External/fredy
1
0
Fork 0
mirror of https://github.com/orangecoding/fredy.git synced 2026-06-16 12:31:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: External:20.3.4
Branches Tags
External:master External:listing-management-improvements External:listing-management External:improvements External:185-bug-old-runs-filling-up-disk
External:22.9.1 External:22.9.0 External:22.8.0 External:22.7.0 External:22.6.0 External:22.5.0 External:22.4.0 External:22.3.3 External:22.3.2 External:22.3.1 External:22.3.0 External:22.2.2 External:22.2.1 External:22.2.0 External:22.1.1 External:22.1.0 External:22.0.10 External:22.0.9 External:22.0.8 External:22.0.7 External:22.0.6 External:22.0.5 External:22.0.4 External:22.0.3 External:22.0.0 External:22.0.1 External:21.3.1 External:21.3.0 External:21.2.0 External:21.1.1 External:21.1.0 External:21.0.2 External:21.0.1 External:21.0.0 External:20.4.0 External:20.3.4 External:20.3.2 External:20.3.1 External:20.3.0 External:20.2.1 External:20.2.0 External:20.1.2 External:20.1.1 External:20.1.0 External:20.0.8 External:20.0.7 External:20.0.6 External:20.0.5 External:20.0.4 External:20.0.3 External:20.0.2 External:20.0.0 External:19.6.0 External:19.5.2 External:19.5.1 External:19.5.0 External:19.4.2 External:19.4.1 External:19.4.0 External:19.3.9 External:19.3.8 External:19.3.7 External:19.3.6 External:19.3.5 External:19.3.4 External:19.3.3 External:19.3.2 External:19.3.1 External:19.3.0 External:19.2.2 External:19.2.1 External:19.2.0 External:19.1.1 External:19.1.0 External:19.0.0 External:18.0.2 External:18.0.1 External:18.0.0 External:17.1.0 External:17.0.2 External:17.0.1 External:17.0.0 External:16.3.0 External:16.2.0 External:16.1.0 External:16.0.1 External:16.0.0 External:15.1.1 External:15.0.1 External:15.0.0 External:14.4.0 External:14.3.7 External:14.3.5 External:14.3.6 External:14.3.4 External:14.3.3 External:14.3.2 External:14.3.1 External:14.3.0 External:14.2.2 External:14.2.1 External:14.2.0 External:14.1.1 External:14.1.0 External:14.0.1 External:14.0.0 External:12.3.2 External:12.3.1 External:12.3.0 External:12.2.3 External:12.2.1 External:12.2.2 External:12.2.0 External:12.1.7 External:12.1.6 External:12.1.5 External:12.1.4 External:12.1.3 External:12.1.2 External:12.1.1 External:12.1.0 External:12.0.2 External:12.0.1 External:12.0.0 External:11.6.6 External:11.6.5 External:11.6.4 External:11.6.3 External:11.6.2 External:11.6.1 External:11.6.0 External:11.5.1 External:11.5.0 External:11.4.4 External:11.4.3 External:11.4.2 External:11.4.0 External:11.3.1 External:11.3.0 External:11.2.6 External:11.2.5 External:11.2.4 External:11.2.3 External:11.2.2 External:11.2.1 External:11.2.0 External:11.1.0 External:11.0.5 External:11.0.4 External:11.0.3 External:11.0.2 External:11.0.1 External:11.0.0 External:10.4.4 External:10.4.3 External:10.4.2 External:10.4.1 External:10.4.0 External:10.3.0 External:10.2.0 External:10.1.1 External:10.1.0 External:10.0.0 External:9.0.0 External:8.1.0 External:8.0.7 External:8.0.6 External:8.0.5 External:8.0.4 External:8.0.3 External:8.0.2 External:8.0.1 External:8.0.0 External:7.4.1 External:7.4.0 External:7.3.2 External:7.3.1 External:7.3.0 External:7.2.1 External:7.2.0 External:7.0.1 External:7.1.0 External:7.0.0 External:6.0.2 External:6.0.1 External:6.0.0 External:5.9.0 External:5.8.0 External:5.7.0 External:5.6.1 External:5.6.0 External:5.5.1 External:5.5.0 External:5.4.8 External:5.4.7 External:5.4.6 External:5.4.5 External:5.4.4 External:5.4.3 External:5.4.2 External:5.4.1 External:5.4.0 External:5.3.2 External:5.3.1 External:5.3.0 External:5.2.1 External:5.2.0 External:V5.1.0 External:V5.0.0 External:3.0.0
..
compare: External:22.7.0
Branches Tags
External:master External:listing-management-improvements External:listing-management External:improvements External:185-bug-old-runs-filling-up-disk
External:22.9.1 External:22.9.0 External:22.8.0 External:22.7.0 External:22.6.0 External:22.5.0 External:22.4.0 External:22.3.3 External:22.3.2 External:22.3.1 External:22.3.0 External:22.2.2 External:22.2.1 External:22.2.0 External:22.1.1 External:22.1.0 External:22.0.10 External:22.0.9 External:22.0.8 External:22.0.7 External:22.0.6 External:22.0.5 External:22.0.4 External:22.0.3 External:22.0.0 External:22.0.1 External:21.3.1 External:21.3.0 External:21.2.0 External:21.1.1 External:21.1.0 External:21.0.2 External:21.0.1 External:21.0.0 External:20.4.0 External:20.3.4 External:20.3.2 External:20.3.1 External:20.3.0 External:20.2.1 External:20.2.0 External:20.1.2 External:20.1.1 External:20.1.0 External:20.0.8 External:20.0.7 External:20.0.6 External:20.0.5 External:20.0.4 External:20.0.3 External:20.0.2 External:20.0.0 External:19.6.0 External:19.5.2 External:19.5.1 External:19.5.0 External:19.4.2 External:19.4.1 External:19.4.0 External:19.3.9 External:19.3.8 External:19.3.7 External:19.3.6 External:19.3.5 External:19.3.4 External:19.3.3 External:19.3.2 External:19.3.1 External:19.3.0 External:19.2.2 External:19.2.1 External:19.2.0 External:19.1.1 External:19.1.0 External:19.0.0 External:18.0.2 External:18.0.1 External:18.0.0 External:17.1.0 External:17.0.2 External:17.0.1 External:17.0.0 External:16.3.0 External:16.2.0 External:16.1.0 External:16.0.1 External:16.0.0 External:15.1.1 External:15.0.1 External:15.0.0 External:14.4.0 External:14.3.7 External:14.3.5 External:14.3.6 External:14.3.4 External:14.3.3 External:14.3.2 External:14.3.1 External:14.3.0 External:14.2.2 External:14.2.1 External:14.2.0 External:14.1.1 External:14.1.0 External:14.0.1 External:14.0.0 External:12.3.2 External:12.3.1 External:12.3.0 External:12.2.3 External:12.2.1 External:12.2.2 External:12.2.0 External:12.1.7 External:12.1.6 External:12.1.5 External:12.1.4 External:12.1.3 External:12.1.2 External:12.1.1 External:12.1.0 External:12.0.2 External:12.0.1 External:12.0.0 External:11.6.6 External:11.6.5 External:11.6.4 External:11.6.3 External:11.6.2 External:11.6.1 External:11.6.0 External:11.5.1 External:11.5.0 External:11.4.4 External:11.4.3 External:11.4.2 External:11.4.0 External:11.3.1 External:11.3.0 External:11.2.6 External:11.2.5 External:11.2.4 External:11.2.3 External:11.2.2 External:11.2.1 External:11.2.0 External:11.1.0 External:11.0.5 External:11.0.4 External:11.0.3 External:11.0.2 External:11.0.1 External:11.0.0 External:10.4.4 External:10.4.3 External:10.4.2 External:10.4.1 External:10.4.0 External:10.3.0 External:10.2.0 External:10.1.1 External:10.1.0 External:10.0.0 External:9.0.0 External:8.1.0 External:8.0.7 External:8.0.6 External:8.0.5 External:8.0.4 External:8.0.3 External:8.0.2 External:8.0.1 External:8.0.0 External:7.4.1 External:7.4.0 External:7.3.2 External:7.3.1 External:7.3.0 External:7.2.1 External:7.2.0 External:7.0.1 External:7.1.0 External:7.0.0 External:6.0.2 External:6.0.1 External:6.0.0 External:5.9.0 External:5.8.0 External:5.7.0 External:5.6.1 External:5.6.0 External:5.5.1 External:5.5.0 External:5.4.8 External:5.4.7 External:5.4.6 External:5.4.5 External:5.4.4 External:5.4.3 External:5.4.2 External:5.4.1 External:5.4.0 External:5.3.2 External:5.3.1 External:5.3.0 External:5.2.1 External:5.2.0 External:V5.1.0 External:V5.0.0 External:3.0.0

66 Commits
20.3.4 ... 22.7.0

Author SHA1 Message Date
orangecoding
3b727ea708 next release version 2026-06-10 17:11:49 +02:00
orangecoding
a2a765f43d new usersetting to blacklist (filter) also on description 2026-06-10 17:10:39 +02:00
Michel
c17a815263 fix: use absolute vite base so SPA deep links don't white-screen (#336) 
With base '' the built index.html references assets relatively
(./assets/*). On deep links like /listings/listing/:id the browser
resolves those below the route path, the SPA fallback answers with
index.html and the page dies trying to execute HTML as a JS module.
Notification emails link directly to listing details, so every
'Open in fredy' link landed on a white screen.
 2026-06-10 16:44:39 +02:00
Michel
7a2dacaa61 fix(immoscout): map exclusioncriteria swapflat to mobile API value swap_flat (#332) 
The web UI encodes the 'no swap flats' filter as exclusioncriteria=swapflat,
but the mobile API only accepts swap_flat. Unknown values are not ignored by
the API - the whole search silently returns 0 results, so any saved search
with this filter never finds a single listing.

Map the value during web-to-mobile conversion and leave all other
exclusioncriteria values (e.g. projectlisting, which both APIs share)
untouched.
 2026-06-10 16:43:12 +02:00
Michel
359e00e69f fix: use hash-router URL format for listing links in email adapters (#335) 
The UI is served through a HashRouter, and most adapters (telegram,
slack, discord, ntfy, ...) already link to ${baseUrl}/#/listings/listing/:id.
The email adapters (resend, smtp, mailJet, sendGrid) and the http adapter
were missing the /# - the router never saw the route and dumped the user
on the default overview instead of the listing.
 2026-06-10 16:38:36 +02:00
orangecoding
bc9c56a224 storing last run in database 2026-06-09 16:52:37 +02:00
orangecoding
6bef907416 adding ability to record logs for debug purposes 2026-06-09 15:42:25 +02:00
AdriDevelopsThings
6c7d655277 added redirect after login (#325) 
The old behaviour was: You open a page without being authorized, you are getting redirected to /login that
redirects you after a successful authentication to /dashboard. This is really annoying if you want to open
listenings directly from your notification adapter for example. This commit introduces a method to redirect
you back to the original page you opened after the authentication process by adding the navigation of the
opened page as state to the navigation to /login. The login component than unpacks the state that contains
the old navigation and redirects the user back to path from the original navigation. The path /dashboard is
used as a fallback if no navigation in the state is present.
 2026-06-09 11:59:18 +02:00
orangecoding
c132e64437 adding poi for new multilingual support & add news for the new feature 2026-06-04 10:50:45 +02:00
orangecoding
1dcb852ea1 fredy goes multilingual 🇩🇪 🇺🇸 2026-06-04 10:35:42 +02:00
orangecoding
019b9ac87b next release version 2026-06-03 17:36:40 +02:00
Ramin
0d23d43e79 fix: multiple small style fixes/improvements (#316) 
* fix(ui-nav): use selected ring and remove item margin override

* fix(listings): format prices as 1.234,50 € with tabular numerals

* fix(listings): align watchlist star button styles

* fix(version-banner): set margin-bottom to 16px

* fix(ui-nav): keep selected ring with focus reset

* fix(listings): right-align price values

* fix(listings): remove cart icon from price display

* fix(listings): format detail price with shared formatter

* revert(listings): restore grid tile layout from master

Drop watchlist/actions restyle on grid cards.
 2026-06-03 17:34:37 +02:00
orangecoding
324afee483 next release version 2026-06-03 10:20:04 +02:00
orangecoding
e95ebb9624 more housekeeping 2026-06-03 10:19:50 +02:00
orangecoding
c29387c85d housekeeping 2026-06-03 09:59:32 +02:00
orangecoding
322ae199b0 allowing multiple chat id's for telegram 2026-06-03 09:46:56 +02:00
orangecoding
b3300169fa merged branch 2026-06-03 08:13:49 +02:00
orangecoding
9296bcdc86 fixing 'open in fredy' link 2026-06-03 08:12:30 +02:00
Christian Kellner
44edf47393 Improved Listing Management (#317) 
* adding ability to tag listings eg if you have applied to it / adding ability to add notes to a listing

* storing the date when a status was set
 2026-06-02 21:10:08 +02:00
orangecoding
bbebc2a1a2 storing the date when a status was set 2026-06-02 21:09:35 +02:00
orangecoding
d2978c14db merged master 2026-06-02 20:41:43 +02:00
orangecoding
5ceac25aa6 fixing #319 & #318 2026-06-02 20:11:43 +02:00
orangecoding
34b68e1f52 fixing notification adapter 2026-06-02 19:53:06 +02:00
orangecoding
696ae451d3 fixing tooltip issues 2026-06-02 12:57:12 +02:00
orangecoding
317ef79336 adding ability to tag listings eg if you have applied to it / adding ability to add notes to a listing 2026-06-02 12:48:01 +02:00
Christian Kellner
6428e7ad78 Ghost commit for rebuilding due to ci interruption 2026-06-02 11:02:05 +02:00
orangecoding
2bcec04d55 next release version 2026-06-02 10:56:05 +02:00
orangecoding
ee2112a24d fixing tests harder 2026-06-02 10:55:16 +02:00
orangecoding
5a54448288 fixing tests 2026-06-02 10:49:06 +02:00
Ramin
f1b8709ab7 feat: remember listing delete preference (#314) 
* feat: remember listing delete preference

Persist soft/hard choice and skip-confirm in user settings.
 2026-06-02 10:23:45 +02:00
orangecoding
b56e13aa16 upgrading dependencies 2026-06-02 09:26:46 +02:00
Christian Kellner
a834abc31c fixing filtering of lists (#311) 
* fixing listing filtering by applying the correct id
 2026-06-02 09:24:45 +02:00
Ramin
573868eccb feat(ui): zoom map to saved area when editing a job (#313) 
Fit the job edit map to existing polygon areas on init.
 2026-06-02 08:54:56 +02:00
orangecoding
1a210d7c1c poi for proxies 2026-05-25 11:54:49 +02:00
orangecoding
996b841cfb adding ability to add proxies for cloak 2026-05-24 20:49:27 +02:00
orangecoding
b2e294e38c next release version 2026-05-21 21:46:13 +02:00
orangecoding
8afeaa05d9 fixing cloakbrowser connection issue 2026-05-21 21:45:57 +02:00
orangecoding
ec47137b89 upgrading dependencies 2026-05-21 21:40:35 +02:00
orangecoding
33161de087 upgrading dependencies 2026-05-19 09:15:12 +02:00
Stephan
acab23207e fix: kleinanzige listing might have a different structure when it was with no image created (#308) 2026-05-16 14:16:31 +02:00
orangecoding
2896d531e4 upgrading pois 2026-05-13 08:14:57 +02:00
orangecoding
0cbfa25062 upgrading pois 2026-05-12 19:28:58 +02:00
orangecoding
bcd3042026 fixing error messages not being shown properly in user table 2026-05-12 13:24:13 +02:00
orangecoding
0ce93acaf6 more demo fixes 2026-05-12 13:12:26 +02:00
orangecoding
cabef973a2 forbid backuo/restore in demo mode 2026-05-12 12:42:25 +02:00
orangecoding
3d0fa87d19 upgrading dependencies 2026-05-12 09:23:52 +02:00
orangecoding
8b012ef2f1 upgrading dependencies / new pois 2026-05-11 09:18:32 +02:00
orangecoding
6816b0aded next release version 2026-05-10 15:43:13 +02:00
Christian Kellner
ac02817d4e Switch browser engine from puppeteer-extra/stealth to CloakBrowser (#307) 
* Switch browser engine from puppeteer-extra/stealth to CloakBrowser

- Replace puppeteer, puppeteer-extra, puppeteer-extra-plugin-stealth with
  cloakbrowser + puppeteer-core; CloakBrowser applies 49 source-level C++
  fingerprint patches that cannot be detected at the JS layer.
- Enable humanize:true in launchBrowser() for Bézier mouse curves, natural
  keyboard timing, and realistic scroll physics.
- Remove manual userDataDir management and ARM64 executablePath override;
  CloakBrowser ships its own binary for x86_64 and arm64.
- Proxy is now passed via CloakBrowser's native proxy option instead of
  --proxy-server Chrome flag.
- Dockerfile: add fonts-noto-color-emoji + fonts-freefont-ttf so canvas
  fingerprint hashes match real browsers (required for Kasada/Akamai);
  replace npx puppeteer browsers install with node ensureBinary() call;
  remove TARGETARCH ARG and ARM64 system-Chromium branch.
- Update test mock to reflect simplified browser object (no __fredy_* fields).

https://claude.ai/code/session_01WXzA3orbwE2hdk723c6MgH

* Add --ignore-certificate-errors for CloakBrowser's custom Chromium

CloakBrowser ships its own Chromium binary with an independent CA bundle.
This flag prevents ERR_CERT_AUTHORITY_INVALID failures in environments with
SSL-inspecting proxies or non-standard root CAs (Docker CI, corporate networks).

https://claude.ai/code/session_01WXzA3orbwE2hdk723c6MgH

* Harden CloakBrowser integration and fix kleinanzeigen detail test

- Remove all CDP overrides (applyBotPreventionToPage, applyLanguagePersistence,
  applyPostNavigationHumanSignals) that created detectable inconsistencies on top
  of CloakBrowser's C++ patches; pass locale to CloakBrowser launch instead
- Drop --lang arg (replaced by CloakBrowser locale flag)
- Extend immowelt puppeteerTimeout to 90 s to accommodate React SPA rendering
  latency under CloakBrowser's humanise delays
- Fix kleinanzeigen detail test: serve the offline fixture for the search URL
  so only individual detail pages are fetched live, avoiding rate limiting from
  a second fresh session hitting the same search endpoint

https://claude.ai/code/session_01WXzA3orbwE2hdk723c6MgH

* Fix immowelt bot detection with two-phase navigation and fixture-backed detail test

Immowelt's CDN challenges cold browser sessions before React can render the
listing grid, causing the old waitForSelector approach to silently timeout.

- Add preNavigateUrl option to puppeteerExtractor: visits a warm-up page
  first so the site sees an established session before the search URL
- Add waitForNetworkIdle option: a second idle-wait phase after domcontentloaded
  that catches React's listing API round-trip (which fires long after the
  initial HTML is parsed); errors are swallowed so partial DOM is still used
- Switch immowelt config to waitForSelector=null + networkidle warm-up so
  page.content() is returned after the SPA has loaded its data
- Set immowelt preNavigateUrl to the homepage to warm the session
- In the detail enrichment test, spy on puppeteerExtractor to serve the
  offline fixture for the search URL; only individual listing detail pages
  are fetched live (they are far less aggressively protected)

https://claude.ai/code/session_01WXzA3orbwE2hdk723c6MgH

* Ensure CloakBrowser binary is present before any live test runs

Add a Vitest globalSetup that calls ensureBinary() once in the main process
before workers start. Without this, running yarn test on a fresh checkout
(or after the binary cache is cleared) immediately fails every browser-based
test with "Failed to launch the browser process" before any useful output
appears. The setup is a no-op in offline mode and when the binary is already
cached.

https://claude.ai/code/session_01WXzA3orbwE2hdk723c6MgH

* Ensure CloakBrowser binary at startup for non-Docker installs

Direct runs (yarn start:backend) on a fresh checkout have no binary and
only crash when the first scraping job fires. Calling ensureBinary() at
startup downloads it on first run and is instant when already cached.
In Docker it stays a no-op since the binary is pre-baked during docker build.

https://claude.ai/code/session_01WXzA3orbwE2hdk723c6MgH

* Fix --no-zygote comment: ICU crash was corrupted .4 binary, not fd issue

The "Invalid file descriptor to ICU data received" crash seen in Sparkasse
tests was caused by a partially-extracted CloakBrowser .4 binary that
contained only the chrome executable but was missing icudtl.dat and other
resource files. The ensureBinary() function returned this incomplete
installation because latest_version_linux-x64 pointed to .4.

The --no-zygote flag is kept as a safeguard for container environments
with limited kernel namespaces, but the comment now accurately describes
its purpose rather than attributing it to a non-existent fd inheritance issue.

https://claude.ai/code/session_01WXzA3orbwE2hdk723c6MgH

* Add ensureValidBinary() to detect and auto-heal corrupt CloakBrowser installs

CloakBrowser's ensureBinary() only checks that the chrome executable exists,
not that required resource files (icudtl.dat, resources.pak) are present.
A partial extraction — e.g. an interrupted update — can leave a directory
that passes ensureBinary()'s check but causes Chrome to crash immediately
with "Invalid file descriptor to ICU data received".

ensureValidBinary() wraps ensureBinary() with a completeness check:
- If the required resource files are missing it removes the corrupt directory
  and all latest_version* markers, then calls ensureBinary() again so it
  falls back to (or re-downloads) a complete build.
- It pins the validated path via CLOAKBROWSER_BINARY_PATH so CloakBrowser's
  own internal ensureBinary() call inside launch() always uses the same,
  verified binary.

Used in index.js (app startup) and test/globalSetup.js (before live tests).

https://claude.ai/code/session_01WXzA3orbwE2hdk723c6MgH

* Fix sparkasse detail test: serve search URL from fixture to avoid rate-limiting

The second sparkasse test launched a fresh browser against the live search
endpoint right after the first test already did, leaving the IP in a suspicious
state that caused bot detection or rate-limiting to return empty results.
When getListings() returns nothing, execute() resolves to undefined and
expect(listings).toBeInstanceOf(Array) fails.

Apply the same hybrid fixture approach used by kleinanzeigen and immowelt:
intercept puppeteerExtractor calls whose pathname matches the search URL and
return the offline fixture, while letting individual detail page requests go
live (they are less aggressively rate-limited than the search endpoint).

https://claude.ai/code/session_01WXzA3orbwE2hdk723c6MgH

* Fix sparkasse detail test: shared browser, direct fetchDetails call

Remove the fixture-backed spy — live tests must hit the real server.

Root problem: two cold browser sessions hitting sparkasse in quick succession
triggered bot detection, causing the second search request to return empty
results and execute() to resolve undefined.

Fix:
- One browser launched in beforeAll and reused across both tests, so both
  the search and detail requests come from the same warm session.
- The detail test calls provider.config.fetchDetails() directly on the
  listings returned by the first test instead of re-running the full pipeline.
  This avoids a redundant second scrape of the search page while still
  exercising the live detail endpoint.

https://claude.ai/code/session_01WXzA3orbwE2hdk723c6MgH

* Eliminate fixture spies and double live requests in all provider detail tests

All five provider tests with a 'with provider_details enabled' describe block
were either (a) intercepting the search URL with an offline fixture to avoid
hitting the live server twice, or (b) re-running the full execute() pipeline
with a fresh browser, which triggered rate-limiting / bot detection on the
second cold request.

Pattern applied to all five:
- immowelt, kleinanzeigen, wgGesucht, immobilienDe: launch one browser in
  beforeAll/afterAll, pass it to the first test's Fredy constructor, and call
  provider.config.fetchDetails() directly in the second test using the listings
  and browser already in hand. One warm session, two live endpoints tested.
- immoscout: API-based (no browser), so no browser sharing needed. Second test
  calls provider.config.fetchDetails() directly on liveListings[0] from the
  first test instead of re-querying the search API.

Removed: all readFixture spies, getKnownListingHashesForJobAndProvider mocks,
and the puppeteerExtractorMod imports that were only needed for the spy.

https://claude.ai/code/session_01WXzA3orbwE2hdk723c6MgH

* Fix ensureValidBinary for macOS: platform-aware completeness check

On macOS the CloakBrowser binary lives at:
  ~/.cloakbrowser/chromium-X.Y.Z/Chromium.app/Contents/MacOS/Chromium

path.dirname() gave Contents/MacOS/ — but icudtl.dat and resources.pak
are inside Contents/Frameworks/…, not next to the binary. So the old
code incorrectly flagged every macOS installation as corrupt, deleted only
the MacOS/ subdirectory (not the full versioned dir), then failed again.

Fixes:
- isBinaryComplete: on macOS check for Info.plist and Frameworks/ inside
  Chromium.app/Contents/ instead of looking for Linux resource files next
  to the binary. On Linux/Windows the existing check is unchanged.
- getVersionedDir: resolves the full chromium-X.Y.Z/ directory regardless
  of platform (4 levels up on macOS, 1 on Linux/Windows) so
  removeCorruptInstallation always deletes the entire versioned tree.
- missingDescription: reports the correct missing items per platform.

https://claude.ai/code/session_01WXzA3orbwE2hdk723c6MgH

---------

Co-authored-by: Claude <noreply@anthropic.com>
 2026-05-10 15:42:31 +02:00
datenwurm
fe0a09fe1c fix: Sort direction toggle not working in listings overview (#306) 
Co-authored-by: datenwurm <git@datenwurm.net>
 2026-05-08 09:24:20 +02:00
orangecoding
2f00966f27 next release version 2026-05-07 19:12:17 +02:00
orangecoding
921057252d adding immoscout shape search 2026-05-07 19:11:47 +02:00
orangecoding
703c602527 table overview for jobs 2026-05-07 15:59:55 +02:00
orangecoding
0e29c9b9c6 next release version 2026-05-07 12:45:52 +02:00
datenwurm
f60c5859f9 feat: Add grid/table view toggle to listings overview (#305) 
* feat: Add delete button to listing detail view

* feat: Add grid/table view toggle to listings overview

---------

Co-authored-by: datenwurm <git@datenwurm.net>
 2026-05-07 12:12:49 +02:00
datenwurm
ee54cc495b feat: Add delete button to listing detail view (#304) 
Co-authored-by: datenwurm <git@datenwurm.net>
 2026-05-07 11:53:51 +02:00
orangecoding
96582ecff4 gmx example 2026-05-02 20:07:03 +02:00
orangecoding
3de82dfa41 fixing error message when passwords do not match / fixing placeholder image 2026-05-02 20:00:11 +02:00
orangecoding
d7ee4f6909 adding gitattributed§ 2026-05-01 20:12:58 +02:00
orangecoding
bf4bae9bf5 upgrading dependencies 2026-05-01 20:12:40 +02:00
orangecoding
3d10dc6042 moving from restana to fastify 2026-04-27 16:56:04 +02:00
orangecoding
fef6d06a9d next release version 2026-04-27 16:04:05 +02:00
orangecoding
951b69a67f downgrading restana 2026-04-27 16:03:45 +02:00
orangecoding
8a7b14c079 fixing toasts not showing on certain pages / adding statement about ai 🤖 2026-04-27 15:58:41 +02:00
Christian Kellner
f30ec4645c feat: Fredy UI redesign 
* New design :)
 2026-04-22 21:11:18 +02:00
orangecoding
c78472bd19 adding 'open in fredy' 2026-04-21 19:42:39 +02:00
186 changed files with 13213 additions and 5002 deletions
Expand all files Collapse all files

1
.gitattributes vendored Normal file
View File

@@ -0,0 +1 @@
test/testFixtures/** linguist-vendored

47
.github/ISSUE_TEMPLATE/bug.yml vendored
View File

@@ -5,6 +5,40 @@ labels: [bug]
assignees: []
body:
- type: markdown
attributes:
value: |
## Please attach a debug bundle (available since Fredy 22.5.0+)
Since **Fredy 22.5.0** you can export a debug bundle that contains a system
snapshot (`sys.txt`, Fredy version, Node.js version, OS, Docker detection,
CPU, memory, sanitized settings) and the full log buffer (`logs.txt`) that
Fredy recorded while you reproduced the issue. Attaching it dramatically
speeds up triage.
Oh and before you ask: I decided against simply putting all logs into the debug
due to privacy reasons :)
**The bundle is only useful when the error is actually inside `logs.txt`.**
That means you have to record first, reproduce after:
1. Log in to Fredy as **admin** and open **Settings → Debug**.
2. Click **"Enable debug logging" / "Debug-Logging aktivieren"**. A red banner
appears across the whole app while recording is on.
3. **Now reproduce the bug.** Trigger the broken job, click the failing
button, wait for the failing scrape — whatever it was.
4. Come back to **Settings → Debug** and confirm the progress bar moved
(i.e. log entries were actually written). If it stayed at 0%, nothing was
captured and the bundle won't help us.
5. Click **"Download debug information" / "Debug Informationen herunterladen"**
and drop the resulting `FredyDebug-*.zip` into the "Screenshots / Logs"
field below.
6. Optional but recommended: click **"Disable debug logging"** to stop the
recording, and **"Delete stored debug logs"** once you have the zip so the
database does not keep them around.
On Fredy versions older than 22.5.0, paste the relevant log lines from your
console / Docker / systemd journal manually instead.
- type: textarea
id: description
attributes:
@@ -49,8 +83,11 @@ body:
id: screenshots
attributes:
label: Screenshots / Logs
description: Add screenshots or paste log output to help explain the problem.
placeholder: "Drag and drop screenshots here, or paste logs."
description: |
Drop the FredyDebug-*.zip here (see the instructions at the top, available
since Fredy 22.5.0) and/or any additional screenshots. If you cannot produce
the bundle, paste relevant log lines instead.
placeholder: "Drag and drop the FredyDebug-*.zip and any screenshots here."
validations:
required: false
@@ -58,8 +95,10 @@ body:
id: environment
attributes:
label: Environment
description: Provide details about your environment.
placeholder: "OS: macOS 15, Browser: Chrome 124, App version: 1.2.3"
description: |
Provide details about your environment. You can copy most of this from
sys.txt inside the debug bundle.
placeholder: "OS: macOS 15, Browser: Chrome 124, App version: 22.5.0, Docker: yes"
validations:
required: true

1
.gitignore vendored
View File

@@ -7,3 +7,4 @@ npm-debug.log
.idea
.vscode
tools/release/config.json
.agents

120
CLAUDE.md Normal file
View File

@@ -0,0 +1,120 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Project Overview
Fredy is a self-hosted real estate finder for Germany. It scrapes German real estate portals (ImmoScout24, Immowelt, Immonet, Kleinanzeigen, WG-Gesucht, etc.), deduplicates results across providers, and sends notifications via Slack, Telegram, Email, Discord, ntfy, etc. It includes a React web UI and a built-in MCP server for LLM access to listings data.
- Node.js >= 22, ESM-only (`"type": "module"`)
- Default port: 9998, default login: admin / admin
- SQLite via `better-sqlite3` (synchronous - all DB ops are sync; only network I/O is async)
## Commands
```bash
# Development
yarn run start:backend:dev # nodemon backend
yarn run start:frontend:dev # Vite dev server (proxies /api → :9998)
# Production
yarn run start:backend # NODE_ENV=production node index.js
yarn run build:frontend # vite build → ui/public/
# Tests
yarn test # Live tests (hits actual providers)
yarn test:offline # Offline tests using HTML/JSON fixtures (fast, preferred)
yarn test:download-fixtures # Re-download fresh provider HTML fixtures
# Single test file
TEST_MODE=offline npx vitest run test/provider/immoscout.test.js
# Lint / Format
yarn lint && yarn lint:fix
yarn format && yarn format:check
# DB migrations
yarn migratedb
```
## Architecture
### Core data flow
```
index.js (startup)
├── runMigrations()
├── getProviders() # lazily imports lib/provider/*.js
├── similarityCache.init() # preloads hash cache from DB
├── api.js # starts restana HTTP server
└── initJobExecutionService() # registers event-bus listeners + starts scheduler
scheduler (every N minutes) or manual trigger via POST /api/jobs/:id/run
└── FredyPipelineExecutioner.execute()
1. queryStringMutator(url) # inject sort-by-date param
2. provider.getListings() # API or Puppeteer+Cheerio
3. provider.normalize(listing) # raw → ParsedListing
4. provider.filter(listing) # blacklist + required fields
5. filter to hashes not yet in DB
6. provider.fetchDetails() # optional enrichment
7. geocodeAddress() # optional lat/lng
8. storeListings()
9. similarityCache.checkAndAddEntry() # cross-provider dedup
10. _filterBySpecs() + _filterByArea()
11. notify.send() # fan-out to all adapters
```
### Plugin systems
**Providers** (`lib/provider/*.js`) - each module exports:
- `metaInformation` - `{ id, name, baseUrl }`
- `config` - `ProviderConfig` with `requiredFieldNames`, `crawlContainer`, `crawlFields`, `sortByDateParam`, `normalize()`, `filter()`, optional `getListings()`, `fetchDetails()`, `activeTester()`
- `init(sourceConfig, blacklist)` - called before each job run; providers are **stateful modules** holding mutable `url` and `appliedBlackList` at module scope
**Notification adapters** (`lib/notification/adapter/*.js`) - each exports:
- `config` - `{ id, name, description, fields }` (drives the UI form)
- `send({ serviceName, newListings, notificationConfig, jobKey, baseUrl })`
- Loaded dynamically at startup via `fs.readdirSync`
### Key services
| Service | Location | Notes |
|---|---|---|
| Event bus | `lib/services/events/event-bus.js` | Plain `EventEmitter`; events: `jobs:runAll`, `jobs:runOne`, `jobs:status` |
| SSE broker | `lib/services/sse/sse-broker.js` | Per-userId `Set<ServerResponse>`; heartbeat every 25s; pushes job status to UI |
| Similarity cache | `lib/services/similarity-check/` | In-memory SHA-256 Set; refreshes hourly; cross-provider dedup by title+price+address |
| SqliteConnection | `lib/services/storage/SqliteConnection.js` | Singleton, WAL mode; `execute()`, `query()`, `withTransaction()` |
| Migrations | `lib/services/storage/migrations/` | Numbered JS files each exporting `up(db)`; checksum-tracked in `schema_migrations` |
| Extractor | `lib/services/extractor/` | Orchestrates Puppeteer + Cheerio; shared browser instance per job |
### Frontend
- React 19 SPA, Vite build → `ui/public/` (served as static by backend)
- State: Zustand single store with per-domain slices
- UI library: `@douyinfe/semi-ui`
- Map: MapLibre GL + `@mapbox/mapbox-gl-draw` + `@turf/boolean-point-in-polygon` for GeoJSON polygon filters
- In dev: Vite proxies `/api` to `:9998`
### MCP server
Two transports:
1. **stdio** (`lib/mcp/stdio.js`) - for Claude Desktop/LM Studio; opens its own DB connection (main process need not be running)
2. **HTTP** (`/api/mcp`) - authenticated via Bearer token (`mcp_token` column in `users` table)
Tools: `list_jobs`, `get_job`, `list_listings`, `get_listing`, `get_current_date_time`. Responses are Markdown via `lib/mcp/mcpNormalizer.js`.
## Key Conventions
- **ESM only** - `import`/`export` everywhere, no CommonJS
- **JSDoc typedefs** (no TypeScript) in `lib/types/` - `listing.js`, `job.js`, `filter.js`, `providerConfig.js`
- **Copyright header** required on all `.js` files - enforced by `lint-staged` pre-commit hook via `copyright.js`
- **`NoNewListingsWarning`** (`lib/errors.js`) is used as control flow to short-circuit the pipeline (not an error)
- **Test fixtures** in `test/testFixtures/` - HTML/JSON snapshots per provider; `TEST_MODE=offline` mocks `puppeteerExtractor` and global `fetch` via `test/offlineFixtures.js`
- **`conf/config.json`** is the only runtime config file; created with defaults if missing
## Coding
- After building the task, run the linter
- After building the task, run the tests
- New features must be tested
- New features must be properly documented with JsDoc
- You do **not** commit any changes, you do **not** create a new branch unless I told you so

13
Dockerfile
View File

@@ -1,16 +1,15 @@
FROM node:22-slim
ARG TARGETARCH
# System deps for Chrome for Testing + build tools for native modules (better-sqlite3)
# On ARM64 we also install system Chromium (Chrome for Testing has no ARM64 binary)
# System deps for CloakBrowser + build tools for native modules (better-sqlite3)
# fonts-noto-color-emoji and fonts-freefont-ttf are required so canvas fingerprint
# hashes match real browsers; missing emoji fonts cause bot detection on Kasada/Akamai.
RUN apt-get update && apt-get install -y --no-install-recommends \
curl ca-certificates fonts-liberation libasound2 \
libatk-bridge2.0-0 libatk1.0-0 libcups2 libdbus-1-3 \
libdrm2 libgbm1 libgtk-3-0 libnspr4 libnss3 \
libx11-xcb1 libxcomposite1 libxdamage1 libxrandr2 xdg-utils \
fonts-noto-color-emoji fonts-freefont-ttf \
python3 make g++ \
&& if [ "$TARGETARCH" = "arm64" ]; then apt-get install -y --no-install-recommends chromium; fi \
&& rm -rf /var/lib/apt/lists/* \
&& mkdir -p /db /conf /fredy
@@ -26,8 +25,8 @@ RUN yarn config set network-timeout 600000 \
&& yarn --frozen-lockfile \
&& yarn cache clean
# on arm64 use the system Chromium installed above
RUN if [ "$TARGETARCH" != "arm64" ]; then npx puppeteer browsers install chrome; fi
# Pre-download the CloakBrowser stealth Chromium binary (supports x86_64 and arm64)
RUN node -e "import('cloakbrowser').then(({ensureBinary}) => ensureBinary())"
# Purge build tools now that native modules are compiled
RUN apt-get purge -y python3 make g++ \

125
README.md
View File

@@ -23,7 +23,7 @@
# Fredy 🏡 Your Self-Hosted Real Estate Finder for Germany
# Fredy 🏡 - Your Self-Hosted Real Estate Finder for Germany
Finding an apartment or house in Germany can be stressful and
time-consuming.\
@@ -167,6 +167,40 @@ For more information on how to set it up and use it, please refer to the [MCP Re
Immoscout has implemented advanced bot detection. In order to work around this, we are using a reversed engineered version of their mobile api. See [Immoscout Reverse Engineering Documentation](https://github.com/orangecoding/fredy/blob/master/reverse-engineered-immoscout.md)
## 🛡️ Bot Detection & Proxies
Most browser-based providers (immowelt, immonet, kleinanzeigen, ...) are scraped through a hardened headless browser ([CloakBrowser](https://www.npmjs.com/package/cloakbrowser)). It makes the **browser fingerprint** indistinguishable from a real Chrome, which is enough when you run Fredy on a normal home connection.
On a **server / VPS the requests usually originate from a datacenter IP**, and providers behind anti-bot systems (e.g. AWS CloudFront/WAF) block those based on **IP reputation alone**, no matter how perfect the fingerprint is. The typical symptom: it works locally but you get `We have been detected as a bot :-/` on the server.
### The fix: a residential proxy
A **residential proxy** routes Fredy's browser through the internet connection of a real household, so the provider sees a "normal user" IP instead of a datacenter. For German portals, use a **German (DE) residential** (or mobile/4G) proxy. Plain VPNs and **datacenter proxies do not help** here, they share the same bad reputation as your server.
**Configure it** under **Settings → Execution → Proxy URL**. Supported formats:
```
http://user:pass@host:port
socks5://user:pass@host:port
```
Leave the field empty to disable. The proxy applies to all headless-browser providers and takes effect on the next job run (no restart needed). Immoscout uses a separate mobile API and is not affected.
### Where to get a residential proxy
Residential proxies are a paid service (usually billed per GB, Fredy's traffic is small). Well-known providers offering German residential IPs include:
| Provider | Notes |
|---|---|
| [IPRoyal](https://iproyal.com) | Pay-as-you-go, no monthly minimum, good for low volume |
| [Webshare](https://www.webshare.io) | Cheap entry tier, has a small free plan to test with |
| [Decodo (formerly Smartproxy)](https://decodo.com) | Easy setup, country/city targeting |
| [SOAX](https://soax.com) | Residential + mobile, fine-grained geo-targeting |
| [Bright Data](https://brightdata.com) | Largest pool, most features, higher complexity/price |
| [Oxylabs](https://oxylabs.io) | Enterprise-grade, larger plans |
This is not an endorsement, pick whatever fits your budget. For low-volume use like Fredy, a pay-as-you-go plan (e.g. IPRoyal) or a cheap entry tier (e.g. Webshare) is usually plenty. Make sure to select **Germany** as the proxy location and keep the search interval reasonable (the higher the interval, the less you look like a bot).
## Analytics
Fredy is completely free (and will always remain free). However, it would be a huge help if youd allow me to collect some analytical data.
@@ -176,6 +210,50 @@ The data includes: names of active adapters/providers, OS, architecture, Node ve
**Thanks**🤘
## 🐞 Debug Information
Since Fredy **22.5.0** there is a built-in way to capture everything Fredy logs into the
database for a limited time and download it as a single zip file. This is the recommended
way to attach diagnostics to a bug report. I decided against simply putting all logs into
a debug bundle due to privacy reasons!
**How it works**
- Debug logging is **opt-in** and admin-only. As long as it is off, Fredy behaves exactly
as before (console output only, nothing in the DB).
- When you turn it on, every log line (`debug`, `info`, `warn`, `error`) is additionally
written into the `debug_logs` SQLite table. The console keeps logging at its usual level.
- The recorded data is hard-capped at **5 MiB** via a rolling buffer: once the cap is hit,
the oldest entries are dropped automatically so the newest ones always survive.
- The on/off flag is persisted, so debug logging stays on across restarts (and you'll see
the warning banner everywhere until you turn it off again).
**Capturing a debug bundle**
1. Open Fredy as an **admin** and go to **Settings → Debug**.
2. Click **"Enable debug logging" / "Debug-Logging aktivieren"**. A red banner appears on
every page while recording is on.
3. **Reproduce the bug**.
4. Come back to **Settings → Debug** and check the progress bar, if it stayed at 0 %,
nothing was captured.
5. Click **"Download debug information" / "Debug Informationen herunterladen"**. You get a
zip named `YYYY-MM-DD-FredyDebug-<version>.zip` containing two files:
- `logs.txt` - every log line captured while recording was on, prefixed with timestamp
and level.
- `sys.txt` - runtime snapshot (Fredy version, Node.js version, OS, Docker detection,
CPU, memory, sanitized settings). Proxy credentials and session secrets are
**stripped** before export.
6. Attach the zip to the bug report.
7. Optional but recommended: click **"Disable debug logging"** to stop recording, and
**"Delete stored debug logs"** once you've sent the zip so the DB does not keep them
around.
**What is _not_ included**
- passwords/privacy relevant things
- Anything that Fredy itself does not pass through its `logger`. If a third-party library
writes directly to `process.stderr`, that output stays on the console only.
## 🛠️ Development
### Development Mode
@@ -206,6 +284,37 @@ If you have to refresh the fixtures (every once in a while needed because the pr
yarn run download-fixtures
```
## Adding a new language
Fredy's UI is fully multilingual. Translation files live in `ui/src/locales/`. To add a new language, create a single JSON file there, no code changes required.
**Example: `ui/src/locales/fr.json`**
```json
{
"_meta": {
"flag": "🇫🇷",
"name": "Français",
"locale": "fr-FR",
"semiLocale": "fr"
},
"nav.dashboard": "Tableau de bord",
"common.save": "Enregistrer",
...
}
```
The `_meta` fields:
| Field | Description |
|---|---|
| `flag` | Unicode flag emoji shown in the language selector |
| `name` | Display name shown in the language selector |
| `locale` | BCP 47 locale string used for date and number formatting (e.g. `fr-FR`) |
| `semiLocale` | Semi UI locale key for component-level strings (date pickers, pagination, etc.) |
> **Important:** `semiLocale` must exactly match a locale filename from the Semi UI locale sources (without the `.js` extension). See the [available Semi UI locales on GitHub](https://github.com/DouyinFE/semi-design/tree/main/packages/semi-ui/locale/source) for the full list of supported keys.
After adding the file, rebuild the frontend (`yarn build:frontend` or restart the dev server) and the new language will appear automatically in **Settings → User Settings → Language**.
------------------------------------------------------------------------
@@ -240,6 +349,20 @@ flowchart TD
F1 --> F2
```
------------------------------------------------------------------------
## 🤖 Using AI such as Claude Code
When I started building Fredy, LLMs were still basically the wet dream of a few nerdy scientists.
Nowadays, its easier than ever to throw a prompt into the LLM of your choice and let 'the AI' build your stuff. Im not against that. I use Claude Code myself for smaller tasks, and I do think these tools can be really useful.
That said, I still believe humans should stay in charge. AI is great-ish at writing code, but it still lacks creativity, context, and the ability to see the full picture.
So, if you want to contribute to Fredy, using AI tools to get things done is totally fine. Just please dont stop thinking.
Ive had one too many PRs full of hallucinated bullshit.
**Thanks ;)**
------------------------------------------------------------------------
## 👐 Contributing

