Fix test isolation: redirect hits.db to tmp_path in web RBAC tests

Dashboard route queries utils.database, which was pointing at the real
data/hits.db instead of a temp file, causing no such table: hits.

.gitignore

@@ -20,6 +20,7 @@ data/logs/
 
 # Env
 .env
+config_local.py
 
 # Python
 __pycache__/

config.py

@@ -41,23 +41,7 @@ _DEFAULT_KEYWORDS: list[str] = [
 
 # Use usernames (without @) or numeric channel IDs (-100xxxxxxxxxx)
 _DEFAULT_CHANNELS: list[str | int] = [
-    #-1002230225603,
+    #"channelName",
-    #"cloudxlog",
-    ##-1001967030016, # daisycloud
-    ##"berserklogs", # berserklogs
-    ##"BorwitaFreeLogs", # borwita
-    #-1002748707556, # darkcloud
-    #-1001684073398, # BHF Cloud
-    #-1003163621939, # Wich Love from R
-    #-1003611713618, # Khazan Cloud
-    #-1003328682684, # LogsPlanet
-    #-1003204260194, # JDP
-    #-1002828367761, # HesoyamCloud
-    #-1003513974925, # Slurm Logs
-    #-1003599300787, # Arhont Corp
-    #-1002582513379, # OnlyLogs
-    #-1002788333372, # Ickis Cloud
-    -1002643355608, # Cloud URL
     #-1001234567890,  # private channel by ID
 ]
 
@@ -122,15 +106,13 @@ MAX_FILE_SIZE = 4 * 1024 * 1024 * 1024  # 4 GB (Telegram Premium max)
 
 # ─── Archive passwords to try ────────────────────────────────────────────────
 ARCHIVE_PASSWORDS: list[bytes] = [
-    b"1234",
-    b"0000",
-    b"infected",
-    b"telegram",
-    b"password",
-    b"12345",
     b"",
-    b"Borwita",
+    b"infected",
-    b"@WichLoveFromR",
+    b"password",
+    b"1234",
+    b"12345",
+    b"0000",
+    b"telegram",
 ]
 
 # ─── Backfill settings ───────────────────────────────────────────────────────
@@ -141,7 +123,7 @@ BACKFILL_LIMIT = 500
 # Namespace tdl was logged into.  Run `tdl login` with no -n flag → namespace
 # is "default".  Run `tdl login -n foo` → namespace is "foo".
 # Set to None to omit -n entirely (tdl will use "default" anyway).
-TDL_NAMESPACE: str | None = "ulpmon"
+TDL_NAMESPACE: str | None = "monitor_session"
 
 # Parallel chunk workers per file (-t / --threads global flag)
 TDL_THREADS = 8
@@ -156,3 +138,10 @@ TDL_AMOUNT = 4
 # Whether to use a Telegram takeout session for downloads (lower flood limits).
 # Takeout sessions are rate-limited differently - good for bulk backfill.
 TDL_TAKEOUT = True
+
+# ─── Local overrides (gitignored) ────────────────────────────────────────────
+# Create config_local.py to override any value above without touching this file.
+try:
+    from config_local import *  # noqa: F401, F403
+except ImportError:
+    pass

config_local.py.example

@@ -0,0 +1,26 @@
+# config_local.py - machine-specific overrides (copy to config_local.py, never commit)
+# Any name defined here replaces the value in config.py at import time.
+
+# Extra archive passwords specific to your targets
+ARCHIVE_PASSWORDS: list[bytes] = [
+    b"",
+    b"infected",
+    b"password",
+    b"1234",
+    # add your own below
+]
+
+# tdl namespace you logged into (tdl login -n <name>)
+TDL_NAMESPACE: str | None = "monitor_session"
+
+# Default keyword patterns (overridden by runtime_config.json when present)
+_DEFAULT_KEYWORDS: list[str] = [
+    r"yourdomain\.com",
+    r"@yourdomain\.com",
+]
+
+# Default channels (overridden by runtime_config.json when present)
+_DEFAULT_CHANNELS: list[str | int] = [
+    # "channelname",
+    # -1001234567890,
+]

pyproject.toml

@@ -1,6 +1,6 @@
 [build-system]
 requires = ["setuptools>=68"]
-build-backend = "setuptools.backends.legacy:build"
+build-backend = "setuptools.build_meta"
 
 [project]
 name = "stealergram"

tests/test_web_rbac.py

@@ -18,10 +18,16 @@ def isolated_web(tmp_path, monkeypatch):
     db_path = tmp_path / "web.db"
     cfg_path = tmp_path / "runtime_config.json"
 
+    import utils.database as hitdb_mod
+
+    hits_path = tmp_path / "hits.db"
+
     monkeypatch.setattr(db_mod, "DB_FILE", db_path)
     monkeypatch.setattr(cfg_mod, "RUNTIME_CONFIG_PATH", cfg_path)
+    monkeypatch.setattr(hitdb_mod, "DB_FILE", hits_path)
 
     db_mod.init_db()
+    hitdb_mod.init_db()
 
 
 @pytest.fixture