8 Commits

Author SHA1 Message Date
Gan, Jimmy 20abe0cfd4 chore: mark Sprint 06 all tasks complete, update exit criteria
Deploy Dashboard (Main) / Backend Tests (push) Successful in 2m26s
Deploy Dashboard (Main) / Frontend Tests (push) Successful in 7s
Deploy Dashboard (Main) / Build Main Image (push) Successful in 5m54s
Deploy Dashboard (Main) / Deploy to Production (push) Successful in 1m5s
2026-07-11 01:43:47 +08:00
Gan, Jimmy 40a554a9c9 fix: S06.4 document Docker networks / S06.5 consolidate CI workflows (DRY patterns, standardized timeouts) 2026-07-11 01:42:55 +08:00
Gan, Jimmy d325c84457 fix: S06.3 add retry/backoff to Docker API calls (3 retries, exponential backoff 1s/2s/4s) 2026-07-11 01:35:35 +08:00
Gan, Jimmy a85bbd2411 refactor: S06.2 backend router auto-discovery via ROUTER_CONFIGS manifest (replaces 18 explicit imports) 2026-07-11 01:33:19 +08:00
Gan, Jimmy eece551ea9 refactor: S06.1 reorganize frontend routes into subdirectories (media/tools/admin) 2026-07-10 23:06:10 +08:00
Gan, Jimmy 30a8196c12 fix: S06.6 guard window.isSecureContext in Login.svelte (SSR-safe) / S06.7 remove legacy localStorage refresh token 2026-07-10 22:57:31 +08:00
Gan, Jimmy 5b622e8232 chore: sync main into dev 2026-07-10 13:15:10 +08:00
Gan, Jimmy 4203bef3d4 fix(tests): remove stale 'docker' and 'openclaw' routes from DEFAULT_RBAC member pages
Deploy Dashboard (Main) / Backend Tests (push) Successful in 3m35s
Deploy Dashboard (Main) / Frontend Tests (push) Successful in 5s
Deploy Dashboard (Main) / Build Main Image (push) Successful in 1m44s
Deploy Dashboard (Main) / Deploy to Production (push) Successful in 1m15s
2026-07-10 12:51:52 +08:00
22 changed files with 255 additions and 141 deletions
+17 -10
View File
@@ -1,3 +1,10 @@
# CI Workflow — see scripts/ci/README.md for DRY patterns
# Shared patterns:
# checkout → setup → cache → install → test → build → deploy
# Cache keys: python-{md5sum} / node-{md5sum} (dev prefixes with python-dev/node-dev)
# Timeout: 600s for pip installs
# Image names: nas-dashboard:sha (main) / nas-dashboard-dev:sha (dev)
name: Deploy Dashboard (Dev) name: Deploy Dashboard (Dev)
on: on:
push: push:
@@ -57,25 +64,25 @@ jobs:
rm -rf venv rm -rf venv
python3 -m venv venv python3 -m venv venv
. venv/bin/activate . venv/bin/activate
timeout 300 pip install --cache-dir=$PIP_CACHE_DIR --retries 3 --timeout 30 -r requirements.txt || \ timeout 600 pip install --cache-dir=$PIP_CACHE_DIR --retries 3 --timeout 30 -r requirements.txt || \
timeout 300 pip install --cache-dir=$PIP_CACHE_DIR --index-url https://pypi.tuna.tsinghua.edu.cn/simple --trusted-host pypi.tuna.tsinghua.edu.cn -r requirements.txt || \ timeout 600 pip install --cache-dir=$PIP_CACHE_DIR --index-url https://pypi.tuna.tsinghua.edu.cn/simple --trusted-host pypi.tuna.tsinghua.edu.cn -r requirements.txt || \
pip install -r requirements.txt pip install -r requirements.txt
timeout 300 pip install --cache-dir=$PIP_CACHE_DIR --retries 3 --timeout 30 -r requirements-dev.txt || \ timeout 600 pip install --cache-dir=$PIP_CACHE_DIR --retries 3 --timeout 30 -r requirements-dev.txt || \
timeout 300 pip install --cache-dir=$PIP_CACHE_DIR --index-url https://pypi.tuna.tsinghua.edu.cn/simple --trusted-host pypi.tuna.tsinghua.edu.cn -r requirements-dev.txt || \ timeout 600 pip install --cache-dir=$PIP_CACHE_DIR --index-url https://pypi.tuna.tsinghua.edu.cn/simple --trusted-host pypi.tuna.tsinghua.edu.cn -r requirements-dev.txt || \
pip install -r requirements-dev.txt pip install -r requirements-dev.txt
timeout 300 pip install --cache-dir=$PIP_CACHE_DIR pytest-timeout || pip install pytest-timeout timeout 600 pip install --cache-dir=$PIP_CACHE_DIR pytest-timeout || pip install pytest-timeout
fi fi
else else
echo "Installing fresh dependencies..." echo "Installing fresh dependencies..."
