Merge pull request #1593 from booklore-app/develop

Merge develop into master for the release

Author: acx10

README.md

@@ -6,7 +6,6 @@
 ![Docker Pulls](https://img.shields.io/docker/pulls/booklore/booklore?color=2496ED)
 [![Join us on Discord](https://img.shields.io/badge/Chat-Discord-5865F2?logo=discord&style=flat)](https://discord.gg/Ee5hd458Uz)
 [![Open Collective backers and sponsors](https://img.shields.io/opencollective/all/booklore?label=Open%20Collective&logo=opencollective&color=7FADF2)](https://opencollective.com/booklore)
-[![Venmo](https://img.shields.io/badge/Venmo-Donate-008CFF?logo=venmo)](https://venmo.com/AdityaChandel)
 > 🚨 **Important Announcement:**  
 > Docker images have moved to new repositories:
 > - Docker Hub: `https://hub.docker.com/r/booklore/booklore`

booklore-api/src/main/java/com/adityachandel/booklore/config/security/JwtUtils.java

@@ -15,6 +15,7 @@
 
 import javax.crypto.SecretKey;
 import java.nio.charset.StandardCharsets;
+import java.time.Instant;
 import java.util.Date;
 
 @Slf4j
@@ -25,9 +26,9 @@ public class JwtUtils {
 
     private final JwtSecretService jwtSecretService;
     @Getter
-    public final long accessTokenExpirationMs = 1000L * 60 * 60 * 10;  // 10 hours
+    public static final long accessTokenExpirationMs = 1000L * 60 * 60 * 10;  // 10 hours
     @Getter
-    public final long refreshTokenExpirationMs = 1000L * 60 * 60 * 24 * 30; // 30 days
+    public static final long refreshTokenExpirationMs = 1000L * 60 * 60 * 24 * 30; // 30 days
 
     private SecretKey getSigningKey() {
         String secretKey = jwtSecretService.getSecret();
@@ -36,12 +37,13 @@ private SecretKey getSigningKey() {
 
     public String generateToken(BookLoreUserEntity user, boolean isRefreshToken) {
         long expirationTime = isRefreshToken ? refreshTokenExpirationMs : accessTokenExpirationMs;
+        Instant now = Instant.now();
         return Jwts.builder()
                 .subject(user.getUsername())
                 .claim("userId", user.getId())
                 .claim("isDefaultPassword", user.isDefaultPassword())
-                .issuedAt(new Date())
-                .expiration(new Date(System.currentTimeMillis() + expirationTime))
+                .issuedAt(Date.from(now))
+                .expiration(Date.from(now.plusMillis(expirationTime)))
                 .signWith(getSigningKey(), Jwts.SIG.HS256)
                 .compact();
     }

booklore-api/src/main/java/com/adityachandel/booklore/config/security/SecurityConfig.java

@@ -11,8 +11,6 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -154,17 +152,10 @@ public SecurityFilterChain jwtApiSecurityChain(HttpSecurity http) throws Excepti
 
     @Bean
     public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
-        return http.getSharedObject(AuthenticationManagerBuilder.class)
-                .authenticationProvider(authenticationProvider())
-                .build();
-    }
-
-    @Bean
-    public AuthenticationProvider authenticationProvider() {
-        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
-        provider.setUserDetailsService(opdsUserDetailsService);
-        provider.setPasswordEncoder(passwordEncoder());
-        return provider;
+        // Configure the shared AuthenticationManagerBuilder with the UserDetailsService and PasswordEncoder
+        AuthenticationManagerBuilder auth = http.getSharedObject(AuthenticationManagerBuilder.class);
+        auth.userDetailsService(opdsUserDetailsService).passwordEncoder(passwordEncoder());
+        return auth.build();
     }
 
     @Bean

booklore-api/src/main/java/com/adityachandel/booklore/config/security/filter/CoverJwtFilter.java

@@ -21,6 +21,7 @@
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import java.io.IOException;
+import java.time.Instant;
 
 @AllArgsConstructor
 @Component
@@ -75,7 +76,7 @@ private void authenticateOidcUser(String token, HttpServletRequest request) thro
         var processor = dynamicOidcJwtProcessor.getProcessor();
         var claimsSet = processor.process(token, null);
 
