mirror of
https://github.com/ChuckBuilds/LEDMatrix.git
synced 2026-04-10 13:02:59 +00:00
77e9eba29431e3e4bb37e5ee96e903181e386a44
3 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Chuck
|
df3cf9bb56 |
Feat/monorepo migration (#238)
* feat: adapt LEDMatrix for monorepo plugin architecture Update store_manager to fetch manifests from subdirectories within the monorepo (plugin_path/manifest.json) instead of repo root. Remove 21 plugin submodule entries from .gitmodules, simplify workspace file to reference the monorepo, and clean up scripts for the new layout. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: auto-reinstall plugins when registry repo URL changes When a user clicks "Update" on a git-cloned plugin, detect if the local git remote URL no longer matches the registry's repo URL (e.g. after monorepo migration). Instead of pulling from the stale archived repo, automatically remove and reinstall from the new registry source. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: plugin store "View" button links to correct monorepo subdirectory When a plugin has a plugin_path (monorepo plugin), construct the GitHub URL as repo/tree/main/plugin_path so users land on the specific plugin directory. Pass plugin_path through the store API response to the frontend. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: monorepo manifest fetch in search + version-based update detection Fix search_plugins() to pass plugin_path when fetching manifests from GitHub, matching the fix already in get_plugin_info(). Without this, monorepo plugin descriptions 404 in search results. Add version comparison for non-git plugins (monorepo installs) so "Update All" skips plugins already at latest_version instead of blindly reinstalling every time. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: show plugin version instead of misleading monorepo commit info Replace commit hash, date, and stars on plugin cards with the plugin's version number. In a monorepo all plugins share the same commit history and star count, making those fields identical and misleading. Version is the meaningful per-plugin signal users care about. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs: add CLAUDE.md with project structure and plugin store docs Documents plugin store architecture, monorepo install flow, version- based update detection, and the critical version bump workflow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * perf: extract only target plugin from monorepo ZIP instead of all files Previously _install_from_monorepo() called extractall() on the entire monorepo ZIP (~13MB, 600+ files) just to grab one plugin subdirectory. Now filter zip members by the plugin prefix and extract only matching files, reducing disk I/O by ~96% per install/update. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * perf: download only target plugin files via GitHub Trees API Replace full monorepo ZIP download (~5MB) with targeted file downloads (~200KB per plugin) using the GitHub Git Trees API for directory listing and raw.githubusercontent.com for individual file content. One API call fetches the repo tree, client filters for the target plugin's files, then downloads each file individually. Falls back to ZIP if the API is unavailable (rate limited, no network, etc.). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: clean up partial files between API and ZIP install fallbacks Ensure target_path is fully removed before the ZIP fallback runs, and before shutil.move() in the ZIP method. Prevents directory nesting if the API method creates target_path then fails mid-download. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: harden scripts and fix monorepo URL handling - setup_plugin_repos.py: add type hints, remove unnecessary f-string, wrap manifest parsing in try/except to skip malformed manifests - update_plugin_repos.py: add 120s timeout to git pull with TimeoutExpired handling - store_manager.py: fix rstrip('.zip') stripping valid branch chars, use removesuffix('.zip'); remove redundant import json - plugins_manager.js: View button uses dynamic branch, disables when repo is missing, encodes plugin_path in URL - CLAUDE.md: document plugin repo naming convention Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: harden monorepo install security and cleanup - store_manager: fix temp dir leak in _install_from_monorepo_zip by moving cleanup to finally block - store_manager: add zip-slip guard validating extracted paths stay inside temp directory - store_manager: add 500-file sanity cap to API-based install - store_manager: extract _normalize_repo_url as @staticmethod - setup_plugin_repos: propagate create_symlinks() failure via sys.exit, narrow except to OSError Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: add path traversal guard to API-based monorepo installer Validate that each file's resolved destination stays inside target_path before creating directories or writing bytes, mirroring the zip-slip guard in _install_from_monorepo_zip. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: use _safe_remove_directory for monorepo migration cleanup Replace shutil.rmtree(ignore_errors=True) with _safe_remove_directory which handles permission errors gracefully and returns status, preventing install_plugin from running against a partially-removed directory. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Chuck <chuck@example.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Chuck
