alexei.dolgolyov/notify-bridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 31 Wiki Activity

refactor: comprehensive codebase review — security, performance, quality, UX

Browse Source 
Security:
- Fix NUT protocol command injection (validate names against safe regex)
- Enable Jinja2 autoescape=True to prevent HTML injection via external data
- Add WebhookProviderConfig validation model

Performance:
- Shared aiohttp.ClientSession singleton (replaces 40+ per-request sessions)
- Fix 4 N+1 queries with batch IN loads (poller, scheduler, memory, broadcast)
- asyncio.gather for Gitea commands and notification dispatcher
- Add DB indexes on NotificationTrackerState.tracker_id, CommandTrackerListener
- LRU cache for compiled Jinja2 templates
- Daily EventLog cleanup job (90-day retention)
- 30s HTTP timeout on all external calls
- GROUP BY for target type counts (replaces 7 sequential queries)

Code quality:
- Extract get_owned_entity() helper (replaces 11 duplicate functions)
- Extract slot_helpers.py (load_slots, save_slots, render_template_preview)
- Extract command_utils.py (tracker lookup, last event, collection IDs)
- Extract http_session.py (shared session lifecycle)
- Provider connection validation dedup (3x → 1 helper)
- Command dispatch tables replacing if/elif chains
- Album+links fetch helper (fetch_albums_with_links)
- Provider dispatch polymorphism (list_provider_collections)
- Immutable _enrich_assets (no longer mutates in-place)
- Fix _format_assets return type + handler unpacking

Frontend:
- Fix 18+ hardcoded English strings → t() with new i18n keys (en + ru)
- Mobile "More" nav panel with provider filter and search
- Shared Button.svelte component (4 variants, 2 sizes)
- Shared ErrorBanner.svelte component (8 pages updated)
- SvelteKit goto() replacing window.location.href
- Dashboard grid fixed for 4 cards, paginator opacity consistency

Functionality:
- max_instances=1 on scheduler jobs (prevents duplicate events)
- Webhook provider in watcher (prevents error spam)
- Fix stale SQLModel reference in poller
- Gitea get_repo() direct API call
This commit is contained in:
Admin
2026-03-28 13:22:26 +03:00
parent 616b221c92
commit b803d004e1
65 changed files with 1934 additions and 1498 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/server/src/notify_bridge_server/commands/immich/search.py
+11 -10
View File
@@ -9,14 +9,15 @@ from .common import _format_assets
def _enrich_assets(assets: list[dict[str, Any]], asset_public_urls: dict[str, str]) -> list[dict[str, Any]]:
"""Add public_url to assets from the pre-built map."""
"""Add public_url to assets from the pre-built map. Returns new list without mutating inputs."""
if not asset_public_urls:
return assets
for asset in assets:
aid = asset.get("id", "")
if aid and aid in asset_public_urls and not asset.get("public_url"):
asset["public_url"] = asset_public_urls[aid]
return assets
return [
{**asset, "public_url": asset_public_urls.get(asset.get("id", ""), "")}
if asset.get("id", "") in asset_public_urls and not asset.get("public_url")
else asset
for asset in assets
]
async def cmd_search(
@@ -24,7 +25,7 @@ async def cmd_search(
locale: str, response_mode: str,
cmd_templates: dict[str, dict[str, str]],
asset_public_urls: dict[str, str] | None = None,
) -> str | list[dict[str, Any]]:
) -> str | dict[str, Any]:
"""Handle /search command."""
if not args:
return _render_cmd_template(cmd_templates, "no_results", locale, {"command": "search", "query": ""})
@@ -38,7 +39,7 @@ async def cmd_find(
locale: str, response_mode: str,
cmd_templates: dict[str, dict[str, str]],
asset_public_urls: dict[str, str] | None = None,
) -> str | list[dict[str, Any]]:
) -> str | dict[str, Any]:
"""Handle /find command."""
if not args:
return _render_cmd_template(cmd_templates, "no_results", locale, {"command": "find", "query": ""})
@@ -52,7 +53,7 @@ async def cmd_person(
locale: str, response_mode: str,
cmd_templates: dict[str, dict[str, str]],
asset_public_urls: dict[str, str] | None = None,
) -> str | list[dict[str, Any]]:
) -> str | dict[str, Any]:
"""Handle /person command."""
if not args:
return _render_cmd_template(cmd_templates, "no_results", locale, {"command": "person", "query": ""})
@@ -74,7 +75,7 @@ async def cmd_place(
locale: str, response_mode: str,
cmd_templates: dict[str, dict[str, str]],
asset_public_urls: dict[str, str] | None = None,
) -> str | list[dict[str, Any]]:
) -> str | dict[str, Any]:
"""Handle /place command."""
if not args:
return _render_cmd_template(cmd_templates, "no_results", locale, {"command": "place", "query": ""})