🚀 Big update with New Features, Fixes, & Enhancements

This release introduces significant new features, including public global warranty viewing, comprehensive push notification support via Apprise, advanced filtering and sorting, and visual product photo thumbnails. It also includes critical bug fixes addressing caching, permission issues, settings persistence, and notification reliability, alongside important security hardening and branding consistency updates.

Thanks to everyone who reported issues and provided feedback—your input directly improves Warracker!

✨ Added

Public Global Warranty View for All Users

A major update extending the global warranty view functionality to all authenticated users, providing transparency while maintaining security.

• Regular Users: Can view all warranties from all users but can only edit/delete their own.
• Admin Users: Retain full administrative control to edit/delete any warranty in the global view.
• Read-Only Protection: Edit/delete buttons replaced with a view-only eye icon for warranties not owned by the current user (unless they are an admin).
• Includes new Admin Global View Control Settings and integration with the Status Dashboard.
• UI labels and tooltips updated to reflect the new public access model.

Files: See "Technical Implementation for Global View Features" below.

Apprise Push Notifications Integration

Implemented a comprehensive push notification system supporting over 80 services for warranty expiration alerts.

• Backend: Includes a dedicated Apprise handler, database migration for settings, full API endpoints for management (test, validate, reload, trigger), and scheduler integration.
• Frontend: Adds a complete configuration section in Admin Settings with real-time status, URL management, and testing capabilities, styled with modern UI components.
• Supported Services: Discord, Slack, Telegram, Email (Gmail, Outlook), Microsoft Teams, Webhooks, Matrix, Pushover, Ntfy, Gotify, and 70+ more.
• Configuration: Supports multiple URLs, flexible timing, custom branding, test functionality, and URL validation.
• Environment Support: Full environment variable support with fallback to database config.
• Graceful Degradation: System functions normally if Apprise isn't installed.

Files: backend/apprise_handler.py, backend/migrations/026_add_apprise_settings.sql, backend/app.py, backend/db_handler.py, backend/requirements.txt, frontend/settings-new.html, frontend/settings-new.js, frontend/settings-styles.css, docker-compose.yml, env.example

Warranty Type Filtering and Sorting

Enhanced the home page with new filtering and sorting options based on warranty type.

• Added a "Warranty Type" filter dropdown, dynamically populated with unique types from existing warranties.
• Filtering is case-insensitive.
• Added "Warranty Type" as a sorting option in the Sort By dropdown.
• Real-time filtering integrates seamlessly with existing filters.

Files: frontend/index.html, frontend/script.js

Product Photo Thumbnails on Warranty Cards

Added visual product photo thumbnails to warranty cards across all viewing modes (Grid, List, Table).

• Thumbnails are displayed in the top right corner for quick visual identification.
• Clicking a thumbnail opens the full-size image in a new tab.
• Images are served securely, ensuring only authorized users can view them.
• Thumbnails update in real-time when photos are added or updated.
• Includes hover effects and tooltips.

Files: frontend/script.js, frontend/style.css

🛠 Fixes

Status Dashboard Chart.js Canvas Errors

Resolved "Canvas is already in use" errors preventing charts from rendering correctly on the status page.

• Added proper chart destruction before creating new charts.
• Implemented flags to prevent multiple dashboard initializations.
• Protected against duplicate DOM event handler attachments.
• Improved error handling around chart creation and destruction.
• Fixed chart recreation issues during view switching.

Files: frontend/status.js

CSS Cache Busting for Domain Consistency

Implemented version parameters for CSS and JavaScript files to prevent caching issues when accessing the app via local IP vs. domain.

• Version parameters added to core CSS and JS files (style.css, script.js, etc.).
• Updated Service Worker cache name and included versioned files to force cache refresh.
• Ensures consistent styling and functionality across all pages regardless of access method.

Files: frontend/index.html, frontend/settings-new.html, frontend/status.html, frontend/script.js, frontend/sw.js

Settings Page Admin Permission Issues

Fixed critical database connection and 403 permission errors affecting regular users on the settings page.

• Corrected inconsistent cursor variable usage in the backend account deletion function.
• Added comprehensive frontend admin permission checks to prevent non-admin users from triggering 403 errors by attempting to access admin-only settings calls.
• Enhanced 403 handling to hide admin sections gracefully instead of showing errors for regular users.
• Improved error messaging by fixing nested try-catch blocks that masked actual API errors.

