chore: release v0.9.19-rc.3

fix(auth): suppress misleading 502 warning during session validation
A 502 Bad Gateway is a server/gateway error, not a network error. Logging it as a 'Session validation network error' is noisy and misleading during startup when nginx is temporarily unreachable. Silently skip the console.warn for 5xx errors in handleValidationError while keeping the warning for actual network errors.
2026-05-22 20:49:12 +02:00 · 2026-05-22 20:47:57 +02:00 · 2026-05-22 20:38:33 +02:00 · 2026-05-22 20:36:14 +02:00
13 changed files with 10419 additions and 46 deletions
--- a/Docker/Dockerfile.frontend
+++ b/Docker/Dockerfile.frontend
@@ -18,7 +18,7 @@ WORKDIR /build
 COPY frontend/package.json frontend/package-lock.json* /build/
 RUN npm ci --ignore-scripts

-# Copy source and build
+# Copy source + local OpenAPI spec (avoids needing a running backend during build)
 COPY frontend/ /build/
 RUN npm run build

--- a/Docker/VERSION
+++ b/Docker/VERSION
@@ -1 +1 @@
-v0.9.19
+v0.9.19-rc.3
--- a/Docker/release.sh
+++ b/Docker/release.sh
@@ -6,7 +6,7 @@
 #   ./release.sh
 #
 # The current version is stored in VERSION (next to this script).
-# You will be asked whether to bump major, minor, or patch.
+# You will be asked whether to bump major, minor, patch, or release candidate (rc).

 set -euo pipefail

@@ -24,24 +24,60 @@ CURRENT="$(cat "${VERSION_FILE}")"
 # Strip leading 'v' for arithmetic
 VERSION="${CURRENT#v}"

-IFS='.' read -r MAJOR MINOR PATCH <<< "${VERSION}"
+# Parse version: X.Y.Z or X.Y.Z-rc.N
+if [[ "${VERSION}" =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)(-rc\.([0-9]+))?$ ]]; then
+    MAJOR="${BASH_REMATCH[1]}"
+    MINOR="${BASH_REMATCH[2]}"
+    PATCH="${BASH_REMATCH[3]}"
+    RC_SUFFIX="${BASH_REMATCH[4]:-}"
+    RC_NUM="${BASH_REMATCH[5]:-0}"
+else
+    echo "Error: version '${VERSION}' does not match expected format X.Y.Z or X.Y.Z-rc.N" >&2
+    exit 1
+fi

 echo "============================================"
 echo " BanGUI — Release"
+if [[ -n "${RC_SUFFIX}" ]]; then
+    echo " Current version: v${MAJOR}.${MINOR}.${PATCH}-rc.${RC_NUM}"
+else
    echo " Current version: v${MAJOR}.${MINOR}.${PATCH}"
+fi
 echo "============================================"
 echo ""
 echo "How would you like to bump the version?"
+if [[ -n "${RC_SUFFIX}" ]]; then
+    echo "  1) patch  (v${MAJOR}.${MINOR}.${PATCH}-rc.${RC_NUM} → v${MAJOR}.${MINOR}.${PATCH})"
+    echo "  2) minor  (v${MAJOR}.${MINOR}.${PATCH}-rc.${RC_NUM} → v${MAJOR}.$((MINOR + 1)).0)"
+    echo "  3) major  (v${MAJOR}.${MINOR}.${PATCH}-rc.${RC_NUM} → v$((MAJOR + 1)).0.0)"
+    echo "  4) rc     (v${MAJOR}.${MINOR}.${PATCH}-rc.${RC_NUM} → v${MAJOR}.${MINOR}.${PATCH}-rc.$((RC_NUM + 1)))"
+else
    echo "  1) patch  (v${MAJOR}.${MINOR}.${PATCH} → v${MAJOR}.${MINOR}.$((PATCH + 1)))"
    echo "  2) minor  (v${MAJOR}.${MINOR}.${PATCH} → v${MAJOR}.$((MINOR + 1)).0)"
    echo "  3) major  (v${MAJOR}.${MINOR}.${PATCH} → v$((MAJOR + 1)).0.0)"
+    echo "  4) rc     (v${MAJOR}.${MINOR}.${PATCH} → v${MAJOR}.${MINOR}.${PATCH}-rc.1)"
+fi
 echo ""
-read -rp "Enter choice [1/2/3]: " CHOICE
+read -rp "Enter choice [1/2/3/4]: " CHOICE

 case "${CHOICE}" in
-    1) NEW_TAG="v${MAJOR}.${MINOR}.$((PATCH + 1))" ;;
+    1)
+        if [[ -n "${RC_SUFFIX}" ]]; then
+            # Release the RC: strip RC suffix
+            NEW_TAG="v${MAJOR}.${MINOR}.${PATCH}"
+        else
+            NEW_TAG="v${MAJOR}.${MINOR}.$((PATCH + 1))"
+        fi
+        ;;
    2) NEW_TAG="v${MAJOR}.$((MINOR + 1)).0" ;;
    3) NEW_TAG="v$((MAJOR + 1)).0.0" ;;
+    4)
+        if [[ "${RC_NUM}" -gt 0 ]]; then
+            NEW_TAG="v${MAJOR}.${MINOR}.${PATCH}-rc.$((RC_NUM + 1))"
+        else
+            NEW_TAG="v${MAJOR}.${MINOR}.${PATCH}-rc.1"
+        fi
+        ;;
    *)
        echo "Invalid choice. Aborting." >&2
        exit 1
@@ -81,7 +117,13 @@ fi
 # Push containers
 # ---------------------------------------------------------------------------
 bash "${SCRIPT_DIR}/push.sh" "${NEW_TAG}"
-bash "${SCRIPT_DIR}/push.sh"
+
+# Push to "latest" or "latestRC" depending on whether this is a release candidate
+if [[ "${NEW_TAG}" == *-rc* ]]; then
+    bash "${SCRIPT_DIR}/push.sh" "latestRC"
+else
+    bash "${SCRIPT_DIR}/push.sh" "latest"
+fi


 # ---------------------------------------------------------------------------
--- a/backend/pyproject.toml
+++ b/backend/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"

 [project]
 name = "bangui-backend"
-version = "0.9.19"
+version = "0.9.19-rc.1"
 description = "BanGUI backend — fail2ban web management interface"
 requires-python = ">=3.12"
 dependencies = [
--- a/frontend/openapi.json
+++ b/frontend/openapi.json
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,12 +1,12 @@
 {
  "name": "bangui-frontend",
  "private": true,
-  "version": "0.9.19",
+  "version": "0.9.19-rc.3",
  "description": "BanGUI frontend — fail2ban web management interface",
  "type": "module",
  "scripts": {
    "dev": "vite",
-    "generate:types": "openapi-typescript http://localhost:8000/api/openapi.json -o src/types/generated.ts",
+    "generate:types": "openapi-typescript ./openapi.json -o src/types/generated.ts",
    "validate:types": "bash scripts/validate-types.sh",
    "build": "npm run generate:types && tsc --noEmit && vite build",
    "preview": "vite preview",
--- a/frontend/scripts/validate-types.sh
+++ b/frontend/scripts/validate-types.sh
@@ -17,17 +17,23 @@ GENERATED_FILE="${TYPES_DIR}/generated.ts"
 TEMP_FILE=$(mktemp)
 trap "rm -f $TEMP_FILE" EXIT

-# Check if backend is accessible
+# Determine OpenAPI source: local file or backend URL
 BACKEND_URL="${BANGUI_BACKEND_URL:-http://localhost:8000}"
-if ! curl -sf "${BACKEND_URL}/api/openapi.json" > /dev/null 2>&1; then
-  echo "❌ Backend not accessible at ${BACKEND_URL}/api/openapi.json" >&2
+OPENAPI_SOURCE=""
+
+if [[ -f "${FRONTEND_DIR}/openapi.json" ]]; then
+  OPENAPI_SOURCE="${FRONTEND_DIR}/openapi.json"
+  echo "📋 Validating OpenAPI schema types (local openapi.json)..."
+elif curl -sf "${BACKEND_URL}/api/openapi.json" > /dev/null 2>&1; then
+  OPENAPI_SOURCE="${BACKEND_URL}/api/openapi.json"
+  echo "📋 Validating OpenAPI schema types (backend ${BACKEND_URL})..."
+else
+  echo "❌ Backend not accessible at ${BACKEND_URL}/api/openapi.json and no local openapi.json found" >&2
  exit 2
 fi

