fix: push notification permission ve toJSON çağrıları tip güvenli hale getirildi

- console_log::init_with_level() now uses expect()
- web_sys::window() now uses expect() with helpful message
- window.document() now uses expect()
- document.body() now uses expect()

This provides meaningful error messages if WASM initialization fails.

.gitea/workflows/build-mips.yml

@@ -26,23 +26,22 @@ jobs:
       run: |
         cd frontend
         npm install
-        # Run Tailwind manually first
         npx @tailwindcss/cli -i input.css -o public/tailwind.css
+        # Trunk'ın optimizasyonunu kapalı (0) tutuyoruz çünkü Cargo.toml'daki opt-level='z' zaten o işi yapıyor.
         trunk build --release
 
     - name: Build Backend (MIPS)
       env:
-        # Ensure we are building a fully static binary
-        # -C link-self-contained=no: Let Zig (the linker) handle CRT objects (crt1.o, etc.)
-        RUSTFLAGS: "-C target-feature=+crt-static -C link-self-contained=no -C link-arg=-msoft-float"
+        # -s ve -w ile binary içindeki gereksiz tüm yükleri siliyoruz.
+        RUSTFLAGS: "-C target-feature=+crt-static -C link-self-contained=no -C link-arg=-msoft-float -C link-arg=-s -C link-arg=-w"
         CFLAGS_mips_unknown_linux_musl: "-msoft-float"
       run: |
-        cd backend
-        cargo zigbuild --target mips-unknown-linux-musl --release -Z build-std=std,panic_abort
-        file target/mips-unknown-linux-musl/release/backend
+        # Sadece gerekli özellikleri derliyoruz (Boyut tasarrufu için swagger kapalı)
+        cargo zigbuild -p backend --target mips-unknown-linux-musl --release -Z build-std=std,panic_abort --no-default-features --features push-notifications
 
-    - name: Rename Binary
-      run: mv target/mips-unknown-linux-musl/release/backend target/mips-unknown-linux-musl/release/vibetorrent-mips
+    - name: Create Release Assets
+      run: |
+        mv target/mips-unknown-linux-musl/release/backend target/mips-unknown-linux-musl/release/vibetorrent-mips
 
     - name: Generate Release Tag
       id: tag
@@ -56,8 +55,10 @@ jobs:
         REPO="admin/vibetorrent"
         API_URL="${{ gitea.server_url }}/api/v1"
 
-        # Create release
-        RELEASE_RESPONSE=$(curl -s -X POST "${API_URL}/repos/${REPO}/releases"           -H "Authorization: token ${RELEASE_TOKEN}"           -H "Content-Type: application/json"           -d "{
+        RELEASE_RESPONSE=$(curl -s -X POST "${API_URL}/repos/${REPO}/releases" \
+          -H "Authorization: token ${RELEASE_TOKEN}" \
+          -H "Content-Type: application/json" \
+          -d "{
             \"tag_name\": \"${TAG}\",
             \"name\": \"Release ${TAG}\",
             \"body\": \"Automated build from commit ${{ gitea.sha }}\",
@@ -66,15 +67,9 @@ jobs:
           }")
 
         RELEASE_ID=$(echo "$RELEASE_RESPONSE" | jq -r '.id')
-        echo "Release ID: $RELEASE_ID"
+        if [ "$RELEASE_ID" = "null" ] || [ -z "$RELEASE_ID" ]; then exit 1; fi
 
-        if [ "$RELEASE_ID" = "null" ] || [ -z "$RELEASE_ID" ]; then
-          echo "Failed to create release:"
-          echo "$RELEASE_RESPONSE"
-          exit 1
-        fi
-
-        # Upload binary as release asset
-        curl -s -X POST "${API_URL}/repos/${REPO}/releases/${RELEASE_ID}/assets?name=vibetorrent-mips"           -H "Authorization: token ${RELEASE_TOKEN}"           -H "Content-Type: application/octet-stream"           --data-binary @target/mips-unknown-linux-musl/release/vibetorrent-mips
-
-        echo "Release ${TAG} created with binary attached."
+        curl -s -X POST "${API_URL}/repos/${REPO}/releases/${RELEASE_ID}/assets?name=vibetorrent-mips" \
+          -H "Authorization: token ${RELEASE_TOKEN}" \
+          -H "Content-Type: application/octet-stream" \
+          --data-binary @target/mips-unknown-linux-musl/release/vibetorrent-mips

.gitignore

@@ -6,3 +6,5 @@ result.xml
 frontend/dist
 backend.log
 .runner
+.env
+backend/.env

Cargo.lock

@@ -300,6 +300,7 @@ dependencies = [
  "clap",
  "dotenvy",
  "futures",
+ "governor",
  "mime_guess",
  "openssl",
  "quick-xml",
@@ -316,6 +317,7 @@ dependencies = [
  "tokio-util",
  "tower 0.4.13",
  "tower-http",
+ "tower_governor",
  "tracing",
  "tracing-subscriber",
  "utoipa",
@@ -801,6 +803,20 @@ dependencies = [
  "parking_lot_core",
 ]
 
+[[package]]
+name = "dashmap"
+version = "6.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf"
+dependencies = [
+ "cfg-if",
+ "crossbeam-utils",
+ "hashbrown 0.14.5",
+ "lock_api",
+ "once_cell",
+ "parking_lot_core",
+]
+
 [[package]]
 name = "data-encoding"
 version = "2.10.0"
@@ -1084,6 +1100,12 @@ version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
 
+[[package]]
+name = "foldhash"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77ce24cb58228fbb8aa041425bb1050850ac19177686ea6e0f41a70416f56fdb"
+
 [[package]]
 name = "foreign-types"
 version = "0.3.2"
@@ -1108,6 +1130,16 @@ dependencies = [
  "percent-encoding",
 ]
 
+[[package]]
+name = "forwarded-header-value"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8835f84f38484cc86f110a805655697908257fb9a7af005234060891557198e9"
+dependencies = [
+ "nonempty",
+ "thiserror 1.0.69",
+]
+
 [[package]]
 name = "frontend"
 version = "0.1.0"
@@ -1214,6 +1246,12 @@ version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988"
 
+[[package]]
+name = "futures-timer"
+version = "3.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f288b0a4f20f9a56b5d1da57e2227c661b7b16168e2f72365f57b63326e29b24"
+
 [[package]]
 name = "futures-util"
 version = "0.3.31"
@@ -1337,6 +1375,29 @@ dependencies = [
  "web-sys",
 ]
 
+[[package]]
+name = "governor"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9efcab3c1958580ff1f25a2a41be1668f7603d849bb63af523b208a3cc1223b8"
+dependencies = [
+ "cfg-if",
+ "dashmap 6.1.0",
+ "futures-sink",
+ "futures-timer",
+ "futures-util",
+ "getrandom 0.3.4",
+ "hashbrown 0.16.1",
+ "nonzero_ext",
+ "parking_lot",
+ "portable-atomic",
+ "quanta",
+ "rand 0.9.2",
+ "smallvec",
+ "spinning_top",
+ "web-time",
+]
+
 [[package]]
 name = "group"
 version = "0.13.0"
@@ -1348,6 +1409,25 @@ dependencies = [
  "subtle",
 ]
 
+[[package]]
+name = "h2"
+version = "0.4.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2f44da3a8150a6703ed5d34e164b875fd14c2cdab9af1252a9a1020bde2bdc54"
+dependencies = [
+ "atomic-waker",
+ "bytes",
+ "fnv",
+ "futures-core",
+ "futures-sink",
+ "http 1.4.0",
+ "indexmap",
+ "slab",
+ "tokio",
+ "tokio-util",
+ "tracing",
+]
+
 [[package]]
 name = "half"
 version = "2.7.1"
@@ -1373,7 +1453,7 @@ checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1"
 dependencies = [
  "allocator-api2",
  "equivalent",
- "foldhash",
+ "foldhash 0.1.5",
 ]
 
 [[package]]
@@ -1381,6 +1461,11 @@ name = "hashbrown"
 version = "0.16.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100"
+dependencies = [
+ "allocator-api2",
+ "equivalent",
+ "foldhash 0.2.0",
+]
 
 [[package]]
 name = "hashlink"
@@ -1569,6 +1654,7 @@ dependencies = [
  "bytes",
  "futures-channel",
  "futures-core",
+ "h2",
  "http 1.4.0",
  "http-body 1.0.1",
  "httparse",
@@ -1578,6 +1664,20 @@ dependencies = [
  "pin-utils",
  "smallvec",
  "tokio",
+ "want",
+]
+
+[[package]]
+name = "hyper-timeout"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2b90d566bffbce6a75bd8b09a05aa8c2cb1fabb6cb348f8840c9e4c90a0d83b0"
+dependencies = [
+ "hyper 1.8.1",
+ "hyper-util",
+ "pin-project-lite",
+ "tokio",
+ "tower-service",
 ]
 
 [[package]]
@@ -1600,13 +1700,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "727805d60e7938b76b826a6ef209eb70eaa1812794f9424d4a4e2d740662df5f"
 dependencies = [
  "bytes",
+ "futures-channel",
  "futures-core",
+ "futures-util",
  "http 1.4.0",
  "http-body 1.0.1",
  "hyper 1.8.1",
+ "libc",
  "pin-project-lite",
+ "socket2 0.6.2",
  "tokio",
  "tower-service",
+ "tracing",
 ]
 
 [[package]]
@@ -2229,6 +2334,18 @@ dependencies = [
  "minimal-lexical",
 ]
 
+[[package]]
+name = "nonempty"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e9e591e719385e6ebaeb5ce5d3887f7d5676fceca6411d1925ccc95745f3d6f7"
+
+[[package]]
+name = "nonzero_ext"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38bf9645c8b145698bb0b18a4637dcacbc421ea49bef2317e4fd8065a387cf21"
+
 [[package]]
 name = "nu-ansi-term"
 version = "0.50.3"
@@ -2700,6 +2817,21 @@ dependencies = [
  "yansi",
 ]
 
+[[package]]
+name = "quanta"
+version = "0.12.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f3ab5a9d756f0d97bdc89019bd2e4ea098cf9cde50ee7564dde6b81ccc8f06c7"
+dependencies = [
+ "crossbeam-utils",
+ "libc",
+ "once_cell",
+ "raw-cpuid",
+ "wasi",
+ "web-sys",
+ "winapi",
+]
+
 [[package]]
 name = "quick-xml"
 version = "0.31.0"
@@ -2806,6 +2938,15 @@ dependencies = [
  "getrandom 0.3.4",
 ]
 
+[[package]]
+name = "raw-cpuid"
+version = "11.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "498cd0dc59d73224351ee52a95fee0f1a617a2eae0e7d9d720cc622c73a54186"
+dependencies = [
+ "bitflags",
+]
+
 [[package]]
 name = "redox_syscall"
 version = "0.5.18"
@@ -3196,7 +3337,7 @@ dependencies = [
  "bytes",
  "ciborium",
  "const_format",
- "dashmap",
+ "dashmap 5.5.3",
  "futures",
  "gloo-net 0.6.0",
  "http 1.4.0",
@@ -3375,6 +3516,15 @@ dependencies = [
  "lock_api",
 ]
 
+[[package]]
+name = "spinning_top"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d96d2d1d716fb500937168cc09353ffdc7a012be8475ac7308e1bdf0e3923300"
+dependencies = [
+ "lock_api",
+]
+
 [[package]]
 name = "spki"
 version = "0.6.0"
@@ -3917,6 +4067,35 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5d99f8c9a7727884afe522e9bd5edbfc91a3312b36a77b5fb8926e4c31a41801"
 
+[[package]]
+name = "tonic"
+version = "0.14.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a286e33f82f8a1ee2df63f4fa35c0becf4a85a0cb03091a15fd7bf0b402dc94a"
+dependencies = [
+ "async-trait",
+ "axum",
+ "base64 0.22.1",
+ "bytes",
+ "h2",
+ "http 1.4.0",
+ "http-body 1.0.1",
+ "http-body-util",
+ "hyper 1.8.1",
+ "hyper-timeout",
+ "hyper-util",
+ "percent-encoding",
+ "pin-project",
+ "socket2 0.6.2",
+ "sync_wrapper",
+ "tokio",
+ "tokio-stream",
+ "tower 0.5.3",
+ "tower-layer",
+ "tower-service",
+ "tracing",
+]
+
 [[package]]
 name = "tower"
 version = "0.4.13"
@@ -3941,9 +4120,12 @@ checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4"
 dependencies = [
  "futures-core",
  "futures-util",
+ "indexmap",
  "pin-project-lite",
+ "slab",
  "sync_wrapper",
  "tokio",
+ "tokio-util",
  "tower-layer",
  "tower-service",
  "tracing",
@@ -3988,6 +4170,23 @@ version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"
 
+[[package]]
+name = "tower_governor"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "44de9b94d849d3c46e06a883d72d408c2de6403367b39df2b1c9d9e7b6736fe6"
+dependencies = [
+ "axum",
+ "forwarded-header-value",
+ "governor",
+ "http 1.4.0",
+ "pin-project",
+ "thiserror 2.0.18",
+ "tonic",
+ "tower 0.5.3",
+ "tracing",
+]
+
 [[package]]
 name = "tracing"
 version = "0.1.44"
@@ -4404,6 +4603,16 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "web-time"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
 [[package]]
 name = "whoami"
 version = "1.6.1"
@@ -4414,6 +4623,22 @@ dependencies = [
  "wasite",
 ]
 
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
 [[package]]
 name = "winapi-util"
 version = "0.1.11"
@@ -4423,6 +4648,12 @@ dependencies = [
  "windows-sys 0.61.2",
 ]
 
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+
 [[package]]
 name = "windows-core"
 version = "0.62.2"

Cargo.toml

@@ -2,13 +2,19 @@
 members = ["backend", "frontend", "shared"]
 resolver = "2"
 
-# Optimize for size (aggressive)
 [profile.release]
+# En küçük binary boyutu
 opt-level = "z"
-lto = true
+# En derin kod temizliği (dead code elimination)
+lto = "fat"
+# En iyi optimizasyon için tek birim derleme
 codegen-units = 1
+# Hata izleme kodlarını atarak yer kazan
 panic = "abort"
+# Sembolleri ve hata ayıklama bilgilerini kesin sil
 strip = true
+# Artık (incremental) build'i kapat ki optimizasyon tam olsun
+incremental = false
 
 [patch.crates-io]
 coarsetime = { path = "third_party/coarsetime" }

backend/.env.example

@@ -3,3 +3,12 @@ RTORRENT_SOCKET=/tmp/rtorrent.sock
 
 # Backend Listen Port
 PORT=3000
+
+# Database URL
+DATABASE_URL=sqlite:vibetorrent.db
+
+# VAPID Keys for Push Notifications
+# Generate new keys for production using: npx web-push generate-vapid-keys
+VAPID_PUBLIC_KEY=YOUR_PUBLIC_VAPID_KEY
+VAPID_PRIVATE_KEY=YOUR_PRIVATE_VAPID_KEY
+VAPID_EMAIL=mailto:your-email@example.com

backend/Cargo.toml

@@ -4,8 +4,9 @@ version = "0.1.0"
 edition = "2021"
 
 [features]
-default = ["push-notifications"]
+default = ["push-notifications", "swagger"]
 push-notifications = ["web-push", "openssl"]
+swagger = ["utoipa-swagger-ui"]
 
 [dependencies]
 axum = { version = "0.8", features = ["macros", "ws"] }
@@ -29,7 +30,7 @@ shared = { path = "../shared" }
 thiserror = "2.0.18"
 dotenvy = "0.15.7"
 utoipa = { version = "5.4.0", features = ["axum_extras"] }
-utoipa-swagger-ui = { version = "9.0.2", features = ["axum"] }
+utoipa-swagger-ui = { version = "9.0.2", features = ["axum"], optional = true }
 web-push = { version = "0.10", default-features = false, features = ["hyper-client"], optional = true }
 base64 = "0.22"
 openssl = { version = "0.10", features = ["vendored"], optional = true }
@@ -39,3 +40,5 @@ axum-extra = { version = "0.10", features = ["cookie"] }
 rand = "0.8"
 anyhow = "1.0.101"
 time = { version = "0.3.47", features = ["serde", "formatting", "parsing"] }
+tower_governor = "0.8.0"
+governor = "0.10.4"

backend/migrations/001_init.sql

@@ -0,0 +1,16 @@
+-- 001_init.sql
+-- Initial schema for users and sessions
+
+CREATE TABLE IF NOT EXISTS users (
+    id INTEGER PRIMARY KEY,
+    username TEXT NOT NULL UNIQUE,
+    password_hash TEXT NOT NULL,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS sessions (
+    token TEXT PRIMARY KEY,
+    user_id INTEGER NOT NULL,
+    expires_at DATETIME NOT NULL,
+    FOREIGN KEY(user_id) REFERENCES users(id)
+);

backend/migrations/002_push_subscriptions.sql

@@ -0,0 +1,13 @@
+-- 002_push_subscriptions.sql
+-- Push notification subscriptions storage
+
+CREATE TABLE IF NOT EXISTS push_subscriptions (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    endpoint TEXT NOT NULL UNIQUE,
+    p256dh TEXT NOT NULL,
+    auth TEXT NOT NULL,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+-- Index for faster lookups by endpoint
+CREATE INDEX IF NOT EXISTS idx_push_subscriptions_endpoint ON push_subscriptions(endpoint);

backend/src/db.rs

@@ -1,6 +1,7 @@
-use sqlx::{sqlite::SqlitePoolOptions, Pool, Sqlite, Row};
+use sqlx::{sqlite::SqlitePoolOptions, Pool, Sqlite, Row, sqlite::SqliteConnectOptions};
 use std::time::Duration;
 use anyhow::Result;
+use std::str::FromStr;
 
 #[derive(Clone)]
 pub struct Db {
@@ -9,42 +10,25 @@ pub struct Db {
 
 impl Db {
     pub async fn new(db_url: &str) -> Result<Self> {
+        let options = SqliteConnectOptions::from_str(db_url)?
+            .create_if_missing(true)
+            .busy_timeout(Duration::from_secs(10)) // Bekleme süresini 10 saniyeye çıkardık
+            .journal_mode(sqlx::sqlite::SqliteJournalMode::Wal)
+            .synchronous(sqlx::sqlite::SqliteSynchronous::Normal);
+
         let pool = SqlitePoolOptions::new()
             .max_connections(5)
-            .acquire_timeout(Duration::from_secs(3))
-            .connect(db_url)
+            .acquire_timeout(Duration::from_secs(10))
+            .connect_with(options)
             .await?;
 
         let db = Self { pool };
-        db.init().await?;
+        db.run_migrations().await?;
         Ok(db)
     }
 
-    async fn init(&self) -> Result<()> {
-        // Create users table
-        sqlx::query(
-            "CREATE TABLE IF NOT EXISTS users (
-                id INTEGER PRIMARY KEY,
-                username TEXT NOT NULL UNIQUE,
-                password_hash TEXT NOT NULL,
-                created_at DATETIME DEFAULT CURRENT_TIMESTAMP
-            )",
-        )
-        .execute(&self.pool)
-        .await?;
-
-        // Create sessions table
-        sqlx::query(
-            "CREATE TABLE IF NOT EXISTS sessions (
-                token TEXT PRIMARY KEY,
-                user_id INTEGER NOT NULL,
-                expires_at DATETIME NOT NULL,
-                FOREIGN KEY(user_id) REFERENCES users(id)
-            )",
-        )
-        .execute(&self.pool)
-        .await?;
-
+    async fn run_migrations(&self) -> Result<()> {
+        sqlx::migrate!("./migrations").run(&self.pool).await?;
         Ok(())
     }
 
@@ -76,6 +60,7 @@ impl Db {
 
         Ok(row.map(|r| r.get(0)))
     }
+
     pub async fn has_users(&self) -> Result<bool> {
         let row: (i64,) = sqlx::query_as("SELECT COUNT(*) FROM users")
             .fetch_one(&self.pool)
@@ -128,4 +113,36 @@ impl Db {
             .await?;
         Ok(())
     }
+
+    // --- Push Subscription Operations ---
+
+    pub async fn save_push_subscription(&self, endpoint: &str, p256dh: &str, auth: &str) -> Result<()> {
+        sqlx::query(
+            "INSERT INTO push_subscriptions (endpoint, p256dh, auth) VALUES (?, ?, ?)
+             ON CONFLICT(endpoint) DO UPDATE SET p256dh = EXCLUDED.p256dh, auth = EXCLUDED.auth"
+        )
+        .bind(endpoint)
+        .bind(p256dh)
+        .bind(auth)
+        .execute(&self.pool)
+        .await?;
+        Ok(())
+    }
+
+    pub async fn remove_push_subscription(&self, endpoint: &str) -> Result<()> {
+        sqlx::query("DELETE FROM push_subscriptions WHERE endpoint = ?")
+            .bind(endpoint)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
+
+    pub async fn get_all_push_subscriptions(&self) -> Result<Vec<(String, String, String)>> {
+        let rows = sqlx::query_as::<_, (String, String, String)>(
+            "SELECT endpoint, p256dh, auth FROM push_subscriptions"
+        )
+        .fetch_all(&self.pool)
+        .await?;
+        Ok(rows)
+    }
 }

backend/src/diff.rs

@@ -1,3 +1,4 @@
+use std::collections::HashMap;
 use shared::{AppEvent, NotificationLevel, SystemNotification, Torrent, TorrentUpdate};
 
