fix(webpush): simplify condition for enabling push notifications

Signed-off-by: 0xsysr3ll <0xsysr3ll@pm.me>

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,14 +1,33 @@
-#### Description
+<!--
+    Please read contributing guide before submitting
+    your pull request. Please fill in each section below to help us better prioritize your pull request. Thanks!
+-->
 
-#### Screenshot (if UI-related)
+## Description
 
-#### To-Dos
+<!--- Describe your changes in detail -->
+<!--- Why is this change required? What problem does it solve? -->
+<!--- If it fixes an open issue, please link to the issue here. -->
 
+- Fixes #XXXX
+
+## How Has This Been Tested?
+
+<!--- Please describe in detail how you tested your changes. -->
+<!--- Include details of your testing environment, and the tests you ran to -->
+<!--- see how your change affects other areas of the code, etc. -->
+
+## Screenshots / Logs (if applicable)
+
+## Checklist:
+
+<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
+<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
+
+- [ ] I have read and followed the contribution [guidelines](https://github.com/seerr-team/seerr/blob/develop/CONTRIBUTING.md).
 - [ ] Disclosed any use of AI (see our [policy](https://github.com/seerr-team/seerr/blob/develop/CONTRIBUTING.md#ai-assistance-notice))
+- [ ] I have updated the documentation accordingly.
+- [ ] All new and existing tests passed.
 - [ ] Successful build `pnpm build`
 - [ ] Translation keys `pnpm i18n:extract`
 - [ ] Database migration (if required)
-
-#### Issues Fixed or Closed
-
-- Fixes #XXXX

.prettierignore

@@ -2,7 +2,6 @@
 .next/
 dist/
 config/
-CHANGELOG.md
 pnpm-lock.yaml
 cypress/config/settings.cypress.json
 

CONTRIBUTING.md

@@ -151,9 +151,9 @@ When adding new UI text, please try to adhere to the following guidelines:
 
 ## Translation
 
-We use [Weblate](https://jellyseerr.borgcube.de/projects/jellyseerr/jellyseerr-frontend/) for our translations, and your help with localizing Seerr would be greatly appreciated! If your language is not listed below, please [open a feature request](/../../issues/new/choose).
+We use [Weblate](https://translate.seerr.dev/projects/seerr/seerr-frontend/) for our translations, and your help with localizing Seerr would be greatly appreciated! If your language is not listed below, please [open a feature request](/../../issues/new/choose).
 
-<a href="https://jellyseerr.borgcube.de/engage/jellysseerr/"><img src="https://jellyseerr.borgcube.de/widget/jellyseerr/multi-auto.svg" alt="Translation status" /></a>
+<a href="https://translate.seerr.dev/engage/seerr/"><img src="https://translate.seerr.dev/widget/seerr/multi-auto.svg" alt="Translation status" /></a>
 
 ## Migrations
 

README.md

@@ -8,7 +8,7 @@
 <p align="center">
 <a href="https://discord.gg/seerr"><img src="https://img.shields.io/discord/783137440809746482" alt="Discord"></a>
 <a href="https://hub.docker.com/r/seerr/seerr"><img src="https://img.shields.io/docker/pulls/seerr/seerr" alt="Docker pulls"></a>
-<a href="http://translate.seerr.dev/engage/seerr/"><img src="http://translate.seerr.dev/widget/seerr/seerr-frontend/svg-badge.svg" alt="Translation status" /></a>
+<a href="https://translate.seerr.dev/engage/seerr/"><img src="https://translate.seerr.dev/widget/seerr/svg-badge.svg" alt="Translation status" /></a>
 <a href="https://github.com/seerr-team/seerr/blob/develop/LICENSE"><img alt="GitHub" src="https://img.shields.io/github/license/seerr-team/seerr"></a>
 
 **Seerr** is a free and open source software application for managing requests for your media library. It integrates with the media server of your choice: [Jellyfin](https://jellyfin.org), [Plex](https://plex.tv), and [Emby](https://emby.media/). In addition, it integrates with your existing services, such as **[Sonarr](https://sonarr.tv/)**, **[Radarr](https://radarr.video/)**.

charts/seerr-chart/Chart.yaml

@@ -5,7 +5,7 @@ description: Seerr helm chart for Kubernetes
 type: application
 version: 3.0.0
 # renovate: image=ghcr.io/seerr-team/seerr
-appVersion: '2.7.3'
+appVersion: '3.0.0'
 maintainers:
   - name: Seerr Team
     url: https://github.com/orgs/seerr-team/people

charts/seerr-chart/README.md

@@ -1,6 +1,6 @@
 # seerr-chart
 
-![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.7.3](https://img.shields.io/badge/AppVersion-2.7.3-informational?style=flat-square)
+![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.0](https://img.shields.io/badge/AppVersion-3.0.0-informational?style=flat-square)
 
 Seerr helm chart for Kubernetes
 
@@ -22,7 +22,7 @@ Kubernetes: `>=1.23.0-0`
 
 ## Installation
 
-Refer to [https://docs.seerr.dev/getting-started/kubernetes](Seerr kubernetes documentation)
+Refer to [Seerr kubernetes documentation](https://docs.seerr.dev/getting-started/kubernetes)
 
