API Key (Sonarr/Radarr style):
- Admin panel → Settings: Generate / Show / Copy / Regenerate / Revoke
- Persisted in SQLite via settings system
- When set, POST /api/downloads requires X-API-Key header or browser origin
- Browser users unaffected (X-Requested-With: XMLHttpRequest auto-sent)
- No key configured = open access (backward compatible)
Container hardening:
- Strip SUID/SGID bits from all binaries in image
- Make /app source directory read-only (only /downloads and /data writable)
Download endpoint:
- New _check_api_access guard on POST /api/downloads
- Timing-safe key comparison via secrets.compare_digest
Version:
- New app/__version__.py with 'dev' fallback for local dev
- Dockerfile injects APP_VERSION build arg from CI tag
- Health endpoint and footer now show actual release version
- Test updated to accept 'dev' in non-Docker environments
File size:
- Capture filesize/filesize_approx from yt-dlp extract_info
- Write to DB via update_job_progress and broadcast via SSE
- New 'Size' column in download table (hidden on mobile)
- formatSize helper: bytes → human-readable (KB/MB/GB)
- Frontend store picks up filesize from SSE events
When a user pastes a URL and extraction fails (type=unknown), the
failure is now recorded in the error_log table with the actual yt-dlp
error message. Admins can see these in the Errors tab alongside
download failures — gives visibility into which sites/URLs users
are trying that don't work.
- Bug: purge used Path(filename).name which stripped subdirectories,
so files like 'jawed/Me at the zoo.webm' were never found/deleted
- Fix: use output_dir / filename (preserves relative path)
- Also: clean up empty parent directories after file deletion so
uploader folders like 'jawed/' don't linger as empty dirs
- url-info returns site-specific hints for Instagram, Twitter/X, TikTok,
Facebook when extraction fails (e.g. 'Instagram requires login. Upload
a cookies.txt from a logged-in browser session.')
- Frontend shows the hint instead of generic 'No downloadable media found'
- Playlist entry titles fall back to URL slug (human-readable) instead of
numeric IDs when extract_flat mode doesn't return titles
- Add remote_components={'ejs:github'} to all yt-dlp invocations, fixing
YouTube signature/n-parameter challenge failures that caused missing formats
- Extract _base_opts() method to consolidate quiet, no_warnings,
remote_components, and extractor_args across all three call sites
- Removes PASSWORD_HASH from user-facing config comment
- Wire up get_cookie_path_for_session() in download opts — session
cookies.txt is now passed to yt-dlp as cookiefile when present
- Add YtdlpConfig with extractor_args field, configurable via
config.yaml or MEDIARIP__YTDLP__EXTRACTOR_ARGS env var
(e.g. {"youtube": {"player_client": ["web_safari"]}})
- Inject extractor_args into all three yt-dlp call sites:
_enqueue_single, _extract_info, _extract_url_info
- Enhance 403 error messages with actionable guidance directing
users to upload cookies.txt
- Admin enabled by default (was opt-in via env var)
- New /admin/status (public) and /admin/setup (first-run only) endpoints
- Setup endpoint locked after first use (returns 403)
- Admin password persisted to SQLite config table (survives restarts)
- Change password now persists to DB (was in-memory only)
- Frontend router guard forces /admin redirect until setup is complete
- AdminSetup.vue wizard: username + password + confirm
- Public config exposes admin_enabled/admin_setup_complete for frontend
- TLS warning only fires when password is actually configured
Backend:
- New error_log table: url, domain, error, format_id, media_type,
session_id, created_at
- log_download_error() called when yt-dlp throws during download
- GET /admin/errors returns recent entries (limit 200)
- DELETE /admin/errors clears all entries
- Manual purge also clears error log
- Domain extracted from URL via urlparse for grouping
Frontend:
- New 'Errors' tab in admin panel (Sessions, Storage, Errors, Settings)
- Each error entry shows: domain, timestamp, full URL, error message,
format/media type metadata
- Red left border + error-colored message for visual scanning
- Clear Log button to wipe entries
- Empty state: 'No errors logged.'
Error entries contain enough context (full URL, error message, domain,
format, media type) to paste into an LLM for domain-specific debugging.
Settings flow:
- Each section has its own Save button — no ambiguous shared button
- Appearance & Defaults: Save covers welcome message + output formats
- Privacy & Data: Save covers privacy toggle + retention hours
- Security: Change Password button is self-contained
- Bottom note clarifies all settings reset on server restart
Purge improvements:
- Now clears orphaned sessions (sessions with no remaining jobs)
- 'Sure?' confirmation gate on manual purge (3s timeout revert)
- Purge result shows sessions_deleted count
- Cleaner result display: 'X jobs removed' instead of 'Rows deleted: X'
SSE broker:
- publish_all() broadcasts to all sessions (used for purge)
Settings tab reorganized into 3 sections:
- Appearance & Defaults: welcome message + output formats + Save
- Privacy & Data: privacy mode toggle + manual purge
- Security: change password
Manual purge fix:
- purge_all=True clears ALL completed/failed jobs regardless of age
- Previously only cleared jobs older than max_age_hours (7 days),
so recent downloads were never purged on manual trigger
SSE broadcast for purge:
- Added SSEBroker.publish_all() for cross-session broadcasts
- Purge endpoint sends job_removed events for each deleted job
- Frontend queue clears in real-time when admin purges
Privacy Mode feature:
- Toggle in Admin > Settings enables automatic purge of download
history, session logs, and files after configurable retention period
- Default retention: 24 hours when privacy mode is on
- Configurable 1-8760 hours via number input
- When enabled, starts purge scheduler (every 30 min) if not running
- When disabled, data persists indefinitely
Admin panel consolidation:
- Removed separate 'Purge' tab — manual purge moved to Settings
- Settings tab order: Privacy Mode > Manual Purge > Welcome Message >
Output Formats > Change Password
- Toggle switch UI with accent color and smooth animation
- Retention input with left accent border and unit label
Backend:
- PurgeConfig: added privacy_mode (bool) and privacy_retention_hours
- Purge service: uses privacy_retention_hours when privacy mode active
- PUT /admin/settings: accepts privacy_mode + privacy_retention_hours
- GET /config/public: exposes privacy settings to frontend
- Runtime overrides passed to purge service via config._runtime_overrides
Best quality format:
- Synthetic 'bestvideo+bestaudio/best' entry added at top of format
list when the best separate video stream exceeds the best pre-muxed
format. Shows as 'Best quality (1920x1080)' in Video+Audio group.
