groove/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2026-04-19 21:49:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Update session DeviceInfo with sanitize on clientDeviceInfo

Browse source
This commit is contained in:
advplyr 2026-03-11 17:03:07 -05:00
parent fbe1d1eed6
commit 690a7e0da9
4 changed files with 46 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

26
client/pages/config/sessions.vue
View file

@ -66,7 +66,11 @@
<p class="text-xs">{{ getPlayMethodName(session.playMethod) }}</p> <p class="text-xs">{{ getPlayMethodName(session.playMethod) }}</p>
</td> </td>
<td class="hidden sm:table-cell max-w-32 min-w-32"> <td class="hidden sm:table-cell max-w-32 min-w-32">
<p class="text-xs truncate" v-html="getDeviceInfoString(session.deviceInfo)" /> <p class="text-xs truncate">
<template v-for="(line, index) in getDeviceInfoLines(session.deviceInfo)">
<br v-if="index > 0" :key="'br-' + index" />{{ line }}
</template>
</p>
</td> </td>
<td class="text-center w-24 min-w-24 sm:w-32 sm:min-w-32"> <td class="text-center w-24 min-w-24 sm:w-32 sm:min-w-32">
<p class="text-xs font-mono">{{ $elapsedPrettyLocalized(session.timeListening) }}</p> <p class="text-xs font-mono">{{ $elapsedPrettyLocalized(session.timeListening) }}</p>
@ -130,7 +134,11 @@
<p class="text-xs">{{ getPlayMethodName(session.playMethod) }}</p> <p class="text-xs">{{ getPlayMethodName(session.playMethod) }}</p>
</td> </td>
<td class="hidden sm:table-cell max-w-32 min-w-32"> <td class="hidden sm:table-cell max-w-32 min-w-32">
<p class="text-xs truncate" v-html="getDeviceInfoString(session.deviceInfo)" /> <p class="text-xs truncate">
<template v-for="(line, index) in getDeviceInfoLines(session.deviceInfo)">
<br v-if="index > 0" :key="'br-' + index" />{{ line }}
</template>
</p>
</td> </td>
<td class="text-center"> <td class="text-center">
<p class="text-xs font-mono">{{ $elapsedPretty(session.timeListening) }}</p> <p class="text-xs font-mono">{{ $elapsedPretty(session.timeListening) }}</p>
@ -172,7 +180,11 @@
<p class="text-xs">{{ getPlayMethodName(session.playMethod) }}</p> <p class="text-xs">{{ getPlayMethodName(session.playMethod) }}</p>
</td> </td>
<td class="hidden sm:table-cell max-w-32 min-w-32"> <td class="hidden sm:table-cell max-w-32 min-w-32">
<p class="text-xs truncate" v-html="getDeviceInfoString(session.deviceInfo)" /> <p class="text-xs truncate">
<template v-for="(line, index) in getDeviceInfoLines(session.deviceInfo)">
<br v-if="index > 0" :key="'br-' + index" />{{ line }}
</template>
</p>
</td> </td>
<td class="text-center hover:underline" @click.stop="clickCurrentTime(session)"> <td class="text-center hover:underline" @click.stop="clickCurrentTime(session)">
<p class="text-xs font-mono">{{ $secondsToTimestamp(session.currentTime) }}</p> <p class="text-xs font-mono">{{ $secondsToTimestamp(session.currentTime) }}</p>
@ -433,16 +445,16 @@ export default {
this.selectedSession = session this.selectedSession = session
this.showSessionModal = true this.showSessionModal = true
}, },
getDeviceInfoString(deviceInfo) { getDeviceInfoLines(deviceInfo) {
if (!deviceInfo) return '' if (!deviceInfo) return []
var lines = [] const lines = []
if (deviceInfo.clientName) lines.push(`${deviceInfo.clientName} ${deviceInfo.clientVersion || ''}`) if (deviceInfo.clientName) lines.push(`${deviceInfo.clientName} ${deviceInfo.clientVersion || ''}`)
if (deviceInfo.osName) lines.push(`${deviceInfo.osName} ${deviceInfo.osVersion}`) if (deviceInfo.osName) lines.push(`${deviceInfo.osName} ${deviceInfo.osVersion}`)
if (deviceInfo.browserName) lines.push(deviceInfo.browserName) if (deviceInfo.browserName) lines.push(deviceInfo.browserName)
if (deviceInfo.manufacturer && deviceInfo.model) lines.push(`${deviceInfo.manufacturer} ${deviceInfo.model}`) if (deviceInfo.manufacturer && deviceInfo.model) lines.push(`${deviceInfo.manufacturer} ${deviceInfo.model}`)
if (deviceInfo.sdkVersion) lines.push(`SDK Version: ${deviceInfo.sdkVersion}`) if (deviceInfo.sdkVersion) lines.push(`SDK Version: ${deviceInfo.sdkVersion}`)
return lines.join('<br>') return lines
}, },
getPlayMethodName(playMethod) { getPlayMethodName(playMethod) {
if (playMethod === this.$constants.PlayMethod.DIRECTPLAY) return 'Direct Play' if (playMethod === this.$constants.PlayMethod.DIRECTPLAY) return 'Direct Play'

16
client/pages/config/users/_id/sessions.vue
View file

@ -38,8 +38,12 @@
<p class="text-xs">{{ getPlayMethodName(session.playMethod) }}</p> <p class="text-xs">{{ getPlayMethodName(session.playMethod) }}</p>
</td> </td>
<td class="hidden sm:table-cell min-w-32 max-w-32"> <td class="hidden sm:table-cell min-w-32 max-w-32">
<p class="text-xs truncate" v-html="getDeviceInfoString(session.deviceInfo)" /> <p class="text-xs truncate">
</td> <template v-for="(line, index) in getDeviceInfoLines(session.deviceInfo)">
<br v-if="index > 0" :key="'br-' + index" />{{ line }}
</template>
</p>
</td>
<td class="text-center"> <td class="text-center">
<p class="text-xs font-mono">{{ $elapsedPrettyLocalized(session.timeListening) }}</p> <p class="text-xs font-mono">{{ $elapsedPrettyLocalized(session.timeListening) }}</p>
</td> </td>
@ -193,16 +197,16 @@ export default {
this.selectedSession = session this.selectedSession = session
this.showSessionModal = true this.showSessionModal = true
}, },
getDeviceInfoString(deviceInfo) { getDeviceInfoLines(deviceInfo) {
if (!deviceInfo) return '' if (!deviceInfo) return []
var lines = [] const lines = []
if (deviceInfo.clientName) lines.push(`${deviceInfo.clientName} ${deviceInfo.clientVersion || ''}`) if (deviceInfo.clientName) lines.push(`${deviceInfo.clientName} ${deviceInfo.clientVersion || ''}`)
if (deviceInfo.osName) lines.push(`${deviceInfo.osName} ${deviceInfo.osVersion}`) if (deviceInfo.osName) lines.push(`${deviceInfo.osName} ${deviceInfo.osVersion}`)
if (deviceInfo.browserName) lines.push(deviceInfo.browserName) if (deviceInfo.browserName) lines.push(deviceInfo.browserName)
if (deviceInfo.manufacturer && deviceInfo.model) lines.push(`${deviceInfo.manufacturer} ${deviceInfo.model}`) if (deviceInfo.manufacturer && deviceInfo.model) lines.push(`${deviceInfo.manufacturer} ${deviceInfo.model}`)
if (deviceInfo.sdkVersion) lines.push(`SDK Version: ${deviceInfo.sdkVersion}`) if (deviceInfo.sdkVersion) lines.push(`SDK Version: ${deviceInfo.sdkVersion}`)
return lines.join('<br>') return lines
}, },
getPlayMethodName(playMethod) { getPlayMethodName(playMethod) {
if (playMethod === this.$constants.PlayMethod.DIRECTPLAY) return 'Direct Play' if (playMethod === this.$constants.PlayMethod.DIRECTPLAY) return 'Direct Play'

