Commit Graph

450 Commits

Author SHA1 Message Date
Gan, Jimmy 14965c7e03 feat: add cc-connect dashboard health integration
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m49s
Add a protected backend health endpoint and a new dashboard page/sidebar entry so cc-connect operational status is visible in the UI.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-02 23:24:03 +08:00
jimmy 2a5d8c77e8 Merge pull request 'Merge dev into main (docs sync)' (#18) from dev into main 2026-03-02 04:01:39 +08:00
Gan, Jimmy e76f15c432 docs: mark LiteLLM phase tasks complete
Update Phase 14 checklist to reflect completed LiteLLM scaffold, health probe, networking, auth-aware health checks, and dashboard status UI delivery.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-02 04:01:01 +08:00
jimmy d8b8944234 Merge pull request 'Merge dev into main' (#17) from dev into main
Deploy Dashboard / deploy (push) Successful in 1m1s
2026-03-02 03:56:49 +08:00
Gan, Jimmy 910ed3f7e6 feat: add LiteLLM health page to dashboard
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m45s
Expose LiteLLM operational status in the NAS Dashboard UI so auth-required and outage states are visible without calling backend APIs directly.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-02 03:50:56 +08:00
Gan, Jimmy 56743d1cf4 fix: make LiteLLM health probe auth-aware
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m4s
Allow the dashboard health check to include optional LiteLLM auth headers and treat unauthenticated 401 responses as an auth-required healthy state.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-02 03:38:25 +08:00
Gan, Jimmy 9bae5a62a5 fix: attach litellm to shared dashboard network
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m34s
Connect LiteLLM to nas-dashboard_internal and point dashboard-dev to the litellm container hostname so health probes work without host-loopback routing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-02 03:31:44 +08:00
Gan, Jimmy 6cabbd6c59 fix: set dev dashboard LiteLLM URL to host gateway
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m52s
Point dashboard-dev LiteLLM health checks at host.docker.internal so the container can reach the NAS LiteLLM service bound on localhost.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-02 03:23:01 +08:00
Gan, Jimmy 76c10a6c07 fix: use compose-compatible env_file format
Switch env_file declarations back to string list syntax so Synology's docker compose parser accepts the LiteLLM and cc-connect compose files.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-02 01:11:58 +08:00
Gan, Jimmy ed4090a910 feat: add LiteLLM gateway scaffold and dashboard health probe
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m11s
Introduce a localhost-only LiteLLM service template and expose a protected dashboard health endpoint for operational visibility, while adding cc-connect mobile bridge templates with conservative defaults.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-02 01:08:12 +08:00
jimmy aac297ab3e Merge pull request 'merge dev into main: sidebar network link fixes' (#16) from dev into main
Deploy Dashboard / deploy (push) Successful in 41s
2026-03-01 22:57:15 +08:00
Gan, Jimmy bd2a166253 fix: use hybrid sidebar links for LAN and public access
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m58s
Keep LAN/Tailscale-home behavior for NAS-targeted links while converting remote :8443 URLs to standard HTTPS on public access so external links resolve correctly.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-01 22:55:37 +08:00
Gan, Jimmy 72bb37ffe5 fix: correct sidebar LAN detection for public access
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m27s
Separate Tailscale IP detection from true LAN detection so public internet users routed through VPS no longer get non-routable port links in the sidebar.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-01 22:46:05 +08:00
jimmy b0b54b2ebb Merge pull request 'Refactor auth router and add performance optimizations' (#15) from dev into main
Deploy Dashboard / deploy (push) Successful in 45s
2026-03-01 22:25:14 +08:00
Gan, Jimmy 50e1d779de perf: add compression and caching for faster public access
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m20s
Optimizations to reduce latency over Tailscale tunnel:
- Add GZip middleware for 70% bandwidth reduction (480KB → ~150KB)
- Cache static assets with immutable headers (1 year)
- Remove 500ms blocking CPU interval in system stats

These changes significantly improve dashboard load time over public network.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-01 22:21:51 +08:00
Gan, Jimmy ae437db92e refactor: split auth router into focused modules
Deploy Dashboard (Dev) / deploy-dev (push) Has been cancelled
Split the 429-line auth.py into three modules for better maintainability:
- auth.py (264 lines): core auth, login, token refresh, RBAC, preferences
- passkey.py (187 lines): WebAuthn passkey registration and authentication
- totp.py (41 lines): TOTP 2FA setup and verification

All 21 endpoints maintain backward compatibility under /api/auth prefix.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-01 22:19:33 +08:00
jimmy 12ca6c7af4 Merge pull request 'feat: add role-based sidebar link visibility control' (#14) from dev into main
Deploy Dashboard / deploy (push) Successful in 31s
2026-03-01 18:19:10 +08:00
Gan, Jimmy 7ab2ad41c4 feat: add role-based sidebar link visibility control
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m37s
2026-03-01 18:17:45 +08:00
jimmy c5a3702496 Merge pull request 'perf: add Docker layer caching to dev CI workflow' (#13) from dev into main
Deploy Dashboard / deploy (push) Successful in 16s
2026-03-01 18:10:08 +08:00
Gan, Jimmy 20aa6f12a3 perf: add Docker layer caching to dev CI workflow
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 53s
2026-03-01 18:07:19 +08:00
jimmy 677997fb75 Merge pull request 'fix: add missing settings page to role access control' (#12) from dev into main
Deploy Dashboard / deploy (push) Successful in 40s
2026-03-01 18:06:22 +08:00
Gan, Jimmy 12b9949495 fix: add missing 'settings' page to role access control list
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m38s
2026-03-01 18:04:56 +08:00
jimmy fbf5f6908e Merge pull request 'feat: add UI to edit role default page permissions' (#11) from dev into main
Deploy Dashboard / deploy (push) Successful in 46s
2026-03-01 17:58:36 +08:00
Gan, Jimmy 862097813d feat: add UI to edit role default page permissions
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 4m24s
2026-03-01 17:57:45 +08:00
jimmy 01394d709a Merge pull request 'fix: sidebar drag-and-drop persistence + CSP warning' (#10) from dev into main
Deploy Dashboard / deploy (push) Successful in 1m2s
2026-03-01 17:52:08 +08:00
Gan, Jimmy fce71cfea0 fix: remove Google Fonts to resolve CSP warning, use system fonts
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m31s
2026-03-01 17:51:27 +08:00
Gan, Jimmy 79a9fc980e debug: add exception logging to preferences save endpoint
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m51s
2026-03-01 17:45:00 +08:00
Gan, Jimmy 98f836d3e4 debug: add console logging for sidebar order save failures
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m27s
2026-03-01 17:39:51 +08:00
jimmy e0d5e59ce9 Merge pull request 'fix: sidebar improvements' (#9) from dev into main
Deploy Dashboard / deploy (push) Successful in 59s
2026-03-01 16:51:34 +08:00
Gan, Jimmy f746f1e37f fix: remove extra '>' typo, consolidate user management, compact bottom bar
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m31s
2026-03-01 16:46:27 +08:00
jimmy 22e35698f3 Merge pull request 'fix: add drop zone placeholder for empty sidebar categories' (#8) from dev into main
Deploy Dashboard / deploy (push) Successful in 53s
2026-03-01 16:22:10 +08:00
Gan, Jimmy 4e2ef9c6bf fix: add drop zone placeholder for empty sidebar categories
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m27s
2026-03-01 16:21:28 +08:00
jimmy a3bac56275 Merge pull request 'feat: enable Immich ML, dark mode fixes, sidebar improvements' (#6) from dev into main
Deploy Dashboard / deploy (push) Successful in 39s
2026-03-01 16:14:35 +08:00
Gan, Jimmy df994e0621 feat: add Tools-2 category + collapsible sidebar categories
Deploy Dashboard (Dev) / deploy-dev (push) Successful
2026-03-01 16:13:29 +08:00
Gan, Jimmy ada5f3f0f4 fix: restore missing itemKey function in Sidebar (caused infinite load)
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m13s
2026-03-01 15:44:36 +08:00
Gan, Jimmy d40a2ebc45 refactor: unified sidebar item renderer with cross-category drag-and-drop + clean dark mode
