This commit completes the "Improving Structure & Maintainability" phase by fundamentally refactoring the frontend architecture.
- Introduced a central state store (store.js) to act as a single source of truth, eliminating global variables and making data flow predictable through an event-based system.
- Replaced innerHTML with component-based rendering for all major UI elements, including warranty cards, tags, and all modals (Edit, Delete, Claims, Notes, Paperless). This improves security, performance, and maintainability.
- Created reusable UI component modules (warrantyCard.js, editModal.js, claims.js, etc.) and used an HTML <template> for the main warranty card to separate markup from logic.
* Added Model Number field to warranties (backend + frontend integration)
* Expanded localization: added Polish and Hebrew (with RTL), completed warranty claim translations for all locales
* Enhanced search: Model Number now searchable on Home and Status pages
* Improved Status page with Archived warranties filtering and display
* Fixed Global view logic for archived warranties and Model Number visibility
* Corrected missing Model Number translations across all languages
* Improved Add Warranty modal responsiveness on small screens
* Fixed document URL visibility bug and Chrome horizontal scrollbar issue
* Updated major dependencies (Python 3.14, gevent 25.9.1, Flask 3.1.2, etc.)
* Added Reddit community link and localization on About page
* PWA and cache updates for faster rollout and consistent asset refresh
- Added new `audit_log` table with supporting migration (048)
- Implemented centralized `create_audit_log` helper to record key admin actions
- Logged events include:
- Site setting changes (sensitive data masked)
- User updates and deletions
- Added API endpoint `GET /api/admin/audit-trail` for viewing recent audit entries
- Created new frontend section in Settings for viewing the Audit Trail
- Displays timestamp, user, action, and details with safe HTML escaping
- Updated backend structure for better modularity and security
Files:
`backend/migrations/048_create_audit_log_table.sql`,
`backend/audit_logger.py`,
`backend/admin_routes.py`,
`frontend/settings-new.html`,
`frontend/settings-new.js`
* **Fixed:**
* Global view on Index page now correctly shows warranties from all users, including archived ones.
* Added `GET /api/warranties/global/archived` and unified global queries with correlated subqueries to avoid missing or collapsed rows.
* Updated frontend logic to merge archived warranties from the new endpoint when Global scope and Status = “All.”
* Bumped `script.js` and service worker cache to ensure clients receive updated logic.
* Updated files: `backend/warranties_routes.py`, `frontend/script.js`, `frontend/sw.js`, `frontend/index.html`, `frontend/status.html`.
* **Added:**
* Introduced **Model Number** field to warranties.
* Backend: Added `model_number` column, integrated into GET/POST/PUT routes.
* Frontend: Added Model Number input in New/Edit modals and display on warranty cards.
* Updated files: `backend/migrations/047_add_model_number_to_warranties.sql`, `backend/warranties_routes.py`, `frontend/index.html`, `frontend/status.html`, `frontend/script.js`, `locales/en/translation.json`.
* **Enhanced:**
* Improved **Add Warranty modal** tab alignment for responsive layouts (≤740px).
* Adjusted tab label size and spacing to prevent wrapping while keeping icons and labels visible.
* Ensured consistent five-step progress indicator across all breakpoints.
* Updated file: `frontend/style.css`.
* Major usability and reliability improvements across frontend and backend
* Filters (Status, Tag, Vendor, Type, Search, Sort) now persist across views and sync via API for cross-device consistency
* Archived warranties correctly appear under “All” without affecting other filters
* Enhanced OIDC system with admin group support, secure secret handling, and improved attribute synchronization
* New responsive mobile hamburger menu and tablet-specific UI enhancements
* Fixed archived item styling, menu initialization, and login page layout issues
* Includes minor UX refinements, PyJWT compatibility updates, and deprecation clean-ups
Introduced Turkish language support and non-destructive warranty archiving. Modernized login page, filters, sorting, and tag management with responsive, theme-aware UI updates. Persisted filter/sort state across sessions, improved mobile layout, and fixed dark mode, i18n, and SSO alignment issues.
- Fixed: Paperless-ngx document uploads were being incorrectly flagged as duplicates due to invalid API parameter usage (checksum → checksum__iexact).
- Fixed: API token authentication with Paperless-ngx now works properly when Two-Factor Authentication (2FA) is enabled, ensuring secure token-only integration.
- Fixed: Restored missing i18next JavaScript libraries for non-Docker installations, ensuring status page and i18n features function correctly.
- Enhanced: Replaced psycopg2-binary with psycopg2 for production stability and compatibility.