 #[derive(Debug)]
@@ -8,24 +9,32 @@ pub enum DiffResult {
 }
 
 pub fn diff_torrents(old: &[Torrent], new: &[Torrent]) -> DiffResult {
-    // 1. Structural Check (Length or Order changed)
+    // 1. Structural Check: Eğer torrent sayısı değişmişse (yeni eklenen veya silinen), 
+    // şimdilik basitlik adına FullUpdate gönderiyoruz.
     if old.len() != new.len() {
         return DiffResult::FullUpdate;
     }
 
-    for (i, t) in new.iter().enumerate() {
-        if old[i].hash != t.hash {
+    // 2. Hash Set Karşılaştırması: 
+    // Sıralama değişmiş olabilir ama torrentler aynı mı?
+    let old_map: HashMap<&str, &Torrent> = old.iter().map(|t| (t.hash.as_str(), t)).collect();
+    
+    // Eğer yeni listedeki bir hash eski listede yoksa, yapı değişmiş demektir.
+    for new_t in new {
+        if !old_map.contains_key(new_t.hash.as_str()) {
             return DiffResult::FullUpdate;
         }
     }
 
-    // 2. Field Updates
+    // 3. Alan Güncellemeleri (Partial Updates)
+    // Buraya geldiğimizde biliyoruz ki old ve new listelerindeki torrentler (hash olarak) aynı,
+    // sadece sıraları farklı olabilir veya içindeki veriler güncellenmiş olabilir.
     let mut events = Vec::new();
 
-    for (i, new_t) in new.iter().enumerate() {
-        let old_t = &old[i];
+    for new_t in new {
+        // old_map'ten ilgili torrente hash ile ulaşalım (sıradan bağımsız)
+        let old_t = old_map.get(new_t.hash.as_str()).unwrap();
 
-        // Initialize with all None
         let mut update = TorrentUpdate {
             hash: new_t.hash.clone(),
             name: None,
@@ -42,7 +51,7 @@ pub fn diff_torrents(old: &[Torrent], new: &[Torrent]) -> DiffResult {
 
         let mut has_changes = false;
 
-        // Compare fields
+        // Alanları karşılaştır
         if old_t.name != new_t.name {
             update.name = Some(new_t.name.clone());
             has_changes = true;
@@ -63,7 +72,7 @@ pub fn diff_torrents(old: &[Torrent], new: &[Torrent]) -> DiffResult {
             update.percent_complete = Some(new_t.percent_complete);
             has_changes = true;
 
-            // Check for torrent completion: reached 100%
+            // Torrent tamamlanma kontrolü
             if old_t.percent_complete < 100.0 && new_t.percent_complete >= 100.0 {
                 tracing::info!("Torrent completed: {} ({})", new_t.name, new_t.hash);
                 events.push(AppEvent::Notification(SystemNotification {
@@ -84,7 +93,6 @@ pub fn diff_torrents(old: &[Torrent], new: &[Torrent]) -> DiffResult {
             update.status = Some(new_t.status.clone());
             has_changes = true;
             
-            // Log status changes for debugging
             tracing::debug!(
                 "Torrent status changed: {} ({}) {:?} -> {:?}",
                 new_t.name, new_t.hash, old_t.status, new_t.status

backend/src/handlers/mod.rs

@@ -690,8 +690,10 @@ pub async fn handle_timeout_error(err: BoxError) -> (StatusCode, &'static str) {
         (status = 200, description = "VAPID public key", body = String)
     )
 )]
-pub async fn get_push_public_key_handler() -> impl IntoResponse {
-    let public_key = push::get_vapid_public_key();
+pub async fn get_push_public_key_handler(
+    State(state): State<AppState>,
+) -> impl IntoResponse {
+    let public_key = state.push_store.get_public_key();
     (StatusCode::OK, Json(serde_json::json!({ "publicKey": public_key }))).into_response()
 }
 

backend/src/main.rs

@@ -3,6 +3,7 @@ mod diff;
 mod handlers;
 #[cfg(feature = "push-notifications")]
 mod push;
+mod rate_limit;
 mod scgi;
 mod sse;
 mod xmlrpc;
@@ -25,12 +26,15 @@ use std::sync::Arc;
 use std::time::Duration;
 use tokio::sync::{broadcast, watch};
 use tower::ServiceBuilder;
+use tower_governor::GovernorLayer;
 use tower_http::{
     compression::{CompressionLayer, CompressionLevel},
     cors::CorsLayer,
     trace::TraceLayer,
 };
+#[cfg(feature = "swagger")]
 use utoipa::OpenApi;
+#[cfg(feature = "swagger")]
 use utoipa_swagger_ui::SwaggerUi;
 
 #[derive(Clone)]
@@ -96,6 +100,7 @@ struct Args {
     reset_password: Option<String>,
 }
 
+#[cfg(feature = "swagger")]
 #[cfg(feature = "push-notifications")]
 #[derive(OpenApi)]
 #[openapi(
@@ -144,6 +149,7 @@ struct Args {
 )]
 struct ApiDoc;
 
+#[cfg(feature = "swagger")]
 #[cfg(not(feature = "push-notifications"))]
 #[derive(OpenApi)]
 #[openapi(
@@ -253,9 +259,7 @@ async fn main() {
                     }
                 };
 
-                // Update in DB (using a direct query since db.rs doesn't have update_password yet)
-                // We should add `update_password` to db.rs for cleaner code, but for now direct query is fine or we can extend Db.
-                // Let's extend Db.rs first to be clean.
+                // Update in DB
                 if let Err(e) = db.update_password(user_id, &password_hash).await {
                      tracing::error!("Failed to update password in DB: {}", e);
                      std::process::exit(1);
@@ -320,13 +324,25 @@ async fn main() {
     // Channel for Events (Diffs)
     let (event_bus, _) = broadcast::channel::<AppEvent>(1024);
 
+    #[cfg(feature = "push-notifications")]
+    let push_store = match push::PushSubscriptionStore::with_db(&db).await {
+        Ok(store) => store,
+        Err(e) => {
+            tracing::error!("Failed to initialize push store: {}", e);
+            push::PushSubscriptionStore::new()
+        }
+    };
+
+    #[cfg(not(feature = "push-notifications"))]
+    let push_store = ();
+
     let app_state = AppState {
         tx: tx.clone(),
         event_bus: event_bus.clone(),
         scgi_socket_path: args.socket.clone(),
         db: db.clone(),
         #[cfg(feature = "push-notifications")]
-        push_store: push::PushSubscriptionStore::new(),
+        push_store,
     };
 
     // Spawn background task to poll rTorrent
@@ -450,12 +466,21 @@ async fn main() {
         }
     });
 
