Merge remote-tracking branch 'kobo_sync/kobo' into Develop

# Conflicts:
#	cps.py
#	cps/kobo.py
#	cps/kobo_auth.py
#	cps/ub.py
pull/1137/head
Ozzieisaacs 5 years ago
commit 288944db2c

@ -42,6 +42,7 @@ from cps.admin import admi
from cps.gdrive import gdrive from cps.gdrive import gdrive
from cps.editbooks import editbook from cps.editbooks import editbook
from cps.kobo import kobo from cps.kobo import kobo
from cps.kobo_auth import kobo_auth
try: try:
from cps.oauth_bb import oauth from cps.oauth_bb import oauth
@ -61,6 +62,7 @@ def main():
app.register_blueprint(gdrive) app.register_blueprint(gdrive)
app.register_blueprint(editbook) app.register_blueprint(editbook)
app.register_blueprint(kobo) app.register_blueprint(kobo)
app.register_blueprint(kobo_auth)
if oauth_available: if oauth_available:
app.register_blueprint(oauth) app.register_blueprint(oauth)
success = web_server.start() success = web_server.start()

@ -25,15 +25,20 @@ from datetime import datetime
from time import gmtime, strftime from time import gmtime, strftime
from jsonschema import validate, exceptions from jsonschema import validate, exceptions
from flask import Blueprint, request, make_response, jsonify, json from flask import Blueprint, request, make_response, jsonify, json, current_app, url_for
from flask_login import login_required from flask_login import login_required
from sqlalchemy import func, or_ from sqlalchemy import func
from . import config, logger, kobo_auth, db, helper from . import config, logger, kobo_auth, db, helper
from .web import download_required from .web import download_required
kobo = Blueprint("kobo", __name__) #TODO: Test more formats :) .
KOBO_SUPPORTED_FORMATS = {"KEPUB"}
kobo = Blueprint("kobo", __name__, url_prefix="/kobo/<auth_token>")
kobo_auth.disable_failed_auth_redirect_for_blueprint(kobo) kobo_auth.disable_failed_auth_redirect_for_blueprint(kobo)
kobo_auth.register_url_value_preprocessor(kobo)
log = logger.create() log = logger.create()
@ -166,9 +171,10 @@ def HandleSyncRequest():
# It looks like it's treating the db.Books.last_modified field as a string and may fail # It looks like it's treating the db.Books.last_modified field as a string and may fail
# the comparison because of the +00:00 suffix. # the comparison because of the +00:00 suffix.
changed_entries = ( changed_entries = (
db.session.query(db.Books).join(db.Data) db.session.query(db.Books)
.filter(func.datetime(db.Books.last_modified) != sync_token.books_last_modified) .join(db.Data)
.filter(or_(db.Data.format == 'KEPUB', db.Data.format == 'EPUB')) .filter(func.datetime(db.Books.last_modified) > sync_token.books_last_modified)
