TheHolyOneZ
diff --git a/‎src-tauri/Cargo.lock‎
Lines changed: 1 addition & 1 deletion b/‎src-tauri/Cargo.lock‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src-tauri/Cargo.toml‎
Lines changed: 1 addition & 1 deletion b/‎src-tauri/Cargo.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src-tauri/src/commands/games.rs‎
Lines changed: 53 additions & 1 deletion b/‎src-tauri/src/commands/games.rs‎
Lines changed: 53 additions & 1 deletion
diff --git a/‎src-tauri/src/commands/launcher.rs‎
Lines changed: 34 additions & 13 deletions b/‎src-tauri/src/commands/launcher.rs‎
Lines changed: 34 additions & 13 deletions
diff --git a/‎src-tauri/src/commands/scanner.rs‎
Lines changed: 63 additions & 13 deletions b/‎src-tauri/src/commands/scanner.rs‎
Lines changed: 63 additions & 13 deletions
@@ -1,6 +1,6 @@
 [package]
 name = "zgamelib"
-version = "0.6.0"
+version = "0.7.0"
 description = "ZGameLib - Personal Game Library"
 authors = ["TheHolyOneZ"]
 license = "MIT"
 
@@ -2,7 +2,7 @@ use tauri::State;
 use chrono::Utc;
 use uuid::Uuid;
 use crate::db::{DbState, queries};
-use crate::models::{Game, Note, Session, CreateGamePayload, UpdateGamePayload, HltbData};
+use crate::models::{Game, Note, Session, CreateGamePayload, UpdateGamePayload, HltbData, WeeklyPlaytime};
 
 #[tauri::command]
 pub fn get_all_games(state: State<DbState>) -> Result<Vec<Game>, String> {
@@ -65,6 +65,12 @@ pub fn update_game(state: State<DbState>, payload: UpdateGamePayload) -> Result<
         if tags.len() > 100 { return Err("Maximum 100 tags allowed".to_string()); }
         if tags.iter().any(|t| t.len() > 50) { return Err("Each tag must be 50 characters or fewer".to_string()); }
     }
+    if let Some(ref status) = payload.status {
+        const VALID_STATUSES: &[&str] = &["none", "backlog", "playing", "completed", "dropped", "on_hold"];
+        if !VALID_STATUSES.contains(&status.as_str()) {
+            return Err(format!("Invalid status '{}'. Must be one of: none, backlog, playing, completed, dropped, on_hold", status));
+        }
+    }
 
     if let Some(name) = payload.name { game.name = name; }
     if let Some(cover) = payload.cover_path { game.cover_path = Some(cover); }
@@ -321,3 +327,49 @@ pub fn get_sessions(state: State<DbState>, game_id: String) -> Result<Vec<Sessio
     .collect();
     Ok(sessions)
 }
+
+#[tauri::command]
+pub fn get_weekly_playtime(state: State<DbState>) -> Result<Vec<WeeklyPlaytime>, String> {
+    let conn = state.0.lock().map_err(|e| e.to_string())?;
+    let mut stmt = conn.prepare(
+        "SELECT strftime('%Y-%W', started_at) as week, SUM(duration_mins) as mins FROM sessions GROUP BY week ORDER BY week DESC LIMIT 12"
+    ).map_err(|e| e.to_string())?;
+    let mut rows: Vec<WeeklyPlaytime> = stmt.query_map([], |row| {
+        Ok(WeeklyPlaytime {
+            week: row.get(0)?,
+            mins: row.get(1)?,
+        })
+    }).map_err(|e| e.to_string())?
+    .filter_map(|r| r.ok())
+    .collect();
+    rows.reverse();
+    Ok(rows)
+}
+
+#[tauri::command]
+pub fn batch_update_games(
+    state: State<DbState>,
+    ids: Vec<String>,
+    status: Option<String>,
+    rating: Option<f64>,
+    tags_to_add: Option<Vec<String>>,
+) -> Result<(), String> {
+    let conn = state.0.lock().map_err(|e| e.to_string())?;
+    let tx = conn.unchecked_transaction().map_err(|e| e.to_string())?;
+    for id in &ids {
+        let mut game = match queries::get_game_by_id(&conn, id).map_err(|e| e.to_string())? {
+            Some(g) => g,
+            None => continue,
+        };
+        if let Some(ref s) = status { game.status = s.clone(); }
+        if let Some(r) = rating { game.rating = Some(r); }
+        if let Some(ref new_tags) = tags_to_add {
+            for t in new_tags {
+                if !game.tags.contains(t) { game.tags.push(t.clone()); }
+            }
+        }
+        queries::update_game(&conn, &game).map_err(|e| e.to_string())?;
+    }
+    tx.commit().map_err(|e| e.to_string())?;
+    Ok(())
+}
@@ -51,21 +51,30 @@ fn is_pid_running(pid: u32) -> bool {
     out.contains('"')
 }
 