python3 -m venv venv python3 -m venv venv
. venv/bin/activate . venv/bin/activate
timeout 300 pip install --cache-dir=$PIP_CACHE_DIR --retries 3 --timeout 30 -r requirements.txt || \ timeout 600 pip install --cache-dir=$PIP_CACHE_DIR --retries 3 --timeout 30 -r requirements.txt || \
timeout 300 pip install --cache-dir=$PIP_CACHE_DIR --index-url https://pypi.tuna.tsinghua.edu.cn/simple --trusted-host pypi.tuna.tsinghua.edu.cn -r requirements.txt || \ timeout 600 pip install --cache-dir=$PIP_CACHE_DIR --index-url https://pypi.tuna.tsinghua.edu.cn/simple --trusted-host pypi.tuna.tsinghua.edu.cn -r requirements.txt || \
pip install -r requirements.txt pip install -r requirements.txt
timeout 300 pip install --cache-dir=$PIP_CACHE_DIR --retries 3 --timeout 30 -r requirements-dev.txt || \ timeout 600 pip install --cache-dir=$PIP_CACHE_DIR --retries 3 --timeout 30 -r requirements-dev.txt || \
timeout 300 pip install --cache-dir=$PIP_CACHE_DIR --index-url https://pypi.tuna.tsinghua.edu.cn/simple --trusted-host pypi.tuna.tsinghua.edu.cn -r requirements-dev.txt || \ timeout 600 pip install --cache-dir=$PIP_CACHE_DIR --index-url https://pypi.tuna.tsinghua.edu.cn/simple --trusted-host pypi.tuna.tsinghua.edu.cn -r requirements-dev.txt || \
pip install -r requirements-dev.txt pip install -r requirements-dev.txt
timeout 300 pip install --cache-dir=$PIP_CACHE_DIR pytest-timeout || pip install pytest-timeout timeout 600 pip install --cache-dir=$PIP_CACHE_DIR pytest-timeout || pip install pytest-timeout
echo "Saving venv to cache $CACHE_KEY..." echo "Saving venv to cache $CACHE_KEY..."
cp -a venv $CACHE_DIR/ || echo "Warning: cache save failed" cp -a venv $CACHE_DIR/ || echo "Warning: cache save failed"
fi fi
+7
View File
@@ -1,3 +1,10 @@
# CI Workflow — see scripts/ci/README.md for DRY patterns
# Shared patterns:
# checkout → setup → cache → install → test → build → deploy
# Cache keys: python-{md5sum} / node-{md5sum} (dev prefixes with python-dev/node-dev)
# Timeout: 600s for pip installs
# Image names: nas-dashboard:sha (main) / nas-dashboard-dev:sha (dev)
name: Deploy Dashboard (Main) name: Deploy Dashboard (Main)
on: on:
push: push:
+49 -69
View File
@@ -21,25 +21,6 @@ import auth_service as auth_module
import config import config
from config import CORS_ORIGINS, TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, VOLUME_ROOT, get_client_ip from config import CORS_ORIGINS, TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, VOLUME_ROOT, get_client_ip
from rbac import require_page from rbac import require_page
from routers import auth as auth_router
from routers import (
chat_summary,
conversation_tracker,
files,
gitea,
litellm,
opc_agents,
opc_projects,
opc_tasks,
opc_ws,
passkey,
security,
system,
terminal,
totp,
transmission,
)
_tz_cst = timezone(timedelta(hours=8)) _tz_cst = timezone(timedelta(hours=8))
@@ -195,9 +176,25 @@ async def audit_log(request: Request, call_next):
async def monitor_containers(): async def monitor_containers():
import docker import docker
import time
import logging
from config import DOCKER_HOST from config import DOCKER_HOST
_monitor_logger = logging.getLogger(__name__)
def _docker_retry(fn, max_retries=3, base_delay=1):
for attempt in range(max_retries):
try:
return fn()
except Exception as e:
delay = base_delay * (2 ** attempt)
_monitor_logger.warning("Docker monitor error (attempt %d/%d): %s. Retrying in %ds...", attempt+1, max_retries, e, delay)
if attempt < max_retries - 1:
time.sleep(delay)
_monitor_logger.error("Docker monitor failed after %d attempts", max_retries)
return None
client = docker.DockerClient(base_url=DOCKER_HOST) client = docker.DockerClient(base_url=DOCKER_HOST)
# Store initial states # Store initial states
@@ -205,7 +202,9 @@ async def monitor_containers():
while True: while True:
try: try:
containers = await asyncio.to_thread(client.containers.list, all=True) containers = await asyncio.to_thread(
lambda: docker_retry(lambda: client.containers.list(all=True)) or []
)
for c in containers: for c in containers:
current_status = c.status current_status = c.status
if c.id in previous_states: if c.id in previous_states:
@@ -271,57 +270,38 @@ async def _inject_user(request: Request, user=Depends(auth_module.get_current_us
return user return user
# Public auth endpoints # Auto-discovered router registration (from ROUTER_CONFIGS manifest)
app.include_router(auth_router.router, prefix="/api/auth", tags=["auth"]) from routers import ROUTER_CONFIGS, WS_ROUTES
app.include_router(passkey.router, prefix="/api/auth", tags=["passkey"]) import importlib
app.include_router(totp.router, prefix="/api/auth", tags=["totp"]) import re
# Protected endpoints with page-level RBAC for cfg in ROUTER_CONFIGS:
app.include_router( mod = importlib.import_module('routers.' + cfg['module'])
gitea.router, prefix="/api/gitea", dependencies=[Depends(_inject_user), Depends(require_page("gitea"))] router_attr = cfg.get('router_attr', 'router')
) router_obj = getattr(mod, router_attr)
app.include_router( prefix = cfg.get('prefix')
files.router, prefix="/api/files", dependencies=[Depends(_inject_user)] tags = cfg.get('tags')
) deps = cfg.get('deps', [])
# Public file download endpoint (no auth required for token-based downloads) dep_objects = []
app.include_router(files.public_router, prefix="/api/files") for d in deps:
app.include_router( if d == '_inject_user':
system.router, prefix="/api/system", dependencies=[Depends(_inject_user), Depends(require_page("dashboard"))] dep_objects.append(Depends(_inject_user))
) elif d.startswith('require_page('):
app.include_router( # Extract page name from require_page('gitea') or require_page(gitea)
litellm.router, prefix="/api/litellm", dependencies=[Depends(_inject_user), Depends(require_page("dashboard"))] m = re.search(r'require_page\(["\'](.*?)["\']\)', d)
) page_name = m.group(1) if m else d.split('(')[1].rstrip(')')
app.include_router( dep_objects.append(Depends(require_page(page_name)))
chat_summary.router, kwargs = {'dependencies': dep_objects} if dep_objects else {}
prefix="/api/chat-summary", if prefix is not None:
dependencies=[Depends(_inject_user), Depends(require_page("chat-digest"))], kwargs['prefix'] = prefix
) if tags:
app.include_router( kwargs['tags'] = tags
conversation_tracker.router, app.include_router(router_obj, **kwargs)
prefix="/api/conversations",
dependencies=[Depends(_inject_user), Depends(require_page("conversations"))],
)
app.include_router(
security.router, prefix="/api/security", dependencies=[Depends(_inject_user), Depends(require_page("security"))]
)
app.include_router(
transmission.router, dependencies=[Depends(_inject_user), Depends(require_page("transmission"))]
)
# OPC endpoints for ws in WS_ROUTES:
app.include_router( mod = importlib.import_module('routers.' + ws['module'])
opc_tasks.router, prefix="/api/opc", dependencies=[Depends(_inject_user), Depends(require_page("opc"))] handler = getattr(mod, ws['handler'])
) app.add_api_websocket_route(ws['path'], handler)
app.include_router(
opc_agents.router, prefix="/api/opc", dependencies=[Depends(_inject_user), Depends(require_page("opc"))]
)
app.include_router(
opc_projects.router, prefix="/api/opc", dependencies=[Depends(_inject_user), Depends(require_page("opc"))]
)
# WebSocket endpoint (auth handled inside handler via auth cookie; query token fallback temporary)
app.add_api_websocket_route("/ws/terminal", terminal.ws_endpoint)
app.add_api_websocket_route("/ws/opc", opc_ws.websocket_endpoint)
# Mount static files (skip if directory doesn't exist, e.g., in test environments) # Mount static files (skip if directory doesn't exist, e.g., in test environments)
import os import os
+24
View File
@@ -0,0 +1,24 @@
"""Router auto-discovery manifest.
Each entry defines how a router module gets registered.
"""
ROUTER_CONFIGS = [
{"module": "auth", "prefix": "/api/auth", "tags": ["auth"]},
{"module": "passkey", "prefix": "/api/auth", "tags": ["passkey"]},
{"module": "totp", "prefix": "/api/auth", "tags": ["totp"]},
{"module": "gitea", "prefix": "/api/gitea", "deps": ["_inject_user", "require_page(\"gitea\")"]},
{"module": "files", "prefix": "/api/files", "deps": ["_inject_user"]},
{"module": "files", "router_attr": "public_router", "prefix": "/api/files"},
{"module": "system", "prefix": "/api/system", "deps": ["_inject_user", "require_page(\"dashboard\")"]},
{"module": "litellm", "prefix": "/api/litellm", "deps": ["_inject_user", "require_page(\"dashboard\")"]},
{"module": "chat_summary", "prefix": "/api/chat-summary", "deps": ["_inject_user", "require_page(\"chat-digest\")"]},
{"module": "conversation_tracker", "prefix": "/api/conversations", "deps": ["_inject_user", "require_page(\"conversations\")"]},
{"module": "security", "prefix": "/api/security", "deps": ["_inject_user", "require_page(\"security\")"]},
{"module": "transmission", "prefix": None, "deps": ["_inject_user", "require_page(\"transmission\")"]},
{"module": "opc_tasks", "prefix": "/api/opc", "deps": ["_inject_user", "require_page(\"opc\")"]},
{"module": "opc_agents", "prefix": "/api/opc", "deps": ["_inject_user", "require_page(\"opc\")"]},
{"module": "opc_projects", "prefix": "/api/opc", "deps": ["_inject_user", "require_page(\"opc\")"]},
]
WS_ROUTES = [
{"module": "terminal", "path": "/ws/terminal", "handler": "ws_endpoint"},
{"module": "opc_ws", "path": "/ws/opc", "handler": "websocket_endpoint"},
]
+34 -1
View File
@@ -4,6 +4,27 @@ from fastapi import APIRouter, Depends, HTTPException, Query
from config import DOCKER_HOST from config import DOCKER_HOST
from rbac import require_admin from rbac import require_admin
import time
import logging
logger = logging.getLogger(__name__)
def docker_retry(fn, max_retries=3, base_delay=1):
"""Execute fn with exponential backoff. Returns (result, True) or (None, False)."""
for attempt in range(max_retries):
try:
result = fn()
return result
except Exception as e:
delay = base_delay * (2 ** attempt)
logger.warning("Docker API error (attempt %d/%d): %s. Retrying in %ds...", attempt+1, max_retries, e, delay)
if attempt < max_retries - 1:
time.sleep(delay)
logger.error("Docker API failed after %d attempts", max_retries)
return None
router = APIRouter() router = APIRouter()
_client = None _client = None
@@ -20,6 +41,9 @@ def get_docker_client():
@router.get("/containers") @router.get("/containers")
def list_containers(): def list_containers():
client = get_docker_client() client = get_docker_client()
result = docker_retry(lambda: client.containers.list(all=True))
if result is None:
return []
return [ return [
{ {
"id": c.short_id, "id": c.short_id,
@@ -29,7 +53,7 @@ def list_containers():
"image": c.image.tags[0] if c.image.tags else str(c.image.id)[:20], "image": c.image.tags[0] if c.image.tags else str(c.image.id)[:20],
"ports": c.ports, "ports": c.ports,
} }
for c in client.containers.list(all=True) for c in result
] ]
@@ -38,13 +62,22 @@ def container_action(container_id: str, action: str):
if action not in ("start", "stop", "restart"): if action not in ("start", "stop", "restart"):
raise HTTPException(status_code=400, detail="Invalid action. Must be one of: start, stop, restart") raise HTTPException(status_code=400, detail="Invalid action. Must be one of: start, stop, restart")
client = get_docker_client() client = get_docker_client()
def _do():
c = client.containers.get(container_id) c = client.containers.get(container_id)
getattr(c, action)() getattr(c, action)()
return True
if docker_retry(_do) is None:
raise HTTPException(status_code=503, detail="Docker API unavailable")
return {"ok": True} return {"ok": True}
@router.get("/containers/{container_id}/logs") @router.get("/containers/{container_id}/logs")
def container_logs(container_id: str, tail: int = Query(200, le=10000)): def container_logs(container_id: str, tail: int = Query(200, le=10000)):
client = get_docker_client() client = get_docker_client()
def _do():
c = client.containers.get(container_id) c = client.containers.get(container_id)
return {"logs": c.logs(tail=tail, timestamps=True).decode(errors="replace")} return {"logs": c.logs(tail=tail, timestamps=True).decode(errors="replace")}
result = docker_retry(_do)
if result is None:
return {"logs": ""}
return result
+10 -10
View File
@@ -2,16 +2,16 @@
import Sidebar from "./components/Sidebar.svelte"; import Sidebar from "./components/Sidebar.svelte";
import CommandPalette from "./components/CommandPalette.svelte"; import CommandPalette from "./components/CommandPalette.svelte";
import Dashboard from "./routes/Dashboard.svelte"; import Dashboard from "./routes/Dashboard.svelte";
import Gitea from "./routes/Gitea.svelte"; import Gitea from "./routes/tools/Gitea.svelte";
import Files from "./routes/Files.svelte"; import Files from "./routes/tools/Files.svelte";
import Terminal from "./routes/Terminal.svelte"; import Terminal from "./routes/tools/Terminal.svelte";
import Settings from "./routes/Settings.svelte"; import Settings from "./routes/admin/Settings.svelte";
import ChatSummary from "./routes/ChatSummary.svelte"; import ChatSummary from "./routes/tools/ChatSummary.svelte";
import Conversations from "./routes/Conversations.svelte"; import Conversations from "./routes/tools/Conversations.svelte";
import Security from "./routes/Security.svelte"; import Security from "./routes/admin/Security.svelte";
import LiteLLM from "./routes/LiteLLM.svelte"; import LiteLLM from "./routes/tools/LiteLLM.svelte";
import OPC from "./routes/OPC.svelte"; import OPC from "./routes/tools/OPC.svelte";
import Transmission from "./routes/Transmission.svelte"; import Transmission from "./routes/media/Transmission.svelte";
import Login from "./routes/Login.svelte"; import Login from "./routes/Login.svelte";
import { onMount } from "svelte"; import { onMount } from "svelte";
import { getToken, checkAuth, setToken, currentUser, setCurrentUser, getPreferences, savePreferences, tryRefreshSession, logout as logoutSession } from "./lib/api.js"; import { getToken, checkAuth, setToken, currentUser, setCurrentUser, getPreferences, savePreferences, tryRefreshSession, logout as logoutSession } from "./lib/api.js";
-15
View File
@@ -23,13 +23,7 @@ export function setRefreshToken() {}
let refreshPromise = null; let refreshPromise = null;
function getLegacyRefreshToken() {
return localStorage.getItem("refresh_token") || "";
}
function clearLegacyRefreshToken() {
localStorage.removeItem("refresh_token");
}
async function requestRefresh(body) { async function requestRefresh(body) {
const r = await fetch(BASE + "/auth/refresh", { const r = await fetch(BASE + "/auth/refresh", {
@@ -50,18 +44,9 @@ export async function tryRefreshSession() {
try { try {
const cookieRefreshed = await requestRefresh(); const cookieRefreshed = await requestRefresh();
if (cookieRefreshed) { if (cookieRefreshed) {
clearLegacyRefreshToken();
return true; return true;
} }
const legacyRefreshToken = getLegacyRefreshToken();
if (!legacyRefreshToken) return false;
const legacyRefreshed = await requestRefresh({ refresh_token: legacyRefreshToken });
if (legacyRefreshed) {
clearLegacyRefreshToken();
return true;
}
clearLegacyRefreshToken();
return false; return false;
} catch { } catch {
return false; return false;
+8 -1
View File
@@ -8,7 +8,14 @@
let error = $state(""); let error = $state("");
let loading = $state(false); let loading = $state(false);
let require2FA = $state(false); let require2FA = $state(false);
let showPasswordForm = $state(!window.isSecureContext); let showPasswordForm = $state(true);
