- Theme changes now broadcast instantly via WebSocket to all connected browsers
- No page refresh needed - theme updates in real-time across all devices
- Theme preference is persisted server-side and loaded on new sessions
- Added WebSocket message type 'settingsUpdate' for broadcasting settings changes
- Updated SystemSettingsHandler to broadcast theme changes to all clients
- Added frontend event listener to handle incoming theme change messages
- Fixed API endpoint routing to use the new handler with broadcast support
- Added proper DISABLE_AUTH check in CheckAuth for auth-disabled environments
This creates a seamless experience where toggling dark/light mode on one device
instantly updates all other connected devices (phones, tablets, browsers).
Implements header-based proxy authentication for SSO integration with
Authentik, Authelia, and other authentication proxies.
- Add CheckProxyAuth function to validate proxy headers
- Support for username and role-based access control
- Frontend integration with logout URL support
- Comprehensive documentation with examples
- Backwards compatible - no breaking changes
Addresses #327
Configuration via environment variables:
- PROXY_AUTH_SECRET: Shared secret for validation
- PROXY_AUTH_USER_HEADER: Header containing username
- PROXY_AUTH_ROLE_HEADER: Header containing roles/groups
- PROXY_AUTH_LOGOUT_URL: SSO logout endpoint
- Automatically hash plain text API tokens (SHA3-256) and passwords (bcrypt) when loaded from env vars
- Remove unnecessary PULSE_SETUP_TOKEN feature in favor of simpler env var approach
- Remove HandleInitialSetup endpoint - not needed with env var configuration
- Update authentication to always use hashed comparisons (no plain text warnings)
- Update documentation to clearly explain auto-hashing capability
- Maintain backward compatibility with pre-hashed credentials
This makes Pulse secure by default while keeping deployment simple - users can
provide plain text credentials via environment variables and Pulse automatically
hashes them for security.
- Move development scripts to scripts/ directory (dev.sh, hot-dev.sh, build.sh, etc.)
- Move UPGRADE_NOTICE to docs/ directory
- Remove empty 2025-08-14 file
- Update all references to moved scripts in documentation
- Grant enhanced Audit permissions to PBS tokens for system stats access
- Create PBSCard component to display CPU, memory, disk, uptime metrics
- Detect Docker PBS instances and show appropriate info without stats
- Add adaptive node layout on dashboard for better scalability
- Move PBS status card to Backups tab above frequency chart
- Create CompactNodeCard for handling many nodes efficiently
- Update PBS setup script to grant Audit role to both user and token
This addresses the request in issue #259 to show PBS system stats on the dashboard.
The implementation uses read-only Audit permissions to access the /nodes endpoint
while maintaining security. Docker PBS instances are detected and handled gracefully
since they cannot provide host system statistics.
- Detect when running behind a proxy/tunnel (X-Forwarded-*, CF-Ray headers)
- Use SameSite=None for cookies when proxied to allow cross-origin access
- Properly detect HTTPS when behind proxy using X-Forwarded-Proto
- Fixes authentication not working through Cloudflare tunnels
The issue was that SameSite=Strict/Lax cookies don't work when the origin
changes (which happens with tunnels/proxies). Now we detect proxy headers
and relax the cookie policy to SameSite=None when needed.
- Fix alternating zero I/O metrics by implementing rate caching for stale data from Proxmox
- Hardcode polling interval to 10 seconds (matching Proxmox cluster/resources update cycle)
- Remove polling interval settings from UI (no longer user-configurable)
- Implement efficient VM/container polling using single cluster/resources API call
- Remove 'Remove Password' feature (auth is now mandatory)
- Fix CSRF validation for Basic Auth (exempt from CSRF checks)
- Fix Generate API Token modal and authentication
- Remove redundant 'Active' status from Authentication section
- Remove Connection Timeout setting from frontend (backend-only)
- Clean up frontend console logging (reduce verbosity)
- Remove PBS polling interval setting (fixed at 10s)
- Add frontend rebuild detection to backend-watch script
- Improve first-run setup flow and error handling
- Remove registration tokens feature in favor of simpler API token auth
- Add password authentication with change password functionality
- Centralize API client logic with proper auth handling
- Add development scripts for better DX (hot-reload, proxy setup)
- Refactor auth middleware and handlers for cleaner separation
- Update frontend to use new centralized API client