|
bff16d3e00 |
refactor: migrate from submodules to multi-root workspace for plugins (#198)
* refactor: migrate from submodules to multi-root workspace for plugins - Updated LEDMatrix.code-workspace to include all plugin repos as root folders - Removed symlinks from plugin-repos/ and plugins/ directories - Updated .gitignore to reflect new plugin management approach - Added setup_plugin_repos.py script for managing plugin symlinks (if needed) - Added MULTI_ROOT_WORKSPACE_SETUP.md documentation Plugins are now managed as independent repositories via multi-root workspace, allowing for easier development and independent updates without modifying the LEDMatrix project structure. * Fix MULTI_ROOT_WORKSPACE_SETUP.md and add JSON error handling - Remove deprecated clone_plugin_repos.py command reference - Add language tag to directory tree code fence (fixes MD040) - Add JSONDecodeError handling in setup_plugin_repos.py with user-friendly error messages --------- Co-authored-by: Chuck <chuck@example.com> |
||
|
Chuck
|
71584d4361 |
Feature/widget registry system (#190)
* chore: Update basketball-scoreboard submodule for odds font fix
* feat(widgets): Add widget registry system for plugin configuration forms
- Create core widget registry system (registry.js, base-widget.js)
- Extract existing widgets to separate modules:
- file-upload.js: Image upload with drag-and-drop, preview, delete, scheduling
- checkbox-group.js: Multi-select checkboxes for array fields
- custom-feeds.js: Table-based RSS feed editor with logo uploads
- Implement plugin widget loading system (plugin-loader.js)
- Add comprehensive documentation (widget-guide.md, README.md)
- Include example custom widget (example-color-picker.js)
- Maintain backwards compatibility with existing plugins
- All widget handlers available globally for existing functionality
This enables:
- Reusable UI components for plugin configuration forms
- Third-party plugins to create custom widgets without modifying LEDMatrix
- Modular widget architecture for future enhancements
Existing plugins (odds-ticker, static-image, news) continue to work without changes.
* fix(widgets): Security and correctness fixes for widget system
- base-widget.js: Fix escapeHtml to always escape (coerce to string first)
- base-widget.js: Add sanitizeId helper for safe DOM ID usage
- base-widget.js: Use DOM APIs in showError instead of innerHTML
- checkbox-group.js: Normalize types in setValue for consistent comparison
- custom-feeds.js: Implement setValue with full row creation logic
- example-color-picker.js: Validate hex colors before using in style attributes
- file-upload.js: Replace innerHTML with DOM creation to prevent XSS
- file-upload.js: Preserve open schedule editors when updating image list
- file-upload.js: Normalize types when filtering deleted files
- file-upload.js: Sanitize imageId in openImageSchedule and all schedule handlers
- file-upload.js: Fix max-files check order and use allowed_types from config
- README.md: Add security guidance for ID sanitization in examples
* fix(widgets): Additional security and error handling improvements
- scripts/update_plugin_repos.py: Add explicit UTF-8 encoding and proper error handling for file operations
- scripts/update_plugin_repos.py: Fix git fetch/pull error handling with returncode checks and specific exception types
- base-widget.js: Guard notify method against undefined/null type parameter
- file-upload.js: Remove inline handlers from schedule template, use addEventListener with data attributes
- file-upload.js: Update hideUploadProgress to show dynamic file types from config instead of hardcoded list
- README.md: Update Color Picker example to use sanitized fieldId throughout
* fix(widgets): Update Slider example to use sanitized fieldId
- Add sanitizeId helper to Slider example render, getValue, and setValue methods
- Use sanitizedFieldId for all DOM IDs and query selectors
- Maintain consistency with Color Picker example pattern
* fix(plugins_manager): Move configurePlugin and togglePlugin to top of file
- Move configurePlugin and togglePlugin definitions to top level (after uninstallPlugin)
- Ensures these critical functions are available immediately when script loads
- Fixes 'Critical functions not available after 20 attempts' error
- Functions are now defined before any HTML rendering checks
* fix(plugins_manager): Fix checkbox state saving using querySelector
- Add escapeCssSelector helper function for safe CSS selector usage
- Replace form.elements[actualKey] with form.querySelector for boolean fields
- Properly handle checkbox checked state using element.checked property
- Fix both schema-based and schema-less boolean field processing
- Ensures checkboxes with dot notation names (nested fields) work correctly
Fixes issue where checkbox states were not properly saved when field names
use dot notation (e.g., 'display.scroll_enabled'). The form.elements
collection doesn't reliably handle dot notation in bracket notation access.
