alexei.dolgolyov
a7a2b4efa4
Backend
- Per-chat album scope for Immich commands (search/latest/memory/...): new
allowed_album_ids on CommandTrackerListener, threaded listener/page kwargs
through ProviderCommandHandler.handle; PATCH listener-scope endpoint.
- /search and /find accept a trailing page number; Immich client search_smart
/ search_metadata take a page param.
- Immich person-asset lookup switched from removed GET /api/people/{id}/assets
to POST /api/search/metadata with personIds (fixes /person command and
auto_organize rules silently returning zero candidates on Immich 1.106+).
- Auto_organize rule now sets the target album's thumbnail to the first added
image when missing (falls back to any asset type); failures do not fail the
rule. add_assets_to_album surfaces the Immich error body on non-2xx.
- EventLog.user_id / action_id / action_name columns with defensive migration
+ backfill. Status query filters by user_id directly; Immich/webhook paths
emit user_id explicitly. action_runner writes an action_success/partial/
failed event on each non-dry-run.
- Dashboard DELETE /api/status/events (scoped to user_id) + rendering live
tracker/provider/action names via FK join with snapshot fallback.
- PATCH /api/users/{id} for username/role change with last-admin guard.
- Deletion protection returns structured {message, entity, blocked_by}
(ApiError carries .blockedBy; frontend opens BlockedByModal).
- Backup prepare-restore → AppSetting markers + atomic write of
pending_restore.json; lifespan hook applies on next startup and archives
under data/applied_restores/. apply-restart sends SIGTERM so the lifespan
shutdown runs; NOTIFY_BRIDGE_SUPERVISED env override gates the button.
Manual POST /api/backup/files (same format as scheduled).
- New periodic-summary test path reuses shared collect_scheduled_assets
(limit=0) so test and future production code go through one primitive.
- Per-receiver locale for Telegram test messages (resolves
TelegramChat.language_override per chat instead of applying the first
receiver's locale to everyone).
- Bounded concurrency (semaphores) in NotificationDispatcher._preload_asset_data
and _refresh_telegram_chat_titles; chat title sweep extended to 24h since
save_chat_from_webhook covers active chats opportunistically.
- Telegram poller detects the \"webhook is active\" 409 and auto-calls
deleteWebhook for bots whose DB update_mode is polling (throttled per bot).
- TelegramClient.get_chat added (CLAUDE.md rule 6); set_album_thumbnail added.
- Seeds: rename \"Default Commands\" → \"Default Immich Commands\";
track_assets_removed default False.
Frontend
- Global provider selector visible when there is only one provider.
- Clear-events button + i18n + ConfirmModal on the dashboard; new icons/
labels/filters/colors for action_success / action_partial / action_failed.
- Auto-select first available tracking/template/command/config + bot on
create forms (trackers, command-trackers, targets, template/command
configs).
- Telegram target disable_url_preview defaults to true.
- BlockedByModal wired into 8 deletion flows; fetchAuth helper for
multipart/binary calls (reuses api()'s refresh + ApiError mapping).
- Immich tracker 'Checking links' parallelised (concurrency cap 6).
- Backup page: pending-restore banner + Apply-now / Apply-later modal,
restarting overlay polling /api/health, manual 'Create backup' button.
- Command-trackers listener row gets an 'Edit album scope' modal with
inherit/explicit multiselect.
- Users page: Edit user modal (username + role).
- parseDate helper for consistent UTC date rendering.
Migrations / schema
- event_log: + user_id, action_id, action_name (+ backfill user_id from
notification_tracker).
- command_tracker_listener: + allowed_album_ids.
190 lines
7.6 KiB
Python
190 lines
7.6 KiB
Python
"""Notify Bridge Server — FastAPI application entry point."""
|
|
|
|
import logging
|
|
from contextlib import asynccontextmanager
|
|
|
|
from fastapi import FastAPI
|
|
from fastapi.middleware.cors import CORSMiddleware
|
|
from slowapi import _rate_limit_exceeded_handler
|
|
from slowapi.errors import RateLimitExceeded
|
|
from slowapi.middleware import SlowAPIMiddleware
|
|
|
|
# Ensure app-level loggers are visible
|
|
logging.basicConfig(level=logging.INFO)
|
|
|
|
from .config import settings as _log_cfg
|
|
_log_level = logging.DEBUG if _log_cfg.debug else logging.INFO
|
|
logging.getLogger("notify_bridge_server").setLevel(_log_level)
|
|
logging.getLogger("notify_bridge_core").setLevel(_log_level)
|
|
|
|
from .database.engine import init_db
|
|
from .database.models import * # noqa: F401,F403 — ensure all models registered
|
|
|
|
from .auth.routes import router as auth_router
|
|
from .api.providers import router as providers_router
|
|
from .api.notification_trackers import router as notification_trackers_router
|
|
from .api.notification_tracker_targets import router as notification_tracker_targets_router
|
|
from .api.tracking_configs import router as tracking_configs_router
|
|
from .api.template_configs import router as template_configs_router
|
|
from .api.targets import router as targets_router
|
|
from .api.target_receivers import router as target_receivers_router
|
|
from .api.telegram_bots import router as telegram_bots_router
|
|
from .api.email_bots import router as email_bots_router
|
|
from .api.matrix_bots import router as matrix_bots_router
|
|
from .api.users import router as users_router
|
|
from .api.status import router as status_router
|
|
from .api.template_vars import router as template_vars_router
|
|
from .api.app_settings import router as app_settings_router
|
|
from .api.command_configs import router as command_configs_router
|
|
from .api.command_trackers import router as command_trackers_router
|
|
from .api.command_template_configs import router as command_template_configs_router
|
|
from .api.actions import router as actions_router
|
|
from .api.action_rules import router as action_rules_router
|
|
from .api.action_types import router as action_types_router
|
|
from .commands.webhook import router as webhook_router, set_webhook_secret
|
|
from .api.webhooks import router as webhooks_router
|
|
from .api.webhook_logs import router as webhook_logs_router
|
|
from .api.backup import router as backup_router
|
|
|
|
|
|
@asynccontextmanager
|
|
async def lifespan(app: FastAPI):
|
|
await init_db()
|
|
# Run data migrations (idempotent)
|
|
from .database.engine import get_engine
|
|
from .database.migrations import migrate_schema, migrate_tracker_targets, migrate_entity_refactor, migrate_template_slots, migrate_target_receivers, migrate_template_locale, migrate_receivers_from_config, migrate_command_slot_locale, migrate_notification_slot_locale, migrate_user_token_version
|
|
engine = get_engine()
|
|
await migrate_schema(engine)
|
|
await migrate_tracker_targets(engine)
|
|
await migrate_entity_refactor(engine)
|
|
await migrate_template_slots(engine)
|
|
await migrate_target_receivers(engine)
|
|
await migrate_template_locale(engine)
|
|
await migrate_receivers_from_config(engine)
|
|
await migrate_command_slot_locale(engine)
|
|
await migrate_notification_slot_locale(engine)
|
|
await migrate_user_token_version(engine)
|
|
from .database.seeds import seed_all
|
|
await seed_all()
|
|
# Apply any pending restore staged via /api/backup/prepare-restore
|
|
from .services.pending_restore import apply_pending_restore_if_any
|
|
await apply_pending_restore_if_any()
|
|
# Configure webhook secret from DB setting (falls back to env var)
|
|
from sqlmodel.ext.asyncio.session import AsyncSession as _AS
|
|
from .api.app_settings import get_setting as _get_setting
|
|
async with _AS(engine) as _session:
|
|
_secret = await _get_setting(_session, "telegram_webhook_secret")
|
|
set_webhook_secret(_secret or None)