4
docker-test.sh
View File

@@ -43,13 +43,13 @@ for i in $(seq 1 30); do
done
# Verify the DB is readable/writable via the API.
# /api/demo is unauthenticated and reads the settings table if SQLite is broken this returns an error.
# /api/demo is unauthenticated and reads the settings table - if SQLite is broken this returns an error.
echo "Testing DB via API (/api/demo)..."
DEMO_RESPONSE=$(docker exec fredy curl -sf http://localhost:9998/api/demo 2>&1)
if echo "$DEMO_RESPONSE" | grep -q "demoMode"; then
echo "DB is readable (got demoMode from /api/demo)"
else
echo "DB check failed unexpected response from /api/demo: $DEMO_RESPONSE"
echo "DB check failed - unexpected response from /api/demo: $DEMO_RESPONSE"
docker logs fredy
exit 1
fi

5
index.html
View File

@@ -11,6 +11,11 @@
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
<title>Fredy || Real Estate Finder</title>
<link rel="icon" type="image/png" href="/ui/src/assets/heart.png" />
<link rel="apple-touch-icon" href="/ui/src/assets/heart.png" />
<link rel="preconnect" href="https://fonts.googleapis.com" />
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
<link href="https://fonts.googleapis.com/css2?family=Outfit:wght@300;400;500;600;700&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet" />
</head>
<body theme-mode="dark">
<div id="fredy" style="position: absolute; top: 0; left: 0; right: 0; bottom: 0"></div>

16
index.js
View File

@@ -10,11 +10,21 @@ import { runMigrations } from './lib/services/storage/migrations/migrate.js';
import { ensureDemoUserExists, ensureAdminUserExists } from './lib/services/storage/userStorage.js';
import { initTrackerCron } from './lib/services/crons/tracker-cron.js';
import logger from './lib/services/logger.js';
import { reloadEnabledFromSettings } from './lib/services/debug/debugLogStorage.js';
import { initActiveCheckerCron } from './lib/services/crons/listing-alive-cron.js';
import { initGeocodingCron } from './lib/services/crons/geocoding-cron.js';
import { getSettings } from './lib/services/storage/settingsStorage.js';
import SqliteConnection, { computeDbPath } from './lib/services/storage/SqliteConnection.js';
import { initJobExecutionService } from './lib/services/jobs/jobExecutionService.js';
import { ensureValidBinary } from './lib/services/ensureValidBinary.js';
// Ensure the CloakBrowser stealth Chromium binary is present and complete before
// jobs run. ensureValidBinary() also detects and auto-heals partial extractions
// (e.g. a newer version that was downloaded but only the chrome executable was
// written) so Chrome never crashes with "Invalid file descriptor to ICU data".
logger.info('Checking CloakBrowser binary...');
await ensureValidBinary();
logger.info('CloakBrowser binary ready.');
//in the config, we store the path of the sqlite file, thus we must check if it is available
const isConfigAccessible = await checkIfConfigIsAccessible();
@@ -33,6 +43,12 @@ await runMigrations();
const settings = await getSettings();
// Restore the persisted on/off flag for opt-in DB log capture so it survives a
// Fredy restart. reloadEnabledFromSettings() also (un)wires the logger sink based
// on the restored flag, so the logger hot path stays cost-free when nobody enabled
// the feature.
await reloadEnabledFromSettings();
// Ensure the sqlite directory exists before loading anything else (based on config.sqlitepath)
const { dir: sqliteDir } = await computeDbPath();
if (!fs.existsSync(sqliteDir)) {

126
lib/FredyPipelineExecutioner.js
View File

@@ -5,9 +5,10 @@
import { NoNewListingsWarning } from './errors.js';
import {
storeListings,
getKnownListingHashesForJobAndProvider,
deleteListingsById,
getKnownListingHashesForJobAndProvider,
storeListings,
updateListingDistance,
} from './services/storage/listingsStorage.js';
import { getJob } from './services/storage/jobStorage.js';
import * as notify from './notification/notify.js';
@@ -16,8 +17,7 @@ import urlModifier from './services/queryStringMutator.js';
import logger from './services/logger.js';
import { geocodeAddress } from './services/geocoding/geoCodingService.js';
import { distanceMeters } from './services/listings/distanceCalculator.js';
import { getUserSettings } from './services/storage/settingsStorage.js';
import { updateListingDistance } from './services/storage/listingsStorage.js';
import { getSettings, getUserSettings } from './services/storage/settingsStorage.js';
import booleanPointInPolygon from '@turf/boolean-point-in-polygon';
import { formatListing } from './utils/formatListing.js';
@@ -38,11 +38,15 @@ import { formatListing } from './utils/formatListing.js';
* 3) Normalize listings to the provider schema
* 4) Filter out incomplete/blacklisted listings
* 5) Identify new listings (vs. previously stored hashes)
* 6) Persist new listings
* 7) Filter out entries similar to already seen ones
* 8) Filter out entries that do not match the job's specFilter
* 9) Filter out entries that do not match the job's spatialFilter
* 10) Dispatch notifications
* 6) Optionally enrich new listings via provider.fetchDetails
* 7) Optionally re-apply the provider blacklist using the (now enriched)
* description — only when the user opted in via
* `blacklist_filter_on_provider_details`
* 8) Persist new listings
* 9) Filter out entries similar to already seen ones
* 10) Filter out entries that do not match the job's specFilter
* 11) Filter out entries that do not match the job's spatialFilter
* 12) Dispatch notifications
*/
class FredyPipelineExecutioner {
/**
@@ -86,6 +90,7 @@ class FredyPipelineExecutioner {
.then(this._filter.bind(this))
.then(this._findNew.bind(this))
.then(this._fetchDetails.bind(this))
.then(this._filterAfterDetails.bind(this))
.then(this._geocode.bind(this))
.then(this._save.bind(this))
.then(this._calculateDistance.bind(this))
@@ -97,10 +102,10 @@ class FredyPipelineExecutioner {
}
/**
* Optionally enrich new listings with data from their detail pages.
* Optionally, enrich new listings with data from their detail pages.
* Only called when the provider config defines a `fetchDetails` function.
* Runs all fetches in parallel. Each individual fetch must handle its own errors
* and always resolve (never reject) to avoid aborting other listings.
* Fetches are performed sequentially to avoid overloading the provider or
* the shared browser instance.
*
* @param {Listing[]} newListings New listings to enrich.
* @returns {Promise<Listing[]>} Resolves with enriched listings.
@@ -132,7 +137,7 @@ class FredyPipelineExecutioner {
for (const listing of newListings) {
if (listing.address) {
const coords = await geocodeAddress(listing.address);
if (coords) {
if (coords && coords.lat !== -1 && coords.lng !== -1) {
listing.latitude = coords.lat;
listing.longitude = coords.lng;
}
@@ -199,9 +204,9 @@ class FredyPipelineExecutioner {
const toDeleteListingByIds = [];
const keptListings = newListings.filter((listing) => {
const filterOut =
(minRooms && listing.rooms && listing.rooms < minRooms) ||
(minSize && listing.size && listing.size < minSize) ||
(maxPrice && listing.price && listing.price > maxPrice);
(minRooms && listing.rooms != null && listing.rooms < minRooms) ||
(minSize && listing.size != null && listing.size < minSize) ||
(maxPrice && listing.price != null && listing.price > maxPrice);
if (filterOut) {
toDeleteListingByIds.push(listing.id);
@@ -223,24 +228,15 @@ class FredyPipelineExecutioner {
* @param {string} url The provider URL to fetch from.
* @returns {Promise<ParsedListing[]>} Resolves with an array of listings (empty when none found).
*/
_getListings(url) {
async _getListings(url) {
const extractor = new Extractor({ ...this._providerConfig.puppeteerOptions, browser: this._browser });
return new Promise((resolve, reject) => {
extractor
.execute(url, this._providerConfig.waitForSelector)
.then(() => {
const listings = extractor.parseResponseText(
this._providerConfig.crawlContainer,
this._providerConfig.crawlFields,
url,
);
resolve(listings == null ? [] : listings);
})
.catch((err) => {
reject(err);
logger.error(err);
});
});
await extractor.execute(url, this._providerConfig.waitForSelector, this._providerId);
const listings = extractor.parseResponseText(
this._providerConfig.crawlContainer,
this._providerConfig.crawlFields,
url,
);
return listings == null ? [] : listings;
}
/**
@@ -264,15 +260,57 @@ class FredyPipelineExecutioner {
const requiredKeys = this._providerConfig.requiredFieldNames;
const requireValues = ['id', 'link', 'title'];
const filteredListings = listings
// this should never filter some listings out, because the normalize function should always extract all fields.
.filter((item) => requiredKeys.every((key) => key in item))
// TODO: move blacklist filter to this file, so it will handle for all providers in same way.
.filter(this._providerConfig.filter)
// filter out listings that are missing required fields
.filter((item) => requireValues.every((key) => item[key] != null));
return (
listings
// this should never filter some listings out, because the normalize function should always extract all fields.
.filter((item) => requiredKeys.every((key) => key in item))
// TODO: move blacklist filter to this file, so it will handle for all providers in same way.
.filter(this._providerConfig.filter)
// filter out listings that are missing required fields
.filter((item) => requireValues.every((key) => item[key] != null))
);
}
return filteredListings;
/**
* Re-apply the provider's blacklist filter after `_fetchDetails` has had a
* chance to enrich the listings (e.g., load the full description from the
* detail page). The initial `_filter` step only sees the truncated snippet
* exposed on the search results page, so a blacklisted term that lives
* deeper in the listing's full description would otherwise slip through.
*
* Opt-in: gated by the user setting `blacklist_filter_on_provider_details`.
* The full detail description tends to contain a lot of boilerplate (legal,
* exposé contact info, generic marketing copy) which can accidentally match
* a blacklist term and remove otherwise relevant listings. Users who want
* the stricter behavior must enable the setting explicitly.
*
* Throws {@link NoNewListingsWarning} when all listings are filtered out
* so the rest of the pipeline (save + notify) is short-circuited.
*
* @param {ParsedListing[]} listings Enriched listings to re-filter.
* @returns {ParsedListing[]} Listings that still pass the provider's filter.
* @throws {NoNewListingsWarning} When every listing is filtered out.
*/
_filterAfterDetails(listings) {
if (typeof this._providerConfig.filter !== 'function') {
return listings;
}
const userId = getJob(this._jobKey)?.userId;
const enabled = getUserSettings(userId)?.blacklist_filter_on_provider_details === true;
if (!enabled) {
return listings;
}
const kept = listings.filter(this._providerConfig.filter);
const removed = listings.length - kept.length;
if (removed > 0) {
logger.debug(
`Re-filter after detail enrichment removed ${removed} listing(s) by blacklist (Provider: '${this._providerId}')`,
);
}
if (kept.length === 0) {
throw new NoNewListingsWarning();
}
return kept;
}
/**
@@ -300,17 +338,19 @@ class FredyPipelineExecutioner {
* @returns {Promise<ParsedListing[]>} Resolves to the provided listings after notifications complete.
* @throws {NoNewListingsWarning} When there are no listings to notify about.
*/
_notify(newListings) {
async _notify(newListings) {
if (newListings.length === 0) {
throw new NoNewListingsWarning();
}
// TODO: move this to the notification adapter, so it will handle for all providers in same way.
const formattedListings = newListings.map(formatListing);
const settings = await getSettings();
const baseUrl = settings?.baseUrl ?? '';
const sendNotifications = notify.send(
this._providerId,
formattedListings,
this._jobNotificationConfig,
this._jobKey,
baseUrl,
);
return Promise.all(sendNotifications).then(() => newListings);
}

8
lib/TRACKING_POIS.js
View File

@@ -7,4 +7,12 @@ export const TRACKING_POIS = {
DISTANCE_ADDRESS_ENTERED: 'DISTANCE_ADDRESS_ENTERED',
WELCOME_FINISHED: 'WELCOME_FINISHED',
WELCOME_SKIPPED: 'WELCOME_SKIPPED',
JOBS_TABLE_VIEW: 'JOBS_TABLE_VIEW',
LISTING_TABLE_VIEW: 'LISTING_TABLE_VIEW',
BASE_URL_SETTING: 'BASE_URL_SETTING',
SET_PROXY_SETTING: 'SET_PROXY_SETTING',
DETECTED_AS_BOT: 'DETECTED_AS_BOT',
NOTES_CREATE: 'NOTES_CREATE',
USING_LISTING_STATUS: 'USING_LISTING_STATUS',
CHANGE_LANGUAGE: 'CHANGE_LANGUAGE',
};

154
lib/api/api.js
View File

@@ -3,64 +3,112 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { notificationAdapterRouter } from './routes/notificationAdapterRouter.js';
import { authInterceptor, cookieSession, adminInterceptor } from './security.js';
import { generalSettingsRouter } from './routes/generalSettingsRoute.js';
import { providerRouter } from './routes/providerRouter.js';
import { versionRouter } from './routes/versionRouter.js';
import { loginRouter } from './routes/loginRoute.js';
import { userRouter } from './routes/userRoute.js';
import { userSettingsRouter } from './routes/userSettingsRoute.js';
import { jobRouter } from './routes/jobRouter.js';
import bodyParser from 'body-parser';
import restana from 'restana';
import files from 'serve-static';
import Fastify from 'fastify';
import fastifyHelmet from '@fastify/helmet';
import fastifyCookie from '@fastify/cookie';
import fastifySession from '@fastify/session';
import fastifyStatic from '@fastify/static';
import path from 'path';
import { getDirName } from '../utils.js';
import { demoRouter } from './routes/demoRouter.js';
import logger from '../services/logger.js';
import { listingsRouter } from './routes/listingsRouter.js';
import { getSettings, getOrCreateSessionSecret } from '../services/storage/settingsStorage.js';
import { dashboardRouter } from './routes/dashboardRouter.js';
import { backupRouter } from './routes/backupRouter.js';
import { trackingRouter } from './routes/trackingRoute.js';
import logger from '../services/logger.js';
import { authHook, adminHook } from './security.js';
import loginPlugin from './routes/loginRoute.js';
import demoPlugin from './routes/demoRouter.js';
import jobPlugin from './routes/jobRouter.js';
import versionPlugin from './routes/versionRouter.js';
import listingsPlugin from './routes/listingsRouter.js';
import dashboardPlugin from './routes/dashboardRouter.js';
import userSettingsPlugin from './routes/userSettingsRoute.js';
import trackingPlugin from './routes/trackingRoute.js';
import generalSettingsPlugin from './routes/generalSettingsRoute.js';
import backupPlugin from './routes/backupRouter.js';
import debugPlugin, { registerDebugPublicProbe } from './routes/debugRouter.js';
import userPlugin from './routes/userRoute.js';
import notificationAdapterPlugin from './routes/notificationAdapterRouter.js';
import providerPlugin from './routes/providerRouter.js';
import { registerMcpRoutes } from '../mcp/mcpHttpRoute.js';
const service = restana();
const staticService = files(path.join(getDirName(), '../ui/public'));
const PORT = (await getSettings()).port || 9998;
const sessionSecret = await getOrCreateSessionSecret();
const SESSION_MAX_AGE = 2 * 60 * 60 * 1000;
service.use(bodyParser.json());
service.use(cookieSession(sessionSecret));
service.use(staticService);
service.use('/api/admin', authInterceptor());
service.use('/api/jobs', authInterceptor());
service.use('/api/version', authInterceptor());
service.use('/api/listings', authInterceptor());
service.use('/api/dashboard', authInterceptor());
service.use('/api/user/settings', authInterceptor());
service.use('/api/tracking', authInterceptor());
// /admin can only be accessed when user is having admin permissions
service.use('/api/admin', adminInterceptor());
service.use('/api/jobs/notificationAdapter', notificationAdapterRouter);
service.use('/api/admin/generalSettings', generalSettingsRouter);
service.use('/api/admin/backup', backupRouter);
service.use('/api/jobs/provider', providerRouter);
service.use('/api/admin/users', userRouter);
service.use('/api/user/settings', userSettingsRouter);
service.use('/api/version', versionRouter);
service.use('/api/jobs', jobRouter);
service.use('/api/login', loginRouter);
service.use('/api/listings', listingsRouter);
service.use('/api/dashboard', dashboardRouter);
service.use('/api/tracking', trackingRouter);
//this route is unsecured intentionally as it is being queried from the login page
service.use('/api/demo', demoRouter);
// MCP Streamable HTTP endpoint (secured via Bearer token, not cookie-session)
registerMcpRoutes(service);
service.start(PORT).then(() => {
logger.debug(`Started API service on port ${PORT}`);
const fastify = Fastify({
logger: false,
bodyLimit: 50 * 1024 * 1024, // 50 MB for backup uploads
});
// Security headers (CSP disabled to avoid breaking the SPA)
await fastify.register(fastifyHelmet, { contentSecurityPolicy: false });
// Cookie + session (in-memory store, signed cookie)
await fastify.register(fastifyCookie);
await fastify.register(fastifySession, {
secret: sessionSecret,
cookieName: 'fredy-admin-session',
cookie: {
maxAge: SESSION_MAX_AGE,
httpOnly: true,
secure: false,
sameSite: 'lax',
},
saveUninitialized: false,
});
// Serve the React SPA from ui/public/
await fastify.register(fastifyStatic, {
root: path.join(getDirName(), '../ui/public'),
wildcard: false,
});
// Public routes - no auth required
fastify.register(loginPlugin, { prefix: '/api/login' });
fastify.register(demoPlugin, { prefix: '/api/demo' });
// User-authenticated routes
fastify.register(async (app) => {
app.addHook('preHandler', authHook);
app.register(jobPlugin, { prefix: '/api/jobs' });
app.register(notificationAdapterPlugin, { prefix: '/api/jobs/notificationAdapter' });
app.register(providerPlugin, { prefix: '/api/jobs/provider' });
app.register(versionPlugin, { prefix: '/api/version' });
app.register(listingsPlugin, { prefix: '/api/listings' });
app.register(dashboardPlugin, { prefix: '/api/dashboard' });
app.register(userSettingsPlugin, { prefix: '/api/user/settings' });
app.register(trackingPlugin, { prefix: '/api/tracking' });
app.register(generalSettingsPlugin, { prefix: '/api/admin/generalSettings' });
// The lightweight /api/debug/active probe used by the app-wide red banner. Lives
// here (under authHook, NOT adminHook) so non-admin users also see the warning
// banner when an admin has enabled the feature, without exposing the rest of the
// settings payload.
app.register(
async (sub) => {
registerDebugPublicProbe(sub);
},
{ prefix: '/api/debug' },
);
});
// Admin-only routes
fastify.register(async (app) => {
app.addHook('preHandler', authHook);
app.addHook('preHandler', adminHook);
app.register(backupPlugin, { prefix: '/api/admin/backup' });
app.register(debugPlugin, { prefix: '/api/admin/debug' });
app.register(userPlugin, { prefix: '/api/admin/users' });
});
// MCP Streamable HTTP (Bearer token auth - no session)
registerMcpRoutes(fastify);
// SPA fallback - serve index.html for all non-API GET requests
fastify.setNotFoundHandler((request, reply) => {
if (!request.url.startsWith('/api/')) {
return reply.sendFile('index.html');
}
return reply.code(404).send({ error: 'Not found' });
});
await fastify.listen({ port: PORT, host: '0.0.0.0' });
logger.debug(`Started API service on port ${PORT}`);

102
lib/api/routes/backupRouter.js
View File

@@ -3,73 +3,61 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import restana from 'restana';
import {
buildBackupFileName,
createBackupZip,
precheckRestore,
restoreFromZip,
} from '../../services/storage/backupRestoreService.js';
import { getSettings } from '../../services/storage/settingsStorage.js';
import { isAdmin } from '../security.js';
const DEMO_MODE_ERROR = 'Backup and restore are not available in demo mode.';
/**
* Backup & Restore Admin Router
*
* Endpoints:
* - GET /api/admin/backup
* Returns the current database as a zip download. Content-Type: application/zip
* - POST /api/admin/backup/restore?dryRun=true
* Accepts a zip file (raw body). Returns a compatibility report, does not restore.
* - POST /api/admin/backup/restore?force=true|false
* Accepts a zip file (raw body). Restores the database; when incompatible and force=false, returns 400.
* @param {import('fastify').FastifyInstance} fastify
*/
const service = restana();
const backupRouter = service.newRouter();
export default async function backupPlugin(fastify) {
// Parse raw binary uploads as Buffer
fastify.addContentTypeParser(
['application/zip', 'application/octet-stream'],
{ parseAs: 'buffer' },
(req, body, done) => done(null, body),
);
backupRouter.get('/', async (req, res) => {
const zipBuffer = await createBackupZip();
const fileName = await buildBackupFileName();
res.setHeader('Content-Type', 'application/zip');
res.setHeader('Content-Disposition', `attachment; filename="${fileName}"`);
res.send(zipBuffer);
});
fastify.get('/', async (request, reply) => {
const settings = await getSettings();
if (settings.demoMode && !isAdmin(request)) {
return reply.code(403).send({ error: DEMO_MODE_ERROR });
}
const zipBuffer = await createBackupZip();
const fileName = await buildBackupFileName();
reply.header('Content-Type', 'application/zip');
reply.header('Content-Disposition', `attachment; filename="${fileName}"`);
return reply.send(zipBuffer);
});
/**
* Read the full request body as a Buffer. Used for raw zip uploads.
* @param {import('http').IncomingMessage} req
* @returns {Promise<Buffer>}
*/
function readBody(req) {
return new Promise((resolve, reject) => {
const chunks = [];
req.on('data', (c) => chunks.push(c));
req.on('end', () => resolve(Buffer.concat(chunks)));
req.on('error', (e) => reject(e));
fastify.post('/restore', async (request, reply) => {
const settings = await getSettings();
if (settings.demoMode && !isAdmin(request)) {
return reply.code(403).send({ error: DEMO_MODE_ERROR });
}
const { dryRun = 'false', force = 'false' } = request.query || {};
const doDryRun = String(dryRun) === 'true';
const doForce = String(force) === 'true';
const body = request.body; // Buffer from addContentTypeParser
if (doDryRun) {
return precheckRestore(body);
}
try {
return restoreFromZip(body, { force: doForce });
} catch (e) {
return reply.code(400).send({
message: e?.message || 'Restore failed',
details: e?.payload || null,
});
}
});
}
// Upload endpoint. Accepts raw zip (Content-Type: application/zip or application/octet-stream)
// Query parameters:
// - dryRun=true => only validate and return compatibility info
// - force=true => proceed even if incompatible
backupRouter.post('/restore', async (req, res) => {
const { dryRun = 'false', force = 'false' } = req.query || {};
const doDryRun = String(dryRun) === 'true';
const doForce = String(force) === 'true';
const body = await readBody(req);
if (doDryRun) {
res.body = await precheckRestore(body);
return res.send();
}
try {
res.body = await restoreFromZip(body, { force: doForce });
return res.send();
} catch (e) {
res.statusCode = 400;
res.body = { message: e?.message || 'Restore failed', details: e?.payload || null };
return res.send();
}
});
export { backupRouter };

115
lib/api/routes/dashboardRouter.js
View File

@@ -3,23 +3,14 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import restana from 'restana';
import * as jobStorage from '../../services/storage/jobStorage.js';
import * as userStorage from '../../services/storage/userStorage.js';
import { getListingsKpisForJobIds, getProviderDistributionForJobIds } from '../../services/storage/listingsStorage.js';
import { getSettings } from '../../services/storage/settingsStorage.js';
import { isAdmin } from '../security.js';
const service = restana();
export const dashboardRouter = service.newRouter();
function isAdmin(req) {
const user = req.session?.currentUser ? userStorage.getUser(req.session.currentUser) : null;
return !!user?.isAdmin;
}
function getAccessibleJobs(req) {
const currentUser = req.session.currentUser;
const admin = isAdmin(req);
function getAccessibleJobs(request) {
const currentUser = request.session.currentUser;
const admin = isAdmin(request);
return jobStorage
.getJobs()
.filter((job) => admin || job.userId === currentUser || job.shared_with_user.includes(currentUser));
@@ -29,43 +20,69 @@ function cap(val) {
return String(val).charAt(0).toUpperCase() + String(val).slice(1);
}
dashboardRouter.get('/', async (req, res) => {
const jobs = getAccessibleJobs(req);
const settings = await getSettings();
/**
* Compute the most recent job trigger timestamp across the given jobs.
*
* Returns `null` when none of the jobs has ever been triggered. The value is
* persisted per-job via `jobs.last_run_at`, so the dashboard reflects the
* scope visible to the current user (own + shared, or all for admins) rather
* than a process-wide in-memory value.
*
* @param {Array<{lastRunAt?: number|null}>} jobs
* @returns {number|null}
*/
function computeLastRun(jobs) {
let lastRun = null;
for (const job of jobs) {
const ts = job.lastRunAt;
if (typeof ts === 'number' && (lastRun == null || ts > lastRun)) {
lastRun = ts;
}
}
return lastRun;
}
// KPIs
const totalJobs = jobs.length;
const totalListings = jobs.reduce((sum, j) => sum + (j.numberOfFoundListings || 0), 0);
const jobIds = jobs.map((j) => j.id);
const { numberOfActiveListings, medianPriceOfListings } = getListingsKpisForJobIds(jobIds);
// Build Pie data in a simple shape the frontend can consume directly
// Shape: { labels: string[], values: number[] } with values as percentages
const providerPieRaw = getProviderDistributionForJobIds(jobIds);
const providerPie = Array.isArray(providerPieRaw)
? {
labels: providerPieRaw.map((p) => cap(p.type)),
values: providerPieRaw.map((p) => Number(p.value) || 0),
}
: providerPieRaw && typeof providerPieRaw === 'object'
/**
* @param {import('fastify').FastifyInstance} fastify
*/
export default async function dashboardPlugin(fastify) {
fastify.get('/', async (request) => {
const jobs = getAccessibleJobs(request);
const settings = await getSettings();
const totalJobs = jobs.length;
const totalListings = jobs.reduce((sum, j) => sum + (j.numberOfFoundListings || 0), 0);
const jobIds = jobs.map((j) => j.id);
const { numberOfActiveListings, medianPriceOfListings } = getListingsKpisForJobIds(jobIds);
const providerPieRaw = getProviderDistributionForJobIds(jobIds);
const providerPie = Array.isArray(providerPieRaw)
? {
labels: Array.isArray(providerPieRaw.labels) ? providerPieRaw.labels : [],
values: Array.isArray(providerPieRaw.values) ? providerPieRaw.values : [],
labels: providerPieRaw.map((p) => cap(p.type)),
values: providerPieRaw.map((p) => Number(p.value) || 0),
}
: { labels: [], values: [] };
: providerPieRaw && typeof providerPieRaw === 'object'
? {
labels: Array.isArray(providerPieRaw.labels) ? providerPieRaw.labels : [],
values: Array.isArray(providerPieRaw.values) ? providerPieRaw.values : [],
}
: { labels: [], values: [] };
res.body = {
general: {
interval: settings.interval,
lastRun: settings.lastRun || null,
nextRun: settings.lastRun == null ? 0 : settings.lastRun + settings.interval * 60000,
},
kpis: {
totalJobs,
totalListings,
numberOfActiveListings,
medianPriceOfListings,
},
pie: providerPie,
};
res.send();
});
const lastRun = computeLastRun(jobs);
return {
general: {
interval: settings.interval,
lastRun,
nextRun: lastRun == null ? 0 : lastRun + settings.interval * 60000,
},
kpis: {
totalJobs,
totalListings,
numberOfActiveListings,
medianPriceOfListings,
},
pie: providerPie,
};
});
}

93
lib/api/routes/debugRouter.js Normal file
View File

@@ -0,0 +1,93 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import {
isEnabled,
enableDebugLogging,
disableDebugLogging,
getCurrentSize,
getMaxSize,
hasAnyLogs,
wasEverEnabled,
clearAllDebugLogs,
} from '../../services/debug/debugLogStorage.js';
import { buildDebugBundleFileName, buildDebugBundleZip } from '../../services/debug/debugBundleService.js';
import { getSettings } from '../../services/storage/settingsStorage.js';
/**
* Build the JSON status payload returned by /status and after each enable/disable.
* @returns {Promise<{enabled:boolean, size:number, max:number, hasLogs:boolean, everEnabled:boolean}>}
*/
async function buildStatus() {
return {
enabled: isEnabled(),
size: await getCurrentSize(),
max: getMaxSize(),
hasLogs: hasAnyLogs(),
everEnabled: await wasEverEnabled(),
};
}
/**
* Register the lightweight /active probe used by the app-wide red banner. Exposed
* to every authenticated user (not just admins) so non-admin users see the warning
* banner too. Returns only a single boolean so it cannot be repurposed to leak any
* other state.
*
* @param {import('fastify').FastifyInstance} fastify
*/
export async function registerDebugPublicProbe(fastify) {
fastify.get('/active', async () => ({ enabled: isEnabled() }));
}
/**
* Admin-only debug logging endpoints.
*
* Routes (all relative to the registered prefix /api/admin/debug):
* GET /status → current feature status (used by the UI polling).
* POST /enable → turn debug logging on. Body: { clearPrevious?:boolean }.
* POST /disable → turn debug logging off (existing logs are kept on disk).
* GET /download → ZIP with logs.txt + sys.txt. 409 when the feature has
* never been enabled OR there are no logs to export.
* DELETE /logs → drop every stored debug log row (does NOT change the
* enabled flag — useful to free space while keeping
* recording on).
*
* @param {import('fastify').FastifyInstance} fastify
*/
export default async function debugPlugin(fastify) {
fastify.get('/status', async () => buildStatus());
fastify.post('/enable', async (request) => {
const clearPrevious = request.body?.clearPrevious === true;
await enableDebugLogging({ clearPrevious });
return buildStatus();
});
fastify.post('/disable', async () => {
await disableDebugLogging();
return buildStatus();
});
fastify.delete('/logs', async () => {
clearAllDebugLogs();
return buildStatus();
});
fastify.get('/download', async (request, reply) => {
const ever = await wasEverEnabled();
if (!ever || !hasAnyLogs()) {
return reply.code(409).send({
error: 'Debug logging has never produced any data on this Fredy installation.',
});
}
const settings = await getSettings();
const zipBuffer = await buildDebugBundleZip({ settings });
const fileName = await buildDebugBundleFileName();
reply.header('Content-Type', 'application/zip');
reply.header('Content-Disposition', `attachment; filename="${fileName}"`);
return reply.send(zipBuffer);
});
}

19
lib/api/routes/demoRouter.js
View File

@@ -3,15 +3,14 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import restana from 'restana';
import { getSettings } from '../../services/storage/settingsStorage.js';
const service = restana();
const demoRouter = service.newRouter();
demoRouter.get('/', async (req, res) => {
const settings = await getSettings();
res.body = Object.assign({}, { demoMode: settings.demoMode });
res.send();
});
export { demoRouter };
/**
* @param {import('fastify').FastifyInstance} fastify
*/
export default async function demoPlugin(fastify) {
fastify.get('/', async () => {
const settings = await getSettings();
return { demoMode: settings.demoMode };
});
}

71
lib/api/routes/generalSettingsRoute.js
View File

@@ -3,39 +3,54 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import restana from 'restana';
import { getDirName } from '../../utils.js';
import fs from 'fs';
import { ensureDemoUserExists } from '../../services/storage/userStorage.js';
import logger from '../../services/logger.js';
import { getSettings, upsertSettings } from '../../services/storage/settingsStorage.js';
const service = restana();
const generalSettingsRouter = service.newRouter();
import { isAdmin } from '../security.js';
import { trackPoi } from '../../services/tracking/Tracker.js';
import { TRACKING_POIS } from '../../TRACKING_POIS.js';
generalSettingsRouter.get('/', async (req, res) => {
res.body = Object.assign({}, await getSettings());
res.send();
});
generalSettingsRouter.post('/', async (req, res) => {
const { sqlitepath, ...appSettings } = req.body || {};
const localSettings = await getSettings();
/**
* @param {import('fastify').FastifyInstance} fastify
*/
export default async function generalSettingsPlugin(fastify) {
fastify.get('/', async () => {
return Object.assign({}, await getSettings());
});
if (localSettings.demoMode) {
res.send(new Error('In demo mode, it is not allowed to change these settings.'));
return;
}
try {
if (typeof sqlitepath !== 'undefined') {
fs.writeFileSync(`${getDirName()}/../conf/config.json`, JSON.stringify({ sqlitepath }));
fastify.post('/', async (request, reply) => {
const { sqlitepath, ...appSettings } = request.body || {};
if (typeof appSettings.baseUrl === 'string') {
appSettings.baseUrl = appSettings.baseUrl.trim().replace(/\/$/, '');
}
upsertSettings(appSettings);
ensureDemoUserExists();
} catch (err) {
logger.error(err);
res.send(new Error('Error while trying to write settings.'));
return;
}
res.send();
});
export { generalSettingsRouter };
const localSettings = await getSettings();
if (!isAdmin(request)) {
const reason = localSettings.demoMode
? 'In demo mode, it is not allowed to change these settings.'
: 'Only admins can change these settings.';
return reply.code(403).send({ error: reason });
}
try {
if (typeof sqlitepath !== 'undefined') {
fs.writeFileSync(`${getDirName()}/../conf/config.json`, JSON.stringify({ sqlitepath }));
}
upsertSettings(appSettings);
ensureDemoUserExists();
if (appSettings.baseUrl != null) {
await trackPoi(TRACKING_POIS.BASE_URL_SETTING);
}
if (appSettings.proxyUrl != null) {
await trackPoi(TRACKING_POIS.SET_PROXY_SETTING);
}
} catch (err) {
logger.error(err);
return reply.code(500).send({ error: 'Error while trying to write settings.' });
}
return reply.send();
});
}

420
lib/api/routes/jobRouter.js
View File

@@ -3,7 +3,6 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import restana from 'restana';
import * as jobStorage from '../../services/storage/jobStorage.js';
import * as userStorage from '../../services/storage/userStorage.js';
import { isAdmin } from '../security.js';
@@ -13,257 +12,240 @@ import { isRunning as isJobRunning } from '../../services/jobs/run-state.js';
import { addClient as addSseClient, removeClient } from '../../services/sse/sse-broker.js';
import { getSettings } from '../../services/storage/settingsStorage.js';
const service = restana();
const jobRouter = service.newRouter();
const DEMO_JOB_NAME = 'Demo-Job';
function doesJobBelongsToUser(job, req) {
const userId = req.session.currentUser;
if (userId == null) {
return false;
}
function doesJobBelongsToUser(job, request) {
const userId = request.session.currentUser;
if (userId == null) return false;
const user = userStorage.getUser(userId);
if (user == null) {
return false;
}
if (user == null) return false;
return user.isAdmin || job.userId === user.id;
}
jobRouter.get('/', async (req, res) => {
const isUserAdmin = isAdmin(req);
//show only the jobs which belongs to the user (or all of the user is an admin)
res.body = jobStorage
.getJobs()
.filter(
(job) =>
isUserAdmin || job.userId === req.session.currentUser || job.shared_with_user.includes(req.session.currentUser),
)
.map((job) => {
return {
/**
* @param {import('fastify').FastifyInstance} fastify
*/
export default async function jobPlugin(fastify) {
fastify.get('/', async (request) => {
const isUserAdmin = isAdmin(request);
return jobStorage
.getJobs()
.filter(
(job) =>
isUserAdmin ||
job.userId === request.session.currentUser ||
job.shared_with_user.includes(request.session.currentUser),
)
.map((job) => ({
...job,
running: isJobRunning(job.id),
isOnlyShared:
!isUserAdmin &&
job.userId !== req.session.currentUser &&
job.shared_with_user.includes(req.session.currentUser),
};
});
res.send();
});
jobRouter.get('/data', async (req, res) => {
const { page, pageSize = 50, activityFilter, sortfield = null, sortdir = 'asc', freeTextFilter } = req.query || {};
// normalize booleans
const toBool = (v) => {
if (v === true || v === 'true' || v === 1 || v === '1') return true;
if (v === false || v === 'false' || v === 0 || v === '0') return false;
return null;
};
const normalizedActivity = toBool(activityFilter);
const queryResult = jobStorage.queryJobs({
page: page ? parseInt(page, 10) : 1,
pageSize: pageSize ? parseInt(pageSize, 10) : 50,
freeTextFilter: freeTextFilter || null,
activityFilter: normalizedActivity,
sortField: sortfield || null,
sortDir: sortdir === 'desc' ? 'desc' : 'asc',
userId: req.session.currentUser,
isAdmin: isAdmin(req),
job.userId !== request.session.currentUser &&
job.shared_with_user.includes(request.session.currentUser),
}));
});
const isUserAdmin = isAdmin(req);
fastify.get('/data', async (request) => {
const {
page,
pageSize = 50,
activityFilter,
sortfield = null,
sortdir = 'asc',
freeTextFilter,
} = request.query || {};
// Map result to include runtime status
queryResult.result = queryResult.result.map((job) => {
return {
const toBool = (v) => {
if (v === true || v === 'true' || v === 1 || v === '1') return true;
if (v === false || v === 'false' || v === 0 || v === '0') return false;
return null;
};
const normalizedActivity = toBool(activityFilter);
const queryResult = jobStorage.queryJobs({
page: page ? parseInt(page, 10) : 1,
pageSize: pageSize ? parseInt(pageSize, 10) : 50,
freeTextFilter: freeTextFilter || null,
activityFilter: normalizedActivity,
sortField: sortfield || null,
sortDir: sortdir === 'desc' ? 'desc' : 'asc',
userId: request.session.currentUser,
isAdmin: isAdmin(request),
});
const isUserAdmin = isAdmin(request);
queryResult.result = queryResult.result.map((job) => ({
...job,
running: isJobRunning(job.id),
isOnlyShared:
!isUserAdmin &&
job.userId !== req.session.currentUser &&
job.shared_with_user.includes(req.session.currentUser),
};
job.userId !== request.session.currentUser &&
job.shared_with_user.includes(request.session.currentUser),
}));
return queryResult;
});
res.body = queryResult;
res.send();
});
// Server-Sent Events for real-time job status updates
fastify.get('/events', async (request, reply) => {
const userId = request.session?.currentUser;
if (userId == null) {
return reply.code(401).send({ message: 'Unauthorized' });
}
reply.hijack();
const raw = reply.raw;
raw.setHeader('Content-Type', 'text/event-stream');
raw.setHeader('Cache-Control', 'no-cache');
raw.setHeader('Connection', 'keep-alive');
// Server-Sent Events for job status updates
jobRouter.get('/events', async (req, res) => {
const userId = req.session.currentUser;
if (userId == null) {
res.send({ message: 'Unauthorized' }, 401);
return;
}
// SSE headers
res.setHeader('Content-Type', 'text/event-stream');
res.setHeader('Cache-Control', 'no-cache');
res.setHeader('Connection', 'keep-alive');
try {
// Initial comment to establish stream
res.write(': connected\n\n');
addSseClient(userId, res);
// Cleanup on close/aborted
const onClose = () => removeClient(userId, res);
// restana exposes original req/res; use both close and finish
req.on('close', onClose);
req.on('aborted', onClose);
res.on('close', onClose);
} catch (e) {
logger.error('Error establishing SSE connection', e);
try {
res.end();
} catch {
//noop
raw.write(': connected\n\n');
addSseClient(userId, raw);
const onClose = () => removeClient(userId, raw);
request.raw.on('close', onClose);
} catch (e) {
logger.error('Error establishing SSE connection', e);
try {
raw.end();
} catch {
/* noop */
}
}
}
});
});
jobRouter.post('/startAll', async (req, res) => {
try {
const userId = req.session.currentUser;
// Emit only the userId; handler will decide based on admin/ownership
bus.emit('jobs:runAll', { userId });
res.send({ message: 'Run all accepted' }, 202);
} catch (err) {
logger.error('Failed to trigger startAll', err);
res.send({ message: 'Unexpected error' }, 500);
}
});
// Trigger a single job run
jobRouter.post('/:jobId/run', async (req, res) => {
const { jobId } = req.params;
try {
const job = jobStorage.getJob(jobId);
if (!job) {
res.send({ message: 'Job not found' }, 404);
return;
fastify.post('/startAll', async (request, reply) => {
try {
const userId = request.session.currentUser;
bus.emit('jobs:runAll', { userId });
return reply.code(202).send({ message: 'Run all accepted' });
} catch (err) {
logger.error('Failed to trigger startAll', err);
return reply.code(500).send({ message: 'Unexpected error' });
}
if (!doesJobBelongsToUser(job, req)) {
res.send({ message: 'You are trying to run a job that is not associated to your user' }, 403);
return;
}
if (isJobRunning(jobId)) {
res.send({ message: 'Job is already running' }, 409);
return;
}
// fire and forget; actual execution handled by index.js listener
bus.emit('jobs:runOne', { jobId });
res.send({ message: 'Job run accepted' }, 202);
} catch (error) {
logger.error(error);
res.send({ message: 'Unexpected error triggering job' }, 500);
}
});
});
jobRouter.post('/', async (req, res) => {
const {
provider,
notificationAdapter,
name,
blacklist = [],
jobId,
enabled,
shareWithUsers = [],
spatialFilter = null,
specFilter = null,
} = req.body;
const settings = await getSettings();
try {
let jobFromDb = jobStorage.getJob(jobId);
if (jobFromDb && !doesJobBelongsToUser(jobFromDb, req)) {
res.send(new Error('You are trying to change a job that is not associated to your user.'));
return;
fastify.post('/:jobId/run', async (request, reply) => {
const { jobId } = request.params;
try {
const job = jobStorage.getJob(jobId);
if (!job) {
return reply.code(404).send({ message: 'Job not found' });
}
if (!doesJobBelongsToUser(job, request)) {
return reply.code(403).send({ message: 'You are trying to run a job that is not associated to your user' });
}
if (isJobRunning(jobId)) {
return reply.code(409).send({ message: 'Job is already running' });
}
bus.emit('jobs:runOne', { jobId });
return reply.code(202).send({ message: 'Job run accepted' });
} catch (error) {
logger.error(error);
return reply.code(500).send({ message: 'Unexpected error triggering job' });
}
});
if (settings.demoMode && jobFromDb && jobFromDb.name === DEMO_JOB_NAME) {
res.send(new Error('Sorry, but you cannot change the Status of our Demo Job ;)'));
return;
}
jobStorage.upsertJob({
userId: req.session.currentUser,
jobId,
enabled,
name,
blacklist,
fastify.post('/', async (request, reply) => {
const {
provider,
notificationAdapter,
shareWithUsers,
spatialFilter,
specFilter,
});
} catch (error) {
res.send(new Error(error));
logger.error(error);
}
res.send();
});
name,
blacklist = [],
jobId,
enabled,
shareWithUsers = [],
spatialFilter = null,
specFilter = null,
} = request.body;
const settings = await getSettings();
try {
const jobFromDb = jobStorage.getJob(jobId);
jobRouter.delete('', async (req, res) => {
const { jobId } = req.body;
const settings = await getSettings();
try {
const job = jobStorage.getJob(jobId);
if (settings.demoMode && job.name === DEMO_JOB_NAME) {
res.send(new Error('Sorry, but you cannot remove the Demo Job ;)'));
return;
}
if (jobFromDb && !doesJobBelongsToUser(jobFromDb, request)) {
return reply.code(403).send({ error: 'You are trying to change a job that is not associated to your user.' });
}
if (!doesJobBelongsToUser(job, req)) {
res.send(new Error('You are trying to remove a job that is not associated to your user'));
} else {
jobStorage.removeJob(jobId);
}
} catch (error) {
res.send(new Error(error));
logger.error(error);
}
res.send();
});
jobRouter.put('/:jobId/status', async (req, res) => {
const { status } = req.body;
const { jobId } = req.params;
const settings = await getSettings();
try {
const job = jobStorage.getJob(jobId);
if (settings.demoMode && !isAdmin(request) && jobFromDb && jobFromDb.name === DEMO_JOB_NAME) {
return reply.code(403).send({ error: 'Sorry, but you cannot change the Status of our Demo Job ;)' });
}
if (settings.demoMode && job.name === DEMO_JOB_NAME) {
res.send(new Error('Sorry, but you cannot change the Status of our Demo Job ;)'));
return;
}
if (!doesJobBelongsToUser(job, req)) {
res.send(new Error('You are trying change a job that is not associated to your user'));
} else {
jobStorage.setJobStatus({
jobStorage.upsertJob({
userId: request.session.currentUser,
jobId,
status,
enabled,
name,
blacklist,
provider,
notificationAdapter,
shareWithUsers,
spatialFilter,
specFilter,
});
} catch (error) {
logger.error(error);
return reply.code(500).send({ error: error.message });
}
} catch (error) {
res.send(new Error(error));
logger.error(error);
}
res.send();
});
return reply.send();
});
jobRouter.get('/shareableUserList', async (req, res) => {
const currentUser = req.session.currentUser;
const users = userStorage.getUsers(false);
res.body = users
.filter((user) => !user.isAdmin && user.id !== currentUser)
.map((user) => ({
id: user.id,
name: user.username,
}));
res.send();
});
export { jobRouter };
fastify.delete('/', async (request, reply) => {
const { jobId } = request.body;
const settings = await getSettings();
try {
const job = jobStorage.getJob(jobId);
if (!job) {
return reply.code(404).send({ error: 'Job not found' });
}
if (settings.demoMode && !isAdmin(request) && job.name === DEMO_JOB_NAME) {
return reply.code(403).send({ error: 'Sorry, but you cannot remove the Demo Job ;)' });
}
if (!doesJobBelongsToUser(job, request)) {
return reply.code(403).send({ error: 'You are trying to remove a job that is not associated to your user' });
}
jobStorage.removeJob(jobId);
} catch (error) {
logger.error(error);
return reply.code(500).send({ error: error.message });
}
return reply.send();
});
fastify.put('/:jobId/status', async (request, reply) => {
const { status } = request.body;
const { jobId } = request.params;
const settings = await getSettings();
try {
const job = jobStorage.getJob(jobId);
if (!job) {
return reply.code(404).send({ error: 'Job not found' });
}
if (settings.demoMode && !isAdmin(request) && job.name === DEMO_JOB_NAME) {
return reply.code(403).send({ error: 'Sorry, but you cannot change the Status of our Demo Job ;)' });
}
if (!doesJobBelongsToUser(job, request)) {
return reply.code(403).send({ error: 'You are trying change a job that is not associated to your user' });
}
jobStorage.setJobStatus({ jobId, status });
} catch (error) {
logger.error(error);
return reply.code(500).send({ error: error.message });
}
return reply.send();
});
fastify.get('/shareableUserList', async (request) => {
const currentUser = request.session.currentUser;
const users = userStorage.getUsers(false);
return users
.filter((user) => !user.isAdmin && user.id !== currentUser)
.map((user) => ({
id: user.id,
name: user.username,
}));
});
}

