From 9ec3ddd4928bcb7a82e9abd2c74c0710c7034d12 Mon Sep 17 00:00:00 2001 From: Michael Shavit Date: Sun, 22 Dec 2019 16:28:19 -0500 Subject: [PATCH] Fix the HandleCoverImage endpoint so that it requires login, and doesn't take unused parameters. --- cps/kobo.py | 23 ++++++++++++++--------- cps/kobo_auth.py | 11 +++++++++-- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/cps/kobo.py b/cps/kobo.py index 6c67aae9..6acbc1d0 100644 --- a/cps/kobo.py +++ b/cps/kobo.py @@ -23,6 +23,10 @@ import uuid from base64 import b64decode, b64encode from datetime import datetime from time import gmtime, strftime +try: + from urllib import unquote +except ImportError: + from urllib.parse import unquote from jsonschema import validate, exceptions from flask import ( @@ -442,9 +446,10 @@ def reading_state(book): @kobo.route( - "//////image.jpg" + "//image.jpg" ) -def HandleCoverImageRequest(book_uuid, horizontal, vertical, jpeg_quality, monochrome): +@login_required +def HandleCoverImageRequest(book_uuid): book_cover = helper.get_book_cover_with_uuid( book_uuid, use_generic_cover_on_failure=False ) @@ -476,6 +481,7 @@ def handle_404(err): @kobo.route("/v1/initialization") +@login_required def HandleInitRequest(): outgoing_headers = Headers(request.headers) outgoing_headers.remove("Host") @@ -492,12 +498,11 @@ def HandleInitRequest(): calibre_web_url = url_for("web.index", _external=True).strip("/") kobo_resources["image_host"] = calibre_web_url - kobo_resources["image_url_quality_template"] = ( - calibre_web_url - + "/{ImageId}/{Width}/{Height}/{Quality}/{IsGreyscale}/image.jpg" - ) - kobo_resources["image_url_template"] = ( - calibre_web_url + "/{ImageId}/{Width}/{Height}/false/image.jpg" - ) + kobo_resources["image_url_quality_template"] = unquote(url_for("kobo.HandleCoverImageRequest", _external=True, + auth_token = kobo_auth.get_auth_token(), + book_uuid="{ImageId}")) + kobo_resources["image_url_template"] = unquote(url_for("kobo.HandleCoverImageRequest", _external=True, + auth_token = kobo_auth.get_auth_token(), + book_uuid="{ImageId}")) return make_response(store_response_json, store_response.status_code) diff --git a/cps/kobo_auth.py b/cps/kobo_auth.py index 0b9eba6e..304e9eb2 100644 --- a/cps/kobo_auth.py +++ b/cps/kobo_auth.py @@ -81,10 +81,17 @@ def disable_failed_auth_redirect_for_blueprint(bp): lm.blueprint_login_views[bp.name] = None +def get_auth_token(): + if "auth_token" in g: + return g.get("auth_token") + else: + return None + + @lm.request_loader def load_user_from_kobo_request(request): - if "auth_token" in g: - auth_token = g.get("auth_token") + auth_token = get_auth_token() + if auth_token is not None: user = ( ub.session.query(ub.User) .join(ub.RemoteAuthToken)