* fix(jellyfin): use the same deviceId for admins
This PR will make Jellyseerr use the same deviceId for the admin user everytime he logins to
Jellyfin/Emby. The previous behavior with different deviceId was creating new entries on the media
at every request.
* fix: remove useless check
* fix(jellyfin): clean up Jellyfin sessions on Jellyseerr logout
* refactor(auth): remove deleteUserDevice method and handle device deletion directly in logout process
* refactor(auth): optimize logout route for Jellyfin/Emby
Only query database for Jellyfin/Emby users during logout to avoid unnecessary database queries for Plex/local users. This improves performance by skipping the device deletion process when it's not needed.
* fix(avatar): fix avatar cache busting by using avatarVersion
Previously, avatar caching did not update the avatar when the remote image changed. This commit adds
logic to check if the avatar was modified remotely by comparing aremote last-modified timestamp with
a locally stored version (avatarVersion). If a change is detected, the cache is cleared, a new image
is fetched, and avatarVersionis updated. Otherwise, the cached image is retained.
* chore(db): add db migrations
* refactor: refactor imagehelpers util to where its used
* refactor: remove remnants from previous cache busting versions
* refactor: rename some remaining Overseerr occurrences
This PR renames some remaining occurrences of Overseerr to Jellyseerr. This includes the OpenAPI
specification, log file names and some variables and console messages.
* fix(i18n): add missing translation
* feat: support disabling jellyfin login
* feat: revamp login screen
Update the login screen for better usability, especially with OpenID
Connect and Plex login, allowing one-click login and removing the
accordion layout. Additionally, ensures that media server login is
hidden when disabled in the settings.
* test: update cypress login command
By default, the jellyfinAuthToken of every user was always retrieved from the database, and
sometimes sent back to the client. Any logged-in user could retrieve this token via a request
containing admin user information, and use it to gain full access to Jellyfin. This PR removes the
auth token and the device ID from the fields selected by default by TypeORM.
This PR adds an error message when the database has no admin user and Jellyseerr has already been
set up (i.e. settings.json is filled in), instead of having a generic error message.
* fix: use fs/promises for settings
This PR switches from synchronous operations with the 'fs' module to asynchronous operations with
the 'fs/promises' module. It also corrects a small error with hostname migration.
* fix: add missing merge function of default and current config
* refactor: add more logs to migration
* fix: cache Jellyfin/Emby avatars from API
Previously, avatars were cached using image links from Jellyfin/Emby. Now, avatar images are
obtained directly from the API to avoid some configuration bugs.
* fix: update avatar on new login
* fix: rewrite avatarproxy and CachedImage
Avatar proxy was allowing every request to be proxied, no matter the original ressource's origin or
filetype. This PR fixes it be allowing only relevant resources to be cached, i.e. Jellyfin/Emby
images and TMDB images.
fix#1012, #1013
* fix: resolve CodeQL error
* fix: resolve CodeQL error
* fix: resolve review comments
* fix: resolve review comment
* fix: resolve CodeQL error
* fix: update imageproxy path
* refactor: proxy and cache user avatar images
* fix: extract keys
* fix: set avatar image URL
* fix: show the correct avatar in the list of available users in advanced request
* fix(s): set correct src URL for cached image
* fix: remove unexpired unused image when a user changes their avatar
* fix: requested changes
* refactor: use 'mime' package to detmerine file extension
* style: grammar
* refactor: checks if the default avatar is cached to avoid creating duplicates for different users
* fix: fix vulnerability
* fix: fix incomplete URL substring sanitization
* refactor: only cache avatar with http url protocol
* fix: remove log and correctly set the if statement for the cached image component
* fix: avatar images not showing on issues page
* style: formatting
---------
Co-authored-by: JoaquinOlivero <joaquin.olivero@hotmail.com>
* feat: add Media Server Selection to Setup Page
Introduce the ability to select the media server type on the setup page. Users can now choose their
preferred media server (e.g., Plex through the Plex sign-in or Emby/Jellyfin sign-in to select
either Emby or Jellyfin). The selected media server type is then reflected in the application
settings. This enhancement provides users with increased flexibility and customization options
during the initial setup process, eliminating the need to rely on environment variables (which
cannot be set if using platforms like snaps). Existing Emby users, who use the environment variable,
should log out and log back in after updating to set their mediaServerType to Emby.
BREAKING CHANGE: This commit deprecates the JELLYFIN_TYPE variable to identify Emby media server and
instead rely on the mediaServerType that is set in the `settings.json`. Existing environment
variable users can log out and log back in to set the mediaServerType to `3` (Emby).
