Update pathexists file system API endpoint

Fix m4b encoder bitrate preset selection #4337
Fix log for podcast rss feed with no guid #4325
2025-12-31 19:49:22 -05:00 · 2025-05-26 16:56:50 -05:00 · 2025-05-25 16:12:35 -05:00 · 2025-05-24 17:09:58 -05:00 · 2025-05-22 17:43:31 -05:00 · 2025-05-22 17:30:38 -05:00
10 changed files with 75 additions and 39 deletions
--- a/client/components/modals/EditSeriesInputInnerModal.vue
+++ b/client/components/modals/EditSeriesInputInnerModal.vue
@@ -14,6 +14,7 @@
              <ui-text-input-with-label ref="sequenceInput" v-model="selectedSeries.sequence" :label="$strings.LabelSequence" />
            </div>
          </div>
+          <div v-if="error" class="text-error text-sm mt-2 p-1">{{ error }}</div>
          <div class="flex justify-end mt-2 p-1">
            <ui-btn type="submit">{{ $strings.ButtonSubmit }}</ui-btn>
          </div>
@@ -34,12 +35,17 @@ export default {
    existingSeriesNames: {
      type: Array,
      default: () => []
+    },
+    originalSeriesSequence: {
+      type: String,
+      default: null
    }
  },
  data() {
    return {
      el: null,
-      content: null
+      content: null,
+      error: null
    }
  },
  watch: {
@@ -85,10 +91,17 @@ export default {
      }
    },
    submitSeriesForm() {
+      this.error = null
+
      if (this.$refs.newSeriesSelect) {
        this.$refs.newSeriesSelect.blur()
      }

+      if (this.selectedSeries.sequence !== this.originalSeriesSequence && this.selectedSeries.sequence.includes(' ')) {
+        this.error = this.$strings.MessageSeriesSequenceCannotContainSpaces
+        return
+      }
+
      this.$emit('submit')
    },
    clickClose() {
@@ -100,6 +113,7 @@ export default {
      }
    },
    setShow() {
+      this.error = null
      if (!this.el || !this.content) {
        this.init()
      }
--- a/client/components/modals/podcast/EpisodeFeed.vue
+++ b/client/components/modals/podcast/EpisodeFeed.vue
@@ -244,8 +244,8 @@ export default {
      const sizeInMb = payloadSize / 1024 / 1024
      const sizeInMbPretty = sizeInMb.toFixed(2) + 'MB'
      console.log('Request size', sizeInMb)
-      if (sizeInMb > 4.99) {
-        return this.$toast.error(`Request is too large (${sizeInMbPretty}) should be < 5Mb`)
+      if (sizeInMb > 9.99) {
+        return this.$toast.error(`Request is too large (${sizeInMbPretty}) should be < 10Mb`)
      }

      this.processing = true
--- a/client/components/widgets/EncoderOptionsCard.vue
+++ b/client/components/widgets/EncoderOptionsCard.vue
@@ -162,7 +162,7 @@ export default {
      } else {
        // Find closest bitrate rounding up
        const bitratesToMatch = [32, 64, 128, 192]
-        const closestBitrate = bitratesToMatch.find((bitrate) => bitrate >= this.currentBitrate)
+        const closestBitrate = bitratesToMatch.find((bitrate) => bitrate >= this.currentBitrate) || 192
        this.selectedBitrate = closestBitrate + 'k'
      }

--- a/client/components/widgets/SeriesInputWidget.vue
+++ b/client/components/widgets/SeriesInputWidget.vue
@@ -2,7 +2,7 @@
  <div>
    <ui-multi-select-query-input v-model="seriesItems" text-key="displayName" :label="$strings.LabelSeries" :disabled="disabled" readonly show-edit @edit="editSeriesItem" @add="addNewSeries" />

-    <modals-edit-series-input-inner-modal v-model="showSeriesForm" :selected-series="selectedSeries" :existing-series-names="existingSeriesNames" @submit="submitSeriesForm" />
+    <modals-edit-series-input-inner-modal v-model="showSeriesForm" :selected-series="selectedSeries" :existing-series-names="existingSeriesNames" :original-series-sequence="originalSeriesSequence" @submit="submitSeriesForm" />
  </div>
 </template>

