diff --git a/dist/index.js b/dist/index.js
index a5ee77b..43d08be 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -11,12 +11,7 @@ require('dotenv').config();
 const app = (0, express_1.default)();
 app.set('view engine', 'ejs');
 app.use(express_1.default.static('public'));
-const getSize = (req) => {
-    var _a;
-    return ((_a = req === null || req === void 0 ? void 0 : req.query) === null || _a === void 0 ? void 0 : _a.size) === 'thumbnail' ? types_1.ImageSize.thumbnail : types_1.ImageSize.original;
-};
-const log = (message) => console.log((0, dayjs_1.default)().format() + ' ' + message);
-exports.log = log;
+// An incoming request for a shared link
 app.get('/share/:key', (req, res) => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
     res.set('Cache-Control', 'public, max-age=' + process.env.CACHE_AGE);
     if (!immich_1.default.isKey(req.params.key)) {
@@ -53,7 +48,7 @@ app.get('/share/:key', (req, res) => tslib_1.__awaiter(void 0, void 0, void 0, f
         }
     }
 }));
-// Output the buffer data for an photo or video
+// Output the buffer data for a photo or video
 app.get('/:type(photo|video)/:key/:id', (req, res) => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
     res.set('Cache-Control', 'public, max-age=' + process.env.CACHE_AGE);
     // Check for valid key and ID
@@ -73,12 +68,25 @@ app.get('/:type(photo|video)/:key/:id', (req, res) => tslib_1.__awaiter(void 0,
     (0, exports.log)('No asset found for ' + req.path);
     res.status(404).send();
 }));
-// Send a 404 for all other unmatched routes
+// Send a 404 for all other routes
 app.get('*', (req, res) => {
     (0, exports.log)('Invalid route ' + req.path);
     res.status(404).send();
 });
+/**
+ * Sanitise the data for an incoming query string `size` parameter
+ * e.g. https://example.com/share/abc...xyz?size=thumbnail
+ */
+const getSize = (req) => {
+    var _a;
+    return ((_a = req === null || req === void 0 ? void 0 : req.query) === null || _a === void 0 ? void 0 : _a.size) === 'thumbnail' ? types_1.ImageSize.thumbnail : types_1.ImageSize.original;
+};
+/**
+ * Output a console.log message with timestamp
+ */
+const log = (message) => console.log((0, dayjs_1.default)().format() + ' ' + message);
+exports.log = log;
 app.listen(3000, () => {
     console.log((0, dayjs_1.default)().format() + ' Server started');
 });
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7OztBQUFBLDhEQUE2QjtBQUM3Qiw4REFBNkI7QUFDN0IsOERBQTZCO0FBQzdCLDBEQUF5QjtBQUN6QixtQ0FBOEM7QUFHOUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFBO0FBRTFCLE1BQU0sR0FBRyxHQUFHLElBQUEsaUJBQU8sR0FBRSxDQUFBO0FBQ3JCLEdBQUcsQ0FBQyxHQUFHLENBQUMsYUFBYSxFQUFFLEtBQUssQ0FBQyxDQUFBO0FBQzdCLEdBQUcsQ0FBQyxHQUFHLENBQUMsaUJBQU8sQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQTtBQUVqQyxNQUFNLE9BQU8sR0FBRyxDQUFDLEdBQVksRUFBRSxFQUFFOztJQUMvQixPQUFPLENBQUEsTUFBQSxHQUFHLGFBQUgsR0FBRyx1QkFBSCxHQUFHLENBQUUsS0FBSywwQ0FBRSxJQUFJLE1BQUssV0FBVyxDQUFDLENBQUMsQ0FBQyxpQkFBUyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsaUJBQVMsQ0FBQyxRQUFRLENBQUE7QUFDcEYsQ0FBQyxDQUFBO0FBRU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxPQUFlLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBQSxlQUFLLEdBQUUsQ0FBQyxNQUFNLEVBQUUsR0FBRyxHQUFHLEdBQUcsT0FBTyxDQUFDLENBQUE7QUFBeEUsUUFBQSxHQUFHLE9BQXFFO0FBRXJGLEdBQUcsQ0FBQyxHQUFHLENBQUMsYUFBYSxFQUFFLENBQU8sR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFO0lBQ3hDLEdBQUcsQ0FBQyxHQUFHLENBQUMsZUFBZSxFQUFFLGtCQUFrQixHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLENBQUE7SUFDcEUsSUFBSSxDQUFDLGdCQUFNLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUNsQyxJQUFBLFdBQUcsRUFBQyxvQkFBb0IsR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBQzFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUE7SUFDeEIsQ0FBQztTQUFNLENBQUM7UUFDTixNQUFNLFVBQVUsR0FBRyxNQUFNLGdCQUFNLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUE7UUFDN0QsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ2hCLElBQUEsV0FBRyxFQUFDLG9CQUFvQixHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUE7WUFDMUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQTtRQUN4QixDQUFDO2FBQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDckMsSUFBQSxXQUFHLEVBQUMsb0JBQW9CLEdBQUcsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQTtZQUMxQyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFBO1FBQ3hCLENBQUM7YUFBTSxJQUFJLFVBQVUsQ0FBQyxNQUFNLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQzFDLDZDQUE2QztZQUM3QyxJQUFBLFdBQUcsRUFBQyxlQUFlLEdBQUcsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQTtZQUNyQyxNQUFNLEtBQUssR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFBO1lBQ2xDLElBQUksS0FBSyxDQUFDLElBQUksS0FBSyxpQkFBUyxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUNuQyx3Q0FBd0M7Z0JBQ3hDLE1BQU0sZ0JBQU0sQ0FBQyxXQUFXLENBQUMsR0FBRyxFQUFFLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUE7WUFDbkUsQ0FBQztpQkFBTSxJQUFJLEtBQUssQ0FBQyxJQUFJLEtBQUssaUJBQVMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDMUMsNkNBQTZDO2dCQUM3QyxNQUFNLGdCQUFNLENBQUMsT0FBTyxDQUFDLEdBQUcsRUFBRSxVQUFVLEVBQUUsQ0FBQyxDQUFDLENBQUE7WUFDMUMsQ0FBQztRQUNILENBQUM7YUFBTSxDQUFDO1lBQ04sd0NBQXdDO1lBQ3hDLElBQUEsV0FBRyxFQUFDLGVBQWUsR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1lBQ3JDLE1BQU0sZ0JBQU0sQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLFVBQVUsQ0FBQyxDQUFBO1FBQ3ZDLENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQyxDQUFBLENBQUMsQ0FBQTtBQUVGLCtDQUErQztBQUMvQyxHQUFHLENBQUMsR0FBRyxDQUFDLDhCQUE4QixFQUFFLENBQU8sR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFO0lBQ3pELEdBQUcsQ0FBQyxHQUFHLENBQUMsZUFBZSxFQUFFLGtCQUFrQixHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLENBQUE7SUFDcEUsNkJBQTZCO0lBQzdCLElBQUksZ0JBQU0sQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxnQkFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDL0QseUNBQXlDO1FBQ3pDLE1BQU0sVUFBVSxHQUFHLE1BQU0sZ0JBQU0sQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUM3RCxJQUFJLFVBQVUsYUFBVixVQUFVLHVCQUFWLFVBQVUsQ0FBRSxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDOUIsc0RBQXNEO1lBQ3RELE1BQU0sS0FBSyxHQUFHLFVBQVUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsS0FBSyxHQUFHLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFBO1lBQ2pFLElBQUksS0FBSyxFQUFFLENBQUM7Z0JBQ1YsS0FBSyxDQUFDLElBQUksR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksS0FBSyxPQUFPLENBQUMsQ0FBQyxDQUFDLGlCQUFTLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxpQkFBUyxDQUFDLEtBQUssQ0FBQTtnQkFDNUUsZ0JBQU0sQ0FBQyxXQUFXLENBQUMsR0FBRyxFQUFFLEtBQUssRUFBRSxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQTtnQkFDbkQsT0FBTTtZQUNSLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUNELElBQUEsV0FBRyxFQUFDLHFCQUFxQixHQUFHLEdBQUcsQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUNyQyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFBO0FBQ3hCLENBQUMsQ0FBQSxDQUFDLENBQUE7QUFFRiw0Q0FBNEM7QUFDNUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEVBQUU7SUFDeEIsSUFBQSxXQUFHLEVBQUMsZ0JBQWdCLEdBQUcsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFBO0lBQ2hDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUE7QUFDeEIsQ0FBQyxDQUFDLENBQUE7QUFFRixHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxHQUFHLEVBQUU7SUFDcEIsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFBLGVBQUssR0FBRSxDQUFDLE1BQU0sRUFBRSxHQUFHLGlCQUFpQixDQUFDLENBQUE7QUFDbkQsQ0FBQyxDQUFDLENBQUEiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgZXhwcmVzcyBmcm9tICdleHByZXNzJ1xuaW1wb3J0IGltbWljaCBmcm9tICcuL2ltbWljaCdcbmltcG9ydCByZW5kZXIgZnJvbSAnLi9yZW5kZXInXG5pbXBvcnQgZGF5anMgZnJvbSAnZGF5anMnXG5pbXBvcnQgeyBBc3NldFR5cGUsIEltYWdlU2l6ZSB9IGZyb20gJy4vdHlwZXMnXG5pbXBvcnQgeyBSZXF1ZXN0IH0gZnJvbSAnZXhwcmVzcy1zZXJ2ZS1zdGF0aWMtY29yZSdcblxucmVxdWlyZSgnZG90ZW52JykuY29uZmlnKClcblxuY29uc3QgYXBwID0gZXhwcmVzcygpXG5hcHAuc2V0KCd2aWV3IGVuZ2luZScsICdlanMnKVxuYXBwLnVzZShleHByZXNzLnN0YXRpYygncHVibGljJykpXG5cbmNvbnN0IGdldFNpemUgPSAocmVxOiBSZXF1ZXN0KSA9PiB7XG4gIHJldHVybiByZXE/LnF1ZXJ5Py5zaXplID09PSAndGh1bWJuYWlsJyA/IEltYWdlU2l6ZS50aHVtYm5haWwgOiBJbWFnZVNpemUub3JpZ2luYWxcbn1cblxuZXhwb3J0IGNvbnN0IGxvZyA9IChtZXNzYWdlOiBzdHJpbmcpID0+IGNvbnNvbGUubG9nKGRheWpzKCkuZm9ybWF0KCkgKyAnICcgKyBtZXNzYWdlKVxuXG5hcHAuZ2V0KCcvc2hhcmUvOmtleScsIGFzeW5jIChyZXEsIHJlcykgPT4ge1xuICByZXMuc2V0KCdDYWNoZS1Db250cm9sJywgJ3B1YmxpYywgbWF4LWFnZT0nICsgcHJvY2Vzcy5lbnYuQ0FDSEVfQUdFKVxuICBpZiAoIWltbWljaC5pc0tleShyZXEucGFyYW1zLmtleSkpIHtcbiAgICBsb2coJ0ludmFsaWQgc2hhcmUga2V5ICcgKyByZXEucGFyYW1zLmtleSlcbiAgICByZXMuc3RhdHVzKDQwNCkuc2VuZCgpXG4gIH0gZWxzZSB7XG4gICAgY29uc3Qgc2hhcmVkTGluayA9IGF3YWl0IGltbWljaC5nZXRTaGFyZUJ5S2V5KHJlcS5wYXJhbXMua2V5KVxuICAgIGlmICghc2hhcmVkTGluaykge1xuICAgICAgbG9nKCdVbmtub3duIHNoYXJlIGtleSAnICsgcmVxLnBhcmFtcy5rZXkpXG4gICAgICByZXMuc3RhdHVzKDQwNCkuc2VuZCgpXG4gICAgfSBlbHNlIGlmICghc2hhcmVkTGluay5hc3NldHMubGVuZ3RoKSB7XG4gICAgICBsb2coJ05vIGFzc2V0cyBmb3Iga2V5ICcgKyByZXEucGFyYW1zLmtleSlcbiAgICAgIHJlcy5zdGF0dXMoNDA0KS5zZW5kKClcbiAgICB9IGVsc2UgaWYgKHNoYXJlZExpbmsuYXNzZXRzLmxlbmd0aCA9PT0gMSkge1xuICAgICAgLy8gVGhpcyBpcyBhbiBpbmRpdmlkdWFsIGl0ZW0gKG5vdCBhIGdhbGxlcnkpXG4gICAgICBsb2coJ1NlcnZpbmcgbGluayAnICsgcmVxLnBhcmFtcy5rZXkpXG4gICAgICBjb25zdCBhc3NldCA9IHNoYXJlZExpbmsuYXNzZXRzWzBdXG4gICAgICBpZiAoYXNzZXQudHlwZSA9PT0gQXNzZXRUeXBlLmltYWdlKSB7XG4gICAgICAgIC8vIEZvciBwaG90b3MsIG91dHB1dCB0aGUgaW1hZ2UgZGlyZWN0bHlcbiAgICAgICAgYXdhaXQgcmVuZGVyLmFzc2V0QnVmZmVyKHJlcywgc2hhcmVkTGluay5hc3NldHNbMF0sIGdldFNpemUocmVxKSlcbiAgICAgIH0gZWxzZSBpZiAoYXNzZXQudHlwZSA9PT0gQXNzZXRUeXBlLnZpZGVvKSB7XG4gICAgICAgIC8vIEZvciB2aWRlb3MsIHNob3cgdGhlIHZpZGVvIGFzIGEgd2ViIHBsYXllclxuICAgICAgICBhd2FpdCByZW5kZXIuZ2FsbGVyeShyZXMsIHNoYXJlZExpbmssIDEpXG4gICAgICB9XG4gICAgfSBlbHNlIHtcbiAgICAgIC8vIE11bHRpcGxlIGltYWdlcyAtIHJlbmRlciBhcyBhIGdhbGxlcnlcbiAgICAgIGxvZygnU2VydmluZyBsaW5rICcgKyByZXEucGFyYW1zLmtleSlcbiAgICAgIGF3YWl0IHJlbmRlci5nYWxsZXJ5KHJlcywgc2hhcmVkTGluaylcbiAgICB9XG4gIH1cbn0pXG5cbi8vIE91dHB1dCB0aGUgYnVmZmVyIGRhdGEgZm9yIGFuIHBob3RvIG9yIHZpZGVvXG5hcHAuZ2V0KCcvOnR5cGUocGhvdG98dmlkZW8pLzprZXkvOmlkJywgYXN5bmMgKHJlcSwgcmVzKSA9PiB7XG4gIHJlcy5zZXQoJ0NhY2hlLUNvbnRyb2wnLCAncHVibGljLCBtYXgtYWdlPScgKyBwcm9jZXNzLmVudi5DQUNIRV9BR0UpXG4gIC8vIENoZWNrIGZvciB2YWxpZCBrZXkgYW5kIElEXG4gIGlmIChpbW1pY2guaXNLZXkocmVxLnBhcmFtcy5rZXkpICYmIGltbWljaC5pc0lkKHJlcS5wYXJhbXMuaWQpKSB7XG4gICAgLy8gQ2hlY2sgaWYgdGhlIGtleSBpcyBhIHZhbGlkIHNoYXJlIGxpbmtcbiAgICBjb25zdCBzaGFyZWRMaW5rID0gYXdhaXQgaW1taWNoLmdldFNoYXJlQnlLZXkocmVxLnBhcmFtcy5rZXkpXG4gICAgaWYgKHNoYXJlZExpbms/LmFzc2V0cy5sZW5ndGgpIHtcbiAgICAgIC8vIENoZWNrIHRoYXQgdGhlIHJlcXVlc3RlZCBhc3NldCBleGlzdHMgaW4gdGhpcyBzaGFyZVxuICAgICAgY29uc3QgYXNzZXQgPSBzaGFyZWRMaW5rLmFzc2V0cy5maW5kKHggPT4geC5pZCA9PT0gcmVxLnBhcmFtcy5pZClcbiAgICAgIGlmIChhc3NldCkge1xuICAgICAgICBhc3NldC50eXBlID0gcmVxLnBhcmFtcy50eXBlID09PSAndmlkZW8nID8gQXNzZXRUeXBlLnZpZGVvIDogQXNzZXRUeXBlLmltYWdlXG4gICAgICAgIHJlbmRlci5hc3NldEJ1ZmZlcihyZXMsIGFzc2V0LCBnZXRTaXplKHJlcSkpLnRoZW4oKVxuICAgICAgICByZXR1cm5cbiAgICAgIH1cbiAgICB9XG4gIH1cbiAgbG9nKCdObyBhc3NldCBmb3VuZCBmb3IgJyArIHJlcS5wYXRoKVxuICByZXMuc3RhdHVzKDQwNCkuc2VuZCgpXG59KVxuXG4vLyBTZW5kIGEgNDA0IGZvciBhbGwgb3RoZXIgdW5tYXRjaGVkIHJvdXRlc1xuYXBwLmdldCgnKicsIChyZXEsIHJlcykgPT4ge1xuICBsb2coJ0ludmFsaWQgcm91dGUgJyArIHJlcS5wYXRoKVxuICByZXMuc3RhdHVzKDQwNCkuc2VuZCgpXG59KVxuXG5hcHAubGlzdGVuKDMwMDAsICgpID0+IHtcbiAgY29uc29sZS5sb2coZGF5anMoKS5mb3JtYXQoKSArICcgU2VydmVyIHN0YXJ0ZWQnKVxufSlcbiJdfQ==
