The Settings page no longer renders the Resend From Address input or any
of the read-only "Set in config.toml" credential status rows (Apify key,
eBay id/secret, ntfy auth, Resend key). Those rows looked like editable
inputs but were dead text, and duplicated what the Test buttons verify
more authoritatively.
- resend_from is now sourced only from config.toml ([resend] from); it is
removed from settingsKeys, the test-Resend handler, the scheduler email
client, and the schema seed.
- Removed the credStatus templ component, the CredentialStatus field on
SettingsData, and the credentialStatus() handler helper.
- ntfy client supports HTTP Basic auth (username/password) for servers with
access control; [ntfy] config gains username/password. Scheduler + Test Ntfy
use it instead of the old settings-only bearer token.
- Settings page no longer has credential inputs (Apify/eBay/ntfy/Resend); they
are managed in config.toml. Read-only status + Test buttons remain.
- Sidebar gains a Sign out button; in forward-auth mode it routes through the
Authentik outpost sign_out so the IdP session is cleared.
Code-review fixes on the Authentik/budget/Resend work:
- UpsertForwardUser: avoid 500 lockout on username UNIQUE collision and
on the concurrent first-login race; normalize emails (lower+trim) so
case variants don't create duplicate accounts.
- Centralize email management in Authentik: when forward-auth mode is on,
email is read-only in Veola for every user (not just forward rows);
pure-local deployments keep editable email for Resend.
- Fail closed on per-user isolation: ownedItem rejects uid==0/orphaned
items; dashboard and global results error on a userless request.
- Budget accuracy: count Apify usage only after a successful run, and
count the billed Test Apify run.
- Efficiency: resolve the deal-email recipient once per poll; build the
settings page once in PostEmailPrefs.
For SSO users the email address is the IdP match key, so allowing them
to edit it in Veola orphaned the row on next sign-in. PostEmailPrefs now
keeps the synced Authentik email for forward users (only the deal-alert
and digest toggles stay editable); the settings form renders the field
read-only with a Managed by Authentik note. Local break-glass users keep
an editable field.
Add forward-auth integration tests over the full Routes() chain: trusted
proxy provisions an admin, untrusted peer's spoofed headers are ignored,
role re-syncs per request, and the email-prefs round trip confirms a form
cannot change a forward user's IdP email.
Opens Veola up to more users (Parodia's Authentik) and makes Apify spend
visible to everyone.
- Auth: Traefik forward-auth (trust X-Authentik-* headers only from
trusted_proxies CIDRs, keyed by email, role synced from admin_group),
keeping local password login as break-glass. New [auth] config,
CaptureDirectIP + ForwardAuth middleware, deploy/authentik-forward-auth.md.
- Budget: count every Apify run (apify_api_usage table) and show
calls + estimated cost to all users on the dashboard, with an optional
monthly-budget bar. New [budget] config + settings.
- Email: Resend client for opt-in deal alerts and a weekly digest
(Mon 09:00). Per-user email + toggles on Settings. New [resend] config.
- Defaults: new items default to a 12-hour poll interval to cut spend.
users table gains email/auth_source/email-pref columns (migrated in place).
go build/vet/test green; boots and migrates cleanly.
Auction handling:
- Capture itemEndDate from eBay Browse API and ending_date from ZenMarket
(Yahoo JP); plumb through results.ends_at column. Permissive ZenMarket
parser (multiple layouts, JST when offset missing).
- Per-row "Ends" countdown column + "Ending soon" banner on results pages,
live-ticked by flair.js with urgent/critical tinting under 1h/5m.
- Backfill ends_at for known auctions when their URL reappears in a poll
(dedup hit no longer drops the new end time).
- Hide ended auctions from result listings by default via
ResultsQuery.ExcludeEnded; rows stay in the DB.
Visual flair:
- Glassy backdrop-blur v-cards with gradient-mask borders and hover-lift.
- htmx swap fade-in via transient .v-just-swapped class.
- Count-up animation on dashboard stats. All animations gated behind
prefers-reduced-motion.
eBay condition + region filters (auctions-style scoping):
- items.condition and items.region columns; threaded through item form,
CreateItem/UpdateItem, scheduler eBay plan input, and previewKey so
cache invalidates when these change.
- ebay.SearchParams gains conditionIds and itemLocationCountry filters.
Run Now reload + countdown engine:
- Run Now now sets HX-Refresh: true (non-htmx fallback: 303 redirect) so
the entire results view — best price, chart, badge, last polled —
reflects the new poll, instead of swapping just one partial.
Pre-launch hardening (P1 set):
- auth.EqualizeLoginTiming on no-such-user branch.
- (*App).serverError centralizes 500s; replaces err.Error() leaks across
results/settings/items/users/dashboard handlers.
- main.go server: ReadTimeout 30s / WriteTimeout 60s / IdleTimeout 120s
alongside the existing ReadHeaderTimeout.
- noListFS wrapper blocks static directory listings.
- Credential fields in settings no longer render value=; blank submission
preserves the saved value, with per-field "Saved in settings / Set in
config.toml / Not set" status indicator.
Misc:
- -debug flag wires slog to LevelDebug; raw ZenMarket items logged for
format diagnosis.
- /healthz public endpoint for reverse-proxy probes.
- deploy/veola.service systemd unit template (hardening flags, single
ReadWritePaths=/var/lib/veola).
- handlers_test.go covers /healthz, setup-gate redirect, auth gate, and
/login render with httptest + in-memory sqlite.
- best_price_currency on items; templates pick the right symbol per row.
- .gitignore now excludes *.log / veola-debug.log.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
eBay marketplaces are now polled through eBay's official Buy > Browse API (client-credentials OAuth2) instead of an Apify scraper actor; Apify still handles Yahoo JP and Mercari. Browse API calls are tracked per day in a new ebay_api_usage table and capped (default 5000, configurable) on eBay's Pacific-time reset clock, so polling halts before the limit is hit. Credentials live in config.toml [ebay] and are overridable via /settings, which also surfaces the day's running call count.
Also carries the server.secure_cookies config plumbing (field, accessor, example) consumed by the following commit.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>