fix: secure problem, openai.py#954
Closed
EstrellaXD wants to merge 19 commits into
Closed
Conversation
- Add passkey login as alternative authentication method - Support multiple passkeys per user with custom names - Backend: WebAuthn service, auth strategy pattern, API endpoints - Frontend: passkey management UI in settings, login option - Fix: convert downloader check from sync requests to async httpx to prevent blocking the event loop when downloader unavailable Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace pip + requirements.txt with uv for dependency management. - Multi-stage Dockerfile using ghcr.io/astral-sh/uv builder image - CI updated to use astral-sh/setup-uv@v4 - Ruff config moved to [tool.ruff.lint] (fixes deprecation) - Transitive deps removed, missing direct deps added (requests, PySocks, urllib3) - Database layer migrated to async (AsyncSession + aiosqlite) - Tests updated to match async database interface Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…accessibility Implement a comprehensive UI overhaul using CSS custom properties for theming, scoped SCSS for all components and pages, dark/light mode toggle with flash prevention, page transitions, ARIA accessibility attributes, and responsive layout fixes. Fix VueUse auto-import configuration and dev proxy target. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add passkey login as alternative authentication method - Support multiple passkeys per user with custom names - Backend: WebAuthn service, auth strategy pattern, API endpoints - Frontend: passkey management UI in settings, login option - Fix: convert downloader check from sync requests to async httpx to prevent blocking the event loop when downloader unavailable Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix aaguid type (str not bytes) in registration verification - Fix missing credential_backup_eligible field (use credential_device_type) - Remove invalid credential_id param from verify_authentication_response - Fix origin detection to use browser Origin header for WebAuthn verification - Add async database engine support (aiosqlite) for passkey operations - Convert UserDatabase to async-compatible with sync/async session detection - Update Database class to support both sync and async context managers Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
# Conflicts: # webui/src/components/ab-bangumi-card.vue # webui/src/components/ab-container.vue # webui/src/components/ab-fold-panel.vue # webui/src/components/ab-search-bar.vue # webui/src/components/basic/ab-search.vue # webui/src/components/basic/ab-tag.vue # webui/src/components/layout/ab-topbar.vue # webui/src/pages/index.vue # webui/src/pages/index/bangumi.vue # webui/src/pages/index/config.vue # webui/src/pages/index/player.vue # webui/src/pages/login.vue # webui/types/dts/auto-imports.d.ts # webui/vite.config.ts
- Add secondary button type to ab-button with proper styling - Fix small button sizing (min-width instead of fixed width) - Add btn-content wrapper for icon+text alignment in buttons - Add config-passkey panel to settings page - Improve WebAuthn error messages with DOMException handling - Prevent duplicate error messages from axios interceptor - Fix Vite proxy to preserve Origin header for WebAuthn Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The previous refactoring broke backward compatibility by converting Database from Session-extending sync class to a standalone async class. This broke RSSEngine, startup code, and auth flows. - Restore Database(Session) with sync interface for legacy code - Restore UserDatabase to sync methods - Restore security/api.py and auth.py to sync calls - Passkey API now uses async_session_factory directly - PasskeyAuthStrategy uses async sessions independently - Remove unused db_session from engine.py Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add minimal test server for passkey development (no downloader check) - Add changelog for version 3.2 features Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add weekly broadcast schedule page showing subscribed anime grouped by day-of-week. Backend fetches air_weekday from Bangumi.tv calendar API and matches titles. Frontend displays responsive grid (desktop) and vertical list (mobile). Edit popup moved to parent layout to fix KeepAlive conflicts, and restyled with purple theme. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Restyle config components (ab-container, ab-fold-panel, ab-label, ab-setting) and all config-* setting panels to use the new design system. Add empty state guides with setup steps for downloader and player pages. Simplify log page layout. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
# Conflicts: # backend/requirements.txt
# Conflicts: # backend/pyproject.toml # backend/requirements.txt # backend/src/module/api/passkey.py # backend/src/module/database/combine.py # backend/src/module/database/engine.py # backend/src/module/security/auth_strategy.py # backend/src/module/security/webauthn.py # webui/src/components/setting/config-passkey.vue # webui/src/hooks/usePasskey.ts # webui/src/pages/index/config.vue # webui/src/pages/login.vue # webui/src/services/webauthn.ts
Change program.startup() to run via asyncio.create_task() so uvicorn accepts connections immediately while downloader check runs in background. Also add .claude/ project settings. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Upgrade actions/upload-artifact and download-artifact from v3 to v4
(v3 is deprecated and no longer functional)
- Upgrade Docker actions: setup-qemu v2→v3, setup-buildx v2→v3,
metadata v4→v5, login v2→v3, build-push v4→v6
- Upgrade softprops/action-gh-release from v1 to v2
- Fix shell quoting bugs: unquoted ${{ github.ref }} and
${{ github.event.pull_request.merged }} in bash conditions
- Remove `tree` command from release job (not installed on ubuntu-latest)
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Owner
Author
|
Closing: Security fix already merged in 3.2-dev (commit c7f793a). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.