sofarr

Gandalf/sofarr

Public Access

Fork 0

Commit Graph

Author	SHA1	Message	Date
gronod	dbf45ec31d	fix: secure webhook config endpoint and validate config on Ombi enable/test Build and Push Docker Image / build (push) Successful in 1m4s Details Docs Check / Markdown lint (push) Successful in 1m49s Details Licence Check / Licence compatibility and copyright header verification (push) Failing after 2m22s Details CI / Security audit (push) Successful in 2m44s Details CI / Swagger Validation & Coverage (push) Successful in 2m59s Details Docs Check / Mermaid diagram parse check (push) Successful in 3m11s Details CI / Tests & coverage (push) Successful in 3m27s Details - Add requireAuth to GET /api/webhook/config to enforce authentication - Add SOFARR_BASE_URL and SOFARR_WEBHOOK_SECRET validation to POST /api/ombi/webhook/enable and /test - Return 400 with descriptive errors when webhook config is missing on Ombi routes - Clean up test environment in webhook.test.js afterEach - Add regression tests for all new validation logic - Update CHANGELOG.md with security fixes	2026-05-22 09:50:30 +01:00
gronod	9862c0555c	Handle Ombi API object-format requestedUser field Build and Push Docker Image / build (push) Successful in 47s Details Licence Check / Licence compatibility and copyright header verification (push) Failing after 1m24s Details CI / Security audit (push) Successful in 1m47s Details CI / Swagger Validation & Coverage (push) Successful in 2m11s Details CI / Tests & coverage (push) Successful in 2m27s Details The Ombi API returns requestedUser as an OmbiUser object instead of a string. Add extractRequestedUser helper to extract username from various fields (alias, userAlias, userName, normalizedUserName) with fallback to legacy string format. Update client and server routes to use the helper for consistent username extraction.	2026-05-21 21:56:36 +01:00
gronod	26d9e429a9	test: comprehensive test coverage for Ombi webhook changes Build and Push Docker Image / build (push) Successful in 46s Details Licence Check / Licence compatibility and copyright header verification (push) Successful in 1m21s Details CI / Security audit (push) Successful in 1m37s Details CI / Tests & coverage (push) Successful in 2m13s Details CI / Swagger Validation & Coverage (push) Successful in 1m59s Details This commit addresses code review findings and completes the test coverage plan for the new Ombi webhook functionality introduced in recent commits. Changes: - Removed obsolete tests for getOmbiLink and getOmbiSearchLink functions (replaced by getOmbiDetailsLink in commit "Fix: Generate Ombi links directly from TMDB ID") - Simplified DownloadMatcher.addOmbiMatching tests to match new synchronous implementation (no longer makes API calls, generates links from TMDB IDs) - Added comprehensive integration tests for Ombi webhook endpoints: * GET /api/ombi/webhook/status (6 tests) * POST /api/ombi/webhook/enable (4 tests) * POST /api/ombi/webhook/test (3 tests) - Added frontend state object tests for Ombi fields (7 tests) - Added skipped SSE endpoint tests with documentation (2 tests) - Added skipped frontend API/UI tests with documentation (5 tests) Code review fixes: - Fixed variable shadowing in ombi.test.js (reused outer scope variable) - Removed redundant network error test (duplicate of previous test) - Updated outdated documentation comment for skipped tests Test results: 764 passing, 15 skipped, 34 test files Skipped tests are documented with clear justifications: - SSE endpoint: requires EventSource or manual SSE handling - Frontend API functions: require complex mocking, covered by integration tests - Frontend UI functions: tightly coupled to DOM, better suited for E2E testing - GET /api/ombi/requests: requires complex arrRetrieverRegistry mocking Generated with [Devin](https://cli.devin.ai/docs) Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>	2026-05-21 21:27:51 +01:00

Author

SHA1

Message

Date

gronod

dbf45ec31d

fix: secure webhook config endpoint and validate config on Ombi enable/test

Build and Push Docker Image / build (push) Successful in 1m4s

Details

Docs Check / Markdown lint (push) Successful in 1m49s

Details

Licence Check / Licence compatibility and copyright header verification (push) Failing after 2m22s

Details

CI / Security audit (push) Successful in 2m44s

Details

CI / Swagger Validation & Coverage (push) Successful in 2m59s

Details

Docs Check / Mermaid diagram parse check (push) Successful in 3m11s

Details

CI / Tests & coverage (push) Successful in 3m27s

Details

- Add requireAuth to GET /api/webhook/config to enforce authentication
- Add SOFARR_BASE_URL and SOFARR_WEBHOOK_SECRET validation to POST /api/ombi/webhook/enable and /test
- Return 400 with descriptive errors when webhook config is missing on Ombi routes
- Clean up test environment in webhook.test.js afterEach
- Add regression tests for all new validation logic
- Update CHANGELOG.md with security fixes

2026-05-22 09:50:30 +01:00

gronod

9862c0555c

Handle Ombi API object-format requestedUser field

Build and Push Docker Image / build (push) Successful in 47s

Details

Licence Check / Licence compatibility and copyright header verification (push) Failing after 1m24s

Details

CI / Security audit (push) Successful in 1m47s

Details

CI / Swagger Validation & Coverage (push) Successful in 2m11s

Details

CI / Tests & coverage (push) Successful in 2m27s

Details

The Ombi API returns requestedUser as an OmbiUser object instead of a string.
Add extractRequestedUser helper to extract username from various fields
(alias, userAlias, userName, normalizedUserName) with fallback to legacy string format.
Update client and server routes to use the helper for consistent username extraction.

2026-05-21 21:56:36 +01:00

gronod

26d9e429a9

test: comprehensive test coverage for Ombi webhook changes

Build and Push Docker Image / build (push) Successful in 46s

Details

Licence Check / Licence compatibility and copyright header verification (push) Successful in 1m21s

Details

CI / Security audit (push) Successful in 1m37s

Details

CI / Tests & coverage (push) Successful in 2m13s

Details

CI / Swagger Validation & Coverage (push) Successful in 1m59s

Details

This commit addresses code review findings and completes the test coverage
plan for the new Ombi webhook functionality introduced in recent commits.

Changes:
- Removed obsolete tests for getOmbiLink and getOmbiSearchLink functions
  (replaced by getOmbiDetailsLink in commit "Fix: Generate Ombi links directly
  from TMDB ID")
- Simplified DownloadMatcher.addOmbiMatching tests to match new synchronous
  implementation (no longer makes API calls, generates links from TMDB IDs)
- Added comprehensive integration tests for Ombi webhook endpoints:
  * GET /api/ombi/webhook/status (6 tests)
  * POST /api/ombi/webhook/enable (4 tests)
  * POST /api/ombi/webhook/test (3 tests)
- Added frontend state object tests for Ombi fields (7 tests)
- Added skipped SSE endpoint tests with documentation (2 tests)
- Added skipped frontend API/UI tests with documentation (5 tests)

Code review fixes:
- Fixed variable shadowing in ombi.test.js (reused outer scope variable)
- Removed redundant network error test (duplicate of previous test)
- Updated outdated documentation comment for skipped tests

Test results: 764 passing, 15 skipped, 34 test files

Skipped tests are documented with clear justifications:
- SSE endpoint: requires EventSource or manual SSE handling
- Frontend API functions: require complex mocking, covered by integration tests
- Frontend UI functions: tightly coupled to DOM, better suited for E2E testing
- GET /api/ombi/requests: requires complex arrRetrieverRegistry mocking

Generated with [Devin](https://cli.devin.ai/docs)

Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>

2026-05-21 21:27:51 +01:00

3 Commits