* fix(base.html): Fix form element lookup for dot notation field names
- Add escapeCssSelector helper function (both as method and standalone)
- Replace form.elements[key] with form.querySelector for element type detection
- Fixes element lookup failures when field names use dot notation
- Ensures checkbox and multi-select skipping logic works correctly
- Applies fix to both Alpine.js method and standalone function
This complements the fix in plugins_manager.js to ensure all form
element lookups handle nested field names (e.g., 'display.scroll_enabled')
reliably across the entire web interface.
* fix(plugins_manager): Add race condition protection to togglePlugin
- Initialize window._pluginToggleRequests map for per-plugin request tokens
- Generate unique token for each toggle request to track in-flight requests
- Disable checkbox and wrapper UI during request to prevent overlapping toggles
- Add visual feedback with opacity and pointer-events-none classes
- Verify token matches before applying response updates (both success and error)
- Ignore out-of-order responses to preserve latest user intent
- Clear token and re-enable UI after request completes
Prevents race conditions when users rapidly toggle plugins, ensuring
only the latest toggle request's response affects the UI state.
* refactor(escapeCssSelector): Use CSS.escape() for better selector safety
- Prefer CSS.escape() when available for proper CSS selector escaping
- Handles edge cases: unicode characters, leading digits, and spec compliance
- Keep regex-based fallback for older browsers without CSS.escape support
- Update all three instances: plugins_manager.js and both in base.html
CSS.escape() is the standard API for escaping CSS selectors and provides
more robust handling than custom regex, especially for unicode and edge cases.
* fix(plugins_manager): Fix syntax error - missing closing brace for file-upload if block
- Add missing closing brace before else-if for checkbox-group widget
- Fixes 'Unexpected token else' error at line 3138
- The if block for file-upload widget (line 3034) was missing its closing brace
- Now properly structured: if (file-upload) { ... } else if (checkbox-group) { ... }
* fix(plugins_manager): Fix indentation in file-upload widget if block
- Properly indent all code inside the file-upload if block
- Fix template string closing brace indentation
- Ensures proper structure: if (file-upload) { ... } else if (checkbox-group) { ... }
- Resolves syntax error at line 3138
* fix(plugins_manager): Skip checkbox-group [] inputs to prevent config leakage
- Add skip logic for keys ending with '[]' in handlePluginConfigSubmit
- Prevents checkbox-group bracket notation inputs from leaking into config
- Checkbox-group widgets emit name="...[]" checkboxes plus a _data JSON field
- The _data field is already processed correctly, so [] inputs are redundant
- Prevents schema validation failures and extra config keys
The checkbox-group widget creates:
1. Individual checkboxes with name="fullKey[]" (now skipped)
2. Hidden input with name="fullKey_data" containing JSON array (processed)
3. Sentinel hidden input with name="fullKey[]" and empty value (now skipped)
* fix(plugins_manager): Normalize string booleans when checkbox input is missing
- Fix boolean field processing to properly normalize string booleans in fallback path
- Prevents "false"/"0" from being coerced to true when checkbox element is missing
- Handles common string boolean representations: 'true', 'false', '1', '0', 'on', 'off'
- Applies to both schema-based (lines 2386-2400) and schema-less (lines 2423-2433) paths
When a checkbox element cannot be found, the fallback logic now:
1. Checks if value is a string and normalizes known boolean representations
2. Treats undefined/null as false
3. Coerces other types to boolean using Boolean()
This ensures string values like "false" or "0" are correctly converted to false
instead of being treated as truthy non-empty strings.
* fix(base.html): Improve escapeCssSelector fallback to match CSS.escape behavior
- Handle leading digits by converting to hex escape (e.g., '1' -> '\0031 ')
- Handle leading whitespace by converting to hex escape (e.g., ' ' -> '\0020 ')
- Escape internal spaces as '\ ' (preserving space in hex escapes)
- Ensures trailing space after hex escapes per CSS spec
- Applies to both Alpine.js method and standalone function
The fallback now better matches CSS.escape() behavior for older browsers:
1. Escapes leading digits (0-9) as hex escapes with trailing space
2. Escapes leading whitespace as hex escapes with trailing space
3. Escapes all special characters as before
4. Escapes internal spaces while preserving hex escape format
This prevents selector injection issues with field names starting with digits
or whitespace, matching the standard CSS.escape() API behavior.
---------
Co-authored-by: Chuck <chuck@example.com>
|