From 9ec3ddd4928bcb7a82e9abd2c74c0710c7034d12 Mon Sep 17 00:00:00 2001
From: Michael Shavit <mshavit@google.com>
Date: Sun, 22 Dec 2019 16:28:19 -0500
Subject: [PATCH] Fix the HandleCoverImage endpoint so that it requires login,
 and doesn't take unused parameters.

---
 cps/kobo.py      | 23 ++++++++++++++---------
 cps/kobo_auth.py | 11 +++++++++--
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/cps/kobo.py b/cps/kobo.py
index 6c67aae9..6acbc1d0 100644
--- a/cps/kobo.py
+++ b/cps/kobo.py
@@ -23,6 +23,10 @@ import uuid
 from base64 import b64decode, b64encode
 from datetime import datetime
 from time import gmtime, strftime
+try:
+    from urllib import unquote
+except ImportError:
+    from urllib.parse import unquote
 
 from jsonschema import validate, exceptions
 from flask import (
@@ -442,9 +446,10 @@ def reading_state(book):
 
 
 @kobo.route(
-    "/<book_uuid>/<horizontal>/<vertical>/<jpeg_quality>/<monochrome>/image.jpg"
+    "/<book_uuid>/image.jpg"
 )
-def HandleCoverImageRequest(book_uuid, horizontal, vertical, jpeg_quality, monochrome):
+@login_required
+def HandleCoverImageRequest(book_uuid):
     book_cover = helper.get_book_cover_with_uuid(
         book_uuid, use_generic_cover_on_failure=False
     )
@@ -476,6 +481,7 @@ def handle_404(err):
 
 
 @kobo.route("/v1/initialization")
+@login_required
 def HandleInitRequest():
     outgoing_headers = Headers(request.headers)
     outgoing_headers.remove("Host")
@@ -492,12 +498,11 @@ def HandleInitRequest():
 
         calibre_web_url = url_for("web.index", _external=True).strip("/")
         kobo_resources["image_host"] = calibre_web_url
-        kobo_resources["image_url_quality_template"] = (
-            calibre_web_url
-            + "/{ImageId}/{Width}/{Height}/{Quality}/{IsGreyscale}/image.jpg"
-        )
-        kobo_resources["image_url_template"] = (
-            calibre_web_url + "/{ImageId}/{Width}/{Height}/false/image.jpg"
-        )
+        kobo_resources["image_url_quality_template"] = unquote(url_for("kobo.HandleCoverImageRequest", _external=True,
+            auth_token = kobo_auth.get_auth_token(),
+            book_uuid="{ImageId}"))
+        kobo_resources["image_url_template"] = unquote(url_for("kobo.HandleCoverImageRequest", _external=True,
+            auth_token = kobo_auth.get_auth_token(),
+            book_uuid="{ImageId}"))
 
     return make_response(store_response_json, store_response.status_code)
diff --git a/cps/kobo_auth.py b/cps/kobo_auth.py
index 0b9eba6e..304e9eb2 100644
--- a/cps/kobo_auth.py
+++ b/cps/kobo_auth.py
@@ -81,10 +81,17 @@ def disable_failed_auth_redirect_for_blueprint(bp):
     lm.blueprint_login_views[bp.name] = None
 
 
+def get_auth_token():
+    if "auth_token" in g:
+        return g.get("auth_token")
+    else:
+        return None
+
+
 @lm.request_loader
 def load_user_from_kobo_request(request):
-    if "auth_token" in g:
-        auth_token = g.get("auth_token")
+    auth_token = get_auth_token()
+    if auth_token is not None:
         user = (
             ub.session.query(ub.User)
             .join(ub.RemoteAuthToken)