X-Git-Url: http://git.nikiroo.be/?p=fanfix.git;a=blobdiff_plain;f=src%2Fbe%2Fnikiroo%2Ffanfix%2Flibrary%2FWebLibraryServer.java;h=22f36e91f5729a7bfef72fe9c98d2a7fa157a6ec;hp=b4a6e4bb25f3776c819a43e9235f58b5c63b7788;hb=cab46763df87b1aacf51a9c064a3f5fc49642df9;hpb=34718cf9dc943306279713aec140a197fb27629a

diff --git a/src/be/nikiroo/fanfix/library/WebLibraryServer.java b/src/be/nikiroo/fanfix/library/WebLibraryServer.java
index b4a6e4b..22f36e9 100644
--- a/src/be/nikiroo/fanfix/library/WebLibraryServer.java
+++ b/src/be/nikiroo/fanfix/library/WebLibraryServer.java
@@ -1,156 +1,79 @@
 package be.nikiroo.fanfix.library;
 
 import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
-import java.security.KeyStore;
+import java.net.URL;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLServerSocketFactory;
-
 import org.json.JSONArray;
 import org.json.JSONObject;
 
 import be.nikiroo.fanfix.Instance;
 import be.nikiroo.fanfix.bundles.Config;
-import be.nikiroo.fanfix.bundles.UiConfig;
 import be.nikiroo.fanfix.data.Chapter;
 import be.nikiroo.fanfix.data.JsonIO;
 import be.nikiroo.fanfix.data.MetaData;
 import be.nikiroo.fanfix.data.Paragraph;
 import be.nikiroo.fanfix.data.Paragraph.ParagraphType;
 import be.nikiroo.fanfix.data.Story;
-import be.nikiroo.fanfix.library.web.WebLibraryServerIndex;
-import be.nikiroo.fanfix.reader.TextOutput;
-import be.nikiroo.utils.CookieUtils;
-import be.nikiroo.utils.IOUtils;
 import be.nikiroo.utils.Image;
+import be.nikiroo.utils.LoginResult;
 import be.nikiroo.utils.NanoHTTPD;
-import be.nikiroo.utils.NanoHTTPD.IHTTPSession;
 import be.nikiroo.utils.NanoHTTPD.Response;
 import be.nikiroo.utils.NanoHTTPD.Response.Status;
-import be.nikiroo.utils.TraceHandler;
-import be.nikiroo.utils.Version;
-
-public class WebLibraryServer implements Runnable {
-	static private String VIEWER_URL_BASE = "/view/story/";
-	static private String VIEWER_URL = VIEWER_URL_BASE + "{luid}/{chap}/{para}";
-	static private String STORY_URL_BASE = "/story/";
-	static private String STORY_URL = STORY_URL_BASE + "{luid}/{chap}/{para}";
-	static private String STORY_URL_COVER = STORY_URL_BASE + "{luid}/cover";
-	static private String LIST_URL = "/list/";
-
-	private class LoginResult {
-		private boolean success;
-		private boolean rw;
-		private boolean wl;
-		private String wookie;
-		private String token;
-		private boolean badLogin;
-		private boolean badToken;
-
-		public LoginResult(String who, String key, String subkey,
-				boolean success, boolean rw, boolean wl) {
-			this.success = success;
-			this.rw = rw;
-			this.wl = wl;
-			this.wookie = CookieUtils.generateCookie(who + key, 0);
-
-			String opts = "";
-			if (rw)
-				opts += "|rw";
-			if (!wl)
-				opts += "|wl";
-
-			this.token = wookie + "~"
-					+ CookieUtils.generateCookie(wookie + subkey + opts, 0)
-					+ "~" + opts;
-			this.badLogin = !success;
-		}
-
-		public LoginResult(String token, String who, String key,
-				List<String> subkeys) {
-
-			if (token != null) {
-				String hashes[] = token.split("~");
-				if (hashes.length >= 2) {
-					String wookie = hashes[0];
-					String rehashed = hashes[1];
-					String opts = hashes.length > 2 ? hashes[2] : "";
-
-					if (CookieUtils.validateCookie(who + key, wookie)) {
-						if (subkeys == null) {
-							subkeys = new ArrayList<String>();
-						}
-						subkeys = new ArrayList<String>(subkeys);
-						subkeys.add("");
-
-						for (String subkey : subkeys) {
-							if (CookieUtils.validateCookie(
-									wookie + subkey + opts, rehashed)) {
-								this.wookie = wookie;
-								this.token = token;
-								this.success = true;
-
-								this.rw = opts.contains("|rw");
-								this.wl = !opts.contains("|wl");
-							}
-						}
-					}
-				}
+import be.nikiroo.utils.Progress;
 
-				this.badToken = !success;
-			}
+public class WebLibraryServer extends WebLibraryServerHtml {
+	class WLoginResult extends LoginResult {
+		public WLoginResult(boolean badLogin, boolean badCookie) {
+			super(badLogin, badCookie);
+		}
 
-			// No token -> no bad token
+		public WLoginResult(String who, String key, String subkey, boolean rw,
+				boolean wl, boolean bl) {
+			super(who, key, subkey, (rw ? "|rw" : "") + (wl ? "|wl" : "")
+					+ (bl ? "|bl" : "") + "|");
 		}
 
-		public boolean isSuccess() {
-			return success;
+		public WLoginResult(String cookie, String who, String key,
+				List<String> subkeys) {
+			super(cookie, who, key, subkeys,
+					subkeys == null || subkeys.isEmpty());
 		}
 
 		public boolean isRw() {
-			return rw;
+			return getOption().contains("|rw|");
 		}
 
 		public boolean isWl() {
-			return wl;
-		}
-
-		public String getToken() {
-			return token;
+			return getOption().contains("|wl|");
 		}
 
-		public boolean isBadLogin() {
-			return badLogin;
-		}
-
-		public boolean isBadToken() {
-			return badToken;
+		public boolean isBl() {
+			return getOption().contains("|bl|");
 		}
 	}
 
-	private NanoHTTPD server;
 	private Map<String, Story> storyCache = new HashMap<String, Story>();
 	private LinkedList<String> storyCacheOrder = new LinkedList<String>();
 	private long storyCacheSize = 0;
 	private long maxStoryCacheSize;
-	private TraceHandler tracer = new TraceHandler();
+
+	private List<String> whitelist;
+	private List<String> blacklist;
+
+	private Map<String, Progress> imprts = new HashMap<String, Progress>();
+
+	private boolean exiting;
 
 	public WebLibraryServer(boolean secure) throws IOException {
-		Integer port = Instance.getInstance().getConfig()
-				.getInteger(Config.SERVER_PORT);
-		if (port == null) {
-			throw new IOException(
-					"Cannot start web server: port not specified");
-		}
+		super(secure);
 
 		int cacheMb = Instance.getInstance().getConfig()
 				.getInteger(Config.SERVER_MAX_CACHE_MB, 100);
@@ -158,196 +81,10 @@ public class WebLibraryServer implements Runnable {
 
 		setTraceHandler(Instance.getInstance().getTraceHandler());
 
