fix: build hatasını aşmak için wasm-opt geçici olarak devre dışı bırakıldı

fix: wasm-opt build hatası için rustc ve wasm-opt versiyon ayarları güncellendi
fix: wasm-opt build hatası için bulk-memory özelliği devre dışı bırakıldı
2026-02-08 16:44:29 +03:00 · 2026-02-08 16:42:13 +03:00 · 2026-02-08 16:37:45 +03:00 · 2026-02-08 16:33:46 +03:00 · 2026-02-08 16:29:33 +03:00 · 2026-02-08 16:26:16 +03:00
17 changed files with 477 additions and 86 deletions
--- a/.cargo/config.toml
+++ b/.cargo/config.toml
@@ -0,0 +1,5 @@
+[build]
+rustflags = ["-C", "target-feature=-bulk-memory"]
+
+[target.wasm32-unknown-unknown]
+rustflags = ["-C", "target-feature=-bulk-memory"]
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,5 @@ result.xml
 frontend/dist
 backend.log
 .runner
+.env
+backend/.env
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -300,6 +300,7 @@ dependencies = [
 "clap",
 "dotenvy",
 "futures",
+ "governor",
 "mime_guess",
 "openssl",
 "quick-xml",
@@ -316,6 +317,7 @@ dependencies = [
 "tokio-util",
 "tower 0.4.13",
 "tower-http",
+ "tower_governor",
 "tracing",
 "tracing-subscriber",
 "utoipa",
@@ -801,6 +803,20 @@ dependencies = [
 "parking_lot_core",
 ]

+[[package]]
+name = "dashmap"
+version = "6.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf"
+dependencies = [
+ "cfg-if",
+ "crossbeam-utils",
+ "hashbrown 0.14.5",
+ "lock_api",
+ "once_cell",
+ "parking_lot_core",
+]
+
 [[package]]
 name = "data-encoding"
 version = "2.10.0"
@@ -1084,6 +1100,12 @@ version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"

+[[package]]
+name = "foldhash"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77ce24cb58228fbb8aa041425bb1050850ac19177686ea6e0f41a70416f56fdb"
+
 [[package]]
 name = "foreign-types"
 version = "0.3.2"
@@ -1108,6 +1130,16 @@ dependencies = [
 "percent-encoding",
 ]

+[[package]]
+name = "forwarded-header-value"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8835f84f38484cc86f110a805655697908257fb9a7af005234060891557198e9"
+dependencies = [
+ "nonempty",
+ "thiserror 1.0.69",
+]
+
 [[package]]
 name = "frontend"
 version = "0.1.0"
@@ -1214,6 +1246,12 @@ version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988"

+[[package]]
+name = "futures-timer"
+version = "3.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f288b0a4f20f9a56b5d1da57e2227c661b7b16168e2f72365f57b63326e29b24"
+
 [[package]]
 name = "futures-util"
 version = "0.3.31"
@@ -1337,6 +1375,29 @@ dependencies = [
 "web-sys",
 ]

+[[package]]
+name = "governor"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9efcab3c1958580ff1f25a2a41be1668f7603d849bb63af523b208a3cc1223b8"
+dependencies = [
+ "cfg-if",
+ "dashmap 6.1.0",
+ "futures-sink",
+ "futures-timer",
+ "futures-util",
+ "getrandom 0.3.4",
+ "hashbrown 0.16.1",
+ "nonzero_ext",
+ "parking_lot",
+ "portable-atomic",
+ "quanta",
+ "rand 0.9.2",
+ "smallvec",
+ "spinning_top",
+ "web-time",
+]
+
 [[package]]
 name = "group"
 version = "0.13.0"
@@ -1348,6 +1409,25 @@ dependencies = [
 "subtle",
 ]

+[[package]]
+name = "h2"
+version = "0.4.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2f44da3a8150a6703ed5d34e164b875fd14c2cdab9af1252a9a1020bde2bdc54"
+dependencies = [
+ "atomic-waker",
+ "bytes",
+ "fnv",
+ "futures-core",
+ "futures-sink",
+ "http 1.4.0",
+ "indexmap",
+ "slab",
+ "tokio",
+ "tokio-util",
+ "tracing",
+]
+
 [[package]]
 name = "half"
 version = "2.7.1"
@@ -1373,7 +1453,7 @@ checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1"
 dependencies = [
 "allocator-api2",
 "equivalent",
- "foldhash",
+ "foldhash 0.1.5",
 ]

 [[package]]
@@ -1381,6 +1461,11 @@ name = "hashbrown"
 version = "0.16.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100"
+dependencies = [
+ "allocator-api2",
+ "equivalent",
+ "foldhash 0.2.0",
+]

