Give requirements a better range

Dockerfile

@@ -86,7 +86,6 @@ LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="changedetection.io"
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    gosu \
     libxslt1.1 \
     # For presenting price amounts correctly in the restock/price detection overview
     locales \
@@ -102,29 +101,18 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     libxrender-dev \
     && apt-get clean && rm -rf /var/lib/apt/lists/*
 
-# Create unprivileged user and required directories
-RUN groupadd -g 911 changedetection && \
-    useradd -u 911 -g 911 -M -s /bin/false changedetection && \
-    mkdir -p /datastore /extra_packages && \
-    chown changedetection:changedetection /extra_packages
 
 # https://stackoverflow.com/questions/58701233/docker-logs-erroneously-appears-empty-until-container-stops
 ENV PYTHONUNBUFFERED=1
-# Redirect .pyc cache to a writable location since /app is root-owned.
-# To disable bytecode caching entirely, set PYTHONDONTWRITEBYTECODE=1 at runtime.
-ENV PYTHONPYCACHEPREFIX=/tmp/pycache
-# Disable pytest's .pytest_cache directory (also writes to /app, which is root-owned).
-# Only has an effect when running tests inside the container.
-ENV PYTEST_ADDOPTS="-p no:cacheprovider"
-# Redirect test logs to the datastore (writable) instead of /app/tests/logs (read-only in container).
-ENV TEST_LOG_DIR=/datastore/test_logs
+
+RUN [ ! -d "/datastore" ] && mkdir /datastore
 
 # Re #80, sets SECLEVEL=1 in openssl.conf to allow monitoring sites with weak/old cipher suites
 RUN sed -i 's/^CipherString = .*/CipherString = DEFAULT@SECLEVEL=1/' /etc/ssl/openssl.cnf
 
 # Copy modules over to the final image and add their dir to PYTHONPATH
 COPY --from=builder /dependencies /usr/local
-ENV PYTHONPATH=/usr/local:/extra_packages
+ENV PYTHONPATH=/usr/local
 
 EXPOSE 5000
 

changedetectionio/api/Spec.py

@@ -0,0 +1,21 @@
+import functools
+from flask import make_response
+from flask_restful import Resource
+
+
+@functools.cache
+def _get_spec_yaml():
+    """Build and cache the merged spec as a YAML string (only serialized once per process)."""
+    import yaml
+    from changedetectionio.api import build_merged_spec_dict
+    return yaml.dump(build_merged_spec_dict(), default_flow_style=False, allow_unicode=True)
+
+
+class Spec(Resource):
+    def get(self):
+        """Return the merged OpenAPI spec including all registered processor extensions."""
+        return make_response(
+            _get_spec_yaml(),
+            200,
+            {'Content-Type': 'application/yaml'}
+        )

changedetectionio/api/__init__.py

@@ -3,29 +3,18 @@ from flask import request, abort
 from loguru import logger
 
 @functools.cache
-def get_openapi_spec():
-    """Lazy load OpenAPI spec and dependencies only when validation is needed."""
-    import os
-    import yaml  # Lazy import - only loaded when API validation is actually used
-    from openapi_core import OpenAPI  # Lazy import - saves ~10.7 MB on startup
-
-    spec_path = os.path.join(os.path.dirname(__file__), '../../docs/api-spec.yaml')
-    if not os.path.exists(spec_path):
-        # Possibly for pip3 packages
-        spec_path = os.path.join(os.path.dirname(__file__), '../docs/api-spec.yaml')
-
-    with open(spec_path, 'r', encoding='utf-8') as f:
-        spec_dict = yaml.safe_load(f)
-    _openapi_spec = OpenAPI.from_dict(spec_dict)
-    return _openapi_spec
-
-@functools.cache
-def get_openapi_schema_dict():
+def build_merged_spec_dict():
     """
-    Get the raw OpenAPI spec dictionary for schema access.
+    Load the base OpenAPI spec and merge in any per-processor api.yaml extensions.
 
-    Used by Import endpoint to validate and convert query parameters.
-    Returns the YAML dict directly (not the OpenAPI object).
+    Each processor can provide an api.yaml file alongside its __init__.py that defines
+    additional schemas (e.g., processor_config_restock_diff). These are merged into
+    WatchBase.properties so the spec accurately reflects what the API accepts.
+
+    Plugin processors (via pluggy) are also supported - they just need an api.yaml
+    next to their processor module.
+
+    Returns the merged dict (cached - do not mutate the returned value).
     """
     import os
     import yaml
@@ -35,7 +24,59 @@ def get_openapi_schema_dict():
         spec_path = os.path.join(os.path.dirname(__file__), '../docs/api-spec.yaml')
 
     with open(spec_path, 'r', encoding='utf-8') as f:
-        return yaml.safe_load(f)
+        spec_dict = yaml.safe_load(f)
+
+    try:
+        from changedetectionio.processors import find_processors, get_parent_module
+        for module, proc_name in find_processors():
+            parent = get_parent_module(module)
+            if not parent or not hasattr(parent, '__file__'):
+                continue
+            api_yaml_path = os.path.join(os.path.dirname(parent.__file__), 'api.yaml')
+            if not os.path.exists(api_yaml_path):
+                continue
+            with open(api_yaml_path, 'r', encoding='utf-8') as f:
+                proc_spec = yaml.safe_load(f)
+            # Merge schemas
+            proc_schemas = proc_spec.get('components', {}).get('schemas', {})
+            spec_dict['components']['schemas'].update(proc_schemas)
+            # Inject processor_config_{name} into WatchBase if the schema is defined
+            schema_key = f'processor_config_{proc_name}'
+            if schema_key in proc_schemas:
+                spec_dict['components']['schemas']['WatchBase']['properties'][schema_key] = {
+                    '$ref': f'#/components/schemas/{schema_key}'
+                }
+            # Append x-code-samples from processor paths into existing path operations
+            for path, path_item in proc_spec.get('paths', {}).items():
+                if path not in spec_dict.get('paths', {}):
+                    continue
+                for method, operation in path_item.items():
+                    if method not in spec_dict['paths'][path]:
+                        continue
+                    if 'x-code-samples' in operation:
+                        existing = spec_dict['paths'][path][method].get('x-code-samples', [])
+                        spec_dict['paths'][path][method]['x-code-samples'] = existing + operation['x-code-samples']
+    except Exception as e:
+        logger.warning(f"Failed to merge processor API specs: {e}")
+
+    return spec_dict
+
+
+@functools.cache
+def get_openapi_spec():
+    """Lazy load OpenAPI spec and dependencies only when validation is needed."""
+    from openapi_core import OpenAPI  # Lazy import - saves ~10.7 MB on startup
+    return OpenAPI.from_dict(build_merged_spec_dict())
+
+@functools.cache
+def get_openapi_schema_dict():
+    """
+    Get the raw OpenAPI spec dictionary for schema access.
+
+    Used by Import endpoint to validate and convert query parameters.
+    Returns the merged YAML dict (not the OpenAPI object).
+    """
+    return build_merged_spec_dict()
 
 @functools.cache
 def _resolve_schema_properties(schema_name):
@@ -150,5 +191,6 @@ from .Watch import Watch, WatchHistory, WatchSingleHistory, WatchHistoryDiff, Cr
 from .Tags import Tags, Tag
 from .Import import Import
 from .SystemInfo import SystemInfo
+from .Spec import Spec
 from .Notifications import Notifications
 

changedetectionio/blueprint/tags/__init__.py

@@ -160,6 +160,21 @@ def construct_blueprint(datastore: ChangeDetectionStore):
                                        default_system_settings = datastore.data['settings'],
                                        )
 
+        # Bridge API-stored processor_config_* values into the form's FormField sub-forms.
+        # The API stores processor_config_restock_diff in the tag dict; find the matching
+        # FormField by checking which one's sub-fields cover the config keys.
+        from wtforms.fields.form import FormField as WTFormField
+        for key, value in default.items():
+            if not key.startswith('processor_config_') or not isinstance(value, dict):
+                continue
+            for form_field in form:
+                if isinstance(form_field, WTFormField) and all(k in form_field.form._fields for k in value):
+                    for sub_key, sub_value in value.items():
+                        sub_field = form_field.form._fields.get(sub_key)
+                        if sub_field is not None:
+                            sub_field.data = sub_value
+                    break
+
         template_args = {
             'data': default,
             'form': form,

changedetectionio/blueprint/ui/edit.py

@@ -117,12 +117,25 @@ def construct_blueprint(datastore: ChangeDetectionStore, update_q, queuedWatchMe
                 processor_config = processor_instance.get_extra_watch_config(config_filename)
 
                 if processor_config:
+                    from wtforms.fields.form import FormField
                     # Populate processor-config-* fields from JSON
                     for config_key, config_value in processor_config.items():
-                        field_name = f'processor_config_{config_key}'
-                        if hasattr(form, field_name):
-                            getattr(form, field_name).data = config_value
-                            logger.debug(f"Loaded processor config from {config_filename}: {field_name} = {config_value}")
+                        if not isinstance(config_value, dict):
+                            continue
+                        # Try exact API-named field first (e.g., processor_config_restock_diff)
+                        target_field = getattr(form, f'processor_config_{config_key}', None)
+                        # Fallback: find any FormField sub-form whose fields cover config_value keys
+                        if target_field is None:
+                            for form_field in form:
+                                if isinstance(form_field, FormField) and all(k in form_field.form._fields for k in config_value):
+                                    target_field = form_field
+                                    break
+                        if target_field is not None:
+                            for sub_key, sub_value in config_value.items():
+                                sub_field = target_field.form._fields.get(sub_key)
+                                if sub_field is not None:
+                                    sub_field.data = sub_value
+                                    logger.debug(f"Loaded processor config from {config_filename}: {sub_key} = {sub_value}")
             except Exception as e:
                 logger.warning(f"Failed to load processor config: {e}")
 

changedetectionio/flask_app.py

@@ -40,7 +40,7 @@ from loguru import logger
 
 from changedetectionio import __version__
 from changedetectionio import queuedWatchMetaData
-from changedetectionio.api import Watch, WatchHistory, WatchSingleHistory, WatchHistoryDiff, CreateWatch, Import, SystemInfo, Tag, Tags, Notifications, WatchFavicon
+from changedetectionio.api import Watch, WatchHistory, WatchSingleHistory, WatchHistoryDiff, CreateWatch, Import, SystemInfo, Tag, Tags, Notifications, WatchFavicon, Spec
 from changedetectionio.api.Search import Search
 from .time_handler import is_within_schedule
 from changedetectionio.languages import get_available_languages, get_language_codes, get_flag_for_locale, get_timeago_locale
@@ -571,6 +571,8 @@ def changedetection_app(config=None, datastore_o=None):
     watch_api.add_resource(Notifications, '/api/v1/notifications',
                            resource_class_kwargs={'datastore': datastore})
 
+    watch_api.add_resource(Spec, '/api/v1/full-spec')
+
     @login_manager.user_loader
     def user_loader(email):
         user = User()

changedetectionio/processors/README.md

@@ -9,6 +9,15 @@ Some suggestions for the future
 
 - `graphical` 
 
+## API schema extension (`api.yaml`)
+
+A processor can extend the Watch/Tag API schema by placing an `api.yaml` alongside its `__init__.py`.
+Define a `components.schemas.processor_config_<name>` entry and it will be merged into `WatchBase` at startup,
+making `processor_config_<name>` a valid field on all watch create/update API calls.
+The fully merged spec is served live at `/api/v1/full-spec`.
+
+See `restock_diff/api.yaml` for a working example.
+
 ## Todo
 
 - Make each processor return a extra list of sub-processed (so you could configure a single processor in different ways)

changedetectionio/processors/restock_diff/__init__.py

@@ -67,10 +67,6 @@ class Watch(BaseWatch):
         super().__init__(*arg, **kw)
         self['restock'] = Restock(kw['default']['restock']) if kw.get('default') and kw['default'].get('restock') else Restock()
 
-        self['restock_settings'] = kw['default']['restock_settings'] if kw.get('default',{}).get('restock_settings') else {
-            'follow_price_changes': True,
-            'in_stock_processing' : 'in_stock_only'
-        } #@todo update
 
     def clear_watch(self):
         super().clear_watch()

changedetectionio/processors/restock_diff/api.yaml

@@ -0,0 +1,149 @@
+components:
+  schemas:
+    processor_config_restock_diff:
+      type: object
+      description: Configuration for the restock_diff processor (restock and price tracking)
+      properties:
+        in_stock_processing:
+          type: string
+          enum: [in_stock_only, all_changes, 'off']
+          default: in_stock_only
+          description: |
+            When to trigger on stock changes:
+            - `in_stock_only`: Only trigger on Out Of Stock -> In Stock transitions
+            - `all_changes`: Trigger on any availability change
+            - `off`: Disable stock/availability tracking
+        follow_price_changes:
+          type: boolean
+          default: true
+          description: Monitor and track price changes
+        price_change_min:
+          type: [number, 'null']
+          description: Trigger a notification when the price drops below this value
+        price_change_max:
+          type: [number, 'null']
+          description: Trigger a notification when the price rises above this value
+        price_change_threshold_percent:
+          type: [number, 'null']
+          minimum: 0
+          maximum: 100
+          description: Minimum price change percentage since the original price to trigger a notification
+
+paths:
+  /watch:
+    post:
+      x-code-samples:
+        - lang: 'curl'
+          label: 'Restock & price tracking'
+          source: |
+            curl -X POST "http://localhost:5000/api/v1/watch" \
+              -H "x-api-key: YOUR_API_KEY" \
+              -H "Content-Type: application/json" \
+              -d '{
+                "url": "https://example.com/product",
+                "processor": "restock_diff",
+                "processor_config_restock_diff": {
+                  "in_stock_processing": "in_stock_only",
+                  "follow_price_changes": true,
+                  "price_change_threshold_percent": 5
+                }
+              }'
+        - lang: 'Python'
+          label: 'Restock & price tracking'
+          source: |
+            import requests
+
+            headers = {
+                'x-api-key': 'YOUR_API_KEY',
+                'Content-Type': 'application/json'
+            }
+            data = {
+                'url': 'https://example.com/product',
+                'processor': 'restock_diff',
+                'processor_config_restock_diff': {
+                    'in_stock_processing': 'in_stock_only',
+                    'follow_price_changes': True,
+                    'price_change_threshold_percent': 5,
+                }
+            }
+            response = requests.post('http://localhost:5000/api/v1/watch',
+                                     headers=headers, json=data)
+            print(response.json())
+
+  /watch/{uuid}:
+    put:
+      x-code-samples:
+        - lang: 'curl'
+          label: 'Update restock config'
+          source: |
+            curl -X PUT "http://localhost:5000/api/v1/watch/YOUR-UUID" \
+              -H "x-api-key: YOUR_API_KEY" \
+              -H "Content-Type: application/json" \
+              -d '{
+                "processor_config_restock_diff": {
+                  "in_stock_processing": "all_changes",
+                  "follow_price_changes": true,
+                  "price_change_min": 10.00,
+                  "price_change_max": 500.00
+                }
+              }'
+        - lang: 'Python'
+          label: 'Update restock config'
+          source: |
+            import requests
+
+            headers = {
+                'x-api-key': 'YOUR_API_KEY',
+                'Content-Type': 'application/json'
+            }
+            uuid = 'YOUR-UUID'
+            data = {
+                'processor_config_restock_diff': {
+                    'in_stock_processing': 'all_changes',
+                    'follow_price_changes': True,
+                    'price_change_min': 10.00,
+                    'price_change_max': 500.00,
+                }
+            }
+            response = requests.put(f'http://localhost:5000/api/v1/watch/{uuid}',
+                                    headers=headers, json=data)
+            print(response.text)
+
+  /tag/{uuid}:
+    put:
+      x-code-samples:
+        - lang: 'curl'
+          label: 'Set restock config on group/tag'
+          source: |
+            curl -X PUT "http://localhost:5000/api/v1/tag/YOUR-TAG-UUID" \
+              -H "x-api-key: YOUR_API_KEY" \
+              -H "Content-Type: application/json" \
+              -d '{
+                "overrides_watch": true,
+                "processor_config_restock_diff": {
+                  "in_stock_processing": "in_stock_only",
+                  "follow_price_changes": true,
+                  "price_change_threshold_percent": 10
+                }
+              }'
+        - lang: 'Python'
+          label: 'Set restock config on group/tag'
+          source: |
+            import requests
+
+            headers = {
+                'x-api-key': 'YOUR_API_KEY',
+                'Content-Type': 'application/json'
+            }
+            tag_uuid = 'YOUR-TAG-UUID'
+            data = {
+                'overrides_watch': True,
+                'processor_config_restock_diff': {
+                    'in_stock_processing': 'in_stock_only',
+                    'follow_price_changes': True,
+                    'price_change_threshold_percent': 10,
+                }
+            }
+            response = requests.put(f'http://localhost:5000/api/v1/tag/{tag_uuid}',
+                                    headers=headers, json=data)
+            print(response.text)

changedetectionio/processors/restock_diff/forms.py

@@ -31,7 +31,7 @@ class RestockSettingsForm(Form):
     follow_price_changes = BooleanField(_l('Follow price changes'), default=True)
 
 class processor_settings_form(processor_text_json_diff_form):
-    restock_settings = FormField(RestockSettingsForm)
+    processor_config_restock_diff = FormField(RestockSettingsForm)
 
     def extra_tab_content(self):
         return _l('Restock & Price Detection')
@@ -48,34 +48,34 @@ class processor_settings_form(processor_text_json_diff_form):
 
         output += """
         {% from '_helpers.html' import render_field, render_checkbox_field, render_button %}
-        <script>        
+        <script>
             $(document).ready(function () {
-                toggleOpacity('#restock_settings-follow_price_changes', '.price-change-minmax', true);
+                toggleOpacity('#processor_config_restock_diff-follow_price_changes', '.price-change-minmax', true);
             });
         </script>
 
         <fieldset id="restock-fieldset-price-group">
             <div class="pure-control-group">
                 <fieldset class="pure-group inline-radio">
-                    {{ render_field(form.restock_settings.in_stock_processing) }}
+                    {{ render_field(form.processor_config_restock_diff.in_stock_processing) }}
                 </fieldset>
                 <fieldset class="pure-group">
-                    {{ render_checkbox_field(form.restock_settings.follow_price_changes) }}
+                    {{ render_checkbox_field(form.processor_config_restock_diff.follow_price_changes) }}
                     <span class="pure-form-message-inline">Changes in price should trigger a notification</span>
                 </fieldset>
-                <fieldset class="pure-group price-change-minmax">               
-                    {{ render_field(form.restock_settings.price_change_min, placeholder=watch.get('restock', {}).get('price')) }}
+                <fieldset class="pure-group price-change-minmax">
+                    {{ render_field(form.processor_config_restock_diff.price_change_min, placeholder=watch.get('restock', {}).get('price')) }}
                     <span class="pure-form-message-inline">Minimum amount, Trigger a change/notification when the price drops <i>below</i> this value.</span>
                 </fieldset>
                 <fieldset class="pure-group price-change-minmax">
-                    {{ render_field(form.restock_settings.price_change_max, placeholder=watch.get('restock', {}).get('price')) }}
+                    {{ render_field(form.processor_config_restock_diff.price_change_max, placeholder=watch.get('restock', {}).get('price')) }}
                     <span class="pure-form-message-inline">Maximum amount, Trigger a change/notification when the price rises <i>above</i> this value.</span>
                 </fieldset>
                 <fieldset class="pure-group price-change-minmax">
-                    {{ render_field(form.restock_settings.price_change_threshold_percent) }}
+                    {{ render_field(form.processor_config_restock_diff.price_change_threshold_percent) }}
                     <span class="pure-form-message-inline">Price must change more than this % to trigger a change since the first check.</span><br>
                     <span class="pure-form-message-inline">For example, If the product is $1,000 USD originally, <strong>2%</strong> would mean it has to change more than $20 since the first check.</span><br>
-                </fieldset>                
+                </fieldset>
             </div>
         </fieldset>
         """

changedetectionio/processors/restock_diff/processor.py

@@ -450,13 +450,18 @@ class perform_site_check(difference_detection_processor):
                                             )
 
         # Which restock settings to compare against?
-        restock_settings = watch.get('restock_settings', {})
+        # Settings are stored in restock_diff.json (migrated from watch.json by update_30).
+        _extra_config = self.get_extra_watch_config('restock_diff.json')
+        restock_settings = _extra_config.get('restock_diff') or {
+            'follow_price_changes': True,
+            'in_stock_processing': 'in_stock_only',
+        }
 
         # See if any tags have 'activate for individual watches in this tag/group?' enabled and use the first we find
         for tag_uuid in watch.get('tags'):
             tag = self.datastore.data['settings']['application']['tags'].get(tag_uuid, {})
             if tag.get('overrides_watch'):
-                restock_settings = tag.get('restock_settings', {})
+                restock_settings = tag.get('processor_config_restock_diff') or {}
                 logger.info(f"Watch {watch.get('uuid')} - Tag '{tag.get('title')}' selected for restock settings override")
                 break
 

changedetectionio/realtime/socket_server.py

@@ -199,11 +199,25 @@ def handle_watch_update(socketio, **kwargs):
         logger.error(f"Socket.IO error in handle_watch_update: {str(e)}")
 
 
+def _patch_flask_request_context_session():
+    """Flask 3.1 removed the session setter from RequestContext, but Flask-SocketIO 5.6.0
+    still assigns to it directly (ctx.session = ...).  Restore a setter that writes the
+    private _session attribute so the two libraries work together.
+    """
+    from flask.ctx import RequestContext
+    if getattr(RequestContext.session, 'fset', None) is not None:
+        return  # Already has a setter (future Flask version restored it)
+    original_prop = RequestContext.session
+    RequestContext.session = original_prop.setter(lambda self, value: setattr(self, '_session', value))
+
+
 def init_socketio(app, datastore):
     """Initialize SocketIO with the main Flask app"""
     import platform
     import sys
 
+    _patch_flask_request_context_session()
+
     # Platform-specific async_mode selection for better stability
     system = platform.system().lower()
     python_version = sys.version_info

changedetectionio/store/updates.py

@@ -730,3 +730,48 @@ class DatastoreUpdatesMixin:
         # (left this out by accident in previous update, added tags={} in the changedetection.json save_to_disk)
         self._save_settings()
 
+    def update_30(self):
+        """Migrate restock_settings out of watch.json into restock_diff.json processor config file.
+
+        Previously, restock_diff processor settings (in_stock_processing, follow_price_changes, etc.)
+        were stored directly in the watch dict (watch.json). They now belong in a separate per-watch
+        processor config file (restock_diff.json) consistent with the processor_config_* API system.
+
+        For tags: restock_settings key is renamed to processor_config_restock_diff in the tag dict,
+        matching what the API writes when updating a tag.
+
+        Safe to re-run: skips watches that already have a restock_diff.json, skips tags that already
+        have processor_config_restock_diff set.
+        """
+        import json
+
+        # --- Watches ---
+        for uuid, watch in self.data['watching'].items():
+            if watch.get('processor') != 'restock_diff':
+                continue
+            restock_settings = watch.get('restock_settings')
+            if not restock_settings:
+                continue
+
+            data_dir = watch.data_dir
+            if data_dir:
+                watch.ensure_data_dir_exists()
+                filepath = os.path.join(data_dir, 'restock_diff.json')
+                if not os.path.isfile(filepath):
+                    with open(filepath, 'w', encoding='utf-8') as f:
+                        json.dump({'restock_diff': restock_settings}, f, indent=2)
+                    logger.info(f"update_30: migrated restock_settings → {filepath}")
+
+            del self.data['watching'][uuid]['restock_settings']
+            watch.commit()
+
+        # --- Tags ---
+        for tag_uuid, tag in self.data['settings']['application']['tags'].items():
+            restock_settings = tag.get('restock_settings')
+            if not restock_settings or tag.get('processor_config_restock_diff'):
+                continue
+            tag['processor_config_restock_diff'] = restock_settings
+            del tag['restock_settings']
+            tag.commit()
+            logger.info(f"update_30: migrated tag {tag_uuid} restock_settings → processor_config_restock_diff")
+

changedetectionio/tests/conftest.py

@@ -39,9 +39,8 @@ def per_test_log_file(request):
     """Create a separate log file for each test function with pytest output."""
     import re
 
-    # Create logs directory if it doesn't exist.
-    # TEST_LOG_DIR can be overridden e.g. to a writable path when /app is read-only (Docker).
-    log_dir = os.environ.get('TEST_LOG_DIR', os.path.join(os.path.dirname(__file__), "logs"))
+    # Create logs directory if it doesn't exist
+    log_dir = os.path.join(os.path.dirname(__file__), "logs")
     os.makedirs(log_dir, exist_ok=True)
 
     # Generate log filename from test name and worker ID (for parallel runs)

changedetectionio/tests/test_api.py

@@ -807,6 +807,88 @@ def test_api_import_large_background(client, live_server, measure_memory_usage,
     print(f"\n✓ Successfully created {num_urls} watches in background (took {elapsed}s)")
 
 
+def test_api_restock_processor_config(client, live_server, measure_memory_usage, datastore_path):
+    """
+    Test that processor_config_restock_diff is accepted by the API for watches using
+    restock_diff processor, that its schema is validated (enum values, types), and that
+    genuinely unknown fields are rejected with an error that originates from the
+    OpenAPI spec validation layer.
+    """
+    api_key = live_server.app.config['DATASTORE'].data['settings']['application'].get('api_access_token')
+    test_url = url_for('test_endpoint', _external=True)
+
+    # Create a watch in restock_diff mode WITH processor_config in the POST body (matches the API docs example)
+    res = client.post(
+        url_for("createwatch"),
+        data=json.dumps({
+            "url": test_url,
+            "processor": "restock_diff",
+            "title": "Restock test",
+            "processor_config_restock_diff": {
+                "in_stock_processing": "in_stock_only",
+                "follow_price_changes": True,
+                "price_change_min": 8888888.0,
+            }
+        }),
+        headers={'content-type': 'application/json', 'x-api-key': api_key},
+        follow_redirects=True
+    )
+    assert res.status_code == 201
+    watch_uuid = res.json.get('uuid')
+    assert is_valid_uuid(watch_uuid)
+
+    # Verify the value set on POST is reflected in the UI edit page (not just via PUT)
+    res = client.get(url_for("ui.ui_edit.edit_page", uuid=watch_uuid))
+    assert res.status_code == 200
+    assert b'8888888' in res.data, "price_change_min set via POST should appear in the UI edit form"
+
+    # Valid processor_config_restock_diff update via PUT should also be accepted
+    res = client.put(
+        url_for("watch", uuid=watch_uuid),
+        headers={'x-api-key': api_key, 'content-type': 'application/json'},
+        data=json.dumps({
+            "processor_config_restock_diff": {
+                "in_stock_processing": "all_changes",
+                "follow_price_changes": False,
+                "price_change_min": 8888888.0,
+                "price_change_max": 9999999.0,
+            }
+        }),
+    )
+    assert res.status_code == 200, f"Valid processor_config_restock_diff should be accepted, got: {res.data}"
+
+    # Verify the updated value is still reflected in the UI edit page
+    res = client.get(url_for("ui.ui_edit.edit_page", uuid=watch_uuid))
+    assert res.status_code == 200
+    assert b'8888888' in res.data, "price_change_min set via PUT should appear in the UI edit form"
+
+    # An invalid enum value inside processor_config_restock_diff should be rejected by the spec
+    res = client.put(
+        url_for("watch", uuid=watch_uuid),
+        headers={'x-api-key': api_key, 'content-type': 'application/json'},
+        data=json.dumps({
+            "processor_config_restock_diff": {
+                "in_stock_processing": "not_a_valid_enum_value"
+            }
+        }),
+    )
+    assert res.status_code == 400, "Invalid enum value in processor config should be rejected"
+    assert b'Validation failed' in res.data, "Rejection should come from OpenAPI spec validation layer"
+
+    # A completely unknown field should be rejected (either by OpenAPI spec validation or
+    # the application-level field filter — both are acceptable gatekeepers)
+    res = client.put(
+        url_for("watch", uuid=watch_uuid),
+        headers={'x-api-key': api_key, 'content-type': 'application/json'},
+        data=json.dumps({"field_that_is_not_in_the_spec_at_all": "some value"}),
+    )
+    assert res.status_code == 400, "Unknown fields should be rejected"
+    assert (b'Validation failed' in res.data or b'Unknown field' in res.data), \
+        "Rejection should come from either the OpenAPI spec validation layer or application field filter"
+
+    delete_all_watches(client)
+
+
 def test_api_conflict_UI_password(client, live_server, measure_memory_usage, datastore_path):
 
 

changedetectionio/tests/test_api_openapi.py

@@ -12,6 +12,50 @@ from flask import url_for
 from .util import live_server_setup, wait_for_all_checks, delete_all_watches
 
 
+def test_openapi_merged_spec_contains_restock_fields():
+    """
+    Unit test: verify that build_merged_spec_dict() correctly merges the
+    restock_diff processor api.yaml into the base spec so that
+    WatchBase.properties includes processor_config_restock_diff with all
+    expected sub-fields.  No live server required.
+    """
+    from changedetectionio.api import build_merged_spec_dict
+
+    spec = build_merged_spec_dict()
+    schemas = spec['components']['schemas']
+
+    # The merged schema for processor_config_restock_diff should exist
+    assert 'processor_config_restock_diff' in schemas, \
+        "processor_config_restock_diff schema missing from merged spec"
+
+    restock_schema = schemas['processor_config_restock_diff']
+    props = restock_schema.get('properties', {})
+
+    expected_fields = {
+        'in_stock_processing',
+        'follow_price_changes',
+        'price_change_min',
+        'price_change_max',
+        'price_change_threshold_percent',
+    }
+    missing = expected_fields - set(props.keys())
+    assert not missing, f"Missing fields in processor_config_restock_diff schema: {missing}"
+
+    # in_stock_processing must be an enum with the three valid values
+    enum_values = set(props['in_stock_processing'].get('enum', []))
+    assert enum_values == {'in_stock_only', 'all_changes', 'off'}, \
+        f"Unexpected enum values for in_stock_processing: {enum_values}"
+
+    # WatchBase.properties must carry a $ref to the restock schema so the
+    # validation middleware can enforce it on every POST/PUT to /watch
+    watchbase_props = schemas['WatchBase']['properties']
+    assert 'processor_config_restock_diff' in watchbase_props, \
+        "processor_config_restock_diff not wired into WatchBase.properties"
+    ref = watchbase_props['processor_config_restock_diff'].get('$ref', '')
+    assert 'processor_config_restock_diff' in ref, \
+        f"WatchBase.processor_config_restock_diff should $ref the schema, got: {ref}"
+
+
 def test_openapi_validation_invalid_content_type_on_create_watch(client, live_server, measure_memory_usage, datastore_path):
     """Test that creating a watch with invalid content-type triggers OpenAPI validation error."""
     api_key = live_server.app.config['DATASTORE'].data['settings']['application'].get('api_access_token')

changedetectionio/tests/test_api_tags.py

@@ -176,6 +176,76 @@ def test_api_tags_listing(client, live_server, measure_memory_usage, datastore_p
     assert res.status_code == 204
 
 
+def test_api_tag_restock_processor_config(client, live_server, measure_memory_usage, datastore_path):
+    """
+    Test that a tag/group can be updated with processor_config_restock_diff via the API.
+    Since Tag extends WatchBase, processor config fields injected into WatchBase are also valid for tags.
+    """
+    api_key = live_server.app.config['DATASTORE'].data['settings']['application'].get('api_access_token')
+
+    set_original_response(datastore_path=datastore_path)
+
+    # Create a tag
+    res = client.post(
+        url_for("tag"),
+        data=json.dumps({"title": "Restock Group"}),
+        headers={'content-type': 'application/json', 'x-api-key': api_key}
+    )
+    assert res.status_code == 201
+    tag_uuid = res.json.get('uuid')
+
+    # Update tag with valid processor_config_restock_diff
+    res = client.put(
+        url_for("tag", uuid=tag_uuid),
+        headers={'x-api-key': api_key, 'content-type': 'application/json'},
+        data=json.dumps({
+            "overrides_watch": True,
+            "processor_config_restock_diff": {
+                "in_stock_processing": "in_stock_only",
+                "follow_price_changes": True,
+                "price_change_min": 8888888
+            }
+        })
+    )
+    assert res.status_code == 200, f"PUT tag with restock config failed: {res.data}"
+
+    # Verify the config was stored via API
+    res = client.get(
+        url_for("tag", uuid=tag_uuid),
+        headers={'x-api-key': api_key}
+    )
+    assert res.status_code == 200
+    tag_data = res.json
+    assert tag_data.get('overrides_watch') == True
+    assert tag_data.get('processor_config_restock_diff', {}).get('in_stock_processing') == 'in_stock_only'
+    assert tag_data.get('processor_config_restock_diff', {}).get('price_change_min') == 8888888
+
+    # Verify the value is also reflected in the UI tag edit page
+    res = client.get(url_for("tags.form_tag_edit", uuid=tag_uuid))
+    assert res.status_code == 200
+    assert b'8888888' in res.data, "price_change_min set via API should appear in the UI tag edit form"
+
+    # Invalid enum value should be rejected by OpenAPI spec validation
+    res = client.put(
+        url_for("tag", uuid=tag_uuid),
+        headers={'x-api-key': api_key, 'content-type': 'application/json'},
+        data=json.dumps({
+            "processor_config_restock_diff": {
+                "in_stock_processing": "not_a_valid_value"
+            }
+        })
+    )
+    assert res.status_code == 400
+    assert b'Validation failed' in res.data
+
+    # Clean up
+    res = client.delete(
+        url_for("tag", uuid=tag_uuid),
+        headers={'x-api-key': api_key}
+    )
+    assert res.status_code == 204
+
+
 def test_roundtrip_API(client, live_server, measure_memory_usage, datastore_path):
     """
     Test the full round trip, this way we test the default Model fits back into OpenAPI spec

changedetectionio/tests/test_restock_itemprop.py

@@ -109,7 +109,7 @@ def test_itemprop_price_change(client, live_server, measure_memory_usage, datast
     set_original_response(props_markup=instock_props[0], price='120.45', datastore_path=datastore_path)
     res = client.post(
         url_for("ui.ui_edit.edit_page", uuid="first"),
-        data={"restock_settings-follow_price_changes": "", "url": test_url, "tags": "", "headers": "", 'fetch_backend': "html_requests", "time_between_check_use_default": "y"},
+        data={"processor_config_restock_diff-follow_price_changes": "", "url": test_url, "tags": "", "headers": "", 'fetch_backend': "html_requests", "time_between_check_use_default": "y"},
         follow_redirects=True
     )
     assert b"Updated watch." in res.data
@@ -204,9 +204,9 @@ def _run_test_minmax_limit(client, extra_watch_edit_form, datastore_path):
 def test_restock_itemprop_minmax(client, live_server, measure_memory_usage, datastore_path):
     
     extras = {
-        "restock_settings-follow_price_changes": "y",
-        "restock_settings-price_change_min": 900.0,
-        "restock_settings-price_change_max": 1100.10
+        "processor_config_restock_diff-follow_price_changes": "y",
+        "processor_config_restock_diff-price_change_min": 900.0,
+        "processor_config_restock_diff-price_change_max": 1100.10
     }
     _run_test_minmax_limit(client, extra_watch_edit_form=extras, datastore_path=datastore_path)
 
@@ -223,9 +223,9 @@ def test_restock_itemprop_with_tag(client, live_server, measure_memory_usage, da
     res = client.post(
         url_for("tags.form_tag_edit_submit", uuid="first"),
         data={"name": "test-tag",
-              "restock_settings-follow_price_changes": "y",
-              "restock_settings-price_change_min": 900.0,
-              "restock_settings-price_change_max": 1100.10,
+              "processor_config_restock_diff-follow_price_changes": "y",
+              "processor_config_restock_diff-price_change_min": 900.0,
+              "processor_config_restock_diff-price_change_max": 1100.10,
               "overrides_watch": "y", #overrides_watch should be restock_overrides_watch
               },
         follow_redirects=True
@@ -258,8 +258,8 @@ def test_itemprop_percent_threshold(client, live_server, measure_memory_usage, d
 
     res = client.post(
         url_for("ui.ui_edit.edit_page", uuid="first"),
-        data={"restock_settings-follow_price_changes": "y",
-              "restock_settings-price_change_threshold_percent": 5.0,
+        data={"processor_config_restock_diff-follow_price_changes": "y",
+              "processor_config_restock_diff-price_change_threshold_percent": 5.0,
               "url": test_url,
               "tags": "",
               "headers": "",
@@ -305,8 +305,8 @@ def test_itemprop_percent_threshold(client, live_server, measure_memory_usage, d
 
     res = client.post(
         url_for("ui.ui_edit.edit_page", uuid=uuid),
-        data={"restock_settings-follow_price_changes": "y",
-              "restock_settings-price_change_threshold_percent": 5.05,
+        data={"processor_config_restock_diff-follow_price_changes": "y",
+              "processor_config_restock_diff-price_change_threshold_percent": 5.05,
               "processor": "text_json_diff",
               "url": test_url,
               'fetch_backend': "html_requests",

docker-compose.yml

@@ -9,12 +9,6 @@ services:
 #        - ./proxies.json:/datastore/proxies.json
 
   #    environment:
-  #        Run as a specific user/group (UID:GID). Defaults to 911:911.
-  #        The container will automatically fix datastore ownership on first start if needed.
-  #        Set SKIP_CHOWN=1 to disable the ownership migration (e.g. if you manage permissions yourself).
-  #      - PUID=1000
-  #      - PGID=1000
-  #
   #        Default listening port, can also be changed with the -p option (not to be confused with ports: below)
   #      - PORT=5000
   #
@@ -86,9 +80,8 @@ services:
   #        RAM usage will be higher if you increase this.
   #      - SCREENSHOT_MAX_HEIGHT=16000
   #
-  #        HTTPS SSL Mode for webserver, volume mount the cert files and set these env vars.
+  #        HTTPS SSL Mode for webserver, unset both of these, you may need to volume mount these files also.
   #        ./cert.pem:/app/cert.pem and ./privkey.pem:/app/privkey.pem
-  #        Permissions are fixed automatically on startup.
   #      - SSL_CERT_FILE=cert.pem
   #      - SSL_PRIVKEY_FILE=privkey.pem
   #
@@ -102,8 +95,6 @@ services:
       ports:
         - 127.0.0.1:5000:5000
       restart: unless-stopped
-      security_opt:
-        - no-new-privileges:true
 
      # Used for fetching pages via WebDriver+Chrome where you need Javascript support.
      # Now working on arm64 (needs testing on rPi - tested on Oracle ARM instance)

docker-entrypoint.sh

@@ -1,68 +1,28 @@
 #!/bin/bash
-set -eu
+set -e
 
-DATASTORE_PATH="${DATASTORE_PATH:-/datastore}"
+# Install additional packages from EXTRA_PACKAGES env var
+# Uses a marker file to avoid reinstalling on every container restart
+INSTALLED_MARKER="/datastore/.extra_packages_installed"
+CURRENT_PACKAGES="$EXTRA_PACKAGES"
 
-# -----------------------------------------------------------------------
-# Phase 1: Running as root — fix up PUID/PGID and datastore ownership,
-#           then re-exec as the unprivileged changedetection user via gosu.
-# -----------------------------------------------------------------------
-if [ "$(id -u)" = '0' ]; then
-    PUID=${PUID:-911}
-    PGID=${PGID:-911}
-
-    groupmod -o -g "$PGID" changedetection
-    usermod -o -u "$PUID" changedetection
-
-    # Keep /extra_packages writable by the (potentially re-mapped) user
-    chown changedetection:changedetection /extra_packages
-
-    # One-time ownership migration: only chown if the datastore isn't already
-    # owned by the target UID (e.g. existing root-owned installations).
-    if [ -z "${SKIP_CHOWN:-}" ]; then
-        datastore_uid=$(stat -c '%u' "$DATASTORE_PATH")
-        if [ "$datastore_uid" != "$PUID" ]; then
-            echo "Updating $DATASTORE_PATH ownership to $PUID:$PGID (one-time migration)..."
-            chown -R changedetection:changedetection "$DATASTORE_PATH"
-            echo "Done."
-        fi
-    fi
-
-    # Fix SSL certificate permissions so the unprivileged user can read them.
-    # SSL_CERT_FILE / SSL_PRIVKEY_FILE may be relative (to /app) or absolute.
-    fix_ssl_perm() {
-        local file="$1" mode="$2"
-        [ -z "$file" ] && return
-        [ "${file:0:1}" != "/" ] && file="/app/$file"
-        if [ -f "$file" ]; then
-            chown changedetection:changedetection "$file"
-            chmod "$mode" "$file"
-        fi
-    }
-    fix_ssl_perm "${SSL_CERT_FILE:-}" 644
-    fix_ssl_perm "${SSL_PRIVKEY_FILE:-}" 600
-
-    # Re-exec this script as the unprivileged user
-    exec gosu changedetection:changedetection "$0" "$@"
-fi
-
-# -----------------------------------------------------------------------
-# Phase 2: Running as unprivileged user — install any EXTRA_PACKAGES into
-#           /extra_packages (already on PYTHONPATH) then exec the app.
-# -----------------------------------------------------------------------
-
-# Install additional packages from EXTRA_PACKAGES env var.
-# Uses a marker file in the datastore to avoid reinstalling on every restart.
-if [ -n "${EXTRA_PACKAGES:-}" ]; then
-    INSTALLED_MARKER="${DATASTORE_PATH}/.extra_packages_installed"
-    if [ ! -f "$INSTALLED_MARKER" ] || [ "$(cat "$INSTALLED_MARKER" 2>/dev/null)" != "$EXTRA_PACKAGES" ]; then
+if [ -n "$EXTRA_PACKAGES" ]; then
+    # Check if we need to install/update packages
+    if [ ! -f "$INSTALLED_MARKER" ] || [ "$(cat $INSTALLED_MARKER 2>/dev/null)" != "$CURRENT_PACKAGES" ]; then
         echo "Installing extra packages: $EXTRA_PACKAGES"
-        pip3 install --target=/extra_packages --no-cache-dir $EXTRA_PACKAGES
-        echo "$EXTRA_PACKAGES" > "$INSTALLED_MARKER"
-        echo "Extra packages installed successfully"
+        pip3 install --no-cache-dir $EXTRA_PACKAGES
+
+        if [ $? -eq 0 ]; then
+            echo "$CURRENT_PACKAGES" > "$INSTALLED_MARKER"
+            echo "Extra packages installed successfully"
+        else
+            echo "ERROR: Failed to install extra packages"
+            exit 1
+        fi
     else
         echo "Extra packages already installed: $EXTRA_PACKAGES"
     fi
 fi
 
+# Execute the main command
 exec "$@"

docs/api-spec.yaml

@@ -108,9 +108,14 @@ tags:
       
   - name: System Information
     description: |
-      Retrieve system status and statistics about your changedetection.io instance, including total watch 
+      Retrieve system status and statistics about your changedetection.io instance, including total watch
       counts, uptime information, and version details.
 
+  - name: Plugin API Extensions
+    description: |
+      Retrieve the live OpenAPI specification for this instance. Unlike the static spec, this endpoint
+      returns the fully merged spec including schemas for any processor plugins installed on this instance.
+
 components:
   securitySchemes:
     ApiKeyAuth:
@@ -1889,7 +1894,7 @@ paths:
         - lang: 'Python'
           source: |
             import requests
-            
+
             headers = {'x-api-key': 'YOUR_API_KEY'}
             response = requests.get('http://localhost:5000/api/v1/systeminfo', headers=headers)
             print(response.json())
@@ -1905,3 +1910,27 @@ paths:
                 tag_count: 5
                 uptime: "2 days, 3:45:12"
                 version: "0.50.10"
+
+  /full-spec:
+    get:
+      operationId: getFullApiSpec
+      tags: [Plugin API Extensions]
+      summary: Get full live API spec
+      description: |
+        Return the fully merged OpenAPI specification for this instance.
+
+        Unlike the static `api-spec.yaml` shipped with the application, this endpoint returns the
+        spec dynamically merged with any `api.yaml` schemas provided by installed processor plugins.
+        Use this URL with Swagger UI or Redoc to get accurate documentation for your specific install.
+      security: []
+      x-code-samples:
+        - lang: 'curl'
+          source: |
+            curl -X GET "http://localhost:5000/api/v1/full-spec"
+      responses:
+        '200':
+          description: Merged OpenAPI specification in YAML format
+          content:
+            application/yaml:
+              schema:
+                type: string

requirements.txt

@@ -9,10 +9,15 @@ flask_restful
 flask_cors # For the Chrome extension to operate
 # janus # No longer needed - using pure threading.Queue for multi-loop support
 flask_wtf~=1.2
-flask~=3.1
-flask-socketio~=5.6.0
-python-socketio~=5.16.1
-python-engineio~=4.13.1
+# Flask 3.1 removed the session setter on RequestContext; the patch in
+# changedetectionio/realtime/socket_server.py restores it so Flask-SocketIO works.
+# Require >=3.1 so the patch is always needed; <4 guards against unknown breaking changes.
+flask>=3.1,<4
+# Flask-SocketIO 5.x still does ctx.session = ... directly; the patch above handles it.
+# >=5.5.0 ensures the threading async_mode we rely on is available.
+flask-socketio>=5.5.0,<6
+python-socketio>=5.11.0,<6
+python-engineio>=4.9.0,<5
 inscriptis~=2.2
 pytz
 timeago~=1.0