v0.5.0 - Optional Login Support & Beautiful Themes 🔐🎨

[bscott]

⚠️ Important: Backup Your Data Before Upgrading

Before upgrading to v0.5.0, please back up your SubTrackr database!

You can create a backup from the web interface:

1. Go to Settings → Data Management
2. Click "Download Backup" to export your data as JSON

Store this backup file safely before proceeding with the upgrade.

---

🎉 What's New in v0.5.0

🔐 Optional Login Support

SubTrackr now supports optional password-protected authentication! Secure your subscription data with a simple login system.

Features:

• Optional login requirement (disabled by default for backward compatibility)
• Password-protected access to your subscription data
• Secure session management with HttpOnly cookies
• Password reset functionality via email (requires SMTP configuration)
• CLI password reset tool for Docker deployments

Setup:

1. Navigate to Settings → Login Settings
2. Enable "Require Login"
3. Set your admin password
4. Configure SMTP for password reset emails (optional but recommended)

Docker Password Reset:

docker exec -it subtrackr ./subtrackr --reset-password --new-password "your_new_password"

🎨 Beautiful Theming System

Choose from 5 stunning themes to personalize your SubTrackr experience!

Available Themes:

• Default - Clean, modern light theme
• Dark - Professional dark theme with proper contrast
• Christmas 🎄 - Festive theme with snowfall animation
• Midnight - Deep purple theme with glowing effects
• Ocean - Cool cyan theme with wave effects

Screenshots:

Festive Christmas theme with snowfall animation

Cool and refreshing Ocean theme

Optional authentication to secure your data

Features:

• Themes persist across all pages and page refreshes
• No flash of unstyled content (FOUC)
• Instant theme switching
• Per-user theme preferences
• Smooth transitions between themes

How to Use:

1. Go to Settings → Appearance
2. Click on your preferred theme
3. Theme applies instantly and persists across all pages

---

🔧 Technical Improvements

Security Enhancements

• bcrypt password hashing with cost factor 12
• HttpOnly, SameSite=Lax session cookies
• CSRF protection on authentication endpoints
• Constant-time password comparison
• Secure session token generation

Authentication Architecture

• Session-based authentication for web UI
• API v1 endpoints remain accessible with API keys (not affected by login requirement)
• Middleware-based route protection
• Public routes for login, password reset, static assets

Theme System Architecture

• CSS custom properties with data attributes ([data-theme="..."])
• localStorage for instant theme application
• Server-side theme storage via API
• Removed legacy dark mode system to prevent conflicts

---

📋 Upgrade Instructions

For Docker Users:

1. Backup your data (see warning above)
2. Pull the latest image:

   docker pull ghcr.io/bscott/subtrackr:v0.5.0

3. Restart your container:

   docker-compose down
   docker-compose up -d

For Source Builds:

1. Backup your data (see warning above)
2. Pull the latest code:

   git checkout main
   git pull

3. Rebuild and restart:

   go build -o subtrackr cmd/server/main.go
   ./subtrackr

---

✅ Testing Verification

• ✅ All 5 themes tested and working across all pages
• ✅ Theme persistence verified (localStorage + database)
• ✅ Login/logout flow tested
• ✅ Password reset flow tested (with SMTP configured)
• ✅ API v1 endpoints verified working with API keys (not blocked by login)
• ✅ Dark theme hover states fixed
• ✅ CLI password reset tool tested
• ✅ Session security verified (HttpOnly cookies, SameSite)

---

🙏 Feedback Welcome

This is a significant update with new authentication and theming features. Please test thoroughly and report any issues!