-    let app = Router::new()
-        .merge(SwaggerUi::new("/swagger-ui").url("/api-docs/openapi.json", ApiDoc::openapi()))
+    let app = Router::new();
+
+    #[cfg(feature = "swagger")]
+    let app = app.merge(SwaggerUi::new("/swagger-ui").url("/api-docs/openapi.json", ApiDoc::openapi()));
+
     // Setup & Auth Routes
+    let app = app
         .route("/api/setup/status", get(handlers::setup::get_setup_status_handler))
         .route("/api/setup", post(handlers::setup::setup_handler))
-        .route("/api/auth/login", post(handlers::auth::login_handler))
+        .route(
+            "/api/auth/login",
+            post(handlers::auth::login_handler).layer(GovernorLayer::new(Arc::new(
+                rate_limit::get_login_rate_limit_config(),
+            ))),
+        )
         .route("/api/auth/logout", post(handlers::auth::logout_handler))
         .route("/api/auth/check", get(handlers::auth::check_auth_handler))
         // App Routes
@@ -524,7 +549,12 @@ async fn main() {
         }
     };
     tracing::info!("Backend listening on {}", addr);
-    if let Err(e) = axum::serve(listener, app).await {
+    if let Err(e) = axum::serve(
+        listener,
+        app.into_make_service_with_connect_info::<SocketAddr>(),
+    )
+    .await
+    {
         tracing::error!("Server error: {}", e);
         std::process::exit(1);
     }

backend/src/push.rs

@@ -5,11 +5,9 @@ use utoipa::ToSchema;
 use web_push::{
     HyperWebPushClient, SubscriptionInfo, VapidSignatureBuilder, WebPushClient, WebPushMessageBuilder,
 };
+use futures::StreamExt;
 
-// VAPID keys - PRODUCTION'DA ENVIRONMENT VARIABLE'DAN ALINMALI!
-const VAPID_PUBLIC_KEY: &str = "BEdPj6XQR7MGzM28Nev9wokF5upHoydNDahouJbQ9ZdBJpEFAN1iNfANSEvY0ItasNY5zcvvqN_tjUt64Rfd0gU";
-const VAPID_PRIVATE_KEY: &str = "aUcCYJ7kUd9UClCaWwad0IVgbYJ6svwl19MjSX7GH10";
-const VAPID_EMAIL: &str = "mailto:admin@vibetorrent.app";
+use crate::db::Db;
 
 #[derive(Debug, Clone, Serialize, Deserialize, ToSchema)]
 pub struct PushSubscription {
@@ -23,39 +21,107 @@ pub struct PushKeys {
     pub auth: String,
 }
 
-/// In-memory store for push subscriptions
-/// TODO: Replace with database in production
-#[derive(Default, Clone)]
+#[derive(Clone)]
+pub struct VapidConfig {
+    pub private_key: String,
+    pub public_key: String,
+    pub email: String,
+}
+
+#[derive(Clone)]
 pub struct PushSubscriptionStore {
+    db: Option<Db>,
     subscriptions: Arc<RwLock<Vec<PushSubscription>>>,
+    vapid_config: VapidConfig,
 }
 
 impl PushSubscriptionStore {
     pub fn new() -> Self {
+        let private_key = std::env::var("VAPID_PRIVATE_KEY").expect("VAPID_PRIVATE_KEY must be set in .env");
+        let public_key = std::env::var("VAPID_PUBLIC_KEY").expect("VAPID_PUBLIC_KEY must be set in .env");
+        let email = std::env::var("VAPID_EMAIL").expect("VAPID_EMAIL must be set in .env");
+
         Self {
+            db: None,
             subscriptions: Arc::new(RwLock::new(Vec::new())),
+            vapid_config: VapidConfig {
+                private_key,
+                public_key,
+                email,
+            },
         }
     }
 
+    pub async fn with_db(db: &Db) -> Result<Self, Box<dyn std::error::Error>> {
+        let mut subscriptions_vec: Vec<PushSubscription> = Vec::new();
+
+        // Load existing subscriptions from DB
+        let subs = db.get_all_push_subscriptions().await?;
+        for (endpoint, p256dh, auth) in subs {
+            subscriptions_vec.push(PushSubscription {
+                endpoint,
+                keys: PushKeys { p256dh, auth },
+            });
+        }
+        tracing::info!("Loaded {} push subscriptions from database", subscriptions_vec.len());
+
+        let private_key = std::env::var("VAPID_PRIVATE_KEY").expect("VAPID_PRIVATE_KEY must be set in .env");
+        let public_key = std::env::var("VAPID_PUBLIC_KEY").expect("VAPID_PUBLIC_KEY must be set in .env");
+        let email = std::env::var("VAPID_EMAIL").expect("VAPID_EMAIL must be set in .env");
+
+        Ok(Self {
+            db: Some(db.clone()),
+            subscriptions: Arc::new(RwLock::new(subscriptions_vec)),
+            vapid_config: VapidConfig {
+                private_key,
+                public_key,
+                email,
+            },
+        })
+    }
+
     pub async fn add_subscription(&self, subscription: PushSubscription) {
+        // Add to memory
         let mut subs = self.subscriptions.write().await;
 
         // Remove duplicate endpoint if exists
         subs.retain(|s| s.endpoint != subscription.endpoint);
-        
-        subs.push(subscription);
+        subs.push(subscription.clone());
         tracing::info!("Added push subscription. Total: {}", subs.len());
+
+        // Save to DB if available
+        if let Some(db) = &self.db {
+            if let Err(e) = db.save_push_subscription(
+                &subscription.endpoint,
+                &subscription.keys.p256dh,
+                &subscription.keys.auth,
+            ).await {
+                tracing::error!("Failed to save push subscription to DB: {}", e);
+            }
+        }
     }
 
     pub async fn remove_subscription(&self, endpoint: &str) {
+        // Remove from memory
         let mut subs = self.subscriptions.write().await;
         subs.retain(|s| s.endpoint != endpoint);
         tracing::info!("Removed push subscription. Total: {}", subs.len());
+
+        // Remove from DB if available
+        if let Some(db) = &self.db {
+            if let Err(e) = db.remove_push_subscription(endpoint).await {
+                tracing::error!("Failed to remove push subscription from DB: {}", e);
+            }
+        }
     }
 
     pub async fn get_all_subscriptions(&self) -> Vec<PushSubscription> {
         self.subscriptions.read().await.clone()
     }
+
+    pub fn get_public_key(&self) -> &str {
+        &self.vapid_config.public_key
+    }
 }
 
 /// Send push notification to all subscribed clients
@@ -81,9 +147,18 @@ pub async fn send_push_notification(
         "tag": "vibetorrent"
     });
 
-    let client = HyperWebPushClient::new();
+    let client = Arc::new(HyperWebPushClient::new());
+    let vapid_config = store.vapid_config.clone();
+    let payload_str = payload.to_string();
 
-    for subscription in subscriptions {
+    // Send notifications concurrently
+    futures::stream::iter(subscriptions)
+        .for_each_concurrent(10, |subscription| {
+            let client = client.clone();
+            let vapid_config = vapid_config.clone();
+            let payload_str = payload_str.clone();
+
+            async move {
                 let subscription_info = SubscriptionInfo {
                     endpoint: subscription.endpoint.clone(),
                     keys: web_push::SubscriptionKeys {
@@ -92,36 +167,48 @@ pub async fn send_push_notification(
                     },
                 };
 
-        let mut sig_builder = VapidSignatureBuilder::from_base64(
-            VAPID_PRIVATE_KEY,
+                let sig_res = VapidSignatureBuilder::from_base64(
+                    &vapid_config.private_key,
                     web_push::URL_SAFE_NO_PAD,
                     &subscription_info,
-        )?;
+                );
 
-        sig_builder.add_claim("sub", VAPID_EMAIL);
-        sig_builder.add_claim("aud", subscription.endpoint.clone());
-        let signature = sig_builder.build()?;
+                match sig_res {
+                    Ok(mut sig_builder) => {
+                        sig_builder.add_claim("sub", vapid_config.email.as_str());
+                        sig_builder.add_claim("aud", subscription.endpoint.as_str());
                         
+                        match sig_builder.build() {
+                            Ok(signature) => {
                                 let mut builder = WebPushMessageBuilder::new(&subscription_info);
                                 builder.set_vapid_signature(signature);
-        
-        let payload_str = payload.to_string();
                                 builder.set_payload(web_push::ContentEncoding::Aes128Gcm, payload_str.as_bytes());
 
-        match client.send(builder.build()?).await {
+                                match builder.build() {
+                                    Ok(msg) => {
+                                        match client.send(msg).await {
                                             Ok(_) => {
                                                 tracing::debug!("Push notification sent to: {}", subscription.endpoint);
                                             }
                                             Err(e) => {
-                tracing::error!("Failed to send push notification: {}", e);
-                // TODO: Remove invalid subscriptions
+                                                tracing::error!("Failed to send push notification to {}: {}", subscription.endpoint, e);
                                             }
                                         }
                                     }
+                                    Err(e) => tracing::error!("Failed to build push message: {}", e),
+                                }
+                            }
+                            Err(e) => tracing::error!("Failed to build VAPID signature: {}", e),
+                        }
+                    }
+                    Err(e) => tracing::error!("Failed to create VAPID signature builder: {}", e),
+                }
+            }
+        })
+        .await;
 
         Ok(())
+
     }
 
-pub fn get_vapid_public_key() -> &'static str {
-    VAPID_PUBLIC_KEY
-}
+    

backend/src/rate_limit.rs

@@ -0,0 +1,16 @@
+use governor::clock::QuantaInstant;
+use governor::middleware::NoOpMiddleware;
+use tower_governor::governor::GovernorConfig;
+use tower_governor::governor::GovernorConfigBuilder;
+use tower_governor::key_extractor::SmartIpKeyExtractor;
+
+pub fn get_login_rate_limit_config() -> GovernorConfig<SmartIpKeyExtractor, NoOpMiddleware<QuantaInstant>> {
+    // 5 yanlış denemeden sonra bloklanır.
+    // Her yeni hak için 60 saniye (1 dakika) bekleme süresi.
+    GovernorConfigBuilder::default()
+        .key_extractor(SmartIpKeyExtractor)
+        .per_second(60) 
+        .burst_size(5)
+        .finish()
+        .unwrap()
+}

docker/runner/Dockerfile

@@ -20,6 +20,8 @@ RUN apt-get update && apt-get install -y \
     jq \
     # Needed for some crate compilations
     protobuf-compiler \
+    # Install binaryen to have wasm-opt available system-wide
+    binaryen \
     && rm -rf /var/lib/apt/lists/*
 
 # 2. Install Node.js v20 (Manual install to support multi-arch cleanly)
@@ -70,7 +72,7 @@ RUN . "$HOME/.cargo/env" && \
     ARCH=$(dpkg --print-architecture) && \
     if [ "$ARCH" = "amd64" ]; then TRUNK_ARCH="x86_64-unknown-linux-gnu"; \
     elif [ "$ARCH" = "arm64" ]; then TRUNK_ARCH="aarch64-unknown-linux-gnu"; fi && \
-    wget -qO- "https://github.com/trunk-rs/trunk/releases/download/v0.21.5/trunk-$TRUNK_ARCH.tar.gz" | tar -xzf - -C /root/.cargo/bin/ && \
+    wget -qO- "https://github.com/trunk-rs/trunk/releases/download/v0.21.14/trunk-$TRUNK_ARCH.tar.gz" | tar -xzf - -C /root/.cargo/bin/ && \
     chmod +x /root/.cargo/bin/trunk && \
     # Install wasm-bindgen-cli (Compiling from source to avoid glibc issues, doing it ONCE here)
     cargo install wasm-bindgen-cli --version 0.2.108

frontend/Cargo.toml

@@ -52,3 +52,5 @@ web-sys = { version = "0.3", features = [
 shared = { path = "../shared" }
 tailwind_fuse = "0.3.2"
 js-sys = "0.3.85"
+base64 = "0.22.1"
+serde-wasm-bindgen = "0.6.5"

frontend/index.html

@@ -86,12 +86,15 @@
             id="app-loading"
             style="
                 display: flex;
+                flex-direction: column;
                 justify-content: center;
                 align-items: center;
                 height: 100vh;
+                font-family: sans-serif;
             "
         >
             <div
+                id="app-loading-spinner"
                 style="
                     width: 40px;
                     height: 40px;
@@ -102,6 +105,32 @@
                     opacity: 0.5;
                 "
             ></div>
+            <div
+                id="app-loading-error"
+                style="display: none; text-align: center; margin-top: 20px; padding: 0 20px"
+            >
+                <p style="color: #ef4444; font-weight: bold; margin-bottom: 8px">
+                    Uygulama yüklenemedi
+                </p>
+                <p style="font-size: 14px; opacity: 0.7">
+                    Bağlantınız yavaş olabilir veya bir sistem hatası oluşmuş olabilir.
+                </p>
+                <button
+                    onclick="location.reload()"
+                    style="
+                        margin-top: 16px;
+                        padding: 8px 16px;
+                        background: #3b82f6;
+                        color: white;
+                        border: none;
+                        border-radius: 6px;
+                        cursor: pointer;
+                        font-weight: 500;
+                    "
+                >
+                    Sayfayı Yenile
+                </button>
+            </div>
         </div>
         <style>
             @keyframes spin {
@@ -115,6 +144,34 @@
             }
         </style>
 
+        <script>
+            // App loading timeout handler
+            (function () {
+                var timeout = setTimeout(function () {
+                    if (!document.body.classList.contains("app-loaded")) {
+                        var spinner = document.getElementById("app-loading-spinner");
+                        var error = document.getElementById("app-loading-error");
+                        if (spinner) spinner.style.display = "none";
+                        if (error) error.style.display = "block";
+                    }
+                }, 15000); // 15 seconds timeout
+
+                // Clean up timeout if app loads
+                var observer = new MutationObserver(function (mutations) {
+                    mutations.forEach(function (mutation) {
+                        if (
+                            mutation.attributeName === "class" &&
+                            document.body.classList.contains("app-loaded")
+                        ) {
+                            clearTimeout(timeout);
+                            observer.disconnect();
+                        }
+                    });
+                });
+                observer.observe(document.body, { attributes: true });
+            })();
+        </script>
+        
         <!-- Service Worker Registration & PWA Setup -->
         <script>
             if ("serviceWorker" in navigator) {

frontend/src/components/auth/login.rs

@@ -41,6 +41,8 @@ pub fn Login() -> impl IntoView {
                         logging::log!("Login successful, redirecting...");
                         // Force a full reload to re-run auth checks in App.rs
                         let _ = window().location().set_href("/");
+                    } else if resp.status() == 429 {
+                        set_error.set(Some("Çok fazla başarısız deneme yaptınız. Lütfen bir süre bekleyip tekrar deneyin.".to_string()));
                     } else {
                         let text = resp.text().await.unwrap_or_default();
                         logging::error!("Login failed: {}", text);

frontend/src/components/torrent/table.rs

@@ -46,6 +46,9 @@ fn format_duration(seconds: i64) -> String {
 }
 
 fn format_date(timestamp: i64) -> String {
+    if timestamp <= 0 {
+        return "N/A".to_string();
+    }
     let dt = chrono::DateTime::from_timestamp(timestamp, 0);
     match dt {
         Some(dt) => dt.format("%d/%m/%Y %H:%M").to_string(),
@@ -339,14 +342,6 @@ pub fn TorrentTable() -> impl IntoView {
             </div>
 
                         <div class="md:hidden flex flex-col h-full bg-base-200 relative">
-                            // Transparent overlay to close sort dropdown
-                            <Show when=move || sort_open.get()>
-                                <div
-                                    class="fixed inset-0 z-[98] cursor-default"
-                                    on:click=move |_| set_sort_open.set(false)
-                                ></div>
-                            </Show>
-
                             <div class="px-3 py-2 border-b border-base-200 flex justify-between items-center bg-base-100/95 backdrop-blur z-10 shrink-0">
                                 <span class="text-xs font-bold opacity-50 uppercase tracking-wider">"Torrents"</span>
 
@@ -354,7 +349,7 @@ pub fn TorrentTable() -> impl IntoView {
                                     <div
                                         role="button"
                                         class="btn btn-ghost btn-xs gap-1 opacity-70 font-normal"
-                                        on:click=move |e| {
+                                        on:pointerdown=move |e| {
                                             e.stop_propagation();
                                             let cur = sort_open.get_untracked();
                                             set_sort_open.set(!cur);
@@ -368,7 +363,6 @@ pub fn TorrentTable() -> impl IntoView {
                                     <ul
                                         class="absolute top-full right-0 z-[100] menu p-2 shadow bg-base-100 rounded-box w-48 mt-1 border border-base-200 text-xs"
                                         style=move || if sort_open.get() { "display: block" } else { "display: none" }
-                                        on:pointerdown=move |e| e.stop_propagation()
                                     >
                                          <li class="menu-title px-2 py-1 opacity-50 text-[10px] uppercase font-bold">"Sort By"</li>
                                          {
@@ -390,9 +384,9 @@ pub fn TorrentTable() -> impl IntoView {
                                                   view! {
                                                       <li>
                                                           <button
+                                                              type="button"
                                                               class=move || if is_active() { "bg-primary/10 text-primary font-bold flex justify-between" } else { "flex justify-between" }
-                                                              on:click=move |e| {
-                                                                  e.prevent_default();
+                                                              on:pointerdown=move |e| {
                                                                   e.stop_propagation();
                                                                   handle_sort(col);
                                                                   set_sort_open.set(false);

frontend/src/lib.rs

@@ -11,11 +11,15 @@ use app::App;
 #[wasm_bindgen(start)]
 pub fn main() {
     console_error_panic_hook::set_once();
-    console_log::init_with_level(log::Level::Debug).unwrap();
+    console_log::init_with_level(log::Level::Debug)
+        .expect("Failed to initialize logging");
 
-    let window = web_sys::window().unwrap();
-    let document = window.document().unwrap();
-    let body = document.body().unwrap();
+    let window = web_sys::window()
+        .expect("Failed to access window - browser may not be fully loaded");
+    let document = window.document()
+        .expect("Failed to access document");
+    let body = document.body()
+        .expect("Failed to access document body");
     
     // Add app-loaded class to body to hide spinner via CSS
     let _ = body.class_list().add_1("app-loaded");

frontend/src/store.rs

@@ -143,6 +143,12 @@ pub fn provide_torrent_store() {
 
     // Initialize SSE connection with auto-reconnect
     create_effect(move |_| {
+        // Sadece kullanıcı giriş yapmışsa bağlantıyı başlat
+        if user.get().is_none() {
+            logging::log!("SSE: User not authenticated, skipping connection.");
+            return;
+        }
+
         spawn_local(async move {
             let mut backoff_ms: u32 = 1000; // Start with 1 second
             let max_backoff_ms: u32 = 30000; // Max 30 seconds
@@ -322,68 +328,47 @@ pub async fn subscribe_to_push_notifications() {
 
     // First, request notification permission if not already granted
     let window = web_sys::window().expect("window should exist");
-    let permission_granted = if let Ok(notification_class) = js_sys::Reflect::get(&window, &"Notification".into()) {
-        if notification_class.is_undefined() {
-            log::error!("Notification API not available");
-            return;
-        }
     
-        // Check current permission
-        let current_permission = js_sys::Reflect::get(&notification_class, &"permission".into())
-            .ok()
-            .and_then(|p| p.as_string())
-            .unwrap_or_default();
-
-        if current_permission == "granted" {
+    // Notification.permission is a static property, but web_sys exposes it via the Notification class instance or we check it manually.
+    // Actually, Notification::permission() is a static method in web_sys.
+    match web_sys::Notification::permission() {
+        web_sys::NotificationPermission::Granted => {
             log::info!("Notification permission already granted");
-            true
-        } else if current_permission == "denied" {
+        }
+        web_sys::NotificationPermission::Denied => {
             log::warn!("Notification permission was denied");
             return;
-        } else {
-            // Permission is "default" - need to request
-            log::info!("Requesting notification permission...");
-            if let Ok(request_fn) = js_sys::Reflect::get(&notification_class, &"requestPermission".into()) {
-                if request_fn.is_function() {
-                    let request_fn_typed = js_sys::Function::from(request_fn);
-                    match request_fn_typed.call0(&notification_class) {
-                        Ok(promise_val) => {
-                            let request_future = wasm_bindgen_futures::JsFuture::from(
-                                js_sys::Promise::from(promise_val)
-                            );
-                            match request_future.await {
-                                Ok(result) => {
-                                    let result_str = result.as_string().unwrap_or_default();
-                                    log::info!("Permission request result: {}", result_str);
-                                    result_str == "granted"
         }
+        web_sys::NotificationPermission::Default => {
+            log::info!("Requesting notification permission...");
+            let permission_promise = match web_sys::Notification::request_permission() {
+                Ok(p) => p,
                 Err(e) => {
                     log::error!("Failed to request notification permission: {:?}", e);
-                                    false
-                                }
-                            }
-                        }
-                        Err(e) => {
-                            log::error!("Failed to call requestPermission: {:?}", e);
-                            false
-                        }
-                    }
-                } else {
-                    false
-                }
-            } else {
-                false
-            }
-        }
-    } else {
-        log::error!("Cannot access Notification class");
                     return;
+                }
             };
             