@@ -18,6 +18,7 @@ export default {
  data() {
    return {
      selectedSeries: null,
+      originalSeriesSequence: null,
      showSeriesForm: false
    }
  },
@@ -59,6 +60,7 @@ export default {
        ..._series
      }

+      this.originalSeriesSequence = _series.sequence
      this.showSeriesForm = true
    },
    addNewSeries() {
@@ -68,6 +70,7 @@ export default {
        sequence: ''
      }

+      this.originalSeriesSequence = null
      this.showSeriesForm = true
    },
    submitSeriesForm() {
--- a/client/pages/upload/index.vue
+++ b/client/pages/upload/index.vue
@@ -359,15 +359,14 @@ export default {
      // Check if path already exists before starting upload
      //  uploading fails if path already exists
      for (const item of items) {
-        const filepath = Path.join(this.selectedFolder.fullPath, item.directory)
        const exists = await this.$axios
-          .$post(`/api/filesystem/pathexists`, { filepath, directory: item.directory, folderPath: this.selectedFolder.fullPath })
+          .$post(`/api/filesystem/pathexists`, { directory: item.directory, folderPath: this.selectedFolder.fullPath })
          .then((data) => {
            if (data.exists) {
              if (data.libraryItemTitle) {
                this.$toast.error(this.$getString('ToastUploaderItemExistsInSubdirectoryError', [data.libraryItemTitle]))
              } else {
-                this.$toast.error(this.$getString('ToastUploaderFilepathExistsError', [filepath]))
+                this.$toast.error(this.$getString('ToastUploaderFilepathExistsError', [Path.join(this.selectedFolder.fullPath, item.directory)]))
              }
            }
            return data.exists
--- a/client/strings/en-us.json
+++ b/client/strings/en-us.json
@@ -856,6 +856,7 @@
  "MessageScheduleRunEveryWeekdayAtTime": "Run every {0} at {1}",
  "MessageSearchResultsFor": "Search results for",
  "MessageSelected": "{0} selected",
+  "MessageSeriesSequenceCannotContainSpaces": "Series sequence cannot contain spaces",
  "MessageServerCouldNotBeReached": "Server could not be reached",
  "MessageSetChaptersFromTracksDescription": "Set chapters using each audio file as a chapter and chapter title as the audio file name",
  "MessageShareExpirationWillBe": "Expiration will be <strong>{0}</strong>",
--- a/server/Server.js
+++ b/server/Server.js
@@ -310,7 +310,7 @@ class Server {
      })
    )
    router.use(express.urlencoded({ extended: true, limit: '5mb' }))
-    router.use(express.json({ limit: '5mb' }))
+    router.use(express.json({ limit: '10mb' }))

    router.use('/api', this.auth.ifAuthNeeded(this.authMiddleware.bind(this)), this.apiRouter.router)
    router.use('/hls', this.hlsRouter.router)
--- a/server/controllers/FileSystemController.js
+++ b/server/controllers/FileSystemController.js
@@ -84,49 +84,67 @@ class FileSystemController {
   */
  async checkPathExists(req, res) {
    if (!req.user.canUpload) {
-      Logger.error(`[FileSystemController] Non-admin user "${req.user.username}" attempting to check path exists`)
+      Logger.error(`[FileSystemController] User "${req.user.username}" without upload permissions attempting to check path exists`)
      return res.sendStatus(403)
    }

-    const { filepath, directory, folderPath } = req.body
+    const { directory, folderPath } = req.body

-    if (!filepath?.length || typeof filepath !== 'string') {
+    if (!directory?.length || typeof directory !== 'string' || !folderPath?.length || typeof folderPath !== 'string') {
+      Logger.error(`[FileSystemController] Invalid request body: ${JSON.stringify(req.body)}`)
+      return res.status(400).json({
+        error: 'Invalid request body'
+      })
+    }
+
+    // Check that library folder exists
+    const libraryFolder = await Database.libraryFolderModel.findOne({
+      where: {
+        path: folderPath
+      }
+    })
+
+    if (!libraryFolder) {
+      Logger.error(`[FileSystemController] Library folder not found: ${folderPath}`)
+      return res.sendStatus(404)
+    }
+
+    const filepath = Path.posix.join(libraryFolder.path, directory)
+    // Ensure filepath is inside library folder (prevents directory traversal)
+    if (!filepath.startsWith(libraryFolder.path)) {
+      Logger.error(`[FileSystemController] Filepath is not inside library folder: ${filepath}`)
      return res.sendStatus(400)
    }

-    const exists = await fs.pathExists(filepath)
-
-    if (exists) {
+    if (await fs.pathExists(filepath)) {
      return res.json({
        exists: true
      })
    }

-    // If directory and folderPath are passed in, check if a library item exists in a subdirectory
+    // Check if a library item exists in a subdirectory
    // See: https://github.com/advplyr/audiobookshelf/issues/4146
-    if (typeof directory === 'string' && typeof folderPath === 'string' && directory.length > 0 && folderPath.length > 0) {
-      const cleanedDirectory = directory.split('/').filter(Boolean).join('/')
-      if (cleanedDirectory.includes('/')) {
-        // Can only be 2 levels deep
-        const possiblePaths = []
-        const subdir = Path.dirname(directory)
-        possiblePaths.push(fileUtils.filePathToPOSIX(Path.join(folderPath, subdir)))
-        if (subdir.includes('/')) {
-          possiblePaths.push(fileUtils.filePathToPOSIX(Path.join(folderPath, Path.dirname(subdir))))
-        }
+    const cleanedDirectory = directory.split('/').filter(Boolean).join('/')
+    if (cleanedDirectory.includes('/')) {
+      // Can only be 2 levels deep
+      const possiblePaths = []
+      const subdir = Path.dirname(directory)
+      possiblePaths.push(fileUtils.filePathToPOSIX(Path.join(folderPath, subdir)))
+      if (subdir.includes('/')) {
+        possiblePaths.push(fileUtils.filePathToPOSIX(Path.join(folderPath, Path.dirname(subdir))))
+      }

-        const libraryItem = await Database.libraryItemModel.findOne({
-          where: {
-            path: possiblePaths
-          }
+      const libraryItem = await Database.libraryItemModel.findOne({
+        where: {
+          path: possiblePaths
+        }
+      })
+
+      if (libraryItem) {
+        return res.json({
+          exists: true,
+          libraryItemTitle: libraryItem.title
        })
-
-        if (libraryItem) {
-          return res.json({
-            exists: true,
-            libraryItemTitle: libraryItem.title
-          })
-        }
      }
    }

--- a/server/models/MediaProgress.js
+++ b/server/models/MediaProgress.js
@@ -246,9 +246,10 @@ class MediaProgress extends Model {
    // For local sync
    if (progressPayload.lastUpdate) {
      this.updatedAt = progressPayload.lastUpdate
+      this.changed('updatedAt', true)
    }

-    return this.save()
+    return this.save({ silent: !!progressPayload.lastUpdate })
  }
 }

--- a/server/utils/podcastUtils.js
+++ b/server/utils/podcastUtils.js
@@ -205,7 +205,7 @@ function extractEpisodeData(item) {
    } else if (typeof guidItem?._ === 'string') {
      episode.guid = guidItem._
    } else {
-      Logger.error(`[podcastUtils] Invalid guid ${item['guid']} for ${episode.enclosure.url}`)
+      Logger.error(`[podcastUtils] Invalid guid for ${episode.enclosure.url}`, item['guid'])
    }
  }
Author	SHA1	Message	Date
advplyr	6ce1806359	Update pathexists file system API endpoint	2025-05-26 16:56:50 -05:00
advplyr	f05a513767	Fix m4b encoder bitrate preset selection #4337	2025-05-25 16:12:35 -05:00
advplyr	d03c338b48	Fix log for podcast rss feed with no guid #4325	2025-05-24 17:09:58 -05:00
advplyr	5e5a988f7a	Merge pull request #4326 from advplyr/fix_mediaprogress_updatedat Fix MediaProgress not using the lastUpdate time sent for local progress syncs	2025-05-22 17:43:31 -05:00
advplyr	6d1f0b27df	Fix MediaProgress not using the lastUpdate time sent for local progress syncs	2025-05-22 17:30:38 -05:00
advplyr	d01a7cb756	Merge pull request #4318 from advplyr/increase_express_json_limit Update max allowed json request size #4250	2025-05-20 18:04:02 -05:00
advplyr	cae874ef05	Update max allowed json request size #4250	2025-05-20 17:44:13 -05:00
advplyr	733afc3e29	Update edit series sequence to show error when sequence has spaces #4314	2025-05-19 17:37:11 -05:00