alexei.dolgolyov
10d30fc956
Comprehensive multi-area pass driven by a parallel 8-agent production
review. Frontend, backend, database, security, performance, operational,
plus a new self-monitoring feature.
## Critical fixes
- Planka webhook: reads bounded raw body (was NameError on every call)
- HA quiet hours: ha_state_changed/automation_triggered/service_called/
event_fired added to deferrable set (were silently dropped)
- DNS-rebinding SSRF: PinnedResolver wired into shared aiohttp session
- Telegram inbound webhook: secret now mandatory (401 without)
- Generic webhook: auth_mode="none" requires explicit
acknowledge_unauthenticated=true; per-IP rate limit 60/min
- svelte-check: 5 null-narrowing errors in EventDetailModal fixed
- Provider hardcoding: Immich-only block extracted to descriptor
featureDiscoveryHint
- command_sync: snapshot+expunge bot before exiting AsyncSession
## Bug fixes
- notifier asyncio.gather(return_exceptions=True) — one bad chat no longer
cancels peer sends
- NotificationDispatcher hoisted out of per-tracker loop
- Provider credential resolution unified across all 5 dispatch sites
- HA asyncio.shield now drains inner task on cancellation
- Provider construction switched from if/elif ladder to factory registry
- NUT first poll seeds silently (no spurious ups_on_battery)
- Quiet-hours gate: event-type-disabled now wins over deferral
- APScheduler drain job ID resolution upgraded to seconds
- HA on_status_change wired through to EventLog
- Webhook payload rollback failures now logged (not swallowed)
- Batched receivers/chats/bots in load_link_data (was per-target N+1)
- flag_modified on JSON column reassignments in deferred_dispatch
## Database
- UNIQUE indexes on service_provider.webhook_token,
telegram_bot.webhook_path_id, partial UNIQUE on telegram_bot.bot_id,
telegram_chat(bot_id, chat_id), notification_tracker_target unique link,
partial UNIQUE on bridge_self provider per user
- Composite ix_event_log_user_event_type_created index
- save_chat_from_webhook switched to ON CONFLICT DO UPDATE
- ondelete=CASCADE on user-id FKs (model annotation; app-side cascade
delete added for existing data)
- delete_notification_tracker converted from N+1 to bulk DELETE/UPDATE
- Module-level asyncio.Lock replaced with lazy _get_lock() pattern
- VACUUM INTO snapshot now PRAGMA integrity_check verified
## Performance
- Jinja2 template compilation LRU cached (lru_cache maxsize=512)
- Per-locale render cache in NotificationDispatcher (skips re-rendering
identical content for receivers sharing a locale)
- Tracker list cached per provider_id with 5s TTL + explicit invalidation
on tracker CRUD (relieves HA chat-bus rate query pressure)
- Nav-counts collapsed from 16 round-trips to single UNION ALL
- HA event_log: skip persisting empty assets_added/removed events
## Security hardening
- Mass-assignment guard on Action create/update; cron sub-minute reject
- Backup JSON depth/node-count cap (depth ≤ 10, nodes ≤ 100k)
- _sanitize_config extended to all JSON-typed fields on backup import
- Telegram _safe_get walks redirects manually with SSRF revalidation
- Bcrypt 72-byte password length cap with clear 422
- Webhook payload body redaction; sensitive substring set extended with
oauth/client_secret/webhook_secret/csrf in both header filter and
template extras filter
## Frontend
- 76 catch (err: any) sites converted to errMsg(err) helper
- globalProviderFilter: pure getter; reconciliation moved to one-time
$effect in +layout
- Provider-filter binding: removed paired $effects + _syncingFilter flag,
now one-way derived
- entity-cache: separate _refreshing flag for background re-fetches
- api.ts 401 handling: AuthRedirectError class + dedup _redirecting flag,
goto() instead of window.location.href
- a11y: aria-expanded on mobile More, role=switch + aria-checked on
Telegram bot toggles
## Tests & operations
- CI pytest gate added to .gitea/workflows/build.yml + release.yml
(wheel-built install to dodge editable-install slowness)
- /api/ready upgraded to deep healthcheck (db SELECT 1, scheduler.running,
HA supervisor presence) returning {ready, checks, errors, version}
- /api/metrics endpoint with prometheus_client (deferred_pending,
event_log_total, dispatch_duration, poll_failures, send_failures)
- New OPERATIONS.md covering deploy, healthchecks, metrics, backup/restore
procedures, log handling, common scenarios, upgrade flow
- New tests: test_bridge_self (11), test_gitea_parser (9),
test_planka_parser (6), test_immich_change_detector (6),
test_backup_roundtrip (1)
## New feature: bridge self-monitoring
- New bridge_self provider type — internal sink for bridge health events
- Three event types: bridge_self_poll_failures (consecutive tracker poll
failures), bridge_self_deferred_backlog (pending count crosses
threshold), bridge_self_target_failures (consecutive 5xx/network
failures per target)
- Per-user thresholds (defaults: 3 / 100 / 5) configurable via the
provider config form
- Auto-seeded on user create + /setup + boot backfill for existing users
- Anti-spam: counters reset after emission; backlog uses transition latch
- Self-loop guard: bridge_self failures don't count toward target-failure
thresholds (logged only) — wire to your own Telegram/Email/Matrix to
get notified when polls/dispatches/sends fail
- 6 default templates (3 events × 2 locales), tracking config columns
with backfill migration, frontend descriptor (excluded from "create
provider" wizard since auto-managed)
Operator-visible behavior changes (call out in release notes):
- NOTIFY_BRIDGE_TELEGRAM_WEBHOOK_SECRET now REQUIRED for webhook mode
- Existing webhook providers with auth_mode="none" need explicit opt-in
- Generic webhook endpoint rate-limited 60/min per source IP
- HA disconnect/reconnect writes ha_status_* EventLog rows
- Every user gets a bridge_self provider — wire it to a target to
receive failure alerts
Pre-existing test failures (test_ssrf, test_release_provider) on
Python 3.13 are unrelated; CI runs on 3.12.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
250 lines
8.3 KiB
Python
250 lines
8.3 KiB
Python
"""Unit tests for the Gitea webhook parser.
|
|
|
|
Pure-function tests against ``parse_webhook`` using realistic Gitea
|
|
payloads (trimmed to the fields the parser actually consumes). No DB or
|
|
HTTP fixtures needed.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from notify_bridge_core.models.events import EventType
|
|
from notify_bridge_core.providers.base import ServiceProviderType
|
|
from notify_bridge_core.providers.gitea.event_parser import parse_webhook
|
|
|
|
|
|
def _repo() -> dict:
|
|
return {
|
|
"id": 42,
|
|
"name": "demo",
|
|
"full_name": "alexei/demo",
|
|
"html_url": "https://git.example.com/alexei/demo",
|
|
"description": "Demo repo",
|
|
"private": False,
|
|
"owner": {
|
|
"id": 1,
|
|
"login": "alexei",
|
|
"full_name": "Alexei",
|
|
"email": "alexei@example.com",
|
|
"avatar_url": "https://git.example.com/avatars/1",
|
|
},
|
|
}
|
|
|
|
|
|
def _sender() -> dict:
|
|
return {
|
|
"id": 1,
|
|
"login": "alexei",
|
|
"full_name": "Alexei",
|
|
"avatar_url": "https://git.example.com/avatars/1",
|
|
}
|
|
|
|
|
|
def test_push_event() -> None:
|
|
payload = {
|
|
"ref": "refs/heads/master",
|
|
"before": "0000000000000000000000000000000000000000",
|
|
"after": "abcdef0123456789abcdef0123456789abcdef01",
|
|
"compare_url": "https://git.example.com/alexei/demo/compare/000...abc",
|
|
"commits": [
|
|
{
|
|
"id": "abcdef0123456789abcdef0123456789abcdef01",
|
|
"message": "feat: initial commit\n\nMore detail.",
|
|
"url": "https://git.example.com/alexei/demo/commit/abcdef0",
|
|
"author": {
|
|
"name": "Alexei",
|
|
"email": "alexei@example.com",
|
|
"username": "alexei",
|
|
},
|
|
"timestamp": "2026-05-16T10:00:00Z",
|
|
},
|
|
{
|
|
"id": "1234567890123456789012345678901234567890",
|
|
"message": "chore: tweak",
|
|
"url": "https://git.example.com/alexei/demo/commit/1234567",
|
|
"author": {"name": "Alexei", "email": "alexei@example.com"},
|
|
"timestamp": "2026-05-16T10:05:00Z",
|
|
},
|
|
],
|
|
"repository": _repo(),
|
|
"sender": _sender(),
|
|
}
|
|
|
|
evt = parse_webhook("push", payload, provider_name="gitea-prod")
|
|
assert evt is not None
|
|
assert evt.event_type is EventType.PUSH
|
|
assert evt.provider_type is ServiceProviderType.GITEA
|
|
assert evt.collection_id == "alexei/demo"
|
|
assert evt.collection_name == "alexei/demo"
|
|
assert evt.extra["ref"] == "refs/heads/master"
|
|
assert evt.extra["branch"] == "master"
|
|
assert evt.extra["commit_count"] == 2
|
|
assert evt.extra["commits"][0]["short_id"] == "abcdef0"
|
|
# The first commit's multi-line body must be preserved (.strip handles
|
|
# trailing newlines but should keep the inner '\n').
|
|
assert "feat: initial commit" in evt.extra["commits"][0]["message"]
|
|
|
|
|
|
def test_issue_opened() -> None:
|
|
payload = {
|
|
"action": "opened",
|
|
"issue": {
|
|
"id": 100,
|
|
"number": 7,
|
|
"title": "Bug: thing broken",
|
|
"html_url": "https://git.example.com/alexei/demo/issues/7",
|
|
"state": "open",
|
|
"body": "Steps to reproduce...",
|
|
"labels": [{"name": "bug"}, {"name": "p1"}],
|
|
},
|
|
"repository": _repo(),
|
|
"sender": _sender(),
|
|
}
|
|
evt = parse_webhook("issues", payload, provider_name="gitea-prod")
|
|
assert evt is not None
|
|
assert evt.event_type is EventType.ISSUE_OPENED
|
|
assert evt.collection_id == "alexei/demo"
|
|
assert evt.extra["issue_number"] == 7
|
|
assert evt.extra["issue_title"] == "Bug: thing broken"
|
|
assert evt.extra["issue_labels"] == ["bug", "p1"]
|
|
|
|
|
|
def test_issue_closed() -> None:
|
|
payload = {
|
|
"action": "closed",
|
|
"issue": {
|
|
"id": 100,
|
|
"number": 7,
|
|
"title": "Bug: thing broken",
|
|
"html_url": "https://git.example.com/alexei/demo/issues/7",
|
|
"state": "closed",
|
|
"body": "",
|
|
"labels": [],
|
|
},
|
|
"repository": _repo(),
|
|
"sender": _sender(),
|
|
}
|
|
evt = parse_webhook("issues", payload, provider_name="gitea-prod")
|
|
assert evt is not None
|
|
assert evt.event_type is EventType.ISSUE_CLOSED
|
|
assert evt.extra["issue_state"] == "closed"
|
|
|
|
|
|
def test_pr_opened() -> None:
|
|
payload = {
|
|
"action": "opened",
|
|
"pull_request": {
|
|
"id": 200,
|
|
"number": 12,
|
|
"title": "Add metrics endpoint",
|
|
"html_url": "https://git.example.com/alexei/demo/pulls/12",
|
|
"state": "open",
|
|
"body": "PR body",
|
|
"merged": False,
|
|
"base": {"ref": "master", "label": "alexei:master"},
|
|
"head": {"ref": "feat/metrics", "label": "alexei:feat/metrics"},
|
|
"labels": [{"name": "enhancement"}],
|
|
},
|
|
"repository": _repo(),
|
|
"sender": _sender(),
|
|
}
|
|
evt = parse_webhook("pull_request", payload, provider_name="gitea-prod")
|
|
assert evt is not None
|
|
assert evt.event_type is EventType.PR_OPENED
|
|
assert evt.extra["pr_number"] == 12
|
|
assert evt.extra["pr_merged"] is False
|
|
assert evt.extra["pr_base"] == "alexei:master"
|
|
assert evt.extra["pr_head"] == "alexei:feat/metrics"
|
|
|
|
|
|
def test_pr_merged_resolves_from_closed_with_merged_flag() -> None:
|
|
"""A 'closed' action with merged=True is the merge signal — Gitea does
|
|
not send a distinct event header for it, so the parser must promote
|
|
PR_CLOSED -> PR_MERGED on its own."""
