mirror of
https://gitea.invidious.io/iv-org/invidious-copy-2022-04-11.git
synced 2024-08-15 00:43:26 +00:00
Merge pull request #2871 from SamantazFox/user-code-cleaning
User code cleaning & fixing
This commit is contained in:
commit
85ba04b715
24 changed files with 802 additions and 665 deletions
|
@ -25,9 +25,9 @@ def csv_sample
|
||||||
CSV
|
CSV
|
||||||
end
|
end
|
||||||
|
|
||||||
Spectator.describe "Invidious::User::Imports" do
|
Spectator.describe Invidious::User::Import do
|
||||||
it "imports CSV" do
|
it "imports CSV" do
|
||||||
subscriptions = parse_subscription_export_csv(csv_sample)
|
subscriptions = Invidious::User::Import.parse_subscription_export_csv(csv_sample)
|
||||||
|
|
||||||
expect(subscriptions).to be_an(Array(String))
|
expect(subscriptions).to be_an(Array(String))
|
||||||
expect(subscriptions.size).to eq(13)
|
expect(subscriptions.size).to eq(13)
|
||||||
|
|
333
src/invidious.cr
333
src/invidious.cr
|
@ -43,7 +43,6 @@ ARCHIVE_URL = URI.parse("https://archive.org")
|
||||||
LOGIN_URL = URI.parse("https://accounts.google.com")
|
LOGIN_URL = URI.parse("https://accounts.google.com")
|
||||||
PUBSUB_URL = URI.parse("https://pubsubhubbub.appspot.com")
|
PUBSUB_URL = URI.parse("https://pubsubhubbub.appspot.com")
|
||||||
REDDIT_URL = URI.parse("https://www.reddit.com")
|
REDDIT_URL = URI.parse("https://www.reddit.com")
|
||||||
TEXTCAPTCHA_URL = URI.parse("https://textcaptcha.com")
|
|
||||||
YT_URL = URI.parse("https://www.youtube.com")
|
YT_URL = URI.parse("https://www.youtube.com")
|
||||||
HOST_URL = make_host_url(Kemal.config)
|
HOST_URL = make_host_url(Kemal.config)
|
||||||
|
|
||||||
|
@ -366,15 +365,8 @@ end
|
||||||
Invidious::Routing.get "/results", Invidious::Routes::Search, :results
|
Invidious::Routing.get "/results", Invidious::Routes::Search, :results
|
||||||
Invidious::Routing.get "/search", Invidious::Routes::Search, :search
|
Invidious::Routing.get "/search", Invidious::Routes::Search, :search
|
||||||
|
|
||||||
Invidious::Routing.get "/login", Invidious::Routes::Login, :login_page
|
# User routes
|
||||||
Invidious::Routing.post "/login", Invidious::Routes::Login, :login
|
define_user_routes()
|
||||||
Invidious::Routing.post "/signout", Invidious::Routes::Login, :signout
|
|
||||||
|
|
||||||
Invidious::Routing.get "/preferences", Invidious::Routes::PreferencesRoute, :show
|
|
||||||
Invidious::Routing.post "/preferences", Invidious::Routes::PreferencesRoute, :update
|
|
||||||
Invidious::Routing.get "/toggle_theme", Invidious::Routes::PreferencesRoute, :toggle_theme
|
|
||||||
Invidious::Routing.get "/data_control", Invidious::Routes::PreferencesRoute, :data_control
|
|
||||||
Invidious::Routing.post "/data_control", Invidious::Routes::PreferencesRoute, :update_data_control
|
|
||||||
|
|
||||||
# Feeds
|
# Feeds
|
||||||
Invidious::Routing.get "/view_all_playlists", Invidious::Routes::Feeds, :view_all_playlists_redirect
|
Invidious::Routing.get "/view_all_playlists", Invidious::Routes::Feeds, :view_all_playlists_redirect
|
||||||
|
@ -414,325 +406,6 @@ define_v1_api_routes()
|
||||||
define_api_manifest_routes()
|
define_api_manifest_routes()
|
||||||
define_video_playback_routes()
|
define_video_playback_routes()
|
||||||
|
|
||||||
get "/change_password" do |env|
|
|
||||||
locale = env.get("preferences").as(Preferences).locale
|
|
||||||
|
|
