* feat(auth): implement oidc
* refactor(auth): centralize OIDC state cookie handling
* fix(web): resolve unused error variables in route handlers
* docs(readme): add OIDC authentication feature to list
* fix(auth): improve OIDC cookie handling for reverse proxy setups
The OIDC state cookie's Secure flag is now properly set when running behind a reverse proxy by checking both direct TLS and X-Forwarded-Proto header. This fixes authentication issues in common setups where:
- autobrr runs behind a reverse proxy that terminates HTTPS
- local development environments without TLS
- mixed protocol environments (internal HTTP, external HTTPS)
* fix: use crypt/random if argon2id fails
* feat(auth): show both login options when user exists in db
if user doesn't exist, e.g. canOnboard=true then we only show the OIDC button, since regular login makes no sense in that case
If user does not exist in db and the user wants to create a local user, OIDC needs to be disabled first
* feat(auth): improve OIDC provider initialization with discovery logging
* revert(issuer): do not remove trailing slash
* feat(auth): improve OIDC username resolution with additional claims
* fix(auth): handle OIDC issuer URLs with and without trailing slashes
When initializing the OIDC provider, automatically retry with/without trailing
slash if the first attempt fails.
- First attempts with original issuer URL
- If fails with trailing slash, retries without
- If fails without trailing slash, retries with
* feat(oidc): add gorilla sessions store for secure state management
Add gorilla sessions store to handle encrypted state cookies in OIDC flow,
while removing redundant session validation checks
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* fix(auth): prevent duplicate OIDC state cookies for authenticated sessions
Modify OIDC config handler to check for existing authenticated sessions
before setting state cookie. Still returns OIDC enabled status to maintain
UI state, but prevents unnecessary cookie creation for authenticated users.
* feat(oidc): use random secret for temporary state cookies
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* feat(auth): add rate limiting to OIDC endpoints
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* fix(auth): validate OIDC authorization code presence in callback
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* fix(auth): properly handle OIDC session errors
Improve error handling in OIDC login flow by properly handling cookie store
session errors. Return HTTP 500 if session cannot be retrieved instead of
silently continuing with potentially invalid state.
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* feat(auth): track and display authentication method for oidc and password logins
* fix: tests
* docs(readme): add environment variable section
* go mod tidy
* chore: log style and errors
---------
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
Co-authored-by: ze0s <ze0s@riseup.net>
* feat(web): manage initial focus for force run modal
* refactor(web): manage initial focus for force run modal
* feat(web): manage initial focus on FilterAddForm.tsx
* feat(web): add theme toggle to navbar
* refactor: move OS theme detection to App.tsx
* fix: disallowed unused variables
* fix: removed unused variable
* refactor: check for os color scheme in SettingsContextDefaults
* refactor: remove unnecessary iconTheme variable
* fix: add title tag to button
* feat(releases): delete based on age/indexer/status
* fix: sanitize releaseStatuses
* swap to RMSC
* add AgeSelect component
* improve texts
* refactor: streamline form layout
* improve text
* remove a paragraph
* improved UX
explaining the options, better error handling
* reinstate red border
* fix: labels to match other similar labels for selects
- improved contrast for the word "required" in desc
- added red asterisk to required select
* minor text improvement to warning
* fix: delete-button vertical alignment
* feat: cleanup queries
* feat: cleanup delete
---------
Co-authored-by: ze0s <ze0s@riseup.net>
* fix(web): make tooltips clickable if touchscreen is present
* fix(web): handle visibility for click and touch
* fix(chore): add removed license header again
* feat(releases): show details in list view
* fix(releases): activitytable columns type
* fix(releases): incognito mode
* feat(releases): move details button
* do we wanna truncate?
* fix(web): release column width at full size
---------
Co-authored-by: martylukyy <35452459+martylukyy@users.noreply.github.com>
* feat(backend): added change password api endpoint.
* feat(web): added profile UI to change password.
I think we can change the username too, but I don't know if we should for now disabled the username field.
* refactor: don't leak username or password.
* refactor: protect the route.
* generic
* feat: add ChangeUsername
* fix(tests): speculative fix for TestUserRepo_Update
* Revert "feat: add ChangeUsername"
This reverts commit d4c1645002883a278aa45dec3c8c19fa1cc75d9b.
