Security Event Logging & Bugfixes (#1882)

* Fixed bookmarking failing to convert to webp

* Brought the ag-swipe/ng-swipe code into Kavita due to being abandoned by developer and angular requirements.

* Fixed average reading time per week finally

* Cleaned up some extra decimals on time duration pipe

* Don't try to update index.html for base url on local. Fixed ag-swipe on prod mode.

* Updated a link on theme manager to point to the new github

* Range knobs should be primary color on firefox too

* Implemented the ability to get thumbnails of pages inside an archive or pdf.

* Updated packages and fixed opds-ps 1.2 issue

* Fixed lock file

* Allow Kavita's Swagger to hit instances with CORS

* Added IP/Request logging for Security Audits

* Linked up Summary tag from CBL into Kavita.

* Redid the migration so SecurityEvent now has UTC date as well.

* Split security logging to a separate file

* Update to new versions of checkout and setup

* Added a PR check on PR body to ensure that it doesn't contain any characters that break our discord hook.

* Updating action

* optimize regex in action

* Fixed an issue where fit to width would cause the actual height of the image to be shown for pagination bars, instead of rendered.

* Added some new code in GetPageFromFiles to ensure pages that exceed array map down to last file.

* Added comment about robots

* Fixed up unit tests for new ReaderService signature

* Kavita now cleans up empty reading lists at night

* Don't allow nightly cleanup to run if we are running media conversion tasks

* Fixed some bugs in typeahead, it should behave much more reliably.

* Fix an issue where emulate comic book wasn't extending to the bottom properly

* Added support for Series Chapter 001 Volume 001

* Refactor XFrameOptions="SameOrigins" out to allow users to override in appsettings.json.

* Added a rate limiter for some endpoints, but it doesn't seem to be triggering

---------

Co-authored-by: Robbie Davis <robbie@therobbiedavis.com>

API/Controllers/AccountController.cs

@@ -13,6 +13,7 @@ using API.Entities;
 using API.Entities.Enums;
 using API.Errors;
 using API.Extensions;
+using API.Middleware.RateLimit;
 using API.Services;
 using API.SignalR;
 using AutoMapper;
@@ -22,6 +23,7 @@ using Kavita.Common.EnvironmentInfo;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.RateLimiting;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Logging;
 
@@ -769,6 +771,7 @@ public class AccountController : BaseApiController
     /// <returns></returns>
     [AllowAnonymous]
     [HttpPost("forgot-password")]
+    [EnableRateLimiting("Authentication")]
     public async Task<ActionResult<string>> ForgotPassword([FromQuery] string email)
     {
         var user = await _unitOfWork.UserRepository.GetUserByEmailAsync(email);
@@ -847,6 +850,7 @@ public class AccountController : BaseApiController
     /// <param name="userId"></param>
     /// <returns></returns>
     [HttpPost("resend-confirmation-email")]
+    [EnableRateLimiting("Authentication")]
     public async Task<ActionResult<string>> ResendConfirmationSendEmail([FromQuery] int userId)
     {
         var user = await _unitOfWork.UserRepository.GetUserByIdAsync(userId);

API/Controllers/OPDSController.cs

@@ -904,8 +904,11 @@ public class OpdsController : BaseApiController
         var link = CreateLink(FeedLinkRelation.Stream, "image/jpeg",
             $"{Prefix}{apiKey}/image?libraryId={libraryId}&seriesId={seriesId}&volumeId={volumeId}&chapterId={chapterId}&pageNumber=" + "{pageNumber}");
         link.TotalPages = mangaFile.Pages;
-        link.LastRead = progress.PageNum;
-        link.LastReadDate = progress.LastModifiedUtc;
+        if (progress != null)
+        {
+            link.LastRead = progress.PageNum;
+            link.LastReadDate = progress.LastModifiedUtc;
+        }
         link.IsPageStream = true;
         return link;
     }

API/Controllers/ReaderController.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
@@ -34,12 +34,14 @@ public class ReaderController : BaseApiController
     private readonly IBookmarkService _bookmarkService;
     private readonly IAccountService _accountService;
     private readonly IEventHub _eventHub;
+    private readonly IImageService _imageService;
+    private readonly IDirectoryService _directoryService;
 
     /// <inheritdoc />
     public ReaderController(ICacheService cacheService,
         IUnitOfWork unitOfWork, ILogger<ReaderController> logger,
         IReaderService readerService, IBookmarkService bookmarkService,
-        IAccountService accountService, IEventHub eventHub)
+        IAccountService accountService, IEventHub eventHub, IImageService imageService, IDirectoryService directoryService)
     {
         _cacheService = cacheService;
         _unitOfWork = unitOfWork;
@@ -48,6 +50,8 @@ public class ReaderController : BaseApiController
         _bookmarkService = bookmarkService;
         _accountService = accountService;
         _eventHub = eventHub;
+        _imageService = imageService;
+        _directoryService = directoryService;
     }
 
     /// <summary>
@@ -114,6 +118,20 @@ public class ReaderController : BaseApiController
         }
     }
 
+    [HttpGet("thumbnail")]
+    [ResponseCache(CacheProfileName = ResponseCacheProfiles.Hour)]
+    [AllowAnonymous]
+    public async Task<ActionResult> GetThumbnail(int chapterId, int pageNum)
+    {
+        var chapter = await _cacheService.Ensure(chapterId, true);
+        if (chapter == null) return BadRequest("There was an issue extracting images from chapter");
+        var images = _cacheService.GetCachedPages(chapterId);
+
+        var path = await _readerService.GetThumbnail(chapter, pageNum, images);
+        var format = Path.GetExtension(path).Replace(".", string.Empty); // TODO: Make this an extension
+        return PhysicalFile(path, "image/" + format, Path.GetFileName(path), true);
+    }
+
     /// <summary>
     /// Returns an image for a given bookmark series. Side effect: This will cache the bookmark images for reading.
     /// </summary>
@@ -172,13 +190,14 @@ public class ReaderController : BaseApiController
     /// <summary>
     /// Returns various information about a Chapter. Side effect: This will cache the chapter images for reading.
     /// </summary>
+    /// <remarks>This is generally the first call when attempting to read to allow pre-generation of assets needed for reading</remarks>
     /// <param name="chapterId"></param>
     /// <param name="extractPdf">Should Kavita extract pdf into images. Defaults to false.</param>
     /// <param name="includeDimensions">Include file dimensions. Only useful for image based reading</param>
     /// <returns></returns>
     [HttpGet("chapter-info")]
     [ResponseCache(CacheProfileName = ResponseCacheProfiles.Hour, VaryByQueryKeys = new []{"chapterId", "extractPdf", "includeDimensions"})]
-    public async Task<ActionResult<ChapterInfoDto?>> GetChapterInfo(int chapterId, bool extractPdf = false, bool includeDimensions = false)
+    public async Task<ActionResult<ChapterInfoDto>> GetChapterInfo(int chapterId, bool extractPdf = false, bool includeDimensions = false)
     {
         if (chapterId <= 0) return Ok(null); // This can happen occasionally from UI, we should just ignore
         var chapter = await _cacheService.Ensure(chapterId, extractPdf);