This is a major change for the next release of Miniflux.
- There is now only one database that can supports multiple users
- There is no automated schema migration for this release
- A migration procedure is available in the ChangeLog file
User aschilling made some extensive client tests with miniflux and noticed that Mr Reader (iOS) and ReadKit (OSX) are sending the API key in upper case.
- each feed can have multiple groups assigned
- group assignments are done on the add or edit feed page
- groups are only visible on the unread page
- groups are exported via the fever api
- it's not possible do delete a group manually from the database (the group will be removed automatically, as soon as the last association of a group to a feed is removed)
- if you try to create an already existing group, the existing group is used to prevent duplicates
- remove the pseudo group 'All', the API description doesn't say that a group is required and Reeder on iOS works fine without groups
- mark feeds/groups only as read since the API doesn't allow to mark them as unread
Check if a requested database can be selected. Error out if not.
This prevents automatic fallbacks to the default database.
Remove the authorized information from the session if a new database
gets selected.
Factor out logout function to reuse existing code.
Utilize apaches mod_rewrite to append a database parameter to the fever
api script based on the requested URL. Basically everything after
/fever/ is treated as the desired database. E.g. using
https://www.miniflux.net/fever/custom.sqlite/ as server url selects this
database as sync source/target.
The user supplied database parameter is compared with the output of
Model\Database\get_all(), which ensures that only files within the
DATA_DIRECTORY can be referenced (prevents File Inclusion/Directory
Traversal vulnerabilities).
I've tested it against Reeder on iOS. Note that Reeder does not allow
the same user name to be used multiple times within the same domain
name, even if the used URLs are different.
Zero is a valid super group id according to the "mark the Kindling super group
as read" example in the Fever API docs. But the php function empty considers 0
as an empty value and the condition is never true.
The condition has been changed to accept -1 for the "Sparks" super group,
0 for the "Kindling" super group and any other positive integer (feed and
item id must be positive integers).
The group id Zero is used by Reeder for iOS for the virtual feed "unread".