-		SSLServerSocketFactory ssf = null;
-		if (secure) {
-			String keystorePath = Instance.getInstance().getConfig()
-					.getString(Config.SERVER_SSL_KEYSTORE, "");
-			String keystorePass = Instance.getInstance().getConfig()
-					.getString(Config.SERVER_SSL_KEYSTORE_PASS);
-
-			if (secure && keystorePath.isEmpty()) {
-				throw new IOException(
-						"Cannot start a secure web server: no keystore.jks file povided");
-			}
-
-			if (!keystorePath.isEmpty()) {
-				File keystoreFile = new File(keystorePath);
-				try {
-					KeyStore keystore = KeyStore
-							.getInstance(KeyStore.getDefaultType());
-					InputStream keystoreStream = new FileInputStream(
-							keystoreFile);
-					try {
-						keystore.load(keystoreStream,
-								keystorePass.toCharArray());
-						KeyManagerFactory keyManagerFactory = KeyManagerFactory
-								.getInstance(KeyManagerFactory
-										.getDefaultAlgorithm());
-						keyManagerFactory.init(keystore,
-								keystorePass.toCharArray());
-						ssf = NanoHTTPD.makeSSLSocketFactory(keystore,
-								keyManagerFactory);
-					} finally {
-						keystoreStream.close();
-					}
-				} catch (Exception e) {
-					throw new IOException(e.getMessage());
-				}
-			}
-		}
-
-		server = new NanoHTTPD(port) {
-			@Override
-			public Response serve(final IHTTPSession session) {
-				super.serve(session);
-
-				String query = session.getQueryParameterString(); // a=a%20b&dd=2
-				Method method = session.getMethod(); // GET, POST..
-				String uri = session.getUri(); // /home.html
-
-				// need them in real time (not just those sent by the UA)
-				Map<String, String> cookies = new HashMap<String, String>();
-				for (String cookie : session.getCookies()) {
-					cookies.put(cookie, session.getCookies().read(cookie));
-				}
-
-				List<String> whitelist = Instance.getInstance().getConfig()
-						.getList(Config.SERVER_WHITELIST);
-				if (whitelist == null) {
-					whitelist = new ArrayList<String>();
-				}
-
-				LoginResult login = null;
-				Map<String, String> params = session.getParms();
-				String who = session.getRemoteHostName()
-						+ session.getRemoteIpAddress();
-				if (params.get("login") != null) {
-					login = login(who, params.get("password"),
-							params.get("login"), whitelist);
-				} else {
-					String token = cookies.get("token");
-					login = login(who, token, Instance.getInstance().getConfig()
-							.getList(Config.SERVER_ALLOWED_SUBKEYS));
-				}
-
-				if (login.isSuccess()) {
-					if (!login.isWl()) {
-						whitelist.clear();
-					}
-
-					// refresh token
-					session.getCookies().set(new Cookie("token",
-							login.getToken(), "30; path=/"));
-
-					// set options
-					String optionName = params.get("optionName");
-					if (optionName != null && !optionName.isEmpty()) {
-						String optionNo = params.get("optionNo");
-						String optionValue = params.get("optionValue");
-						if (optionNo != null || optionValue == null
-								|| optionValue.isEmpty()) {
-							session.getCookies().delete(optionName);
-							cookies.remove(optionName);
-						} else {
-							session.getCookies().set(new Cookie(optionName,
-									optionValue, "; path=/"));
-							cookies.put(optionName, optionValue);
-						}
-					}
-				}
-
-				Response rep = null;
-				if (!login.isSuccess() && (uri.equals("/") //
-						|| uri.startsWith(STORY_URL_BASE) //
-						|| uri.startsWith(VIEWER_URL_BASE) //
-						|| uri.startsWith(LIST_URL))) {
-					rep = loginPage(login, uri);
-				}
-
-				if (rep == null) {
-					try {
-						if (uri.equals("/")) {
-							rep = root(session, cookies, whitelist);
-						} else if (uri.startsWith(LIST_URL)) {
-							rep = getList(uri, whitelist);
-						} else if (uri.startsWith(STORY_URL_BASE)) {
-							rep = getStoryPart(uri, whitelist);
-						} else if (uri.startsWith(VIEWER_URL_BASE)) {
-							rep = getViewer(cookies, uri, whitelist);
-						} else if (uri.equals("/logout")) {
-							session.getCookies().delete("token");
-							cookies.remove("token");
-							rep = loginPage(login, uri);
-						} else {
-							if (uri.startsWith("/"))
-								uri = uri.substring(1);
-							InputStream in = IOUtils.openResource(
-									WebLibraryServerIndex.class, uri);
-							if (in != null) {
-								String mimeType = MIME_PLAINTEXT;
-								if (uri.endsWith(".css")) {
-									mimeType = "text/css";
-								} else if (uri.endsWith(".html")) {
-									mimeType = "text/html";
-								} else if (uri.endsWith(".js")) {
-									mimeType = "text/javascript";
-								}
-								rep = newChunkedResponse(Status.OK, mimeType,
-										in);
-							} else {
-								getTraceHandler().trace("404: " + uri);
-							}
-						}
-
-						if (rep == null) {
-							rep = newFixedLengthResponse(Status.NOT_FOUND,
-									NanoHTTPD.MIME_PLAINTEXT, "Not Found");
-						}
-					} catch (Exception e) {
-						Instance.getInstance().getTraceHandler().error(
-								new IOException("Cannot process web request",
-										e));
-						rep = newFixedLengthResponse(Status.INTERNAL_ERROR,
-								NanoHTTPD.MIME_PLAINTEXT, "An error occured");
-					}
-				}
-
-				return rep;
-
-				// Get status: for story, use "luid" + active map of current
-				// luids
-				// map must use a addRef/removeRef and delete at 0
-
-				// http://localhost:2000/?token=ok
-
-				//
-				// MetaData meta = new MetaData();
-				// meta.setTitle("Title");
-				// meta.setLuid("000");
-				//
-				// JSONObject json = new JSONObject();
-				// json.put("", MetaData.class.getName());
-				// json.put("title", meta.getTitle());
-				// json.put("luid", meta.getLuid());
-				//
-				// return newFixedLengthResponse(json.toString());
-			}
-		};
-
-		if (ssf != null) {
-			getTraceHandler().trace("Install SSL on the web server...");
-			server.makeSecure(ssf, null);
-			getTraceHandler().trace("Done.");
-		}
-	}
-
-	@Override
-	public void run() {
-		try {
-			server.start(NanoHTTPD.SOCKET_READ_TIMEOUT, false);
-		} catch (IOException e) {
-			tracer.error(new IOException("Cannot start the web server", e));
-		}
+		whitelist = Instance.getInstance().getConfig()
+				.getList(Config.SERVER_WHITELIST, new ArrayList<String>());
+		blacklist = Instance.getInstance().getConfig()
+				.getList(Config.SERVER_BLACKLIST, new ArrayList<String>());
 	}
 
 	/**
@@ -362,116 +99,121 @@ public class WebLibraryServer implements Runnable {
 		new Thread(this).start();
 	}
 
-	/**
-	 * The traces handler for this {@link WebLibraryServer}.
-	 * 
-	 * @return the traces handler
-	 */
-	public TraceHandler getTraceHandler() {
-		return tracer;
-	}
+	@Override
+	protected Response stop(WLoginResult login) {
+		if (!login.isRw()) {
+			return NanoHTTPD.newFixedLengthResponse(Status.FORBIDDEN,
+					NanoHTTPD.MIME_PLAINTEXT, "Exit not allowed");
+		}
 
