Update links in the README

Let next.js handle file uploads through internal-api routes

client/package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "audiobookshelf-client",
-  "version": "2.34.0",
+  "version": "2.35.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "audiobookshelf-client",
-      "version": "2.34.0",
+      "version": "2.35.1",
       "license": "ISC",
       "dependencies": {
         "@nuxtjs/axios": "^5.13.6",

client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "audiobookshelf-client",
-  "version": "2.34.0",
+  "version": "2.35.1",
   "buildNumber": 1,
   "description": "Self-hosted audiobook and podcast client",
   "main": "index.js",

client/strings/ar.json

@@ -244,6 +244,8 @@
   "LabelAlreadyInYourLibrary": "موجود بالفعل في مكتبتك",
   "LabelApiKeyCreated": "تم إنشاء مفتاح API \"{0}\" بنجاح.",
   "LabelApiKeyCreatedDescription": "تأكد من نسخ مفتاح API الآن، لن تتمكن من رؤيته مرة أخرى.",
+  "LabelApiKeyUser": "التصرف بالنيابة عن مستخدم",
+  "LabelApiKeyUserDescription": "مفتاح API سيمتلك نفس صلاحيات المستخدم الذي ينوب عنه ، سيظهر بالسجلات وكأن المستخدم قام بالطلب.",
   "LabelApiToken": "رمز API",
   "LabelAppend": "إلحاق",
   "LabelAudioBitrate": "معدل بت الصوت (على سبيل المثال 128 كيلو بايت)",
@@ -293,6 +295,7 @@
   "LabelContinueListening": "استمرار الاستماع",
   "LabelContinueReading": "استمرار القراءة",
   "LabelContinueSeries": "استمرار المسلسلات",
+  "LabelCorsAllowed": "CORS Origins مسموح",
   "LabelCover": "الغلاف",
   "LabelCoverImageURL": "رابط صورة الغلاف",
   "LabelCoverProvider": "مزود الغلاف",
@@ -426,6 +429,9 @@
   "LabelLibraryFilterSublistEmpty": "لا يوجد {0}",
   "LabelLibraryItem": "عنصر المكتبة",
   "LabelLibraryName": "اسم المكتبة",
+  "LabelLibrarySortByProgress": "المرحلة: الأحدث",
+  "LabelLibrarySortByProgressFinished": "المرحلة: تم الانتهاء",
+  "LabelLibrarySortByProgressStarted": "المرحلة: تم البدء",
   "LabelLimit": "حد",
   "LabelLineSpacing": "تباعد الأسطر",
   "LabelListenAgain": "الاستماع مجدداً",

client/strings/be.json

@@ -88,7 +88,7 @@
   "ButtonResetToDefault": "Скінуць да прадвызначаных",
   "ButtonRestore": "Аднавіць",
   "ButtonSave": "Захаваць",
-  "ButtonSaveAndClose": "Захаваць і зачыніць",
+  "ButtonSaveAndClose": "Захаваць і закрыць",
   "ButtonSaveTracklist": "Захаваць спіс трэкаў",
   "ButtonScan": "Сканаваць",
   "ButtonScanLibrary": "Сканіраваць бібліятэку",
@@ -284,7 +284,7 @@
   "LabelChaptersFound": "раздзелаў знойдзена",
   "LabelClickForMoreInfo": "Націсніце для больш падрабязнай інфармацыі",
   "LabelClickToUseCurrentValue": "Націсніце, каб выкарыстоўваць бягучае значэнне",
-  "LabelClosePlayer": "Зачыніць прайгравальнік",
+  "LabelClosePlayer": "Закрыць прайгравальнік",
   "LabelCodec": "Кодэк",
   "LabelCollapseSeries": "Згарнуць серыі",
   "LabelCollapseSubSeries": "Згарнуць падсерыі",

client/strings/bg.json

@@ -752,7 +752,7 @@
   "MessageBookshelfNoRSSFeeds": "Няма отворени RSS feed-ове",
   "MessageBookshelfNoResultsForFilter": "Няма резултат за филтер \"{0}: {1}\"",
   "MessageBookshelfNoResultsForQuery": "Няма резултати от заявката",
-  "MessageBookshelfNoSeries": "Нямаш сеЗЙ",
+  "MessageBookshelfNoSeries": "Нямате поредица",
   "MessageBulkChapterPattern": "Колко глави искате да добавите, използвайки тази схема за номериране?",
   "MessageChapterEndIsAfter": "Краят на главата е след края на вашата аудиокнига",
   "MessageChapterErrorFirstNotZero": "Първата глава трябва да започва от 0",
@@ -1018,18 +1018,50 @@
   "ToastChapterStartTimeAdjusted": "Начално време на главате е настоено с {0} секунди",
   "ToastChaptersAllLocked": "Всички глави са заключени. Оключете някой глави за да преместите техните времена.",
   "ToastChaptersHaveErrors": "Главите имат грешки",
+  "ToastChaptersInvalidShiftAmountLast": "Невалидно време за преместване. Началният час на последната глава ще превиши общата продължителност на аудиокнигата.",
+  "ToastChaptersInvalidShiftAmountStart": "Невалидно време за преместване. Първата глава ще има нулева или отрицателна дължина и ще бъде презаписана от втората глава. Увеличете началното време на втората глава.",
   "ToastChaptersMustHaveTitles": "Главите трябва да имат заглавия",
+  "ToastChaptersRemoved": "Главите са премахнати",
+  "ToastChaptersUpdated": "Главите са актуализирани",
+  "ToastCollectionItemsAddFailed": "Неуспешно добавяне на елемент(и) към колекцията",
   "ToastCollectionRemoveSuccess": "Колекцията е премахната",
   "ToastCollectionUpdateSuccess": "Колекцията е обновена",
+  "ToastConnectionNotAvailable": "Няма връзка. Моля, опитайте отново по-късно",
+  "ToastCoverSearchFailed": "Търсенето на корица е неуспешно",
+  "ToastCoverUpdateFailed": "Обновяването на корицата е неуспешно",
+  "ToastDateTimeInvalidOrIncomplete": "Датата и часът са невалидни или непълни",
   "ToastDeleteFileFailed": "Неуспешно изтриване на файла",
   "ToastDeleteFileSuccess": "Успешно изтриване на файла",
+  "ToastDeviceAddFailed": "Неуспешно добавяне на устройство",
+  "ToastDeviceNameAlreadyExists": "Вече съществува четец с това име",
+  "ToastDeviceTestEmailFailed": "Неуспешно изпращане на тестов имейл",
+  "ToastDeviceTestEmailSuccess": "Тестовият имейл е изпратен",
+  "ToastEmailSettingsUpdateSuccess": "Имейл настройките са актуализирани",
+  "ToastEncodeCancelFailed": "Неуспешно отменяне на кодирането",
+  "ToastEncodeCancelSucces": "Кодирането е отменено",
+  "ToastEpisodeDownloadQueueClearFailed": "Неуспешно изчистване на опашката",
+  "ToastEpisodeDownloadQueueClearSuccess": "Опашката за изтегляне на епизоди е изчистена",
+  "ToastEpisodeUpdateSuccess": "{0} епизода са актуализирани",
+  "ToastErrorCannotShare": "Не може да се споделя директно от това устройство",
+  "ToastFailedToCreate": "Неуспешно създаване",
+  "ToastFailedToDelete": "Неуспешно изтриване",
   "ToastFailedToLoadData": "Неуспешно зареждане на данни",
+  "ToastFailedToMatch": "Неуспешно съвпадение",
+  "ToastFailedToShare": "Неуспешно споделяне",
+  "ToastFailedToUpdate": "Неуспешно актуализиране",
+  "ToastInvalidImageUrl": "Невалиден URL адрес на изображение",
+  "ToastInvalidMaxEpisodesToDownload": "Невалиден максимален брой епизоди за изтегляне",
+  "ToastInvalidUrl": "Невалиден URL адрес",
+  "ToastInvalidUrls": "Един или повече URL адреси са невалидни",
   "ToastItemCoverUpdateSuccess": "Корицата на елемента е обновена",
+  "ToastItemDeletedFailed": "Неуспешно изтриване на елемента",
+  "ToastItemDeletedSuccess": "Елементът е изтрит",
   "ToastItemDetailsUpdateSuccess": "Детайлите на елемента са обновени",
   "ToastItemMarkedAsFinishedFailed": "Неуспешно маркиране като Завършено",
   "ToastItemMarkedAsFinishedSuccess": "Елементът е маркиран като завършен",
   "ToastItemMarkedAsNotFinishedFailed": "Неуспешно маркиране като Незавършено",
   "ToastItemMarkedAsNotFinishedSuccess": "Елементът е маркиран като незавършен",
+  "ToastItemUpdateSuccess": "Елементът е актуализиран",
   "ToastLibraryCreateFailed": "Неуспешно създаване на библиотека",
   "ToastLibraryCreateSuccess": "Библиотеката \"{0}\" е създадена",
   "ToastLibraryDeleteFailed": "Неуспешно изтриване на библиотека",
@@ -1037,28 +1069,97 @@
   "ToastLibraryScanFailedToStart": "Неуспешно стартиране на сканиране",
   "ToastLibraryScanStarted": "Сканирането на библиотеката е стартирано",
   "ToastLibraryUpdateSuccess": "Библиотеката \"{0}\" е обновена",
+  "ToastMatchAllAuthorsFailed": "Неуспешно съвпадение на всички автори",
+  "ToastMetadataFilesRemovedError": "Грешка при премахване на metadata.{0} файлове",
+  "ToastMetadataFilesRemovedNoneFound": "Не са намерени metadata.{0} файлове в библиотеката",
+  "ToastMetadataFilesRemovedNoneRemoved": "Не са премахнати metadata.{0} файлове",
+  "ToastMetadataFilesRemovedSuccess": "Премахнати са {0} файла metadata.{1}",
+  "ToastMustHaveAtLeastOnePath": "Трябва да има поне един път",
+  "ToastNameEmailRequired": "Изискват се име и имейл",
+  "ToastNameRequired": "Изисква се име",
+  "ToastNewApiKeyUserError": "Трябва да изберете потребител",
+  "ToastNewEpisodesFound": "Намерени са {0} нови епизода",
+  "ToastNewUserCreatedFailed": "Неуспешно създаване на акаунт: „{0}“",
+  "ToastNewUserCreatedSuccess": "Създаден е нов акаунт",
+  "ToastNewUserLibraryError": "Трябва да изберете поне една библиотека",
+  "ToastNewUserPasswordError": "Трябва да има парола; само root потребителят може да бъде с празна парола",
+  "ToastNewUserTagError": "Трябва да изберете поне един етикет",
+  "ToastNewUserUsernameError": "Въведете потребителско име",
+  "ToastNoNewEpisodesFound": "Не са намерени нови епизоди",
+  "ToastNoRSSFeed": "Подкастът няма RSS емисия",
+  "ToastNoUpdatesNecessary": "Не са необходими актуализации",
+  "ToastNotificationCreateFailed": "Неуспешно създаване на известие",
+  "ToastNotificationDeleteFailed": "Неуспешно изтриване на известието",
+  "ToastNotificationFailedMaximum": "Максималният брой неуспешни опити трябва да бъде >= 0",
+  "ToastNotificationQueueMaximum": "Максималната опашка за известия трябва да бъде >= 0",
+  "ToastNotificationSettingsUpdateSuccess": "Настройките за известия са актуализирани",
+  "ToastNotificationTestTriggerFailed": "Неуспешно задействане на тестово известие",
+  "ToastNotificationTestTriggerSuccess": "Тестовото известие е задействано",
+  "ToastNotificationUpdateSuccess": "Известието е актуализирано",
   "ToastPlaylistCreateFailed": "Неуспешно създаване на плейлист",
   "ToastPlaylistCreateSuccess": "Плейлистът е създаден",
   "ToastPlaylistRemoveSuccess": "Плейлистът е премахнат",
   "ToastPlaylistUpdateSuccess": "Плейлистът е обновен",
   "ToastPodcastCreateFailed": "Неуспешно създаване на подкаст",
   "ToastPodcastCreateSuccess": "Подкаст успешно създаден",
+  "ToastPodcastEpisodeUpdated": "Епизодът е актуализиран",
+  "ToastPodcastGetFeedFailed": "Неуспешно извличане на емисията на подкаста",
+  "ToastPodcastNoEpisodesInFeed": "Не са намерени епизоди в RSS емисията",
+  "ToastPodcastNoRssFeed": "Подкастът няма RSS емисия",
+  "ToastProgressIsNotBeingSynced": "Напредъкът не се синхронизира, рестартирайте възпроизвеждането",
+  "ToastProviderCreatedFailed": "Неуспешно добавяне на доставчик",
+  "ToastProviderCreatedSuccess": "Добавен е нов доставчик",
+  "ToastProviderNameAndUrlRequired": "Изискват се име и URL адрес",
+  "ToastProviderRemoveSuccess": "Доставчикът е премахнат",
   "ToastRSSFeedCloseFailed": "Неуспешно затваряне на RSS емисията",
   "ToastRSSFeedCloseSuccess": "RSS емисията е затворена",
+  "ToastRemoveFailed": "Неуспешно премахване",
   "ToastRemoveItemFromCollectionFailed": "Неуспешно премахване на елемент от колекция",
   "ToastRemoveItemFromCollectionSuccess": "Елементът е премахнат от колекция",
+  "ToastRemoveItemsWithIssuesFailed": "Неуспешно премахване на елементите от библиотеката с проблеми",
+  "ToastRemoveItemsWithIssuesSuccess": "Елементите от библиотеката с проблеми са премахнати",
+  "ToastRenameFailed": "Неуспешно преименуване",
+  "ToastRescanFailed": "Повторното сканиране е неуспешно за {0}",
+  "ToastRescanRemoved": "Повторното сканиране завърши: елементът е премахнат",
+  "ToastRescanUpToDate": "Повторното сканиране завърши: елементът вече е актуален",
+  "ToastRescanUpdated": "Повторното сканиране завърши: елементът е актуализиран",
+  "ToastScanFailed": "Неуспешно сканиране на елемент от библиотеката",
+  "ToastSelectAtLeastOneUser": "Изберете поне един потребител",
   "ToastSendEbookToDeviceFailed": "Неуспешно изпращане на електронна книга до устройство",
   "ToastSendEbookToDeviceSuccess": "Електронната книга е изпратена до устройство \"{0}\"",
+  "ToastSeriesSubmitFailedSameName": "Не могат да бъдат добавени два сериала с едно и също име",
   "ToastSeriesUpdateFailed": "Неуспешно обновяване на серия",
   "ToastSeriesUpdateSuccess": "Серията е обновена",
   "ToastServerSettingsUpdateSuccess": "Настройките на сървъра са актуализирани",
+  "ToastSessionCloseFailed": "Неуспешно затваряне на сесията",
   "ToastSessionDeleteFailed": "Неуспешно изтриване на сесия",
   "ToastSessionDeleteSuccess": "Сесията е изтрита",
+  "ToastSleepTimerDone": "Таймерът за заспиване приключи... zZzzZz",
+  "ToastSlugMustChange": "Краткият URL (slug) съдържа невалидни символи",
+  "ToastSlugRequired": "Изисква се кратък URL (slug)",
   "ToastSocketConnected": "Свързан сокет",
   "ToastSocketDisconnected": "Сокетът е прекъснат",
   "ToastSocketFailedToConnect": "Неуспешно свързване на сокет",
   "ToastSortingPrefixesEmptyError": "Трябва да има поне 1 префикс за сортиране",
   "ToastSortingPrefixesUpdateSuccess": "Префиксите за сортиране са актуализирани ({0} елемента)",
+  "ToastTitleRequired": "Изисква се заглавие",
+  "ToastUnknownError": "Неизвестна грешка",
+  "ToastUnlinkOpenIdFailed": "Неуспешно прекъсване на връзката на потребителя с OpenID",
+  "ToastUnlinkOpenIdSuccess": "Връзката на потребителя с OpenID е прекъсната",
+  "ToastUploaderFilepathExistsError": "Файловият път „{0}“ вече съществува на сървъра",
+  "ToastUploaderItemExistsInSubdirectoryError": "Елементът „{0}“ използва поддиректория на пътя за качване.",
   "ToastUserDeleteFailed": "Неуспешно изтриване на потребител",
-  "ToastUserDeleteSuccess": "Потребителят е изтрит"
+  "ToastUserDeleteSuccess": "Потребителят е изтрит",
+  "ToastUserPasswordChangeSuccess": "Паролата е променена успешно",
+  "ToastUserPasswordMismatch": "Паролите не съвпадат",
+  "ToastUserPasswordMustChange": "Новата парола не може да бъде същата като старата",
+  "ToastUserRootRequireName": "Трябва да въведете root потребителско име",
+  "TooltipAddChapters": "Добавяне на глава(и)",
+  "TooltipAddOneSecond": "Добавяне на 1 секунда",
+  "TooltipAdjustChapterStart": "Кликнете за коригиране на началния час",
+  "TooltipLockAllChapters": "Заключване на всички глави",
+  "TooltipLockChapter": "Заключване на глава (Shift+клик за диапазон)",
+  "TooltipSubtractOneSecond": "Изваждане на 1 секунда",
+  "TooltipUnlockAllChapters": "Отключване на всички глави",
+  "TooltipUnlockChapter": "Отключване на глава (Shift+клик за диапазон)"
 }

client/strings/lv.json

@@ -0,0 +1 @@
+{}

client/strings/pl.json

@@ -951,6 +951,11 @@
   "NoteUploaderFoldersWithMediaFiles": "Foldery z plikami multimedialnymi będą traktowane jako osobne elementy w bibliotece.",
   "NoteUploaderOnlyAudioFiles": "Jeśli przesyłasz tylko pliki audio, każdy plik audio będzie traktowany jako osobny audiobook.",
   "NoteUploaderUnsupportedFiles": "Nieobsługiwane pliki są ignorowane. Podczas dodawania folderu, inne pliki, które nie znajdują się w folderze elementu, są ignorowane.",
+  "NotificationOnBackupCompletedDescription": "Wyzwalane po zakończeniu tworzenia kopii zapasowej",
+  "NotificationOnBackupFailedDescription": "Wyzwalane w przypadku gdy stworzenie kopii zapasowej rzuci błąd",
+  "NotificationOnEpisodeDownloadedDescription": "Wyzwalane, gdy odcinek podcastu zostanie automatycznie pobrany",
+  "NotificationOnRSSFeedDisabledDescription": "Wyzwalane, gdy automatyczne pobieranie odcinków jest wyłączone z powodu zbyt wielu nieudanych prób",
+  "NotificationOnRSSFeedFailedDescription": "Wyzwalane, gdy żądanie kanału RSS dotyczące automatycznego pobrania odcinka nie powiedzie się",
   "NotificationOnTestDescription": "Zdarzenie używane do testowania systemu powiadomień",
   "PlaceholderBulkChapterInput": "Wpisz tytuł rozdziału lub użyj numeracji (np. „Odcinek 1”, „Rozdział 10”, „1.”)",
   "PlaceholderNewCollection": "Nowa nazwa kolekcji",
@@ -960,6 +965,7 @@
   "PlaceholderSearchEpisode": "Szukanie odcinka..",
   "StatsAuthorsAdded": "dodano autorów",
   "StatsBooksAdded": "dodano książki",
+  "StatsBooksAdditional": "Niektóre dodatki obejmują…",
   "StatsBooksFinished": "ukończone książki",
   "StatsBooksFinishedThisYear": "Wybrane książki ukończone w tym roku…",
   "StatsBooksListenedTo": "książki wysłuchane",
@@ -976,6 +982,7 @@
   "StatsTotalDuration": "O sumarycznej długości…",
   "StatsYearInReview": "PRZEGLĄD ROKU",
   "ToastAccountUpdateSuccess": "Zaktualizowano konto",
+  "ToastAppriseUrlRequired": "Należy wprowadzić adres URL Apprise",
   "ToastAsinRequired": "ASIN jest wymagany",
   "ToastAuthorImageRemoveSuccess": "Zdjęcie autora usunięte",
   "ToastAuthorNotFound": "Autor \"{0}\" nie został znaleziony",
@@ -994,8 +1001,11 @@
   "ToastBackupRestoreFailed": "Nie udało się przywrócić kopii zapasowej",
   "ToastBackupUploadFailed": "Nie udało się przesłać kopii zapasowej",
   "ToastBackupUploadSuccess": "Kopia zapasowa została przesłana",
+  "ToastBatchApplyDetailsToItemsSuccess": "Szczegóły zastosowane do elementów",
   "ToastBatchDeleteFailed": "Usuwanie zbiorcze nie powiodło się",
   "ToastBatchDeleteSuccess": "Usuwanie zbiorcze powiodło się",
+  "ToastBatchQuickMatchFailed": "Szybkie dopasowanie partii nie powiodło się!",
+  "ToastBatchQuickMatchStarted": "Rozpoczęto partię szybkiego dopasowania {0} książek!",
   "ToastBatchUpdateFailed": "Aktualizacja zbiorcza nie powiodła się",
   "ToastBatchUpdateSuccess": "Aktualizacja zbiorcza powiodła się",
   "ToastBookmarkCreateFailed": "Nie udało się utworzyć zakładki",
@@ -1033,7 +1043,14 @@
   "ToastEpisodeDownloadQueueClearSuccess": "Wyczyszczono kolejkę epizodów do ściągnięcia",
   "ToastEpisodeUpdateSuccess": "Zaktualizowano {0} odcinków",
   "ToastErrorCannotShare": "Nie można udostępniać natywnie na tym urządzeniu.",
+  "ToastFailedToCreate": "Nie udało się utworzyć",
+  "ToastFailedToDelete": "Nie udało się usunąć",
+  "ToastFailedToLoadData": "Nie udało się załadować danych",
+  "ToastFailedToMatch": "Nie udało się dopasować",
+  "ToastFailedToShare": "Nie udało się udostępnić",
+  "ToastFailedToUpdate": "Nie udało się zaktualizować",
   "ToastInvalidImageUrl": "Nieprawidłowy URL obrazu",
+  "ToastInvalidMaxEpisodesToDownload": "Nieprawidłowa maksymalna liczba odcinków do pobrania",
   "ToastInvalidUrl": "Nieprawidłowy URL",
   "ToastInvalidUrls": "Jeden lub więcej URL-i są nieprawidłowe",
   "ToastItemCoverUpdateSuccess": "Zaktualizowano okładkę",
@@ -1044,6 +1061,7 @@
   "ToastItemMarkedAsFinishedSuccess": "Pozycja oznaczona jako ukończona",
   "ToastItemMarkedAsNotFinishedFailed": "Oznaczenie pozycji jako ukończonej nie powiodło się",
   "ToastItemMarkedAsNotFinishedSuccess": "Pozycja oznaczona jako nieukończona",
+  "ToastItemUpdateSuccess": "Element zaktualizowany",
   "ToastLibraryCreateFailed": "Nie udało się utworzyć biblioteki",
   "ToastLibraryCreateSuccess": "Biblioteka \"{0}\" stworzona",
   "ToastLibraryDeleteFailed": "Nie udało się usunąć biblioteki",
@@ -1052,6 +1070,10 @@
   "ToastLibraryScanStarted": "Rozpoczęto skanowanie biblioteki",
   "ToastLibraryUpdateSuccess": "Zaktualizowano \"{0}\" pozycji",
   "ToastMatchAllAuthorsFailed": "Nie udało się dopasować wszystkich autorów",
+  "ToastMetadataFilesRemovedError": "Błąd podczas usuwania metadata.{0} plików",
+  "ToastMetadataFilesRemovedNoneFound": "Nie znaleziono metadata.{0} plików w bibliotece",
+  "ToastMetadataFilesRemovedNoneRemoved": "Nie usunięto żadnego metadata.{0} pliku",
+  "ToastMetadataFilesRemovedSuccess": "{0} metadata.{0} plików usunięto",
   "ToastMustHaveAtLeastOnePath": "Musi mieć przynajmniej jedną ścieżkę",
   "ToastNameEmailRequired": "Nazwa i email są wymagane",
   "ToastNameRequired": "Imię jest wymagane",
@@ -1065,7 +1087,15 @@
   "ToastNewUserUsernameError": "Wprowadź nazwę użytkownika",
   "ToastNoNewEpisodesFound": "Nie znaleziono nowych odcinków",
   "ToastNoRSSFeed": "Podcast nie posiada RSS Feed",
+  "ToastNoUpdatesNecessary": "Brak konieczności aktualizacji",
+  "ToastNotificationCreateFailed": "Nie udało się utworzyć powiadomienia",
+  "ToastNotificationDeleteFailed": "Nie udało się usunąć powiadomienia",
   "ToastNotificationFailedMaximum": "Maks. ilość nieudanych prób musi być >= 0",
+  "ToastNotificationQueueMaximum": "Maksymalna liczba powiadomień w kolejce musi być >= 0",
+  "ToastNotificationSettingsUpdateSuccess": "Zaktualizowano ustawienia powiadomień",
+  "ToastNotificationTestTriggerFailed": "Nie udało się wywołać powiadomienia testowego",
+  "ToastNotificationTestTriggerSuccess": "Wyzwolono powiadomienie testowe",
+  "ToastNotificationUpdateSuccess": "Powiadomienie zaktualizowane",
   "ToastPlaylistCreateFailed": "Nie udało się utworzyć playlisty",
   "ToastPlaylistCreateSuccess": "Playlista utworzona",
   "ToastPlaylistRemoveSuccess": "Playlista usunięta",
@@ -1073,8 +1103,17 @@
   "ToastPodcastCreateFailed": "Nie udało się utworzyć podcastu",
   "ToastPodcastCreateSuccess": "Podcast został pomyślnie utworzony",
   "ToastPodcastEpisodeUpdated": "Zaktualizowano odcinki",
+  "ToastPodcastGetFeedFailed": "Nie udało się pobrać kanału podcastu",
+  "ToastPodcastNoEpisodesInFeed": "Nie znaleziono żadnych odcinków w kanale RSS",
+  "ToastPodcastNoRssFeed": "Podcast nie ma kanału RSS",
+  "ToastProgressIsNotBeingSynced": "Postęp nie jest synchronizowany, uruchom ponownie odtwarzanie",
+  "ToastProviderCreatedFailed": "Nie udało się dodać dostawcy",
+  "ToastProviderCreatedSuccess": "Dodano nowego dostawcę",
+  "ToastProviderNameAndUrlRequired": "Wymagane jest podanie nazwy i adresu URL",
+  "ToastProviderRemoveSuccess": "Dostawca usunięty",
   "ToastRSSFeedCloseFailed": "Zamknięcie kanału RSS nie powiodło się",
   "ToastRSSFeedCloseSuccess": "Zamknięcie kanału RSS powiodło się",
+  "ToastRemoveFailed": "Nie udało się usunąć",
   "ToastRemoveItemFromCollectionFailed": "Nie udało się usunąć elementu z kolekcji",
   "ToastRemoveItemFromCollectionSuccess": "Pozycja usunięta z kolekcji",
   "ToastRemoveItemsWithIssuesFailed": "Nie udało się usunąć wadliwych elementów z biblioteki",
@@ -1096,16 +1135,25 @@
   "ToastSessionDeleteFailed": "Nie udało się usunąć sesji",
   "ToastSessionDeleteSuccess": "Sesja usunięta",
   "ToastSleepTimerDone": "Słodkich snów... zZzzZz",
+  "ToastSlugMustChange": "Slug zawiera nieprawidłowe znaki",
+  "ToastSlugRequired": "Slug jest wymagany",
   "ToastSocketConnected": "Nawiązano połączenie z serwerem",
   "ToastSocketDisconnected": "Połączenie z serwerem zostało zamknięte",
   "ToastSocketFailedToConnect": "Poączenie z serwerem nie powiodło się",
+  "ToastSortingPrefixesEmptyError": "Musi mieć co najmniej 1 prefiks sortowania",
+  "ToastSortingPrefixesUpdateSuccess": "Zaktualizowano prefiksy sortowania ({0} elementów)",
   "ToastTitleRequired": "Tytuł jest wymagany",
   "ToastUnknownError": "Nieznany błąd",
   "ToastUnlinkOpenIdFailed": "Nie udało się odpiąć użytkownika z OpenID",
   "ToastUnlinkOpenIdSuccess": "Użytkownik odpięty z OpenID",
   "ToastUploaderFilepathExistsError": "Ścieżka \"{0}\" już istnieje na serwerze",
+  "ToastUploaderItemExistsInSubdirectoryError": "Element \"{0}\" używa podkatalogu ścieżki przesyłania.",
   "ToastUserDeleteFailed": "Nie udało się usunąć użytkownika",
   "ToastUserDeleteSuccess": "Użytkownik usunięty",
+  "ToastUserPasswordChangeSuccess": "Hasło zostało pomyślnie zmienione",
+  "ToastUserPasswordMismatch": "Hasła nie są zgodne",
+  "ToastUserPasswordMustChange": "Nowe hasło nie może być takie samo jak stare hasło",
+  "ToastUserRootRequireName": "Należy wprowadzić nazwę użytkownika root",
   "TooltipAddChapters": "Dodaj rozdział(y)",
   "TooltipAddOneSecond": "Dodaj sekundę",
   "TooltipAdjustChapterStart": "Kliknij, aby skorygować czas początkowy",

index.js

@@ -31,6 +31,11 @@ if (isDev || options['prod-with-dev-env']) {
   if (devEnv.AllowIframe) process.env.ALLOW_IFRAME = '1'
   if (devEnv.BackupPath) process.env.BACKUP_PATH = devEnv.BackupPath
   if (devEnv.ReactClientPath) process.env.REACT_CLIENT_PATH = devEnv.ReactClientPath
+  if (devEnv.AllowedDevOrigins) {
+    process.env.ALLOWED_DEV_ORIGINS = Array.isArray(devEnv.AllowedDevOrigins)
+      ? devEnv.AllowedDevOrigins.join(',')
+      : String(devEnv.AllowedDevOrigins)
+  }
   process.env.SOURCE = 'local'
   process.env.ROUTER_BASE_PATH = devEnv.RouterBasePath ?? '/audiobookshelf'
 }

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "audiobookshelf",
-  "version": "2.34.0",
+  "version": "2.35.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "audiobookshelf",
-      "version": "2.34.0",
+      "version": "2.35.1",
       "license": "GPL-3.0",
       "dependencies": {
         "axios": "^0.27.2",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "audiobookshelf",
-  "version": "2.34.0",
+  "version": "2.35.1",
   "buildNumber": 1,
   "description": "Self-hosted audiobook and podcast server",
   "main": "index.js",

readme.md

@@ -6,9 +6,9 @@
     <br />
     <a href="https://audiobookshelf.org/docs">Documentation</a>
     ·
-    <a href="https://audiobookshelf.org/guides">User Guides</a>
-    ·
     <a href="https://audiobookshelf.org/support">Support</a>
+    ·
+    <a href="https://audiobooks.dev/">Demo</a>
   </p>
 </div>
 
@@ -57,21 +57,17 @@ Try it out on the [Google Play Store](https://play.google.com/store/apps/details
 
 Using Test Flight: https://testflight.apple.com/join/wiic7QIW **_(beta is full)_**
 
-### Build your own tools & clients
-
-Check out the [API documentation](https://api.audiobookshelf.org/)
-
 <br />
 
 <img alt="Library Screenshot" src="https://github.com/advplyr/audiobookshelf/raw/master/images/DemoLibrary.png" />
 
 <br />
 
-# Organizing your audiobooks
+# Organizing your media
 
 #### Directory structure and folder names are important to Audiobookshelf!
 
-See [documentation](https://audiobookshelf.org/docs#book-directory-structure) for supported directory structure, folder naming conventions, and audio file metadata usage.
+See [library docs](https://audiobookshelf.org/docs/category/libraries) for supported directory structures, folder naming conventions, and audio file metadata usage.
 
 <br />
 
@@ -87,275 +83,24 @@ See [install docs](https://www.audiobookshelf.org/docs)
 
 #### Note: Using a subfolder is supported with no additional changes but the path must be `/audiobookshelf` (this is not changeable). See [discussion](https://github.com/advplyr/audiobookshelf/discussions/3535)
 
-### NGINX Proxy Manager
+See [reverse proxy docs](https://audiobookshelf.org/docs/category/reverse-proxy)
 