Files: backend/app.py, frontend/settings-new.js

Settings Persistence Critical Fixes

Resolved major issues where user preferences, particularly Apprise notification settings, would not persist correctly after saving.

• Fixed a critical bug in the backend /api/auth/preferences endpoint that prevented Apprise settings from being saved due to strict conditional logic.
• Ensured all Apprise fields are returned in API responses and mapped correctly.
• Eliminated multiple simultaneous API calls in the frontend that caused race conditions during preference loading.
• Ensured API data takes precedence over localStorage and synchronized UI states (like dark mode).

Files: backend/app.py, frontend/settings-new.js

Notification System Comprehensive Overhaul

Fixed critical timing issues and duplicate notifications for both email and Apprise scheduled alerts.

• Rewrote notification timing calculation for precise delivery within a small post-target window.
• Implemented a robust in-memory duplicate prevention system with daily resets.
• Added try/catch blocks and variable consistency fixes to handle potential database column mismatches gracefully.
• Enhanced debug logging for detailed troubleshooting of timing and eligibility.

Files: backend/notifications.py, backend/app.py

Technical Implementation for Global View Features

Details on the technical changes made to implement the Public Global Warranty View and related features.

• Backend (app.py): Added /api/warranties/global, /api/statistics/global, and /api/settings/global-view-status endpoints. Added global_view_enabled and global_view_admin_only site settings.
• Frontend (script.js): Renamed initAdminViewControls() to initViewControls(), removed admin restriction for initialization, added permission logic for edit/delete buttons, updated API calls, and added automatic fallback.
• Frontend (index.html): Updated tooltips and labels.
• Frontend (style.css): Added styling for view-only placeholder.
• Frontend (settings-new.html): Added Global View settings toggles.
• Frontend (settings-new.js): Added loading/saving logic for global view settings.
• Frontend (status.html): Added view switcher and owner column to table.
• Frontend (status.js): Added global view logic, API switching, and permission checks.

Files: backend/app.py, frontend/script.js, frontend/index.html, frontend/style.css, frontend/settings-new.html, frontend/settings-new.js, frontend/status.html, frontend/status.js

Security Features (Related to Global View)

• Backend endpoints require authentication.
• Frontend validates ownership/admin status before allowing modifications.
• Regular users can only modify their own warranties.
• Admin users can modify any warranty.
• Maintains data privacy with transparency.

User Experience (Related to Global View)

• Seamless view switching for all users.
• Clear visual indication (eye icon) for read-only warranties.
• Consistent UI patterns.
• Enhanced tooltips explaining read-only access.

✨ Enhanced

Footer Links

Updated all "Powered by Warracker" footer links to point to https://warracker.com for consistent branding and direct access to the official website.

Files: frontend/index.html, frontend/login.html, frontend/register.html, frontend/reset-password.html, frontend/reset-password-request.html, frontend/settings-new.html, frontend/status.html, frontend/auth-redirect.html, frontend/about.html

PostgreSQL Security Hardening

Removed unnecessary SUPERUSER privileges from the application database user, significantly improving the security posture by adhering to the principle of least privilege.

• Removed SUPERUSER grants from SQL scripts (fix_permissions.sql, migrations/011_ensure_admin_permissions.sql).
• Removed attempts to grant SUPERUSER in Dockerfile.
• Application operates with only necessary privileges.
• Full functionality verified after changes.

Files: backend/fix_permissions.sql, backend/migrations/011_ensure_admin_permissions.sql, Dockerfile

📁 Summary of Files Changed

Backend:

• backend/app.py
• backend/apprise_handler.py
• backend/db_handler.py
• backend/fix_permissions.sql
• backend/migrations/011_ensure_admin_permissions.sql
• backend/migrations/026_add_apprise_settings.sql
• backend/notifications.py
• backend/requirements.txt
  Frontend JS:
• frontend/script.js
• frontend/settings-new.js
• frontend/status.js
• frontend/sw.js
• frontend/auth.js
  Frontend HTML:
• frontend/index.html
• frontend/settings-new.html
• frontend/status.html
• frontend/login.html
• frontend/register.html
• frontend/reset-password.html
• frontend/reset-password-request.html
• frontend/auth-redirect.html
• frontend/about.html
  Frontend CSS:
• frontend/style.css
• frontend/settings-styles.css
• frontend/header-fix.css
• frontend/mobile-header.css
  Config/Other:
• docker-compose.yml
• env.example
• Dockerfile

💔 Known Issues

• Authentik still not working, working on it.

📸 Screenshots