-fn finish_session(app: &AppHandle, game_id: &str, started_at: &str, elapsed_mins: i64) {
+fn finish_session(app: &AppHandle, game_id: &str, started_at: &str, elapsed_secs: u64) {
+    let elapsed_mins = (elapsed_secs / 60) as i64;
     let now = Utc::now().to_rfc3339();
     {
         let db = app.state::<DbState>();
         let lock = db.0.lock();
         if let Ok(conn) = lock {
-            let _ = conn.execute(
-                "UPDATE games SET playtime_mins = playtime_mins + ?1, last_played = ?2 WHERE id = ?3",
-                rusqlite::params![elapsed_mins, now, game_id],
-            );
             if elapsed_mins > 0 {
+                let _ = conn.execute(
+                    "UPDATE games SET playtime_mins = playtime_mins + ?1, last_played = ?2 WHERE id = ?3",
+                    rusqlite::params![elapsed_mins, now, game_id],
+                );
+            } else {
+                let _ = conn.execute(
+                    "UPDATE games SET last_played = ?1 WHERE id = ?2",
+                    rusqlite::params![now, game_id],
+                );
+            }
+            if elapsed_secs >= 30 {
                 let session_id = uuid::Uuid::new_v4().to_string();
+                let mins_to_save = elapsed_mins.max(1);
                 let _ = conn.execute(
                     "INSERT INTO sessions (id, game_id, started_at, ended_at, duration_mins) VALUES (?1, ?2, ?3, ?4, ?5)",
-                    rusqlite::params![session_id, game_id, started_at, now, elapsed_mins],
+                    rusqlite::params![session_id, game_id, started_at, now, mins_to_save],
                 );
             }
         }
@@ -120,9 +129,19 @@ pub fn launch_game(app: AppHandle, state: State<DbState>, id: String) -> Result<
     let mut child = child;
 
     std::thread::spawn(move || {
-        let _ = child.wait();
-        let elapsed_mins = start.elapsed().as_secs() as i64 / 60;
-        finish_session(&app_clone, &game_id, &started_at, elapsed_mins);
+        loop {
+            std::thread::sleep(std::time::Duration::from_secs(5));
+            if start.elapsed().as_secs() > 86400 {
+                let _ = child.kill();
+                break;
+            }
+            match child.try_wait() {
+                Ok(Some(_)) => break,
+                Ok(None) => continue,
+                Err(_) => break,
+            }
+        }
+        finish_session(&app_clone, &game_id, &started_at, start.elapsed().as_secs());
     });
 
