Comprehensive review fixes: security, performance, code quality, and UI polish

Backend: Fix CORS wildcard+credentials, add secret key warning, remove raw API keys from sync endpoint, fix N+1 queries in watcher/sync, fix AttributeError on event_types, delete dead scheduled.py/templates.py, add limit cap on history, re-validate server on URL/key update, apply tracking/template config IDs in update_target. HA Integration: Replace datetime.now() with dt_util.now(), fix notification queue to only remove successfully sent items, use album UUID for entity unique IDs, add shared links dirty flag and users cache hourly refresh, deduplicate _is_quiet_hours, add HTTP timeouts, cache albums in config flow, change iot_class to local_polling. Frontend: Make i18n reactive via $state (remove window.location.reload), add Modal transitions/a11y/Escape key, create ConfirmModal replacing all confirm() calls, add error handling to all pages, replace Unicode nav icons with MDI SVGs, add card hover effects, dashboard stat icons, global focus-visible styles, form slide transitions, mobile responsive bottom nav, fix password error color, add ~20 i18n keys (EN/RU). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 18:34:31 +03:00
parent a04d5618d0
commit 381de98c40
39 changed files with 785 additions and 626 deletions
--- a/packages/server/src/immich_watcher_server/api/servers.py
+++ b/packages/server/src/immich_watcher_server/api/servers.py
@@ -104,10 +104,28 @@ async def update_server(
    server = await _get_user_server(session, server_id, user.id)
    if body.name is not None:
        server.name = body.name
+    url_changed = body.url is not None and body.url != server.url
+    key_changed = body.api_key is not None and body.api_key != server.api_key
    if body.url is not None:
        server.url = body.url
    if body.api_key is not None:
        server.api_key = body.api_key
+    # Re-validate and refresh external_domain when URL or API key changes
+    if url_changed or key_changed:
+        try:
+            async with aiohttp.ClientSession() as http_session:
+                client = ImmichClient(http_session, server.url, server.api_key)
+                if not await client.ping():
+                    raise HTTPException(
+                        status_code=status.HTTP_400_BAD_REQUEST,
+                        detail=f"Cannot connect to Immich server at {server.url}",
+                    )
+                server.external_domain = await client.get_server_config()
+        except aiohttp.ClientError as err:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=f"Connection error: {err}",
+            )
    session.add(server)
    await session.commit()
    await session.refresh(server)