 ## Update Notes
 

charts/seerr-chart/README.md.gotmpl

@@ -16,7 +16,7 @@
 
 ## Installation
 
-Refer to [https://docs.seerr.dev/getting-started/kubernetes](Seerr kubernetes documentation)
+Refer to [Seerr kubernetes documentation](https://docs.seerr.dev/getting-started/kubernetes)
 
 ## Update Notes
 

docs/getting-started/buildfromsource.mdx

@@ -26,8 +26,7 @@ sudo mkdir -p /opt/seerr && cd /opt/seerr
 ```
 2. Clone the Seerr repository and checkout the main branch:
 ```bash
-git clone https://github.com/seerr-team/seerr.git
-cd seerr
+git clone https://github.com/seerr-team/seerr.git .
 git checkout main
 ```
 3. Install the dependencies:

docs/migration-guide.mdx

@@ -28,7 +28,7 @@ Changes :
 
 If you're migrating from a previous installation, you may need to update the ownership of your config folder:
 ```bash
-sudo chown -R 1000:1000 /path/to/appdata/config
+docker run --rm -v /path/to/appdata/config:/data alpine chown -R 1000:1000 /data
 ```
 
 This ensures the `node` user (UID 1000) owns the config directory and can read and write to it.

docs/troubleshooting.mdx

@@ -174,4 +174,36 @@ This can happen if you have a new installation of Jellyfin/Emby or if you have c
 
 This process should restore your admin privileges while preserving your settings.
 
+## Failed to enable web push notifications
+
+### Option 1: You are using Pi-hole
+
+When using Pi-hole, you need to whitelist the proper domains in order for the queries to not be intercepted and blocked by Pi-hole.
+If you are using a chromium based browser (eg: Chrome, Brave, Edge...), the domain you need to whitelist is `fcm.googleapis.com`
+If you are using Firefox, the domain you need to whitelist is `push.services.mozilla.com`
+
+1. Log into your Pi-hole through the admin interface, then click on Domains situated under GROUP MANAGEMENT.
+2. Add the domain corresponding to your browser in the `Domain to be added` field and then click on Add to allowed domains.
+3. Now in order for those changes to be used you need to flush your current dns cache.
+4. You can do so by using this command line in your Pi-hole terminal:
+    ```bash
+    pihole restartdns
+    ```
+If this command fails (which is unlikely), use this equivalent:
+    ```bash
+    pihole -f && pihole restartdns
+    ```
+5. Then restart your Seerr instance and try to enable the web push notifications again.
+
+
+### Option 2: You are using Brave browser
+
+Brave is a "De-Googled" browser. So by default or if you refused a prompt in the past, it cuts the access to the FCM (Firebase Cloud Messaging) service, which is mandatory for the web push notifications on Chromium based browsers.
+
+1. Open Brave and paste this address in the url bar: `brave://settings/privacy`
+2. Look for the option: "Use Google services for push messaging"
+3. Activate this option
+4. Relaunch Brave completely
+5. You should now see the notifications prompt appearing instead of an error message.
+
 If you still encounter issues, please reach out on our support channels.

package.json

@@ -2,7 +2,7 @@
   "name": "seerr",
   "version": "0.1.0",
   "private": true,
-  "packageManager": "pnpm@10.17.1",
+  "packageManager": "pnpm@10.24.0",
   "scripts": {
     "preinstall": "npx only-allow pnpm",
     "postinstall": "node postinstall-win.js",
@@ -33,38 +33,38 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@dr.pogodin/csurf": "^1.14.1",
-    "@formatjs/intl-displaynames": "6.2.6",
+    "@dr.pogodin/csurf": "^1.16.6",
+    "@formatjs/intl-displaynames": "6.8.13",
     "@formatjs/intl-locale": "3.1.1",
-    "@formatjs/intl-pluralrules": "5.1.10",
+    "@formatjs/intl-pluralrules": "5.4.6",
     "@formatjs/intl-utils": "3.8.4",
     "@formatjs/swc-plugin-experimental": "^0.4.0",
     "@headlessui/react": "1.7.12",
-    "@heroicons/react": "2.0.16",
+    "@heroicons/react": "2.2.0",
     "@supercharge/request-ip": "1.2.0",
     "@svgr/webpack": "6.5.1",
-    "@tanem/react-nprogress": "5.0.30",
+    "@tanem/react-nprogress": "5.0.56",
     "@types/ua-parser-js": "^0.7.36",
     "@types/wink-jaro-distance": "^2.0.2",
-    "ace-builds": "1.15.2",
-    "axios": "1.10.0",
-    "axios-rate-limit": "1.3.0",
+    "ace-builds": "1.43.4",
+    "axios": "1.13.2",
+    "axios-rate-limit": "1.4.0",
     "bcrypt": "5.1.0",
-    "bowser": "2.11.0",
+    "bowser": "2.13.1",
     "connect-typeorm": "1.1.4",
     "cookie-parser": "1.4.7",
     "copy-to-clipboard": "3.3.3",
-    "country-flag-icons": "1.5.5",
+    "country-flag-icons": "1.6.4",
     "cronstrue": "2.23.0",
     "date-fns": "2.29.3",
-    "dayjs": "1.11.7",
+    "dayjs": "1.11.19",
     "dns-caching": "^0.2.7",
-    "email-templates": "12.0.1",
+    "email-templates": "12.0.3",
     "express": "4.21.2",
     "express-openapi-validator": "4.13.8",
     "express-rate-limit": "6.7.0",
-    "express-session": "1.17.3",
-    "formik": "^2.4.6",
+    "express-session": "1.18.2",
+    "formik": "^2.4.9",
     "gravatar-url": "3.1.0",
     "http-proxy-agent": "^7.0.2",
     "https-proxy-agent": "^7.0.6",
@@ -76,19 +76,19 @@
     "node-schedule": "2.1.1",
     "nodemailer": "6.10.0",
     "openpgp": "5.11.2",
-    "pg": "8.11.0",
+    "pg": "8.16.3",
     "plex-api": "5.3.2",
     "pug": "3.0.3",
     "react": "^18.3.1",
     "react-ace": "10.1.0",
     "react-animate-height": "2.1.2",
-    "react-aria": "3.23.0",
+    "react-aria": "3.44.0",
     "react-dom": "^18.3.1",
     "react-intersection-observer": "9.4.3",
     "react-intl": "^6.6.8",
     "react-markdown": "8.0.5",
     "react-popper-tooltip": "4.4.2",
-    "react-select": "5.7.0",
+    "react-select": "5.10.2",
     "react-spring": "9.7.1",
     "react-tailwindcss-datepicker-sct": "1.3.4",
     "react-toast-notifications": "2.5.1",
@@ -97,19 +97,19 @@
     "react-use-clipboard": "1.0.9",
     "reflect-metadata": "0.1.13",
     "secure-random-password": "0.2.3",
-    "semver": "7.7.1",
+    "semver": "7.7.3",
     "sharp": "^0.33.4",
     "sqlite3": "5.1.7",
     "swagger-ui-express": "4.6.2",
-    "swr": "2.2.5",
+    "swr": "2.3.7",
     "tailwind-merge": "^2.6.0",
     "typeorm": "0.3.12",
     "ua-parser-js": "^1.0.35",
-    "undici": "^7.3.0",
-    "validator": "^13.15.15",
-    "web-push": "3.5.0",
+    "undici": "^7.16.0",
+    "validator": "^13.15.23",
+    "web-push": "3.6.7",
     "wink-jaro-distance": "^2.0.0",
-    "winston": "3.8.2",
+    "winston": "3.18.3",
     "winston-daily-rotate-file": "4.7.1",
     "xml2js": "0.4.23",
     "yamljs": "0.3.0",
@@ -123,32 +123,33 @@
     "@tailwindcss/forms": "0.5.10",
     "@tailwindcss/typography": "0.5.16",
     "@types/bcrypt": "5.0.0",
-    "@types/cookie-parser": "1.4.3",
-    "@types/country-flag-icons": "1.2.0",
-    "@types/csurf": "1.11.2",
+    "@types/cookie-parser": "1.4.10",
+    "@types/country-flag-icons": "1.2.2",
+    "@types/csurf": "1.11.5",
     "@types/email-templates": "8.0.4",
     "@types/express": "4.17.17",
-    "@types/express-session": "1.17.6",
-    "@types/lodash": "4.14.191",
+    "@types/express-session": "1.18.2",
+    "@types/lodash": "4.17.21",
     "@types/mime": "3",
     "@types/node": "22.10.5",
-    "@types/node-schedule": "2.1.0",
+    "@types/node-schedule": "2.1.8",
     "@types/nodemailer": "6.4.7",
     "@types/react": "^18.3.3",
     "@types/react-dom": "^18.3.0",
-    "@types/react-transition-group": "4.4.5",
+    "@types/react-transition-group": "4.4.12",
     "@types/secure-random-password": "0.2.1",
-    "@types/semver": "7.3.13",
-    "@types/swagger-ui-express": "4.1.3",
-    "@types/validator": "^13.15.3",
-    "@types/web-push": "3.3.2",
+    "@types/semver": "7.7.1",
+    "@types/swagger-ui-express": "4.1.8",
+    "@types/validator": "^13.15.10",
+    "@types/web-push": "3.6.4",
     "@types/xml2js": "0.4.11",
     "@types/yamljs": "0.2.31",
     "@types/yup": "0.29.14",
     "@typescript-eslint/eslint-plugin": "5.54.0",
     "@typescript-eslint/parser": "5.54.0",
-    "autoprefixer": "10.4.13",
-    "commitizen": "4.3.0",
+    "autoprefixer": "10.4.22",
+    "baseline-browser-mapping": "^2.8.32",
+    "commitizen": "4.3.1",
     "copyfiles": "2.4.1",
     "cy-mobile-commands": "0.3.0",
     "cypress": "14.1.0",
@@ -157,22 +158,22 @@
     "eslint-config-next": "^14.2.4",
     "eslint-config-prettier": "8.6.0",
     "eslint-plugin-formatjs": "4.9.0",
-    "eslint-plugin-jsx-a11y": "6.7.1",
-    "eslint-plugin-no-relative-import-paths": "1.5.2",
+    "eslint-plugin-jsx-a11y": "6.10.2",
+    "eslint-plugin-no-relative-import-paths": "1.6.1",
     "eslint-plugin-prettier": "4.2.1",
-    "eslint-plugin-react": "7.32.2",
+    "eslint-plugin-react": "7.37.5",
     "eslint-plugin-react-hooks": "4.6.0",
     "husky": "8.0.3",
     "lint-staged": "13.1.2",
-    "nodemon": "3.1.9",
-    "postcss": "8.4.31",
+    "nodemon": "3.1.11",
+    "postcss": "8.5.6",
     "prettier": "2.8.4",
     "prettier-plugin-organize-imports": "3.2.2",
     "prettier-plugin-tailwindcss": "0.2.3",
     "tailwindcss": "3.2.7",
-    "ts-node": "10.9.1",
-    "tsc-alias": "1.8.2",
-    "tsconfig-paths": "4.1.2",
+    "ts-node": "10.9.2",
+    "tsc-alias": "1.8.16",
+    "tsconfig-paths": "4.2.0",
     "typescript": "4.9.5"
   },
   "engines": {
@@ -181,7 +182,7 @@
   },
   "overrides": {
     "sqlite3/node-gyp": "8.4.1",
-    "@types/express-session": "1.17.6"
+    "@types/express-session": "1.18.2"
   },
   "config": {
     "commitizen": {
@@ -204,8 +205,11 @@
   },
   "pnpm": {
     "onlyBuiltDependencies": [
-      "sqlite3",
-      "bcrypt"
+      "@swc/core",
+      "bcrypt",
+      "cypress",
+      "sharp",
+      "sqlite3"
     ]
   }
 }

server/api/jellyfin.ts

@@ -112,6 +112,10 @@ export interface JellyfinLibraryItemExtended extends JellyfinLibraryItem {
   DateCreated?: string;
 }
 
+type EpisodeReturn<T> = T extends { includeMediaInfo: true }
+  ? JellyfinLibraryItemExtended[]
+  : JellyfinLibraryItem[];
+
 export interface JellyfinItemsReponse {
   Items: JellyfinLibraryItemExtended[];
   TotalRecordCount: number;
@@ -145,7 +149,7 @@ class JellyfinAPI extends ExternalAPI {
       {},
       {
         headers: {
-          'X-Emby-Authorization': authHeaderVal,
+          Authorization: authHeaderVal,
           'Content-Type': 'application/json',
           Accept: 'application/json',
         },
