Generate cover [a.k.a. thumbnail/poster] for video manually uploaded

[deldesir]

Covers are generated using ffmpeg
Tested on Ubuntu 24.04

Related:

• Display video/bookshelf original URL (or canonical URL if possible!) to all users [ASIDE: upload of offline video works, despite red error "Failed to Move Cover File" in web UI] #107 (comment)

[deldesir]

For the same video

[deldesir]

Safe enough @codewiz?

[deldesir]

Defensive programming reminder: Sanitize the file path to prevent command injection

[deldesir]

I'll use shlex for now. Should be safe on POSIX compliant shells. (Done in f8c39f2)

[holta]

I added a general warning that shlex.quote() is not bulletproof:

3a965f8

(Though it's probably good enough for path sanitizing!)

[holta]

@codewiz: review quickly if you can?

This PR seeks to resolve:

• Display video/bookshelf original URL (or canonical URL if possible!) to all users [ASIDE: upload of offline video works, despite red error "Failed to Move Cover File" in web UI] #107 (comment)

[holta]

"2025 request"

While probably not needed in 2024, the "Upload" (Upload to IIAB) button should eventually flag overweight videos that cause congestion for everyone using a school's IIAB WiFi hotspot.

▶️ We should try to warn and educate teachers/parents/students on how to compress their own locally-created overweight videos, BEFORE they're uploaded to IIAB.
▶️ Smartphone videos can usually be compressed 10X or even 20X. This works because smartphones record video at very high resolution (a.k.a. "HD" high definition, which is rarely needed during playback).
▶️ Almost any teacher worldwide can send a just-recorded video to themselves via WhatsApp, in order to force this compression to happen without much hassle.

ASIDE: Occasionally overweight videos arrive from the Internet too — e.g. when the video author/publisher has not bothered to compress their own work for easy/broad distribution...

• Some videos download as overweight (giant) files that (1) are not appropriate for schools, and (2) crash Calibre-Web with "502 Bad Gateway" #37
• Clicking "Watch in Browser - MP4" works w/ 8GB RAM but crashes calibre-web.service w/ 2GB RAM / memory (MP4 is 1.0GB; users see "502 Bad Gateway" due to OOM crash) #79

[codewiz]

Because getenv() returns "ffmpeg" as default, this check will never succeed.

Either remove this check, or change the default to "".

[deldesir]

Good point

[codewiz]

Sanitizing this path is unnecessary because it's not controlled by the user.

The path is constructed at line 301:

tmp_file_path = os.path.join(tmp_dir, md5)

[codewiz]

Also, I think process.Popen invokes the program directly, avoiding all problems related to shell expansion.

[holta]

The path is constructed at line 301:

You mean line 391, ok:

calibre-web/cps/uploader.py

Line 391 in 46f0e6c

tmp_file_path = os.path.join(tmp_dir, md5)

[holta]

Also, I think process.Popen invokes the program directly, avoiding all problems related to shell expansion.

Clarify a specific recommendation?

[holta]

Presumably @codewiz is talking about:

calibre-web/cps/subproc_wrapper.py

Line 38 in 07e2a05

return subprocess.Popen(exc_command, shell=False, stdout=sout, stderr=serr, universal_newlines=newlines, env=env) # nosec

@deldesir please go ahead and revise (i.e. tighten up) using Bernie's recommendations, Thanks!

[deldesir]

@holta, I did not use Calibre-Web's subprocess wrapper here because I thought it's more clear to just call it and use run from it.

[holta]

@holta, I did not use Calibre-Web's subprocess wrapper here because I thought it's more clear to just call it and use run from it.

Ah, interesting!

@codewiz is this clean/solid enough, in your opinion?

[deldesir]

Recommendations applied in 2bdd296

[holta]

Add explanatory comments back

Awesome! Allowing for easier tweaking of ffmpeg in future, if anybody chooses!

[holta]

1. @deldesir can you tell why @nzola's fresh VM install is not working? (http://box/books shows "502 Bad Gateway")

   

   iiab-diagnostics: https://dpaste.com/FKWVETW67

2. @deldesir can you eliminate the ffmpeg-related SyntaxWarning: invalid escape sequence going forward? As seen in his logs below:

   [2024-06-21 12:08:26,370] WARN {py.warnings:110} /usr/local/calibre-web-py3/lib/python3.12/site-packages/flask_limiter/extension.py:337: UserWarning: Using the in-memory storage for tracking rate limits as no storage was explicitly specified. This is not recommended for production use. See: https://flask-limiter.readthedocs.io#configuring-a-storage-backend for documentation about configuring the storage backend.
   warnings.warn(

   [2024-06-21 12:08:26,688] WARN {py.warnings:110} /usr/local/calibre-web-py3/cps/uploader.py:338: SyntaxWarning: invalid escape sequence ','
   '-vf', 'fps=1,thumbnail,select=gt(scene,0.1),scale=-1:720', # apply filters to avoid black frames and scale

   [2024-06-21 12:08:26,822] WARN {py.warnings:110} /usr/local/calibre-web-py3/cps/metadata_provider/lubimyczytac.py:140: SyntaxWarning: invalid escape sequence '?'
   characters_to_remove = "?()/"

[holta]

FYI @nzola a fresh install of IIAB Calibre-Web onto Ubuntu 24.04 (VM) just worked for me.

As confirmed by iiab-diagnostics: https://dpaste.com/9DWAB47VX

[nzola]

FYI @nzola a fresh install of IIAB Calibre-Web onto Ubuntu 24.04 (VM) just worked for me.

As confirmed by iiab-diagnostics: https://dpaste.com/9DWAB47VX

ubuntu@box:~$ pastebinit -b dpaste.com /var/log/nginx/error.log
https://dpaste.com/9JANY2EA6
ubuntu@box:~$ journalctl -u nginx | pastebinit -b dpaste.com
https://dpaste.com/3S2KYHC2A
ubuntu@box:~$ journalctl -u calibre-web | pastebinit -b dpaste.com
https://dpaste.com/3RASF2AMN
ubuntu@box:~$

[holta]

@nzola you tried two erroneous URLs:

• http://box/books (wrong box, it shows NGINX 1.22.1, which is not possible with an Ubuntu 24.04 VM, so the "502 Bad Gateway" error is irrelevant!) ❌
• http://172.23.47.39/home showing "403 Forbidden" ❌

You need to try:

• http://172.23.47.39/books ✅

[nzola]

@nzola you tried two erroneous URLs:

• http://box/books (wrong box, it shows NGINX 1.22.1, which is not possible with an Ubuntu 24.04 VM, so the "502 Bad Gateway" error is irrelevant!) ❌
• http://172.23.47.39/home showing "403 Forbidden" ❌

You need to try:

• http://172.23.47.39/books ✅

My vm/iiab is working now.
I turned [off] the box Lokole/iiab downstairs and now I can browse with http://172.23.47.39/books as well with http://box/books.