github Drakonis96/plexytrack v0.4.6
on GitHub

latest releases: v0.4.8, v0.4.7
9 hours ago

New Features

  • Secure Login System: Added authentication with hashed credentials (PBKDF2-SHA256) for internet-exposed deployments. Default credentials: admin / admin. Single-user support with rate limiting (5 attempts per 5 minutes) against brute force attacks.
  • Password Change: New Security tab in the Tracker Login page allows changing the password with username verification and double confirmation. Credentials persist across container restarts and updates via the config volume.
  • Security Tab: Added a dedicated "Security" tab in the Tracker Login configuration page with independent disconnect buttons for Plex, Trakt, and Simkl, plus a full data wipe option.
  • Secure Session Management: Sessions use HttpOnly cookies with SameSite=Lax policy, 24-hour expiry, and randomly generated secret keys.
  • Redirect URI Management UI: New "Redirect URIs" tab in the Tracker Login page allows users to add, remove, and select the active OAuth redirect URI for both Trakt and Simkl directly from the web interface. The active URI is persisted in settings.json and survives container restarts.
  • Redirect URIs in Docker Compose: Added TRAKT_REDIRECT_URI and SIMKL_REDIRECT_URI environment variables with sensible defaults to both docker-compose.yml and docker-compose-local.yml.

Changes

  • Logout Behavior: Logging out now only disconnects from the PlexyTrack session and redirects to the login page. It no longer clears Plex connections, tokens, or synced data.
  • Protected Routes: All application routes now require authentication. Unauthenticated requests are redirected to the login page (or receive a 401 JSON response for API calls).

Bug Fixes

  • Plex 401 crash fix: App no longer hangs/crashes when the Plex token expires during sync.
  • Simkl bidirectional sync safety guard: Prevents unnecessary processing when incremental Plex history returns 0 items.
  • mindate type error: Fixed 'str' object has no attribute 'timestamp' crash when calling plex_server.history().
  • OAuth auto-exchange: Fixed /oauth/<service> callback to automatically exchange the authorization code for tokens.
  • Plex token persistence: Plex token is now saved to auth.json and loaded on startup, surviving container restarts.
  • Sync concurrency lock: Added threading.Lock to prevent concurrent sync execution.
  • Race condition with global plex: Captured local reference at sync start to avoid the global variable being nulled mid-sync.
  • Duplicate sync calls: Removed duplicate sync_liked_lists and sync_collections_to_trakt invocations.
  • Unreachable except clause: Fixed duplicate except requests.exceptions.RequestException in sync_simkl_history.
  • Account ID warning spam: Changed to DEBUG level; added fallback chain.
  • Silent sync thread crashes: Added BaseException catch with full traceback logging.

Performance

  • GUID index optimization: Replaced per-item sec.getGuid() HTTP calls (~2040 requests, 10+ minutes) with a prebuilt GUID index. sync_liked_lists went from 10+ minutes to ~2 seconds.

Improvements

  • Misleading log messages: Fixed "full sync" log text that appeared during incremental syncs.
  • Sync error wrapping: All post-sync operations are now wrapped in try/except with logging.
Check out latest releases or
releases around Drakonis96/plexytrack v0.4.6

Don't miss a new plexytrack release

NewReleases is sending notifications on new releases.

Get notifications