mirror of
https://github.com/advplyr/audiobookshelf.git
synced 2026-01-10 13:09:37 +00:00
Merge pull request #4750 from mikiher/providers-api
Add metadata providers API and use them on web client
This commit is contained in:
advplyr
GitHub
commit
a92ba564bd
18 changed files with 361 additions and 210 deletions
|
|
@ -221,13 +221,11 @@ class LibraryController {
|
|||
const includeArray = (req.query.include || '').split(',')
|
||||
if (includeArray.includes('filterdata')) {
|
||||
const filterdata = await libraryFilters.getFilterData(req.library.mediaType, req.library.id)
|
||||
const customMetadataProviders = await Database.customMetadataProviderModel.getForClientByMediaType(req.library.mediaType)
|
||||
|
||||
return res.json({
|
||||
filterdata,
|
||||
issues: filterdata.numIssues,
|
||||
numUserPlaylists: await Database.playlistModel.getNumPlaylistsForUserAndLibrary(req.user.id, req.library.id),
|
||||
customMetadataProviders,
|
||||
library: req.library.toOldJSON()
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,7 +4,29 @@ const BookFinder = require('../finders/BookFinder')
|
|||
const PodcastFinder = require('../finders/PodcastFinder')
|
||||
const AuthorFinder = require('../finders/AuthorFinder')
|
||||
const Database = require('../Database')
|
||||
const { isValidASIN } = require('../utils')
|
||||
const { isValidASIN, getQueryParamAsString, ValidationError, NotFoundError } = require('../utils')
|
||||
|
||||
// Provider name mappings for display purposes
|
||||
const providerMap = {
|
||||
all: 'All',
|
||||
best: 'Best',
|
||||
google: 'Google Books',
|
||||
itunes: 'iTunes',
|
||||
openlibrary: 'Open Library',
|
||||
fantlab: 'FantLab.ru',
|
||||
audiobookcovers: 'AudiobookCovers.com',
|
||||
audible: 'Audible.com',
|
||||
'audible.ca': 'Audible.ca',
|
||||
'audible.uk': 'Audible.co.uk',
|
||||
'audible.au': 'Audible.com.au',
|
||||
'audible.fr': 'Audible.fr',
|
||||
'audible.de': 'Audible.de',
|
||||
'audible.jp': 'Audible.co.jp',
|
||||
'audible.it': 'Audible.it',
|
||||
'audible.in': 'Audible.in',
|
||||
'audible.es': 'Audible.es',
|
||||
audnexus: 'Audnexus'
|
||||
}
|
||||
|
||||
/**
|
||||
* @typedef RequestUserObject
|
||||
|
|
@ -16,6 +38,44 @@ const { isValidASIN } = require('../utils')
|
|||
class SearchController {
|
||||
constructor() {}
|
||||
|
||||
/**
|
||||
* Fetches a library item by ID
|
||||
* @param {string} id - Library item ID
|
||||
* @param {string} methodName - Name of the calling method for logging
|
||||
* @returns {Promise<import('../models/LibraryItem').LibraryItemExpanded>}
|
||||
*/
|
||||
static async fetchLibraryItem(id) {
|
||||
const libraryItem = await Database.libraryItemModel.getExpandedById(id)
|
||||
if (!libraryItem) {
|
||||
throw new NotFoundError(`library item "${id}" not found`)
|
||||
}
|
||||
return libraryItem
|
||||
}
|
||||
|
||||
/**
|
||||
* Maps custom metadata providers to standardized format
|
||||
* @param {Array} providers - Array of custom provider objects
|
||||
* @returns {Array<{value: string, text: string}>}
|
||||
*/
|
||||
static mapCustomProviders(providers) {
|
||||
return providers.map((provider) => ({
|
||||
value: provider.getSlug(),
|
||||
text: provider.name
|
||||
}))
|
||||
}
|
||||
|
||||
/**
|
||||
* Static helper method to format provider for client (for use in array methods)
|
||||
* @param {string} providerValue - Provider identifier
|
||||
* @returns {{value: string, text: string}}
|
||||
*/
|
||||
static formatProvider(providerValue) {
|
||||
return {
|
||||
value: providerValue,
|
||||
text: providerMap[providerValue] || providerValue
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* GET: /api/search/books
|
||||
*
|
||||
|
|
@ -23,19 +83,25 @@ class SearchController {
|
|||
* @param {Response} res
|
||||
*/
|
||||
async findBooks(req, res) {
|
||||
const id = req.query.id
|
||||
const libraryItem = await Database.libraryItemModel.getExpandedById(id)
|
||||
const provider = req.query.provider || 'google'
|
||||
const title = req.query.title || ''
|
||||
const author = req.query.author || ''