||||||
user = env.get? "user"
|
|
||||||
sid = env.get? "sid"
|
|
||||||
referer = get_referer(env)
|
|
||||||
|
|
||||||
if !user
|
|
||||||
next env.redirect referer
|
|
||||||
end
|
|
||||||
|
|
||||||
user = user.as(User)
|
|
||||||
sid = sid.as(String)
|
|
||||||
csrf_token = generate_response(sid, {":change_password"}, HMAC_KEY)
|
|
||||||
|
|
||||||
templated "change_password"
|
|
||||||
end
|
|
||||||
|
|
||||||
post "/change_password" do |env|
|
|
||||||
locale = env.get("preferences").as(Preferences).locale
|
|
||||||
|
|
||||||
user = env.get? "user"
|
|
||||||
sid = env.get? "sid"
|
|
||||||
referer = get_referer(env)
|
|
||||||
|
|
||||||
if !user
|
|
||||||
next env.redirect referer
|
|
||||||
end
|
|
||||||
|
|
||||||
user = user.as(User)
|
|
||||||
sid = sid.as(String)
|
|
||||||
token = env.params.body["csrf_token"]?
|
|
||||||
|
|
||||||
# We don't store passwords for Google accounts
|
|
||||||
if !user.password
|
|
||||||
next error_template(400, "Cannot change password for Google accounts")
|
|
||||||
end
|
|
||||||
|
|
||||||
begin
|
|
||||||
validate_request(token, sid, env.request, HMAC_KEY, locale)
|
|
||||||
rescue ex
|
|
||||||
next error_template(400, ex)
|
|
||||||
end
|
|
||||||
|
|
||||||
password = env.params.body["password"]?
|
|
||||||
if !password
|
|
||||||
next error_template(401, "Password is a required field")
|
|
||||||
end
|
|
||||||
|
|
||||||
new_passwords = env.params.body.select { |k, v| k.match(/^new_password\[\d+\]$/) }.map { |k, v| v }
|
|
||||||
|
|
||||||
if new_passwords.size <= 1 || new_passwords.uniq.size != 1
|
|
||||||
next error_template(400, "New passwords must match")
|
|
||||||
end
|
|
||||||
|
|
||||||
new_password = new_passwords.uniq[0]
|
|
||||||
if new_password.empty?
|
|
||||||
next error_template(401, "Password cannot be empty")
|
|
||||||
end
|
|
||||||
|
|
||||||
if new_password.bytesize > 55
|
|
||||||
next error_template(400, "Password cannot be longer than 55 characters")
|
|
||||||
end
|
|
||||||
|
|
||||||
if !Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55))
|
|
||||||
next error_template(401, "Incorrect password")
|
|
||||||
end
|
|
||||||
|
|
||||||
new_password = Crypto::Bcrypt::Password.create(new_password, cost: 10)
|
|
||||||
Invidious::Database::Users.update_password(user, new_password.to_s)
|
|
||||||
|
|
||||||
env.redirect referer
|
|
||||||
end
|
|
||||||
|
|
||||||
get "/delete_account" do |env|
|
|
||||||
locale = env.get("preferences").as(Preferences).locale
|
|
||||||
|
|
||||||
user = env.get? "user"
|
|
||||||
sid = env.get? "sid"
|
|
||||||
referer = get_referer(env)
|
|
||||||
|
|
||||||
if !user
|
|
||||||
next env.redirect referer
|
|
||||||
end
|
|
||||||
|
|
||||||
user = user.as(User)
|
|
||||||
sid = sid.as(String)
|
|
||||||
csrf_token = generate_response(sid, {":delete_account"}, HMAC_KEY)
|
|
||||||
|
|
||||||
templated "delete_account"
|
|
||||||
end
|
|
||||||
|
|
||||||
post "/delete_account" do |env|
|
|
||||||
locale = env.get("preferences").as(Preferences).locale
|
|
||||||
|
|
||||||
user = env.get? "user"
|
|
||||||
sid = env.get? "sid"
|
|
||||||
referer = get_referer(env)
|
|
||||||
|
|
||||||
if !user
|
|
||||||
next env.redirect referer
|
|
||||||
end
|
|
||||||
|
|
||||||
user = user.as(User)
|
|
||||||
sid = sid.as(String)
|
|
||||||
token = env.params.body["csrf_token"]?
