v1.8.0: Movie Comparison Mode, Performance Boost, Security Hardening

Features:
- Movie Comparison Mode: Side-by-side selection of 2-3 random movies
- Lazy-loading for actor images with Wikipedia/AniList fallbacks
- Async trailer loading via new API endpoint

Performance:
- 10x faster page loads by removing external API calls from initial render
- Anime/TV libraries now use Plex's native unwatched filter
- Progressive loading for images and trailers

Security:
- Auto-generate secure random secret keys
- Added issuer, audience, and not-before claims to JWT tokens

Bug Fixes:
- Wikipedia API now properly URL-encodes actor names
- Anime library no longer freezes for 30+ seconds

Author: TheInfamousToTo

.env.example

@@ -0,0 +1,21 @@
+# Plex Suggester - Local Development Environment Variables
+# Copy this file to .env and fill in your values
+
+# Required: Your Plex server URL (e.g., http://192.168.1.100:32400)
+PLEX_URL=http://your-plex-server:32400
+
+# Optional: Your Plex token (can also be configured via web interface)
+# Get it from: https://support.plex.tv/articles/204059436-finding-an-authentication-token-x-plex-token/
+PLEX_TOKEN=
+
+# Default library to display (e.g., Movies, TV Shows, Anime)
+PLEX_LIBRARY=Movies
+
+# JWT secret key for authentication (change in production!)
+JWT_SECRET_KEY=dev-secret-key-for-testing
+
+# Flask secret key for sessions
+FLASK_SECRET_KEY=dev-flask-secret
+
+# Backend API URL for like/dislike/watch tracking
+BACKEND_API_URL=https://plex-like.satrawi.cc

.gitignore

@@ -1,6 +1,7 @@
 __pycache__/
 *.pyc
 .env
+docker-compose.dev.yml
 *.db
 *.sqlite3
 *.log

CHANGELOG.md

@@ -4,6 +4,48 @@ All notable changes to the Plex Suggester project will be documented in this fil
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.8.0] - 2025-12-22
+
+### Added
+- **Movie Comparison Mode** - New feature for indecisive viewers
+  - Side-by-side comparison of 2-3 random movies
+  - Beautiful card-based UI with poster, title, year, genres, rating, and duration
+  - Click-to-select interaction with visual feedback
+  - "New Options" button to refresh movie choices
+  - Responsive grid layout (1/2/3 columns based on screen size)
+  - New `/api/compare` endpoint for fetching comparison movies
+
+- **Lazy-Loading Actor Images** - Progressive image loading
+  - Actor images load asynchronously after page render
+  - New `/api/actor-image/{name}` endpoint
+  - Multiple fallback sources: Wikipedia → Wikipedia Search → AniList → Initials placeholder
+  - Proper URL encoding and User-Agent headers for reliable Wikipedia API access
+
+- **Async Trailer Loading** - Background trailer URL fetching
+  - New `/api/trailer/{movie_id}` endpoint
+  - Trailer button shows "Loading..." then becomes active
+  - Page no longer blocked by slow DuckDuckGo/YouTube searches
+
+### Changed
+- **Massive Performance Improvements**
+  - Main page now uses `get_random_movie_fast()` - no external API calls on initial load
+  - Anime/TV show libraries use Plex's native `unwatched=True` filter instead of iterating all episodes
+  - Removed slow IMDB scraping from initial page load
+  - Actor images, trailers load progressively via AJAX
+
+### Security
+- **Enhanced JWT Authentication**
+  - Fixed critical vulnerability in `require_jwt_auth` decorator (was only checking token length!)
+  - Added secure random key generation when `JWT_SECRET_KEY` not provided
+  - Added `iss` (issuer) and `aud` (audience) claims to JWT tokens
+  - Added `nbf` (not-before) claim for additional security
+  - Strict token verification requiring all security claims
+  - Removed weak default secret key from Dockerfile
+
+### Fixed
+- Wikipedia actor image API now works reliably with proper URL encoding
+- Anime library no longer takes 30+ seconds to load
+
 ## [1.7.2] - 2025-07-06
 
 ### Added

Dockerfile

@@ -9,7 +9,8 @@ COPY . .
 
 EXPOSE 5000
 
-# Set default JWT secret key (should be overridden in production)
-ENV JWT_SECRET_KEY=default-secret-key-change-in-production
+# Note: JWT_SECRET_KEY should be set via docker-compose or runtime environment
+# If not set, the app will generate a random key (tokens won't persist across restarts)
+# ENV JWT_SECRET_KEY=  # Don't set a default - let the app generate or require it
 
 CMD ["gunicorn", "--bind", "0.0.0.0:5000", "--timeout", "120", "app:app"]

README.md

@@ -2,27 +2,29 @@
 
 # Plex Movie Suggester
 
-**Version 1.7.2**
+**Version 1.8.0**
 
 A modern Flask app that connects to your Plex server and suggests a random unwatched movie, TV show, anime, or other video from your Plex library.  
 Features a sleek, responsive Plex-themed UI with modern glass morphism design, interactive elements, **secure JWT-based authentication**, and **Plex Match functionality** for group viewing decisions.
 
 ---
 
-## 🚀 What's New in v1.7.2
+## 🚀 What's New in v1.8.0
 
-- **Professional Branding:**  
-  Added comprehensive favicon support with new Plex-style logo featuring an orange arrow design for enhanced brand recognition.
-- **Cross-Browser Compatibility:**  
-  Implemented favicon routes (`/favicon.ico`, `/icon.png`, `/logo.png`) with proper MIME types and support for Apple touch icons and legacy browsers.
-- **Enhanced User Experience:**  
-  Branded favicon now appears in browser tabs, bookmarks, and mobile home screen shortcuts for better project identification.
-- **Technical Improvements:**  
-  Enhanced Flask routing with `send_from_directory` functionality for optimized static asset serving.
+- **🎬 Movie Comparison Mode:**  
+  New side-by-side comparison view showing 2-3 random movies at once. Click to select your choice, then watch or get new options. Perfect for when you can't decide!
+- **⚡ Blazing Fast Performance:**  
+  Complete performance overhaul - pages now load instantly. Anime/TV libraries that took 30+ seconds now load in under 1 second.
+- **🔐 Enhanced Security:**  
+  Strengthened JWT authentication with proper signature verification, secure secret key generation, issuer/audience claims, and protection against token spoofing.
+- **🖼️ Smart Actor Images:**  
+  Actor photos now lazy-load from Wikipedia with multiple fallbacks. Page loads fast, images appear progressively.
+- **🎥 Async Trailer Loading:**  
+  Trailer URLs load in the background - no more waiting for YouTube searches to complete before seeing your movie.
 
 ---
 
-## 🚀 What's New in v1.7.1
+## 🚀 What's New in v1.7.2
 
 - **Donation Support:**  
   Added donation buttons (Buy Me a Coffee, Ko-fi) integrated seamlessly into the interface with matching project theme and smooth animations.