Merge branch 'main' of https://git.i3omb.com/Gandalf/sofarr

Reviewed-on: #17

.gitea/workflows/licence-check.yml

@@ -7,16 +7,24 @@ on:
       - "package.json"
       - "package-lock.json"
       - ".gitea/workflows/licence-check.yml"
+      - "**/*.js"
+      - "**/*.ts"
+      - "**/*.jsx"
+      - "**/*.tsx"
   pull_request:
     branches: ["**", "!main", "!release/**"]
     paths:
       - "package.json"
       - "package-lock.json"
       - ".gitea/workflows/licence-check.yml"
+      - "**/*.js"
+      - "**/*.ts"
+      - "**/*.jsx"
+      - "**/*.tsx"
 
 jobs:
   licence-check:
-    name: Dependency licence compatibility
+    name: Licence compatibility and copyright header verification
     runs-on: ubuntu-latest
     continue-on-error: true
     steps:
@@ -36,3 +44,40 @@ jobs:
             --onlyAllow "MIT;ISC;MIT-0;BSD-2-Clause;BSD-3-Clause;Apache-2.0;CC0-1.0;BlueOak-1.0.0" \
             --excludePrivatePackages \
             && echo "All production dependency licences are compatible with MIT."
+
+      - name: Check copyright headers in source files
+        run: |
+          #!/bin/bash
+          set -e
+          
+          # Find all source files, excluding build artifacts and node_modules
+          SOURCE_FILES=$(find . -type f \( -name "*.js" -o -name "*.ts" -o -name "*.jsx" -o -name "*.tsx" \) \
+            ! -path "./node_modules/*" \
+            ! -path "./.git/*" \
+            ! -path "./dist/*" \
+            ! -path "./build/*" \
+            ! -path "./.gitea/*")
+          
+          MISSING_HEADER=0
+          
+          # Check each file for MIT-compliant copyright header
+          while IFS= read -r file; do
+            if [ -z "$file" ]; then
+              continue
+            fi
+            
+            # Check if file starts with a copyright header containing: Copyright, year (4 digits), name, and MIT License
+            if ! head -n 5 "$file" | grep -qiE "Copyright.*[0-9]{4}.*MIT"; then
+              echo "❌ Missing MIT-compliant copyright header in: $file"
+              echo "   Required format: // Copyright (c) YYYY Name. MIT License."
+              MISSING_HEADER=$((MISSING_HEADER + 1))
+            fi
+          done <<< "$SOURCE_FILES"
+          
+          if [ $MISSING_HEADER -gt 0 ]; then
+            echo ""
+            echo "⚠️  Found $MISSING_HEADER file(s) with missing or non-compliant copyright headers."
+            exit 1
+          else
+            echo "✅ All source files have MIT-compliant copyright headers."
+          fi

CHANGELOG.md

@@ -24,6 +24,9 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 - History records are now deduplicated server-side before being sent to the client — only the most relevant record per content item per instance is returned.
 - Import-issue badge tooltip now uses the themed `var(--surface)` / `var(--text-primary)` / `var(--border)` CSS variables, matching the episode and toggle tooltip style.
 - Poller now stores `_instanceKey` on Sonarr/Radarr queue records in the cache, enabling the backend to look up API credentials for blocklist operations without an additional configuration lookup.
+- **Blocklist & Search button** — now available on all admin downloads (not just those with import issues), and also available to non-admin users when: import issues are present, OR (for qBittorrent torrents only) the download is more than 1 hour old AND has less than 100% availability.
+- **Download object** — added `canBlocklist` boolean field to indicate whether the current user can blocklist a given download.
+- **qBittorrent torrent data** — added `addedOn` timestamp field to enable age-based blocklist eligibility checks.
 
