Changelog
All notable changes to MรผรผsP3Player will be documented in this file.
[0.9.0] - 2025-10-22
Changed - Statistics Visualization Improvements
- ๐จ Paintball Splatter Effect - Position heatmap now shows colorful "paint impacts" instead of simple dots
- ๐ Multi-Color Visualization - 5 vibrant colors (Orange, Red, Gold, Hot Pink, Purple) randomly assigned to points
- ๐ Optimized Chart Height - Position heatmap reduced from 400px to 250px for better layout
- ๐ฏ Splatter Details - Each 2-second point creates main impact (6-8px) plus 3-5 small splatter points (2-4px)
Added
- โจ Realistic paint splatter effect with randomized spread (ยฑ2s horizontal, ยฑ10 units vertical)
- ๐จ Color-grouped datasets for better rendering performance
- ๐ Fixed Y-axis range (0-100) for consistent visualization height
Technical Details
- Position heatmap uses Chart.js scatter plot with multiple datasets
- Main impact points: 6-8px radius with 0.7 alpha transparency
- Splatter points: 2-4px radius with 0.5 alpha transparency
- Random color assignment from paintballColors array
- Creates "point clouds" at frequently played positions
[0.8.0] - 2025-10-22
- ๐จ Login als Overlay - Nicht mehr separate Seite, erscheint รผber der App
- โก Direkter Apache Auth Test - Kein login.py mehr, Authentication via geschรผtztem File
- ๐ UTF-8 Passwรถrter - NFC Normalisierung fรผr Umlaute (รค, รถ, รผ)
- ๐ฑ Custom Dropdown nur fรผr Android - Natives Dropdown fรผr iOS/Desktop
- ๐๏ธ Password Show/Hide Toggle - Bessere UX mit Auge-Icon
Added
- โจ Loading Spinner wรคhrend Login
- โจ Smooth Fade-In/Out Animationen fรผr Login Overlay
- โจ Auto-Focus auf Username-Feld
- โจ Enter-Taste submittet Login-Form
- ๐
.auth-test File fรผr Apache Auth Validierung
Changed
- โ๏ธ Statistik Minimum - Erhรถht von 3 auf 10 Sekunden
- ๐ Security -
Require valid-user statt hardcoded username
- ๐ Security -
.auth-test in root .htaccess geschรผtzt
Removed
- โ
login.py - Nicht mehr benรถtigt (Apache Auth direkt)
- โ
login.html - Ersetzt durch Overlay in index.html
Technical Details
- Login Overlay zeigt sich automatisch wenn keine Credentials in localStorage
- JavaScript testet Auth mit
fetch('Repertoire/.auth-test')
- UTF-8 NFC Normalisierung:
password.normalize('NFC')
- Base64 Encoding:
btoa(unescape(encodeURIComponent(...)))
- Custom Dropdown nur via
isAndroid() User-Agent Detection
[0.7.0] - 2025-10-21
Changed - Major Authentication Overhaul
- ๐ Migrated to Apache HTTP Basic Authentication (from session-based auth) - See Flow Diagram
- โก Files now served directly by Apache (native speed, no Python CGI overhead)
- ๐พ Credentials stored in browser localStorage (persistent login)
- ๐ One password for everything (
.htpasswd file managed with htpasswd command)
- ๐ JavaScript automatically sends Basic Auth headers with fetch requests
Added
- ๐ฆ Cache busting for songs.py to prevent stale data
- ๐ก๏ธ CSP updated to allow
blob: URLs for authenticated media loading
- โ
Password validation using
htpasswd -v command (100% Apache compatibility)
Fixed
- ๐ Browser hang issue when loading large MP3 files (4MB+)
- ๐ง UTF-8 encoding issues with passwords (ASCII-only recommended)
- ๐ต Audio playback now uses fetch() + Blob URLs for authenticated requests
Removed
- โ
serve-file.py - No longer needed (Apache serves files directly)
- โ
check-auth.py - No longer needed
- โ
sessions.dat - Session-based auth replaced with HTTP Basic Auth
- โ Debug logging from production code
Technical Details
- Authentication: Apache Basic Auth via
.htpasswd + Repertoire/.htaccess
- Note: In v0.7.0,
login.py validated credentials (removed in v0.8.0)
- Frontend stores credentials in localStorage and sends via Authorization header
- MP3/PDF files fetched with auth, converted to Blob URLs for playback
[0.6.0] - 2025-10-21
Added
- ๐ PDF sheet music viewer (automatically matches PDF to track name)
- ๐ฏ Smart PDF matching algorithm based on string similarity
- ๐จ Icon-based speed control buttons (โผ โฒ โบ)
- ๐ท๏ธ "Speed:" label matching Song/Track label style
- ๐ Caching headers for PDFs and MP3 files (1 month)
Changed
- ๐ง Backend API now includes PDF listing for each song
- โก Speed control redesigned: replaced slider with +/- buttons for better mobile UX
- ๐จ Speed control uses Unicode symbols instead of text labels
- ๐ Button text improvements: "Clear Loop" โ "Reset", "PDF" โ "View PDF"
- ๐ PDF opens in new tab using link-element trick (avoids popup blocker)
- ๐ฑ Speed display moved to info panel (removed redundant display)
Fixed
- ๐ Songs with dots in name (e.g., "Nr. 1", "Nr. 3") now work correctly
- ๐ Added dot (.) to allowed characters in path validation
[0.5.0] - 2025-10-20
Added
- ๐ช Environment-specific cookies (dev/prod separation)
- ๐
Deployment date display in footer
- ๐ Automatic README.md to README.html conversion
- โ๏ธ Automatic environment configuration (config.py)
- ๐จ Favicon support in all pages
- ๐ Server-side statistics tracking (shared across all users)
Fixed
- ๐ Cookie conflicts between dev and prod environments
- ๐ Race condition in play button functionality
- ๐ Path traversal vulnerability in songs.py
- ๐ XSS vulnerability in statistics.html
- ๐ Client-side only authentication
Changed
- โก Progress line color changed to white for better contrast
- ๐จ Removed "auswรคhlen" text from labels (cleaner UI)
- ๐ฆ Improved deployment scripts with automatic config generation
Security
- ๐ Server-side session authentication implemented
- ๐ Password stored as SHA-256 hash (not plaintext)
- ๐ Input validation and sanitization added
- ๐ Security headers enabled (CSP, X-Frame-Options, etc.)
- ๐ Debug mode disabled in production
- ๐ CORS wildcard removed
[0.4.0] - 2025-10-20
Initial Release
- ๐ Waveform visualization with time scale
- ๐ Draggable A-B loop markers
- โก Speed control (0.4x - 1.5x) with pitch preservation
- ๐ Password-protected access
- ๐ฑ Mobile-optimized interface
- ๐ Basic statistics tracking (localStorage)
---
Note: Version 0.4.0 was the first documented release after initial development.
