Security Hotfix (#1415)

* Updated ngx-extended-pdf-viewer to 14.5.2 + misc security vuln

* Hooked up remove from want to read AND fixed a bug in the logic that was removing everything BUT what was passed.

Allow for bookmarks to have date info for better ordering.

* Implemented a quick way to set darkneses level on manga reader for when nightlight just isn't dark enough

* Added Japanese Series name support in the Parser

* Updated our security file with our Huntr.

* Fixed a security vulnerability where through the API, an unauthorized user could delete/modify reading lists that did not belong to them.

Fixed a bug where when creating a reading list with the name of another users, the API would throw an exception (but reading list would still get created)

* Ensure all reading list apis are authorized

* Ensured all APIs require authentication, except those that explicitly don't. All APIs are default requiring Authentication.

Fixed a security vulnerability which would allow a user to take over an admin account.

* Fixed a bug where cover-upload would accept filenames that were not expected.

* Explicitly check that a user has access to the pdf file before we serve it back.

* Enabled lock out when invalid user auth occurs. After 5 invalid auths, the user account will be locked out for 10 mins.

API/Controllers/UploadController.cs

@@ -59,6 +59,8 @@ namespace API.Controllers
                 if (string.IsNullOrEmpty(path) || !_directoryService.FileSystem.File.Exists(path))
                     return BadRequest($"Could not download file");
 
+                if (!await _imageService.IsImage(path)) return BadRequest("Url does not return a valid image");
+
                 return $"coverupload_{dateString}.{format}";
             }
             catch (FlurlHttpException ex)