Gan, Jimmy
b1f0af75bb
ci: enable test workflow on dev branch
Run Tests / Backend Tests (push) Has been cancelled
Run Tests / Frontend Tests (push) Has been cancelled
Run Tests / Test Summary (push) Has been cancelled
2026-03-30 11:27:36 +08:00
Gan, Jimmy
5846fe97f4
docs: trigger test workflow
2026-03-30 11:26:56 +08:00
Gan, Jimmy
6e6530af31
chore: merge main into dev - add testing infrastructure
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 10m26s
2026-03-30 11:20:41 +08:00
jimmy
0c9a281990
Merge pull request 'feat: Add comprehensive unit and integration testing infrastructure' ( #38 ) from feature/add-testing-infrastructure into main
Deploy Dashboard / deploy (push) Successful in 12m6s
Run Tests / Frontend Tests (push) Has been cancelled
Run Tests / Test Summary (push) Has been cancelled
Run Tests / Backend Tests (push) Has been cancelled
2026-03-30 11:19:19 +08:00
Gan, Jimmy
8431920d26
feat: add comprehensive unit and integration testing infrastructure
...
Run Tests / Backend Tests (pull_request) Has been cancelled
Run Tests / Frontend Tests (pull_request) Has been cancelled
Run Tests / Test Summary (pull_request) Has been cancelled
- Backend: pytest with unit tests (auth, rbac, config) and integration tests (auth flow, docker, files)
- Frontend: vitest with unit tests (api client) and component tests (login)
- CI: Gitea Actions workflow for automated testing with coverage reports
- Documentation: TESTING.md guide with setup, usage, and best practices
- Coverage goals: 80%+ backend, 70%+ frontend
2026-03-30 11:11:39 +08:00
Gan, Jimmy
99b626eadc
fix: add 60s timeout to registry mirror pre-pull to prevent CI hang
2026-03-20 01:04:14 +08:00
Gan, Jimmy
0c45efc0ca
fix: terminal auth — skip pre-emptive refresh, always refresh on app load for fresh cookies
2026-03-20 01:04:14 +08:00
Gan, Jimmy
59da4eb9f9
fix: explicitly disable ML URL to prevent OCR job failures
2026-03-20 01:04:14 +08:00
Gan, Jimmy
24cb173caf
fix: remove ffmpeg thread limit causing SIGSEGV in Immich
2026-03-20 01:04:14 +08:00
Gan, Jimmy
4eae0dca2f
fix: correct tea download URL in Dockerfile
2026-03-20 01:04:14 +08:00
Gan, Jimmy
31d2ba2256
fix: add 60s timeout to registry mirror pre-pull to prevent CI hang
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 12m29s
2026-03-20 00:47:53 +08:00
Gan, Jimmy
d50d6a1b71
fix: terminal auth — skip pre-emptive refresh, always refresh on app load for fresh cookies
Deploy Dashboard (Dev) / deploy-dev (push) Has been cancelled
2026-03-20 00:21:25 +08:00
Gan, Jimmy
b8406c1252
fix: explicitly disable ML URL to prevent OCR job failures
2026-03-16 00:07:26 +08:00
Gan, Jimmy
512c8653a1
fix: remove ffmpeg thread limit causing SIGSEGV in Immich
2026-03-15 23:45:08 +08:00
Gan, Jimmy
ae8cf65e84
fix: correct tea download URL in Dockerfile
Deploy Claude Dev (Dev) / deploy-claude-dev-dev (push) Successful in 1h4m53s
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m9s
2026-03-15 23:28:26 +08:00
jimmy
69a198f723
Harden terminal WebSocket edge cases
...
Deploy Dashboard / deploy (push) Successful in 1m1s
Merge pull request #37 : Harden terminal WebSocket edge cases
2026-03-15 23:22:08 +08:00
Gan, Jimmy
b742ab8fef
fix: harden terminal WebSocket edge cases
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m44s
- Wrap tryRefreshSession in try-finally to ensure authRecoveryInFlight is always reset
- Fix variable scope issue: use const tabState instead of reassigning d
- Add error handling for process.stdin.write() to catch BrokenPipeError/OSError
- Verify WebSocket instance before closing in ping timeout callback
- Properly await conn.wait_closed() to prevent SSH connection leaks
- Gracefully cancel and wait for read_task with 2s timeout
These fixes prevent race conditions, resource leaks, and improve error recovery.
