2315 commits

Author	SHA1	Message	Date
Denis Arnst	67f8eb6815	OIDC: Support object-shaped and string group claims ... The group claim was assumed to always be an array, which crashes with providers like Zitadel that return an object with role names as keys (e.g. { "admin": {...}, "user": {...} }). Normalize all common formats: array, single string, and object (extract keys). Fixes #4744	2026-02-12 13:25:56 +01:00
Denis Arnst	84b3d4d215	Fix migration crash on upgrade from v2.31.0 ... Removed index definition from Session model since the migration already creates it. This prevents .sync() from trying to create the index before migrations run. Also bumped version to 2.34.0 to match migration files. Fixes: SQLITE_ERROR: no such column: oidcSessionId	2026-02-07 22:19:33 +01:00
Denis Arnst	e428ba5657	OIDC: Fix CodeQL warnings	2026-02-05 20:31:07 +01:00
Denis Arnst	c2a7615319	OIDC: Improve error messages	2026-02-05 20:10:18 +01:00
Denis Arnst	49aeb2da19	Require email_verified to be explicitly true when enforcement is enabled ... Previously the check only rejected email_verified === false, allowing logins when the claim was missing entirely. Since the admin opted in, the IdP is expected to provide the claim.	2026-02-05 19:56:58 +01:00
Denis Arnst	b3d63f4158	Fix backchannel logout always returning 501 ... global.ServerSettings is a plain JSON object from toJSON(), so the isOpenIDAuthSettingsValid getter was always undefined. Use Database.serverSettings instead, matching the rest of the codebase.	2026-02-05 19:35:50 +01:00
Denis Arnst	073eff74ef	Add OIDC Back-Channel Logout support ... Implement OIDC Back-Channel Logout 1.0 (RFC). When enabled, the IdP can POST a signed logout_token JWT to invalidate user sessions server-side. - Add BackchannelLogoutHandler: JWT verification via jose, jti replay protection with bounded cache, session destruction by sub or sid - Add oidcSessionId column to sessions table with index for fast lookups - Add backchannel logout route (POST /auth/openid/backchannel-logout) - Notify connected clients via socket to redirect to login page - Add authOpenIDBackchannelLogoutEnabled toggle in schema-driven settings UI - Migration v2.34.0 adds oidcSessionId column and index - Polish settings UI: auto-populate loading state, subfolder dropdown options, KeyValueEditor fixes, localized descriptions via descriptionKey, duplicate key detection, success/error toasts - Localize backchannel logout toast (ToastSessionEndedByProvider) - OidcAuthStrategy tests now use real class via require-cache stubbing	2026-02-05 17:55:10 +01:00
Denis Arnst	33bee70a12	Revamp OIDC auth: remove Passport wrapper, add schema-driven settings UI ... - Remove Passport.js wrapper from OIDC auth, use openid-client directly - Add schema-driven OIDC settings UI (OidcSettingsSchema.js drives form rendering) - Add group mapping with KeyValueEditor (explicit mapping or legacy direct name match) - Add scopes configuration (authOpenIDScopes) - Add verified email enforcement option (authOpenIDRequireVerifiedEmail) - Fix group claim validation rejecting URN-style claims (#4744) - Add auto-discover endpoint for OIDC provider configuration - Store oidcIdToken in sessions table instead of cookie - Add AuthError class for structured error handling in auth flows - Migration v2.33.0 adds oidcIdToken column and new settings fields	2026-02-05 17:54:59 +01:00
advplyr	122fc34a75	Fix server crash filtering by decade with collapsed series	2025-12-24 17:07:05 -06:00
advplyr	04eb3bc437	Fix server crash on audible match #4931	2025-12-23 16:44:29 -06:00
advplyr	7b37c98e88	Book tags genres dedupe (#4927) ... * Update Audible provider dedupe genres/tags and return tags as array * Update custom metadata provider to dedupe tags/genres and return tags as array	2025-12-21 15:38:34 -06:00
advplyr	e003544edd	Merge pull request #4766 from TN-SKYC/Authors-bug ... Bug in matching author of a book when this author already exists in the db.	2025-12-21 14:49:37 -06:00
advplyr	076ece6fe7	Auto-formatting	2025-12-21 14:45:04 -06:00
mikiher	d7bfccdc4a	BackupManager: Remove backup fallback logic	2025-12-01 18:54:43 +02:00
mikiher	5f1edcb609	Wrap ensureDir in try-catch blocks	2025-12-01 18:00:34 +02:00
Finn Dittmar	a5d2c1bd64	Fix Upload Lookup	2025-11-29 11:02:42 +01:00
Finn Dittmar	3e9ca51088	Fix region parameter extraction in findChapters	2025-11-27 21:40:29 +01:00
advplyr	763d8810e3	Update Stream ac3/eac3 check	2025-11-08 17:08:43 -06:00
Finn Dittmar	3316505d1c	Really makes sure nothing can break	2025-11-07 19:12:38 +01:00
Finn Dittmar	2cf6e8a5fe	Support eac3	2025-11-07 19:02:32 +01:00
Tomasz N.	961d066bdd	Wrong branch.	2025-10-31 15:39:12 +01:00
Tomasz N.	372c9a5322	Increasing the timeout for bookfinder - some metadata providers heavily throttle the requests, original 10s is not enough.	2025-10-31 15:36:47 +01:00
Tomasz N.	a5750deaaf	The key change: Move the Database.bookAuthorModel.create() block outside the if (!author) check, ... so it runs whether the author was just created OR already existed in the database. This bug was visible when using "Match Books" for a library and the outcome was books had no author(s) assigned despite the custom providers correctly providing those values.	2025-10-22 23:02:49 +02:00
advplyr	a92ba564bd	Merge pull request #4750 from mikiher/providers-api ... Add metadata providers API and use them on web client	2025-10-21 17:24:11 -05:00
advplyr	e684a8dc43	Update JSDocs & auto-formatting of PodcastFinder	2025-10-21 17:22:10 -05:00
mikiher	57c7b123f0	Fix codeQL error: Return json error object	2025-10-21 11:00:29 +03:00
mikiher	fd593caafc	SearchController: simplify query param validation logic	2025-10-21 09:38:35 +03:00
advplyr	d0a3f74710	Merge pull request #4756 from Vito0912/tokenExpiry ... Change token expiry	2025-10-20 17:19:54 -05:00
advplyr	b1921e7034	Fix podcast failed to parse rss feed when feed is not using CData in content:encoded #4757	2025-10-19 17:25:18 -05:00
mikiher	b01e7570d3	Remove custom providers from library filterdata request	2025-10-19 10:54:26 +03:00
mikiher	0a8662d198	Merge providers API into a single endpoint	2025-10-19 10:53:27 +03:00
Finn Dittmar	0a4de61eff	Chnage Auth Expiry	2025-10-19 09:22:12 +02:00
mikiher	0a82d6a41b	CoverSearchManager: Fix broken podcast cover search	2025-10-17 08:11:03 +03:00
mikiher	3f6162f53c	CodeQL fix: limit parameter sizes	2025-10-15 18:54:29 +03:00
mikiher	888190a6be	Fix codeQL failures	2025-10-15 18:28:15 +03:00
mikiher	1da3ab7fdc	ApiRouter: New provider API routes	2025-10-14 18:10:12 +03:00
mikiher	4f30cbf2f6	SearchController: New providers API, query param validation	2025-10-14 18:09:32 +03:00
advplyr	a87ea32715	Fix admin user unable to close sessions of other users #4746	2025-10-13 09:50:01 -05:00
advplyr	feed827223	Update settings update endpoint to validate allowedOrigins is array	2025-10-10 18:00:37 -05:00
mikiher	20de2ea388	Add "Best" option to book cover search	2025-10-03 08:23:53 +03:00
mikiher	dbb5ee79ac	Revert removal of audiobookcovers provider	2025-10-03 08:20:56 +03:00
mikiher	c6dabd2620	Shorten timeout and error message for remaining providers	2025-10-02 22:23:12 +03:00
mikiher	26f949b9ba	Remove audiobookcovers from provider list	2025-10-02 22:14:48 +03:00
mikiher	7630dbdcb7	Replace cover search with streaming version	2025-10-02 13:30:03 +03:00
mikiher	a164c17d38	Reduce provider timout to 10 secs, Shorten error message	2025-10-02 13:26:05 +03:00
advplyr	03da194953	Update for nextjs client, pass all remaining requests through to nextjs	2025-09-28 09:41:15 -05:00
advplyr	a456865ec0	Fix issue with episode downloads without streams, fallback to regular dl on ffprobe fail	2025-09-10 17:10:00 -05:00
Vito0912	50e2fe7fd2	Fix http/https error	2025-08-30 17:47:21 +02:00
John	18ad23d016	Issue 4540 New SortBy Options: Started Date & Finished Date (#4575) ... --------- Co-authored-by: advplyr <advplyr@protonmail.com>	2025-08-24 16:54:38 -05:00
advplyr	18200a8f01	Merge pull request #4533 from sir-wilhelm/wmic_replacement ... Use PowerShell to get windows drive paths.	2025-08-23 17:55:50 -04:00