merge branch 'develop' into 'main' - Release v1.7.10

.gitea/workflows/build-image.yml

@@ -23,17 +23,34 @@ jobs:
           if [[ "$BRANCH" == develop* ]]; then
             # Sanitise branch name for tag: replace slashes with dashes
             SAFE_BRANCH=$(echo "$BRANCH" | tr '/' '-')
-            echo "tags=reg.i3omb.com/sofarr:${SAFE_BRANCH}" >> $GITHUB_OUTPUT
+            TAGS="reg.i3omb.com/sofarr:${SAFE_BRANCH}"
-            echo "Building develop image ${SAFE_BRANCH} (version ${VERSION})"
+            TAGS="${TAGS},git.i3omb.com/gandalf/sofarr:${SAFE_BRANCH}"
+            echo "tags=${TAGS}" >> $GITHUB_OUTPUT
+            echo "Building develop image tags: ${TAGS}"
           else
             RELEASE_NAME=${BRANCH#release/}
+            
+            # Primary registry tags
             TAGS="reg.i3omb.com/sofarr:${VERSION}"
             TAGS="${TAGS},reg.i3omb.com/sofarr:${RELEASE_NAME}"
             TAGS="${TAGS},reg.i3omb.com/sofarr:latest"
+            
+            # Gitea package registry tags
+            TAGS="${TAGS},git.i3omb.com/gandalf/sofarr:${VERSION}"
+            TAGS="${TAGS},git.i3omb.com/gandalf/sofarr:${RELEASE_NAME}"
+            TAGS="${TAGS},git.i3omb.com/gandalf/sofarr:latest"
+            
             echo "tags=${TAGS}" >> $GITHUB_OUTPUT
-            echo "Building release image ${VERSION} from branch ${BRANCH}"
+            echo "Building release image tags: ${TAGS}"
           fi
 
+      - name: Log into Gitea Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.i3omb.com
+          username: ${{ github.actor }}
+          password: ${{ secrets.RELEASE_TOKEN }}
+
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
         with:

CHANGELOG.md

@@ -4,6 +4,40 @@ All notable changes to this project will be documented in this file.
 Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.7.10] - 2026-05-24
+
+### Fixed
+
+- **Ombi webhook race condition fix** — Introduced a 2000ms delay in the webhook background worker for Ombi events before fetching new requests. This resolves a race condition where Ombi triggers the webhook before its database has committed the new request, which previously caused the request to be missing from the subsequent API fetch. Resolves Gitea Issue [#42](https://git.i3omb.com/Gandalf/sofarr/issues/42).
+- **Ombi webhook statistics in status panel** — Integrated Ombi webhook metrics into the admin status panel. The backend now retrieves the Ombi webhook configuration status and aggregates its events received and polls skipped metrics. The frontend displays these metrics (consistently formatted as `O:<count>`) under the Webhooks status card.
+
+---
+
+## [1.7.9] - 2026-05-23
+
+### Fixed
+
+- **Ombi webhook PascalCase payload parsing (Re-release)** — Correctly packaged and released the Ombi webhook parsing logic to handle PascalCase property names (e.g., `NotificationType`, `RequestId`) sent by C#/.NET applications. This ensures standard Ombi webhook integrations function correctly. Resolves Gitea Issue [#42](https://git.i3omb.com/Gandalf/sofarr/issues/42).
+
+---
+
+## [1.7.8] - 2026-05-23
+
+### Fixed
+
+- **Ombi webhook PascalCase payload parsing** — Updated the Ombi webhook parsing logic to correctly handle payloads formatted with PascalCase property names (e.g. `NotificationType`, `RequestId`), which are often sent by C#/.NET applications. This ensures that new requests generated via Ombi's standard webhook integrations are correctly processed and displayed in the frontend dashboard. Resolves Gitea Issue [#42](https://git.i3omb.com/Gandalf/sofarr/issues/42).
+
+---
+
+## [1.7.7] - 2026-05-23
+
+### Fixed
+
+- **Ombi webhook NewRequest parsing support** — Added `'NewRequest'` to `VALID_EVENT_TYPES` and `OMBI_EVENTS` sets in `server/routes/webhook.js`. When a user submits a new media request in Ombi, the backend now successfully parses the webhook payload, bypasses the request cache, fetches the latest request list, and broadcasts it to all connected dashboard screens via SSE in real time. Previously, these webhook payloads were rejected with a `400 Bad Request` error. Resolves Gitea Issue [#42](https://git.i3omb.com/Gandalf/sofarr/issues/42).
+- **Ombi webhook integration tests** — Implemented a robust integration test suite in `tests/integration/webhook.test.js` validating `POST /api/webhook/ombi` payloads, secret keys, duplicate/replay protection, input checks, and cache refresh triggers.
+
+---
+
 ## [1.7.6] - 2026-05-23
 