280
lib/api/routes/listingsRouter.js
View File

@@ -3,137 +3,193 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import restana from 'restana';
import * as listingStorage from '../../services/storage/listingsStorage.js';
import * as watchListStorage from '../../services/storage/watchListStorage.js';
import { isAdmin as isAdminFn } from '../security.js';
import logger from '../../services/logger.js';
import { nullOrEmpty } from '../../utils.js';
import { getJobs } from '../../services/storage/jobStorage.js';
import { getJob } from '../../services/storage/jobStorage.js';
import { getSettings } from '../../services/storage/settingsStorage.js';
import { trackPoi } from '../../services/tracking/Tracker.js';
import { TRACKING_POIS } from '../../TRACKING_POIS.js';
const service = restana();
/**
* @param {import('fastify').FastifyInstance} fastify
*/
export default async function listingsPlugin(fastify) {
fastify.get('/table', async (request) => {
const {
page,
pageSize = 50,
activityFilter,
jobNameFilter,
providerFilter,
watchListFilter,
statusFilter,
sortfield = null,
sortdir = 'asc',
freeTextFilter,
} = request.query || {};
const listingsRouter = service.newRouter();
const toBool = (v) => {
if (v === true || v === 'true' || v === 1 || v === '1') return true;
if (v === false || v === 'false' || v === 0 || v === '0') return false;
return null;
};
const normalizedActivity = toBool(activityFilter);
const normalizedWatch = toBool(watchListFilter);
const allowedStatuses = ['applied', 'rejected', 'accepted', 'none'];
const normalizedStatus =
typeof statusFilter === 'string' && allowedStatuses.includes(statusFilter.toLowerCase())
? statusFilter.toLowerCase()
: undefined;
listingsRouter.get('/table', async (req, res) => {
const {
page,
pageSize = 50,
activityFilter,
jobNameFilter,
providerFilter,
watchListFilter,
sortfield = null,
sortdir = 'asc',
freeTextFilter,
} = req.query || {};
let jobFilter = null;
let jobIdFilter = null;
if (!nullOrEmpty(jobNameFilter)) {
const job = getJob(jobNameFilter);
jobFilter = job != null ? job.name : null;
jobIdFilter = job != null ? job.id : null;
}
// normalize booleans (accept true, 'true', 1, '1' for true; false, 'false', 0, '0' for false)
const toBool = (v) => {
if (v === true || v === 'true' || v === 1 || v === '1') return true;
if (v === false || v === 'false' || v === 0 || v === '0') return false;
return null;
};
const normalizedActivity = toBool(activityFilter);
const normalizedWatch = toBool(watchListFilter);
let jobFilter = null;
let jobIdFilter = null;
const jobs = getJobs();
if (!nullOrEmpty(jobNameFilter)) {
const job = jobs.find((j) => j.id === jobNameFilter);
jobFilter = job != null ? job.name : null;
jobIdFilter = job != null ? job.id : null;
}
res.body = listingStorage.queryListings({
page: page ? parseInt(page, 10) : 1,
pageSize: pageSize ? parseInt(pageSize, 10) : 50,
freeTextFilter: freeTextFilter || null,
activityFilter: normalizedActivity,
jobNameFilter: jobFilter,
jobIdFilter: jobIdFilter,
providerFilter,
watchListFilter: normalizedWatch,
sortField: sortfield || null,
sortDir: sortdir === 'desc' ? 'desc' : 'asc',
userId: req.session.currentUser,
isAdmin: isAdminFn(req),
return listingStorage.queryListings({
page: page ? parseInt(page, 10) : 1,
pageSize: pageSize ? parseInt(pageSize, 10) : 50,
freeTextFilter: freeTextFilter || null,
activityFilter: normalizedActivity,
jobNameFilter: jobFilter,
jobIdFilter: jobIdFilter,
providerFilter,
watchListFilter: normalizedWatch,
statusFilter: normalizedStatus,
sortField: sortfield || null,
sortDir: sortdir === 'desc' ? 'desc' : 'asc',
userId: request.session.currentUser,
isAdmin: isAdminFn(request),
});
});
res.send();
});
listingsRouter.get('/map', async (req, res) => {
const { jobId } = req.query || {};
res.body = listingStorage.getListingsForMap({
jobId: nullOrEmpty(jobId) ? null : jobId,
userId: req.session.currentUser,
isAdmin: isAdminFn(req),
fastify.get('/map', async (request) => {
const { jobId } = request.query || {};
return listingStorage.getListingsForMap({
jobId: nullOrEmpty(jobId) ? null : jobId,
userId: request.session.currentUser,
isAdmin: isAdminFn(request),
});
});
res.send();
});
listingsRouter.get('/:listingId', async (req, res) => {
const { listingId } = req.params;
const listing = listingStorage.getListingById(listingId, req.session.currentUser, isAdminFn(req));
if (!listing) {
res.statusCode = 404;
res.body = { message: 'Listing not found' };
return res.send();
}
res.body = listing;
res.send();
});
fastify.get('/:listingId', async (request, reply) => {
const { listingId } = request.params;
const listing = listingStorage.getListingById(listingId, request.session.currentUser, isAdminFn(request));
if (!listing) {
return reply.code(404).send({ message: 'Listing not found' });
}
return listing;
});
// Toggle watch state for the current user on a listing
listingsRouter.post('/watch', async (req, res) => {
try {
const { listingId } = req.body || {};
const userId = req.session?.currentUser;
fastify.post('/watch', async (request, reply) => {
try {
const { listingId } = request.body || {};
const userId = request.session?.currentUser;
if (!listingId || !userId) {
return reply.code(400).send({ message: 'listingId or user not provided' });
}
watchListStorage.toggleWatch(listingId, userId);
} catch (error) {
logger.error(error);
return reply.code(500).send({ message: 'Failed to toggle watch' });
}
return reply.send();
});
fastify.post('/:listingId/notes', async (request, reply) => {
const { listingId } = request.params || {};
const { notes } = request.body || {};
const userId = request.session?.currentUser;
if (!listingId || !userId) {
res.statusCode = 400;
res.body = { message: 'listingId or user not provided' };
return res.send();
return reply.code(400).send({ message: 'listingId or user not provided' });
}
watchListStorage.toggleWatch(listingId, userId);
} catch (error) {
logger.error(error);
res.statusCode = 500;
res.body = { message: 'Failed to toggle watch' };
}
res.send();
});
listingsRouter.delete('/job', async (req, res) => {
const { jobId, hardDelete = false } = req.body;
const settings = await getSettings();
try {
if (settings.demoMode) {
res.send(new Error('Sorry, but you cannot remove listings in demo mode ;)'));
return;
try {
const changes = listingStorage.setListingNotes(listingId, typeof notes === 'string' ? notes : null);
if (changes === 0) {
return reply.code(404).send({ message: 'Listing not found' });
}
} catch (error) {
logger.error(error);
return reply.code(500).send({ message: 'Failed to update listing notes' });
}
listingStorage.deleteListingsByJobId(jobId, hardDelete);
} catch (error) {
res.send(new Error(error));
logger.error(error);
}
res.send();
});
await trackPoi(TRACKING_POIS.NOTES_CREATE);
return reply.send();
});
listingsRouter.delete('/', async (req, res) => {
const { ids, hardDelete = false } = req.body;
try {
if (Array.isArray(ids) && ids.length > 0) {
listingStorage.deleteListingsById(ids, hardDelete);
fastify.post('/:listingId/status', async (request, reply) => {
const { listingId } = request.params || {};
const { status } = request.body || {};
const userId = request.session?.currentUser;
if (!listingId || !userId) {
return reply.code(400).send({ message: 'listingId or user not provided' });
}
} catch (error) {
res.send(new Error(error));
logger.error(error);
}
res.send();
});
const allowed = ['applied', 'rejected', 'accepted'];
const normalized = status == null ? null : String(status).toLowerCase();
if (normalized != null && !allowed.includes(normalized)) {
return reply.code(400).send({ message: `Invalid status: ${status}` });
}
try {
const changes = listingStorage.setListingStatus(listingId, normalized);
await trackPoi(TRACKING_POIS.USING_LISTING_STATUS);
if (changes === 0) {
return reply.code(404).send({ message: 'Listing not found' });
}
if (normalized != null) {
watchListStorage.ensureWatch(listingId, userId);
}
} catch (error) {
logger.error(error);
return reply.code(500).send({ message: 'Failed to update listing status' });
}
return reply.send();
});
export { listingsRouter };
fastify.delete('/job', async (request, reply) => {
const { jobId, hardDelete = false } = request.body;
const settings = await getSettings();
try {
if (settings.demoMode && !isAdminFn(request)) {
return reply.code(403).send({ error: 'Sorry, but you cannot remove listings in demo mode ;)' });
}
const job = getJob(jobId);
if (!job) {
return reply.code(404).send({ error: 'Job not found' });
}
const userId = request.session.currentUser;
if (!isAdminFn(request) && job.userId !== userId && !job.shared_with_user.includes(userId)) {
return reply
.code(403)
.send({ error: 'You are trying to remove listings for a job that is not associated to your user' });
}
listingStorage.deleteListingsByJobId(jobId, hardDelete);
} catch (error) {
logger.error(error);
return reply.code(500).send({ error: error.message });
}
return reply.send();
});
fastify.delete('/', async (request, reply) => {
const { ids, hardDelete = false } = request.body;
const settings = await getSettings();
try {
if (settings.demoMode && !isAdminFn(request)) {
return reply.code(403).send({ error: 'Sorry, but you cannot remove listings in demo mode ;)' });
}
if (Array.isArray(ids) && ids.length > 0) {
listingStorage.deleteListingsById(ids, hardDelete);
}
} catch (error) {
logger.error(error);
return reply.code(500).send({ error: error.message });
}
return reply.send();
});
}

104
lib/api/routes/loginRoute.js
View File

@@ -3,7 +3,6 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import restana from 'restana';
import * as userStorage from '../../services/storage/userStorage.js';
import * as hasher from '../../services/security/hash.js';
import { trackDemoAccessed } from '../../services/tracking/Tracker.js';
@@ -11,16 +10,19 @@ import logger from '../../services/logger.js';
import { getSettings } from '../../services/storage/settingsStorage.js';
const MAX_LOGIN_ATTEMPTS = 10;
const LOGIN_WINDOW_MS = 15 * 60 * 1000; // 15 minutes
const loginAttempts = new Map(); // ip -> { count, firstAttempt }
const LOGIN_WINDOW_MS = 15 * 60 * 1000;
const loginAttempts = new Map();
function getClientIp(req) {
const forwarded = req.headers['x-forwarded-for'];
return (forwarded ? forwarded.split(',')[0] : req.socket?.remoteAddress) || 'unknown';
function getClientIp(request) {
const forwarded = request.headers['x-forwarded-for'];
return (forwarded ? forwarded.split(',')[0] : request.socket?.remoteAddress) || 'unknown';
}
function isRateLimited(ip) {
const now = Date.now();
for (const [key, rec] of loginAttempts) {
if (now - rec.firstAttempt > LOGIN_WINDOW_MS) loginAttempts.delete(key);
}
const record = loginAttempts.get(ip);
if (!record || now - record.firstAttempt > LOGIN_WINDOW_MS) {
loginAttempts.set(ip, { count: 1, firstAttempt: now });
@@ -30,53 +32,51 @@ function isRateLimited(ip) {
return record.count > MAX_LOGIN_ATTEMPTS;
}
const service = restana();
const loginRouter = service.newRouter();
loginRouter.get('/user', async (req, res) => {
const currentUserId = req.session.currentUser;
const currentUser = currentUserId == null ? null : userStorage.getUser(currentUserId);
if (currentUser == null) {
res.body = {};
} else {
res.body = {
/**
* @param {import('fastify').FastifyInstance} fastify
*/
export default async function loginPlugin(fastify) {
fastify.get('/user', async (request) => {
const currentUserId = request.session?.currentUser;
const currentUser = currentUserId == null ? null : userStorage.getUser(currentUserId);
if (currentUser == null) {
return {};
}
return {
userId: currentUser.id,
isAdmin: currentUser.isAdmin,
};
}
res.send();
});
loginRouter.post('/', async (req, res) => {
const ip = getClientIp(req);
if (isRateLimited(ip)) {
logger.error(`Login rate limit exceeded for IP ${ip}`);
res.send(429);
return;
}
const settings = await getSettings();
const { username, password } = req.body;
const user = userStorage.getUsers(true).find((user) => user.username === username);
if (user == null) {
res.send(401);
return;
}
if (user.password === hasher.hash(password)) {
if (settings.demoMode) {
await trackDemoAccessed();
}
});
req.session.currentUser = user.id;
req.session.createdAt = Date.now();
loginAttempts.delete(ip);
userStorage.setLastLoginToNow({ userId: user.id });
res.send(200);
return;
} else {
logger.error(`User ${username} tried to login, but password was wrong.`);
}
res.send(401);
});
loginRouter.post('/logout', async (req, res) => {
req.session = null;
res.send(200);
});
export { loginRouter };
fastify.post('/', async (request, reply) => {
const ip = getClientIp(request);
if (isRateLimited(ip)) {
logger.error(`Login rate limit exceeded for IP ${ip}`);
return reply.code(429).send();
}
const settings = await getSettings();
const { username, password } = request.body;
const user = userStorage.getUsers(true).find((u) => u.username === username);
if (user == null) {
return reply.code(401).send();
}
if (user.password === hasher.hash(password)) {
if (settings.demoMode) {
await trackDemoAccessed();
}
request.session.currentUser = user.id;
request.session.createdAt = Date.now();
loginAttempts.delete(ip);
userStorage.setLastLoginToNow({ userId: user.id });
return reply.code(200).send();
} else {
logger.error(`User ${username} tried to login, but password was wrong.`);
}
return reply.code(401).send();
});
fastify.post('/logout', async (request, reply) => {
await request.session.destroy();
return reply.code(200).send();
});
}

98
lib/api/routes/notificationAdapterRouter.js
View File

@@ -4,62 +4,64 @@
*/
import fs from 'fs';
import restana from 'restana';
import logger from '../../services/logger.js';
const service = restana();
const notificationAdapterRouter = service.newRouter();
const notificationAdapterList = fs.readdirSync('./lib//notification/adapter').filter((file) => file.endsWith('.js'));
const notificationAdapter = await Promise.all(
notificationAdapterList.map(async (pro) => {
return await import(`../../notification/adapter/${pro}`);
}),
);
notificationAdapterRouter.post('/try', async (req, res) => {
const { id, fields } = req.body;
const adapter = notificationAdapter.find((adapter) => adapter.config.id === id);
if (adapter == null) {
res.send(404);
}
const notificationConfig = [];
const notificationObject = {};
Object.keys(fields).forEach((key) => {
notificationObject[key] = fields[key].value;
/**
* @param {import('fastify').FastifyInstance} fastify
*/
export default async function notificationAdapterPlugin(fastify) {
fastify.get('/', async () => {
return notificationAdapter.map((adapter) => adapter.config).filter(Boolean);
});
notificationConfig.push({
fields: { ...notificationObject },
enabled: true,
id,
});
try {
await adapter.send({
serviceName: 'TestCall',
newListings: [
{
address: 'Heidestrasse 17, 51147 Köln',
description: exampleDescription,
id: '1',
imageUrl: 'https://placehold.co/600x400/png',
price: '1.000 €',
size: '76 m²',
title: 'Stilvolle gepflegte 3-Raum-Wohnung mit gehobener Innenausstattung',
url: 'https://www.orange-coding.net',
},
],
notificationConfig,
jobKey: 'TestJob',
fastify.post('/try', async (request, reply) => {
const { id, fields } = request.body;
const adapter = notificationAdapter.find((adapter) => adapter.config.id === id);
if (adapter == null) {
return reply.code(404).send();
}
const notificationConfig = [];
const notificationObject = {};
Object.keys(fields).forEach((key) => {
notificationObject[key] = fields[key].value;
});
res.send();
} catch (Exception) {
logger.error('Error during notification adapter test:', Exception);
res.send(new Error(Exception));
}
});
notificationAdapterRouter.get('/', async (req, res) => {
res.body = notificationAdapter.map((adapter) => adapter.config);
res.send();
});
export { notificationAdapterRouter };
notificationConfig.push({
fields: { ...notificationObject },
enabled: true,
id,
});
try {
await adapter.send({
serviceName: 'TestCall',
newListings: [
{
address: 'Heidestrasse 17, 51147 Köln',
description: exampleDescription,
id: '1',
imageUrl: 'https://placehold.co/600x400/png',
price: '1.000 €',
size: '76 m²',
title: 'Stilvolle gepflegte 3-Raum-Wohnung mit gehobener Innenausstattung',
url: 'https://www.orange-coding.net',
},
],
notificationConfig,
jobKey: 'TestJob',
});
return reply.send();
} catch (Exception) {
logger.error('Error during notification adapter test:', Exception);
return reply.code(500).send({ error: String(Exception) });
}
});
}
const exampleDescription = `
Wohnungstyp: Etagenwohnung
@@ -94,7 +96,7 @@ Die Wohnung ist ideal für Paare oder kleine Familien geeignet.
Ausstattung:
- neuer hochwertiger Bodenbelag (Holzoptik) in allen Räumen außer Bad/Küche
- sonniger Balkon (Süd)
- Tiefgaragenstellplatz
- Tiefgaragenstellplatz
- Kellerabteil
- gepflegtes Mehrfamilienhaus
@@ -104,7 +106,7 @@ Vermietung direkt vom Eigentümer - provisionsfrei!
Lage:
• Park: 1 Minute zu Fuß
• S-Bahn Station: 2 Minuten zu Fuß
• S-Bahn Station: 2 Minuten zu Fuß
• Supermärkte, Restaurants, täglicher Bedarf in der Nähe
• Gute Anbindung Richtung Großstadt und Flughafen
`;

24
lib/api/routes/providerRouter.js
View File

@@ -4,17 +4,15 @@
*/
import fs from 'fs';
import restana from 'restana';
const service = restana();
const providerRouter = service.newRouter();
const providerList = fs.readdirSync('./lib/provider').filter((file) => file.endsWith('.js'));
const provider = await Promise.all(
providerList.map(async (pro) => {
return await import(`../../provider/${pro}`);
}),
);
providerRouter.get('/', async (req, res) => {
res.body = provider.map((p) => p.metaInformation);
res.send();
});
export { providerRouter };
const providers = await Promise.all(providerList.map(async (pro) => import(`../../provider/${pro}`)));
/**
* @param {import('fastify').FastifyInstance} fastify
*/
export default async function providerPlugin(fastify) {
fastify.get('/', async () => {
return providers.map((p) => p.metaInformation);
});
}

48
lib/api/routes/trackingRoute.js
View File

@@ -3,35 +3,29 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import restana from 'restana';
import { trackPoi } from '../../services/tracking/Tracker.js';
import { TRACKING_POIS } from '../../TRACKING_POIS.js';
import logger from '../../services/logger.js';
const service = restana();
const trackingRouter = service.newRouter();
/**
* @param {import('fastify').FastifyInstance} fastify
*/
export default async function trackingPlugin(fastify) {
fastify.get('/trackingPois', async () => {
return TRACKING_POIS;
});
trackingRouter.get('/trackingPois', async (req, res) => {
res.body = TRACKING_POIS;
res.send();
});
trackingRouter.post('/poi', async (req, res) => {
const { poi } = req.body;
if (!poi) {
res.statusCode = 400;
res.send({ error: 'Feature name is required' });
return;
}
try {
await trackPoi(poi);
res.send({ success: true });
} catch (error) {
logger.error('Error tracking feature', error);
res.statusCode = 500;
res.send({ error: error.message });
}
});
export { trackingRouter };
fastify.post('/poi', async (request, reply) => {
const { poi } = request.body;
if (!poi) {
return reply.code(400).send({ error: 'Feature name is required' });
}
try {
await trackPoi(poi);
return { success: true };
} catch (error) {
logger.error('Error tracking feature', error);
return reply.code(500).send({ error: error.message });
}
});
}

128
lib/api/routes/userRoute.js
View File

@@ -3,81 +3,73 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import restana from 'restana';
import * as userStorage from '../../services/storage/userStorage.js';
import * as jobStorage from '../../services/storage/jobStorage.js';
import { getSettings } from '../../services/storage/settingsStorage.js';
const service = restana();
const userRouter = service.newRouter();
import { isAdmin as isAdminUser } from '../security.js';
function checkIfAnyAdminAfterRemovingUser(userIdToBeRemoved, allUser) {
return allUser.filter((user) => user.id !== userIdToBeRemoved && user.isAdmin).length > 0;
}
function checkIfUserToBeRemovedIsLoggedIn(userIdToBeRemoved, req) {
return req.session.currentUser === userIdToBeRemoved;
function checkIfUserToBeRemovedIsLoggedIn(userIdToBeRemoved, request) {
return request.session.currentUser === userIdToBeRemoved;
}
const nullOrEmpty = (str) => str == null || str.length === 0;
userRouter.get('/', async (req, res) => {
res.body = userStorage.getUsers(false);
res.send();
});
userRouter.get('/:userId', async (req, res) => {
const { userId } = req.params;
res.body = userStorage.getUser(userId);
res.send();
});
userRouter.delete('/', async (req, res) => {
const settings = await getSettings();
if (settings.demoMode) {
res.send(new Error('In demo mode, it is not allowed to remove user.'));
return;
}
const { userId } = req.body;
const allUser = userStorage.getUsers(false);
if (!checkIfAnyAdminAfterRemovingUser(userId, allUser)) {
res.send(new Error('You are trying to remove the last admin user. This is prohibited.'));
return;
}
if (checkIfUserToBeRemovedIsLoggedIn(userId, req)) {
res.send(new Error('You are trying to remove yourself. This is prohibited.'));
return;
}
//TODO: Remove also analytics
jobStorage.removeJobsByUserId(userId);
userStorage.removeUser(userId);
res.send();
});
userRouter.post('/', async (req, res) => {
const settings = await getSettings();
if (settings.demoMode) {
res.send(new Error('In demo mode, it is not allowed to change or add user.'));
return;
}
const { username, password, password2, isAdmin, userId } = req.body;
if (password !== password2) {
res.send(new Error('Passwords does not match'));
return;
}
if (nullOrEmpty(username) || nullOrEmpty(password) || nullOrEmpty(password2)) {
res.send(new Error('Username and password are mandatory.'));
return;
}
const allUser = userStorage.getUsers(false);
if (!isAdmin && !checkIfAnyAdminAfterRemovingUser(userId, allUser)) {
res.send(
new Error('You cannot change the admin flag for this user as otherwise, there is no other user in the system'),
);
return;
}
userStorage.upsertUser({
userId,
username,
password,
isAdmin,
/**
* @param {import('fastify').FastifyInstance} fastify
*/
export default async function userPlugin(fastify) {
fastify.get('/', async () => {
return userStorage.getUsers(false);
});
res.send();
});
export { userRouter };
fastify.get('/:userId', async (request) => {
const { userId } = request.params;
return userStorage.getUser(userId);
});
fastify.delete('/', async (request, reply) => {
const settings = await getSettings();
if (settings.demoMode && !isAdminUser(request)) {
return reply.code(403).send({ error: 'In demo mode, it is not allowed to remove user.' });
}
const { userId } = request.body;
const allUser = userStorage.getUsers(false);
if (!checkIfAnyAdminAfterRemovingUser(userId, allUser)) {
return reply.code(400).send({ error: 'You are trying to remove the last admin user. This is prohibited.' });
}
if (checkIfUserToBeRemovedIsLoggedIn(userId, request)) {
return reply.code(400).send({ error: 'You are trying to remove yourself. This is prohibited.' });
}
jobStorage.removeJobsByUserId(userId);
userStorage.removeUser(userId);
return reply.send();
});
fastify.post('/', async (request, reply) => {
const settings = await getSettings();
if (settings.demoMode && !isAdminUser(request)) {
return reply.code(403).send({ error: 'In demo mode, it is not allowed to change or add user.' });
}
const { username, password, password2, isAdmin, userId } = request.body;
if (password !== password2) {
return reply.code(400).send({ error: 'Passwords do not match.' });
}
if (nullOrEmpty(username) || nullOrEmpty(password) || nullOrEmpty(password2)) {
return reply.code(400).send({ error: 'Username and password are mandatory.' });
}
const allUser = userStorage.getUsers(false);
if (!isAdmin && !checkIfAnyAdminAfterRemovingUser(userId, allUser)) {
return reply.code(400).send({
error: 'You cannot change the admin flag for this user as otherwise, there is no other user in the system',
});
}
userStorage.upsertUser({ userId, username, password, isAdmin });
return reply.send();
});
}

292
lib/api/routes/userSettingsRoute.js
View File

@@ -3,125 +3,209 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import restana from 'restana';
import SqliteConnection from '../../services/storage/SqliteConnection.js';
import { getSettings, upsertSettings } from '../../services/storage/settingsStorage.js';
import { getSettings, getUserSettings, upsertSettings } from '../../services/storage/settingsStorage.js';
import { isAdmin } from '../security.js';
import { resetGeocoordinatesAndDistanceForUser } from '../../services/storage/listingsStorage.js';
import { geocodeAddress } from '../../services/geocoding/geoCodingService.js';
import { autocompleteAddress } from '../../services/geocoding/autocompleteService.js';
import { fromJson } from '../../utils.js';
import { trackPoi } from '../../services/tracking/Tracker.js';
import { TRACKING_POIS } from '../../TRACKING_POIS.js';
import logger from '../../services/logger.js';
import { runGeoCordTask } from '../../services/crons/geocoding-cron.js';
const service = restana();
const userSettingsRouter = service.newRouter();
/**
* @param {import('fastify').FastifyInstance} fastify
*/
export default async function userSettingsPlugin(fastify) {
fastify.get('/', async (request) => {
const userId = request.session.currentUser;
return getUserSettings(userId);
});
userSettingsRouter.get('/', async (req, res) => {
const userId = req.session.currentUser;
const rows = SqliteConnection.query('SELECT name, value FROM settings WHERE user_id = @userId', { userId });
const settings = {};
for (const r of rows) {
settings[r.name] = fromJson(r.value, null);
}
res.body = settings;
res.send();
});
userSettingsRouter.get('/autocomplete', async (req, res) => {
const { q } = req.query;
try {
const results = await autocompleteAddress(q);
res.body = results;
res.send();
} catch (error) {
res.statusCode = 500;
res.send({ error: error.message });
}
});
userSettingsRouter.post('/home-address', async (req, res) => {
const userId = req.session.currentUser;
const { home_address } = req.body;
const settings = await getSettings();
if (settings.demoMode) {
res.send(new Error('In demo mode, it is not allowed to change the home address.'));
return;
}
try {
if (home_address) {
await trackPoi(TRACKING_POIS.DISTANCE_ADDRESS_ENTERED);
const coords = await geocodeAddress(home_address);
if (coords && coords.lat !== -1) {
upsertSettings({ home_address: { address: home_address, coords } }, userId);
resetGeocoordinatesAndDistanceForUser(userId);
//we do NOT wait for this to finish, as we don't want to block the response
runGeoCordTask();
res.send({ success: true, coords });
} else {
res.statusCode = 400;
res.send({ error: 'Could not geocode address' });
}
} else {
upsertSettings({ home_address: null }, userId);
res.send({ success: true });
fastify.get('/autocomplete', async (request, reply) => {
const { q } = request.query;
try {
const results = await autocompleteAddress(q);
return results;
} catch (error) {
return reply.code(500).send({ error: error.message });
}
} catch (error) {
logger.error('Error updating home address settings', error);
res.statusCode = 500;
res.send({ error: error.message });
}
});
});
userSettingsRouter.post('/news-hash', async (req, res) => {
const userId = req.session.currentUser;
const { news_hash } = req.body;
fastify.post('/home-address', async (request, reply) => {
const userId = request.session.currentUser;
const { home_address } = request.body;
const settings = await getSettings();
const globalSettings = await getSettings();
if (globalSettings.demoMode) {
res.statusCode = 403;
res.send({ error: 'In demo mode, it is not allowed to change settings.' });
return;
}
if (settings.demoMode && !isAdmin(request)) {
return reply.code(403).send({ error: 'In demo mode, it is not allowed to change the home address.' });
}
try {
upsertSettings({ news_hash }, userId);
res.send({ success: true });
} catch (error) {
logger.error('Error updating news hash', error);
res.statusCode = 500;
res.send({ error: error.message });
}
});
try {
if (home_address) {
await trackPoi(TRACKING_POIS.DISTANCE_ADDRESS_ENTERED);
const coords = await geocodeAddress(home_address);
if (coords && coords.lat !== -1) {
upsertSettings({ home_address: { address: home_address, coords } }, userId);
resetGeocoordinatesAndDistanceForUser(userId);
runGeoCordTask();
return { success: true, coords };
} else {
return reply.code(400).send({ error: 'Could not geocode address' });
}
} else {
upsertSettings({ home_address: null }, userId);
return { success: true };
}
} catch (error) {
logger.error('Error updating home address settings', error);
return reply.code(500).send({ error: error.message });
}
});
userSettingsRouter.post('/provider-details', async (req, res) => {
const userId = req.session.currentUser;
const { provider_details } = req.body;
fastify.post('/news-hash', async (request, reply) => {
const userId = request.session.currentUser;
const { news_hash } = request.body;
const globalSettings = await getSettings();
if (globalSettings.demoMode) {
res.statusCode = 403;
res.send({ error: 'In demo mode, it is not allowed to change settings.' });
return;
}
const globalSettings = await getSettings();
if (globalSettings.demoMode && !isAdmin(request)) {
return reply.code(403).send({ error: 'In demo mode, it is not allowed to change settings.' });
}
if (!Array.isArray(provider_details)) {
res.statusCode = 400;
res.send({ error: 'provider_details must be an array of provider ids.' });
return;
}
try {
upsertSettings({ news_hash }, userId);
return { success: true };
} catch (error) {
logger.error('Error updating news hash', error);
return reply.code(500).send({ error: error.message });
}
});
try {
upsertSettings({ provider_details }, userId);
res.send({ success: true });
} catch (error) {
logger.error('Error updating provider details setting', error);
res.statusCode = 500;
res.send({ error: error.message });
}
});
fastify.post('/provider-details', async (request, reply) => {
const userId = request.session.currentUser;
const { provider_details } = request.body;
export { userSettingsRouter };
const globalSettings = await getSettings();
if (globalSettings.demoMode && !isAdmin(request)) {
return reply.code(403).send({ error: 'In demo mode, it is not allowed to change settings.' });
}
if (!Array.isArray(provider_details)) {
return reply.code(400).send({ error: 'provider_details must be an array of provider ids.' });
}
try {
upsertSettings({ provider_details }, userId);
return { success: true };
} catch (error) {
logger.error('Error updating provider details setting', error);
return reply.code(500).send({ error: error.message });
}
});
fastify.post('/blacklist-filter-on-details', async (request, reply) => {
const userId = request.session.currentUser;
const { blacklist_filter_on_provider_details } = request.body;
const globalSettings = await getSettings();
if (globalSettings.demoMode && !isAdmin(request)) {
return reply.code(403).send({ error: 'In demo mode, it is not allowed to change settings.' });
}
if (typeof blacklist_filter_on_provider_details !== 'boolean') {
return reply.code(400).send({ error: 'blacklist_filter_on_provider_details must be a boolean.' });
}
try {
upsertSettings({ blacklist_filter_on_provider_details }, userId);
return { success: true };
} catch (error) {
logger.error('Error updating blacklist-filter-on-details setting', error);
return reply.code(500).send({ error: error.message });
}
});
fastify.post('/listings-view-mode', async (request, reply) => {
const userId = request.session.currentUser;
const { listings_view_mode } = request.body;
if (listings_view_mode !== 'grid' && listings_view_mode !== 'table') {
return reply.code(400).send({ error: 'listings_view_mode must be "grid" or "table".' });
}
if (listings_view_mode === 'table') {
await trackPoi(TRACKING_POIS.LISTING_TABLE_VIEW);
}
try {
upsertSettings({ listings_view_mode }, userId);
return { success: true };
} catch (error) {
logger.error('Error updating listings view mode setting', error);
return reply.code(500).send({ error: error.message });
}
});
fastify.post('/jobs-view-mode', async (request, reply) => {
const userId = request.session.currentUser;
const { jobs_view_mode } = request.body;
if (jobs_view_mode !== 'grid' && jobs_view_mode !== 'table') {
return reply.code(400).send({ error: 'jobs_view_mode must be "grid" or "table".' });
}
if (jobs_view_mode === 'table') {
await trackPoi(TRACKING_POIS.JOBS_TABLE_VIEW);
}
try {
upsertSettings({ jobs_view_mode }, userId);
return { success: true };
} catch (error) {
logger.error('Error updating jobs view mode setting', error);
return reply.code(500).send({ error: error.message });
}
});
fastify.post('/listing-deletion-preference', async (request, reply) => {
const userId = request.session.currentUser;
const { listing_deletion_preference } = request.body;
const globalSettings = await getSettings();
if (globalSettings.demoMode && !isAdmin(request)) {
return reply.code(403).send({ error: 'In demo mode, it is not allowed to change settings.' });
}
if (listing_deletion_preference == null) {
return reply.code(400).send({ error: 'listing_deletion_preference is required.' });
}
const { skipPrompt, hardDelete } = listing_deletion_preference;
try {
upsertSettings({ listing_deletion_preference: { skipPrompt, hardDelete } }, userId);
return { success: true };
} catch (error) {
logger.error('Error updating listing deletion preference', error);
return reply.code(500).send({ error: error.message });
}
});
fastify.post('/language', async (request, reply) => {
const userId = request.session.currentUser;
const { language } = request.body;
if (typeof language !== 'string' || language.trim() === '') {
return reply.code(400).send({ error: 'language must be a non-empty string.' });
}
try {
upsertSettings({ language }, userId);
await trackPoi(TRACKING_POIS.CHANGE_LANGUAGE);
return { success: true };
} catch (error) {
logger.error('Error updating language setting', error);
return reply.code(500).send({ error: error.message });
}
});
}

28
lib/api/routes/versionRouter.js
View File

@@ -3,27 +3,10 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import restana from 'restana';
import fetch from 'node-fetch';
import { getPackageVersion } from '../../utils.js';
import semver from 'semver';
const service = restana();
const versionRouter = service.newRouter();
versionRouter.get('/', async (req, res) => {
const versionPayload = await getCurrentVersionFromGithub();
const localFredyVersion = await getPackageVersion();
res.body =
versionPayload == null
? {
newVersion: false,
localFredyVersion,
}
: versionPayload;
res.send();
});
async function getCurrentVersionFromGithub() {
const raw = await fetch('https://api.github.com/repos/orangecoding/fredy/releases/latest');
const data = await raw.json();
@@ -40,4 +23,13 @@ async function getCurrentVersionFromGithub() {
};
}
export { versionRouter };
/**
* @param {import('fastify').FastifyInstance} fastify
*/
export default async function versionPlugin(fastify) {
fastify.get('/', async () => {
const versionPayload = await getCurrentVersionFromGithub();
const localFredyVersion = await getPackageVersion();
return versionPayload ?? { newVersion: false, localFredyVersion };
});
}

91
lib/api/security.js
View File

@@ -4,53 +4,50 @@
*/
import * as userStorage from '../services/storage/userStorage.js';
import cookieSession from 'cookie-session';
const SESSION_MAX_AGE = 2 * 60 * 60 * 1000; // 2 hours
const unauthorized = (res) => {
return res.send(401);
};
const isUnauthorized = (req) => {
if (req.session.currentUser == null) return true;
if (Date.now() - req.session.createdAt > SESSION_MAX_AGE) {
req.session = null;
return true;
}
/**
* Returns true when the request has no valid, non-expired session.
* @param {import('fastify').FastifyRequest} request
* @returns {boolean}
*/
export function isUnauthorized(request) {
if (!request.session?.currentUser) return true;
if (Date.now() - (request.session.createdAt || 0) > SESSION_MAX_AGE) return true;
return false;
};
const isAdmin = (req) => {
if (!isUnauthorized(req)) {
const user = userStorage.getUser(req.session.currentUser);
return user != null && user.isAdmin;
}
/**
* Returns true when the session belongs to an admin user.
* @param {import('fastify').FastifyRequest} request
* @returns {boolean}
*/
export function isAdmin(request) {
if (isUnauthorized(request)) return false;
const user = userStorage.getUser(request.session.currentUser);
return user != null && user.isAdmin;
}
/**
* Fastify preHandler hook - rejects unauthenticated requests with 401.
* @param {import('fastify').FastifyRequest} request
* @param {import('fastify').FastifyReply} reply
*/
export async function authHook(request, reply) {
if (isUnauthorized(request)) {
reply.code(401).send();
}
return false;
};
const authInterceptor = () => {
return (req, res, next) => {
if (isUnauthorized(req)) {
return unauthorized(res);
} else {
next();
}
};
};
const adminInterceptor = () => {
return (req, res, next) => {
if (!isAdmin(req)) {
return unauthorized(res);
} else {
next();
}
};
};
const cookieSession$0 = (secret) => {
return cookieSession({
name: 'fredy-admin-session',
keys: [secret],
maxAge: SESSION_MAX_AGE,
});
};
export { cookieSession$0 as cookieSession };
export { adminInterceptor };
export { authInterceptor };
export { isUnauthorized };
export { isAdmin };
}
/**
* Fastify preHandler hook - rejects non-admin requests with 401.
* Apply after authHook.
* @param {import('fastify').FastifyRequest} request
* @param {import('fastify').FastifyReply} reply
*/
export async function adminHook(request, reply) {
if (!isAdmin(request)) {
reply.code(401).send();
}
}

8
lib/mcp/README.md
View File

@@ -133,7 +133,7 @@ The LLM will automatically call the appropriate Fredy MCP tools and present the
#### Setup
1. Open **Claude Desktop**
2. Go to **Settings → Developer → Edit Config** this opens the `claude_desktop_config.json` file
2. Go to **Settings → Developer → Edit Config** - this opens the `claude_desktop_config.json` file
3. Add the `fredy` server to the `mcpServers` object:
```json
@@ -158,7 +158,7 @@ The LLM will automatically call the appropriate Fredy MCP tools and present the
> - nvm: `/Users/<you>/.nvm/versions/node/<version>/bin/node`
4. Save the file and **restart Claude Desktop**
5. You should see a hammer icon (🔨) in the chat input click it to confirm the Fredy tools are listed
5. You should see a hammer icon (🔨) in the chat input - click it to confirm the Fredy tools are listed
#### Usage
@@ -170,7 +170,7 @@ Once connected, simply ask Claude about your real estate data:
Claude will automatically call the appropriate Fredy MCP tools.
> **Note:** Fredy's main web process does not need to be running the stdio transport opens its own database connection directly. But the SQLite database file must exist and migrations must have been applied.
> **Note:** Fredy's main web process does not need to be running - the stdio transport opens its own database connection directly. But the SQLite database file must exist and migrations must have been applied.
---
@@ -252,7 +252,7 @@ Example list response:
```
**Tool:** list_listings | **Status:** OK
Found **85** listing(s). Showing page 1 of 2 (50 on this page). More pages available use page=2 to continue.
Found **85** listing(s). Showing page 1 of 2 (50 on this page). More pages available - use page=2 to continue.
| ID | Title | Address | Price | Size | Provider | Active | Created | Job |
|----|-------|---------|-------|------|----------|--------|---------|-----|

10
lib/mcp/mcpAdapter.js
View File

@@ -49,7 +49,7 @@ export function createMcpServer() {
'list_listings to search listings (supports time filters like createdAfter/createdBefore), ' +
'and get_listing for full details of a single listing. ' +
'Responses are formatted as markdown with a summary, data (tables for lists, key-value for details), and pagination info. ' +
'Always present results to the user as soon as you have them do NOT call the tool again unless you need additional pages or different data.',
'Always present results to the user as soon as you have them - do NOT call the tool again unless you need additional pages or different data.',
},
);
@@ -155,6 +155,12 @@ export function createMcpServer() {
),
sortField: z.string().optional().describe('Sort by: created_at, price, size, provider, title, is_active'),
sortDir: z.string().optional().describe('Sort direction: asc or desc'),
status: z
.enum(['applied', 'rejected', 'accepted', 'none'])
.optional()
.describe(
'Filter by user-set status. "applied", "rejected", or "accepted" return only listings with that status; "none" returns only listings without a status set.',
),
},
async (
{
@@ -170,6 +176,7 @@ export function createMcpServer() {
maxPrice,
sortField,
sortDir,
status,
},
extra,
) => {
@@ -192,6 +199,7 @@ export function createMcpServer() {
maxPrice: maxPrice ?? null,
sortField: sortField ?? null,
sortDir: sortDir ?? 'desc',
statusFilter: status,
userId: user.id,
isAdmin: user.isAdmin,
});

69
lib/mcp/mcpHttpRoute.js
View File

@@ -3,10 +3,6 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
import { createMcpServer } from './mcpAdapter.js';
import { authenticateRequest } from './mcpAuthentication.js';
@@ -15,16 +11,13 @@ import crypto from 'crypto';
/**
* Active transports keyed by session id.
* Each session gets its own McpServer + StreamableHTTPServerTransport pair.
* @type {Map<string, { server: McpServer, transport: StreamableHTTPServerTransport }>}
*/
const sessions = new Map();
/**
* Get or create a session for the given session id with authentication.
* @param {string|undefined} sessionId
* @param {{ userId: string }} auth
* @returns {{ server: McpServer, transport: StreamableHTTPServerTransport }}
*/
function getOrCreateSession(sessionId, auth) {
if (sessionId && sessions.has(sessionId)) {
@@ -54,77 +47,67 @@ function getOrCreateSession(sessionId, auth) {
}
/**
* Register MCP Streamable HTTP routes on a restana service.
* Register MCP Streamable HTTP routes on a fastify instance.
*
* Mounts handlers at /api/mcp to handle the MCP Streamable HTTP protocol:
* - POST /api/mcp JSON-RPC messages (initialize, tool calls, etc.)
* - GET /api/mcp SSE stream for server-initiated notifications
* - DELETE /api/mcp session termination
* POST /api/mcp JSON-RPC messages
* GET /api/mcp SSE stream for server-initiated notifications
* DELETE /api/mcp session termination
*
* All endpoints require a valid Bearer token in the Authorization header.
*
* @param {import('restana').Service} service - The restana service instance.
* @param {import('fastify').FastifyInstance} fastify
*/
export function registerMcpRoutes(service) {
// POST main JSON-RPC endpoint
service.post('/api/mcp', async (req, res) => {
const auth = authenticateRequest(req);
export function registerMcpRoutes(fastify) {
fastify.post('/api/mcp', async (request, reply) => {
const auth = authenticateRequest(request.raw);
if (!auth) {
res.statusCode = 401;
return res.send({ error: 'Unauthorized. Provide a valid Bearer token.' });
return reply.code(401).send({ error: 'Unauthorized. Provide a valid Bearer token.' });
}
const sessionId = req.headers['mcp-session-id'];
const sessionId = request.raw.headers['mcp-session-id'];
const { server, transport } = getOrCreateSession(sessionId, auth);
// Connect server to transport if not already connected
if (!transport.onmessage) {
await server.connect(transport);
}
// Inject authInfo so tools can access the authenticated user
req.auth = { userId: auth.userId };
request.raw.auth = { userId: auth.userId };
await transport.handleRequest(req, res, req.body);
reply.hijack();
await transport.handleRequest(request.raw, reply.raw, request.body);
});
// GET SSE stream for server-initiated messages
service.get('/api/mcp', async (req, res) => {
const auth = authenticateRequest(req);
fastify.get('/api/mcp', async (request, reply) => {
const auth = authenticateRequest(request.raw);
if (!auth) {
res.statusCode = 401;
return res.send({ error: 'Unauthorized. Provide a valid Bearer token.' });
return reply.code(401).send({ error: 'Unauthorized. Provide a valid Bearer token.' });
}
const sessionId = req.headers['mcp-session-id'];
const sessionId = request.raw.headers['mcp-session-id'];
if (!sessionId || !sessions.has(sessionId)) {
res.statusCode = 400;
return res.send({ error: 'Invalid or missing session. Send an initialize request first.' });
return reply.code(400).send({ error: 'Invalid or missing session. Send an initialize request first.' });
}
const { transport } = sessions.get(sessionId);
await transport.handleRequest(req, res);
reply.hijack();
await transport.handleRequest(request.raw, reply.raw);
});
// DELETE terminate session
service.delete('/api/mcp', async (req, res) => {
const auth = authenticateRequest(req);
fastify.delete('/api/mcp', async (request, reply) => {
const auth = authenticateRequest(request.raw);
if (!auth) {
res.statusCode = 401;
return res.send({ error: 'Unauthorized. Provide a valid Bearer token.' });
return reply.code(401).send({ error: 'Unauthorized. Provide a valid Bearer token.' });
}
const sessionId = req.headers['mcp-session-id'];
const sessionId = request.raw.headers['mcp-session-id'];
if (!sessionId || !sessions.has(sessionId)) {
res.statusCode = 404;
return res.send({ error: 'Session not found.' });
return reply.code(404).send({ error: 'Session not found.' });
}
const { transport } = sessions.get(sessionId);
await transport.close();
sessions.delete(sessionId);
res.statusCode = 200;
res.send({ ok: true });
return { ok: true };
});
logger.debug('MCP Streamable HTTP endpoint registered at /api/mcp');

14
lib/mcp/mcpNormalizer.js
View File

@@ -70,7 +70,7 @@ export function normalizeListJobs(queryResult, { page, pageSize }) {
let md = `**Tool:** list_jobs | **Status:** OK\n\n`;
md += `Found **${queryResult.totalNumber}** job(s). Showing page ${page} of ${maxPage} (${jobs.length} on this page).`;
if (hasMore) md += ` More pages available use page=${page + 1} to continue.`;
if (hasMore) md += ` More pages available - use page=${page + 1} to continue.`;
md += '\n\n';
if (jobs.length > 0) {
@@ -120,14 +120,14 @@ export function normalizeListListings(queryResult, { page, pageSize }) {
let md = `**Tool:** list_listings | **Status:** OK\n\n`;
md += `Found **${queryResult.totalNumber}** listing(s). Showing page ${page} of ${maxPage} (${listings.length} on this page).`;
if (hasMore) md += ` More pages available use page=${page + 1} to continue.`;
if (hasMore) md += ` More pages available - use page=${page + 1} to continue.`;
md += '\n\n';
if (listings.length > 0) {
md += `| ID | Title | Address | Price | Size | Provider | Active | Created | Job |\n`;
md += `|----|-------|---------|-------|------|----------|--------|---------|-----|\n`;
md += `| ID | Title | Address | Price | Size | Provider | Active | Status | Created | Job |\n`;
md += `|----|-------|---------|-------|------|----------|--------|--------|---------|-----|\n`;
for (const l of listings) {
md += `| ${cell(l.id)} | ${cell(l.title)} | ${cell(l.address)} | ${cell(l.price)} | ${cell(l.size)} | ${cell(l.provider)} | ${l.is_active ? 'yes' : 'no'} | ${formatDate(l.created_at)} | ${cell(l.job_name)} |\n`;
md += `| ${cell(l.id)} | ${cell(l.title)} | ${cell(l.address)} | ${cell(l.price)} | ${cell(l.size)} | ${cell(l.provider)} | ${l.is_active ? 'yes' : 'no'} | ${cell(l.status?.status)} | ${formatDate(l.created_at)} | ${cell(l.job_name)} |\n`;
}
md += `\nUse **get_listing** with an ID for full details (description, link, image).\n`;
} else {
@@ -156,6 +156,10 @@ export function normalizeGetListing(listing) {
md += `- **Link:** ${listing.link || ''}\n`;
md += `- **Image:** ${listing.image_url || ''}\n`;
md += `- **Active:** ${listing.is_active ? 'yes' : 'no'}\n`;
md += `- **Status:** ${listing.status?.status || ''}\n`;
if (listing.status?.setAt) {
md += `- **Status set at:** ${formatDate(listing.status.setAt)}\n`;
}
md += `- **Created:** ${formatDate(listing.created_at)}\n`;
md += `- **Job:** ${listing.job_name || ''}\n`;
if (listing.latitude != null && listing.longitude != null) {

5
lib/notification/adapter/apprise.js
View File

@@ -7,13 +7,14 @@ import { markdown2Html } from '../../services/markdown.js';
import { getJob } from '../../services/storage/jobStorage.js';
import fetch from 'node-fetch';
export const send = ({ serviceName, newListings, notificationConfig, jobKey }) => {
export const send = ({ serviceName, newListings, notificationConfig, jobKey, baseUrl }) => {
const { server } = notificationConfig.find((adapter) => adapter.id === config.id).fields;
const job = getJob(jobKey);
const jobName = job == null ? jobKey : job.name;
const promises = newListings.map((newListing) => {
const title = `${jobName} at ${serviceName}: ${newListing.title}`;
const message = `Address: ${newListing.address}\nSize: ${newListing.size}\nPrice: ${newListing.price}\nLink: ${newListing.link}`;
const fredyLine = baseUrl && newListing.id ? `\nOpen in Fredy: ${baseUrl}/#/listings/listing/${newListing.id}` : '';
const message = `Address: ${newListing.address}\nSize: ${newListing.size}\nPrice: ${newListing.price}\nLink: ${newListing.link}${fredyLine}`;
return fetch(server, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },

13
lib/notification/adapter/console.js
View File

@@ -5,9 +5,18 @@
import { markdown2Html } from '../../services/markdown.js';
export const send = ({ serviceName, newListings, jobKey }) => {
export const send = ({ serviceName, newListings, jobKey, baseUrl }) => {
/* eslint-disable no-console */
return [Promise.resolve(console.info(`Found entry from service ${serviceName}, Job: ${jobKey}:`, newListings))];
const fredyLinks = baseUrl ? newListings.map((l) => `${baseUrl}/#/listings/listing/${l.id}`).join(', ') : null;
return [
Promise.resolve(
console.info(
`Found entry from service ${serviceName}, Job: ${jobKey}:`,
newListings,
...(fredyLinks ? [`Open in Fredy: ${fredyLinks}`] : []),
),
),
];
/* eslint-enable no-console */
};
export const config = {

20
lib/notification/adapter/discord_webhook.js
View File

@@ -7,6 +7,7 @@ import fetch from 'node-fetch';
import { getJob } from '../../services/storage/jobStorage.js';
import { markdown2Html } from '../../services/markdown.js';
import { normalizeImageUrl } from '../../utils.js';
import logger from '../../services/logger.js';
/**
* Generates an idempotent decimal color code. The input string-based color code is
@@ -39,9 +40,10 @@ const generateColorFromString = (str) => {
*
* @param {string} jobKey - Key of job (used to set embed color)
* @param {object} listing - Object holding listing details
* @param baseUrl
* @returns {object} Discord webhook embed
*/
const buildEmbed = (jobKey, listing) => {
const buildEmbed = (jobKey, listing, baseUrl) => {
const maxTitleLength = 252; // Max embed title length is 256 characters
let title = String(listing.title ?? 'N/A');
if (title.length > maxTitleLength) {
@@ -66,11 +68,19 @@ const buildEmbed = (jobKey, listing) => {
},
];
if (baseUrl && listing.id) {
fields.push({
name: 'Open in Fredy',
value: `[Open in Fredy](${baseUrl}/#/listings/listing/${listing.id})`,
inline: false,
});
}
const embed = {
title: title,
color: generateColorFromString(jobKey),
url: listing.link,
fields: fields,
fields,
};
if (listing.image) {
@@ -82,7 +92,7 @@ const buildEmbed = (jobKey, listing) => {
return embed;
};
export const send = ({ serviceName, newListings, notificationConfig, jobKey }) => {
export const send = ({ serviceName, newListings, notificationConfig, jobKey, baseUrl }) => {
const adapter = notificationConfig.find((adapter) => adapter.id === config.id);
const webhookUrl = adapter?.fields?.webhookUrl;
if (!webhookUrl || newListings.length === 0) return Promise.resolve([]);
@@ -90,7 +100,7 @@ export const send = ({ serviceName, newListings, notificationConfig, jobKey }) =
const job = getJob(jobKey);
const jobName = job?.name || jobKey;
const embeds = newListings.map((listing) => buildEmbed(jobKey, listing));
const embeds = newListings.map((listing) => buildEmbed(jobKey, listing, baseUrl));
const maxEmbedsPerMessage = 10; // Discord only allows up to 10 embeds
const webhookPromises = [];
@@ -110,7 +120,7 @@ export const send = ({ serviceName, newListings, notificationConfig, jobKey }) =
headers: { 'Content-Type': 'application/json' },
body,
}).catch((error) => {
console.error(`Error sending Discord webhook for chunk starting at ${i}:`, error);
logger.error(`Error sending Discord webhook for chunk starting at ${i}:`, error);
return Promise.reject(new Error(`Webhook failed: ${error.message}`));
});

7
lib/notification/adapter/http.js
View File

@@ -5,7 +5,7 @@
import { markdown2Html } from '../../services/markdown.js';
const mapListing = (listing) => ({
const mapListing = (listing, baseUrl) => ({
address: listing.address,
description: listing.description,
id: listing.id,
@@ -14,12 +14,13 @@ const mapListing = (listing) => ({
size: listing.size,
title: listing.title,
url: listing.link,
fredyUrl: baseUrl && listing.id ? `${baseUrl}/#/listings/listing/${listing.id}` : null,
});
export const send = async ({ serviceName, newListings, notificationConfig, jobKey }) => {
export const send = async ({ serviceName, newListings, notificationConfig, jobKey, baseUrl }) => {
const { authToken, endpointUrl, selfSignedCerts } = notificationConfig.find((a) => a.id === config.id).fields;
const listings = newListings.map(mapListing);
const listings = newListings.map((l) => mapListing(l, baseUrl));
const body = {
jobId: jobKey,
timestamp: new Date().toISOString(),

7
lib/notification/adapter/mailJet.js
View File

@@ -35,7 +35,7 @@ const toBase64 = async (url) => {
}
};
const mapListingsWithCid = async (serviceName, jobKey, listings) => {
const mapListingsWithCid = async (serviceName, jobKey, listings, baseUrl) => {
const out = [];
const attachments = [];
@@ -53,6 +53,7 @@ const mapListingsWithCid = async (serviceName, jobKey, listings) => {
jobKey,
hasImage: false,
imageCid: '',
fredyUrl: baseUrl && l.id ? `${baseUrl}/#/listings/listing/${l.id}` : null,
};
if (imgUrl) {
@@ -78,7 +79,7 @@ const mapListingsWithCid = async (serviceName, jobKey, listings) => {
return { listings: out, attachments };
};
export const send = async ({ serviceName, newListings, notificationConfig, jobKey }) => {
export const send = async ({ serviceName, newListings, notificationConfig, jobKey, baseUrl }) => {
const { apiPublicKey, apiPrivateKey, receiver, from } = notificationConfig.find(
(adapter) => adapter.id === config.id,
).fields;
@@ -89,7 +90,7 @@ export const send = async ({ serviceName, newListings, notificationConfig, jobKe
.map((r) => ({ Email: r.trim() }))
.filter((r) => r.Email.length > 0);
const { listings, attachments } = await mapListingsWithCid(serviceName, jobKey, newListings);
const { listings, attachments } = await mapListingsWithCid(serviceName, jobKey, newListings, baseUrl);
const html = emailTemplate({
serviceName: `Job: (${jobKey}) | Service: ${serviceName}`,

15
lib/notification/adapter/mattermost.js
View File

@@ -6,15 +6,20 @@
import { markdown2Html } from '../../services/markdown.js';
import { getJob } from '../../services/storage/jobStorage.js';
import fetch from 'node-fetch';
export const send = ({ serviceName, newListings, notificationConfig, jobKey }) => {
export const send = ({ serviceName, newListings, notificationConfig, jobKey, baseUrl }) => {
const { webhook, channel } = notificationConfig.find((adapter) => adapter.id === config.id).fields;
const job = getJob(jobKey);
const jobName = job == null ? jobKey : job.name;
let message = `### *${jobName}* (${serviceName}) found **${newListings.length}** new listings:\n\n`;
message += `| Title | Address | Size | Price |\n|:----|:----|:----|:----|\n`;
message += newListings.map(
(o) => `| [${o.title}](${o.link}) | ` + [o.address, o.size.replace(/2m/g, '$m^2$'), o.price].join(' | ') + ' |\n',
);
message += `| Title | Address | Size | Price |${baseUrl ? ' Open in Fredy |' : ''}\n|:----|:----|:----|:----|${baseUrl ? ':----|\n' : '\n'}`;
message += newListings.map((o) => {
const fredyCell = baseUrl && o.id ? ` [Open in Fredy](${baseUrl}/#/listings/listing/${o.id}) |` : '';
return (
`| [${o.title}](${o.link}) | ` +
[o.address, o.size.replace(/2m/g, '$m^2$'), o.price].join(' | ') +
` |${fredyCell}\n`
);
});
return fetch(webhook, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },

5
lib/notification/adapter/ntfy.js
View File

@@ -8,17 +8,18 @@ import { getJob } from '../../services/storage/jobStorage.js';
import fetch from 'node-fetch';
import { normalizeImageUrl } from '../../utils.js';
export const send = ({ serviceName, newListings, notificationConfig, jobKey }) => {
export const send = ({ serviceName, newListings, notificationConfig, jobKey, baseUrl }) => {
const { priority, server, topic } = notificationConfig.find((adapter) => adapter.id === config.id).fields;
const job = getJob(jobKey);
const jobName = job == null ? jobKey : job.name;
const promises = newListings.map((newListing) => {
const fredyLine = baseUrl && newListing.id ? `\nOpen in Fredy: ${baseUrl}/#/listings/listing/${newListing.id}` : '';
const message = `
Address: ${newListing.address}
Size: ${newListing.size == null ? 'N/A' : newListing.size.replace(/2m/g, '$m^2$')}
Price: ${newListing.price}
Link: ${newListing.link}`;
Link: ${newListing.link}${fredyLine}`;
const sanitizeHeaderValue = (value) =>
String(value ?? '')

6
lib/notification/adapter/pushover.js
View File

@@ -7,7 +7,7 @@ import { markdown2Html } from '../../services/markdown.js';
import { getJob } from '../../services/storage/jobStorage.js';
import fetch from 'node-fetch';
export const send = async ({ serviceName, newListings, notificationConfig, jobKey }) => {
export const send = async ({ serviceName, newListings, notificationConfig, jobKey, baseUrl }) => {
const { token, user, device } = notificationConfig.find((adapter) => adapter.id === config.id).fields;
const job = getJob(jobKey);
const jobName = job == null ? jobKey : job.name;
@@ -15,7 +15,9 @@ export const send = async ({ serviceName, newListings, notificationConfig, jobKe
const results = await Promise.all(
newListings.map(async (newListing) => {
const title = `${jobName} at ${serviceName}: ${newListing.title}`;
const message = `Address: ${newListing.address}\nSize: ${newListing.size}\nPrice: ${newListing.price}\nLink: ${newListing.link}`;
const fredyLine =
baseUrl && newListing.id ? `\nOpen in Fredy: ${baseUrl}/#/listings/listing/${newListing.id}` : '';
const message = `Address: ${newListing.address}\nSize: ${newListing.size}\nPrice: ${newListing.price}\nLink: ${newListing.link}${fredyLine}`;
const form = new FormData();
form.append('token', token);

7
lib/notification/adapter/resend.js
View File

@@ -14,7 +14,7 @@ const __dirname = getDirName();
const template = fs.readFileSync(path.resolve(__dirname + '/notification/emailTemplate/template.hbs'), 'utf8');
const emailTemplate = Handlebars.compile(template);
const mapListings = (serviceName, jobKey, listings) =>
const mapListings = (serviceName, jobKey, listings, baseUrl) =>
listings.map((l) => {
const image = normalizeImageUrl(l.image);
return {
@@ -25,12 +25,13 @@ const mapListings = (serviceName, jobKey, listings) =>
price: l.price || '',
image,
hasImage: Boolean(image),
fredyUrl: baseUrl && l.id ? `${baseUrl}/#/listings/listing/${l.id}` : null,
serviceName,
jobKey,
};
});
export const send = async ({ serviceName, newListings, notificationConfig, jobKey }) => {
export const send = async ({ serviceName, newListings, notificationConfig, jobKey, baseUrl }) => {
const { apiKey, receiver, from } = notificationConfig.find((adapter) => adapter.id === config.id).fields;
const to = receiver
@@ -41,7 +42,7 @@ export const send = async ({ serviceName, newListings, notificationConfig, jobKe
const resend = new Resend(apiKey);
const listings = mapListings(serviceName, jobKey, newListings);
const listings = mapListings(serviceName, jobKey, newListings, baseUrl);
const html = emailTemplate({
serviceName: `Job: (${jobKey}) | Service: ${serviceName}`,

7
lib/notification/adapter/sendGrid.js
View File

@@ -7,7 +7,7 @@ import sgMail from '@sendgrid/mail';
import { markdown2Html } from '../../services/markdown.js';
import { normalizeImageUrl } from '../../utils.js';
const mapListings = (serviceName, jobKey, listings) =>
const mapListings = (serviceName, jobKey, listings, baseUrl) =>
listings.map((l) => {
const image = normalizeImageUrl(l.image);
return {
@@ -20,12 +20,13 @@ const mapListings = (serviceName, jobKey, listings) =>
hasImage: Boolean(image),
// optional plain text snippet
snippet: [l.address, l.price, l.size].filter(Boolean).join(' | '),
fredyUrl: baseUrl && l.id ? `${baseUrl}/#/listings/listing/${l.id}` : null,
serviceName,
jobKey,
};
});
export const send = ({ serviceName, newListings, notificationConfig, jobKey }) => {
export const send = ({ serviceName, newListings, notificationConfig, jobKey, baseUrl }) => {
const { apiKey, receiver, from, templateId } = notificationConfig.find((adapter) => adapter.id === config.id).fields;
sgMail.setApiKey(apiKey);
@@ -36,7 +37,7 @@ export const send = ({ serviceName, newListings, notificationConfig, jobKey }) =
.map((r) => r.trim())
.filter(Boolean);
const listings = mapListings(serviceName, jobKey, newListings);
const listings = mapListings(serviceName, jobKey, newListings, baseUrl);
const msg = {
templateId,

13
lib/notification/adapter/slack.js
View File

@@ -7,7 +7,7 @@ import Slack from 'slack';
import { markdown2Html } from '../../services/markdown.js';
import { normalizeImageUrl } from '../../utils.js';
const buildBlocks = (serviceName, jobKey, p) => {
const buildBlocks = (serviceName, jobKey, p, baseUrl) => {
const blocks = [
{
type: 'header',
@@ -36,6 +36,13 @@ const buildBlocks = (serviceName, jobKey, p) => {
});
}
if (baseUrl && p.id) {
blocks.push({
type: 'section',
text: { type: 'mrkdwn', text: `<${baseUrl}/#/listings/listing/${p.id}|Open in Fredy>` },
});
}
blocks.push({
type: 'context',
elements: [{ type: 'mrkdwn', text: 'Powered by Fredy' }],
@@ -44,7 +51,7 @@ const buildBlocks = (serviceName, jobKey, p) => {
return blocks;
};
export const send = ({ serviceName, newListings, notificationConfig, jobKey }) => {
export const send = ({ serviceName, newListings, notificationConfig, jobKey, baseUrl }) => {
const { token, channel } = notificationConfig.find((a) => a.id === config.id).fields;
return Promise.allSettled(
@@ -53,7 +60,7 @@ export const send = ({ serviceName, newListings, notificationConfig, jobKey }) =
token,
channel,
text: `${serviceName} ${jobKey}: ${p.title}`,
blocks: buildBlocks(serviceName, jobKey, p),
blocks: buildBlocks(serviceName, jobKey, p, baseUrl),
unfurl_links: false,
unfurl_media: false,
}),

13
lib/notification/adapter/slack_with_webhooks.js
View File

@@ -7,7 +7,7 @@ import fetch from 'node-fetch';
import { markdown2Html } from '../../services/markdown.js';
import { normalizeImageUrl } from '../../utils.js';
const buildBlocks = (serviceName, jobKey, p) => {
const buildBlocks = (serviceName, jobKey, p, baseUrl) => {
const blocks = [
{
type: 'header',
@@ -36,6 +36,13 @@ const buildBlocks = (serviceName, jobKey, p) => {
});
}
if (baseUrl && p.id) {
blocks.push({
type: 'section',
text: { type: 'mrkdwn', text: `<${baseUrl}/#/listings/listing/${p.id}|Open in Fredy>` },
});
}
blocks.push({
type: 'context',
elements: [{ type: 'mrkdwn', text: 'Powered by Fredy' }],
@@ -51,7 +58,7 @@ const postJson = (url, body) =>
body,
});
export const send = ({ serviceName, newListings, notificationConfig, jobKey }) => {
export const send = ({ serviceName, newListings, notificationConfig, jobKey, baseUrl }) => {
const adapter = notificationConfig.find((a) => a.id === config.id);
const webhookUrl = adapter?.fields?.webhookUrl;
if (!webhookUrl) return Promise.resolve([]);
@@ -59,7 +66,7 @@ export const send = ({ serviceName, newListings, notificationConfig, jobKey }) =
const promises = newListings.map((p) => {
const body = JSON.stringify({
text: `${serviceName} ${jobKey}: ${p.title}`,
blocks: buildBlocks(serviceName, jobKey, p),
blocks: buildBlocks(serviceName, jobKey, p, baseUrl),
unfurl_links: false,
unfurl_media: false,
});

7
lib/notification/adapter/smtp.js
View File

@@ -14,7 +14,7 @@ const __dirname = getDirName();
const template = fs.readFileSync(path.resolve(__dirname + '/notification/emailTemplate/template.hbs'), 'utf8');
const emailTemplate = Handlebars.compile(template);
const mapListings = (serviceName, jobKey, listings) =>
const mapListings = (serviceName, jobKey, listings, baseUrl) =>
listings.map((l) => {
const image = normalizeImageUrl(l.image);
return {
@@ -25,12 +25,13 @@ const mapListings = (serviceName, jobKey, listings) =>
price: l.price || '',
image,
hasImage: Boolean(image),
fredyUrl: baseUrl && l.id ? `${baseUrl}/#/listings/listing/${l.id}` : null,
serviceName,
jobKey,
};
});
export const send = async ({ serviceName, newListings, notificationConfig, jobKey }) => {
export const send = async ({ serviceName, newListings, notificationConfig, jobKey, baseUrl }) => {
const { host, port, secure, username, password, receiver, from } = notificationConfig.find(
(adapter) => adapter.id === config.id,
).fields;
@@ -51,7 +52,7 @@ export const send = async ({ serviceName, newListings, notificationConfig, jobKe
},
});
const listings = mapListings(serviceName, jobKey, newListings);
const listings = mapListings(serviceName, jobKey, newListings, baseUrl);
const html = emailTemplate({
serviceName: `Job: (${jobKey}) | Service: ${serviceName}`,

7
lib/notification/adapter/smtp.md
View File

@@ -17,6 +17,7 @@ Multiple recipients:
Common SMTP settings:
- **Gmail** `smtp.gmail.com`, port 587, secure: false
- **Outlook** `smtp.office365.com`, port 587, secure: false
- **Yahoo** `smtp.mail.yahoo.com`, port 465, secure: true
- **Gmail** - `smtp.gmail.com`, port 587, secure: false
- **Outlook** - `smtp.office365.com`, port 587, secure: false
- **Yahoo** - `smtp.mail.yahoo.com`, port 465, secure: true
- **Gmx** - `mail.gmx.net`, port 587, secure: true

235
lib/notification/adapter/telegram.js
View File

@@ -9,43 +9,48 @@ import fetch from 'node-fetch';
import pThrottle from 'p-throttle';
import { normalizeImageUrl } from '../../utils.js';
import logger from '../../services/logger.js';
import { shouldUseMultipart, buildPhotoFormData } from './telegramPhotoUploader.js';
const RATE_LIMIT_INTERVAL = 1000;
const THROTTLE_MAX_IDLE_MS = RATE_LIMIT_INTERVAL + 2000;
const chatThrottleMap = new Map();
/**
* Removes stale throttled call entries to keep memory bounded.
* An entry is stale when no API call has fired for longer than THROTTLE_MAX_IDLE_MS.
*/
function cleanupOldThrottles() {
const now = Date.now();
const maxAge = RATE_LIMIT_INTERVAL + 1000;
const toBeDeleted = [];
for (const [chatId, chatThrottle] of chatThrottleMap.entries()) {
if (now - chatThrottle.lastUsedAt > maxAge) toBeDeleted.push(chatId);
if (now - chatThrottle.lastUsedAt > THROTTLE_MAX_IDLE_MS) chatThrottleMap.delete(chatId);
}
for (const chatId of toBeDeleted) chatThrottleMap.delete(chatId);
}
/**
* Return a throttled wrapper for a chatId to limit Telegram API calls.
* Uses p-throttle with 1 request per RATE_LIMIT_INTERVAL per chat.
* `lastUsedAt` is refreshed on every actual API call so that the idle window
* starts from the last fired call, not from when send() was invoked.
*
* @template {Function} T
* @param {string|number} chatId
* @param {T} call - async function (endpoint: string, body: any) => Promise<Response>
* @returns {T}
* @param {Function} call - async function (endpoint: string, body: any) => Promise<Response>
* @returns {Function}
*/
function getThrottled(chatId, call) {
cleanupOldThrottles();
const now = Date.now();
const chatThrottle = chatThrottleMap.get(chatId);
if (chatThrottle) {
chatThrottle.lastUsedAt = now;
return chatThrottle.throttled;
const existing = chatThrottleMap.get(chatId);
if (existing) {
existing.lastUsedAt = Date.now();
return existing.throttled;
}
const throttled = pThrottle({ limit: 1, interval: RATE_LIMIT_INTERVAL })(call);
chatThrottleMap.set(chatId, { lastUsedAt: now, throttled });
return throttled;
const entry = { lastUsedAt: Date.now(), throttled: null };
chatThrottleMap.set(chatId, entry);
entry.throttled = pThrottle({ limit: 1, interval: RATE_LIMIT_INTERVAL })(async (endpoint, body) => {
const e = chatThrottleMap.get(chatId);
if (e) e.lastUsedAt = Date.now();
return call(endpoint, body);
});
return entry.throttled;
}
/**
@@ -69,66 +74,148 @@ function escapeHtml(s = '') {
}
/**
* Build a Telegram photo caption (max 1024 characters) using HTML parse mode.
* Build a Telegram HTML-formatted message body.
* Suitable for both sendMessage (uncapped) and sendPhoto captions (caller must slice to 1024).
*
* @param {string} jobName
* @param {string} serviceName
* @param {Object} o - Listing object
* @param {string} [o.title]
* @param {string} [o.address]
* @param {string|number} [o.price]
* @param {string|number} [o.size]
* @param {string} [o.link]
* @param {string} [baseUrl]
* @returns {string}
*/
function buildCaption(jobName, serviceName, o) {
const title = shorten((o.title || '').replace(/\*/g, ''), 90);
const meta = [o.address, o.price, o.size].filter(Boolean).join(' | ');
return `<i>${escapeHtml(jobName)}</i> (${escapeHtml(serviceName)})\n<a href='${escapeHtml(
o.link || '',
)}'><b>${escapeHtml(title)}</b></a>\n${escapeHtml(meta)}`.slice(0, 1024);
}
/**
* Build a Telegram message text using HTML parse mode.
* @param {string} jobName
* @param {string} serviceName
* @param {Object} o - Listing object
* @returns {string}
*/
function buildText(jobName, serviceName, o) {
function buildHtmlBody(jobName, serviceName, o, baseUrl) {
const title = shorten((o.title || '').replace(/\*/g, ''), 90);
const meta = [o.address, o.price, o.size].filter(Boolean).join(' | ');
const fredyLink =
baseUrl && o.id ? `\n<a href='${escapeHtml(`${baseUrl}/#/listings/listing/${o.id}`)}'>Open in Fredy</a>` : '';
return (
`<i>${escapeHtml(jobName)}</i> (${escapeHtml(serviceName)})\n` +
`<a href='${escapeHtml(o.link || '')}'><b>${escapeHtml(title)}</b></a>\n` +
`${escapeHtml(meta)}`
`${escapeHtml(meta)}${fredyLink}`
);
}
/**
* Build a plain text Telegram photo caption (max 4096 characters).
* Build a plain-text Telegram photo caption (max 4096 characters).
* Meta appears before the link so the most relevant info is visible within the cap.
*
* @param {string} jobName
* @param {string} serviceName
* @param {Object} o - Listing object
* @param {string} [baseUrl]
* @returns {string}
*/
function buildCaptionPlain(jobName, serviceName, o) {
function buildPlainCaption(jobName, serviceName, o, baseUrl) {
const title = shorten((o.title || '').replace(/\*/g, ''), 90);
const meta = [o.address, o.price, o.size].filter(Boolean).join(' | ');
return `${jobName} (${serviceName})\n${title}\n${meta}\n\n${o.link || ''}`.slice(0, 4096);
const fredyLine = baseUrl && o.id ? `\nOpen in Fredy: ${baseUrl}/#/listings/listing/${o.id}` : '';
return `${jobName} (${serviceName})\n${title}\n${meta}\n\n${o.link || ''}${fredyLine}`.slice(0, 4096);
}
/**
* Build a plain text Telegram message.
* Build a plain-text Telegram message body.
* Link appears early so it is tappable without scrolling.
*
* @param {string} jobName
* @param {string} serviceName
* @param {Object} o - Listing object
* @param {string} [baseUrl]
* @returns {string}
*/
function buildTextPlain(jobName, serviceName, o) {
function buildPlainText(jobName, serviceName, o, baseUrl) {
const title = shorten((o.title || '').replace(/\*/g, ''), 90);
const meta = [o.address, o.price, o.size].filter(Boolean).join(' | ');
return `${jobName} (${serviceName})\n${title}\n${o.link || ''}\n${meta}`;
const fredyLine = baseUrl && o.id ? `\nOpen in Fredy: ${baseUrl}/#/listings/listing/${o.id}` : '';
return `${jobName} (${serviceName})\n${title}\n${o.link || ''}\n${meta}${fredyLine}`;
}
/**
* Create the raw Telegram API caller for a given bot token.
* Handles JSON and multipart (FormData) bodies.
*
* @param {string} token - Telegram bot token.
* @param {string} jobName - Used in error messages.
* @returns {(endpoint: string, body: object|FormData) => Promise<Response>}
*/
function makeTelegramCaller(token, jobName) {
return async function (endpoint, body) {
const isFormData = body instanceof FormData;
const opts = isFormData
? { method: 'post', body }
: { method: 'post', body: JSON.stringify(body), headers: { 'Content-Type': 'application/json' } };
const res = await fetch(`https://api.telegram.org/bot${token}/${endpoint}`, opts);
if (!res.ok) {
const errorBody = await res.text();
throw new Error(`API error for '${jobName}'. '${endpoint}' returned ${errorBody}`);
}
return res;
};
}
/**
* Send a single listing to a single Telegram chat, with photo-then-text fallback.
*
* @param {Function} throttledCall - Throttled Telegram API caller for this chat.
* @param {Object} listing - Listing object.
* @param {string|number} chatId
* @param {Object} opts
* @param {string} opts.jobName
* @param {string} opts.serviceName
* @param {string} opts.baseUrl
* @param {boolean} opts.plainText
* @param {number|undefined} opts.message_thread_id
* @returns {Promise<void>}
*/
async function sendListingToChat(
throttledCall,
listing,
chatId,
{ jobName, serviceName, baseUrl, plainText, message_thread_id },
) {
const img = normalizeImageUrl(listing.image);
const textPayload = {
chat_id: chatId,
text: plainText
? buildPlainText(jobName, serviceName, listing, baseUrl)
: buildHtmlBody(jobName, serviceName, listing, baseUrl),
...(plainText ? {} : { parse_mode: 'HTML' }),
disable_web_page_preview: true,
...(message_thread_id ? { message_thread_id } : {}),
};
if (!img) {
return throttledCall('sendMessage', textPayload).catch((e) => {
logger.error(`Error sending message to Telegram: ${e.message}`);
});
}
const caption = plainText
? buildPlainCaption(jobName, serviceName, listing, baseUrl)
: buildHtmlBody(jobName, serviceName, listing, baseUrl).slice(0, 1024);
const parseMode = plainText ? undefined : 'HTML';
// .webp URLs (Immowelt/Cloudimage) fail Telegram's URL-based sendPhoto with
// "failed to get HTTP URL content". Upload the bytes via multipart instead.
const photoCall = shouldUseMultipart(img)
? buildPhotoFormData({ chatId, imageUrl: img, caption, parseMode, messageThreadId: message_thread_id }).then((fd) =>
throttledCall('sendPhoto', fd),
)
: throttledCall('sendPhoto', {
chat_id: chatId,
photo: img,
caption,
...(parseMode ? { parse_mode: parseMode } : {}),
...(message_thread_id ? { message_thread_id } : {}),
});
return photoCall.catch(async (e) => {
logger.warn(`Error sending photo to Telegram and use a fallback: ${e.message}`);
return throttledCall('sendMessage', textPayload).catch((e) => {
logger.error(`Error sending message to Telegram: ${e.message}`);
throw e;
});
});
}
/**
@@ -143,7 +230,7 @@ function buildTextPlain(jobName, serviceName, o) {
* @param {string} params.jobKey - Storage job key to resolve the human readable job name.
* @returns {Promise<Array<Response>>} Promise resolving when all send operations complete.
*/
export const send = ({ serviceName, newListings = [], notificationConfig, jobKey }) => {
export const send = ({ serviceName, newListings = [], notificationConfig, jobKey, baseUrl }) => {
const adapterCfg = notificationConfig.find((adapter) => adapter.id === config.id);
if (!adapterCfg || !adapterCfg.fields) {
throw new Error(`Telegram adapter configuration missing for job '${jobKey || ''}'`);
@@ -153,6 +240,11 @@ export const send = ({ serviceName, newListings = [], notificationConfig, jobKey
throw new Error("Telegram 'token' and 'chatId' must be provided in notification config");
}
const chatIds = String(chatId)
.split(',')
.map((s) => s.trim())
.filter(Boolean);
// Optional Telegram topic/thread support (supergroups)
let message_thread_id;
if (messageThreadId !== undefined && messageThreadId !== null && `${messageThreadId}`.trim() !== '') {
@@ -169,54 +261,16 @@ export const send = ({ serviceName, newListings = [], notificationConfig, jobKey
const job = getJob(jobKey);
const jobName = job == null ? jobKey : job.name;
const throttledCall = getThrottled(chatId, async function (endpoint, body) {
const res = await fetch(`https://api.telegram.org/bot${token}/${endpoint}`, {
method: 'post',
body: JSON.stringify(body),
headers: { 'Content-Type': 'application/json' },
});
if (!res.ok) {
const errorBody = await res.text();
throw new Error(`API error for '${jobName}'. '${endpoint}' returned ${errorBody}`);
}
return res;
});
if (!Array.isArray(newListings) || newListings.length === 0) return Promise.resolve([]);
const promises = newListings.map(async (o) => {
const img = normalizeImageUrl(o.image);
const textPayload = {
chat_id: chatId,
text: plainText ? buildTextPlain(jobName, serviceName, o) : buildText(jobName, serviceName, o),
...(plainText ? {} : { parse_mode: 'HTML' }),
disable_web_page_preview: true,
...(message_thread_id ? { message_thread_id } : {}),
};
if (!img) {
return await throttledCall('sendMessage', textPayload).catch(async (e) => {
logger.error(`Error sending message to Telegram: ${e.message}`);
});
}
return await throttledCall('sendPhoto', {
chat_id: chatId,
photo: img,
caption: plainText ? buildCaptionPlain(jobName, serviceName, o) : buildCaption(jobName, serviceName, o),
...(plainText ? {} : { parse_mode: 'HTML' }),
...(message_thread_id ? { message_thread_id } : {}),
}).catch(async (e) => {
logger.error(`Error sending photo to Telegram and use a fallback: ${e.message}`);
return await throttledCall('sendMessage', textPayload).catch((e) => {
logger.error(`Error sending message to Telegram: ${e.message}`);
throw e;
});
});
const allPromises = chatIds.flatMap((id) => {
const caller = makeTelegramCaller(token, jobName);
const throttledCall = getThrottled(id, caller);
const opts = { jobName, serviceName, baseUrl, plainText, message_thread_id };
return newListings.map((listing) => sendListingToChat(throttledCall, listing, id, opts));
});
return Promise.all(promises);
return Promise.all(allPromises);
};
/**
@@ -237,7 +291,8 @@ export const config = {
chatId: {
type: 'chatId',
label: 'Chat Id',
description: 'The chat id to send messages to you.',
description:
'The chat ID to send messages to. Separate multiple IDs with commas to notify several recipients (e.g. 123456789, 987654321).',
},
messageThreadId: {
type: 'text',

2
lib/notification/adapter/telegram.md
View File

@@ -21,6 +21,8 @@ Steps:
- Private chats: `chat.id` is a positive number
- Groups/supergroups: `chat.id` is a negative number
**Multiple recipients:** To notify several users individually, enter a comma-separated list of chat IDs in the Chat Id field, e.g. `123456789, 987654321`. Each recipient receives the same messages and gets its own independent rate-limit window. This avoids having to create a group and add the bot to it.
Keep your bot token secret. If `getUpdates` returns an empty list, send a new message and try again, or make sure your bots privacy settings allow it to see group messages when used in groups.
#### Getting the thread ID (this is optional to be used for forum topics)

106
lib/notification/adapter/telegramPhotoUploader.js Normal file
View File

@@ -0,0 +1,106 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
/**
* Helpers for sending photos to Telegram via `multipart/form-data` instead of
* the HTTP-URL path. Used when the URL is one that Telegram's URL-fetcher will
* reject - notably `.webp` images from Cloudimage (mms.immowelt.de), which
* Telegram refuses with "Bad Request: failed to get HTTP URL content".
*
* The HTTP-URL path is faster and is still the default in telegram.js; this
* module is the fallback for URLs whose extension makes Telegram fail.
*/
/** Telegram's sendPhoto limit when uploading bytes via multipart/form-data. */
const TELEGRAM_MULTIPART_MAX_BYTES = 10 * 1024 * 1024;
/** Accept header used when re-fetching the image ourselves.
* Deliberately excludes `image/webp` so CDNs that content-negotiate
* (like Cloudimage on mms.immowelt.de) transcode WEBP to JPEG. */
const NON_WEBP_ACCEPT = 'image/jpeg,image/png,image/*;q=0.8';
/**
* Returns true if the URL's path ends in a `.webp` extension. Such URLs need
* multipart upload because Telegram identifies media types from the URL path
* and rejects `.webp` in sendPhoto via HTTP URL.
*
* Conservative: returns false for null/empty/non-string input, malformed URLs,
* and non-https schemes.
*
* @param {string|null|undefined} url
* @returns {boolean}
*/
export function shouldUseMultipart(url) {
if (typeof url !== 'string' || url.length === 0) return false;
let parsed;
try {
parsed = new URL(url);
} catch {
return false;
}
if (parsed.protocol !== 'https:') return false;
return /\.webp$/i.test(parsed.pathname);
}
/**
* Fetch an image from `imageUrl` and build a `FormData` body suitable for
* POSTing to `https://api.telegram.org/bot<token>/sendPhoto`.
*
* - Sends an `Accept` header that excludes `image/webp` so origin/CDN servers
* that content-negotiate return JPEG bytes.
* - Rejects images larger than Telegram's 10 MB multipart limit, both
* advertised via `Content-Length` and (defensively) after download.
* - The `photo` field is named with a `.jpg` extension because Telegram
* identifies file type from the filename.
*
* Throws if the image fetch fails, the size limit is exceeded, or the URL is
* unreachable. The caller is responsible for catching and falling back.
*
* @param {Object} args
* @param {string|number} args.chatId
* @param {string} args.imageUrl
* @param {string} args.caption
* @param {string} [args.parseMode] - Telegram parse_mode, e.g. 'HTML'.
* @param {number} [args.messageThreadId] - Telegram supergroup topic id.
* @returns {Promise<FormData>}
*/
export async function buildPhotoFormData({ chatId, imageUrl, caption, parseMode, messageThreadId }) {
const res = await fetch(imageUrl, {
method: 'GET',
headers: { Accept: NON_WEBP_ACCEPT },
});
if (!res.ok) {
throw new Error(`Failed to fetch image for multipart upload (${res.status}): ${imageUrl}`);
}
const advertised = Number(res.headers.get('content-length'));
if (Number.isFinite(advertised) && advertised > TELEGRAM_MULTIPART_MAX_BYTES) {
throw new Error(
`Image exceeds Telegram multipart size limit (advertised ${advertised} bytes, max ${TELEGRAM_MULTIPART_MAX_BYTES}): ${imageUrl}`,
);
}
const buf = await res.arrayBuffer();
if (buf.byteLength > TELEGRAM_MULTIPART_MAX_BYTES) {
throw new Error(
`Image exceeds Telegram multipart size limit (downloaded ${buf.byteLength} bytes, max ${TELEGRAM_MULTIPART_MAX_BYTES}): ${imageUrl}`,
);
}
// Telegram identifies the media type from the filename extension. We always
// upload as .jpg because the Accept header forces JPEG bytes from CDNs that
// honor it; for the rare CDN that ignores Accept and still returns WEBP, the
// .jpg filename is a small lie but Telegram's image pipeline accepts it.
const blob = new Blob([buf], { type: 'image/jpeg' });
const fd = new FormData();
fd.append('chat_id', String(chatId));
fd.append('caption', caption);
if (parseMode) fd.append('parse_mode', parseMode);
if (messageThreadId != null) fd.append('message_thread_id', String(messageThreadId));
fd.append('photo', blob, 'photo.jpg');
return fd;
}

3
lib/notification/emailTemplate/template.hbs
View File

@@ -106,6 +106,9 @@
<![endif]-->
<!--[if !mso]><!-- -->
<a href="{{this.link}}" class="btn" target="_blank">View Listing</a>
{{#if this.fredyUrl}}
<a href="{{this.fredyUrl}}" class="btn" style="background:#1a6fff;color:#ffffff;margin-left:8px;" target="_blank">Open in Fredy</a>
{{/if}}
<!--<![endif]-->
</td>
</tr>

15
lib/notification/notify.js
View File

@@ -4,6 +4,7 @@
*/
import fs from 'fs';
import logger from '../services/logger.js';
const path = './adapter';
/** Read every integration existing in ./adapter **/
@@ -20,10 +21,16 @@ if (adapter.length === 0) {
const findAdapter = (notificationAdapter) => {
return adapter.find((a) => a.config.id === notificationAdapter.id);
};
export const send = (serviceName, newListings, notificationConfig, jobKey) => {
export const send = (serviceName, newListings, notificationConfig, jobKey, baseUrl) => {
//this is not being used in tests, therefore adapter are always set
return notificationConfig
.filter((notificationAdapter) => findAdapter(notificationAdapter) != null)
.map((notificationAdapter) => findAdapter(notificationAdapter))
.map((a) => a.send({ serviceName, newListings, notificationConfig, jobKey }));
.map((notificationAdapter) => {
const found = findAdapter(notificationAdapter);
if (!found) {
logger.warn(`Notification adapter '${notificationAdapter.id}' not found for job '${jobKey || ''}'`);
}
return found;
})
.filter(Boolean)
.map((a) => a.send({ serviceName, newListings, notificationConfig, jobKey, baseUrl }));
};

2
lib/provider/immobilienDe.js
View File

@@ -26,7 +26,7 @@ function parseId(shortenedLink) {
async function fetchDetails(listing, browser) {
try {
const html = await puppeteerExtractor(listing.link, null, { browser });
const html = await puppeteerExtractor(listing.link, null, { browser, name: 'immobilienDe_details' });
if (!html) return listing;
const $ = cheerio.load(html);

4
lib/provider/immoscout.js
View File

@@ -198,7 +198,9 @@ function normalize(o) {
* @returns {boolean}
*/
function applyBlacklist(o) {
return !isOneOf(o.title, appliedBlackList);
const titleNotBlacklisted = !isOneOf(o.title, appliedBlackList);
const descNotBlacklisted = !isOneOf(o.description, appliedBlackList);
return titleNotBlacklisted && descNotBlacklisted;
}
/** @type {ProviderConfig} */
const config = {

16
lib/provider/immowelt.js
View File

@@ -16,7 +16,7 @@ let appliedBlackList = [];
async function fetchDetails(listing, browser) {
try {
const html = await puppeteerExtractor(listing.link, null, { browser });
const html = await puppeteerExtractor(listing.link, null, { browser, name: 'immowelt_details' });
if (!html) return listing;
const $ = cheerio.load(html);
@@ -87,7 +87,19 @@ const config = {
crawlContainer:
'div[data-testid="serp-core-scrollablelistview-testid"]:not(div[data-testid="serp-enlargementlist-testid"] div[data-testid="serp-card-testid"]) div[data-testid="serp-core-classified-card-testid"]',
sortByDateParam: 'order=DateDesc',
waitForSelector: 'div[data-testid="serp-gridcontainer-testid"]',
// waitForSelector is null: extract the full page via page.content() so the
// Cheerio crawler can search anywhere in the rendered document.
// preNavigateUrl visits the homepage first to establish a trusted session
// before hitting the search URL; this prevents CDN-level bot challenges that
// fire on cold sessions. waitForNetworkIdle (phase 2) then catches React's
// listing API round-trip that fires well after domcontentloaded.
waitForSelector: null,
puppeteerOptions: {
puppeteerTimeout: 60_000,
preNavigateUrl: 'https://www.immowelt.de/',
waitForNetworkIdle: true,
waitForNetworkIdleTimeout: 60_000,
},
crawlFields: {
id: 'a@href',
price: 'div[data-testid="cardmfe-price-testid"] | removeNewline | trim',

6
lib/provider/kleinanzeigen.js
View File

@@ -128,7 +128,7 @@ async function enrichListingFromDetails(listing, browser) {
if (!absoluteLink) return listing;
try {
const html = await puppeteerExtractor(absoluteLink, null, { browser });
const html = await puppeteerExtractor(absoluteLink, null, { browser, name: 'kleinanzeigen_details' });
if (!html) return { ...listing, link: absoluteLink };
const { detailAddress, detailDescription } = extractDetailFromHtml(html);
@@ -196,8 +196,8 @@ const config = {
id: '.aditem@data-adid',
price: '.aditem-main--middle--price-shipping--price | removeNewline | trim',
tags: '.aditem-main--middle--tags | removeNewline | trim',
title: '.aditem-main .text-module-begin a | removeNewline | trim',
link: '.aditem-main .text-module-begin a@href | removeNewline | trim',
title: '.aditem-main .text-module-begin | removeNewline | trim',
link: '.aditem@data-href',
description: '.aditem-main .aditem-main--middle--description | removeNewline | trim',
address: '.aditem-main--top--left | trim | removeNewline',
image: 'img@src',

4
lib/provider/neubauKompass.js
View File

@@ -42,7 +42,9 @@ function normalize(o) {
* @returns {boolean}
*/
function applyBlacklist(o) {
return !isOneOf(o.title, appliedBlackList);
const titleNotBlacklisted = !isOneOf(o.title, appliedBlackList);
const descNotBlacklisted = !isOneOf(o.description, appliedBlackList);
return titleNotBlacklisted && descNotBlacklisted;
}
/** @type {ProviderConfig} */

2
lib/provider/sparkasse.js
View File

@@ -16,7 +16,7 @@ let appliedBlackList = [];
async function fetchDetails(listing, browser) {
try {
const html = await puppeteerExtractor(listing.link, 'body', { browser });
const html = await puppeteerExtractor(listing.link, 'body', { browser, name: 'sparkasse_details' });
const $ = cheerio.load(html);
const nextDataRaw = $('#__NEXT_DATA__').text;

2
lib/provider/wgGesucht.js
View File

@@ -16,7 +16,7 @@ let appliedBlackList = [];
async function fetchDetails(listing, browser) {
try {
const html = await puppeteerExtractor(listing.link, null, { browser });
const html = await puppeteerExtractor(listing.link, null, { browser, name: 'wgGesucht_details' });
if (!html) return listing;
const $ = cheerio.load(html);

263
lib/services/debug/debugBundleService.js Normal file
View File

@@ -0,0 +1,263 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import fs from 'fs';
import os from 'os';
import { getAllDebugLogs } from './debugLogStorage.js';
import { getPackageVersion } from '../../utils.js';
const LOGS_FILE_NAME = 'logs.txt';
const SYSTEM_INFO_FILE_NAME = 'sys.txt';
const DEBUG_FILE_PREFIX = 'FredyDebug-';
/**
* Lazily resolve AdmZip via dynamic import so tests can swap it via globalThis.
* Mirrors the pattern used by backupRestoreService.js for consistency.
* @returns {Promise<any>}
*/
let _AdmZipSingleton = null;
async function getAdmZip() {
if (_AdmZipSingleton) return _AdmZipSingleton;
if (globalThis && globalThis.__TEST_ADM_ZIP__) {
_AdmZipSingleton = globalThis.__TEST_ADM_ZIP__;
return _AdmZipSingleton;
}
const mod = await import('adm-zip');
_AdmZipSingleton = (mod && mod.default) || mod;
return _AdmZipSingleton;
}
/**
* Format a Date as YYYY-MM-DD using local time. Used for the download filename.
* @param {Date} date
* @returns {string}
*/
function formatDateOnly(date) {
const yyyy = date.getFullYear();
const mm = String(date.getMonth() + 1).padStart(2, '0');
const dd = String(date.getDate()).padStart(2, '0');
return `${yyyy}-${mm}-${dd}`;
}
/**
* Build the debug bundle filename, e.g. "2026-06-08-FredyDebug-22.5.0.zip".
* @returns {Promise<string>}
*/
export async function buildDebugBundleFileName() {
const version = await getPackageVersion();
return `${formatDateOnly(new Date())}-${DEBUG_FILE_PREFIX}${version}.zip`;
}
/**
* Format a stored debug_logs row into a single text line. The format mirrors the
* console layout from logger.js so support staff sees familiar output:
* [YYYY-MM-DD HH:MM:SS] LEVEL: message
*
* @param {{ts:number, level:string, message:string}} row
* @returns {string}
*/
function formatLogLine(row) {
const d = new Date(row.ts);
const yyyy = d.getFullYear();
const mm = String(d.getMonth() + 1).padStart(2, '0');
const dd = String(d.getDate()).padStart(2, '0');
const hh = String(d.getHours()).padStart(2, '0');
const mi = String(d.getMinutes()).padStart(2, '0');
const ss = String(d.getSeconds()).padStart(2, '0');
const level = String(row.level || 'info').toUpperCase();
return `[${yyyy}-${mm}-${dd} ${hh}:${mi}:${ss}] ${level}: ${row.message}`;
}
/**
* Render every stored debug log row into a single newline-delimited text blob.
* Returns an empty string when there are no rows.
*
* @returns {string}
*/
export function renderLogsTxt() {
const rows = getAllDebugLogs();
if (!rows || rows.length === 0) return '';
return rows.map(formatLogLine).join('\n') + '\n';
}
/**
* Best-effort Docker detection. Used as a context hint in sys.txt so issue triage
* knows whether the user runs the official container image.
*
* @returns {{inDocker:boolean, evidence:string[]}}
*/
function detectDocker() {
const evidence = [];
let inDocker = false;
if (process.env.FREDY_IN_DOCKER === 'true' || process.env.FREDY_IN_DOCKER === '1') {
inDocker = true;
evidence.push('FREDY_IN_DOCKER env var is set');
}
try {
if (fs.existsSync('/.dockerenv')) {
inDocker = true;
evidence.push('/.dockerenv exists');
}
} catch {
// ignore
}
try {
if (fs.existsSync('/proc/1/cgroup')) {
const cgroup = fs.readFileSync('/proc/1/cgroup', 'utf-8');
if (/docker|containerd|kubepods/i.test(cgroup)) {
inDocker = true;
evidence.push('/proc/1/cgroup mentions a container runtime');
}
}
} catch {
// ignore
}
return { inDocker, evidence };
}
/**
* Strip credentials from URL-like strings so they can safely appear in sys.txt.
* Returns the input unchanged for non-URL values.
* @param {string} value
* @returns {string}
*/
function sanitizeUrlLike(value) {
if (typeof value !== 'string' || value.length === 0) return value;
try {
const u = new URL(value);
if (u.username || u.password) {
u.username = '***';
u.password = '***';
}
return u.toString();
} catch {
return value;
}
}
function formatBytes(bytes) {
if (!Number.isFinite(bytes)) return String(bytes);
if (bytes < 1024) return `${bytes} B`;
if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(2)} KiB`;
if (bytes < 1024 * 1024 * 1024) return `${(bytes / (1024 * 1024)).toFixed(2)} MiB`;
return `${(bytes / (1024 * 1024 * 1024)).toFixed(2)} GiB`;
}
function formatDuration(seconds) {
if (!Number.isFinite(seconds)) return String(seconds);
const s = Math.floor(seconds);
const days = Math.floor(s / 86400);
const hours = Math.floor((s % 86400) / 3600);
const minutes = Math.floor((s % 3600) / 60);
const secs = s % 60;
return `${days}d ${hours}h ${minutes}m ${secs}s`;
}
/**
* Build a plaintext system / runtime report for inclusion in the debug zip. Settings
* are sanitized, proxy URL credentials and session secrets are stripped before
* serialization.
*
* @param {object} [options]
* @param {object} [options.settings]
* @returns {Promise<string>}
*/
export async function buildSystemInfo({ settings = null } = {}) {
const fredyVersion = await getPackageVersion();
const docker = detectDocker();
const cpus = os.cpus() || [];
const procMem = process.memoryUsage();
const lines = [];
lines.push('# Fredy Debug Report');
lines.push(`Generated at: ${new Date().toISOString()}`);
lines.push('');
lines.push('## Application');
lines.push(`Fredy version: ${fredyVersion}`);
lines.push(`Node.js version: ${process.version}`);
lines.push(`Process uptime: ${formatDuration(process.uptime())}`);
lines.push(`PID: ${process.pid}`);
lines.push(`Env (NODE_ENV): ${process.env.NODE_ENV || 'development'}`);
lines.push('');
lines.push('## Operating System');
lines.push(`Platform: ${process.platform}`);
lines.push(`Architecture: ${process.arch}`);
lines.push(`OS type: ${os.type()}`);
lines.push(`OS release: ${os.release()}`);
lines.push(`OS version: ${typeof os.version === 'function' ? os.version() : 'n/a'}`);
lines.push(`Hostname: ${os.hostname()}`);
lines.push(`System uptime: ${formatDuration(os.uptime())}`);
lines.push('');
lines.push('## Container');
lines.push(`Running in Docker: ${docker.inDocker ? 'yes' : 'no'}`);
if (docker.evidence.length > 0) {
lines.push(`Evidence: ${docker.evidence.join('; ')}`);
}
if (process.env.FREDY_IMAGE_TAG) {
lines.push(`Image tag: ${process.env.FREDY_IMAGE_TAG}`);
}
lines.push('');
lines.push('## Hardware');
lines.push(`CPU count: ${cpus.length}`);
lines.push(`CPU model: ${cpus[0]?.model || 'unknown'}`);
lines.push(`Total memory: ${formatBytes(os.totalmem())}`);
lines.push(`Free memory: ${formatBytes(os.freemem())}`);
lines.push(`Process RSS: ${formatBytes(procMem.rss)}`);
lines.push(`Process heapUsed: ${formatBytes(procMem.heapUsed)}`);
lines.push(`Process heapTotal: ${formatBytes(procMem.heapTotal)}`);
lines.push('');
if (settings && typeof settings === 'object') {
lines.push('## Settings (sanitized)');
const safe = { ...settings };
if (safe.proxyUrl) safe.proxyUrl = sanitizeUrlLike(safe.proxyUrl);
delete safe.session_secret;
delete safe.sessionSecret;
for (const [key, value] of Object.entries(safe)) {
let printed;
if (value == null) {
printed = 'null';
} else if (typeof value === 'object') {
try {
printed = JSON.stringify(value);
} catch {
printed = String(value);
}
} else {
printed = String(value);
}
lines.push(`${key}: ${printed}`);
}
lines.push('');
}
return lines.join('\n');
}
/**
* Build the final debug bundle zip buffer (logs.txt + sys.txt). The caller is
* responsible for checking wasEverEnabled() before invoking this, we still produce
* a valid zip even when there are zero log rows (logs.txt will contain a placeholder)
* because the route layer handles the user-friendly 409 case.
*
* @param {object} [options]
* @param {object} [options.settings] Runtime settings to embed in sys.txt.
* @returns {Promise<Buffer>}
*/
export async function buildDebugBundleZip({ settings = null } = {}) {
const logsContent = renderLogsTxt() || 'No debug log entries are currently stored.\n';
const sysContent = await buildSystemInfo({ settings });
const AdmZip = await getAdmZip();
const zip = new AdmZip();
zip.addFile(LOGS_FILE_NAME, Buffer.from(logsContent, 'utf-8'));
zip.addFile(SYSTEM_INFO_FILE_NAME, Buffer.from(sysContent, 'utf-8'));
return zip.toBuffer();
}

346
lib/services/debug/debugLogStorage.js Normal file
View File

@@ -0,0 +1,346 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import SqliteConnection from '../storage/SqliteConnection.js';
import { upsertSettings, getSettings } from '../storage/settingsStorage.js';
import logger from '../logger.js';
/**
* Hard cap on the total UTF-8 byte length of stored log MESSAGES (5 MiB).
*
* Note: this measures the payload bytes (message strings only); SQLite per-row
* overhead (id, ts, level, byte_size columns + page housekeeping) means the actual
* sqlite_master page count for debug_logs can be larger than this cap by a constant
* factor. The cap is intentionally about user-visible payload to keep the math
* predictable and to align with what ends up in logs.txt.
*
* The cap is enforced via a rolling buffer: when the live size exceeds it, the
* oldest rows are removed until the size falls below the limit again.
* @type {number}
*/
export const MAX_DEBUG_LOG_BYTES = 5 * 1024 * 1024;
/** Settings key persisting the active on/off flag. */
const SETTING_ENABLED = 'debug_logging_enabled';
/**
* Settings key persisting "this feature has been turned on at least once". Used to
* decide whether the download endpoint returns 409 (never enabled) or whether the
* "delete previous logs?" confirm dialog should be shown on (re)enable.
*/
const SETTING_EVER_ENABLED = 'debug_logging_ever_enabled';
/**
* Cached live byte size of all rows in debug_logs. Initialized lazily from the DB on
* the first call and kept in sync by append / clear / trim. Storing this in-memory
* avoids running SUM() on every single insert (logger writes can be very frequent).
* @type {number|null}
*/
let cachedSize = null;
/**
* Cached value of debug_logging_enabled. Reflects DB state; flipped by enable() /
* disable() so the logger hot-path does not have to hit the settings cache for every
* log line.
* @type {boolean|null}
*/
let cachedEnabled = null;
/**
* Compute the UTF-8 byte length of a string. Falls back to character count for
* environments where Buffer is not available (vitest covers Node, so it always is).
* @param {string} str
* @returns {number}
*/
function byteLengthOf(str) {
if (typeof str !== 'string') return 0;
if (typeof Buffer !== 'undefined' && typeof Buffer.byteLength === 'function') {
return Buffer.byteLength(str, 'utf-8');
}
return str.length;
}
/**
* Read the current total byte size from the DB and update the local cache.
* @returns {number}
*/
function refreshSizeFromDb() {
const rows = SqliteConnection.query('SELECT COALESCE(SUM(byte_size), 0) AS total FROM debug_logs');
cachedSize = Number(rows?.[0]?.total ?? 0);
return cachedSize;
}
/**
* Lazily ensure the cached enabled/size values are up to date. Called by every public
* method that needs to know either value, so external init is not required.
* @returns {Promise<void>}
*/
async function ensureCachesInitialized() {
if (cachedEnabled == null) {
const settings = await getSettings();
cachedEnabled = settings[SETTING_ENABLED] === true;
}
if (cachedSize == null) {
refreshSizeFromDb();
}
}
/**
* Cached prepared statements used by trimToFit(). Initialized on first use so we do
* not pay the prepare cost on every overflow event, and skipped entirely when the
* feature is never activated.
* @type {{select:any, del:any}|null}
*/
let trimStatements = null;
/**
* Drop the oldest rows from debug_logs until the cached size falls below
* MAX_DEBUG_LOG_BYTES. Implements the rolling buffer behavior chosen for the feature.
*
* The deletion is performed in batches of up to 100 oldest rows wrapped in a single
* transaction. The size cache is updated only after the transaction commits, so a
* mid-batch failure (rolled back by SQLite) cannot leave cachedSize out of sync with
* the on-disk reality. A defensive resync via SUM() is performed on transaction
* failure to recover from any unexpected drift.
*
* @returns {void}
*/
function trimToFit() {
if (cachedSize == null || cachedSize <= MAX_DEBUG_LOG_BYTES) return;
const db = SqliteConnection.getConnection();
if (trimStatements == null) {
trimStatements = {
select: db.prepare('SELECT id, byte_size FROM debug_logs ORDER BY id ASC LIMIT 100'),
del: db.prepare('DELETE FROM debug_logs WHERE id = @id'),
};
}
while (cachedSize > MAX_DEBUG_LOG_BYTES) {
const oldest = trimStatements.select.all();
if (oldest.length === 0) {
// Table is empty but the cache still claims we are over the cap. That can only
// happen if cachedSize drifted (e.g. external DB modification, zero-byte
// messages that never contributed to SUM(byte_size), or a previous trim that
// partially succeeded). Resync from the source of truth and bail out.
refreshSizeFromDb();
break;
}
// Pick exactly enough oldest rows to bring the cache back under the cap. We do
// NOT delete the entire 100-row batch unconditionally, that would over-trim in
// edge cases where just one or two rows are enough.
const needToFree = cachedSize - MAX_DEBUG_LOG_BYTES;
let freed = 0;
const idsToDelete = [];
for (const row of oldest) {
idsToDelete.push(row.id);
freed += Number(row.byte_size) || 0;
if (freed >= needToFree) break;
}
try {
const tx = db.transaction((ids) => {
for (const id of ids) {
trimStatements.del.run({ id });
}
});
tx(idsToDelete);
// Only decrement after the transaction has committed; a mid-batch failure
// would roll the DELETEs back and leave cachedSize untouched.
cachedSize -= freed;
if (freed === 0) {
// We deleted rows but they all had byte_size <= 0, so cachedSize did not
// move. Without intervention the outer loop would spin again with the same
// condition. Resync from the DB and bail to prevent that.
refreshSizeFromDb();
break;
}
} catch {
// SQLite rolled the batch back; resync cachedSize from the DB to recover from
// any unexpected drift, then bail out so we do not spin forever on a persistent
// failure (e.g. database is locked or read-only).
refreshSizeFromDb();
break;
}
}
if (cachedSize < 0) cachedSize = 0;
}
/**
* Whether debug logging is currently enabled. Synchronous and cheap so the logger
* hot-path can call it on every log line.
*
* @returns {boolean} True if logs should be persisted to the debug_logs table.
*/
export function isEnabled() {
return cachedEnabled === true;
}
/**
* Append a single log entry to debug_logs (if enabled) and trim the rolling buffer if
* the new row pushes the live size above the cap.
*
* Safe to call even when logging is disabled, it becomes a no-op. Any storage error
* is swallowed so the logger never breaks the calling code; bookkeeping for cachedSize
* stays consistent because we update it only after a successful insert.
*
* @param {{ts:number, level:string, message:string}} entry
* @returns {void}
*/
export function appendLogEntry(entry) {
if (!isEnabled()) return;
if (!entry || typeof entry.message !== 'string') return;
try {
const ts = Number.isFinite(entry.ts) ? entry.ts : Date.now();
const level = String(entry.level || 'info');
const message = entry.message;
const byte_size = byteLengthOf(message);
SqliteConnection.execute(
'INSERT INTO debug_logs (ts, level, message, byte_size) VALUES (@ts, @level, @message, @byte_size)',
{ ts, level, message, byte_size },
);
if (cachedSize == null) {
refreshSizeFromDb();
} else {
cachedSize += byte_size;
}
trimToFit();
} catch {
// Logging must never break the application. Swallow storage errors silently.
}
}
/**
* Remove every row from debug_logs and reset the cached size to zero. Used by both
* the "clear previous logs" path on (re)enable and by explicit clear actions.
*
* @returns {void}
*/
export function clearAllDebugLogs() {
SqliteConnection.execute('DELETE FROM debug_logs');
cachedSize = 0;
}
/**
* Return the cached live byte size of the debug_logs table contents.
* @returns {Promise<number>}
*/
export async function getCurrentSize() {
await ensureCachesInitialized();
return cachedSize ?? 0;
}
/**
* Return the configured maximum size for the debug_logs table.
* @returns {number}
*/
export function getMaxSize() {
return MAX_DEBUG_LOG_BYTES;
}
/**
* Check whether the debug_logs table contains at least one row.
* @returns {boolean}
*/
export function hasAnyLogs() {
const row = SqliteConnection.query('SELECT 1 AS one FROM debug_logs LIMIT 1');
return Array.isArray(row) && row.length > 0;
}
/**
* Has debug logging ever been enabled in this installation? Used by the download
* endpoint to distinguish "no logs yet" (empty table) from "feature never used"
* (which returns 409 to surface a friendlier UI error).
*
* @returns {Promise<boolean>}
*/
export async function wasEverEnabled() {
const settings = await getSettings();
return settings[SETTING_EVER_ENABLED] === true;
}
/**
* Turn debug logging on. Persists both the active flag and the "ever enabled" flag,
* optionally clearing previous logs when the caller passes clearPrevious=true (this
* is the path taken when the UI confirm dialog "Delete previous logs?" is accepted).
*
* @param {object} [options]
* @param {boolean} [options.clearPrevious=false]
* @returns {Promise<void>}
*/
export async function enableDebugLogging({ clearPrevious = false } = {}) {
if (clearPrevious) {
clearAllDebugLogs();
}
upsertSettings({ [SETTING_ENABLED]: true, [SETTING_EVER_ENABLED]: true });
cachedEnabled = true;
if (cachedSize == null) {
refreshSizeFromDb();
}
// Attach the logger sink only while recording is on so the logger hot path pays
// no per-call cost (Date.now + stringifyArgs) when nobody enabled the feature.
logger.setDebugLogSink(appendLogEntry);
}
/**
* Turn debug logging off. Previous logs are kept on disk so the user can still
* download them; they are only cleared when the user re-enables and chooses "delete
* previous logs".
*
* @returns {Promise<void>}
*/
export async function disableDebugLogging() {
upsertSettings({ [SETTING_ENABLED]: false });
cachedEnabled = false;
// Detach the sink so the logger hot path returns immediately on its `if (sink)`
// check instead of paying the no-op cost on every log line.
logger.setDebugLogSink(null);
}
/**
* Return all stored log entries ordered chronologically. Used by the bundle builder
* when assembling logs.txt.
*
* @returns {{id:number, ts:number, level:string, message:string}[]}
*/
export function getAllDebugLogs() {
return SqliteConnection.query('SELECT id, ts, level, message FROM debug_logs ORDER BY id ASC');
}
/**
* Reload the cached enabled flag from settings storage. Called from the logger at
* startup so the cache reflects the persisted state after a Fredy restart.
*
* @returns {Promise<boolean>} The active enabled flag.
*/
export async function reloadEnabledFromSettings() {
const settings = await getSettings();
cachedEnabled = settings[SETTING_ENABLED] === true;
// (Un)wire the sink to match the persisted state. Note: startup work that runs
// before index.js calls this (CloakBrowser binary check, runMigrations) still
// logs to stdout only, since the sink is not attached yet at that point.
if (cachedEnabled) {
logger.setDebugLogSink(appendLogEntry);
} else {
logger.setDebugLogSink(null);
}
return cachedEnabled;
}
/**
* Test-only helper to drop in-memory caches between unit tests. Resets every piece
* of module-scoped mutable state so a test that swaps the underlying DB does not
* inherit stale prepared statements from a previous run.
* @returns {void}
*/
export function _resetForTests() {
cachedSize = null;
cachedEnabled = null;
trimStatements = null;
}

147
lib/services/ensureValidBinary.js Normal file
View File

@@ -0,0 +1,147 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { ensureBinary } from 'cloakbrowser';
import fs from 'fs';
import path from 'path';
import os from 'os';
/**
* Resource files required on Linux/Windows — they must live next to the chrome binary.
* macOS packages these inside the .app bundle's Frameworks directory so a different
* check is used there (see isBinaryComplete).
*/
const LINUX_WIN_REQUIRED_FILES = ['icudtl.dat', 'resources.pak'];
/**
* Return the top-level versioned installation directory for any platform.
*
* - Linux/Windows: binaryPath is ~/.cloakbrowser/chromium-X.Y.Z/chrome
* → dirname ~/.cloakbrowser/chromium-X.Y.Z/
* - macOS: binaryPath is ~/.cloakbrowser/chromium-X.Y.Z/Chromium.app/Contents/MacOS/Chromium
* → 4 levels up ~/.cloakbrowser/chromium-X.Y.Z/
*
* @param {string} binaryPath
* @returns {string}
*/
function getVersionedDir(binaryPath) {
if (process.platform === 'darwin') {
return path.resolve(path.dirname(binaryPath), '../../..');
}
return path.dirname(binaryPath);
}
/**
* Return true when the binary at binaryPath belongs to a complete installation.
*
* On macOS the binary lives inside an .app bundle:
* Chromium.app/Contents/MacOS/Chromium
* Resource files (icudtl.dat etc.) are deep inside
* Chromium.app/Contents/Frameworks/…
* so checking for them next to the binary is wrong. Instead we verify the two
* structural markers that are only present after a full extraction: Info.plist
* and the Frameworks directory inside Contents/.
*
* On Linux/Windows the binary and all resource files are siblings in the same
* directory.
*
* @param {string} binaryPath
* @returns {boolean}
*/
function isBinaryComplete(binaryPath) {
if (process.platform === 'darwin') {
const contentsDir = path.resolve(path.dirname(binaryPath), '..');
return fs.existsSync(path.join(contentsDir, 'Info.plist')) && fs.existsSync(path.join(contentsDir, 'Frameworks'));
}
const dir = path.dirname(binaryPath);
return LINUX_WIN_REQUIRED_FILES.every((f) => fs.existsSync(path.join(dir, f)));
}
/**
* Return a human-readable description of which required files/dirs are missing.
*
* @param {string} binaryPath
* @returns {string}
*/
function missingDescription(binaryPath) {
if (process.platform === 'darwin') {
const contentsDir = path.resolve(path.dirname(binaryPath), '..');
return ['Info.plist', 'Frameworks'].filter((f) => !fs.existsSync(path.join(contentsDir, f))).join(', ');
}
const dir = path.dirname(binaryPath);
return LINUX_WIN_REQUIRED_FILES.filter((f) => !fs.existsSync(path.join(dir, f))).join(', ');
}
/**
* Remove a corrupt binary installation and all `latest_version*` markers from
* the CloakBrowser cache so the next `ensureBinary()` call falls back to the
* package-bundled version.
*
* Removes the full versioned directory (e.g. chromium-X.Y.Z/) on all platforms,
* not just the subdirectory that contains the binary.
*
* @param {string} binaryPath - Path to the (corrupt) chrome/Chromium binary.
*/
function removeCorruptInstallation(binaryPath) {
const versionedDir = getVersionedDir(binaryPath);
const cacheDir = process.env.CLOAKBROWSER_CACHE_DIR || path.join(os.homedir(), '.cloakbrowser');
fs.rmSync(versionedDir, { recursive: true, force: true });
try {
for (const entry of fs.readdirSync(cacheDir)) {
if (entry.startsWith('latest_version')) {
fs.rmSync(path.join(cacheDir, entry), { force: true });
}
}
} catch {
// Cache dir may not exist if versionedDir was the only entry — ignore.
}
}
/**
* Ensure the CloakBrowser stealth Chromium binary is present **and** complete.
*
* `cloakbrowser`'s own `ensureBinary()` only checks that the chrome/Chromium
* file exists. An incomplete extraction (e.g. interrupted download, disk full)
* can leave a directory that contains the executable but is missing essential
* resource files. Chrome then crashes immediately on launch.
*
* This wrapper validates the path returned by `ensureBinary()`. If the
* installation is incomplete it removes the corrupt directory, clears the
* version marker files, and calls `ensureBinary()` again so it falls back to
* (or re-downloads) a complete build.
*
* The validated path is also pinned via `CLOAKBROWSER_BINARY_PATH` so that
* CloakBrowser's own internal `ensureBinary()` call inside `launch()` always
* picks up the same, verified binary.
*
* @returns {Promise<string>} Absolute path to the validated binary.
* @throws {Error} When even the fallback binary is incomplete.
*/
export async function ensureValidBinary() {
const binaryPath = await ensureBinary();
if (isBinaryComplete(binaryPath)) {
process.env.CLOAKBROWSER_BINARY_PATH = binaryPath;
return binaryPath;
}
console.warn(
`[fredy] CloakBrowser installation at ${getVersionedDir(binaryPath)} is missing: ${missingDescription(binaryPath)}. Removing and retrying.`,
);
removeCorruptInstallation(binaryPath);
const fallbackPath = await ensureBinary();
if (!isBinaryComplete(fallbackPath)) {
throw new Error(
`CloakBrowser binary at ${getVersionedDir(fallbackPath)} is still missing required files after re-download: ${missingDescription(fallbackPath)}`,
);
}
process.env.CLOAKBROWSER_BINARY_PATH = fallbackPath;
return fallbackPath;
}

8
lib/services/extractor/botPrevention.js
View File

@@ -94,7 +94,7 @@ export async function applyBotPreventionToPage(page, cfg) {
// webdriver
Object.defineProperty(navigator, 'webdriver', { get: () => undefined });
// chrome runtime expose loadTimes, csi and app like real Chrome
// chrome runtime - expose loadTimes, csi and app like real Chrome
// @ts-ignore
window.chrome = {
runtime: {},
@@ -129,7 +129,7 @@ export async function applyBotPreventionToPage(page, cfg) {
get: () => (window.localStorage.getItem('__LANGS__') || 'de-DE,de').split(','),
});
// plugins mimic real Chrome's built-in PDF plugins
// plugins - mimic real Chrome's built-in PDF plugins
const makePlugin = (name, filename, description, mimeType, mimeTypeSuffix) => {
const mimeObj = { type: mimeType, suffixes: mimeTypeSuffix, description, enabledPlugin: null };
const plugin = { name, filename, description, length: 1, 0: mimeObj };
@@ -274,14 +274,14 @@ export async function applyBotPreventionToPage(page, cfg) {
//noop
}
// document.hasFocus headless returns false; real active tabs return true
// document.hasFocus - headless returns false; real active tabs return true
try {
document.hasFocus = () => true;
} catch {
//noop
}
// screen color depth normalise in case headless reports 0
// screen color depth - normalise in case headless reports 0
try {
Object.defineProperty(screen, 'colorDepth', { get: () => 24 });
Object.defineProperty(screen, 'pixelDepth', { get: () => 24 });

5
lib/services/extractor/extractor.js
View File

@@ -29,11 +29,12 @@ export default class Extractor {
* your response will never contain what you are really looking for
* @param url
* @param waitForSelector
* @param jobKey
*/
execute = async (url, waitForSelector = null) => {
execute = async (url, waitForSelector = null, jobKey = null) => {
this.responseText = null;
try {
this.responseText = await puppeteerExtractor(url, waitForSelector, this.options);
this.responseText = await puppeteerExtractor(url, waitForSelector, { ...this.options, name: jobKey });
if (this.responseText != null) {
loadParser(this.responseText);
}

155
lib/services/extractor/puppeteerExtractor.js
View File

@@ -3,121 +3,133 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import puppeteer from 'puppeteer-extra';
import StealthPlugin from 'puppeteer-extra-plugin-stealth';
import { debug, botDetected } from './utils.js';
import {
getPreLaunchConfig,
applyBotPreventionToPage,
applyLanguagePersistence,
applyPostNavigationHumanSignals,
} from './botPrevention.js';
import { launch } from 'cloakbrowser/puppeteer';
import { botDetected, debug } from './utils.js';
import { getPreLaunchConfig } from './botPrevention.js';
import logger from '../logger.js';
import fs from 'fs';
import os from 'os';
import path from 'path';
puppeteer.use(StealthPlugin());
import { trackPoi } from '../tracking/Tracker.js';
import { TRACKING_POIS } from '../../TRACKING_POIS.js';
/**
* Launch a CloakBrowser/Puppeteer browser instance with stealth and humanizer enabled.
*
* CloakBrowser applies 49 C++ source-level patches (canvas, WebGL, audio, WebRTC,
* navigator.*, automation signals) that are indistinguishable from a real browser.
* All fingerprinting and human-behaviour simulation is handled natively; no CDP
* overrides (setUserAgent, setExtraHTTPHeaders, evaluateOnNewDocument) are applied
* here because they would create detectable inconsistencies on top of the C++ patches.
*
* @param {string} url - Initial URL (used to derive locale/timezone hints).
* @param {object} [options]
* @param {boolean} [options.puppeteerHeadless]
* @param {number} [options.puppeteerTimeout]
* @param {string} [options.proxyUrl]
* @param {string} [options.timezone]
* @param {string} [options.acceptLanguage]
* @param {object} [options.viewport]
* @returns {Promise<import('puppeteer-core').Browser>}
*/
export async function launchBrowser(url, options) {
const preCfg = getPreLaunchConfig(url, options || {});
const launchArgs = [
// Docker requires --no-sandbox; CloakBrowser handles all stealth args internally.
// --ignore-certificate-errors is needed because CloakBrowser ships its own Chromium
// binary with an independent CA bundle that may not trust proxies or interceptors
// present in the host environment.
const args = [
'--no-sandbox',
'--disable-gpu',
'--disable-setuid-sandbox',
'--disable-dev-shm-usage',
'--disable-crash-reporter',
'--no-first-run',
'--no-default-browser-check',
preCfg.langArg,
'--ignore-certificate-errors',
// Disables the zygote process model. Required in some container environments
// (e.g. limited kernel namespaces) where the zygote cannot acquire the
// locks it needs and exits with "Invalid file descriptor to ICU data received".
'--no-zygote',
preCfg.windowSizeArg,
...preCfg.extraArgs,
];
if (options?.proxyUrl) {
launchArgs.push(`--proxy-server=${options.proxyUrl}`);
}
let userDataDir;
let removeUserDataDir = false;
if (options && options.userDataDir) {
userDataDir = options.userDataDir;
} else {
const prefix = path.join(os.tmpdir(), 'puppeteer-fredy-');
userDataDir = fs.mkdtempSync(prefix);
removeUserDataDir = true;
}
// On ARM64 Docker, Chrome for Testing has no native binary — use system Chromium instead.
const executablePath =
options?.executablePath ||
(process.arch === 'arm64' && process.env.IS_DOCKER === 'true' ? '/usr/bin/chromium' : undefined);
const browser = await puppeteer.launch({
return await launch({
headless: options?.puppeteerHeadless ?? true,
args: launchArgs,
timeout: options?.puppeteerTimeout || 45_000,
userDataDir,
executablePath,
humanize: true,
args,
// locale sets Accept-Language headers and JS navigator.language consistently
locale: preCfg.langForFlag,
...(options?.proxyUrl ? { proxy: options.proxyUrl } : {}),
...(preCfg.timezone ? { timezone: preCfg.timezone } : {}),
});
browser.__fredy_userDataDir = userDataDir;
browser.__fredy_removeUserDataDir = removeUserDataDir;
return browser;
}
/**
* Close a browser instance returned by {@link launchBrowser}.
*
* @param {import('puppeteer-core').Browser | null} browser
*/
export async function closeBrowser(browser) {
if (!browser) return;
const userDataDir = browser.__fredy_userDataDir;
const removeUserDataDir = browser.__fredy_removeUserDataDir;
try {
await browser.close();
} catch {
// ignore
}
if (removeUserDataDir && userDataDir) {
try {
await fs.promises.rm(userDataDir, { recursive: true, force: true });
} catch {
// ignore
}
}
}
/**
* Open a page in a (possibly reused) browser, navigate to `url`, and return the HTML source.
* Returns `null` when a bot-detection page is encountered or on timeout.
*
* @param {string} url
* @param {string | null} waitForSelector
* @param {object} [options]
* @returns {Promise<string | null>}
*/
export default async function execute(url, waitForSelector, options) {
let browser = options?.browser;
let isExternalBrowser = !!browser;
let page;
let result;
try {
debug(`Sending request to ${url} using Puppeteer.`);
debug(`Sending request to ${url} using CloakBrowser.`);
if (!isExternalBrowser) {
browser = await launchBrowser(url, options);
}
page = await browser.newPage();
const preCfg = getPreLaunchConfig(url, options || {});
await applyBotPreventionToPage(page, preCfg);
// Provide languages value before navigation
await applyLanguagePersistence(page, preCfg);
// Optional cookies
if (Array.isArray(options?.cookies) && options.cookies.length > 0) {
await page.setCookie(...options.cookies);
}
// Navigation
// Warm-up navigation: visit a trusted page first so the site sees an
// established session before the actual target URL. Silently ignored on
// failure so it never blocks the main request.
if (options?.preNavigateUrl) {
try {
await page.goto(options.preNavigateUrl, { waitUntil: 'domcontentloaded', timeout: 30_000 });
await new Promise((r) => setTimeout(r, 1500 + Math.random() * 2000));
} catch {
// ignore
}
}
const response = await page.goto(url, {
waitUntil: options?.waitUntil || 'domcontentloaded',
timeout: options?.puppeteerTimeout || 60000,
});
// Optionally wait and add subtle human-like interactions
await applyPostNavigationHumanSignals(page, preCfg);
// Optional second idle wait: useful for React SPAs that trigger API calls
// after domcontentloaded. Times out silently so we use whatever is rendered.
if (options?.waitForNetworkIdle) {
try {
await page.waitForNetworkIdle({ timeout: options?.waitForNetworkIdleTimeout ?? 60_000 });
} catch {
// ignore — we proceed with whatever the DOM contains at this point
}
}
let pageSource;
// if we're extracting data from a SPA, we must wait for the selector
if (waitForSelector != null) {
const selectorTimeout = options?.puppeteerSelectorTimeout ?? options?.puppeteerTimeout ?? 30_000;
await page.waitForSelector(waitForSelector, { timeout: selectorTimeout });
@@ -133,15 +145,22 @@ export default async function execute(url, waitForSelector, options) {
if (botDetected(pageSource, statusCode)) {
logger.warn('We have been detected as a bot :-/ Tried url: => ', url);
if (options != null && options.name != null) {
await trackPoi(TRACKING_POIS.DETECTED_AS_BOT + '_' + options.name);
} else {
await trackPoi(TRACKING_POIS.DETECTED_AS_BOT);
}
result = null;
} else {
result = pageSource || (await page.content());
}
} catch (error) {
if (error?.name?.includes('Timeout')) {
logger.debug('Error executing with puppeteer executor', error);
logger.debug('Error executing with CloakBrowser executor', error);
} else {
logger.warn('Error executing with puppeteer executor', error);
logger.warn('Error executing with CloakBrowser executor', error);
}
result = null;
} finally {

77
lib/services/immoscout/immoscout-web-translator.js
View File

@@ -103,6 +103,13 @@ const EQUIPMENT_MAP = {
lodgerflat: 'lodgerflat',
};
// The web UI uses "swapflat", but the mobile API only understands "swap_flat".
// An unknown value is not ignored: the API silently returns 0 results for the
// whole search. Other values (e.g. "projectlisting") are identical on both APIs.
const EXCLUSION_CRITERIA_MAP = {
swapflat: 'swap_flat',
};
const REAL_ESTATE_TYPE = {
'haus-mieten': 'houserent',
'wohnung-mieten': 'apartmentrent',
@@ -141,6 +148,43 @@ const WEB_PATH_TO_APARTMENT_EQUIPMENT_MAP = {
'barrierefreie-wohnung-mieten': { equipment: ['handicappedaccessible'] },
};
// SEO-optimized rental paths used by the ImmoScout web UI when the user
// configures a maximum warmrent. Example: "wohnung-bis-800-euro-warm" means
// "apartment for rent up to 800 EUR warmrent". The web UI generates these
// paths instead of explicit `price` / `pricetype` query parameters.
// Note: only the warmrent variant uses an SEO slug; max coldrent searches
// use the regular "wohnung-mieten" path with explicit `price` and
// `pricetype=rentpermonth` query params, which the existing translator
// already handles.
const SEO_RENT_TYPE_TO_REAL_ESTATE_TYPE = {
wohnung: 'apartmentrent',
haus: 'houserent',
};
const SEO_MAX_WARMRENT_PATH_PATTERN = /^(?<type>wohnung|haus)-bis-(?<price>\d+)-euro-warm$/;
/**
* Parses SEO-optimized ImmoScout web paths that encode a maximum warmrent, such
* as "wohnung-bis-800-euro-warm". Returns the corresponding mobile API real
* estate type and the implicit price/pricetype parameters, or null if the path
* does not match the known SEO max-warmrent pattern.
*
* @param {string} realTypeKey The last segment of the URL path.
* @returns {{ realType: string, additionalParams: Record<string, string> } | null}
*/
function parseSeoMaxWarmrentPath(realTypeKey) {
const match = realTypeKey.match(SEO_MAX_WARMRENT_PATH_PATTERN);
if (!match) return null;
const { type, price } = match.groups;
return {
realType: SEO_RENT_TYPE_TO_REAL_ESTATE_TYPE[type],
additionalParams: {
price: `-${price}`,
pricetype: 'calculatedtotalrent',
},
};
}
export function convertWebToMobile(webUrl) {
let url;
try {
@@ -164,14 +208,17 @@ export function convertWebToMobile(webUrl) {
additionalParamsFromWebPath = WEB_PATH_TO_APARTMENT_EQUIPMENT_MAP[realTypeKey];
realType = REAL_ESTATE_TYPE['wohnung-mieten'];
} else {
throw new Error(`Real estate type not found: ${realTypeKey}`);
// Test for SEO max-warmrent path, e.g. "wohnung-bis-800-euro-warm"
const seoMaxWarmrent = parseSeoMaxWarmrentPath(realTypeKey);
if (seoMaxWarmrent) {
realType = seoMaxWarmrent.realType;
additionalParamsFromWebPath = seoMaxWarmrent.additionalParams;
} else {
throw new Error(`Real estate type not found: ${realTypeKey}`);
}
}
}
if (segments.includes('shape')) {
throw new Error('Shape is currently not supported using Immoscout');
}
const { query: rawParams } = queryString.parseUrl(webUrl, { arrayFormat: 'comma' });
const webParams = Object.fromEntries(
Object.entries(rawParams).filter(([key]) => key !== 'enteredFrom' && PARAM_NAME_MAP[key]),
@@ -179,18 +226,31 @@ export function convertWebToMobile(webUrl) {
const geocodes = `/${segments.slice(2, segments.length - 1).join('/')}`;
const isRadius = segments.includes('radius');
const isShape = segments.includes('shape');
const mobileParams = {
searchType: isRadius ? 'radius' : 'region',
searchType: isRadius ? 'radius' : isShape ? 'shape' : 'region',
realestatetype: realType,
...(isRadius ? {} : { geocodes }),
...(isRadius || isShape ? {} : { geocodes }),
...additionalParamsFromWebPath,
};
if (isShape && !webParams.shape) {
throw new Error('Shape search URL is missing the required "shape" query parameter');
}
if (isShape && webParams.shape) {
const browserShape = webParams.shape;
const normalized = browserShape.replace(/\.\./g, '==').replace(/\./g, '=');
const polyline = Buffer.from(normalized, 'base64').toString('utf-8');
mobileParams.shape = polyline;
}
if (webParams.geocoordinates) {
mobileParams.geocoordinates = webParams.geocoordinates;
}
for (const [key, val] of Object.entries(webParams)) {
if (key === 'shape') continue;
if (key === 'equipment') {
const items = [].concat(val).flatMap((v) => `${v}`.split(','));
const currentEquipmentParams = mobileParams[PARAM_NAME_MAP[key]];
@@ -198,6 +258,9 @@ export function convertWebToMobile(webUrl) {
...(currentEquipmentParams ?? []),
...items.map((item) => EQUIPMENT_MAP[item.toLowerCase()]).filter(Boolean),
];
} else if (key === 'exclusioncriteria') {
const items = [].concat(val).flatMap((v) => `${v}`.split(','));
mobileParams[PARAM_NAME_MAP[key]] = items.map((item) => EXCLUSION_CRITERIA_MAP[item.toLowerCase()] ?? item);
} else {
mobileParams[PARAM_NAME_MAP[key]] = val;
}

