Merge pull request #2111 from booklore-app/develop

Merge develop into master for release

Author: acx10

README.md

@@ -4,6 +4,8 @@
 
 ### *Your Personal Library, Beautifully Organized*
 
+**🌐 Official Website: [https://booklore.org](https://booklore.org/)**
+
 <p align="center">
   <img src="assets/demo.gif" alt="BookLore Demo" width="800px" style="border-radius: 10px; box-shadow: 0 4px 6px rgba(0,0,0,0.1);" />
 </p>

booklore-api/build.gradle

@@ -52,6 +52,7 @@ dependencies {
 
     // --- Book & Image Processing ---
     implementation 'org.apache.pdfbox:pdfbox:3.0.6'
+    implementation 'org.apache.pdfbox:pdfbox-io:3.0.6'
     implementation 'org.apache.pdfbox:xmpbox:3.0.6'
     implementation 'org.apache.pdfbox:jbig2-imageio:3.0.4'
     implementation 'com.github.jai-imageio:jai-imageio-core:1.4.0'

booklore-api/src/main/java/com/adityachandel/booklore/config/security/SecurityUtil.java

@@ -65,6 +65,21 @@ public boolean canEditMetadata() {
         return user != null && user.getPermissions().isCanEditMetadata();
     }
 
+    public boolean canBulkEditMetadata() {
+        var user = getCurrentUser();
+        return user != null && user.getPermissions().isCanBulkEditMetadata();
+    }
+
+    public boolean canBulkLockUnlockMetadata() {
+        var user = getCurrentUser();
+        return user != null && user.getPermissions().isCanBulkLockUnlockMetadata();
+    }
+
+    public boolean canBulkRegenerateCover() {
+        var user = getCurrentUser();
+        return user != null && user.getPermissions().isCanBulkRegenerateCover();
+    }
+
     public boolean canEmailBook() {
         var user = getCurrentUser();
         return user != null && user.getPermissions().isCanEmailBook();

booklore-api/src/main/java/com/adityachandel/booklore/config/security/service/AuthenticationService.java

@@ -9,6 +9,7 @@
 import com.adityachandel.booklore.model.entity.BookLoreUserEntity;
 import com.adityachandel.booklore.model.entity.RefreshTokenEntity;
 import com.adityachandel.booklore.model.enums.ProvisioningMethod;
+import com.adityachandel.booklore.model.enums.UserPermission;
 import com.adityachandel.booklore.repository.RefreshTokenRepository;
 import com.adityachandel.booklore.repository.UserRepository;
 import com.adityachandel.booklore.service.user.DefaultSettingInitializer;
@@ -60,16 +61,9 @@ public BookLoreUser getSystemUser() {
 
     private BookLoreUser createSystemUser() {
         BookLoreUser.UserPermissions permissions = new BookLoreUser.UserPermissions();
-        permissions.setAdmin(true);
-        permissions.setCanUpload(true);
-        permissions.setCanDownload(true);
-        permissions.setCanEditMetadata(true);
-        permissions.setCanManageLibrary(true);
-        permissions.setCanSyncKoReader(true);
-        permissions.setCanSyncKobo(true);
-        permissions.setCanEmailBook(true);
-        permissions.setCanDeleteBook(true);
-        permissions.setCanAccessOpds(true);
+        for (UserPermission permission : UserPermission.values()) {
+            permission.setInDto(permissions, true);
+        }
 
         return BookLoreUser.builder()
                 .id(-1L)

booklore-api/src/main/java/com/adityachandel/booklore/controller/BookMediaController.java

@@ -107,6 +107,10 @@ public ResponseEntity<Resource> getBackgroundImage() {
                     ? MediaType.IMAGE_PNG
                     : MediaType.IMAGE_JPEG;
 
+            if (filename == null) {
+                return ResponseEntity.badRequest().build();
+            }
+
             String encodedFilename = URLEncoder.encode(filename, StandardCharsets.UTF_8).replace("+", "%20");
             String fallbackFilename = NON_ASCII_PATTERN.matcher(filename).replaceAll("_");
             String contentDisposition = String.format("inline; filename=\"%s\"; filename*=UTF-8''%s",

booklore-api/src/main/java/com/adityachandel/booklore/controller/HealthcheckController.java

@@ -2,7 +2,6 @@
 
 import com.adityachandel.booklore.model.dto.response.SuccessResponse;
 import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.http.ResponseEntity;

booklore-api/src/main/java/com/adityachandel/booklore/controller/MetadataController.java

