5 releases 5 tags

RSS feed

• v0.0.4 8d9e14ee5a

  Compare

  v0.0.4 Stable

  padreug released this 2026-01-19 11:29:08 +00:00 | 1 commits to main since this release

  • Centralized authorization module: New auth.py with AuthContext, require_super_user, and require_authenticated helpers

  • Fixed 6 critical unprotected endpoints that exposed sensitive data

  • Consolidated 16+ admin endpoints with duplicated super_user checks into standardized patterns

  • Standardized on user_id (wallet.wallet.user) instead of wallet_id for consistency

  • Added concurrency protection for Fava/Beancount ledger writes to prevent race conditions

  • Global asyncio.Lock to serialize all write operations

  • Per-user locks for finer-grained concurrency control

  • Retry logic with exponential backoff for checksum conflicts

  • New add_entry_idempotent() method to prevent duplicate entries

  • ChecksumConflictError exception for conflict handling

  • Fixed approve/reject endpoints to use Fava source API correctly

  • Properly read entry metadata (filename, lineno) from parsed entry

  • Read full source file via GET /source, modify specific lines, write back via PUT /source

  • Added Fava settings UI in super admin Settings dialog (URL, ledger slug, timeout)

  • Fava client reinitializes automatically when settings are updated

  • Fixed race conditions in toolbar buttons - added settingsLoaded flag to prevent wrong buttons appearing before isSuperUser was determined

  • Fixed "Cannot read properties of undefined (reading 'user')" error from premature Vue mount() call

  https://git.aiolabs.dev/padreug/castle/compare/v0.0.3...v0.0.4

  Downloads

  • Source code (ZIP)
    3 downloads
  • Source code (TAR.GZ)
    2 downloads