-	/**
-	 * The traces handler for this {@link WebLibraryServer}.
-	 * 
-	 * @param tracer
-	 *            the new traces handler
-	 */
-	public void setTraceHandler(TraceHandler tracer) {
-		if (tracer == null) {
-			tracer = new TraceHandler(false, false, false);
+		if (exiting) {
+			return NanoHTTPD.newFixedLengthResponse(Status.SERVICE_UNAVAILABLE,
+					NanoHTTPD.MIME_PLAINTEXT, "Server is already exiting...");
 		}
 
-		this.tracer = tracer;
+		exiting = true;
+		Instance.getInstance().getTraceHandler().trace("Exiting");
+
+		boolean ok;
+		do {
+			synchronized (imprts) {
+				ok = imprts.isEmpty();
+			}
+			if (!ok) {
+				try {
+					Thread.sleep(2000);
+				} catch (InterruptedException e) {
+					Instance.getInstance().getTraceHandler()
+							.trace("Waiting to exit...");
+				}
+			}
+		} while (!ok);
+
+		doStop();
+
+		new Thread(new Runnable() {
+			@Override
+			public void run() {
+				try {
+					Thread.sleep(1500);
+				} catch (InterruptedException e) {
+				}
+
+				Instance.getInstance().getTraceHandler()
+						.trace("Exit timeout: force-quit");
+				System.exit(0);
+			}
+		}, "Exit program after timeout of 1500 ms").start();
+
+		return NanoHTTPD.newFixedLengthResponse(Status.OK,
+				NanoHTTPD.MIME_PLAINTEXT, "Exited");
+	}
+
+	@Override
+	protected WLoginResult login(boolean badLogin, boolean badCookie) {
+		return new WLoginResult(false, false);
 	}
 
-	private LoginResult login(String who, String token, List<String> subkeys) {
+	@Override
+	protected WLoginResult login(String who, String cookie) {
+		List<String> subkeys = Instance.getInstance().getConfig()
+				.getList(Config.SERVER_ALLOWED_SUBKEYS);
 		String realKey = Instance.getInstance().getConfig()
 				.getString(Config.SERVER_KEY);
-		realKey = realKey == null ? "" : realKey;
-		return new LoginResult(token, who, realKey, subkeys);
+
+		return new WLoginResult(cookie, who, realKey, subkeys);
 	}
 
 	// allow rw/wl
-	private LoginResult login(String who, String key, String subkey,
-			List<String> whitelist) {
+	@Override
+	protected WLoginResult login(String who, String key, String subkey) {
 		String realKey = Instance.getInstance().getConfig()
-				.getString(Config.SERVER_KEY);
+				.getString(Config.SERVER_KEY, "");
 
 		// I don't like NULLs...
-		realKey = realKey == null ? "" : realKey;
 		key = key == null ? "" : key;
 		subkey = subkey == null ? "" : subkey;
 
 		if (!realKey.equals(key)) {
-			return new LoginResult(null, null, null, false, false, false);
+			return new WLoginResult(true, false);
 		}
 
-		// defaults are positive (as previous versions without the feature)
+		// defaults are true (as previous versions without the feature)
 		boolean rw = true;
 		boolean wl = true;
-
-		if (whitelist.isEmpty()) {
-			wl = false;
-		}
+		boolean bl = true;
 
 		rw = Instance.getInstance().getConfig().getBoolean(Config.SERVER_RW,
 				rw);
-		if (!subkey.isEmpty()) {
-			List<String> allowed = Instance.getInstance().getConfig()
-					.getList(Config.SERVER_ALLOWED_SUBKEYS);
-			if (allowed != null && allowed.contains(subkey)) {
-				if ((subkey + "|").contains("|rw|")) {
-					rw = true;
-				}
-				if ((subkey + "|").contains("|wl|")) {
-					wl = false; // |wl| = bypass whitelist
-				}
-			} else {
-				return new LoginResult(null, null, null, false, false, false);
-			}
-		}
-
-		return new LoginResult(who, key, subkey, true, rw, wl);
-	}
 
-	private Response loginPage(LoginResult login, String uri) {
-		StringBuilder builder = new StringBuilder();
+		List<String> allowed = Instance.getInstance().getConfig().getList(
+				Config.SERVER_ALLOWED_SUBKEYS, new ArrayList<String>());
 
-		appendPreHtml(builder, true);
-
-		if (login.isBadLogin()) {
-			builder.append("<div class='error'>Bad login or password</div>");
-		} else if (login.isBadToken()) {
-			builder.append("<div class='error'>Your session timed out</div>");
-		}
+		if (!allowed.isEmpty()) {
+			if (!allowed.contains(subkey)) {
+				return new WLoginResult(true, false);
+			}
 
-		if (uri.equals("/logout")) {
-			uri = "/";
+			if ((subkey + "|").contains("|rw|")) {
+				rw = true;
+			}
+			if ((subkey + "|").contains("|wl|")) {
+				wl = false; // |wl| = bypass whitelist
+			}
+			if ((subkey + "|").contains("|bl|")) {
+				bl = false; // |bl| = bypass blacklist
+			}
 		}
 
-		builder.append(
-				"<form method='POST' action='" + uri + "' class='login'>\n");
-		builder.append(
-				"<p>You must be logged into the system to see the stories.</p>");
-		builder.append("\t<input type='text' name='login' />\n");
-		builder.append("\t<input type='password' name='password' />\n");
-		builder.append("\t<input type='submit' value='Login' />\n");
-		builder.append("</form>\n");
-
-		appendPostHtml(builder);
-
-		return NanoHTTPD.newFixedLengthResponse(Status.FORBIDDEN,
-				NanoHTTPD.MIME_HTML, builder.toString());
+		return new WLoginResult(who, key, subkey, rw, wl, bl);
 	}
 
-	protected Response getList(String uri, List<String> whitelist)
+	@Override
+	protected Response getList(String uri, WLoginResult login)
 			throws IOException {
-		if (uri.equals("/list/luids")) {
-			BasicLibrary lib = Instance.getInstance().getLibrary();
-			List<MetaData> metas = lib.getList().filter(whitelist, null, null);
+		if (WebLibraryUrls.LIST_URL_METADATA.equals(uri)) {
 			List<JSONObject> jsons = new ArrayList<JSONObject>();
-			for (MetaData meta : metas) {
+			for (MetaData meta : metas(login)) {
 				jsons.add(JsonIO.toJson(meta));
 			}
 
@@ -484,196 +226,23 @@ public class WebLibraryServer implements Runnable {
 				NanoHTTPD.MIME_PLAINTEXT, null);
 	}
 
-	private Response root(IHTTPSession session, Map<String, String> cookies,
-			List<String> whitelist) throws IOException {
-		BasicLibrary lib = Instance.getInstance().getLibrary();
-		MetaResultList result = lib.getList();
-		result = new MetaResultList(result.filter(whitelist, null, null));
-		StringBuilder builder = new StringBuilder();
-
-		appendPreHtml(builder, true);
-
-		Map<String, String> params = session.getParms();
-
-		String filter = cookies.get("filter");
-		if (params.get("optionNo") != null)
-			filter = null;
-		if (filter == null) {
-			filter = "";
-		}
-
-		String browser = params.get("browser") == null ? ""
-				: params.get("browser");
-		String browser2 = params.get("browser2") == null ? ""
-				: params.get("browser2");
-		String browser3 = params.get("browser3") == null ? ""
-				: params.get("browser3");
-
-		String filterSource = null;
-		String filterAuthor = null;
-		String filterTag = null;
-
-		// TODO: javascript in realtime, using visible=false + hide [submit]
-
-		builder.append("<form class='browser'>\n");
-		builder.append("<div class='breadcrumbs'>\n");
-
-		builder.append("\t<select name='browser'>");
-		appendOption(builder, 2, "", "", browser);
-		appendOption(builder, 2, "Sources", "sources", browser);
-		appendOption(builder, 2, "Authors", "authors", browser);
-		appendOption(builder, 2, "Tags", "tags", browser);
-		builder.append("\t</select>\n");
-
-		if (!browser.isEmpty()) {
-			builder.append("\t<select name='browser2'>");
-			if (browser.equals("sources")) {
-				filterSource = browser2.isEmpty() ? filterSource : browser2;
-				// TODO: if 1 group -> no group
-				appendOption(builder, 2, "", "", browser2);
-				Map<String, List<String>> sources = result.getSourcesGrouped();
-				for (String source : sources.keySet()) {
-					appendOption(builder, 2, source, source, browser2);
-				}
-			} else if (browser.equals("authors")) {
-				filterAuthor = browser2.isEmpty() ? filterAuthor : browser2;
-				// TODO: if 1 group -> no group
-				appendOption(builder, 2, "", "", browser2);
-				Map<String, List<String>> authors = result.getAuthorsGrouped();
-				for (String author : authors.keySet()) {
-					appendOption(builder, 2, author, author, browser2);
-				}
-			} else if (browser.equals("tags")) {
-				filterTag = browser2.isEmpty() ? filterTag : browser2;
-				appendOption(builder, 2, "", "", browser2);
-				for (String tag : result.getTags()) {
-					appendOption(builder, 2, tag, tag, browser2);
-				}
-			}
-			builder.append("\t</select>\n");
-		}
-
-		if (!browser2.isEmpty()) {
-			if (browser.equals("sources")) {
-				filterSource = browser3.isEmpty() ? filterSource : browser3;
-				Map<String, List<String>> sourcesGrouped = result
-						.getSourcesGrouped();
-				List<String> sources = sourcesGrouped.get(browser2);
-				if (sources != null && !sources.isEmpty()) {
-					// TODO: single empty value
-					builder.append("\t<select name='browser3'>");
-					appendOption(builder, 2, "", "", browser3);
-					for (String source : sources) {
-						appendOption(builder, 2, source, source, browser3);
-					}
-					builder.append("\t</select>\n");
-				}
-			} else if (browser.equals("authors")) {
-				filterAuthor = browser3.isEmpty() ? filterAuthor : browser3;
-				Map<String, List<String>> authorsGrouped = result
-						.getAuthorsGrouped();
-				List<String> authors = authorsGrouped.get(browser2);
-				if (authors != null && !authors.isEmpty()) {
-					// TODO: single empty value
-					builder.append("\t<select name='browser3'>");
-					appendOption(builder, 2, "", "", browser3);
-					for (String author : authors) {
-						appendOption(builder, 2, author, author, browser3);
-					}
-					builder.append("\t</select>\n");
-				}
-			}
-		}
-
-		builder.append("\t<input type='submit' value='Select'/>\n");
-		builder.append("</div>\n");
-
-		// TODO: javascript in realtime, using visible=false + hide [submit]
-		builder.append("<div class='filter'>\n");
-		builder.append("\t<span class='label'>Filter: </span>\n");
-		builder.append(
-				"\t<input name='optionName'  type='hidden' value='filter' />\n");
-		builder.append("\t<input name='optionValue' type='text'   value='"
-				+ filter + "' place-holder='...' />\n");
-		builder.append("\t<input name='optionNo'  type='submit' value='x' />");
-		builder.append(
-				"\t<input name='submit' type='submit' value='Filter' />\n");
-		builder.append("</div>\n");
-		builder.append("</form>\n");
-
-		builder.append("\t<div class='books'>");
-		for (MetaData meta : result.getMetas()) {
-			if (!filter.isEmpty() && !meta.getTitle().toLowerCase()
-					.contains(filter.toLowerCase())) {
-				continue;
-			}
-
-			// TODO Sub sources
-			if (filterSource != null
-					&& !filterSource.equals(meta.getSource())) {
-				continue;
-			}
-
-			// TODO: sub authors
-			if (filterAuthor != null
-					&& !filterAuthor.equals(meta.getAuthor())) {
-				continue;
-			}
-
-			if (filterTag != null && !meta.getTags().contains(filterTag)) {
-				continue;
-			}
-
-			builder.append("<div class='book_line'>");
-			builder.append("<a href='");
-			builder.append(getViewUrl(meta.getLuid(), 0, null));
-			builder.append("'");
-			builder.append(" class='link'>");
-
-			if (lib.isCached(meta.getLuid())) {
-				// â = &#9673;
-				builder.append(
-						"<span class='cache_icon cached'>&#9673;</span>");
-			} else {
-				// â = &#9675;
-				builder.append(
-						"<span class='cache_icon uncached'>&#9675;</span>");
-			}
-			builder.append("<span class='luid'>");
-			builder.append(meta.getLuid());
-			builder.append("</span>");
-			builder.append("<span class='title'>");
-			builder.append(meta.getTitle());
-			builder.append("</span>");
-			builder.append("<span class='author'>");
-			if (meta.getAuthor() != null && !meta.getAuthor().isEmpty()) {
-				builder.append("(").append(meta.getAuthor()).append(")");
-			}
-			builder.append("</span>");
-			builder.append("</a></div>\n");
-		}
-		builder.append("</div>");
-
-		appendPostHtml(builder);
-		return NanoHTTPD.newFixedLengthResponse(builder.toString());
-	}
-
 	// /story/luid/chapter/para <-- text/image
 	// /story/luid/cover <-- image
 	// /story/luid/metadata <-- json
 	// /story/luid/json <-- json, whole chapter (no images)
-	private Response getStoryPart(String uri, List<String> whitelist) {
-		String[] cover = uri.split("/");
+	@Override
+	protected Response getStoryPart(String uri, WLoginResult login) {
+		String[] uriParts = uri.split("/");
 		int off = 2;
 
-		if (cover.length < off + 2) {
+		if (uriParts.length < off + 2) {
 			return NanoHTTPD.newFixedLengthResponse(Status.BAD_REQUEST,
 					NanoHTTPD.MIME_PLAINTEXT, null);
 		}
 
-		String luid = cover[off + 0];
-		String chapterStr = cover[off + 1];
-		String imageStr = cover.length < off + 3 ? null : cover[off + 2];
+		String luid = uriParts[off + 0];
+		String chapterStr = uriParts[off + 1];
+		String imageStr = uriParts.length < off + 3 ? null : uriParts[off + 2];
 
 		// 1-based (0 = desc)
 		int chapter = 0;
@@ -709,24 +278,24 @@ public class WebLibraryServer implements Runnable {
 		InputStream in = null;
 		try {
 			if ("cover".equals(chapterStr)) {
-				Image img = getCover(luid, whitelist);
+				Image img = storyCover(luid, login);
 				if (img != null) {
 					in = img.newInputStream();
 				}
 				// TODO: get correct image type
 				mimeType = "image/png";
 			} else if ("metadata".equals(chapterStr)) {
-				MetaData meta = meta(luid, whitelist);
+				MetaData meta = meta(luid, login);
 				JSONObject json = JsonIO.toJson(meta);
 				mimeType = "application/json";
 				in = new ByteArrayInputStream(json.toString().getBytes());
 			} else if ("json".equals(chapterStr)) {
-				Story story = story(luid, whitelist);
+				Story story = story(luid, login);
 				JSONObject json = JsonIO.toJson(story);
 				mimeType = "application/json";
 				in = new ByteArrayInputStream(json.toString().getBytes());
 			} else {
-				Story story = story(luid, whitelist);
+				Story story = story(luid, login);
 				if (story != null) {
 					if (chapter == 0) {
 						StringBuilder builder = new StringBuilder();
@@ -768,359 +337,254 @@ public class WebLibraryServer implements Runnable {
 		return newInputStreamResponse(mimeType, in);
 	}
 
-	private Response getViewer(Map<String, String> cookies, String uri,
-			List<String> whitelist) {
-		String[] cover = uri.split("/");
-		int off = 2;
+	// /story/luid/source
+	// /story/luid/title
+	// /story/luid/author
+	@Override
+	protected Response setStoryPart(String uri, String value,
+			WLoginResult login) throws IOException {
+		String[] uriParts = uri.split("/");
+		int off = 2; // "" and "story"
 
-		if (cover.length < off + 2) {
+		if (uriParts.length < off + 2) {
 			return NanoHTTPD.newFixedLengthResponse(Status.BAD_REQUEST,
-					NanoHTTPD.MIME_PLAINTEXT, null);
+					NanoHTTPD.MIME_PLAINTEXT, "Invalid story part request");
 		}
 
-		String type = cover[off + 0];
-		String luid = cover[off + 1];
-		String chapterStr = cover.length < off + 3 ? null : cover[off + 2];
-		String paragraphStr = cover.length < off + 4 ? null : cover[off + 3];
-
-		// 1-based (0 = desc)
-		int chapter = -1;
-		if (chapterStr != null) {
-			try {
-				chapter = Integer.parseInt(chapterStr);
-				if (chapter < 0) {
-					throw new NumberFormatException();
-				}
-			} catch (NumberFormatException e) {
-				return NanoHTTPD.newFixedLengthResponse(Status.BAD_REQUEST,
-						NanoHTTPD.MIME_PLAINTEXT, "Chapter is not valid");
-			}
+		if (!login.isRw()) {
+			return NanoHTTPD.newFixedLengthResponse(Status.FORBIDDEN,
+					NanoHTTPD.MIME_PLAINTEXT, "SET story part not allowed");
 		}
 
-		// 1-based
-		int paragraph = 0;
-		if (paragraphStr != null) {
-			try {
-				paragraph = Integer.parseInt(paragraphStr);
-				if (paragraph <= 0) {
-					throw new NumberFormatException();
-				}
-			} catch (NumberFormatException e) {
-				return NanoHTTPD.newFixedLengthResponse(Status.BAD_REQUEST,
-						NanoHTTPD.MIME_PLAINTEXT, "Paragraph is not valid");
-			}
+		if (exiting) {
+			return NanoHTTPD.newFixedLengthResponse(Status.SERVICE_UNAVAILABLE,
+					NanoHTTPD.MIME_PLAINTEXT, "Server is exiting...");
 		}
 
-		try {
-			Story story = story(luid, whitelist);
-			if (story == null) {
-				return NanoHTTPD.newFixedLengthResponse(Status.NOT_FOUND,
-						NanoHTTPD.MIME_PLAINTEXT, "Story not found");
-			}
+		String luid = uriParts[off + 0];
+		String type = uriParts[off + 1];
 
-			StringBuilder builder = new StringBuilder();
-			appendPreHtml(builder, false);
+		if (!Arrays.asList("source", "title", "author").contains(type)) {
+			return NanoHTTPD.newFixedLengthResponse(Status.BAD_REQUEST,
+					NanoHTTPD.MIME_PLAINTEXT,
+					"Invalid SET story part: " + type);
+		}
 
-			// For images documents, always go to the images if not chap 0 desc
-			if (story.getMeta().isImageDocument()) {
-				if (chapter > 0 && paragraph <= 0)
-					paragraph = 1;
+		if (meta(luid, login) != null) {
+			BasicLibrary lib = Instance.getInstance().getLibrary();
+			if ("source".equals(type)) {
+				lib.changeSource(luid, value, null);
+			} else if ("title".equals(type)) {
+				lib.changeTitle(luid, value, null);
+			} else if ("author".equals(type)) {
+				lib.changeAuthor(luid, value, null);
 			}
+		}
 
-			Chapter chap = null;
-			if (chapter <= 0) {
-				chap = story.getMeta().getResume();
-			} else {
-				try {
-					chap = story.getChapters().get(chapter - 1);
-				} catch (IndexOutOfBoundsException e) {
-					return NanoHTTPD.newFixedLengthResponse(Status.NOT_FOUND,
-							NanoHTTPD.MIME_PLAINTEXT, "Chapter not found");
-				}
-			}
+		return newInputStreamResponse(NanoHTTPD.MIME_PLAINTEXT, null);
+	}
 
-			String first, previous, next, last;
-
-			StringBuilder content = new StringBuilder();
-
-			String disabledLeft = "";
-			String disabledRight = "";
-			String disabledZoomReal = "";
-			String disabledZoomWidth = "";
-			String disabledZoomHeight = "";
-
-			if (paragraph <= 0) {
-				first = getViewUrl(luid, 0, null);
-				previous = getViewUrl(luid, (Math.max(chapter - 1, 0)), null);
-				next = getViewUrl(luid,
-						(Math.min(chapter + 1, story.getChapters().size())),
-						null);
-				last = getViewUrl(luid, story.getChapters().size(), null);
-
-				StringBuilder desc = new StringBuilder();
-
-				if (chapter <= 0) {
-					desc.append("<h1 class='title'>");
-					desc.append(story.getMeta().getTitle());
-					desc.append("</h1>\n");
-					desc.append("<div class='desc'>\n");
-					desc.append("\t<div class='cover'>\n");
-					desc.append("\t\t<img src='/story/" + luid + "/cover'/>\n");
-					desc.append("\t</div>\n");
-					desc.append("\t<table class='details'>\n");
-					Map<String, String> details = BasicLibrary
-							.getMetaDesc(story.getMeta());
-					for (String key : details.keySet()) {
-						appendTableRow(desc, 2, key, details.get(key));
-					}
-					desc.append("\t</table>\n");
-					desc.append("</div>\n");
-					desc.append("<h1 class='title'>Description</h1>\n");
-				}
+	@Override
+	protected Response getCover(String uri, WLoginResult login)
+			throws IOException {
+		String[] uriParts = uri.split("/");
+		int off = 2; // "" and "cover"
 
-				content.append("<div class='viewer text'>\n");
-				content.append(desc);
-				String description = new TextOutput(false).convert(chap,
-						chapter > 0);
-				content.append(chap.getParagraphs().size() <= 0
-						? "No content provided."
-						: description);
-				content.append("</div>\n");
-
-				if (chapter <= 0)
-					disabledLeft = " disabled='disbaled'";
-				if (chapter >= story.getChapters().size())
-					disabledRight = " disabled='disbaled'";
-			} else {
-				first = getViewUrl(luid, chapter, 1);
-				previous = getViewUrl(luid, chapter,
-						(Math.max(paragraph - 1, 1)));
-				next = getViewUrl(luid, chapter,
-						(Math.min(paragraph + 1, chap.getParagraphs().size())));
-				last = getViewUrl(luid, chapter, chap.getParagraphs().size());
-
-				if (paragraph <= 1)
-					disabledLeft = " disabled='disbaled'";
-				if (paragraph >= chap.getParagraphs().size())
-					disabledRight = " disabled='disbaled'";
-
-				// First -> previous *chapter*
-				if (chapter > 0)
-					disabledLeft = "";
-				first = getViewUrl(luid, (Math.max(chapter - 1, 0)), null);
-				if (paragraph <= 1) {
-					previous = first;
-				}
+		if (uriParts.length < off + 2) {
+			return NanoHTTPD.newFixedLengthResponse(Status.BAD_REQUEST,
+					NanoHTTPD.MIME_PLAINTEXT, "Invalid cover request");
+		}
 
-				Paragraph para = null;
-				try {
-					para = chap.getParagraphs().get(paragraph - 1);
-				} catch (IndexOutOfBoundsException e) {
-					return NanoHTTPD.newFixedLengthResponse(Status.NOT_FOUND,
-							NanoHTTPD.MIME_PLAINTEXT,
-							"Paragraph " + paragraph + " not found");
-				}
+		String type = uriParts[off + 0];
+		String id = uriParts[off + 1];
 
-				if (para.getType() == ParagraphType.IMAGE) {
-					String zoomStyle = "max-width: 100%;";
-					disabledZoomWidth = " disabled='disabled'";
-					String zoomOption = cookies.get("zoom");
-					if (zoomOption != null && !zoomOption.isEmpty()) {
-						if (zoomOption.equals("real")) {
-							zoomStyle = "";
-							disabledZoomWidth = "";
-							disabledZoomReal = " disabled='disabled'";
-						} else if (zoomOption.equals("width")) {
-							zoomStyle = "max-width: 100%;";
-						} else if (zoomOption.equals("height")) {
-							// see height of navbar + optionbar
-							zoomStyle = "max-height: calc(100% - 128px);";
-							disabledZoomWidth = "";
-							disabledZoomHeight = " disabled='disabled'";
-						}
-					}
+		InputStream in = null;
 
-					content.append(String.format("" //
-							+ "<a class='viewer link' href='%s'>"
-							+ "<img class='viewer img' style='%s' src='%s'/>"
-							+ "</a>", //
-							next, //
-							zoomStyle, //
-							getStoryUrl(luid, chapter, paragraph)));
-				} else {
-					content.append(String.format("" //
-							+ "<div class='viewer text'>%s</div>", //
-							para.getContent()));
-				}
+		if ("story".equals(type)) {
+			Image img = storyCover(id, login);
+			if (img != null) {
+				in = img.newInputStream();
+			}
+		} else if ("source".equals(type)) {
+			Image img = sourceCover(id, login);
+			if (img != null) {
+				in = img.newInputStream();
 			}
+		} else if ("author".equals(type)) {
+			Image img = authorCover(id, login);
+			if (img != null) {
+				in = img.newInputStream();
+			}
+		} else {
+			return NanoHTTPD.newFixedLengthResponse(Status.BAD_REQUEST,
+					NanoHTTPD.MIME_PLAINTEXT,
+					"Invalid GET cover type: " + type);
+		}
 
-			builder.append(String.format("" //
-					+ "<div class='bar navbar'>\n" //
-					+ "\t<a%s class='button first' href='%s'>&lt;&lt;</a>\n"//
-					+ "\t<a%s class='button previous' href='%s'>&lt;</a>\n" //
-					+ "\t<div class='gotobox itemsbox'>\n" //
-					+ "\t\t<div class='button goto'>%d</div>\n" //
-					+ "\t\t<div class='items goto'>\n", //
-					disabledLeft, first, //
-					disabledLeft, previous, //
-					paragraph > 0 ? paragraph : chapter //
-			));
-
-			// List of chap/para links
-
-			String blink = "/view/story/" + luid + "/";
-			appendItemA(builder, 3, blink + "0", "Description",
-					paragraph == 0 && chapter == 0);
-
-			if (paragraph > 0) {
-				blink = blink + chapter + "/";
-				for (int i = 1; i <= chap.getParagraphs().size(); i++) {
-					appendItemA(builder, 3, blink + i, "Image " + i,
-							paragraph == i);
-				}
-			} else {
-				int i = 1;
-				for (Chapter c : story.getChapters()) {
-					String chapName = "Chapter " + c.getNumber();
-					if (c.getName() != null && !c.getName().isEmpty()) {
-						chapName += ": " + c.getName();
-					}
+		// TODO: get correct image type
+		return newInputStreamResponse("image/png", in);
+	}
+
+	@Override
+	protected Response setCover(String uri, String luid, WLoginResult login)
+			throws IOException {
+		String[] uriParts = uri.split("/");
+		int off = 2; // "" and "cover"
 
-					appendItemA(builder, 3, blink + i, chapName, chapter == i);
+		if (uriParts.length < off + 2) {
+			return NanoHTTPD.newFixedLengthResponse(Status.BAD_REQUEST,
+					NanoHTTPD.MIME_PLAINTEXT, "Invalid cover request");
+		}
 
-					i++;
-				}
-			}
+		if (!login.isRw()) {
+			return NanoHTTPD.newFixedLengthResponse(Status.FORBIDDEN,
+					NanoHTTPD.MIME_PLAINTEXT, "Cover request not allowed");
+		}
 
-			builder.append(String.format("" //
-					+ "\t\t</div>\n" //
-					+ "\t</div>\n" //
-					+ "\t<a%s class='button next' href='%s'>&gt;</a>\n" //
-					+ "\t<a%s class='button last' href='%s'>&gt;&gt;</a>\n"//
-					+ "</div>\n", //
-					disabledRight, next, //
-					disabledRight, last //
-			));
-
-			builder.append(content);
-
-			builder.append("<div class='bar optionbar ");
-			if (paragraph > 0) {
-				builder.append("s4");
-			} else {
-				builder.append("s1");
-			}
-			builder.append("'>\n");
-			builder.append("	<a class='button back' href='/'>BACK</a>\n");
-
-			if (paragraph > 0) {
-				builder.append(String.format("" //
-						+ "\t<a%s class='button zoomreal'   href='%s'>REAL</a>\n"//
-						+ "\t<a%s class='button zoomwidth'  href='%s'>WIDTH</a>\n"//
-						+ "\t<a%s class='button zoomheight' href='%s'>HEIGHT</a>\n"//
-						+ "</div>\n", //
-						disabledZoomReal,
-						uri + "?optionName=zoom&optionValue=real", //
-						disabledZoomWidth,
-						uri + "?optionName=zoom&optionValue=width", //
-						disabledZoomHeight,
-						uri + "?optionName=zoom&optionValue=height" //
-				));
-			}
+		if (exiting) {
+			return NanoHTTPD.newFixedLengthResponse(Status.SERVICE_UNAVAILABLE,
+					NanoHTTPD.MIME_PLAINTEXT, "Server is exiting...");
+		}
 
