v3.5.0 — REST API v1, API Key Auth & Fixes
✨ Added
- REST API v1 — full HTTP REST API at
/api/v1/exposing all download management features: add/pause/resume/stop/delete downloads, categories CRUD, ED2K search (blocking and non-blocking), move files, permission checks, logs, and data snapshots. Zero code duplication — bridges directly to existing WebSocket handlers - API key authentication for REST API —
X-API-Keyheader support in the auth middleware, allowing stateless REST API access without session cookies - API keys for all users — API keys are now generated for all users (not just admins), enabling scoped REST API access with limited capabilities (e.g., a user with only
add_downloadspermission). Torznab and qBittorrent-compatible APIs remain admin-only - Reverse proxy URL path for qBittorrent and Deluge — optional URL path field (e.g.,
/qbittorrent) for clients behind a reverse proxy
♻️ Improved
- getStats disconnect detection — all client managers now trigger reconnect on stats fetch failure
- API documentation — comprehensive docs for all REST API v1 endpoints with request/response examples
🐛 Fixed
- aMule category creation — re-fetches category list after creation since EC protocol returns no ID
- Batch delete event clientType — uses manager's clientType instead of unreliable request body data
- aMule segment bar corruption — reads from cached data instead of direct EC calls
- Metrics recording — skips empty stats to prevent zero-value chart rows
- SCGI socket config validation — correctly requires socketPath for socket mode
- Deluge and Transmission in wizard review step
Full Changelog: v3.4.4...v3.5.0