 ---
 

README.md

@@ -280,7 +280,7 @@ sofarr polls all configured services in the background and caches the results. D
 - `GET /api/dashboard/user-summary` — Per-user download counts (admin)
 - `GET /api/dashboard/status` — Server / polling / cache status (admin)
 - `GET /api/dashboard/cover-art` — Proxied cover art image
-- `POST /api/dashboard/blocklist-search` — Blocklist a release and trigger a new search (admin)
+- `POST /api/dashboard/blocklist-search` — Blocklist a release and trigger a new search (admin or non-admin with eligibility: import issues OR torrent >1h old AND availability<100%)
 
 ### History
 - `GET /api/history/recent` — Recently completed downloads from Sonarr/Radarr history

client/src/App.jsx

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 import { useState, useEffect } from 'react';
 import axios from 'axios';
 import './App.css';

client/src/main.jsx

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 import React from 'react'
 import ReactDOM from 'react-dom/client'
 import App from './App.jsx'

client/vite.config.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
 

docs/ARCHITECTURE.md

@@ -161,7 +161,6 @@ sofarr/
 │   └── integration/            # Supertest integration tests (nock for external HTTP)
 ├── docs/
 │   ├── ARCHITECTURE.md         # This document
-│   └── diagrams/               # PlantUML source files
 ├── .gitea/workflows/
 │   ├── ci.yml                  # Security audit + test/coverage CI jobs
 │   ├── build-image.yml         # Docker image build and push
@@ -314,7 +313,7 @@ For each connected user the server:
 | See download/target paths | ✗ | ✓ |
 | See Sonarr/Radarr links | ✗ | ✓ |
 | View status panel | ✗ | ✓ |
-| Blocklist & search (import-pending) | ✗ | ✓ |
+| Blocklist & search | ✓ (when import issues OR torrent >1h old AND availability<100%) | ✓ (all downloads) |
 
 ### Tag Matching
 
@@ -415,6 +414,7 @@ Each matched download produces an object with:
 | `tagBadges` | `{label, matchedUser}[]` / undefined | (Admin `showAll` only) Each tag classified against full Emby user list |
 | `importIssues` | string[] / null | Import warning/error messages |
 | `availableForUpgrade` | boolean / undefined | (History) `true` when outcome is `failed` but the content is already on disk (failed upgrade attempt) |
+| `canBlocklist` | boolean | `true` if the current user can blocklist this download (admin: always; non-admin: when import issues OR torrent >1h old AND availability<100%) |
 | `downloadPath` | string / null | (Admin) Download client path |
 | `targetPath` | string / null | (Admin) *arr target path |
 | `arrLink` | string / null | (Admin) Link to *arr web UI |
@@ -424,6 +424,7 @@ Each matched download produces an object with:
 | `arrInstanceKey` | string / null | (Admin, import-pending only) API key for the *arr instance |
 | `arrContentId` | number / null | (Admin, import-pending only) `episodeId` (Sonarr) or `movieId` (Radarr) for triggering a new search |
 | `arrContentType` | `'episode'`/`'movie'` / null | (Admin, import-pending only) Content type for the search command |
+| `addedOn` | number / null | (qBittorrent only) Unix timestamp when the torrent was added, used for age-based blocklist eligibility |
 
 ---
 
@@ -604,7 +605,9 @@ Admin-only per-user download counts (fetches live from APIs, not cached).
 
 ### `POST /api/dashboard/blocklist-search`
 
-Admin-only. Removes a Sonarr/Radarr queue item with `blocklist=true` (preventing the same release being grabbed again), then immediately triggers an `EpisodeSearch` or `MoviesSearch` command.
+Removes a Sonarr/Radarr queue item with `blocklist=true` (preventing the same release being grabbed again), then immediately triggers an `EpisodeSearch` or `MoviesSearch` command.
+
+**Access:** Admin users can blocklist any download. Non-admin users can only blocklist downloads that meet specific eligibility criteria: import issues are present, OR (for qBittorrent torrents only) the download is more than 1 hour old AND has less than 100% availability. The frontend only shows the button when the user is eligible.
 
 Requires CSRF token (`X-CSRF-Token` header).
 
@@ -633,7 +636,7 @@ Requires CSRF token (`X-CSRF-Token` header).
 
 **Response (400):** Missing or invalid fields.
 
-**Response (403):** Non-admin user.
+**Response (403):** Non-admin user attempting to blocklist without meeting eligibility criteria (no import issues and not an eligible torrent).
 
