Fix referers

This commit is contained in:
Omar Roth 2018-08-17 10:19:20 -05:00
parent 71aa4d0347
commit 3ba2a7d921
6 changed files with 47 additions and 18 deletions

View file

@ -131,6 +131,19 @@ before_all do |env|
end end
end end
end end
current_page = env.request.path
if env.request.query
query = HTTP::Params.parse(env.request.query.not_nil!)
if query["referer"]?
query["referer"] = get_referer(env, "/")
end
current_page += "?#{query}"
end
env.set "current_page", URI.escape(current_page)
end end
get "/" do |env| get "/" do |env|
@ -411,8 +424,7 @@ end
# See https://github.com/rg3/youtube-dl/blob/master/youtube_dl/extractor/youtube.py#L79 # See https://github.com/rg3/youtube-dl/blob/master/youtube_dl/extractor/youtube.py#L79
post "/login" do |env| post "/login" do |env|
referer = env.params.query["referer"]? referer = get_referer(env, "/feed/subscriptions")
referer ||= get_referer(env, "/feed/subscriptions")
email = env.params.body["email"]? email = env.params.body["email"]?
password = env.params.body["password"]? password = env.params.body["password"]?
@ -506,7 +518,7 @@ post "/login" do |env|
end end
if !tfa_code if !tfa_code
next env.redirect "/login?tfa=true&type=google" next env.redirect "/login?tfa=true&type=google&referer=#{URI.escape(referer)}"
end end
tl = challenge_results[1][2] tl = challenge_results[1][2]
@ -677,7 +689,7 @@ get "/signout" do |env|
end end
env.request.cookies.add_response_headers(env.response.headers) env.request.cookies.add_response_headers(env.response.headers)
env.redirect referer env.redirect URI.unescape(referer)
end end
get "/preferences" do |env| get "/preferences" do |env|

View file

@ -150,10 +150,27 @@ def make_host_url(ssl, host)
end end
def get_referer(env, fallback = "/") def get_referer(env, fallback = "/")
referer = env.request.headers["referer"]? referer = env.params.query["referer"]?
referer ||= env.request.headers["referer"]?
referer ||= fallback referer ||= fallback
referer = URI.parse(referer).full_path referer = URI.parse(referer)
# "Unroll" nested referers
loop do
if referer.query
params = HTTP::Params.parse(referer.query.not_nil!)
if params["referer"]?
referer = URI.parse(URI.unescape(params["referer"]))
else
break
end
else
break
end
end
referer = referer.full_path
if referer == env.request.path if referer == env.request.path
referer = fallback referer = fallback

View file

@ -16,16 +16,16 @@
<p class="h-box"> <p class="h-box">
<% if user %> <% if user %>
<% if subscriptions.includes? ucid %> <% if subscriptions.includes? ucid %>
<a href="/subscription_ajax?action_remove_subscriptions=1&c=<%= ucid %>"> <a href="/subscription_ajax?action_remove_subscriptions=1&c=<%= ucid %>&referer=<%= env.get("current_page") %>">
<b>Unsubscribe from <%= author %></b> <b>Unsubscribe from <%= author %></b>
</a> </a>
<% else %> <% else %>
<a href="/subscription_ajax?action_create_subscription_to_channel=1&c=<%= ucid %>"> <a href="/subscription_ajax?action_create_subscription_to_channel=1&c=<%= ucid %>&referer=<%= env.get("current_page") %>">
<b>Subscribe to <%= author %></b> <b>Subscribe to <%= author %></b>
</a> </a>
<% end %> <% end %>
<% else %> <% else %>
<a href="/login"> <a href="/login?referer=<%= env.get("current_page") %>">
<b>Login to subscribe to <%= author %></b> <b>Login to subscribe to <%= author %></b>
</a> </a>
<% end %> <% end %>

