- No API key configured: external API access blocked, browser-only
- API key generated: external access enabled with that key
- Added 'Sure?' confirmation on Regenerate and Revoke buttons (3s timeout)
- Updated hint text to reflect security-first default
API Key (Sonarr/Radarr style):
- Admin panel → Settings: Generate / Show / Copy / Regenerate / Revoke
- Persisted in SQLite via settings system
- When set, POST /api/downloads requires X-API-Key header or browser origin
- Browser users unaffected (X-Requested-With: XMLHttpRequest auto-sent)
- No key configured = open access (backward compatible)
Container hardening:
- Strip SUID/SGID bits from all binaries in image
- Make /app source directory read-only (only /downloads and /data writable)
Download endpoint:
- New _check_api_access guard on POST /api/downloads
- Timing-safe key comparison via secrets.compare_digest
Version:
- New app/__version__.py with 'dev' fallback for local dev
- Dockerfile injects APP_VERSION build arg from CI tag
- Health endpoint and footer now show actual release version
- Test updated to accept 'dev' in non-Docker environments
File size:
- Capture filesize/filesize_approx from yt-dlp extract_info
- Write to DB via update_job_progress and broadcast via SSE
- New 'Size' column in download table (hidden on mobile)
- formatSize helper: bytes → human-readable (KB/MB/GB)
- Frontend store picks up filesize from SSE events
- event_generator now yields {event: 'ping', data: ''} on KEEPALIVE_TIMEOUT
instead of silently looping. Gives SSE clients stream-level liveness signal.
- _collect_events helper now enforces its timeout parameter via asyncio.wait_for,
preventing tests from hanging indefinitely if generator never yields.
- Admin enabled by default (was opt-in via env var)
- New /admin/status (public) and /admin/setup (first-run only) endpoints
- Setup endpoint locked after first use (returns 403)
- Admin password persisted to SQLite config table (survives restarts)
- Change password now persists to DB (was in-memory only)
- Frontend router guard forces /admin redirect until setup is complete
- AdminSetup.vue wizard: username + password + confirm
- Public config exposes admin_enabled/admin_setup_complete for frontend
- TLS warning only fires when password is actually configured
Three bugs causing 100% CPU and container crash-looping in production:
1. sse-starlette ping=0 causes await anyio.sleep(0) busy loop in _ping task.
Each SSE connection spins a ping task at 100% CPU. Changed to ping=15
(built-in keepalive). Removed our manual ping yield in favor of continue.
2. Dockerfile purged curl after installing deno, but Docker healthcheck
(and compose override) uses curl. Healthcheck always failed -> autoheal
restarted the container every ~2 minutes. Keep curl in the image.
3. Downloads that fail during server shutdown leave zombie jobs stuck in
queued/downloading status (event loop closes before error handler can
update DB). Added startup recovery that marks these as failed.
Backend:
- New error_log table: url, domain, error, format_id, media_type,
session_id, created_at
- log_download_error() called when yt-dlp throws during download
- GET /admin/errors returns recent entries (limit 200)
- DELETE /admin/errors clears all entries
- Manual purge also clears error log
- Domain extracted from URL via urlparse for grouping
Frontend:
- New 'Errors' tab in admin panel (Sessions, Storage, Errors, Settings)
- Each error entry shows: domain, timestamp, full URL, error message,
format/media type metadata
- Red left border + error-colored message for visual scanning
- Clear Log button to wipe entries
- Empty state: 'No errors logged.'
Error entries contain enough context (full URL, error message, domain,
format, media type) to paste into an LLM for domain-specific debugging.
Settings tab reorganized into 3 sections:
- Appearance & Defaults: welcome message + output formats + Save
- Privacy & Data: privacy mode toggle + manual purge
- Security: change password
Manual purge fix:
- purge_all=True clears ALL completed/failed jobs regardless of age
- Previously only cleared jobs older than max_age_hours (7 days),
so recent downloads were never purged on manual trigger
SSE broadcast for purge:
- Added SSEBroker.publish_all() for cross-session broadcasts
- Purge endpoint sends job_removed events for each deleted job
- Frontend queue clears in real-time when admin purges
Privacy Mode feature:
- Toggle in Admin > Settings enables automatic purge of download
history, session logs, and files after configurable retention period
- Default retention: 24 hours when privacy mode is on
- Configurable 1-8760 hours via number input
- When enabled, starts purge scheduler (every 30 min) if not running
- When disabled, data persists indefinitely
Admin panel consolidation:
- Removed separate 'Purge' tab — manual purge moved to Settings
- Settings tab order: Privacy Mode > Manual Purge > Welcome Message >
Output Formats > Change Password
- Toggle switch UI with accent color and smooth animation
- Retention input with left accent border and unit label
Backend:
- PurgeConfig: added privacy_mode (bool) and privacy_retention_hours
- Purge service: uses privacy_retention_hours when privacy mode active
- PUT /admin/settings: accepts privacy_mode + privacy_retention_hours
- GET /config/public: exposes privacy settings to frontend
- Runtime overrides passed to purge service via config._runtime_overrides
Admin:
- Username field autofocused on login page
- Change password section in Settings tab — current password
verification, new password + confirm, min 4 chars, updates
bcrypt hash at runtime via PUT /admin/password
- Password change updates stored credentials in admin store
Loading messages:
- Replaced 'Peeking at the URL' with: Scanning the airwaves,
Negotiating with the server, Cracking the codec, Reading
the fine print, Locking on target
Mobile responsive:
- Progress column hidden on mobile (<640px) — table fits viewport
- Action buttons compact (28px) on mobile with 2px gap
- Status badges smaller on mobile (0.625rem)
- Filter tabs scroll horizontally, Download All + Clear go
full-width below as equal-sized buttons
- min-width:0 on section containers prevents flex overflow
- download-table-wrap constrained with max-width:100%
Wireframe background:
- Canvas-based constellation animation — 45 floating nodes connected
by proximity lines, subtle pulsing glow on select nodes
- Blue primary + orange accent line colors match cyberpunk palette
- Pauses on tab hidden, respects devicePixelRatio, ~0% CPU idle
- Only renders when cyberpunk theme is active (v-if on theme)
- Replaces CSS-only diagonal lines/pulse (removed from cyberpunk.css)
Unified URL analysis:
- Merged 'Checking URL...' and 'Extracting available formats...' into
a single loading state with rotating messages: 'Peeking at the URL',
'Interrogating the server', 'Decoding the matrix', etc.
- Both fetches run in parallel via Promise.all, single spinner shown
- Phase messages rotate every 1.5s during analysis
Admin format enforcement:
- Backend PUT /admin/settings now accepts default_video_format and
default_audio_format fields with validation
- Stored in settings_overrides alongside welcome_message
- UrlInput reads admin defaults from config store — Auto label shows
'Auto (.mp3)' etc. when admin has set a default
- effectiveOutputFormat computed resolves admin default when user
selects Auto, sends the resolved format to the backend
Queue toolbar:
- Filter tabs (All/Active/Completed/Failed) and action buttons (Download
All/Clear) share one row — filters left, actions right
- Download All moved from DownloadTable to DownloadQueue toolbar
- Clear button: muted style → red border on hover → 'Sure?' red confirm
state → executes on second click, auto-resets after 3s
- Clear removes all completed and failed jobs (leaves active untouched)
Admin format defaults:
- Settings tab has Video/Audio default format dropdowns
- Stored in settings_overrides (same as welcome_message)
- Public config returns default_video_format and default_audio_format
- UrlInput resolves Auto format against admin defaults — if admin sets
audio default to MP3, 'Auto' chip shows 'Auto (.mp3)' and downloads
convert accordingly
Cyberpunk animated background:
- Diagonal crossing lines (blue 45° + orange -45°) drift slowly (60s cycle)
- Subtle radial gradient pulse (8s breathing effect)
- Layered on top of the existing grid pattern
- All CSS-only, no JS — zero performance cost
- Only active on cyberpunk theme (scoped to [data-theme=cyberpunk])
Auto format display:
- 'Auto' chip now shows detected extension: 'Auto (.webm)', 'Auto (.mp3)'
- Backend guesses extension from URL domain (youtube→webm, bandcamp→mp3,
soundcloud→opus, etc.) and extract_info ext field for single videos
Preferences persistence:
- Media type (video/audio) and output format saved to localStorage
- Settings survive page refreshes and gear panel open/close
Toast notifications:
- Copy link shows animated toast 'Link copied to clipboard'
- Toast appears at bottom center, auto-dismisses after 2s
Full delete on cancel:
- DELETE /downloads/{id} now removes the job from DB and deletes the file
- Previously marked as 'cancelled by user' and persisted in history
- Jobs dismissed with X are completely purged from the system
URL preview & playlist support:
- POST /url-info endpoint extracts metadata (title, type, entry count)
- Preview box shows playlist contents before downloading (up to 10 items)
- Auto-detect audio-only sources (SoundCloud, etc) and switch to Audio mode
- Video toggle grayed out for audio-only sources
- Enable playlist downloading (noplaylist=False)
Admin panel improvements:
- Expandable session rows show per-session job list with filename, size,
status, timestamp, and source URL link
- GET /admin/sessions/{id}/jobs endpoint for session job details
- Logout now redirects to home page instead of staying on login form
- Logo in header is clickable → navigates to home
UX polish:
- Tooltips on output format chips (explains Auto vs specific formats)
- Format tooltips change based on video/audio mode