- Enhanced: Adjusted .gitignore to track /lib directory, ensuring essential libraries are available across environments.
This release introduces three major enhancements:
1. Warranty claims tracking system with full database, API, and frontend integration to manage claims across their lifecycle.
2. Comprehensive URL/link support for documents and invoices, including database schema updates, API handling, responsive frontend integration, and error-resilient JavaScript improvements.
3. Database port configuration support via DB_PORT environment variable, ensuring flexible deployment while maintaining backward compatibility.
Additional improvements include UI/UX enhancements, null safety checks, error resolution in modals, and deployment configuration updates.
Fixes & Enhancements
* Resolved five critical Apprise notification issues:
• Ensured configuration reload during scheduled jobs
• Fixed warranty data fetching for Apprise-only users
• Refactored notification dispatch logic with dedicated helpers
• Corrected handler scoping via Flask app context
• Wrapped scheduler jobs with Flask app context to prevent context errors
→ Verified: Scheduled Apprise notifications now work reliably for "Apprise only" and "Both" channels.
* Added support for SMTP\_FROM\_ADDRESS environment variable, allowing sender address customization independent of SMTP username. (PR #115)
* Fixed duplicate scheduled notifications in multi-worker environments:
• Strengthened should\_run\_scheduler() logic
• Now guarantees exactly one scheduler instance across all Gunicorn modes.
* Fixed stale database connection handling in scheduled jobs:
• Fresh connection acquired each run, properly released via try/finally
• Eliminates "server closed the connection" errors.
* Definitive scheduler logic fix for all memory modes (ultra-light, optimized, performance):
• Single-worker runs scheduler if GUNICORN\_WORKER\_ID is unset
• Multi-worker: only worker 0 runs scheduler.
Impact
* Apprise and Email notifications are now stable, reliable, and production-ready
* No more duplicate or missed notifications across all memory modes
* Improved system efficiency and robustness
Fixes & Enhancements
* Resolved five critical Apprise notification issues:
• Ensured configuration reload during scheduled jobs
• Fixed warranty data fetching for Apprise-only users
• Refactored notification dispatch logic with dedicated helpers
• Corrected handler scoping via Flask app context
• Wrapped scheduler jobs with Flask app context to prevent context errors
→ Verified: Scheduled Apprise notifications now work reliably for "Apprise only" and "Both" channels.
* Added support for SMTP\_FROM\_ADDRESS environment variable, allowing sender address customization independent of SMTP username. (PR #115)
* Fixed duplicate scheduled notifications in multi-worker environments:
• Strengthened should\_run\_scheduler() logic
• Now guarantees exactly one scheduler instance across all Gunicorn modes.
* Fixed stale database connection handling in scheduled jobs:
• Fresh connection acquired each run, properly released via try/finally
• Eliminates "server closed the connection" errors.
* Definitive scheduler logic fix for all memory modes (ultra-light, optimized, performance):
• Single-worker runs scheduler if GUNICORN\_WORKER\_ID is unset
• Multi-worker: only worker 0 runs scheduler.
Impact
* Apprise and Email notifications are now stable, reliable, and production-ready
* No more duplicate or missed notifications across all memory modes
* Improved system efficiency and robustness
Fixes & Enhancements
* Resolved five critical Apprise notification issues:
• Ensured configuration reload during scheduled jobs
• Fixed warranty data fetching for Apprise-only users
• Refactored notification dispatch logic with dedicated helpers
• Corrected handler scoping via Flask app context
• Wrapped scheduler jobs with Flask app context to prevent context errors
→ Verified: Scheduled Apprise notifications now work reliably for "Apprise only" and "Both" channels.
* Added support for SMTP\_FROM\_ADDRESS environment variable, allowing sender address customization independent of SMTP username. (PR #115)
* Fixed duplicate scheduled notifications in multi-worker environments:
• Strengthened should\_run\_scheduler() logic
• Now guarantees exactly one scheduler instance across all Gunicorn modes.
* Fixed stale database connection handling in scheduled jobs:
• Fresh connection acquired each run, properly released via try/finally
• Eliminates "server closed the connection" errors.
* Definitive scheduler logic fix for all memory modes (ultra-light, optimized, performance):
• Single-worker runs scheduler if GUNICORN\_WORKER\_ID is unset
• Multi-worker: only worker 0 runs scheduler.