.filter(db.Data.format.in_(KOBO_SUPPORTED_FORMATS))
.all() .all()
) )
for book in changed_entries: for book in changed_entries:
@ -217,10 +223,11 @@ def HandleMetadataRequest(book_uuid):
def get_download_url_for_book(book, book_format): def get_download_url_for_book(book, book_format):
return "{url_base}/download/{book_id}/{book_format}".format( return url_for(
url_base=get_base_url(), # request.environ['werkzeug.request'].base_url, "web.download_link",
book_id=book.id, book_id=book.id,
book_format="kepub", book_format=book_format.lower(),
_external=True,
) )
@ -273,14 +280,13 @@ def get_series(book):
def get_metadata(book): def get_metadata(book):
ALLOWED_FORMATS = {"KEPUB", "EPUB"}
download_urls = [] download_urls = []
for book_data in book.data: for book_data in book.data:
if book_data.format in ALLOWED_FORMATS: if book_data.format in KOBO_SUPPORTED_FORMATS:
download_urls.append( download_urls.append(
{ {
"Format": "KEPUB", "Format": book_data.format,
"Size": book_data.uncompressed_size, "Size": book_data.uncompressed_size,
"Url": get_download_url_for_book(book, book_data.format), "Url": get_download_url_for_book(book, book_data.format),
# "DrmType": "None", # Not required # "DrmType": "None", # Not required
@ -354,9 +360,14 @@ def HandleCoverImageRequest(book_uuid, horizontal, vertical, jpeg_quality, monoc
return book_cover return book_cover
@kobo.route("")
def TopLevelEndpoint():
return make_response(jsonify({}))
@kobo.route("/v1/user/profile") @kobo.route("/v1/user/profile")
@kobo.route("/v1/user/loyalty/benefits") @kobo.route("/v1/user/loyalty/benefits")
@kobo.route("/v1/analytics/gettests", methods=["GET", "POST"]) @kobo.route("/v1/analytics/gettests/", methods=["GET", "POST"])
@kobo.route("/v1/user/wishlist") @kobo.route("/v1/user/wishlist")
@kobo.route("/v1/user/<dummy>") @kobo.route("/v1/user/<dummy>")
@kobo.route("/v1/user/recommendations") @kobo.route("/v1/user/recommendations")
@ -386,12 +397,11 @@ def HandleAuthRequest():
return response return response
def get_base_url():
return "{root}:{port}".format(root=request.url_root[:-1], port=str(config.config_port))
@kobo.route("/v1/initialization") @kobo.route("/v1/initialization")
def HandleInitRequest(): def HandleInitRequest():
resources = NATIVE_KOBO_RESOURCES(calibre_web_url=get_base_url()) resources = NATIVE_KOBO_RESOURCES(
calibre_web_url=url_for("web.index", _external=True).strip("/")
)
response = make_response(jsonify({"Resources": resources})) response = make_response(jsonify({"Resources": resources}))
response.headers["x-kobo-apitoken"] = "e30=" response.headers["x-kobo-apitoken"] = "e30="
return response return response

