This update prevents the need to run containers with root privileges by
properly configuring user permissions.
Changes:
- Add user: "${UID:-1000}:${GID:-1000}" to docker-compose.yml
- Create .env file with UID/GID configuration
- Add .env.example template for users
- Update .gitignore to exclude downloads.old/
- Add comprehensive troubleshooting section in README.md
- Document 3 solutions for permission issues (recommended vs avoid)
- Explicitly warn against using user: root
This configuration works perfectly with Docker and Docker Compose.
For Podman rootless, additional step may be needed:
podman unshare chown -R 1000:1000 downloads/
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Backend improvements:
- Add Server-Sent Events endpoint (/api/progress/<session_id>)
- Implement _do_download_with_progress() to track yt-dlp progress in real-time
- Parse yt-dlp output to extract percentage, speed, and ETA
- Run downloads in background threads (non-blocking)
- Store progress in download_sessions dict with thread-safe locks
- Download API now returns immediately with session_id
Frontend improvements:
- Add beautiful animated progress bar with gradient
- Display real-time percentage, speed, and ETA
- Connect to SSE stream for live updates
- Show progress section during download
- Auto-hide progress and show results when completed
- Handle errors gracefully with proper cleanup
User experience:
- No more blocking downloads - instant response
- See live progress as video downloads
- Visual feedback with smooth animations
- Clean transition from progress to download results
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add command string back to download API response
- Display executed yt-dlp command in frontend
- Keep command display for transparency and debugging
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Security fixes:
- Add YouTube URL validation with regex to prevent command injection
- Fix path traversal vulnerability in download-file endpoint
- Add input validation for containers and audio codecs
- Initialize postproc_added variable to prevent undefined errors
- Run Docker container as non-root user (appuser:1000)
- Add curl to Docker image for healthcheck support
- Remove flask-cors (unused dependency)
Concurrency improvements:
- Implement UUID-based session directories for downloads
- Prevent race conditions between concurrent requests
- Add automatic cleanup of old sessions (>1h)
- Each download now isolated in its own directory
Code quality improvements:
- Add comprehensive logging throughout the application
- Add type hints for validation functions
- Improve error handling with specific exceptions
- Add constants for configuration (TIMEOUT, BYTES_PER_MB, etc.)
- Better documentation with docstrings
API changes:
- download endpoint now returns session_id
- download-file endpoint now requires session_id and filename
- New cleanup endpoints for session management
Frontend updates:
- Updated to use new session-based download URLs
- Remove command display for security (showed internal paths)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed the default video URL from HixGrIOBE0U to EBwD0RPO1IM in the web interface.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Raynoxis
Raynoxis