@@ -415,13 +419,22 @@ class JellyfinAPI extends ExternalAPI {
     }
   }
 
-  public async getEpisodes(
+  public async getEpisodes<
+    T extends { includeMediaInfo?: boolean } | undefined = undefined
+  >(
     seriesID: string,
-    seasonID: string
-  ): Promise<JellyfinLibraryItem[]> {
+    seasonID: string,
+    options?: T
+  ): Promise<EpisodeReturn<T>> {
     try {
       const episodeResponse = await this.get<any>(
-        `/Shows/${seriesID}/Episodes?seasonId=${seasonID}`
+        `/Shows/${seriesID}/Episodes`,
+        {
+          params: {
+            seasonId: seasonID,
+            ...(options?.includeMediaInfo && { fields: 'MediaSources' }),
+          },
+        }
       );
 
       return episodeResponse.Items.filter(

server/entity/UserPushSubscription.ts

@@ -1,8 +1,15 @@
 import { DbAwareColumn } from '@server/utils/DbColumnHelper';
-import { Column, Entity, ManyToOne, PrimaryGeneratedColumn } from 'typeorm';
+import {
+  Column,
+  Entity,
+  ManyToOne,
+  PrimaryGeneratedColumn,
+  Unique,
+} from 'typeorm';
 import { User } from './User';
 
 @Entity()
+@Unique(['endpoint', 'user'])
 export class UserPushSubscription {
   @PrimaryGeneratedColumn()
   public id: number;

server/lib/notifications/agents/webpush.ts

@@ -24,6 +24,15 @@ interface PushNotificationPayload {
   isAdmin?: boolean;
 }
 
+interface WebPushError extends Error {
+  statusCode?: number;
+  status?: number;
+  body?: string | unknown;
+  response?: {
+    body?: string | unknown;
+  };
+}
+
 class WebPushAgent
   extends BaseAgent<NotificationAgentConfig>
   implements NotificationAgent
@@ -188,19 +197,30 @@ class WebPushAgent
           notificationPayload
         );
       } catch (e) {
+        const webPushError = e as WebPushError;
+        const statusCode = webPushError.statusCode || webPushError.status;
+        const errorMessage = webPushError.message || String(e);
+
+        // RFC 8030: 410/404 are permanent failures, others are transient
+        const isPermanentFailure = statusCode === 410 || statusCode === 404;
+
         logger.error(
-          'Error sending web push notification; removing subscription',
+          isPermanentFailure
+            ? 'Error sending web push notification; removing invalid subscription'
+            : 'Error sending web push notification (transient error, keeping subscription)',
           {
             label: 'Notifications',
             recipient: pushSub.user.displayName,
             type: Notification[type],
             subject: payload.subject,
-            errorMessage: e.message,
+            errorMessage,
+            statusCode: statusCode || 'unknown',
           }
         );
 
-        // Failed to send notification so we need to remove the subscription
-        userPushSubRepository.remove(pushSub);
+        if (isPermanentFailure) {
+          await userPushSubRepository.remove(pushSub);
+        }
       }
     };
 

server/lib/scanners/jellyfin/index.ts

@@ -374,9 +374,10 @@ class JellyfinScanner {
             ) ?? []
           ).length;
 
+          const jellyfinSeasons = await this.jfClient.getSeasons(Id);
+
           for (const season of seasons) {
-            const JellyfinSeasons = await this.jfClient.getSeasons(Id);
-            const matchedJellyfinSeason = JellyfinSeasons.find((md) => {
+            const matchedJellyfinSeason = jellyfinSeasons.find((md) => {
               if (tvdbSeasonFromAnidb) {
                 // In AniDB we don't have the concept of seasons,
                 // we have multiple shows with only Season 1 (and sometimes a season with index 0 for specials).
@@ -397,38 +398,52 @@ class JellyfinScanner {
 
             // Check if we found the matching season and it has all the available episodes
             if (matchedJellyfinSeason) {
-              // If we have a matched Jellyfin season, get its children metadata so we can check details
-              const episodes = await this.jfClient.getEpisodes(
-                Id,
-                matchedJellyfinSeason.Id
-              );
-
-              //Get count of episodes that are HD and 4K
               let totalStandard = 0;
               let total4k = 0;
 
-              //use for loop to make sure this loop _completes_ in full
-              //before the next section
-              for (const episode of episodes) {
-                let episodeCount = 1;
+              if (!this.enable4kShow) {
+                const episodes = await this.jfClient.getEpisodes(
+                  Id,
+                  matchedJellyfinSeason.Id
+                );
 
-                // count number of combined episodes
-                if (
-                  episode.IndexNumber !== undefined &&
-                  episode.IndexNumberEnd !== undefined
-                ) {
-                  episodeCount =
-                    episode.IndexNumberEnd - episode.IndexNumber + 1;
-                }
+                for (const episode of episodes) {
+                  let episodeCount = 1;
+
+                  // count number of combined episodes
+                  if (
+                    episode.IndexNumber !== undefined &&