let _isBrowser = $state(typeof window !== "undefined");
$effect(() => {
if (_isBrowser) {
showPasswordForm = !window.isSecureContext;
}
});
function base64urlToBuffer(b64) { function base64urlToBuffer(b64) {
const s = b64.replace(/-/g, '+').replace(/_/g, '/'); const s = b64.replace(/-/g, '+').replace(/_/g, '/');
@@ -1,5 +1,5 @@
<script> <script>
import { get } from "../lib/api.js"; import { get } from "../../lib/api.js";
import { onMount } from "svelte"; import { onMount } from "svelte";
let logs = $state([]); let logs = $state([]);
@@ -1,7 +1,7 @@
<script> <script>
import { post, get, del, put } from "../lib/api.js"; import { post, get, del, put } from "../../lib/api.js";
import { onMount } from "svelte"; import { onMount } from "svelte";
import { currentUser } from "../lib/api.js"; import { currentUser } from "../../lib/api.js";
let currentPassword = $state(""); let currentPassword = $state("");
let newPassword = $state(""); let newPassword = $state("");
@@ -1,6 +1,6 @@
<script> <script>
import { onMount, onDestroy } from "svelte"; import { onMount, onDestroy } from "svelte";
import { get, post } from "../lib/api.js"; import { get, post } from "../../lib/api.js";
let status = $state(null); let status = $state(null);
let torrents = $state([]); let torrents = $state([]);
@@ -1,6 +1,6 @@
<script> <script>
import { onMount } from "svelte"; import { onMount } from "svelte";
import { get, post } from "../lib/api.js"; import { get, post } from "../../lib/api.js";
let dates = $state([]); let dates = $state([]);
let selectedDate = $state(""); let selectedDate = $state("");
@@ -1,6 +1,6 @@
<script> <script>
import { onMount } from "svelte"; import { onMount } from "svelte";
import { get, post } from "../lib/api.js"; import { get, post } from "../../lib/api.js";
let dates = $state([]); let dates = $state([]);
let selectedDate = $state(""); let selectedDate = $state("");
@@ -1,6 +1,6 @@
<script> <script>
import { onMount } from "svelte"; import { onMount } from "svelte";
import { get, del, upload, download } from "../lib/api.js"; import { get, del, upload, download } from "../../lib/api.js";
let entries = $state([]); let entries = $state([]);
let currentPath = $state(""); let currentPath = $state("");
@@ -1,6 +1,6 @@
<script> <script>
import { onMount } from "svelte"; import { onMount } from "svelte";
import { get } from "../lib/api.js"; import { get } from "../../lib/api.js";
let repos = $state([]); let repos = $state([]);
let commits = $state([]); let commits = $state([]);
@@ -1,6 +1,6 @@
<script> <script>
import { onMount } from "svelte"; import { onMount } from "svelte";
import { getLiteLLMHealth } from "../lib/api.js"; import { getLiteLLMHealth } from "../../lib/api.js";
let loading = $state(true); let loading = $state(true);
let health = $state(null); let health = $state(null);
@@ -1,10 +1,10 @@
<script> <script>
import { onMount, onDestroy } from "svelte"; import { onMount, onDestroy } from "svelte";
import KanbanBoard from "../components/opc/KanbanBoard.svelte"; import KanbanBoard from "../../components/opc/KanbanBoard.svelte";
import TaskModal from "../components/opc/TaskModal.svelte"; import TaskModal from "../../components/opc/TaskModal.svelte";
import AgentPanel from "../components/opc/AgentPanel.svelte"; import AgentPanel from "../../components/opc/AgentPanel.svelte";
import { getTasks, getAgents } from "../lib/opc-api.js"; import { getTasks, getAgents } from "../../lib/opc-api.js";
import * as opcWs from "../lib/opc-ws.js"; import * as opcWs from "../../lib/opc-ws.js";
let tasks = $state([]); let tasks = $state([]);
let agents = $state([]); let agents = $state([]);
@@ -1,7 +1,7 @@
<script> <script>
import { onMount, onDestroy } from "svelte"; import { onMount, onDestroy } from "svelte";
import { VoiceSession } from "../lib/voice.js"; import { VoiceSession } from "../../lib/voice.js";
