Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Give everyone access to all books, intentionally ignoring Calibre-Web ACL accounts/authorization? #53

Open
deldesir opened this issue Nov 28, 2023 · 2 comments · May be fixed by #57
Open

Give everyone access to all books, intentionally ignoring Calibre-Web ACL accounts/authorization? #53

deldesir opened this issue Nov 28, 2023 · 2 comments · May be fixed by #57
Labels
question Further information is requested

Comments

@deldesir
Copy link
Collaborator

Question: Does this allow everyone access to all books, regardless whether they have a Calibre-Web account/access/authorization?

(As an intentional or unintentional side effect?)

  - ln -s /library/calibre-web /library/www/html/calibre-web

Originally posted by @holta in #51 (comment)
@holta holta added the question Further information is requested label Nov 28, 2023
@holta holta changed the title Everyone have access to all books, regardless whether they have a Calibre-Web account/access/authorization Give everyone access to all books, intentionally ignoring Calibre-Web ACL accounts/authorization? Nov 28, 2023
This was referenced Nov 28, 2023
Open
Merged
@holta
Copy link
Member

holta commented Nov 30, 2023
edited
Loading

RECAP towards bringing us back to a truly workable & sane solution — all videos/audio/media/books need to be playable without wastefully polluting server's memory.

Just for the moment, all "books" appear to be forcibly public under URL...

http://box/library/calibre-web/

...which is extremely concerning for 2 reasons:

  1. This violates everything about Calibre-Web's username/password security model — and peoples' longstanding expectations :/

  2. If the above is really needed in the very short-term during debugging / testing / designing a better solution, FYI this particular choice of URL (URLs containing string "/library/calibre-web/") is very strange — as it very unfortunately (makes it appear) as if the entire IIAB disk (from the root of the filesystem) is being made public :/

(While 2. is admittedly just a cosmetic issue, it's an extremely serious one if it makes everybody distrust the system!!)

@deldesir deldesir linked a pull request Dec 2, 2023 that will close this issue
Restrict NGINX (public?) access to "large" files only (e.g. .mp3, .mp4, .webm) in /library/calibre-web — for PR #51 OOM workaround #57
Open
@holta holta linked a pull request Dec 4, 2023 that will close this issue
Open
@deldesir deldesir mentioned this issue Dec 4, 2023
Merged
@holta
Copy link
Member

holta commented Dec 6, 2023
edited
Loading

I'm not sure we have an answer just yet to the larger questions (OOM/RAM/memory risks during playback of large audio/video/book files, ideally while honoring Calibre-Web's web username/password security model) BUT please all see the huge amount of ongoing progress within these 2 PR's in recent days: ✅

Working with/alongside these TDD-oriented[*] IIAB refinements:

[*] Test-Driven Development.

This was referenced Dec 8, 2023
Merged
Merged
@holta holta mentioned this issue Dec 24, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
2 participants
@holta @deldesir