|
||||
try {
|
||||
const query = req.query
|
||||
const provider = getQueryParamAsString(query, 'provider', 'google')
|
||||
const title = getQueryParamAsString(query, 'title', '')
|
||||
const author = getQueryParamAsString(query, 'author', '')
|
||||
const id = getQueryParamAsString(query, 'id', '', true)
|
||||
|
||||
if (typeof provider !== 'string' || typeof title !== 'string' || typeof author !== 'string') {
|
||||
Logger.error(`[SearchController] findBooks: Invalid request query params`)
|
||||
return res.status(400).send('Invalid request query params')
|
||||
// Fetch library item
|
||||
const libraryItem = await SearchController.fetchLibraryItem(id)
|
||||
|
||||
const results = await BookFinder.search(libraryItem, provider, title, author)
|
||||
res.json(results)
|
||||
} catch (error) {
|
||||
Logger.error(`[SearchController] findBooks: ${error.message}`)
|
||||
if (error instanceof ValidationError || error instanceof NotFoundError) {
|
||||
return res.status(error.status).json({ error: error.message })
|
||||
}
|
||||
return res.status(500).json({ error: 'Internal server error' })
|
||||
}
|
||||
|
||||
const results = await BookFinder.search(libraryItem, provider, title, author)
|
||||
res.json(results)
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -45,20 +111,24 @@ class SearchController {
|
|||
* @param {Response} res
|
||||
*/
|
||||
async findCovers(req, res) {
|
||||
const query = req.query
|
||||
const podcast = query.podcast == 1
|
||||
try {
|
||||
const query = req.query
|
||||
const podcast = query.podcast === '1' || query.podcast === 1
|
||||
const title = getQueryParamAsString(query, 'title', '', true)
|
||||
const author = getQueryParamAsString(query, 'author', '')
|
||||
const provider = getQueryParamAsString(query, 'provider', 'google')
|
||||
|
||||
if (!query.title || typeof query.title !== 'string') {
|
||||
Logger.error(`[SearchController] findCovers: Invalid title sent in query`)
|
||||
return res.sendStatus(400)
|
||||
let results = null
|
||||
if (podcast) results = await PodcastFinder.findCovers(title)
|
||||
else results = await BookFinder.findCovers(provider, title, author)
|
||||
res.json({ results })
|
||||
} catch (error) {
|
||||
Logger.error(`[SearchController] findCovers: ${error.message}`)
|
||||
if (error instanceof ValidationError) {
|
||||
return res.status(error.status).json({ error: error.message })
|
||||
}
|
||||
return res.status(500).json({ error: 'Internal server error' })
|
||||
}
|
||||
|
||||
let results = null
|
||||
if (podcast) results = await PodcastFinder.findCovers(query.title)
|
||||
else results = await BookFinder.findCovers(query.provider || 'google', query.title, query.author || '')
|
||||
res.json({
|
||||
results
|
||||
})
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -69,34 +139,42 @@ class SearchController {
|
|||
* @param {Response} res
|
||||
*/
|
||||
async findPodcasts(req, res) {
|
||||
const term = req.query.term
|
||||
const country = req.query.country || 'us'
|
||||
if (!term) {
|
||||
Logger.error('[SearchController] Invalid request query param "term" is required')
|
||||
return res.status(400).send('Invalid request query param "term" is required')
|
||||
}
|
||||
try {
|
||||
const query = req.query
|
||||
const term = getQueryParamAsString(query, 'term', '', true)
|
||||
const country = getQueryParamAsString(query, 'country', 'us')
|
||||
|
||||
const results = await PodcastFinder.search(term, {
|
||||
country
|
||||
})
|
||||
res.json(results)
|
||||
const results = await PodcastFinder.search(term, { country })
|
||||
res.json(results)
|
||||
} catch (error) {
|
||||
Logger.error(`[SearchController] findPodcasts: ${error.message}`)
|
||||
if (error instanceof ValidationError) {
|
||||
return res.status(error.status).json({ error: error.message })
|
||||
}
|
||||
return res.status(500).json({ error: 'Internal server error' })
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* GET: /api/search/authors
|
||||
* Note: This endpoint is not currently used in the web client.