-echo "📋 Validating OpenAPI schema types..."
-
 # Generate types to a temporary file
-if ! npx openapi-typescript "${BACKEND_URL}/api/openapi.json" -o "$TEMP_FILE" 2>&1; then
+if ! npx openapi-typescript "${OPENAPI_SOURCE}" -o "$TEMP_FILE" 2>&1; then
  echo "❌ Failed to generate types from OpenAPI schema" >&2
  exit 3
 fi
--- a/frontend/src/components/tests/ErrorBoundary.test.tsx
+++ b/frontend/src/components/tests/ErrorBoundary.test.tsx
@@ -1,7 +1,6 @@
 import { describe, it, expect, vi } from "vitest";
 import { render, screen } from "@testing-library/react";
 import { ErrorBoundary } from "../ErrorBoundary";
-import * as telemetry from "../../utils/telemetry";

 // Mock telemetry to verify it's called
 vi.mock("../../utils/telemetry");
--- a/frontend/src/hooks/tests/useFetchData.test.ts
+++ b/frontend/src/hooks/tests/useFetchData.test.ts
@@ -468,13 +468,10 @@ describe("useFetchData", () => {
  });

  it("last subscriber abort cancels underlying request", async () => {
-    let resolveFirst: ((value: { value: string }) => void) | null = null;
    const abortSignals: AbortSignal[] = [];
    const fetcher = vi.fn().mockImplementation((signal: AbortSignal) => {
      abortSignals.push(signal);
-      return new Promise((resolve) => {
-        resolveFirst = resolve;
-      });
+      return new Promise(() => {});
    });
    const selector = vi.fn((response: { value: string }) => response.value);

--- a/frontend/src/hooks/tests/useJailBannedIps.test.ts
+++ b/frontend/src/hooks/tests/useJailBannedIps.test.ts
@@ -10,7 +10,7 @@ describe("useJailBannedIps", () => {
    const fetchMock = vi.mocked(api.fetchJailBannedIps);
    const unbanMock = vi.mocked(api.unbanIp);

-    fetchMock.mockResolvedValue({ items: [{ ip: "1.2.3.4", jail: "sshd", banned_at: "2025-01-01T10:00:00+00:00", expires_at: "2025-01-01T10:10:00+00:00", ban_count: 1, country: "US" }], total: 1, page: 1, page_size: 25 });
+    fetchMock.mockResolvedValue({ items: [{ ip: "1.2.3.4", jail: "sshd", banned_at: "2025-01-01T10:00:00+00:00", expires_at: "2025-01-01T10:10:00+00:00", ban_count: 1, country: "US" }], total: 1, page: 1, page_size: 25, total_pages: 1, pagination_mode: "offset" });
    unbanMock.mockResolvedValue({ message: "ok", jail: "sshd", success: true });

    const { result } = renderHook(() => useJailBannedIps("sshd"));
--- a/frontend/src/hooks/tests/usePolledData.test.ts
+++ b/frontend/src/hooks/tests/usePolledData.test.ts
@@ -34,8 +34,6 @@ describe("usePolledData", () => {
      vi.runAllTimersAsync();
    });

-    const callCountAfterInitial = fetcher.mock.calls.length;
-
    // Reset timer and advance to ensure no more polls
    vi.clearAllTimers();
    fetcher.mockClear();
@@ -66,8 +64,6 @@ describe("usePolledData", () => {
      vi.advanceTimersByTime(100);
    });

-    const initialCalls = fetcher.mock.calls.length;
-
    // Clear for clean test
    fetcher.mockClear();

@@ -135,7 +131,6 @@ describe("usePolledData", () => {
      vi.advanceTimersByTime(100);
    });

-    const initialCalls = fetcher.mock.calls.length;
    fetcher.mockClear();