36
server/objects/DeviceInfo.js
View file

@ -1,6 +1,10 @@
const uuidv4 = require("uuid").v4 const uuidv4 = require('uuid').v4
const { stripAllTags } = require('../utils/htmlSanitizer')
class DeviceInfo { class DeviceInfo {
/** @type {string[]} Fields to sanitize when loading from stored data */
static stringFields = ['deviceId', 'clientVersion', 'manufacturer', 'model', 'sdkVersion', 'clientName', 'deviceName']
constructor(deviceInfo = null) { constructor(deviceInfo = null) {
this.id = null this.id = null
this.userId = null this.userId = null
@ -31,7 +35,7 @@ class DeviceInfo {
construct(deviceInfo) { construct(deviceInfo) {
for (const key in deviceInfo) { for (const key in deviceInfo) {
if (deviceInfo[key] !== undefined && this[key] !== undefined) { if (deviceInfo[key] !== undefined && this[key] !== undefined) {
this[key] = deviceInfo[key] this[key] = DeviceInfo.stringFields.includes(key) ? stripAllTags(deviceInfo[key]) : deviceInfo[key]
} }
} }
} }
@ -63,7 +67,8 @@ class DeviceInfo {
} }
get deviceDescription() { get deviceDescription() {
if (this.model) { // Set from mobile apps if (this.model) {
// Set from mobile apps
if (this.sdkVersion) return `${this.model} SDK ${this.sdkVersion} / v${this.clientVersion}` if (this.sdkVersion) return `${this.model} SDK ${this.sdkVersion} / v${this.clientVersion}`
return `${this.model} / v${this.clientVersion}` return `${this.model} / v${this.clientVersion}`
} }
@ -72,18 +77,7 @@ class DeviceInfo {
// When client doesn't send a device id // When client doesn't send a device id
getTempDeviceId() { getTempDeviceId() {
const keys = [ const keys = [this.userId, this.browserName, this.browserVersion, this.osName, this.osVersion, this.clientVersion, this.manufacturer, this.model, this.sdkVersion, this.ipAddress].map((k) => k || '')
this.userId,
this.browserName,
this.browserVersion,
this.osName,
this.osVersion,
this.clientVersion,
this.manufacturer,
this.model,
this.sdkVersion,
this.ipAddress
].map(k => k || '')
return 'temp-' + Buffer.from(keys.join('-'), 'utf-8').toString('base64') return 'temp-' + Buffer.from(keys.join('-'), 'utf-8').toString('base64')
} }
@ -99,12 +93,12 @@ class DeviceInfo {
this.osVersion = ua?.os.version || null this.osVersion = ua?.os.version || null
this.deviceType = ua?.device.type || null this.deviceType = ua?.device.type || null
this.clientVersion = clientDeviceInfo?.clientVersion || serverVersion this.clientVersion = stripAllTags(clientDeviceInfo?.clientVersion) || serverVersion
this.manufacturer = clientDeviceInfo?.manufacturer || null this.manufacturer = stripAllTags(clientDeviceInfo?.manufacturer) || null
this.model = clientDeviceInfo?.model || null this.model = stripAllTags(clientDeviceInfo?.model) || null
this.sdkVersion = clientDeviceInfo?.sdkVersion || null this.sdkVersion = stripAllTags(clientDeviceInfo?.sdkVersion) || null
this.clientName = clientDeviceInfo?.clientName || null this.clientName = stripAllTags(clientDeviceInfo?.clientName) || null
if (this.sdkVersion) { if (this.sdkVersion) {
if (!this.clientName) this.clientName = 'Abs Android' if (!this.clientName) this.clientName = 'Abs Android'
this.deviceName = `${this.manufacturer || 'Unknown'} ${this.model || ''}` this.deviceName = `${this.manufacturer || 'Unknown'} ${this.model || ''}`
@ -149,4 +143,4 @@ class DeviceInfo {
return hasUpdates return hasUpdates
} }
} }
module.exports = DeviceInfo module.exports = DeviceInfo

2
server/utils/htmlSanitizer.js
View file

@ -27,6 +27,8 @@ function sanitize(html) {
module.exports.sanitize = sanitize module.exports.sanitize = sanitize
function stripAllTags(html, shouldDecodeEntities = true) { function stripAllTags(html, shouldDecodeEntities = true) {
if (typeof html !== 'string') return ''
const sanitizerOptions = { const sanitizerOptions = {
allowedTags: [], allowedTags: [],
disallowedTagsMode: 'discard' disallowedTagsMode: 'discard'