|
||||
*
|
||||
* @param {RequestWithUser} req
|
||||
* @param {Response} res
|
||||
*/
|
||||
async findAuthor(req, res) {
|
||||
const query = req.query.q
|
||||
if (!query || typeof query !== 'string') {
|
||||
Logger.error(`[SearchController] findAuthor: Invalid query param`)
|
||||
return res.status(400).send('Invalid query param')
|
||||
}
|
||||
try {
|
||||
const query = getQueryParamAsString(req.query, 'q', '', true)
|
||||
|
||||
const author = await AuthorFinder.findAuthorByName(query)
|
||||
res.json(author)
|
||||
const author = await AuthorFinder.findAuthorByName(query)
|
||||
res.json(author)
|
||||
} catch (error) {
|
||||
Logger.error(`[SearchController] findAuthor: ${error.message}`)
|
||||
if (error instanceof ValidationError) {
|
||||
return res.status(error.status).json({ error: error.message })
|
||||
}
|
||||
return res.status(500).json({ error: 'Internal server error' })
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -106,16 +184,55 @@ class SearchController {
|
|||
* @param {Response} res
|
||||
*/
|
||||
async findChapters(req, res) {
|
||||
const asin = req.query.asin
|
||||
if (!isValidASIN(asin.toUpperCase())) {
|
||||
return res.json({ error: 'Invalid ASIN', stringKey: 'MessageInvalidAsin' })
|
||||
try {
|
||||
const query = req.query
|
||||
const asin = getQueryParamAsString(query, 'asin', '', true)
|
||||
const region = getQueryParamAsString(req.query.region, 'us').toLowerCase()
|
||||
|
||||
if (!isValidASIN(asin.toUpperCase())) throw new ValidationError('asin', 'is invalid')
|
||||
|
||||
const chapterData = await BookFinder.findChapters(asin, region)
|
||||
if (!chapterData) {
|
||||
return res.json({ error: 'Chapters not found', stringKey: 'MessageChaptersNotFound' })
|
||||
}
|
||||
res.json(chapterData)
|
||||
} catch (error) {
|
||||
Logger.error(`[SearchController] findChapters: ${error.message}`)
|
||||
if (error instanceof ValidationError) {
|
||||
if (error.paramName === 'asin') {
|
||||
return res.json({ error: 'Invalid ASIN', stringKey: 'MessageInvalidAsin' })
|
||||
}
|
||||
if (error.paramName === 'region') {
|
||||
return res.json({ error: 'Invalid region', stringKey: 'MessageInvalidRegion' })
|
||||
}
|
||||
}
|
||||
return res.status(500).json({ error: 'Internal server error' })
|
||||
}
|
||||
const region = (req.query.region || 'us').toLowerCase()
|
||||
const chapterData = await BookFinder.findChapters(asin, region)
|
||||
if (!chapterData) {
|
||||
return res.json({ error: 'Chapters not found', stringKey: 'MessageChaptersNotFound' })
|
||||
}
|
||||
|
||||
/**
|
||||
* GET: /api/search/providers
|
||||
* Get all available metadata providers
|
||||
*
|
||||
* @param {RequestWithUser} req
|
||||
* @param {Response} res
|
||||
*/
|
||||
async getAllProviders(req, res) {
|
||||
const customProviders = await Database.customMetadataProviderModel.findAll()
|
||||
|
||||
const customBookProviders = customProviders.filter((p) => p.mediaType === 'book')
|
||||
const customPodcastProviders = customProviders.filter((p) => p.mediaType === 'podcast')
|
||||
|
||||
const bookProviders = BookFinder.providers.filter((p) => p !== 'audiobookcovers')
|
||||
|
||||
// Build minimized payload with custom providers merged in
|
||||
const providers = {
|
||||
books: [...bookProviders.map((p) => SearchController.formatProvider(p)), ...SearchController.mapCustomProviders(customBookProviders)],
