Added
- Enhanced series data via Hardcover — Series can now be managed manually, linked to Hardcover series, and compared against the Hardcover catalog. The Series page shows present, missing, local-only, and uncertain books; missing catalog entries can be filled all at once or one row at a time, creating wanted/monitored book rows and queuing searches. The enhanced controls are gated behind
BINDERY_ENHANCED_HARDCOVER_API, a saved Hardcover API token, and the admin setting in Settings -> General. - Prometheus
/metricsendpoint (#429) — Bindery now exposesbindery_http_*(request rate / latency by route template),bindery_scheduler_*(job-run counts and durations), andbindery_build_infoalongside the standardgo_*runtime andprocess_*collectors. Mounted at/metricsoutside the/apiauth chain so Prometheus scrapes work without session cookies; restrict access via NetworkPolicy / firewall / reverse-proxy ACL. Background jobs now also recover from panics so a single buggy job no longer tears down the scheduler goroutine. - OIDC settings UI gains a "Test discovery" button (#460) — Next to the Issuer URL field on the Add provider form, a Test button hits the IdP's
/.well-known/openid-configurationserver-side and renders the result inline: discovered authorize/token endpoints + supported scopes on success, the raw error (DNS, TLS, 404, JSON parse) on failure. Critically, surfaces issuer mismatch when the discovered issuer differs from the entered URL — the silent killer for Authentik per-provider mode and Keycloak realm paths. NewPOST /api/v1/auth/oidc/test-discoveryendpoint backs the button. - OIDC settings UI shows a live callback URL preview (#460) — As you type the provider id in Settings → Security → OIDC Providers → Add provider, the form renders the exact redirect URI Bindery will register with the IdP, with a copy-to-clipboard button. New
GET /api/v1/auth/oidc/redirect-baseendpoint returns{ base, callback_path }for the current request — eliminates the most common setup mistake (registering a URL that doesn't match what Bindery actually sends).
Changed
- OIDC redirect base URL is now optional behind a trusted proxy (#460) —
BINDERY_OIDC_REDIRECT_BASE_URLis no longer strictly required when Bindery sits behind a reverse proxy. If the env var is unset andBINDERY_TRUSTED_PROXYis configured, Bindery derives the public-facing base URL fromX-Forwarded-Proto+X-Forwarded-Hoston each request. Explicit env-var values still win when set (needed for path-prefix deploys). Previously a missing env var produced a relativeredirect_uri, which IdPs reject withredirect_uri_mismatch. The redirect base resolved at/loginis round-tripped through the flow cookie so/callbackuses the same value during the token exchange.
Fixed
- OIDC providers no longer silently dropped after failed startup discovery (#461) — Providers whose discovery fails during
Reload()are now tracked in a separate failed-providers map instead of being silently logged-and-forgotten.GET /api/v1/auth/oidc/providersreturns a per-providerstatusblock ("ok"/"failed"with the last error and timestamp) so admins can diagnose without grepping logs. The first login attempt for a failed provider triggers an on-demand re-discovery (rate-limited to once per 30s), so transient startup failures (e.g. pod recreated before IdP is reachable) recover automatically without an admin restart. - ABS imports require saved source configuration — import and dry-run starts now use only the stored ABS configuration, and the UI blocks runs while ABS settings contain unsaved changes so previews and imports cannot run against one-off request overrides.
- Hardcover auto-linking requires local evidence — automatic series linking now requires local book overlap or author agreement before accepting a high-confidence Hardcover candidate, and missing-book fill skips books that already exist as excluded titles.
Docs
- Added user-facing Hardcover series wiki documentation and documented the enhanced Hardcover series migration, feature flag, token requirement, admin toggle, and production network expectations in the deployment guide.