View file

@ -16,7 +16,7 @@
</div> </div>
<hr> <hr>
<% if account_type == "invidious" %> <% if account_type == "invidious" %>
<form class="pure-form pure-form-stacked" action="/login?referer=<%= referer %>&type=invidious" method="post"> <form class="pure-form pure-form-stacked" action="/login?referer=<%= URI.escape(referer) %>&type=invidious" method="post">
<fieldset> <fieldset>
<label for="email">User ID:</label> <label for="email">User ID:</label>
<input required class="pure-input-1" name="email" type="text" placeholder="User ID"> <input required class="pure-input-1" name="email" type="text" placeholder="User ID">
@ -34,7 +34,7 @@
</fieldset> </fieldset>
</form> </form>
<% elsif account_type == "google" %> <% elsif account_type == "google" %>
<form class="pure-form pure-form-stacked" action="/login?referer=<%= referer %>" method="post"> <form class="pure-form pure-form-stacked" action="/login?referer=<%= URI.escape(referer) %>" method="post">
<fieldset> <fieldset>
<label for="email">Email:</label> <label for="email">Email:</label>
<input required class="pure-input-1" name="email" type="email" placeholder="Email"> <input required class="pure-input-1" name="email" type="email" placeholder="Email">

View file

@ -34,7 +34,7 @@
<div class="pure-u-1 pure-u-md-8-24 user-field"> <div class="pure-u-1 pure-u-md-8-24 user-field">
<% if env.get? "user" %> <% if env.get? "user" %>
<div class="pure-u-1-4"> <div class="pure-u-1-4">
<a href="/toggle_theme" class="pure-menu-heading"> <a href="/toggle_theme?referer=<%= env.get("current_page") %>" class="pure-menu-heading">
<% preferences = env.get("user").as(User).preferences %> <% preferences = env.get("user").as(User).preferences %>
<% if preferences.dark_mode %> <% if preferences.dark_mode %>
<i class="icon ion-ios-sunny"></i> <i class="icon ion-ios-sunny"></i>
@ -54,15 +54,15 @@
</a> </a>
</div> </div>
<div class="pure-u-1-4"> <div class="pure-u-1-4">
<a href="/preferences" class="pure-menu-heading"> <a href="/preferences?referer=<%= env.get("current_page") %>" class="pure-menu-heading">
<i class="icon ion-ios-cog"></i> <i class="icon ion-ios-cog"></i>
</a> </a>
</div> </div>
<div class="pure-u-1-4"> <div class="pure-u-1-4">
<a href="/signout" class="pure-menu-heading">Sign out</a> <a href="/signout?referer=<%= env.get("current_page") %>" class="pure-menu-heading">Sign out</a>
</div> </div>
<% else %> <% else %>
<a href="/login" class="pure-menu-heading">Login</a> <a href="/login?referer=<%= env.get("current_page") %>" class="pure-menu-heading">Login</a>
<% end %> <% end %>
</div> </div>
</div> </div>

View file

@ -232,20 +232,20 @@ get_youtube_comments();
<% if user %> <% if user %>
<% if subscriptions.includes? video.ucid %> <% if subscriptions.includes? video.ucid %>
<p> <p>
<a href="/subscription_ajax?action_remove_subscriptions=1&c=<%= video.ucid %>"> <a href="/subscription_ajax?action_remove_subscriptions=1&c=<%= video.ucid %>&referer=<%= env.get("current_page") %>">
<b>Unsubscribe from <%= video.author %></b> <b>Unsubscribe from <%= video.author %></b>
</a> </a>
</p> </p>
<% else %> <% else %>
<p> <p>
<a href="/subscription_ajax?action_create_subscription_to_channel=1&c=<%= video.ucid %>"> <a href="/subscription_ajax?action_create_subscription_to_channel=1&c=<%= video.ucid %>&referer=<%= env.get("current_page") %>">
<b>Subscribe to <%= video.author %></b> <b>Subscribe to <%= video.author %></b>
</a> </a>
</p> </p>
<% end %> <% end %>
<% else %> <% else %>
<p> <p>
<a href="/login"> <a href="/login?referer=<%= env.get("current_page") %>">
<b>Login to subscribe to <%= video.author %></b> <b>Login to subscribe to <%= video.author %></b>
</a> </a>
</p> </p>