Re #1377 - Use year/date in the backup snapshot zip filename

UI - preview page - Fix bug where playwright/chrome was system default and [preview] didnt show snapshot
Adding example docker-compose.yml config to ignore errors from self-signed certs #1389
2025-10-31 22:57:18 +00:00 · 2023-02-11 13:11:08 +01:00 · 2023-02-07 16:55:34 +01:00 · 2023-02-06 17:24:12 +01:00 · 2023-02-03 19:20:13 +01:00 · 2023-02-03 18:35:58 +01:00
14 changed files with 273 additions and 90 deletions
--- a/.github/workflows/test-only.yml
+++ b/.github/workflows/test-only.yml
@@ -67,10 +67,10 @@ jobs:
          sleep 3
          # Should return 0 (no error) when grep finds it
          curl -s http://localhost:5556 |grep -q checkbox-uuid
-          curl -s http://localhost:5556/rss|grep -q rss-specification
+          
          # and IPv6
          curl -s -g -6 "http://[::1]:5556"|grep -q checkbox-uuid
-          curl -s -g -6 "http://[::1]:5556/rss"|grep -q rss-specification
+          

 #export WEBDRIVER_URL=http://localhost:4444/wd/hub
 #pytest tests/fetchers/test_content.py
--- a/changedetectionio/init.py
+++ b/changedetectionio/init.py
@@ -1,5 +1,15 @@
 #!/usr/bin/python3

+from changedetectionio import queuedWatchMetaData
+from copy import deepcopy
+from distutils.util import strtobool
+from feedgen.feed import FeedGenerator
+from flask_compress import Compress as FlaskCompress
+from flask_login import current_user
+from flask_restful import abort, Api
+from flask_wtf import CSRFProtect
+from functools import wraps
+from threading import Event
 import datetime
 import flask_login
 import logging
@@ -10,12 +20,6 @@ import threading
 import time
 import timeago

-from changedetectionio import queuedWatchMetaData
-from copy import deepcopy
-from distutils.util import strtobool
-from feedgen.feed import FeedGenerator
-from threading import Event
-
 from flask import (
    Flask,
    abort,
@@ -28,15 +32,11 @@ from flask import (
    session,
    url_for,
 )
-from flask_compress import Compress as FlaskCompress
-from flask_login import login_required
-from flask_restful import abort, Api
-from flask_wtf import CSRFProtect

 from changedetectionio import html_tools
 from changedetectionio.api import api_v1

-__version__ = '0.40.1.1'
+__version__ = '0.40.2'

 datastore = None

@@ -53,7 +53,6 @@ app = Flask(__name__,
            static_url_path="",
            static_folder="static",
            template_folder="templates")
-from flask_compress import Compress

 # Super handy for compressing large BrowserSteps responses and others
 FlaskCompress(app)
@@ -65,8 +64,6 @@ app.config.exit = Event()

 app.config['NEW_VERSION_AVAILABLE'] = False

-app.config['LOGIN_DISABLED'] = False
-
 #app.config["EXPLAIN_TEMPLATE_LOADING"] = True

 # Disables caching of the templates
@@ -148,7 +145,6 @@ class User(flask_login.UserMixin):

    # Compare given password against JSON store or Env var
    def check_password(self, password):
-
        import base64
        import hashlib

@@ -156,11 +152,9 @@ class User(flask_login.UserMixin):
        raw_salt_pass = os.getenv("SALTED_PASS", False)

        if not raw_salt_pass:
-            raw_salt_pass = datastore.data['settings']['application']['password']
+            raw_salt_pass = datastore.data['settings']['application'].get('password')

        raw_salt_pass = base64.b64decode(raw_salt_pass)
-
-
        salt_from_storage = raw_salt_pass[:32]  # 32 is the length of the salt

        # Use the exact same setup you used to generate the key, but this time put in the password to check
@@ -170,21 +164,44 @@ class User(flask_login.UserMixin):
            salt_from_storage,
            100000
        )
-        new_key =  salt_from_storage + new_key
+        new_key = salt_from_storage + new_key

        return new_key == raw_salt_pass

    pass

+
+def login_optionally_required(func):
+    @wraps(func)
+    def decorated_view(*args, **kwargs):
+
+        has_password_enabled = datastore.data['settings']['application'].get('password') or os.getenv("SALTED_PASS", False)
+
+        # Permitted
+        if request.endpoint == 'static_content' and request.view_args['group'] == 'styles':
+            return func(*args, **kwargs)
+        # Permitted
+        elif request.endpoint == 'diff_history_page' and datastore.data['settings']['application'].get('shared_diff_access'):
+            return func(*args, **kwargs)
+
+        elif request.method in flask_login.config.EXEMPT_METHODS:
+            return func(*args, **kwargs)
+        elif app.config.get('LOGIN_DISABLED'):
+            return func(*args, **kwargs)
+        elif has_password_enabled and not current_user.is_authenticated:
+            return app.login_manager.unauthorized()
+
+        return func(*args, **kwargs)
+
+    return decorated_view
+
 def changedetection_app(config=None, datastore_o=None):
    global datastore
    datastore = datastore_o

    # so far just for read-only via tests, but this will be moved eventually to be the main source
    # (instead of the global var)
-    app.config['DATASTORE']=datastore_o
-
-    #app.config.update(config or {})
+    app.config['DATASTORE'] = datastore_o

    login_manager = flask_login.LoginManager(app)
    login_manager.login_view = 'login'
@@ -212,6 +229,8 @@ def changedetection_app(config=None, datastore_o=None):
    # https://flask-cors.readthedocs.io/en/latest/
    #    CORS(app)

+
+
    @login_manager.user_loader
    def user_loader(email):
        user = User()
@@ -220,7 +239,7 @@ def changedetection_app(config=None, datastore_o=None):

    @login_manager.unauthorized_handler
    def unauthorized_handler():
-        # @todo validate its a URL of this host and use that
+        flash("You must be logged in, please log in.", 'error')
        return redirect(url_for('login', next=url_for('index')))

    @app.route('/logout')
@@ -233,10 +252,6 @@ def changedetection_app(config=None, datastore_o=None):
    @app.route('/login', methods=['GET', 'POST'])
    def login():

-        if not datastore.data['settings']['application']['password'] and not os.getenv("SALTED_PASS", False):
-            flash("Login not required, no password enabled.", "notice")
-            return redirect(url_for('index'))
-
        if request.method == 'GET':
            if flask_login.current_user.is_authenticated:
                flash("Already logged in")
@@ -271,27 +286,22 @@ def changedetection_app(config=None, datastore_o=None):
        return redirect(url_for('login'))

    @app.before_request
-    def do_something_whenever_a_request_comes_in():
-
-        # Disable password login if there is not one set
-        # (No password in settings or env var)
-        app.config['LOGIN_DISABLED'] = datastore.data['settings']['application']['password'] == False and os.getenv("SALTED_PASS", False) == False
-
+    def before_request_handle_cookie_x_settings():
        # Set the auth cookie path if we're running as X-settings/X-Forwarded-Prefix
        if os.getenv('USE_X_SETTINGS') and 'X-Forwarded-Prefix' in request.headers:
            app.config['REMEMBER_COOKIE_PATH'] = request.headers['X-Forwarded-Prefix']
            app.config['SESSION_COOKIE_PATH'] = request.headers['X-Forwarded-Prefix']

-        # For the RSS path, allow access via a token
-        if request.path == '/rss' and request.args.get('token'):
-            app_rss_token = datastore.data['settings']['application']['rss_access_token']
-            rss_url_token = request.args.get('token')
-            if app_rss_token == rss_url_token:
-                app.config['LOGIN_DISABLED'] = True
+        return None

    @app.route("/rss", methods=['GET'])
-    @login_required
    def rss():
+        # Always requires token set
+        app_rss_token = datastore.data['settings']['application'].get('rss_access_token')
+        rss_url_token = request.args.get('token')
+        if rss_url_token != app_rss_token:
+            return "Access denied, bad token", 403
+
        from . import diff
        limit_tag = request.args.get('tag')

@@ -365,7 +375,7 @@ def changedetection_app(config=None, datastore_o=None):
        return response

