chrisryn/requestarr
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
2,938 Commits 2 Branches 0 Tags
eaf397a021157b2bbf2057d130f6a59ec9728231
Commit Graph

802 Commits

Author SHA1 Message Date
0xsysr3ll
eaf397a021 feat(userlist): add sortable columns to User List (#1615) 2026-03-21 04:45:00 +05:00
YakGravity
10f23f009d fix(jellyfin-scanner): add TheMovieDb provider fallback for Jellyfin scanner (#2605) 2026-03-17 16:18:43 +01:00
0xsysr3ll
90d407d410 fix(movie,tv): respect display language for trailers (#2674) 2026-03-16 18:29:40 +01:00
Michael Thomas
36243a0deb chore: upgrade to eslint v9 (#2574) 2026-03-16 21:12:30 +05:00
fallenbagel
6c52a2f3ad fix(settings): serialize settings writes and prevent partial overwrites (#2696) 2026-03-16 11:29:41 +01:00
fallenbagel
0be18968b4 fix: disambiguate tmdb ids by media type across lookups (#2577) 2026-03-14 23:47:21 +05:00
Gauthier
d25d0ca570 fix(requests): mark requests as completed when media is already available (#2462) 
Co-authored-by: fallenbagel <98979876+Fallenbagel@users.noreply.github.com>
 2026-03-14 17:45:41 +05:00
0xsysr3ll
f40323c7c5 fix(migration): repair postgres blocklist id sequence (#2686) 2026-03-12 21:58:11 +05:00
0xsysr3ll
dccdc95927 feat(i18n): add Luxembourgish language support (#2671) 2026-03-12 19:07:58 +05:00
Michael Thomas
8563362588 test: support server-side unit testing (#2485) 2026-03-12 18:39:41 +05:00
0xsysr3ll
40edaea43f feat(i18n): add Vietnamese language support (#2670) 2026-03-12 15:59:56 +05:00
Jerra94
ff4ab21a9e feat(webhook): add jellyfinMediaId and jellyfinUserId to webhook notification (#1959) 2026-03-06 12:04:13 +01:00
0xsysr3ll
15489486cb fix(plex): set 4K Plex URLs whenever ratingKey4k is set (#2635) 2026-03-05 22:51:42 +01:00
bogo22
4ce0db1959 feat(trending): add filter options (#2137) 
Signed-off-by: Florian Hoech <code@florians-web.de>
 2026-03-05 15:24:55 +05:00
0xsysr3ll
3152f727ef feat(notifications): webhook custom headers (#2230) 
Signed-off-by: 0xsysr3ll <0xsysr3ll@pm.me>
 2026-03-05 15:23:47 +05:00
fallenbagel
9ec3d585d1 fix(email): correctly classify final MIME header in PGP email encryption (#2618) 2026-03-04 03:17:56 +05:00
fallenbagel
a16d0464a6 fix(issues): update issue timestamp when adding comments (#2616) 2026-03-02 12:35:18 +01:00
Lachlan Wisdom
3557745b62 feat(jellyfin): allow Jellyfin Guids with dashes for import-from-jellyfin endpoint (#2340) 2026-03-02 16:22:33 +05:00
0xsysr3ll
c23117eb6b feat(requests): mark requests as failed when Radarr/Sonarr unreachable (#2171) 
Signed-off-by: 0xsysr3ll <0xsysr3ll@pm.me>
 2026-03-02 04:41:27 +05:00
fallenbagel
61e0377361 feat(notifications): add priority setting for ntfy agent (#2306) 2026-03-02 04:37:57 +05:00
0xsysr3ll
001f6b1a34 fix(media): exclude null mediaAddedAt entries (#2607) 2026-03-01 22:51:51 +05:00
fallenbagel
5c34c91257 feat(sonarr): add monitorNewItems option to sonarr settings & modal (#2071) 2026-02-28 02:08:44 +05:00
ventiph
a2d1e1b06f refactor(notifications): move event from author to title field in Discord Embed (#2119) 2026-02-28 01:48:11 +05:00
Rin
e086081b19 fix(proxy): add path validation guardrail to imageproxy (#2531) 2026-02-28 00:14:05 +05:00
Gauthier
946bdecec5 Merge commit from fork 
This PR fixes a security issue where authenticated users could access and modify data belonging to
other users. The isOwnProfileOrAdmin() middleware was missing from several push subscription API
routes. As a result, any authenticated user on the instance could manipulate the userId parameter in
the URL to view or delete the push subscriptions of other users.
 2026-02-28 00:58:50 +08:00
fallenbagel
4f089b29d0 Merge commit from fork 
Add ownership check to GET /api/v1/user/:id so the full user object(including eager-loaded settings
with notification credentials) is onlyreturned to the user themselves or MANAGE_USERS admins. All
otherauthenticated users receive a stripped response (which is the intended behaviour as
https://github.com/sct/overseerr/pull/3695#issuecomment-1817827774). Also expands
User.filteredFields to strip sensitive fileds to prevent leaking credentials
 2026-02-28 00:58:28 +08:00
fallenbagel
4ae2068409 Merge commit from fork 
Fix a logic flaw in the jellyfin auth guard that allowed unauthenticated users to register accounts
on Plex-configured instances by authenticating against an attacker-controlled Jellyfin server.
 2026-02-28 00:36:17 +08:00
Pierre Spring
10ea21b20f feat: self-host font for better privacy (#2540) 2026-02-27 10:48:48 +01:00
Kenshin9977
55776ea24f fix(radarr): trigger search for existing monitored movies without files (#2391) 2026-02-25 15:58:05 +01:00
0xsysr3ll
947f70c3d7 fix(watch-data): use sentinel values to avoid invalid SQL syntax (#2552) 2026-02-23 21:24:48 +01:00
fallenbagel
3bcb4da1e5 feat(servarr-api): make Servarr API request timeout configurable (#2556) 2026-02-23 00:32:31 +01:00
fallenbagel
5013d1d54d fix(sonarr): use configured metadata provider for season filtering (#2516) 2026-02-22 18:13:39 +01:00
fallenbagel
68f56d2035 fix(jellyfin-scanner): include unmatched seasons in processable seasons (#2538) 2026-02-21 06:51:02 +05:00
fallenbagel
7c60a5c3c5 fix(plex-scanner): add TVDb to TMDB fallback in plex scanner (#2537) 2026-02-20 22:48:52 +01:00
fallenbagel
9da8bb6dea fix: preserve blocklist on media deletion & optimise watchlist-sync (#2478) 2026-02-18 21:23:50 +01:00
fallenbagel
e0e4b6f512 fix(watchlist-sync): correct permission typo for TV auto requests (#2488) 2026-02-18 15:23:20 +01:00
fallenbagel
c6bcfe0ae4 perf: add missing indexes on all foreign key columns (#2461) 2026-02-17 00:36:55 +08:00
fallenbagel
b499976902 fix(servarr): increase default API timeout from 5000ms to 10000ms (#2442) 2026-02-15 17:19:27 +05:00
Gauthier
bcd8002887 fix: run the blocklist migration last (#2417) 2026-02-14 16:26:03 +01:00
Conlan Kreher
33a5d9a9ac refactor: rename blacklist to blocklist (#2157) 
Signed-off-by: 0xsysr3ll <0xsysr3ll@pm.me>
Co-authored-by: fallenbagel <98979876+Fallenbagel@users.noreply.github.com>
Co-authored-by: 0xsysr3ll <0xsysr3ll@pm.me>
Co-authored-by: gauthier-th <mail@gauthierth.fr>
 2026-02-14 14:31:45 +01:00
fallenbagel
15be3d7475 fix(base-scanner): derive media availability from actual season state… (#2412) 2026-02-13 23:05:59 +05:00
fallenbagel
1ed86c14c0 fix(media-request-subscriber): prevent mediald nullification from cascade saves (#2356) 2026-02-13 15:02:22 +05:00
Gauthier
3eea8ee98e fix(watchlist): remove error log when a media from the watchlist is blacklisted (#2407) 2026-02-12 13:16:56 +05:00
fallenbagel
4f7819f028 fix: add IF EXISTS to SQLite migration DROP INDEX statements (#2398) 2026-02-10 14:25:36 +01:00
0xsysr3ll
e3dc1c302d fix(webpush): avoid querying push subs with empty user list (#2380) 2026-02-09 15:34:13 +01:00
fallenbagel
a44a3b1e14 perf: add database indexes & minor frontend/backend improvements (#2396) 2026-02-09 17:06:53 +05:00
fallenbagel
faa2c0a005 fix(servarr): add timeout to Radarr/Sonarr API requests to prevent infinite loading (#2375) 
* fix(servarr): add timeout to Radarr/Sonarr API requests to prevent infinite loading