34
lib/services/jobs/jobExecutionService.js
View File

@@ -14,6 +14,7 @@ import * as similarityCache from '../similarity-check/similarityCache.js';
import { isRunning, markFinished, markRunning } from './run-state.js';
import { sendToUsers } from '../sse/sse-broker.js';
import * as puppeteerExtractor from '../extractor/puppeteerExtractor.js';
import { getSettings } from '../storage/settingsStorage.js';
/**
* Initializes the job execution service.
@@ -103,15 +104,11 @@ export function initJobExecutionService({ providers, settings, intervalMs }) {
logger.debug('Working hours set. Skipping as outside of working hours.');
return;
}
settings.lastRun = now;
const jobs = jobStorage
.getJobs()
.filter((job) => job.enabled)
.filter((job) => {
if (!context) return true; // startup/cron → all
if (context.isAdmin) return true; // admin → all
return context.userId ? job.userId === context.userId : false; // user → own
});
const jobs = jobStorage.getJobs().filter((job) => {
if (!context) return true; // startup/cron → all
if (context.isAdmin) return true; // admin → all
return context.userId ? job.userId === context.userId : false; // user → own
});
for (const job of jobs) {
await executeJob(job);
@@ -152,6 +149,13 @@ export function initJobExecutionService({ providers, settings, intervalMs }) {
}
const acquired = markRunning(job.id);
if (!acquired) return;
// Persist the trigger time so the dashboard "last search" KPI can be
// derived per accessible user without an in-memory cache.
try {
jobStorage.updateJobLastRunAt(job.id, Date.now());
} catch (err) {
logger.warn('Failed to persist last_run_at for job', job.id, err);
}
// notify listeners (SSE) that the job started
try {
bus.emit('jobs:status', { jobId: job.id, running: true });
@@ -160,6 +164,14 @@ export function initJobExecutionService({ providers, settings, intervalMs }) {
}
let browser;
try {
// Read the proxy live (not from the startup snapshot) so changing it in the
// UI takes effect on the next run without a backend restart. An empty value
// disables the proxy. Routing the headless browser through a (German
// residential) proxy avoids datacenter-IP based bot detection on the
// Puppeteer-based providers (immowelt, immonet, kleinanzeigen, ...).
const liveSettings = await getSettings();
const proxyUrl = typeof liveSettings?.proxyUrl === 'string' ? liveSettings.proxyUrl.trim() : '';
const jobProviders = job.provider.filter(
(p) => providers.find((loaded) => loaded.metaInformation.id === p.id) != null,
);
@@ -168,14 +180,14 @@ export function initJobExecutionService({ providers, settings, intervalMs }) {
const matchedProvider = providers.find((loaded) => loaded.metaInformation.id === prov.id);
matchedProvider.init({ ...prov, userId: job.userId }, job.blacklist);
if (browser && !browser.isConnected()) {
if (browser && !browser.connected) {
logger.debug('Browser is disconnected, nullifying to launch a new one.');
await puppeteerExtractor.closeBrowser(browser);
browser = null;
}
if (!browser && matchedProvider.config.getListings == null) {
browser = await puppeteerExtractor.launchBrowser(matchedProvider.config.url, {});
browser = await puppeteerExtractor.launchBrowser(matchedProvider.config.url, proxyUrl ? { proxyUrl } : {});
}
await new FredyPipelineExecutioner(matchedProvider.config, job, prov.id, similarityCache, browser).execute();

2
lib/services/listings/listingActiveService.js
View File

@@ -16,7 +16,7 @@ import logger from '../../services/logger.js';
* Concurrency: network-bound checks are executed with a configurable concurrency limit.
*
* @param {object} [opts]
* @param {number} [opts.concurrency=8] Max number of parallel activeTester calls.
* @param {number} [opts.concurrency=4] Max number of parallel activeTester calls.
* @returns {Promise<void>}
*/
export default async function runActiveChecker(opts = {}) {

75
lib/services/logger.js
View File

@@ -14,6 +14,20 @@ const COLORS = {
const env = process.env.NODE_ENV || 'development';
const useColor = process.stdout.isTTY || process.stderr.isTTY;
/**
* Optional sink that forwards formatted log entries to the opt-in "Debug Logging"
* DB storage. Wired and unwired by debugLogStorage as the feature is toggled, so
* when nobody enabled the feature this stays null and the logger hot path skips
* the Date.now + stringifyArgs work entirely.
*
* We deliberately do NOT import debugLogStorage here, because that would create a
* cycle (debugLogStorage → SqliteConnection → utils → logger → debugLogStorage).
* Inversion of control via setDebugLogSink() keeps the dependency one-way.
*
* @type {((entry:{ts:number, level:string, message:string}) => void)|null}
*/
let debugLogSink = null;
function ts() {
const d = new Date();
const yyyy = d.getFullYear();
@@ -31,10 +45,50 @@ function lvl(level) {
return `${COLORS[level] || ''}${upper}${COLORS.reset}`;
}
/**
* Build a colour-free plain text representation of variadic console args. Errors
* are unwrapped to their stack/message, objects are JSON-serialized. Used when
* forwarding to the DB sink so the stored text is portable across terminals.
*
* @param {any[]} args
* @returns {string}
*/
function stringifyArgs(args) {
return args
.map((a) => {
if (a == null) return String(a);
if (a instanceof Error) return a.stack || a.message;
if (typeof a === 'object') {
try {
return JSON.stringify(a);
} catch {
return String(a);
}
}
return String(a);
})
.join(' ');
}
/* eslint-disable no-console */
function log(level, ...args) {
// Forward to the DB sink first (regardless of console suppression rules) so the
// recorded debug bundle truly contains every level, including debug entries that
// would otherwise be silenced in production.
if (debugLogSink) {
try {
debugLogSink({
ts: Date.now(),
level,
message: `${stringifyArgs(args)}`,
});
} catch {
// never break the caller because of logging
}
}
if (level === 'debug' && env !== 'development') {
return; // Skip debug logs in non-development environments
return; // Skip debug logs in non-development environments (console only)
}
const prefix = `[${ts()}] ${lvl(level)}:`;
@@ -56,9 +110,28 @@ function log(level, ...args) {
}
}
/**
* Register a sink function that receives every log entry the logger sees, regardless
* of console suppression rules. debugLogStorage attaches its sink only while the
* feature is enabled and detaches it on disable, so the logger's hot path can use
* the null check as a cheap on/off gate and skip stringification when off.
*
* Pass null to remove the sink (used both by the storage module on disable and by
* tests to reset state between cases).
*
* @param {((entry:{ts:number, level:string, message:string}) => void)|null} sink
* @returns {void}
*/
function setDebugLogSink(sink) {
debugLogSink = typeof sink === 'function' ? sink : null;
}
export { setDebugLogSink };
export default {
debug: (...a) => log('debug', ...a),
info: (...a) => log('info', ...a),
warn: (...a) => log('warn', ...a),
error: (...a) => log('error', ...a),
setDebugLogSink,
};

21
lib/services/storage/jobStorage.js
View File

@@ -97,6 +97,7 @@ export const getJob = (jobId) => {
j.notification_adapter AS notificationAdapter,
j.spatial_filter AS spatialFilter,
j.spec_filter AS specFilter,
j.last_run_at AS lastRunAt,
(SELECT COUNT(1) FROM listings l WHERE l.job_id = j.id AND l.is_active = 1 AND l.manually_deleted = 0) AS numberOfFoundListings
FROM jobs j
WHERE j.id = @id
@@ -116,6 +117,24 @@ export const getJob = (jobId) => {
};
};
/**
* Record the timestamp at which a job was last triggered.
*
* Called from the job execution service when a job starts running. The value
* is persisted so that the dashboard "last search" KPI survives restarts and
* can be computed per accessible user.
*
* @param {string} jobId - Job primary key.
* @param {number} timestamp - Epoch milliseconds.
* @returns {void}
*/
export const updateJobLastRunAt = (jobId, timestamp) => {
SqliteConnection.execute(`UPDATE jobs SET last_run_at = @timestamp WHERE id = @id`, {
id: jobId,
timestamp,
});
};
/**
* Update job enabled status.
* @param {{jobId: string, status: boolean}} params - Parameters.
@@ -164,6 +183,7 @@ export const getJobs = () => {
j.notification_adapter AS notificationAdapter,
j.spatial_filter AS spatialFilter,
j.spec_filter AS specFilter,
j.last_run_at AS lastRunAt,
(SELECT COUNT(1) FROM listings l WHERE l.job_id = j.id AND l.is_active = 1 AND l.manually_deleted = 0) AS numberOfFoundListings
FROM jobs j
WHERE j.enabled = 1
@@ -269,6 +289,7 @@ export const queryJobs = ({
j.notification_adapter AS notificationAdapter,
j.spatial_filter AS spatialFilter,
j.spec_filter AS specFilter,
j.last_run_at AS lastRunAt,
(SELECT COUNT(1) FROM listings l WHERE l.job_id = j.id AND l.is_active = 1 AND l.manually_deleted = 0) AS numberOfFoundListings
FROM jobs j
${whereSql}

161
lib/services/storage/listingsStorage.js
View File

@@ -3,10 +3,27 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { nullOrEmpty } from '../../utils.js';
import { nullOrEmpty, fromJson } from '../../utils.js';
import SqliteConnection from './SqliteConnection.js';
import { nanoid } from 'nanoid';
/**
* Parse the JSON `status` column of a listing row in place.
*
* The DB stores status as a JSON payload `{ status, setAt }` (or NULL).
* Consumers expect an object/null, so we normalize before returning.
*
* @param {Object|null|undefined} row - A raw row from the listings table.
* @returns {Object|null|undefined} The same row with `status` parsed.
*/
const parseListingStatus = (row) => {
if (row == null) return row;
if (typeof row.status === 'string') {
row.status = fromJson(row.status, null);
}
return row;
};
/**
* Return a list of known listing hashes for a given job and provider.
* Useful to de-duplicate before inserting new listings.
@@ -43,18 +60,14 @@ export const getListingsKpisForJobIds = (jobIds = []) => {
const placeholders = jobIds.map(() => '?').join(',');
const rows = SqliteConnection.query(
`SELECT
SUM(CASE WHEN is_active = 1 THEN 1 ELSE 0 END) OVER() AS active_count,
price
FROM listings
WHERE job_id IN (${placeholders})
AND manually_deleted = 0
GROUP BY
id`,
`SELECT is_active, price
FROM listings
WHERE job_id IN (${placeholders})
AND manually_deleted = 0`,
jobIds,
);
const activeCount = rows[0]?.active_count ?? 0;
const activeCount = rows.filter((r) => r.is_active === 1).length;
const prices = rows
.map((r) => r.price)
@@ -214,6 +227,8 @@ export const storeListings = (jobId, providerId, listings) => {
longitude: item.longitude || null,
};
stmt.run(params);
// Propagate the DB primary key back so downstream pipeline steps use the correct id
item.id = params.id;
}
});
@@ -242,6 +257,7 @@ export const storeListings = (jobId, providerId, listings) => {
* @param {object} [params.jobNameFilter]
* @param {object} [params.providerFilter]
* @param {object} [params.watchListFilter]
* @param {('applied'|'rejected'|'accepted'|'none')} [params.statusFilter] - Filter by listing status. 'none' matches NULL.
* @param {string|null} [params.sortField=null] - One of: 'created_at','price','size','provider','title'.
* @param {('asc'|'desc')} [params.sortDir='asc']
* @param {number} [params.createdAfter] - Only include listings created at or after this unix timestamp (ms).
@@ -258,6 +274,7 @@ export const queryListings = ({
jobIdFilter,
providerFilter,
watchListFilter,
statusFilter,
freeTextFilter,
sortField = null,
sortDir = 'asc',
@@ -287,13 +304,15 @@ export const queryListings = ({
}
if (freeTextFilter && String(freeTextFilter).trim().length > 0) {
params.filter = `%${String(freeTextFilter).trim()}%`;
whereParts.push(`(title LIKE @filter OR address LIKE @filter OR provider LIKE @filter OR link LIKE @filter)`);
whereParts.push(
`(l.title LIKE @filter OR l.address LIKE @filter OR l.provider LIKE @filter OR l.link LIKE @filter)`,
);
}
// activityFilter: when true -> only active listings (is_active = 1), false -> only inactive
if (activityFilter === true) {
whereParts.push('(is_active = 1)');
whereParts.push('(l.is_active = 1)');
} else if (activityFilter === false) {
whereParts.push('(is_active = 0)');
whereParts.push('(l.is_active = 0)');
}
// Prefer filtering by job id when provided (unambiguous and robust)
if (jobIdFilter && String(jobIdFilter).trim().length > 0) {
@@ -307,7 +326,7 @@ export const queryListings = ({
// providerFilter: when provided as string (assumed provider name), filter listings where provider equals that name (exact match)
if (providerFilter && String(providerFilter).trim().length > 0) {
params.providerName = String(providerFilter).trim();
whereParts.push('(provider = @providerName)');
whereParts.push('(l.provider = @providerName)');
}
// watchListFilter: when true -> only watched listings, false -> only unwatched
if (watchListFilter === true) {
@@ -315,14 +334,26 @@ export const queryListings = ({
} else if (watchListFilter === false) {
whereParts.push('(wl.id IS NULL)');
}
// statusFilter: 'applied'|'rejected'|'accepted' -> equality on JSON status field; 'none' -> NULL.
// The status column is a JSON payload `{ status, setAt }`, so we extract the inner
// status string for comparison instead of matching the raw text.
if (statusFilter === 'none') {
whereParts.push('(l.status IS NULL)');
} else if (
typeof statusFilter === 'string' &&
['applied', 'rejected', 'accepted'].includes(statusFilter.toLowerCase())
) {
params.statusValue = statusFilter.toLowerCase();
whereParts.push(`(json_extract(l.status, '$.status') = @statusValue)`);
}
// Time range filters (unix timestamps in milliseconds)
if (Number.isFinite(createdAfter) && createdAfter > 0) {
params.createdAfter = createdAfter;
whereParts.push('(created_at >= @createdAfter)');
whereParts.push('(l.created_at >= @createdAfter)');
}
if (Number.isFinite(createdBefore) && createdBefore > 0) {
params.createdBefore = createdBefore;
whereParts.push('(created_at <= @createdBefore)');
whereParts.push('(l.created_at <= @createdBefore)');
}
// Price range filters
if (Number.isFinite(minPrice) && minPrice >= 0) {
@@ -337,32 +368,22 @@ export const queryListings = ({
// Build whereSql (filtering by manually_deleted = 0)
whereParts.push('(l.manually_deleted = 0)');
const whereSql = whereParts.length ? `WHERE ${whereParts.join(' AND ')}` : '';
const whereSqlWithAlias = whereSql
.replace(/\btitle\b/g, 'l.title')
.replace(/\bdescription\b/g, 'l.description')
.replace(/\baddress\b/g, 'l.address')
.replace(/\bprovider\b/g, 'l.provider')
.replace(/\blink\b/g, 'l.link')
.replace(/\bis_active\b/g, 'l.is_active')
.replace(/\bj\.user_id\b/g, 'j.user_id')
.replace(/\bj\.name\b/g, 'j.name')
.replace(/\bwl\.id\b/g, 'wl.id');
const whereSqlWithAlias = whereParts.length ? `WHERE ${whereParts.join(' AND ')}` : '';
// whitelist sortable fields to avoid SQL injection
const sortable = new Set(['created_at', 'price', 'size', 'provider', 'title', 'job_name', 'is_active', 'isWatched']);
const safeSortField = sortField && sortable.has(sortField) ? sortField : null;
// whitelist sortable fields to avoid SQL injection; map to fully-qualified expressions
const sortableMap = {
created_at: 'l.created_at',
price: 'l.price',
size: 'l.size',
provider: 'l.provider',
title: 'l.title',
job_name: 'j.name',
is_active: 'l.is_active',
isWatched: 'CASE WHEN wl.id IS NOT NULL THEN 1 ELSE 0 END',
};
const safeSortExpr = sortField && sortableMap[sortField] ? sortableMap[sortField] : null;
const safeSortDir = String(sortDir).toLowerCase() === 'desc' ? 'DESC' : 'ASC';
const orderSql = safeSortField ? `ORDER BY ${safeSortField} ${safeSortDir}` : 'ORDER BY created_at DESC';
const orderSqlWithAlias = orderSql
.replace(/\bcreated_at\b/g, 'l.created_at')
.replace(/\bprice\b/g, 'l.price')
.replace(/\bsize\b/g, 'l.size')
.replace(/\bprovider\b/g, 'l.provider')
.replace(/\btitle\b/g, 'l.title')
.replace(/\bjob_name\b/g, 'j.name')
// Sort by computed watch flag when requested
.replace(/\bisWatched\b/g, 'CASE WHEN wl.id IS NOT NULL THEN 1 ELSE 0 END');
const orderSqlWithAlias = safeSortExpr ? `ORDER BY ${safeSortExpr} ${safeSortDir}` : 'ORDER BY l.created_at DESC';
// count total with same WHERE
const countRow = SqliteConnection.query(
@@ -389,7 +410,7 @@ export const queryListings = ({
params,
);
return { totalNumber, page: safePage, result: rows };
return { totalNumber, page: safePage, result: rows.map(parseListingStatus) };
};
/**
@@ -417,9 +438,10 @@ export const deleteListingsByJobId = (jobId, hardDelete = false) => {
};
/**
* Delete listings by a list of listing IDs.
* Delete listings by a list of listing IDs (the nanoid primary key stored in the `id` column).
* Used by API routes that receive row IDs from the client.
*
* @param {string[]} ids - Array of listing IDs to delete.
* @param {string[]} ids - Array of DB row IDs to delete.
* @param {boolean} [hardDelete=false] - Whether to hard delete from DB or just mark as deleted.
* @returns {any} The result from SqliteConnection.execute.
*/
@@ -482,7 +504,7 @@ export const updateListingGeocoordinates = (id, latitude, longitude) => {
* @param {string} [params.jobId]
* @param {string} [params.userId]
* @param {boolean} [params.isAdmin=false]
* @returns {{listings: Object[], maxPrice: number}} Object containing listings and maxPrice.
* @returns {{listings: Object[]}} Object containing listings.
*/
export const getListingsForMap = ({ jobId, userId = null, isAdmin = false } = {}) => {
const baseWhereParts = [
@@ -623,7 +645,7 @@ export const getListingById = (id, userId = null, isAdmin = false) => {
if (!isAdmin) {
whereScoping = `AND (j.user_id = @userId OR EXISTS (SELECT 1 FROM json_each(j.shared_with_user) AS sw WHERE sw.value = @userId))`;
}
return (
return parseListingStatus(
SqliteConnection.query(
`SELECT l.*, j.name AS job_name, CASE WHEN wl.id IS NOT NULL THEN 1 ELSE 0 END AS isWatched
FROM listings l
@@ -631,10 +653,57 @@ export const getListingById = (id, userId = null, isAdmin = false) => {
LEFT JOIN watch_list wl ON wl.listing_id = l.id AND wl.user_id = @userId
WHERE l.id = @id AND l.manually_deleted = 0 ${whereScoping}`,
params,
)[0] || null
)[0] || null,
);
};
/**
* Set or clear the notes attached to a single listing.
*
* Empty strings are normalized to NULL so the DB doesn't keep meaningless
* whitespace and queries can filter "has notes" with a simple IS NOT NULL.
*
* @param {string} id - The listing ID.
* @param {string|null} notes - The note text to store, or null/empty to clear.
* @returns {number} Number of rows affected (0 if listing not found).
*/
export const setListingNotes = (id, notes) => {
if (!id) return 0;
const trimmed = typeof notes === 'string' ? notes.trim() : null;
const value = trimmed && trimmed.length > 0 ? trimmed : null;
const res = SqliteConnection.execute(`UPDATE listings SET notes = @notes WHERE id = @id`, {
id,
notes: value,
});
return res?.changes ?? 0;
};
/**
* Set or clear the status of a single listing.
*
* The status column stores a JSON payload `{ status, setAt }` so consumers
* can show both the user's decision and when it was made. Passing `null`
* clears the column.
*
* @param {string} id - The listing ID.
* @param {('applied'|'rejected'|'accepted'|null)} status - New status, or null to clear.
* @returns {number} Number of rows affected (0 if listing not found).
*/
export const setListingStatus = (id, status) => {
if (!id) return 0;
const allowed = ['applied', 'rejected', 'accepted'];
const normalized = status == null ? null : String(status).toLowerCase();
if (normalized != null && !allowed.includes(normalized)) {
throw new Error(`Invalid listing status: ${status}`);
}
const payload = normalized == null ? null : JSON.stringify({ status: normalized, setAt: Date.now() });
const res = SqliteConnection.execute(`UPDATE listings SET status = @status WHERE id = @id`, {
id,
status: payload,
});
return res?.changes ?? 0;
};
/**
* Resets geocoordinates and distance for all listings related to a user.
*

25
lib/services/storage/migrations/sql/17.add-base-url-setting.js Normal file
View File

@@ -0,0 +1,25 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { nanoid } from 'nanoid';
import { guessBaseUrl } from '../../../../utils/detectBaseUrl.js';
export function up(db) {
const exists = db.prepare(`SELECT 1 FROM settings WHERE name = 'baseUrl' AND user_id IS NULL LIMIT 1`).get();
if (exists) return;
const portRow = db.prepare(`SELECT value FROM settings WHERE name = 'port' AND user_id IS NULL LIMIT 1`).get();
let port = 9998;
try {
port = JSON.parse(portRow?.value ?? '9998');
} catch {
/* keep default */
}
db.prepare(
`INSERT INTO settings (id, create_date, name, value, user_id)
VALUES (@id, @create_date, 'baseUrl', @value, NULL)`,
).run({ id: nanoid(), create_date: Date.now(), value: JSON.stringify(guessBaseUrl(port)) });
}

11
lib/services/storage/migrations/sql/18.add-listing-status.js Normal file
View File

@@ -0,0 +1,11 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
export function up(db) {
db.exec(`
ALTER TABLE listings ADD COLUMN status JSON;
CREATE INDEX IF NOT EXISTS idx_listings_status ON listings (json_extract(status, '$.status'));
`);
}

10
lib/services/storage/migrations/sql/19.add-listing-notes.js Normal file
View File

@@ -0,0 +1,10 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
export function up(db) {
db.exec(`
ALTER TABLE listings ADD COLUMN notes TEXT;
`);
}

32
lib/services/storage/migrations/sql/20.add-debug-logs.js Normal file
View File

@@ -0,0 +1,32 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
/**
* Migration: create the debug_logs table used by the opt-in "Debug Logging" feature.
*
* Each row is a single log line (timestamp + level + message) captured by the in-app
* logger while debug logging is enabled. We store the UTF-8 byte size of the message
* alongside the row so the debugLogStorage can maintain a rolling 5 MB cap without
* having to run length() / SUM() on every insert.
*
* The "debug_logging_enabled" and "debug_logging_ever_enabled" flags are persisted in
* the existing settings table (no schema change needed there) and are managed by
* debugLogStorage.js at runtime.
*/
export function up(db) {
// id is INTEGER PRIMARY KEY AUTOINCREMENT, which is an alias for SQLite's rowid and
// is implicitly indexed. No additional index needed; selecting / deleting by id and
// ordering by id ASC (rolling buffer) both use the existing rowid index.
db.exec(`
CREATE TABLE IF NOT EXISTS debug_logs
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
ts INTEGER NOT NULL,
level TEXT NOT NULL,
message TEXT NOT NULL,
byte_size INTEGER NOT NULL
);
`);
}

20
lib/services/storage/migrations/sql/21.add-last-run-to-jobs.js Normal file
View File

@@ -0,0 +1,20 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
/**
* Migration: add `last_run_at` to the `jobs` table.
*
* Stores the epoch-ms timestamp at which a job was last triggered. Used by the
* dashboard "last search" KPI so the value survives restarts and reflects the
* actual jobs the requesting user can see (own, shared, or all for admins),
* replacing the previous in-memory `settings.lastRun` value.
*
* NULL means the job has not yet been triggered since this column was added.
*/
export function up(db) {
db.exec(`
ALTER TABLE jobs ADD COLUMN last_run_at INTEGER
`);
}

7
lib/services/storage/settingsStorage.js
View File

@@ -123,8 +123,11 @@ export function upsertSettings(settingsMapOrEntry, userId = null) {
);
}
}
// keep cache in sync (only for global settings)
// Invalidate cache synchronously so the next getSettings() call rebuilds it.
// refreshSettingsCache() is async (reads config.json), so we cannot await it
// here without making upsertSettings async everywhere. Nulling is safe because
// getSettings() will call refreshSettingsCache() on the next invocation.
if (userId == null) {
refreshSettingsCache();
cachedSettingsConfig = null;
}
}

19
lib/services/storage/watchListStorage.js
View File

@@ -47,6 +47,25 @@ export const deleteWatch = (listingId, userId) => {
return { deleted: Boolean(res?.changes) };
};
/**
* Ensure a watch entry exists. Does not toggle; safe to call when row may already exist.
* Used by the status endpoint to auto-watch a listing when a status is set.
* @param {string} listingId
* @param {string} userId
* @returns {{watched:boolean}}
*/
export const ensureWatch = (listingId, userId) => {
if (!listingId || !userId) return { watched: false };
const { created } = createWatch(listingId, userId);
if (created) return { watched: true };
const exists =
SqliteConnection.query(
`SELECT 1 AS ok FROM watch_list WHERE listing_id = @listing_id AND user_id = @user_id LIMIT 1`,
{ listing_id: listingId, user_id: userId },
).length > 0;
return { watched: exists };
};
/**
* Toggle a watch entry. If exists -> delete, otherwise create.
* @param {string} listingId

1
lib/types/job.js
View File

@@ -18,6 +18,7 @@
* @property {SpatialFilter | null} [spatialFilter] Optional spatial filter configuration as GeoJSON FeatureCollection.
* @property {SpecFilter | null} [specFilter] Optional listing specifications.
* @property {number} [numberOfFoundListings] Count of active listings for this job.
* @property {number | null} [lastRunAt] Epoch ms at which the job was last triggered, or null if never triggered.
*/
export {};

55
lib/utils/detectBaseUrl.js Normal file
View File

@@ -0,0 +1,55 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import os from 'os';
import fs from 'fs';
const DOCKER_BRIDGE_PREFIXES = ['172.17.', '172.18.', '172.19.', '172.20.'];
export function isRunningInDocker() {
if (process.env.FREDY_DOCKER === '1') return true;
try {
fs.accessSync('/.dockerenv');
return true;
} catch {
/* not docker */
}
try {
const cgroup = fs.readFileSync('/proc/self/cgroup', 'utf8');
return /docker|containerd|kubepods/.test(cgroup);
} catch {
return false;
}
}
function isDockerBridgeIp(addr) {
return DOCKER_BRIDGE_PREFIXES.some((prefix) => addr.startsWith(prefix));
}
export function detectLocalIp() {
if (isRunningInDocker()) {
return process.env.FREDY_HOST_IP ?? '172.17.0.1';
}
const ifaces = os.networkInterfaces();
for (const preferred of ['en0', 'eth0', 'wlan0', 'ens3', 'ens18']) {
for (const entry of ifaces[preferred] ?? []) {
if (entry.family === 'IPv4' && !entry.internal && !isDockerBridgeIp(entry.address)) {
return entry.address;
}
}
}
for (const iface of Object.values(ifaces)) {
for (const entry of iface ?? []) {
if (entry.family === 'IPv4' && !entry.internal && !isDockerBridgeIp(entry.address)) {
return entry.address;
}
}
}
return 'localhost';
}
export function guessBaseUrl(port) {
return `http://${detectLocalIp()}:${port}`;
}

68
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "fredy",
"version": "20.3.3",
"version": "22.7.0",
"description": "[F]ind [R]eal [E]states [d]amn eas[y].",
"scripts": {
"prepare": "husky",
@@ -62,65 +62,65 @@
"Firefox ESR"
],
"dependencies": {
"@douyinfe/semi-icons": "^2.95.1",
"@douyinfe/semi-ui": "2.95.1",
"@douyinfe/semi-ui-19": "^2.95.1",
"@douyinfe/semi-icons": "^2.100.0",
"@douyinfe/semi-ui": "2.100.0",
"@douyinfe/semi-ui-19": "^2.100.0",
"@fastify/cookie": "^11.0.2",
"@fastify/helmet": "^13.0.2",
"@fastify/session": "^11.1.1",
"@fastify/static": "^9.1.3",
"@mapbox/mapbox-gl-draw": "^1.5.1",
"@modelcontextprotocol/sdk": "^1.29.0",
"@sendgrid/mail": "8.1.6",
"@turf/boolean-point-in-polygon": "^7.3.5",
"@vitejs/plugin-react": "6.0.1",
"@vitejs/plugin-react": "6.0.2",
"adm-zip": "^0.5.17",
"better-sqlite3": "^12.9.0",
"body-parser": "2.2.2",
"better-sqlite3": "^12.10.0",
"chart.js": "^4.5.1",
"cheerio": "^1.2.0",
"cookie-session": "2.1.1",
"cloakbrowser": "^0.3.31",
"fastify": "^5.8.5",
"handlebars": "4.7.9",
"maplibre-gl": "^5.23.0",
"nanoid": "5.1.9",
"maplibre-gl": "^5.24.0",
"nanoid": "5.1.11",
"node-cron": "^4.2.1",
"node-fetch": "3.3.2",
"node-mailjet": "6.0.11",
"nodemailer": "^8.0.5",
"nodemailer": "^8.0.11",
"p-throttle": "^8.1.0",
"package-up": "^5.0.0",
"puppeteer": "^24.42.0",
"puppeteer-extra": "^3.3.6",
"puppeteer-extra-plugin-stealth": "^2.11.2",
"query-string": "9.3.1",
"react": "19.2.5",
"puppeteer-core": "^25.1.0",
"query-string": "9.4.0",
"react": "19.2.7",
"react-chartjs-2": "^5.3.1",
"react-dom": "19.2.5",
"react-dom": "19.2.7",
"react-range-slider-input": "^3.3.5",
"react-router": "7.14.1",
"react-router-dom": "7.14.1",
"resend": "^6.12.2",
"restana": "5.2.0",
"semver": "^7.7.4",
"serve-static": "2.2.1",
"react-router": "7.17.0",
"react-router-dom": "7.17.0",
"resend": "^6.12.4",
"semver": "^7.8.4",
"slack": "11.0.2",
"vite": "8.0.9",
"vite": "8.0.16",
"x-var": "^3.0.1",
"zustand": "^5.0.12"
"zustand": "^5.0.14"
},
"devDependencies": {
"@babel/core": "7.29.0",
"@babel/eslint-parser": "7.28.6",
"@babel/preset-env": "7.29.2",
"@babel/preset-react": "7.28.5",
"@babel/core": "7.29.7",
"@babel/eslint-parser": "7.29.7",
"@babel/preset-env": "7.29.7",
"@babel/preset-react": "7.29.7",
"@eslint/js": "^10.0.1",
"chalk": "^5.6.2",
"eslint": "10.2.1",
"eslint": "10.4.1",
"eslint-config-prettier": "10.1.8",
"eslint-plugin-react": "7.37.5",
"globals": "^17.5.0",
"globals": "^17.6.0",
"history": "5.3.0",
"husky": "9.1.7",
"less": "4.6.4",
"lint-staged": "16.4.0",
"lint-staged": "17.0.7",
"nodemon": "^3.1.14",
"prettier": "3.8.3",
"vitest": "^4.1.4"
"prettier": "3.8.4",
"vitest": "^4.1.8"
}
}

18
test/globalSetup.js Normal file
View File

@@ -0,0 +1,18 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { ensureValidBinary } from '../lib/services/ensureValidBinary.js';
/**
* Vitest global setup — runs once in the main process before any workers start.
* Downloads and validates the CloakBrowser stealth Chromium binary.
* ensureValidBinary() also removes and re-downloads partial/corrupt installations
* so tests never fail with "Invalid file descriptor to ICU data received".
* Skipped in offline mode because the browser is fully mocked there.
*/
export async function setup() {
if (process.env.TEST_MODE === 'offline') return;
await ensureValidBinary();
}

13
test/mocks/mockStore.js
View File

@@ -17,8 +17,16 @@ export const getGeocoordinatesByAddress = (any) => {
return null;
};
let userSettings = null;
export function setUserSettings(settings) {
userSettings = settings;
}
export function getUserSettings(userId) {
return null;
return userSettings;
}
export async function getSettings() {
return { baseUrl: '' };
}
export const updateListingDistance = (id, distance) => {
@@ -28,4 +36,7 @@ export const deletedIds = [];
export const deleteListingsById = (ids) => {
deletedIds.push(...ids);
};
export const deleteListingsByHash = (hashes) => {
deletedIds.push(...hashes);
};
/* eslint-enable no-unused-vars */

415
test/notification/telegram.test.js Normal file
View File

@@ -0,0 +1,415 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
// Mock external deps BEFORE importing the module under test.
vi.mock('node-fetch', () => ({ default: vi.fn() }));
vi.mock('../../lib/services/storage/jobStorage.js', () => ({
getJob: (jobKey) => ({ id: jobKey, name: jobKey }),
}));
vi.mock('../../lib/services/markdown.js', () => ({
markdown2Html: () => '',
}));
// Helpers to build mock fetch responses.
function jsonOk(body = { ok: true }) {
return {
ok: true,
status: 200,
text: async () => JSON.stringify(body),
};
}
function jsonErr(status, body) {
return {
ok: false,
status,
text: async () => JSON.stringify(body),
};
}
function imageOk(bytes = new Uint8Array([0xff, 0xd8, 0xff])) {
return {
ok: true,
status: 200,
headers: {
get: (h) => {
const k = h.toLowerCase();
if (k === 'content-type') return 'image/jpeg';
if (k === 'content-length') return String(bytes.byteLength);
return null;
},
},
arrayBuffer: async () => bytes.buffer.slice(bytes.byteOffset, bytes.byteOffset + bytes.byteLength),
};
}
// Globals are mocked too so buildPhotoFormData (which uses global fetch) can be
// intercepted by the same single mock.
let mockNodeFetch;
let mockGlobalFetch;
let send;
beforeEach(async () => {
// Reset modules to get a fresh import with our mocks applied.
vi.resetModules();
const nodeFetchMod = await import('node-fetch');
mockNodeFetch = nodeFetchMod.default;
mockNodeFetch.mockReset();
mockGlobalFetch = vi.fn();
vi.stubGlobal('fetch', mockGlobalFetch);
({ send } = await import('../../lib/notification/adapter/telegram.js'));
});
afterEach(() => {
vi.unstubAllGlobals();
vi.useRealTimers();
});
const baseConfig = {
id: 'telegram',
fields: { token: 'TKN', chatId: '999' },
};
describe('telegram send() - HTTP URL path (default for .jpg / .png)', () => {
it('POSTs JSON to sendPhoto for a .jpg image URL', async () => {
mockNodeFetch.mockResolvedValueOnce(jsonOk());
await send({
serviceName: 'immowelt',
newListings: [
{
id: 'a',
title: 'Listing',
link: 'https://example.com/a',
address: 'Addr',
price: '500€',
size: '50m²',
image: 'https://mms.immowelt.de/x/y/z/w/abc.jpg?ci_seal=hash&w=525&h=394',
},
],
notificationConfig: [baseConfig],
jobKey: 'Berlin',
});
expect(mockNodeFetch).toHaveBeenCalledTimes(1);
const [url, opts] = mockNodeFetch.mock.calls[0];
expect(url).toBe('https://api.telegram.org/botTKN/sendPhoto');
expect(opts.method).toBe('post');
expect(opts.headers?.['Content-Type']).toBe('application/json');
const body = JSON.parse(opts.body);
expect(body.chat_id).toBe('999');
expect(body.photo).toBe('https://mms.immowelt.de/x/y/z/w/abc.jpg?ci_seal=hash&w=525&h=394');
expect(body.parse_mode).toBe('HTML');
});
it('does NOT pre-fetch the image when using HTTP URL path', async () => {
mockNodeFetch.mockResolvedValueOnce(jsonOk());
await send({
serviceName: 'immowelt',
newListings: [
{
id: 'a',
title: 't',
link: 'l',
address: 'a',
price: '',
size: '',
image: 'https://example.com/x.jpg',
},
],
notificationConfig: [baseConfig],
jobKey: 'Berlin',
});
// global fetch (used by buildPhotoFormData) must not be called
expect(mockGlobalFetch).not.toHaveBeenCalled();
});
it('falls back to sendMessage when sendPhoto fails', async () => {
mockNodeFetch
.mockResolvedValueOnce(jsonErr(400, { ok: false, description: 'boom' }))
.mockResolvedValueOnce(jsonOk());
await send({
serviceName: 'immowelt',
newListings: [
{
id: 'a',
title: 't',
link: 'l',
address: 'a',
price: '',
size: '',
image: 'https://example.com/x.jpg',
},
],
notificationConfig: [baseConfig],
jobKey: 'Berlin',
});
expect(mockNodeFetch).toHaveBeenCalledTimes(2);
expect(mockNodeFetch.mock.calls[0][0]).toBe('https://api.telegram.org/botTKN/sendPhoto');
expect(mockNodeFetch.mock.calls[1][0]).toBe('https://api.telegram.org/botTKN/sendMessage');
});
});
describe('telegram send() - multipart path (.webp URLs)', () => {
it('pre-fetches the image then POSTs FormData to sendPhoto for a .webp URL', async () => {
// 1st: GET image via global fetch
mockGlobalFetch.mockResolvedValueOnce(imageOk());
// 2nd: POST sendPhoto via node-fetch
mockNodeFetch.mockResolvedValueOnce(jsonOk());
await send({
serviceName: 'immowelt',
newListings: [
{
id: 'a',
title: 'Listing',
link: 'https://example.com/a',
address: 'Addr',
price: '500€',
size: '50m²',
image: 'https://mms.immowelt.de/1/1/6/5/abc.webp?ci_seal=hash&w=525&h=394',
},
],
notificationConfig: [baseConfig],
jobKey: 'Berlin',
});
// image was fetched
expect(mockGlobalFetch).toHaveBeenCalledTimes(1);
expect(mockGlobalFetch.mock.calls[0][0]).toBe('https://mms.immowelt.de/1/1/6/5/abc.webp?ci_seal=hash&w=525&h=394');
// sendPhoto called via node-fetch with FormData
expect(mockNodeFetch).toHaveBeenCalledTimes(1);
const [url, opts] = mockNodeFetch.mock.calls[0];
expect(url).toBe('https://api.telegram.org/botTKN/sendPhoto');
expect(opts.method).toBe('post');
expect(opts.body).toBeInstanceOf(FormData);
// No explicit Content-Type header - fetch sets multipart boundary itself
expect(opts.headers).toBeUndefined();
expect(opts.body.get('chat_id')).toBe('999');
expect(opts.body.get('parse_mode')).toBe('HTML');
const photo = opts.body.get('photo');
expect(photo).toBeTruthy();
expect(photo.size).toBeGreaterThan(0);
});
it('falls back to sendMessage when the image pre-fetch fails for a .webp URL', async () => {
// image fetch fails (404 from CDN)
mockGlobalFetch.mockResolvedValueOnce({
ok: false,
status: 404,
headers: { get: () => null },
arrayBuffer: async () => new ArrayBuffer(0),
});
// then sendMessage succeeds via node-fetch
mockNodeFetch.mockResolvedValueOnce(jsonOk());
await send({
serviceName: 'immowelt',
newListings: [
{
id: 'a',
title: 't',
link: 'l',
address: 'a',
price: '',
size: '',
image: 'https://example.com/gone.webp',
},
],
notificationConfig: [baseConfig],
jobKey: 'Berlin',
});
expect(mockNodeFetch).toHaveBeenCalledTimes(1);
expect(mockNodeFetch.mock.calls[0][0]).toBe('https://api.telegram.org/botTKN/sendMessage');
});
it('falls back to sendMessage when multipart sendPhoto returns a Telegram error', async () => {
mockGlobalFetch.mockResolvedValueOnce(imageOk());
mockNodeFetch
.mockResolvedValueOnce(jsonErr(400, { description: 'broke' })) // multipart sendPhoto
.mockResolvedValueOnce(jsonOk()); // sendMessage fallback
await send({
serviceName: 'immowelt',
newListings: [
{
id: 'a',
title: 't',
link: 'l',
address: 'a',
price: '',
size: '',
image: 'https://example.com/x.webp',
},
],
notificationConfig: [baseConfig],
jobKey: 'Berlin',
});
expect(mockNodeFetch).toHaveBeenCalledTimes(2);
expect(mockNodeFetch.mock.calls[1][0]).toBe('https://api.telegram.org/botTKN/sendMessage');
});
});
describe('telegram send() - mixed batch (regression-safety)', () => {
it('handles a batch with both .jpg and .webp - jpg uses URL, webp uses multipart', async () => {
// .webp image fetch
mockGlobalFetch.mockResolvedValueOnce(imageOk());
// both sendPhoto calls succeed
mockNodeFetch
.mockResolvedValueOnce(jsonOk()) // could be either listing first
.mockResolvedValueOnce(jsonOk());
await send({
serviceName: 'immowelt',
newListings: [
{
id: 'jpg-listing',
title: 'a',
link: 'l',
address: 'a',
price: '',
size: '',
image: 'https://example.com/a.jpg',
},
{
id: 'webp-listing',
title: 'b',
link: 'l',
address: 'a',
price: '',
size: '',
image: 'https://example.com/b.webp',
},
],
notificationConfig: [baseConfig],
jobKey: 'Berlin',
});
expect(mockGlobalFetch).toHaveBeenCalledTimes(1); // only webp pre-fetches
expect(mockNodeFetch).toHaveBeenCalledTimes(2);
// Verify one call had FormData and one had JSON body
const bodies = mockNodeFetch.mock.calls.map((c) => c[1].body);
const hasFormData = bodies.some((b) => b instanceof FormData);
const hasJson = bodies.some((b) => typeof b === 'string' && b.startsWith('{'));
expect(hasFormData).toBe(true);
expect(hasJson).toBe(true);
});
it('uses sendMessage (not sendPhoto) when image is null', async () => {
mockNodeFetch.mockResolvedValueOnce(jsonOk());
await send({
serviceName: 'immowelt',
newListings: [
{
id: 'a',
title: 't',
link: 'l',
address: 'a',
price: '',
size: '',
image: null,
},
],
notificationConfig: [baseConfig],
jobKey: 'Berlin',
});
expect(mockNodeFetch).toHaveBeenCalledTimes(1);
expect(mockNodeFetch.mock.calls[0][0]).toBe('https://api.telegram.org/botTKN/sendMessage');
expect(mockGlobalFetch).not.toHaveBeenCalled();
});
});
describe('telegram send() - multiple chat IDs', () => {
const listing = {
id: '1',
title: 'Flat',
link: 'https://ex.com',
address: 'Berlin',
price: '800',
size: '50',
image: 'https://ex.com/img.jpg',
};
it('sends to every chat ID in a comma-separated list', async () => {
mockNodeFetch.mockResolvedValue(jsonOk());
await send({
serviceName: 'immoscout',
newListings: [listing],
notificationConfig: [{ id: 'telegram', fields: { token: 'TKN', chatId: '111, 222' } }],
jobKey: 'Berlin',
});
expect(mockNodeFetch).toHaveBeenCalledTimes(2);
const bodies = mockNodeFetch.mock.calls.map((c) => JSON.parse(c[1].body));
expect(bodies.map((b) => b.chat_id)).toEqual(expect.arrayContaining(['111', '222']));
});
it('trims whitespace around each chat ID', async () => {
mockNodeFetch.mockResolvedValue(jsonOk());
await send({
serviceName: 'immoscout',
newListings: [listing],
notificationConfig: [{ id: 'telegram', fields: { token: 'TKN', chatId: ' 333 , 444 ' } }],
jobKey: 'Berlin',
});
expect(mockNodeFetch).toHaveBeenCalledTimes(2);
const bodies = mockNodeFetch.mock.calls.map((c) => JSON.parse(c[1].body));
expect(bodies.map((b) => b.chat_id)).toEqual(expect.arrayContaining(['333', '444']));
});
it('sends each listing to each chat ID (N listings × M chats)', async () => {
mockNodeFetch.mockResolvedValue(jsonOk());
await send({
serviceName: 'immoscout',
newListings: [listing, { ...listing, id: '2' }],
notificationConfig: [{ id: 'telegram', fields: { token: 'TKN', chatId: '555, 666' } }],
jobKey: 'Berlin',
});
expect(mockNodeFetch).toHaveBeenCalledTimes(4);
});
});
describe('telegram send() - config validation', () => {
it('throws when telegram adapter config is missing', () => {
expect(() =>
send({
serviceName: 's',
newListings: [],
notificationConfig: [],
jobKey: 'k',
}),
).toThrow(/configuration missing/);
});
it('throws when token or chatId is missing', () => {
expect(() =>
send({
serviceName: 's',
newListings: [],
notificationConfig: [{ id: 'telegram', fields: { token: '' } }],
jobKey: 'k',
}),
).toThrow(/token.*chatId/);
});
});

