"+uniqueSuffix, uniqueLibPath)
-			Expect(err).ToNot(HaveOccurred())
-			err = db.DB().QueryRow("SELECT last_insert_rowid()").Scan(&lib2ID)
-			Expect(err).ToNot(HaveOccurred())
-
-			// Create a restricted user with access only to library 1
-			_, err = db.DB().Exec("INSERT INTO user (id, user_name, name, is_admin, password, created_at, updated_at) VALUES (?, ?, 'Restricted User', false, 'pass', datetime('now'), datetime('now'))", restrictedUserID, restrictedUserID)
-			Expect(err).ToNot(HaveOccurred())
-			_, err = db.DB().Exec("INSERT INTO user_library (user_id, library_id) VALUES (?, 1)", restrictedUserID)
-			Expect(err).ToNot(HaveOccurred())
-
-			// Create test media files in each library
-			ctx := log.NewContext(GinkgoT().Context())
-			ctx = request.WithUser(ctx, model.User{ID: "userid", UserName: "userid", IsAdmin: true})
-			mfRepo = NewMediaFileRepository(ctx, db)
-
-			// Song in library 1 (accessible by restricted user)
-			songLib1 := model.MediaFile{
-				ID:           "lib1-song",
-				Title:        "Song in Lib1",
-				Artist:       "Test Artist",
-				ArtistID:     "1",
-				Album:        "Test Album",
-				AlbumID:      "101",
-				Path:         "/music/lib1/song.mp3",
-				LibraryID:    1,
-				Participants: model.Participants{},
-				Tags:         model.Tags{},
-				Lyrics:       "[]",
-			}
-			Expect(mfRepo.Put(&songLib1)).To(Succeed())
-
-			// Song in library 2 (NOT accessible by restricted user)
-			songLib2 := model.MediaFile{
-				ID:           "lib2-song",
-				Title:        "Song in Lib2",
-				Artist:       "Test Artist",
-				ArtistID:     "1",
-				Album:        "Test Album",
-				AlbumID:      "101",
-				Path:         uniqueLibPath + "/song.mp3",
-				LibraryID:    lib2ID,
-				Participants: model.Participants{},
-				Tags:         model.Tags{},
-				Lyrics:       "[]",
-			}
-			Expect(mfRepo.Put(&songLib2)).To(Succeed())
-		})
-
-		AfterEach(func() {
-			db := GetDBXBuilder()
-			if testPlaylistID != "" {
-				_ = repo.Delete(testPlaylistID)
-				testPlaylistID = ""
-			}
-			// Clean up test data
-			_, _ = db.Delete("media_file", dbx.HashExp{"id": "lib1-song"}).Execute()
-			_, _ = db.Delete("media_file", dbx.HashExp{"id": "lib2-song"}).Execute()
-			_, _ = db.Delete("user_library", dbx.HashExp{"user_id": restrictedUserID}).Execute()
-			_, _ = db.Delete("user", dbx.HashExp{"id": restrictedUserID}).Execute()
-			_, _ = db.DB().Exec("DELETE FROM library WHERE id = ?", lib2ID)
-		})
-
-		It("should only include tracks from libraries the user has access to (issue #4738)", func() {
-			db := GetDBXBuilder()
-			ctx := log.NewContext(GinkgoT().Context())
-
-			// Create the smart playlist as the restricted user
-			restrictedUser := model.User{ID: restrictedUserID, UserName: restrictedUserID, IsAdmin: false}
-			ctx = request.WithUser(ctx, restrictedUser)
-			restrictedRepo := NewPlaylistRepository(ctx, db)
-
-			// Create a smart playlist that matches all songs
-			rules := &criteria.Criteria{
-				Expression: criteria.All{
-					criteria.Gt{"playCount": -1}, // Matches everything
-				},
-			}
-			newPls := model.Playlist{Name: "All Songs", OwnerID: restrictedUserID, Rules: rules}
-			Expect(restrictedRepo.Put(&newPls)).To(Succeed())
-			testPlaylistID = newPls.ID
-
-			By("refreshing the smart playlist")
-			conf.Server.SmartPlaylistRefreshDelay = -1 * time.Second // Force refresh
-			pls, err := restrictedRepo.GetWithTracks(newPls.ID, true, false)
-			Expect(err).ToNot(HaveOccurred())
-
-			By("verifying only the track from library 1 is in the playlist")
-			var foundLib1Song, foundLib2Song bool
-			for _, track := range pls.Tracks {
-				if track.MediaFileID == "lib1-song" {
-					foundLib1Song = true
-				}
-				if track.MediaFileID == "lib2-song" {
-					foundLib2Song = true
-				}
-			}
-			Expect(foundLib1Song).To(BeTrue(), "Song from library 1 should be in the playlist")
-			Expect(foundLib2Song).To(BeFalse(), "Song from library 2 should NOT be in the playlist")
-
-			By("verifying playlist_tracks table only contains the accessible track")
-			var playlistTracksCount int
-			err = db.DB().QueryRow("SELECT count(*) FROM playlist_tracks WHERE playlist_id = ?", newPls.ID).Scan(&playlistTracksCount)
-			Expect(err).ToNot(HaveOccurred())
-			// Count should only include tracks visible to the user (lib1-song)
-			// The count may include other test songs from library 1, but NOT lib2-song
-			var lib2TrackCount int
-			err = db.DB().QueryRow("SELECT count(*) FROM playlist_tracks WHERE playlist_id = ? AND media_file_id = 'lib2-song'", newPls.ID).Scan(&lib2TrackCount)
-			Expect(err).ToNot(HaveOccurred())
-			Expect(lib2TrackCount).To(Equal(0), "lib2-song should not be in playlist_tracks")
-
-			By("verifying SongCount matches visible tracks")
-			Expect(pls.SongCount).To(Equal(len(pls.Tracks)), "SongCount should match the number of visible tracks")
-		})
-	})
 })
--- a/persistence/tag_library_filtering_test.go
+++ b/persistence/tag_library_filtering_test.go
@ -2,7 +2,6 @@ package persistence

 import (
 	"context"
-	"time"

 	"github.com/deluan/rest"
 	"github.com/navidrome/navidrome/conf/configtest"
@ -46,9 +45,6 @@ var _ = Describe("Tag Library Filtering", func() {
 	BeforeEach(func() {
 		DeferCleanup(configtest.SetupConfig())

-		// Generate unique path suffix to avoid conflicts with other tests
-		uniqueSuffix := time.Now().Format("20060102150405.000")
-
 		// Clean up database
 		db := GetDBXBuilder()
 		_, err := db.NewQuery("DELETE FROM library_tag").Execute()
@ -61,12 +57,12 @@ var _ = Describe("Tag Library Filtering", func() {
 		_, err = db.NewQuery("DELETE FROM library WHERE id > 1").Execute()
 		Expect(err).ToNot(HaveOccurred())

-		// Create test libraries with unique names and paths to avoid conflicts with other tests
+		// Create test libraries
 		_, err = db.NewQuery("INSERT INTO library (id, name, path) VALUES ({:id}, {:name}, {:path})").
-			Bind(dbx.Params{"id": libraryID2, "name": "Library 2-" + uniqueSuffix, "path": "/music/lib2-" + uniqueSuffix}).Execute()
+			Bind(dbx.Params{"id": libraryID2, "name": "Library 2", "path": "/music/lib2"}).Execute()
 		Expect(err).ToNot(HaveOccurred())
 		_, err = db.NewQuery("INSERT INTO library (id, name, path) VALUES ({:id}, {:name}, {:path})").
-			Bind(dbx.Params{"id": libraryID3, "name": "Library 3-" + uniqueSuffix, "path": "/music/lib3-" + uniqueSuffix}).Execute()
+			Bind(dbx.Params{"id": libraryID3, "name": "Library 3", "path": "/music/lib3"}).Execute()
 		Expect(err).ToNot(HaveOccurred())