 **Response (502):** Upstream *arr call failed.
 
@@ -897,21 +900,23 @@ volumes:
 
 ### CI / CD
 
-The `.gitea/workflows/` directory contains three pipeline definitions:
+The `.gitea/workflows/` directory contains five pipeline definitions:
 
 | File | Trigger | Purpose |
 |------|---------|--------|
-| `ci.yml` | Every push / PR | Security audit (`npm audit --audit-level=high`) + tests with V8 coverage |
-| `build-image.yml` | Push to `main` / `develop` | Build and push Docker image to `docker.i3omb.com` |
-| `create-release.yml` | Tag push (`v*`) | Create a Gitea release |
+| `ci.yml` | Every push / PR (all branches) | Security audit (`npm audit --audit-level=high`) + tests with V8 coverage |
+| `build-image.yml` | Push to `release/**` or `develop` | Build and push Docker image to `reg.i3omb.com`. `release/**` pushes versioned + `latest` tags; `develop` pushes a `:develop` tag. |
+| `create-release.yml` | Tag push (`v*`) | Generate release notes from git log and create a Gitea release |
+| `docs-check.yml` | Push / PR touching `**.md` (non-main / non-release branches) | Markdown lint + Mermaid diagram parse validation |
+| `licence-check.yml` | Push / PR touching `package.json` or `package-lock.json` | Verify all production dependency licences are compatible with MIT |
 
-> **Diagrams** are written in Mermaid and render natively in Gitea — no CI workflow required. See [Section 13](#13-diagrams).
+> **Diagrams** are written in Mermaid and render natively in Gitea — no separate diagram files or CI render step required. See [Section 13](#13-diagrams).
 
 ---
 
 ## 13. Diagrams
 
-All diagrams are written in [Mermaid](https://mermaid.js.org/) and render natively in Gitea and GitHub markdown.
+All diagrams are written in [Mermaid](https://mermaid.js.org/) and render natively in Gitea and GitHub markdown. No external tooling or PNG exports are required — the source is the diagram.
 
 ### 13.1 Component Diagram
 
@@ -1298,6 +1303,13 @@ classDiagram
         +availability string
         +hash string
         +completedAt string
+        +canBlocklist boolean
+        +addedOn number
+        +arrQueueId number
+        +arrType string
+        +arrInstanceUrl string
+        +arrContentId number
+        +arrContentType string
     }
     class TagBadge {
         +label string
@@ -1342,6 +1354,7 @@ classDiagram
         +num_seeds number
         +num_leechs number
         +availability number
+        +added_on number
     }
     class SonarrQueueRecord {
         +seriesId number

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "sofarr",
-  "version": "1.1.2",
+  "version": "1.3.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "sofarr",
-      "version": "1.1.2",
+      "version": "1.3.0",
       "license": "MIT",
       "dependencies": {
         "axios": "^1.6.0",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "sofarr",
-  "version": "1.3.0",
+  "version": "1.3.1",
   "description": "A personal media download dashboard that shows your downloads 'so far' while you relax on the sofa waiting for your *arr services to finish",
   "main": "server/index.js",
   "scripts": {

public/app.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 let currentUser = null;
 let downloads = [];
 let isAdmin = false;
@@ -554,15 +555,15 @@ function createDownloadCard(download) {
     issueBadge.textContent = 'Import Pending';
     issueBadge.setAttribute('data-tooltip', download.importIssues.join('\n'));
     header.appendChild(issueBadge);
+  }
 
-    if (isAdmin && download.arrQueueId) {
-      const blBtn = document.createElement('button');
-      blBtn.className = 'blocklist-search-btn';
-      blBtn.textContent = '⛔ Blocklist & Search';
-      blBtn.title = 'Remove this release from the download client, add it to the blocklist, and trigger a new automatic search';
-      blBtn.addEventListener('click', () => handleBlocklistSearch(blBtn, download));
-      header.appendChild(blBtn);
-    }
+  if ((isAdmin || download.canBlocklist) && download.arrQueueId) {
+    const blBtn = document.createElement('button');
+    blBtn.className = 'blocklist-search-btn';
+    blBtn.textContent = '⛔ Blocklist & Search';
+    blBtn.title = 'Remove this release from the download client, add it to the blocklist, and trigger a new automatic search';
+    blBtn.addEventListener('click', () => handleBlocklistSearch(blBtn, download));
+    header.appendChild(blBtn);
   }
   
   const title = document.createElement('h3');

