diff --git a/CHANGELOG.md b/CHANGELOG.md index bc498a1..db9ce3a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,14 @@ Version numbers follow [Semantic Versioning](https://semver.org/spec/v2.0.0.html --- +## [1.6.26] — 2026-04-26 + +### Fixed + +- **Gmail and Google Drive preview crashed with a 404 Graph API error** — `_source_type` was never set on Google items in `routes/google_scan.py`, so Gmail and Google Drive cards carried an empty `source_type`. The preview route in `routes/database.py` only checked for `"local"`, `"smb"`, and `"email"` before falling through to the M365 else-branch, which tried to call `https://graph.microsoft.com/.../drive/items/gmail:{id}/preview` — always a 404. Fixed by tagging Gmail items as `_source_type = "gmail"` and Google Drive items as `"gdrive"` at scan time. The preview route now handles both: Google Drive files get an embeddable `https://drive.google.com/file/d/{id}/preview` iframe; Gmail messages (not embeddable) show an info card with an "Open in Gmail" link. The `state.connector` (M365 auth) guard was also moved inside the `email` and M365 `else` branches so Google-only setups no longer receive a 401 when opening a Gmail or Drive preview. + +--- + ## [1.6.25] — 2026-04-25 ### Added diff --git a/CLAUDE.md b/CLAUDE.md index a2b586c..5894c9b 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -149,6 +149,20 @@ Allows reviewing results from any past scan session without running a new scan. - **`window._openRelated(id, itemData)`** (`results.js`) — resolves the target item: looks up `id` in `S.flaggedData` first (live/history grid already loaded), falls back to `itemData` from the API response (history items not yet in the grid). Calls `openPreview`. - **No new data collection** — `cpr_index` already stores `(cpr_hash, item_id, scan_id)` for every CPR hit at write time. Cross-referencing is entirely a query-time operation. +## Preview — routes/database.py + +`GET /api/preview/?source_type=…&account_id=…` dispatches by `source_type`: + +- **`local` / `smb`** — re-reads the file from disk; renders images as data URIs, text/CSV/PDF/DOCX/XLSX inline, SMB as a link card. +- **`email`** — fetches the M365 message body via Graph and renders it as sandboxed HTML (requires `state.connector`). +- **`gmail`** — Gmail's web UI cannot be embedded (X-Frame-Options). Shows an info card with an "Open in Gmail" link built from the stored `_url` field. +- **`gdrive`** — extracts the Drive file ID from `webViewLink` and returns `https://drive.google.com/file/d/{id}/preview` as an iframe. Falls back to substituting `/view` → `/preview` in the URL if the pattern doesn't match. +- **All other values** (M365 files: `onedrive`, `sharepoint`, `teams`, or empty) — calls Graph's `/preview` POST endpoint; tries `drive_id`-based path first, then user-drive path, then `/me/drive`. + +**`_source_type` must be set in `google_scan.py`** — Gmail items need `meta["_source_type"] = "gmail"` and Drive items `"gdrive"` before `_broadcast_card` is called. Without it, cards carry an empty `source_type` and fall through to the M365 branch, which calls Graph with a Gmail ID and gets a 404. + +**`state.connector` guard** — only the `email` branch and the M365 `else` branch require M365 auth. The `local`/`smb`, `gmail`, and `gdrive` branches must not gate on `state.connector` — they work in Google-only deployments. + ## SSE teardown — static/js/scan.js - **Do not close `S.es` in `scan_done` if other scans are still running** — M365 (`scan_done`), Google (`google_scan_done`), and File (`file_scan_done`) each emit their own done event. If M365 finishes first and the SSE is closed, the remaining done events are never received and the UI hangs at 100% indefinitely.