 		// Give admin access to all libraries
--- a/resources/i18n/da.json
+++ b/resources/i18n/da.json
@ -83,7 +83,7 @@
      "actions": {
        "playAll": "Afspil",
        "playNext": "Afspil næste",
-        "addToQueue": "Føj til kø",
+        "addToQueue": "Afspil senere",
        "shuffle": "Bland",
        "addToPlaylist": "Føj til afspilningsliste",
        "download": "Download",
@ -301,19 +301,14 @@
      "actions": {
        "scan": "Scanningsbibliotek",
        "manageUsers": "Administrer brugeradgang",
-        "viewDetails": "Se detaljer",
-        "quickScan": "hurtig skanning",
-        "fullScan": "Fuld skanning"
+        "viewDetails": "Se detaljer"
      },
      "notifications": {
        "created": "Bibliotek oprettet",
        "updated": "Biblioteket er blevet opdateret",
        "deleted": "Biblioteket er blevet slettet",
        "scanStarted": "Biblioteksscanning startet",
-        "scanCompleted": "Biblioteksscanning fuldført",
-        "quickScanStarted": "hurtig skanning startet",
-        "fullScanStarted": "Fuld skanning startet",
-        "scanError": "Kan ikke starte skanning. Tjek loggen"
+        "scanCompleted": "Biblioteksscanning fuldført"
      },
      "validation": {
        "nameRequired": "Biblioteksnavn er påkrævet",
@ -554,7 +549,7 @@
    "closeText": "Luk",
    "notContentText": "Ingen musik",
    "clickToPlayText": "Tryk for at afspille",
-    "clickToPauseText": "Tryk for at sætte på pause",
+    "clickToPauseText": "Tryk for at pause",
    "nextTrackText": "Næste nummer",
    "previousTrackText": "Forrige nummer",
    "reloadText": "Genindlæs",
@ -609,8 +604,7 @@
    "serverDown": "OFFLINE",
    "scanType": "Type",
    "status": "Scanningsfejl",
-    "elapsedTime": "Medgået tid",
-    "selectiveScan": "Selektiv"
+    "elapsedTime": "Medgået tid"
  },
  "help": {
    "title": "Navidrome genvejstaster",
--- a/resources/i18n/de.json
+++ b/resources/i18n/de.json
@ -301,19 +301,14 @@
      "actions": {
        "scan": "Bibliothek scannen",
        "manageUsers": "Zugriff verwalten",
-        "viewDetails": "Details ansehen",
-        "quickScan": "Schneller Scan",
-        "fullScan": "Kompletter Scan"
+        "viewDetails": "Details ansehen"
      },
      "notifications": {
        "created": "Bibliothek erfolgreich erstellt",
        "updated": "Bibliothek erfolgreich geändert",
        "deleted": "Bibliothek erfolgreich gelöscht",
        "scanStarted": "Bibliothek Scan gestartet",
-        "scanCompleted": "Bibliothek Scan vollständig",
-        "quickScanStarted": "Schneller Scan gestartet",
-        "fullScanStarted": "Kompletter Scan gestartet",
-        "scanError": "Fehler beim Starten des Scans. Logs prüfen"
+        "scanCompleted": "Bibliothek Scan vollständig"
      },
      "validation": {
        "nameRequired": "Bibliotheksname ist Pflichtfeld",
@ -609,8 +604,7 @@
    "serverDown": "OFFLINE",
    "scanType": "Typ",
    "status": "Scan Fehler",
-    "elapsedTime": "Laufzeit",
-    "selectiveScan": "Selektiver Scan"
+    "elapsedTime": "Laufzeit"
  },
  "help": {
    "title": "Navidrome Hotkeys",
--- a/resources/i18n/el.json
+++ b/resources/i18n/el.json
@ -301,19 +301,14 @@
      "actions": {
        "scan": "Σάρωση βιβλιοθήκης",
        "manageUsers": "Διαχείριση πρόσβασης χρήστη",
-        "viewDetails": "Προβολή λεπτομερειών",
-        "quickScan": "Γρήγορη σάρωση",
-        "fullScan": "Πλήρης σάρωση"
+        "viewDetails": "Προβολή λεπτομερειών"
      },
      "notifications": {
        "created": "Η βιβλιοθήκη δημιουργήθηκε με επιτυχία",
        "updated": "Η βιβλιοθήκη ενημερώθηκε με επιτυχία",
        "deleted": "Η βιβλιοθήκη διαγράφηκε με επιτυχία",
        "scanStarted": "Ξεκίνησε η σάρωση της βιβλιοθήκης",
-        "scanCompleted": "Η σάρωση της βιβλιοθήκης ολοκληρώθηκε",
-        "quickScanStarted": "Η Γρήγορη Σάρωση ξεκίνησε",
-        "fullScanStarted": "Η πλήρης σάρωση ξεκίνησε",
-        "scanError": "Σφάλμα κατά την έναρξη της σάρωσης. Ελέγξτε τα αρχεία καταγραφής."
+        "scanCompleted": "Η σάρωση της βιβλιοθήκης ολοκληρώθηκε"
      },
      "validation": {
        "nameRequired": "Απαιτείται όνομα βιβλιοθήκης",
@ -609,8 +604,7 @@
    "serverDown": "ΕΚΤΟΣ ΣΥΝΔΕΣΗΣ",
    "scanType": "Τύπος",
    "status": "Σφάλμα σάρωσης",
-    "elapsedTime": "Χρόνος που πέρασε",
-    "selectiveScan": "Εκλεκτικός"
+    "elapsedTime": "Χρόνος που πέρασε"
  },
  "help": {
    "title": "Συντομεύσεις του Navidrome",
--- a/resources/i18n/es.json
+++ b/resources/i18n/es.json
@ -36,7 +36,7 @@
        "bitDepth": "Profundidad de bits",
        "sampleRate": "Frecuencia de muestreo",
        "missing": "Faltante",
-        "libraryName": "Biblioteca"
+        "libraryName": ""
      },
      "actions": {
        "addToQueue": "Reproducir después",
@ -78,7 +78,7 @@
        "mood": "Estado de ánimo",
        "date": "Fecha de grabación",
        "missing": "Faltante",
-        "libraryName": "Biblioteca"
+        "libraryName": ""
      },
      "actions": {
        "playAll": "Reproducir",
@ -127,12 +127,12 @@
        "remixer": "Remixer",
        "djmixer": "DJ Mixer",
        "performer": "Intérprete",
-        "maincredit": "Artista del álbum o Artista |||| Artistas del álbum o Artistas"
+        "maincredit": ""
      },
      "actions": {
        "shuffle": "Aleatorio",
        "radio": "Radio",
-        "topSongs": "Más destacadas"
+        "topSongs": ""
      }
    },
    "user": {
@ -150,11 +150,11 @@
        "newPassword": "Nueva contraseña",
        "token": "Token",
        "lastAccessAt": "Último acceso",
-        "libraries": "Bibliotecas"
+        "libraries": ""
      },
      "helperTexts": {
        "name": "Los cambios a tu nombre se verán en el próximo inicio de sesión",
-        "libraries": "Selecciona bibliotecas específicas para este usuario o déjalo vacío para usar las bibliotecas por defecto"
+        "libraries": ""
      },
      "notifications": {
        "created": "Usuario creado",
@ -164,11 +164,11 @@
      "message": {
        "listenBrainzToken": "Escribe tu token de usuario de ListenBrainz",
        "clickHereForToken": "Click aquí para obtener tu token",
-        "selectAllLibraries": "Seleccionar todas las bibliotecas",
-        "adminAutoLibraries": "Los usuarios administradores tienen acceso a todas las bibliotecas automáticamente"
+        "selectAllLibraries": "",
+        "adminAutoLibraries": ""
      },
      "validation": {
-        "librariesRequired": "Se debe seleccionar al menos una biblioteca para los usuarios que no sean administradores"
+        "librariesRequired": ""
      }
    },
    "player": {
@ -261,7 +261,7 @@
        "path": "Ruta",
        "size": "Tamaño",
        "updatedAt": "Actualizado el",
-        "libraryName": "Biblioteca"
+        "libraryName": ""
      },
      "actions": {
        "remove": "Eliminar",
@ -273,60 +273,55 @@
      "empty": "No hay archivos perdidos"
    },
    "library": {
-      "name": "Biblioteca |||| Bibliotecas",
+      "name": "",
      "fields": {
-        "name": "Nombre",
-        "path": "Ruta",
-        "remotePath": "Ruta remota",
-        "lastScanAt": "Último escaneo",
-        "songCount": "Canciones",
-        "albumCount": "Álbumes",
-        "artistCount": "Artistas",
-        "totalSongs": "Canciones",
-        "totalAlbums": "Álbumes",
-        "totalArtists": "Artistas",
-        "totalFolders": "Carpetas",
-        "totalFiles": "Archivos",
-        "totalMissingFiles": "Archivos faltantes",
-        "totalSize": "Tamaño total",
-        "totalDuration": "Duración",
-        "defaultNewUsers": "Valor por defecto para los nuevos usuarios",
-        "createdAt": "Creado",
-        "updatedAt": "Actualizado"
+        "name": "",
+        "path": "",
+        "remotePath": "",
+        "lastScanAt": "",
+        "songCount": "",
+        "albumCount": "",
+        "artistCount": "",
+        "totalSongs": "",
+        "totalAlbums": "",
+        "totalArtists": "",
+        "totalFolders": "",
+        "totalFiles": "",
+        "totalMissingFiles": "",
+        "totalSize": "",
+        "totalDuration": "",
+        "defaultNewUsers": "",
+        "createdAt": "",
+        "updatedAt": ""
      },
      "sections": {
-        "basic": "Información básica",
-        "statistics": "Estadísticas"
+        "basic": "",
+        "statistics": ""
      },
      "actions": {
-        "scan": "Escanear biblioteca",
-        "manageUsers": "Gestionar el acceso de usarios",
-        "viewDetails": "Ver detalles",
-        "quickScan": "Escaneo rápido",
-        "fullScan": "Escaneo completo"
+        "scan": "",
+        "manageUsers": "",
+        "viewDetails": ""
      },
      "notifications": {
-        "created": "La biblioteca se creó correctamente",
-        "updated": "La biblioteca se actualizó correctamente",
-        "deleted": "La biblioteca se eliminó correctamente",
-        "scanStarted": "El escaneo de la biblioteca ha comenzado",
-        "scanCompleted": "El escaneo de la biblioteca se completó",
-        "quickScanStarted": "Escaneo rápido ha comenzado",
-        "fullScanStarted": "Escaneo completo ha comenzado",
-        "scanError": "Error al iniciar el escaneo. Revisa los registros"
+        "created": "",
+        "updated": "",
+        "deleted": "",
+        "scanStarted": "",
+        "scanCompleted": ""
      },
      "validation": {
-        "nameRequired": "El nombre de la biblioteca es obligatorio",
-        "pathRequired": "La ruta de la biblioteca es obligatoria",
-        "pathNotDirectory": "La ruta de la biblioteca debe ser un directorio",
-        "pathNotFound": "Ruta de la biblioteca no encontrada",
-        "pathNotAccessible": "La ruta de la biblioteca no es accesible",
-        "pathInvalid": "Ruta de la biblioteca no válida"
+        "nameRequired": "",
+        "pathRequired": "",
+        "pathNotDirectory": "",
+        "pathNotFound": "",
+        "pathNotAccessible": "",
+        "pathInvalid": ""
      },
      "messages": {
-        "deleteConfirm": "¿Estás seguro/a de que quieres eliminar esta biblioteca? Esto eliminará todos los datos asociados y el acceso de les usuaries.",
-        "scanInProgress": "Escaneo en curso...",
-        "noLibrariesAssigned": "No hay bibliotecas asignadas a este usuario"
+        "deleteConfirm": "",
+        "scanInProgress": "",
+        "noLibrariesAssigned": ""
      }
    }
  },
@ -511,7 +506,7 @@
    "remove_all_missing_title": "Eliminar todos los archivos perdidos",
    "remove_all_missing_content": "¿Realmente desea eliminar todos los archivos faltantes de la base de datos? Esto eliminará permanentemente cualquier referencia a ellos, incluidas sus reproducciones y valoraciones.",
    "noSimilarSongsFound": "No se encontraron canciones similares",
-    "noTopSongsFound": "No se encontraron canciones destacadas"
+    "noTopSongsFound": ""
  },
  "menu": {
    "library": "Biblioteca",
@ -542,10 +537,10 @@
    "playlists": "Playlists",
    "sharedPlaylists": "Playlists Compartidas",
    "librarySelector": {
-      "allLibraries": "Todas las bibliotecas (%{count})",
-      "multipleLibraries": "%{selected} de %{total} bibliotecas",
-      "selectLibraries": "Seleccionar bibliotecas",
-      "none": "Ninguno"
+      "allLibraries": "",
+      "multipleLibraries": "",
+      "selectLibraries": "",
+      "none": ""
    }
  },
  "player": {
@ -609,8 +604,7 @@
    "serverDown": "OFFLINE",
    "scanType": "Tipo",
    "status": "Error de escaneo",
-    "elapsedTime": "Tiempo transcurrido",
-    "selectiveScan": "Selectivo"
+    "elapsedTime": "Tiempo transcurrido"
  },
  "help": {
    "title": "Atajos de teclado de Navidrome",
@ -627,8 +621,8 @@
    }
  },
  "nowPlaying": {
-    "title": "En reproducción",
-    "empty": "Nada en reproducción",
-    "minutesAgo": "Hace %{smart_count} minuto |||| Hace %{smart_count} minutos"
+    "title": "",
+    "empty": "",
+    "minutesAgo": ""
  }
 }
--- a/resources/i18n/eu.json
+++ b/resources/i18n/eu.json
@ -12,7 +12,6 @@
        "artist": "Artista",
        "album": "Albuma",
        "path": "Fitxategiaren bidea",
-        "libraryName": "Liburutegia",
        "genre": "Generoa",
        "compilation": "Konpilazioa",
        "year": "Urtea",
@ -59,7 +58,6 @@
        "playCount": "Erreprodukzioak",
        "size": "Fitxategiaren tamaina",
        "name": "Izena",
-        "libraryName": "Liburutegia",
        "genre": "Generoa",
        "compilation": "Konpilazioa",
        "year": "Urtea",
@ -149,26 +147,19 @@
        "currentPassword": "Uneko pasahitza",
        "newPassword": "Pasahitz berria",
        "token": "Tokena",
-        "lastAccessAt": "Azken sarbidea",
-        "libraries": "Liburutegiak"
+        "lastAccessAt": "Azken sarbidea"
      },
      "helperTexts": {
-        "name": "Aldaketak saioa hasten duzun hurrengoan islatuko dira",
-        "libraries": "Hautatu erabiltzaile honentzat liburutegi jakinak, edo utzi hutsik defektuzko liburutegiak erabiltzeko"
+        "name": "Aldaketak saioa hasten duzun hurrengoan islatuko dira"
      },
      "notifications": {
        "created": "Erabiltzailea sortu da",
        "updated": "Erabiltzailea eguneratu da",
        "deleted": "Erabiltzailea ezabatu da"
      },
-      "validation": {
-        "librariesRequired": "Gutxienez liburutegi bat hautatu behar da administratzaile ez diren erabiltzaileentzat"
-      },
      "message": {
        "listenBrainzToken": "Idatzi zure ListenBrainz erabiltzailearen tokena",
-        "clickHereForToken": "Egin klik hemen tokena lortzeko",
-        "selectAllLibraries": "Hautatu liburutegi guztiak",
-        "adminAutoLibraries": "Administratzaileek automatikoki dute liburutegi guztietara sarbidea"
+        "clickHereForToken": "Egin klik hemen tokena lortzeko"
      }
    },
    "player": {
@ -263,7 +254,6 @@
      "fields": {
        "path": "Bidea",
        "size": "Tamaina",
-        "libraryName": "Liburutegia",
        "updatedAt": "Desagertze-data:"
      },
      "actions": {
@ -273,58 +263,6 @@
      "notifications": {
        "removed": "Aurkitzen ez ziren fitxategiak kendu dira"
      }
-    },
-    "library": {
-      "name": "Liburutegia |||| Liburutegiak",
-      "fields": {
-        "name": "Izena",
-        "path": "Fitxategiaren bidea",
-        "remotePath": "Urruneko bidea",
-        "lastScanAt": "Azken araketa",
-        "songCount": "Abestiak",
-        "albumCount": "Albumak",
-        "artistCount": "Artistak",
-        "totalSongs": "Abestiak",
-        "totalAlbums": "Albumak",
-        "totalArtists": "Artistak",
-        "totalFolders": "Karpetak",
-        "totalFiles": "Fitxategiak",
-        "totalMissingFiles": "Fitxategiak faltan",
-        "totalSize": "Tamaina guztira",
-        "totalDuration": "Iraupena",
-        "defaultNewUsers": "Defektuz erabiltzaile berrientzat",
-        "createdAt": "Sortze-data",
-        "updatedAt": "Eguneratze-data"
-      },
-      "sections": {
-        "basic": "Oinarrizko informazioa",
-        "statistics": "Estatistikak"
-      },
-      "actions": {
-        "scan": "Arakatu liburutegia",
-        "manageUsers": "Kudeatu erabiltzaileen sarbidea",
-        "viewDetails": "Ikusi xehetasunak"
-      },
-      "notifications": {
-        "created": "Liburutegia ondo sortu da",
-        "updated": "Liburutegia ondo eguneratu da",
-        "deleted": "Liburutegia ondo ezabatu da",
-        "scanStarted": "Liburutegiaren araketa hasi da",
-        "scanCompleted": "Liburutegiaren araketa amaitu da"
-      },
-      "validation": {
-        "nameRequired": "Liburutegiaren izena beharrezkoa da",
-        "pathRequired": "Liburutegiaren bidea beharrezkoa da",
-        "pathNotDirectory": "Liburutegiaren bidea direktorio bat izan behar da",
-        "pathNotFound": "Ez da liburutegiaren bidea aurkitu",
-        "pathNotAccessible": "Liburutegiaren bidea ez dago eskuragai",
-        "pathInvalid": "Liburutegiaren bidea ez da baliozkoa"
-      },
-      "messages": {
-        "deleteConfirm": "Ziur liburutegia ezabatu nahi duzula? Erlazionatutako datu guztiak eta erabiltzaileen sarbidea kenduko ditu.",
-        "scanInProgress": "Araketa abian da…",
-        "noLibrariesAssigned": "Ez da liburutegirik egokitu erabiltzaile honentzat"
-      }
    }
  },
  "ra": {
@ -512,12 +450,6 @@
  },
  "menu": {
    "library": "Liburutegia",
-    "librarySelector": {
-      "allLibraries": "Liburutegi guztiak (%{count})",
-      "multipleLibraries": "%{total} liburutegitik %{selected} hautatuta",
-      "selectLibraries": "Hautatu liburutegiak",
-      "none": "Bat ere ez"
-    },
    "settings": "Ezarpenak",
    "version": "Bertsioa",
    "theme": "Itxura",
--- a/resources/i18n/fr.json
+++ b/resources/i18n/fr.json
@ -301,19 +301,14 @@
      "actions": {
        "scan": "Scanner la bibliothèque",
        "manageUsers": "Gérer les accès utilisateurs",
-        "viewDetails": "Voir les détails",
-        "quickScan": "Scan Rapide",
-        "fullScan": "Scan Complet"
+        "viewDetails": "Voir les détails"
      },
      "notifications": {
        "created": "Bibliothèque créée avec succès",
        "updated": "Bibliothèque mise à jour avec succès",
        "deleted": "Bibliothèque supprimée avec succès",
        "scanStarted": "Le scan de la bibliothèque a commencé",
-        "scanCompleted": "Le scan de la bibliothèque est terminé",
-        "quickScanStarted": "Scan rapide démarré",
-        "fullScanStarted": "Scan complet démarré",
-        "scanError": "Une erreur est survenue en démarrant le scan. Veuillez regarder les logs"
+        "scanCompleted": "Le scan de la bibliothèque est terminé"
      },
      "validation": {
        "nameRequired": "La bibliothèque doit obligatoirement avoir un nom",
@ -609,8 +604,7 @@
    "serverDown": "HORS LIGNE",
    "scanType": "Type",
    "status": "Erreur de scan",
-    "elapsedTime": "Temps écoulé",
-    "selectiveScan": "Sélectif"
+    "elapsedTime": "Temps écoulé"
  },
  "help": {
    "title": "Raccourcis Navidrome",
--- a/resources/i18n/hu.json
+++ b/resources/i18n/hu.json
@ -300,9 +300,7 @@
      },
      "actions": {
        "scan": "Könyvtár szkennelése",
-        "quickScan": "Gyors szkennelés",
-        "fullScan": "Teljes szkennelés",
-        "manageUsers": "Hozzáférés kezelése",
+        "manageUsers": "Elérés kezelése",
        "viewDetails": "Részletek"
      },
      "notifications": {
@ -600,12 +598,11 @@
  "activity": {
    "title": "Aktivitás",
    "totalScanned": "Összes beolvasott mappa:",
-    "quickScan": "Gyors",
-    "fullScan": "Teljes",
-    "selectiveScan": "Szelektív",
+    "quickScan": "Gyors szkennelés",
+    "fullScan": "Teljes szkennelés",
    "serverUptime": "Szerver üzemidő",
    "serverDown": "OFFLINE",
-    "scanType": "Legutóbbi szkennelés",
+    "scanType": "Típus",
    "status": "Szkennelési hiba",
    "elapsedTime": "Eltelt idő"
  },
--- a/resources/i18n/ja.json
+++ b/resources/i18n/ja.json
@ -27,16 +27,12 @@
        "playDate": "最後の再生",
        "channels": "チャンネル",
        "createdAt": "追加日",
-        "grouping": "グループ分け",
-        "mood": "ムード",
-        "participants": "追加参加者",
-        "tags": "追加タグ",
-        "mappedTags": "マッピング済みタグ",
-        "rawTags": "未処理タグ",
-        "bitDepth": "ビット深度",
-        "sampleRate": "サンプリングレート",
-        "missing": "不明",
-        "libraryName": "ライブラリ"
+        "grouping": "",
+        "mood": "",
+        "participants": "",
+        "tags": "",
+        "mappedTags": "",
+        "rawTags": ""
      },
      "actions": {
        "addToQueue": "最後に再生",
@ -45,8 +41,7 @@
        "shuffleAll": "全曲シャッフル",
        "download": "ダウンロード",
        "playNext": "次に再生",
-        "info": "詳細",
-        "showInPlaylist": "含まれるプレイリスト"
+        "info": "詳細"
      }
    },
    "album": {
@ -70,15 +65,12 @@
        "releaseDate": "リリース日",
        "releases": "リリース",
        "released": "リリース",
-        "recordLabel": "ラベル",
-        "catalogNum": "カタログ番号",
-        "releaseType": "タイプ",
-        "grouping": "グループ分け",
-        "media": "メディア",
-        "mood": "ムード",
-        "date": "録音日",
-        "missing": "不明",
-        "libraryName": "ライブラリ"
+        "recordLabel": "",
+        "catalogNum": "",
+        "releaseType": "",
+        "grouping": "",
+        "media": "",
+        "mood": ""
      },
      "actions": {
        "playAll": "再生",
@ -110,29 +102,22 @@
        "rating": "レート",
        "genre": "ジャンル",
        "size": "サイズ",
-        "role": "役割",
-        "missing": "不明"
+        "role": ""
      },
      "roles": {
-        "albumartist": "アルバムアーティスト",
-        "artist": "アーティスト",
-        "composer": "作曲家",
-        "conductor": "指揮者",
-        "lyricist": "作詞家",
-        "arranger": "編曲者",
-        "producer": "プロデューサー",
-        "director": "ディレクター",
-        "engineer": "エンジニア",
-        "mixer": "ミキサー",
-        "remixer": "リミキサー",
-        "djmixer": "DJ ミキサー",
-        "performer": "演奏者",
-        "maincredit": "アルバムアーティストもしくはアーティスト"
-      },
-      "actions": {
-        "shuffle": "シャッフル",
-        "radio": "ラジオ",
-        "topSongs": "トップソング"
+        "albumartist": "",
+        "artist": "",
+        "composer": "",
+        "conductor": "",
+        "lyricist": "",
+        "arranger": "",
+        "producer": "",
+        "director": "",
+        "engineer": "",
+        "mixer": "",
+        "remixer": "",
+        "djmixer": "",
+        "performer": ""
      }
    },
    "user": {
@ -149,12 +134,10 @@
        "currentPassword": "現在のパスワード",
        "newPassword": "新しいパスワード",
        "token": "トークン",
-        "lastAccessAt": "最終アクセス",
-        "libraries": "ライブラリ"
+        "lastAccessAt": "最終アクセス"
      },
      "helperTexts": {
-        "name": "名前の変更は次回ログイン以降反映されます",
-        "libraries": "このユーザーに対して特定ライブラリを選択するか、デフォルトのライブラリを使用する場合は空欄のままにします"
+        "name": "名前の変更は次回ログイン以降反映されます"
      },
      "notifications": {
        "created": "ユーザーが作成されました",
@ -163,12 +146,7 @@
      },
      "message": {
        "listenBrainzToken": "ListenBrainzユーザートークンを入力",
-        "clickHereForToken": "ここをクリックしトークンを入手",
-        "selectAllLibraries": "全てのライブラリを選択",
-        "adminAutoLibraries": "管理者ユーザーは自動的にすべてのライブラリにアクセスできます"
-      },
-      "validation": {
-        "librariesRequired": "管理者以外のユーザーには少なくとも1つのライブラリを選択する必要があります"
+        "clickHereForToken": "ここをクリックしトークンを入手"
      }
    },
    "player": {
@ -212,17 +190,11 @@
        "addNewPlaylist": "'%{name}' を作成",
        "export": "エクスポート",
        "makePublic": "公開する",
-        "makePrivate": "非公開にする",
-        "saveQueue": "キューをプレイリストに保存",
-        "searchOrCreate": "プレイリストを検索または入力して新規作成...",
-        "pressEnterToCreate": "Enterキーを押して新しいプレイリストを作成",
-        "removeFromSelection": "選択から削除"
+        "makePrivate": "非公開にする"
      },
      "message": {
        "duplicate_song": "重複する曲を追加",
-        "song_exist": "既にプレイリストに存在する曲です。追加しますか？",
-        "noPlaylistsFound": "プレイリストが見つかりません",
-        "noPlaylists": "利用可能なプレイリストはありません"
+        "song_exist": "既にプレイリストに存在する曲です。追加しますか？"
      }
    },
    "radio": {
@ -256,77 +228,17 @@
      }
    },
    "missing": {
-      "name": "欠落したファイル",
+      "name": "",
      "fields": {
-        "path": "パス",
-        "size": "サイズ",
-        "updatedAt": "欠落日",
-        "libraryName": "ライブラリ"
+        "path": "",
+        "size": "",
+        "updatedAt": ""
      },
      "actions": {
-        "remove": "削除",
-        "remove_all": "全て削除"
+        "remove": ""
      },
      "notifications": {
-        "removed": "欠落ファイルが削除されました"
-      },
-      "empty": "ファイルの欠落はありません"
-    },
-    "library": {
-      "name": "ライブラリ",
-      "fields": {
-        "name": "名前",
-        "path": "パス",
-        "remotePath": "リモートパス",
-        "lastScanAt": "最終スキャン",
-        "songCount": "曲数",
-        "albumCount": "アルバム数",
-        "artistCount": "アーティスト数",
-        "totalSongs": "曲数",
-        "totalAlbums": "アルバム数",
-        "totalArtists": "アーティスト数",
-        "totalFolders": "フォルダー数",
-        "totalFiles": "ファイル数",
-        "totalMissingFiles": "欠落したファイル",
-        "totalSize": "合計サイズ",
-        "totalDuration": "合計時間",
-        "defaultNewUsers": "新規ユーザーに対するデフォルト",
-        "createdAt": "作成日",
-        "updatedAt": "更新日"
-      },
-      "sections": {
-        "basic": "基本情報",
-        "statistics": "統計"
-      },
-      "actions": {
-        "scan": "ライブラリをスキャン",
-        "manageUsers": "ユーザーアクセス管理",
-        "viewDetails": "詳細を表示",
-        "quickScan": "クイックスキャン",
-        "fullScan": "フルスキャン"
-      },
-      "notifications": {
-        "created": "ライブラリが正常に作成されました",
-        "updated": "ライブラリが正常に更新されました",
-        "deleted": "ライブラリが正常に削除されました",
-        "scanStarted": "スキャンを開始しました",
-        "scanCompleted": "スキャンが完了しました",
-        "quickScanStarted": "クイックスキャンを開始しました",
-        "fullScanStarted": "フルスキャンを開始しました",
-        "scanError": "スキャン開始中にエラーが発生。ログを確認してください"
-      },
-      "validation": {
-        "nameRequired": "ライブラリの名前が必要です",
-        "pathRequired": "ライブラリのパスが必要です",
-        "pathNotDirectory": "ライブラリパスはディレクトリである必要があります",
-        "pathNotFound": "ライブラリのパスが見つかりません",
-        "pathNotAccessible": "ライブラリパスへアクセスできません",
-        "pathInvalid": "無効なライブラリパス"
-      },
-      "messages": {
-        "deleteConfirm": "このライブラリを削除しますか？関連する全てのデータとユーザーアクセスが削除されます。",
-        "scanInProgress": "スキャン中...",
-        "noLibrariesAssigned": "このユーザーに割り当てられているライブラリはありません"
+        "removed": ""
      }
    }
  },
@ -506,12 +418,8 @@
    "shareFailure": "コピーに失敗しました %{url}",
    "downloadDialogTitle": "ダウンロード %{resource} '%{name}' (%{size})",
    "shareCopyToClipboard": "クリップボードへコピー: Ctrl+C, Enter",
-    "remove_missing_title": "欠落ファイルを削除",
-    "remove_missing_content": "選択した欠落ファイルをデータベースから削除してもよろしいですか？これにより、再生数や評価を含むそれらのファイルへの参照が完全に削除されます。",
-    "remove_all_missing_title": "全ての欠落ファイルを削除",
-    "remove_all_missing_content": "データベースから欠落ファイルをすべて削除してもよろしいですか？これにより、再生数や評価を含むそれらのファイルへの参照が永久に削除されます。",
-    "noSimilarSongsFound": "類似の曲が見つかりませんでした",
-    "noTopSongsFound": "トップソングが見つかりません"
+    "remove_missing_title": "",
+    "remove_missing_content": ""
  },
  "menu": {
    "library": "ライブラリ",
@ -540,13 +448,7 @@
    "albumList": "アルバム",
    "about": "詳細",
    "playlists": "プレイリスト",
-    "sharedPlaylists": "共有プレイリスト",
-    "librarySelector": {
-      "allLibraries": "全てのライブラリ( %{count} )",
-      "multipleLibraries": "%{selected}  個 / %{total} 個のライブラリ",
-      "selectLibraries": "ライブラリを選択",
-      "none": "無し"
-    }
+    "sharedPlaylists": "共有プレイリスト"
  },
  "player": {
    "playListsText": "再生リスト",
@ -583,34 +485,15 @@
        "disabled": "無効",
        "waiting": "待機中"
      }
-    },
-    "tabs": {
-      "about": "詳細",
-      "config": "設定"
-    },
-    "config": {
-      "configName": "設定名",
-      "environmentVariable": "環境変数",
-      "currentValue": "現在値",
-      "configurationFile": "設定ファイル",
-      "exportToml": "設定をエクスポート(TOML)",
-      "exportSuccess": "設定をTOML形式でクリップボードへエクスポートしました",
-      "exportFailed": "設定のコピーに失敗しました",
-      "devFlagsHeader": "開発フラグ(変更・削除の可能性あり)",
-      "devFlagsComment": "これらは実験的な設定であり、将来のバージョンで削除される可能性があります"
    }
  },
  "activity": {
    "title": "活動",
    "totalScanned": "スキャン済みフォルダー",
-    "quickScan": "クイック",
-    "fullScan": "フル",
+    "quickScan": "クイックスキャン",
+    "fullScan": "フルスキャン",
    "serverUptime": "サーバー稼働時間",
-    "serverDown": "サーバーオフライン",
-    "scanType": "最終スキャン",
-    "status": "スキャンエラー",
-    "elapsedTime": "経過時間",
-    "selectiveScan": "選択的スキャン"
+    "serverDown": "サーバーオフライン"
  },
  "help": {
    "title": "ホットキー",
@ -625,10 +508,5 @@
      "toggle_love": "星の付け外し",
      "current_song": "現在の曲へ移動"
    }
-  },
-  "nowPlaying": {
-    "title": "再生中",
-    "empty": "何も再生されていません",
-    "minutesAgo": "%{smart_count} 分前 |||| %{smart_count} 分前"
  }
 }
--- a/resources/i18n/pl.json
+++ b/resources/i18n/pl.json
@ -301,19 +301,14 @@
      "actions": {
        "scan": "Skanuj Bibliotekę",
        "manageUsers": "Zarządzaj Dostępami Użytkownika",
-        "viewDetails": "Zobacz Szczegóły",
-        "quickScan": "Szybkie Skanowanie",
-        "fullScan": "Pełne Skanowanie"
+        "viewDetails": "Zobacz Szczegóły"
      },
      "notifications": {
        "created": "Biblioteka utworzona prawidłowo",
        "updated": "Biblioteka zaktualizowana prawidłowo",
        "deleted": "Biblioteka usunięta prawidłowo",
        "scanStarted": "Rozpoczęto skan biblioteki",
-        "scanCompleted": "Zakończono skan biblioteki",
-        "quickScanStarted": "Szybkie skanowanie rozpoczęte",
-        "fullScanStarted": "Pełne skanowanie rozpoczęte",
-        "scanError": "Błąd podczas startu skanowania. Sprawdź logi"
+        "scanCompleted": "Zakończono skan biblioteki"
      },
      "validation": {
        "nameRequired": "Nazwa biblioteki jest wymagana",
@ -609,8 +604,7 @@
    "serverDown": "NIEDOSTĘPNY",
    "scanType": "Typ",
    "status": "Błąd Skanowania",
-    "elapsedTime": "Upłynięty Czas",
-    "selectiveScan": "Selektywne"
+    "elapsedTime": "Upłynięty Czas"
  },
  "help": {
    "title": "Skróty Klawiszowe Navidrome",
--- a/resources/i18n/ru.json
+++ b/resources/i18n/ru.json
@ -301,25 +301,20 @@
      "actions": {
        "scan": "Сканировать библиотеку",
        "manageUsers": "Управление доступом пользователей",
-        "viewDetails": "Просмотреть подробности",
-        "quickScan": "Быстрое сканирование",
-        "fullScan": "Полное сканирование"
+        "viewDetails": "Просмотреть подробности"
      },
      "notifications": {
        "created": "Библиотека успешно создана",
        "updated": "Библиотека успешно обновлена",
        "deleted": "Библиотека успешно удалена",
        "scanStarted": "Сканирование библиотеки начато",
-        "scanCompleted": "Сканирование библиотеки закончено",
-        "quickScanStarted": "Быстрое сканирование началось",
-        "fullScanStarted": "Началось полное сканирование",
-        "scanError": "Ошибка при запуске сканирования. Проверьте логи"
+        "scanCompleted": "Сканирование библиотеки закончено"
      },
      "validation": {
        "nameRequired": "Имя библиотеки обязательно",
        "pathRequired": "Путь к библиотеке обязателен",
        "pathNotDirectory": "Путь к библиотеке должен быть директорией",
-        "pathNotFound": "Путь к библиотеке не найден",
+        "pathNotFound": "Путь к библиотеке не найдено",
        "pathNotAccessible": "Путь к библиотеке недоступен",
        "pathInvalid": "Неверный путь к библиотеке"
      },
@ -609,8 +604,7 @@
    "serverDown": "Оффлайн",
    "scanType": "Тип",
    "status": "Ошибка сканирования",
-    "elapsedTime": "Прошедшее время",
-    "selectiveScan": "Избирательный"
+    "elapsedTime": "Прошедшее время"
  },
  "help": {
    "title": "Горячие клавиши Navidrome",
--- a/resources/i18n/sv.json
+++ b/resources/i18n/sv.json
@ -301,19 +301,14 @@
      "actions": {
        "scan": "Scanna bibliotek",
        "manageUsers": "Hantera användaråtkomst",
-        "viewDetails": "Se detaljer",
-        "quickScan": "Snabbscan",
-        "fullScan": "Komplett scan"
+        "viewDetails": "Se detaljer"
      },
      "notifications": {
        "created": "Biblioteket har skapats",
        "updated": "Biblioteket har uppdaterats",
        "deleted": "Biblioteket har raderats",
        "scanStarted": "Biblioteksscan startad",
-        "scanCompleted": "Biblioteksscan avslutad",
-        "quickScanStarted": "Snabbscan startad",
-        "fullScanStarted": "Komplett scan startad",
-        "scanError": "Fel vid start av scan. Se loggarna"
+        "scanCompleted": "Biblioteksscan avslutad"
      },
      "validation": {
        "nameRequired": "Biblioteksnamn krävs",
@ -609,8 +604,7 @@
    "serverDown": "OFFLINE",
    "scanType": "Typ",
    "status": "Fel vid scanning",
-    "elapsedTime": "Spelad tid",
-    "selectiveScan": "Urval"
+    "elapsedTime": "Spelad tid"
  },
  "help": {
    "title": "Navidrome kortkommandon",
--- a/resources/i18n/th.json
+++ b/resources/i18n/th.json
@ -301,19 +301,14 @@
      "actions": {
        "scan": "สแกนห้องสมุด",
        "manageUsers": "ตั้งค่าการเข้าถึง",
-        "viewDetails": "ดูรายละเอียด",
-        "quickScan": "สแกนแบบเร็ว",
-        "fullScan": "สแกนแบบเต็ม"
+        "viewDetails": "ดูรายละเอียด"
      },
      "notifications": {
        "created": "สร้างห้องสมุดเรียบร้อย",
        "updated": "อัพเดทห้องสมุดเรียบร้อย",
        "deleted": "ลบห้องสมุดเพลงเรียบร้อยแล้ว",
        "scanStarted": "เริ่มสแกนห้องสมุด",
-        "scanCompleted": "สแกนห้องสมุดเสร็จแล้ว",
-        "quickScanStarted": "เริ่มสแกนแบบเร็ว",
-        "fullScanStarted": "เริ่มสแกนแบบเต็ม",
-        "scanError": "การเริ่มสแกนผิดพลาด ดูในบันทึก"
+        "scanCompleted": "สแกนห้องสมุดเสร็จแล้ว"
      },
      "validation": {
        "nameRequired": "ต้องใส่ชื่อห้องสมุดเพลง",
@ -609,8 +604,7 @@
    "serverDown": "ออฟไลน์",
    "scanType": "ประเภท",
    "status": "สแกนผิดพลาด",
-    "elapsedTime": "เวลาที่ใช้",
-    "selectiveScan": "เลือก"
+    "elapsedTime": "เวลาที่ใช้"
  },
  "help": {
    "title": "คีย์ลัด Navidrome",
--- a/resources/i18n/uk.json
+++ b/resources/i18n/uk.json
@ -301,19 +301,14 @@
      "actions": {
        "scan": "Сканувати бібліотеку",
        "manageUsers": "Керування доступом користувачів",
-        "viewDetails": "Переглянути подробиці",
-        "quickScan": "Швидке сканування",
-        "fullScan": "Повне сканування"
+        "viewDetails": "Переглянути подробиці"
      },
      "notifications": {
        "created": "Бібліотеку успішно створено",
        "updated": "Бібліотеку успішно оновлено",
        "deleted": "Бібліотеку успішно видалено",
        "scanStarted": "Сканування бібліотеки розпочато",
-        "scanCompleted": "Сканування бібліотеки закінчено",
-        "quickScanStarted": "Швидке сканування виконується",
-        "fullScanStarted": "Повне сканування виконується",
-        "scanError": "Помилка при виконанні сканування. Перевірте лоґи"
+        "scanCompleted": "Сканування бібліотеки закінчено"
      },
      "validation": {
        "nameRequired": "Ім'я бібліотеки обов'язкове",
@ -609,8 +604,7 @@
    "serverDown": "Оффлайн",
    "scanType": "Тип",
    "status": "Помилка сканування",
-    "elapsedTime": "Пройдений час",
-    "selectiveScan": "Вибірковий"
+    "elapsedTime": "Пройдений час"
  },
  "help": {
    "title": "Гарячі клавіші Navidrome",
--- a/server/auth.go
+++ b/server/auth.go
@ -193,24 +193,24 @@ func UsernameFromToken(r *http.Request) string {
 	return token.Subject()
 }