287
test/notification/telegramPhotoUploader.test.js Normal file
View File

@@ -0,0 +1,287 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
import { shouldUseMultipart, buildPhotoFormData } from '../../lib/notification/adapter/telegramPhotoUploader.js';
describe('shouldUseMultipart', () => {
it('returns true for .webp URL with query string', () => {
expect(shouldUseMultipart('https://mms.immowelt.de/1/1/6/5/abc.webp?ci_seal=hash&w=525&h=394')).toBe(true);
});
it('returns true for .webp URL without query string', () => {
expect(shouldUseMultipart('https://example.com/photo.webp')).toBe(true);
});
it('returns true for uppercase .WEBP extension', () => {
expect(shouldUseMultipart('https://example.com/IMG.WEBP?x=1')).toBe(true);
});
it('returns false for .jpg URL with query string', () => {
expect(shouldUseMultipart('https://mms.immowelt.de/a/b/c/d/xyz.jpg?ci_seal=hash&w=525&h=394')).toBe(false);
});
it('returns false for .jpeg URL', () => {
expect(shouldUseMultipart('https://example.com/photo.jpeg')).toBe(false);
});
it('returns false for .png URL with query string', () => {
expect(shouldUseMultipart('https://example.com/photo.png?w=100')).toBe(false);
});
it('returns false for .gif URL', () => {
expect(shouldUseMultipart('https://example.com/photo.gif')).toBe(false);
});
it('returns false for null', () => {
expect(shouldUseMultipart(null)).toBe(false);
});
it('returns false for undefined', () => {
expect(shouldUseMultipart(undefined)).toBe(false);
});
it('returns false for empty string', () => {
expect(shouldUseMultipart('')).toBe(false);
});
it('returns false for malformed URL', () => {
expect(shouldUseMultipart('not a url')).toBe(false);
});
it('returns false for URL where webp is in the query but not the path', () => {
expect(shouldUseMultipart('https://example.com/photo.jpg?format=webp')).toBe(false);
});
it('returns false for URL with no extension at all', () => {
expect(shouldUseMultipart('https://example.com/photo')).toBe(false);
});
it('returns false for non-https schemes', () => {
// file/data/ftp URLs should not be relevant; safer to skip multipart
expect(shouldUseMultipart('http://example.com/photo.webp')).toBe(false);
});
});
describe('buildPhotoFormData', () => {
let mockFetch;
beforeEach(() => {
mockFetch = vi.fn();
vi.stubGlobal('fetch', mockFetch);
});
afterEach(() => {
vi.unstubAllGlobals();
});
function makeImageResponse({ contentType = 'image/jpeg', bytes = new Uint8Array([0xff, 0xd8, 0xff]) } = {}) {
const buf = bytes.buffer.slice(bytes.byteOffset, bytes.byteOffset + bytes.byteLength);
return {
ok: true,
status: 200,
headers: {
get: (h) =>
h.toLowerCase() === 'content-type'
? contentType
: h.toLowerCase() === 'content-length'
? String(bytes.byteLength)
: null,
},
arrayBuffer: async () => buf,
};
}
it('fetches image with Accept header that excludes webp so the CDN transcodes to JPEG', async () => {
mockFetch.mockResolvedValueOnce(makeImageResponse());
await buildPhotoFormData({
chatId: '123',
imageUrl: 'https://example.com/photo.webp',
caption: 'hi',
parseMode: 'HTML',
});
expect(mockFetch).toHaveBeenCalledTimes(1);
const [url, opts] = mockFetch.mock.calls[0];
expect(url).toBe('https://example.com/photo.webp');
expect(opts?.headers?.Accept || opts?.headers?.accept).toMatch(/image\/jpeg/);
expect(opts?.headers?.Accept || opts?.headers?.accept).not.toMatch(/image\/webp/);
});
it('returns FormData containing chat_id, caption, parse_mode, and photo fields', async () => {
mockFetch.mockResolvedValueOnce(makeImageResponse());
const fd = await buildPhotoFormData({
chatId: '12345',
imageUrl: 'https://example.com/abc.webp',
caption: 'My caption',
parseMode: 'HTML',
});
expect(fd).toBeInstanceOf(FormData);
expect(fd.get('chat_id')).toBe('12345');
expect(fd.get('caption')).toBe('My caption');
expect(fd.get('parse_mode')).toBe('HTML');
const photo = fd.get('photo');
expect(photo).toBeTruthy();
// File-like (Blob); has a name and a size
expect(typeof photo.name).toBe('string');
expect(photo.size).toBeGreaterThan(0);
});
it('uses a .jpg filename (Telegram uses URL/filename extension for type detection)', async () => {
mockFetch.mockResolvedValueOnce(makeImageResponse());
const fd = await buildPhotoFormData({
chatId: '1',
imageUrl: 'https://example.com/source.webp',
caption: 'c',
parseMode: 'HTML',
});
const photo = fd.get('photo');
expect(photo.name).toMatch(/\.jpg$/i);
});
it('includes message_thread_id when provided', async () => {
mockFetch.mockResolvedValueOnce(makeImageResponse());
const fd = await buildPhotoFormData({
chatId: '1',
imageUrl: 'https://example.com/source.webp',
caption: 'c',
parseMode: 'HTML',
messageThreadId: 42,
});
expect(fd.get('message_thread_id')).toBe('42');
});
it('omits message_thread_id when not provided', async () => {
mockFetch.mockResolvedValueOnce(makeImageResponse());
const fd = await buildPhotoFormData({
chatId: '1',
imageUrl: 'https://example.com/source.webp',
caption: 'c',
parseMode: 'HTML',
});
expect(fd.get('message_thread_id')).toBeNull();
});
it('omits parse_mode when not provided (plain text mode)', async () => {
mockFetch.mockResolvedValueOnce(makeImageResponse());
const fd = await buildPhotoFormData({
chatId: '1',
imageUrl: 'https://example.com/source.webp',
caption: 'c',
});
expect(fd.get('parse_mode')).toBeNull();
});
it('throws when the image fetch returns non-200', async () => {
mockFetch.mockResolvedValueOnce({
ok: false,
status: 404,
headers: { get: () => null },
arrayBuffer: async () => new ArrayBuffer(0),
});
await expect(
buildPhotoFormData({
chatId: '1',
imageUrl: 'https://example.com/gone.webp',
caption: 'c',
parseMode: 'HTML',
}),
).rejects.toThrow(/404/);
});
it('throws when the image fetch throws (network error)', async () => {
mockFetch.mockRejectedValueOnce(new Error('ECONNREFUSED'));
await expect(
buildPhotoFormData({
chatId: '1',
imageUrl: 'https://example.com/x.webp',
caption: 'c',
parseMode: 'HTML',
}),
).rejects.toThrow(/ECONNREFUSED/);
});
it('throws when the image exceeds 10 MB (Telegram multipart limit)', async () => {
// 11 MB
const big = new Uint8Array(11 * 1024 * 1024);
mockFetch.mockResolvedValueOnce(makeImageResponse({ bytes: big }));
await expect(
buildPhotoFormData({
chatId: '1',
imageUrl: 'https://example.com/huge.webp',
caption: 'c',
parseMode: 'HTML',
}),
).rejects.toThrow(/size|large|10/i);
});
it('rejects early when content-length header advertises > 10 MB (avoids download)', async () => {
mockFetch.mockResolvedValueOnce({
ok: true,
status: 200,
headers: {
get: (h) => {
const k = h.toLowerCase();
if (k === 'content-type') return 'image/jpeg';
if (k === 'content-length') return String(50 * 1024 * 1024);
return null;
},
},
arrayBuffer: async () => {
throw new Error('should not be called - size check should reject first');
},
});
await expect(
buildPhotoFormData({
chatId: '1',
imageUrl: 'https://example.com/huge.webp',
caption: 'c',
parseMode: 'HTML',
}),
).rejects.toThrow(/size|large|10/i);
});
it('accepts exactly 10 MB images (boundary)', async () => {
const bytes = new Uint8Array(10 * 1024 * 1024);
mockFetch.mockResolvedValueOnce(makeImageResponse({ bytes }));
const fd = await buildPhotoFormData({
chatId: '1',
imageUrl: 'https://example.com/exact.webp',
caption: 'c',
parseMode: 'HTML',
});
expect(fd.get('photo').size).toBe(10 * 1024 * 1024);
});
it('coerces non-string chatId (number) to string in form data', async () => {
mockFetch.mockResolvedValueOnce(makeImageResponse());
const fd = await buildPhotoFormData({
chatId: 999,
imageUrl: 'https://example.com/x.webp',
caption: 'c',
parseMode: 'HTML',
});
expect(fd.get('chat_id')).toBe('999');
});
});

19
test/offlineFixtures.js
View File

@@ -38,6 +38,20 @@ async function tryReadFile(filepath) {
}
}
function withRealEstateType(data, realEstateType) {
if (!realEstateType?.length || !Array.isArray(data?.resultListItems)) {
return data;
}
const cloned = typeof structuredClone === 'function' ? structuredClone(data) : JSON.parse(JSON.stringify(data));
for (const item of cloned.resultListItems) {
if (item?.type === 'EXPOSE_RESULT' && item?.item) {
item.item.realEstateType = realEstateType;
}
}
return cloned;
}
/**
* Returns fixture HTML for the given URL by mapping hostname → provider name,
* then distinguishing list vs detail pages by comparing the URL path against
@@ -83,7 +97,10 @@ export function buildFetchMock() {
const raw = await tryReadFile(path.join(FIXTURES_DIR, 'immoscout_list.json'));
listData = raw ? JSON.parse(raw) : { resultListItems: [] };
}
return { ok: true, status: 200, json: () => Promise.resolve(listData) };
const requestedType = new URL(urlStr).searchParams.get('realestatetype');
const responseData = withRealEstateType(listData, requestedType);
return { ok: true, status: 200, json: () => Promise.resolve(responseData) };
}
if (urlStr.includes('api.mobile.immobilienscout24.de/expose/')) {

223
test/pipeline_filtering.test.js
View File

@@ -3,9 +3,10 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { expect } from 'vitest';
import { afterEach, expect } from 'vitest';
import { mockFredy } from './utils.js';
import * as mockStore from './mocks/mockStore.js';
import { get as getLastNotification } from './mocks/mockNotification.js';
describe('Issue reproduction: listings filtered by similarity or area should be marked as manually deleted', () => {
it('should call deleteListingsById when listings are filtered by similarity', async () => {
@@ -113,3 +114,223 @@ describe('Issue reproduction: listings filtered by similarity or area should be
expect(mockStore.deletedIds).toContain('2');
});
});
describe('Blacklist is re-applied after detail enrichment', () => {
afterEach(() => {
mockStore.setUserSettings(null);
});
it('filters out a listing whose blacklisted term only appears in the enriched description', async () => {
const Fredy = await mockFredy();
const providerId = 'test-provider';
mockStore.setUserSettings({
provider_details: [providerId],
blacklist_filter_on_provider_details: true,
});
const mockSimilarityCache = {
checkAndAddEntry: () => false,
};
const blacklist = ['allkauf'];
// The search results page returns a clean snippet (no blacklisted term).
// fetchDetails simulates loading the full detail page and discovers the
// blacklisted term hidden deep in the description.
const providerConfig = {
url: 'http://example.com',
getListings: () =>
Promise.resolve([
{
id: 'kept',
title: 'Nice house',
address: 'Some street',
price: '500000',
link: 'http://example.com/kept',
description: 'Cozy home with garden',
},
{
id: 'blacklisted',
title: 'Eleganz trifft Raumkomfort',
address: 'Other street',
price: '600000',
link: 'http://example.com/blacklisted',
description: 'Eleganz trifft Raumkomfort',
},
]),
normalize: (l) => l,
filter: (l) => {
const text = `${l.title ?? ''} ${l.description ?? ''}`.toLowerCase();
return !blacklist.some((term) => text.includes(term));
},
fetchDetails: (listing) => {
if (listing.id === 'blacklisted') {
return Promise.resolve({
...listing,
description: 'Mit allkauf Haus wird dein Traum vom Eigenheim wahr.',
});
}
return Promise.resolve(listing);
},
crawlFields: {
id: 'id',
title: 'title',
address: 'address',
price: 'price',
link: 'link',
description: 'description',
},
requiredFieldNames: ['id', 'title', 'address', 'price', 'link', 'description'],
};
const mockedJob = {
id: 'blacklist-test-job',
notificationAdapter: null,
specFilter: null,
spatialFilter: null,
};
const fredy = new Fredy(providerConfig, mockedJob, providerId, mockSimilarityCache, undefined);
const result = await fredy.execute();
expect(result).toBeInstanceOf(Array);
const ids = result.map((l) => l.id);
expect(ids).toContain('kept');
expect(ids).not.toContain('blacklisted');
const notification = getLastNotification();
const notifiedIds = (notification?.payload ?? []).map((p) => p.id);
expect(notifiedIds).not.toContain('blacklisted');
});
it('short-circuits the pipeline when all listings get blacklisted after enrichment', async () => {
const Fredy = await mockFredy();
const providerId = 'all-blacklisted-provider';
mockStore.setUserSettings({
provider_details: [providerId],
blacklist_filter_on_provider_details: true,
});
const mockSimilarityCache = {
checkAndAddEntry: () => false,
};
const blacklist = ['allkauf'];
const providerConfig = {
url: 'http://example.com',
getListings: () =>
Promise.resolve([
{
id: 'only',
title: 'Eleganz trifft Raumkomfort',
address: 'Some street',
price: '700000',
link: 'http://example.com/only',
description: 'Eleganz trifft Raumkomfort',
},
]),
normalize: (l) => l,
filter: (l) => {
const text = `${l.title ?? ''} ${l.description ?? ''}`.toLowerCase();
return !blacklist.some((term) => text.includes(term));
},
fetchDetails: (listing) =>
Promise.resolve({
...listing,
description: 'Mit allkauf Haus wird dein Traum vom Eigenheim wahr.',
}),
crawlFields: {
id: 'id',
title: 'title',
address: 'address',
price: 'price',
link: 'link',
description: 'description',
},
requiredFieldNames: ['id', 'title', 'address', 'price', 'link', 'description'],
};
const mockedJob = {
id: 'all-blacklisted-job',
notificationAdapter: null,
specFilter: null,
spatialFilter: null,
};
const fredy = new Fredy(providerConfig, mockedJob, providerId, mockSimilarityCache, undefined);
// Should resolve to undefined (NoNewListingsWarning is caught in _handleError).
const result = await fredy.execute();
expect(result).toBeUndefined();
});
it('does NOT re-filter when blacklist_filter_on_provider_details is disabled', async () => {
const Fredy = await mockFredy();
const providerId = 'opt-out-provider';
// provider_details enabled (so fetchDetails runs) but blacklist re-filter NOT enabled.
mockStore.setUserSettings({
provider_details: [providerId],
blacklist_filter_on_provider_details: false,
});
const mockSimilarityCache = {
checkAndAddEntry: () => false,
};
const blacklist = ['allkauf'];
const providerConfig = {
url: 'http://example.com',
getListings: () =>
Promise.resolve([
{
id: 'leaks-through',
title: 'Eleganz trifft Raumkomfort',
address: 'Other street',
price: '600000',
link: 'http://example.com/leaks-through',
description: 'Eleganz trifft Raumkomfort',
},
]),
normalize: (l) => l,
filter: (l) => {
const text = `${l.title ?? ''} ${l.description ?? ''}`.toLowerCase();
return !blacklist.some((term) => text.includes(term));
},
fetchDetails: (listing) =>
Promise.resolve({
...listing,
description: 'Mit allkauf Haus wird dein Traum vom Eigenheim wahr.',
}),
crawlFields: {
id: 'id',
title: 'title',
address: 'address',
price: 'price',
link: 'link',
description: 'description',
},
requiredFieldNames: ['id', 'title', 'address', 'price', 'link', 'description'],
};
const mockedJob = {
id: 'opt-out-job',
notificationAdapter: null,
specFilter: null,
spatialFilter: null,
};
const fredy = new Fredy(providerConfig, mockedJob, providerId, mockSimilarityCache, undefined);
const result = await fredy.execute();
// Listing leaks through because user has not opted in to the stricter check.
expect(result).toBeInstanceOf(Array);
expect(result.map((l) => l.id)).toContain('leaks-through');
});
});

134
test/provider/immobilienDe.test.js
View File

@@ -6,83 +6,89 @@
import * as similarityCache from '../../lib/services/similarity-check/similarityCache.js';
import { get } from '../mocks/mockNotification.js';
import { providerConfig, mockFredy } from '../utils.js';
import { expect, vi } from 'vitest';
import { expect } from 'vitest';
import * as provider from '../../lib/provider/immobilienDe.js';
import * as mockStore from '../mocks/mockStore.js';
import { launchBrowser, closeBrowser } from '../../lib/services/extractor/puppeteerExtractor.js';
// One browser shared across the whole suite so both requests (search + detail)
// come from the same warm session, avoiding double cold-start bot detection.
const TEST_TIMEOUT = 120_000;
describe('#immobilien.de testsuite()', () => {
provider.init(providerConfig.immobilienDe, [], []);
it('should test immobilien.de provider', async () => {
const mockedJob = {
id: 'test1',
notificationAdapter: null,
spatialFilter: null,
specFilter: null,
};
const Fredy = await mockFredy();
const fredy = new Fredy(provider.config, mockedJob, provider.metaInformation.id, similarityCache, undefined);
const listing = await fredy.execute();
let browser;
let liveListings;
if (listing == null || listing.length === 0) {
throw new Error('Listings is empty!');
}
beforeAll(async () => {
browser = await launchBrowser(providerConfig.immobilienDe.url);
}, TEST_TIMEOUT);
expect(listing).toBeInstanceOf(Array);
const notificationObj = get();
expect(notificationObj).toBeTypeOf('object');
expect(notificationObj.serviceName).toBe('immobilienDe');
notificationObj.payload.forEach((notify) => {
/** check the actual structure **/
expect(notify.id).toBeTypeOf('string');
expect(notify.price).toBeTypeOf('string');
expect(notify.size).toBeTypeOf('string');
expect(notify.title).toBeTypeOf('string');
expect(notify.link).toBeTypeOf('string');
expect(notify.address).toBeTypeOf('string');
/** check the values if possible **/
expect(notify.price).toContain('€');
expect(notify.size).toContain('m²');
expect(notify.title).not.toBe('');
expect(notify.link).toContain('https://www.immobilien.de');
expect(notify.address).not.toBe('');
});
afterAll(async () => {
await closeBrowser(browser);
});
it(
'should test immobilien.de provider',
async () => {
const mockedJob = {
id: 'test1',
notificationAdapter: null,
spatialFilter: null,
specFilter: null,
};
const Fredy = await mockFredy();
const fredy = new Fredy(provider.config, mockedJob, provider.metaInformation.id, similarityCache, browser);
liveListings = await fredy.execute();
if (liveListings == null || liveListings.length === 0) {
throw new Error('Listings is empty!');
}
expect(liveListings).toBeInstanceOf(Array);
const notificationObj = get();
expect(notificationObj).toBeTypeOf('object');
expect(notificationObj.serviceName).toBe('immobilienDe');
notificationObj.payload.forEach((notify) => {
/** check the actual structure **/
expect(notify.id).toBeTypeOf('string');
expect(notify.price).toBeTypeOf('string');
expect(notify.size).toBeTypeOf('string');
expect(notify.title).toBeTypeOf('string');
expect(notify.link).toBeTypeOf('string');
expect(notify.address).toBeTypeOf('string');
/** check the values if possible **/
expect(notify.price).toContain('€');
expect(notify.size).toContain('m²');
expect(notify.title).not.toBe('');
expect(notify.link).toContain('https://www.immobilien.de');
expect(notify.address).not.toBe('');
});
},
TEST_TIMEOUT,
);
describe('with provider_details enabled', () => {
beforeEach(() => {
vi.spyOn(mockStore, 'getUserSettings').mockReturnValue({ provider_details: [provider.metaInformation.id] });
vi.spyOn(mockStore, 'getKnownListingHashesForJobAndProvider').mockReturnValue([]);
});
it(
'should enrich listings with details',
async () => {
if (!liveListings?.length) throw new Error('No listings from first test to enrich');
afterEach(() => {
vi.restoreAllMocks();
});
// Call fetchDetails directly on the first live listing — no need to
// re-scrape the search page. The shared browser keeps the session warm.
const enriched = await provider.config.fetchDetails(liveListings[0], browser);
it('should enrich listings with details', async () => {
const Fredy = await mockFredy();
provider.init(providerConfig.immobilienDe, [], []);
const mockedJob = { id: 'test1', notificationAdapter: null, specFilter: null, spatialFilter: null };
const fredy = new Fredy(
provider.config,
mockedJob,
provider.metaInformation.id,
{ checkAndAddEntry: () => false },
undefined,
);
const listings = await fredy.execute();
if (listings == null) return;
expect(listings).toBeInstanceOf(Array);
listings.forEach((listing) => {
expect(listing.link).toContain('https://www.immobilien.de');
expect(listing.address).toBeTypeOf('string');
expect(listing.address).not.toBe('');
if (enriched == null) return;
expect(enriched.link).toContain('https://www.immobilien.de');
expect(enriched.address).toBeTypeOf('string');
expect(enriched.address).not.toBe('');
// description may be null if selectors don't match yet — falls back gracefully
if (listing.description != null) {
expect(listing.description).toBeTypeOf('string');
if (enriched.description != null) {
expect(enriched.description).toBeTypeOf('string');
}
});
});
},
TEST_TIMEOUT,
);
});
});

128
test/provider/immoscout.test.js
View File

@@ -3,85 +3,85 @@
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { expect, vi } from 'vitest';
import { expect } from 'vitest';
import * as similarityCache from '../../lib/services/similarity-check/similarityCache.js';
import { mockFredy, providerConfig } from '../utils.js';
import { get } from '../mocks/mockNotification.js';
import * as provider from '../../lib/provider/immoscout.js';
import * as mockStore from '../mocks/mockStore.js';
// immoscout uses the mobile REST API (fetch-based, no browser). Both tests share
// the same module-level listings so the API is only queried once, avoiding
// duplicate requests that could trigger rate-limiting.
const TEST_TIMEOUT = 120_000;
describe('#immoscout provider testsuite()', () => {
provider.init(providerConfig.immoscout, [], []);
it('should test immoscout provider', async () => {
const Fredy = await mockFredy();
const mockedJob = {
id: '',
notificationAdapter: null,
spatialFilter: null,
specFilter: null,
};
return await new Promise((resolve, reject) => {
const fredy = new Fredy(provider.config, mockedJob, provider.metaInformation.id, similarityCache, undefined);
fredy.execute().then((listings) => {
if (listings == null || listings.length === 0) {
reject('Listings is empty!');
return;
}
let liveListings;
expect(listings).toBeInstanceOf(Array);
const notificationObj = get();
expect(notificationObj).toBeTypeOf('object');
it(
'should test immoscout provider',
async () => {
const Fredy = await mockFredy();
const mockedJob = {
id: '',
notificationAdapter: null,
spatialFilter: null,
specFilter: null,
};
// check if there is at least one valid notification
const hasValidNotification = notificationObj.payload.some((notify) => {
return (
typeof notify.id === 'string' &&
typeof notify.price === 'string' &&
notify.price.includes('€') &&
typeof notify.size === 'string' &&
notify.size.includes('m²') &&
typeof notify.title === 'string' &&
notify.title !== '' &&
typeof notify.link === 'string' &&
notify.link.includes('https://www.immobilienscout24.de/') &&
typeof notify.address === 'string'
);
return await new Promise((resolve, reject) => {
const fredy = new Fredy(provider.config, mockedJob, provider.metaInformation.id, similarityCache, undefined);
fredy.execute().then((listings) => {
if (listings == null || listings.length === 0) {
reject('Listings is empty!');
return;
}
liveListings = listings;
expect(listings).toBeInstanceOf(Array);
const notificationObj = get();
expect(notificationObj).toBeTypeOf('object');
// check if there is at least one valid notification
const hasValidNotification = notificationObj.payload.some((notify) => {
return (
typeof notify.id === 'string' &&
typeof notify.price === 'string' &&
notify.price.includes('€') &&
typeof notify.size === 'string' &&
notify.size.includes('m²') &&
typeof notify.title === 'string' &&
notify.title !== '' &&
typeof notify.link === 'string' &&
notify.link.includes('https://www.immobilienscout24.de/') &&
typeof notify.address === 'string'
);
});
expect(hasValidNotification).toBe(true);
resolve();
});
expect(hasValidNotification).toBe(true);
resolve();
});
});
});
},
TEST_TIMEOUT,
);
describe('with provider_details enabled', () => {
beforeEach(() => {
vi.spyOn(mockStore, 'getUserSettings').mockReturnValue({ provider_details: [provider.metaInformation.id] });
vi.spyOn(mockStore, 'getKnownListingHashesForJobAndProvider').mockReturnValue([]);
});
it(
'should enrich listings with details',
async () => {
if (!liveListings?.length) throw new Error('No listings from first test to enrich');
afterEach(() => {
vi.restoreAllMocks();
});
// Call fetchDetails directly on the first live listing — no need to
// re-query the search API. immoscout uses fetch (no browser).
const enriched = await provider.config.fetchDetails(liveListings[0]);
it('should enrich listings with details', async () => {
const Fredy = await mockFredy();
provider.init(providerConfig.immoscout, [], []);
const mockedJob = { id: '', notificationAdapter: null, specFilter: null, spatialFilter: null };
const fredy = new Fredy(
provider.config,
mockedJob,
provider.metaInformation.id,
{ checkAndAddEntry: () => false },
undefined,
);
const listings = await fredy.execute();
expect(listings).toBeInstanceOf(Array);
listings.forEach((listing) => {
expect(listing.description).toBeTypeOf('string');
expect(listing.description).not.toBe('');
});
});
expect(enriched).toBeTruthy();
expect(enriched.description).toBeTypeOf('string');
expect(enriched.description).not.toBe('');
},
TEST_TIMEOUT,
);
});
});

148
test/provider/immowelt.test.js
View File

@@ -6,87 +6,95 @@
import * as similarityCache from '../../lib/services/similarity-check/similarityCache.js';
import { get } from '../mocks/mockNotification.js';
import { mockFredy, providerConfig } from '../utils.js';
import { expect, vi } from 'vitest';
import { expect } from 'vitest';
import * as provider from '../../lib/provider/immowelt.js';
import * as mockStore from '../mocks/mockStore.js';
import { launchBrowser, closeBrowser } from '../../lib/services/extractor/puppeteerExtractor.js';
// One browser shared across the whole suite so both requests (search + detail)
// come from the same warm session. Immowelt's CDN challenges cold sessions
// aggressively; a shared warm browser prevents the second request from being
// blocked as a bot hit.
const TEST_TIMEOUT = 180_000;
describe('#immowelt testsuite()', () => {
it('should test immowelt provider', async () => {
const Fredy = await mockFredy();
const mockedJob = {
id: 'immowelt',
notificationAdapter: null,
spatialFilter: null,
specFilter: null,
};
provider.init(providerConfig.immowelt, [], []);
let browser;
let liveListings;
const fredy = new Fredy(provider.config, mockedJob, provider.metaInformation.id, similarityCache, undefined);
beforeAll(async () => {
browser = await launchBrowser(providerConfig.immowelt.url);
}, TEST_TIMEOUT);
const listing = await fredy.execute();
if (listing == null || listing.length === 0) {
throw new Error('Listings is empty!');
}
expect(listing).toBeInstanceOf(Array);
const notificationObj = get();
expect(notificationObj).toBeTypeOf('object');
expect(notificationObj.serviceName).toBe('immowelt');
notificationObj.payload.forEach((notify) => {
/** check the actual structure **/
expect(notify.id).toBeTypeOf('string');
if (notify.price != null) {
expect(notify.price).toBeTypeOf('string');
expect(notify.price).toContain('€');
}
expect(notify.title).toBeTypeOf('string');
expect(notify.link).toBeTypeOf('string');
expect(notify.address).toBeTypeOf('string');
/** check the values if possible **/
if (notify.size != null && notify.size.trim().toLowerCase() !== 'k.a.') {
expect(notify.size).toBeTypeOf('string');
expect(notify.size).toContain('m²');
}
expect(notify.title).not.toBe('');
expect(notify.link).toContain('https://www.immowelt.de');
expect(notify.address).not.toBe('');
});
afterAll(async () => {
await closeBrowser(browser);
});
it(
'should test immowelt provider',
async () => {
const Fredy = await mockFredy();
const mockedJob = {
id: 'immowelt',
notificationAdapter: null,
spatialFilter: null,
specFilter: null,
};
provider.init(providerConfig.immowelt, [], []);
const fredy = new Fredy(provider.config, mockedJob, provider.metaInformation.id, similarityCache, browser);
liveListings = await fredy.execute();
if (liveListings == null || liveListings.length === 0) {
throw new Error('Listings is empty!');
}
expect(liveListings).toBeInstanceOf(Array);
const notificationObj = get();
expect(notificationObj).toBeTypeOf('object');
expect(notificationObj.serviceName).toBe('immowelt');
notificationObj.payload.forEach((notify) => {
/** check the actual structure **/
expect(notify.id).toBeTypeOf('string');
if (notify.price != null) {
expect(notify.price).toBeTypeOf('string');
expect(notify.price).toContain('€');
}
expect(notify.title).toBeTypeOf('string');
expect(notify.link).toBeTypeOf('string');
expect(notify.address).toBeTypeOf('string');
/** check the values if possible **/
if (notify.size != null && notify.size.trim().toLowerCase() !== 'k.a.') {
expect(notify.size).toBeTypeOf('string');
expect(notify.size).toContain('m²');
}
expect(notify.title).not.toBe('');
expect(notify.link).toContain('https://www.immowelt.de');
expect(notify.address).not.toBe('');
});
},
TEST_TIMEOUT,
);
describe('with provider_details enabled', () => {
beforeEach(() => {
vi.spyOn(mockStore, 'getUserSettings').mockReturnValue({ provider_details: [provider.metaInformation.id] });
vi.spyOn(mockStore, 'getKnownListingHashesForJobAndProvider').mockReturnValue([]);
});
it(
'should enrich listings with details',
async () => {
if (!liveListings?.length) throw new Error('No listings from first test to enrich');
afterEach(() => {
vi.restoreAllMocks();
});
// Call fetchDetails directly on the first live listing — no need to
// re-scrape the search page. The shared browser keeps the session warm.
const enriched = await provider.config.fetchDetails(liveListings[0], browser);
it('should enrich listings with details', async () => {
const Fredy = await mockFredy();
provider.init(providerConfig.immowelt, [], []);
const mockedJob = { id: 'immowelt', notificationAdapter: null, specFilter: null, spatialFilter: null };
const fredy = new Fredy(
provider.config,
mockedJob,
provider.metaInformation.id,
{ checkAndAddEntry: () => false },
undefined,
);
const listings = await fredy.execute();
expect(listings).toBeInstanceOf(Array);
listings.forEach((listing) => {
expect(listing.link).toContain('https://www.immowelt.de');
expect(listing.address).toBeTypeOf('string');
expect(listing.address).not.toBe('');
expect(enriched).toBeTruthy();
expect(enriched.link).toContain('https://www.immowelt.de');
expect(enriched.address).toBeTypeOf('string');
expect(enriched.address).not.toBe('');
// description is enriched from the detail page; falls back gracefully if blocked
if (listing.description != null) {
expect(listing.description).toBeTypeOf('string');
if (enriched.description != null) {
expect(enriched.description).toBeTypeOf('string');
}
});
});
},
TEST_TIMEOUT,
);
});
});

138
test/provider/kleinanzeigen.test.js
View File

@@ -6,80 +6,88 @@
import * as similarityCache from '../../lib/services/similarity-check/similarityCache.js';
import { get } from '../mocks/mockNotification.js';
import { mockFredy, providerConfig } from '../utils.js';
import { expect, vi } from 'vitest';
import { expect } from 'vitest';
import * as provider from '../../lib/provider/kleinanzeigen.js';
import * as mockStore from '../mocks/mockStore.js';
import { launchBrowser, closeBrowser } from '../../lib/services/extractor/puppeteerExtractor.js';
// One browser shared across the whole suite so both requests (search + detail)
// come from the same warm session. Kleinanzeigen rate-limits cold browser
// sessions; a shared warm browser prevents the second request from being blocked.
const TEST_TIMEOUT = 180_000;
describe('#kleinanzeigen testsuite()', () => {
it('should test kleinanzeigen provider', async () => {
const Fredy = await mockFredy();
const mockedJob = {
id: 'kleinanzeigen',
notificationAdapter: null,
spatialFilter: null,
specFilter: null,
};
provider.init(providerConfig.kleinanzeigen, [], []);
return await new Promise((resolve, reject) => {
const fredy = new Fredy(provider.config, mockedJob, provider.metaInformation.id, similarityCache, undefined);
let browser;
let liveListings;
fredy.execute().then((listing) => {
if (listing == null || listing.length === 0) {
reject('Listings is empty!');
return;
}
beforeAll(async () => {
browser = await launchBrowser(providerConfig.kleinanzeigen.url);
}, TEST_TIMEOUT);
expect(listing).toBeInstanceOf(Array);
const notificationObj = get();
expect(notificationObj).toBeTypeOf('object');
expect(notificationObj.serviceName).toBe('kleinanzeigen');
notificationObj.payload.forEach((notify) => {
/** check the actual structure **/
expect(notify.id).toBeTypeOf('string');
expect(notify.title).toBeTypeOf('string');
expect(notify.link).toBeTypeOf('string');
expect(notify.address).toBeTypeOf('string');
/** check the values if possible **/
expect(notify.title).not.toBe('');
expect(notify.link).toContain('https://www.kleinanzeigen.de');
expect(notify.address).not.toBe('');
});
resolve();
});
});
afterAll(async () => {
await closeBrowser(browser);
});
it(
'should test kleinanzeigen provider',
async () => {
const Fredy = await mockFredy();
const mockedJob = {
id: 'kleinanzeigen',
notificationAdapter: null,
spatialFilter: null,
specFilter: null,
};
provider.init(providerConfig.kleinanzeigen, [], []);
return await new Promise((resolve, reject) => {
const fredy = new Fredy(provider.config, mockedJob, provider.metaInformation.id, similarityCache, browser);
fredy.execute().then((listing) => {
if (listing == null || listing.length === 0) {
reject('Listings is empty!');
return;
}
liveListings = listing;
expect(listing).toBeInstanceOf(Array);
const notificationObj = get();
expect(notificationObj).toBeTypeOf('object');
expect(notificationObj.serviceName).toBe('kleinanzeigen');
notificationObj.payload.forEach((notify) => {
/** check the actual structure **/
expect(notify.id).toBeTypeOf('string');
expect(notify.title).toBeTypeOf('string');
expect(notify.link).toBeTypeOf('string');
expect(notify.address).toBeTypeOf('string');
/** check the values if possible **/
expect(notify.title).not.toBe('');
expect(notify.link).toContain('https://www.kleinanzeigen.de');
expect(notify.address).not.toBe('');
});
resolve();
});
});
},
TEST_TIMEOUT,
);
describe('with provider_details enabled', () => {
beforeEach(() => {
vi.spyOn(mockStore, 'getUserSettings').mockReturnValue({ provider_details: [provider.metaInformation.id] });
vi.spyOn(mockStore, 'getKnownListingHashesForJobAndProvider').mockReturnValue([]);
});
it(
'should enrich listings with details',
async () => {
if (!liveListings?.length) throw new Error('No listings from first test to enrich');
afterEach(() => {
vi.restoreAllMocks();
});
// Call fetchDetails directly on the first live listing — no need to
// re-scrape the search page. The shared browser keeps the session warm.
const enriched = await provider.config.fetchDetails(liveListings[0], browser);
it('should enrich listings with details', async () => {
const Fredy = await mockFredy();
provider.init(providerConfig.kleinanzeigen, [], []);
const mockedJob = { id: 'kleinanzeigen', notificationAdapter: null, specFilter: null, spatialFilter: null };
const fredy = new Fredy(
provider.config,
mockedJob,
provider.metaInformation.id,
{ checkAndAddEntry: () => false },
undefined,
);
const listings = await fredy.execute();
expect(listings).toBeInstanceOf(Array);
listings.forEach((listing) => {
expect(listing.link).toContain('https://www.kleinanzeigen.de');
expect(listing.address).toBeTypeOf('string');
expect(listing.address).not.toBe('');
expect(listing.description).toBeTypeOf('string');
expect(listing.description).not.toBe('');
});
});
expect(enriched).toBeTruthy();
expect(enriched.link).toContain('https://www.kleinanzeigen.de');
expect(enriched.address).toBeTypeOf('string');
expect(enriched.address).not.toBe('');
expect(enriched.description).toBeTypeOf('string');
expect(enriched.description).not.toBe('');
},
TEST_TIMEOUT,
);
});
});

134
test/provider/sparkasse.test.js
View File

@@ -9,81 +9,97 @@ import { mockFredy, providerConfig } from '../utils.js';
import { expect, vi } from 'vitest';
import * as provider from '../../lib/provider/sparkasse.js';
import * as mockStore from '../mocks/mockStore.js';
import { launchBrowser, closeBrowser } from '../../lib/services/extractor/puppeteerExtractor.js';
// One browser shared across the whole suite so both requests (search + detail)
// come from the same warm session. This prevents the second request from being
// flagged as a cold-start bot hit.
const TEST_TIMEOUT = 120_000;
describe('#sparkasse testsuite()', () => {
it('should test sparkasse provider', async () => {
const Fredy = await mockFredy();
const mockedJob = {
id: 'sparkasse',
notificationAdapter: null,
spatialFilter: null,
specFilter: null,
};
provider.init(providerConfig.sparkasse, []);
let browser;
let liveListings;
const fredy = new Fredy(provider.config, mockedJob, provider.metaInformation.id, similarityCache, undefined);
beforeAll(async () => {
browser = await launchBrowser(providerConfig.sparkasse.url);
}, TEST_TIMEOUT);
const listing = await fredy.execute();
if (listing == null || listing.length === 0) {
throw new Error('Listings is empty!');
}
expect(listing).toBeInstanceOf(Array);
const notificationObj = get();
expect(notificationObj).toBeTypeOf('object');
expect(notificationObj.serviceName).toBe('sparkasse');
notificationObj.payload.forEach((notify) => {
/** check the actual structure **/
expect(notify.id).toBeTypeOf('string');
expect(notify.price).toBeTypeOf('string');
expect(notify.price).toContain('€');
expect(notify.size).toBeTypeOf('string');
expect(notify.size).toContain('m²');
expect(notify.title).toBeTypeOf('string');
expect(notify.link).toBeTypeOf('string');
expect(notify.address).toBeTypeOf('string');
/** check the values if possible **/
expect(notify.size).toBeTypeOf('string');
expect(notify.title).not.toBe('');
expect(notify.address).not.toBe('');
});
afterAll(async () => {
await closeBrowser(browser);
});
it(
'should test sparkasse provider',
async () => {
const Fredy = await mockFredy();
const mockedJob = {
id: 'sparkasse',
notificationAdapter: null,
spatialFilter: null,
specFilter: null,
};
provider.init(providerConfig.sparkasse, []);
const fredy = new Fredy(provider.config, mockedJob, provider.metaInformation.id, similarityCache, browser);
liveListings = await fredy.execute();
if (liveListings == null || liveListings.length === 0) {
throw new Error('Listings is empty!');
}
expect(liveListings).toBeInstanceOf(Array);
const notificationObj = get();
expect(notificationObj).toBeTypeOf('object');
expect(notificationObj.serviceName).toBe('sparkasse');
notificationObj.payload.forEach((notify) => {
/** check the actual structure **/
expect(notify.id).toBeTypeOf('string');
expect(notify.price).toBeTypeOf('string');
expect(notify.price).toContain('€');
expect(notify.size).toBeTypeOf('string');
expect(notify.size).toContain('m²');
expect(notify.title).toBeTypeOf('string');
expect(notify.link).toBeTypeOf('string');
expect(notify.address).toBeTypeOf('string');
/** check the values if possible **/
expect(notify.size).toBeTypeOf('string');
expect(notify.title).not.toBe('');
expect(notify.address).not.toBe('');
});
},
TEST_TIMEOUT,
);
describe('with provider_details enabled', () => {
beforeEach(() => {
vi.spyOn(mockStore, 'getUserSettings').mockReturnValue({ provider_details: [provider.metaInformation.id] });
vi.spyOn(mockStore, 'getKnownListingHashesForJobAndProvider').mockReturnValue([]);
});
afterEach(() => {
vi.restoreAllMocks();
});
it('should enrich listings with details', async () => {
const Fredy = await mockFredy();
provider.init(providerConfig.sparkasse, []);
const mockedJob = { id: 'sparkasse', notificationAdapter: null, specFilter: null, spatialFilter: null };
it(
'should enrich listings with details',
async () => {
if (!liveListings?.length) throw new Error('No listings from first test to enrich');
const fredy = new Fredy(
provider.config,
mockedJob,
provider.metaInformation.id,
{ checkAndAddEntry: () => false },
undefined,
);
const listings = await fredy.execute();
expect(listings).toBeInstanceOf(Array);
listings.forEach((listing) => {
expect(listing.link).toContain('https://immobilien.sparkasse.de');
expect(listing.address).toBeTypeOf('string');
expect(listing.address).not.toBe('');
// description is enriched from the detail page; falls back gracefully if bot-detected
if (listing.description != null) {
expect(listing.description).toBeTypeOf('string');
expect(listing.description).not.toBe('');
// Call fetchDetails directly on the first live listing — no need to
// re-scrape the search page. The shared browser keeps the session warm.
const enriched = await provider.config.fetchDetails(liveListings[0], browser);
expect(enriched).toBeTruthy();
expect(enriched.link).toContain('https://immobilien.sparkasse.de');
expect(enriched.address).toBeTypeOf('string');
expect(enriched.address).not.toBe('');
// description is enriched from the detail page; falls back gracefully if blocked
if (enriched.description != null) {
expect(enriched.description).toBeTypeOf('string');
expect(enriched.description).not.toBe('');
}
});
});
},
TEST_TIMEOUT,
);
});
});

128
test/provider/wgGesucht.test.js
View File

@@ -6,77 +6,85 @@
import * as similarityCache from '../../lib/services/similarity-check/similarityCache.js';
import { get } from '../mocks/mockNotification.js';
import { mockFredy, providerConfig } from '../utils.js';
import { expect, vi } from 'vitest';
import { expect } from 'vitest';
import * as provider from '../../lib/provider/wgGesucht.js';
import * as mockStore from '../mocks/mockStore.js';
import { launchBrowser, closeBrowser } from '../../lib/services/extractor/puppeteerExtractor.js';
// One browser shared across the whole suite so both requests (search + detail)
// come from the same warm session, avoiding double cold-start bot detection.
const TEST_TIMEOUT = 120_000;
describe('#wgGesucht testsuite()', () => {
provider.init(providerConfig.wgGesucht, [], []);
it('should test wgGesucht provider', { timeout: 120000 }, async () => {
const Fredy = await mockFredy();
const mockedJob = {
id: 'wgGesucht',
notificationAdapter: null,
spatialFilter: null,
specFilter: null,
};
return await new Promise((resolve, reject) => {
const fredy = new Fredy(provider.config, mockedJob, provider.metaInformation.id, similarityCache, undefined);
let browser;
let liveListings;
fredy.execute().then((listing) => {
if (listing == null || listing.length === 0) {
reject('Listings is empty!');
return;
}
beforeAll(async () => {
browser = await launchBrowser(providerConfig.wgGesucht.url);
}, TEST_TIMEOUT);
expect(listing).toBeInstanceOf(Array);
const notificationObj = get();
expect(notificationObj.serviceName).toBe('wgGesucht');
notificationObj.payload.forEach((notify) => {
expect(notify).toBeTypeOf('object');
/** check the actual structure **/
expect(notify.id).toBeTypeOf('string');
expect(notify.title).toBeTypeOf('string');
// expect(notify.details).toBeTypeOf('string');
expect(notify.price).toBeTypeOf('string');
expect(notify.price).toContain('€');
expect(notify.link).toBeTypeOf('string');
});
resolve();
});
});
afterAll(async () => {
await closeBrowser(browser);
});
it(
'should test wgGesucht provider',
async () => {
const Fredy = await mockFredy();
const mockedJob = {
id: 'wgGesucht',
notificationAdapter: null,
spatialFilter: null,
specFilter: null,
};
return await new Promise((resolve, reject) => {
const fredy = new Fredy(provider.config, mockedJob, provider.metaInformation.id, similarityCache, browser);
fredy.execute().then((listing) => {
if (listing == null || listing.length === 0) {
reject('Listings is empty!');
return;
}
liveListings = listing;
expect(listing).toBeInstanceOf(Array);
const notificationObj = get();
expect(notificationObj.serviceName).toBe('wgGesucht');
notificationObj.payload.forEach((notify) => {
expect(notify).toBeTypeOf('object');
/** check the actual structure **/
expect(notify.id).toBeTypeOf('string');
expect(notify.title).toBeTypeOf('string');
// expect(notify.details).toBeTypeOf('string');
expect(notify.price).toBeTypeOf('string');
expect(notify.price).toContain('€');
expect(notify.link).toBeTypeOf('string');
});
resolve();
});
});
},
TEST_TIMEOUT,
);
describe('with provider_details enabled', () => {
beforeEach(() => {
vi.spyOn(mockStore, 'getUserSettings').mockReturnValue({ provider_details: [provider.metaInformation.id] });
vi.spyOn(mockStore, 'getKnownListingHashesForJobAndProvider').mockReturnValue([]);
});
it(
'should enrich listings with details',
async () => {
if (!liveListings?.length) throw new Error('No listings from first test to enrich');
afterEach(() => {
vi.restoreAllMocks();
});
// Call fetchDetails directly on the first live listing — no need to
// re-scrape the search page. The shared browser keeps the session warm.
const enriched = await provider.config.fetchDetails(liveListings[0], browser);
it('should enrich listings with details', async () => {
const Fredy = await mockFredy();
provider.init(providerConfig.wgGesucht, [], []);
const mockedJob = { id: 'wgGesucht', notificationAdapter: null, specFilter: null, spatialFilter: null };
const fredy = new Fredy(
provider.config,
mockedJob,
provider.metaInformation.id,
{ checkAndAddEntry: () => false },
undefined,
);
const listings = await fredy.execute();
expect(listings).toBeInstanceOf(Array);
listings.forEach((listing) => {
expect(listing.link).toContain('https://www.wg-gesucht.de');
expect(listing.description).toBeTypeOf('string');
expect(listing.description).not.toBe('');
});
});
expect(enriched).toBeTruthy();
expect(enriched.link).toContain('https://www.wg-gesucht.de');
expect(enriched.description).toBeTypeOf('string');
expect(enriched.description).not.toBe('');
},
TEST_TIMEOUT,
);
});
});

