Notifiarr
diff --git a/‎docs/api_docs.go‎
Lines changed: 6 additions & 12 deletions b/‎docs/api_docs.go‎
Lines changed: 6 additions & 12 deletions
diff --git a/‎go.mod‎
Lines changed: 0 additions & 3 deletions b/‎go.mod‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎go.sum‎
Lines changed: 0 additions & 15 deletions b/‎go.sum‎
Lines changed: 0 additions & 15 deletions
diff --git a/‎pkg/webserver/accesslog.go‎
Lines changed: 203 additions & 0 deletions b/‎pkg/webserver/accesslog.go‎
Lines changed: 203 additions & 0 deletions
@@ -64,10 +64,6 @@ const docTemplateapi = `{
                                 "type": "string",
                                 "description": "Environment: live, dev, etc."
                             },
-                            "X-Request-Time": {
-                                "type": "string",
-                                "description": "How long the request elapsed."
-                            },
                             "X-UserID": {
                                 "type": "string",
                                 "description": "MySQL ID for the user whose API key was provided."
@@ -87,14 +83,6 @@ const docTemplateapi = `{
                             "X-API-Key": {
                                 "type": "string",
                                 "description": "API Key parsed from request."
-                            },
-                            "X-Key": {
-                                "type": "string",
-                                "description": "Masked API Key parsed from request."
-                            },
-                            "X-Length": {
-                                "type": "int",
-                                "description": "The length of the API key."
                             }
                         }
                     }
@@ -418,9 +406,11 @@ const docTemplateapi = `{
                 },
                 "data": {},
                 "hits": {
+                    "description": "Copied from 'hits' on read.",
                     "type": "integer"
                 },
                 "lastAccess": {
+                    "description": "Copied from 'last' on read.",
                     "type": "string"
                 }
             }
@@ -469,6 +459,10 @@ const docTemplateapi = `{
         "webserver.Config": {
             "type": "object",
             "properties": {
+                "cacheShards": {
+                    "description": "CacheShards is golift.io/cache partition count for users and servers; 0 means library default (single shard).",
+                    "type": "integer"
+                },
                 "connMaxIdleTime": {
                     "$ref": "#/definitions/time.Duration"
                 },
 
@@ -5,7 +5,6 @@ go 1.26.1
 require (
 	github.com/go-sql-driver/mysql v1.9.3
 	github.com/gorilla/mux v1.8.1
-	github.com/lestrrat-go/apache-logformat/v2 v2.0.6
 	github.com/prometheus/client_golang v1.23.2
 	github.com/swaggo/swag v1.16.6
 	golift.io/cache v1.0.1-0.20260406025202-1176587c97ab
@@ -31,9 +30,7 @@ require (
 	github.com/go-openapi/swag/typeutils v0.25.5 // indirect
 	github.com/go-openapi/swag/yamlutils v0.25.5 // indirect
 	github.com/kr/text v0.2.0 // indirect
-	github.com/lestrrat-go/strftime v1.1.1 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
 	github.com/prometheus/common v0.67.5 // indirect
 	github.com/prometheus/procfs v0.20.1 // indirect
 
@@ -9,11 +9,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a h1:yDWHCSQ40h88yih2JAcL6Ls/kVkSE8GFACTGVnMPruw=
-github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a/go.mod h1:7Ga40egUymuWXxAe151lTNnCv97MddSOVsjpPPkityA=
 github.com/go-openapi/jsonpointer v0.22.5 h1:8on/0Yp4uTb9f4XvTrM2+1CPrV05QPZXu+rvu2o9jcA=
 github.com/go-openapi/jsonpointer v0.22.5/go.mod h1:gyUR3sCvGSWchA2sUBJGluYMbe1zazrYWIkWPjjMUY0=