+                    episode.IndexNumberEnd !== undefined
+                  ) {
+                    episodeCount =
+                      episode.IndexNumberEnd - episode.IndexNumber + 1;
+                  }
 
-                if (!this.enable4kShow) {
                   totalStandard += episodeCount;
-                } else {
-                  const ExtendedEpisodeData = await this.jfClient.getItemData(
-                    episode.Id
-                  );
+                }
+              } else {
+                // 4K detection enabled - request media info to check resolution
+                const episodes = await this.jfClient.getEpisodes(
+                  Id,
+                  matchedJellyfinSeason.Id,
+                  { includeMediaInfo: true }
+                );
 
-                  ExtendedEpisodeData?.MediaSources?.some((MediaSource) => {
+                for (const episode of episodes) {
+                  let episodeCount = 1;
+
+                  // count number of combined episodes
+                  if (
+                    episode.IndexNumber !== undefined &&
+                    episode.IndexNumberEnd !== undefined
+                  ) {
+                    episodeCount =
+                      episode.IndexNumberEnd - episode.IndexNumber + 1;
+                  }
+
+                  // MediaSources field is included in response when includeMediaInfo is true
+                  // We iterate all MediaSources to detect if episode has both standard AND 4K versions
+                  episode.MediaSources?.some((MediaSource) => {
                     return MediaSource.MediaStreams.some((MediaStream) => {
                       if (MediaStream.Type === 'Video') {
                         if ((MediaStream.Width ?? 0) >= 2000) {

server/migration/postgres/1765233385034-AddUniqueConstraintToPushSubscription.ts

@@ -0,0 +1,19 @@
+import type { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddUniqueConstraintToPushSubscription1765233385034
+  implements MigrationInterface
+{
+  name = 'AddUniqueConstraintToPushSubscription1765233385034';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "user_push_subscription" ADD CONSTRAINT "UQ_6427d07d9a171a3a1ab87480005" UNIQUE ("endpoint", "userId")`
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "user_push_subscription" DROP CONSTRAINT "UQ_6427d07d9a171a3a1ab87480005"`
+    );
+  }
+}

server/migration/sqlite/1765233385034-AddUniqueConstraintToPushSubscription.ts

@@ -0,0 +1,17 @@
+import type { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddUniqueConstraintToPushSubscription1765233385034
+  implements MigrationInterface
+{
+  name = 'AddUniqueConstraintToPushSubscription1765233385034';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `CREATE UNIQUE INDEX "UQ_6427d07d9a171a3a1ab87480005" ON "user_push_subscription" ("endpoint", "userId")`
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`DROP INDEX "UQ_6427d07d9a171a3a1ab87480005"`);
+  }
+}

server/routes/auth.ts

@@ -626,76 +626,6 @@ authRoutes.post('/local', async (req, res, next) => {
       });
     }
 
-    const mainUser = await userRepository.findOneOrFail({
-      select: { id: true, plexToken: true, plexId: true },
-      where: { id: 1 },
-    });
-    const mainPlexTv = new PlexTvAPI(mainUser.plexToken ?? '');
-
-    if (!user.plexId) {
-      try {
-        const plexUsersResponse = await mainPlexTv.getUsers();
-        const account = plexUsersResponse.MediaContainer.User.find(
-          (account) =>
-            account.$.email &&
-            account.$.email.toLowerCase() === user.email.toLowerCase()
-        )?.$;
-
-        if (
-          account &&
-          (await mainPlexTv.checkUserAccess(parseInt(account.id)))
-        ) {
-          logger.info(
-            'Found matching Plex user; updating user with Plex data',
-            {
-              label: 'API',
-              ip: req.ip,
-              email: body.email,
-              userId: user.id,
-              plexId: account.id,
-              plexUsername: account.username,
-            }
-          );
-
-          user.plexId = parseInt(account.id);
-          user.avatar = account.thumb;
-          user.email = account.email;
-          user.plexUsername = account.username;
-          user.userType = UserType.PLEX;
-
-          await userRepository.save(user);
-        }
-      } catch (e) {
-        logger.error('Something went wrong fetching Plex users', {
-          label: 'API',
-          errorMessage: e.message,
-        });
-      }
-    }
-
-    if (
-      user.plexId &&
-      user.plexId !== mainUser.plexId &&
-      !(await mainPlexTv.checkUserAccess(user.plexId))
-    ) {
-      logger.warn(
-        'Failed sign-in attempt from Plex user without access to the media server',
-        {
-          label: 'API',
-          account: {
-            ip: req.ip,
-            email: body.email,
-            userId: user.id,
-            plexId: user.plexId,
-          },
-        }
-      );
-      return next({
-        status: 403,
-        message: 'Access denied.',
-      });
-    }
-
     // Set logged in session
     if (user && req.session) {
       req.session.userId = user.id;
@@ -775,7 +705,7 @@ authRoutes.post('/logout', async (req, res, next) => {
         });
         return next({ status: 500, message: 'Failed to destroy session.' });
       }
-      logger.info('Successfully logged out user', {
+      logger.debug('Successfully logged out user', {
         label: 'Auth',
         userId,
       });

server/routes/user/index.ts

@@ -4,7 +4,7 @@ import TautulliAPI from '@server/api/tautulli';
 import { MediaType } from '@server/constants/media';
 import { MediaServerType } from '@server/constants/server';
 import { UserType } from '@server/constants/user';
-import { getRepository } from '@server/datasource';
+import dataSource, { getRepository } from '@server/datasource';
 import Media from '@server/entity/Media';
 import { MediaRequest } from '@server/entity/MediaRequest';
 import { User } from '@server/entity/User';
@@ -25,7 +25,8 @@ import { getHostname } from '@server/utils/getHostname';
 import { Router } from 'express';
 import gravatarUrl from 'gravatar-url';
 import { findIndex, sortBy } from 'lodash';
-import { In } from 'typeorm';
+import type { EntityManager } from 'typeorm';
+import { In, Not } from 'typeorm';
 import userSettingsRoutes from './usersettings';
 
 const router = Router();
@@ -188,30 +189,82 @@ router.post<
   }
 >('/registerPushSubscription', async (req, res, next) => {
   try {
-    const userPushSubRepository = getRepository(UserPushSubscription);
+    // This prevents race conditions where two requests both pass the checks
+    await dataSource.transaction(
+      async (transactionalEntityManager: EntityManager) => {
+        const transactionalRepo =
+          transactionalEntityManager.getRepository(UserPushSubscription);
 
-    const existingSubs = await userPushSubRepository.find({
-      relations: { user: true },
-      where: { auth: req.body.auth, user: { id: req.user?.id } },
-    });
+        // Check for existing subscription by auth or endpoint within transaction
+        const existingSubscription = await transactionalRepo.findOne({
+          relations: { user: true },
+          where: [
+            { auth: req.body.auth, user: { id: req.user?.id } },
+            { endpoint: req.body.endpoint, user: { id: req.user?.id } },
+          ],
+        });
 
-    if (existingSubs.length > 0) {
-      logger.debug(
-        'User push subscription already exists. Skipping registration.',
-        { label: 'API' }
-      );
-      return res.status(204).send();
-    }
+        if (existingSubscription) {
+          // If endpoint matches but auth is different, update with new keys (iOS refresh case)
+          if (
+            existingSubscription.endpoint === req.body.endpoint &&
+            existingSubscription.auth !== req.body.auth
+          ) {
+            existingSubscription.auth = req.body.auth;
+            existingSubscription.p256dh = req.body.p256dh;
+            existingSubscription.userAgent = req.body.userAgent;
 
-    const userPushSubscription = new UserPushSubscription({
-      auth: req.body.auth,
-      endpoint: req.body.endpoint,
-      p256dh: req.body.p256dh,
-      userAgent: req.body.userAgent,
-      user: req.user,
-    });
+            await transactionalRepo.save(existingSubscription);
 
-    userPushSubRepository.save(userPushSubscription);
+            logger.debug(
+              'Updated existing push subscription with new keys for same endpoint.',
+              { label: 'API' }
+            );
+            return;
+          }
+
+          logger.debug(
+            'Duplicate subscription detected. Skipping registration.',
+            { label: 'API' }
+          );
+          return;
+        }
+
+        // Clean up old subscriptions from the same device (userAgent) for this user
+        // iOS can silently refresh endpoints, leaving stale subscriptions in the database
+        // Only clean up if we're creating a new subscription (not updating an existing one)
+        if (req.body.userAgent) {
+          const staleSubscriptions = await transactionalRepo.find({
+            relations: { user: true },
+            where: {
+              userAgent: req.body.userAgent,
+              user: { id: req.user?.id },
+              // Only remove subscriptions with different endpoints (stale ones)
+              // Keep subscriptions that might be from different browsers/tabs
+              endpoint: Not(req.body.endpoint),
+            },
+          });
+
+          if (staleSubscriptions.length > 0) {
+            await transactionalRepo.remove(staleSubscriptions);
+            logger.debug(
+              `Removed ${staleSubscriptions.length} stale push subscription(s) from same device.`,
+              { label: 'API' }
+            );
+          }
+        }
+
+        const userPushSubscription = new UserPushSubscription({
+          auth: req.body.auth,
+          endpoint: req.body.endpoint,
+          p256dh: req.body.p256dh,
+          userAgent: req.body.userAgent,
+          user: req.user,
+        });
+
+        await transactionalRepo.save(userPushSubscription);
+      }
+    );
 