Impact
* Apprise and Email notifications are now stable, reliable, and production-ready
* No more duplicate or missed notifications across all memory modes
* Improved system efficiency and robustness
Resolved critical scheduler initialization bug in Docker ultra-light mode by moving scheduler setup into the create_app() function and improving worker detection logic. Added missing /api/timezones and /api/locales endpoints to support frontend settings page. Ensured compatibility across all memory modes with single-worker and multi-worker setups. Also fixed mobile UI issues including text overflow on the "Manage Tags" button and oversized warranty cards in list view. Implemented responsive CSS adjustments for mobile screens to improve layout and usability.
### Highlights:
- **Environment Variable Precedence Fix:** Corrected config loading logic to prioritize environment variables over database defaults on fresh installations. Ensured OIDC, Apprise, and email settings are now correctly derived from `.env` files. Also fixed the `/api/auth/oidc-status` endpoint to reflect the true state.
- **PostgreSQL Migration Permissions:** Updated migration scripts to avoid `CREATEROLE` errors on standard DB users by using `DO` blocks with graceful fallbacks.
### Major Code Refactoring:
- **Blueprint Extraction:**
- Moved admin, warranty, tag, file handling, and statistics routes into dedicated Flask Blueprints for improved maintainability.
- Introduced `file_routes.py`, `tags_routes.py`, `admin_routes.py`, `warranties_routes.py`, and `statistics_routes.py`.
- **Application Factory Pattern:**
- Adopted the Flask Application Factory pattern using `create_app()` for modular, testable architecture.
- Added `config.py`, centralized `extensions.py`, and simplified `app.py` to a minimal entry point.
### Additional Fixes:
- Restored missing `/api/currencies` and `/api/settings/global-view-status` endpoints.
- Fixed status page warranty expansion and toast notification issues.
- Updated frontend logic to properly show Paperless-ngx documents on warranty cards and status page.
### Impact:
- Configuration via Docker `.env` now works reliably.
- Application can now run on standard PostgreSQL setups.
- Codebase is modular and easier to maintain.
- Frontend issues related to missing endpoints and document visibility are resolved.
- Moved warranty status row to the bottom of cards for better visual hierarchy in both grid and list views.
- Ensured real-time UI updates on tag edits and deletions, fixing stale tag info across the app.
- Added missing tag-related translation keys and warranty addition success messages across 17+ languages.
- Resolved caching issues by updating service worker logic, asset versioning, and nginx headers.
- Removed redundant Docker Compose commands causing migration duplication during updates.
- Enhanced CSV import to support flexible date formats using `dateutil.parser`, improving user experience.
- Fixed warranty duration selection limits by increasing max values in frontend and backend with DB migration.
- Improved Paperless-ngx integration with duplicate document detection and user-friendly linking.
- Fixed DB migration permission issues by granting `CREATEROLE` and removing redundant grants.
- Restored missing product photos by correcting a broken image loader function call.
### Enhanced
- Implemented comprehensive cache busting with version `v=20250118001` across all HTML, CSS, JS, and service worker assets.
- Updated service worker to force cache refresh and manage new asset list.
- Improved performance and consistency with synchronized frontend and PWA cache handling.
### Added
- Introduced full internationalization support for 17 languages including RTL support for Arabic and Persian.
- Language detection, native name display, and instant switching without reload.
- Updated UI, dropdowns, and translation files for complete multilingual experience.
### Fixed
- Resolved Paperless-ngx document auto-linking when adding a warranty (file association now preserved pre-reset).
- Prevented duplicate toast warnings when submitting forms with missing fields.
### Backend
- Extended language code validation and updated DB constraints for new language support.
### Files
- HTML, JS, CSS, service worker, translation files, and backend routes/migrations.
- Redesigned warranty card with icon-based info display:
📅 Age, 📄 Duration, 🔧 End Date, 🪙 Price, 📊 Serial, 🏪 Vendor, 🛡️ Type
- Improved layout across grid/list/table views: better spacing, no thumbnail overlap, dark mode support
- Added serial number display enhancements
- Integrated Paperless-ngx document browser in warranty forms:
- Browse, search, filter, and select documents from Paperless-ngx
- Modal UI with responsive design and tag-based filtering
- Backend API for tag retrieval with auth and error handling
- Added user preference to view Paperless docs in-app:
- Toggle setting in UI, persisted via DB/localStorage
- Secure in-app viewing with fallback to external domain
- Updated backend routes and frontend logic
Files touched: `script.js`, `style.css`, `index.html`, `auth_routes.py`, `app.py`, `settings-new.html`, `settings-new.js`, DB migration
Introduced full integration with Paperless-ngx to enable intelligent document management and flexible storage options.
