Administrator/beta-real-debrid-downloader
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity
87 Commits 1 Branch 5 Tags 9.9 MiB
8700db4a37
Commit Graph

11 Commits

Author SHA1 Message Date
Sucukdeluxe
8700db4a37 Release v1.4.27 with bug audit hardening fixes 2026-02-28 14:12:16 +01:00
Sucukdeluxe
cbc423e4b7 Release v1.4.26 with remaining bug audit fixes 
- AllDebrid: add HTML response detection to unrestrictLink
- Cleanup: skip symlinks/junctions in all directory traversals
- Blob URL: increase revoke delay from 0ms to 60s
- Extractor: per-package progress file to prevent collision
- ADD_CONTAINERS: reject path traversal and relative paths

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 13:09:59 +01:00
Sucukdeluxe
63fd402083 Release v1.4.20 with comprehensive audit fixes (140 issues) and expanded test coverage 
- Speed calculation: raised minimum elapsed floor to 0.5s preventing unrealistic spikes
- Reconnect: exponential backoff with consecutive counter, clock regression protection
- Download engine: retry byte tracking (itemContributedBytes), mkdir before createWriteStream, content-length validation
- Fire-and-forget promises: all void promises now have .catch() error handlers
- Session recovery: normalize stale active statuses to queued on crash recovery, clear speedBps
- Storage: config backup (.bak) before overwrite, EXDEV cross-device rename fallback with type guard
- IPC security: input validation on all string/array IPC handlers, CSP headers in production
- Main process: clipboard memory limit (50KB), installer timing increased to 800ms
- Debrid: attribute-order-independent meta tag regex for Rapidgator filename extraction
- Constants: named constants for magic numbers (MAX_MANIFEST_FILE_BYTES, MAX_LINK_ARTIFACT_BYTES, etc.)
- Extractor/integrity: use shared constants, document password visibility and TOCTOU limitations
- Tests: 103 tests total (55 new), covering utils, storage, integrity, cleanup, extractor, debrid, update

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 06:23:24 +01:00
Sucukdeluxe
d4dd266f6b Release v1.4.17 with security fixes, stability hardening and retry improvements 
- Fix ZIP path traversal vulnerability (reject entries escaping target dir)
- Add single instance lock (prevent data corruption from multiple instances)
- Add unhandled exception/rejection handlers (prevent silent crashes)
- Fix mainWindow reference cleanup on close
- Add second-instance handler to focus existing window
- Fix claimTargetPath infinite loop (add 10k iteration bound)
- Add duplicate startItem guard (prevent concurrent downloads of same item)
- Clone session in getSnapshot to prevent live-reference mutation bugs
- Clear stateEmitTimer on clearAll to prevent dangling timer emissions
- Add extraction timeout safety (4h deadline with logging)
- Add dedicated unrestrict retry system with longer backoff for Mega-Debrid errors
- Add log rotation (10MB max, keeps one .old backup)
- Fix writeExtractResumeState missing mkdir (prevents crash on deleted dirs)
- Fix saveSessionAsync EXDEV cross-device rename with copy fallback

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 05:04:21 +01:00
Sucukdeluxe
01ed725136 Add start conflict prompts for existing extracted packages in v1.4.2 2026-02-27 17:54:56 +01:00
Sucukdeluxe
447dd7feff Implement full UX upgrade and Rapidgator filename hardening in v1.3.2 2026-02-27 14:20:54 +01:00
Sucukdeluxe
0e898733d6 Restore in-app updater and add Mega web fallback path 2026-02-27 05:28:50 +01:00
Sucukdeluxe
7ac61ce64a Fix provider selection persistence, queue naming, cancel removal, and update prompts 2026-02-27 04:56:53 +01:00
Sucukdeluxe
02370a40b4 Restore update checks and startup notifications 2026-02-27 04:22:00 +01:00
Sucukdeluxe
cbc1ffa18b Add multi-provider fallback with AllDebrid and fix packaged UI path 2026-02-27 04:02:31 +01:00
Sucukdeluxe
b96ed1eb7a Migrate app to Node Electron with modern React UI 2026-02-27 03:25:56 +01:00