Merge branch 'main' of https://git.i3omb.com/Gandalf/sofarr

Reviewed-on: #17

.gitea/workflows/licence-check.yml

@@ -7,16 +7,24 @@ on:
       - "package.json"
       - "package-lock.json"
       - ".gitea/workflows/licence-check.yml"
+      - "**/*.js"
+      - "**/*.ts"
+      - "**/*.jsx"
+      - "**/*.tsx"
   pull_request:
     branches: ["**", "!main", "!release/**"]
     paths:
       - "package.json"
       - "package-lock.json"
       - ".gitea/workflows/licence-check.yml"
+      - "**/*.js"
+      - "**/*.ts"
+      - "**/*.jsx"
+      - "**/*.tsx"
 
 jobs:
   licence-check:
-    name: Dependency licence compatibility
+    name: Licence compatibility and copyright header verification
     runs-on: ubuntu-latest
     continue-on-error: true
     steps:
@@ -36,3 +44,40 @@ jobs:
             --onlyAllow "MIT;ISC;MIT-0;BSD-2-Clause;BSD-3-Clause;Apache-2.0;CC0-1.0;BlueOak-1.0.0" \
             --excludePrivatePackages \
             && echo "All production dependency licences are compatible with MIT."
+
+      - name: Check copyright headers in source files
+        run: |
+          #!/bin/bash
+          set -e
+          
+          # Find all source files, excluding build artifacts and node_modules
+          SOURCE_FILES=$(find . -type f \( -name "*.js" -o -name "*.ts" -o -name "*.jsx" -o -name "*.tsx" \) \
+            ! -path "./node_modules/*" \
+            ! -path "./.git/*" \
+            ! -path "./dist/*" \
+            ! -path "./build/*" \
+            ! -path "./.gitea/*")
+          
+          MISSING_HEADER=0
+          
+          # Check each file for MIT-compliant copyright header
+          while IFS= read -r file; do
+            if [ -z "$file" ]; then
+              continue
+            fi
+            
+            # Check if file starts with a copyright header containing: Copyright, year (4 digits), name, and MIT License
+            if ! head -n 5 "$file" | grep -qiE "Copyright.*[0-9]{4}.*MIT"; then
+              echo "❌ Missing MIT-compliant copyright header in: $file"
+              echo "   Required format: // Copyright (c) YYYY Name. MIT License."
+              MISSING_HEADER=$((MISSING_HEADER + 1))
+            fi
+          done <<< "$SOURCE_FILES"
+          
+          if [ $MISSING_HEADER -gt 0 ]; then
+            echo ""
+            echo "⚠️  Found $MISSING_HEADER file(s) with missing or non-compliant copyright headers."
+            exit 1
+          else
+            echo "✅ All source files have MIT-compliant copyright headers."
+          fi

client/src/App.jsx

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 import { useState, useEffect } from 'react';
 import axios from 'axios';
 import './App.css';

client/src/main.jsx

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 import React from 'react'
 import ReactDOM from 'react-dom/client'
 import App from './App.jsx'

client/vite.config.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
 

public/app.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 let currentUser = null;
 let downloads = [];
 let isAdmin = false;

server/app.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Express application factory — imported by both server/index.js (production)
  * and the test suite. Keeping app creation separate from app.listen() means

server/index.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Gordon Bolton. MIT License.
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const path = require('path');
 const cookieParser = require('cookie-parser');

server/middleware/requireAuth.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 function requireAuth(req, res, next) {
   const signed = !!process.env.COOKIE_SECRET;
   const raw = signed ? req.signedCookies.emby_user : req.cookies.emby_user;

server/middleware/verifyCsrf.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * CSRF protection using the double-submit cookie pattern.
  *

server/routes/auth.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const axios = require('axios');
 const crypto = require('crypto');

server/routes/dashboard.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const router = express.Router();
 const requireAuth = require('../middleware/requireAuth');

server/routes/emby.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const axios = require('axios');
 const router = express.Router();

server/routes/history.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const router = express.Router();
 const axios = require('axios');

server/routes/radarr.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const axios = require('axios');
 const router = express.Router();

server/routes/sabnzbd.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const axios = require('axios');
 const router = express.Router();

server/routes/sonarr.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const express = require('express');
 const axios = require('axios');
 const router = express.Router();

server/utils/cache.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const { logToFile } = require('./logger');
 
 class MemoryCache {

server/utils/config.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Gordon Bolton. MIT License.
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const { logToFile } = require('./logger');
 
 // Validate that a configured service URL is well-formed and uses http(s).

server/utils/historyFetcher.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const axios = require('axios');
 const cache = require('./cache');
 const { getSonarrInstances, getRadarrInstances } = require('./config');

server/utils/loadSecrets.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Gordon Bolton. MIT License.
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 //
 // Docker secrets support: if an environment variable named FOO_FILE is set,
 // read its contents from the file at that path and expose it as FOO.

server/utils/logger.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const fs = require('fs');
 const path = require('path');
 

server/utils/poller.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Gordon Bolton. MIT License.
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const axios = require('axios');
 const cache = require('./cache');
 const { getTorrents } = require('./qbittorrent');

server/utils/qbittorrent.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 const axios = require('axios');
 const { logToFile } = require('./logger');
 const { getQbittorrentInstances } = require('./config');

server/utils/sanitizeError.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2025 Gordon Bolton. MIT License.
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 // Query-param secrets (SABnzbd apikey, generic token/password params)
 const QUERY_SECRET_PATTERN = /([?&](?:apikey|token|password|api_key|key|secret)=)[^&\s#]*/gi;
 // HTTP auth header values (X-Api-Key, X-MediaBrowser-Token, Authorization, X-Emby-Authorization)

server/utils/tokenStore.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Persistent token store backed by a JSON file.
  *

tests/integration/auth.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Integration tests for authentication routes.
  *

tests/integration/health.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Integration tests for health and readiness endpoints.
  *

tests/integration/history.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Integration tests for GET /api/history/recent
  *

tests/setup.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 import { vi, beforeEach, afterEach } from 'vitest';
 import os from 'os';
 import path from 'path';

tests/unit/config.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Tests for server/utils/config.js
  *

tests/unit/historyFetcher.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Unit tests for server/utils/historyFetcher.js
  *

tests/unit/qbittorrent.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Tests for server/utils/qbittorrent.js pure utility functions.
  *

tests/unit/requireAuth.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Tests for server/middleware/requireAuth.js
  *

tests/unit/sanitizeError.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Tests for server/utils/sanitizeError.js
  *

tests/unit/tokenStore.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Tests for server/utils/tokenStore.js
  *

tests/unit/verifyCsrf.test.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 /**
  * Tests for server/middleware/verifyCsrf.js
  *

vitest.config.js

@@ -1,3 +1,4 @@
+// Copyright (c) 2026 Gordon Bolton. MIT License.
 import { defineConfig } from 'vitest/config';
 
 export default defineConfig({