notify-bridge

alexei.dolgolyov/notify-bridge

Fork 0

Commit Graph

Author	SHA1	Message	Date
alexei.dolgolyov	a7a2b4efa4	feat: large polish pass — UX fixes, per-chat scope, restore/backup, action events Backend - Per-chat album scope for Immich commands (search/latest/memory/...): new allowed_album_ids on CommandTrackerListener, threaded listener/page kwargs through ProviderCommandHandler.handle; PATCH listener-scope endpoint. - /search and /find accept a trailing page number; Immich client search_smart / search_metadata take a page param. - Immich person-asset lookup switched from removed GET /api/people/{id}/assets to POST /api/search/metadata with personIds (fixes /person command and auto_organize rules silently returning zero candidates on Immich 1.106+). - Auto_organize rule now sets the target album's thumbnail to the first added image when missing (falls back to any asset type); failures do not fail the rule. add_assets_to_album surfaces the Immich error body on non-2xx. - EventLog.user_id / action_id / action_name columns with defensive migration + backfill. Status query filters by user_id directly; Immich/webhook paths emit user_id explicitly. action_runner writes an action_success/partial/ failed event on each non-dry-run. - Dashboard DELETE /api/status/events (scoped to user_id) + rendering live tracker/provider/action names via FK join with snapshot fallback. - PATCH /api/users/{id} for username/role change with last-admin guard. - Deletion protection returns structured {message, entity, blocked_by} (ApiError carries .blockedBy; frontend opens BlockedByModal). - Backup prepare-restore → AppSetting markers + atomic write of pending_restore.json; lifespan hook applies on next startup and archives under data/applied_restores/. apply-restart sends SIGTERM so the lifespan shutdown runs; NOTIFY_BRIDGE_SUPERVISED env override gates the button. Manual POST /api/backup/files (same format as scheduled). - New periodic-summary test path reuses shared collect_scheduled_assets (limit=0) so test and future production code go through one primitive. - Per-receiver locale for Telegram test messages (resolves TelegramChat.language_override per chat instead of applying the first receiver's locale to everyone). - Bounded concurrency (semaphores) in NotificationDispatcher._preload_asset_data and _refresh_telegram_chat_titles; chat title sweep extended to 24h since save_chat_from_webhook covers active chats opportunistically. - Telegram poller detects the \"webhook is active\" 409 and auto-calls deleteWebhook for bots whose DB update_mode is polling (throttled per bot). - TelegramClient.get_chat added (CLAUDE.md rule 6); set_album_thumbnail added. - Seeds: rename \"Default Commands\" → \"Default Immich Commands\"; track_assets_removed default False. Frontend - Global provider selector visible when there is only one provider. - Clear-events button + i18n + ConfirmModal on the dashboard; new icons/ labels/filters/colors for action_success / action_partial / action_failed. - Auto-select first available tracking/template/command/config + bot on create forms (trackers, command-trackers, targets, template/command configs). - Telegram target disable_url_preview defaults to true. - BlockedByModal wired into 8 deletion flows; fetchAuth helper for multipart/binary calls (reuses api()'s refresh + ApiError mapping). - Immich tracker 'Checking links' parallelised (concurrency cap 6). - Backup page: pending-restore banner + Apply-now / Apply-later modal, restarting overlay polling /api/health, manual 'Create backup' button. - Command-trackers listener row gets an 'Edit album scope' modal with inherit/explicit multiselect. - Users page: Edit user modal (username + role). - parseDate helper for consistent UTC date rendering. Migrations / schema - event_log: + user_id, action_id, action_name (+ backfill user_id from notification_tracker). - command_tracker_listener: + allowed_album_ids.	2026-04-22 01:13:11 +03:00
alexei.dolgolyov	e0bae394ee	feat: comprehensive code review fixes — security, performance, quality Backend security: - Reject Gitea webhooks when webhook_secret is empty (was silently skipping) - Add slowapi rate limiting on login (5/min) and setup (3/min) endpoints - Add CORS middleware with configurable origins - Mask telegram_webhook_secret in settings API response - Protect system-owned command template configs from regular user modification - Increase minimum password length to 8 characters Backend performance: - Batch queries in _resolve_command_context (3 queries instead of 3N) - Concurrent album fetching with asyncio.gather in immich commands - Singleton Jinja2 SandboxedEnvironment (reuse instead of per-render creation) - TTLCache for rate limits (bounded memory, auto-eviction) - Optional aiohttp session reuse in send_reply/send_media_group Backend code quality: - Extract dispatch_helpers.py (shared link_data loading + event filtering) - Extract database/seeds.py from main.py (490 lines → dedicated module) - Split immich_handler.py (415 lines) into commands/immich/ subpackage - Replace bare except blocks with logged warnings - Add per-provider config validation (Pydantic models) - Truncate command input to 512 chars - Expose usage_* and desc_* slots in capabilities and variables API Frontend security: - CSS.escape() for user-controlled querySelector in highlight.ts - Client-side password min 8 chars validation on setup and password change Frontend code quality: - Replace any types with proper interfaces across top files - Decompose targets/+page.svelte into TargetForm + ReceiverSection - Fix $derived.by usage, $state mutation patterns - Add console.warn to empty catch blocks Frontend UX: - Auth redirect via goto() with "Redirecting..." state - Platform-aware Ctrl/Cmd K keyboard hint - Remove stat-card hover transform Frontend accessibility: - Modal: role=dialog, aria-modal, focus trap, restore focus - EntitySelect/IconGridSelect: listbox/option roles, aria-selected/disabled	2026-03-23 01:59:51 +03:00

Author

SHA1

Message

Date

alexei.dolgolyov

a7a2b4efa4

feat: large polish pass — UX fixes, per-chat scope, restore/backup, action events

Backend
- Per-chat album scope for Immich commands (search/latest/memory/...): new
  allowed_album_ids on CommandTrackerListener, threaded listener/page kwargs
  through ProviderCommandHandler.handle; PATCH listener-scope endpoint.
- /search and /find accept a trailing page number; Immich client search_smart
  / search_metadata take a page param.
- Immich person-asset lookup switched from removed GET /api/people/{id}/assets
  to POST /api/search/metadata with personIds (fixes /person command and
  auto_organize rules silently returning zero candidates on Immich 1.106+).
- Auto_organize rule now sets the target album's thumbnail to the first added
  image when missing (falls back to any asset type); failures do not fail the
  rule. add_assets_to_album surfaces the Immich error body on non-2xx.
- EventLog.user_id / action_id / action_name columns with defensive migration
  + backfill. Status query filters by user_id directly; Immich/webhook paths
  emit user_id explicitly. action_runner writes an action_success/partial/
  failed event on each non-dry-run.
- Dashboard DELETE /api/status/events (scoped to user_id) + rendering live
  tracker/provider/action names via FK join with snapshot fallback.
- PATCH /api/users/{id} for username/role change with last-admin guard.
- Deletion protection returns structured {message, entity, blocked_by}
  (ApiError carries .blockedBy; frontend opens BlockedByModal).
- Backup prepare-restore → AppSetting markers + atomic write of
  pending_restore.json; lifespan hook applies on next startup and archives
  under data/applied_restores/. apply-restart sends SIGTERM so the lifespan
  shutdown runs; NOTIFY_BRIDGE_SUPERVISED env override gates the button.
  Manual POST /api/backup/files (same format as scheduled).
- New periodic-summary test path reuses shared collect_scheduled_assets
  (limit=0) so test and future production code go through one primitive.
- Per-receiver locale for Telegram test messages (resolves
  TelegramChat.language_override per chat instead of applying the first
  receiver's locale to everyone).
- Bounded concurrency (semaphores) in NotificationDispatcher._preload_asset_data
  and _refresh_telegram_chat_titles; chat title sweep extended to 24h since
  save_chat_from_webhook covers active chats opportunistically.
- Telegram poller detects the \"webhook is active\" 409 and auto-calls
  deleteWebhook for bots whose DB update_mode is polling (throttled per bot).
- TelegramClient.get_chat added (CLAUDE.md rule 6); set_album_thumbnail added.
- Seeds: rename \"Default Commands\" → \"Default Immich Commands\";
  track_assets_removed default False.

Frontend
- Global provider selector visible when there is only one provider.
- Clear-events button + i18n + ConfirmModal on the dashboard; new icons/
  labels/filters/colors for action_success / action_partial / action_failed.
- Auto-select first available tracking/template/command/config + bot on
  create forms (trackers, command-trackers, targets, template/command
  configs).
- Telegram target disable_url_preview defaults to true.
- BlockedByModal wired into 8 deletion flows; fetchAuth helper for
  multipart/binary calls (reuses api()'s refresh + ApiError mapping).
- Immich tracker 'Checking links' parallelised (concurrency cap 6).
- Backup page: pending-restore banner + Apply-now / Apply-later modal,
  restarting overlay polling /api/health, manual 'Create backup' button.
- Command-trackers listener row gets an 'Edit album scope' modal with
  inherit/explicit multiselect.
- Users page: Edit user modal (username + role).
- parseDate helper for consistent UTC date rendering.

Migrations / schema
- event_log: + user_id, action_id, action_name (+ backfill user_id from
  notification_tracker).
- command_tracker_listener: + allowed_album_ids.

2026-04-22 01:13:11 +03:00

alexei.dolgolyov

e0bae394ee

feat: comprehensive code review fixes — security, performance, quality

Backend security:
- Reject Gitea webhooks when webhook_secret is empty (was silently skipping)
- Add slowapi rate limiting on login (5/min) and setup (3/min) endpoints
- Add CORS middleware with configurable origins
- Mask telegram_webhook_secret in settings API response
- Protect system-owned command template configs from regular user modification
- Increase minimum password length to 8 characters

Backend performance:
- Batch queries in _resolve_command_context (3 queries instead of 3N)
- Concurrent album fetching with asyncio.gather in immich commands
- Singleton Jinja2 SandboxedEnvironment (reuse instead of per-render creation)
- TTLCache for rate limits (bounded memory, auto-eviction)
- Optional aiohttp session reuse in send_reply/send_media_group

Backend code quality:
- Extract dispatch_helpers.py (shared link_data loading + event filtering)
- Extract database/seeds.py from main.py (490 lines → dedicated module)
- Split immich_handler.py (415 lines) into commands/immich/ subpackage
- Replace bare except blocks with logged warnings
- Add per-provider config validation (Pydantic models)
- Truncate command input to 512 chars
- Expose usage_* and desc_* slots in capabilities and variables API

Frontend security:
- CSS.escape() for user-controlled querySelector in highlight.ts
- Client-side password min 8 chars validation on setup and password change

Frontend code quality:
- Replace any types with proper interfaces across top files
- Decompose targets/+page.svelte into TargetForm + ReceiverSection
- Fix $derived.by usage, $state mutation patterns
- Add console.warn to empty catch blocks

Frontend UX:
- Auth redirect via goto() with "Redirecting..." state
- Platform-aware Ctrl/Cmd K keyboard hint
- Remove stat-card hover transform

Frontend accessibility:
- Modal: role=dialog, aria-modal, focus trap, restore focus
- EntitySelect/IconGridSelect: listbox/option roles, aria-selected/disabled

2026-03-23 01:59:51 +03:00

2 Commits