* feat(api): add severType to the api
BREAKING CHANGE: This adds a serverType to the `/auth/jellyfin` which requires a serverType to be
set (`jellyfin`/`emby`)
* refactor: use enums for serverType and rename selectedservice to serverType
* refactor(auth): jellyfin/emby authentication to set MediaServerType
* fix: issue page formatMessage for 4k media
* refactor: cleaner way of handling serverType change using MediaServerType instead of strings
instead of using strings now it will use MediaServerType enums for serverType
* revert: removed conditional render of the auto-request permission
reverts the conditional render toshow the auto-request permission if the mediaServerType was set to
Plex as this should be handled in a different PR and Cypress tests should be modified
accordingly(currently cypress test would fail if this conditional check is there)
* feat: add server type step to setup
* feat: migrate existing emby setups to use emby mediaServerType
* fix: scan jobs not running when media server type is emby
* fix: emby media server type migration
* refactor: change emby logo to full logo
* style: decrease emby logo size in setup screen
* refactor: use title case for servertype i18n message
* refactor(i18n): fix a typo
* refactor: use enums instead of numbers
* fix: remove old references to JELLYFIN_TYPE environment variable
* fix: go back to the last step when refresh the setup page
* fix: move "scanning in background" tip next to the scanning section
* fix: redirect the setup page when Jellyseerr is already setup
---------
Co-authored-by: Gauthier <mail@gauthierth.fr>
* feat(jellyfinapi): create Jellyfin API key from admin user
* fix(jellyfinapi): add migration script for Jellyfin API key
* feat(jellyfinapi): use Jellyfin API key instead of admin auth token
* fix(jellyfinapi): fix api key migration
* feat(jellyfinapi): add API key field to Jellyfin settings
* fix: move the API key field in the Jellyfin settings
* fix: remove email requirement for the user, and use the username if no email provided
* fix: update translations
* fix: remove useless console.log
* test: fix user list test
* fix: disallow Plex users from changing their email
* refactor(jellyfinsettings): abstract jellyfin hostname, updated ui to reflect it, better validation
This PR refactors and abstracts jellyfin hostname into, jellyfin ip, jellyfin port, jellyfin useSsl,
and jellyfin urlBase. This makes it more consistent with how plex settings are stored as well. In
addition, this improves validation as validation can be applied seperately to them instead of as one
whole regex doing the work to validate the url.
UI was updated to reflect this.
BREAKING CHANGE: Jellyfin settings now does not include a hostname. Instead it abstracted it to ip,
port, useSsl, and urlBase. However, migration of old settings to new settings should work
automatically.
* refactor: remove console logs and use getHostname and ApiErrorCodes
* fix: store req.body jellyfin settings temporarily and store only if valid
This should fix the issue where settings are saved even if the url
was invalid. Now the settings will only be saved if the url is
valid. Sort of like a test connection.
* refactor: clean up commented out code
* refactor(i18n): extract translation keys
* fix(auth): auth failing with jellyfin login is disabled
* fix(settings): jellyfin migrations replacing the rest of the settings
* fix(settings): jellyfin hostname should be carried out if hostname exists
* fix(settings): merging the wrong settings source
* refactor(settings): use migrator for dynamic settings migrations
* refactor(settingsmigrator): settings migration handler and the migrations
* test(cypress): fix cypress tests failing
cypress settings were lacking some of the jobs so when the startJobs() is called when the app
starts, it was failing to schedule the jobs where their cron timings were not specified in the
cypress settings. Therefore, this commit adds those jobs back. In addition, other setting options
were added to keep cypress settings consistent with a normal user.
* chore(prettierignore): ignore cypress/config/settings.cypress.json as it does not need prettier
* chore(prettier): ran formatter on cypress config to fix format check error
format check locally passes on this file. However, it fails during the github actions format check.
Therefore, json language features formatter was run instead of prettier to see if that fixes the
issue.
* test(cypress): add only missing jobs to the cypress settings
* ci: attempt at trying to get formatter to pass on cypress config json file
* refactor: revert the changes brought to try and fix formatter
added back the rest of the cypress settings and removed cypress settings from .prettierignore
* refactor(settings): better erorr logging when jellyfin connection test fails in settings page
validation for ipv6 was sort of broken where for example `::1` was being sent as `1`, therefore,
logins were broken. This PR fixes it by using nodejs `net.isIPv4()` & `net.isIPv6` for ipv4 and ipv6
validation.
possibly related to and fixes#795
* fix(logging): handle media server connection refused error/toast
Properly log as connection refused if the jellyfin/emby server is unreachable. Previously it used to
throw a credentials error which lead to a lot of confusion
* refactor(i8n): extract translation keys
* refactor(auth): error message for a more consistent format
* refactor(auth/errors): use custom error types and error codes instead of abusing error messages
* refactor(i8n): replace connection refused translation key with invalidurl
* fix(error): combine auth and api error class into a single one called network error
* fix(error): use the new network error and network error codes in auth/api
* refactor(error): rename NetworkError to ApiError
* feat: merge check if first jellyfin user is admin
re #610
* refactor(i18n): extract admin error message into en locale
---------
Co-authored-by: fallenbagel <98979876+Fallenbagel@users.noreply.github.com>
* refactor: jellyfin authentication
This refactor standardizes the authentication approach in Jellyfin to mirror the method employed in
Plex authentication for consistency
* feat: use gravatar for jellyfin users' with missing jellyfin avatars
* feat: if local sign-in disabled, verify Plex server access during auth for existing users
* fix: disable local/password login by default
* fix: set localLogin to disabled in getInitialProps
* fix: verify Plex server access on local logins as well
* fix(plex): do not fail to import Plex users when Plex Home has managed users
* fix: default display name to email when user has no username
also, do not set username or plexUsername when it is the same as the user's email address
* fix(ui): user display name placeholder should reflect fallback logic if username is not set
* fix(ui): hide email addresses of other users if logged-in user does not have Manage Users permission
* fix: always set Plex username even if same as user's email
* fix: remove unnecessary permission check
* fix: transform email addresses to lowercase
