mirror of
https://github.com/Kareadita/Kavita.git
synced 2025-11-03 11:07:06 -05:00
88b5ebeb69
* Updated ngx-extended-pdf-viewer to 14.5.2 + misc security vuln * Hooked up remove from want to read AND fixed a bug in the logic that was removing everything BUT what was passed. Allow for bookmarks to have date info for better ordering. * Implemented a quick way to set darkneses level on manga reader for when nightlight just isn't dark enough * Added Japanese Series name support in the Parser * Updated our security file with our Huntr. * Fixed a security vulnerability where through the API, an unauthorized user could delete/modify reading lists that did not belong to them. Fixed a bug where when creating a reading list with the name of another users, the API would throw an exception (but reading list would still get created) * Ensure all reading list apis are authorized * Ensured all APIs require authentication, except those that explicitly don't. All APIs are default requiring Authentication. Fixed a security vulnerability which would allow a user to take over an admin account. * Fixed a bug where cover-upload would accept filenames that were not expected. * Explicitly check that a user has access to the pdf file before we serve it back. * Enabled lock out when invalid user auth occurs. After 5 invalid auths, the user account will be locked out for 10 mins.
91 lines
3.1 KiB
C#
91 lines
3.1 KiB
C#
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using System.Threading.Tasks;
|
|
using API.Data;
|
|
using API.Data.Repositories;
|
|
using API.DTOs;
|
|
using API.DTOs.Filtering;
|
|
using API.DTOs.WantToRead;
|
|
using API.Extensions;
|
|
using API.Helpers;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace API.Controllers;
|
|
|
|
/// <summary>
|
|
/// Responsible for all things Want To Read
|
|
/// </summary>
|
|
[Route("api/want-to-read")]
|
|
public class WantToReadController : BaseApiController
|
|
{
|
|
private readonly IUnitOfWork _unitOfWork;
|
|
|
|
public WantToReadController(IUnitOfWork unitOfWork)
|
|
{
|
|
_unitOfWork = unitOfWork;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Return all Series that are in the current logged in user's Want to Read list, filtered
|
|
/// </summary>
|
|
/// <param name="userParams"></param>
|
|
/// <param name="filterDto"></param>
|
|
/// <returns></returns>
|
|
[HttpPost]
|
|
public async Task<ActionResult<PagedList<SeriesDto>>> GetWantToRead([FromQuery] UserParams userParams, FilterDto filterDto)
|
|
{
|
|
userParams ??= new UserParams();
|
|
var user = await _unitOfWork.UserRepository.GetUserByUsernameAsync(User.GetUsername());
|
|
var pagedList = await _unitOfWork.SeriesRepository.GetWantToReadForUserAsync(user.Id, userParams, filterDto);
|
|
Response.AddPaginationHeader(pagedList.CurrentPage, pagedList.PageSize, pagedList.TotalCount, pagedList.TotalPages);
|
|
return Ok(pagedList);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Given a list of Series Ids, add them to the current logged in user's Want To Read list
|
|
/// </summary>
|
|
/// <param name="dto"></param>
|
|
/// <returns></returns>
|
|
[HttpPost("add-series")]
|
|
public async Task<ActionResult> AddSeries(UpdateWantToReadDto dto)
|
|
{
|
|
var user = await _unitOfWork.UserRepository.GetUserByUsernameAsync(User.GetUsername(),
|
|
AppUserIncludes.WantToRead);
|
|
|
|
var existingIds = user.WantToRead.Select(s => s.Id).ToList();
|
|
existingIds.AddRange(dto.SeriesIds);
|
|
|
|
var idsToAdd = existingIds.Distinct().ToList();
|
|
|
|
var seriesToAdd = await _unitOfWork.SeriesRepository.GetSeriesByIdsAsync(idsToAdd);
|
|
foreach (var series in seriesToAdd)
|
|
{
|
|
user.WantToRead.Add(series);
|
|
}
|
|
|
|
if (!_unitOfWork.HasChanges()) return Ok();
|
|
if (await _unitOfWork.CommitAsync()) return Ok();
|
|
|
|
return BadRequest("There was an issue updating Read List");
|
|
}
|
|
|
|
/// <summary>
|
|
/// Given a list of Series Ids, remove them from the current logged in user's Want To Read list
|
|
/// </summary>
|
|
/// <param name="dto"></param>
|
|
/// <returns></returns>
|
|
[HttpPost("remove-series")]
|
|
public async Task<ActionResult> RemoveSeries(UpdateWantToReadDto dto)
|
|
{
|
|
var user = await _unitOfWork.UserRepository.GetUserByUsernameAsync(User.GetUsername(),
|
|
AppUserIncludes.WantToRead);
|
|
|
|
user.WantToRead = user.WantToRead.Where(s => !dto.SeriesIds.Contains(s.Id)).ToList();
|
|
|
|
if (!_unitOfWork.HasChanges()) return Ok();
|
|
if (await _unitOfWork.CommitAsync()) return Ok();
|
|
|
|
return BadRequest("There was an issue updating Read List");
|
|
}
|
|
}
|