Fail-Safe/Technitium-DNS-Companion v1.2.1

on GitHub

[1.2.1] - 2025-12-24

Added

• Optional session-based authentication behind AUTH_SESSION_ENABLED=true, using HttpOnly cookies and server-side session storage.
• Dedicated TECHNITIUM_BACKGROUND_TOKEN support so background PTR/hostname work can run safely in session-auth mode.
• Guided migration from TECHNITIUM_CLUSTER_TOKEN → TECHNITIUM_BACKGROUND_TOKEN, including token creation + validation.
• Backend Jest tests and frontend Vitest/RTL tests covering the new auth + migration flows.
• Support for Technitium AdvancedBlockingApp v10+ refresh interval minutes via blockListUrlUpdateIntervalMinutes.
• UI inputs for list source refresh interval in hours + mins.

Changed

• Auth UX only requires the login page when session auth is enabled.

Fixed

• Reduced/no-op behavior for background PTR warming when it cannot run (e.g., no request/session context), preventing noisy failures.
• Request-context middleware registration to avoid intermittent auth/session issues across routes.
• List source refresh interval no longer appears stuck due to a cached reload after saving.
• Minutes input UX: allows clearing the default 0 while typing (prevents "0" from snapping back mid-edit).
• Added frontend regression test for the minutes input editing behavior.

Security

• Token capability validation for TECHNITIUM_BACKGROUND_TOKEN (must be least-privilege); unsafe/unverifiable tokens disable background PTR warming and surface warnings.
• Implemented a session-token-first approach using Technitium /api/user/login expiring tokens (no long-lived admin API tokens by default), while preserving backwards-compatible env-token “service mode”.
• When AUTH_SESSION_ENABLED=true, the backend requires HTTPS and supports TLS-terminating reverse proxies via TRUST_PROXY=true.