-    if !permission_granted {
-        log::warn!("Notification permission not granted, cannot subscribe to push");
+            match wasm_bindgen_futures::JsFuture::from(permission_promise).await {
+                Ok(val) => {
+                    let permission = val.as_string().unwrap_or_default();
+                    if permission != "granted" {
+                        log::warn!("Notification permission denied by user");
                         return;
                     }
+                    log::info!("Notification permission granted by user");
+                }
+                Err(e) => {
+                    log::error!("Failed to await notification permission: {:?}", e);
+                    return;
+                }
+            }
+        }
+        _ => {
+             log::warn!("Unknown notification permission status");
+             return;
+        }
+    }
 
     log::info!("Notification permission granted! Proceeding with push subscription...");
 
@@ -427,7 +412,6 @@ pub async fn subscribe_to_push_notifications() {
     };
 
     // Get service worker registration
-    let window = web_sys::window().expect("window should exist");
     let navigator = window.navigator();
     let service_worker = navigator.service_worker();
 
@@ -488,12 +472,14 @@ pub async fn subscribe_to_push_notifications() {
         .dyn_into::<web_sys::PushSubscription>()
         .expect("should be PushSubscription");
 
-    // Get subscription JSON using toJSON() method
-    let json_result = match js_sys::Reflect::get(&push_subscription, &"toJSON".into()) {
+    // PushSubscription objects can be serialized directly via JSON.stringify which calls their toJSON method internally.
+    // Or we can use Reflect to call toJSON if we want the object directly.
+    // Let's use the robust way: call toJSON via Reflect but handle it gracefully.
+    let json_val = match js_sys::Reflect::get(&push_subscription, &"toJSON".into()) {
         Ok(func) if func.is_function() => {
              let json_func = js_sys::Function::from(func);
              match json_func.call0(&push_subscription) {
-                Ok(result) => result,
+                 Ok(res) => res,
                  Err(e) => {
                      log::error!("Failed to call toJSON: {:?}", e);
                      return;
@@ -501,25 +487,30 @@ pub async fn subscribe_to_push_notifications() {
              }
         }
         _ => {
-            log::error!("toJSON method not found on PushSubscription");
-            return;
-        }
-    };
-
-    let json_value = match js_sys::JSON::stringify(&json_result) {
-        Ok(val) => val,
+            // Fallback: try to stringify the object directly
+            // log::warn!("toJSON not found, trying JSON.stringify");
+            let json_str = match js_sys::JSON::stringify(&push_subscription) {
+                Ok(s) => s,
                 Err(e) => {
                     log::error!("Failed to stringify subscription: {:?}", e);
                     return;
                 }
             };
+            // Parse back to object to match our expected flow (slightly inefficient but safe)
+            match js_sys::JSON::parse(&String::from(json_str)) {
+                Ok(v) => v,
+                Err(e) => {
+                    log::error!("Failed to parse stringified subscription: {:?}", e);
+                    return;
+                }
+            }
+        }
+    };
     
-    let subscription_json_str = json_value.as_string().expect("should be string");
-
-    log::info!("Push subscription: {}", subscription_json_str);
-
-    // Parse and send to backend
-    let subscription_data: serde_json::Value = match serde_json::from_str(&subscription_json_str) {
+    // Convert JsValue (JSON object) to PushSubscriptionJSON struct via serde
+    // Note: web_sys::PushSubscriptionJSON is not a struct we can directly use with serde_json usually,
+    // but we can use serde-wasm-bindgen to convert JsValue -> Rust Struct
+    let subscription_data: PushSubscriptionData = match serde_wasm_bindgen::from_value(json_val) {
         Ok(data) => data,
         Err(e) => {
             log::error!("Failed to parse subscription JSON: {:?}", e);
@@ -527,37 +518,9 @@ pub async fn subscribe_to_push_notifications() {
         }
     };
 
-    // Extract endpoint and keys
-    let endpoint = subscription_data
-        .get("endpoint")
-        .and_then(|v| v.as_str())
-        .expect("endpoint should exist")
-        .to_string();
-
-    let keys_obj = subscription_data
-        .get("keys")
-        .expect("keys should exist");
-
-    let p256dh = keys_obj
-        .get("p256dh")
-        .and_then(|v| v.as_str())
-        .expect("p256dh should exist")
-        .to_string();
-
-    let auth = keys_obj
-        .get("auth")
-        .and_then(|v| v.as_str())
-        .expect("auth should exist")
-        .to_string();
-
-    let push_data = PushSubscriptionData {
-        endpoint,
-        keys: PushKeys { p256dh, auth },
-    };
-
-    // Send to backend
+    // Send to backend (subscription_data is already the struct we need)
     let response = match Request::post("/api/push/subscribe")
-        .json(&push_data)
+        .json(&subscription_data)
         .expect("serialization should succeed")
         .send()
         .await
@@ -577,34 +540,15 @@ pub async fn subscribe_to_push_notifications() {
 }
 
 /// Helper to convert URL-safe base64 string to Uint8Array
-/// Uses JavaScript to properly decode binary data (avoids UTF-8 encoding issues)
+/// Uses pure Rust base64 crate for better safety and performance
 fn url_base64_to_uint8array(base64_string: &str) -> Result<js_sys::Uint8Array, JsValue> {
-    // Add padding
-    let padding = (4 - (base64_string.len() % 4)) % 4;
-    let mut padded = base64_string.to_string();
-    padded.push_str(&"=".repeat(padding));
+    use base64::{engine::general_purpose, Engine as _};
 
-    // Replace URL-safe characters
-    let standard_base64 = padded.replace('-', "+").replace('_', "/");
+    // VAPID keys are URL-safe base64. Try both NO_PAD and padded for robustness.
+    let bytes = general_purpose::URL_SAFE_NO_PAD
+        .decode(base64_string)
+        .or_else(|_| general_purpose::URL_SAFE.decode(base64_string))
+        .map_err(|e| JsValue::from_str(&format!("Base64 decode error: {}", e)))?;
 
-    // Decode using JavaScript to avoid UTF-8 encoding issues
-    // Create a JavaScript function to decode the base64 and convert to Uint8Array
-    let js_code = format!(
-        r#"
-        (function() {{
-            const binaryString = atob('{}');
-            const bytes = new Uint8Array(binaryString.length);
-            for (let i = 0; i < binaryString.length; i++) {{
-                bytes[i] = binaryString.charCodeAt(i);
-            }}
-            return bytes;
-        }})()
-        "#,
-        standard_base64
-    );
-
-    let result = js_sys::eval(&js_code)?;
-    let array = result.dyn_into::<js_sys::Uint8Array>()?;
-
-    Ok(array)
+    Ok(js_sys::Uint8Array::from(&bytes[..]))
 }