feat: add Gitea as webhook-based service provider

First webhook-based provider integration (Immich uses polling).
Gitea pushes events via POST /api/webhooks/gitea/{provider_id} with
HMAC-SHA256 signature validation.

- 9 event types: push, issue opened/closed/commented, PR opened/closed/merged/commented, release published
- Generic filters system on NotificationTracker (collections, senders, exclude_senders)
- Provider capabilities include supported_filters and webhook_based flag
- Gitea API client for connection testing and repository listing
- 18 default Jinja2 notification templates (EN + RU)
- Frontend: conditional provider forms, Gitea event toggles in tracking config
- Auto-migration for filters column and Gitea tracking flags

frontend/src/routes/providers/+page.svelte

@@ -21,7 +21,7 @@
 	let providers = $derived(providersCache.items);
 	let showForm = $state(false);
 	let editing = $state<number | null>(null);
-	let form = $state({ name: 'Immich', type: 'immich', url: '', api_key: '', external_domain: '', icon: '' });
+	let form = $state({ name: 'Immich', type: 'immich', url: '', api_key: '', api_token: '', webhook_secret: '', external_domain: '', icon: '' });
 	let error = $state('');
 	let loadError = $state('');
 	let submitting = $state(false);
@@ -48,12 +48,16 @@
 	}
 
 	function openNew() {
-		form = { name: 'Immich', type: 'immich', url: '', api_key: '', external_domain: '', icon: '' };
+		form = { name: 'Immich', type: 'immich', url: '', api_key: '', api_token: '', webhook_secret: '', external_domain: '', icon: '' };
 		editing = null; showForm = true;
 	}
 	function edit(p: any) {
 		const cfg = p.config || {};
-		form = { name: p.name, type: p.type, url: cfg.url || '', api_key: '', external_domain: cfg.external_domain || '', icon: p.icon || '' };
+		form = {
+			name: p.name, type: p.type, url: cfg.url || '',
+			api_key: '', api_token: '', webhook_secret: '',
+			external_domain: cfg.external_domain || '', icon: p.icon || '',
+		};
 		editing = p.id; showForm = true;
 	}
 
@@ -61,12 +65,21 @@
 		e.preventDefault(); error = ''; submitting = true;
 		try {
 			const config: any = { url: form.url };
-			if (form.api_key) config.api_key = form.api_key;
-			if (form.external_domain) config.external_domain = form.external_domain;
+			if (form.type === 'immich') {
+				if (form.api_key) config.api_key = form.api_key;
+				if (form.external_domain) config.external_domain = form.external_domain;
+				if (!editing) config.api_key = form.api_key;
+			} else if (form.type === 'gitea') {
+				if (form.api_token) config.api_token = form.api_token;
+				if (form.webhook_secret) config.webhook_secret = form.webhook_secret;
+				if (!editing && !form.webhook_secret) {
+					error = t('providers.webhookSecretRequired');
+					snackError(error); submitting = false; return;
+				}
+			}
 			if (editing) {
 				await api(`/providers/${editing}`, { method: 'PUT', body: JSON.stringify({ name: form.name, icon: form.icon, config }) });
 			} else {
-				config.api_key = form.api_key; // required on create
 				await api('/providers', { method: 'POST', body: JSON.stringify({ type: form.type, name: form.name, icon: form.icon, config }) });
 			}
 			showForm = false; editing = null; providersCache.invalidate(); await load();
@@ -129,8 +142,9 @@
 			</div>
 			<div>
 				<label for="prv-url" class="block text-sm font-medium mb-1">{t('providers.url')}</label>
-				<input id="prv-url" bind:value={form.url} required placeholder={t('providers.urlPlaceholder')} class="w-full px-3 py-2 border border-[var(--color-border)] rounded-md text-sm bg-[var(--color-background)]" />
+				<input id="prv-url" bind:value={form.url} required placeholder={form.type === 'gitea' ? 'https://gitea.example.com' : t('providers.urlPlaceholder')} class="w-full px-3 py-2 border border-[var(--color-border)] rounded-md text-sm bg-[var(--color-background)]" />
 			</div>
+			{#if form.type === 'immich'}
 			<div>
 				<label for="prv-key" class="block text-sm font-medium mb-1">{editing ? t('providers.apiKeyKeep') : t('providers.apiKey')}</label>
 				<input id="prv-key" bind:value={form.api_key} type="password" required={!editing} class="w-full px-3 py-2 border border-[var(--color-border)] rounded-md text-sm bg-[var(--color-background)]" />
@@ -139,6 +153,18 @@
 				<label for="prv-ext" class="block text-sm font-medium mb-1">{t('providers.externalDomain')} <span class="text-xs text-[var(--color-muted-foreground)]">({t('providers.optional')})</span></label>
 				<input id="prv-ext" bind:value={form.external_domain} placeholder="https://photos.example.com" class="w-full px-3 py-2 border border-[var(--color-border)] rounded-md text-sm bg-[var(--color-background)]" />
 			</div>
+			{:else if form.type === 'gitea'}
+			<div>
+				<label for="prv-secret" class="block text-sm font-medium mb-1">{editing ? t('providers.webhookSecretKeep') : t('providers.webhookSecret')}</label>
+				<input id="prv-secret" bind:value={form.webhook_secret} type="password" required={!editing} class="w-full px-3 py-2 border border-[var(--color-border)] rounded-md text-sm bg-[var(--color-background)]" />
+				<p class="text-xs text-[var(--color-muted-foreground)] mt-1">{t('providers.webhookSecretHint')}</p>
+			</div>
+			<div>
+				<label for="prv-token" class="block text-sm font-medium mb-1">{t('providers.apiToken')} <span class="text-xs text-[var(--color-muted-foreground)]">({t('providers.optional')})</span></label>
+				<input id="prv-token" bind:value={form.api_token} type="password" class="w-full px-3 py-2 border border-[var(--color-border)] rounded-md text-sm bg-[var(--color-background)]" />
+				<p class="text-xs text-[var(--color-muted-foreground)] mt-1">{t('providers.apiTokenHint')}</p>
+			</div>
+			{/if}
 			<button type="submit" disabled={submitting}
 				class="px-4 py-2 bg-[var(--color-primary)] text-[var(--color-primary-foreground)] rounded-md text-sm font-medium hover:opacity-90 disabled:opacity-50">
 				{submitting ? t('providers.connecting') : (editing ? t('common.save') : t('providers.addProvider'))}