 ### Fixed

client/src/ui/statusPanel.js

@@ -118,18 +118,22 @@ export function renderStatusPanel(data, panel) {
     const wh = data.webhooks;
     const sonarrEnabled = wh.sonarr?.enabled ? '●' : '○';
     const radarrEnabled = wh.radarr?.enabled ? '●' : '○';
+    const ombiEnabled = wh.ombi?.enabled ? '●' : '○';
     const sonarrEvents = wh.sonarr?.eventsReceived || 0;
     const radarrEvents = wh.radarr?.eventsReceived || 0;
+    const ombiEvents = wh.ombi?.eventsReceived || 0;
     const sonarrPolls = wh.sonarr?.pollsSkipped || 0;
     const radarrPolls = wh.radarr?.pollsSkipped || 0;
+    const ombiPolls = wh.ombi?.pollsSkipped || 0;
 
     html += `
       <div class="status-card">
         <div class="status-card-title">Webhooks</div>
         <div class="status-row"><span>Sonarr</span><span>${sonarrEnabled} ${wh.sonarr?.enabled ? 'Enabled' : 'Disabled'}</span></div>
         <div class="status-row"><span>Radarr</span><span>${radarrEnabled} ${wh.radarr?.enabled ? 'Enabled' : 'Disabled'}</span></div>
-        <div class="status-row status-row-sub"><span>Events</span><span>S:${sonarrEvents} R:${radarrEvents}</span></div>
+        <div class="status-row"><span>Ombi</span><span>${ombiEnabled} ${wh.ombi?.enabled ? 'Enabled' : 'Disabled'}</span></div>
-        <div class="status-row status-row-sub"><span>Polls skipped</span><span>S:${sonarrPolls} R:${radarrPolls}</span></div>
+        <div class="status-row status-row-sub"><span>Events</span><span>S:${sonarrEvents} R:${radarrEvents} O:${ombiEvents}</span></div>
+        <div class="status-row status-row-sub"><span>Polls skipped</span><span>S:${sonarrPolls} R:${radarrPolls} O:${ombiPolls}</span></div>
       </div>`;
   }
 

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "sofarr",
-  "version": "1.7.6",
+  "version": "1.7.10",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "sofarr",
-      "version": "1.7.6",
+      "version": "1.7.10",
       "license": "MIT",
       "dependencies": {
         "axios": "^1.6.0",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "sofarr",
-  "version": "1.7.6",
+  "version": "1.7.10",
   "description": "A personal media download dashboard that shows your downloads 'so far' while you relax on the sofa waiting for your *arr services to finish",
   "main": "server/index.js",
   "scripts": {

server/routes/status.js

@@ -4,9 +4,9 @@ const router = express.Router();
 const requireAuth = require('../middleware/requireAuth');
 const cache = require('../utils/cache');
 const { getLastPollTimings, POLLING_ENABLED } = require('../utils/poller');
-const { getSonarrInstances, getRadarrInstances } = require('../utils/config');
+const { getSonarrInstances, getRadarrInstances, getOmbiInstances } = require('../utils/config');
 const { getGlobalWebhookMetrics } = require('../utils/cache');
-const { checkWebhookConfigured, aggregateMetrics } = require('../services/WebhookStatus');
+const { checkWebhookConfigured, checkOmbiWebhookConfigured, aggregateMetrics } = require('../services/WebhookStatus');
 
 /**
  * @openapi
@@ -121,6 +121,7 @@ router.get('/', requireAuth, async (req, res) => {
     // Check webhook configuration for each service
     const sonarrInstances = getSonarrInstances();
     const radarrInstances = getRadarrInstances();
+    const ombiInstances = getOmbiInstances();
 
     const sonarrWebhookConfigured = sonarrInstances.length > 0
       ? await checkWebhookConfigured(sonarrInstances[0], 'Sonarr')
@@ -128,15 +129,21 @@ router.get('/', requireAuth, async (req, res) => {
     const radarrWebhookConfigured = radarrInstances.length > 0
       ? await checkWebhookConfigured(radarrInstances[0], 'Radarr')
       : false;
+    const ombiWebhookConfigured = ombiInstances.length > 0
+      ? await checkOmbiWebhookConfigured(ombiInstances[0])
+      : false;
 