-Toggle websockets support.
-
-<img alt="NGINX Web socket" src="https://user-images.githubusercontent.com/67830747/153679106-b2a7f5b9-0702-48c6-9740-b26b401986e9.png" />
-
-### NGINX Reverse Proxy
-
-Add this to the site config file on your nginx server after you have changed the relevant parts in the <> brackets, and inserted your certificate paths.
-
-```bash
-server {
-   listen 443 ssl;
-   server_name <sub>.<domain>.<tld>;
-
-   access_log /var/log/nginx/audiobookshelf.access.log;
-   error_log /var/log/nginx/audiobookshelf.error.log;
-
-   ssl_certificate      /path/to/certificate;
-   ssl_certificate_key  /path/to/key;
-
-   location / {
-      proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto  $scheme;
-      proxy_set_header Host               $http_host;
-      proxy_set_header Upgrade            $http_upgrade;
-      proxy_set_header Connection         "upgrade";
-
-      proxy_http_version                  1.1;
-
-      proxy_pass                          http://<URL_to_forward_to>;
-      proxy_redirect                      http:// https://;
-
-      # Prevent 413 Request Entity Too Large error
-      # by increasing the maximum allowed size of the client request body
-      # For example, set it to 10 GiB
-      client_max_body_size                10240M;
-   }
-}
-```
-
-### Apache Reverse Proxy
-
-Add this to the site config file on your Apache server after you have changed the relevant parts in the <> brackets, and inserted your certificate paths.
-
-For this to work you must enable at least the following mods using `a2enmod`:
-
-- `ssl`
-- `proxy`
-- `proxy_http`
-- `proxy_balancer`
-- `proxy_wstunnel`
-- `rewrite`
-
-```bash
-<IfModule mod_ssl.c>
-<VirtualHost *:443>
-    ServerName <sub>.<domain>.<tld>
-
-    ErrorLog ${APACHE_LOG_DIR}/error.log
-    CustomLog ${APACHE_LOG_DIR}/access.log combined
-
-    ProxyPreserveHost On
-    ProxyPass / http://localhost:<audiobookshelf_port>/
-    RewriteEngine on
-    RewriteCond %{HTTP:Upgrade} websocket [NC]
-    RewriteCond %{HTTP:Connection} upgrade [NC]
-    RewriteRule ^/?(.*) "ws://localhost:<audiobookshelf_port>/$1" [P,L]
-
-    # unless you're doing something special this should be generated by a
-    # tool like certbot by let's encrypt
-    SSLCertificateFile /path/to/cert/file
-    SSLCertificateKeyFile /path/to/key/file
-</VirtualHost>
-</IfModule>
-```
-
-If using Apache >= 2.4.47 you can use the following, without having to use any of the `RewriteEngine`, `RewriteCond`, or `RewriteRule` directives. For example:
-
-```xml
-    <Location /audiobookshelf>
-        ProxyPreserveHost on
-        ProxyPass http://localhost:<audiobookshelf_port>/audiobookshelf upgrade=websocket
-        ProxyPassReverse http://localhost:<audiobookshelf_port>/audiobookshelf
-    </Location>
-```
-
-Some SSL certificates like those signed by Let's Encrypt require ACME validation. To allow Let's Encrypt to write and confirm the ACME challenge, edit your VirtualHost definition to prevent proxying traffic that queries `/.well-known` and instead serve that directly:
-
-```bash
-<VirtualHost *:443>
-    # ...
-
-    # create the directory structure  /.well-known/acme-challenges
-    # within DocumentRoot and give the HTTP user recursive write
-    # access to it.
-    DocumentRoot /path/to/local/directory
-
-    ProxyPreserveHost On
-    ProxyPass /.well-known !
-    ProxyPass / http://localhost:<audiobookshelf_port>/
-
-    # ...
-</VirtualHost>
-```
-
-### SWAG Reverse Proxy
-
-[See LinuxServer.io config sample](https://github.com/linuxserver/reverse-proxy-confs/blob/master/audiobookshelf.subdomain.conf.sample)
-
-### Synology NAS Reverse Proxy Setup (DSM 7+/Quickconnect)
-
-1. **Open Control Panel**
-
-   - Navigate to `Login Portal > Advanced`.
-
-2. **General Tab**
-
-   - Click `Reverse Proxy` > `Create`.
-
-   | Setting            | Value          |
-   | ------------------ | -------------- |
-   | Reverse Proxy Name | audiobookshelf |
-
-3. **Source Configuration**
-
-   | Setting                | Value                                    |
-   | ---------------------- | ---------------------------------------- |
-   | Protocol               | HTTPS                                    |
-   | Hostname               | `<sub>.<quickconnectdomain>.synology.me` |
-   | Port                   | 443                                      |
-   | Access Control Profile | Leave as is                              |
-
-   - Example Hostname: `audiobookshelf.mydomain.synology.me`
-
-4. **Destination Configuration**
-
-   | Setting  | Value       |
-   | -------- | ----------- |
-   | Protocol | HTTP        |
-   | Hostname | Your NAS IP |
-   | Port     | 13378       |
-
-5. **Custom Header Tab**
-
-   - Go to `Create > Websocket`.
-   - Configure Headers (leave as is):
-
-   | Header Name | Value                 |
-   | ----------- | --------------------- |
-   | Upgrade     | `$http_upgrade`       |
-   | Connection  | `$connection_upgrade` |
-
-6. **Advanced Settings Tab**
-   - Leave as is.
-
-### [Traefik Reverse Proxy](https://doc.traefik.io/traefik/)
-
-Middleware relating to CORS will cause the app to report Unknown Error when logging in. To prevent this don't apply any of the following headers to the router for this site:
-
-<ul>
-   <li>accessControlAllowMethods</li>
-   <li>accessControlAllowOriginList</li>
-   <li>accessControlMaxAge</li>
-</ul>
-
-From [@Dondochaka](https://discord.com/channels/942908292873723984/942914154254176257/945074590374318170) and [@BeastleeUK](https://discord.com/channels/942908292873723984/942914154254176257/970366039294611506) <br />
-
-### Example Caddyfile - [Caddy Reverse Proxy](https://caddyserver.com/docs/caddyfile/directives/reverse_proxy)
-
-```
-subdomain.domain.com {
-        encode gzip zstd
-        reverse_proxy <LOCAL_IP>:<PORT>
-}
-```
-
-### HAProxy
-
-Below is a generic HAProxy config, using `audiobookshelf.YOUR_DOMAIN.COM`.
-
-To use `http2`, `ssl` is needed.
-
-```make
-global
-    # ... (your global settings go here)
-
-defaults
-    mode http
-    # ... (your default settings go here)
-
-frontend my_frontend
-    # Bind to port 443, enable SSL, and specify the certificate list file
-    bind :443 name :443 ssl crt-list /path/to/cert.crt_list alpn h2,http/1.1
-    mode http
-
-    # Define an ACL for subdomains starting with "audiobookshelf"
-    acl is_audiobookshelf hdr_beg(host) -i audiobookshelf
-
-    # Use the ACL to route traffic to audiobookshelf_backend if the condition is met,
-    # otherwise, use the default_backend
-    use_backend audiobookshelf_backend if is_audiobookshelf
-    default_backend default_backend
-
-backend audiobookshelf_backend
-    mode http
-    # ... (backend settings for audiobookshelf go here)
-
-    # Define the server for the audiobookshelf backend
-    server audiobookshelf_server 127.0.0.99:13378
-
-backend default_backend
-    mode http
-    # ... (default backend settings go here)
-
-    # Define the server for the default backend
-    server default_server 127.0.0.123:8081
-
-```
-
-### pfSense and HAProxy
-
-For pfSense the inputs are graphical, and `Health checking` is enabled.
-
-#### Frontend, Default backend, access control lists and actions
-
-##### Access Control lists
-
-|      Name      |    Expression     | CS  | Not |      Value      |
-| :------------: | :---------------: | :-: | :-: | :-------------: |
-| audiobookshelf | Host starts with: |     |     | audiobookshelf. |
-
-##### Actions
-
-The `condition acl names` needs to match the name above `audiobookshelf`.
-
-|    Action     |   Parameters   | Condition acl names |
-| :-----------: | :------------: | :-----------------: |
-| `Use Backend` | audiobookshelf |   audiobookshelf    |
-
-#### Backend
-
-The `Name` needs to match the `Parameters` above `audiobookshelf`.
-
-| Name | audiobookshelf |
-| ---- | -------------- |
-
-##### Server list:
-
-|      Name      |    Expression     | CS  | Not |      Value      |
-| :------------: | :---------------: | :-: | :-: | :-------------: |
-| audiobookshelf | Host starts with: |     |     | audiobookshelf. |
-
-##### Health checking:
-
-Health checking is enabled by default. `Http check method` of `OPTIONS` is not supported on Audiobookshelf. If Health check fails, data will not be forwared. Need to do one of following:
-
-- To disable: Change `Health check method` to `none`.
-- To make Health checking function: Change `Http check method` to `HEAD` or `GET`.
-
-# Run from source
+<br />
 
 # Contributing
 
-This application is built using [NodeJs](https://nodejs.org/).
+See [contributing docs](https://audiobookshelf.org/docs/contributing/general/)
 
 ### Localization
 
-Thank you to [Weblate](https://hosted.weblate.org/engage/audiobookshelf/) for hosting our localization infrastructure pro-bono. If you want to see Audiobookshelf in your language, please help us localize. Additional information on helping with the translations [here](https://www.audiobookshelf.org/faq#how-do-i-help-with-translations). <a href="https://hosted.weblate.org/engage/audiobookshelf/"> <img src="https://hosted.weblate.org/widget/audiobookshelf/abs-web-client/multi-auto.svg" alt="Translation status" /> </a>
+Thank you to [Weblate](https://hosted.weblate.org/engage/audiobookshelf/) for hosting our localization infrastructure pro-bono. If you want to see Audiobookshelf in your language, please help us localize. Additional information on helping with the translations [here](https://www.audiobookshelf.org/faq#how-do-i-help-with-translations).
+<a href="https://hosted.weblate.org/engage/audiobookshelf/"> <img src="https://hosted.weblate.org/widget/audiobookshelf/abs-web-client/multi-auto.svg" alt="Translation status" /> </a>
+
+<br />
+
+# Run from source
+
+This application is built using [NodeJs](https://nodejs.org/).
 
 ### Dev Container Setup
 
@@ -447,6 +192,3 @@ If you are using VSCode, this project includes a couple of pre-defined targets t
 - `Debug client (nuxt)`—Run the client with live reload.
 - `Debug server and client (nuxt)`—Runs both the preceding two debug targets.
 
-# How to Support
-
-[See the incomplete "How to Support" page](https://www.audiobookshelf.org/support)

server/Server.js

@@ -302,7 +302,9 @@ class Server {
 
     this.server = http.createServer(app)
 
+    // Skip file upload parsing for internal-api routes (Next.js proxies read multipart bodies).
     router.use(
+      /^(?!\/internal-api).*/,
       fileUpload({
         defCharset: 'utf8',
         defParamCharset: 'utf8',

server/SocketAuthority.js

@@ -3,6 +3,7 @@ const Logger = require('./Logger')
 const Database = require('./Database')
 const TokenManager = require('./auth/TokenManager')
 const CoverSearchManager = require('./managers/CoverSearchManager')
+const { LogLevel } = require('./utils/constants')
 
 /**
  * @typedef SocketClient
@@ -85,6 +86,14 @@ class SocketAuthority {
     }
   }
 
+  requireAdminSocket(socket, eventName) {
+    const client = this.clients[socket.id]
+    if (client?.user?.isAdminOrUp) return true
+
+    Logger.warn(`[SocketAuthority] Unauthorized ${eventName} socket event from socket ${socket.id}`)
+    return false
+  }
+
   /**
    * Emits event with library item to all clients that can access the library item
    * Note: Emits toOldJSONExpanded()
@@ -179,14 +188,25 @@ class SocketAuthority {
         socket.on('auth', (token) => this.authenticateSocket(socket, token))
 
         // Scanning
-        socket.on('cancel_scan', (libraryId) => this.cancelScan(libraryId))
+        socket.on('cancel_scan', (libraryId) => {
+          if (!this.requireAdminSocket(socket, 'cancel_scan')) return
+          this.cancelScan(libraryId)
+        })
 
         // Cover search streaming
         socket.on('search_covers', (payload) => this.handleCoverSearch(socket, payload))
         socket.on('cancel_cover_search', (requestId) => this.handleCancelCoverSearch(socket, requestId))
 
         // Logs
-        socket.on('set_log_listener', (level) => Logger.addSocketListener(socket, level))
+        socket.on('set_log_listener', (level) => {
+          if (!this.requireAdminSocket(socket, 'set_log_listener')) return
+
+          if (!Number.isInteger(level) || !Object.values(LogLevel).includes(level)) {
+            Logger.warn(`[SocketAuthority] Invalid set_log_listener level from socket ${socket.id}`)
+            return
+          }
+          Logger.addSocketListener(socket, level)
+        })
         socket.on('remove_log_listener', () => Logger.removeSocketListener(socket.id))
 
         // Sent automatically from socket.io clients

server/auth/TokenManager.js

@@ -1,4 +1,5 @@
 const { Op } = require('sequelize')
+const uuid = require('uuid')
 
 const Database = require('../Database')
 const Logger = require('../Logger')
@@ -115,6 +116,7 @@ class TokenManager {
     const payload = {
       userId: user.id,
       username: user.username,
+      jti: uuid.v4(),
       type: 'access'
     }
     const options = {
@@ -138,6 +140,7 @@ class TokenManager {
     const payload = {
       userId: user.id,
       username: user.username,
+      jti: uuid.v4(),
       type: 'refresh'
     }
     const options = {
@@ -183,20 +186,56 @@ class TokenManager {
    * @param {import('../models/User')} user
    * @param {import('express').Request} req
    * @param {import('express').Response} res
+   * @param {boolean} gracePeriod - whether to use the grace period
    * @returns {Promise<{ accessToken:string, refreshToken:string }>}
    */
-  async rotateTokensForSession(session, user, req, res) {
-    // Generate new tokens
+  async rotateTokensForSession(session, user, req, res, gracePeriod = true) {
+    const previousRefreshToken = session.refreshToken
     const newAccessToken = this.generateTempAccessToken(user)
-    const newRefreshToken = this.generateRefreshToken(user)
-
-    // Calculate new expiration time
+    let newRefreshToken = this.generateRefreshToken(user)
     const newExpiresAt = new Date(Date.now() + this.RefreshTokenExpiry * 1000)
 
-    // Update the session with the new refresh token and expiration
-    session.refreshToken = newRefreshToken
-    session.expiresAt = newExpiresAt
-    await session.save()
+    let lastRefreshToken = null
+    let lastRefreshTokenExpiresAt = null
+    if (gracePeriod) {
+      // Set grace period of old refresh token in case of race condition in token rotation.
+      // This grace period may need to be longer if fetching the user data takes longer due to large progress objects
+      lastRefreshToken = previousRefreshToken
+      lastRefreshTokenExpiresAt = new Date(Date.now() + 60 * 1000) // 1 minute grace period
+    }
+
+    // Only update if this session row still has the refresh token we read
+    const [numUpdated] = await Database.sessionModel.update(
+      {
+        refreshToken: newRefreshToken,
+        expiresAt: newExpiresAt,
+        lastRefreshToken,
+        lastRefreshTokenExpiresAt
+      },
+      {
+        where: {
+          id: session.id,
+          refreshToken: previousRefreshToken
+        }
+      }
+    )
+
+    if (numUpdated === 0) {
+      Logger.debug(`[TokenManager] Race condition in rotateTokensForSession for user ${user.id}, getting new token`)
+
+      const updatedSession = await Database.sessionModel.findOne({ where: { id: session.id } })
+
+      newRefreshToken = updatedSession.refreshToken
+      session.refreshToken = updatedSession.refreshToken
+      session.expiresAt = updatedSession.expiresAt
+      session.lastRefreshToken = updatedSession.lastRefreshToken
+      session.lastRefreshTokenExpiresAt = updatedSession.lastRefreshTokenExpiresAt
+    } else {
+      session.refreshToken = newRefreshToken
+      session.expiresAt = newExpiresAt
+      session.lastRefreshToken = lastRefreshToken
+      session.lastRefreshTokenExpiresAt = lastRefreshTokenExpiresAt
+    }
 
     // Set new refresh token cookie
     this.setRefreshTokenCookie(req, res, newRefreshToken)
@@ -294,23 +333,40 @@ class TokenManager {
         }
       }
 
-      const session = await Database.sessionModel.findOne({
-        where: { refreshToken: refreshToken }
+      let session = await Database.sessionModel.findOne({
+        where: {
+          [Op.or]: [{ refreshToken: refreshToken }, { lastRefreshToken: refreshToken }]
+        }
       })
 
       if (!session) {
-        Logger.error(`[TokenManager] Failed to refresh token. Session not found for refresh token: ${refreshToken}`)
+        Logger.error(`[TokenManager] Failed to refresh token. Session not found`)
         return {
           error: 'Invalid refresh token'
         }
       }
 
-      // Check if session is expired in database
-      if (session.expiresAt < new Date()) {
-        Logger.info(`[TokenManager] Session expired in database, cleaning up`)
-        await session.destroy()
-        return {
-          error: 'Refresh token expired'
+      let isGracePeriod = false
+      if (session.refreshToken !== refreshToken) {
+        // Token matched lastRefreshToken
+        if (session.lastRefreshTokenExpiresAt && session.lastRefreshTokenExpiresAt > new Date()) {
+          isGracePeriod = true
+          Logger.debug(`[TokenManager] Grace period hit for user ${session.userId}`)
+        } else {
+          Logger.debug(`[TokenManager] Grace period expired for user ${session.userId}`)
+          return {
+            error: 'Invalid refresh token'
+          }
+        }
+      } else {
+        // Token matched current refreshToken
+        // Check if session is expired in database
+        if (session.expiresAt < new Date()) {
+          Logger.info(`[TokenManager] Session expired in database, cleaning up`)
+          await session.destroy()
+          return {
+            error: 'Refresh token expired'
+          }
         }
       }
 
@@ -322,6 +378,20 @@ class TokenManager {
         }
       }
 
+      if (isGracePeriod) {
+        // Return the already rotated refresh token store in the database,
+        // and generate a new access token without changing the refresh token
+        // again
+        const accessToken = this.generateTempAccessToken(user)
+        this.setRefreshTokenCookie(req, res, session.refreshToken)
+
+        return {
+          accessToken,
+          refreshToken: session.refreshToken,
+          user
+        }
+      }
+
       const newTokens = await this.rotateTokensForSession(session, user, req, res)
       return {
         accessToken: newTokens.accessToken,
@@ -375,7 +445,7 @@ class TokenManager {
       // So rotate token for current session
       const currentSession = await Database.sessionModel.findOne({ where: { refreshToken: currentRefreshToken } })
       if (currentSession) {
-        const newTokens = await this.rotateTokensForSession(currentSession, user, req, res)
+        const newTokens = await this.rotateTokensForSession(currentSession, user, req, res, false)
 
         // Invalidate all sessions for the user except the current one
         await Database.sessionModel.destroy({
@@ -389,7 +459,7 @@ class TokenManager {
 
         return newTokens.accessToken
       } else {
-        Logger.error(`[TokenManager] No session found to rotate tokens for refresh token ${currentRefreshToken}`)
+        Logger.error(`[TokenManager] No session found to rotate tokens`)
       }
     }
 
@@ -413,7 +483,7 @@ class TokenManager {
 
     try {
       const numDeleted = await Database.sessionModel.destroy({ where: { refreshToken: refreshToken } })
-      Logger.info(`[TokenManager] Refresh token ${refreshToken} invalidated, ${numDeleted} sessions deleted`)
+      Logger.info(`[TokenManager] Refresh token invalidated, ${numDeleted} sessions deleted`)
       return true
     } catch (error) {
       Logger.error(`[TokenManager] Error invalidating refresh token: ${error.message}`)

server/controllers/AuthorController.js

@@ -149,7 +149,7 @@ class AuthorController {
       })
       if (libraryItems.length) {
         await Database.bookAuthorModel.removeByIds(req.author.id) // Remove all old BookAuthor
-        await Database.bookAuthorModel.bulkCreate(bookAuthorsToCreate) // Create all new BookAuthor
+        await Database.bookAuthorModel.bulkCreate(bookAuthorsToCreate, { ignoreDuplicates: true }) // Create all new unique BookAuthor
         for (const libraryItem of libraryItems) {
           await libraryItem.saveMetadataFile()
         }

server/controllers/PodcastController.js

@@ -437,6 +437,17 @@ class PodcastController {
         }
 
         updatePayload[key] = req.body[key]
+      } else if (key === 'enclosure') {
+        const enclosure = req.body.enclosure
+        if (enclosure === null) {
+          updatePayload.enclosureURL = null
+          updatePayload.enclosureSize = null
+          updatePayload.enclosureType = null
+        } else if (typeof enclosure === 'object' && typeof enclosure.url === 'string') {
+          updatePayload.enclosureURL = enclosure.url
+          updatePayload.enclosureType = typeof enclosure.type === 'string' ? enclosure.type : null
+          updatePayload.enclosureSize = enclosure.length !== undefined && enclosure.length !== null ? enclosure.length : null
+        }
       } else if (key === 'chapters' && Array.isArray(req.body[key]) && req.body[key].every((ch) => typeof ch === 'object' && ch.title && ch.start)) {
         updatePayload[key] = req.body[key]
       } else if (key === 'publishedAt' && typeof req.body[key] === 'number') {

server/managers/RssFeedManager.js

@@ -2,6 +2,7 @@ const { Request, Response } = require('express')
 const Path = require('path')
 
 const Logger = require('../Logger')
+const { getAudioMimeTypeFromExtname } = require('../utils/fileUtils')
 const SocketAuthority = require('../SocketAuthority')
 const Database = require('../Database')
 