- YouTube typically only has 360p pre-muxed but 1080p+ as separate
streams — users can now select full quality with auto-merge.
- Only appears when there's actually a quality advantage vs pre-muxed.
Password change UX:
- Enter key on confirm password field submits the change
- Auto-logout 1.5s after successful password change
- User sees '✓ Password changed' before being redirected home
Mobile table:
- Status column hidden on mobile (<640px) alongside Progress
- Only Name + Actions columns shown — clean two-column layout
- Removed mobile-specific status badge font tweaks (column gone)
Download button:
- Disabled until URL analysis confirms downloadable content
- Shows error message for invalid URLs or pages with no media
- analyzeError state resets when URL is cleared or changed
Admin format defaults fix:
- AdminPanel now reloads configStore after saving settings
- Previously the main page kept stale config until full page refresh
- Config store import added to AdminPanel
Re-download same URL:
- Added overwrites: true to yt-dlp opts so re-downloading the
same URL with different format options works correctly
- Previously yt-dlp would skip if intermediate file existed
UI polish:
- Clear button fixed-width (min-width: 70px) — no shift between
'Clear' and 'Sure?' states
- Action buttons uniform sizing (inline-flex, min-width/height,
box-sizing: border-box) — download/copy/clear all same size
- Footer no longer pushes below viewport — App.vue uses flex
column layout, AppLayout uses flex:1 instead of min-height:100vh
- Page only scrolls when content exceeds viewport
Auto format display:
- 'Auto' chip now shows detected extension: 'Auto (.webm)', 'Auto (.mp3)'
- Backend guesses extension from URL domain (youtube→webm, bandcamp→mp3,
soundcloud→opus, etc.) and extract_info ext field for single videos
Preferences persistence:
- Media type (video/audio) and output format saved to localStorage
- Settings survive page refreshes and gear panel open/close
Toast notifications:
- Copy link shows animated toast 'Link copied to clipboard'
- Toast appears at bottom center, auto-dismisses after 2s
Full delete on cancel:
- DELETE /downloads/{id} now removes the job from DB and deletes the file
- Previously marked as 'cancelled by user' and persisted in history
- Jobs dismissed with X are completely purged from the system
Playlist handling:
- Playlists are split into individual jobs at enqueue time
- Each entry downloads independently with its own progress tracking
- Private/unavailable playlist entries detected and reported in preview
- Individual jobs use noplaylist=True to prevent re-expansion
Session persistence:
- App.vue now calls fetchJobs() on mount to reload history from backend
- Download history survives page refresh via session cookie
Audio detection:
- Domain-based detection for known audio sources (bandcamp, soundcloud)
- Bandcamp albums now correctly trigger audio-only mode
Bug fixes:
- ProgressEvent accepts float for downloaded_bytes/total_bytes (fixes
pydantic int_from_float validation errors from some extractors)
- SSE job_update events now include error_message for failed jobs
- Fixed test_health_queue_depth test to use direct DB insertion instead
of POST endpoint (avoids yt-dlp side effects in test env)
URL preview & playlist support:
- POST /url-info endpoint extracts metadata (title, type, entry count)
- Preview box shows playlist contents before downloading (up to 10 items)
- Auto-detect audio-only sources (SoundCloud, etc) and switch to Audio mode
- Video toggle grayed out for audio-only sources
- Enable playlist downloading (noplaylist=False)
Admin panel improvements:
- Expandable session rows show per-session job list with filename, size,
status, timestamp, and source URL link
- GET /admin/sessions/{id}/jobs endpoint for session job details
- Logout now redirects to home page instead of staying on login form
- Logo in header is clickable → navigates to home
UX polish:
- Tooltips on output format chips (explains Auto vs specific formats)
- Format tooltips change based on video/audio mode
- Move gear icon to left of Video/Audio toggle
- Add output format selector in options panel:
Audio: Auto, MP3, WAV, M4A, FLAC, OPUS
Video: Auto, MP4, WEBM
- Backend: postprocess audio to selected codec via FFmpegExtractAudio
- Backend: postprocessor_hooks capture final filename after conversion
(fixes .webm showing when file was converted to .mp3)
- Add media type icon (video camera / music note) in download table
next to filename, inferred from quality field and file extension
- Pass media_type and output_format through JobCreate model
- Use extract_info + prepare_filename to determine output filename
before downloading (yt-dlp skips progress hooks when file exists)
- Normalize filenames to relative paths (strip output dir prefix)
- Include filename in completion SSE event so frontend displays it
- Fixes file download 404s from subdirectory source templates
- Move Video/Audio toggle to same row as Download button
- Auto-condense toggle to icon-only below 540px
- Move gear icon to right of Download button
- Fix file download URLs: normalize filenames to relative paths in progress hook
- Display filename with visible extension (truncate middle, preserve ext)
- Remove border/box from dark mode toggle — glyph only
- Fix light/dark theme fonts: use monospace display font across all themes