* refactor into 1 endpoint that handles both
* feat: added option to change username as well. :pain:
* refactor: frontend
* refactor: function names in backend
I think this makes it more clear what their function is
* fix: change to 2 cols with separator
* refactor: update user
* fix: test db create user
---------
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
Co-authored-by: soup <soup@r4tio.dev>
Co-authored-by: martylukyy <35452459+martylukyy@users.noreply.github.com>
Co-authored-by: ze0s <ze0s@riseup.net>
* feat: migrate to v5
* refactor: Revise error handling in QueryClient for compatibility with React Query v5
The `useErrorBoundary` option has been renamed to `throwOnError` and suspense have been removed: more on suspense more on suspense.
https://tanstack.com/query/v5/docs/react/guides/migrating-to-v5#new-hooks-for-suspense
* refactor: Callbacks on useQuery (and QueryObserver) have been removed
onSuccess, onError and onSettled have been removed from Queries. They haven't been touched for Mutations. Please see this https://github.com/TanStack/query/discussions/5279 for motivations behind this change and what to do instead.
* refactor: change to isPending, isLoading have been renamed for mutations.
Also, they are using object now:
- useQuery(key, fn, options)
+ useQuery({ queryKey, queryFn, ...options })
* refactor: change to placeHolderData.
Removed keepPreviousData in favor of placeholderData identity function
https://tanstack.com/query/v5/docs/react/guides/migrating-to-v5#removed-keeppreviousdata-in-favor-of-placeholderdata-identity-function
* fix: useSuspenseQuery instead of useQuery.
* fix(web): more useSuspenseQuery substitutions
* whoops - nobody saw that okay?
* fix pnpm lockfile
* fix pnpm lockfile again
---------
Co-authored-by: martylukyy <35452459+martylukyy@users.noreply.github.com>
Co-authored-by: soup <soup@r4tio.dev>
* feat(web): link stats to release table
- added Errored Pushes
- Made Recent Activity same color as Stats
* feat(releasetable): made links a separate row
https://i.imgur.com/ZoAOrXP.png
remove comment
* added LinkIcon to StatsItem
- Changed grid-cols to 2, as we now have 4 for narrow widths
* fix linting
* move some text modifier to parent element
* feat: add scale on hover with transition
deduplicated some classes
* adapt gap between StatsItems for mobile
remove border and title on stats divs
---------
Co-authored-by: Fabricio Silva <hi@fabricio.dev>
Co-authored-by: martylukyy <35452459+martylukyy@users.noreply.github.com>
* refactor: use ES module.
To maintain compatibility with vite 6 and since that's where the web are heading too.
Also moved some deps to devDeps, better optimized production builds. Changed some of the script command to match how others run or preview it, I think it was still using CRA.
* chore: update-lock.yaml
* refactor: since we are using ESM now, .cjs .ts required.
Changed the file extensions and refactored the .eslintrc.cjs I think there was a lot of bloat from the previous version and removed most of them and keep it simple for now, we can always expand from here a clean slate.
* refactor: added .node.json and refactored.
* fix(build): APIClient.ts had few error.
ESLint: Unexpected lexical declaration in case block.(no-case-declarations)
and TS2554: Expected 0-1 arguments, but got 2
we passed the cause to the constructor which it only takes 1 argument so removed it instead, since it's already in the string "Offline".
* fix(build): import never used.
* fix(build): add the types for react-dom/client.
* fix(build): use ESNext instead.
* fix(build): hmm why are we missing the types for the import?
Added @types/react-table.
* chore(lint): fix lint warnings
Don't use * for export.
* chore(lint): missing deps.
React Hook useEffect has a missing dependency: 'validateForm'. Either include it or remove the dependency array
* chore(lint): fix import.
* chore(lint): fix import.
* chore(lint): fix react hook.
error React Hook "useMutation" is called conditionally. React Hooks must be called in the exact same order in every component render react-hooks/rules-of-hooks
* chore(lint): value never used.
52:10 error '_regexPattern' is assigned a value but never used
* chore(lint): add missing dependency to useEffect
* chore(lint): fix imports.
* chore(lint): add deps to array.
* chore(lint): error Unexpected lexical declaration in case block no-case-declarations
* chore(lint): remove any and add types.
I am not sure about type CompleteFilterType I know it's being used for JSON so might need to use any?? dunno just test it and see if works.
* chore(lint): react-hooks/exhaustive-deps
* chore(lint): react-hooks/exhaustive-deps
* chore(lint): use type guard instead of any.
* chore(lint): react-hooks/exhaustive-deps
* Revert "chore(lint): remove any and add types."
This reverts commit 7b9168fe7826d63cb00e44df8e15fbde49b59174.
* chore(web): ignore sourcemap warnings
* chore(web): update vite to 5.0.4
* chore: add the new script `pnpm dev` to start the dev env.
* chore: add the curly braces.
more info: https://eslint.org/docs/latest/rules/no-case-declarations
* chore: remove the extra spaces
* chore: remove the extra spaces
* chore: add the curly braces.
* chore: add curly braces
* remove text-shadow property and comment
* revert switch case braces for Actions.tsx
---------
Co-authored-by: martylukyy <35452459+martylukyy@users.noreply.github.com>
* feat(notifications): add lunasea
* fix(web): truncate overflow in PasswordFieldWide
* refactor(notifications): centralize msg building
Left the building logic in discord.go and notifiarr.go as is because of their unique structure.
* refactor: moved components and swapped to outline
- Refactored the iconComponentMap to use a single iconStyle variable.
* upped size from 4 to 5
* rename NotificationBuilder function
* feat(feeds): add force run
* fix: simplify ForceRun
* add confirmation modal
* handle errors by using the test func
* require user input to run
* make sure to reschedule next job after forcerun
* refactor modal centering with grid
* refactor: Simplify startJob and forceRun logic
- Refactor `startJob` to accept a `runImmediately` flag. This flag controls whether the job should be run immediately or scheduled for later. This change simplifies the `ForceRun` function by allowing it to call `startJob` with `runImmediately` set to `true`.
- Remove redundant checks in `ForceRun` related to feed type. These checks are handled in `startJob`.
BREAKING CHANGE: The `startJob` function now requires a second argument, `runImmediately`. This change affects all calls to `startJob`.
* fix(web) Invalidate queries after forceRun
* refactor(feeds): init and test run
---------
Co-authored-by: ze0s <43699394+zze0s@users.noreply.github.com>
* Various WebUI changes and fixes.
* feat(tooltip): make tooltip display upwards
* fix(tooltip): place tooltip to the right
* fix(web): add missing ml-px to SwitchGroup header
current: https://i.imgur.com/2WXstPV.png
new: https://i.imgur.com/QGQ49mP.png
* fix(web): collapse sections
* fix(web): improve freeleech section
* fix(web): rename action to action_components
Renamed the 'action' folder to 'action_components' to resolve import issues due to case sensitivity.
* fix(web): align CollapsibleSection
Old Advanced tab: https://i.imgur.com/MXaJ5eJ.png
New Advanced tab: https://i.imgur.com/4nPJJRw.png
Music tab for comparison: https://i.imgur.com/I59X7ot.png
* fix(web): remove invalid CSS class
* revert: vertical padding on switchgroup
added py-0 on the freeleech part instead
* feat(settings): add back log files
* fix(settings): irc channels and font sizes
* fix(components): radio select roundness
* fix(styling): various minor changes
* fix(filters): remove jitter fields
---------
Co-authored-by: ze0s <43699394+zze0s@users.noreply.github.com>
Co-authored-by: soup <soup@r4tio.dev>
Co-authored-by: ze0s <ze0s@riseup.net>
* improve filter importing code
feat: added autodl-irssi filter importer/parser
enhancement: improved filter importing code
enhancement: redesigned filter list page
fix(DeleteModal): don't center text on mobile
fix(CustomTooltip): don't set opacity (avoid console.log spam), update prop names
* fix wrong variable ref name mistake
* switch position of buttons, use old blue
* give back the dropdown menu you stole
* go indent linting
* getLatest endpoint follows config.CheckForUpdates
* Revert "getLatest endpoint follows config.CheckForUpdates"
This reverts commit 495fabad13b1a96aa83ce50792f5725e9b51061a.
* getLatestRelease follows config.check_for_updates
* revert: rename data - less changes to conflict
* fixup: revert: rename data - less changes to conflict
* change queryFn to arrow function
* add react suspense, fix broken stuff, clean up code, improve DX
enhancement: added react suspense + spinner to show loading (still can be added in certain places)
chore: cleaned up Header/NavBar code
chore: cleaned up DeleteModal code
chore: cleaned up other relevant code
enhancement: changed remove button style to be much more pleasant (see e.g. filter tabs)
fix: made active tab on filters page to be blue (as it should've been) when active
fix: fixed ghost delimiter which was only visible when DeleteModal was active in FormButtonGroup
chore: removed most of linter warnings/errors
fix: fixed incorrect/double modal transition in FilterExternalItem
fix: fixed incorrect z-height on Options popover in Settings/IRC (would've been visible when Add new was clicked)
enhancement: improved robustness of all Context classes to support seamless new-feature expansion (#866)
enhancement: improved expand logic (see #994 comments)
* reverted irc expand view to previous design
* forgot to propagate previous z-height fix
* jinxed it
* add license header to new files
---------
Co-authored-by: martylukyy <35452459+martylukyy@users.noreply.github.com>
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
