Gan, Jimmy
fa43b5a409
fix: enable Tailwind v4 class-based dark mode with @custom-variant
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m14s
2026-03-01 15:22:55 +08:00
Gan, Jimmy
62856c9343
fix: comprehensive dark mode support across all pages
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m11s
- Fix body/html dark background to surface-950
- Add dark scrollbar styling
- Fix App.svelte wrapper to use Tailwind dark: classes instead of conditional strings
- Add dark:bg-surface-800 and dark:border-surface-700 to all cards in Dashboard, Docker, Files, Gitea
- Add dark text variants for headings, labels, and content text
- Add dark hover states for interactive elements
- Enable cross-category sidebar drag-and-drop
2026-03-01 14:59:23 +08:00
Gan, Jimmy
a8debcfb4b
feat: access control UI in Settings + sidebar drag-and-drop reordering
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m13s
- Add Access Control card in Settings (admin-only): role defaults display, user overrides CRUD
- Add sidebar drag-and-drop reordering with per-user persistence in rbac.json
- Backend: GET/PUT /api/auth/preferences endpoints, sidebar order helpers in rbac.py
- Frontend: HTML5 drag API with grip handles, smart order merge, debounced save
- Preserve sidebar_order when updating page overrides
2026-03-01 14:48:35 +08:00
Gan, Jimmy
9992105b49
feat: RBAC multi-user role-based access control
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m14s
- Add rbac.py with User model, LDAP group-to-role mapping, page/write dependencies
- Proxy auth reads Remote-Groups header to resolve role from LDAP groups
- JWT tokens carry role claim, /me returns role + allowed pages
- Per-router page access control and viewer write protection
- Terminal WebSocket RBAC check
- Frontend filters sidebar links and routes by allowed pages
- Admin-only Settings page and RBAC override endpoints
- Mount rbac.json in docker-compose for page config persistence
2026-03-01 14:13:43 +08:00
Gan, Jimmy
82fe5eb88c
feat: add favicon for browser tab
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m35s
2026-03-01 13:38:26 +08:00
Gan, Jimmy
4b32929dcc
feat: watchtower tracking, dev environment, security logs page
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m54s
- watchtower: docker-compose with label filtering, email notifications
- watchtower labels on navidrome, openclaw, immich services
- dev env: docker-compose.dev.yml (port 4001), deploy-dev.yml CI workflow
- dev.nas.jimmygan.com Caddy site block with Authelia forward_auth
- security page: backend router parsing Authelia/Caddy container logs
- security page: frontend with stats cards, timeline, top IPs, event log
- wired security route into App.svelte and Sidebar
2026-03-01 00:40:14 +08:00
Gan, Jimmy
1c562e65b7
feat: migrate all services to HTTPS subdomains with Authelia SSO
...
Deploy Dashboard / deploy (push) Successful in 2m36s
All dashboard services now route through NAS Caddy with HTTPS and SSO:
- media.jimmygan.com:8443 → Jellyfin
- photos.jimmygan.com:8443 → Immich
- books.jimmygan.com:8443 → Audiobookshelf
- git.jimmygan.com:8443 → Gitea
- pdf.jimmygan.com:8443 → Stirling PDF
- vault.jimmygan.com:8443 → Vaultwarden
- speed.jimmygan.com:8443 → Speedtest (no auth)
Benefits:
- HTTPS for all services (browser secure context)
- Single sign-on via Authelia (except Speedtest)
- Future-ready for public exposure (just add VPS routes)
- Services remain Tailscale/LAN-only (no public DNS yet)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-02-28 01:23:54 +08:00
Gan, Jimmy
29a9e9d881
feat: integrate Authelia SSO and update LLDAP routing
Deploy Dashboard / deploy (push) Successful in 16m20s
2026-02-27 23:04:57 +08:00
Gan, Jimmy
c676c84bc1
feat: add chat group daily summarizer
...
Deploy Dashboard / deploy (push) Failing after 38s
- Telegram collector (Telethon MTProto) with checkpoint-based message fetching
- Claude API summarization via proxy (haiku model)
- Dashboard page with date picker, markdown summary, raw message drill-down
- Separate container lifecycle from dashboard for stable Telethon sessions
- Shared SQLite DB mounted read-only into dashboard
2026-02-27 02:51:52 +08:00
Gan, Jimmy
7f94013bf9
feat: add Caddy VPS terminal connection
Deploy Dashboard / deploy (push) Successful in 1m44s
2026-02-27 00:26:01 +08:00
Gan, Jimmy
394a1aa367
security: harden dashboard (SSH keys, auth, uploads, CORS, non-root)
...