 github.com/go-openapi/jsonreference v0.21.5 h1:6uCGVXU/aNF13AQNggxfysJ+5ZcU4nEAe+pJyVWRdiE=
@@ -55,18 +52,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/lestrrat-go/apache-logformat/v2 v2.0.6 h1:MDyexlEMjFnXXuNemorO/SgUjkpWz6rKmYPkx1CgQg8=
-github.com/lestrrat-go/apache-logformat/v2 v2.0.6/go.mod h1:meGwIaUOWH7yPDXUSxMTVTMdH9HkGTO1oN2z/4n/yPs=
-github.com/lestrrat-go/envload v0.0.0-20180220234015-a3eb8ddeffcc h1:RKf14vYWi2ttpEmkA4aQ3j4u9dStX2t4M8UM6qqNsG8=
-github.com/lestrrat-go/envload v0.0.0-20180220234015-a3eb8ddeffcc/go.mod h1:kopuH9ugFRkIXf3YoqHKyrJ9YfUFsckUU9S7B+XP+is=
-github.com/lestrrat-go/strftime v1.0.4/go.mod h1:E1nN3pCbtMSu1yjSVeyuRFVm/U0xoR76fd03sz+Qz4g=
-github.com/lestrrat-go/strftime v1.1.1 h1:zgf8QCsgj27GlKBy3SU9/8MMgegZ8UCzlCyHYrUF0QU=
-github.com/lestrrat-go/strftime v1.1.1/go.mod h1:YDrzHJAODYQ+xxvrn5SG01uFIQAeDTzpxNVppCz7Nmw=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
@@ -79,8 +66,6 @@ github.com/prometheus/procfs v0.20.1 h1:XwbrGOIplXW/AU3YhIhLODXMJYyC1isLFfYCsTEy
 github.com/prometheus/procfs v0.20.1/go.mod h1:o9EMBZGRyvDrSPH1RqdxhojkuXstoe4UlK79eF5TGGo=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/swaggo/swag v1.16.6 h1:qBNcx53ZaX+M5dxVyTrgQ0PJ/ACK+NzhwcbieTt+9yI=
 
@@ -0,0 +1,203 @@
+package webserver
+
+import (
+	"io"
+	"net"
+	"net/http"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+)
+
+/* High performance access logging. */
+
+const accessLogInitialGrow = 512
+
+// captureWriter records status and body size for access logging.
+type captureWriter struct {
+	http.ResponseWriter
+
+	start  time.Time
+	status int
+	size   int64
+}
+
+func (c *captureWriter) WriteHeader(code int) {
+	if c.status == 0 {
+		c.status = code
+	}
+
+	c.ResponseWriter.WriteHeader(code)
+}
+
+func (c *captureWriter) Write(p []byte) (int, error) {
+	if c.status == 0 {
+		c.status = http.StatusOK
+	}
+
+	n, err := c.ResponseWriter.Write(p)
+	c.size += int64(n)
+
+	return n, err //nolint:wrapcheck // delegate to underlying ResponseWriter
+}
+
+func (c *captureWriter) statusCode() int {
+	if c.status == 0 {
+		return http.StatusOK
+	}
+
+	return c.status
+}
+
+// Get returns the first value for a response header field. key must already be in
+// canonical form (http.CanonicalHeaderKey). Unlike Header.Get it does not allocate
+// or re-canonicalize key on each call.
+func (c *captureWriter) Get(key string) string {
+	if v := c.Header()[key]; len(v) > 0 {
+		return v[0]
+	}
+
+	return ""
+}
+
+//nolint:gochecknoglobals // one pool per process for hot-path access log strings.Builder reuse
+var alBuilder = sync.Pool{New: func() any { return &strings.Builder{} }}
+
+// accessLogWrap writes one Apache-style line per request to dst (same field order as the former alFmt).
+func accessLogWrap(next http.Handler, dst io.Writer) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		capture := &captureWriter{ResponseWriter: w, start: time.Now()}
+		next.ServeHTTP(capture, req)
+		capture.writeAccessLogLine(req, dst)
+	})
+}
+
+func (c *captureWriter) writeAccessLogLine(req *http.Request, dst io.Writer) {
+	//nolint:forcetypeassert
+	builder := alBuilder.Get().(*strings.Builder) // Get a string buffer:
+	builder.Reset()                               //  - reset it.
+	builder.Grow(accessLogInitialGrow)            //  - grow it.
+	c.writeAccessLogLinePrefix(builder, req)      //  - fill prefix.
+	c.writeAccessLogLineTail(builder, req)        //  - fill suffix.
+	_, _ = io.WriteString(dst, builder.String())  //  - write it.
+	alBuilder.Put(builder)                        //  - put it back.
+}
+
+func (c *captureWriter) writeAccessLogLinePrefix(builder *strings.Builder, req *http.Request) {
+	// %V
+	builder.WriteString(req.Host)
+	builder.WriteByte(' ')
+	// %{X-Forwarded-For}i — computed like former fixForwardedFor (not raw header).
+	builder.WriteString(ClientIPForLog(req))
+	builder.WriteByte(' ')
+	// "%{X-Username}o"
+	builder.WriteByte('"')
+	builder.WriteString(c.Get("X-Username"))
+	builder.WriteString("\" ")
+	// %{X-UserID}o
+	builder.WriteString(c.Get("X-Userid"))
+	builder.WriteByte(' ')
+	// %t — [02/Jan/2006:15:04:05 -0700]
+	builder.WriteByte('[')
+	builder.WriteString(c.start.Format("02/Jan/2006:15:04:05 -0700"))
+	builder.WriteString("] ")
+	// "%r"
+	builder.WriteByte('"')
+	builder.WriteString(req.Method)
+	builder.WriteByte(' ')
+
+	if req.RequestURI != "" {
+		builder.WriteString(req.RequestURI)
+	} else {
+		builder.WriteString(req.URL.RequestURI())
+	}
+
+	builder.WriteString(" HTTP/1.1\" ")
+	// %>s
+	builder.WriteString(strconv.Itoa(c.statusCode()))
+	builder.WriteByte(' ')
+	// %b — response body size (0 when none).
+	builder.WriteString(strconv.FormatInt(c.size, 10))
+
+	builder.WriteByte(' ')
+	// "%{Referer}i" "%{User-agent}i" query:...
+	builder.WriteByte('"')
+	builder.WriteString(RefererPathForLog(req.Header))
+	builder.WriteString("\" \"")
+	builder.WriteString(req.UserAgent())
+	builder.WriteByte('"')
+}
+
+func (c *captureWriter) writeAccessLogLineTail(builder *strings.Builder, req *http.Request) {
+	builder.WriteString(" req:")
+	// %{ms}T — elapsed milliseconds (same as apache-logformat request duration).
+	builder.WriteString(strconv.FormatInt(time.Since(c.start).Milliseconds(), 10))
+	builder.WriteString("ms age:")
+	builder.WriteString(c.Get("Age"))
+	builder.WriteString(" env:")
+	builder.WriteString(c.Get("X-Environment"))
+	builder.WriteString(" key:")
+
+	masked, keyLenStr := c.maskedAPIKeyFromResponse()
+	builder.WriteString(masked)
+	builder.WriteByte('(')
+	builder.WriteString(keyLenStr)
+	builder.WriteString(") \"srv:")
+	builder.WriteString(req.Header.Get("X-Server"))
+	builder.WriteString("\"\n")
+}
+
+// maskedAPIKeyFromResponse returns maskAPIKey(w X-Api-Key) for the access log, or ("", "")
+// when the handler did not set that response header.
+func (c *captureWriter) maskedAPIKeyFromResponse() (string, string) {
+	key := c.Get("X-Api-Key")
+	if key == "" {
+		return "", ""
+	}
+
+	return maskAPIKey(key)
+}
+
+// RefererPathForLog returns the path part of X-Original-Uri (no query string) truncated before the
+// API key segment (keyPosition), using the same strings.Split(path, "/") rules as GetAPIKeyFromURIPath.
+// If the path has fewer than keyPosition+1 segments, it returns the full path (still without query).
+// When X-Original-Uri is missing, empty, or only a query string, it returns "".
+func RefererPathForLog(header http.Header) string {
+	pathPart, _, _ := strings.Cut(header.Get("X-Original-Uri"), "?")
+	if pathPart == "" {
+		return ""
+	}
+
+	var pos, segIdx int
+
+	for seg := range strings.SplitSeq(pathPart, "/") {
+		if segIdx == keyPosition {
+			return strings.TrimSuffix(pathPart[:pos], "/")
+		}
+
+		pos += len(seg)
+		if pos < len(pathPart) && pathPart[pos] == '/' {
+			pos++
+		}
+
+		segIdx++
+	}
+
+	return pathPart
+}
+
+// ClientIPForLog returns the client IP for access logs (same rules as the former fixForwardedFor middleware).
+func ClientIPForLog(req *http.Request) string {
+	forwarded := req.Header.Get("X-Forwarded-For")
+	if forwarded == "" {
+		host, _, err := net.SplitHostPort(req.RemoteAddr)
+		if err != nil {
+			return strings.Trim(req.RemoteAddr, "[]")
+		}
+
+		return host
+	}
+
+	return strings.TrimSpace(strings.Split(forwarded, ",")[0])
+}