diff --git a/src/main/java/me/kavin/piped/Main.java b/src/main/java/me/kavin/piped/Main.java index 602e315..33471cc 100644 --- a/src/main/java/me/kavin/piped/Main.java +++ b/src/main/java/me/kavin/piped/Main.java @@ -12,7 +12,6 @@ import me.kavin.piped.utils.obj.db.PlaylistVideo; import me.kavin.piped.utils.obj.db.PubSub; import me.kavin.piped.utils.obj.db.Video; import okhttp3.OkHttpClient; -import org.apache.commons.lang3.StringUtils; import org.hibernate.Session; import org.hibernate.StatelessSession; import org.schabi.newpipe.extractor.NewPipe; @@ -123,9 +122,8 @@ public class Main { .setParameter("unauthSubbed", System.currentTimeMillis() - TimeUnit.DAYS.toMillis(Constants.SUBSCRIPTIONS_EXPIRY)) .getResultStream() .parallel() + .filter(ChannelHelpers::isValidId) .forEach(id -> Multithreading.runAsyncLimitedPubSub(() -> { - if (StringUtils.isBlank(id) || !id.matches("UC[A-Za-z\\d_-]{22}")) - return; try (StatelessSession sess = DatabaseSessionFactory.createStatelessSession()) { var pubsub = new PubSub(id, -1); var tr = sess.beginTransaction(); diff --git a/src/main/java/me/kavin/piped/server/handlers/auth/FeedHandlers.java b/src/main/java/me/kavin/piped/server/handlers/auth/FeedHandlers.java index 7079c98..367069b 100644 --- a/src/main/java/me/kavin/piped/server/handlers/auth/FeedHandlers.java +++ b/src/main/java/me/kavin/piped/server/handlers/auth/FeedHandlers.java @@ -8,10 +8,7 @@ import jakarta.persistence.criteria.CriteriaBuilder; import jakarta.persistence.criteria.CriteriaQuery; import jakarta.persistence.criteria.JoinType; import me.kavin.piped.consts.Constants; -import me.kavin.piped.utils.DatabaseHelper; -import me.kavin.piped.utils.DatabaseSessionFactory; -import me.kavin.piped.utils.ExceptionHandler; -import me.kavin.piped.utils.Multithreading; +import me.kavin.piped.utils.*; import me.kavin.piped.utils.obj.StreamItem; import me.kavin.piped.utils.obj.SubscriptionChannel; import me.kavin.piped.utils.obj.db.Channel; @@ -42,6 +39,9 @@ public class FeedHandlers { if (StringUtils.isBlank(session) || StringUtils.isBlank(channelId)) ExceptionHandler.throwErrorResponse(new InvalidRequestResponse("session and channelId are required parameters")); + if (!ChannelHelpers.isValidId(channelId)) + ExceptionHandler.throwErrorResponse(new InvalidRequestResponse("channelId is not a valid YouTube channel ID")); + try (Session s = DatabaseSessionFactory.createSession()) { User user = DatabaseHelper.getUserFromSessionWithSubscribed(session); @@ -208,8 +208,7 @@ public class FeedHandlers { public static byte[] unauthenticatedFeedResponse(String[] channelIds) throws Exception { Set filtered = Arrays.stream(channelIds) - .filter(StringUtils::isNotBlank) - .filter(id -> id.matches("[A-Za-z\\d_-]+")) + .filter(ChannelHelpers::isValidId) .collect(Collectors.toUnmodifiableSet()); if (filtered.isEmpty()) @@ -250,8 +249,7 @@ public class FeedHandlers { public static byte[] unauthenticatedFeedResponseRSS(String[] channelIds) throws Exception { Set filtered = Arrays.stream(channelIds) - .filter(StringUtils::isNotBlank) - .filter(id -> id.matches("[A-Za-z\\d_-]+")) + .filter(ChannelHelpers::isValidId) .collect(Collectors.toUnmodifiableSet()); if (filtered.isEmpty()) @@ -469,8 +467,7 @@ public class FeedHandlers { throws IOException { Set filtered = Arrays.stream(channelIds) - .filter(StringUtils::isNotBlank) - .filter(id -> id.matches("[A-Za-z\\d_-]+")) + .filter(ChannelHelpers::isValidId) .collect(Collectors.toUnmodifiableSet()); if (filtered.isEmpty()) diff --git a/src/main/java/me/kavin/piped/utils/ChannelHelpers.java b/src/main/java/me/kavin/piped/utils/ChannelHelpers.java index b70569a..a8cbbb3 100644 --- a/src/main/java/me/kavin/piped/utils/ChannelHelpers.java +++ b/src/main/java/me/kavin/piped/utils/ChannelHelpers.java @@ -3,6 +3,7 @@ package me.kavin.piped.utils; import me.kavin.piped.consts.Constants; import me.kavin.piped.utils.obj.db.Channel; import okhttp3.Request; +import org.apache.commons.lang3.StringUtils; import org.hibernate.StatelessSession; import java.io.IOException; @@ -11,6 +12,10 @@ import java.net.URL; public class ChannelHelpers { + public static boolean isValidId(String id) { + return !StringUtils.isBlank(id) && id.matches("UC[a-zA-Z\\d_-]{22}"); + } + public static void updateChannel(StatelessSession s, Channel channel, String name, String avatarUrl, boolean uploaderVerified) { boolean changed = false; diff --git a/src/main/java/me/kavin/piped/utils/DatabaseHelper.java b/src/main/java/me/kavin/piped/utils/DatabaseHelper.java index 71cdaf5..9a6dead 100644 --- a/src/main/java/me/kavin/piped/utils/DatabaseHelper.java +++ b/src/main/java/me/kavin/piped/utils/DatabaseHelper.java @@ -175,7 +175,7 @@ public class DatabaseHelper { public static Channel saveChannel(String channelId) { - if (!channelId.matches("[A-Za-z\\d_-]+")) + if (!ChannelHelpers.isValidId(channelId)) return null; diff --git a/src/main/java/me/kavin/piped/utils/PubSubHelper.java b/src/main/java/me/kavin/piped/utils/PubSubHelper.java index 66bf178..b1eb282 100644 --- a/src/main/java/me/kavin/piped/utils/PubSubHelper.java +++ b/src/main/java/me/kavin/piped/utils/PubSubHelper.java @@ -13,6 +13,9 @@ import java.util.concurrent.TimeUnit; public class PubSubHelper { public static void subscribePubSub(String channelId) throws IOException { + if (!ChannelHelpers.isValidId(channelId)) + return; + PubSub pubsub = DatabaseHelper.getPubSubFromId(channelId); if (pubsub == null || System.currentTimeMillis() - pubsub.getSubbedAt() > TimeUnit.DAYS.toMillis(4)) { diff --git a/src/main/java/me/kavin/piped/utils/matrix/SyncRunner.java b/src/main/java/me/kavin/piped/utils/matrix/SyncRunner.java index e4cf8ba..58377a2 100644 --- a/src/main/java/me/kavin/piped/utils/matrix/SyncRunner.java +++ b/src/main/java/me/kavin/piped/utils/matrix/SyncRunner.java @@ -148,11 +148,13 @@ public class SyncRunner implements Runnable { } catch (Exception ignored) { } }); + continue; } } case "video.piped.stream.bypass.response" -> { FederatedGeoBypassResponse bypassResponse = mapper.treeToValue(content, FederatedGeoBypassResponse.class); GeoRestrictionBypassHelper.addResponse(bypassResponse); + continue; } } }