 [[package]]
 name = "hashlink"
@@ -1569,6 +1654,7 @@ dependencies = [
 "bytes",
 "futures-channel",
 "futures-core",
+ "h2",
 "http 1.4.0",
 "http-body 1.0.1",
 "httparse",
@@ -1578,6 +1664,20 @@ dependencies = [
 "pin-utils",
 "smallvec",
 "tokio",
+ "want",
+]
+
+[[package]]
+name = "hyper-timeout"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2b90d566bffbce6a75bd8b09a05aa8c2cb1fabb6cb348f8840c9e4c90a0d83b0"
+dependencies = [
+ "hyper 1.8.1",
+ "hyper-util",
+ "pin-project-lite",
+ "tokio",
+ "tower-service",
 ]

 [[package]]
@@ -1600,13 +1700,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "727805d60e7938b76b826a6ef209eb70eaa1812794f9424d4a4e2d740662df5f"
 dependencies = [
 "bytes",
+ "futures-channel",
 "futures-core",
+ "futures-util",
 "http 1.4.0",
 "http-body 1.0.1",
 "hyper 1.8.1",
+ "libc",
 "pin-project-lite",
+ "socket2 0.6.2",
 "tokio",
 "tower-service",
+ "tracing",
 ]

 [[package]]
@@ -2229,6 +2334,18 @@ dependencies = [
 "minimal-lexical",
 ]

+[[package]]
+name = "nonempty"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e9e591e719385e6ebaeb5ce5d3887f7d5676fceca6411d1925ccc95745f3d6f7"
+
+[[package]]
+name = "nonzero_ext"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38bf9645c8b145698bb0b18a4637dcacbc421ea49bef2317e4fd8065a387cf21"
+
 [[package]]
 name = "nu-ansi-term"
 version = "0.50.3"
@@ -2700,6 +2817,21 @@ dependencies = [
 "yansi",
 ]

+[[package]]
+name = "quanta"
+version = "0.12.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f3ab5a9d756f0d97bdc89019bd2e4ea098cf9cde50ee7564dde6b81ccc8f06c7"
+dependencies = [
+ "crossbeam-utils",
+ "libc",
+ "once_cell",
+ "raw-cpuid",
+ "wasi",
+ "web-sys",
+ "winapi",
+]
+
 [[package]]
 name = "quick-xml"
 version = "0.31.0"
@@ -2806,6 +2938,15 @@ dependencies = [
 "getrandom 0.3.4",
 ]

+[[package]]
+name = "raw-cpuid"
+version = "11.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "498cd0dc59d73224351ee52a95fee0f1a617a2eae0e7d9d720cc622c73a54186"
+dependencies = [
+ "bitflags",
+]
+
 [[package]]
 name = "redox_syscall"
 version = "0.5.18"
@@ -3196,7 +3337,7 @@ dependencies = [
 "bytes",
 "ciborium",
 "const_format",
- "dashmap",
+ "dashmap 5.5.3",
 "futures",
 "gloo-net 0.6.0",
 "http 1.4.0",
@@ -3375,6 +3516,15 @@ dependencies = [
 "lock_api",
 ]

+[[package]]
+name = "spinning_top"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d96d2d1d716fb500937168cc09353ffdc7a012be8475ac7308e1bdf0e3923300"
+dependencies = [
+ "lock_api",
+]
+
 [[package]]
 name = "spki"
 version = "0.6.0"
@@ -3917,6 +4067,35 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5d99f8c9a7727884afe522e9bd5edbfc91a3312b36a77b5fb8926e4c31a41801"

+[[package]]
+name = "tonic"
+version = "0.14.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a286e33f82f8a1ee2df63f4fa35c0becf4a85a0cb03091a15fd7bf0b402dc94a"
+dependencies = [
+ "async-trait",
+ "axum",
+ "base64 0.22.1",
+ "bytes",
+ "h2",
+ "http 1.4.0",
+ "http-body 1.0.1",
+ "http-body-util",
+ "hyper 1.8.1",
+ "hyper-timeout",
+ "hyper-util",
+ "percent-encoding",
+ "pin-project",
+ "socket2 0.6.2",
+ "sync_wrapper",
+ "tokio",
+ "tokio-stream",
+ "tower 0.5.3",
+ "tower-layer",
+ "tower-service",
+ "tracing",
+]
+
 [[package]]
 name = "tower"
 version = "0.4.13"
@@ -3941,9 +4120,12 @@ checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4"
 dependencies = [
 "futures-core",
 "futures-util",
+ "indexmap",
 "pin-project-lite",
+ "slab",
 "sync_wrapper",
 "tokio",
+ "tokio-util",
 "tower-layer",
 "tower-service",
 "tracing",
@@ -3988,6 +4170,23 @@ version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"

