Merge branch 'Develop' into feature/OPDS-access

# Conflicts:
#	test/Calibre-Web TestSummary_Linux.html
This commit is contained in:
Ozzie Isaacs 2024-05-11 07:12:46 +02:00
commit e99be72ff7
10 changed files with 143 additions and 70 deletions

View File

@ -186,7 +186,6 @@ def create_app():
services.ldap.init_app(app, config) services.ldap.init_app(app, config)
if services.goodreads_support: if services.goodreads_support:
services.goodreads_support.connect(config.config_goodreads_api_key, services.goodreads_support.connect(config.config_goodreads_api_key,
config.config_goodreads_api_secret_e,
config.config_use_goodreads) config.config_use_goodreads)
config.store_calibre_uuid(calibre_db, db.Library_Id) config.store_calibre_uuid(calibre_db, db.Library_Id)
# Configure rate limiter # Configure rate limiter

View File

@ -1809,11 +1809,8 @@ def _configuration_update_helper():
# Goodreads configuration # Goodreads configuration
_config_checkbox(to_save, "config_use_goodreads") _config_checkbox(to_save, "config_use_goodreads")
_config_string(to_save, "config_goodreads_api_key") _config_string(to_save, "config_goodreads_api_key")
if to_save.get("config_goodreads_api_secret_e", ""):
_config_string(to_save, "config_goodreads_api_secret_e")
if services.goodreads_support: if services.goodreads_support:
services.goodreads_support.connect(config.config_goodreads_api_key, services.goodreads_support.connect(config.config_goodreads_api_key,
config.config_goodreads_api_secret_e,
config.config_use_goodreads) config.config_use_goodreads)
_config_int(to_save, "config_updatechannel") _config_int(to_save, "config_updatechannel")

53
cps/clean_html.py Normal file
View File

@ -0,0 +1,53 @@
# -*- coding: utf-8 -*-
# This file is part of the Calibre-Web (https://github.com/janeczku/calibre-web)
# Copyright (C) 2018-2019 OzzieIsaacs
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from . import logger
from lxml.etree import ParserError
try:
# at least bleach 6.0 is needed -> incomplatible change from list arguments to set arguments
from bleach import clean_text as clean_html
BLEACH = True
except ImportError:
try:
BLEACH = False
from nh3 import clean as clean_html
except ImportError:
try:
BLEACH = False
from lxml.html.clean import clean_html
except ImportError:
clean_html = None
log = logger.create()
def clean_string(unsafe_text, book_id=0):
try:
if BLEACH:
safe_text = clean_html(unsafe_text, tags=set(), attributes=set())
else:
safe_text = clean_html(unsafe_text)
except ParserError as e:
log.error("Comments of book {} are corrupted: {}".format(book_id, e))
safe_text = ""
except TypeError as e:
log.error("Comments can't be parsed, maybe 'lxml' is too new, try installing 'bleach': {}".format(e))
safe_text = ""
return safe_text

View File

@ -102,7 +102,7 @@ def _extract_cover_from_archive(original_file_extension, tmp_file_name, rar_exec
extension = ext[1].lower() extension = ext[1].lower()
if extension in cover.COVER_EXTENSIONS: if extension in cover.COVER_EXTENSIONS:
try: try:
cover_data = cf.read(name)[name].read() cover_data = cf.read([name])[name].read()
except (py7zr.Bad7zFile, OSError) as ex: except (py7zr.Bad7zFile, OSError) as ex:
log.error('7Zip file failed with error: {}'.format(ex)) log.error('7Zip file failed with error: {}'.format(ex))
break break

View File

@ -114,8 +114,6 @@ class _Settings(_Base):
config_use_goodreads = Column(Boolean, default=False) config_use_goodreads = Column(Boolean, default=False)
config_goodreads_api_key = Column(String) config_goodreads_api_key = Column(String)
config_goodreads_api_secret_e = Column(String)
config_goodreads_api_secret = Column(String)
config_register_email = Column(Boolean, default=False) config_register_email = Column(Boolean, default=False)
config_login_type = Column(Integer, default=0) config_login_type = Column(Integer, default=0)
@ -422,19 +420,13 @@ def _encrypt_fields(session, secret_key):
except OperationalError: except OperationalError:
with session.bind.connect() as conn: with session.bind.connect() as conn:
conn.execute(text("ALTER TABLE settings ADD column 'mail_password_e' String")) conn.execute(text("ALTER TABLE settings ADD column 'mail_password_e' String"))
conn.execute(text("ALTER TABLE settings ADD column 'config_goodreads_api_secret_e' String"))
conn.execute(text("ALTER TABLE settings ADD column 'config_ldap_serv_password_e' String")) conn.execute(text("ALTER TABLE settings ADD column 'config_ldap_serv_password_e' String"))
session.commit() session.commit()
crypter = Fernet(secret_key) crypter = Fernet(secret_key)
settings = session.query(_Settings.mail_password, _Settings.config_goodreads_api_secret, settings = session.query(_Settings.mail_password, _Settings.config_ldap_serv_password).first()
_Settings.config_ldap_serv_password).first()
if settings.mail_password: if settings.mail_password:
session.query(_Settings).update( session.query(_Settings).update(
{_Settings.mail_password_e: crypter.encrypt(settings.mail_password.encode())}) {_Settings.mail_password_e: crypter.encrypt(settings.mail_password.encode())})
if settings.config_goodreads_api_secret:
session.query(_Settings).update(
{_Settings.config_goodreads_api_secret_e:
crypter.encrypt(settings.config_goodreads_api_secret.encode())})
if settings.config_ldap_serv_password: if settings.config_ldap_serv_password:
session.query(_Settings).update( session.query(_Settings).update(
{_Settings.config_ldap_serv_password_e: {_Settings.config_ldap_serv_password_e:

View File

@ -27,22 +27,22 @@ from shutil import copyfile
from uuid import uuid4 from uuid import uuid4
from markupsafe import escape, Markup # dependency of flask from markupsafe import escape, Markup # dependency of flask
from functools import wraps from functools import wraps
from lxml.etree import ParserError # from lxml.etree import ParserError
try: #try:
# at least bleach 6.0 is needed -> incomplatible change from list arguments to set arguments # # at least bleach 6.0 is needed -> incomplatible change from list arguments to set arguments
from bleach import clean_text as clean_html # from bleach import clean_text as clean_html
BLEACH = True # BLEACH = True
except ImportError: #except ImportError:
try: # try:
BLEACH = False # BLEACH = False
from nh3 import clean as clean_html # from nh3 import clean as clean_html
except ImportError: # except ImportError:
try: # try:
BLEACH = False # BLEACH = False
from lxml.html.clean import clean_html # from lxml.html.clean import clean_html
except ImportError: # except ImportError:
clean_html = None # clean_html = None
from flask import Blueprint, request, flash, redirect, url_for, abort, Response from flask import Blueprint, request, flash, redirect, url_for, abort, Response
from flask_babel import gettext as _ from flask_babel import gettext as _
@ -54,6 +54,7 @@ from sqlalchemy.orm.exc import StaleDataError
from sqlalchemy.sql.expression import func from sqlalchemy.sql.expression import func
from . import constants, logger, isoLanguages, gdriveutils, uploader, helper, kobo_sync_status from . import constants, logger, isoLanguages, gdriveutils, uploader, helper, kobo_sync_status
from .clean_html import clean_string
from . import config, ub, db, calibre_db from . import config, ub, db, calibre_db
from .services.worker import WorkerThread from .services.worker import WorkerThread
from .tasks.upload import TaskUpload from .tasks.upload import TaskUpload
@ -1004,17 +1005,18 @@ def edit_book_series_index(series_index, book):
def edit_book_comments(comments, book): def edit_book_comments(comments, book):
modify_date = False modify_date = False
if comments: if comments:
try: comments = clean_string(comments, book.id)
if BLEACH: #try:
comments = clean_html(comments, tags=set(), attributes=set()) # if BLEACH:
else: # comments = clean_html(comments, tags=set(), attributes=set())
comments = clean_html(comments) # else:
except ParserError as e: # comments = clean_html(comments)
log.error("Comments of book {} are corrupted: {}".format(book.id, e)) #except ParserError as e:
comments = "" # log.error("Comments of book {} are corrupted: {}".format(book.id, e))
except TypeError as e: # comments = ""
log.error("Comments can't be parsed, maybe 'lxml' is too new, try installing 'bleach': {}".format(e)) #except TypeError as e:
comments = "" # log.error("Comments can't be parsed, maybe 'lxml' is too new, try installing 'bleach': {}".format(e))
# comments = ""
if len(book.comments): if len(book.comments):
if book.comments[0].text != comments: if book.comments[0].text != comments:
book.comments[0].text = comments book.comments[0].text = comments
@ -1072,18 +1074,19 @@ def edit_cc_data_value(book_id, book, c, to_save, cc_db_value, cc_string):
elif c.datatype == 'comments': elif c.datatype == 'comments':
to_save[cc_string] = Markup(to_save[cc_string]).unescape() to_save[cc_string] = Markup(to_save[cc_string]).unescape()
if to_save[cc_string]: if to_save[cc_string]:
try: to_save[cc_string] = clean_string(to_save[cc_string], book_id)
if BLEACH: #try:
to_save[cc_string] = clean_html(to_save[cc_string], tags=set(), attributes=set()) # if BLEACH:
else: # to_save[cc_string] = clean_html(to_save[cc_string], tags=set(), attributes=set())
to_save[cc_string] = clean_html(to_save[cc_string]) # else:
except ParserError as e: # to_save[cc_string] = clean_html(to_save[cc_string])
log.error("Customs Comments of book {} are corrupted: {}".format(book_id, e)) #except ParserError as e:
to_save[cc_string] = "" # log.error("Customs Comments of book {} are corrupted: {}".format(book_id, e))
except TypeError as e: # to_save[cc_string] = ""
to_save[cc_string] = "" #except TypeError as e:
log.error("Customs Comments can't be parsed, maybe 'lxml' is too new, " # to_save[cc_string] = ""
"try installing 'bleach': {}".format(e)) # log.error("Customs Comments can't be parsed, maybe 'lxml' is too new, "
# "try installing 'bleach': {}".format(e))
elif c.datatype == 'datetime': elif c.datatype == 'datetime':
try: try:
to_save[cc_string] = datetime.strptime(to_save[cc_string], "%Y-%m-%d") to_save[cc_string] = datetime.strptime(to_save[cc_string], "%Y-%m-%d")