    @app.route("/", methods=['GET'])
-    @login_required
+    @login_optionally_required
    def index():
        from changedetectionio import forms

@@ -429,7 +439,7 @@ def changedetection_app(config=None, datastore_o=None):

    # AJAX endpoint for sending a test
    @app.route("/notification/send-test", methods=['POST'])
-    @login_required
+    @login_optionally_required
    def ajax_callback_send_notification_test():

        import apprise
@@ -462,7 +472,7 @@ def changedetection_app(config=None, datastore_o=None):


    @app.route("/clear_history/<string:uuid>", methods=['GET'])
-    @login_required
+    @login_optionally_required
    def clear_watch_history(uuid):
        try:
            datastore.clear_watch_history(uuid)
@@ -474,7 +484,7 @@ def changedetection_app(config=None, datastore_o=None):
        return redirect(url_for('index'))

    @app.route("/clear_history", methods=['GET', 'POST'])
-    @login_required
+    @login_optionally_required
    def clear_all_history():

        if request.method == 'POST':
@@ -531,7 +541,7 @@ def changedetection_app(config=None, datastore_o=None):


    @app.route("/edit/<string:uuid>", methods=['GET', 'POST'])
-    @login_required
+    @login_optionally_required
    # https://stackoverflow.com/questions/42984453/wtforms-populate-form-with-data-if-data-exists
    # https://wtforms.readthedocs.io/en/3.0.x/forms/#wtforms.form.Form.populate_obj ?

@@ -677,7 +687,7 @@ def changedetection_app(config=None, datastore_o=None):
        return output

    @app.route("/settings", methods=['GET', "POST"])
-    @login_required
+    @login_optionally_required
    def settings_page():
        from changedetectionio import content_fetcher, forms

@@ -757,7 +767,7 @@ def changedetection_app(config=None, datastore_o=None):
        return output

    @app.route("/import", methods=['GET', "POST"])
-    @login_required
+    @login_optionally_required
    def import_page():
        remaining_urls = []
        if request.method == 'POST':
@@ -795,7 +805,7 @@ def changedetection_app(config=None, datastore_o=None):

    # Clear all statuses, so we do not see the 'unviewed' class
    @app.route("/form/mark-all-viewed", methods=['GET'])
-    @login_required
+    @login_optionally_required
    def mark_all_viewed():

        # Save the current newest history as the most recently viewed
@@ -805,7 +815,7 @@ def changedetection_app(config=None, datastore_o=None):
        return redirect(url_for('index'))

    @app.route("/diff/<string:uuid>", methods=['GET', 'POST'])
-    @login_required
+    @login_optionally_required
    def diff_history_page(uuid):

        from changedetectionio import forms
@@ -881,8 +891,13 @@ def changedetection_app(config=None, datastore_o=None):

        system_uses_webdriver = datastore.data['settings']['application']['fetch_backend'] == 'html_webdriver'

-        is_html_webdriver = True if watch.get('fetch_backend') == 'html_webdriver' or (
-                    watch.get('fetch_backend', None) is None and system_uses_webdriver) else False
+        is_html_webdriver = False
+        if (watch.get('fetch_backend') == 'system' and system_uses_webdriver) or watch.get('fetch_backend') == 'html_webdriver':
+            is_html_webdriver = True
+
+        password_enabled_and_share_is_off = False
+        if datastore.data['settings']['application'].get('password') or os.getenv("SALTED_PASS", False):
+            password_enabled_and_share_is_off = not datastore.data['settings']['application'].get('shared_diff_access')

        output = render_template("diff.html",
                                 current_diff_url=watch['url'],
@@ -897,6 +912,7 @@ def changedetection_app(config=None, datastore_o=None):
                                 left_sticky=True,
                                 newest=newest_version_file_contents,
                                 newest_version_timestamp=dates[-1],
+                                 password_enabled_and_share_is_off=password_enabled_and_share_is_off,
                                 previous=previous_version_file_contents,
                                 screenshot=screenshot_url,
                                 uuid=uuid,
@@ -907,7 +923,7 @@ def changedetection_app(config=None, datastore_o=None):
        return output

    @app.route("/preview/<string:uuid>", methods=['GET'])
-    @login_required
+    @login_optionally_required
    def preview_page(uuid):
        content = []
        ignored_line_numbers = []
@@ -927,9 +943,10 @@ def changedetection_app(config=None, datastore_o=None):
        extra_stylesheets = [url_for('static_content', group='styles', filename='diff.css')]


-        is_html_webdriver = True if watch.get('fetch_backend') == 'html_webdriver' or (
-                watch.get('fetch_backend', None) is None and system_uses_webdriver) else False
-
+        is_html_webdriver = False
+        if (watch.get('fetch_backend') == 'system' and system_uses_webdriver) or watch.get('fetch_backend') == 'html_webdriver':
+            is_html_webdriver = True
+            
        # Never requested successfully, but we detected a fetch error
        if datastore.data['watching'][uuid].history_n == 0 and (watch.get_error_text() or watch.get_error_snapshot()):
            flash("Preview unavailable - No fetch/check completed or triggers not reached", "error")
@@ -997,7 +1014,7 @@ def changedetection_app(config=None, datastore_o=None):
        return output

    @app.route("/settings/notification-logs", methods=['GET'])
-    @login_required
+    @login_optionally_required
    def notification_logs():
        global notification_debug_log
        output = render_template("notification-log.html",
@@ -1007,7 +1024,7 @@ def changedetection_app(config=None, datastore_o=None):

    # We're good but backups are even better!
    @app.route("/backup", methods=['GET'])
-    @login_required
+    @login_optionally_required
    def get_backup():

        import zipfile
@@ -1019,7 +1036,8 @@ def changedetection_app(config=None, datastore_o=None):
            os.unlink(previous_backup_filename)

        # create a ZipFile object
-        backupname = "changedetection-backup-{}.zip".format(int(time.time()))
+        timestamp = datetime.datetime.now().strftime("%Y%m%d%H%M%S")
+        backupname = "changedetection-backup-{}.zip".format(timestamp)
        backup_filepath = os.path.join(datastore_o.datastore_path, backupname)

        with zipfile.ZipFile(backup_filepath, "w",
@@ -1127,7 +1145,7 @@ def changedetection_app(config=None, datastore_o=None):
            abort(404)

    @app.route("/form/add/quickwatch", methods=['POST'])
-    @login_required
+    @login_optionally_required
    def form_quick_watch_add():
        from changedetectionio import forms
        form = forms.quickWatchForm(request.form)
@@ -1159,7 +1177,7 @@ def changedetection_app(config=None, datastore_o=None):


    @app.route("/api/delete", methods=['GET'])
-    @login_required
+    @login_optionally_required
    def form_delete():
        uuid = request.args.get('uuid')

@@ -1176,7 +1194,7 @@ def changedetection_app(config=None, datastore_o=None):
        return redirect(url_for('index'))

    @app.route("/api/clone", methods=['GET'])
-    @login_required
+    @login_optionally_required
    def form_clone():
        uuid = request.args.get('uuid')
        # More for testing, possible to return the first/only
@@ -1191,7 +1209,7 @@ def changedetection_app(config=None, datastore_o=None):
        return redirect(url_for('index'))

    @app.route("/api/checknow", methods=['GET'])
-    @login_required
+    @login_optionally_required
    def form_watch_checknow():
        # Forced recheck will skip the 'skip if content is the same' rule (, 'reprocess_existing_data': True})))
        tag = request.args.get('tag')
@@ -1225,7 +1243,7 @@ def changedetection_app(config=None, datastore_o=None):
        return redirect(url_for('index', tag=tag))

    @app.route("/form/checkbox-operations", methods=['POST'])
-    @login_required
+    @login_optionally_required
    def form_watch_list_checkbox_operations():
        op = request.form['op']
        uuids = request.form.getlist('uuids')
@@ -1289,7 +1307,7 @@ def changedetection_app(config=None, datastore_o=None):
        return redirect(url_for('index'))