-func UsernameFromExtAuthHeader(r *http.Request) string {
-	if conf.Server.ExtAuth.TrustedSources == "" {
+func UsernameFromReverseProxyHeader(r *http.Request) string {
+	if conf.Server.ReverseProxyWhitelist == "" {
 		return ""
 	}
 	reverseProxyIp, ok := request.ReverseProxyIpFrom(r.Context())
 	if !ok {
-		log.Error("ExtAuth enabled but no proxy IP found in request context. Please report this error.")
+		log.Error("ReverseProxyWhitelist enabled but no proxy IP found in request context. Please report this error.")
 		return ""
 	}
-	if !validateIPAgainstList(reverseProxyIp, conf.Server.ExtAuth.TrustedSources) {
-		log.Warn(r.Context(), "IP is not whitelisted for external authentication", "proxy-ip", reverseProxyIp, "client-ip", r.RemoteAddr)
+	if !validateIPAgainstList(reverseProxyIp, conf.Server.ReverseProxyWhitelist) {
+		log.Warn(r.Context(), "IP is not whitelisted for reverse proxy login", "proxy-ip", reverseProxyIp, "client-ip", r.RemoteAddr)
 		return ""
 	}
-	username := r.Header.Get(conf.Server.ExtAuth.UserHeader)
+	username := r.Header.Get(conf.Server.ReverseProxyUserHeader)
 	if username == "" {
 		return ""
 	}
-	log.Trace(r, "Found username in ExtAuth.UserHeader", "username", username)
+	log.Trace(r, "Found username in ReverseProxyUserHeader", "username", username)
 	return username
 }

