Security hardening, exploit fix, external identifiers, and metadata rescan

[therobbiedavis]

It was brought to my attention that there was a significant security flaw with the authentication system where some api endpoints would expose Listenarrs apikey. I have fixed this exploit by making those endpoint require authorization when authentication is enabled. While looking into this security flaw, I found others as well that I have fixed, including one where the images were loaded by passing the apikey as a query param. Additionally, for clarity, there is now a banner warning you that authentication is disabled to make sure you're aware of the risk.

Audible seems to change ASINs for their books sometimes. so this release also adds the ability to add additional identifiers (ASIN, ISBN, or OLID), and the ability rescan for metadata based on the primary identifier. Additionally if audiobook covers or authors for items in your library go missing from the cache, then Listenarr will now try to automatically redownload it from the metadata provider and cache it in an attempt to recover and not show the placeholder. You can find a full list of changes and fixes below and in the CHANGELOG.md.

Changed

• Added no-auth deployment warnings (backend startup log + frontend banner).
• Improved API secret handling with caller-aware response redaction.
• Unified protected image loading behavior in AudiobooksView to match auth-safe blob loading used elsewhere.
• Streamlined AudiobooksView and AudiobookDetailView behavior (tab sync, status navigation, action config, selection/status handling).
• Added responsive shell offset handling using shared top-offset variables (App, AudiobooksView, SettingsView) so fixed toolbars/legends behave correctly with the security banner.
• Edit Audiobook modal now uses large layout.

Added

• Typed audiobook external identifiers (ASIN, ISBN, OLID) with migration/backfill and legacy compatibility.
• Identifier editing API and UI (including primary indicator/source badges).
• POST /api/library/{id}/rescan-metadata endpoint and detail-view action.
• Metadata/image recovery using stored identifiers + stronger OpenLibrary fallbacks.
• Shared security helpers:
• request trust evaluation
• secret hashing for logs
• sensitive endpoint access guard
• outbound request URL/DNS/final-URI validation
• API response redaction
• Additional regression tests for identifiers, metadata rescan, image fallback, and security hardening.

Fixed

• startup config API key exposure (redaction / secret handling)
• anonymous admin registration escalation path
• Identifier provenance spoofing (source) on user writes.
• Duplicate identifier rows in identifier edit UI.
• Metadata rescan response leaking attempted IDs.
• Metadata rescan abuse risk (cooldown/rate limiting + attempt caps).
• Logging leaks (raw header dumps and token/API-key prefix logging).
• SSRF hardening gaps for notifications/indexer test/import flows.
• Debug/diagnostic/process-control endpoints exposed to remote unauthenticated callers.
• Audiobook image auth failures in authenticated mode ( direct-call 401s).
• Multiple image fallback/cache-miss failures (Audimeta/Audnexus/OpenLibrary chain).
• Author cards using audiobook cover fallback instead of placeholder.
• Genres not appearing after metadata rescan due to incomplete detail payload.
• Runtime formatting bug in audiobook details (minutes interpreted incorrectly).
• Audiobooks/detail status navigation tab mismatch.
• Various frontend test failures/warnings.

Removed

• Raw request-header dumps in session auth logging.
• Public exposure of attempted identifier details in metadata-rescan error responses.
• Author-image fallback to audiobook covers.
• Duplicate imported/manual identifier presentation for identical normalized IDs.