     return res.status(204).send();
   } catch (e) {

src/components/Common/LabeledCheckbox/index.tsx

@@ -25,7 +25,7 @@ const LabeledCheckbox: React.FC<LabeledCheckboxProps> = ({
           <Field type="checkbox" id={id} name={id} onChange={onChange} />
         </div>
         <div className="ml-3 text-sm leading-6">
-          <label htmlFor="localLogin" className="block">
+          <label htmlFor="localLogin" className="block" aria-label={label}>
             <div className="flex flex-col">
               <span className="font-medium text-white">{label}</span>
               <span className="font-normal text-gray-400">{description}</span>

src/components/NotificationTypeSelector/NotificationType/index.tsx

@@ -46,7 +46,7 @@ const NotificationType = ({
           />
         </div>
         <div className="ml-3 text-sm leading-6">
-          <label htmlFor={option.id} className="block">
+          <label htmlFor={option.id} className="block" aria-label={option.name}>
             <div className="flex flex-col">
               <span className="font-medium text-white">{option.name}</span>
               <span className="font-normal text-gray-400">

src/components/PermissionOption/index.tsx

@@ -123,7 +123,7 @@ const PermissionOption = ({
           />
         </div>
         <div className="ml-3 text-sm leading-6">
-          <label htmlFor={option.id} className="block">
+          <label htmlFor={option.id} className="block" aria-label={option.name}>
             <div className="flex flex-col">
               <span className="font-medium text-white">{option.name}</span>
               <span className="font-normal text-gray-400">

src/components/Selector/index.tsx

@@ -12,7 +12,6 @@ import type {
   TmdbGenre,
   TmdbKeywordSearchResponse,
 } from '@server/api/themoviedb/interfaces';
-import type { GenreSliderItem } from '@server/interfaces/api/discoverInterfaces';
 import type { UserResultsResponse } from '@server/interfaces/api/userInterfaces';
 import type {
   Keyword,
@@ -185,9 +184,7 @@ export const GenreSelector = ({
   }, [defaultValue, type]);
 
   const loadGenreOptions = async (inputValue: string) => {
-    const results = await axios.get<GenreSliderItem[]>(
-      `/api/v1/discover/genreslider/${type}`
-    );
+    const results = await axios.get<TmdbGenre[]>(`/api/v1/genres/${type}`);
 
     return results.data
       .map((result) => ({
@@ -201,7 +198,7 @@ export const GenreSelector = ({
 
   return (
     <AsyncSelect
-      key={`genre-select-${defaultDataValue}`}
+      key={`genre-select-${type}-${defaultDataValue}`}
       className="react-select-container"
       classNamePrefix="react-select"
       defaultValue={isMulti ? defaultDataValue : defaultDataValue?.[0]}

src/components/Settings/OverrideRule/OverrideRuleModal.tsx

@@ -337,7 +337,13 @@ const OverrideRuleModal = ({
                   <div className="form-input-area">
                     <div className="form-input-field">
                       <GenreSelector
-                        type={values.radarrServiceId ? 'movie' : 'tv'}
+                        type={
+                          values.radarrServiceId != null
+                            ? 'movie'
+                            : values.sonarrServiceId != null
+                            ? 'tv'
+                            : 'tv'
+                        }
                         defaultValue={values.genre}
                         isMulti
                         isDisabled={!isValidated || isTesting}

src/components/UserProfile/UserSettings/UserNotificationSettings/UserNotificationsWebPush/index.tsx

@@ -109,15 +109,28 @@ const UserWebPushSettings = () => {
   // Deletes/disables corresponding push subscription from database
   const disablePushNotifications = async (endpoint?: string) => {
     try {
-      await unsubscribeToPushNotifications(user?.id, endpoint);
-
-      // Delete from backend if endpoint is available
-      if (subEndpoint) {
-        await deletePushSubscriptionFromBackend(subEndpoint);
-      }
+      const unsubscribedEndpoint = await unsubscribeToPushNotifications(
+        user?.id,
+        endpoint
+      );
 
       localStorage.setItem('pushNotificationsEnabled', 'false');
       setWebPushEnabled(false);
+
+      // Only delete the current browser's subscription, not all devices
+      const endpointToDelete = unsubscribedEndpoint || subEndpoint || endpoint;
+      if (endpointToDelete) {
+        try {
+          await axios.delete(
+            `/api/v1/user/${user?.id}/pushSubscription/${encodeURIComponent(
+              endpointToDelete
+            )}`
+          );
+        } catch {
+          // Ignore deletion failures - backend cleanup is best effort
+        }
+      }
+
       addToast(intl.formatMessage(messages.webpushhasbeendisabled), {
         autoDismiss: true,
         appearance: 'success',
@@ -157,7 +170,33 @@ const UserWebPushSettings = () => {
   useEffect(() => {
     const verifyWebPush = async () => {
       const enabled = await verifyPushSubscription(user?.id, currentSettings);
-      setWebPushEnabled(enabled);
+      let isEnabled = enabled;
+
