Skip to content

[codex] fix lan refresh and cron calendar semantics#34

Merged
zachyzissou merged 2 commits intomainfrom
codex/lan-refresh-and-cron-semantics
Feb 24, 2026
Merged

[codex] fix lan refresh and cron calendar semantics#34
zachyzissou merged 2 commits intomainfrom
codex/lan-refresh-and-cron-semantics

Conversation

@zachyzissou
Copy link
Owner

@zachyzissou zachyzissou commented Feb 24, 2026

Summary

This PR implements the top two LAN-focused fixes from review:

  1. manual refresh reliability for LAN clients, and
  2. correct cron day/month/day-of-week scheduling semantics.

Problem

1) LAN refresh reliability

The Web UI calls POST /refresh without auth headers. Backend auth previously only allowed anonymous refresh from loopback (127.0.0.1/::1/localhost) when enabled, which caused refresh failures for users accessing the UI from other LAN devices.

2) Cron calendar semantics

cron_next accepted full 5-field cron expressions but only matched minute/hour. day-of-month, month, and day-of-week were ignored, causing incorrect scheduling for non-trivial expressions.

Changes

LAN refresh behavior

  • Expanded local-host detection for refresh auth to treat private LAN/link-local clients as local when ALLOW_ANONYMOUS_LOCAL_REFRESH=true:
    • IPv4 private ranges (10/8, 172.16/12, 192.168/16)
    • loopback
    • link-local
    • IPv4-mapped IPv6 forms (e.g. ::ffff:192.168.1.5)
  • Fixed refresh button handler to use event.currentTarget, ensuring button state updates correctly regardless of click target inside the button.
  • Set ALLOW_ANONYMOUS_LOCAL_REFRESH=true in docker-compose.yml for expected LAN default behavior.

Cron matching correctness

  • Extended cron field parsing/validation to include DOM/MON/DOW bounds.
  • Implemented DOW normalization (7 -> 0 for Sunday).
  • Updated schedule matching to include:
    • month match,
    • day-of-month / day-of-week logic using standard cron semantics (DOM OR DOW when both are restricted).
  • Added input bounds for fixed/step fields so unsupported or out-of-range expressions cleanly fall back.

Regression coverage

  • Added integration-level logic tests for:
    • LAN/private host detection behavior.
    • cron_next handling of day/month/day-of-week constraints.

Documentation alignment

  • README config table now documents:
    • CLI_BIN (actual env used by runtime, replacing outdated key name)
    • ALLOW_ANONYMOUS_LOCAL_REFRESH
    • APP_REFRESH_TOKEN
  • Troubleshooting manual refresh section now includes token-header example when token auth is configured.

Validation performed

  • python3 -m black app/server.py test_integration.py
  • python3 -m py_compile app/server.py test_integration.py
  • npm ci
  • npm run -s lint:js
  • npm run -s lint:md

Validation limits in this local shell

  • Full Python test execution (test_integration.py) is not runnable here because this host only has Python 3.9 available, while the project runtime requires Python 3.11+ (datetime.UTC). CI on PR validates against supported versions.

Copilot AI review requested due to automatic review settings February 24, 2026 21:41
@zachyzissou zachyzissou merged commit b851077 into main Feb 24, 2026
14 checks passed
@zachyzissou zachyzissou deleted the codex/lan-refresh-and-cron-semantics branch February 24, 2026 21:48
Copilot AI reviewed Feb 24, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes two LAN-focused issues: manual refresh reliability for LAN clients and correct cron scheduling semantics for day/month/day-of-week fields.

Changes:

  • Extended local host detection to include private LAN/link-local addresses (not just loopback) for anonymous refresh authorization when ALLOW_ANONYMOUS_LOCAL_REFRESH=true
  • Implemented full cron day-of-month, month, and day-of-week matching with standard OR semantics when both DOM and DOW are restricted
  • Fixed JavaScript event handler to use event.currentTarget instead of event.target for reliable button state updates

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
web/assets/app.js Fixed refresh button handler to use event.currentTarget for correct button reference
test_integration.py Added integration tests for LAN host detection and cron day/month/dow scheduling
docker-compose.yml Enabled ALLOW_ANONYMOUS_LOCAL_REFRESH=true for expected LAN default behavior
app/server.py Extended _is_local_host() to include private/link-local IPs; implemented full cron field validation and matching logic including DOM/DOW/month semantics
TROUBLESHOOTING.md Added token-based refresh example for when APP_REFRESH_TOKEN is configured
README.md Updated configuration table to document CLI_BIN, ALLOW_ANONYMOUS_LOCAL_REFRESH, and APP_REFRESH_TOKEN

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zachyzissou