-    // Find Sonarr and Radarr metrics from instances
+    // Find Sonarr, Radarr, and Ombi metrics from instances
     const sonarrMetrics = {};
     const radarrMetrics = {};
+    const ombiMetrics = {};
     for (const [url, metrics] of Object.entries(webhookMetrics.instances || {})) {
       if (url.includes('sonarr')) {
         sonarrMetrics[url] = metrics;
       } else if (url.includes('radarr')) {
         radarrMetrics[url] = metrics;
+      } else if (url.includes('ombi') || (ombiInstances.length > 0 && url === ombiInstances[0].url)) {
+        ombiMetrics[url] = metrics;
       }
     }
 
@@ -156,7 +163,8 @@ router.get('/', requireAuth, async (req, res) => {
       cache: cacheStats,
       webhooks: {
         sonarr: aggregateMetrics(sonarrMetrics, sonarrWebhookConfigured),
-        radarr: aggregateMetrics(radarrMetrics, radarrWebhookConfigured)
+        radarr: aggregateMetrics(radarrMetrics, radarrWebhookConfigured),
+        ombi: aggregateMetrics(ombiMetrics, ombiWebhookConfigured)
       }
     });
   } catch (err) {

server/routes/webhook.js

@@ -87,7 +87,7 @@ const VALID_EVENT_TYPES = new Set([
   'Rename', 'SeriesAdd', 'SeriesDelete', 'MovieAdd', 'MovieDelete',
   'MovieFileDelete', 'Health', 'ApplicationUpdate', 'HealthRestored',
   // Ombi notification types
-  'RequestAvailable', 'RequestApproved', 'RequestDeclined', 'RequestPending', 'RequestProcessing'
+  'NewRequest', 'RequestAvailable', 'RequestApproved', 'RequestDeclined', 'RequestPending', 'RequestProcessing'
 ]);
 
 // Replay protection — cache recently-seen (eventType+instanceName+timestamp) keys.
@@ -135,6 +135,7 @@ const HISTORY_EVENTS = new Set([
 
 // Ombi event types — all Ombi events refresh the requests cache
 const OMBI_EVENTS = new Set([
+  'NewRequest',
   'RequestAvailable',
   'RequestApproved',
   'RequestDeclined',
@@ -258,6 +259,8 @@ async function processWebhookEvent(serviceType, eventType) {
     const ombiInstances = getOmbiInstances();
 
     if (affectsOmbi) {
+      // Add a 2000ms delay to resolve the race condition where Ombi fires the webhook before committing to DB
+      await new Promise(r => setTimeout(r, 2000));
       const ombiRequests = await arrRetrieverRegistry.getOmbiRequests(true);
       cache.set('poll:ombi-requests', ombiRequests, CACHE_TTL);
       logToFile(`[Webhook] Refreshed poll:ombi-requests (${ombiRequests.movie?.length || 0} movies, ${ombiRequests.tv?.length || 0} TV shows)`);
@@ -716,9 +719,12 @@ router.post('/ombi', webhookLimiter, (req, res) => {
     return res.status(401).json({ error: 'Unauthorized' });
   }
 
-  // Ombi uses notificationType instead of eventType
+  // Ombi uses notificationType instead of eventType. Support PascalCase for .NET apps
-  const { notificationType, requestId, requestedUser, applicationUrl } = req.body;
+  const notificationType = req.body.notificationType || req.body.NotificationType;
-  const eventType = notificationType || req.body.eventType;
+  const requestId = req.body.requestId || req.body.RequestId;
+  const applicationUrl = req.body.applicationUrl || req.body.ApplicationUrl;
+  
+  const eventType = notificationType || req.body.eventType || req.body.EventType;
   
   // Extract username from requestedUser (handles both object and string formats)
   const username = extractRequestedUser(req.body);
@@ -731,7 +737,7 @@ router.post('/ombi', webhookLimiter, (req, res) => {
   // Use applicationUrl as instance identifier for replay protection
   const instanceName = applicationUrl || 'ombi';
   // Use requestId + eventType + current time as replay key
-  const eventDate = req.body.requestedDate || new Date().toISOString();
+  const eventDate = req.body.requestedDate || req.body.RequestedDate || new Date().toISOString();
 
   if (isReplay(eventType, instanceName, `${requestId}-${eventDate}`)) {
     logToFile(`[Webhook] Ombi duplicate event ignored: ${eventType} requestId=${requestId}`);

server/services/WebhookStatus.js

@@ -49,7 +49,26 @@ function aggregateMetrics(metricsMap, configured) {
   };
 }
 
+/**
+ * Check if Sofarr webhook is configured in an Ombi instance.
+ * @param {Object} instance - The Ombi instance config
+ * @returns {Promise<boolean>} true if webhook is configured
+ */
+async function checkOmbiWebhookConfigured(instance) {
+  try {
+    const response = await axios.get(`${instance.url}/api/v1/Settings/notifications/webhook`, {
+      headers: { 'ApiKey': instance.apiKey },
+      timeout: 5000
+    });
+    return !!(response.data && response.data.enabled);
+  } catch (err) {
+    console.log(`[WebhookStatus] Failed to check Ombi webhook config: ${err.message}`);
+    return false;
+  }
+}
+
 module.exports = {
   checkWebhookConfigured,
+  checkOmbiWebhookConfigured,
   aggregateMetrics
 };

server/utils/ombiHelpers.js

@@ -15,17 +15,19 @@
 function extractRequestedUser(request) {
   if (!request) return '';
   
+  const requestedUser = request.requestedUser || request.RequestedUser;
+  
   // Handle object format: OmbiStore.Entities.OmbiUser
-  if (request.requestedUser && typeof request.requestedUser === 'object') {
+  if (requestedUser && typeof requestedUser === 'object') {
     // Priority: alias > userAlias > userName > normalizedUserName > requestedByAlias
-    return request.requestedUser.alias || 
+    return requestedUser.alias || requestedUser.Alias ||
-           request.requestedUser.userAlias || 
+           requestedUser.userAlias || requestedUser.UserAlias ||
-           request.requestedUser.userName || 
+           requestedUser.userName || requestedUser.UserName ||
-           request.requestedUser.normalizedUserName || 
+           requestedUser.normalizedUserName || requestedUser.NormalizedUserName ||
-           request.requestedByAlias || '';
+           request.requestedByAlias || request.RequestedByAlias || '';
   }
   // Handle string format (fallback for compatibility)
-  return request.requestedUser || request.requestedByAlias || '';
+  return requestedUser || request.requestedByAlias || request.RequestedByAlias || '';
 }
 
 function filterRequestsByUser(requests, username, showAll) {

tests/integration/webhook.test.js

@@ -97,6 +97,9 @@ function makeApp() {
   process.env.RADARR_INSTANCES = JSON.stringify([
     { id: 'radarr-1', name: 'Main Radarr', url: 'https://radarr.test', apiKey: 'rk' }
   ]);
+  process.env.OMBI_INSTANCES = JSON.stringify([
+    { id: 'ombi-1', name: 'Main Ombi', url: 'https://ombi.test', apiKey: 'ok' }
+  ]);
   return createApp({ skipRateLimits: true });
 }
 
@@ -113,9 +116,10 @@ function postRadarr(app, payload, secret = VALID_SECRET) {
 }
 
 beforeEach(() => {
-  // Block outbound *arr calls made by processWebhookEvent (fire-and-forget)
+  // Block outbound *arr and Ombi calls made by processWebhookEvent (fire-and-forget)
   nock('https://sonarr.test').persist().get(/.*/).reply(200, { records: [] });
   nock('https://radarr.test').persist().get(/.*/).reply(200, { records: [] });
+  nock('https://ombi.test').persist().get(/.*/).reply(200, []);
 });
 
 afterEach(() => {
@@ -125,6 +129,7 @@ afterEach(() => {
   delete process.env.SOFARR_BASE_URL;
   delete process.env.SONARR_INSTANCES;
   delete process.env.RADARR_INSTANCES;
+  delete process.env.OMBI_INSTANCES;
 });
 
 // ---------------------------------------------------------------------------
@@ -518,3 +523,156 @@ describe('GET /api/webhook/config', () => {
     expect(res.body.missing).toHaveLength(2);
   });
 });
+
+// ---------------------------------------------------------------------------
+// Ombi webhook receiver
+// ---------------------------------------------------------------------------
+describe('POST /api/webhook/ombi', () => {
+  function postOmbi(app, payload, secret = VALID_SECRET) {
+    const req = request(app).post('/api/webhook/ombi').send(payload);
+    if (secret !== null) req.set('X-Sofarr-Webhook-Secret', secret);
+    return req;
+  }
+
+  it('returns 401 when X-Sofarr-Webhook-Secret header is missing', async () => {
+    const app = makeApp();
+    const res = await postOmbi(app, { notificationType: 'NewRequest', requestId: 1 }, null);
+    expect(res.status).toBe(401);
+    expect(res.body.error).toBe('Unauthorized');
+  });
+
+  it('returns 401 when X-Sofarr-Webhook-Secret header is wrong', async () => {
+    const app = makeApp();
+    const res = await postOmbi(app, { notificationType: 'NewRequest', requestId: 1 }, 'wrong-secret');
+    expect(res.status).toBe(401);
+    expect(res.body.error).toBe('Unauthorized');
+  });
+
+  it('returns 400 when notificationType is missing or invalid', async () => {
+    const app = makeApp();
+    const res = await postOmbi(app, { requestId: 1 });
+    expect(res.status).toBe(400);
+    expect(res.body.error).toBe('Invalid or missing notificationType');
+  });
+
+  it('returns 400 when notificationType is unknown', async () => {
+    const app = makeApp();
+    const res = await postOmbi(app, { notificationType: 'UnknownNotification', requestId: 1 });
+    expect(res.status).toBe(400);
+    expect(res.body.error).toBe('Invalid or missing notificationType');
+  });
+
+  it('returns 200 { received: true } for a valid NewRequest event', async () => {
+    const app = makeApp();
+    
+    // Nock requests endpoint since processWebhookEvent will fetch requests
+    nock('https://ombi.test')
+      .get('/api/v1/Request/movie')
+      .reply(200, []);
+    nock('https://ombi.test')
+      .get('/api/v1/Request/tv')
+      .reply(200, []);
+
+    const payload = {
+      notificationType: 'NewRequest',
+      requestId: 123,
+      requestedUser: 'gordon',
+      title: 'New Movie',
+      type: 'Movie',
+      requestStatus: 'Pending',
+      applicationUrl: 'https://ombi.test',
+      requestedDate: '2026-05-23T20:30:00.000Z'
+    };
+
+    const res = await postOmbi(app, payload);
+    expect(res.status).toBe(200);
+    expect(res.body.received).toBe(true);
+    expect(res.body.duplicate).toBeUndefined();
+  });
+
+  it('returns 200 { received: true } for a valid RequestAvailable event', async () => {
+    const app = makeApp();
+    
+    nock('https://ombi.test')
+      .get('/api/v1/Request/movie')
+      .reply(200, []);
+    nock('https://ombi.test')
+      .get('/api/v1/Request/tv')
+      .reply(200, []);
+
+    const payload = {
+      notificationType: 'RequestAvailable',
+      requestId: 124,
+      requestedUser: 'gordon',
+      title: 'Available Movie',
+      type: 'Movie',
+      requestStatus: 'Available',
+      applicationUrl: 'https://ombi.test',
+      requestedDate: '2026-05-23T20:31:00.000Z'
+    };
+
+    const res = await postOmbi(app, payload);
+    expect(res.status).toBe(200);
+    expect(res.body.received).toBe(true);
+  });
+
+  it('returns duplicate: true for a replay of the same event', async () => {
+    const app = makeApp();
+    
+    nock('https://ombi.test').persist()
+      .get('/api/v1/Request/movie')
+      .reply(200, []);
+    nock('https://ombi.test').persist()
+      .get('/api/v1/Request/tv')
+      .reply(200, []);
+
+    const payload = {
+      notificationType: 'NewRequest',
+      requestId: 125,
+      requestedUser: 'gordon',
+      title: 'New Movie',
+      type: 'Movie',
+      requestStatus: 'Pending',
+      applicationUrl: 'https://ombi.test',
+      requestedDate: '2026-05-23T20:32:00.000Z'
+    };
+
+    // First request
+    const res1 = await postOmbi(app, payload);
+    expect(res1.status).toBe(200);
+    expect(res1.body.duplicate).toBeUndefined();
+
+    // Replay
+    const res2 = await postOmbi(app, payload);
+    expect(res2.status).toBe(200);
+    expect(res2.body.duplicate).toBe(true);
+  });
+
+  it('returns 200 { received: true } for a valid NewRequest event with PascalCase payload', async () => {
+    const app = makeApp();
+    
+    nock('https://ombi.test')
+      .get('/api/v1/Request/movie')
+      .reply(200, []);
+    nock('https://ombi.test')
+      .get('/api/v1/Request/tv')
+      .reply(200, []);
+
+    const payload = {
+      NotificationType: 'NewRequest',
+      RequestId: 126,
+      RequestedUser: { UserName: 'gordon_pascal' },
+      Title: 'Pascal Movie',
+      Type: 'Movie',
+      RequestStatus: 'Pending',
+      ApplicationUrl: 'https://ombi.test',
+      RequestedDate: '2026-05-23T20:33:00.000Z'
+    };
+
+    const res = await postOmbi(app, payload);
+    expect(res.status).toBe(200);
+    expect(res.body.received).toBe(true);
+    expect(res.body.duplicate).toBeUndefined();
+  });
+});
+