server/app.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Express application factory — imported by both server/index.js (production)
  * and the test suite. Keeping app creation separate from app.listen() means

server/index.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Gordon Bolton. MIT License.
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const path = require('path');
 const cookieParser = require('cookie-parser');

server/middleware/requireAuth.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 function requireAuth(req, res, next) {
   const signed = !!process.env.COOKIE_SECRET;
   const raw = signed ? req.signedCookies.emby_user : req.cookies.emby_user;

server/middleware/verifyCsrf.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * CSRF protection using the double-submit cookie pattern.
  *

server/routes/auth.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const axios = require('axios');
 const crypto = require('crypto');

server/routes/dashboard.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const router = express.Router();
 const requireAuth = require('../middleware/requireAuth');
@@ -94,6 +95,23 @@ function getRadarrLink(movie) {
   return `${movie._instanceUrl}/movie/${movie.titleSlug}`;
 }
 
+// Determine if a download can be blocklisted by the current user
+// Admins: always true (they have arrQueueId)
+// Non-admins: true if importIssues OR (torrent >1h old AND availability<100%)
+function canBlocklist(download, isAdmin) {
+  if (isAdmin) return true;
+  if (download.importIssues && download.importIssues.length > 0) return true;
+  if (download.qbittorrent && download.addedOn && download.availability) {
+    const oneHourAgo = Date.now() - 3600000; // 1 hour in ms
+    const addedOn = new Date(download.addedOn).getTime();
+    const isOldEnough = addedOn < oneHourAgo;
+    const availability = parseFloat(download.availability);
+    const isLowAvailability = availability < 100;
+    return isOldEnough && isLowAvailability;
+  }
+  return false;
+}
+
 // Extract episode info from a Sonarr queue/history record.
 // Returns { season, episode, title } or null if data is missing.
 function extractEpisode(record) {
@@ -321,15 +339,14 @@ router.get('/user-downloads', requireAuth, async (req, res) => {
                   dlObj.downloadPath = slot.storage || null;
                   dlObj.targetPath = series.path || null;
                   dlObj.arrLink = getSonarrLink(series);
-                  if (issues) {
-                    dlObj.arrQueueId = sonarrMatch.id;
-                    dlObj.arrType = 'sonarr';
-                    dlObj.arrInstanceUrl = sonarrMatch._instanceUrl || null;
-                    dlObj.arrInstanceKey = sonarrMatch._instanceKey || null;
-                    dlObj.arrContentId = sonarrMatch.episodeId || null;
-                    dlObj.arrContentType = 'episode';
-                  }
+                  dlObj.arrQueueId = sonarrMatch.id;
+                  dlObj.arrType = 'sonarr';
+                  dlObj.arrInstanceUrl = sonarrMatch._instanceUrl || null;
+                  dlObj.arrInstanceKey = sonarrMatch._instanceKey || null;
+                  dlObj.arrContentId = sonarrMatch.episodeId || null;
+                  dlObj.arrContentType = 'episode';
                 }
+                dlObj.canBlocklist = canBlocklist(dlObj, isAdmin);
                 userDownloads.push(dlObj);
               }
             }
@@ -371,15 +388,14 @@ router.get('/user-downloads', requireAuth, async (req, res) => {
                   dlObj.downloadPath = slot.storage || null;
                   dlObj.targetPath = movie.path || null;
                   dlObj.arrLink = getRadarrLink(movie);
-                  if (issues) {
-                    dlObj.arrQueueId = radarrMatch.id;
-                    dlObj.arrType = 'radarr';
-                    dlObj.arrInstanceUrl = radarrMatch._instanceUrl || null;
-                    dlObj.arrInstanceKey = radarrMatch._instanceKey || null;
-                    dlObj.arrContentId = radarrMatch.movieId || null;
-                    dlObj.arrContentType = 'movie';
-                  }
+                  dlObj.arrQueueId = radarrMatch.id;
+                  dlObj.arrType = 'radarr';
+                  dlObj.arrInstanceUrl = radarrMatch._instanceUrl || null;
+                  dlObj.arrInstanceKey = radarrMatch._instanceKey || null;
+                  dlObj.arrContentId = radarrMatch.movieId || null;
+                  dlObj.arrContentType = 'movie';
                 }