Adds a 5-second timeout to all Radarr/Sonarr API requests and displays a warning banner when
services are unreachable. This prevents the Recent Requests section and request list pages from
hanging indefinitely when a configured service has connection issues.

fix #2374

* fix(requests): only show service error banner to users with advanced permissions
 2026-02-06 21:38:21 +01:00
fallenbagel
8fc68c3888 revert(media-request): revert #2316 explicitly setting the mediaId when creating request (#2372) 
This just reverts #2316. A further description is not needed. **TYPEORM**, thats all thats needed to
say.
 2026-02-04 17:51:59 +01:00
fallenbagel
8b41685b31 chore(deps): upgrade prettier, and tailwind (#2351) 2026-01-29 07:48:34 +01:00
fallenbagel
ddf347994a chore(deps): update dependencies and fix security vulnerabilities (#2342) 
* chore(deps): update dependencies and fix security vulnerabilities

Update TypeScript 4.9 → 5.4. Update Zod 3 → 4. Update nodemailer 6 → 7. Update @typescript-eslint
packages to v7. Update xml2js, undici, lodash, axios, swr, winston- Add pnpm.overrides for
transitive dependency vulnerabilities

* chore: fix import ordering for TypeScript 5.4 compatibility

prettier-plugin-organize-imports behaves differently with TypeScript 5.4 vs 4.9, causing CI
formatting checks to fail. This reformats imports to match the ordering expected by the plugin with
the upgraded TS version.
 2026-01-27 19:00:42 +01:00