Skip to content

fix: offline auto-refresh, graceful shutdown, healthcheck port, page/auth hardening#2

Merged
bin101 merged 1 commit into
developfrom
fix/review-findings-offline-refresh-shutdown-escaping
Jul 9, 2026
Merged

fix: offline auto-refresh, graceful shutdown, healthcheck port, page/auth hardening#2
bin101 merged 1 commit into
developfrom
fix/review-findings-offline-refresh-shutdown-escaping

Conversation

@bin101

@bin101 bin101 commented Jul 9, 2026

Copy link
Copy Markdown
Owner

Summary

Full-app review turned up five issues, all fixed here (see full findings in commit message / review):

  1. Offline page never auto-updated — added a 30s <meta refresh> so a viewer who opens the link before a session starts actually sees it appear.
  2. SIGTERM didn't cleanly stop the serverwaitress.serve() installs no signal handling, so the old handler only stopped the monitor and left the process running until Docker's SIGKILL. Switched to create_server() + .close(), with the expected shutdown-induced OSError handled explicitly.
  3. HEALTHCHECK hard-coded port 8080 while WEB_PORT is configurable — now reads WEB_PORT at check time.
  4. Public page interpolated the link unescaped into HTML attributes and inline JS — now HTML-escaped / JSON-encoded per context (with </>/& further escaped for the <script> context), and /admin/link now rejects anything not shaped like a livetrack.garmin.com session URL (400).
  5. Basic-Auth comparison used == instead of a constant-time compare — switched to secrets.compare_digest.

Test plan

  • pytest -q — 49 passed (44 existing + 5 new, covering offline refresh, HTML/JS escaping against a crafted malicious link, and admin link validation)
  • docker build — embedded test stage passes
  • Manual docker run + docker stop -t 30: shutdown now exits 0 in ~0.15s (previously would traceback/hang), with the monitor's shutdown log line present
  • Manual: WEB_PORT=9091 override now reports healthy via docker inspect (previously would stay unhealthy forever)
  • Manual: / with no link served the offline page with the new refresh meta tag

🤖 Generated with Claude Code

…k port, and public-page/auth hardening

Full-app review turned up five issues, all fixed here:
- The offline placeholder promised auto-updates but had no refresh mechanism,
  so a viewer opening the link before a session starts never saw it appear.
- SIGTERM didn't actually stop waitress (serve() installs no signal handling
  of its own), so containers only stopped via Docker's SIGKILL, skipping the
  monitor's clean IMAP logout. Now uses create_server()+close(), with the
  expected shutdown-induced OSError from waitress's interrupted select loop
  handled explicitly rather than raising.
- The Dockerfile HEALTHCHECK hard-coded port 8080 while WEB_PORT is
  configurable, silently breaking health checks for anyone changing it.
- The public page interpolated the link into HTML attributes and inline JS
  without escaping; only the email-extraction regex made this safe in
  practice, and admin-set links bypassed it entirely. Now escaped per
  context, and /admin/link rejects anything not shaped like a LiveTrack URL.
- Basic-Auth credential comparison used `==` instead of a constant-time
  compare.

Verified end-to-end: docker build (embedded test stage), and a real
docker run + docker stop timing test confirming shutdown now exits 0
in <1s instead of hitting the SIGKILL grace period, plus a WEB_PORT
override actually reporting healthy.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@bin101 bin101 merged commit 39ac236 into develop Jul 9, 2026
3 checks passed
@bin101 bin101 deleted the fix/review-findings-offline-refresh-shutdown-escaping branch July 10, 2026 07:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant