From ae0e2cee413f4633922a8196a68c30d1657df258 Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Sun, 30 Apr 2017 07:48:48 +0530
Subject: [PATCH] Option to allow un-authenticated local write access

---
 src/calibre/srv/cdb.py           |  2 +-
 src/calibre/srv/handler.py       |  2 ++
 src/calibre/srv/http_response.py |  7 ++++---
 src/calibre/srv/loop.py          |  1 +
 src/calibre/srv/opts.py          | 11 +++++++++++
 5 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/calibre/srv/cdb.py b/src/calibre/srv/cdb.py
index 6a1bd04e02..7a000ee81a 100644
--- a/src/calibre/srv/cdb.py
+++ b/src/calibre/srv/cdb.py
@@ -36,5 +36,5 @@ def cdb_run(ctx, rd, which):
         result = m.implementation(db, ctx.notify_changes, *args)
     except Exception as err:
         import traceback
-        return {'err': as_unicode(err), 'tb':traceback.format_stack()}
+        return {'err': as_unicode(err), 'tb': traceback.format_exc()}
     return {'result': result}
diff --git a/src/calibre/srv/handler.py b/src/calibre/srv/handler.py
index 1795ef2d28..0f997b24f1 100644
--- a/src/calibre/srv/handler.py
+++ b/src/calibre/srv/handler.py
@@ -74,6 +74,8 @@ class Context(object):
 
     def check_for_write_access(self, data):
         if not data.username:
+            if data.is_local_connection and self.opts.local_write:
+                return
             raise HTTPForbidden('Anonymous users are not allowed to make changes')
         if self.user_manager.is_readonly(data.username):
             raise HTTPForbidden('The user {} does not have permission to make changes'.format(data.username))
diff --git a/src/calibre/srv/http_response.py b/src/calibre/srv/http_response.py
index 5159b08cff..deade8c635 100644
--- a/src/calibre/srv/http_response.py
+++ b/src/calibre/srv/http_response.py
@@ -210,14 +210,14 @@ class RequestData(object):  # {{{
     username = None
 
     def __init__(self, method, path, query, inheaders, request_body_file, outheaders, response_protocol,
-                 static_cache, opts, remote_addr, remote_port, translator_cache, tdir):
+                 static_cache, opts, remote_addr, remote_port, is_local_connection, translator_cache, tdir):
 
         (self.method, self.path, self.query, self.inheaders, self.request_body_file, self.outheaders,
          self.response_protocol, self.static_cache, self.translator_cache) = (
             method, path, query, inheaders, request_body_file, outheaders,
             response_protocol, static_cache, translator_cache
         )
-        self.remote_addr, self.remote_port = remote_addr, remote_port
+        self.remote_addr, self.remote_port, self.is_local_connection = remote_addr, remote_port, is_local_connection
         self.opts = opts
         self.status_code = httplib.OK
         self.outcookie = Cookie()
@@ -430,7 +430,8 @@ class HTTPConnection(HTTPRequest):
         data = RequestData(
             self.method, self.path, self.query, inheaders, request_body_file,
             outheaders, self.response_protocol, self.static_cache, self.opts,
-            self.remote_addr, self.remote_port, self.translator_cache, self.tdir
+            self.remote_addr, self.remote_port, self.is_local_connection,
+            self.translator_cache, self.tdir
         )
         self.queue_job(self.run_request_handler, data)
 
diff --git a/src/calibre/srv/loop.py b/src/calibre/srv/loop.py
index 13499eee01..ef9764c643 100644
--- a/src/calibre/srv/loop.py
+++ b/src/calibre/srv/loop.py
@@ -128,6 +128,7 @@ class Connection(object):  # {{{
         except Exception:
             # In case addr is None, which can occassionally happen
             self.remote_addr = self.remote_port = None
+        self.is_local_connection = self.remote_addr in ('127.0.0.1', '::1')
         self.orig_send_bufsize = self.send_bufsize = 4096
         self.tdir = tdir
         self.ssl_context = ssl_context
diff --git a/src/calibre/srv/opts.py b/src/calibre/srv/opts.py
index 7961bfdb27..3f27ed4d30 100644
--- a/src/calibre/srv/opts.py
+++ b/src/calibre/srv/opts.py
@@ -133,6 +133,17 @@ raw_options = (
     _('By default, the server is unrestricted, allowing anyone to access it. You can'
     ' restrict access to predefined users with this option.'),
 
+    _('Allow un-authenticated local connections to make changes'),
+    'local_write', False,
+    _('By default, if you do not turn on authentication, the server operates in'
+      ' read-only mode, so as to not allow anonymous users to make changes to your'
+      ' calibre libraries. This option allows anybody connecting from the same'
+      ' computer as the server is running on to make changes. This is useful'
+      ' if you want to run the server without authentication but still'
+      ' use calibredb to make changes to your calibre libraries. Note that'
+      ' turning on this option means any program running on the computer'
+      ' can make changes to your calibre libraries.'),
+
     _('Path to user database'),
     'userdb', None,
     _('Path to a file in which to store the user and password information. By default a'