Update podcast episode downloads to have a fallback user agent string

Update pathexists endpoint to check user has access to library

server/controllers/FileSystemController.js

@@ -108,7 +108,13 @@ class FileSystemController {
       return res.sendStatus(404)
     }
 
-    const filepath = Path.join(libraryFolder.path, directory)
+    if (!req.user.checkCanAccessLibrary(libraryFolder.libraryId)) {
+      Logger.error(`[FileSystemController] User "${req.user.username}" attempting to check path exists for library "${libraryFolder.libraryId}" without access`)
+      return res.sendStatus(403)
+    }
+
+    let filepath = Path.join(libraryFolder.path, directory)
+    filepath = fileUtils.filePathToPOSIX(filepath)
 
     // Ensure filepath is inside library folder (prevents directory traversal)
     if (!filepath.startsWith(libraryFolder.path)) {

server/controllers/MiscController.js

@@ -59,6 +59,12 @@ class MiscController {
     if (!library) {
       return res.status(404).send('Library not found')
     }
+
+    if (!req.user.checkCanAccessLibrary(library.id)) {
+      Logger.error(`[MiscController] User "${req.user.username}" attempting to upload to library "${library.id}" without access`)
+      return res.sendStatus(403)
+    }
+
     const folder = library.libraryFolders.find((fold) => fold.id === folderId)
     if (!folder) {
       return res.status(404).send('Folder not found')

server/utils/ffmpegHelpers.js

@@ -103,18 +103,39 @@ module.exports.resizeImage = resizeImage
  */
 module.exports.downloadPodcastEpisode = (podcastEpisodeDownload) => {
   return new Promise(async (resolve) => {
-    const response = await axios({
+    // Some podcasts fail due to user agent strings
-      url: podcastEpisodeDownload.url,
+    // See: https://github.com/advplyr/audiobookshelf/issues/3246 (requires iTMS user agent)
-      method: 'GET',
+    // See: https://github.com/advplyr/audiobookshelf/issues/4401 (requires no iTMS user agent)
-      responseType: 'stream',
+    const userAgents = ['audiobookshelf (+https://audiobookshelf.org; like iTMS)', 'audiobookshelf (+https://audiobookshelf.org)']
-      headers: {
+
-        'User-Agent': 'audiobookshelf (+https://audiobookshelf.org)'
+    let response = null
-      },
+    let lastError = null
-      timeout: global.PodcastDownloadTimeout
+
-    }).catch((error) => {
+    for (const userAgent of userAgents) {
-      Logger.error(`[ffmpegHelpers] Failed to download podcast episode with url "${podcastEpisodeDownload.url}"`, error)
+      try {
-      return null
+        response = await axios({
-    })
+          url: podcastEpisodeDownload.url,
+          method: 'GET',
+          responseType: 'stream',
+          headers: {
+            'User-Agent': userAgent
+          },
+          timeout: global.PodcastDownloadTimeout
+        })
+
+        Logger.debug(`[ffmpegHelpers] Successfully connected with User-Agent: ${userAgent}`)
+        break
+      } catch (error) {
+        lastError = error
+        Logger.warn(`[ffmpegHelpers] Failed to download podcast episode with User-Agent "${userAgent}" for url "${podcastEpisodeDownload.url}"`, error.message)
+
+        // If this is the last attempt, log the full error
+        if (userAgent === userAgents[userAgents.length - 1]) {
+          Logger.error(`[ffmpegHelpers] All User-Agent attempts failed for url "${podcastEpisodeDownload.url}"`, lastError)
+        }
+      }
+    }
+
     if (!response) {
       return resolve({
         success: false