AZEN-SGG/Kavita
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Lots of Bugfixes (#1426)

Browse source 
* Fixed bookmarks not being able to load due to missing [AllowAnonymous]

* Downgraded Docnet to 2.4.0-alpha2 which is the version we added our patches to. This might fix reports of broken PDF reading on ARM

* Updated all but one api in collections to admin only policy

* Ensure all config folders are created or exist on first load

* Ensure plugins can authenticate

* Updated some headers we use on Kavita to tighten security.

* Tightened up cover upload flow to restrict more APIs to only the admin

* Enhanced the reset password flow to ensure that the user passes their existing password in (if already authenticated). Admins can still change other users without having existing password.

* Removed an additional copy during build and copied over the prod appsettings and not Development.

* Fixed up the caching mechanism for cover resets and migrated to profiles. Left an etag filter for reference.

* Fixed up manual jump key calculation to include period in #

* Added jumpbar to reading lists page

* Fixed a double scrollbar on library detail page

* Fixed weird scroll issues with want to read

* Fixed a bug where remove from want to read list wasn't hooked up on series card

* Cleaned up Clear bookmarks to use a dedicated api for bulk clearing. Converted Bookmark page to OnPush.

* Fixed jump bar being offset when clicking a jump key

* Ensure we don't overflow on add to reading list

* Fixed a bad name format on reading list items
This commit is contained in:
Joseph Milazzo 2022-08-11 20:16:31 -05:00 committed by GitHub
parent 7392747388
commit b6a38bbd86
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
37 changed files with 497 additions and 96 deletions
Download patch file Download diff file Expand all files Collapse all files

2
API/API.csproj
View file

@ -40,7 +40,7 @@
<ItemGroup>
<PackageReference Include="AutoMapper.Extensions.Microsoft.DependencyInjection" Version="11.0.0" />
<PackageReference Include="Docnet.Core" Version="2.4.0-alpha.4" />
<PackageReference Include="Docnet.Core" Version="2.4.0-alpha.2" />
<PackageReference Include="ExCSS" Version="4.1.0" />
<PackageReference Include="Flurl" Version="3.0.6" />
<PackageReference Include="Flurl.Http" Version="3.2.4" />

15
API/Controllers/AccountController.cs
View file

@ -79,14 +79,25 @@ namespace API.Controllers
var user = await _userManager.Users.SingleOrDefaultAsync(x => x.UserName == resetPasswordDto.UserName);
if (user == null) return Ok(); // Don't report BadRequest as that would allow brute forcing to find accounts on system
var isAdmin = User.IsInRole(PolicyConstants.AdminRole);
if (resetPasswordDto.UserName == User.GetUsername() && !(User.IsInRole(PolicyConstants.ChangePasswordRole) || User.IsInRole(PolicyConstants.AdminRole)))
if (resetPasswordDto.UserName == User.GetUsername() && !(User.IsInRole(PolicyConstants.ChangePasswordRole) || isAdmin))
return Unauthorized("You are not permitted to this operation.");
if (resetPasswordDto.UserName != User.GetUsername() && !User.IsInRole(PolicyConstants.AdminRole))
if (resetPasswordDto.UserName != User.GetUsername() && !isAdmin)
return Unauthorized("You are not permitted to this operation.");
if (string.IsNullOrEmpty(resetPasswordDto.OldPassword) && !isAdmin)
return BadRequest(new ApiException(400, "You must enter your existing password to change your account unless you're an admin"));
// If you're an admin and the username isn't yours, you don't need to validate the password
var isResettingOtherUser = (resetPasswordDto.UserName != User.GetUsername() && isAdmin);
if (!isResettingOtherUser && !await _userManager.CheckPasswordAsync(user, resetPasswordDto.OldPassword))
{
return BadRequest("Invalid Password");
}
var errors = await _accountService.ChangeUserPassword(user, resetPasswordDto.Password);
if (errors.Any())
{

1
API/Controllers/CollectionController.cs
View file

@ -99,6 +99,7 @@ namespace API.Controllers
/// </summary>
/// <param name="dto"></param>
/// <returns></returns>
[Authorize(Policy = "RequireAdminRole")]
[HttpPost("update-for-series")]
public async Task<ActionResult> AddToMultipleSeries(CollectionTagBulkAddDto dto)
{

20
API/Controllers/ImageController.cs
View file

@ -2,6 +2,7 @@
using System.Threading.Tasks;
using API.Data;
using API.Entities.Enums;
using API.Extensions;
using API.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
@ -16,7 +17,6 @@ namespace API.Controllers
{
private readonly IUnitOfWork _unitOfWork;
private readonly IDirectoryService _directoryService;
private const int ImageCacheSeconds = 1 * 60;
/// <inheritdoc />
public ImageController(IUnitOfWork unitOfWork, IDirectoryService directoryService)
@ -31,7 +31,7 @@ namespace API.Controllers
/// <param name="chapterId"></param>
/// <returns></returns>
[HttpGet("chapter-cover")]
[ResponseCache(Duration = ImageCacheSeconds, Location = ResponseCacheLocation.Client, NoStore = false)]
[ResponseCache(CacheProfileName = "Images")]
public async Task<ActionResult> GetChapterCoverImage(int chapterId)
{
var path = Path.Join(_directoryService.CoverImageDirectory, await _unitOfWork.ChapterRepository.GetChapterCoverImageAsync(chapterId));
@ -47,7 +47,7 @@ namespace API.Controllers
/// <param name="volumeId"></param>
/// <returns></returns>
[HttpGet("volume-cover")]
[ResponseCache(Duration = ImageCacheSeconds, Location = ResponseCacheLocation.Client, NoStore = false)]
[ResponseCache(CacheProfileName = "Images")]
public async Task<ActionResult> GetVolumeCoverImage(int volumeId)
{
var path = Path.Join(_directoryService.CoverImageDirectory, await _unitOfWork.VolumeRepository.GetVolumeCoverImageAsync(volumeId));
@ -62,7 +62,7 @@ namespace API.Controllers
/// </summary>
/// <param name="seriesId">Id of Series</param>
/// <returns></returns>
[ResponseCache(Duration = ImageCacheSeconds, Location = ResponseCacheLocation.Client, NoStore = false)]
[ResponseCache(CacheProfileName = "Images")]
[HttpGet("series-cover")]
public async Task<ActionResult> GetSeriesCoverImage(int seriesId)
{
@ -70,6 +70,8 @@ namespace API.Controllers
if (string.IsNullOrEmpty(path) || !_directoryService.FileSystem.File.Exists(path)) return BadRequest($"No cover image");
var format = _directoryService.FileSystem.Path.GetExtension(path).Replace(".", "");
Response.AddCacheHeader(path);
return PhysicalFile(path, "image/" + format, _directoryService.FileSystem.Path.GetFileName(path));
}
@ -79,7 +81,7 @@ namespace API.Controllers
/// <param name="collectionTagId"></param>
/// <returns></returns>
[HttpGet("collection-cover")]
[ResponseCache(Duration = ImageCacheSeconds, Location = ResponseCacheLocation.Client, NoStore = false)]
[ResponseCache(CacheProfileName = "Images")]
public async Task<ActionResult> GetCollectionCoverImage(int collectionTagId)
{
var path = Path.Join(_directoryService.CoverImageDirectory, await _unitOfWork.CollectionTagRepository.GetCoverImageAsync(collectionTagId));
@ -95,7 +97,7 @@ namespace API.Controllers
/// <param name="readingListId"></param>
/// <returns></returns>
[HttpGet("readinglist-cover")]
[ResponseCache(Duration = ImageCacheSeconds, Location = ResponseCacheLocation.Client, NoStore = false)]
[ResponseCache(CacheProfileName = "Images")]
public async Task<ActionResult> GetReadingListCoverImage(int readingListId)
{
var path = Path.Join(_directoryService.CoverImageDirectory, await _unitOfWork.ReadingListRepository.GetCoverImageAsync(readingListId));
@ -114,7 +116,7 @@ namespace API.Controllers
/// <param name="apiKey">API Key for user. Needed to authenticate request</param>
/// <returns></returns>
[HttpGet("bookmark")]
[ResponseCache(Duration = ImageCacheSeconds, Location = ResponseCacheLocation.Client, NoStore = false)]
[ResponseCache(CacheProfileName = "Images")]
public async Task<ActionResult> GetBookmarkImage(int chapterId, int pageNum, string apiKey)
{
var userId = await _unitOfWork.UserRepository.GetUserIdByApiKeyAsync(apiKey);
@ -134,9 +136,9 @@ namespace API.Controllers
/// </summary>
/// <param name="filename">Filename of file. This is used with upload/upload-by-url</param>
/// <returns></returns>
[AllowAnonymous]
[Authorize(Policy="RequireAdminRole")]
[HttpGet("cover-upload")]
[ResponseCache(Duration = ImageCacheSeconds, Location = ResponseCacheLocation.Client, NoStore = false)]
[ResponseCache(CacheProfileName = "Images")]
public ActionResult GetCoverUploadImage(string filename)
{
if (filename.Contains("..")) return BadRequest("Invalid Filename");

2
API/Controllers/PluginController.cs
View file

@ -2,6 +2,7 @@
using API.Data;
using API.DTOs;
using API.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
@ -26,6 +27,7 @@ namespace API.Controllers
/// <param name="apiKey"></param>
/// <param name="pluginName">Name of the Plugin</param>
/// <returns></returns>
[AllowAnonymous]
[HttpPost("authenticate")]
public async Task<ActionResult<UserDto>> Authenticate(string apiKey, string pluginName)
{

44
API/Controllers/ReaderController.cs
View file

@ -11,7 +11,6 @@ using API.Entities;
using API.Entities.Enums;
using API.Extensions;
using API.Services;
using API.SignalR;
using Hangfire;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
@ -48,7 +47,7 @@ namespace API.Controllers
/// <param name="chapterId"></param>
/// <returns></returns>
[HttpGet("pdf")]
[ResponseCache(Duration = 60 * 10, Location = ResponseCacheLocation.Client, NoStore = false)]
[ResponseCache(CacheProfileName = "Hour")]
public async Task<ActionResult> GetPdf(int chapterId)
{
var chapter = await _cacheService.Ensure(chapterId);
@ -80,7 +79,7 @@ namespace API.Controllers
/// <param name="page"></param>
/// <returns></returns>
[HttpGet("image")]
[ResponseCache(Duration = 60 * 10, Location = ResponseCacheLocation.Client, NoStore = false)]
[ResponseCache(CacheProfileName = "Hour")]
[AllowAnonymous]
public async Task<ActionResult> GetImage(int chapterId, int page)
{
@ -112,7 +111,8 @@ namespace API.Controllers
/// <remarks>We must use api key as bookmarks could be leaked to other users via the API</remarks>
/// <returns></returns>
[HttpGet("bookmark-image")]
[ResponseCache(Duration = 60 * 10, Location = ResponseCacheLocation.Client, NoStore = false)]
[ResponseCache(CacheProfileName = "Hour")]
[AllowAnonymous]
public async Task<ActionResult> GetBookmarkImage(int seriesId, string apiKey, int page)
{
if (page < 0) page = 0;
@ -554,6 +554,7 @@ namespace API.Controllers
{
var user = await _unitOfWork.UserRepository.GetUserByUsernameAsync(User.GetUsername(), AppUserIncludes.Bookmarks);
if (user.Bookmarks == null) return Ok("Nothing to remove");
try
{
var bookmarksToRemove = user.Bookmarks.Where(bmk => bmk.SeriesId == dto.SeriesId).ToList();
@ -580,7 +581,42 @@ namespace API.Controllers
}
return BadRequest("Could not clear bookmarks");
}
/// <summary>
/// Removes all bookmarks for all chapters linked to a Series
/// </summary>
/// <param name="dto"></param>
/// <returns></returns>
[HttpPost("bulk-remove-bookmarks")]
public async Task<ActionResult> BulkRemoveBookmarks(BulkRemoveBookmarkForSeriesDto dto)
{
var user = await _unitOfWork.UserRepository.GetUserByUsernameAsync(User.GetUsername(), AppUserIncludes.Bookmarks);
if (user.Bookmarks == null) return Ok("Nothing to remove");
try
{
foreach (var seriesId in dto.SeriesIds)
{
var bookmarksToRemove = user.Bookmarks.Where(bmk => bmk.SeriesId == seriesId).ToList();
user.Bookmarks = user.Bookmarks.Where(bmk => bmk.SeriesId != seriesId).ToList();
_unitOfWork.UserRepository.Update(user);
await _bookmarkService.DeleteBookmarkFiles(bookmarksToRemove);
}
if (!_unitOfWork.HasChanges() || await _unitOfWork.CommitAsync())
{
return Ok();
}
}
catch (Exception ex)
{
_logger.LogError(ex, "There was an exception when trying to clear bookmarks");
await _unitOfWork.RollbackAsync();
}
return BadRequest("Could not clear bookmarks");
}
/// <summary>

1
API/Controllers/ReadingListController.cs
View file

@ -508,6 +508,7 @@ namespace API.Controllers
private async Task<bool> AddChaptersToReadingList(int seriesId, IList<int> chapterIds,
ReadingList readingList)
{
// TODO: Move to ReadingListService and Unit Test
readingList.Items ??= new List<ReadingListItem>();
var lastOrder = 0;
if (readingList.Items.Any())

10
API/DTOs/Account/ResetPasswordDto.cs
View file

@ -4,10 +4,20 @@ namespace API.DTOs.Account
{
public class ResetPasswordDto
{
/// <summary>
/// The Username of the User
/// </summary>
[Required]
public string UserName { get; init; }
/// <summary>
/// The new password
/// </summary>
[Required]
[StringLength(32, MinimumLength = 6)]
public string Password { get; init; }
/// <summary>
/// The old, existing password. If an admin is performing the change, this is not required. Otherwise, it is.
/// </summary>
public string OldPassword { get; init; }
}
}

9
API/DTOs/Reader/BulkRemoveBookmarkForSeriesDto.cs Normal file
View file

@ -0,0 +1,9 @@
using System.Collections.Generic;
namespace API.DTOs.Reader
{
public class BulkRemoveBookmarkForSeriesDto
{
public ICollection<int> SeriesIds { get; init; }
}
}

18
API/Extensions/HttpExtensions.cs
View file

@ -39,5 +39,23 @@ namespace API.Extensions
response.Headers.Add(HeaderNames.ETag, string.Concat(sha1.ComputeHash(content).Select(x => x.ToString("X2"))));
response.Headers.CacheControl = $"private,max-age=100";
}
/// <summary>
/// Calculates SHA256 hash for a cover image filename and sets as ETag. Ensures Cache-Control: private header is added.
/// </summary>
/// <param name="response"></param>
/// <param name="filename"></param>
/// <param name="maxAge">Maximum amount of seconds to set for Cache-Control</param>
public static void AddCacheHeader(this HttpResponse response, string filename, int maxAge = 10)
{
if (filename is not {Length: > 0}) return;
var hashContent = filename + File.GetLastWriteTimeUtc(filename);
using var sha1 = SHA256.Create();
response.Headers.Add("ETag", string.Concat(sha1.ComputeHash(Encoding.UTF8.GetBytes(hashContent)).Select(x => x.ToString("X2"))));
if (maxAge != 10)
{
response.Headers.CacheControl = $"max-age={maxAge}";
}
}
}
}

234
API/Helpers/Filters/ETagFromFilename.cs Normal file
View file

@ -0,0 +1,234 @@
using System;
using System.IO;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Net.Http.Headers;
using Newtonsoft.Json;
namespace API.Helpers.Filters;
// NOTE: I'm leaving this in, but I don't think it's needed. Will validate in next release.
//[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false)]
// public class ETagFromFilename : ActionFilterAttribute, IAsyncActionFilter
// {
// public override async Task OnActionExecutionAsync(ActionExecutingContext executingContext,
// ActionExecutionDelegate next)
// {
// var request = executingContext.HttpContext.Request;
//
// var executedContext = await next();
// var response = executedContext.HttpContext.Response;
//
// // Computing ETags for Response Caching on GET requests
// if (request.Method == HttpMethod.Get.Method && response.StatusCode == (int) HttpStatusCode.OK)
// {
// ValidateETagForResponseCaching(executedContext);
// }
// }
//
// private void ValidateETagForResponseCaching(ActionExecutedContext executedContext)
// {
// if (executedContext.Result == null)
// {
// return;
// }
//
// var request = executedContext.HttpContext.Request;
// var response = executedContext.HttpContext.Response;
//
// var objectResult = executedContext.Result as ObjectResult;
// if (objectResult == null) return;
// var result = (PhysicalFileResult) objectResult.Value;
//
// // generate ETag from LastModified property
// //var etag = GenerateEtagFromFilename(result.);
//
// // generates ETag from the entire response Content
// //var etag = GenerateEtagFromResponseBodyWithHash(result);
//
// if (request.Headers.ContainsKey(HeaderNames.IfNoneMatch))
// {
// // fetch etag from the incoming request header
// var incomingEtag = request.Headers[HeaderNames.IfNoneMatch].ToString();
//
// // if both the etags are equal
// // raise a 304 Not Modified Response
// if (incomingEtag.Equals(etag))
// {
// executedContext.Result = new StatusCodeResult((int) HttpStatusCode.NotModified);
// }
// }
//
// // add ETag response header
// response.Headers.Add(HeaderNames.ETag, new[] {etag});
// }
//
// private static string GenerateEtagFromFilename(HttpResponse response, string filename, int maxAge = 10)
// {
// if (filename is not {Length: > 0}) return string.Empty;
// var hashContent = filename + File.GetLastWriteTimeUtc(filename);
// using var sha1 = SHA256.Create();
// return string.Concat(sha1.ComputeHash(Encoding.UTF8.GetBytes(hashContent)).Select(x => x.ToString("X2")));
// }
// }
[AttributeUsage(AttributeTargets.Method)]
public class ETagFilter : Attribute, IActionFilter
{
private readonly int[] _statusCodes;
public ETagFilter(params int[] statusCodes)
{
_statusCodes = statusCodes;
if (statusCodes.Length == 0) _statusCodes = new[] { 200 };
}
public void OnActionExecuting(ActionExecutingContext context)
{
}
public void OnActionExecuted(ActionExecutedContext context)
{
if (context.HttpContext.Request.Method != "GET" || context.HttpContext.Request.Method != "HEAD") return;
if (!_statusCodes.Contains(context.HttpContext.Response.StatusCode)) return;
var etag = string.Empty;;
//I just serialize the result to JSON, could do something less costly
if (context.Result is PhysicalFileResult)
{
// Do a cheap LastWriteTime etag gen
if (context.Result is PhysicalFileResult fileResult)
{
etag = ETagGenerator.GenerateEtagFromFilename(fileResult.FileName);
context.HttpContext.Response.Headers.LastModified = File.GetLastWriteTimeUtc(fileResult.FileName).ToLongDateString();
}
}
if (string.IsNullOrEmpty(etag))
{
var content = JsonConvert.SerializeObject(context.Result);
etag = ETagGenerator.GetETag(context.HttpContext.Request.Path.ToString(), Encoding.UTF8.GetBytes(content));
}
if (context.HttpContext.Request.Headers.IfNoneMatch.ToString() == etag)
{
context.Result = new StatusCodeResult(304);
}
//context.HttpContext.Response.Headers.ETag = etag;
}
}
// Helper class that generates the etag from a key (route) and content (response)
public static class ETagGenerator
{
public static string GetETag(string key, byte[] contentBytes)
{
var keyBytes = Encoding.UTF8.GetBytes(key);
var combinedBytes = Combine(keyBytes, contentBytes);
return GenerateETag(combinedBytes);
}
private static string GenerateETag(byte[] data)
{
using var md5 = MD5.Create();
var hash = md5.ComputeHash(data);
var hex = BitConverter.ToString(hash);
return hex.Replace("-", "");
}
private static byte[] Combine(byte[] a, byte[] b)
{
var c = new byte[a.Length + b.Length];
Buffer.BlockCopy(a, 0, c, 0, a.Length);
Buffer.BlockCopy(b, 0, c, a.Length, b.Length);
return c;
}
public static string GenerateEtagFromFilename(string filename)
{
if (filename is not {Length: > 0}) return string.Empty;
var hashContent = filename + File.GetLastWriteTimeUtc(filename);
using var md5 = MD5.Create();
return string.Concat(md5.ComputeHash(Encoding.UTF8.GetBytes(hashContent)).Select(x => x.ToString("X2")));
}
}
// /// <summary>
// /// Enables HTTP Response CacheControl management with ETag values.
// /// </summary>
// public class ClientCacheWithEtagAttribute : ActionFilterAttribute
// {
// private readonly TimeSpan _clientCache;
//
// private readonly HttpMethod[] _supportedRequestMethods = {
// HttpMethod.Get,
// HttpMethod.Head
// };
//
// /// <summary>
// /// Default constructor
// /// </summary>
// /// <param name="clientCacheInSeconds">Indicates for how long the client should cache the response. The value is in seconds</param>
// public ClientCacheWithEtagAttribute(int clientCacheInSeconds)
// {
// _clientCache = TimeSpan.FromSeconds(clientCacheInSeconds);
// }
//
// public override async Task OnActionExecutionAsync(ActionExecutingContext executingContext, ActionExecutionDelegate next)
// {
//
// if (executingContext.Response?.Content == null)
// {
// return;
// }
//
// var body = await executingContext.Response.Content.ReadAsStringAsync();
// if (body == null)
// {
// return;
// }
//
// var computedEntityTag = GetETag(Encoding.UTF8.GetBytes(body));
//
// if (actionExecutedContext.Request.Headers.IfNoneMatch.Any()
// && actionExecutedContext.Request.Headers.IfNoneMatch.First().Tag.Trim('"').Equals(computedEntityTag, StringComparison.InvariantCultureIgnoreCase))
// {
// actionExecutedContext.Response.StatusCode = HttpStatusCode.NotModified;
// actionExecutedContext.Response.Content = null;
// }
//
// var cacheControlHeader = new CacheControlHeaderValue
// {
// Private = true,
// MaxAge = _clientCache
// };
//
// actionExecutedContext.Response.Headers.ETag = new EntityTagHeaderValue($"\"{computedEntityTag}\"", false);
// actionExecutedContext.Response.Headers.CacheControl = cacheControlHeader;
// }
//
// private static string GetETag(byte[] contentBytes)
// {
// using (var md5 = MD5.Create())
// {
// var hash = md5.ComputeHash(contentBytes);
// string hex = BitConverter.ToString(hash);
// return hex.Replace("-", "");
// }
// }
// }

5
API/Services/DirectoryService.cs
View file

@ -90,6 +90,11 @@ namespace API.Services
SiteThemeDirectory = FileSystem.Path.Join(FileSystem.Directory.GetCurrentDirectory(), "config", "themes");
ExistOrCreate(SiteThemeDirectory);
ExistOrCreate(CoverImageDirectory);
ExistOrCreate(CacheDirectory);
ExistOrCreate(LogDirectory);
ExistOrCreate(TempDirectory);
ExistOrCreate(BookmarkDirectory);
}
/// <summary>

6
API/Services/MetadataService.cs
View file

@ -158,7 +158,7 @@ public class MetadataService : IMetadataService
/// </summary>
/// <param name="series"></param>
/// <param name="forceUpdate"></param>
private async Task ProcessSeriesMetadataUpdate(Series series, bool forceUpdate)
private async Task ProcessSeriesCoverGen(Series series, bool forceUpdate)
{
_logger.LogDebug("[MetadataService] Processing series {SeriesName}", series.OriginalName);
try
@ -250,7 +250,7 @@ public class MetadataService : IMetadataService
try
{
await ProcessSeriesMetadataUpdate(series, forceUpdate);
await ProcessSeriesCoverGen(series, forceUpdate);
}
catch (Exception ex)
{
@ -303,7 +303,7 @@ public class MetadataService : IMetadataService
await _eventHub.SendMessageAsync(MessageFactory.NotificationProgress,
MessageFactory.CoverUpdateProgressEvent(libraryId, 0F, ProgressEventType.Started, series.Name));
await ProcessSeriesMetadataUpdate(series, forceUpdate);
await ProcessSeriesCoverGen(series, forceUpdate);
if (_unitOfWork.HasChanges())

25
API/Startup.cs
View file

@ -25,6 +25,7 @@ using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Features;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.ResponseCompression;
using Microsoft.AspNetCore.StaticFiles;
using Microsoft.Extensions.Configuration;
@ -52,7 +53,23 @@ namespace API
public void ConfigureServices(IServiceCollection services)
{
services.AddApplicationServices(_config, _env);
services.AddControllers();
services.AddControllers(options =>
{
options.CacheProfiles.Add("Images",
new CacheProfile()
{
Duration = 60,
Location = ResponseCacheLocation.None,
NoStore = false
});
options.CacheProfiles.Add("Hour",
new CacheProfile()
{
Duration = 60 * 10,
Location = ResponseCacheLocation.None,
NoStore = false
});
});
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.All;
@ -252,6 +269,12 @@ namespace API
context.Response.Headers[Microsoft.Net.Http.Headers.HeaderNames.Vary] =
new[] { "Accept-Encoding" };
// Don't let the site be iframed outside the same origin (clickjacking)
context.Response.Headers.XFrameOptions = "SAMEORIGIN";
// Setup CSP to ensure we load assets only from these origins
context.Response.Headers.Add("Content-Security-Policy", "default-src 'self' frame-ancestors 'none';");
await next();
});