Remove SSH private keys from git, add SECRET_KEY validation, move WS
auth from query string to first message, add session limits/idle timeout,
PBKDF2 Fernet key, refresh token rotation, TOTP replay protection,
file upload size limit + filename sanitization, symlink safety check,
restrict CORS methods, IP-gate OpenClaw token, run container as non-root,
rate-limit refresh/passkey endpoints, sanitize Gitea path params.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-02-26 17:22:25 +08:00
Gan, Jimmy
d25b3f0785
fix: use flex layout in voice mode to prevent page scroll competing with xterm
2026-02-26 16:57:29 +08:00
Gan, Jimmy
643d576816
fix: filter terminal UI chrome (shortcuts, prompts, keybindings) from TTS
2026-02-26 16:40:34 +08:00
Gan, Jimmy
1b06aaa5c7
fix: compact voice mode bottom sheet, hide title, inline mic+transcript
2026-02-26 16:25:35 +08:00
Gan, Jimmy
3d6fb06439
feat: add TTS voice picker to voice mode bottom sheet
2026-02-26 16:22:16 +08:00
Gan, Jimmy
ee6c404122
fix: TTS reads output in auto mode (don't skip when listening)
2026-02-26 16:12:36 +08:00
Gan, Jimmy
70c716fd19
feat: voice mode bottom sheet with hold/tap/auto talk modes
2026-02-26 16:03:43 +08:00
Gan, Jimmy
47ab062edd
fix: type STT text char-by-char, increase TTS debounce to 2s
2026-02-26 15:50:17 +08:00
Gan, Jimmy
af74552a01
fix: iOS TTS unlock on user gesture, use \r for terminal Enter
2026-02-26 15:45:27 +08:00
Gan, Jimmy
70d3be71b9
fix: voice controls reactivity, disable mic on unsupported browsers
2026-02-26 15:40:15 +08:00
Gan, Jimmy
9c5dbcdb37
feat: add voice mode (STT/TTS) to terminal page
2026-02-26 15:35:43 +08:00
Gan, Jimmy
fc2a5aaa9c
feat: n8n via HTTPS subdomain on NAS Caddy
2026-02-26 14:46:29 +08:00
Gan, Jimmy
ee80084edb
feat: add n8n to dashboard sidebar
2026-02-26 13:35:12 +08:00
Gan, Jimmy
c4ebfb6432
feat: smart LAN detection for sidebar links via X-Forwarded-For and router probe
2026-02-26 03:34:47 +08:00
Gan, Jimmy
b03b20aee6
feat: terminal tabs with on-demand connections and Claude Dev host
2026-02-26 02:59:25 +08:00
Gan, Jimmy
9305ce05cd
feat: update Navidrome remoteHref to use NAS Caddy port 8443
2026-02-26 01:56:38 +08:00
Gan, Jimmy
08f3065e24
Fix sidebar links: use Tailscale IP when accessed via public domain
2026-02-25 00:22:54 +08:00
Gan, Jimmy
b813597393
Reorganize sidebar: Main/Media/Tools categories, Settings to bottom
2026-02-25 00:16:49 +08:00
Gan, Jimmy
2498876c78
Fix sidebar: add overflow scroll for small screens
2026-02-25 00:09:49 +08:00
Gan, Jimmy
98975f45c2
Update LAN IP to 192.168.31.221 for Sidebar links
2026-02-24 01:46:07 +08:00
Gan, Jimmy
25dbe7ad1d
Add Audiobookshelf, Stirling PDF, Vaultwarden to sidebar; update PLAN.md
2026-02-22 20:13:39 +08:00
Gan, Jimmy
87fdabcd50
Fix OpenClaw: auto-include gateway token in dashboard link
2026-02-22 18:30:34 +08:00
Gan, Jimmy
8797231f53
Add container health status, multi-volume storage, auto-refresh Overview
2026-02-22 17:11:17 +08:00
Gan, Jimmy
ae98811c23
Smart LAN routing for Navidrome sidebar link
2026-02-22 16:59:33 +08:00
Gan, Jimmy
2da9d47bdd
Fix passkey login on non-HTTPS connections
2026-02-22 16:52:27 +08:00
Gan, Jimmy
3c186989b1
Smart LAN detection for sidebar service links
2026-02-22 16:45:31 +08:00
Gan, Jimmy
57f6780d7c
Replace Emby with Jellyfin in sidebar
2026-02-22 16:28:00 +08:00
Gan, Jimmy
eadd44eee5
Fix Settings page dark mode styling
2026-02-22 15:03:36 +08:00
Gan, Jimmy
5d77ca5a3d
Add Speedtest to sidebar, set up on port 8080
2026-02-22 14:57:47 +08:00
Gan, Jimmy
4a666c2914
Categorize audit log by threat level with filtering UI
2026-02-22 12:38:59 +08:00
Gan, Jimmy
a32588a7cc
Add audit log viewer to Settings page
2026-02-22 12:34:21 +08:00
Gan, Jimmy
19b3de3c91
Show passkey names and dates, add individual delete
2026-02-22 12:20:05 +08:00
Gan, Jimmy
144016e3c9
Add PublicKeyCredential guard for passkey registration
2026-02-22 11:44:02 +08:00
Gan, Jimmy
be1f3b3ad6
Add security improvements: refresh tokens, passkeys, CSP, audit logging, TOTP encryption
...
- Shorten access token to 30min with 7-day refresh token flow
- Add WebAuthn passkey registration and login with TOTP fallback
- Add Content-Security-Policy header
- Add audit logging middleware to /volume1/docker/nas-dashboard/audit.log
- Block /volume1/docker/ in files endpoint
- Encrypt TOTP secret at rest with Fernet (derived from SECRET_KEY)
- New deps: py_webauthn, cryptography
2026-02-22 11:04:40 +08:00
Gan, Jimmy
43156101d9
Fix Navidrome sidebar link to use music.jimmygan.com
2026-02-21 11:20:56 +08:00
Gan, Jimmy
7aec5976df
fix: resolve OpenClaw iframe connection refused and Docker HTTP proxy conflict
2026-02-20 17:25:16 +08:00
Gan, Jimmy
a882f45f2e
Add multi-host terminal: NAS + VPS side-by-side
2026-02-20 00:53:29 +08:00
Gan, Jimmy
a345ba1466
Add mobile responsive sidebar, OpenClaw route
2026-02-20 00:15:36 +08:00
Gan, Jimmy
69bd41b5a1
Fix terminal: pass JWT via query param, remove Docker-incompatible IP check
Deploy Dashboard / deploy (push) Failing after 2m11s
2026-02-19 17:44:55 +08:00
Gan, Jimmy
bf49e13e56
Add settings page with change password, fix terminal ws bug
Deploy Dashboard / deploy (push) Failing after 2m5s
2026-02-19 17:29:03 +08:00