The prebuilt yt-dlp binary is compiled against glibc and fails on
Alpine Linux (musl libc) with 'cannot execute'. Install python3 +
py3-pip and use pip to install yt-dlp instead.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
SvelteKit's CSRF check runs before the handle hook and blocks POSTs
whose Origin header doesn't match the site origin. Web Share Target
POSTs from any external app (YouTube, Chrome share sheet, etc.) are
legitimately cross-origin.
checkOrigin: false is safe here — the app has no cookie-based session
auth, so there is no CSRF attack surface.
Also remove the ineffective hooks.server.ts approach.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
SvelteKit's CSRF guard rejects POST requests whose Origin header doesn't
match the site's own origin. Web Share Target POSTs legitimately arrive
from external origins (e.g. youtube.com, OS share sheet). Strip the
Origin header in a handle hook for /share POST only.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- runtime: use node user (uid=1000, gid=1000) instead of custom tonemark uid=1001
- add ffmpeg and yt-dlp to runtime image (required by audio pipeline)
- add tzdata, set TZ=Europe/Zurich
- +page.svelte: replace hardcoded ACCENT constant with $derived($accent.value)
so the home page reacts to accent store changes from Settings
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
npm ci fails with optional platform-specific dependencies (@emnapi/core,
@emnapi/runtime) that are not recorded in the lock file for Alpine Linux.
npm install handles optional dependencies correctly.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github.actor and github.token are the correct Gitea Actions context
variables (gitea.* context doesn't exist in act_runner).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Avoids needing to set custom REGISTRY_USERNAME/REGISTRY_TOKEN secrets.
The built-in secrets.GITEA_TOKEN has write:package access for pushing
to the Gitea container registry.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Tonemark is a SvelteKit PWA for transcribing YouTube videos, audio
and video files, and microphone recordings using a local Whisper backend.
Features:
- Dark glassmorphic UI with electric-lime accent (5 switchable themes)
- Rail nav (desktop) / tab bar (mobile) layout
- Drop zone, YouTube URL input, and live audio recording inputs
- Audio mode waveform cards (none / standard / aggressive / auto)
- Real-time transcription progress with animated waveform
- Job queue with SSE streaming updates
- Push notifications on job completion
- PWA with native SvelteKit service worker
- SRT / TXT / MD / JSON transcript downloads
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