+                dlObj.canBlocklist = canBlocklist(dlObj, isAdmin);
                 userDownloads.push(dlObj);
               }
             }
@@ -536,15 +552,14 @@ router.get('/user-downloads', requireAuth, async (req, res) => {
                 download.downloadPath = download.savePath || null;
                 download.targetPath = series.path || null;
                 download.arrLink = getSonarrLink(series);
-                if (sonarrIssues) {
-                  download.arrQueueId = sonarrMatch.id;
-                  download.arrType = 'sonarr';
-                  download.arrInstanceUrl = sonarrMatch._instanceUrl || null;
-                  download.arrInstanceKey = sonarrMatch._instanceKey || null;
-                  download.arrContentId = sonarrMatch.episodeId || null;
-                  download.arrContentType = 'episode';
-                }
+                download.arrQueueId = sonarrMatch.id;
+                download.arrType = 'sonarr';
+                download.arrInstanceUrl = sonarrMatch._instanceUrl || null;
+                download.arrInstanceKey = sonarrMatch._instanceKey || null;
+                download.arrContentId = sonarrMatch.episodeId || null;
+                download.arrContentType = 'episode';
               }
+              download.canBlocklist = canBlocklist(download, isAdmin);
               userDownloads.push(download);
               continue; // Skip to next torrent
             }
@@ -579,15 +594,14 @@ router.get('/user-downloads', requireAuth, async (req, res) => {
                 download.downloadPath = download.savePath || null;
                 download.targetPath = movie.path || null;
                 download.arrLink = getRadarrLink(movie);
-                if (radarrIssues) {
-                  download.arrQueueId = radarrMatch.id;
-                  download.arrType = 'radarr';
-                  download.arrInstanceUrl = radarrMatch._instanceUrl || null;
-                  download.arrInstanceKey = radarrMatch._instanceKey || null;
-                  download.arrContentId = radarrMatch.movieId || null;
-                  download.arrContentType = 'movie';
-                }
+                download.arrQueueId = radarrMatch.id;
+                download.arrType = 'radarr';
+                download.arrInstanceUrl = radarrMatch._instanceUrl || null;
+                download.arrInstanceKey = radarrMatch._instanceKey || null;
+                download.arrContentId = radarrMatch.movieId || null;
+                download.arrContentType = 'movie';
               }
+              download.canBlocklist = canBlocklist(download, isAdmin);
               userDownloads.push(download);
               continue; // Skip to next torrent
             }
@@ -925,7 +939,8 @@ router.get('/stream', requireAuth, async (req, res) => {
                 const dlObj = { type: 'series', title: nzbName, coverArt: getCoverArt(series), status: slotState.status, progress: slot.percentage, mb: slot.mb, mbmissing: slot.mbmissing, size: slot.size, speed: slotState.speed, eta: slot.timeleft, seriesName: series.title, episodes: gatherEpisodes(nzbNameLower, sonarrQueue.data.records), allTags, matchedUserTag: matchedUserTag || null, tagBadges: showAll ? buildTagBadges(allTags, embyUserMap) : undefined };
                 const issues = getImportIssues(sonarrMatch);
                 if (issues) dlObj.importIssues = issues;
-                if (isAdmin) { dlObj.downloadPath = slot.storage || null; dlObj.targetPath = series.path || null; dlObj.arrLink = getSonarrLink(series); if (issues) { dlObj.arrQueueId = sonarrMatch.id; dlObj.arrType = 'sonarr'; dlObj.arrInstanceUrl = sonarrMatch._instanceUrl || null; dlObj.arrInstanceKey = sonarrMatch._instanceKey || null; dlObj.arrContentId = sonarrMatch.episodeId || null; dlObj.arrContentType = 'episode'; } }
+                if (isAdmin) { dlObj.downloadPath = slot.storage || null; dlObj.targetPath = series.path || null; dlObj.arrLink = getSonarrLink(series); dlObj.arrQueueId = sonarrMatch.id; dlObj.arrType = 'sonarr'; dlObj.arrInstanceUrl = sonarrMatch._instanceUrl || null; dlObj.arrInstanceKey = sonarrMatch._instanceKey || null; dlObj.arrContentId = sonarrMatch.episodeId || null; dlObj.arrContentType = 'episode'; }
+                dlObj.canBlocklist = canBlocklist(dlObj, isAdmin);
                 userDownloads.push(dlObj);
               }
             }
@@ -944,7 +959,8 @@ router.get('/stream', requireAuth, async (req, res) => {
                 const dlObj = { type: 'movie', title: nzbName, coverArt: getCoverArt(movie), status: slotState.status, progress: slot.percentage, mb: slot.mb, mbmissing: slot.mbmissing, size: slot.size, speed: slotState.speed, eta: slot.timeleft, movieName: movie.title, movieInfo: radarrMatch, allTags, matchedUserTag: matchedUserTag || null, tagBadges: showAll ? buildTagBadges(allTags, embyUserMap) : undefined };
                 const issues = getImportIssues(radarrMatch);
                 if (issues) dlObj.importIssues = issues;
-                if (isAdmin) { dlObj.downloadPath = slot.storage || null; dlObj.targetPath = movie.path || null; dlObj.arrLink = getRadarrLink(movie); if (issues) { dlObj.arrQueueId = radarrMatch.id; dlObj.arrType = 'radarr'; dlObj.arrInstanceUrl = radarrMatch._instanceUrl || null; dlObj.arrInstanceKey = radarrMatch._instanceKey || null; dlObj.arrContentId = radarrMatch.movieId || null; dlObj.arrContentType = 'movie'; } }
+                if (isAdmin) { dlObj.downloadPath = slot.storage || null; dlObj.targetPath = movie.path || null; dlObj.arrLink = getRadarrLink(movie); dlObj.arrQueueId = radarrMatch.id; dlObj.arrType = 'radarr'; dlObj.arrInstanceUrl = radarrMatch._instanceUrl || null; dlObj.arrInstanceKey = radarrMatch._instanceKey || null; dlObj.arrContentId = radarrMatch.movieId || null; dlObj.arrContentType = 'movie'; }
+                dlObj.canBlocklist = canBlocklist(dlObj, isAdmin);
                 userDownloads.push(dlObj);
               }
             }
@@ -1011,7 +1027,8 @@ router.get('/stream', requireAuth, async (req, res) => {
               const download = mapTorrentToDownload(torrent);
               Object.assign(download, { type: 'series', coverArt: getCoverArt(series), seriesName: series.title, episodes: gatherEpisodes(torrentNameLower, sonarrQueue.data.records), allTags, matchedUserTag: matchedUserTag || null, tagBadges: showAll ? buildTagBadges(allTags, embyUserMap) : undefined });
               const issues = getImportIssues(sonarrMatch); if (issues) download.importIssues = issues;
-              if (isAdmin) { download.downloadPath = download.savePath || null; download.targetPath = series.path || null; download.arrLink = getSonarrLink(series); if (issues) { download.arrQueueId = sonarrMatch.id; download.arrType = 'sonarr'; download.arrInstanceUrl = sonarrMatch._instanceUrl || null; download.arrInstanceKey = sonarrMatch._instanceKey || null; download.arrContentId = sonarrMatch.episodeId || null; download.arrContentType = 'episode'; } }
+              if (isAdmin) { download.downloadPath = download.savePath || null; download.targetPath = series.path || null; download.arrLink = getSonarrLink(series); download.arrQueueId = sonarrMatch.id; download.arrType = 'sonarr'; download.arrInstanceUrl = sonarrMatch._instanceUrl || null; download.arrInstanceKey = sonarrMatch._instanceKey || null; download.arrContentId = sonarrMatch.episodeId || null; download.arrContentType = 'episode'; }
+              download.canBlocklist = canBlocklist(download, isAdmin);
               userDownloads.push(download); continue;
             }
           }
@@ -1027,7 +1044,8 @@ router.get('/stream', requireAuth, async (req, res) => {
               const download = mapTorrentToDownload(torrent);
               Object.assign(download, { type: 'movie', coverArt: getCoverArt(movie), movieName: movie.title, movieInfo: radarrMatch, allTags, matchedUserTag: matchedUserTag || null, tagBadges: showAll ? buildTagBadges(allTags, embyUserMap) : undefined });
               const issues = getImportIssues(radarrMatch); if (issues) download.importIssues = issues;
-              if (isAdmin) { download.downloadPath = download.savePath || null; download.targetPath = movie.path || null; download.arrLink = getRadarrLink(movie); if (issues) { download.arrQueueId = radarrMatch.id; download.arrType = 'radarr'; download.arrInstanceUrl = radarrMatch._instanceUrl || null; download.arrInstanceKey = radarrMatch._instanceKey || null; download.arrContentId = radarrMatch.movieId || null; download.arrContentType = 'movie'; } }
+              if (isAdmin) { download.downloadPath = download.savePath || null; download.targetPath = movie.path || null; download.arrLink = getRadarrLink(movie); download.arrQueueId = radarrMatch.id; download.arrType = 'radarr'; download.arrInstanceUrl = radarrMatch._instanceUrl || null; download.arrInstanceKey = radarrMatch._instanceKey || null; download.arrContentId = radarrMatch.movieId || null; download.arrContentType = 'movie'; }
+              download.canBlocklist = canBlocklist(download, isAdmin);
               userDownloads.push(download); continue;
             }
           }