+[[package]]
+name = "tower_governor"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "44de9b94d849d3c46e06a883d72d408c2de6403367b39df2b1c9d9e7b6736fe6"
+dependencies = [
+ "axum",
+ "forwarded-header-value",
+ "governor",
+ "http 1.4.0",
+ "pin-project",
+ "thiserror 2.0.18",
+ "tonic",
+ "tower 0.5.3",
+ "tracing",
+]
+
 [[package]]
 name = "tracing"
 version = "0.1.44"
@@ -4404,6 +4603,16 @@ dependencies = [
 "wasm-bindgen",
 ]

+[[package]]
+name = "web-time"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
 [[package]]
 name = "whoami"
 version = "1.6.1"
@@ -4414,6 +4623,22 @@ dependencies = [
 "wasite",
 ]

+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
 [[package]]
 name = "winapi-util"
 version = "0.1.11"
@@ -4423,6 +4648,12 @@ dependencies = [
 "windows-sys 0.61.2",
 ]

+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+
 [[package]]
 name = "windows-core"
 version = "0.62.2"
--- a/backend/.env
+++ b/backend/.env
@@ -1,8 +0,0 @@
-# Database
-DATABASE_URL=sqlite:vibetorrent.db
-
-# VAPID Keys for Push Notifications
-# Generate new keys for production using: cargo run --bin web-push --features web-push -- generate-vapid-keys
-VAPID_PUBLIC_KEY=BEdPj6XQR7MGzM28Nev9wokF5upHoydNDahouJbQ9ZdBJpEFAN1iNfANSEvY0ItasNY5zcvvqN_tjUt64Rfd0gU
-VAPID_PRIVATE_KEY=aUcCYJ7kUd9UClCaWwad0IVgbYJ6svwl19MjSX7GH10
-VAPID_EMAIL=mailto:admin@vibetorrent.app
--- a/backend/.env.example
+++ b/backend/.env.example
@@ -3,3 +3,12 @@ RTORRENT_SOCKET=/tmp/rtorrent.sock

 # Backend Listen Port
 PORT=3000
+
+# Database URL
+DATABASE_URL=sqlite:vibetorrent.db
+
+# VAPID Keys for Push Notifications
+# Generate new keys for production using: npx web-push generate-vapid-keys
+VAPID_PUBLIC_KEY=YOUR_PUBLIC_VAPID_KEY
+VAPID_PRIVATE_KEY=YOUR_PRIVATE_VAPID_KEY
+VAPID_EMAIL=mailto:your-email@example.com
--- a/backend/Cargo.toml
+++ b/backend/Cargo.toml
@@ -39,3 +39,5 @@ axum-extra = { version = "0.10", features = ["cookie"] }
 rand = "0.8"
 anyhow = "1.0.101"
 time = { version = "0.3.47", features = ["serde", "formatting", "parsing"] }
+tower_governor = "0.8.0"
+governor = "0.10.4"
--- a/backend/src/db.rs
+++ b/backend/src/db.rs
@@ -1,6 +1,7 @@
-use sqlx::{sqlite::SqlitePoolOptions, Pool, Sqlite, Row};
+use sqlx::{sqlite::SqlitePoolOptions, Pool, Sqlite, Row, sqlite::SqliteConnectOptions};
 use std::time::Duration;
 use anyhow::Result;
+use std::str::FromStr;

 #[derive(Clone)]
 pub struct Db {
@@ -9,10 +10,16 @@ pub struct Db {

 impl Db {
    pub async fn new(db_url: &str) -> Result<Self> {
+        let options = SqliteConnectOptions::from_str(db_url)?
+            .create_if_missing(true)
+            .busy_timeout(Duration::from_secs(10)) // Bekleme süresini 10 saniyeye çıkardık
+            .journal_mode(sqlx::sqlite::SqliteJournalMode::Wal)
+            .synchronous(sqlx::sqlite::SqliteSynchronous::Normal);
+
        let pool = SqlitePoolOptions::new()
            .max_connections(5)
-            .acquire_timeout(Duration::from_secs(3))
-            .connect(db_url)
+            .acquire_timeout(Duration::from_secs(10))
+            .connect_with(options)
            .await?;

        let db = Self { pool };
@@ -21,21 +28,6 @@ impl Db {
    }

    async fn run_migrations(&self) -> Result<()> {
-        // WAL mode - enables concurrent reads while writing
-        sqlx::query("PRAGMA journal_mode=WAL")
-            .execute(&self.pool)
-            .await?;
-
-        // NORMAL synchronous - faster than FULL, still safe enough
-        sqlx::query("PRAGMA synchronous=NORMAL")
-            .execute(&self.pool)
-            .await?;
-
-        // 5 second busy timeout - reduces "database locked" errors
-        sqlx::query("PRAGMA busy_timeout=5000")
-            .execute(&self.pool)
-            .await?;
-
        sqlx::migrate!("./migrations").run(&self.pool).await?;
        Ok(())
    }
--- a/backend/src/diff.rs
+++ b/backend/src/diff.rs
@@ -1,3 +1,4 @@
+use std::collections::HashMap;
 use shared::{AppEvent, NotificationLevel, SystemNotification, Torrent, TorrentUpdate};

 #[derive(Debug)]
@@ -8,24 +9,32 @@ pub enum DiffResult {
 }

 pub fn diff_torrents(old: &[Torrent], new: &[Torrent]) -> DiffResult {
-    // 1. Structural Check (Length or Order changed)
+    // 1. Structural Check: Eğer torrent sayısı değişmişse (yeni eklenen veya silinen), 
+    // şimdilik basitlik adına FullUpdate gönderiyoruz.
    if old.len() != new.len() {
        return DiffResult::FullUpdate;
    }

-    for (i, t) in new.iter().enumerate() {
-        if old[i].hash != t.hash {
+    // 2. Hash Set Karşılaştırması: 
+    // Sıralama değişmiş olabilir ama torrentler aynı mı?
+    let old_map: HashMap<&str, &Torrent> = old.iter().map(|t| (t.hash.as_str(), t)).collect();
+    
+    // Eğer yeni listedeki bir hash eski listede yoksa, yapı değişmiş demektir.
+    for new_t in new {
+        if !old_map.contains_key(new_t.hash.as_str()) {
            return DiffResult::FullUpdate;
        }
    }

-    // 2. Field Updates
+    // 3. Alan Güncellemeleri (Partial Updates)
+    // Buraya geldiğimizde biliyoruz ki old ve new listelerindeki torrentler (hash olarak) aynı,
+    // sadece sıraları farklı olabilir veya içindeki veriler güncellenmiş olabilir.
    let mut events = Vec::new();

-    for (i, new_t) in new.iter().enumerate() {
-        let old_t = &old[i];
+    for new_t in new {
+        // old_map'ten ilgili torrente hash ile ulaşalım (sıradan bağımsız)
+        let old_t = old_map.get(new_t.hash.as_str()).unwrap();

-        // Initialize with all None
        let mut update = TorrentUpdate {
            hash: new_t.hash.clone(),
            name: None,
@@ -42,7 +51,7 @@ pub fn diff_torrents(old: &[Torrent], new: &[Torrent]) -> DiffResult {

        let mut has_changes = false;

-        // Compare fields
+        // Alanları karşılaştır
        if old_t.name != new_t.name {
            update.name = Some(new_t.name.clone());
            has_changes = true;
@@ -63,7 +72,7 @@ pub fn diff_torrents(old: &[Torrent], new: &[Torrent]) -> DiffResult {
            update.percent_complete = Some(new_t.percent_complete);
            has_changes = true;

-            // Check for torrent completion: reached 100%
+            // Torrent tamamlanma kontrolü
            if old_t.percent_complete < 100.0 && new_t.percent_complete >= 100.0 {
                tracing::info!("Torrent completed: {} ({})", new_t.name, new_t.hash);
                events.push(AppEvent::Notification(SystemNotification {
@@ -84,7 +93,6 @@ pub fn diff_torrents(old: &[Torrent], new: &[Torrent]) -> DiffResult {
            update.status = Some(new_t.status.clone());
            has_changes = true;
            
-            // Log status changes for debugging
            tracing::debug!(
                "Torrent status changed: {} ({}) {:?} -> {:?}",
                new_t.name, new_t.hash, old_t.status, new_t.status
--- a/backend/src/handlers/mod.rs
+++ b/backend/src/handlers/mod.rs
@@ -690,8 +690,10 @@ pub async fn handle_timeout_error(err: BoxError) -> (StatusCode, &'static str) {
        (status = 200, description = "VAPID public key", body = String)
    )
 )]
-pub async fn get_push_public_key_handler() -> impl IntoResponse {
-    let public_key = push::get_vapid_public_key();
+pub async fn get_push_public_key_handler(
+    State(state): State<AppState>,
+) -> impl IntoResponse {
+    let public_key = state.push_store.get_public_key();
    (StatusCode::OK, Json(serde_json::json!({ "publicKey": public_key }))).into_response()
 }

--- a/backend/src/main.rs
+++ b/backend/src/main.rs
@@ -3,6 +3,7 @@ mod diff;
 mod handlers;
 #[cfg(feature = "push-notifications")]
 mod push;
+mod rate_limit;
 mod scgi;
 mod sse;
 mod xmlrpc;
@@ -25,6 +26,7 @@ use std::sync::Arc;
 use std::time::Duration;
 use tokio::sync::{broadcast, watch};
 use tower::ServiceBuilder;
+use tower_governor::GovernorLayer;
 use tower_http::{
    compression::{CompressionLayer, CompressionLevel},
    cors::CorsLayer,
@@ -253,9 +255,7 @@ async fn main() {
                    }
                };

-                // Update in DB (using a direct query since db.rs doesn't have update_password yet)
-                // We should add `update_password` to db.rs for cleaner code, but for now direct query is fine or we can extend Db.
-                // Let's extend Db.rs first to be clean.
+                // Update in DB
                if let Err(e) = db.update_password(user_id, &password_hash).await {
                     tracing::error!("Failed to update password in DB: {}", e);
                     std::process::exit(1);
@@ -467,7 +467,12 @@ async fn main() {
        // Setup & Auth Routes
        .route("/api/setup/status", get(handlers::setup::get_setup_status_handler))
        .route("/api/setup", post(handlers::setup::setup_handler))
-        .route("/api/auth/login", post(handlers::auth::login_handler))
+        .route(
+            "/api/auth/login",
+            post(handlers::auth::login_handler).layer(GovernorLayer::new(Arc::new(
+                rate_limit::get_login_rate_limit_config(),
+            ))),
+        )
        .route("/api/auth/logout", post(handlers::auth::logout_handler))
        .route("/api/auth/check", get(handlers::auth::check_auth_handler))
        // App Routes
@@ -536,7 +541,12 @@ async fn main() {
        }
    };
    tracing::info!("Backend listening on {}", addr);
-    if let Err(e) = axum::serve(listener, app).await {
+    if let Err(e) = axum::serve(
+        listener,
+        app.into_make_service_with_connect_info::<SocketAddr>(),
+    )
+    .await
+    {
        tracing::error!("Server error: {}", e);
        std::process::exit(1);
    }
--- a/backend/src/push.rs
+++ b/backend/src/push.rs
@@ -5,6 +5,7 @@ use utoipa::ToSchema;
 use web_push::{
    HyperWebPushClient, SubscriptionInfo, VapidSignatureBuilder, WebPushClient, WebPushMessageBuilder,
 };
+use futures::StreamExt;

 use crate::db::Db;

@@ -20,17 +21,34 @@ pub struct PushKeys {
    pub auth: String,
 }

+#[derive(Clone)]
+pub struct VapidConfig {
+    pub private_key: String,
+    pub public_key: String,
+    pub email: String,
+}
+
 #[derive(Clone)]
 pub struct PushSubscriptionStore {
    db: Option<Db>,
    subscriptions: Arc<RwLock<Vec<PushSubscription>>>,
+    vapid_config: VapidConfig,
 }

 impl PushSubscriptionStore {
    pub fn new() -> Self {
+        let private_key = std::env::var("VAPID_PRIVATE_KEY").expect("VAPID_PRIVATE_KEY must be set in .env");
+        let public_key = std::env::var("VAPID_PUBLIC_KEY").expect("VAPID_PUBLIC_KEY must be set in .env");
+        let email = std::env::var("VAPID_EMAIL").expect("VAPID_EMAIL must be set in .env");
+
        Self {
            db: None,
            subscriptions: Arc::new(RwLock::new(Vec::new())),
+            vapid_config: VapidConfig {
+                private_key,
+                public_key,
+                email,
+            },
        }
    }

@@ -47,9 +65,18 @@ impl PushSubscriptionStore {
        }
        tracing::info!("Loaded {} push subscriptions from database", subscriptions_vec.len());

+        let private_key = std::env::var("VAPID_PRIVATE_KEY").expect("VAPID_PRIVATE_KEY must be set in .env");
+        let public_key = std::env::var("VAPID_PUBLIC_KEY").expect("VAPID_PUBLIC_KEY must be set in .env");
+        let email = std::env::var("VAPID_EMAIL").expect("VAPID_EMAIL must be set in .env");
+
        Ok(Self {
            db: Some(db.clone()),
            subscriptions: Arc::new(RwLock::new(subscriptions_vec)),
+            vapid_config: VapidConfig {
+                private_key,
+                public_key,
+                email,
+            },
        })
    }

@@ -91,6 +118,10 @@ impl PushSubscriptionStore {
    pub async fn get_all_subscriptions(&self) -> Vec<PushSubscription> {
        self.subscriptions.read().await.clone()
    }
+
+    pub fn get_public_key(&self) -> &str {
+        &self.vapid_config.public_key
+    }
 }

 /// Send push notification to all subscribed clients
@@ -116,50 +147,68 @@ pub async fn send_push_notification(
        "tag": "vibetorrent"
    });

-    let client = HyperWebPushClient::new();
+    let client = Arc::new(HyperWebPushClient::new());
+    let vapid_config = store.vapid_config.clone();
+    let payload_str = payload.to_string();

-    let vapid_private_key = std::env::var("VAPID_PRIVATE_KEY").expect("VAPID_PRIVATE_KEY must be set in .env");
-    let vapid_email = std::env::var("VAPID_EMAIL").expect("VAPID_EMAIL must be set in .env");
+    // Send notifications concurrently
+    futures::stream::iter(subscriptions)
+        .for_each_concurrent(10, |subscription| {
+            let client = client.clone();
+            let vapid_config = vapid_config.clone();
+            let payload_str = payload_str.clone();

-    for subscription in subscriptions {
-        let subscription_info = SubscriptionInfo {
-            endpoint: subscription.endpoint.clone(),
-            keys: web_push::SubscriptionKeys {
-                p256dh: subscription.keys.p256dh.clone(),
-                auth: subscription.keys.auth.clone(),
-            },
-        };
+            async move {
+                let subscription_info = SubscriptionInfo {
+                    endpoint: subscription.endpoint.clone(),
+                    keys: web_push::SubscriptionKeys {
+                        p256dh: subscription.keys.p256dh.clone(),
+                        auth: subscription.keys.auth.clone(),
+                    },
+                };

-        let mut sig_builder = VapidSignatureBuilder::from_base64(
-            &vapid_private_key,
-            web_push::URL_SAFE_NO_PAD,
-            &subscription_info,
-        )?;
+                let sig_res = VapidSignatureBuilder::from_base64(
+                    &vapid_config.private_key,
+                    web_push::URL_SAFE_NO_PAD,
+                    &subscription_info,
+                );

-        sig_builder.add_claim("sub", vapid_email.as_str());
-        sig_builder.add_claim("aud", subscription.endpoint.as_str());
-        let signature = sig_builder.build()?;
+                match sig_res {
+                    Ok(mut sig_builder) => {
+                        sig_builder.add_claim("sub", vapid_config.email.as_str());
+                        sig_builder.add_claim("aud", subscription.endpoint.as_str());
                        
-        let mut builder = WebPushMessageBuilder::new(&subscription_info);
-        builder.set_vapid_signature(signature);
+                        match sig_builder.build() {
+                            Ok(signature) => {
+                                let mut builder = WebPushMessageBuilder::new(&subscription_info);
+                                builder.set_vapid_signature(signature);
+                                builder.set_payload(web_push::ContentEncoding::Aes128Gcm, payload_str.as_bytes());

-        let payload_str = payload.to_string();
-        builder.set_payload(web_push::ContentEncoding::Aes128Gcm, payload_str.as_bytes());
-
-        match client.send(builder.build()?).await {
-            Ok(_) => {
-                tracing::debug!("Push notification sent to: {}", subscription.endpoint);
+                                match builder.build() {
+                                    Ok(msg) => {
+                                        match client.send(msg).await {
+                                            Ok(_) => {
+                                                tracing::debug!("Push notification sent to: {}", subscription.endpoint);
+                                            }
+                                            Err(e) => {
+                                                tracing::error!("Failed to send push notification to {}: {}", subscription.endpoint, e);
+                                            }
+                                        }
+                                    }
+                                    Err(e) => tracing::error!("Failed to build push message: {}", e),
+                                }
+                            }
+                            Err(e) => tracing::error!("Failed to build VAPID signature: {}", e),
+                        }
+                    }
+                    Err(e) => tracing::error!("Failed to create VAPID signature builder: {}", e),
+                }
            }
-            Err(e) => {
-                tracing::error!("Failed to send push notification: {}", e);
-                // TODO: Remove invalid subscriptions
-            }
-        }
+        })
+        .await;
+
+        Ok(())
+
    }

-    Ok(())
-}
    
-pub fn get_vapid_public_key() -> String {
-    std::env::var("VAPID_PUBLIC_KEY").expect("VAPID_PUBLIC_KEY must be set in .env")
-}
--- a/backend/src/rate_limit.rs
+++ b/backend/src/rate_limit.rs
@@ -0,0 +1,16 @@
+use governor::clock::QuantaInstant;
+use governor::middleware::NoOpMiddleware;
+use tower_governor::governor::GovernorConfig;
+use tower_governor::governor::GovernorConfigBuilder;
+use tower_governor::key_extractor::SmartIpKeyExtractor;
+
+pub fn get_login_rate_limit_config() -> GovernorConfig<SmartIpKeyExtractor, NoOpMiddleware<QuantaInstant>> {
+    // 5 yanlış denemeden sonra bloklanır.
+    // Her yeni hak için 60 saniye (1 dakika) bekleme süresi.
+    GovernorConfigBuilder::default()
+        .key_extractor(SmartIpKeyExtractor)
+        .per_second(60) 
+        .burst_size(5)
+        .finish()
+        .unwrap()
+}
--- a/frontend/.cargo/config.toml
+++ b/frontend/.cargo/config.toml
@@ -0,0 +1,5 @@
+[build]
+rustflags = ["-C", "target-feature=-bulk-memory"]
+
+[target.wasm32-unknown-unknown]
+rustflags = ["-C", "target-feature=-bulk-memory"]
--- a/frontend/Trunk.toml
+++ b/frontend/Trunk.toml
@@ -10,3 +10,6 @@ command_arguments = ["-c", "npx @tailwindcss/cli -i input.css -o public/tailwind
 [build]
 target = "index.html"
 dist = "dist"
+
+[tools]
+wasm_opt = "version_121"
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -86,12 +86,15 @@
            id="app-loading"
            style="
                display: flex;
+                flex-direction: column;
                justify-content: center;
                align-items: center;
                height: 100vh;
+                font-family: sans-serif;
            "
        >
            <div
+                id="app-loading-spinner"
                style="
                    width: 40px;
                    height: 40px;
@@ -102,6 +105,32 @@
                    opacity: 0.5;
                "
            ></div>
+            <div
+                id="app-loading-error"
+                style="display: none; text-align: center; margin-top: 20px; padding: 0 20px"
+            >
+                <p style="color: #ef4444; font-weight: bold; margin-bottom: 8px">
+                    Uygulama yüklenemedi
+                </p>
+                <p style="font-size: 14px; opacity: 0.7">
+                    Bağlantınız yavaş olabilir veya bir sistem hatası oluşmuş olabilir.
+                </p>
+                <button
+                    onclick="location.reload()"
+                    style="
+                        margin-top: 16px;
+                        padding: 8px 16px;
+                        background: #3b82f6;
+                        color: white;
+                        border: none;
+                        border-radius: 6px;
+                        cursor: pointer;
+                        font-weight: 500;
+                    "
+                >
+                    Sayfayı Yenile
+                </button>
+            </div>
        </div>
        <style>
            @keyframes spin {
@@ -115,6 +144,34 @@
            }
        </style>

+        <script>
+            // App loading timeout handler
+            (function () {
+                var timeout = setTimeout(function () {
+                    if (!document.body.classList.contains("app-loaded")) {
+                        var spinner = document.getElementById("app-loading-spinner");
+                        var error = document.getElementById("app-loading-error");
+                        if (spinner) spinner.style.display = "none";
+                        if (error) error.style.display = "block";
+                    }
+                }, 15000); // 15 seconds timeout
+
+                // Clean up timeout if app loads
+                var observer = new MutationObserver(function (mutations) {
+                    mutations.forEach(function (mutation) {
+                        if (
+                            mutation.attributeName === "class" &&
+                            document.body.classList.contains("app-loaded")
+                        ) {
+                            clearTimeout(timeout);
+                            observer.disconnect();
+                        }
+                    });
+                });
+                observer.observe(document.body, { attributes: true });
+            })();
+        </script>
+        
        <!-- Service Worker Registration & PWA Setup -->
        <script>
            if ("serviceWorker" in navigator) {
--- a/frontend/src/components/auth/login.rs
+++ b/frontend/src/components/auth/login.rs
@@ -41,6 +41,8 @@ pub fn Login() -> impl IntoView {
                        logging::log!("Login successful, redirecting...");
                        // Force a full reload to re-run auth checks in App.rs
                        let _ = window().location().set_href("/");
+                    } else if resp.status() == 429 {
+                        set_error.set(Some("Çok fazla başarısız deneme yaptınız. Lütfen bir süre bekleyip tekrar deneyin.".to_string()));
                    } else {
                        let text = resp.text().await.unwrap_or_default();
                        logging::error!("Login failed: {}", text);
--- a/frontend/src/store.rs
+++ b/frontend/src/store.rs
@@ -143,6 +143,12 @@ pub fn provide_torrent_store() {