@ -29,7 +29,6 @@ which serves the following response:
<script type='text/javascript'>location.href='kobo://UserAuthenticated?userId=<redacted>&userKey<redacted>&email=<redacted>&returnUrl=https%3a%2f%2fwww.kobo.com';</script>. <script type='text/javascript'>location.href='kobo://UserAuthenticated?userId=<redacted>&userKey<redacted>&email=<redacted>&returnUrl=https%3a%2f%2fwww.kobo.com';</script>.
And triggers the insertion of a userKey into the device's User table. And triggers the insertion of a userKey into the device's User table.
IMPORTANT SECURITY CAUTION:
Together, the device's DeviceId and UserKey act as an *irrevocable* authentication Together, the device's DeviceId and UserKey act as an *irrevocable* authentication
token to most (if not all) Kobo APIs. In fact, in most cases only the UserKey is token to most (if not all) Kobo APIs. In fact, in most cases only the UserKey is
required to authorize the API call. required to authorize the API call.
@ -48,55 +47,80 @@ v1/auth/device endpoint with the secret UserKey and the device's DeviceId.
* The book download endpoint passes an auth token as a URL param instead of a header. * The book download endpoint passes an auth token as a URL param instead of a header.
Our implementation: Our implementation:
For now, we rely on the official Kobo store's UserKey for authentication. We pretty much ignore all of the above. To authenticate the user, we generate a random
Once authenticated, we set the login cookie on the response that will be sent back for and unique token that they append to the CalibreWeb Url when setting up the api_store
the duration of the session to authorize subsequent API calls. setting on the device.
Ideally we'd only perform UserKey-based authentication for the v1/initialization or the Thus, every request from the device to the api_store will hit CalibreWeb with the
v1/device/auth call, however sessions don't always start with those calls. auth_token in the url (e.g: https://mylibrary.com/<auth_token>/v1/library/sync).
In addition, once authenticated we also set the login cookie on the response that will
Because of the irrevocable power granted by the key, we only ever store and compare a be sent back for the duration of the session to authorize subsequent API calls (in
hash of the key. To obtain their UserKey, a user can query the user table from the particular calls to non-Kobo specific endpoints such as the CalibreWeb book download).
.kobo/KoboReader.sqlite database found on their device.
This isn't exactly user friendly however.
Some possible alternatives that require more research:
* Instead of having users query the device database to find out their UserKey, we could
provide a list of recent Kobo sync attempts in the calibre-web UI for users to
authenticate sync attempts (e.g: 'this was me' button).
* We may be able to craft a sign-in flow with a redirect back to the CalibreWeb
server containing the KoboStore's UserKey (if the same as the devices?).
* Can we create our own UserKey instead of relying on the real store's userkey?
(Maybe using something like location.href=kobo://UserAuthenticated?userId=...?)
""" """
from functools import wraps from binascii import hexlify
from flask import request, make_response from datetime import datetime
from flask_login import login_user from os import urandom
from werkzeug.security import check_password_hash
from . import logger, ub, lm from flask import g, Blueprint, url_for
from flask_login import login_user, current_user, login_required
from flask_babel import gettext as _
USER_KEY_HEADER = "x-kobo-userkey" from . import logger, ub, lm
USER_KEY_URL_PARAM = "kobo_userkey" from .web import render_title_template
log = logger.create() log = logger.create()
def register_url_value_preprocessor(kobo):
@kobo.url_value_preprocessor
def pop_auth_token(endpoint, values):
g.auth_token = values.pop("auth_token")
def disable_failed_auth_redirect_for_blueprint(bp): def disable_failed_auth_redirect_for_blueprint(bp):
lm.blueprint_login_views[bp.name] = None lm.blueprint_login_views[bp.name] = None
@lm.request_loader @lm.request_loader
def load_user_from_kobo_request(request): def load_user_from_kobo_request(request):
user_key = request.headers.get(USER_KEY_HEADER) if "auth_token" in g:
if user_key: auth_token = g.get("auth_token")
for user in ( user = (
ub.session.query(ub.User).filter(ub.User.kobo_user_key_hash != "").all() ub.session.query(ub.User)
): .join(ub.RemoteAuthToken)
if check_password_hash(str(user.kobo_user_key_hash), user_key): .filter(ub.RemoteAuthToken.auth_token == auth_token)
# The Kobo device won't preserve the cookie accross sessions, even if we .first()
# were to set remember_me=true. )
if user is not None:
login_user(user) login_user(user)
return user return user
log.info("Received Kobo request without a recognizable UserKey.") log.info("Received Kobo request without a recognizable auth token.")
return None return None
kobo_auth = Blueprint("kobo_auth", __name__, url_prefix="/kobo_auth")
@kobo_auth.route("/generate_auth_token")
@login_required
def generate_auth_token():
# Invalidate any prevously generated Kobo Auth token for this user.
ub.session.query(ub.RemoteAuthToken).filter(
ub.RemoteAuthToken.user_id == current_user.id
).delete()
auth_token = ub.RemoteAuthToken()
auth_token.user_id = current_user.id
auth_token.expiration = datetime.max
auth_token.auth_token = (hexlify(urandom(16))).decode("utf-8")
ub.session.add(auth_token)
ub.session.commit()
return render_title_template(
"generate_kobo_auth_url.html",
title=_(u"Kobo Set-up"),
kobo_auth_url=url_for(
"kobo.TopLevelEndpoint", auth_token=auth_token.auth_token, _external=True
),
)

