Open deldesir opened 11 months ago
RECAP towards bringing us back to a truly workable & sane solution — all videos/audio/media/books need to be playable without wastefully polluting server's memory.
Just for the moment, all "books" appear to be forcibly public under URL...
http://box/library/calibre-web/
...which is extremely concerning for 2 reasons:
1) This violates everything about Calibre-Web's username/password security model — and peoples' longstanding expectations :/
2) If the above is really needed in the very short-term during debugging / testing / designing a better solution, FYI this particular choice of URL (URLs containing string "/library/calibre-web/") is very strange — as it very unfortunately (makes it appear) as if the entire IIAB disk (from the root of the filesystem) is being made public :/
(While 2. is admittedly just a cosmetic issue, it's an extremely serious one if it makes everybody distrust the system!!)
I'm not sure we have an answer just yet to the larger questions (OOM/RAM/memory risks during playback of large audio/video/book files, ideally while honoring Calibre-Web's web username/password security model) BUT please all see the huge amount of ongoing progress within these 2 PR's in recent days: ✅
Working with/alongside these TDD-oriented[*] IIAB refinements:
[*] Test-Driven Development.
Question: Does this allow everyone access to all books, regardless whether they have a Calibre-Web account/access/authorization?
(As an intentional or unintentional side effect?)
_Originally posted by @holta in https://github.com/iiab/calibre-web/pull/51#discussion_r1406020549_