@ -256,7 +256,7 @@ func authenticateRequest(ds model.DataStore, r *http.Request, findUsernameFns ..
 func Authenticator(ds model.DataStore) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			ctx, err := authenticateRequest(ds, r, UsernameFromConfig, UsernameFromToken, UsernameFromExtAuthHeader)
+			ctx, err := authenticateRequest(ds, r, UsernameFromConfig, UsernameFromToken, UsernameFromReverseProxyHeader)
 			if err != nil {
 				_ = rest.RespondWithError(w, http.StatusUnauthorized, "Not authenticated")
 				return
@ -291,7 +291,7 @@ func JWTRefresher(next http.Handler) http.Handler {
 func handleLoginFromHeaders(ds model.DataStore, r *http.Request) map[string]interface{} {
 	username := UsernameFromConfig(r)
 	if username == "" {
-		username = UsernameFromExtAuthHeader(r)
+		username = UsernameFromReverseProxyHeader(r)
 		if username == "" {
 			return nil
 		}
--- a/server/auth_test.go
+++ b/server/auth_test.go
@ -80,7 +80,7 @@ var _ = Describe("Auth", func() {
 				req.Header.Add("Remote-User", "janedoe")
 				resp = httptest.NewRecorder()
 				conf.Server.UILoginBackgroundURL = ""
-				conf.Server.ExtAuth.TrustedSources = "192.168.0.0/16,2001:4860:4860::/48"
+				conf.Server.ReverseProxyWhitelist = "192.168.0.0/16,2001:4860:4860::/48"
 			})

 			It("sets auth data if IPv4 matches whitelist", func() {
@ -155,7 +155,7 @@ var _ = Describe("Auth", func() {

 			It("does not set auth data when listening on unix socket without whitelist", func() {
 				conf.Server.Address = "unix:/tmp/navidrome-test"
-				conf.Server.ExtAuth.TrustedSources = ""
+				conf.Server.ReverseProxyWhitelist = ""

 				// No ReverseProxyIp in request context
 				serveIndex(ds, fs, nil)(resp, req)
@ -176,7 +176,7 @@ var _ = Describe("Auth", func() {

 			It("sets auth data when listening on unix socket with correct whitelist", func() {
 				conf.Server.Address = "unix:/tmp/navidrome-test"
-				conf.Server.ExtAuth.TrustedSources = conf.Server.ExtAuth.TrustedSources + ",@"
+				conf.Server.ReverseProxyWhitelist = conf.Server.ReverseProxyWhitelist + ",@"

 				req = req.WithContext(request.WithReverseProxyIp(req.Context(), "@"))
 				serveIndex(ds, fs, nil)(resp, req)
@ -302,8 +302,8 @@ var _ = Describe("Auth", func() {
 			ds = &tests.MockDataStore{}
 			req = httptest.NewRequest("GET", "/", nil)
 			req = req.WithContext(request.WithReverseProxyIp(req.Context(), trustedIP))
-			conf.Server.ExtAuth.TrustedSources = "192.168.0.0/16"
-			conf.Server.ExtAuth.UserHeader = "Remote-User"
+			conf.Server.ReverseProxyWhitelist = "192.168.0.0/16"
+			conf.Server.ReverseProxyUserHeader = "Remote-User"
 		})

 		It("makes the first user an admin", func() {
--- a/server/middlewares.go
+++ b/server/middlewares.go
@ -168,7 +168,7 @@ func clientUniqueIDMiddleware(next http.Handler) http.Handler {
 // realIPMiddleware applies middleware.RealIP, and additionally saves the request's original RemoteAddr to the request's
 // context if navidrome is behind a trusted reverse proxy.
 func realIPMiddleware(next http.Handler) http.Handler {
-	if conf.Server.ExtAuth.TrustedSources != "" {
+	if conf.Server.ReverseProxyWhitelist != "" {
 		return chi.Chain(
 			reqToCtx(request.ReverseProxyIp, func(r *http.Request) any { return r.RemoteAddr }),
 			middleware.RealIP,
--- a/server/server.go
+++ b/server/server.go
@ -1,11 +1,8 @@
 package server

 import (
-	"bytes"
 	"cmp"
 	"context"
-	"crypto/tls"
-	"encoding/pem"
 	"errors"
 	"fmt"
 	"net"
@ -72,13 +69,6 @@ func (s *Server) Run(ctx context.Context, addr string, port int, tlsCert string,
 	// Determine if TLS is enabled
 	tlsEnabled := tlsCert != "" && tlsKey != ""

-	// Validate TLS certificates before starting the server
-	if tlsEnabled {
-		if err := validateTLSCertificates(tlsCert, tlsKey); err != nil {
-			return err
-		}
-	}
-
 	// Create a listener based on the address type (either Unix socket or TCP)
 	var listener net.Listener
 	var err error
@ -99,17 +89,17 @@ func (s *Server) Run(ctx context.Context, addr string, port int, tlsCert string,
 	// Start the server in a new goroutine and send an error signal to errC if there's an error
 	errC := make(chan error)
 	go func() {
-		var err error
 		if tlsEnabled {
 			// Start the HTTPS server
 			log.Info("Starting server with TLS (HTTPS) enabled", "tlsCert", tlsCert, "tlsKey", tlsKey)
-			err = server.ServeTLS(listener, tlsCert, tlsKey)
+			if err := server.ServeTLS(listener, tlsCert, tlsKey); !errors.Is(err, http.ErrServerClosed) {
+				errC <- err
+			}
 		} else {
 			// Start the HTTP server
-			err = server.Serve(listener)
-		}
-		if !errors.Is(err, http.ErrServerClosed) {
-			errC <- err
+			if err := server.Serve(listener); !errors.Is(err, http.ErrServerClosed) {
+				errC <- err
+			}
 		}
 	}()