-			appendPostHtml(builder);
-			return NanoHTTPD.newFixedLengthResponse(Status.OK,
-					NanoHTTPD.MIME_HTML, builder.toString());
-		} catch (IOException e) {
-			Instance.getInstance().getTraceHandler()
-					.error(new IOException("Cannot get image: " + uri, e));
-			return NanoHTTPD.newFixedLengthResponse(Status.INTERNAL_ERROR,
-					NanoHTTPD.MIME_PLAINTEXT, "Error when processing request");
+		String type = uriParts[off + 0];
+		String id = uriParts[off + 1];
+
+		if ("source".equals(type)) {
+			sourceCover(id, login, luid);
+		} else if ("author".equals(type)) {
+			authorCover(id, login, luid);
+		} else {
+			return NanoHTTPD.newFixedLengthResponse(Status.BAD_REQUEST,
+					NanoHTTPD.MIME_PLAINTEXT,
+					"Invalid SET cover type: " + type);
 		}
+
+		return newInputStreamResponse(NanoHTTPD.MIME_PLAINTEXT, null);
 	}
 
-	private Response newInputStreamResponse(String mimeType, InputStream in) {
-		if (in == null) {
-			return NanoHTTPD.newFixedLengthResponse(Status.NO_CONTENT, "",
-					null);
+	@Override
+	protected Response imprt(String uri, String urlStr, WLoginResult login)
+			throws IOException {
+		final BasicLibrary lib = Instance.getInstance().getLibrary();
+
+		if (!login.isRw()) {
+			return NanoHTTPD.newFixedLengthResponse(Status.FORBIDDEN,
+					NanoHTTPD.MIME_PLAINTEXT, "Import not allowed");
 		}
-		return NanoHTTPD.newChunkedResponse(Status.OK, mimeType, in);
-	}
 
-	private String getContentOf(String file) {
-		InputStream in = IOUtils.openResource(WebLibraryServerIndex.class,
-				file);
-		if (in != null) {
-			try {
-				return IOUtils.readSmallStream(in);
-			} catch (IOException e) {
-				Instance.getInstance().getTraceHandler().error(
-						new IOException("Cannot get file: index.pre.html", e));
-			}
+		if (exiting) {
+			return NanoHTTPD.newFixedLengthResponse(Status.SERVICE_UNAVAILABLE,
+					NanoHTTPD.MIME_PLAINTEXT, "Server is exiting...");
 		}
 
-		return "";
-	}
+		final URL url = new URL(urlStr);
+		final Progress pg = new Progress();
+		final String luid = lib.getNextId();
 
-	private String getViewUrl(String luid, int chap, Integer para) {
-		return VIEWER_URL //
-				.replace("{luid}", luid) //
-				.replace("{chap}", Integer.toString(chap)) //
-				.replace("/{para}",
-						para == null ? "" : "/" + Integer.toString(para));
-	}
+		synchronized (imprts) {
+			imprts.put(luid, pg);
+		}
 
-	private String getStoryUrl(String luid, int chap, Integer para) {
-		return STORY_URL //
-				.replace("{luid}", luid) //
-				.replace("{chap}", Integer.toString(chap)) //
-				.replace("{para}", para == null ? "" : Integer.toString(para));
+		new Thread(new Runnable() {
+			@Override
+			public void run() {
+				try {
+					lib.imprt(url, luid, pg);
+				} catch (IOException e) {
+					Instance.getInstance().getTraceHandler().error(e);
+				} finally {
+					synchronized (imprts) {
+						imprts.remove(luid);
+					}
+				}
+			}
+		}, "Import story: " + urlStr).start();
+
+		return NanoHTTPD.newFixedLengthResponse(Status.OK,
+				NanoHTTPD.MIME_PLAINTEXT, luid);
 	}
 
-	private String getStoryUrlCover(String luid) {
-		return STORY_URL_COVER //
-				.replace("{luid}", luid);
+	@Override
+	protected Response imprtProgress(String uri, WLoginResult login) {
+		String[] uriParts = uri.split("/");
+		int off = 2; // "" and "import"
+
+		if (uriParts.length < off + 1) {
+			return NanoHTTPD.newFixedLengthResponse(Status.BAD_REQUEST,
+					NanoHTTPD.MIME_PLAINTEXT, "Invalid cover request");
+		}
+
+		String luid = uriParts[off + 0];
+
+		Progress pg = null;
+		synchronized (imprts) {
+			pg = imprts.get(luid);
+		}
+		if (pg != null) {
+			return NanoHTTPD.newFixedLengthResponse(Status.OK,
+					"application/json", JsonIO.toJson(pg).toString());
+		}
+
+		return newInputStreamResponse(NanoHTTPD.MIME_PLAINTEXT, null);
 	}
 
-	private MetaData meta(String luid, List<String> whitelist)
+	@Override
+	protected Response delete(String uri, WLoginResult login)
 			throws IOException {
-		BasicLibrary lib = Instance.getInstance().getLibrary();
-		MetaData meta = lib.getInfo(luid);
-		if (!whitelist.isEmpty() && !whitelist.contains(meta.getSource())) {
-			return null;
+		String[] uriParts = uri.split("/");
+		int off = 2; // "" and "delete"
+
+		if (uriParts.length < off + 1) {
+			return NanoHTTPD.newFixedLengthResponse(Status.BAD_REQUEST,
+					NanoHTTPD.MIME_PLAINTEXT, "Invalid delete request");
 		}
 
-		return meta;
+		if (!login.isRw()) {
+			return NanoHTTPD.newFixedLengthResponse(Status.FORBIDDEN,
+					NanoHTTPD.MIME_PLAINTEXT, "Delete not allowed");
+		}
+
+		if (exiting) {
+			return NanoHTTPD.newFixedLengthResponse(Status.SERVICE_UNAVAILABLE,
+					NanoHTTPD.MIME_PLAINTEXT, "Server is exiting...");
+		}
+
+		String luid = uriParts[off + 0];
+
+		BasicLibrary lib = Instance.getInstance().getLibrary();
+		lib.delete(luid);
+
+		return newInputStreamResponse(NanoHTTPD.MIME_PLAINTEXT, null);
 	}
 
