siftlode/backend/app
npeter83 32d8575f79 fix(audit): address /code-review findings
- scheduler _run_changed: count a run as "changed" only on a truthy NUMERIC
  value — status-string no-op dicts like {"skipped":"disabled"} (Plex off, the
  default) or {"skipped":"no demo account"} were flooding the trail every interval.
- audit.record: truncate target_id to the column width (128) like summary[:255],
  so an over-long target (e.g. a 128+ char demo email) can't abort the mutation
  the audit row is committed alongside.
- config set/reset: redact URL userinfo (user:pass@) from logged non-secret
  values — a proxy setting can embed credentials that shouldn't land in the trail.
- config set: skip the audit row when a non-secret value didn't actually change
  (no-op re-save shouldn't add noise); secrets are write-only so always logged.
- audit page title (pageMeta): add the missing "audit" case so the browser tab
  reads "Audit log · Siftlode" instead of falling back to "Feed".
2026-07-12 07:47:07 +02:00
..
downloads fix(deferred): close backend correctness/efficiency tails from the hygiene sweep 2026-07-12 05:59:03 +02:00
plex Plex backend pass (#9): watch_sync bugs + backend dedup 2026-07-11 23:48:35 +02:00
routes fix(audit): address /code-review findings 2026-07-12 07:47:07 +02:00
static chore: rebrand Subfeed -> Siftlode 2026-06-14 04:40:22 +02:00
sync fix(deferred): close backend correctness/efficiency tails from the hygiene sweep 2026-07-12 05:59:03 +02:00
youtube fix(auth): security hardening — token encryption, timing, adoption + isolation 2026-07-11 21:26:39 +02:00
__init__.py feat: M1 foundation — compose stack, FastAPI, Google OAuth, encrypted tokens 2026-06-11 01:01:37 +02:00
audit.py fix(audit): address /code-review findings 2026-07-12 07:47:07 +02:00
auth.py fix(auth): decrypt the access-token fallback before revoking on account deletion 2026-07-12 04:52:31 +02:00
config.py feat(audit): admin audit log (Notification P3) 2026-07-12 07:32:41 +02:00
db.py fix(plex): image proxy no longer exhausts the DB connection pool 2026-07-06 07:14:28 +02:00
email.py fix(auth): preserve OAuth scopes across re-login + accurate multi-admin request emails 2026-07-12 04:34:07 +02:00
main.py feat(audit): admin audit log (Notification P3) 2026-07-12 07:32:41 +02:00
models.py feat(audit): admin audit log (Notification P3) 2026-07-12 07:32:41 +02:00
notifications.py feat(notifications): durable per-user inbox (P1) + maintenance schema 2026-06-18 03:20:17 +02:00
progress.py feat(scheduler): admin run-now/run-all triggers + live progress + completion notices 2026-06-18 04:01:10 +02:00
quota.py feat(channels): channel-explore backend — about metadata, ephemeral provenance, cleanup 2026-06-30 02:52:44 +02:00
ratelimit.py feat(demo): demo-account schema + reusable rate limiter 2026-06-16 09:17:14 +02:00
realtime.py feat(messages): end-to-end encrypted real-time direct messaging backend 2026-06-25 22:05:35 +02:00
scheduler.py fix(audit): address /code-review findings 2026-07-12 07:47:07 +02:00
security.py fix(auth): security hardening — token encryption, timing, adoption + isolation 2026-07-11 21:26:39 +02:00
state.py refactor(auth): centralize token hashing, email validation & admin gating 2026-06-26 03:15:36 +02:00
sysconfig.py feat(audit): admin audit log (Notification P3) 2026-07-12 07:32:41 +02:00
titles.py feat(titles): normalize video titles for display (feed, search, downloads) 2026-07-03 03:00:08 +02:00
utils.py refactor(auth): centralize token hashing, email validation & admin gating 2026-06-26 03:15:36 +02:00
worker.py fix(config): honor DB-overridable download layout + retention (env-vs-DB drift) 2026-07-11 19:44:53 +02:00