    // Initialize SSE connection with auto-reconnect
    create_effect(move |_| {
+        // Sadece kullanıcı giriş yapmışsa bağlantıyı başlat
+        if user.get().is_none() {
+            logging::log!("SSE: User not authenticated, skipping connection.");
+            return;
+        }
+
        spawn_local(async move {
            let mut backoff_ms: u32 = 1000; // Start with 1 second
            let max_backoff_ms: u32 = 30000; // Max 30 seconds
Author	SHA1	Message	Date
spinline	145436eefc	fix: build hatasını aşmak için wasm-opt geçici olarak devre dışı bırakıldı All checks were successful Build MIPS Binary / build (push) Successful in 4m30s Details	2026-02-08 16:44:29 +03:00
spinline	10c95c5ff3	fix: wasm-opt build hatası için rustc ve wasm-opt versiyon ayarları güncellendi Some checks failed Build MIPS Binary / build (push) Failing after 1m8s Details	2026-02-08 16:42:13 +03:00
spinline	329654cc4e	fix: wasm-opt build hatası için bulk-memory özelliği devre dışı bırakıldı Some checks failed Build MIPS Binary / build (push) Failing after 1m31s Details	2026-02-08 16:37:45 +03:00
spinline	22b592a652	fix: wasm-opt seviyesi 'z' olarak güncellendi Some checks failed Build MIPS Binary / build (push) Failing after 1m35s Details	2026-02-08 16:33:46 +03:00
spinline	817dc49db2	fix: wasm-opt build hatası için --enable-bulk-memory flag'i eklendi Some checks failed Build MIPS Binary / build (push) Failing after 3s Details	2026-02-08 16:29:33 +03:00
spinline	b2a60d3d1e	cleanup: kullanılmayan get_vapid_public_key fonksiyonu kaldırıldı Some checks failed Build MIPS Binary / build (push) Failing after 1m6s Details	2026-02-08 16:26:16 +03:00
spinline	520903fa3f	perf: push bildirimleri paralel gönderim ve env var önbelleğe alma ile optimize edildi Some checks failed Build MIPS Binary / build (push) Has been cancelled Details	2026-02-08 16:25:44 +03:00
spinline	c45f2f50e9	fix: ARM64 build hatası için wasm-opt versiyonu v117 olarak güncellendi Some checks failed Build MIPS Binary / build (push) Has been cancelled Details	2026-02-08 16:25:02 +03:00
spinline	791eabe9bd	fix: SQLite deadlock ve busy_timeout yönetimi iyileştirildi Some checks failed Build MIPS Binary / build (push) Failing after 1m2s Details	2026-02-08 16:20:55 +03:00
spinline	12f93dd640	perf: Trunk WASM optimizasyonu aktif edildi (data-wasm-opt=0 kaldırıldı) Some checks failed Build MIPS Binary / build (push) Failing after 1m2s Details	2026-02-08 16:18:50 +03:00
spinline	7306db8c2f	fix: torrent diff algoritması hash tabanlı hale getirilerek sıralama bağımlılığı kaldırıldı Some checks failed Build MIPS Binary / build (push) Has been cancelled Details	2026-02-08 16:17:30 +03:00
spinline	ce0ecd62af	fix: index.html yükleme ekranına zaman aşımı (15sn) ve hata mesajı eklendi Some checks failed Build MIPS Binary / build (push) Has been cancelled Details	2026-02-08 16:13:20 +03:00
spinline	f2379b67d8	docs: main.rs içindeki güncelliğini yitirmiş şifre güncelleme yorumu temizlendi Some checks failed Build MIPS Binary / build (push) Has been cancelled Details	2026-02-08 16:11:18 +03:00
spinline	755f35c94c	security: gerçek .env dosyası takipten çıkarıldı ve .env.example güncellendi Some checks failed Build MIPS Binary / build (push) Has been cancelled Details	2026-02-08 16:07:26 +03:00
spinline	175cac953e	fix: SSE bağlantısı sadece giriş yapıldıktan sonra başlatılacak şekilde düzeltildi All checks were successful Build MIPS Binary / build (push) Successful in 4m23s Details	2026-02-08 15:57:24 +03:00
spinline	2c812fc4f6	fix: login rate limit 5 deneme ve 1 dakika bekleme olarak güncellendi Some checks failed Build MIPS Binary / build (push) Has been cancelled Details	2026-02-08 15:56:07 +03:00
spinline	08df851970	feat: login rate limit için frontend uyarı mesajı ve IP bazlı limit aktif edildi Some checks failed Build MIPS Binary / build (push) Has been cancelled Details	2026-02-08 15:54:54 +03:00
spinline	35faa6bfda	test: global rate limit denemesi All checks were successful Build MIPS Binary / build (push) Successful in 4m21s Details	2026-02-08 15:47:00 +03:00
spinline	328019e438	fix: login rate limit ayarları daha katı hale getirildi All checks were successful Build MIPS Binary / build (push) Successful in 4m22s Details	2026-02-08 13:59:08 +03:00
spinline	4f1c6326fd	feat: login sistemi için tower-governor ile IP bazlı rate limit eklendi All checks were successful Build MIPS Binary / build (push) Successful in 4m21s Details	2026-02-08 13:48:04 +03:00