Mobileread
Private Content-Server Libraries in Public Environment
#1  ConnorMac 03-30-2020, 07:53 PM
First time poster and Originally Signed up to this forum to discuss the issues I was having trying to get the Development Environment to work under FreeBSD, but that's slightly irrelevant as I found a workaround to implement the code changes into my live system without having to use the downloaded source.

Anyway I digress, I set out with the aim of transferring all my eBooks and comics into a fresh server for the use of any guests visiting or staying at my property - without the need for a username login to access. However some of the works in my collection are of an adult nature and while I'd still like them to be available, they shouldn't be obviously accessible from the content manager homepage.

My solution was a second a library with the keyword "Private" in the name.
this was combined with the following coding changes.
./calibre/srv/legacy.py Line 129

select.append(E.option(library_name, value=library_id))

to

if not "Private" in library_name: select.append(E.option(library_name, value=library_id))

./calibre/srv/odps.py line 300

self.root.append(E.entry(

to

if not "Private" in library_name: self.root.append(E.entry(

and

/pyj/book_list/home.pyj added line at 256

if "Private" in library_name: cl.lastChild.style.visibility = 'hidden'

For Both /mobile and /opds the block can be bypassed by using a direct hard link to/opds?library_id=Private-Library-name /mobile?library_id=Private-Library-name (or whatever the library is called)
for the default ajax site the button can be unhidden using javascript (or most modern browser's resource inspector) or it can likewise be accessed through a direct hard link to /#library_id=Private-Library-name
I can make these links available on a case by case basis without risk of them being found accidentally.

I thought it worth raising here, to see if such a change would be worth committing to the code (beyond my own specific circumstance) or whether it would have unintended ramifications that would affect others?
Reply 

#2  kovidgoyal 03-31-2020, 12:20 AM
I'm afraid I'm not interested in implementing "hiding" features. They are trivially bypassed by anyone with a little knowledge of how the server works. There is a robust mechanism for access control based on user accounts, that cannot (barring bugs) be bypassed.
Reply 

#3  ConnorMac 03-31-2020, 02:49 PM
And that of course is an option that will work for some people, though googling to see whether this sort of solution existed threw up more than a few requests along these lines to deter casual browsing (particularly deterring pre-adolescents who are unlikely to bypass it in my case) rather than the creation and sharing of usernames and passwords to guests.

If any users wished to make such a change to their live system in my install
opds.py and legacy.py can be found at /usr/local/lib/calibre/calibre/srv

while home.pyj compiles into
/usr/local/share/calibre/content-server/index-generated.html
Where the code is now Javascript and should be implemented around line 32007 (linecount for slightly older build) it should sit before the line cl.lastChild.style.margin = "1ex 1rem";

and should be inserted as

if (library_name.includes("Private")) cl.lastChild.style.visibility = "hidden"
Reply 

#4  nonlinear.nyc 06-23-2020, 08:51 AM
I think we should keep in mind ConnorMac's threat model... It's a light hide, frankly just not showing it by default to people on his own network.

I like the idea, and i'd like to learn how to set up this "ether" library.
Reply 

Today's Posts | Search this Thread | Login | Register