     Ok(())
@@ -202,13 +221,14 @@ pub fn launch_steam_game(
                             return;
                         }
                     }
+                    let game_start = std::time::Instant::now();
                     loop {
                         std::thread::sleep(std::time::Duration::from_secs(5));
+                        if game_start.elapsed().as_secs() > 86400 { break; }
                         if !is_pid_running(pid) { break; }
                     }
                     pids.lock().unwrap_or_else(|e| e.into_inner()).remove(&pid);
-                    let elapsed_mins = start.elapsed().as_secs() as i64 / 60;
-                    finish_session(&app_clone, &gid, &started_at, elapsed_mins);
+                    finish_session(&app_clone, &gid, &started_at, game_start.elapsed().as_secs());
                 } else {
                     finish_session(&app_clone, &gid, &started_at, 0);
                 }
@@ -297,13 +317,14 @@ pub fn launch_epic_game(
                             return;
                         }
                     }
+                    let game_start = std::time::Instant::now();
                     loop {
                         std::thread::sleep(std::time::Duration::from_secs(5));
+                        if game_start.elapsed().as_secs() > 86400 { break; }
                         if !is_pid_running(pid) { break; }
                     }
                     pids.lock().unwrap_or_else(|e| e.into_inner()).remove(&pid);
-                    let elapsed_mins = start.elapsed().as_secs() as i64 / 60;
-                    finish_session(&app_clone, &gid, &started_at, elapsed_mins);
+                    finish_session(&app_clone, &gid, &started_at, game_start.elapsed().as_secs());
                 } else {
                     finish_session(&app_clone, &gid, &started_at, 0);
                 }
 
@@ -459,8 +459,20 @@ fn scan_steam_games_inner(app: AppHandle, db: std::sync::Arc<std::sync::Mutex<ru
     let mut added = 0;
     let mut skipped = 0;
 
+    let mut steam_stmt = conn.prepare(
+        "SELECT steam_app_id, id, cover_path FROM games WHERE steam_app_id IS NOT NULL AND deleted_at IS NULL"
+    ).map_err(|e| e.to_string())?;
+    let steam_existing: std::collections::HashMap<String, (String, Option<String>)> =
+        steam_stmt.query_map([], |r| Ok((r.get::<_, String>(0)?, r.get::<_, String>(1)?, r.get::<_, Option<String>>(2)?)))
+            .map_err(|e| e.to_string())?
+            .filter_map(|r| r.ok())
+            .map(|(app_id, id, cover)| (app_id, (id, cover)))
+            .collect();
+    drop(steam_stmt);
+
     for entry in entries {
-        if let Some((existing_id, _)) = queries::get_steam_game_cover(&conn, &entry.app_id) {
+        if let Some((existing_id, _)) = steam_existing.get(&entry.app_id) {
+            let existing_id = existing_id.clone();
             if let Some(ref cover) = entry.cover {
                 let _ = queries::update_cover_path(&conn, &existing_id, cover);
             }
@@ -587,8 +599,20 @@ fn scan_epic_games_inner(app: AppHandle, db: std::sync::Arc<std::sync::Mutex<rus
     let mut added = 0;
     let mut skipped = 0;
 
+    let mut epic_stmt = conn.prepare(
+        "SELECT epic_app_name, id, cover_path FROM games WHERE epic_app_name IS NOT NULL AND deleted_at IS NULL"
+    ).map_err(|e| e.to_string())?;
+    let epic_existing: std::collections::HashMap<String, (String, Option<String>)> =
+        epic_stmt.query_map([], |r| Ok((r.get::<_, String>(0)?, r.get::<_, String>(1)?, r.get::<_, Option<String>>(2)?)))
+            .map_err(|e| e.to_string())?
+            .filter_map(|r| r.ok())
+            .map(|(app_name, id, cover)| (app_name, (id, cover)))
+            .collect();
+    drop(epic_stmt);
+
     for entry in entries {
-        if let Some((existing_id, existing_cover)) = queries::get_epic_game_cover(&conn, &entry.app_name) {
+        if let Some((existing_id, existing_cover)) = epic_existing.get(&entry.app_name) {
+            let existing_id = existing_id.clone();
             if existing_cover.is_none() {
                 if let Some(ref cover) = entry.cover {
                     let _ = queries::update_cover_path(&conn, &existing_id, cover);
@@ -734,14 +758,18 @@ fn scan_gog_games_inner(app: AppHandle, db: std::sync::Arc<std::sync::Mutex<rusq
     let mut added = 0;
     let mut skipped = 0;
 
