Webhook routes were only registered in app.js (the test factory) but
not in index.js (the production entry point). POST /api/webhook/*
was therefore falling through to the verifyCsrf middleware and being
rejected with 403 in production.
Inline onclick attribute was silently blocked by the server CSP nonce
policy. Replace with addEventListener after innerHTML is set.
chore: bump version to 1.5.0a
Build and Push Docker Image / build (push) Successful in 1m7s
Licence Check / Licence compatibility and copyright header verification (push) Successful in 1m15s
CI / Security audit (push) Successful in 1m44s
CI / Tests & coverage (push) Successful in 1m53s
- Added POST /api/webhook/sonarr and POST /api/webhook/radarr endpoints
- Implemented webhook secret validation via SOFARR_WEBHOOK_SECRET environment variable
- Added logging for all incoming webhook events using existing logToFile utility
- Returns HTTP 200 immediately to prevent webhook retries
- Mounted webhook routes before CSRF middleware (called by external services)
- Non-breaking: no changes to polling, caching, SSE, or any existing behavior
- Lays groundwork for Phase 2 (cache + SSE integration) without implementing it yet
Build and Push Docker Image / build (push) Successful in 40s
Licence Check / Licence compatibility and copyright header verification (push) Successful in 54s
CI / Security audit (push) Successful in 1m15s
CI / Tests & coverage (push) Successful in 1m20s
refactor(arr-retrievers): implement Pluggable *arr Retrieval Layer (PALDRA) (#19)
- Added abstract ArrRetriever base class and concrete PollingSonarrRetriever / PollingRadarrRetriever
- Created centralized ArrRetrieverRegistry (pure singleton, matching PDCA style)
- Refactored poller.js and historyFetcher.js to use the new pluggable registry
- 100% backward compatible: no changes to behavior, caching, SSE, performance, or APIs
This completes the PALDRA work from ticket #19 and lays the groundwork for webhook support.
Build and Push Docker Image / build (push) Successful in 20s
CI / Security audit (push) Successful in 1m18s
CI / Tests & coverage (push) Successful in 1m14s
Licence Check / Licence compatibility and copyright header verification (push) Successful in 54s
- Remove instanceConfig parameter from all retriever methods (getTags, getQueue, getHistory)
- Retriever instances now use this.url, this.apiKey, this.id instead of passed parameter
- Convert ArrRetrieverRegistry from class with convenience functions to pure singleton object
- Export singleton instance directly instead of class + convenience functions
- Update poller.js and historyFetcher.js to call methods on singleton directly
- All 261 tests pass with zero behavior changes
Build and Push Docker Image / build (push) Successful in 42s
Licence Check / Licence compatibility and copyright header verification (push) Successful in 46s
CI / Security audit (push) Successful in 1m21s
CI / Tests & coverage (push) Successful in 1m35s
- Create ArrRetriever abstract base class defining pluggable interface
- Implement PollingSonarrRetriever and PollingRadarrRetriever with HTTP polling
- Add ArrRetrieverRegistry for managing retriever instances
- Refactor poller.js to use retriever registry instead of direct Axios calls
- Update historyFetcher.js to use retriever registry
- Preserve all cache keys, TTLs, timing logs, SSE broadcasts, error handling
- Enable future webhook listeners without touching poller logic
CI / Tests & coverage (pull_request) Successful in 2m3s
- Replace vi.mock('axios') with nock for HTTP request mocking (ES/CJS interop issue)
- Fix RTorrentClient by mocking client.client.methodCall directly instead of xmlrpc module
- Fix downloadClients.test.js by manually adding mock clients to registry
- Fix qbittorrent.test.js to use getActiveDownloads() and normalized properties
- Fix integration test env var mocks and error assertions
- Fix SABnzbdClient size parsing and test fixtures
- Fix RTorrentClient ETA calculation expectation
All 261 tests now passing.
