Commit graph

94 commits

Author SHA1 Message Date
SergeantPanda
38389a81e6 feat(settings): add DATABASE_POOL_CONN_MAX_LIFETIME for connection management and update database engine path (Fixes #1343)
- Introduced DATABASE_POOL_CONN_MAX_LIFETIME to manage pooled connection lifecycle, improving performance and resource management.
- Updated database engine path to use 'dispatcharr.db.backends.postgresql_psycopg3' for consistency.
- Enhanced logging configuration for geventpool connection lifecycle tracking.
2026-06-12 11:31:09 -05:00
Seth Van Niekerk
16cb9edcbd
blur public IP in sidebar, add ip lookup toggle and env var, make lookup non-blocking 2026-05-30 13:07:07 -04:00
SergeantPanda
a2656184e8 perf/fix: migrate DB driver to psycopg3, fix pool settings
- Switch engine to postgresql_psycopg3 (PR had wrong engine name,
  and we're migrating from psycopg2 to psycopg3 as part of this work)
- Set CONN_MAX_AGE=0 (required by geventpool; PR had None)
- Reduce MAX_CONNS 20→8, REUSE_CONNS 10→3 to avoid exhausting
  pg max_connections across 4 uWSGI workers + Celery
- Add pool=False to explicitly disable Django's native psycopg3 pool
2026-05-28 19:31:50 -05:00
Jonathan Caicedo
94c8bd36bf perf: replace per-request DB connections with geventpool 2026-05-25 11:12:46 -04:00
SergeantPanda
108bd52e7f perf: replace local cache with django-redis for improved EPG caching
Some checks failed
Base Image Build / prepare (push) Has been cancelled
CI Pipeline / prepare (push) Has been cancelled
Build and Push Multi-Arch Docker Image / build-and-push (push) Has been cancelled
Base Image Build / docker (amd64, ubuntu-24.04) (push) Has been cancelled
Base Image Build / docker (arm64, ubuntu-24.04-arm) (push) Has been cancelled
Base Image Build / create-manifest (push) Has been cancelled
CI Pipeline / docker (amd64, ubuntu-24.04) (push) Has been cancelled
CI Pipeline / docker (arm64, ubuntu-24.04-arm) (push) Has been cancelled
CI Pipeline / create-manifest (push) Has been cancelled
2026-05-17 20:23:57 -05:00
SergeantPanda
c33d456743 Enable gevent in uWSGI workers; fix WS delivery and DB exhaustion
- Enable gevent cooperative multitasking in all uWSGI worker configs
  (gevent-early-monkey-patch + import dispatcharr.gevent_patch)
- Rewrite WebSocket group sends to bypass asyncio in gevent workers:
  _gevent_ws_send() replicates the channels_redis 4.x wire format
  directly via synchronous Redis so send_websocket_update() and
  _send_async() no longer fail silently after epoll is patched out
- Fix PostgreSQL connection exhaustion: CONN_MAX_AGE=0 + explicit
  close_old_connections() in stream manager and cleanup watchdog loops
- Fix stream proxy race: register client before the connect-wait loop
  so the cleanup watchdog never sees zero clients on a live channel
- Channel list/logo/profile queryset optimisations: conditional DISTINCT,
  EXISTS semi-joins for filter-options, channel_count annotation to
  eliminate N+1 in LogoSerializer, prefetched memberships in
  ChannelProfileSerializer
- JsonResponse for channel ID list and summary endpoints
2026-05-14 18:55:09 -05:00
SergeantPanda
dc649ffd88 Enhancement: Initial fmp4 support and major ts_proxy refactor 2026-05-08 17:46:47 -05:00
SergeantPanda
e861fca092 Enhancement: Enhanced Swagger UI authorization dialog: registered a custom OpenApiAuthenticationExtension for ApiKeyAuthentication so drf-spectacular now generates an ApiKeyAuth (apiKey) entry alongside jwtAuth. Both entries include descriptive text linking to the relevant endpoints (/api/accounts/token/, /api/accounts/api-keys/generate/, /api/accounts/api-keys/revoke/). 2026-04-10 18:29:13 -05:00
SergeantPanda
66ee67da30 security: Change from default of "Authenticated" to "IsAdmin" 2026-04-10 10:46:16 -05:00
SergeantPanda
04a684b359 security: Removed CORS_ALLOW_CREDENTIALS = True from CORS configuration. Dispatcharr authenticates via JWT Authorization headers and API keys — not cookies — so credentials are never sent cross-origin by browsers. The setting was also redundant: browsers reject Access-Control-Allow-Credentials: true when Access-Control-Allow-Origin is a wildcard (*), so it had no effect in practice. 2026-04-10 08:34:13 -05:00
SergeantPanda
b535f28ac5 security: Added rate limiting to the login endpoint (POST /api/accounts/token/) using DRF's built-in throttling. A LoginRateThrottle (3 requests/minute per IP, sliding window) is applied to the TokenObtainPairView. Repeated failed attempts from the same IP receive 429 Too Many Requests. 2026-04-09 21:46:50 -05:00
SergeantPanda
47427d4b0f security:
- Set `DEFAULT_PERMISSION_CLASSES` to `Authenticated` in the DRF configuration.
- Explicitly marked the HDHomeRun discovery endpoints (`DiscoverAPIView`, `LineupAPIView`, `LineupStatusAPIView`, `HDHRDeviceXMLAPIView`) and the version endpoint with `permission_classes = [AllowAny]` to document their intentionally public access now that the global default is `Authenticated`.
2026-04-09 21:36:51 -05:00
None
b30a24e2fb feat: add TLS connection support for Redis and PostgreSQL (#950)
- Add 10 env vars for Redis/PostgreSQL TLS (REDIS_SSL, REDIS_SSL_VERIFY, REDIS_SSL_CA_CERT, REDIS_SSL_CERT, REDIS_SSL_KEY, POSTGRES_SSL, POSTGRES_SSL_MODE, POSTGRES_SSL_CA_CERT, POSTGRES_SSL_CERT, POSTGRES_SSL_KEY)
- Propagate SSL params to all Redis connection points: RedisClient, stream view, PubSub, client manager, Celery broker/result backend, Django Channels, and pre-Django startup scripts
- Add Celery SSL config via URL query string params (required by Kombu's internal URL parsing)
- Add PostgreSQL sslmode and certificate options to DATABASES config
- Add startup validation: cert file existence, URL scheme conflict detection, TLS status logging
- Add TLS error hints to Redis connection failure messages
- Add Connection Security panel in System Settings (modular mode only) showing encryption, verification, and mTLS status
- Add PG client key permission fix in web and celery entrypoints for Docker Desktop compatibility (0777 to 0600)
- Add TLS env var passthrough in entrypoint for su - login shells
- Document TLS env vars in modular docker-compose.yml
- Change env_mode from dev/prod to actual DISPATCHARR_ENV value for modular mode detection
2026-03-21 17:24:09 -05:00
SergeantPanda
1d4603dadd Enhancement: Optimize profile expiration handling and update task naming for clarity 2026-03-15 12:42:34 -05:00
SergeantPanda
b22f9e8e07 Enhancement: Account expiration tracking and notifications for M3U profiles 2026-03-14 18:38:59 -05:00
None
ce9f7ccbf9 fix(m3u): fix Celery worker memory leak during M3U/XC refresh
Restructure cleanup in refresh_single_m3u_account so del statements
run before gc.collect(), enabling cyclic garbage collection. Add worker_max_memory_per_child as a safety net against memory fragmentation.

Closes #1012, Closes #1053
2026-03-05 13:47:20 -06:00
dekzter
7dc01a821b
Merge pull request #1019 from Dispatcharr/integrations-fix
pass all details into event triggers, updated custom script default path
2026-02-24 12:42:29 -05:00
dekzter
9470600474 pass all details into event triggers, updated custom script default path 2026-02-24 12:13:21 -05:00
dekzter
aece3367ce backend work for api key authentication 2026-02-21 13:45:07 -05:00
dekzter
55a5180ee1 hardening of script handling with configurable variables - making script execution more secure 2026-02-15 07:37:00 -05:00
dekzter
bc72ea7310 merged in dev 2026-02-11 19:51:21 -05:00
SergeantPanda
1df802341d
Merge pull request #937 from CodeBormen:Feature/Support-External-Redis-Auth
feat: Add Redis authentication support for modular deployment
2026-02-09 17:29:38 -06:00
dekzter
24f812dc4d initial connect feature 2026-02-08 09:29:22 -05:00
SergeantPanda
e26c1908c5 Bug Fix: Automatic backups not enabled by default on new installations: Added backups app to INSTALLED_APPS and implemented automatic scheduler initialization in BackupsConfig.ready(). The backup scheduler now properly syncs the periodic task on startup, ensuring automatic daily backups are enabled and scheduled immediately on fresh database creation without requiring manual user intervention. 2026-02-04 16:56:11 -06:00
None
e217960500 feat: Add Redis authentication support for modular deployment
Add support for authentication when connecting to external Redis instances in modular deployment mode. This enables secure Redis deployments using either password-only authentication (Redis <6) or
username + password authentication (Redis 6+ ACL).

Changes:
- Add REDIS_PASSWORD and REDIS_USER environment variables
- Implement URL encoding for special characters in passwords
- Update all Redis connection points to support auth
- Add comprehensive documentation and examples to docker-compose.yml
- Maintains full backward compatibility (empty defaults = no auth)

All authentication mechanisms have been fully tested including pasword-only authentication, Redis 6+ ACL authentication with username + password, volume-mounted configuration files, and special character handling.

Existing deployments are not effected, authentication support is entirely opt-in using docker-compose.

Also, acknowledging the fact that the docker-compose file for modular deployments has been getting out of hand with auth support, the docker-compose.yml file was re-formatted for better visibility in configuration. This seemed like a better way to go than mandating a .env file.
2026-02-03 21:42:06 -06:00
SergeantPanda
b01eb9585c feat: add system notifications and update checks
Real-time notifications for system events and alerts
Per-user notification management and dismissal
Update check on startup and every 24 hours to notify users of available versions
Notification center UI component
Automatic cleanup of expired notifications
2026-02-03 09:24:02 -06:00
SergeantPanda
5364123745 - Swagger/OpenAPI Migration: Migrated from drf-yasg (OpenAPI 2.0) to drf-spectacular (OpenAPI 3.0) for API documentation. This provides:
- Native Bearer token authentication support in Swagger UI - users can now enter just the JWT token and the "Bearer " prefix is automatically added
  - Modern OpenAPI 3.0 specification compliance
  - Better auto-generation of request/response schemas
  - Improved documentation accuracy with serializer introspection
2026-01-27 13:33:33 -06:00
SergeantPanda
de31826137 refactor: externalize Redis and Celery configuration via environment variables
Replace hardcoded localhost:6379 values throughout codebase with environment-based configuration. Add REDIS_PORT support and allow REDIS_URL override for external Redis services. Configure Celery broker/result backend to use Redis settings with environment variable overrides.

Closes #762
2025-12-18 16:54:59 -06:00
SergeantPanda
4878e92f44
Merge pull request #488 from stlalpha/feature/automated-backups
Enhancement: Add automated configuration backups
2025-12-15 16:17:33 -06:00
dekzter
f3a901cb3a Security Fix - generate JWT on application init 2025-12-06 13:40:10 -05:00
SergeantPanda
f1320c9a5d Merge branch 'dev' of https://github.com/Dispatcharr/Dispatcharr into pr/stlalpha/488 2025-12-02 13:39:06 -06:00
Jim McBride
3eaa76174e Feature: Automated configuration backups with scheduling
- Create/Download/Upload/Restore database backups (PostgreSQL and SQLite)
- Configurable data directory backups (via settings.py)
- Scheduled backups (daily/weekly) via Celery Beat
- Retention policy (keep last N backups)
- Token-based auth for async task polling
- X-Accel-Redirect support for nginx file serving
- Comprehensive tests
2025-11-26 21:11:13 -06:00
SergeantPanda
afedce5cb2 Enhancement: Implement background profile refresh task with rate limiting to prevent provider bans during account profile updates. 2025-11-18 09:27:22 -06:00
SergeantPanda
ed065f718d Enhancement: Implement caching for proxy settings to improve performance and reduce database load. Also, ensure database connections are closed after use in both config and stream manager. 2025-10-14 13:44:28 -05:00
Dispatcharr
424a450654 DVR Features and bug fixes
Added ability to use custom comskip.ini
Added series recording without reliance on EPG
Fixed comskip bug
Fixed timezone mismatch when scheduling DVR recordings

No migrations completed yet
2025-09-18 10:23:16 -05:00
OkinawaBoss
3fb8e0ebd1
Merge pull request #363 from Dispatcharr/Plugins
Plugins
2025-09-08 09:11:19 -05:00
Dispatcharr
e9a11588c4 Init Plugins 2025-09-05 17:10:11 -05:00
SergeantPanda
870e77b137 Disable fetch-channel-statuses 2025-09-05 10:23:25 -05:00
SergeantPanda
d709d92936 Refactor channel stats fetching and enhance settings UI for better user experience 2025-09-05 09:42:52 -05:00
SergeantPanda
84aa631196 Initial backend commit for vod 2025-08-02 10:42:36 -05:00
SergeantPanda
c4a6b1469e Change to JSON settings 2025-06-13 14:36:08 -05:00
dekzter
9f96529707 merged in main 2025-06-03 17:49:24 -04:00
SergeantPanda
6ce387b0b0 Auto-scales Celery based on demand. Should lower overall memory and CPU usage while allowing for high cpu demand tasks to complete quickly.
Closes #111
2025-06-02 18:03:32 -05:00
dekzter
a96c5f0f5c merged in dev 2025-05-21 08:16:35 -04:00
SergeantPanda
eb223e1df2 Enable logging for core utils. 2025-05-19 09:53:52 -05:00
dekzter
74d58515d0 user management, user levels, user level channel access 2025-05-18 11:19:34 -04:00
SergeantPanda
1174e2e0c7 EPG processing enhancements. Celery memory management. 2025-05-17 16:42:37 -05:00
SergeantPanda
f18ca4de37 Initial rework of EPG processesing. 2025-05-16 19:26:06 -05:00
SergeantPanda
1aac0f8011 Separated beat schedules. Scan files now only runs every 20 seconds. 2025-05-15 12:12:41 -05:00
SergeantPanda
67aca64420 Properly set EV for all profiles so uWSGI daemons can see it. 2025-05-10 13:25:03 -05:00