server/routes/emby.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const axios = require('axios');
 const router = express.Router();

server/routes/history.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const router = express.Router();
 const axios = require('axios');

server/routes/radarr.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const axios = require('axios');
 const router = express.Router();

server/routes/sabnzbd.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const axios = require('axios');
 const router = express.Router();

server/routes/sonarr.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const axios = require('axios');
 const router = express.Router();

server/utils/cache.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const { logToFile } = require('./logger');
 
 class MemoryCache {

server/utils/config.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Gordon Bolton. MIT License.
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const { logToFile } = require('./logger');
 
 // Validate that a configured service URL is well-formed and uses http(s).

server/utils/historyFetcher.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const axios = require('axios');
 const cache = require('./cache');
 const { getSonarrInstances, getRadarrInstances } = require('./config');

server/utils/loadSecrets.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Gordon Bolton. MIT License.
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 //
 // Docker secrets support: if an environment variable named FOO_FILE is set,
 // read its contents from the file at that path and expose it as FOO.

server/utils/logger.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const fs = require('fs');
 const path = require('path');
 

server/utils/poller.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Gordon Bolton. MIT License.
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const axios = require('axios');
 const cache = require('./cache');
 const { getTorrents } = require('./qbittorrent');

server/utils/qbittorrent.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const axios = require('axios');
 const { logToFile } = require('./logger');
 const { getQbittorrentInstances } = require('./config');
@@ -204,6 +205,7 @@ function mapTorrentToDownload(torrent) {
     category: torrent.category,
     tags: torrent.tags,
     savePath: torrent.content_path || torrent.save_path || null,
+    addedOn: torrent.added_on || null,
     qbittorrent: true
   };
 }

server/utils/sanitizeError.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Gordon Bolton. MIT License.
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 // Query-param secrets (SABnzbd apikey, generic token/password params)
 const QUERY_SECRET_PATTERN = /([?&](?:apikey|token|password|api_key|key|secret)=)[^&\s#]*/gi;
 // HTTP auth header values (X-Api-Key, X-MediaBrowser-Token, Authorization, X-Emby-Authorization)

server/utils/tokenStore.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Persistent token store backed by a JSON file.
  *

tests/integration/auth.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Integration tests for authentication routes.
  *

tests/integration/health.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Integration tests for health and readiness endpoints.
  *

tests/integration/history.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Integration tests for GET /api/history/recent
  *

tests/setup.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 import { vi, beforeEach, afterEach } from 'vitest';
 import os from 'os';
 import path from 'path';

tests/unit/config.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Tests for server/utils/config.js
  *

tests/unit/historyFetcher.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Unit tests for server/utils/historyFetcher.js
  *

tests/unit/qbittorrent.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Tests for server/utils/qbittorrent.js pure utility functions.
  *

tests/unit/requireAuth.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Tests for server/middleware/requireAuth.js
  *

tests/unit/sanitizeError.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Tests for server/utils/sanitizeError.js
  *

tests/unit/tokenStore.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Tests for server/utils/tokenStore.js
  *

tests/unit/verifyCsrf.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Tests for server/middleware/verifyCsrf.js
  *

vitest.config.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 import { defineConfig } from 'vitest/config';
 
 export default defineConfig({