Commit Graph

327 Commits

Author SHA1 Message Date
jimmy 0c9a281990 Merge pull request 'feat: Add comprehensive unit and integration testing infrastructure' (#38) from feature/add-testing-infrastructure into main
Deploy Dashboard / deploy (push) Successful in 12m6s
Run Tests / Frontend Tests (push) Has been cancelled
Run Tests / Test Summary (push) Has been cancelled
Run Tests / Backend Tests (push) Has been cancelled
2026-03-30 11:19:19 +08:00
Gan, Jimmy 8431920d26 feat: add comprehensive unit and integration testing infrastructure
Run Tests / Backend Tests (pull_request) Has been cancelled
Run Tests / Frontend Tests (pull_request) Has been cancelled
Run Tests / Test Summary (pull_request) Has been cancelled
- Backend: pytest with unit tests (auth, rbac, config) and integration tests (auth flow, docker, files)
- Frontend: vitest with unit tests (api client) and component tests (login)
- CI: Gitea Actions workflow for automated testing with coverage reports
- Documentation: TESTING.md guide with setup, usage, and best practices
- Coverage goals: 80%+ backend, 70%+ frontend
2026-03-30 11:11:39 +08:00
Gan, Jimmy 99b626eadc fix: add 60s timeout to registry mirror pre-pull to prevent CI hang 2026-03-20 01:04:14 +08:00
Gan, Jimmy 0c45efc0ca fix: terminal auth — skip pre-emptive refresh, always refresh on app load for fresh cookies 2026-03-20 01:04:14 +08:00
Gan, Jimmy 59da4eb9f9 fix: explicitly disable ML URL to prevent OCR job failures 2026-03-20 01:04:14 +08:00
Gan, Jimmy 24cb173caf fix: remove ffmpeg thread limit causing SIGSEGV in Immich 2026-03-20 01:04:14 +08:00
Gan, Jimmy 4eae0dca2f fix: correct tea download URL in Dockerfile 2026-03-20 01:04:14 +08:00
Gan, Jimmy 31d2ba2256 fix: add 60s timeout to registry mirror pre-pull to prevent CI hang
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 12m29s
2026-03-20 00:47:53 +08:00
Gan, Jimmy d50d6a1b71 fix: terminal auth — skip pre-emptive refresh, always refresh on app load for fresh cookies
Deploy Dashboard (Dev) / deploy-dev (push) Has been cancelled
2026-03-20 00:21:25 +08:00
Gan, Jimmy b8406c1252 fix: explicitly disable ML URL to prevent OCR job failures 2026-03-16 00:07:26 +08:00
Gan, Jimmy 512c8653a1 fix: remove ffmpeg thread limit causing SIGSEGV in Immich 2026-03-15 23:45:08 +08:00
Gan, Jimmy ae8cf65e84 fix: correct tea download URL in Dockerfile
Deploy Claude Dev (Dev) / deploy-claude-dev-dev (push) Successful in 1h4m53s
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m9s
2026-03-15 23:28:26 +08:00
jimmy 69a198f723 Harden terminal WebSocket edge cases
Deploy Dashboard / deploy (push) Successful in 1m1s
Merge pull request #37: Harden terminal WebSocket edge cases
2026-03-15 23:22:08 +08:00
Gan, Jimmy b742ab8fef fix: harden terminal WebSocket edge cases
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m44s
- Wrap tryRefreshSession in try-finally to ensure authRecoveryInFlight is always reset
- Fix variable scope issue: use const tabState instead of reassigning d
- Add error handling for process.stdin.write() to catch BrokenPipeError/OSError
- Verify WebSocket instance before closing in ping timeout callback
- Properly await conn.wait_closed() to prevent SSH connection leaks
- Gracefully cancel and wait for read_task with 2s timeout

These fixes prevent race conditions, resource leaks, and improve error recovery.
2026-03-15 23:18:20 +08:00
Gan, Jimmy d19707422d feat: add tea (Gitea CLI) to claude-dev tooling
Deploy Claude Dev (Dev) / deploy-claude-dev-dev (push) Failing after 40s
2026-03-15 23:00:57 +08:00
jimmy 427decc83a Merge dev to main
Deploy Dashboard / deploy (push) Successful in 1m49s
Merge pull request #36: Immich and Terminal fixes
2026-03-15 22:50:18 +08:00
Gan, Jimmy 9929567679 fix: bind Immich to 0.0.0.0 to allow Tailscale access 2026-03-15 00:29:45 +08:00
Gan, Jimmy d0078f7e9d fix: update Immich healthcheck to use curl and limit ffmpeg threads 2026-03-15 00:22:05 +08:00
Gan, Jimmy d69b744ae7 fix: resolve variable redeclaration in Terminal.svelte
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m50s
Change 'const d' to 'let d' to allow reassignment in nested scopes
2026-03-13 22:45:55 +08:00
Gan, Jimmy 7b17a53cab fix: resolve terminal WebSocket auth failures and improve reconnection
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 1m8s
- Remove insecure query token parameter from backend (cookie-only auth)
- Add detailed JWT error logging (expired, invalid, missing tokens)
- Force token refresh before first WebSocket connection
- Stop reconnection after 3 consecutive auth failures
- Increase ping interval from 12s to 30s (reduce traffic)
- Increase pong timeout from 5s to 10s (handle network latency)
- Show attempt counter in reconnection error messages

Root cause: Frontend was reconnecting with 6-day-old expired token,
causing 403 rejections. Now ensures fresh cookies before connecting.
2026-03-13 22:26:22 +08:00
Gan, Jimmy 00b5d362e7 debug: add detailed logging for terminal WebSocket connections
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m35s
2026-03-12 00:23:23 +08:00
jimmy 0d251a09be fix: add pong/timeout detection to prevent silent connection hangs
Deploy Dashboard / deploy (push) Successful in 49s
Merge pull request #35: Fix pong/timeout detection
2026-03-11 23:58:36 +08:00
Gan, Jimmy e0f432bc39 fix: add pong/timeout detection to prevent silent connection hangs
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m2s
- Backend now responds to __ping__ with __pong__
- Frontend detects missing pong within 5s and closes connection
- This triggers proper reconnect/auth recovery instead of hanging
- Fixes 'keepalive ping timeout' issue where connection appears alive but is dead
2026-03-11 23:55:51 +08:00
jimmy 51ad3bfe5b fix: improve terminal robustness with exponential backoff and better keepalive
Deploy Dashboard / deploy (push) Successful in 1m43s
Merge pull request #34: Terminal robustness improvements
2026-03-11 23:34:36 +08:00
Gan, Jimmy 74100c8882 fix: change WebAuthn RP_ID to jimmygan.com to support all subdomains
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m0s
2026-03-11 01:43:19 +08:00
Gan, Jimmy 5c5baba3d4 debug: add step-by-step alerts to trace passkey registration flow
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m24s
2026-03-11 01:30:12 +08:00
Gan, Jimmy 7277560856 debug: add alert to show WebAuthn errors on iPad
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m11s
- Add alert() to display full error details for debugging
- Helps diagnose issues when browser console is unavailable
2026-03-11 01:25:36 +08:00
Gan, Jimmy b98333db36 fix: correct WebAuthn RP_ID to match domain suffix
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m48s
- Change RP_ID from jimmygan.com to nas.jimmygan.com
- RP_ID must be a valid suffix of the origin domain
- Fixes WebAuthn failing silently on iOS/iPadOS
2026-03-11 01:15:36 +08:00
Gan, Jimmy 42c5693ede fix: add WebAuthn environment variables to docker-compose
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 4m23s
- Set WEBAUTHN_RP_ID=jimmygan.com for both main and dev
- Set WEBAUTHN_ORIGINS to match respective domains
- Fixes passkey registration failing due to origin mismatch
2026-03-11 01:01:14 +08:00
Gan, Jimmy 2f8a5d84dc fix: WebAuthn config typo and improve error handling
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m41s
- Fix WEBAUTHN_ORIGIN -> WEBAUTHN_ORIGINS env var name
- Add null check for cancelled passkey creation
- Use finally block to ensure loading state is always reset
- Add console.error for better debugging
2026-03-11 00:53:28 +08:00
Gan, Jimmy 75cfafd388 chore: remove CI test comment
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m18s
2026-03-11 00:47:22 +08:00
Gan, Jimmy 80ad5e9197 test: verify CI auto-trigger for dev branch
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 5m54s
2026-03-11 00:41:07 +08:00
Gan, Jimmy cc3e9dc6fa fix: improve terminal robustness with exponential backoff and better keepalive
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m11s
- Backend: Add 10s connection timeout, improve SSH keepalive (15s × 8 retries)
- Backend: Add detailed error logging for debugging
- Frontend: Implement exponential backoff (1s → 30s max) instead of fixed 2s
- Frontend: Reduce heartbeat to 12s (within 15s SSH keepalive window)
- Frontend: Reset reconnect counter on successful connection
- Frontend: Fix race condition in auth recovery after manual close
2026-03-11 00:24:17 +08:00
jimmy 0d50958134 Merge pull request 'fix: harden dashboard auth and RBAC security flows' (#33) from dev into main
Deploy Dashboard / deploy (push) Successful in 46s
Merge pull request #33 from dev
2026-03-09 23:53:51 +08:00
Gan, Jimmy 4201917e17 fix: harden dashboard RBAC and cookie auth flows
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m17s
Restrict Docker/Files writes to admins, move terminal websocket auth to cookie-first with temporary query fallback, and migrate refresh-token handling to httpOnly cookies for safer session persistence.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-09 23:44:23 +08:00
jimmy 1e5b32060e Merge pull request 'fix: refresh terminal websocket auth on reconnect' (#32) from dev into main
Deploy Dashboard / deploy (push) Successful in 1m13s
2026-03-07 17:57:47 +08:00
Gan, Jimmy e72665c466 fix: refresh terminal websocket auth on reconnect
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m16s
Reuse the existing refresh-token flow before opening terminal websocket connections so reconnects can recover from expired access tokens without requiring a full dashboard reload.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-07 17:49:46 +08:00
jimmy b580995966 Merge pull request 'Merge dev into main' (#30) from dev into main 2026-03-07 13:09:46 +08:00
Gan, Jimmy c162164528 fix: add dev dashboard caddy route
Add a dedicated dev.nas.jimmygan.com reverse proxy entry so the dev dashboard can be reached through the VPS Caddy configuration.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-07 11:50:56 +08:00
jimmy 73e4feb2c3 Merge pull request 'fix: clarify blocked security events' (#29) from dev into main
Deploy Dashboard / deploy (push) Successful in 48s
2026-03-07 11:48:36 +08:00
Gan, Jimmy 175ebeede4 fix: sync dashboard page query state
Deploy Claude Dev (Dev) / deploy-claude-dev-dev (push) Successful in 17m2s
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m48s
Keep the selected dashboard page in sync with lightweight URL query params so direct terminal links can land on the right page without exposing extra client state.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-07 11:02:53 +08:00
Gan, Jimmy c8255dccec fix: add tmux to claude-dev tooling
Add tmux to the claude-dev runtime contract so persistent terminal sessions can rely on it, and make the Claude preflight patch resilient to current CLI builds so image builds keep passing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-07 11:00:58 +08:00
jimmy bab7fddb90 Merge pull request 'fix: raise terminal per-user session cap' (#28) from dev into main
Deploy Dashboard / deploy (push) Successful in 58s
2026-03-07 10:45:38 +08:00
Gan, Jimmy 1b9ea140b6 fix: raise terminal per-user session cap
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m44s
Allow more concurrent dashboard terminal tabs per user and use the current access token for websocket reconnects so refreshed sessions keep working.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-07 10:37:08 +08:00
Gan, Jimmy 6067857dad fix: clarify blocked security events
Deploy Dashboard (Dev) / deploy-dev (push) Has started running
Label unauthorized security events as blocked and highlight likely scanner probes so the log view is easier to interpret during investigations.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-07 10:36:37 +08:00
jimmy 6e751ef92f Merge pull request 'fix: add security log investigation filters' (#27) from dev into main
Deploy Dashboard / deploy (push) Successful in 1m18s
2026-03-07 10:14:41 +08:00
Gan, Jimmy 35a3019e0d fix: add security log investigation filters
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m22s
Add server-side IP and date range filtering for security logs so investigations can narrow events without relying on client-side filtering alone.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-07 09:59:59 +08:00
jimmy 23598a5af1 Merge pull request 'fix: harden dashboard auth and terminal flows' (#26) from dev into main
Deploy Dashboard / deploy (push) Successful in 3m38s
2026-03-07 09:52:53 +08:00
Gan, Jimmy 44f0ed5d04 fix: harden dashboard auth and terminal flows
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m29s
Tighten terminal websocket auth and proxy trust handling while making file-backed auth/RBAC writes atomic to reduce high-impact security and persistence risks.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-06 23:53:58 +08:00
jimmy 9252f5d28a Merge pull request 'fix: keep terminal sessions alive' (#25) from dev into main
Deploy Dashboard / deploy (push) Successful in 1m41s
2026-03-06 16:49:53 +08:00