@@ -216,6 +217,11 @@ class RssFeedManager {
       res.sendStatus(404)
       return
     }
+    // Express does not set the correct mimetype for m4b files so use our defined mimetypes if available
+    const audioMimeType = getAudioMimeTypeFromExtname(Path.extname(episodePath))
+    if (audioMimeType) {
+      res.setHeader('Content-Type', audioMimeType)
+    }
     res.sendFile(episodePath)
   }
 

server/migrations/v2.35.0-add-last-refresh-token.js

@@ -0,0 +1,84 @@
+/**
+ * @typedef MigrationContext
+ * @property {import('sequelize').QueryInterface} queryInterface - a Sequelize QueryInterface object.
+ * @property {import('../Logger')} logger - a Logger object.
+ *
+ * @typedef MigrationOptions
+ * @property {MigrationContext} context - an object containing the migration context.
+ */
+
+const migrationVersion = '2.35.0'
+const migrationName = `${migrationVersion}-add-last-refresh-token`
+const loggerPrefix = `[${migrationVersion} migration]`
+
+/**
+ * This migration script adds lastRefreshToken and lastRefreshTokenExpiresAt columns to the sessions table.
+ *
+ * @param {MigrationOptions} options - an object containing the migration context.
+ * @returns {Promise<void>} - A promise that resolves when the migration is complete.
+ */
+async function up({ context: { queryInterface, logger } }) {
+  logger.info(`${loggerPrefix} UPGRADE BEGIN: ${migrationName}`)
+
+  if (await queryInterface.tableExists('sessions')) {
+    const tableDescription = await queryInterface.describeTable('sessions')
+
+    if (!tableDescription.lastRefreshToken) {
+      logger.info(`${loggerPrefix} Adding lastRefreshToken column to sessions table`)
+      await queryInterface.addColumn('sessions', 'lastRefreshToken', {
+        type: queryInterface.sequelize.Sequelize.DataTypes.STRING,
+        allowNull: true
+      })
+    } else {
+      logger.info(`${loggerPrefix} lastRefreshToken column already exists in sessions table`)
+    }
+
+    if (!tableDescription.lastRefreshTokenExpiresAt) {
+      logger.info(`${loggerPrefix} Adding lastRefreshTokenExpiresAt column to sessions table`)
+      await queryInterface.addColumn('sessions', 'lastRefreshTokenExpiresAt', {
+        type: queryInterface.sequelize.Sequelize.DataTypes.DATE,
+        allowNull: true
+      })
+    } else {
+      logger.info(`${loggerPrefix} lastRefreshTokenExpiresAt column already exists in sessions table`)
+    }
+  } else {
+    logger.info(`${loggerPrefix} sessions table does not exist`)
+  }
+
+  logger.info(`${loggerPrefix} UPGRADE END: ${migrationName}`)
+}
+
+/**
+ * This migration script removes the lastRefreshToken and lastRefreshTokenExpiresAt columns from the sessions table.
+ *
+ * @param {MigrationOptions} options - an object containing the migration context.
+ * @returns {Promise<void>} - A promise that resolves when the migration is complete.
+ */
+async function down({ context: { queryInterface, logger } }) {
+  logger.info(`${loggerPrefix} DOWNGRADE BEGIN: ${migrationName}`)
+
+  if (await queryInterface.tableExists('sessions')) {
+    const tableDescription = await queryInterface.describeTable('sessions')
+
+    if (tableDescription.lastRefreshToken) {
+      logger.info(`${loggerPrefix} Removing lastRefreshToken column from sessions table`)
+      await queryInterface.removeColumn('sessions', 'lastRefreshToken')
+    } else {
+      logger.info(`${loggerPrefix} lastRefreshToken column does not exist in sessions table`)
+    }
+
+    if (tableDescription.lastRefreshTokenExpiresAt) {
+      logger.info(`${loggerPrefix} Removing lastRefreshTokenExpiresAt column from sessions table`)
+      await queryInterface.removeColumn('sessions', 'lastRefreshTokenExpiresAt')
+    } else {
+      logger.info(`${loggerPrefix} lastRefreshTokenExpiresAt column does not exist in sessions table`)
+    }
+  } else {
+    logger.info(`${loggerPrefix} sessions table does not exist`)
+  }
+
+  logger.info(`${loggerPrefix} DOWNGRADE END: ${migrationName}`)
+}
+
+module.exports = { up, down }

server/models/Session.js

@@ -18,6 +18,10 @@ class Session extends Model {
     this.userId
     /** @type {Date} */
     this.expiresAt
+    /** @type {string} */
+    this.lastRefreshToken
+    /** @type {Date} */
+    this.lastRefreshTokenExpiresAt
 
     // Expanded properties
 
@@ -66,6 +70,14 @@ class Session extends Model {
         expiresAt: {
           type: DataTypes.DATE,
           allowNull: false
+        },
+        lastRefreshToken: {
+          type: DataTypes.STRING,
+          allowNull: true
+        },
+        lastRefreshTokenExpiresAt: {
+          type: DataTypes.DATE,
+          allowNull: true
         }
       },
       {

server/models/User.js

@@ -352,11 +352,7 @@ class User extends Model {
     if (cachedUser) return cachedUser
 
     const user = await this.findOne({
-      where: {
-        username: {
-          [sequelize.Op.like]: username
-        }
-      },
+      where: sequelize.where(sequelize.fn('lower', sequelize.col('username')), username.toLowerCase()),
       include: this.sequelize.models.mediaProgress
     })
 
@@ -377,11 +373,7 @@ class User extends Model {
     if (cachedUser) return cachedUser
 
     const user = await this.findOne({
-      where: {
-        email: {
-          [sequelize.Op.like]: email
-        }
-      },
+      where: sequelize.where(sequelize.fn('lower', sequelize.col('email')), email.toLowerCase()),
       include: this.sequelize.models.mediaProgress
     })
 

server/objects/DeviceInfo.js

@@ -96,7 +96,12 @@ class DeviceInfo {
     this.clientVersion = stripAllTags(clientDeviceInfo?.clientVersion) || serverVersion
     this.manufacturer = stripAllTags(clientDeviceInfo?.manufacturer) || null
     this.model = stripAllTags(clientDeviceInfo?.model) || null
-    this.sdkVersion = stripAllTags(clientDeviceInfo?.sdkVersion) || null
+
+    if (typeof clientDeviceInfo?.sdkVersion === 'number') {
+      this.sdkVersion = clientDeviceInfo.sdkVersion.toString()
+    } else {
+      this.sdkVersion = stripAllTags(clientDeviceInfo?.sdkVersion) || null
+    }
 
     this.clientName = stripAllTags(clientDeviceInfo?.clientName) || null
     if (this.sdkVersion) {

server/scanner/AbsMetadataFileScanner.js

@@ -5,7 +5,7 @@ const { LogLevel } = require('../utils/constants')
 const abmetadataGenerator = require('../utils/generators/abmetadataGenerator')
 
 class AbsMetadataFileScanner {
-  constructor() { }
+  constructor() {}
 
   /**
    * Check for metadata.json file and set book metadata
@@ -32,7 +32,8 @@ class AbsMetadataFileScanner {
 
     if (metadataText) {
       libraryScan.addLog(LogLevel.INFO, `Found metadata file "${metadataFilePath}"`)
-      const abMetadata = abmetadataGenerator.parseJson(metadataText) || {}
+      const abMetadata = abmetadataGenerator.parseJson(metadataText, 'book') || {}
+
       for (const key in abMetadata) {
         // TODO: When to override with null or empty arrays?
         if (abMetadata[key] === undefined || abMetadata[key] === null) continue
@@ -71,7 +72,7 @@ class AbsMetadataFileScanner {
 
     if (metadataText) {
       libraryScan.addLog(LogLevel.INFO, `Found metadata file "${metadataFilePath}"`)
-      const abMetadata = abmetadataGenerator.parseJson(metadataText) || {}
+      const abMetadata = abmetadataGenerator.parseJson(metadataText, 'podcast') || {}
       for (const key in abMetadata) {
         if (abMetadata[key] === undefined || abMetadata[key] === null) continue
         if (key === 'tags' && !abMetadata.tags?.length) continue

server/scanner/BookScanner.js

@@ -7,6 +7,7 @@ const parseNameString = require('../utils/parsers/parseNameString')
 const parseEbookMetadata = require('../utils/parsers/parseEbookMetadata')
 const globals = require('../utils/globals')
 const { readTextFile, filePathToPOSIX, getFileTimestampsWithIno } = require('../utils/fileUtils')
+const htmlSanitizer = require('../utils/htmlSanitizer')
 
 const AudioFileScanner = require('./AudioFileScanner')
 const Database = require('../Database')
@@ -688,6 +689,10 @@ class BookScanner {
 
     bookMetadata.titleIgnorePrefix = getTitleIgnorePrefix(bookMetadata.title)
 
+    if (typeof bookMetadata.description === 'string' && bookMetadata.description) {
+      bookMetadata.description = htmlSanitizer.sanitize(bookMetadata.description)
+    }
+
     return bookMetadata
   }
 
@@ -820,6 +825,9 @@ class BookScanner {
 
     const metadataFilePath = Path.join(metadataPath, `metadata.${global.ServerSettings.metadataFileFormat}`)
 
+    /**
+     * Keys must match abmetadataGenerator.js
+     */
     const jsonObject = {
       tags: libraryItem.media.tags || [],
       chapters: libraryItem.media.chapters?.map((c) => ({ ...c })) || [],

server/scanner/PodcastScanner.js

@@ -11,6 +11,7 @@ const LibraryFile = require('../objects/files/LibraryFile')
 const fsExtra = require('../libs/fsExtra')
 const PodcastEpisode = require('../models/PodcastEpisode')
 const AbsMetadataFileScanner = require('./AbsMetadataFileScanner')
+const htmlSanitizer = require('../utils/htmlSanitizer')
 
 /**
  * Metadata for podcasts pulled from files
@@ -398,6 +399,10 @@ class PodcastScanner {
 
     podcastMetadata.titleIgnorePrefix = getTitleIgnorePrefix(podcastMetadata.title)
 
+    if (typeof podcastMetadata.description === 'string' && podcastMetadata.description) {
+      podcastMetadata.description = htmlSanitizer.sanitize(podcastMetadata.description)
+    }
+
     return podcastMetadata
   }
 
@@ -420,6 +425,9 @@ class PodcastScanner {
 
     const metadataFilePath = Path.join(metadataPath, `metadata.${global.ServerSettings.metadataFileFormat}`)
 
+    /**
+     * Keys must match abmetadataGenerator.js
+     */
     const jsonObject = {
       tags: libraryItem.media.tags || [],
       title: libraryItem.media.title,

server/utils/generators/abmetadataGenerator.js

@@ -1,7 +1,51 @@
 const Logger = require('../../Logger')
 const parseSeriesString = require('../parsers/parseSeriesString')
 
-function parseJsonMetadataText(text) {
+const mediaTypeKeys = {
+  book: {
+    tags: 'stringArray',
+    title: 'string',
+    subtitle: 'string',
+    authors: 'stringArray',
+    narrators: 'stringArray',
+    series: 'stringArray',
+    genres: 'stringArray',
+    publishedYear: 'string',
+    publishedDate: 'string',
+    publisher: 'string',
+    description: 'string',
+    isbn: 'string',
+    asin: 'string',
+    language: 'string',
+    explicit: 'boolean',
+    abridged: 'boolean'
+  },
+  podcast: {
+    tags: 'stringArray',
+    title: 'string',
+    author: 'string',
+    description: 'string',
+    releaseDate: 'string',
+    genres: 'stringArray',
+    feedURL: 'string',
+    imageURL: 'string',
+    itunesPageURL: 'string',
+    itunesId: 'string',
+    itunesArtistId: 'string',
+    asin: 'string',
+    language: 'string',
+    explicit: 'boolean',
+    podcastType: 'string'
+  }
+}
+
+/**
+ *
+ * @param {string} text
+ * @param {"book" | "podcast"} mediaType
+ * @returns {Object}
+ */
+function parseJsonMetadataText(text, mediaType) {
   try {
     const abmetadataData = JSON.parse(text)
 
@@ -19,28 +63,41 @@ function parseJsonMetadataText(text) {
     }
     delete abmetadataData.metadata
 
-    if (abmetadataData.series?.length) {
-      abmetadataData.series = [...new Set(abmetadataData.series.map((t) => t?.trim()).filter((t) => t))]
-      abmetadataData.series = abmetadataData.series.map((series) => parseSeriesString.parse(series))
+    const expectedKeys = mediaTypeKeys[mediaType]
+    if (!expectedKeys) {
+      Logger.error(`[abmetadataGenerator] Invalid media type "${mediaType}"`)
+      return null
     }
-    // clean tags & remove dupes
-    if (abmetadataData.tags?.length) {
-      abmetadataData.tags = [...new Set(abmetadataData.tags.map((t) => t?.trim()).filter((t) => t))]
+
+    const validated = {}
+    for (const key in expectedKeys) {
+      const expectedType = expectedKeys[key]
+      if (!(key in abmetadataData)) continue
+
+      const validatedValue = validateMetadataValue(key, abmetadataData[key], expectedType)
+      if (validatedValue !== undefined) {
+        validated[key] = validatedValue
+      }
     }
-    if (abmetadataData.chapters?.length) {
-      abmetadataData.chapters = cleanChaptersArray(abmetadataData.chapters, abmetadataData.title)
+
+    if (validated.series?.length) {
+      validated.series = validated.series.map((series) => parseSeriesString.parse(series)).filter(Boolean)
     }
-    // clean remove dupes
-    if (abmetadataData.authors?.length) {
-      abmetadataData.authors = [...new Set(abmetadataData.authors.map((t) => t?.trim()).filter((t) => t))]
+
+    if (mediaType === 'book' && 'chapters' in abmetadataData) {
+      if (abmetadataData.chapters === null) {
+        validated.chapters = []
+      } else if (Array.isArray(abmetadataData.chapters)) {
+        const cleanedChapters = cleanChaptersArray(abmetadataData.chapters, validated.title ?? abmetadataData.title)
+        if (cleanedChapters) {
+          validated.chapters = cleanedChapters
+        }
+      } else {
+        Logger.warn(`[abmetadataGenerator] Invalid metadata key "chapters" expected array, got ${typeof abmetadataData.chapters}`)
+      }
     }
-    if (abmetadataData.narrators?.length) {
-      abmetadataData.narrators = [...new Set(abmetadataData.narrators.map((t) => t?.trim()).filter((t) => t))]
-    }
-    if (abmetadataData.genres?.length) {
-      abmetadataData.genres = [...new Set(abmetadataData.genres.map((t) => t?.trim()).filter((t) => t))]
-    }
-    return abmetadataData
+
+    return validated
   } catch (error) {
     Logger.error(`[abmetadataGenerator] Invalid metadata.json JSON`, error)
     return null
@@ -48,6 +105,54 @@ function parseJsonMetadataText(text) {
 }
 module.exports.parseJson = parseJsonMetadataText
 
+/**
+ * @param {string} key
+ * @param {*} value
+ * @param {string} expectedType
+ * @returns {*|undefined} undefined excludes the key
+ */
+function validateMetadataValue(key, value, expectedType) {
+  if (expectedType === 'string') {
+    if (value === null) return null
+    if (typeof value === 'number') return String(value)
+    if (typeof value === 'string') return value
+    Logger.warn(`[abmetadataGenerator] Invalid metadata key "${key}" expected string, got ${typeof value}`)
+    return undefined
+  }
+
+  if (expectedType === 'boolean') {
+    if (value === null) return null
+    if (typeof value === 'boolean') return value
+    if (typeof value === 'string') {
+      const lower = value.toLowerCase()
+      if (lower === 'true') return true
+      if (lower === 'false') return false
+    }
+    Logger.warn(`[abmetadataGenerator] Invalid metadata key "${key}" expected boolean, got ${typeof value}`)
+    return undefined
+  }
+
+  // Filter empty strings and deduplicate
+  if (expectedType === 'stringArray') {
+    if (value === null) return []
+    if (!Array.isArray(value)) {
+      Logger.warn(`[abmetadataGenerator] Invalid metadata key "${key}" expected string array, got ${typeof value}`)
+      return undefined
+    }
+
+    const cleanedArray = value.filter((t) => typeof t === 'string')
+    return [...new Set(cleanedArray.map((t) => t.trim()).filter((t) => t))]
+  }
+
+  Logger.warn(`[abmetadataGenerator] Unknown expected type "${expectedType}" for key "${key}"`)
+  return undefined
+}
+
+/**
+ * @param {Object[]} chaptersArray
+ * @param {string} mediaTitle
+ * @returns {Object[]}
+ */
 function cleanChaptersArray(chaptersArray, mediaTitle) {
   const chapters = []
   let index = 0

server/utils/notifications.js

@@ -100,7 +100,7 @@ module.exports.notificationData = {
       variables: ['version'],
       defaults: {
         title: 'Test Notification on Abs {{version}}',
-        body: 'Test notificataion body for abs {{version}}.'
+        body: 'Test notification body for abs {{version}}.'
       },
       testData: {
         version: 'v' + version