|
|
from .services.scheduler import start_scheduler, get_scheduler
|
|
await start_scheduler()
|
|
yield
|
|
# Graceful shutdown
|
|
from .services.http_session import close_http_session
|
|
await close_http_session()
|
|
scheduler = get_scheduler()
|
|
if scheduler.running:
|
|
scheduler.shutdown()
|
|
|
|
|
|
app = FastAPI(title="Notify Bridge", version="0.1.0", lifespan=lifespan)
|
|
|
|
# --- Security headers ---
|
|
from starlette.middleware.base import BaseHTTPMiddleware
|
|
from starlette.requests import Request as StarletteRequest
|
|
from starlette.responses import Response as StarletteResponse
|
|
|
|
|
|
class SecurityHeadersMiddleware(BaseHTTPMiddleware):
|
|
async def dispatch(self, request: StarletteRequest, call_next):
|
|
response: StarletteResponse = await call_next(request)
|
|
response.headers["X-Content-Type-Options"] = "nosniff"
|
|
response.headers["X-Frame-Options"] = "DENY"
|
|
response.headers["X-XSS-Protection"] = "1; mode=block"
|
|
response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin"
|
|
return response
|
|
|
|
|
|
app.add_middleware(SecurityHeadersMiddleware)
|
|
|
|
# --- Rate limiting ---
|
|
from .auth.routes import limiter
|
|
app.state.limiter = limiter
|
|
app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
|
|
app.add_middleware(SlowAPIMiddleware)
|
|
|
|
# --- CORS ---
|
|
from .config import settings as _cfg
|
|
_origins = [o.strip() for o in _cfg.cors_allowed_origins.split(",") if o.strip()]
|
|
app.add_middleware(
|
|
CORSMiddleware,
|
|
allow_origins=_origins,
|
|
allow_credentials=True,
|
|
allow_methods=["*"],
|
|
allow_headers=["*"],
|
|
)
|
|
|
|
# Register routes — static paths before parameterized
|
|
app.include_router(auth_router)
|
|
app.include_router(template_vars_router)
|
|
app.include_router(providers_router)
|
|
app.include_router(notification_trackers_router)
|
|
app.include_router(notification_tracker_targets_router)
|
|
app.include_router(tracking_configs_router)
|
|
app.include_router(template_configs_router)
|
|
app.include_router(targets_router)
|
|
app.include_router(target_receivers_router)
|
|
app.include_router(telegram_bots_router)
|
|
app.include_router(email_bots_router)
|
|
app.include_router(matrix_bots_router)
|
|
app.include_router(users_router)
|
|
app.include_router(status_router)
|
|
app.include_router(app_settings_router)
|
|
app.include_router(action_types_router)
|
|
app.include_router(action_rules_router)
|
|
app.include_router(actions_router)
|
|
app.include_router(command_configs_router)
|
|
app.include_router(command_trackers_router)
|
|
app.include_router(command_template_configs_router)
|
|
app.include_router(webhook_router)
|
|
app.include_router(webhooks_router)
|
|
app.include_router(webhook_logs_router)
|
|
app.include_router(backup_router)
|
|
|
|
|
|
@app.get("/api/health")
|
|
async def health():
|
|
return {"status": "ok"}
|
|
|
|
|
|
# --- Serve frontend static files (production) ---
|
|
# Must come AFTER all API routes so /api/* takes priority
|
|
from pathlib import Path
|
|
if _cfg.static_dir and Path(_cfg.static_dir).is_dir():
|
|
from fastapi.staticfiles import StaticFiles
|
|
from starlette.responses import FileResponse
|
|
from starlette.exceptions import HTTPException as StarletteHTTPException
|
|
|
|
_static_dir = Path(_cfg.static_dir)
|
|
|
|
class SPAStaticFiles(StaticFiles):
|
|
"""StaticFiles that falls back to index.html for SvelteKit client-side routes.
|
|
|
|
Unknown paths return index.html so that deep links like /settings
|
|
hydrate the SPA, while /api/* and real asset 404s behave normally.
|
|
"""
|
|
|
|
async def get_response(self, path: str, scope):
|
|
try:
|
|
return await super().get_response(path, scope)
|
|
except StarletteHTTPException as exc:
|
|
if exc.status_code == 404 and not path.startswith("api/"):
|
|
return FileResponse(_static_dir / "index.html")
|
|
raise
|
|
|
|
app.mount("/", SPAStaticFiles(directory=_cfg.static_dir, html=True), name="frontend")
|
|
|
|
|
|
def run():
|
|
import uvicorn
|
|
uvicorn.run(app, host=_cfg.host, port=_cfg.port)
|