- GET /api/me/recent endpoint returning last 50 play events with track
and artist info
- RecentPlays modal component with time-ago display
- "Recent plays" button in user dropdown menu
- Clicking a track in history starts playback
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Backend (Rust API):
- Add users and play_events tables (migration 0005)
- Extract full user identity from JWT (sub, username, email, name)
and pass AuthUser via request extensions to all handlers
- Auto-upsert user in background on every authenticated request
- POST /api/tracks/:slug/play endpoint to record play events
- Allow POST method in CORS
Frontend (Node player):
- Call recordPlay() when a track starts playing
- Add user profile avatar with dropdown menu (name, email, sign out)
- Pass user info from App through FurumiPlayer to Header
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Show spinner while checking session (no login form flash on refresh)
- Translate UI to English
- Match player's dark theme (colors, fonts, card style)
- Render login form only when authentication is actually needed
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add offline_access to OIDC scope so Authentik issues a refresh token
- /auth/token now checks if access token is expired and refreshes it
server-side before returning to the client
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds an axios response interceptor that catches 401 errors, fetches a
fresh access token from /auth/token, and retries the original request.
Concurrent refresh attempts are deduplicated.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cover images were loaded via <img src> which doesn't include the
Authorization header, resulting in 401 from the Rust API. Now covers
are fetched through axios as blobs and displayed via object URLs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add JWT Bearer token validation to Rust API via OIDC provider JWKS
with automatic key rotation and 1-hour cache
- Remove x-api-key auth support and built-in web UI from furumi-web-player,
leaving it as a pure API server
- Add /auth/token endpoint to Node player server to expose OIDC access
tokens to the frontend
- Move Node player auth endpoints from /api/* to /auth/* to avoid
path conflicts with Rust API
- Add static file serving to Node Express server for production
single-container deployment
- Fix SameSite=Strict cookie issue breaking OIDC redirect flow (use Lax)
- Add Dockerfile.node-player with multi-stage Node.js build
- Add CI workflows for node-player Docker image (dev + release)
- Optimize Rust Dockerfiles with dependency caching layer
- Update docker-compose with OIDC env vars and OLLAMA_MODEL support
- Cherry-pick agent LLM client fixes from DEV branch
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
normalize: 512 tokens (sufficient for single track metadata)
merge: 4096 tokens (needed for artists with many albums)
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
- Replace /api/chat with /v1/chat/completions endpoint
- Use json_schema response_format (LM Studio does not support json_object)
- Make schema parameter optional in call_ollama to support different schemas per use case
- Add dedicated normalize schema (normalized_metadata) with release_kind field
instead of release_type to avoid model repetition loops
- Add dedicated merge schema (artist_merge) so model no longer confuses
normalize and merge response structures
- Add retry with frequency_penalty=1.5 on parse failure to suppress repetition
- Add id3 crate as fallback metadata reader for MP3 files with large embedded
cover art that exceed Symphonia probe limit of 1MB
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Auto-merge: when ingest pipeline detects "source file missing", now checks
if the track already exists in the library by file_hash. If so, marks the
pending entry as 'merged' instead of 'error' — avoiding stale error entries
for files that were already successfully ingested in a previous run.
Prompts: replaced Pink Floyd/The Wall/Have a Cigar examples in both
normalize.txt and merge.txt with Deep Purple examples. The LLM was using
these famous artist/album/track names as fallback output when raw metadata
was empty or ambiguous, causing hallucinated metadata like
"artist: Pink Floyd, title: Have a Cigar" for completely unrelated tracks.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
When the mover returns MoveOutcome::Merged (destination already exists,
source deleted), approve_and_finalize was checking only file_hash to
detect duplicates. Since the second ingestion had a different hash
(different quality/mastering), it bypassed the check and created a
phantom track record pointing to an existing storage_path with the
wrong hash (of the now-deleted source file).
Added a second dedup check by storage_path: if a non-hidden track
already exists at that path, mark pending as 'merged' instead of
inserting a new track row. This prevents phantom entries for any
subsequent ingestion of a different-quality version of an already
stored file.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Ultradesu
ab
Boris Cherepanov
XakPlant