\ No newline at end of file
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7OztBQUFBLDhEQUE2QjtBQUM3Qiw4REFBNkI7QUFDN0IsOERBQTZCO0FBQzdCLDBEQUF5QjtBQUN6QixtQ0FBOEM7QUFHOUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFBO0FBRTFCLE1BQU0sR0FBRyxHQUFHLElBQUEsaUJBQU8sR0FBRSxDQUFBO0FBQ3JCLEdBQUcsQ0FBQyxHQUFHLENBQUMsYUFBYSxFQUFFLEtBQUssQ0FBQyxDQUFBO0FBQzdCLEdBQUcsQ0FBQyxHQUFHLENBQUMsaUJBQU8sQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQTtBQUVqQyx3Q0FBd0M7QUFDeEMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxhQUFhLEVBQUUsQ0FBTyxHQUFHLEVBQUUsR0FBRyxFQUFFLEVBQUU7SUFDeEMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxlQUFlLEVBQUUsa0JBQWtCLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsQ0FBQTtJQUNwRSxJQUFJLENBQUMsZ0JBQU0sQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1FBQ2xDLElBQUEsV0FBRyxFQUFDLG9CQUFvQixHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUE7UUFDMUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQTtJQUN4QixDQUFDO1NBQU0sQ0FBQztRQUNOLE1BQU0sVUFBVSxHQUFHLE1BQU0sZ0JBQU0sQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUM3RCxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDaEIsSUFBQSxXQUFHLEVBQUMsb0JBQW9CLEdBQUcsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQTtZQUMxQyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFBO1FBQ3hCLENBQUM7YUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNyQyxJQUFBLFdBQUcsRUFBQyxvQkFBb0IsR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1lBQzFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUE7UUFDeEIsQ0FBQzthQUFNLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDMUMsNkNBQTZDO1lBQzdDLElBQUEsV0FBRyxFQUFDLGVBQWUsR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1lBQ3JDLE1BQU0sS0FBSyxHQUFHLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUE7WUFDbEMsSUFBSSxLQUFLLENBQUMsSUFBSSxLQUFLLGlCQUFTLENBQUMsS0FBSyxFQUFFLENBQUM7Z0JBQ25DLHdDQUF3QztnQkFDeEMsTUFBTSxnQkFBTSxDQUFDLFdBQVcsQ0FBQyxHQUFHLEVBQUUsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQTtZQUNuRSxDQUFDO2lCQUFNLElBQUksS0FBSyxDQUFDLElBQUksS0FBSyxpQkFBUyxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUMxQyw2Q0FBNkM7Z0JBQzdDLE1BQU0sZ0JBQU0sQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLFVBQVUsRUFBRSxDQUFDLENBQUMsQ0FBQTtZQUMxQyxDQUFDO1FBQ0gsQ0FBQzthQUFNLENBQUM7WUFDTix3Q0FBd0M7WUFDeEMsSUFBQSxXQUFHLEVBQUMsZUFBZSxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUE7WUFDckMsTUFBTSxnQkFBTSxDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsVUFBVSxDQUFDLENBQUE7UUFDdkMsQ0FBQztJQUNILENBQUM7QUFDSCxDQUFDLENBQUEsQ0FBQyxDQUFBO0FBRUYsOENBQThDO0FBQzlDLEdBQUcsQ0FBQyxHQUFHLENBQUMsOEJBQThCLEVBQUUsQ0FBTyxHQUFHLEVBQUUsR0FBRyxFQUFFLEVBQUU7SUFDekQsR0FBRyxDQUFDLEdBQUcsQ0FBQyxlQUFlLEVBQUUsa0JBQWtCLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsQ0FBQTtJQUNwRSw2QkFBNkI7SUFDN0IsSUFBSSxnQkFBTSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxJQUFJLGdCQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztRQUMvRCx5Q0FBeUM7UUFDekMsTUFBTSxVQUFVLEdBQUcsTUFBTSxnQkFBTSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBQzdELElBQUksVUFBVSxhQUFWLFVBQVUsdUJBQVYsVUFBVSxDQUFFLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUM5QixzREFBc0Q7WUFDdEQsTUFBTSxLQUFLLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxLQUFLLEdBQUcsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUE7WUFDakUsSUFBSSxLQUFLLEVBQUUsQ0FBQztnQkFDVixLQUFLLENBQUMsSUFBSSxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxLQUFLLE9BQU8sQ0FBQyxDQUFDLENBQUMsaUJBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLGlCQUFTLENBQUMsS0FBSyxDQUFBO2dCQUM1RSxnQkFBTSxDQUFDLFdBQVcsQ0FBQyxHQUFHLEVBQUUsS0FBSyxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFBO2dCQUNuRCxPQUFNO1lBQ1IsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBQ0QsSUFBQSxXQUFHLEVBQUMscUJBQXFCLEdBQUcsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFBO0lBQ3JDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUE7QUFDeEIsQ0FBQyxDQUFBLENBQUMsQ0FBQTtBQUVGLGtDQUFrQztBQUNsQyxHQUFHLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRSxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRTtJQUN4QixJQUFBLFdBQUcsRUFBQyxnQkFBZ0IsR0FBRyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUE7SUFDaEMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQTtBQUN4QixDQUFDLENBQUMsQ0FBQTtBQUVGOzs7R0FHRztBQUNILE1BQU0sT0FBTyxHQUFHLENBQUMsR0FBWSxFQUFFLEVBQUU7O0lBQy9CLE9BQU8sQ0FBQSxNQUFBLEdBQUcsYUFBSCxHQUFHLHVCQUFILEdBQUcsQ0FBRSxLQUFLLDBDQUFFLElBQUksTUFBSyxXQUFXLENBQUMsQ0FBQyxDQUFDLGlCQUFTLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxpQkFBUyxDQUFDLFFBQVEsQ0FBQTtBQUNwRixDQUFDLENBQUE7QUFFRDs7R0FFRztBQUNJLE1BQU0sR0FBRyxHQUFHLENBQUMsT0FBZSxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUEsZUFBSyxHQUFFLENBQUMsTUFBTSxFQUFFLEdBQUcsR0FBRyxHQUFHLE9BQU8sQ0FBQyxDQUFBO0FBQXhFLFFBQUEsR0FBRyxPQUFxRTtBQUVyRixHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxHQUFHLEVBQUU7SUFDcEIsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFBLGVBQUssR0FBRSxDQUFDLE1BQU0sRUFBRSxHQUFHLGlCQUFpQixDQUFDLENBQUE7QUFDbkQsQ0FBQyxDQUFDLENBQUEiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgZXhwcmVzcyBmcm9tICdleHByZXNzJ1xuaW1wb3J0IGltbWljaCBmcm9tICcuL2ltbWljaCdcbmltcG9ydCByZW5kZXIgZnJvbSAnLi9yZW5kZXInXG5pbXBvcnQgZGF5anMgZnJvbSAnZGF5anMnXG5pbXBvcnQgeyBBc3NldFR5cGUsIEltYWdlU2l6ZSB9IGZyb20gJy4vdHlwZXMnXG5pbXBvcnQgeyBSZXF1ZXN0IH0gZnJvbSAnZXhwcmVzcy1zZXJ2ZS1zdGF0aWMtY29yZSdcblxucmVxdWlyZSgnZG90ZW52JykuY29uZmlnKClcblxuY29uc3QgYXBwID0gZXhwcmVzcygpXG5hcHAuc2V0KCd2aWV3IGVuZ2luZScsICdlanMnKVxuYXBwLnVzZShleHByZXNzLnN0YXRpYygncHVibGljJykpXG5cbi8vIEFuIGluY29taW5nIHJlcXVlc3QgZm9yIGEgc2hhcmVkIGxpbmtcbmFwcC5nZXQoJy9zaGFyZS86a2V5JywgYXN5bmMgKHJlcSwgcmVzKSA9PiB7XG4gIHJlcy5zZXQoJ0NhY2hlLUNvbnRyb2wnLCAncHVibGljLCBtYXgtYWdlPScgKyBwcm9jZXNzLmVudi5DQUNIRV9BR0UpXG4gIGlmICghaW1taWNoLmlzS2V5KHJlcS5wYXJhbXMua2V5KSkge1xuICAgIGxvZygnSW52YWxpZCBzaGFyZSBrZXkgJyArIHJlcS5wYXJhbXMua2V5KVxuICAgIHJlcy5zdGF0dXMoNDA0KS5zZW5kKClcbiAgfSBlbHNlIHtcbiAgICBjb25zdCBzaGFyZWRMaW5rID0gYXdhaXQgaW1taWNoLmdldFNoYXJlQnlLZXkocmVxLnBhcmFtcy5rZXkpXG4gICAgaWYgKCFzaGFyZWRMaW5rKSB7XG4gICAgICBsb2coJ1Vua25vd24gc2hhcmUga2V5ICcgKyByZXEucGFyYW1zLmtleSlcbiAgICAgIHJlcy5zdGF0dXMoNDA0KS5zZW5kKClcbiAgICB9IGVsc2UgaWYgKCFzaGFyZWRMaW5rLmFzc2V0cy5sZW5ndGgpIHtcbiAgICAgIGxvZygnTm8gYXNzZXRzIGZvciBrZXkgJyArIHJlcS5wYXJhbXMua2V5KVxuICAgICAgcmVzLnN0YXR1cyg0MDQpLnNlbmQoKVxuICAgIH0gZWxzZSBpZiAoc2hhcmVkTGluay5hc3NldHMubGVuZ3RoID09PSAxKSB7XG4gICAgICAvLyBUaGlzIGlzIGFuIGluZGl2aWR1YWwgaXRlbSAobm90IGEgZ2FsbGVyeSlcbiAgICAgIGxvZygnU2VydmluZyBsaW5rICcgKyByZXEucGFyYW1zLmtleSlcbiAgICAgIGNvbnN0IGFzc2V0ID0gc2hhcmVkTGluay5hc3NldHNbMF1cbiAgICAgIGlmIChhc3NldC50eXBlID09PSBBc3NldFR5cGUuaW1hZ2UpIHtcbiAgICAgICAgLy8gRm9yIHBob3Rvcywgb3V0cHV0IHRoZSBpbWFnZSBkaXJlY3RseVxuICAgICAgICBhd2FpdCByZW5kZXIuYXNzZXRCdWZmZXIocmVzLCBzaGFyZWRMaW5rLmFzc2V0c1swXSwgZ2V0U2l6ZShyZXEpKVxuICAgICAgfSBlbHNlIGlmIChhc3NldC50eXBlID09PSBBc3NldFR5cGUudmlkZW8pIHtcbiAgICAgICAgLy8gRm9yIHZpZGVvcywgc2hvdyB0aGUgdmlkZW8gYXMgYSB3ZWIgcGxheWVyXG4gICAgICAgIGF3YWl0IHJlbmRlci5nYWxsZXJ5KHJlcywgc2hhcmVkTGluaywgMSlcbiAgICAgIH1cbiAgICB9IGVsc2Uge1xuICAgICAgLy8gTXVsdGlwbGUgaW1hZ2VzIC0gcmVuZGVyIGFzIGEgZ2FsbGVyeVxuICAgICAgbG9nKCdTZXJ2aW5nIGxpbmsgJyArIHJlcS5wYXJhbXMua2V5KVxuICAgICAgYXdhaXQgcmVuZGVyLmdhbGxlcnkocmVzLCBzaGFyZWRMaW5rKVxuICAgIH1cbiAgfVxufSlcblxuLy8gT3V0cHV0IHRoZSBidWZmZXIgZGF0YSBmb3IgYSBwaG90byBvciB2aWRlb1xuYXBwLmdldCgnLzp0eXBlKHBob3RvfHZpZGVvKS86a2V5LzppZCcsIGFzeW5jIChyZXEsIHJlcykgPT4ge1xuICByZXMuc2V0KCdDYWNoZS1Db250cm9sJywgJ3B1YmxpYywgbWF4LWFnZT0nICsgcHJvY2Vzcy5lbnYuQ0FDSEVfQUdFKVxuICAvLyBDaGVjayBmb3IgdmFsaWQga2V5IGFuZCBJRFxuICBpZiAoaW1taWNoLmlzS2V5KHJlcS5wYXJhbXMua2V5KSAmJiBpbW1pY2guaXNJZChyZXEucGFyYW1zLmlkKSkge1xuICAgIC8vIENoZWNrIGlmIHRoZSBrZXkgaXMgYSB2YWxpZCBzaGFyZSBsaW5rXG4gICAgY29uc3Qgc2hhcmVkTGluayA9IGF3YWl0IGltbWljaC5nZXRTaGFyZUJ5S2V5KHJlcS5wYXJhbXMua2V5KVxuICAgIGlmIChzaGFyZWRMaW5rPy5hc3NldHMubGVuZ3RoKSB7XG4gICAgICAvLyBDaGVjayB0aGF0IHRoZSByZXF1ZXN0ZWQgYXNzZXQgZXhpc3RzIGluIHRoaXMgc2hhcmVcbiAgICAgIGNvbnN0IGFzc2V0ID0gc2hhcmVkTGluay5hc3NldHMuZmluZCh4ID0+IHguaWQgPT09IHJlcS5wYXJhbXMuaWQpXG4gICAgICBpZiAoYXNzZXQpIHtcbiAgICAgICAgYXNzZXQudHlwZSA9IHJlcS5wYXJhbXMudHlwZSA9PT0gJ3ZpZGVvJyA/IEFzc2V0VHlwZS52aWRlbyA6IEFzc2V0VHlwZS5pbWFnZVxuICAgICAgICByZW5kZXIuYXNzZXRCdWZmZXIocmVzLCBhc3NldCwgZ2V0U2l6ZShyZXEpKS50aGVuKClcbiAgICAgICAgcmV0dXJuXG4gICAgICB9XG4gICAgfVxuICB9XG4gIGxvZygnTm8gYXNzZXQgZm91bmQgZm9yICcgKyByZXEucGF0aClcbiAgcmVzLnN0YXR1cyg0MDQpLnNlbmQoKVxufSlcblxuLy8gU2VuZCBhIDQwNCBmb3IgYWxsIG90aGVyIHJvdXRlc1xuYXBwLmdldCgnKicsIChyZXEsIHJlcykgPT4ge1xuICBsb2coJ0ludmFsaWQgcm91dGUgJyArIHJlcS5wYXRoKVxuICByZXMuc3RhdHVzKDQwNCkuc2VuZCgpXG59KVxuXG4vKipcbiAqIFNhbml0aXNlIHRoZSBkYXRhIGZvciBhbiBpbmNvbWluZyBxdWVyeSBzdHJpbmcgYHNpemVgIHBhcmFtZXRlclxuICogZS5nLiBodHRwczovL2V4YW1wbGUuY29tL3NoYXJlL2FiYy4uLnh5ej9zaXplPXRodW1ibmFpbFxuICovXG5jb25zdCBnZXRTaXplID0gKHJlcTogUmVxdWVzdCkgPT4ge1xuICByZXR1cm4gcmVxPy5xdWVyeT8uc2l6ZSA9PT0gJ3RodW1ibmFpbCcgPyBJbWFnZVNpemUudGh1bWJuYWlsIDogSW1hZ2VTaXplLm9yaWdpbmFsXG59XG5cbi8qKlxuICogT3V0cHV0IGEgY29uc29sZS5sb2cgbWVzc2FnZSB3aXRoIHRpbWVzdGFtcFxuICovXG5leHBvcnQgY29uc3QgbG9nID0gKG1lc3NhZ2U6IHN0cmluZykgPT4gY29uc29sZS5sb2coZGF5anMoKS5mb3JtYXQoKSArICcgJyArIG1lc3NhZ2UpXG5cbmFwcC5saXN0ZW4oMzAwMCwgKCkgPT4ge1xuICBjb25zb2xlLmxvZyhkYXlqcygpLmZvcm1hdCgpICsgJyBTZXJ2ZXIgc3RhcnRlZCcpXG59KVxuIl19
\ No newline at end of file
diff --git a/src/index.ts b/src/index.ts
index d72d12f..7862ed1 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -11,12 +11,7 @@ const app = express()
 app.set('view engine', 'ejs')
 app.use(express.static('public'))
 
-const getSize = (req: Request) => {
-  return req?.query?.size === 'thumbnail' ? ImageSize.thumbnail : ImageSize.original
-}
-
-export const log = (message: string) => console.log(dayjs().format() + ' ' + message)
-
+// An incoming request for a shared link
 app.get('/share/:key', async (req, res) => {
   res.set('Cache-Control', 'public, max-age=' + process.env.CACHE_AGE)
   if (!immich.isKey(req.params.key)) {
@@ -49,7 +44,7 @@ app.get('/share/:key', async (req, res) => {
   }
 })
 
-// Output the buffer data for an photo or video
+// Output the buffer data for a photo or video
 app.get('/:type(photo|video)/:key/:id', async (req, res) => {
   res.set('Cache-Control', 'public, max-age=' + process.env.CACHE_AGE)
   // Check for valid key and ID
@@ -70,12 +65,25 @@ app.get('/:type(photo|video)/:key/:id', async (req, res) => {
   res.status(404).send()
 })
 
-// Send a 404 for all other unmatched routes
+// Send a 404 for all other routes
 app.get('*', (req, res) => {
   log('Invalid route ' + req.path)
   res.status(404).send()
 })
 
+/**
+ * Sanitise the data for an incoming query string `size` parameter
+ * e.g. https://example.com/share/abc...xyz?size=thumbnail
+ */
+const getSize = (req: Request) => {
+  return req?.query?.size === 'thumbnail' ? ImageSize.thumbnail : ImageSize.original
+}
+
+/**
+ * Output a console.log message with timestamp
+ */
+export const log = (message: string) => console.log(dayjs().format() + ' ' + message)
+
 app.listen(3000, () => {
   console.log(dayjs().format() + ' Server started')
 })