-	private Image getCover(String luid, List<String> whitelist)
-			throws IOException {
-		MetaData meta = meta(luid, whitelist);
-		if (meta != null) {
-			BasicLibrary lib = Instance.getInstance().getLibrary();
-			return lib.getCover(meta.getLuid());
+	@Override
+	protected List<MetaData> metas(WLoginResult login) throws IOException {
+		BasicLibrary lib = Instance.getInstance().getLibrary();
+		List<MetaData> metas = new ArrayList<MetaData>();
+		for (MetaData meta : lib.getList().getMetas()) {
+			if (isAllowed(meta, login)) {
+				metas.add(meta);
+			}
 		}
 
-		return null;
+		return metas;
 	}
 
 	// NULL if not whitelist OK or if not found
-	private Story story(String luid, List<String> whitelist)
-			throws IOException {
+	@Override
+	protected Story story(String luid, WLoginResult login) throws IOException {
 		synchronized (storyCache) {
 			if (storyCache.containsKey(luid)) {
 				Story story = storyCache.get(luid);
-				if (!whitelist.isEmpty()
-						&& !whitelist.contains(story.getMeta().getSource())) {
+				if (!isAllowed(story.getMeta(), login))
 					return null;
-				}
 
 				return story;
 			}
 		}
 
 		Story story = null;
-		MetaData meta = meta(luid, whitelist);
+		MetaData meta = meta(luid, login);
 		if (meta != null) {
 			BasicLibrary lib = Instance.getInstance().getLibrary();
 			story = lib.getStory(luid, null);
@@ -1145,94 +609,112 @@ public class WebLibraryServer implements Runnable {
 		return story;
 	}
 
-	private long sizeOf(Story story) {
-		long size = 0;
-		for (Chapter chap : story) {
-			for (Paragraph para : chap) {
-				if (para.getType() == ParagraphType.IMAGE) {
-					size += para.getContentImage().getSize();
-				} else {
-					size += para.getContent().length();
-				}
-			}
-		}
+	private MetaData meta(String luid, WLoginResult login) throws IOException {
+		BasicLibrary lib = Instance.getInstance().getLibrary();
+		MetaData meta = lib.getInfo(luid);
+		if (!isAllowed(meta, login))
+			return null;
 
-		return size;
+		return meta;
 	}
 
-	private void appendPreHtml(StringBuilder builder, boolean banner) {
-		String favicon = "favicon.ico";
-		String icon = Instance.getInstance().getUiConfig()
-				.getString(UiConfig.PROGRAM_ICON);
-		if (icon != null) {
-			favicon = "icon_" + icon.replace("-", "_") + ".png";
+	private Image storyCover(String luid, WLoginResult login)
+			throws IOException {
+		MetaData meta = meta(luid, login);
+		if (meta != null) {
+			BasicLibrary lib = Instance.getInstance().getLibrary();
+			return lib.getCover(meta.getLuid());
 		}
 
-		builder.append(
-				getContentOf("index.pre.html").replace("favicon.ico", favicon));
-
-		if (banner) {
-			builder.append("<div class='banner'>\n");
-			builder.append("\t<img class='ico' src='/") //
-					.append(favicon) //
-					.append("'/>\n");
-			builder.append("\t<h1>Fanfix</h1>\n");
-			builder.append("\t<h2>") //
-					.append(Version.getCurrentVersion()) //
-					.append("</h2>\n");
-			builder.append("</div>\n");
-		}
+		return null;
 	}
 
-	private void appendPostHtml(StringBuilder builder) {
-		builder.append(getContentOf("index.post.html"));
-	}
+	private Image authorCover(String author, WLoginResult login)
+			throws IOException {
+		Image img = null;
 
-	private void appendOption(StringBuilder builder, int depth, String name,
-			String value, String selected) {
-		for (int i = 0; i < depth; i++) {
-			builder.append("\t");
+		List<MetaData> metas = new MetaResultList(metas(login)).filter(null,
+				author, null);
+		if (metas.size() > 0) {
+			BasicLibrary lib = Instance.getInstance().getLibrary();
+			img = lib.getCustomAuthorCover(author);
+			if (img == null)
+				img = lib.getCover(metas.get(0).getLuid());
 		}
-		builder.append("<option value='").append(value).append("'");
-		if (value.equals(selected)) {
-			builder.append(" selected='selected'");
+
+		return img;
+
+	}
+
+	private void authorCover(String author, WLoginResult login, String luid)
+			throws IOException {
+		if (meta(luid, login) != null) {
+			List<MetaData> metas = new MetaResultList(metas(login)).filter(null,
+					author, null);
+			if (metas.size() > 0) {
+				BasicLibrary lib = Instance.getInstance().getLibrary();
+				lib.setAuthorCover(author, luid);
+			}
 		}
-		builder.append(">").append(name).append("</option>\n");
 	}
 
-	private void appendTableRow(StringBuilder builder, int depth,
-			String... tds) {
-		for (int i = 0; i < depth; i++) {
-			builder.append("\t");
+	private Image sourceCover(String source, WLoginResult login)
+			throws IOException {
+		Image img = null;
+
+		List<MetaData> metas = new MetaResultList(metas(login)).filter(source,
+				null, null);
+		if (metas.size() > 0) {
+			BasicLibrary lib = Instance.getInstance().getLibrary();
+			img = lib.getCustomSourceCover(source);
+			if (img == null)
+				img = lib.getCover(metas.get(0).getLuid());
 		}
 
-		int col = 1;
-		builder.append("<tr>");
-		for (String td : tds) {
-			builder.append("<td class='col");
-			builder.append(col++);
-			builder.append("'>");
-			builder.append(td);
-			builder.append("</td>");
+		return img;
+	}
+
+	private void sourceCover(String source, WLoginResult login, String luid)
+			throws IOException {
+		if (meta(luid, login) != null) {
+			List<MetaData> metas = new MetaResultList(metas(login))
+					.filter(source, null, null);
+			if (metas.size() > 0) {
+				BasicLibrary lib = Instance.getInstance().getLibrary();
+				lib.setSourceCover(source, luid);
+			}
 		}
-		builder.append("</tr>\n");
 	}
 
-	private void appendItemA(StringBuilder builder, int depth, String link,
-			String name, boolean selected) {
-		for (int i = 0; i < depth; i++) {
-			builder.append("\t");
+	private boolean isAllowed(MetaData meta, WLoginResult login) {
+		MetaResultList one = new MetaResultList(Arrays.asList(meta));
+		if (login.isWl() && !whitelist.isEmpty()) {
+			if (one.filter(whitelist, null, null).isEmpty()) {
+				return false;
+			}
+		}
+		if (login.isBl() && !blacklist.isEmpty()) {
+			if (!one.filter(blacklist, null, null).isEmpty()) {
+				return false;
+			}
 		}
 
-		builder.append("<a href='");
-		builder.append(link);
-		builder.append("' class='item goto");
-		if (selected) {
-			builder.append(" selected");
+		return true;
+	}
+
+	private long sizeOf(Story story) {
+		long size = 0;
+		for (Chapter chap : story) {
+			for (Paragraph para : chap) {
+				if (para.getType() == ParagraphType.IMAGE) {
+					size += para.getContentImage().getSize();
+				} else {
+					size += para.getContent().length();
+				}
+			}
 		}
-		builder.append("'>");
-		builder.append(name);
-		builder.append("</a>\n");
+
+		return size;
 	}
 
 	public static void main(String[] args) throws IOException {
