Merge branch 'caching' of https://github.com/mikiher/audiobookshelf into caching

server/Auth.js

@@ -566,6 +566,69 @@ class Auth {
       Source: global.Source
     }
   }
+
+  /**
+   * 
+   * @param {string} password 
+   * @param {*} user 
+   * @returns {boolean}
+   */
+  comparePassword(password, user) {
+    if (user.type === 'root' && !password && !user.pash) return true
+    if (!password || !user.pash) return false
+    return bcrypt.compare(password, user.pash)
+  }
+
+  /**
+   * User changes their password from request
+   * 
+   * @param {import('express').Request} req 
+   * @param {import('express').Response} res 
+   */
+  async userChangePassword(req, res) {
+    let { password, newPassword } = req.body
+    newPassword = newPassword || ''
+    const matchingUser = req.user
+
+    // Only root can have an empty password
+    if (matchingUser.type !== 'root' && !newPassword) {
+      return res.json({
+        error: 'Invalid new password - Only root can have an empty password'
+      })
+    }
+
+    // Check password match
+    const compare = await this.comparePassword(password, matchingUser)
+    if (!compare) {
+      return res.json({
+        error: 'Invalid password'
+      })
+    }
+
+    let pw = ''
+    if (newPassword) {
+      pw = await this.hashPass(newPassword)
+      if (!pw) {
+        return res.json({
+          error: 'Hash failed'
+        })
+      }
+    }
+
+    matchingUser.pash = pw
+
+    const success = await Database.updateUser(matchingUser)
+    if (success) {
+      Logger.info(`[Auth] User "${matchingUser.username}" changed password`)
+      res.json({
+        success: true
+      })
+    } else {
+      res.json({
+        error: 'Unknown error'
+      })
+    }
+  }
 }
 
 module.exports = Auth

server/Server.js

@@ -140,11 +140,13 @@ class Server {
      * The mobile app ereader is using fetch api in Capacitor that is currently difficult to switch to native requests
      * so we have to allow cors for specific origins to the /api/items/:id/ebook endpoint
      * @see https://ionicframework.com/docs/troubleshooting/cors
+     * 
+     * Running in development allows cors to allow testing the mobile apps in the browser 
      */
     app.use((req, res, next) => {
-      if (req.path.match(/\/api\/items\/([a-z0-9-]{36})\/ebook(\/[0-9]+)?/)) {
+      if (Logger.isDev || req.path.match(/\/api\/items\/([a-z0-9-]{36})\/ebook(\/[0-9]+)?/)) {
         const allowedOrigins = ['capacitor://localhost', 'http://localhost']
-        if (allowedOrigins.some(o => o === req.get('origin'))) {
+        if (Logger.isDev || allowedOrigins.some(o => o === req.get('origin'))) {
           res.header('Access-Control-Allow-Origin', req.get('origin'))
           res.header("Access-Control-Allow-Methods", 'GET, POST, PATCH, PUT, DELETE, OPTIONS')
           res.header('Access-Control-Allow-Headers', '*')

server/SocketAuthority.js

@@ -192,9 +192,9 @@ class SocketAuthority {
 
     this.adminEmitter('user_online', client.user.toJSONForPublic(this.Server.playbackSessionManager.sessions))
 
-    // Update user lastSeen
+    // Update user lastSeen without firing sequelize bulk update hooks
     user.lastSeen = Date.now()
-    await Database.updateUser(user)
+    await Database.userModel.updateFromOld(user, false)
 
     const initialPayload = {
       userId: client.user.id,

server/models/User.js

@@ -99,11 +99,13 @@ class User extends Model {
    * Update User from old user model
    * 
    * @param {oldUser} oldUser 
+   * @param {boolean} [hooks=true] Run before / after bulk update hooks?
    * @returns {Promise<boolean>}
    */
-  static updateFromOld(oldUser) {
+  static updateFromOld(oldUser, hooks = true) {
     const user = this.getFromOld(oldUser)
     return this.update(user, {
+      hooks: !!hooks,
       where: {
         id: user.id
       }