Dispatcharr/core
SergeantPanda 29739ede36
Some checks are pending
CI Pipeline / prepare (push) Waiting to run
CI Pipeline / docker (amd64, ubuntu-24.04) (push) Blocked by required conditions
CI Pipeline / docker (arm64, ubuntu-24.04-arm) (push) Blocked by required conditions
CI Pipeline / create-manifest (push) Blocked by required conditions
Build and Push Multi-Arch Docker Image / build-and-push (push) Waiting to run
Frontend Tests / test (push) Waiting to run
Enhancement: VOD start/stop notifications and system events.
2026-04-23 18:03:02 -05:00
..
fixtures feat: add system notifications and update checks 2026-02-03 09:24:02 -06:00
management/commands fix: ensure PGSSL* environment variables are explicitly set by stripping inherited values 2026-03-31 09:51:09 -05:00
migrations Enhancement: VOD start/stop notifications and system events. 2026-04-23 18:03:02 -05:00
__init__.py Alpha v3 2025-02-21 15:31:59 -06:00
admin.py modified database fields for consistency, removed custom_url from streams (no longer needed) 2025-03-16 09:07:10 -04:00
api_urls.py feat: add system notifications and update checks 2026-02-03 09:24:02 -06:00
api_views.py security: proxy streaming endpoints (stream_ts, stream_xc, stream_vod, head_vod, stream_xc_movie, stream_xc_episode) use @permission_classes([AllowAny]) (access is controlled by the per-stream-type network allow-list inside the view body); the UserAgentViewSet, StreamProfileViewSet, CoreSettingsViewSet, and ProxySettingsViewSet gained get_permissions() methods mapping read actions to IsStandardUser and write actions to IsAdmin; and AuthViewSet.logout was updated to return [Authenticated()]. 2026-04-10 10:47:50 -05:00
apps.py Bug Fix: Version update notification persisting after upgrading to the notified version (e.g. "v0.20.2 available" shown while already running v0.20.2). Root cause: check_for_version_update.delay() was called from AppConfig.ready(), which fires inside Celery prefork pool subprocesses before the broker connection is established, causing the dispatch to fail silently with no log output. Fixed by moving the startup dispatch to the worker_ready signal in celery.py (consistent with the existing recover_recordings_on_startup pattern), and deleting the stale version-{current_version} notification at the top of the production check path so it is cleared even when GitHub is unreachable. A WebSocket update is sent immediately on deletion so the frontend badge clears without waiting for the API response. 2026-03-08 13:38:18 -05:00
command_utils.py Bypass redis for management commands. 2025-03-22 12:23:54 -05:00
developer_notifications.py Fix #954: Superuser detection; Feature #1004: User account disable/enable 2026-02-22 18:05:02 -06:00
models.py Enhancement: VOD start/stop notifications and system events. 2026-04-23 18:03:02 -05:00
redis_pubsub.py initial run of a binary and encoded redis client - no more encoding / decoding data into redis, huge PITA (still some outstanding spots I need to patch) 2025-10-25 08:15:39 -04:00
scheduling.py feat(scheduling): add cron builder and refactor scheduling components (Closes #165) 2026-02-12 18:08:13 -06:00
serializers.py fix: guard CoreSettings list getters against corrupted stored data 2026-03-15 16:30:50 -05:00
signals.py feat: add system notifications and update checks 2026-02-03 09:24:02 -06:00
tasks.py chore(cleanup): - Removed dead VODConnectionManager class (apps/proxy/vod_proxy/connection_manager.py) and its associated helpers, which had been superseded by MultiWorkerVODConnectionManager. All active code already used the multi-worker implementation. Removed the unused VODConnectionManager import from vod_proxy/views.py, the unscheduled cleanup_vod_connections task from apps/proxy/tasks.py, and the unscheduled cleanup_vod_persistent_connections task from core/tasks.py. 2026-04-09 19:59:50 -05:00
tests.py fix: pass TLS parameters to all external connection points in modular mode 2026-03-30 20:19:27 -05:00
urls.py Pre-Alpha v4 2025-02-24 15:04:03 -06:00
utils.py security: Fixed path traversal vulnerability in file uploads. The M3U account upload (apps/m3u/api_views.py), logo upload (apps/channels/api_views.py), and backup upload (apps/backups/api_views.py) all used the uploaded filename directly without sanitization. os.path.join() discards all preceding components when it encounters an absolute path segment, and pathlib's / operator behaves identically; a relative ../ sequence also escapes via OS path resolution at open() time. All three upload paths now strip directory components via Path(name).name and validate the resolved path remains within the intended upload directory. Exploiting any of these required admin credentials. 2026-04-09 21:32:36 -05:00
views.py Bug Fix: M3U profile URL rewriting now uses the regex module instead of re across all URL transform code paths (url_utils.transform_url, core/views.py, vod_proxy/_transform_url, tasks.get_transformed_credentials, and the WebSocket live-preview handler in consumers.py). The regex module natively accepts JavaScript/PCRE-style named capture groups ((?<name>...)) without any conversion, eliminating the root cause of patterns that matched in the frontend live preview but failed on the backend with a re.error. As a further improvement, regex also supports variable-length lookbehind assertions (e.g. (?<=a+)), which re rejects with an error; patterns using these will now work correctly on the backend as well. Replace-pattern JS tokens are still normalised before calling regex.sub: $<name>\g<name> and $1/$2/… → \1/\2/… (Python replacement syntax). Also fixed a bug in the WebSocket preview handler where a pattern error was incorrectly returning the search pattern string as the preview output instead of the original URL. (Fixes #1005) 2026-03-29 17:55:08 -05:00
xtream_codes.py fleshed out user limits and termination logic 2026-03-25 17:33:26 -04:00