121c49b35b
docs: update ARCHITECTURE.md and README for 1.0.x fixes
...
Build and Push Docker Image / build (push) Successful in 22s
CI / Security audit (push) Successful in 1m0s
CI / Tests & coverage (push) Successful in 1m14s
ARCHITECTURE.md:
- Cookie secure flag: NODE_ENV → TRUST_PROXY (3 locations)
- upgrade-insecure-requests: document it gates on TRUST_PROXY not NODE_ENV
- Docker image note: NODE_ENV=production no longer implies secure cookies
- Security checklist: clarify TRUST_PROXY enables secure cookie + CSP + HSTS
- dashboard.js route table: add /stream endpoint note
- NODE_ENV env var table: correct description
README.md:
- qBittorrent availability: note red highlight when < 100%
- Login side-effects: secure cookie gated on TRUST_PROXY not NODE_ENV
2026-05-17 10:06:43 +01:00
dcf613446e
docs: final 1.0.0 documentation pass
...
Build and Push Docker Image / build (push) Successful in 28s
CI / Security audit (push) Successful in 50s
CI / Tests & coverage (push) Successful in 1m3s
README.md:
- Node prerequisite: v12+ → v22+
- Real-Time Updates: describe SSE push, remove polling/refresh-selector wording
- On-demand mode: update for SSE connect triggering poll
- API Endpoints: add /stream, /me, /csrf, /user-summary, /status, /cover-art
- Remove stale /api/qbittorrent proxy entry
- Docker tags: update to 1.0.x
SECURITY.md:
- Supported versions: add 1.0.x, retire 0.2.x
- CSP header: add style-src-attr 'unsafe-inline'
- Nginx example: add proxy_buffering off / proxy_read_timeout for SSE
Diagrams:
- seq-dashboard.puml: rewrite as SSE stream sequence (connect,
initial payload, pushed updates, heartbeat, disconnect)
- seq-polling.puml: add SSE subscriber notification step after
cache population
- state-ui.puml: replace Refresh Rate sub-state with SSE Connection
state machine; update splash loading and logout transitions
- state-poller.puml: add Notifying SSE subscribers step in Polling state
package.json: bump to 1.0.0
2026-05-17 09:19:35 +01:00
5fd55b4e1a
test: add comprehensive test suite (115 tests, Vitest + supertest + nock)
...
Build and Push Docker Image / build (push) Successful in 49s
CI / Security audit (push) Successful in 1m23s
CI / Tests & coverage (push) Failing after 2m13s
Framework:
- Vitest v4 as test runner (fast ESM/CJS support, V8 coverage built-in)
- supertest for integration tests against createApp() factory
- nock for HTTP interception (works with CJS require('axios'), unlike vi.mock)
New files:
- vitest.config.js — test config: node env, isolate, V8 coverage, per-file thresholds
- tests/setup.js — isolated DATA_DIR per worker, SKIP_RATE_LIMIT, console suppression
- tests/README.md — approach, structure, design decisions
- server/app.js — testable Express factory (extracted from index.js side-effects)
Unit tests (91 tests):
- tests/unit/sanitizeError.test.js — secret redaction: apikey, token, bearer, basic-auth URLs
- tests/unit/config.test.js — JSON array + legacy single-instance config parsing
- tests/unit/requireAuth.test.js — valid/invalid/tampered cookies, schema validation
- tests/unit/verifyCsrf.test.js — double-submit pattern, timing-safe compare, safe methods
- tests/unit/qbittorrent.test.js — formatBytes, formatEta, mapTorrentToDownload state map
- tests/unit/tokenStore.test.js — store/get/clear lifecycle, TTL expiry, atomic disk write
Integration tests (24 tests):
- tests/integration/health.test.js — /health and /ready endpoints
- tests/integration/auth.test.js — full login/logout/me/csrf flows, input validation,
cookie attributes, no token leakage, Emby mock via nock
Production code changes (minimal, no behaviour change):
- server/routes/auth.js: EMBY_URL captured at request-time (not module load) for testability
- server/routes/auth.js: loginLimiter max → Number.MAX_SAFE_INTEGER when SKIP_RATE_LIMIT set
- server/utils/sanitizeError.js: fix HEADER_PATTERN to redact full line (not just first token)
CI:
- .gitea/workflows/ci.yml: add parallel 'test' job (npm run test:coverage, artifact upload)
- package.json: add test/test:watch/test:coverage/test:ui scripts
- .gitignore: add coverage/
2026-05-17 07:45:33 +01:00
e5b2fc8ea4
docs: add POLL_INTERVAL to README, .env.sample, and .env.example
...
- Document background polling and on-demand mode in README
- Add POLL_INTERVAL to all config examples (Docker, Compose, .env)
- New 'Background Polling' section in Features
- Sanitize leaked credentials in .env.example
2026-05-16 00:32:16 +01:00
6140808efb
feat: compact UI with theme switcher (light/dark/mono)
...
- Redesign download cards to be significantly more compact
- Add CSS custom properties for theming
- Add theme switcher (Light, Dark, Mono) with localStorage persistence
- Update README with environment variable Docker deployment docs
- Update Docker Compose example to use environment: instead of volume mount
2026-05-15 17:28:48 +01:00
a3dbe8b6c0
docs: add Docker deployment instructions and OCI labels
...
Build and Push Docker Image / build (push) Successful in 2m26s
- Add LABEL tags to Dockerfile (OCI standard + custom.hardware.requirement)
- Add dynamic version/created labels in CI workflow
- Add Docker deployment section to README with docker run, compose, and update instructions
- Registry pull source: docker.i3omb.com/sofarr
2026-05-15 16:50:50 +01:00
f500f4db3b
feat: fix download-to-user matching, add cover art to downloads
...
- Fix seriesMap key (use Sonarr internal id, not tvdbId)
- Fix Sonarr tag resolution (use tag map like Radarr)
- Use sourceTitle for history record matching
- Fall back to embedded movie/series objects when API timeouts
- Add includeMovie/includeSeries params to queue/history API calls
- Add coverArt field to all download responses (TMDB poster URLs)
- Add cover art display to frontend download cards
- Fix user-summary route to use instance config and tag maps
2026-05-15 14:54:21 +01:00
5d04d2796b
Initial commit: Media Download Dashboard with SABnzbd, Sonarr, Radarr, and Emby integration
2026-05-15 10:36:29 +01:00