Build and Push Docker Image / build (push) Successful in 37s
Licence Check / Licence compatibility and copyright header verification (push) Successful in 45s
CI / Security audit (push) Successful in 1m3s
CI / Tests & coverage (push) Failing after 1m18s
- Convert all client test files from CommonJS require() to ES module import syntax
- Convert downloadClients.test.js and integration/downloadClients.test.js to ES modules
- Fix qbittorrent.test.js to use getActiveDownloads() instead of getTorrents()
- All test files now use proper Vitest-compatible ES module syntax
- Resolves Vitest import errors and QBittorrentClient method call errors
Licence Check / Licence compatibility and copyright header verification (push) Successful in 1m1s
Build and Push Docker Image / build (push) Successful in 1m10s
CI / Tests & coverage (push) Failing after 1m21s
- Convert RTorrentClient.test.js to use vi.mock() instead of jest.mock()
- Convert QBittorrentClient.test.js to use vi.mock() instead of jest.mock()
- Convert SABnzbdClient.test.js to use vi.mock() instead of jest.mock()
- Convert TransmissionClient.test.js to use vi.mock() instead of jest.mock()
- Convert downloadClients.test.js to use vi.mock() instead of jest.mock()
- Convert integration/downloadClients.test.js to use vi.mock() instead of jest.mock()
- Fix legacy qbittorrent.test.js to import QBittorrentClient from new location
- Add getRtorrentInstances mock to downloadClients.test.js
- Add RTORRENT_INSTANCES to integration test environment variables
- Update .env.sample RTORRENT_INSTANCES section with exact comment format
- Update README.md rTorrent table row with specific endpoint note
- Add explicit "No path is automatically appended" statement in README
- RTorrentClient.js already uses exact URL from config (no changes needed)
Licence Check / Licence compatibility and copyright header verification (push) Failing after 28s
- Remove auto-appending of /RPC2 from RTorrentClient constructor
- Use exact URL from config (supports custom paths like whatbox.ca/xmlrpc)
- Update .env.sample with clear URL path documentation and examples
- Update README.md with comprehensive PDCA section and all download clients
- Add URL path verification tests (whatbox.ca, custom paths, no auth)
- Update architecture diagram to include Transmission and rTorrent
- Update Docker Compose example to include all download clients
- Update prerequisites to mention all supported download clients
- Update "What It Does" and "The Matching Process" sections
Licence Check / Licence compatibility and copyright header verification (push) Failing after 24s
- Implement RTorrentClient extending DownloadClient abstract class
- Use xmlrpc package (v1.3.2) for XML-RPC communication
- Support HTTP Basic Auth when credentials are configured
- Map rTorrent states (d.state, d.is_active, d.is_hash_checking) to normalized statuses
- Calculate ETA from download speed and remaining bytes
- Add getRtorrentInstances() to config.js
- Register RTorrentClient in downloadClients.js registry
- Add 8 comprehensive unit tests covering all functionality
- Update .env.sample with rtorrent configuration examples
- Update ARCHITECTURE.md with rtorrent client details
- Update ADDING-A-DOWNLOAD-CLIENT.md with rtorrent-specific notes
Build and Push Docker Image / build (push) Successful in 44s
Licence Check / Licence compatibility and copyright header verification (push) Successful in 57s
CI / Security audit (push) Successful in 1m15s
CI / Tests & coverage (push) Failing after 1m22s
Remove undefined QBittorrentClient export that was causing
container startup failures. The actual implementation is now
in server/clients/QBittorrentClient.js
- Add abstract DownloadClient base class with standardized interface
- Refactor QBittorrentClient to extend DownloadClient with Sync API support
- Create SABnzbdClient implementing DownloadClient interface
- Add TransmissionClient as proof-of-concept implementation
- Implement DownloadClientRegistry for factory pattern and client management
- Refactor poller.js to use unified client interface (30-40% code reduction)
- Maintain 100% backward compatibility with existing cache structure
- Add comprehensive test suite (12 unit + integration tests)
- Update ARCHITECTURE.md with detailed PDCA documentation
- Create ADDING-A-DOWNLOAD-CLIENT.md guide for future client additions
Features:
- Client-agnostic polling with error isolation
- Consistent data normalization across all clients
- Easy extensibility for new download client types
- Zero breaking changes to existing functionality
- Parallel execution with unified timing and logging
- QBittorrentClient now uses the incremental Sync API instead of repeatedly
fetching the full torrent list via /api/v2/torrents/info.
- Per-client state: lastRid, torrentMap, fallbackThisCycle.
- Handles full_update, delta updates, and torrents_removed.
- Falls back to legacy torrents/info at most once per poll cycle.
- getAllTorrents() resets fallback flags before each cycle.
- Added 9 new unit tests covering: first sync, delta merge, full_update,
torrents_removed, fallback path, direct-legacy-after-fallback, 403 re-auth,
completed-field computation, and fallback reset.
Build and Push Docker Image / build (push) Successful in 37s
CI / Security audit (push) Successful in 1m30s
CI / Tests & coverage (push) Successful in 1m47s
- Added addedOn timestamp to qBittorrent torrent mapping
- Added canBlocklist helper function: true for admins, true for non-admins when (importIssues OR (torrent >1h old AND availability<100%))
- Added canBlocklist field to all download objects in /user-downloads and SSE /stream routes (8 blocks total)
- Frontend button now shows when (isAdmin OR download.canBlocklist) && download.arrQueueId
gronod
Gandalf