- Introduced a new service plugin architecture in core.py to manage multiple services, including the packet capture service.
- Updated the configuration file (config.ini.example) to include a new [Weather_Service] section for enabling weather forecasts and alerts, along with relevant settings.
- Enhanced the base service plugin class to support optional configuration section names and service descriptions for better metadata management.
- Improved the packet capture service with explicit configuration section and description for clarity.
- Introduced a new [PacketCapture] section in config.ini.example to enable packet capture service with options for output file, verbosity, and MQTT configuration.
- Updated core.py to initialize and manage the packet capture service, including starting and stopping the service during bot operation.
- Enhanced DiceCommand to support mixed dice notation and added functionality for decade dice rolls, improving user experience for tabletop gaming commands.
- Updated translations to reflect new dice command usage and descriptions, ensuring clarity for users.
- Simplified comments in config.ini.example and core.py to clarify API endpoint configuration.
- Changed default value for prefix_free_days from 30 to 7 in prefix_command.py to align with recent adjustments in prefix handling logic.
- Enhanced logic in prefix_command.py to prioritize API cache for used prefixes and fallback to database only when necessary, improving efficiency and accuracy in prefix data retrieval.
Security Improvements:
- Add DNS timeout (2.0s default) to validate_external_url() to prevent DoS
attacks from malicious URLs causing DNS resolution to hang
- Make path validation OS-aware: supports Windows, macOS (Darwin), and Linux
with platform-specific dangerous path detection
- Add validation for negative max_length values in sanitize_input()
Code Quality Improvements:
- Extract bot_root property in MeshCoreBot class to eliminate code duplication
(was calculated twice in __init__ and setup_logging)
- Use explicit bot_root directory instead of '.' for predictable path validation
in both database and log file path validation
- Make sanitize_input() max_length parameter Optional to allow disabling length
check for radio messages (firmware enforces 150-char limit at hardware level)
- Update message_handler.py to use max_length=None for radio messages while
preserving control character stripping for security
- Replace inline regex with centralized validate_pubkey_format() function in
base_command.py for consistency and maintainability
- Improve documentation: add comments about socket timeout behavior and
firmware-enforced message length limits
All improvements have been tested and verified:
- Syntax checks pass
- All functions work correctly
- No circular dependencies
- Bot initializes successfully with all attributes present
Files modified:
- modules/security_utils.py: DNS timeout, OS-aware paths, Optional max_length
- modules/core.py: bot_root property, explicit base directory usage
- modules/message_handler.py: max_length=None for radio messages
- modules/commands/base_command.py: centralized validation function
- Introduced `prefix_heard_days` and `prefix_free_days` settings in the configuration to define time windows for showing heard and free prefixes.
- Updated `PrefixCommand` to utilize these new settings for filtering repeaters based on their last heard time.
- Add Flask + Flask-SocketIO web viewer with dashboard (modules/web_viewer/app.py and related)
- Add web viewer templates: index, realtime, tracking (contacts), cache, purging, stats (modules/web_viewer/templates/)
- Add integration hooks and utility functions for web viewer (modules/web_viewer/integration.py, modules/utils.py)
- Add command to launch web viewer from bot CLI (modules/commands/webviewer_command.py)
- Update .gitignore: ignore db/log files, test scripts, and web viewer artifacts
- Add restart_viewer.sh helper script for standalone web viewer restart/troubleshooting
- Add guidance and documentation for modern viewer in WEB_VIEWER.md and docs/
- Various code structure and import improvements to core bot and command modules to support integration
- Add ACL support for sensitive commands
- Example config updates
Benefits:
- Decouples monitoring/UI from bot core process
- Enables real-time browser dashboard and unified contact/repeater tracking
- Easier integration, dev, and troubleshooting
- Updated the test command response format to include optional phrases.
- Removed the at_phrase command and its references from the command manager and help command.
- Adjusted configuration examples to reflect the new syntax for message acknowledgments.
- Enhanced the sports command with additional WNBA team support and improved city mappings for team searches.
- Add timezone configuration to config.ini and config.ini.example
- Update hello_command.py to use configured timezone for time-appropriate greetings
- Add pytz dependency to requirements.txt
- Support standard timezone names (America/New_York, Europe/London, etc.)
- Fallback to system timezone if configured timezone is invalid or empty
- Update core.py create_default_config to include timezone setting
- Time-appropriate greetings now work correctly across different timezones
- Remove problematic debug and log command attempts that cause 'Unknown command' errors
- Replace remaining print statement in meshcore_protocol.py with proper logging
- Add explanatory comment about debug mode availability
- This eliminates the ERROR messages seen in the logs during startup
- Replace next_cmd approach with direct meshcore.commands.send_advert(flood=True)
- Add 2-second delay before sending startup advert to ensure connection is established
- Simplify error handling since send_advert() is more reliable
- Apply same fix to manual advert command for consistency
- This should resolve the issue where flood adverts weren't being sent on startup
- Convert debug print statements in meshcore_protocol.py to proper logging
- Add comment explaining print statement in core.py (used during initialization)
- All debug/error messages now use logger instead of print
- Maintains existing logging infrastructure and patterns
- Improves production readiness and debugging capabilities