@ -0,0 +1,15 @@
{% extends "layout.html" %}
{% block body %}
<div class="well">
<h2 style="margin-top: 0">{{_('Generate Kobo Auth URL')}}</h2>
<p>
{{_('Open the .kobo/Kobo eReader.conf file in a text editor and add (or edit):')}}</a>.
</p>
<p>
{{_('api_endpoint=')}}{{kobo_auth_url}}</a>
</p>
<p>
{{_('Please note that every visit to this current page invalidates any previously generated Authentication url for this user.')}}</a>.
</p>
</div>
{% endblock %}

@ -173,7 +173,6 @@ class User(UserBase, Base):
role = Column(SmallInteger, default=constants.ROLE_USER) role = Column(SmallInteger, default=constants.ROLE_USER)
password = Column(String) password = Column(String)
kindle_mail = Column(String(120), default="") kindle_mail = Column(String(120), default="")
kobo_user_key_hash = Column(String, unique=True, default="")
shelf = relationship('Shelf', backref='user', lazy='dynamic', order_by='Shelf.name') shelf = relationship('Shelf', backref='user', lazy='dynamic', order_by='Shelf.name')
downloads = relationship('Downloads', backref='user', lazy='dynamic') downloads = relationship('Downloads', backref='user', lazy='dynamic')
locale = Column(String(2), default="en") locale = Column(String(2), default="en")
@ -308,7 +307,7 @@ class RemoteAuthToken(Base):
__tablename__ = 'remote_auth_token' __tablename__ = 'remote_auth_token'
id = Column(Integer, primary_key=True) id = Column(Integer, primary_key=True)
auth_token = Column(String(8), unique=True) auth_token = Column(String, unique=True)
user_id = Column(Integer, ForeignKey('user.id')) user_id = Column(Integer, ForeignKey('user.id'))
verified = Column(Boolean, default=False) verified = Column(Boolean, default=False)
expiration = Column(DateTime) expiration = Column(DateTime)
@ -376,12 +375,6 @@ def migrate_Database(session):
except exc.OperationalError: except exc.OperationalError:
conn = engine.connect() conn = engine.connect()
conn.execute("ALTER TABLE user ADD column `mature_content` INTEGER DEFAULT 1") conn.execute("ALTER TABLE user ADD column `mature_content` INTEGER DEFAULT 1")
try:
session.query(exists().where(User.kobo_user_key_hash)).scalar()
except exc.OperationalError: # Database is not compatible, some rows are missing
conn = engine.connect()
conn.execute("ALTER TABLE user ADD column `kobo_user_key_hash` VARCHAR")
session.commit()
if session.query(User).filter(User.role.op('&')(constants.ROLE_ANONYMOUS) == constants.ROLE_ANONYMOUS).first() is None: if session.query(User).filter(User.role.op('&')(constants.ROLE_ANONYMOUS) == constants.ROLE_ANONYMOUS).first() is None:
create_anonymous_user(session) create_anonymous_user(session)
try: try:
@ -397,7 +390,6 @@ def migrate_Database(session):
"role SMALLINT," "role SMALLINT,"
"password VARCHAR," "password VARCHAR,"
"kindle_mail VARCHAR(120)," "kindle_mail VARCHAR(120),"
"kobo_user_key_hash VARCHAR,"
"locale VARCHAR(2)," "locale VARCHAR(2),"
"sidebar_view INTEGER," "sidebar_view INTEGER,"
"default_language VARCHAR(3)," "default_language VARCHAR(3),"
@ -405,9 +397,9 @@ def migrate_Database(session):
"UNIQUE (nickname)," "UNIQUE (nickname),"
"UNIQUE (email)," "UNIQUE (email),"
"CHECK (mature_content IN (0, 1)))") "CHECK (mature_content IN (0, 1)))")
conn.execute("INSERT INTO user_id(id, nickname, email, role, password, kindle_mail,kobo_user_key_hash, locale," conn.execute("INSERT INTO user_id(id, nickname, email, role, password, kindle_mail,locale,"
"sidebar_view, default_language, mature_content) " "sidebar_view, default_language, mature_content) "
"SELECT id, nickname, email, role, password, kindle_mail, kobo_user_key_hash, locale," "SELECT id, nickname, email, role, password, kindle_mail, locale,"
"sidebar_view, default_language, mature_content FROM user") "sidebar_view, default_language, mature_content FROM user")
# delete old user table and rename new user_id table to user: # delete old user table and rename new user_id table to user:
conn.execute("DROP TABLE user") conn.execute("DROP TABLE user")

Loading…
Cancel
Save