@@ -83,7 +83,7 @@ public ResponseEntity<BookMetadata> updateMetadata(
     @Operation(summary = "Bulk edit book metadata", description = "Bulk update metadata for multiple books. Requires metadata edit permission or admin.")
     @ApiResponse(responseCode = "204", description = "Bulk metadata updated successfully")
     @PutMapping("/bulk-edit-metadata")
-    @PreAuthorize("@securityUtil.canEditMetadata() or @securityUtil.isAdmin()")
+    @PreAuthorize("@securityUtil.canBulkEditMetadata() or @securityUtil.isAdmin()")
     public ResponseEntity<Void> bulkEditMetadata(
             @Parameter(description = "Bulk metadata update request") @RequestBody BulkMetadataUpdateRequest bulkMetadataUpdateRequest) {
         boolean mergeCategories = bulkMetadataUpdateRequest.isMergeCategories();
@@ -120,7 +120,7 @@ public ResponseEntity<BookMetadata> uploadCoverFromUrl(
     @Operation(summary = "Toggle all metadata locks", description = "Toggle all metadata locks for books. Requires metadata edit permission or admin.")
     @ApiResponse(responseCode = "200", description = "Metadata locks toggled successfully")
     @PutMapping("/metadata/toggle-all-lock")
-    @PreAuthorize("@securityUtil.canEditMetadata() or @securityUtil.isAdmin()")
+    @PreAuthorize("@securityUtil.canBulkLockUnlockMetadata() or @securityUtil.isAdmin()")
     public ResponseEntity<List<BookMetadata>> toggleAllMetadata(
             @Parameter(description = "Toggle all lock request") @RequestBody ToggleAllLockRequest request) {
         return ResponseEntity.ok(bookMetadataService.toggleAllLock(request));
@@ -139,7 +139,7 @@ public ResponseEntity<List<BookMetadata>> toggleFieldLocks(
     @Operation(summary = "Regenerate all covers", description = "Regenerate covers for all books. Requires metadata edit permission or admin.")
     @ApiResponse(responseCode = "204", description = "Covers regenerated successfully")
     @PostMapping("/regenerate-covers")
-    @PreAuthorize("@securityUtil.canEditMetadata() or @securityUtil.isAdmin()")
+    @PreAuthorize("@securityUtil.canBulkRegenerateCover() or @securityUtil.isAdmin()")
     public void regenerateCovers() {
         bookMetadataService.regenerateCovers();
     }
@@ -154,10 +154,20 @@ public void regenerateCovers(
         bookMetadataService.regenerateCover(bookId);
     }
 
+    @Operation(summary = "Generate custom cover for a book", description = "Generate a custom cover for a specific book based on its metadata. Requires metadata edit permission or admin.")
+    @ApiResponse(responseCode = "204", description = "Custom cover generated successfully")
+    @PostMapping("/{bookId}/generate-custom-cover")
+    @PreAuthorize("@securityUtil.canEditMetadata() or @securityUtil.isAdmin()")
+    @CheckBookAccess(bookIdParam = "bookId")
+    public void generateCustomCover(
+            @Parameter(description = "ID of the book") @PathVariable Long bookId) {
+        bookMetadataService.generateCustomCover(bookId);
+    }
+
     @Operation(summary = "Regenerate covers for selected books", description = "Regenerate covers for a list of books. Requires metadata edit permission or admin.")
     @ApiResponse(responseCode = "204", description = "Cover regeneration started successfully")
     @PostMapping("/bulk-regenerate-covers")
-    @PreAuthorize("@securityUtil.canEditMetadata() or @securityUtil.isAdmin()")
+    @PreAuthorize("@securityUtil.canBulkRegenerateCover() or @securityUtil.isAdmin()")
     public ResponseEntity<Void> regenerateCoversForBooks(
             @Parameter(description = "List of book IDs") @Validated @RequestBody BulkBookIdsRequest request) {
         bookMetadataService.regenerateCoversForBooks(request.getBookIds());
@@ -167,7 +177,7 @@ public ResponseEntity<Void> regenerateCoversForBooks(
     @Operation(summary = "Upload cover image for multiple books", description = "Upload a cover image to apply to multiple books. Requires metadata edit permission or admin.")
     @ApiResponse(responseCode = "204", description = "Cover upload started successfully")
     @PostMapping("/bulk-upload-cover")
-    @PreAuthorize("@securityUtil.canEditMetadata() or @securityUtil.isAdmin()")
+    @PreAuthorize("@securityUtil.canBulkEditMetadata() or @securityUtil.isAdmin()")
     public ResponseEntity<Void> bulkUploadCover(
             @Parameter(description = "Cover image file") @RequestParam("file") MultipartFile file,
             @Parameter(description = "Comma-separated book IDs") @RequestParam("bookIds") @jakarta.validation.constraints.NotEmpty java.util.Set<Long> bookIds) {
@@ -195,7 +205,7 @@ public ResponseEntity<List<CoverImage>> getImages(
     @Operation(summary = "Consolidate metadata", description = "Merge metadata values. Requires metadata edit permission or admin.")
     @ApiResponse(responseCode = "204", description = "Metadata consolidated successfully")
     @PostMapping("/metadata/manage/consolidate")
-    @PreAuthorize("@securityUtil.canEditMetadata() or @securityUtil.isAdmin()")
+    @PreAuthorize("@securityUtil.canBulkEditMetadata() or @securityUtil.isAdmin()")
     public ResponseEntity<Void> mergeMetadata(
             @Parameter(description = "Merge metadata request") @Validated @RequestBody MergeMetadataRequest request) {
         metadataManagementService.consolidateMetadata(request.getMetadataType(), request.getTargetValues(), request.getValuesToMerge());
@@ -205,7 +215,7 @@ public ResponseEntity<Void> mergeMetadata(
     @Operation(summary = "Delete metadata values", description = "Delete metadata values. Requires metadata edit permission or admin.")
     @ApiResponse(responseCode = "204", description = "Metadata deleted successfully")
     @PostMapping("/metadata/manage/delete")
-    @PreAuthorize("@securityUtil.canEditMetadata() or @securityUtil.isAdmin()")
+    @PreAuthorize("@securityUtil.canBulkEditMetadata() or @securityUtil.isAdmin()")
     public ResponseEntity<Void> deleteMetadata(
             @Parameter(description = "Delete metadata request") @Validated @RequestBody DeleteMetadataRequest request) {
         metadataManagementService.deleteMetadata(request.getMetadataType(), request.getValuesToDelete());

booklore-api/src/main/java/com/adityachandel/booklore/controller/TaskController.java

@@ -37,7 +37,6 @@ public ResponseEntity<List<TaskInfo>> getAvailableTasks() {
     }
 
     @PostMapping("/start")
-    @PreAuthorize("@securityUtil.canAccessTaskManager() or @securityUtil.isAdmin()")
     public ResponseEntity<TaskCreateResponse> startTask(@RequestBody TaskCreateRequest request) {
         TaskCreateResponse response = service.runAsUser(request);
         if (response.getStatus() == TaskStatus.ACCEPTED) {

booklore-api/src/main/java/com/adityachandel/booklore/controller/UserStatsController.java

@@ -34,16 +34,15 @@ public ResponseEntity<List<ReadingSessionHeatmapResponse>> getHeatmapForYear(@Re
     @Operation(summary = "Get reading session timeline for a week", description = "Returns reading sessions grouped by book for calendar timeline view")
     @ApiResponses({
             @ApiResponse(responseCode = "200", description = "Timeline data retrieved successfully"),
-            @ApiResponse(responseCode = "400", description = "Invalid week, month, or year"),
+            @ApiResponse(responseCode = "400", description = "Invalid week or year"),
             @ApiResponse(responseCode = "401", description = "Unauthorized")
     })
     @GetMapping("/timeline")
     @PreAuthorize("@securityUtil.canAccessUserStats() or @securityUtil.isAdmin()")
     public ResponseEntity<List<ReadingSessionTimelineResponse>> getTimelineForWeek(
             @RequestParam int year,
-            @RequestParam int month,
             @RequestParam int week) {
-        List<ReadingSessionTimelineResponse> timelineData = readingSessionService.getSessionTimelineForWeek(year, month, week);
+        List<ReadingSessionTimelineResponse> timelineData = readingSessionService.getSessionTimelineForWeek(year, week);
         return ResponseEntity.ok(timelineData);
     }
 