-    for entry in entries {
-        let exists: bool = conn.query_row(
-            "SELECT COUNT(*) FROM games WHERE install_dir = ?1 AND platform = 'gog'",
-            rusqlite::params![entry.install_dir],
-            |r| r.get::<_, i64>(0),
-        ).unwrap_or(0) > 0;
+    let mut gog_stmt = conn.prepare(
+        "SELECT install_dir FROM games WHERE platform = 'gog' AND install_dir IS NOT NULL AND deleted_at IS NULL"
+    ).map_err(|e| e.to_string())?;
+    let gog_existing: std::collections::HashSet<String> =
+        gog_stmt.query_map([], |r| r.get::<_, String>(0))
+            .map_err(|e| e.to_string())?
+            .filter_map(|r| r.ok())
+            .collect();
+    drop(gog_stmt);
 
-        if exists { skipped += 1; continue; }
+    for entry in entries {
+        if gog_existing.contains(&entry.install_dir) { skipped += 1; continue; }
 
         let game = Game {
             id: uuid::Uuid::new_v4().to_string(),
@@ -1052,8 +1080,31 @@ fn scan_folder_for_games_inner(app: AppHandle, db: std::sync::Arc<std::sync::Mut
 #[tauri::command]
 pub fn set_game_cover(state: State<DbState>, game_id: String, image_path: String) -> Result<String, String> {
     let src = std::path::Path::new(&image_path);
-    if !src.exists() {
-        return Err("Image file not found".to_string());
+
+    let meta = std::fs::symlink_metadata(src).map_err(|_| "Image file not found".to_string())?;
+    if meta.file_type().is_symlink() {
+        return Err("Symlinks are not allowed as cover images".to_string());
+    }
+
+    let ext_str = src.extension()
+        .and_then(|e| e.to_str())
+        .map(|s| s.to_lowercase())
+        .unwrap_or_default();
+    const ALLOWED_EXTS: &[&str] = &["jpg", "jpeg", "png", "webp"];
+    if !ALLOWED_EXTS.contains(&ext_str.as_str()) {
+        return Err(format!("Unsupported image format '{}'. Use jpg, png, or webp.", ext_str));
+    }
+
+    let mut img_file = std::fs::File::open(src).map_err(|e| e.to_string())?;
+    let mut magic = [0u8; 12];
+    let n = std::io::Read::read(&mut img_file, &mut magic).unwrap_or(0);
+    let magic = &magic[..n];
+    let valid_magic =
+        (magic.len() >= 3 && magic[0] == 0xFF && magic[1] == 0xD8 && magic[2] == 0xFF) ||
+        (magic.len() >= 4 && &magic[0..4] == b"\x89PNG") ||
+        (magic.len() >= 12 && &magic[0..4] == b"RIFF" && &magic[8..12] == b"WEBP");
+    if !valid_magic {
+        return Err("File does not appear to be a valid image".to_string());
     }
 
     let data_dir = dirs::data_local_dir()
@@ -1063,8 +1114,7 @@ pub fn set_game_cover(state: State<DbState>, game_id: String, image_path: String
 
     std::fs::create_dir_all(&data_dir).map_err(|e| e.to_string())?;
 
-    let ext = src.extension().and_then(|e| e.to_str()).unwrap_or("png");
-    let dest_name = format!("{}.{}", game_id, ext);
+    let dest_name = format!("{}.{}", game_id, ext_str);
     let dest = data_dir.join(&dest_name);
 
     std::fs::copy(src, &dest).map_err(|e| e.to_string())?;