mirror/advplyr.audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-07-25 13:24:57 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Remove deprecated /s/ and /ebook/ api routes

Browse source
This commit is contained in:
advplyr 2023-06-27 15:56:33 -05:00
parent 18cb394884
commit 5b0d105e21
5 changed files with 4 additions and 102 deletions
Download patch file Download diff file Expand all files Collapse all files

34
server/Server.js
View file

@ -22,7 +22,6 @@ const SocketAuthority = require('./SocketAuthority')
const ApiRouter = require('./routers/ApiRouter')
const HlsRouter = require('./routers/HlsRouter')
const StaticRouter = require('./routers/StaticRouter')
const NotificationManager = require('./managers/NotificationManager')
const EmailManager = require('./managers/EmailManager')
@ -84,7 +83,6 @@ class Server {
// Routers
this.apiRouter = new ApiRouter(this)
this.hlsRouter = new HlsRouter(this.db, this.auth, this.playbackSessionManager)
this.staticRouter = new StaticRouter(this.db)
Logger.logManager = this.logManager
@ -170,38 +168,6 @@ class Server {
router.use('/api', this.authMiddleware.bind(this), this.apiRouter.router)
router.use('/hls', this.authMiddleware.bind(this), this.hlsRouter.router)
// TODO: Deprecated as of 2.2.21 edge
router.use('/s', this.authMiddleware.bind(this), this.staticRouter.router)
// EBook static file routes
// TODO: Deprecated as of 2.2.21 edge
router.get('/ebook/:library/:folder/*', (req, res) => {
const library = this.db.libraries.find(lib => lib.id === req.params.library)
if (!library) return res.sendStatus(404)
const folder = library.folders.find(fol => fol.id === req.params.folder)
if (!folder) return res.status(404).send('Folder not found')
// Replace backslashes with forward slashes
const remainingPath = req.params['0'].replace(/\\/g, '/')
// Prevent path traversal
// e.g. ../../etc/passwd
if (/\/?\.?\.\//.test(remainingPath)) {
Logger.error(`[Server] Invalid path to get ebook "${remainingPath}"`)
return res.sendStatus(403)
}
// Check file ext is a valid ebook file
const filext = (Path.extname(remainingPath) || '').slice(1).toLowerCase()
if (!globals.SupportedEbookTypes.includes(filext)) {
Logger.error(`[Server] Invalid ebook file ext requested "${remainingPath}"`)
return res.sendStatus(403)
}
const fullPath = Path.join(folder.fullPath, remainingPath)
res.sendFile(fullPath)
})
// RSS Feed temp route
router.get('/feed/:id', (req, res) => {
Logger.info(`[Server] Requesting rss feed ${req.params.id}`)