+      if (!enabled && 'serviceWorker' in navigator) {
+        const { subscription } = await getPushSubscription();
+        if (subscription) {
+          isEnabled = true;
+        }
+      }
+
+      if (!isEnabled && dataDevices && dataDevices.length > 0) {
+        const currentUserAgent = navigator.userAgent;
+        const hasMatchingDevice = dataDevices.some(
+          (device) => device.userAgent === currentUserAgent
+        );
+
+        if (hasMatchingDevice) {
+          isEnabled = true;
+        }
+      }
+
+      setWebPushEnabled(isEnabled);
+      if (localStorage.getItem('pushNotificationsEnabled') === null) {
+        localStorage.setItem(
+          'pushNotificationsEnabled',
+          isEnabled ? 'true' : 'false'
+        );
+      }
     };
 
     if (user?.id) {

src/hooks/useUser.ts

@@ -2,6 +2,7 @@ import { UserType } from '@server/constants/user';
 import type { PermissionCheckOptions } from '@server/lib/permissions';
 import { hasPermission, Permission } from '@server/lib/permissions';
 import type { NotificationAgentKey } from '@server/lib/settings';
+import { useRouter } from 'next/router';
 import type { MutatorCallback } from 'swr';
 import useSWR from 'swr';
 
@@ -56,13 +57,21 @@ export const useUser = ({
   id,
   initialData,
 }: { id?: number; initialData?: User } = {}): UserHookResponse => {
+  const router = useRouter();
+  const isAuthPage = /^\/(login|setup|resetpassword(?:\/|$))/.test(
+    router.pathname
+  );
+
   const {
     data,
     error,
     mutate: revalidate,
   } = useSWR<User>(id ? `/api/v1/user/${id}` : `/api/v1/auth/me`, {
     fallbackData: initialData,
-    refreshInterval: 30000,
+    refreshInterval: !isAuthPage ? 30000 : 0,
+    revalidateOnFocus: !isAuthPage,
+    revalidateOnMount: !isAuthPage,
+    revalidateOnReconnect: !isAuthPage,
     errorRetryInterval: 30000,
     shouldRetryOnError: false,
   });

src/utils/plex.ts

@@ -63,7 +63,7 @@ class PlexOAuth {
       'X-Plex-Client-Identifier': clientId,
       'X-Plex-Model': 'Plex OAuth',
       'X-Plex-Platform': browser.getBrowserName(),
-      'X-Plex-Platform-Version': browser.getBrowserVersion(),
+      'X-Plex-Platform-Version': browser.getBrowserVersion() || 'Unknown',
       'X-Plex-Device': browser.getOSName(),
       'X-Plex-Device-Name': `${browser.getBrowserName()} (Seerr)`,
       'X-Plex-Device-Screen-Resolution':

src/utils/pushSubscriptionHelpers.ts

@@ -49,13 +49,17 @@ export const verifyPushSubscription = async (
       currentSettings.vapidPublic
     ).toString();
 
+    if (currentServerKey !== expectedServerKey) {
+      return false;
+    }
+
     const endpoint = subscription.endpoint;
 
     const { data } = await axios.get<UserPushSubscription>(
       `/api/v1/user/${userId}/pushSubscription/${encodeURIComponent(endpoint)}`
     );
 
-    return expectedServerKey === currentServerKey && data.endpoint === endpoint;
+    return data.endpoint === endpoint;
   } catch {
     return false;
   }
@@ -65,20 +69,39 @@ export const verifyAndResubscribePushSubscription = async (
   userId: number | undefined,
   currentSettings: PublicSettingsResponse
 ): Promise<boolean> => {
+  if (!userId) {
+    return false;
+  }
+
+  const { subscription } = await getPushSubscription();
   const isValid = await verifyPushSubscription(userId, currentSettings);
 
   if (isValid) {
     return true;
   }
 
+  if (subscription) {
+    return false;
+  }
+
   if (currentSettings.enablePushRegistration) {
     try {
-      // Unsubscribe from the backend to clear the existing push subscription (keys and endpoint)
-      await unsubscribeToPushNotifications(userId);
+      const oldEndpoint = await unsubscribeToPushNotifications(userId);
 
-      // Subscribe again to generate a fresh push subscription with updated keys and endpoint
       await subscribeToPushNotifications(userId, currentSettings);
 
+      if (oldEndpoint) {
+        try {
+          await axios.delete(
+            `/api/v1/user/${userId}/pushSubscription/${encodeURIComponent(
+              oldEndpoint
+            )}`
+          );
+        } catch (error) {
+          // Ignore errors when deleting old endpoint (it might not exist)
+        }
+      }
+
       return true;
     } catch (error) {
       throw new Error(`[SW] Resubscribe failed: ${error.message}`);
@@ -136,24 +159,26 @@ export const subscribeToPushNotifications = async (
 export const unsubscribeToPushNotifications = async (
   userId: number | undefined,
   endpoint?: string
-) => {
+): Promise<string | null> => {
   if (!('serviceWorker' in navigator) || !userId) {
-    return;
+    return null;
   }
 
   try {
     const { subscription } = await getPushSubscription();
 
     if (!subscription) {
-      return false;
+      return null;
     }
 
     const { endpoint: currentEndpoint } = subscription.toJSON();
 
     if (!endpoint || endpoint === currentEndpoint) {
       await subscription.unsubscribe();
-      return true;
+      return currentEndpoint ?? null;
     }
+
+    return null;
   } catch (error) {
     throw new Error(
       `Issue unsubscribing to push notifications: ${error.message}`