@ -259,56 +249,3 @@ func AbsoluteURL(r *http.Request, u string, params url.Values) string {
 	}
 	return buildUrl.String()
 }
-
-// validateTLSCertificates validates the TLS certificate and key files before starting the server.
-// It provides detailed error messages for common issues like encrypted private keys.
-func validateTLSCertificates(certFile, keyFile string) error {
-	// Read the key file to check for encryption
-	keyData, err := os.ReadFile(keyFile)
-	if err != nil {
-		return fmt.Errorf("reading TLS key file: %w", err)
-	}
-
-	// Parse PEM blocks and check for encryption
-	block, _ := pem.Decode(keyData)
-	if block == nil {
-		return errors.New("TLS key file does not contain a valid PEM block")
-	}
-
-	// Check for encrypted private key indicators
-	if isEncryptedPEM(block, keyData) {
-		return errors.New("TLS private key is encrypted (password-protected). " +
-			"Navidrome does not support encrypted private keys. " +
-			"Please decrypt your key using: openssl pkey -in <encrypted-key> -out <decrypted-key>")
-	}
-
-	// Try to load the certificate pair to validate it
-	_, err = tls.LoadX509KeyPair(certFile, keyFile)
-	if err != nil {
-		return fmt.Errorf("loading TLS certificate/key pair: %w", err)
-	}
-
-	return nil
-}
-
-// isEncryptedPEM checks if a PEM block represents an encrypted private key.
-func isEncryptedPEM(block *pem.Block, rawData []byte) bool {
-	// Check for PKCS#8 encrypted format (BEGIN ENCRYPTED PRIVATE KEY)
-	if block.Type == "ENCRYPTED PRIVATE KEY" {
-		return true
-	}
-
-	// Check for legacy encrypted format with Proc-Type header
-	if block.Headers != nil {
-		if procType, ok := block.Headers["Proc-Type"]; ok && strings.Contains(procType, "ENCRYPTED") {
-			return true
-		}
-	}
-
-	// Also check raw data for DEK-Info header (in case pem.Decode doesn't parse headers correctly)
-	if bytes.Contains(rawData, []byte("DEK-Info:")) || bytes.Contains(rawData, []byte("Proc-Type: 4,ENCRYPTED")) {
-		return true
-	}
-
-	return false
-}
--- a/server/server_test.go
+++ b/server/server_test.go
@ -1,20 +1,13 @@
 package server

 import (
-	"context"
-	"crypto/tls"
-	"crypto/x509"
-	"fmt"
 	"io/fs"
 	"net/http"
 	"net/url"
 	"os"
 	"path/filepath"
-	"time"

 	"github.com/navidrome/navidrome/conf"
-	"github.com/navidrome/navidrome/conf/configtest"
-	"github.com/navidrome/navidrome/tests"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
@ -114,146 +107,3 @@ var _ = Describe("createUnixSocketFile", func() {
 		})
 	})
 })
-
-var _ = Describe("TLS support", func() {
-	Describe("validateTLSCertificates", func() {
-		const testDataDir = "server/testdata"
-
-		When("certificate and key are valid and unencrypted", func() {
-			It("returns nil", func() {
-				certFile := filepath.Join(testDataDir, "test_cert.pem")
-				keyFile := filepath.Join(testDataDir, "test_key.pem")
-				err := validateTLSCertificates(certFile, keyFile)
-				Expect(err).ToNot(HaveOccurred())
-			})
-		})
-
-		When("private key is encrypted with PKCS#8 format", func() {
-			It("returns an error with helpful message", func() {
-				certFile := filepath.Join(testDataDir, "test_cert_encrypted.pem")
-				keyFile := filepath.Join(testDataDir, "test_key_encrypted.pem")
-				err := validateTLSCertificates(certFile, keyFile)
-				Expect(err).To(HaveOccurred())
-				Expect(err.Error()).To(ContainSubstring("encrypted"))
-				Expect(err.Error()).To(ContainSubstring("openssl"))
-			})
-		})
-
-		When("private key is encrypted with legacy format (Proc-Type header)", func() {
-			It("returns an error with helpful message", func() {
-				certFile := filepath.Join(testDataDir, "test_cert.pem")
-				keyFile := filepath.Join(testDataDir, "test_key_encrypted_legacy.pem")
-				err := validateTLSCertificates(certFile, keyFile)
-				Expect(err).To(HaveOccurred())
-				Expect(err.Error()).To(ContainSubstring("encrypted"))
-				Expect(err.Error()).To(ContainSubstring("openssl"))
-			})
-		})
-
-		When("key file does not exist", func() {
-			It("returns an error", func() {
-				certFile := filepath.Join(testDataDir, "test_cert.pem")
-				keyFile := filepath.Join(testDataDir, "nonexistent.pem")
-				err := validateTLSCertificates(certFile, keyFile)
-				Expect(err).To(HaveOccurred())
-				Expect(err.Error()).To(ContainSubstring("reading TLS key file"))
-			})
-		})
-
-		When("key file does not contain valid PEM", func() {
-			It("returns an error", func() {
-				// Create a temp file with invalid PEM content
-				tmpFile, err := os.CreateTemp("", "invalid_key*.pem")
-				Expect(err).ToNot(HaveOccurred())
-				DeferCleanup(func() {
-					_ = os.Remove(tmpFile.Name())
-				})
-				_, err = tmpFile.WriteString("not a valid PEM file")
-				Expect(err).ToNot(HaveOccurred())
-				_ = tmpFile.Close()
-
-				certFile := filepath.Join(testDataDir, "test_cert.pem")
-				err = validateTLSCertificates(certFile, tmpFile.Name())
-				Expect(err).To(HaveOccurred())
-				Expect(err.Error()).To(ContainSubstring("valid PEM block"))
-			})
-		})
-
-		When("certificate file does not exist", func() {
-			It("returns an error from tls.LoadX509KeyPair", func() {
-				certFile := filepath.Join(testDataDir, "nonexistent_cert.pem")
-				keyFile := filepath.Join(testDataDir, "test_key.pem")
-				err := validateTLSCertificates(certFile, keyFile)
-				Expect(err).To(HaveOccurred())
-				Expect(err.Error()).To(ContainSubstring("loading TLS certificate/key pair"))
-			})
-		})
-	})
-
-	Describe("Server TLS", func() {
-		const testDataDir = "server/testdata"
-
-		When("server is started with valid TLS certificates", func() {
-			It("accepts HTTPS connections", func() {
-				DeferCleanup(configtest.SetupConfig())
-
-				// Create server with mock dependencies
-				ds := &tests.MockDataStore{}
-				server := New(ds, nil, nil)
-
-				// Load the test certificate to create a trusted CA pool
-				certFile := filepath.Join(testDataDir, "test_cert.pem")
-				keyFile := filepath.Join(testDataDir, "test_key.pem")
-				caCert, err := os.ReadFile(certFile)
-				Expect(err).ToNot(HaveOccurred())
-
-				caCertPool := x509.NewCertPool()
-				caCertPool.AppendCertsFromPEM(caCert)
-
-				// Create an HTTPS client that trusts our test certificate
-				httpClient := &http.Client{
-					Timeout: 5 * time.Second,
-					Transport: &http.Transport{
-						TLSClientConfig: &tls.Config{
-							RootCAs:    caCertPool,
-							MinVersion: tls.VersionTLS12,
-						},
-					},
-				}
-
-				// Start the server in a goroutine
-				ctx, cancel := context.WithCancel(GinkgoT().Context())
-				defer cancel()
-
-				errChan := make(chan error, 1)
-				go func() {
-					errChan <- server.Run(ctx, "127.0.0.1", 14534, certFile, keyFile)
-				}()
-
-				Eventually(func() error {
-					// Make an HTTPS request to the server
-					resp, err := httpClient.Get("https://127.0.0.1:14534/ping")
-					if err != nil {
-						return err
-					}
-					defer resp.Body.Close()
-					if resp.StatusCode != http.StatusOK {
-						return fmt.Errorf("unexpected status code: %d", resp.StatusCode)
-					}
-					return nil
-				}, 2*time.Second, 100*time.Millisecond).Should(Succeed())
-
-				// Stop the server
-				cancel()
-
-				// Wait for server to stop (with timeout)
-				select {
-				case <-errChan:
-					// Server stopped
-				case <-time.After(2 * time.Second):
-					Fail("Server did not stop in time")
-				}
-			})
-		})
-	})
-})
--- a/server/subsonic/middlewares.go
+++ b/server/subsonic/middlewares.go
@ -56,7 +56,7 @@ func fromInternalOrProxyAuth(r *http.Request) (string, bool) {
 		return username, true
 	}

-	return server.UsernameFromExtAuthHeader(r), false
+	return server.UsernameFromReverseProxyHeader(r), false
 }

 func checkRequiredParameters(next http.Handler) http.Handler {
--- a/server/subsonic/middlewares_test.go
+++ b/server/subsonic/middlewares_test.go
@ -95,8 +95,8 @@ var _ = Describe("Middlewares", func() {
 		})

 		It("passes when all required params are available (reverse-proxy case)", func() {
-			conf.Server.ExtAuth.TrustedSources = "127.0.0.234/32"
-			conf.Server.ExtAuth.UserHeader = "Remote-User"
+			conf.Server.ReverseProxyWhitelist = "127.0.0.234/32"
+			conf.Server.ReverseProxyUserHeader = "Remote-User"

 			r := newGetRequest("v=1.15", "c=test")
 			r.Header.Add("Remote-User", "user")
@ -254,8 +254,8 @@ var _ = Describe("Middlewares", func() {
 		When("using reverse proxy authentication", func() {
 			BeforeEach(func() {
 				DeferCleanup(configtest.SetupConfig())
-				conf.Server.ExtAuth.TrustedSources = "192.168.1.1/24"
-				conf.Server.ExtAuth.UserHeader = "Remote-User"
+				conf.Server.ReverseProxyWhitelist = "192.168.1.1/24"
+				conf.Server.ReverseProxyUserHeader = "Remote-User"
 			})