-        if (claimsSet.getExpirationTime() == null || claimsSet.getExpirationTime().before(new java.util.Date())) {
+        if (claimsSet.getExpirationTime() == null || claimsSet.getExpirationTime().toInstant().isBefore(Instant.now())) {
             throw new RuntimeException("OIDC token expired or invalid");
         }
 

booklore-api/src/main/java/com/adityachandel/booklore/config/security/filter/DualJwtAuthenticationFilter.java

@@ -26,7 +26,7 @@
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import java.io.IOException;
-import java.util.Date;
+import java.time.Instant;
 import java.util.List;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
@@ -101,8 +101,7 @@ private void authenticateOidcUser(String token, HttpServletRequest request) {
             OidcProviderDetails providerDetails = appSettingService.getAppSettings().getOidcProviderDetails();
             JWTClaimsSet claimsSet = dynamicOidcJwtProcessor.getProcessor().process(token, null);
 
-            Date expirationTime = claimsSet.getExpirationTime();
-            if (expirationTime == null || expirationTime.before(new Date())) {
+            if (claimsSet.getExpirationTime() == null || claimsSet.getExpirationTime().toInstant().isBefore(Instant.now())) {
                 log.warn("OIDC token is expired or missing exp claim");
                 throw ApiError.GENERIC_UNAUTHORIZED.createException("Token has expired or is invalid.");
             }

booklore-api/src/main/java/com/adityachandel/booklore/config/security/service/AuthenticationService.java

@@ -21,7 +21,7 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 
-import java.util.Date;
+import java.time.Instant;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -109,7 +109,7 @@ public ResponseEntity<Map<String, String>> loginRemote(String name, String usern
 
         Optional<BookLoreUserEntity> user = userRepository.findByUsername(username);
         if (user.isEmpty() && appProperties.getRemoteAuth().isCreateNewUsers()) {
-            user = Optional.of(userProvisioningService.provisionRemoteUser(name, username, email, groups));
+            user = Optional.of(userProvisioningService.provisionRemoteUserFromHeaders(name, username, email, groups));
         }
 
         if (user.isEmpty()) {
@@ -126,7 +126,7 @@ public ResponseEntity<Map<String, String>> loginUser(BookLoreUserEntity user) {
         RefreshTokenEntity refreshTokenEntity = RefreshTokenEntity.builder()
                 .user(user)
                 .token(refreshToken)
-                .expiryDate(new Date(System.currentTimeMillis() + jwtUtils.getRefreshTokenExpirationMs()))
+                .expiryDate(Instant.now().plusMillis(jwtUtils.getRefreshTokenExpirationMs()))
                 .revoked(false)
                 .build();
 
@@ -142,21 +142,21 @@ public ResponseEntity<Map<String, String>> loginUser(BookLoreUserEntity user) {
     public ResponseEntity<Map<String, String>> refreshToken(String token) {
         RefreshTokenEntity storedToken = refreshTokenRepository.findByToken(token).orElseThrow(() -> ApiError.INVALID_CREDENTIALS.createException("Refresh token not found"));
 
-        if (storedToken.isRevoked() || storedToken.getExpiryDate().before(new Date()) || !jwtUtils.validateToken(token)) {
+        if (storedToken.isRevoked() || storedToken.getExpiryDate().isBefore(Instant.now()) || !jwtUtils.validateToken(token)) {
             throw ApiError.INVALID_CREDENTIALS.createException("Invalid or expired refresh token");
         }
 
         BookLoreUserEntity user = storedToken.getUser();
 
         storedToken.setRevoked(true);
-        storedToken.setRevocationDate(new Date());
+        storedToken.setRevocationDate(Instant.now());
         refreshTokenRepository.save(storedToken);
 