    @app.route("/api/share-url", methods=['GET'])
-    @login_required
+    @login_optionally_required
    def form_share_put_watch():
        """Given a watch UUID, upload the info and return a share-link
           the share-link can be imported/added"""
--- a/changedetectionio/blueprint/browser_steps/init.py
+++ b/changedetectionio/blueprint/browser_steps/init.py
@@ -23,11 +23,10 @@

 from distutils.util import strtobool
 from flask import Blueprint, request, make_response
-from flask_login import login_required
 import os
 import logging
 from changedetectionio.store import ChangeDetectionStore
-
+from changedetectionio import login_optionally_required
 browsersteps_live_ui_o = {}
 browsersteps_playwright_browser_interface = None
 browsersteps_playwright_browser_interface_browser = None
@@ -65,7 +64,7 @@ def construct_blueprint(datastore: ChangeDetectionStore):

    browser_steps_blueprint = Blueprint('browser_steps', __name__, template_folder="templates")

-    @login_required
+    @login_optionally_required
    @browser_steps_blueprint.route("/browsersteps_update", methods=['GET', 'POST'])
    def browsersteps_ui_update():
        import base64
--- a/changedetectionio/content_fetcher.py
+++ b/changedetectionio/content_fetcher.py
@@ -297,8 +297,8 @@ class base_html_playwright(Fetcher):
                proxy=self.proxy,
                # This is needed to enable JavaScript execution on GitHub and others
                bypass_csp=True,
-                # Can't think why we need the service workers for our use case?
-                service_workers='block',
+                # Should be `allow` or `block` - sites like YouTube can transmit large amounts of data via Service Workers
+                service_workers=os.getenv('PLAYWRIGHT_SERVICE_WORKERS', 'allow'),
                # Should never be needed
                accept_downloads=False
            )
--- a/changedetectionio/forms.py
+++ b/changedetectionio/forms.py
@@ -459,17 +459,17 @@ class globalSettingsRequestForm(Form):
 # datastore.data['settings']['application']..
 class globalSettingsApplicationForm(commonSettingsForm):

-    base_url = StringField('Base URL', validators=[validators.Optional()])
-    global_subtractive_selectors = StringListField('Remove elements', [ValidateCSSJSONXPATHInput(allow_xpath=False, allow_json=False)])
-    global_ignore_text = StringListField('Ignore Text', [ValidateListRegex()])
-    ignore_whitespace = BooleanField('Ignore whitespace')
-    removepassword_button = SubmitField('Remove password', render_kw={"class": "pure-button pure-button-primary"})
-    empty_pages_are_a_change =  BooleanField('Treat empty pages as a change?', default=False)
-    render_anchor_tag_content = BooleanField('Render anchor tag content', default=False)
-    fetch_backend = RadioField('Fetch Method', default="html_requests", choices=content_fetcher.available_fetchers(), validators=[ValidateContentFetcherIsReady()])
    api_access_token_enabled = BooleanField('API access token security check enabled', default=True, validators=[validators.Optional()])
+    base_url = StringField('Base URL', validators=[validators.Optional()])
+    empty_pages_are_a_change =  BooleanField('Treat empty pages as a change?', default=False)
+    fetch_backend = RadioField('Fetch Method', default="html_requests", choices=content_fetcher.available_fetchers(), validators=[ValidateContentFetcherIsReady()])
+    global_ignore_text = StringListField('Ignore Text', [ValidateListRegex()])
+    global_subtractive_selectors = StringListField('Remove elements', [ValidateCSSJSONXPATHInput(allow_xpath=False, allow_json=False)])
+    ignore_whitespace = BooleanField('Ignore whitespace')
    password = SaltyPasswordField()
-
+    removepassword_button = SubmitField('Remove password', render_kw={"class": "pure-button pure-button-primary"})
+    render_anchor_tag_content = BooleanField('Render anchor tag content', default=False)
+    shared_diff_access = BooleanField('Allow access to view diff page when password is enabled', default=False, validators=[validators.Optional()])
    filter_failure_notification_threshold_attempts = IntegerField('Number of times the filter can be missing before sending a notification',
                                                                  render_kw={"style": "width: 5em;"},
                                                                  validators=[validators.NumberRange(min=0,
--- a/changedetectionio/model/App.py
+++ b/changedetectionio/model/App.py
@@ -40,6 +40,7 @@ class model(dict):
                    'notification_body': default_notification_body,
                    'notification_format': default_notification_format,
                    'schema_version' : 0,
+                    'shared_diff_access': False,
                    'webdriver_delay': None  # Extra delay in seconds before extracting text
                }
            }
--- a/changedetectionio/templates/diff.html
+++ b/changedetectionio/templates/diff.html
@@ -76,8 +76,12 @@
    </div>

     <div class="tab-pane-inner" id="text">
-         <div class="tip">Pro-tip: Use <strong>show current snapshot</strong> tab to visualise what will be ignored.
-         </div>
+         <div class="tip">Pro-tip: Use <strong>show current snapshot</strong> tab to visualise what will be ignored.</div>
+
+         {% if password_enabled_and_share_is_off %}
+           <div class="tip">Pro-tip: You can enable <strong>"share access when password is enabled"</strong> from settings</div>
+         {% endif %}
+
         <div class="snapshot-age">{{watch_a.snapshot_text_ctime|format_timestamp_timeago}}</div>

         <table>
--- a/changedetectionio/templates/settings.html
+++ b/changedetectionio/templates/settings.html
@@ -57,6 +57,11 @@
                        {% endif %}
                    </div>

+                    <div class="pure-control-group">
+                        {{ render_checkbox_field(form.application.form.shared_diff_access, class="shared_diff_access") }}
+                        <span class="pure-form-message-inline">Allow access to view watch diff page when password is enabled (Good for sharing the diff page)
+                        </span>
+                    </div>
                    <div class="pure-control-group">
                        {{ render_field(form.application.form.base_url, placeholder="http://yoursite.com:5000/",
                        class="m-d") }}
--- a/changedetectionio/tests/test_access_control.py
+++ b/changedetectionio/tests/test_access_control.py
@@ -1,18 +1,34 @@
+from . util import live_server_setup, extract_UUID_from_client
 from flask import url_for
-from . util import live_server_setup
+import time

-def test_check_access_control(app, client):
+def test_check_access_control(app, client, live_server):
    # Still doesnt work, but this is closer.
+    live_server_setup(live_server)

    with app.test_client(use_cookies=True) as c:
        # Check we don't have any password protection enabled yet.
        res = c.get(url_for("settings_page"))
        assert b"Remove password" not in res.data

-        # Enable password check.
+        # add something that we can hit via diff page later
+        res = c.post(
+            url_for("import_page"),
+            data={"urls": url_for('test_random_content_endpoint', _external=True)},
+            follow_redirects=True
+        )
+
+        assert b"1 Imported" in res.data
+        time.sleep(2)
+        res = client.get(url_for("form_watch_checknow"), follow_redirects=True)
+        assert b'1 watches queued for rechecking.' in res.data
+        time.sleep(2)
+
+        # Enable password check and diff page access bypass
        res = c.post(
            url_for("settings_page"),
            data={"application-password": "foobar",
+                  "application-shared_diff_access": "True",
                  "requests-time_between_check-minutes": 180,
                  'application-fetch_backend': "html_requests"},
            follow_redirects=True
@@ -22,9 +38,15 @@ def test_check_access_control(app, client):

        # Check we hit the login
        res = c.get(url_for("index"), follow_redirects=True)
-
+        # Should be logged out
        assert b"Login" in res.data

+        # The diff page should return something valid when logged out
+        res = client.get(url_for("diff_history_page", uuid="first"))
+        assert b'Random content' in res.data
+
+
+
        # Menu should not be available yet
        #        assert b"SETTINGS" not in res.data
        #        assert b"BACKUP" not in res.data
@@ -109,3 +131,25 @@ def test_check_access_control(app, client):

