Simon/romm
1
0
Fork 0
mirror of https://github.com/rommapp/romm.git synced 2026-06-28 06:46:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,920 Commits 45 Branches 191 Tags
6de2a478f331d8a052e567e0397bd046e6a9ec4c
Commit Graph

1429 Commits

Author SHA1 Message Date
nendo
ea5b7546aa refactor: address PR #3114 review feedback 
- Use atomic getdel for pairing code exchange
- Add cascade="all, delete-orphan" to User.client_tokens
- Move generate/hash_client_token into AuthHandler as static methods
- Extract endpoint helpers to utils/client_tokens.py
 2026-03-11 10:56:35 +09:00
nendo
e0b25fbc6c feat(client-tokens): add client API tokens with QR pairing flow 
Long-lived, revocable, scope-restricted tokens for external clients
(mobile apps, retro handhelds, third-party tools). Includes:

- Backend: model, migration, DB handler, auth integration (rmm_ prefix
  routing in HybridAuthBackend), CRUD + pairing + exchange endpoints,
  rate limiting, scope intersection enforcement, admin oversight
- Frontend: settings page with token management table, stepped
  create/deliver dialog (config -> copy/pair), QR code with RomM logo,
  admin token table, standalone /pair page for QR scan landing
- /pair page supports custom-scheme callbacks for app deep linking,
  falls back to displaying code for manual entry
- 33 backend tests across 5 classes (CRUD, auth, isolation, pairing,
  admin)
 2026-03-11 10:56:35 +09:00
Georges-Antoine Assi
f6eb686559 fix tests 2026-03-10 08:38:43 -04:00
HydroSulphide
b9ea937373 Merge branch 'master' into fix-oauth-token-expiry-and-refresh-rotation 2026-03-10 08:51:44 +01:00
HydroSulphide
fd788684b9 fix: TOCTOU race condition allows duplicate refresh token use 2026-03-10 08:38:32 +01:00
HydroSulphide
02336974a6 Implemented greptile suggestions 2026-03-10 08:04:07 +01:00
HydroSulphide
8758cb31b7 Tried to fix everything the bot complained about and the failed pytests. 
Three tests were also implemented to check initial implementation that now invalidates expired access and refresh tokens and also rotating refresh tokens.

Since I introduced wrapper functions for create_oauth_token to distinguish between access and refresh token there is no need to set the token type in the data dict, since the type is now enforced in the wrapper functions create_access_token and create_refresh_token.

By convention I renamed create_oauth_token to _create_oauth_token as it is considered a private helper function now.
 2026-03-10 07:22:02 +01:00
copilot-swe-agent[bot]
2a7c86e304 Fix OIDC login downgrading existing user roles when no claims provided 
Co-authored-by: pacnpal <183241239+pacnpal@users.noreply.github.com>
 2026-03-09 18:26:49 +00:00
HydroSulphide
ad09babce8 fix: catch http exception on code 401 so api call with expired access token doesn't lead to internal server error 2026-03-09 18:29:28 +01:00
HydroSulphide
41f64eb42b fix: oauth token invalidation on expiration date and rotating refresh token 2026-03-09 17:03:29 +01:00
Georges-Antoine Assi
e2ece6b938 run fmt 2026-03-08 22:54:58 -04:00
copilot-swe-agent[bot]
53b0b9021b Switch invite token expiration unit from minutes to seconds 
Co-authored-by: gantoine <3247106+gantoine@users.noreply.github.com>
 2026-03-09 02:48:21 +00:00
copilot-swe-agent[bot]
5f309639af Make invite token expiration configurable via env var and UI 
Co-authored-by: gantoine <3247106+gantoine@users.noreply.github.com>
 2026-03-09 01:43:53 +00:00
Georges-Antoine Assi
e3d9bfe9fa fix migration 2026-03-08 20:14:14 -04:00
copilot-swe-agent[bot]
ae73da7c27 Fix 500 error from empty fs_name_no_tags causing mass sibling matching and incorrect ROM grouping 
- Add migration 0071 to fix sibling_roms view: add guard against empty string matching for fs_name_no_tags
- Fix group_by_meta_id in filter_roms: use func.nullif to treat empty fs_name_no_tags as NULL in grouping key
- Add group_by_meta_id support to get_roms_scalar
- Add tests for sibling matching behavior with empty/non-empty fs_name_no_tags