@@ -111,4 +110,3 @@ public ResponseEntity<List<CompletionTimelineResponse>> getCompletionTimeline(@R
         return ResponseEntity.ok(timeline);
     }
 }
-

booklore-api/src/main/java/com/adityachandel/booklore/crons/CronService.java

@@ -5,33 +5,47 @@
 import com.adityachandel.booklore.model.dto.InstallationPing;
 import com.adityachandel.booklore.service.TelemetryService;
 import com.adityachandel.booklore.service.appsettings.AppSettingService;
+import jakarta.annotation.PostConstruct;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Service;
 import org.springframework.web.client.RestClient;
 
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
 import java.util.concurrent.TimeUnit;
 
 @Service
 @AllArgsConstructor
 @Slf4j
 public class CronService {
 
+    private static final String LAST_TELEMETRY_KEY = "last_telemetry_sent";
+    private static final String LAST_PING_KEY = "last_ping_sent";
+    private static final long INTERVAL_HOURS = 24;
+
     private final AppProperties appProperties;
     private final TelemetryService telemetryService;
     private final RestClient restClient;
     private final AppSettingService appSettingService;
 
+    @PostConstruct
+    public void initScheduledTasks() {
+        checkAndRunTelemetry();
+        checkAndRunPing();
+    }
+
     @Scheduled(fixedDelay = 24, timeUnit = TimeUnit.HOURS, initialDelay = 24)
     public void sendTelemetryData() {
         if (appSettingService.getAppSettings().isTelemetryEnabled()) {
             try {
                 String url = appProperties.getTelemetry().getBaseUrl() + "/api/v1/ingest";
                 BookloreTelemetry telemetry = telemetryService.collectTelemetry();
                 postData(url, telemetry);
+                appSettingService.saveSetting(LAST_TELEMETRY_KEY, Instant.now().toString());
             } catch (Exception e) {
-                log.warn("Failed to send telemetry data: {}", e.getMessage());
+                log.warn("Failed to up stats: {}", e.getMessage());
             }
         }
     }
@@ -42,8 +56,9 @@ public void sendPing() {
             String url = appProperties.getTelemetry().getBaseUrl() + "/api/v1/heartbeat";
             InstallationPing ping = telemetryService.getInstallationPing();
             postData(url, ping);
+            appSettingService.saveSetting(LAST_PING_KEY, Instant.now().toString());
         } catch (Exception e) {
-            log.warn("Failed to send installation ping: {}", e.getMessage());
+            log.warn("Failed to up ping: {}", e.getMessage());
         }
     }
 
@@ -54,4 +69,50 @@ private void postData(String url, Object body) {
                 .retrieve()
                 .body(String.class);
     }
+
+
+    private void checkAndRunTelemetry() {
+        if (!appSettingService.getAppSettings().isTelemetryEnabled()) {
+            return;
+        }
+
+        String lastRunStr = appSettingService.getSettingValue(LAST_TELEMETRY_KEY);
+        if (shouldRunTask(lastRunStr)) {
+            log.info("Running stats on startup (last run: {})", lastRunStr);
+            sendTelemetryData();
+        }
+    }
+
+    private void checkAndRunPing() {
+        String lastRunStr = appSettingService.getSettingValue(LAST_PING_KEY);
+        if (shouldRunTask(lastRunStr)) {
+            log.info("Running ping on startup (last run: {})", lastRunStr);
+            sendPing();
+        }
+    }
+
+    /**
+     * Determines if a task should run immediately on startup.
+     * Returns false for new installations (no last run recorded) to follow normal schedule.
+     * Returns true if more than INTERVAL_HOURS have passed since the last run,
+     * preventing data gaps when the server restarts close to scheduled execution time.
+     *
+     * Example: Telemetry normally runs at 2:00 AM daily. If the server restarts at 1:55 AM,
+     * the scheduled task would reset and not run until 2:00 AM the next day (48 hours later).
+     * This method checks if 24+ hours have passed since the last run and executes immediately
+     * on startup if needed, ensuring data is sent at 1:55 AM instead of waiting another 24 hours.
+     */
+    private boolean shouldRunTask(String lastRunStr) {
+        if (lastRunStr == null || lastRunStr.isEmpty()) {
+            return false;
+        }
+        try {
+            Instant lastRun = Instant.parse(lastRunStr);
+            Instant threshold = Instant.now().minus(INTERVAL_HOURS, ChronoUnit.HOURS);
+            return lastRun.isBefore(threshold);
+        } catch (Exception e) {
+            log.warn("Failed to parse last run timestamp: {}", e.getMessage());
+            return false;
+        }
+    }
 }