        assert b"Password protection enabled" not in res.data

+        # Now checking the diff access
+        # Enable password check and diff page access bypass
+        res = c.post(
+            url_for("settings_page"),
+            data={"application-password": "foobar",
+                  # Should be disabled
+#                  "application-shared_diff_access": "True",
+                  "requests-time_between_check-minutes": 180,
+                  'application-fetch_backend': "html_requests"},
+            follow_redirects=True
+        )
+
+        assert b"Password protection enabled." in res.data
+
+        # Check we hit the login
+        res = c.get(url_for("index"), follow_redirects=True)
+        # Should be logged out
+        assert b"Login" in res.data
+
+        # The diff page should return something valid when logged out
+        res = client.get(url_for("diff_history_page", uuid="first"))
+        assert b'Random content' not in res.data
--- a/changedetectionio/tests/test_backend.py
+++ b/changedetectionio/tests/test_backend.py
@@ -3,7 +3,7 @@
 import time
 from flask import url_for
 from urllib.request import urlopen
-from .util import set_original_response, set_modified_response, live_server_setup, wait_for_all_checks
+from .util import set_original_response, set_modified_response, live_server_setup, wait_for_all_checks, extract_rss_token_from_UI

 sleep_time_for_fetch_thread = 3

@@ -76,7 +76,8 @@ def test_check_basic_change_detection_functionality(client, live_server):
    assert b'unviewed' in res.data

    # #75, and it should be in the RSS feed
-    res = client.get(url_for("rss"))
+    rss_token = extract_rss_token_from_UI(client)
+    res = client.get(url_for("rss", token=rss_token, _external=True))
    expected_url = url_for('test_endpoint', _external=True)
    assert b'<rss' in res.data

--- a/changedetectionio/tests/test_rss.py
+++ b/changedetectionio/tests/test_rss.py
@@ -0,0 +1,39 @@
+#!/usr/bin/python3
+
+import time
+from flask import url_for
+from .util import set_original_response, set_modified_response, live_server_setup, wait_for_all_checks, extract_rss_token_from_UI
+
+
+def test_rss_and_token(client, live_server):
+    set_original_response()
+    live_server_setup(live_server)
+
+    # Add our URL to the import page
+    res = client.post(
+        url_for("import_page"),
+        data={"urls": url_for('test_random_content_endpoint', _external=True)},
+        follow_redirects=True
+    )
+
+    assert b"1 Imported" in res.data
+    rss_token = extract_rss_token_from_UI(client)
+
+    time.sleep(2)
+    client.get(url_for("form_watch_checknow"), follow_redirects=True)
+    time.sleep(2)
+
+    # Add our URL to the import page
+    res = client.get(
+        url_for("rss", token="bad token", _external=True),
+        follow_redirects=True
+    )
+
+    assert b"Access denied, bad token" in res.data
+
+    res = client.get(
+        url_for("rss", token=rss_token, _external=True),
+        follow_redirects=True
+    )
+    assert b"Access denied, bad token" not in res.data
+    assert b"Random content" in res.data
--- a/changedetectionio/tests/util.py
+++ b/changedetectionio/tests/util.py
@@ -70,6 +70,15 @@ def extract_api_key_from_UI(client):
    api_key = m.group(1)
    return api_key.strip()

+# kinda funky, but works for now
+def extract_rss_token_from_UI(client):
+    import re
+    res = client.get(
+        url_for("index"),
+    )
+    m = re.search('token=(.+?)"', str(res.data))
+    token_key = m.group(1)
+    return token_key.strip()

 # kinda funky, but works for now
 def extract_UUID_from_client(client):
@@ -98,6 +107,12 @@ def wait_for_all_checks(client):

 def live_server_setup(live_server):

+    @live_server.app.route('/test-random-content-endpoint')
+    def test_random_content_endpoint():
+        import secrets
+        return "Random content - {}\n".format(secrets.token_hex(64))
+
+
    @live_server.app.route('/test-endpoint')
    def test_endpoint():
        ctype = request.args.get('content_type')
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -41,7 +41,6 @@ services:
  #
  #        Base URL of your changedetection.io install (Added to the notification alert)
  #      - BASE_URL=https://mysite.com
-
  #        Respect proxy_pass type settings, `proxy_set_header Host "localhost";` and `proxy_set_header X-Forwarded-Prefix /app;`
  #        More here https://github.com/dgtlmoon/changedetection.io/wiki/Running-changedetection.io-behind-a-reverse-proxy-sub-directory
  #      - USE_X_SETTINGS=1
@@ -95,7 +94,10 @@ services:
 #            - CHROME_REFRESH_TIME=600000
 #            - DEFAULT_BLOCK_ADS=true
 #            - DEFAULT_STEALTH=true
-
+#
+#             Ignore HTTPS errors, like for self-signed certs
+#            - DEFAULT_IGNORE_HTTPS_ERRORS=true
+#
 volumes:
  changedetection-data:

--- a/55
+++ b/55
@@ -0,0 +1,55 @@
+diff --git a/changedetectionio/content_fetcher.py b/changedetectionio/content_fetcher.py
+index 475e90c5..843a273e 100644
+--- a/changedetectionio/content_fetcher.py
+++ b/changedetectionio/content_fetcher.py
+@@ -122,6 +122,15 @@ class Fetcher():
+         # Should set self.error, self.status_code and self.content
+         pass
+ 
+    def restock_status(self):
+        x=1
+
+    def extracted_price(self):
+        x=1
+
+    def run_all_js_extractions(self):
+        x=1
+
+     @abstractmethod
+     def quit(self):
+         return
+diff --git a/changedetectionio/fetch_site_status.py b/changedetectionio/fetch_site_status.py
+index 04b57367..0ef63fbf 100644
+--- a/changedetectionio/fetch_site_status.py
+++ b/changedetectionio/fetch_site_status.py
+@@ -199,6 +199,13 @@ class perform_site_check():
+         if watch.get('track_ldjson_price_data', '') == PRICE_DATA_TRACK_ACCEPT:
+             include_filters_rule.append(html_tools.LD_JSON_PRODUCT_OFFER_SELECTOR)
+ 
+        # maybe run them all in playwright, return it in the `fetcher` object
+        if watch.get('pluggable_logic_rules', []):
+            # Run some JS and parse it back through Python
+            # I think we want to empty the content and append a joined list of results from these processors
+            #
+            x=1
+
+         has_filter_rule = include_filters_rule and len("".join(include_filters_rule).strip())
+         has_subtractive_selectors = subtractive_selectors and len(subtractive_selectors[0].strip())
+ 
+diff --git a/changedetectionio/pluggable_filters/__init__.py b/changedetectionio/pluggable_filters/__init__.py
+index e69de29b..e6f0d975 100644
+--- a/changedetectionio/pluggable_filters/__init__.py
+++ b/changedetectionio/pluggable_filters/__init__.py
+@@ -0,0 +1,11 @@
+class pluggable_js_filter():
+    # Test it against the page, could be JS? means its possible to enable
+    def plugin_name(self):
+        return 'restock check'
+
+    def could_be_active(self):
+        return False
+
+    def get_value(self):
+        # ie "In-stock" "out-of-stock"
+        return ''
+\ No newline at end of file
Author	SHA1	Message	Date
dgtlmoon	21339dd539	Re #1377 - Use year/date in the backup snapshot zip filename	2023-02-11 13:11:08 +01:00
dgtlmoon	0f43213d9d	UI - preview page - Fix bug where playwright/chrome was system default and [preview] didnt show snapshot	2023-02-07 16:55:34 +01:00
dgtlmoon	93c57d9fad	Adding example docker-compose.yml config to ignore errors from self-signed certs #1389	2023-02-06 17:24:12 +01:00
dgtlmoon	3cdd075baf	0.40.2	2023-02-03 19:20:13 +01:00
dgtlmoon	5c617e8530	Code cleanup - remove unused import	2023-02-03 18:35:58 +01:00
dgtlmoon	1a48965ba1	UI fix - Fix logic for showing screenshot on diff page (#1379 )	2023-02-03 11:23:48 +01:00
dgtlmoon	41856c4ed8	Re #1365 - Playwright - Browser "Service Workers" should be enabled by default but unset via env var PLAYWRIGHT_SERVICE_WORKERS=block (#1367 )	2023-02-01 20:50:40 +01:00
dgtlmoon	0ed897c50f	New setting to allow passwordless access to your 'diff' page - perfect for sharing your diff page securely, refactored login code (#1357 )	2023-01-29 22:36:55 +01:00