Co-authored-by: gantoine <3247106+gantoine@users.noreply.github.com>
 2026-03-08 23:17:51 +00:00
Georges-Antoine Assi
38b311d1ca Merge pull request #3089 from rommapp/copilot/scrape-age-rating-data 
Scrape and store age rating data from ScreenScraper.fr
 2026-03-08 18:44:42 -04:00
Georges-Antoine Assi
80e78a8fe3 fix literally everything about age ratings 2026-03-08 18:34:58 -04:00
Georges-Antoine Assi
207f8a3c85 [ROMM-3067] Always sub dash with colon for launchbox matching 2026-03-08 17:26:53 -04:00
copilot-swe-agent[bot]
7d103f48a8 Add age rating support from ScreenScraper classifications 
Co-authored-by: gantoine <3247106+gantoine@users.noreply.github.com>
 2026-03-08 21:20:14 +00:00
copilot-swe-agent[bot]
7f88923dee Add video-normalized support for ScreenScraper scan.media config 
Co-authored-by: gantoine <3247106+gantoine@users.noreply.github.com>
 2026-03-08 20:30:16 +00:00
Georges-Antoine Assi
a977b39192 update famicom ID in launchbox 2026-03-08 16:22:15 -04:00
Georges-Antoine Assi
2905328c9e update comments 2026-03-08 11:39:41 -04:00
Georges-Antoine Assi
29a5b8edf2 fix on mariadb 2026-03-08 10:15:08 -04:00
Georges-Antoine Assi
72d04b1ec7 fixes 2026-03-08 10:08:50 -04:00
Georges-Antoine Assi
708105aabd Hack for natural sorting of roms 2026-03-08 09:51:51 -04:00
Georges-Antoine Assi
aa4abe6b7c end me 2026-03-07 23:43:58 -05:00
Georges-Antoine Assi
c515f1855c sdgkjdfhgsdfk 2026-03-07 23:35:19 -05:00
Georges-Antoine Assi
a14babc0da my brain is numb 2026-03-07 23:08:54 -05:00
Georges-Antoine Assi
84a39005dc its never done 2026-03-07 22:55:20 -05:00
Georges-Antoine Assi
606799e19c my own cleanup 2026-03-07 21:34:45 -05:00
Georges-Antoine Assi
afcba4da9b some bot comments 2026-03-07 20:35:42 -05:00
Georges-Antoine Assi
5f2c1a6b3b fix tests 2026-03-07 18:24:31 -05:00
Georges-Antoine Assi
eda88b70d1 get claude to refactor launchbox_handler 2026-03-07 16:02:39 -05:00
Georges-Antoine Assi
395b857592 changes from self review 2026-03-07 14:44:02 -05:00
Georges-Antoine Assi
6de46eb067 Merge branch 'master' into launchbox-handler 2026-03-07 11:31:03 -05:00
Georges-Antoine Assi
ee8b55e6ef last set of changes 2026-03-07 09:56:17 -05:00
Georges-Antoine Assi
76bdfb4891 changes from self review 2026-03-07 09:36:45 -05:00
Georges-Antoine Assi
b3659a1226 changes from bot review 2026-03-07 08:58:42 -05:00
Georges-Antoine Assi
b030b98062 attempt to fix vuln reported in PR 2026-03-06 19:42:56 -05:00
Georges-Antoine Assi
2706927cbc fix bug with exclusion criteria 2026-02-19 10:32:55 -05:00
Georges-Antoine Assi
d3aa1b7c44 prefer exact stem matches first 2026-02-19 10:27:17 -05:00
Georges-Antoine Assi
6461078721 loosen rules around fetch matching screenshots 2026-02-19 10:18:56 -05:00
Georges-Antoine Assi
8a56e9b333 [ROMM-3026] Region/language shortcodes should be case sensitive 2026-02-18 10:19:12 -05:00
Georges-Antoine Assi
b3339c177b Run formatter on alembic files 2026-02-17 15:12:33 -05:00
Georges-Antoine Assi
77823c168d [AIKIDO-13126604] Stream file when building file hash 2026-02-16 13:51:20 -05:00
Georges-Antoine Assi
fe5b831afc Add Rom.ra_hash and RomFile.ra_hash fields to API 2026-02-13 11:11:02 -05:00
Georges-Antoine Assi
661a5504d7 find a couple more uses 2026-02-09 17:26:21 -05:00
Georges-Antoine Assi
66ee72431e fix bot comment 2026-02-08 21:23:42 -05:00
Georges-Antoine Assi
16cac7cf64 [ROMM-2972] Fix /props returning stale data 2026-02-08 21:10:12 -05:00
Georges-Antoine Assi
5596999a3b one last regression 2026-02-07 22:46:09 -05:00