|
||||
booksCovers: [SearchController.formatProvider('best'), ...BookFinder.providers.map((p) => SearchController.formatProvider(p)), ...SearchController.mapCustomProviders(customBookProviders), SearchController.formatProvider('all')],
|
||||
podcasts: [SearchController.formatProvider('itunes'), ...SearchController.mapCustomProviders(customPodcastProviders)]
|
||||
}
|
||||
res.json(chapterData)
|
||||
|
||||
res.json({ providers })
|
||||
}
|
||||
}
|
||||
module.exports = new SearchController()
|
||||
|
|
|
|||
|
|
@ -385,6 +385,11 @@ class BookFinder {
|
|||
|
||||
if (!title) return books
|
||||
|
||||
// Truncate excessively long inputs to prevent ReDoS attacks
|
||||
const MAX_INPUT_LENGTH = 500
|
||||
title = title.substring(0, MAX_INPUT_LENGTH)
|
||||
author = author?.substring(0, MAX_INPUT_LENGTH) || author
|
||||
|
||||
const isTitleAsin = isValidASIN(title.toUpperCase())
|
||||
|
||||
let actualTitleQuery = title
|
||||
|
|
@ -402,7 +407,8 @@ class BookFinder {
|
|||
let authorCandidates = new BookFinder.AuthorCandidates(cleanAuthor, this.audnexus)
|
||||
|
||||
// Remove underscores and parentheses with their contents, and replace with a separator
|
||||
const cleanTitle = title.replace(/\[.*?\]|\(.*?\)|{.*?}|_/g, ' - ')
|
||||
// Use negated character classes to prevent ReDoS vulnerability (input length validated at entry point)
|
||||
const cleanTitle = title.replace(/\[[^\]]*\]|\([^)]*\)|{[^}]*}|_/g, ' - ')
|
||||
// Split title into hypen-separated parts
|
||||
const titleParts = cleanTitle.split(/ - | -|- /)
|
||||
for (const titlePart of titleParts) authorCandidates.add(titlePart)
|
||||
|
|
@ -668,7 +674,9 @@ function cleanTitleForCompares(title, keepSubtitle = false) {
|
|||
let stripped = keepSubtitle ? title : stripSubtitle(title)
|
||||
|
||||
// Remove text in paranthesis (i.e. "Ender's Game (Ender's Saga)" becomes "Ender's Game")
|
||||
let cleaned = stripped.replace(/ *\([^)]*\) */g, '')
|
||||
// Use negated character class to prevent ReDoS vulnerability (input length validated at entry point)
|
||||
let cleaned = stripped.replace(/\([^)]*\)/g, '') // Remove parenthetical content
|
||||
cleaned = cleaned.replace(/\s+/g, ' ').trim() // Clean up any resulting multiple spaces
|
||||
|
||||
// Remove single quotes (i.e. "Ender's Game" becomes "Enders Game")
|
||||
cleaned = cleaned.replace(/'/g, '')
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ class PodcastFinder {
|
|||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param {string} term
|
||||
* @param {{country:string}} options
|
||||
*
|
||||
* @param {string} term
|
||||
* @param {{country:string}} options
|
||||
* @returns {Promise<import('../providers/iTunes').iTunesPodcastSearchResult[]>}
|
||||
*/
|
||||
async search(term, options = {}) {
|
||||
|
|
@ -20,12 +20,16 @@ class PodcastFinder {
|
|||
return results
|
||||
}
|
||||
|
||||
/**
|
||||
* @param {string} term
|
||||
* @returns {Promise<string[]>}
|
||||
*/
|
||||
async findCovers(term) {
|
||||
if (!term) return null
|
||||
Logger.debug(`[iTunes] Searching for podcast covers with term "${term}"`)
|
||||
var results = await this.iTunesApi.searchPodcasts(term)
|
||||
const results = await this.iTunesApi.searchPodcasts(term)
|
||||
if (!results) return []
|
||||
return results.map(r => r.cover).filter(r => r)
|
||||
return results.map((r) => r.cover).filter((r) => r)
|
||||
}
|
||||
}
|
||||
module.exports = new PodcastFinder()
|
||||
module.exports = new PodcastFinder()
|
||||
|
|
|
|||
|
|
@ -224,6 +224,9 @@ class CoverSearchManager {
|
|||
if (!Array.isArray(results)) return covers
|
||||
|
||||
results.forEach((result) => {
|
||||
if (typeof result === 'string') {
|
||||
covers.push(result)
|
||||
}
|
||||
if (result.covers && Array.isArray(result.covers)) {
|
||||
covers.push(...result.covers)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -283,6 +283,7 @@ class ApiRouter {
|
|||
this.router.get('/search/podcast', SearchController.findPodcasts.bind(this))
|
||||
this.router.get('/search/authors', SearchController.findAuthor.bind(this))
|
||||
this.router.get('/search/chapters', SearchController.findChapters.bind(this))
|
||||
this.router.get('/search/providers', SearchController.getAllProviders.bind(this))
|
||||
|
||||
//
|
||||
// Cache Routes (Admin and up)
|
||||
|
|
|
|||
|
|
@ -277,3 +277,57 @@ module.exports.timestampToSeconds = (timestamp) => {
|
|||
}
|
||||
return null
|
||||
}
|
||||
|
||||
class ValidationError extends Error {
|
||||
constructor(paramName, message, status = 400) {
|
||||
super(`Query parameter "${paramName}" ${message}`)
|
||||
this.name = 'ValidationError'
|
||||
this.paramName = paramName
|
||||
this.status = status
|
||||
}
|
||||
}
|
||||
module.exports.ValidationError = ValidationError
|
||||
|
||||
class NotFoundError extends Error {
|
||||
constructor(message, status = 404) {
|
||||
super(message)
|
||||
this.name = 'NotFoundError'
|
||||
this.status = status
|
||||
}
|
||||
}
|
||||
module.exports.NotFoundError = NotFoundError
|
||||
|
||||
/**
|
||||
* Safely extracts a query parameter as a string, rejecting arrays to prevent type confusion
|
||||
* Express query parameters can be arrays if the same parameter appears multiple times
|
||||
* @example ?author=Smith => "Smith"
|
||||
* @example ?author=Smith&author=Jones => throws error
|
||||
*
|
||||
* @param {Object} query - Query object
|
||||
* @param {string} paramName - Parameter name
|
||||
* @param {string} defaultValue - Default value if undefined/null
|
||||
* @param {boolean} required - Whether the parameter is required
|
||||
* @param {number} maxLength - Optional maximum length (defaults to 10000 to prevent ReDoS attacks)
|
||||
* @returns {string} String value
|
||||
* @throws {ValidationError} If value is an array
|
||||
* @throws {ValidationError} If value is too long
|
||||
* @throws {ValidationError} If value is required but not provided
|
||||
*/
|
||||
module.exports.getQueryParamAsString = (query, paramName, defaultValue = '', required = false, maxLength = 1000) => {
|
||||
const value = query[paramName]
|
||||
if (value === undefined || value === null) {
|
||||
if (required) {
|
||||
throw new ValidationError(paramName, 'is required')
|
||||
}
|
||||
return defaultValue
|
||||
}
|
||||
// Explicitly reject arrays to prevent type confusion
|
||||
if (Array.isArray(value)) {
|
||||
throw new ValidationError(paramName, 'is an array')
|
||||
}
|
||||
// Reject excessively long strings to prevent ReDoS attacks
|
||||
if (typeof value === 'string' && value.length > maxLength) {
|
||||
throw new ValidationError(paramName, 'is too long')
|
||||
}
|
||||
return String(value)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue