mirror of
https://github.com/Kareadita/Kavita.git
synced 2025-05-24 00:52:23 -04:00
88b5ebeb69
* Updated ngx-extended-pdf-viewer to 14.5.2 + misc security vuln * Hooked up remove from want to read AND fixed a bug in the logic that was removing everything BUT what was passed. Allow for bookmarks to have date info for better ordering. * Implemented a quick way to set darkneses level on manga reader for when nightlight just isn't dark enough * Added Japanese Series name support in the Parser * Updated our security file with our Huntr. * Fixed a security vulnerability where through the API, an unauthorized user could delete/modify reading lists that did not belong to them. Fixed a bug where when creating a reading list with the name of another users, the API would throw an exception (but reading list would still get created) * Ensure all reading list apis are authorized * Ensured all APIs require authentication, except those that explicitly don't. All APIs are default requiring Authentication. Fixed a security vulnerability which would allow a user to take over an admin account. * Fixed a bug where cover-upload would accept filenames that were not expected. * Explicitly check that a user has access to the pdf file before we serve it back. * Enabled lock out when invalid user auth occurs. After 5 invalid auths, the user account will be locked out for 10 mins.
31 lines
889 B
C#
31 lines
889 B
C#
using System.Threading.Tasks;
|
|
using API.Entities;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace API.Controllers
|
|
{
|
|
public class AdminController : BaseApiController
|
|
{
|
|
private readonly UserManager<AppUser> _userManager;
|
|
|
|
public AdminController(UserManager<AppUser> userManager)
|
|
{
|
|
_userManager = userManager;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Checks if an admin exists on the system. This is essentially a check to validate if the system has been setup.
|
|
/// </summary>
|
|
/// <returns></returns>
|
|
[AllowAnonymous]
|
|
[HttpGet("exists")]
|
|
public async Task<ActionResult<bool>> AdminExists()
|
|
{
|
|
var users = await _userManager.GetUsersInRoleAsync("Admin");
|
|
return users.Count > 0;
|
|
}
|
|
}
|
|
}
|