check for doubles

uploader.py

@@ -183,7 +183,15 @@ def fetch_all_books(cfg: CalibreConfig) -> list[dict]:
         if not rows or len(all_books) >= total:
             break
         start += len(rows)
-    return all_books
+    # Deduplicate by ID in case of page-boundary overlap in the API response
+    seen: set[int] = set()
+    unique: list[dict] = []
+    for b in all_books:
+        bid = b.get("id")
+        if bid is None or bid not in seen:
+            seen.add(bid)
+            unique.append(b)
+    return unique
 
 
 def delete_book(cfg: CalibreConfig, book_id: int, client: "CalibreClient | None" = None) -> tuple[bool, str]:
@@ -200,6 +208,7 @@ def delete_book(cfg: CalibreConfig, book_id: int, client: "CalibreClient | None"
             client._upload_csrf = csrf
         except Exception:
             pass
+    for attempt in range(2):
         resp = client._session.post(
             f"{cfg.url}/delete/{book_id}",
             data={"csrf_token": csrf} if csrf else {},
@@ -207,7 +216,16 @@ def delete_book(cfg: CalibreConfig, book_id: int, client: "CalibreClient | None"
         )
         if resp.ok:
             return True, "Deleted"
+        if resp.status_code == 400 and attempt == 0:
+            # CSRF token likely expired; re-authenticate and retry once
+            log.info("delete_book: 400 on book %d — refreshing CSRF and retrying", book_id)
+            client._authenticated = False
+            client._upload_csrf = None
+            client._ensure_auth()
+            csrf = client._upload_csrf
+            continue
         return False, f"HTTP {resp.status_code}"
+    return False, "HTTP 400 after re-auth retry"
 
 
 def find_duplicate_groups(books: list[dict]) -> list[list[dict]]: