mirror of
https://github.com/ChuckBuilds/LEDMatrix.git
synced 2026-05-21 20:33:33 +00:00
302ab1da4f
* fix(web-ui): dedup registry fetches, surface reconciliation warnings, add check-update endpoint
Story 1 — src/plugin_system/store_manager.py:
Add threading.Lock (_registry_fetch_lock) to fetch_registry(). The outer cache
check remains the hot path (no lock). When the cache is cold, only one thread
hits the network; concurrent callers block on the lock then get the result from
the warm cache (double-checked locking). Eliminates duplicate GitHub requests
on every page load when the 15-minute cache expires.
Story 2 — web_interface/app.py + api_v3.py + overview.html:
_run_startup_reconciliation() now writes /tmp/ledmatrix_reconciliation.json
(atomic tempfile+replace, mirrors hw_status pattern) so the result survives
the background thread. New GET /api/v3/plugins/reconciliation-status reads
that file. Overview page gains a dismissible yellow banner that shows stale
plugin_id values (e.g. sync, github, youtube) and tells the user to remove
them or reinstall from the Plugin Store. Banner is suppressed for the session
after dismiss using sessionStorage keyed on the plugin_id list.
Story 3 — web_interface/blueprints/api_v3.py:
Add GET /api/v3/system/check-update. Does git fetch origin main then compares
local HEAD vs origin/main to compute update_available, remote_sha, and
commits_behind. Result is cached for 5 minutes so it doesn't run git on every
page load. Falls back to {update_available: false} on any error. Eliminates
the 404 logged on every page load.
Story 4 (Pi 5 rgbmatrix rebuild) was already fixed in PR #341.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(plugin-config): handle missing `type` key in schema fields using oneOf/anyOf
Jinja2's `prop.type` on a dict without a `type` key returns an Undefined
object. Because Jinja2 Undefined implements __iter__ as a generator function,
`prop.type is iterable` evaluates True, then `prop.type[0]` calls
Undefined.__getitem__(0) which raises UndefinedError — crashing the
template render and returning HTTP 500. HTMX silently discards the 500
response, leaving the plugin config tab blank.
Fix: use `prop.get('type')` which returns None for missing keys instead of
Undefined. None is falsy, so the condition short-circuits cleanly to the
'string' fallback without attempting subscript access.
Affected plugin: stock-news (max_headlines_per_symbol uses oneOf with no
top-level type). Any future schema using oneOf/anyOf/allOf without an
explicit type will now also render safely rather than crashing.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(security): harden check-update, reconciliation status endpoint, and temp-file write
api_v3.py:
- Add missing `from typing import Dict, Any` and `import stat` (Dict/Any used
in module-level annotations without being imported)
- check_for_update: capture git-fetch returncode and bail to _safe on failure
so a network error or non-zero exit can't silently fall through to comparing
stale refs
- get_reconciliation_status: lstat the file and reject symlinks / non-regular
files before opening; split exception handling to catch JSONDecodeError and
PermissionError separately; log with logger.exception; return a generic
'Status file unavailable' message instead of str(e) to avoid leaking
internal details
overview.html:
- Replace one-shot reconciliation fetch with a polling loop (2 s interval via
setTimeout) so the banner still appears when reconciliation finishes after
the page first loads
- dismissReconciliationBanner: write sessionStorage immediately using the key
stored on the banner element (set at show time) so dismissal persists even
if the background sync fetch fails; clear the polling timer on dismiss to
avoid leaks
app.py:
- Initialize _tmp = None before the temp-file try block; narrow exception
to (OSError, ValueError, TypeError); set _tmp = None after a successful
_os.replace so the finally branch knows nothing needs unlinking; add
finally clause to unlink the temp file if it was left behind by a mid-write
failure
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: reconciliation status errors return graceful not-done instead of HTTP 500; log fetch stderr
get_reconciliation_status: symlink/non-regular-file, JSONDecodeError, and
PermissionError all now return {'done': False, 'unresolved': []} so the
polling loop in overview.html keeps retrying rather than stopping on a
transient error.
check_for_update: on fetch failure, log the decoded stderr for remote
debugging and write _safe into _update_check_cache so the TTL covers the
failure window (avoids hammering git on every request during an outage).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(bandit): replace hardcoded /tmp paths with tempfile.gettempdir() (B108)
Codacy/Bandit B108 flagged two hardcoded '/tmp/' string literals in app.py
(lines 737, 741). Replaced with _tempfile.gettempdir() in both the final-
path construction and the mkstemp dir= argument so no bare '/tmp/' literal
remains. Also updated the matching reader path in api_v3.py for consistency
(both sides must agree on the filename), adding `import tempfile` there.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Chuck <chuck@example.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
31 KiB
31 KiB