v1.0.5-beta.008 - Overhaul API key system and fix automation fuzzy matching
This commit introduces a major security upgrade to the external API key infrastructure and resolves critical false-positive matching bugs in the automated downloading and monitoring jobs.
API Key System Overhaul:
- Migrated from a single global plaintext key to a relational, database-backed ApiKey model.
- Implemented SHA-256 cryptographic hashing for secure key storage in the database.
- Added 'Acts As' functionality, allowing generated API keys to inherit specific user roles, permissions, and identities.
- Introduced key expiration dates and a manual revocation system for compromised keys.
- Created a centralized validateApiKey utility and secured all external endpoints (/api/v1/stats, /api/cron) with the new logic, while temporarily preserving backward compatibility for legacy keys.
- Redesigned the Admin Settings and API Guide UIs to support generating, copying (display-once), and managing multiple tokens.
Monitor Sync & Automation Fixes:
- Fixed a critical flaw in ProwlarrService where short issue numbers (e.g., 2) falsely matched release years (e.g., 2015) by enforcing strict regex word boundaries.
- Overhauled the Cron auto-importer fuzzy matching to strictly require issue number validation before mapping a downloaded file to a pending request.
- Applied identical strict fuzzy matching to the Admin Dashboard to prevent active downloads from visually linking to the wrong pending request.