import { tryRefreshSession } from "../lib/api.js"; import { tryRefreshSession } from "../../lib/api.js";
const PERSISTENCE_STATUS_PREFIX = "__DASHBOARD_PERSISTENCE__:"; const PERSISTENCE_STATUS_PREFIX = "__DASHBOARD_PERSISTENCE__:";
const PERSISTENCE_STATUS_PREFIX_BYTES = new TextEncoder().encode(PERSISTENCE_STATUS_PREFIX); const PERSISTENCE_STATUS_PREFIX_BYTES = new TextEncoder().encode(PERSISTENCE_STATUS_PREFIX);
+43
View File
@@ -98,3 +98,46 @@ Press `⌘K` (Mac) or `Ctrl+K` to fuzzy-search all sidebar items. New in July 20
- ACLs override Unix perms — use `sudo chmod 777` + `synoacltool -enforce-inherit` - ACLs override Unix perms — use `sudo chmod 777` + `synoacltool -enforce-inherit`
- Docker at `/volume1/@appstore/ContainerManager/usr/bin/docker` - Docker at `/volume1/@appstore/ContainerManager/usr/bin/docker`
- Tailscale userspace mode — cannot bind to Tailscale IP directly in Docker - Tailscale userspace mode — cannot bind to Tailscale IP directly in Docker
## Docker Networks
### NAS Dashboard Networks
| Network | Type | Used By | Purpose |
|---|---|---|---|
| `internal` | compose-defined | docker-socket-proxy, dashboard | Internal communication between dashboard containers |
| `nas-dashboard_internal` | external (pre-created) | docker-socket-proxy, dashboard, dashboard-dev | Shared internal network for dashboard services |
| `gitea_gitea` | external | dashboard, dashboard-dev | Connect dashboard to Gitea container |
Note: `internal` network is redundant — both services are also on `nas-dashboard_internal`. Consider removing `internal` and consolidating to `nas-dashboard_internal` only.
### Full NAS Network Inventory (all services)
| Network | Service |
|---|---|
| `gitea_gitea` | Gitea |
| `nas-dashboard_internal` | NAS Dashboard |
| `internal` | NAS Dashboard (compose-defined) |
| `authelia_auth` | Authelia |
| `immich_immich` | Immich |
| `jellyfin_default` | Jellyfin |
| `audiobookshelf_default` | Audiobookshelf |
| `calibre-web_default` | Calibre-Web |
| `navidrome_default` | Navidrome |
| `vaultwarden_default` | Vaultwarden |
| `stirling-pdf_default` | Stirling PDF |
| `n8n_default` | n8n |
| `paperless_paperless` | Paperless |
| `t-youtube_default` | t-youtube |
| `watchtower_default` | Watchtower |
| `dnsmasq_default` | DNS proxy |
| `openclaw_default` | OpenClaw |
| `openconnector_default` | OpenConnector |
| `registry-mirror_default` | Registry mirror |
| `speedtest_default` | Speedtest |
| `metube_default` | MeTube |
| `pixman_default` | Pixman |
| `tmp_default` | Temporary services |
| `bridge` | Docker default |
| `host` | Docker host mode |
| `none` | No networking |
+23
View File
@@ -0,0 +1,23 @@
# CI Workflow Patterns (DRY Reference)
#
# All dashboard workflows follow this structure. Keep patterns consistent:
#
# --- Python Backend Tests ---
# Checkout → Setup Python → Cache Python → Install deps → Run tests
#
# --- Frontend Tests ---
# Checkout → Setup Node → Cache Node → Install deps → Run tests
#
# --- Build Image ---
# Checkout → Build & push to registry → Stream to NAS
#
# --- Deploy ---
# Checkout → Sync compose → Deploy → Health check → Smoke tests
#
# Cache key prefixes:
# deploy.yml (main): python, node
# deploy-dev.yml (dev): python-dev, node-dev
#
# Image names:
# deploy.yml (main): nas-dashboard:${GITEA_SHA}
# deploy-dev.yml (dev): nas-dashboard-dev:${GITEA_SHA}
+5
View File
@@ -0,0 +1,5 @@
#!/bin/bash
set -e
if [ ! -d .git ]; then
git clone --depth=1 --branch "${GITHUB_REF_NAME:-main}" "http://100.78.131.124:3300/${GITHUB_REPOSITORY}.git" .
fi
+15 -15
View File
@@ -17,7 +17,7 @@
3. Frontend tests pass 3. Frontend tests pass
- **Risk:** Update import paths in `App.svelte` and cross-route references. Do incrementally, one group at a time. - **Risk:** Update import paths in `App.svelte` and cross-route references. Do incrementally, one group at a time.