         String newRefreshToken = jwtUtils.generateRefreshToken(user);
         RefreshTokenEntity newRefreshTokenEntity = RefreshTokenEntity.builder()
                 .user(user)
                 .token(newRefreshToken)
-                .expiryDate(new Date(System.currentTimeMillis() + jwtUtils.getRefreshTokenExpirationMs()))
+                .expiryDate(Instant.now().plusMillis(jwtUtils.getRefreshTokenExpirationMs()))
                 .revoked(false)
                 .build();
 

booklore-api/src/main/java/com/adityachandel/booklore/config/security/service/DynamicOidcJwtProcessor.java

@@ -3,23 +3,19 @@
 import com.adityachandel.booklore.model.dto.settings.OidcProviderDetails;
 import com.adityachandel.booklore.service.appsettings.AppSettingService;
 import com.nimbusds.jose.JWSAlgorithm;
-import com.nimbusds.jose.jwk.source.DefaultJWKSetCache;
-import com.nimbusds.jose.jwk.source.JWKSetCache;
 import com.nimbusds.jose.jwk.source.JWKSource;
-import com.nimbusds.jose.jwk.source.RemoteJWKSet;
+import com.nimbusds.jose.jwk.source.JWKSourceBuilder;
 import com.nimbusds.jose.proc.JWSKeySelector;
 import com.nimbusds.jose.proc.JWSVerificationKeySelector;
 import com.nimbusds.jose.proc.SecurityContext;
-import com.nimbusds.jose.util.DefaultResourceRetriever;
 import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
 import com.nimbusds.jwt.proc.DefaultJWTProcessor;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Component;
 
-import java.net.URL;
+import java.net.URI;
 import java.time.Duration;
-import java.util.concurrent.TimeUnit;
 
 @Slf4j
 @Component
@@ -49,15 +45,14 @@ private ConfigurableJWTProcessor<SecurityContext> buildProcessor(String issuerUr
         String discoveryUri = providerDetails.getIssuerUri() + "/.well-known/openid-configuration";
         log.info("Fetching OIDC discovery document from {}", discoveryUri);
 
-        URL jwksUrl = fetchJwksUri(discoveryUri);
-
-        DefaultResourceRetriever resourceRetriever = new DefaultResourceRetriever(2000, 2000);
+        URI jwksUri = fetchJwksUri(discoveryUri);
 
         Duration ttl = Duration.ofHours(6);
         Duration refresh = Duration.ofHours(1);
-        JWKSetCache jwkSetCache = new DefaultJWKSetCache(ttl.toMillis(), refresh.toMillis(), TimeUnit.MILLISECONDS);
-
-        JWKSource<SecurityContext> jwkSource = new RemoteJWKSet<>(jwksUrl, resourceRetriever, jwkSetCache);
+        
+        JWKSource<SecurityContext> jwkSource = JWKSourceBuilder.create(jwksUri.toURL())
+                .cache(ttl.toMillis(), refresh.toMillis())
+                .build();
 
         JWSKeySelector<SecurityContext> keySelector = new JWSVerificationKeySelector<>(JWSAlgorithm.RS256, jwkSource);
         ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
@@ -66,17 +61,21 @@ private ConfigurableJWTProcessor<SecurityContext> buildProcessor(String issuerUr
         return jwtProcessor;
     }
 
-    private URL fetchJwksUri(String discoveryUri) throws Exception {
+    private URI fetchJwksUri(String discoveryUri) throws Exception {
         var restClient = org.springframework.web.client.RestClient.create();
         var discoveryDoc = restClient.get()
                 .uri(discoveryUri)
                 .retrieve()
                 .body(new org.springframework.core.ParameterizedTypeReference<java.util.Map<String, Object>>() {});
 
-        String jwksUri = (String) discoveryDoc.get("jwks_uri");
-        if (jwksUri == null || jwksUri.isEmpty()) {
+        if (discoveryDoc == null) {
+            throw new IllegalStateException("Failed to fetch OIDC discovery document.");
+        }
+        
+        String jwksUriStr = (String) discoveryDoc.get("jwks_uri");
+        if (jwksUriStr == null || jwksUriStr.isEmpty()) {
             throw new IllegalStateException("jwks_uri not found in OIDC discovery document.");
         }
-        return new URL(jwksUri);
+        return new URI(jwksUriStr);
     }
 }

booklore-api/src/main/java/com/adityachandel/booklore/controller/BookMediaController.java

@@ -11,7 +11,6 @@
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.AllArgsConstructor;
 import org.springframework.core.io.Resource;
-import org.springframework.http.ContentDisposition;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -21,14 +20,18 @@
 import org.springframework.web.bind.annotation.RestController;
 
 import java.io.IOException;
+import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
+import java.util.regex.Pattern;
 
 @Tag(name = "Book Media", description = "Endpoints for retrieving book media such as covers, thumbnails, and pages")
 @AllArgsConstructor
 @RestController
 @RequestMapping("/api/v1/media")
 public class BookMediaController {
 
+    private static final Pattern NON_ASCII_PATTERN = Pattern.compile("[^\\x00-\\x7F]");
+
     private final BookService bookService;
     private final PdfReaderService pdfReaderService;
     private final CbxReaderService cbxReaderService;
@@ -78,10 +81,7 @@ public void getCbxPage(
     public ResponseEntity<Resource> getBookdropCover(
             @Parameter(description = "ID of the bookdrop file") @PathVariable long bookdropId) {
         Resource file = bookDropService.getBookdropCover(bookdropId);
-        String contentDisposition = ContentDisposition.builder("inline")
-                .filename("cover.jpg", StandardCharsets.UTF_8)
-                .build()
-                .toString();
+        String contentDisposition = "inline; filename=\"cover.jpg\"; filename*=UTF-8''cover.jpg";
         return (file != null)
                 ? ResponseEntity.ok()
                 .header(HttpHeaders.CONTENT_DISPOSITION, contentDisposition)
@@ -105,11 +105,10 @@ public ResponseEntity<Resource> getBackgroundImage() {
                     ? MediaType.IMAGE_PNG
                     : MediaType.IMAGE_JPEG;
 
-            String contentDisposition = ContentDisposition.builder("inline")
-                    .filename(filename, StandardCharsets.UTF_8)
-                    .build()
-                    .toString();
-
+            String encodedFilename = URLEncoder.encode(filename, StandardCharsets.UTF_8).replace("+", "%20");
+            String fallbackFilename = NON_ASCII_PATTERN.matcher(filename).replaceAll("_");
+            String contentDisposition = String.format("inline; filename=\"%s\"; filename*=UTF-8''%s",
+                    fallbackFilename, encodedFilename);
             return ResponseEntity.ok()
                     .header(HttpHeaders.CONTENT_DISPOSITION, contentDisposition)
                     .contentType(mediaType)

booklore-api/src/main/java/com/adityachandel/booklore/controller/KoboSettingsController.java

@@ -47,4 +47,15 @@ public ResponseEntity<Void> toggleSync(
         koboService.setSyncEnabled(enabled);
         return ResponseEntity.noContent().build();
     }
+
+    @Operation(summary = "Update progress thresholds", description = "Update the progress thresholds for marking books as reading or finished. Requires sync permission or admin.")
+    @ApiResponse(responseCode = "200", description = "Thresholds updated successfully")
+    @PutMapping("/progress-thresholds")
+    @PreAuthorize("@securityUtil.canSyncKobo() or @securityUtil.isAdmin()")
+    public ResponseEntity<KoboSyncSettings> updateProgressThresholds(
+            @Parameter(description = "Progress percentage to mark as reading (0-100)") @RequestParam(required = false) Float readingThreshold,
+            @Parameter(description = "Progress percentage to mark as finished (0-100)") @RequestParam(required = false) Float finishedThreshold) {
+        KoboSyncSettings updated = koboService.updateProgressThresholds(readingThreshold, finishedThreshold);
+        return ResponseEntity.ok(updated);
+    }
 }

booklore-api/src/main/java/com/adityachandel/booklore/controller/MetadataController.java

@@ -72,6 +72,8 @@ public ResponseEntity<BookMetadata> updateMetadata(
                 .updateThumbnail(true)
                 .mergeCategories(mergeCategories)
                 .replaceMode(MetadataReplaceMode.REPLACE_ALL)
+                .mergeMoods(true)
+                .mergeTags(true)
                 .build();
 
         bookMetadataUpdater.setBookMetadata(context);