    // Call refresh
--- a/frontend/src/providers/AuthProvider.tsx
+++ b/frontend/src/providers/AuthProvider.tsx
@@ -56,7 +56,7 @@ import React, {
 } from "react";
 import { useNavigate } from "react-router-dom";
 import * as authApi from "../api/auth";
-import { setUnauthorizedHandler, resetLogoutState, clearSessionCorrelationId } from "../api/client";
+import { ApiError, setUnauthorizedHandler, resetLogoutState, clearSessionCorrelationId } from "../api/client";
 import { setAuthErrorHandler, resetLogoutState as resetFetchErrorLogoutState } from "../utils/fetchError";
 import { STORAGE_KEY_AUTHENTICATED } from "../utils/constants";
 import { SessionValidationLoading } from "../components/SessionValidationLoading";
@@ -133,6 +133,11 @@ export function AuthProvider({

  const handleValidationError = useCallback(
    (error: Error): void => {
+      // Suppress noisy warning for 5xx gateway errors (e.g. 502 Bad Gateway)
+      // during startup — these are server-side issues, not network issues.
+      if (error instanceof ApiError && error.status >= 500) {
+        return;
+      }
      // Network error — log but don't logout.
      console.warn("Session validation network error:", error);
    },
--- a/frontend/src/types/generated.ts
+++ b/frontend/src/types/generated.ts
@@ -177,11 +177,6 @@ export interface paths {
         *     On success the token is also set as an ``HttpOnly`` ``SameSite=Lax``
         *     cookie so the browser SPA benefits from automatic credential handling.
         *
-         *     Rate limiting: Exponential backoff on failed attempts. Each wrong password
-         *     incurs an increasing delay (0.5s, 1s, 2s, 4s, 5s max per IP address).
-         *     Requests during the penalty period return ``429 Too Many Requests`` with
-         *     a ``Retry-After`` header.
-         *
         *     Cache invalidation: On successful login, any existing cached sessions for
         *     the same user are invalidated so that stale tokens (e.g., from a stolen
         *     device) cannot be reused beyond the cache TTL window.
@@ -192,7 +187,6 @@ export interface paths {
         *         request: The incoming HTTP request (used to extract client IP).
         *         session_ctx: Session service context containing db and repository.
         *         settings: Application settings (used for session duration and trusted proxies).
-         *         rate_limiter: The login rate limiter (per IP).
         *         session_cache: Session cache for invalidating old sessions on login.
         *
         *     Returns:
@@ -200,7 +194,6 @@ export interface paths {
         *
         *     Raises:
         *         AuthenticationError: if the password is incorrect.
-         *         RateLimitError: if the rate limit is exceeded.
         */
        post: operations["login_api_v1_auth_login_post"];
        delete?: never;
@@ -6274,13 +6267,6 @@ export interface operations {
                };
                content?: never;
            };
-            /** @description Too many login attempts, retry after delay */
-            429: {
-                headers: {
-                    [name: string]: unknown;
-                };
-                content?: never;
-            };
            /** @description Setup not complete */
            503: {
                headers: {
Author	SHA1	Message	Date
Lukas	9d2d6fadf3	chore: release v0.9.19-rc.3	2026-05-22 20:49:12 +02:00
Lukas	2e5ac092bf	fix(auth): suppress misleading 502 warning during session validation A 502 Bad Gateway is a server/gateway error, not a network error. Logging it as a 'Session validation network error' is noisy and misleading during startup when nginx is temporarily unreachable. Silently skip the console.warn for 5xx errors in handleValidationError while keeping the warning for actual network errors.	2026-05-22 20:47:57 +02:00
Lukas	dcee222a41	chore: release v0.9.19-rc.2	2026-05-22 20:38:33 +02:00
Lukas	12fe70d768	chore: bump to v0.9.19-rc.1 and add local OpenAPI build support - Add release candidate (rc) support to release.sh with latestRC tagging - Bump VERSION, backend pyproject.toml, and frontend package.json to 0.9.19-rc.1 - Add local frontend/openapi.json so build no longer needs running backend - Update generate:types and validate-types.sh to use local openapi.json - Fix frontend tests: remove unused imports/variables and update mock data	2026-05-22 20:36:14 +02:00