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m21s
- Replace 3 separate category renderers with single unified loop using Svelte snippet for icons
- Items now properly move between categories (Main/Media/Tools) via drag-and-drop
- buildLists() resolves items from global allItems map regardless of original category
- Convert all remaining conditional dark class strings to Tailwind dark: variants in Sidebar
2026-03-01 15:28:52 +08:00
Gan, Jimmy fa43b5a409 fix: enable Tailwind v4 class-based dark mode with @custom-variant
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m14s
2026-03-01 15:22:55 +08:00
Gan, Jimmy 62856c9343 fix: comprehensive dark mode support across all pages
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m11s
- Fix body/html dark background to surface-950
- Add dark scrollbar styling
- Fix App.svelte wrapper to use Tailwind dark: classes instead of conditional strings
- Add dark:bg-surface-800 and dark:border-surface-700 to all cards in Dashboard, Docker, Files, Gitea
- Add dark text variants for headings, labels, and content text
- Add dark hover states for interactive elements
- Enable cross-category sidebar drag-and-drop
2026-03-01 14:59:23 +08:00
Gan, Jimmy a8debcfb4b feat: access control UI in Settings + sidebar drag-and-drop reordering
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m13s
- Add Access Control card in Settings (admin-only): role defaults display, user overrides CRUD
- Add sidebar drag-and-drop reordering with per-user persistence in rbac.json
- Backend: GET/PUT /api/auth/preferences endpoints, sidebar order helpers in rbac.py
- Frontend: HTML5 drag API with grip handles, smart order merge, debounced save
- Preserve sidebar_order when updating page overrides
2026-03-01 14:48:35 +08:00
jimmy 3306c8ce51 Merge pull request 'feat: RBAC multi-user role-based access control' (#5) from dev into main
Deploy Dashboard / deploy (push) Successful in 26s
2026-03-01 14:20:49 +08:00
Gan, Jimmy 9992105b49 feat: RBAC multi-user role-based access control
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m14s
- Add rbac.py with User model, LDAP group-to-role mapping, page/write dependencies
- Proxy auth reads Remote-Groups header to resolve role from LDAP groups
- JWT tokens carry role claim, /me returns role + allowed pages
- Per-router page access control and viewer write protection
- Terminal WebSocket RBAC check
- Frontend filters sidebar links and routes by allowed pages
- Admin-only Settings page and RBAC override endpoints
- Mount rbac.json in docker-compose for page config persistence
2026-03-01 14:13:43 +08:00
jimmy 15ad628425 Merge pull request 'feat: add favicon for browser tab' (#4) from dev into main
Deploy Dashboard / deploy (push) Successful in 44s
2026-03-01 13:39:09 +08:00
Gan, Jimmy 82fe5eb88c feat: add favicon for browser tab
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m35s
2026-03-01 13:38:26 +08:00
jimmy 87a79cd1ca Merge pull request 'fix: security page - logfmt parser and disable Caddy log fetching' (#3) from dev into main
Deploy Dashboard / deploy (push) Successful in 32s
2026-03-01 13:00:21 +08:00
Gan, Jimmy 533672c8ae fix: disable Caddy log fetching - causes Docker API timeouts
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m2s
2026-03-01 12:54:00 +08:00
Gan, Jimmy 53481f16f8 fix: reduce log tail defaults and add Docker client timeout to prevent security page hanging
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 51s
2026-03-01 11:43:02 +08:00
Gan, Jimmy 26f458acee fix: parse Authelia logfmt format in security logs
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m22s
2026-03-01 11:06:48 +08:00
Gan, Jimmy 4cef51e15f fix: dev dashboard shares prod socket proxy network 2026-03-01 10:48:02 +08:00
jimmy 75beb0ccae Merge pull request 'fix: reduce false positives in security log detection' (#2) from dev into main
Deploy Dashboard / deploy (push) Successful in 50s
2026-03-01 10:32:04 +08:00
Gan, Jimmy cb1028ebb6 fix: reduce false positives in security log detection
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m34s
- Skip internal API paths (/api/, /rest/, /backend/) from suspicious flagging
- Remove broad .php match that caught Speedtest's garbage.php
- Only flag 4xx on non-internal paths, ignore 5xx (service errors)
2026-03-01 10:31:38 +08:00