|
|
payload = {
|
|
"action": "closed",
|
|
"pull_request": {
|
|
"id": 200,
|
|
"number": 12,
|
|
"title": "Add metrics endpoint",
|
|
"html_url": "https://git.example.com/alexei/demo/pulls/12",
|
|
"state": "closed",
|
|
"body": "",
|
|
"merged": True,
|
|
"base": {"ref": "master"},
|
|
"head": {"ref": "feat/metrics"},
|
|
"labels": [],
|
|
},
|
|
"repository": _repo(),
|
|
"sender": _sender(),
|
|
}
|
|
evt = parse_webhook("pull_request", payload, provider_name="gitea-prod")
|
|
assert evt is not None
|
|
assert evt.event_type is EventType.PR_MERGED
|
|
assert evt.extra["pr_merged"] is True
|
|
|
|
|
|
def test_pr_closed_without_merge() -> None:
|
|
payload = {
|
|
"action": "closed",
|
|
"pull_request": {
|
|
"id": 200,
|
|
"number": 12,
|
|
"title": "Abandoned PR",
|
|
"html_url": "https://git.example.com/alexei/demo/pulls/12",
|
|
"state": "closed",
|
|
"body": "",
|
|
"merged": False,
|
|
"base": {"ref": "master"},
|
|
"head": {"ref": "feat/x"},
|
|
"labels": [],
|
|
},
|
|
"repository": _repo(),
|
|
"sender": _sender(),
|
|
}
|
|
evt = parse_webhook("pull_request", payload, provider_name="gitea-prod")
|
|
assert evt is not None
|
|
assert evt.event_type is EventType.PR_CLOSED
|
|
|
|
|
|
def test_release_published() -> None:
|
|
payload = {
|
|
"action": "published",
|
|
"release": {
|
|
"id": 9,
|
|
"tag_name": "v1.2.3",
|
|
"name": "Release v1.2.3",
|
|
"html_url": "https://git.example.com/alexei/demo/releases/tag/v1.2.3",
|
|
"body": "Bug fixes and improvements",
|
|
"draft": False,
|
|
"prerelease": False,
|
|
},
|
|
"repository": _repo(),
|
|
"sender": _sender(),
|
|
}
|
|
evt = parse_webhook("release", payload, provider_name="gitea-prod")
|
|
assert evt is not None
|
|
assert evt.event_type is EventType.RELEASE_PUBLISHED
|
|
assert evt.extra["release_tag"] == "v1.2.3"
|
|
assert evt.extra["release_prerelease"] is False
|
|
|
|
|
|
def test_release_non_published_is_ignored() -> None:
|
|
"""Only ``published`` releases should produce events — drafts and edits
|
|
are noise and would spam any tracker subscribed to release notifications."""
|
|
payload = {
|
|
"action": "edited",
|
|
"release": {
|
|
"id": 9, "tag_name": "v1.2.3", "name": "x",
|
|
"html_url": "", "body": "",
|
|
"draft": True, "prerelease": False,
|
|
},
|
|
"repository": _repo(),
|
|
"sender": _sender(),
|
|
}
|
|
assert parse_webhook("release", payload, provider_name="g") is None
|
|
|
|
|
|
def test_unknown_event_header_returns_none() -> None:
|
|
payload = {"repository": _repo(), "sender": _sender()}
|
|
assert parse_webhook("unknown_event", payload, provider_name="g") is None
|