1
0
mirror of https://github.com/janeczku/calibre-web synced 2024-12-22 16:10:30 +00:00
Commit Graph

90 Commits

Author SHA1 Message Date
OzzieIsaacs
f33e25ac40 Merge remote-tracking branch 'sec_fixes/cookies_improvement' 2020-05-10 10:22:21 +02:00
jvoisin
bf166b757a Improve a bit the cookie's hardening
- Samesite for session cookies as well as the remember me ones
- Httponly
2020-05-09 14:42:28 +02:00
jvoisin
b4165335a7 Use strong sessions protection
See https://flask-login.readthedocs.io/en/latest/#session-protection for
details
2020-05-09 14:34:14 +02:00
Ozzieisaacs
fb16429867 Randomize flask secret_key 2020-05-04 19:02:03 +02:00
OzzieIsaacs
36a984ce3c Revert proxyfix 2020-05-02 18:17:52 +02:00
Ozzieisaacs
8646f8f23a Merge branch 'Develop'
# Conflicts:
#	cps/__init__.py
2020-05-01 14:51:54 +02:00
OzzieIsaacs
fb8b6310d5 Fix from tests 2020-04-30 20:58:01 +02:00
Ozzieisaacs
02aaf17ac5 Fix #1339 (Proxyfix import with old werkzeug versions causes traceback) 2020-04-30 19:21:08 +02:00
Ozzieisaacs
b160a8de0b Merge branch 'master' into Develop
# Conflicts:
#	cps/__init__.py
#	cps/comic.py
#	cps/editbooks.py
#	cps/helper.py
#	cps/kobo.py
#	cps/translations/nl/LC_MESSAGES/messages.mo
#	cps/translations/nl/LC_MESSAGES/messages.po
#	cps/ub.py
#	cps/uploader.py
#	cps/web.py
2020-04-30 18:08:28 +02:00
Ozzieisaacs
e3246fd751 Merge remote-tracking branch 'key' 2020-04-30 17:29:41 +02:00
jvoisin
523aab2e9e Don't use an hardcoded session key
This fixes a trivial authentication bypass,
according to https://flask.palletsprojects.com/en/1.1.x/quickstart/#sessions
2020-04-29 13:59:34 +02:00
Jeff
6384cdc74d
Fix https github oauth
while using https domian and nginx as proxy, a `ProxyFix` is required.
2020-04-19 19:53:41 +08:00
Ozzieisaacs
f6c04b9b84 Merge branch 'master' into Develop 2020-03-29 16:48:56 +02:00
Ozzieisaacs
4eacb21259 Update updater
Update change logfile
code cosmetics js files
2020-03-29 16:44:24 +02:00
Ozzie Isaacs
6d1a3ccdcc Improve logger for windows 2020-03-28 07:13:51 +01:00
Ozzieisaacs
4087e685f4 Fix auto detection of locale 2020-02-01 13:40:29 +01:00
Ozzieisaacs
5255085de1 Fix auto detection of locale 2020-02-01 13:38:11 +01:00
Ozzieisaacs
6cda5fee0d Fix language selection on python3 2019-09-06 20:56:17 +02:00
Ozzieisaacs
f543d7f486 Fix #1016 2019-08-20 18:32:04 +02:00
Ozzieisaacs
26a7d9ef30 Merge branch 'Develop'
# Conflicts:
#	cps/__init__.py
#	cps/about.py
#	cps/admin.py
#	cps/cli.py
#	cps/config_sql.py
#	cps/constants.py
#	cps/converter.py
#	cps/db.py
#	cps/editbooks.py
#	cps/gdriveutils.py
#	cps/helper.py
#	cps/logger.py
#	cps/oauth.py
#	cps/server.py
#	cps/services/simpleldap.py
#	cps/ub.py
#	cps/web.py
#	cps/worker.py
#	optional-requirements.txt
#	setup.cfg
#	setup.py
2019-07-17 19:07:05 +02:00
Daniel Pavel
63634961d4 cleaner worker api
the worker thread now stops on its own
2019-07-14 20:28:32 +03:00
Daniel Pavel
a836df9a5a more robust disposing of database session
avoid spamming the log with debug messages from libraries
2019-07-14 14:44:48 +03:00
Ozzieisaacs
8bfcdffeb6 Fix feature support 2019-07-14 13:20:40 +02:00
Ozzieisaacs
4708347c16 Merge branch 'Develop'
# Conflicts:
#	MANIFEST.in
#	README.md
#	cps/helper.py
#	cps/static/js/archive/archive.js
#	cps/translations/nl/LC_MESSAGES/messages.mo
#	cps/translations/nl/LC_MESSAGES/messages.po
#	cps/ub.py
#	cps/updater.py
#	cps/web.py
#	cps/worker.py
#	optional-requirements.txt
2019-07-13 20:54:21 +02:00
Daniel Pavel
006e596c72 Moved config class into separate file.
Moved Goodreads and LDAP services into separate package.
2019-07-07 16:05:51 +03:00
Ozzieisaacs
572b5427c7 Fix Encoding issues for python2 2019-06-23 21:11:45 +02:00
Daniel Pavel
e254565901 support binding the http server to a unix socket file instead of TCP socket 2019-06-18 08:57:37 +03:00
Ozzieisaacs
9b74d51f21 Merge remote-tracking branch 'ldap/master' into Develop
# Conflicts:
#	cps/server.py
#	cps/templates/config_edit.html
#	cps/ub.py
#	cps/updater.py
#	cps/web.py
#	optional-requirements-ldap.txt
#	setup.cfg
2019-06-16 08:20:01 +02:00
Ozzieisaacs
26949970d8 Revert logging functions
Fix access logger for tornado
2019-06-11 20:07:51 +02:00
Ozzieisaacs
546ed65e1d Update logging
Fix sort order author
Fixes sorting view
Moved version info
added feature limit listening to single ipaddress
2019-06-10 14:15:21 +02:00
Daniel Pavel
b89ab9ff10 logging clean-up
- moved most constants to separate file
- sorted and cleaned-up imports
- moved logging setup to separate file
2019-06-06 18:10:22 +03:00
Ozzieisaacs
bb0d5c5538 Working for pip and "normal" start for python3 and python2 2019-06-02 09:33:45 +02:00
Ozzieisaacs
406d1c76c9 Sorting and filtering of lists working (except file formats)
Refactored and bugfixing show_cover
Refactored import of helper in web.py
Fix for displaying /me (gettext) throwing error 500
Fix get search results throwing error 500
Fix routing books_list for python2.7
Fix for "me" and "settings" pages
Update sidebarview and list view
2019-04-22 19:11:35 +02:00
Ozzieisaacs
2de4bfdcf2 Merge branch 'master' into Develop
# Conflicts:
#	cps/book_formats.py
#	cps/helper.py
#	cps/web.py
2019-04-20 18:32:46 +02:00
Ozzieisaacs
0224d45961 Code cosmetics 2019-03-04 20:03:09 +01:00
Ozzieisaacs
de58d0a4d8 Merge remote-tracking branch 'metadata/Develop' into Develop
Update logger for updater
2019-03-01 19:09:37 +01:00
Ozzieisaacs
d6ee8f75e9 More refactoring 2019-02-08 20:12:16 +01:00
Ozzieisaacs
a00d93a2d9 Working again (basically) 2019-02-06 21:52:32 +01:00
Cervinko Cera
704198655b custom columns unfinished 2016-04-20 19:25:47 +02:00
Jan Broer
64a9cbce2d Initial Fork from https://bitbucket.org/raphaelmutschler/calibreserver/ 2015-08-02 20:59:11 +02:00