2026-03-15 23:18:20 +08:00
Gan, Jimmy
d19707422d
feat: add tea (Gitea CLI) to claude-dev tooling
Deploy Claude Dev (Dev) / deploy-claude-dev-dev (push) Failing after 40s
2026-03-15 23:00:57 +08:00
jimmy
427decc83a
Merge dev to main
...
Deploy Dashboard / deploy (push) Successful in 1m49s
Merge pull request #36 : Immich and Terminal fixes
2026-03-15 22:50:18 +08:00
Gan, Jimmy
9929567679
fix: bind Immich to 0.0.0.0 to allow Tailscale access
2026-03-15 00:29:45 +08:00
Gan, Jimmy
d0078f7e9d
fix: update Immich healthcheck to use curl and limit ffmpeg threads
2026-03-15 00:22:05 +08:00
Gan, Jimmy
d69b744ae7
fix: resolve variable redeclaration in Terminal.svelte
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m50s
Change 'const d' to 'let d' to allow reassignment in nested scopes
2026-03-13 22:45:55 +08:00
Gan, Jimmy
7b17a53cab
fix: resolve terminal WebSocket auth failures and improve reconnection
...
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 1m8s
- Remove insecure query token parameter from backend (cookie-only auth)
- Add detailed JWT error logging (expired, invalid, missing tokens)
- Force token refresh before first WebSocket connection
- Stop reconnection after 3 consecutive auth failures
- Increase ping interval from 12s to 30s (reduce traffic)
- Increase pong timeout from 5s to 10s (handle network latency)
- Show attempt counter in reconnection error messages
Root cause: Frontend was reconnecting with 6-day-old expired token,
causing 403 rejections. Now ensures fresh cookies before connecting.
2026-03-13 22:26:22 +08:00
Gan, Jimmy
00b5d362e7
debug: add detailed logging for terminal WebSocket connections
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m35s
2026-03-12 00:23:23 +08:00
jimmy
0d251a09be
fix: add pong/timeout detection to prevent silent connection hangs
...
Deploy Dashboard / deploy (push) Successful in 49s
Merge pull request #35 : Fix pong/timeout detection
2026-03-11 23:58:36 +08:00
Gan, Jimmy
e0f432bc39
fix: add pong/timeout detection to prevent silent connection hangs
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m2s
- Backend now responds to __ping__ with __pong__
- Frontend detects missing pong within 5s and closes connection
- This triggers proper reconnect/auth recovery instead of hanging
- Fixes 'keepalive ping timeout' issue where connection appears alive but is dead
2026-03-11 23:55:51 +08:00
jimmy
51ad3bfe5b
fix: improve terminal robustness with exponential backoff and better keepalive
...
Deploy Dashboard / deploy (push) Successful in 1m43s
Merge pull request #34 : Terminal robustness improvements
2026-03-11 23:34:36 +08:00
Gan, Jimmy
74100c8882
fix: change WebAuthn RP_ID to jimmygan.com to support all subdomains
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m0s
2026-03-11 01:43:19 +08:00
Gan, Jimmy
5c5baba3d4
debug: add step-by-step alerts to trace passkey registration flow
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m24s
2026-03-11 01:30:12 +08:00
Gan, Jimmy
7277560856
debug: add alert to show WebAuthn errors on iPad
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m11s
- Add alert() to display full error details for debugging
- Helps diagnose issues when browser console is unavailable
2026-03-11 01:25:36 +08:00
Gan, Jimmy
b98333db36
fix: correct WebAuthn RP_ID to match domain suffix
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m48s
- Change RP_ID from jimmygan.com to nas.jimmygan.com
- RP_ID must be a valid suffix of the origin domain
- Fixes WebAuthn failing silently on iOS/iPadOS
2026-03-11 01:15:36 +08:00
Gan, Jimmy
42c5693ede
fix: add WebAuthn environment variables to docker-compose
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 4m23s
- Set WEBAUTHN_RP_ID=jimmygan.com for both main and dev
- Set WEBAUTHN_ORIGINS to match respective domains
- Fixes passkey registration failing due to origin mismatch
2026-03-11 01:01:14 +08:00
Gan, Jimmy
2f8a5d84dc
fix: WebAuthn config typo and improve error handling
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m41s
- Fix WEBAUTHN_ORIGIN -> WEBAUTHN_ORIGINS env var name
- Add null check for cancelled passkey creation
- Use finally block to ensure loading state is always reset
- Add console.error for better debugging
2026-03-11 00:53:28 +08:00
Gan, Jimmy
75cfafd388
chore: remove CI test comment
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m18s
2026-03-11 00:47:22 +08:00
Gan, Jimmy
80ad5e9197
test: verify CI auto-trigger for dev branch
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 5m54s
2026-03-11 00:41:07 +08:00
Gan, Jimmy
cc3e9dc6fa
fix: improve terminal robustness with exponential backoff and better keepalive
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m11s
- Backend: Add 10s connection timeout, improve SSH keepalive (15s × 8 retries)
- Backend: Add detailed error logging for debugging
- Frontend: Implement exponential backoff (1s → 30s max) instead of fixed 2s
- Frontend: Reduce heartbeat to 12s (within 15s SSH keepalive window)
- Frontend: Reset reconnect counter on successful connection
- Frontend: Fix race condition in auth recovery after manual close
2026-03-11 00:24:17 +08:00
jimmy
0d50958134
Merge pull request 'fix: harden dashboard auth and RBAC security flows' ( #33 ) from dev into main
...