Key changes:
- Added admin settings section for configuring Paperless-ngx (server URL, API token, connection testing, toggle).
- Implemented hybrid storage logic in `backend/app.py` allowing per-document selection between local and Paperless-ngx.
- Enhanced warranty card UI with visual indicators for storage location (cloud vs. local icons).
- Integrated storage selection and upload process into both Add and Edit Warranty workflows with parity.
- Enabled direct access to Paperless-ngx documents via the warranty interface.
- Ensured automatic cleanup of old documents when storage preference is switched.
Affected files:
- `backend/app.py`
- `frontend/script.js`
- `frontend/settings-new.html`
- `frontend/settings-new.js`
Resolved a critical issue preventing the first user from registering on newly deployed instances. The fix includes:
- Added missing logger import in `backend/auth_routes.py`, resolving a "logger not defined" error.
- Improved the `owner` check in `backend/app.py` to account for missing `is_owner` column during initial database migrations.
- Implemented graceful error handling for column existence checks to prevent runtime failures during startup.
- These fixes ensure smooth initial registration without internal server errors on fresh deployments.
This major update introduces several significant new features, critical bug fixes, and key enhancements across the application, focusing on user customization, administration, and system stability.
New Features
Currency Position Control: Allows users to choose whether the currency symbol appears on the left or right of numbers. This setting is applied universally across the app, including warranty cards and forms, and is saved per-user.
Super-Admin (Owner) Role: Implements an immutable Owner role for the primary administrator, who cannot be deleted or demoted. A secure ownership transfer process has been added to the admin settings.
OIDC-Only Login Mode: Adds a site-wide setting to enforce OIDC-only authentication, which hides the traditional username/password login form to streamline SSO environments.
Product Age Tracking & Sorting: Displays the age of a product (e.g., "2 years, 3 months") on warranty cards and adds a new "Sort by Age" option to organize items by their purchase date.
Global View Photo Access: Permits users to view product photos on warranties shared in global view, while ensuring other sensitive documents like invoices remain private to the owner.
Persistent View Scope: The application now remembers the user's last selected view (Global or Personal) and automatically loads the appropriate data on page refresh for a seamless experience.
Export Debug Tools: Introduces a comprehensive debugging system, including a new debug page and API endpoint, to help administrators troubleshoot and verify warranty exports.
Key Enhancements
About Page Redesign: A complete visual overhaul of the "About" page with a modern, card-based layout, prominent community links, and improved branding.
Flexible Apprise Notifications: Admins can now configure Apprise notifications to be a single global summary or sent as per-user messages. Additionally, the scope can be set to include warranties from all users or only the admin's warranties.
Larger Product Photo Thumbnails: Increased the size of product photo thumbnails in all views (grid, list, and table) for better product visibility.
Smart Currency Default: The "Add Warranty" form now intelligently defaults to the user's preferred currency setting, rather than always using USD.
Bug Fixes
Critical OIDC & Proxy Fixes: Resolved two major OIDC issues: a RecursionError with gevent workers and incorrect http:// callback URLs when behind an HTTPS reverse proxy, enabling reliable OIDC login.
Critical User Preferences Persistence: Fixed a bug where user settings for currency symbol and date format were not being saved correctly to the database.
Apprise & Notification Settings: Corrected an issue preventing user notification channel and Apprise timing settings from saving. The Apprise message format is now standardized, and the admin UI has been cleaned up.
CSV Import Currency: Ensured that warranties imported via CSV correctly use the user's preferred currency instead of defaulting to USD.
Maintenance & Refactoring
Authentication System Refactoring: Migrated all authentication-related routes from app.py into a dedicated Flask Blueprint (auth_routes.py) to improve code organization and maintainability.
Legacy Code Cleanup: Removed over 290 lines of orphaned and commented-out legacy OIDC code from the main application file.
### Major Features
- **Public Global Warranty View:** All authenticated users can now view global warranties. Admins retain full control; regular users get read-only access to others’ warranties.
- **Global View Admin Controls:** Admins can now toggle global view availability and limit it to admins only via site settings.
- **Global Status Dashboard View:** Extended global view to warranty statistics and dashboards with full permissions enforcement.
- **Apprise Push Notifications:** Integrated Apprise for multi-platform warranty alerts with extensive backend and frontend support (80+ services).
- **Warranty Type Filtering/Sorting:** Introduced dynamic, case-insensitive filtering and sorting by warranty type on the main page.