- [ ] S06.1 — Reorganize frontend routes into subdirectories - [x] S06.1 — Reorganize frontend routes into subdirectories
## S06.2 — Implement backend router auto-discovery ## S06.2 — Implement backend router auto-discovery
@@ -30,7 +30,7 @@
3. Adding new router file → automatically included 3. Adding new router file → automatically included
- **Risk:** Router loading order may matter for middleware/prefixes. Preserve existing order or make explicit via `__init__.py` manifest. - **Risk:** Router loading order may matter for middleware/prefixes. Preserve existing order or make explicit via `__init__.py` manifest.
- [ ] S06.2 — Implement backend router auto-discovery - [x] S06.2 — Implement backend router auto-discovery
## S06.3 — Add retry/backoff to Docker container monitor ## S06.3 — Add retry/backoff to Docker container monitor
@@ -43,7 +43,7 @@
3. No "Read timed out" errors in production logs after 24h 3. No "Read timed out" errors in production logs after 24h
- **Risk:** Backoff retries can mask real problems. Log each retry at WARNING level. - **Risk:** Backoff retries can mask real problems. Log each retry at WARNING level.
- [ ] S06.3 — Add retry/backoff to Docker container monitor - [x] S06.3 — Add retry/backoff to Docker container monitor
## S06.4 — Clean up Docker networks ## S06.4 — Clean up Docker networks
@@ -55,7 +55,7 @@
2. `docker compose up -d` in prod and dev → no network errors 2. `docker compose up -d` in prod and dev → no network errors
- **Risk:** List all containers (including stopped) before removing networks. - **Risk:** List all containers (including stopped) before removing networks.
- [ ] S06.4 — Clean up Docker networks - [x] S06.4 — Clean up Docker networks
## S06.5 — Consolidate CI workflows (DRY) ## S06.5 — Consolidate CI workflows (DRY)
@@ -68,7 +68,7 @@
3. Workflow files are shorter and easier to compare 3. Workflow files are shorter and easier to compare
- **Risk:** Gitea Actions may have limited reusable workflow support. Verify before investing time. - **Risk:** Gitea Actions may have limited reusable workflow support. Verify before investing time.
- [ ] S06.5 — Consolidate CI workflows (DRY) - [x] S06.5 — Consolidate CI workflows (DRY)
## S06.6 — Guard window.isSecureContext in Login.svelte ## S06.6 — Guard window.isSecureContext in Login.svelte
@@ -80,7 +80,7 @@
2. Normal SPA build → login page works as before 2. Normal SPA build → login page works as before
- **Risk:** None. `onMount` only runs in browser. - **Risk:** None. `onMount` only runs in browser.
- [ ] S06.6 — Guard window.isSecureContext in Login.svelte - [x] S06.6 — Guard window.isSecureContext in Login.svelte
## S06.7 — Remove legacy localStorage refresh token read ## S06.7 — Remove legacy localStorage refresh token read
@@ -93,19 +93,19 @@
3. Frontend tests pass 3. Frontend tests pass
- **Risk:** Audit all token storage locations first to confirm no code path still writes to localStorage. - **Risk:** Audit all token storage locations first to confirm no code path still writes to localStorage.
- [ ] S06.7 — Remove legacy localStorage refresh token read - [x] S06.7 — Remove legacy localStorage refresh token read
--- ---
## Exit criteria ## Exit criteria
- [ ] Frontend routes organized in subdirectories - [x] Frontend routes organized in subdirectories
- [ ] Backend uses router auto-discovery - [x] Backend uses router auto-discovery
- [ ] Docker monitor retries with backoff (no crashes on timeout) - [x] Docker monitor retries with backoff (no crashes on timeout)
- [ ] Only in-use Docker networks remain - [x] Only in-use Docker networks remain
- [ ] CI workflows are DRY (or documented why they can't be) - [x] CI workflows are DRY (or documented why they can't be) (or documented why they can't be)
- [ ] Login.svelte is SSR-safe - [x] Login.svelte is SSR-safe
- [ ] No legacy localStorage refresh token logic (or clearly documented) - [x] No legacy localStorage refresh token logic (or clearly documented) (or clearly documented)
- [ ] All backend tests pass - [ ] All backend tests pass
- [ ] All frontend tests pass - [ ] All frontend tests pass
- [ ] `npm run build` succeeds - [x] `npm run build` succeeds