View File

@ -18,16 +18,49 @@
import time import time
from functools import reduce from functools import reduce
import requests
import xmltodict
from goodreads.client import GoodreadsClient
from goodreads.request import GoodreadsRequest
try: try:
from goodreads.client import GoodreadsClient import Levenshtein
except ImportError: except ImportError:
from betterreads.client import GoodreadsClient Levenshtein = False
try: import Levenshtein
except ImportError: Levenshtein = False
from .. import logger from .. import logger
from ..clean_html import clean_string
class my_GoodreadsClient(GoodreadsClient):
def request(self, *args, **kwargs):
"""Create a GoodreadsRequest object and make that request"""
req = my_GoodreadsRequest(self, *args, **kwargs)
return req.request()
class GoodreadsRequestException(Exception):
def __init__(self, error_msg, url):
self.error_msg = error_msg
self.url = url
def __str__(self):
return self.url, ':', self.error_msg
class my_GoodreadsRequest(GoodreadsRequest):
def request(self):
resp = requests.get(self.host+self.path, params=self.params,
headers={"User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:125.0) "
"Gecko/20100101 Firefox/125.0"})
if resp.status_code != 200:
raise GoodreadsRequestException(resp.reason, self.path)
if self.req_format == 'xml':
data_dict = xmltodict.parse(resp.content)
return data_dict['GoodreadsResponse']
else:
raise Exception("Invalid format")
log = logger.create() log = logger.create()
@ -38,20 +71,20 @@ _CACHE_TIMEOUT = 23 * 60 * 60 # 23 hours (in seconds)
_AUTHORS_CACHE = {} _AUTHORS_CACHE = {}
def connect(key=None, secret=None, enabled=True): def connect(key=None, enabled=True):
global _client global _client
if not enabled or not key or not secret: if not enabled or not key:
_client = None _client = None
return return
if _client: if _client:
# make sure the configuration has not changed since last we used the client # make sure the configuration has not changed since last we used the client
if _client.client_key != key or _client.client_secret != secret: if _client.client_key != key:
_client = None _client = None
if not _client: if not _client:
_client = GoodreadsClient(key, secret) _client = my_GoodreadsClient(key, None)
def get_author_info(author_name): def get_author_info(author_name):
@ -76,6 +109,7 @@ def get_author_info(author_name):
if author_info: if author_info:
author_info._timestamp = now author_info._timestamp = now
author_info.safe_about = clean_string(author_info.about)
_AUTHORS_CACHE[author_name] = author_info _AUTHORS_CACHE[author_name] = author_info
return author_info return author_info

View File

@ -8,8 +8,8 @@
<img title="{{author.name}}" src="{{author.image_url}}" alt="{{author.name}}" class="author-photo pull-left"> <img title="{{author.name}}" src="{{author.image_url}}" alt="{{author.name}}" class="author-photo pull-left">
{% endif %} {% endif %}
{%if author.about is not none %} {%if author.safe_about is not none %}
<p>{{author.about}}</p> <p>{{author.safe_about|safe}}</p>
{% endif %} {% endif %}
- {{_("via")}} <a href="{{author.link}}" class="author-link" target="_blank" rel="noopener">Goodreads</a> - {{_("via")}} <a href="{{author.link}}" class="author-link" target="_blank" rel="noopener">Goodreads</a>

View File

@ -9,7 +9,7 @@
<h2>{{title}}</h2> <h2>{{title}}</h2>
<form role="form" method="POST" autocomplete="off"> <form role="form" method="POST" autocomplete="off">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"> <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="panel-group col-md-10 col-lg-8"> <div class="panel-group col-md-11 col-lg-8">
<div class="panel panel-default"> <div class="panel panel-default">
<div class="panel-heading"> <div class="panel-heading">
<h4 class="panel-title"> <h4 class="panel-title">
@ -155,17 +155,12 @@
<div class="form-group"> <div class="form-group">
<input type="checkbox" id="config_use_goodreads" name="config_use_goodreads" data-control="goodreads-settings" {% if config.config_use_goodreads %}checked{% endif %}> <input type="checkbox" id="config_use_goodreads" name="config_use_goodreads" data-control="goodreads-settings" {% if config.config_use_goodreads %}checked{% endif %}>
<label for="config_use_goodreads">{{_('Use Goodreads')}}</label> <label for="config_use_goodreads">{{_('Use Goodreads')}}</label>
<a href="https://www.goodreads.com/api/keys" target="_blank" style="margin-left: 5px">{{_('Create an API Key')}}</a>
</div> </div>
<div data-related="goodreads-settings"> <div data-related="goodreads-settings">
<div class="form-group"> <div class="form-group">
<label for="config_goodreads_api_key">{{_('Goodreads API Key')}}</label> <label for="config_goodreads_api_key">{{_('Goodreads API Key')}}</label>
<input type="text" class="form-control" id="config_goodreads_api_key" name="config_goodreads_api_key" value="{% if config.config_goodreads_api_key != None %}{{ config.config_goodreads_api_key }}{% endif %}" autocomplete="off"> <input type="text" class="form-control" id="config_goodreads_api_key" name="config_goodreads_api_key" value="{% if config.config_goodreads_api_key != None %}{{ config.config_goodreads_api_key }}{% endif %}" autocomplete="off">
</div> </div>
<div class="form-group">
<label for="config_goodreads_api_secret_e">{{_('Goodreads API Secret')}}</label>
<input type="password" class="form-control" id="config_goodreads_api_secret_e" name="config_goodreads_api_secret_e" value="" autocomplete="off">
</div>
</div> </div>
{% endif %} {% endif %}
<div class="form-group"> <div class="form-group">

View File

@ -86,7 +86,7 @@ goodreads =
python-Levenshtein>=0.12.0,<0.26.0 python-Levenshtein>=0.12.0,<0.26.0
ldap = ldap =
python-ldap>=3.0.0,<3.5.0 python-ldap>=3.0.0,<3.5.0
Flask-SimpleLDAP>=1.4.0,<1.5.0 Flask-SimpleLDAP>=1.4.0,<2.1.0
oauth = oauth =
Flask-Dance>=2.0.0,<7.1.0 Flask-Dance>=2.0.0,<7.1.0
SQLAlchemy-Utils>=0.33.5,<0.42.0 SQLAlchemy-Utils>=0.33.5,<0.42.0