 			It("passes authentication with correct IP and header", func() {
--- a/server/testdata/test_cert.pem
+++ b/server/testdata/test_cert.pem
@ -1,23 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDwzCCAqugAwIBAgIUXqdUxUOo8kmsDe71iTR+Vr7btP8wDQYJKoZIhvcNAQEL
-BQAwYjELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFRlc3QxDTALBgNVBAcMBFRlc3Qx
-EjAQBgNVBAoMCU5hdmlkcm9tZTENMAsGA1UECwwEVGVzdDESMBAGA1UEAwwJbG9j
-YWxob3N0MCAXDTI1MTEyODE5NTkxNVoYDzIxMjUxMTA0MTk1OTE1WjBiMQswCQYD
-VQQGEwJVUzENMAsGA1UECAwEVGVzdDENMAsGA1UEBwwEVGVzdDESMBAGA1UECgwJ
-TmF2aWRyb21lMQ0wCwYDVQQLDARUZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkB/TQgl5ei5KRSHt5OJim8rKS
-MzRlkK4BjSEM4D9ESbebdpEVjX48QuBYACrCvgvVp7mQGF5anl8Hm89trvd8ooVQ
-x9IPQQ6gRKM+4gLrt9FHvFGGzZQS8UTQXN5oBi11E+8/Vs47HLUNXC2TRtRLCMyK
-LYXQIXbhdp9anImlt+IHUxIQUchK6Zkld/gCm56X1bbzN/Zq91PQLpx2FZ0eZTjN
-KaNgztLa+K/BDnTuk3iTTs9GEp6VCvqQE/6fk/UN/tkk2dLwKIFvPVR/YeAhVdz/
-OHC4L3B36QN3+VQ2yDjsp1PVAPX07UnzXO3Oj7uGYnMQxwprGMEubm3nADDxAgMB
-AAGjbzBtMB0GA1UdDgQWBBRAZHUVuLyzc0CfuZR9ApqMbawIqzAfBgNVHSMEGDAW
-gBRAZHUVuLyzc0CfuZR9ApqMbawIqzAPBgNVHRMBAf8EBTADAQH/MBoGA1UdEQQT
-MBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAmDLXcPx9LNHs
-GxQIE6Q5BXbVO7c8qrWmJf5FK5VWaifNZ9U+IBi+VlB4jCLK/OkwsviN/jOnwRYx
-owjq0QG0YdRT4uD9fEMrAj+EwbnrQYZQvT0yGEWA+KW5TW08wt+/qnGJDwEgbjYJ
-HTdICVMhs/e8Ex48fAgO8WSsdTDekOrhuwzIfeJ1LU4ZptLsD2ePFxuzutdIuW51
-/mspQGsjXqZ1qnLsavLXh/lds2g602rTpYBNZVjV9WiOvaQS8vviOxBN6f+9vgRz
-a8SEbHqBG6jeyVqVZ7MjxcYxaIkxeBwMyMwgb+wwDfVXo2FZzX2TVeB7ZppI+IKv
-TXYurWPYsQ==
-----END CERTIFICATE-----
--- a/server/testdata/test_cert_encrypted.pem
+++ b/server/testdata/test_cert_encrypted.pem
@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDpzCCAo+gAwIBAgIUEa7gEJYwJqYEJjTY7otQ+oUyELwwDQYJKoZIhvcNAQEL
-BQAwYjELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFRlc3QxDTALBgNVBAcMBFRlc3Qx
-EjAQBgNVBAoMCU5hdmlkcm9tZTENMAsGA1UECwwEVGVzdDESMBAGA1UEAwwJbG9j
-YWxob3N0MCAXDTI1MTEyODE5NTI0OVoYDzIxMjUxMTA0MTk1MjQ5WjBiMQswCQYD
-VQQGEwJVUzENMAsGA1UECAwEVGVzdDENMAsGA1UEBwwEVGVzdDESMBAGA1UECgwJ
-TmF2aWRyb21lMQ0wCwYDVQQLDARUZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBHgqJ1d9EnNxqoSZ6xXrIz/mV
-Y0nWJW16/qIAvCdovSeTZhG9iqG8dUqcuu2BdD9MMHndJ2oFn3iD8EJR92dH8KBA
-8xOmtZ0BEEWgXPBivywZVd1ChIflEWj6m5wwLNjb57SPpUiwaLxBQB8ByEaAAZE/
-bLqvHI3vW/4s5apky17SPIqmkmqEYlRcg97tlRXsPuwoAVM9cvLMMEqtIR1CB/72
-gboY2Gi2r/plLF/Rg3Dom6QljMWi57XXWJFwGYSXaZuM0gvn04e3oLu+1E+WMoq/
-9rExWij2DlsmXd/RiScliFp6R4H84wQUyqrAUNytvgRO+oVnRjEA0l3oCYdRAgMB
-AAGjUzBRMB0GA1UdDgQWBBQQKpB1UaKm98FnBdl8uKdRscrVTzAfBgNVHSMEGDAW
-gBQQKpB1UaKm98FnBdl8uKdRscrVTzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
-DQEBCwUAA4IBAQBP07l+2LmpFtcxqMGmsiNYwFuHpQCxJd4YRZHjLX7O+oJExMgR
-2yP4mpMKurgKOv7unTDLwvjQRa6ZTYJCsYtvC6hbyqlGc7AfNTu6DKz8r35/2/V5
-hPsG5lNb91HhvHE839mLAvpi02LoFH2Sr8BR7s6qxfNKYcP8PUOJQXltJ6yAa8YJ
-syeXQQ3RIyGsJANeaC06S3UdkBM5H5BLfIHnHu3GybJjwL51va4WCdHe8QV6GI0g
-RDiThDVkBSXAr136vnMdlrYCxMoxY56itJ0zbYg2ELQKU9o1w/ZJQo9uvmy9jCoZ
-Hy1L5a2vUDbsdONdvRkYZRHqMpG4bdD8D3j2
-----END CERTIFICATE-----
--- a/server/testdata/test_key.pem
+++ b/server/testdata/test_key.pem
@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCkB/TQgl5ei5KR
-SHt5OJim8rKSMzRlkK4BjSEM4D9ESbebdpEVjX48QuBYACrCvgvVp7mQGF5anl8H
-m89trvd8ooVQx9IPQQ6gRKM+4gLrt9FHvFGGzZQS8UTQXN5oBi11E+8/Vs47HLUN
-XC2TRtRLCMyKLYXQIXbhdp9anImlt+IHUxIQUchK6Zkld/gCm56X1bbzN/Zq91PQ
-Lpx2FZ0eZTjNKaNgztLa+K/BDnTuk3iTTs9GEp6VCvqQE/6fk/UN/tkk2dLwKIFv
-PVR/YeAhVdz/OHC4L3B36QN3+VQ2yDjsp1PVAPX07UnzXO3Oj7uGYnMQxwprGMEu
-bm3nADDxAgMBAAECggEABqJFvesP2v4FEvgd+kSWM+ZL34rPmy3zQ5/MDuPA20ep
-89EjQ/5hdRl1TknPcOnTu7PZVuENa9fM2xdrl7GEU9eU0bQLJE/KwiOUgJYObS8V
-eTO+DlghHXUBhfXDjux1CS+htOuTUqOyFNS+CR9Lta8o6ou1xjmcP7kW78i17mxF
-TuH5SZlS8W9PFLXHCInbMtqGFaT2ss09kvoPk2FDvHfxEdy6M9tKkguz02g+4bqI
-aAMp2N7AOfmRpC0HvVa1ZfZo5Z8/KMoNcIm3pV9DEVM369J9EzhnMNpkGben90aT
-FqO2JNsy52wmXFZUc9xe8uPdfDahALCkBGncLyLNmQKBgQDZREjocjdzOoPSlCdx
-mRNe9suHz2FpUpsHCPOCotG63hFVKpah/ZvpHSsQx5rXs/mawDTmzGY9GQiBrSvg
-OhfHIyT3NOhVaNcMxTqJX7rs7OG8D0MBacD9ASSeZ89MUn8q1EHZr5qxLtXl5Ikw
-mHtiGRdiKGFFrG9H0zncbGhy7QKBgQDBRhQ9RAasTdmUiNQly9GVFkXto4T/9UHx
-rVU44htCI2IVZUMTGlNfclfxpByDrzyA56rMzN9SAkiIp4nPpMDs5hayXaaPoojs
-CPzV7r2OjemZ6CTeQ1ODImRL8L/E3jJSgWd6YYoHSQ5hjEX4yT6ft0u0tZUfdMKd
-VENWIJ/hlQKBgQCo2hXjeOi5R8+tN3EUKwhP9HOnX7dv+D/9jqpZa5qdpPpJeyjI
-SmYCHKYci1Q+sWOaLiiu+km20B65UVFZGSzjmd+fs+GghzMifKGKo/iNK2ggFKhZ
-j8vplRrVdQ45XZ/xNDbdLEmHzEN2QE+Skd7KFYADzCgU0vdFFdbRBPuD3QKBgGIq
-fQctMRJ9LCE0akSURGwr9vKflmMHKCpfdqTAu0WZgS0K1Mm0GlqlUiPKzizYaauz
-f14sRNV7kWnPZsDPlqn8p9SKmpnj3RW97uWeMCtiyx6/+VHm8ljts/GaY1zT2s1r
-KqrPNfNDWQmU3MljNeqbh9lOTWK/xEVy0gzB31MNAoGAQNWrZvVdAbL95XW6STUu
-JmQlqJTlluuqS0Rrd/uVEQwW0Vd1dZjRQcFAFiSiCQWTbtId5gFZd6hiIQl53Xz0
-5cd+9mcyA/TaoCJYbMOFYsKbZMCBhefsovJlVQXedqJrIY6BdeGlet4GTAH5Qyl0
-ytEIUnvn5YmmbI7PDz80XpU=
-----END PRIVATE KEY-----
--- a/server/testdata/test_key_encrypted.pem
+++ b/server/testdata/test_key_encrypted.pem
@ -1,30 +0,0 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQPH9PYzryCI3smm81
-J8rm+QICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEI+9XxNfKSiMYIVB
-UfcGfncEggTQVw7tPslGy3mlofCNnhBSnMViv9kj6M11smD6Y8vHG0k9Kq+6g+Dx
-mQE9ILrSZBzM0uS3y484u+vkdqlT4KehhjIx0IiezurOcM45UdTAwLFLPzeEDlHI
-lOWQ3gOTB3J5AxiUQOa6QsDIM7AZilidQG0BxQYWyRBA5B8evJwJoAvdzzA9wGSm
-2YdNm3tA6rU5U8cVG+qTJP9pjbtRx0medC/CBZdxGkrWBQH+aySfahJdU8X1JI2e
-SY4WJRw1rLCow+DnHjZS/IVHFJivJSRYvnvw8fwjOMVtkf+dAVctKlb1Fj9X+RdG
-T1sq3i6zwFLE/RRz4qM4DKZ6UaD9wRFLow8FmNWVuJJiPgCLx2rrNMe32quS/kQP
-iOsXAUeA/Yg1fdMCJORxl0nWDmLYcNtBghCmS1lyk+t+AKWwJudrds5tQQe8ha2t
-Q41is+tDKwGDC1wt4WXJvBhgAJzuqFtr30H0M1eBhwwDdaDd9v0Zr3r8V49WZM2c
-i3qkwPPYkQD+pOcR12xBV8ptvDxaUl7RGlVqnEWHagT51BaIaXQ9teUrG6UPt8o2
-LELJXF6CiwkbN6Y9sYx5XiKrIGxVhlQSZ1nB3XSFRHbu6e7VHPjnVwUeeg87J2Am
-MEwqDzPU5sjKRn84+M91Y4uFAIeinaOJAQ0/tZVrf1iSeCMQyMUhW/8m7JPfG19F
-NbJSPRXQuKmYKbWfXcMW2UFbp0zDs7s7p4zzbfde9IbVdq/o2nv3ZrNbrLak6O7y
-FVt9q/xG4Tty6hSK6xtqtNZWcmfiMcTlk1Qcz2STvScbXtqgcgR6WUZfkLuzi09I
-EDYFnzU5JNSY3U3VTv2hAPeU4xjTNM6kjF7L9JFGvdjH8Ko9UdxG9RZMd8xhBM/n
-hxdzdVba4bDDz2z+0A2blSObrPrNsKr/3ZbnfuUiSs5NmqmUOifZ1t1PqGGO2Y5S
-/cDKtrPk226hGomsUBfHtiIJPG1VRl4UaZiduqK3GGhtF491KU1mAfYzueok3TPq
-JhLtLDIvEaFgmOmitFzROI/ifm6s4ssUvcvtbjwJumbjkU38OxYZFwbhwbe268G2
-vgspJamlEGJNdGDzrCFQlA2+A9kazCttztikfh5QGV6WFfkc3Bt1XTPL51vtliQy
-MS2gUnJUY2fuYCfz8rxLH1kQmyYsHQz5rUYyBkeDffrG9MzarmzSJXR63FRzVMf1
-LQ7BSzei7dF6+J4KVCxjbGWF3GUGmGeOP5g5vJ3xb3YPJNJLT4Vai103pay59TGP
-tESM2Vn0gJEvYApi707noFH5uFTW1cp7lloF41ddIUkL/QO7j+sjvBww+4DqBB7J
-BmvLMnswa23yw9egYRG5jOXyCgIr+1rnNcph1HGJsvxvgJ2gwwo5NKCG8SC6LcZQ
-fbDjX+ssmobLE3ktN03FZPMp32/ciexzuZoamfyiPXh7xE++ckifNEKJlNhx+kCG
-mSR2wh+UGigQkgp/JxOzl6C4fhUbrEZr17oBqGim2p8h+GE0zD5JSHcn1rP86gGU
-8JG/ilG4I8uMxUwhGj7amrWXUlJBd1by7e1EAL+utCo14/Tx3otB9/JtqY+lm9Ey
-1ptPhMRQxvDNWrCmYM2kyrGghdNfEMir6GKDWI6PY9cwAFv/PLOxr1c=
-----END ENCRYPTED PRIVATE KEY-----
--- a/server/testdata/test_key_encrypted_legacy.pem
+++ b/server/testdata/test_key_encrypted_legacy.pem
@ -1,30 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,3C969050EAB73F121B7F0E6B75C42525
-
-V6pSaAsrn9CQNo4p88QshJLbg8zkQJEom81dPbYSVqQSZa9YlPtpLZ9YtuLj/Ay0
-TScEKIj/gzQ32wNl6nhcSNIL9yy+X11r5gNv1kIHkecf+EbDW20VOiJsfD+6LUyW
-hA96AIbPOwc76iCuvsKHPKU9MlEmjGipmk/C2RQLHCZJ3WkiDRgCM8KQ7vKhfACT
-w908yj4cB1e/P0JPq8t/3F7kPJ+6SVM1vMEffHl0otQR3rAyrK8QikwJ0K9qX62d
-cqchTVlEyyZBYovR8DrRRUDbsXS5j1ZmX3NQpvTSTFowr+33fMrY+4Oz8sdR4yx1
-CQc0A0sHHxSEIr2xu4KzczwOYVJN8PVdU0pgvFj9KEm66N6EY5CSFIBHyO/ycOt9
-U+wpkRjf3zS6ZaUU0NKdOcop4YX33i99/tZF2RNR1i7ETLYph+/LCf09286Bi3u/
-UCCuWedyECPdz0c6j0s27Fdfc/HEK90OEzeWh/fc+H2gJZhqJYK9V47HPTQNNMnB
-U1a6FsJlrKE3E6nfSnTLxrSx9m/XTV7HV+HkgX+q8VhN7Q2VHUqkPzE7ZOPYpZ+A
-dQzsm1TmEMxym6osYqFzQScXR1NZasrV2MTQ2J16dUgCdGAM2YMUD9JaoJR+u77M
-WAjYzDiRg84rLr/KbJPAwHbsfo2KpiapJGSBBEDhz4W1/LOrFhsjaqIMSy4yZDGm
-1KqXGHIlqmuHI7v4fD8vuzhj7GUujRx85HSZWakE/uc6s5WrhkSeVKYJWPfpsxTv
-dT3oLOGJ+nRzWxM3aFtuJghX0nIGdKxT4EAUNXz0/vLT3OP1QCZR+oELrriFzmtj
-+O30bGH2SAFZEQJ/uTQg6celoNh89IzH4DJkcn67hqpX6mUiU9CrIr/eR9C/en8Q
-smTbbC1C1pDUaCwR26Z+zgM90amh4yfOFKK2geO2Kj+TmwFHUvi6ZnSzMzCvty3t
-+wdIrUtf55Lw51JCpLGl70mg4b/zBj5hqBkU2YvAAnz/htjfH/wrD6ZAF1TCdlRO
-gyODrJjGRnLd/v0XLk0wp+RkAjBcSlRlkUvZY5BtugL7dIdwiNGGQPcOni9IVeG0
-6vDUEQnDOLYDj4d/JcckTLuHdrP+SW+0RQl2HK5+/w1hScGXN4O48gccu7yR/MN8
-DmpCg5rD/nq8sxJosmSt07GrN36KppYt8LCXQbSg3NG2Ad715caS2C+0Qtdm5MPD
-rM1UyTXQYSJXgUN9yZS/pmzlguCywnnvsBPU6j3ljZwcoD41QJ/1OU09/W6sIMQR
-IAiM35JHiLJiccFgxSE1qx5F1UZqX4P47jF0Wzi/sE/DYXg5qw2DoauqXNzqnumH
-71UDGK1V6wQIV7UCZDa0WUfFzu470XpuFb8VmMOuHSQxkZESc9cz8k/ueAuO438Q
-jnlkF1Ge2EEPuaK2zeaTj/lGyYA1AUfHRRgt/EMUQSBntmhlpnwVPYTVvYtHO2N5
-wp7/y39KirnlTl99i3XiOJ4WF4gIU2IaSlqMo4+e/A32h2JFi9QfNyfItXe6Fm1X
-d0j2XGHzwMfHEFKdWyrgtVZwc38/1d6xWYAhs02b2basV/0AQhFTaKf5Z268eBNJ
-----END RSA PRIVATE KEY-----
--- a/ui/package-lock.json
+++ b/ui/package-lock.json
@ -7186,11 +7186,10 @@
      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ=="
    },
    "node_modules/js-yaml": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
-      "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
+      "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
      "dev": true,
-      "license": "MIT",
      "dependencies": {
        "argparse": "^2.0.1"
      },
--- a/ui/src/share/SharePlayer.jsx
+++ b/ui/src/share/SharePlayer.jsx
@ -53,7 +53,6 @@ const SharePlayer = () => {
    remove: false,
    spaceBar: true,
    volumeFade: { fadeIn: 200, fadeOut: 200 },
-    sortableOptions: { delay: 200, delayOnTouchOnly: true },
  }
  return (
    <ReactJkMusicPlayer
--- a/ui/src/themes/amusic.css.js
+++ b/ui/src/themes/amusic.css.js
@ -47,15 +47,17 @@ const stylesheet = `
 .react-jinke-music-player-main .music-player-panel,
 .react-jinke-music-player-mobile,
 .ril__outer{
-    background-color: #1a1a1a;
+    background-color: #1f1f1f;
 	border: 1px solid #fff1;
 }
+.ril__toolbar{
+    background-color: #1d1d1d
+}
 .ril__toolbarItem{
 	font-size: 100%;
 	color: #eee
 }
-.audio-lists-panel,
-.ril__toolbar{
+.audio-lists-panel{
    background-color: #1f1f1f;
 	border: 1px solid #fff1;
 	border-radius: 6px 6px 0 0;
--- a/ui/src/themes/amusic.js
+++ b/ui/src/themes/amusic.js
@ -137,19 +137,22 @@ export default {
      albumName: {
        color: '#eee',
      },
-      albumPlayButton: {
-        color: '#ff4e6b',
-      },
-      albumArtistName: {
+      albumSubtitle: {
        color: '#ccc',
      },
+      albumPlayButton: {
+        color: '#ff4e6b !important',
+      },
+      albumArtistName: {
+        color: '#ff4e6b !important',
+      },
      cover: {
-        borderRadius: '6px',
+        borderRadius: '10px !important',
      },
    },
    NDLogin: {
      systemNameLink: {
-        color: '#ff4e6b',
+        color: '#D60017',
      },
      welcome: {
        color: '#eee',
@ -158,9 +161,6 @@ export default {
        minWidth: 300,
        backgroundColor: '#1d1d1d',
      },
-      icon: {
-        filter: 'hue-rotate(115deg)',
-      },
    },
    MuiPaper: {
      elevation1: {
@ -169,9 +169,6 @@ export default {
      root: {
        color: '#eee',
      },
-      rounded: {
-        borderRadius: '6px',
-      },
    },
    NDMobileArtistDetails: {
      bgContainer: {
@ -192,30 +189,6 @@ export default {
        paddingBottom: '1rem',
      },
    },
-    RaDeleteWithConfirmButton: {
-      deleteButton: {
-        color: 'unset',
-      },
-    },
-    RaPaginationActions: {
-      currentPageButton: {
-        border: '2px solid #D60017',
-        background: 'transparent',
-      },
-      button: {
-        border: '2px solid #D60017',
-      },
-      actions: {
-        '@global': {
-          '.next-page': {
-            border: '0 none',
-          },
-          '.previous-page': {
-            border: '0 none',
-          },
-        },
-      },
-    },
  },
  player: {
    theme: 'dark',
--- a/ui/src/themes/useCurrentTheme.js
+++ b/ui/src/themes/useCurrentTheme.js
@ -42,12 +42,6 @@ const useCurrentTheme = () => {
        document.head.removeChild(style)
      }
    }
-
-    // Set body background color to match theme (fixes white background on pull-to-refresh)
-    const isDark = theme.palette?.type === 'dark'
-    const bgColor =
-      theme.palette?.background?.default || (isDark ? '#303030' : '#fafafa')
-    document.body.style.backgroundColor = bgColor
  }, [theme])