- **Admin Global Warranty View:** Dedicated admin tools and UI for viewing all warranties with enhanced styling and user info.
### UX/UI Enhancements
- **Product Photo Thumbnails:** Added interactive, responsive photo previews on warranty cards across all views.
- **Updated Footer Links:** All "Powered by Warracker" footers now link to the official website (`https://warracker.com`).
### Fixes and Stability Improvements
- **Status Dashboard Chart Fixes:** Resolved canvas reuse errors and chart switching issues.
- **CSS Cache Busting:** Ensured consistent styling across domain/IP access by versioning CSS/JS and updating service worker.
- **Settings Access Fixes:** Regular users can now access the settings page without triggering admin-only API calls.
- **Settings Persistence Fixes:** Addressed major frontend/backend issues preventing correct saving/loading of user preferences.
- **Notification Timing Overhaul:** Rewrote logic for precise notification delivery and implemented duplicate prevention.
### Security and Technical Enhancements
- Global view maintains secure ownership enforcement.
- Improved permission checks, graceful degradation, and responsive design across all new features.
This update resolves several critical bugs and introduces enhancements for improved reliability and UX:
View Preference Persistence:
Fixed issues where user view preferences (Grid/List/Table) weren't retained across logins or tabs. Changes span both backend and frontend to ensure proper key prefixing and prevent overwrites or sync issues.
Password Management Fixes:
Added missing /api/auth/password/change endpoint. Fixed password reset behavior and improved frontend error handling for clarity and accuracy.
SMTP Port 587 (STARTTLS) Support:
Updated email logic to reliably support both SMTPS (port 465) and STARTTLS (port 587), ensuring compatibility with major email services.
UI Consistency:
Standardized headers across auth pages and made the app title consistently clickable for improved navigation.
Branding Enhancement:
Updated footer links from GitHub to the official Warracker site across all major pages for better branding and user guidance.
This update introduces comprehensive OpenID Connect (OIDC) Single Sign-On support with dynamic configuration via the database and full frontend/backend integration. Key additions include:
- OIDC SSO login via external providers (e.g., Google, Keycloak), with automatic user provisioning and session linking.
- Admin settings UI for enabling/disabling SSO and managing provider credentials.
- Provider-branded SSO buttons with dynamic labels, icons, and styles.
- Exact warranty expiration date support alongside duration-based input, with full validation and UI enhancements.
- Full UI responsiveness for warranty field updates, tag creation, and note editing.
- Memory usage optimization for low-resource deployments via configurable modes (optimized, ultra-light, performance).
- Numerous fixes for SSO authentication flow, UI sync issues, database constraints, and modal interactions.
- Upgraded dependencies for security, performance, and compatibility (Flask 3.0.3, Gunicorn 23.0.0, etc.).
- Frontend improvements: Chart.js loading fix, tooltips for long product names, and dark/light mode-compatible footer.
This release significantly improves authentication flexibility, performance, and user experience across all major components.
This release introduces several key features and improvements
Added:
- Account email change support from Settings with full validation and UI update.
- Progressive Web App (PWA) capability with manifest and service worker integration.
- "Manage Tags" button on the main page to streamline tag management UX.
Changed:
- Improved responsiveness of key pages (index, status) across mobile and tablet views.
- Replaced hardcoded DB credentials with environment variable references (contribution by @humrochagf, commit 20997e9):
• Credentials are now pulled from Docker Compose env vars.
• Redundant superuser credential checks removed.
• Updated migration and permission scripts for dynamic configuration.
This version enhances user flexibility, security, and cross-device compatibility.
### Added
- Collapsible warranty details in the Status page table, showing full warranty info inline.
- Inline warranty editing via "Edit Warranty" button in expanded view.
- Vendor column added to sort options on the main warranty list.
- Vendor filter dropdown added to the main warranty list.
### Changed
- Removed direct product name links from Status page table in favor of inline expansion.
- CSV export now formats dates as YYYY-MM-DD.
### Fixed
- Resolved browser validation error with product URLs in hidden tabs by switching to text input and improving validation logic.
- Edit modal no longer closes on backdrop clicks.
- Migration scripts now support custom `DB_NAME` values by removing hardcoded names.
Refer to changelogs for more details.
- Replaced single warranty period field with separate Year/Month/Day inputs
- Added support for uploading ZIP/RAR documents to warranties
- Made JWT secret and upload size limits configurable via environment variables
- Fixed backend indentation error, SQL migration bug, and smtplib re-import
- Cleaned up obsolete frontend settings files
