mirror of
https://github.com/Kareadita/Kavita.git
synced 2025-05-24 00:52:23 -04:00
88b5ebeb69
* Updated ngx-extended-pdf-viewer to 14.5.2 + misc security vuln * Hooked up remove from want to read AND fixed a bug in the logic that was removing everything BUT what was passed. Allow for bookmarks to have date info for better ordering. * Implemented a quick way to set darkneses level on manga reader for when nightlight just isn't dark enough * Added Japanese Series name support in the Parser * Updated our security file with our Huntr. * Fixed a security vulnerability where through the API, an unauthorized user could delete/modify reading lists that did not belong to them. Fixed a bug where when creating a reading list with the name of another users, the API would throw an exception (but reading list would still get created) * Ensure all reading list apis are authorized * Ensured all APIs require authentication, except those that explicitly don't. All APIs are default requiring Authentication. Fixed a security vulnerability which would allow a user to take over an admin account. * Fixed a bug where cover-upload would accept filenames that were not expected. * Explicitly check that a user has access to the pdf file before we serve it back. * Enabled lock out when invalid user auth occurs. After 5 invalid auths, the user account will be locked out for 10 mins.
67 lines
1.7 KiB
C#
67 lines
1.7 KiB
C#
using System.Collections.Generic;
|
|
using System.Threading.Tasks;
|
|
using API.Data;
|
|
using API.DTOs.Theme;
|
|
using API.Extensions;
|
|
using API.Services;
|
|
using API.Services.Tasks;
|
|
using Kavita.Common;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace API.Controllers;
|
|
|
|
public class ThemeController : BaseApiController
|
|
{
|
|
private readonly IUnitOfWork _unitOfWork;
|
|
private readonly IThemeService _themeService;
|
|
private readonly ITaskScheduler _taskScheduler;
|
|
|
|
public ThemeController(IUnitOfWork unitOfWork, IThemeService themeService, ITaskScheduler taskScheduler)
|
|
{
|
|
_unitOfWork = unitOfWork;
|
|
_themeService = themeService;
|
|
_taskScheduler = taskScheduler;
|
|
}
|
|
|
|
[AllowAnonymous]
|
|
[HttpGet]
|
|
public async Task<ActionResult<IEnumerable<SiteThemeDto>>> GetThemes()
|
|
{
|
|
return Ok(await _unitOfWork.SiteThemeRepository.GetThemeDtos());
|
|
}
|
|
|
|
[Authorize("RequireAdminRole")]
|
|
[HttpPost("scan")]
|
|
public ActionResult Scan()
|
|
{
|
|
_taskScheduler.ScanSiteThemes();
|
|
return Ok();
|
|
}
|
|
|
|
[Authorize("RequireAdminRole")]
|
|
[HttpPost("update-default")]
|
|
public async Task<ActionResult> UpdateDefault(UpdateDefaultThemeDto dto)
|
|
{
|
|
await _themeService.UpdateDefault(dto.ThemeId);
|
|
return Ok();
|
|
}
|
|
|
|
/// <summary>
|
|
/// Returns css content to the UI. UI is expected to escape the content
|
|
/// </summary>
|
|
/// <returns></returns>
|
|
[HttpGet("download-content")]
|
|
public async Task<ActionResult<string>> GetThemeContent(int themeId)
|
|
{
|
|
try
|
|
{
|
|
return Ok(await _themeService.GetContent(themeId));
|
|
}
|
|
catch (KavitaException ex)
|
|
{
|
|
return BadRequest(ex.Message);
|
|
}
|
|
}
|
|
}
|