Deploy Dashboard / deploy (push) Successful in 46s
Merge pull request #33 from dev
2026-03-09 23:53:51 +08:00
Gan, Jimmy
4201917e17
fix: harden dashboard RBAC and cookie auth flows
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m17s
Restrict Docker/Files writes to admins, move terminal websocket auth to cookie-first with temporary query fallback, and migrate refresh-token handling to httpOnly cookies for safer session persistence.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-09 23:44:23 +08:00
jimmy
1e5b32060e
Merge pull request 'fix: refresh terminal websocket auth on reconnect' ( #32 ) from dev into main
Deploy Dashboard / deploy (push) Successful in 1m13s
2026-03-07 17:57:47 +08:00
Gan, Jimmy
e72665c466
fix: refresh terminal websocket auth on reconnect
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m16s
Reuse the existing refresh-token flow before opening terminal websocket connections so reconnects can recover from expired access tokens without requiring a full dashboard reload.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-07 17:49:46 +08:00
jimmy
b580995966
Merge pull request 'Merge dev into main' ( #30 ) from dev into main
2026-03-07 13:09:46 +08:00
Gan, Jimmy
c162164528
fix: add dev dashboard caddy route
...
Add a dedicated dev.nas.jimmygan.com reverse proxy entry so the dev dashboard can be reached through the VPS Caddy configuration.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-07 11:50:56 +08:00
jimmy
73e4feb2c3
Merge pull request 'fix: clarify blocked security events' ( #29 ) from dev into main
Deploy Dashboard / deploy (push) Successful in 48s
2026-03-07 11:48:36 +08:00
Gan, Jimmy
175ebeede4
fix: sync dashboard page query state
...
Deploy Claude Dev (Dev) / deploy-claude-dev-dev (push) Successful in 17m2s
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m48s
Keep the selected dashboard page in sync with lightweight URL query params so direct terminal links can land on the right page without exposing extra client state.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-07 11:02:53 +08:00
Gan, Jimmy
c8255dccec
fix: add tmux to claude-dev tooling
...
Add tmux to the claude-dev runtime contract so persistent terminal sessions can rely on it, and make the Claude preflight patch resilient to current CLI builds so image builds keep passing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-07 11:00:58 +08:00
jimmy
bab7fddb90
Merge pull request 'fix: raise terminal per-user session cap' ( #28 ) from dev into main
Deploy Dashboard / deploy (push) Successful in 58s
2026-03-07 10:45:38 +08:00
Gan, Jimmy
1b9ea140b6
fix: raise terminal per-user session cap
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m44s
Allow more concurrent dashboard terminal tabs per user and use the current access token for websocket reconnects so refreshed sessions keep working.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-07 10:37:08 +08:00
Gan, Jimmy
6067857dad
fix: clarify blocked security events
...
Deploy Dashboard (Dev) / deploy-dev (push) Has started running
Label unauthorized security events as blocked and highlight likely scanner probes so the log view is easier to interpret during investigations.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-07 10:36:37 +08:00
jimmy
6e751ef92f
Merge pull request 'fix: add security log investigation filters' ( #27 ) from dev into main
Deploy Dashboard / deploy (push) Successful in 1m18s
2026-03-07 10:14:41 +08:00
Gan, Jimmy
35a3019e0d
fix: add security log investigation filters
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m22s
Add server-side IP and date range filtering for security logs so investigations can narrow events without relying on client-side filtering alone.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-07 09:59:59 +08:00