  return theme
--- a/ui/src/themes/useCurrentTheme.test.jsx
+++ b/ui/src/themes/useCurrentTheme.test.jsx
@ -15,10 +15,6 @@ function createMatchMedia(theme) {
  })
 }

-beforeEach(() => {
-  document.body.style.backgroundColor = ''
-})
-
 describe('useCurrentTheme', () => {
  describe('with user preference theme as light', () => {
    beforeAll(() => {
@ -121,44 +117,4 @@ describe('useCurrentTheme', () => {
      expect(result.current.themeName).toMatch('Spotify-ish')
    })
  })
-  describe('body background color', () => {
-    beforeAll(() => {
-      window.matchMedia = createMatchMedia('dark')
-    })
-    it('sets body background for dark theme', () => {
-      renderHook(() => useCurrentTheme(), {
-        wrapper: ({ children }) => (
-          <Provider store={createStore(themeReducer, { theme: 'DarkTheme' })}>
-            {children}
-          </Provider>
-        ),
-      })
-      // Dark theme uses MUI default dark background
-      expect(document.body.style.backgroundColor).toBe('rgb(48, 48, 48)')
-    })
-    it('sets body background for light theme', () => {
-      renderHook(() => useCurrentTheme(), {
-        wrapper: ({ children }) => (
-          <Provider store={createStore(themeReducer, { theme: 'LightTheme' })}>
-            {children}
-          </Provider>
-        ),
-      })
-      // Light theme uses MUI default light background
-      expect(document.body.style.backgroundColor).toBe('rgb(250, 250, 250)')
-    })
-    it('sets body background for theme with custom background', () => {
-      renderHook(() => useCurrentTheme(), {
-        wrapper: ({ children }) => (
-          <Provider
-            store={createStore(themeReducer, { theme: 'SpotifyTheme' })}
-          >
-            {children}
-          </Provider>
-        ),
-      })
-      // Spotify theme has explicit background.default: #121212
-      expect(document.body.style.backgroundColor).toBe('rgb(18, 18, 18)')
-    })
-  })
 })