129
test/services/debug/debugBundleService.test.js Normal file
View File

@@ -0,0 +1,129 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
import path from 'node:path';
describe('services/debug/debugBundleService.js', () => {
let svc;
let storedLogs;
let addedZipEntries;
beforeEach(async () => {
storedLogs = [];
addedZipEntries = [];
/**
* Minimal AdmZip stand-in that records the in-memory entry names + payloads so we
* can assert what made it into the bundle without spinning up real zip parsing.
*/
class MockAdmZip {
constructor() {
this.entries = [];
}
addFile(name, buf) {
this.entries.push({ entryName: name, data: buf });
addedZipEntries.push({ entryName: name, content: buf.toString('utf-8') });
}
toBuffer() {
return Buffer.from(JSON.stringify(this.entries.map((e) => e.entryName)));
}
}
globalThis.__TEST_ADM_ZIP__ = MockAdmZip;
const ROOT = path.resolve('.');
const storagePath = path.join(ROOT, 'lib', 'services', 'debug', 'debugLogStorage.js');
const utilsPath = path.join(ROOT, 'lib', 'utils.js');
const storageMock = {
getAllDebugLogs: () => storedLogs,
};
const utilsMock = { getPackageVersion: async () => '22.5.0' };
vi.resetModules();
vi.doMock(storagePath, () => storageMock);
vi.doMock(utilsPath, () => utilsMock);
svc = await import(path.join(ROOT, 'lib', 'services', 'debug', 'debugBundleService.js'));
});
afterEach(() => {
delete globalThis.__TEST_ADM_ZIP__;
});
describe('renderLogsTxt', () => {
it('returns an empty string when there are no rows', () => {
expect(svc.renderLogsTxt()).toBe('');
});
it('formats each row as [date] LEVEL: message and keeps order', () => {
storedLogs.push({ id: 1, ts: 1717855200000, level: 'info', message: 'first line' });
storedLogs.push({ id: 2, ts: 1717855201000, level: 'warn', message: 'second line' });
const out = svc.renderLogsTxt();
expect(out).toMatch(/\[\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\] INFO: first line/);
expect(out).toMatch(/\[\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\] WARN: second line/);
expect(out.indexOf('first line')).toBeLessThan(out.indexOf('second line'));
expect(out.endsWith('\n')).toBe(true);
});
});
describe('buildSystemInfo', () => {
it('contains Fredy version, Node version and OS platform', async () => {
const sys = await svc.buildSystemInfo({ settings: null });
expect(sys).toMatch(/Fredy version:\s+22\.5\.0/);
expect(sys).toContain(`Node.js version: ${process.version}`);
expect(sys).toContain(`Platform: ${process.platform}`);
});
it('redacts proxy URL credentials', async () => {
const sys = await svc.buildSystemInfo({
settings: { proxyUrl: 'http://secret:hunter2@proxy.example:8080', port: 9998 },
});
expect(sys).not.toContain('hunter2');
expect(sys).not.toContain('secret');
expect(sys).toContain('proxy.example');
expect(sys).toContain('port: 9998');
});
it('strips session secrets from sanitized settings output', async () => {
const sys = await svc.buildSystemInfo({
settings: { session_secret: 'top-secret', sessionSecret: 'other-secret', port: 9998 },
});
expect(sys).not.toContain('top-secret');
expect(sys).not.toContain('other-secret');
});
});
describe('buildDebugBundleFileName', () => {
it('matches YYYY-MM-DD-FredyDebug-<version>.zip', async () => {
const name = await svc.buildDebugBundleFileName();
expect(name).toMatch(/^\d{4}-\d{2}-\d{2}-FredyDebug-22\.5\.0\.zip$/);
});
});
describe('buildDebugBundleZip', () => {
it('always emits both logs.txt and sys.txt entries', async () => {
storedLogs.push({ id: 1, ts: 1717855200000, level: 'info', message: 'recorded line' });
await svc.buildDebugBundleZip({ settings: { port: 9998 } });
const names = addedZipEntries.map((e) => e.entryName).sort();
expect(names).toEqual(['logs.txt', 'sys.txt']);
const logs = addedZipEntries.find((e) => e.entryName === 'logs.txt');
const sys = addedZipEntries.find((e) => e.entryName === 'sys.txt');
expect(logs.content).toContain('recorded line');
expect(sys.content).toMatch(/Fredy version:\s+22\.5\.0/);
expect(sys.content).toContain('port: 9998');
});
it('includes a placeholder message when no logs are stored', async () => {
await svc.buildDebugBundleZip({ settings: null });
const logs = addedZipEntries.find((e) => e.entryName === 'logs.txt');
expect(logs.content).toMatch(/no debug log entries/i);
});
});
});

278
test/services/debug/debugLogStorage.test.js Normal file
View File

@@ -0,0 +1,278 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
import path from 'node:path';
import Database from 'better-sqlite3';
/**
* Wire up an in-memory better-sqlite3 instance plus a stubbed settings module so the
* storage module under test can exercise real SQL while the rest of the dependency
* graph stays inert.
*/
async function bootstrap() {
const db = new Database(':memory:');
db.exec(`
CREATE TABLE debug_logs (
id INTEGER PRIMARY KEY AUTOINCREMENT,
ts INTEGER NOT NULL,
level TEXT NOT NULL,
message TEXT NOT NULL,
byte_size INTEGER NOT NULL
);
`);
const settings = { debug_logging_enabled: false, debug_logging_ever_enabled: false };
const ROOT = path.resolve('.');
const sqlitePath = path.join(ROOT, 'lib', 'services', 'storage', 'SqliteConnection.js');
const settingsPath = path.join(ROOT, 'lib', 'services', 'storage', 'settingsStorage.js');
const sqliteMock = {
default: {
getConnection: () => db,
execute: (sql, params = {}) => db.prepare(sql).run(params),
query: (sql, params = {}) => db.prepare(sql).all(params),
},
};
const settingsMock = {
getSettings: async () => ({ ...settings }),
upsertSettings: (entries) => {
const map = Array.isArray(entries) ? Object.fromEntries(entries) : entries;
for (const [k, v] of Object.entries(map)) {
settings[k] = v;
}
},
};
vi.resetModules();
vi.doMock(sqlitePath, () => sqliteMock);
vi.doMock(settingsPath, () => settingsMock);
const storage = await import(path.join(ROOT, 'lib', 'services', 'debug', 'debugLogStorage.js'));
storage._resetForTests();
return { storage, db, settings };
}
describe('services/debug/debugLogStorage.js', () => {
let ctx;
beforeEach(async () => {
ctx = await bootstrap();
});
afterEach(() => {
try {
ctx.db.close();
} catch {
// ignore
}
});
it('isEnabled is false before enableDebugLogging is called', async () => {
expect(ctx.storage.isEnabled()).toBe(false);
});
it('enableDebugLogging flips the cached flag and persists ever-enabled', async () => {
await ctx.storage.enableDebugLogging();
expect(ctx.storage.isEnabled()).toBe(true);
expect(ctx.settings.debug_logging_enabled).toBe(true);
expect(ctx.settings.debug_logging_ever_enabled).toBe(true);
});
it('reloadEnabledFromSettings picks up persisted state after restart', async () => {
ctx.settings.debug_logging_enabled = true;
const enabled = await ctx.storage.reloadEnabledFromSettings();
expect(enabled).toBe(true);
expect(ctx.storage.isEnabled()).toBe(true);
});
it('appendLogEntry writes only while enabled', async () => {
ctx.storage.appendLogEntry({ ts: 1, level: 'info', message: 'before-enable' });
expect(ctx.db.prepare('SELECT COUNT(*) AS c FROM debug_logs').get().c).toBe(0);
await ctx.storage.enableDebugLogging();
ctx.storage.appendLogEntry({ ts: 2, level: 'warn', message: 'after-enable' });
expect(ctx.db.prepare('SELECT COUNT(*) AS c FROM debug_logs').get().c).toBe(1);
const row = ctx.db.prepare('SELECT level, message, byte_size FROM debug_logs').get();
expect(row.level).toBe('warn');
expect(row.message).toBe('after-enable');
expect(row.byte_size).toBe(Buffer.byteLength('after-enable', 'utf-8'));
});
it('disableDebugLogging stops writes but keeps existing rows', async () => {
await ctx.storage.enableDebugLogging();
ctx.storage.appendLogEntry({ ts: 1, level: 'info', message: 'keep-me' });
await ctx.storage.disableDebugLogging();
ctx.storage.appendLogEntry({ ts: 2, level: 'info', message: 'never-written' });
const rows = ctx.db.prepare('SELECT message FROM debug_logs ORDER BY id').all();
expect(rows).toHaveLength(1);
expect(rows[0].message).toBe('keep-me');
});
it('enableDebugLogging clears previous logs only when asked', async () => {
await ctx.storage.enableDebugLogging();
ctx.storage.appendLogEntry({ ts: 1, level: 'info', message: 'pre-existing' });
await ctx.storage.disableDebugLogging();
await ctx.storage.enableDebugLogging({ clearPrevious: false });
expect(ctx.db.prepare('SELECT COUNT(*) AS c FROM debug_logs').get().c).toBe(1);
await ctx.storage.disableDebugLogging();
await ctx.storage.enableDebugLogging({ clearPrevious: true });
expect(ctx.db.prepare('SELECT COUNT(*) AS c FROM debug_logs').get().c).toBe(0);
});
it('hasAnyLogs / wasEverEnabled report correctly', async () => {
expect(ctx.storage.hasAnyLogs()).toBe(false);
expect(await ctx.storage.wasEverEnabled()).toBe(false);
await ctx.storage.enableDebugLogging();
ctx.storage.appendLogEntry({ ts: 1, level: 'info', message: 'hi' });
expect(ctx.storage.hasAnyLogs()).toBe(true);
expect(await ctx.storage.wasEverEnabled()).toBe(true);
});
it('getCurrentSize reflects the on-disk byte total', async () => {
await ctx.storage.enableDebugLogging();
ctx.storage.appendLogEntry({ ts: 1, level: 'info', message: 'hello' }); // 5 bytes
ctx.storage.appendLogEntry({ ts: 2, level: 'info', message: 'world!' }); // 6 bytes
expect(await ctx.storage.getCurrentSize()).toBe(11);
});
it('rolling buffer drops oldest rows once the cap is exceeded', async () => {
await ctx.storage.enableDebugLogging();
const cap = ctx.storage.getMaxSize();
// Insert one row whose payload exceeds the entire cap. trimToFit must drop the
// oldest row(s) until the live size falls back under the cap. With a single
// oversized row, the only outcome is "table empty".
const giantText = 'X'.repeat(cap + 1024);
ctx.storage.appendLogEntry({ ts: 10, level: 'info', message: giantText });
const remaining = await ctx.storage.getCurrentSize();
expect(remaining).toBeLessThanOrEqual(cap);
expect(remaining).toBe(0);
expect(ctx.db.prepare('SELECT COUNT(*) AS c FROM debug_logs').get().c).toBe(0);
});
it('rolling buffer keeps newer rows when only the oldest need to go', async () => {
await ctx.storage.enableDebugLogging();
const cap = ctx.storage.getMaxSize();
// Push the size just over the cap with one big row, then a smaller "newer" row
// that should survive the trim because it is not at the head of the queue.
const bigText = 'A'.repeat(cap - 10); // ~5 MiB - 10 bytes
ctx.storage.appendLogEntry({ ts: 1, level: 'info', message: bigText });
// At this point we are just under the cap. Pushing one more row will tip us over.
ctx.storage.appendLogEntry({ ts: 2, level: 'warn', message: 'tip-over message which keeps us above cap' });
const remainingRows = ctx.db.prepare('SELECT message FROM debug_logs ORDER BY id ASC').all();
// The oldest (big) row must be gone; the newer one survives.
expect(remainingRows).toHaveLength(1);
expect(remainingRows[0].message).toContain('tip-over');
const remainingSize = await ctx.storage.getCurrentSize();
expect(remainingSize).toBeLessThanOrEqual(cap);
// And the cache must match what SQLite reports, verifies no drift after trim.
const dbSize = ctx.db.prepare('SELECT COALESCE(SUM(byte_size),0) AS s FROM debug_logs').get().s;
expect(remainingSize).toBe(dbSize);
});
it('cachedSize stays consistent across enable → append → disable → re-enable(clear) cycles', async () => {
await ctx.storage.enableDebugLogging();
ctx.storage.appendLogEntry({ ts: 1, level: 'info', message: 'one' });
ctx.storage.appendLogEntry({ ts: 2, level: 'info', message: 'two' });
const sizeAfterFirst = await ctx.storage.getCurrentSize();
await ctx.storage.disableDebugLogging();
expect(await ctx.storage.getCurrentSize()).toBe(sizeAfterFirst);
await ctx.storage.enableDebugLogging({ clearPrevious: true });
expect(await ctx.storage.getCurrentSize()).toBe(0);
ctx.storage.appendLogEntry({ ts: 3, level: 'info', message: 'fresh' });
const dbSize = ctx.db.prepare('SELECT COALESCE(SUM(byte_size),0) AS s FROM debug_logs').get().s;
expect(await ctx.storage.getCurrentSize()).toBe(dbSize);
});
it('clearAllDebugLogs empties the table and resets cached size', async () => {
await ctx.storage.enableDebugLogging();
ctx.storage.appendLogEntry({ ts: 1, level: 'info', message: 'foo' });
ctx.storage.appendLogEntry({ ts: 2, level: 'info', message: 'bar' });
expect(await ctx.storage.getCurrentSize()).toBeGreaterThan(0);
ctx.storage.clearAllDebugLogs();
expect(ctx.db.prepare('SELECT COUNT(*) AS c FROM debug_logs').get().c).toBe(0);
expect(await ctx.storage.getCurrentSize()).toBe(0);
});
it('getAllDebugLogs returns rows ordered chronologically', async () => {
await ctx.storage.enableDebugLogging();
ctx.storage.appendLogEntry({ ts: 1, level: 'info', message: 'first' });
ctx.storage.appendLogEntry({ ts: 2, level: 'warn', message: 'second' });
ctx.storage.appendLogEntry({ ts: 3, level: 'error', message: 'third' });
const rows = ctx.storage.getAllDebugLogs();
expect(rows.map((r) => r.message)).toEqual(['first', 'second', 'third']);
expect(rows.map((r) => r.level)).toEqual(['info', 'warn', 'error']);
});
describe('logger sink wiring', () => {
let logger;
let consoleSpies;
beforeEach(async () => {
// Storage imports the same logger module; vi.resetModules() ensured both share
// the same fresh instance for this test. Spies silence console output so the
// vitest report stays clean while we exercise real logger.info() calls.
logger = (await import(path.resolve('lib/services/logger.js'))).default;
consoleSpies = {
debug: vi.spyOn(console, 'debug').mockImplementation(() => {}),
info: vi.spyOn(console, 'info').mockImplementation(() => {}),
warn: vi.spyOn(console, 'warn').mockImplementation(() => {}),
error: vi.spyOn(console, 'error').mockImplementation(() => {}),
};
});
afterEach(() => {
// Detach sink between tests to prevent cross-test pollution from the shared
// logger module instance.
logger.setDebugLogSink(null);
for (const spy of Object.values(consoleSpies)) spy.mockRestore();
});
it('routes logger calls into debug_logs once enabled', async () => {
await ctx.storage.enableDebugLogging();
logger.info('captured-via-logger');
const rows = ctx.db.prepare('SELECT level, message FROM debug_logs').all();
expect(rows).toHaveLength(1);
expect(rows[0].level).toBe('info');
expect(rows[0].message).toContain('captured-via-logger');
});
it('detaches the sink on disable so logger calls no longer hit the DB', async () => {
await ctx.storage.enableDebugLogging();
await ctx.storage.disableDebugLogging();
logger.info('not-captured');
expect(ctx.db.prepare('SELECT COUNT(*) AS c FROM debug_logs').get().c).toBe(0);
});
it('restores the sink on reloadEnabledFromSettings when persisted state is on', async () => {
ctx.settings.debug_logging_enabled = true;
await ctx.storage.reloadEnabledFromSettings();
logger.warn('captured-after-restart');
const rows = ctx.db.prepare('SELECT level, message FROM debug_logs').all();
expect(rows).toHaveLength(1);
expect(rows[0].level).toBe('warn');
expect(rows[0].message).toContain('captured-after-restart');
});
});
});

250
test/services/debug/debugRouter.test.js Normal file
View File

@@ -0,0 +1,250 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
import path from 'node:path';
import Fastify from 'fastify';
describe('api/routes/debugRouter.js', () => {
let app;
let state;
beforeEach(async () => {
state = {
enabled: false,
hasLogs: false,
everEnabled: false,
size: 0,
max: 5 * 1024 * 1024,
};
const ROOT = path.resolve('.');
const storagePath = path.join(ROOT, 'lib', 'services', 'debug', 'debugLogStorage.js');
const bundlePath = path.join(ROOT, 'lib', 'services', 'debug', 'debugBundleService.js');
const settingsStoragePath = path.join(ROOT, 'lib', 'services', 'storage', 'settingsStorage.js');
const storageMock = {
isEnabled: () => state.enabled,
enableDebugLogging: async ({ clearPrevious = false } = {}) => {
state.enabled = true;
state.everEnabled = true;
if (clearPrevious) {
state.hasLogs = false;
state.size = 0;
}
},
disableDebugLogging: async () => {
state.enabled = false;
},
getCurrentSize: async () => state.size,
getMaxSize: () => state.max,
hasAnyLogs: () => state.hasLogs,
wasEverEnabled: async () => state.everEnabled,
clearAllDebugLogs: () => {
state.hasLogs = false;
state.size = 0;
},
};
const bundleMock = {
buildDebugBundleFileName: async () => '2026-06-08-FredyDebug-22.5.0.zip',
buildDebugBundleZip: async () => Buffer.from('FAKEZIP'),
};
const settingsMock = {
getSettings: async () => ({ port: 9998 }),
};
vi.resetModules();
vi.doMock(storagePath, () => storageMock);
vi.doMock(bundlePath, () => bundleMock);
vi.doMock(settingsStoragePath, () => settingsMock);
const mod = await import(path.join(ROOT, 'lib', 'api', 'routes', 'debugRouter.js'));
const plugin = mod.default;
app = Fastify({ logger: false });
await app.register(plugin, { prefix: '/api/admin/debug' });
await app.register(
async (sub) => {
mod.registerDebugPublicProbe(sub);
},
{ prefix: '/api/debug' },
);
await app.ready();
});
afterEach(async () => {
if (app) await app.close();
});
it('GET /status returns the current snapshot', async () => {
const res = await app.inject({ method: 'GET', url: '/api/admin/debug/status' });
expect(res.statusCode).toBe(200);
expect(res.json()).toEqual({
enabled: false,
size: 0,
max: state.max,
hasLogs: false,
everEnabled: false,
});
});
it('POST /enable flips the feature on and returns updated status', async () => {
const res = await app.inject({
method: 'POST',
url: '/api/admin/debug/enable',
payload: {},
});
expect(res.statusCode).toBe(200);
const json = res.json();
expect(json.enabled).toBe(true);
expect(json.everEnabled).toBe(true);
});
it('POST /enable with clearPrevious=true wipes existing logs first', async () => {
state.hasLogs = true;
state.size = 1234;
state.everEnabled = true;
const res = await app.inject({
method: 'POST',
url: '/api/admin/debug/enable',
payload: { clearPrevious: true },
});
expect(res.statusCode).toBe(200);
const json = res.json();
expect(json.enabled).toBe(true);
expect(json.hasLogs).toBe(false);
expect(json.size).toBe(0);
});
it('POST /disable turns the feature off without losing existing logs', async () => {
state.enabled = true;
state.hasLogs = true;
state.everEnabled = true;
state.size = 99;
const res = await app.inject({ method: 'POST', url: '/api/admin/debug/disable' });
expect(res.statusCode).toBe(200);
const json = res.json();
expect(json.enabled).toBe(false);
expect(json.hasLogs).toBe(true);
expect(json.size).toBe(99);
});
it('GET /download returns 409 when the feature was never enabled', async () => {
const res = await app.inject({ method: 'GET', url: '/api/admin/debug/download' });
expect(res.statusCode).toBe(409);
expect(res.json().error).toMatch(/never produced any data/i);
});
it('GET /download returns 409 when ever-enabled but no logs are stored', async () => {
state.everEnabled = true;
state.hasLogs = false;
const res = await app.inject({ method: 'GET', url: '/api/admin/debug/download' });
expect(res.statusCode).toBe(409);
});
it('GET /download streams a zip with the expected headers when logs exist', async () => {
state.everEnabled = true;
state.hasLogs = true;
const res = await app.inject({ method: 'GET', url: '/api/admin/debug/download' });
expect(res.statusCode).toBe(200);
expect(res.headers['content-type']).toBe('application/zip');
expect(res.headers['content-disposition']).toContain('FredyDebug');
expect(res.rawPayload.toString('utf-8')).toBe('FAKEZIP');
});
it('DELETE /logs wipes stored logs without touching the enabled flag', async () => {
state.enabled = true;
state.hasLogs = true;
state.everEnabled = true;
state.size = 1234;
const res = await app.inject({ method: 'DELETE', url: '/api/admin/debug/logs' });
expect(res.statusCode).toBe(200);
const json = res.json();
expect(json.enabled).toBe(true);
expect(json.hasLogs).toBe(false);
expect(json.size).toBe(0);
// everEnabled must stay true so the download button does not change semantics.
expect(json.everEnabled).toBe(true);
});
it('GET /api/debug/active returns only the enabled boolean (no other settings)', async () => {
state.enabled = false;
let res = await app.inject({ method: 'GET', url: '/api/debug/active' });
expect(res.statusCode).toBe(200);
expect(res.json()).toEqual({ enabled: false });
state.enabled = true;
res = await app.inject({ method: 'GET', url: '/api/debug/active' });
expect(res.statusCode).toBe(200);
expect(res.json()).toEqual({ enabled: true });
});
});
describe('api/routes/debugRouter.js - admin-only enforcement', () => {
let app;
beforeEach(async () => {
const ROOT = path.resolve('.');
const storagePath = path.join(ROOT, 'lib', 'services', 'debug', 'debugLogStorage.js');
const bundlePath = path.join(ROOT, 'lib', 'services', 'debug', 'debugBundleService.js');
const settingsStoragePath = path.join(ROOT, 'lib', 'services', 'storage', 'settingsStorage.js');
vi.resetModules();
vi.doMock(storagePath, () => ({
isEnabled: () => false,
enableDebugLogging: async () => {},
disableDebugLogging: async () => {},
getCurrentSize: async () => 0,
getMaxSize: () => 5 * 1024 * 1024,
hasAnyLogs: () => false,
wasEverEnabled: async () => false,
clearAllDebugLogs: () => {},
}));
vi.doMock(bundlePath, () => ({
buildDebugBundleFileName: async () => 'x.zip',
buildDebugBundleZip: async () => Buffer.from(''),
}));
vi.doMock(settingsStoragePath, () => ({
getSettings: async () => ({}),
}));
const plugin = (await import(path.join(ROOT, 'lib', 'api', 'routes', 'debugRouter.js'))).default;
app = Fastify({ logger: false });
await app.register(
async (sub) => {
// Same wiring shape as lib/api/api.js: apply adminHook before the plugin.
sub.addHook('preHandler', async (request, reply) => {
reply.code(401).send();
});
sub.register(plugin, { prefix: '/api/admin/debug' });
},
{ prefix: '/' },
);
await app.ready();
});
afterEach(async () => {
if (app) await app.close();
});
it('rejects non-admin callers with 401 on every endpoint', async () => {
for (const route of [
['GET', '/api/admin/debug/status'],
['POST', '/api/admin/debug/enable'],
['POST', '/api/admin/debug/disable'],
['GET', '/api/admin/debug/download'],
['DELETE', '/api/admin/debug/logs'],
]) {
const [method, url] = route;
const res = await app.inject({ method, url, payload: method === 'POST' ? {} : undefined });
expect(res.statusCode, `${method} ${url}`).toBe(401);
}
});
});

37
test/services/extractor/puppeteerExtractor.test.js Normal file
View File

@@ -0,0 +1,37 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { vi, describe, it, expect, beforeEach } from 'vitest';
// Mock the CloakBrowser launcher so no real Chromium binary is needed and we can
// assert which options get forwarded to it.
const { launchMock } = vi.hoisted(() => ({ launchMock: vi.fn() }));
vi.mock('cloakbrowser/puppeteer', () => ({
launch: launchMock,
}));
const { launchBrowser } = await import('../../../lib/services/extractor/puppeteerExtractor.js');
describe('launchBrowser proxy forwarding', () => {
beforeEach(() => {
launchMock.mockReset();
launchMock.mockResolvedValue({ close: async () => {} });
});
it('forwards proxyUrl to CloakBrowser as the proxy option', async () => {
await launchBrowser('https://www.immowelt.de/', { proxyUrl: 'http://user:pass@host:8080' });
expect(launchMock).toHaveBeenCalledTimes(1);
expect(launchMock.mock.calls[0][0]).toMatchObject({ proxy: 'http://user:pass@host:8080' });
});
it('does not set a proxy when no proxyUrl is given', async () => {
await launchBrowser('https://www.immowelt.de/', {});
expect(launchMock).toHaveBeenCalledTimes(1);
expect(launchMock.mock.calls[0][0].proxy).toBeUndefined();
});
});

97
test/services/immoscout/immoscout-web-translator.test.js
View File

@@ -4,23 +4,62 @@
*/
import { convertWebToMobile } from '../../../lib/services/immoscout/immoscout-web-translator.js';
import { expect } from 'vitest';
import { expect, vi } from 'vitest';
import { readFile } from 'fs/promises';
import { buildFetchMock } from '../../offlineFixtures.js';
export const testData = JSON.parse(await readFile(new URL('./testdata.json', import.meta.url)));
if (process.env.TEST_MODE === 'offline') {
vi.stubGlobal('fetch', buildFetchMock());
}
describe('#immoscout-mobile URL conversion', () => {
// Test shape URL conversion
it('should convert a full web URL with shape to mobile URL', () => {
const webUrl =
'https://www.immobilienscout24.de/Suche/shape/haus-kaufen?shape=aW9yfkhfa3htQXJgUGlnYEBmekhte3BAcXNAfWBsQGNyQ2lkUHVvbEB3eX5Ab25WYn5Fa2BLaGRQY29FaGtTfEhme3xBdHBEdHFMamlHbmdRfHhMcmxPeHlWYnpS&price=-600000.0&ground=240.0-&enteredFrom=result_list';
const expectedMobileUrl =
'https://api.mobile.immobilienscout24.de/search/list?ground=240.0-&price=-600000.0&realestatetype=housebuy&searchType=shape&shape=ior~H_kxmAr%60Pig%60%40fzHm%7Bp%40qs%40%7D%60l%40crCidPuol%40wy~%40onVb~Ek%60KhdPcoEhkS%7CHf%7B%7CAtpDtqLjiGngQ%7CxLrlOxyVbzR';
const actualMobileUrl = convertWebToMobile(webUrl);
expect(actualMobileUrl).toBe(expectedMobileUrl);
});
// Test URL conversion
it('should convert a full web URL to mobile URL', () => {
const webUrl =
'https://www.immobilienscout24.de/Suche/de/berlin/berlin/wohnung-mieten?heatingtypes=central,selfcontainedcentral&haspromotion=false&numberofrooms=2.0-5.0&livingspace=10.0-25.0&energyefficiencyclasses=a,b,c,d,e,f,g,h,a_plus&exclusioncriteria=projectlisting,swapflat&equipment=parking,cellar,builtinkitchen,lift,garden,guesttoilet,balcony&petsallowedtypes=no,yes,negotiable&price=10.0-100.0&constructionyear=1920-2026&apartmenttypes=halfbasement,penthouse,other,loft,groundfloor,terracedflat,raisedgroundfloor,roofstorey,apartment,maisonette&pricetype=calculatedtotalrent&floor=2-7&enteredFrom=result_list';
const expectedMobileUrl =
'https://api.mobile.immobilienscout24.de/search/list?apartmenttypes=halfbasement,penthouse,other,loft,groundfloor,terracedflat,raisedgroundfloor,roofstorey,apartment,maisonette&constructionyear=1920-2026&energyefficiencyclasses=a,b,c,d,e,f,g,h,a_plus&equipment=parking,cellar,builtInKitchen,lift,garden,guestToilet,balcony&exclusioncriteria=projectlisting,swapflat&floor=2-7&geocodes=%2Fde%2Fberlin%2Fberlin&haspromotion=false&heatingtypes=central,selfcontainedcentral&livingspace=10.0-25.0&numberofrooms=2.0-5.0&petsallowedtypes=no,yes,negotiable&price=10.0-100.0&pricetype=calculatedtotalrent&realestatetype=apartmentrent&searchType=region';
'https://api.mobile.immobilienscout24.de/search/list?apartmenttypes=halfbasement,penthouse,other,loft,groundfloor,terracedflat,raisedgroundfloor,roofstorey,apartment,maisonette&constructionyear=1920-2026&energyefficiencyclasses=a,b,c,d,e,f,g,h,a_plus&equipment=parking,cellar,builtInKitchen,lift,garden,guestToilet,balcony&exclusioncriteria=projectlisting,swap_flat&floor=2-7&geocodes=%2Fde%2Fberlin%2Fberlin&haspromotion=false&heatingtypes=central,selfcontainedcentral&livingspace=10.0-25.0&numberofrooms=2.0-5.0&petsallowedtypes=no,yes,negotiable&price=10.0-100.0&pricetype=calculatedtotalrent&realestatetype=apartmentrent&searchType=region';
const actualMobileUrl = convertWebToMobile(webUrl);
expect(actualMobileUrl).toBe(expectedMobileUrl);
});
// The web UI encodes "no swap flats" as exclusioncriteria=swapflat, but the
// mobile API only understands swap_flat. Unknown values are not ignored by the
// API - the search silently returns 0 results, so the mapping is essential.
it('should map exclusioncriteria=swapflat to the mobile API value swap_flat', () => {
const webUrl =
'https://www.immobilienscout24.de/Suche/de/berlin/berlin/wohnung-mieten?exclusioncriteria=swapflat&price=-1500.0';
const converted = convertWebToMobile(webUrl);
const queryParams = new URL(converted).searchParams;
expect(queryParams.get('exclusioncriteria')).toBe('swap_flat');
});
// Values the mobile API shares with the web API (e.g. projectlisting) must
// pass through unchanged, in any combination with mapped values.
it('should keep other exclusioncriteria values untouched', () => {
const webUrl =
'https://www.immobilienscout24.de/Suche/de/berlin/berlin/wohnung-mieten?exclusioncriteria=projectlisting,swapflat';
const converted = convertWebToMobile(webUrl);
const queryParams = new URL(converted).searchParams;
expect(queryParams.get('exclusioncriteria')).toBe('projectlisting,swap_flat');
});
// Test URL conversion of web-only SEO path
it('should convert a SEO web path to the correct query params', () => {
const webUrl = 'https://www.immobilienscout24.de/Suche/de/berlin/berlin/wohnung-mit-balkon-mieten?equipment=garden';
@@ -30,6 +69,60 @@ describe('#immoscout-mobile URL conversion', () => {
expect(queryParams.get('equipment').split(',')).toEqual(expect.arrayContaining(['garden', 'balcony']));
});
// Test URL conversion of SEO web path for max warmrent. The ImmoScout web UI
// generates this special SEO slug instead of explicit price/pricetype params
// when the user configures a "Warmmiete" filter (real-world URL).
it('should convert a SEO apartment max warmrent path to rent + price + pricetype', () => {
const webUrl =
'https://www.immobilienscout24.de/Suche/de/nordrhein-westfalen/duesseldorf/wohnung-bis-800-euro-warm?livingspace=-800.0&enteredFrom=result_list';
const converted = convertWebToMobile(webUrl);
const queryParams = new URL(converted).searchParams;
expect(queryParams.get('realestatetype')).toBe('apartmentrent');
expect(queryParams.get('price')).toBe('-800');
expect(queryParams.get('pricetype')).toBe('calculatedtotalrent');
expect(queryParams.get('geocodes')).toBe('/de/nordrhein-westfalen/duesseldorf');
expect(queryParams.get('livingspace')).toBe('-800.0');
});
// Same SEO pattern for houses ("haus-bis-X-euro-warm" → houserent).
it('should convert a SEO house max warmrent path to rent + price + pricetype', () => {
const webUrl = 'https://www.immobilienscout24.de/Suche/de/berlin/berlin/haus-bis-1500-euro-warm';
const converted = convertWebToMobile(webUrl);
const queryParams = new URL(converted).searchParams;
expect(queryParams.get('realestatetype')).toBe('houserent');
expect(queryParams.get('price')).toBe('-1500');
expect(queryParams.get('pricetype')).toBe('calculatedtotalrent');
});
// Sanity check: max coldrent ("Kaltmiete") does NOT use an SEO slug. The web
// UI keeps the regular "wohnung-mieten" path and passes explicit
// price + pricetype query params, which the existing translator already
// handles (real-world URL).
it('should convert a max coldrent search via the regular wohnung-mieten path', () => {
const webUrl =
'https://www.immobilienscout24.de/Suche/de/nordrhein-westfalen/duesseldorf/wohnung-mieten?price=-800.0&livingspace=-800.0&pricetype=rentpermonth&enteredFrom=result_list';
const converted = convertWebToMobile(webUrl);
const queryParams = new URL(converted).searchParams;
expect(queryParams.get('realestatetype')).toBe('apartmentrent');
expect(queryParams.get('price')).toBe('-800.0');
expect(queryParams.get('pricetype')).toBe('rentpermonth');
expect(queryParams.get('geocodes')).toBe('/de/nordrhein-westfalen/duesseldorf');
});
// Explicit query params win over the SEO slug's implicit defaults.
it('should let explicit query params override SEO path price defaults', () => {
const webUrl = 'https://www.immobilienscout24.de/Suche/de/berlin/berlin/wohnung-bis-800-euro-warm?price=100-500';
const converted = convertWebToMobile(webUrl);
const queryParams = new URL(converted).searchParams;
expect(queryParams.get('realestatetype')).toBe('apartmentrent');
expect(queryParams.get('price')).toBe('100-500');
expect(queryParams.get('pricetype')).toBe('calculatedtotalrent');
});
// Test URL conversion with unsupported query parameters
it('should remove unsupported query parameters', () => {
const webUrl = 'https://www.immobilienscout24.de/Suche/de/berlin/berlin/wohnung-mieten?minimuminternetspeed=100000';

4
test/services/immoscout/testdata.json
View File

@@ -18,5 +18,9 @@
"rentHouse": {
"url": "https://www.immobilienscout24.de/Suche/de/nordrhein-westfalen/duesseldorf/haus-mieten?enteredFrom=one_step_search",
"type": "houserent"
},
"buyHouseWithShape": {
"url": "https://www.immobilienscout24.de/Suche/shape/haus-kaufen?shape=aW9yfkhfa3htQXJgUGlnYEBmekhte3BAcXNAfWBsQGNyQ2lkUHVvbEB3eX5Ab25WYn5Fa2BLaGRQY29FaGtTfEhme3xBdHBEdHFMamlHbmdRfHhMcmxPeHlWYnpS&price=-600000.0&ground=240.0-&enteredFrom=result_list",
"type": "housebuy"
}
}

110
test/services/jobs/dashboardRouter.test.js Normal file
View File

@@ -0,0 +1,110 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
import path from 'node:path';
import Fastify from 'fastify';
describe('api/routes/dashboardRouter.js', () => {
let app;
let state;
async function buildApp() {
const ROOT = path.resolve('.');
const jobStoragePath = path.join(ROOT, 'lib', 'services', 'storage', 'jobStorage.js');
const listingsStoragePath = path.join(ROOT, 'lib', 'services', 'storage', 'listingsStorage.js');
const settingsStoragePath = path.join(ROOT, 'lib', 'services', 'storage', 'settingsStorage.js');
const securityPath = path.join(ROOT, 'lib', 'api', 'security.js');
vi.resetModules();
vi.doMock(jobStoragePath, () => ({
getJobs: () => state.jobs.slice(),
}));
vi.doMock(listingsStoragePath, () => ({
getListingsKpisForJobIds: () => ({ numberOfActiveListings: 0, medianPriceOfListings: 0 }),
getProviderDistributionForJobIds: () => [],
}));
vi.doMock(settingsStoragePath, () => ({
getSettings: async () => ({ interval: 30 }),
}));
vi.doMock(securityPath, () => ({
isAdmin: () => state.admin,
}));
const mod = await import(path.join(ROOT, 'lib', 'api', 'routes', 'dashboardRouter.js'));
const plugin = mod.default;
const instance = Fastify({ logger: false });
instance.addHook('onRequest', async (request) => {
request.session = { currentUser: state.currentUser, createdAt: Date.now() };
});
await instance.register(plugin, { prefix: '/api/dashboard' });
await instance.ready();
return instance;
}
beforeEach(() => {
state = {
currentUser: 'u1',
admin: false,
jobs: [],
};
});
afterEach(async () => {
if (app) await app.close();
app = null;
});
it('derives lastRun from the most recent accessible job for a regular user', async () => {
state.jobs = [
{ id: 'a', userId: 'u1', shared_with_user: [], lastRunAt: 1000 },
{ id: 'b', userId: 'u1', shared_with_user: [], lastRunAt: 5000 },
{ id: 'c', userId: 'someone-else', shared_with_user: [], lastRunAt: 9999 },
];
app = await buildApp();
const res = await app.inject({ method: 'GET', url: '/api/dashboard/' });
expect(res.statusCode).toBe(200);
const body = res.json();
expect(body.general.lastRun).toBe(5000);
expect(body.general.nextRun).toBe(5000 + 30 * 60000);
});
it('includes shared jobs in the lastRun calculation', async () => {
state.jobs = [
{ id: 'mine', userId: 'u1', shared_with_user: [], lastRunAt: 1000 },
{ id: 'shared', userId: 'someone-else', shared_with_user: ['u1'], lastRunAt: 4000 },
];
app = await buildApp();
const res = await app.inject({ method: 'GET', url: '/api/dashboard/' });
expect(res.json().general.lastRun).toBe(4000);
});
it('admins see lastRun across all jobs', async () => {
state.admin = true;
state.jobs = [
{ id: 'a', userId: 'someone', shared_with_user: [], lastRunAt: 1000 },
{ id: 'b', userId: 'another', shared_with_user: [], lastRunAt: 7000 },
];
app = await buildApp();
const res = await app.inject({ method: 'GET', url: '/api/dashboard/' });
expect(res.json().general.lastRun).toBe(7000);
});
it('returns null lastRun and 0 nextRun when no accessible job has ever run', async () => {
state.jobs = [
{ id: 'a', userId: 'u1', shared_with_user: [], lastRunAt: null },
{ id: 'b', userId: 'someone-else', shared_with_user: [], lastRunAt: 9999 },
];
app = await buildApp();
const res = await app.inject({ method: 'GET', url: '/api/dashboard/' });
const body = res.json();
expect(body.general.lastRun).toBeNull();
expect(body.general.nextRun).toBe(0);
});
});

27
test/services/jobs/jobExecutionService.test.js
View File

@@ -18,6 +18,7 @@ describe('services/jobs/jobExecutionService', () => {
const busPath = root + '/lib/services/events/event-bus.js';
const jobStoragePath = root + '/lib/services/storage/jobStorage.js';
const userStoragePath = root + '/lib/services/storage/userStorage.js';
const settingsStoragePath = root + '/lib/services/storage/settingsStorage.js';
const brokerPath = root + '/lib/services/sse/sse-broker.js';
const utilsPath = root + '/lib/utils.js';
const loggerPath = root + '/lib/services/logger.js';
@@ -28,16 +29,21 @@ describe('services/jobs/jobExecutionService', () => {
vi.doMock(jobStoragePath, () => ({
getJob: (id) => state.jobsById[id] || null,
getJobs: () => state.jobsList.slice(),
updateJobLastRunAt: (id, timestamp) => calls.lastRunUpdates.push({ id, timestamp }),
}));
vi.doMock(userStoragePath, () => ({
getUsers: () => state.users.slice(),
getUser: (id) => state.users.find((u) => u.id === id) || null,
}));
vi.doMock(settingsStoragePath, () => ({
getSettings: async () => ({}),
}));
vi.doMock(brokerPath, () => ({
sendToUsers: (...args) => calls.sent.push(args),
}));
vi.doMock(utilsPath, () => ({
duringWorkingHoursOrNotSet: () => false,
getPackageVersion: async () => '0.0.0-test',
}));
vi.doMock(loggerPath, () => {
const m = { debug: () => {}, info: () => {}, warn: () => {}, error: () => {} };
@@ -60,7 +66,7 @@ describe('services/jobs/jobExecutionService', () => {
beforeEach(() => {
bus = new EventEmitter();
calls = { sent: [], markRunning: [] };
calls = { sent: [], markRunning: [], lastRunUpdates: [] };
state = {
jobsById: {},
jobsList: [],
@@ -114,4 +120,23 @@ describe('services/jobs/jobExecutionService', () => {
await new Promise((r) => setTimeout(r, 0));
expect(new Set(calls.markRunning)).toEqual(new Set(['j1', 'j2']));
});
it('persists last_run_at when a job is executed', async () => {
state.jobsById['j1'] = { id: 'j1', enabled: true, userId: 'u1', provider: [] };
state.jobsList = [state.jobsById['j1']];
state.users = [{ id: 'u1', isAdmin: false }];
await initService();
const before = Date.now();
bus.emit('jobs:runOne', { jobId: 'j1' });
await new Promise((r) => setTimeout(r, 0));
const after = Date.now();
expect(calls.lastRunUpdates.length).toBe(1);
const [update] = calls.lastRunUpdates;
expect(update.id).toBe('j1');
expect(update.timestamp).toBeGreaterThanOrEqual(before);
expect(update.timestamp).toBeLessThanOrEqual(after);
});
});

89
test/services/logger.test.js Normal file
View File

@@ -0,0 +1,89 @@
/*
* Copyright (c) 2026 by Christian Kellner.
* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
*/
import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
import path from 'node:path';
describe('services/logger.js - debug log sink', () => {
let logger;
let setDebugLogSink;
let consoleSpies;
beforeEach(async () => {
vi.resetModules();
const mod = await import(path.resolve('lib/services/logger.js'));
logger = mod.default;
setDebugLogSink = mod.setDebugLogSink;
// Silence console output so test runner stdout stays readable while still
// letting us inspect what the logger emitted if a test wants to.
consoleSpies = {
debug: vi.spyOn(console, 'debug').mockImplementation(() => {}),
info: vi.spyOn(console, 'info').mockImplementation(() => {}),
warn: vi.spyOn(console, 'warn').mockImplementation(() => {}),
error: vi.spyOn(console, 'error').mockImplementation(() => {}),
};
});
afterEach(() => {
setDebugLogSink(null);
for (const spy of Object.values(consoleSpies)) spy.mockRestore();
});
it('is a no-op for the sink when none is registered', () => {
// Just make sure nothing throws.
expect(() => logger.info('hello')).not.toThrow();
expect(() => logger.error(new Error('boom'))).not.toThrow();
});
it('forwards every log level (including debug) to the registered sink', () => {
const captured = [];
setDebugLogSink((entry) => captured.push(entry));
logger.debug('debug-line');
logger.info('info-line');
logger.warn('warn-line');
logger.error('error-line');
expect(captured).toHaveLength(4);
expect(captured.map((c) => c.level)).toEqual(['debug', 'info', 'warn', 'error']);
expect(captured[0].message).toContain('debug-line');
expect(captured[1].message).toContain('info-line');
expect(captured[2].message).toContain('warn-line');
expect(captured[3].message).toContain('error-line');
for (const c of captured) {
expect(typeof c.ts).toBe('number');
}
});
it('serializes Error stacks for the sink instead of "[object Object]"', () => {
const captured = [];
setDebugLogSink((entry) => captured.push(entry));
logger.error(new Error('boom'));
expect(captured).toHaveLength(1);
expect(captured[0].message).toContain('Error: boom');
});
it('stops forwarding once the sink is unregistered', () => {
const captured = [];
setDebugLogSink((entry) => captured.push(entry));
logger.info('one');
setDebugLogSink(null);
logger.info('two');
expect(captured).toHaveLength(1);
expect(captured[0].message).toContain('one');
});
it('does not break the caller when the sink throws', () => {
setDebugLogSink(() => {
throw new Error('sink exploded');
});
expect(() => logger.info('still works')).not.toThrow();
expect(consoleSpies.info).toHaveBeenCalled();
});
});

Some files were not shown because too many files have changed in this diff Show More