|
|
||||||
|
|
||||||
begin
|
|
||||||
validate_request(token, sid, env.request, HMAC_KEY, locale)
|
|
||||||
rescue ex
|
|
||||||
next error_template(400, ex)
|
|
||||||
end
|
|
||||||
|
|
||||||
view_name = "subscriptions_#{sha256(user.email)}"
|
|
||||||
Invidious::Database::Users.delete(user)
|
|
||||||
Invidious::Database::SessionIDs.delete(email: user.email)
|
|
||||||
PG_DB.exec("DROP MATERIALIZED VIEW #{view_name}")
|
|
||||||
|
|
||||||
env.request.cookies.each do |cookie|
|
|
||||||
cookie.expires = Time.utc(1990, 1, 1)
|
|
||||||
env.response.cookies << cookie
|
|
||||||
end
|
|
||||||
|
|
||||||
env.redirect referer
|
|
||||||
end
|
|
||||||
|
|
||||||
get "/clear_watch_history" do |env|
|
|
||||||
locale = env.get("preferences").as(Preferences).locale
|
|
||||||
|
|
||||||
user = env.get? "user"
|
|
||||||
sid = env.get? "sid"
|
|
||||||
referer = get_referer(env)
|
|
||||||
|
|
||||||
if !user
|
|
||||||
next env.redirect referer
|
|
||||||
end
|
|
||||||
|
|
||||||
user = user.as(User)
|
|
||||||
sid = sid.as(String)
|
|
||||||
csrf_token = generate_response(sid, {":clear_watch_history"}, HMAC_KEY)
|
|
||||||
|
|
||||||
templated "clear_watch_history"
|
|
||||||
end
|
|
||||||
|
|
||||||
post "/clear_watch_history" do |env|
|
|
||||||
locale = env.get("preferences").as(Preferences).locale
|
|
||||||
|
|
||||||
user = env.get? "user"
|
|
||||||
sid = env.get? "sid"
|
|
||||||
referer = get_referer(env)
|
|
||||||
|
|
||||||
if !user
|
|
||||||
next env.redirect referer
|
|
||||||
end
|
|
||||||
|
|
||||||
user = user.as(User)
|
|
||||||
sid = sid.as(String)
|
|
||||||
token = env.params.body["csrf_token"]?
|
|
||||||
|
|
||||||
begin
|
|
||||||
validate_request(token, sid, env.request, HMAC_KEY, locale)
|
|
||||||
rescue ex
|
|
||||||
next error_template(400, ex)
|
|
||||||
end
|
|
||||||
|
|
||||||
Invidious::Database::Users.clear_watch_history(user)
|
|
||||||
env.redirect referer
|
|
||||||
end
|
|
||||||
|
|
||||||
get "/authorize_token" do |env|
|
|
||||||
locale = env.get("preferences").as(Preferences).locale
|
|
||||||
|
|
||||||
user = env.get? "user"
|
|
||||||
sid = env.get? "sid"
|
|
||||||
referer = get_referer(env)
|
|
||||||
|
|
||||||
if !user
|
|
||||||
next env.redirect referer
|
|
||||||
end
|
|
||||||
|
|
||||||
user = user.as(User)
|
|
||||||
sid = sid.as(String)
|
|
||||||
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY)
|
|
||||||
|
|
||||||
scopes = env.params.query["scopes"]?.try &.split(",")
|
|
||||||
scopes ||= [] of String
|
|
||||||
|
|
||||||
callback_url = env.params.query["callback_url"]?
|
|
||||||
if callback_url
|
|
||||||
callback_url = URI.parse(callback_url)
|
|
||||||
end
|
|
||||||
|
|
||||||
expire = env.params.query["expire"]?.try &.to_i?
|
|
||||||
|
|
||||||
templated "authorize_token"
|
|
||||||
end
|
|
||||||
|
|
||||||
post "/authorize_token" do |env|
|
|
||||||
locale = env.get("preferences").as(Preferences).locale
|
|
||||||
|
|
||||||
user = env.get? "user"
|
|
||||||
sid = env.get? "sid"
|
|
||||||
referer = get_referer(env)
|
|
||||||
|
|
||||||
if !user
|
|
||||||
next env.redirect referer
|
|
||||||
end
|
|
||||||
|
|
||||||
user = env.get("user").as(User)
|
|
||||||
sid = sid.as(String)
|
|
||||||
token = env.params.body["csrf_token"]?
|
|
||||||
|
|
||||||
begin
|
|
||||||
validate_request(token, sid, env.request, HMAC_KEY, locale)
|
|
||||||
rescue ex
|
|
||||||
next error_template(400, ex)
|
|
||||||
end
|
|
||||||
|
|
||||||
scopes = env.params.body.select { |k, v| k.match(/^scopes\[\d+\]$/) }.map { |k, v| v }
|
|
||||||
callback_url = env.params.body["callbackUrl"]?
|
|
||||||
expire = env.params.body["expire"]?.try &.to_i?
|
|
||||||
|
|
||||||
access_token = generate_token(user.email, scopes, expire, HMAC_KEY)
|
|
||||||
|
|
||||||
if callback_url
|
|
||||||
access_token = URI.encode_www_form(access_token)
|
|
||||||
url = URI.parse(callback_url)
|
|
||||||
|
|
||||||
if url.query
|
|
||||||
query = HTTP::Params.parse(url.query.not_nil!)
|
|
||||||
else
|
|
||||||
query = HTTP::Params.new
|
|
||||||
end
|
|
||||||
|
|
||||||
query["token"] = access_token
|
|
||||||
url.query = query.to_s
|
|
||||||
|
|
||||||
env.redirect url.to_s
|
|
||||||
else
|
|
||||||
csrf_token = ""
|
|
||||||
env.set "access_token", access_token
|
|
||||||
templated "authorize_token"
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
get "/token_manager" do |env|
|
|
||||||
locale = env.get("preferences").as(Preferences).locale
|
|
||||||
|
|
||||||
user = env.get? "user"
|
|
||||||
sid = env.get? "sid"
|
|
||||||
referer = get_referer(env, "/subscription_manager")
|
|
||||||
|
|
||||||
if !user
|
|
||||||
next env.redirect referer
|
|
||||||
end
|
|
||||||
|
|
||||||
user = user.as(User)
|
|
||||||
tokens = Invidious::Database::SessionIDs.select_all(user.email)
|
|
||||||
|
|
||||||
templated "token_manager"
|
|
||||||
end
|
|
||||||
|
|
||||||
post "/token_ajax" do |env|
|
|
||||||
locale = env.get("preferences").as(Preferences).locale
|
|
||||||
|
|
||||||
user = env.get? "user"
|
|
||||||
sid = env.get? "sid"
|
|
||||||
referer = get_referer(env)
|
|
||||||
|
|
||||||
redirect = env.params.query["redirect"]?
|
|
||||||
redirect ||= "true"
|
|
||||||
redirect = redirect == "true"
|
|
||||||
|
|
||||||
if !user
|
|
||||||
if redirect
|
|
||||||
next env.redirect referer
|
|
||||||
else
|
|
||||||
next error_json(403, "No such user")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
user = user.as(User)
|
|
||||||
sid = sid.as(String)
|
|
||||||
token = env.params.body["csrf_token"]?
|
|
||||||
|
|
||||||
begin
|
|
||||||
validate_request(token, sid, env.request, HMAC_KEY, locale)
|
|
||||||
rescue ex
|
|
||||||
if redirect
|
|
||||||
next error_template(400, ex)
|
|
||||||
else
|
|
||||||
next error_json(400, ex)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
if env.params.query["action_revoke_token"]?
|
|
||||||
action = "action_revoke_token"
|
|
||||||
else
|
|
||||||
next env.redirect referer
|
|
||||||
end
|
|
||||||
|
|
||||||
session = env.params.query["session"]?
|
|
||||||
session ||= ""
|
|
||||||
|
|
||||||
case action
|
|
||||||
when .starts_with? "action_revoke_token"
|
|
||||||
Invidious::Database::SessionIDs.delete(sid: session, email: user.email)
|
|
||||||
else
|
|
||||||
next error_json(400, "Unsupported action #{action}")
|
|
||||||
end
|
|
||||||
|
|
||||||
if redirect
|
|
||||||
env.redirect referer
|
|
||||||
else
|
|
||||||
env.response.content_type = "application/json"
|
|
||||||
"{}"
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Channels
|
# Channels
|
||||||
|
|
||||||
{"/channel/:ucid/live", "/user/:user/live", "/c/:user/live"}.each do |route|
|
{"/channel/:ucid/live", "/user/:user/live", "/c/:user/live"}.each do |route|
|
||||||
|
@ -876,7 +549,7 @@ add_handler AuthHandler.new
|
||||||
add_handler DenyFrame.new
|
add_handler DenyFrame.new
|
||||||
add_context_storage_type(Array(String))
|
add_context_storage_type(Array(String))
|
||||||
add_context_storage_type(Preferences)
|
add_context_storage_type(Preferences)
|
||||||
add_context_storage_type(User)
|
add_context_storage_type(Invidious::User)
|
||||||
|
|
||||||
Kemal.config.logger = LOGGER
|
Kemal.config.logger = LOGGER
|
||||||
Kemal.config.host_binding = Kemal.config.host_binding != "0.0.0.0" ? Kemal.config.host_binding : CONFIG.host_binding
|
Kemal.config.host_binding = Kemal.config.host_binding != "0.0.0.0" ? Kemal.config.host_binding : CONFIG.host_binding
|
||||||
|
|
358
src/invidious/routes/account.cr
Normal file
358
src/invidious/routes/account.cr
Normal file
|
@ -0,0 +1,358 @@
|
||||||
|
{% skip_file if flag?(:api_only) %}
|
||||||
|
|
||||||
|
module Invidious::Routes::Account
|
||||||
|
extend self
|
||||||
|
|
||||||
|
# -------------------
|
||||||
|
# Password update
|
||||||
|
# -------------------
|
||||||
|
|
||||||
|
# Show the password change interface (GET request)
|
||||||
|
def get_change_password(env)
|
||||||
|
locale = env.get("preferences").as(Preferences).locale
|
||||||
|
|
||||||
|
user = env.get? "user"
|
||||||
|
sid = env.get? "sid"
|
||||||
|
referer = get_referer(env)
|
||||||
|
|
||||||
|
if !user
|
||||||
|
return env.redirect referer
|
||||||
|
end
|
||||||
|
|
||||||
|
user = user.as(User)
|
||||||
|
sid = sid.as(String)
|
||||||
|
csrf_token = generate_response(sid, {":change_password"}, HMAC_KEY)
|
||||||
|
|
||||||
|
templated "user/change_password"
|
||||||
|
end
|
||||||
|
|
||||||
|
# Handle the password change (POST request)
|
||||||
|
def post_change_password(env)
|
||||||
|
locale = env.get("preferences").as(Preferences).locale
|
||||||
|
|
||||||
|
user = env.get? "user"
|
||||||
|
sid = env.get? "sid"
|
||||||
|
referer = get_referer(env)
|
||||||
|
|
||||||
|
if !user
|
||||||
|
return env.redirect referer
|
||||||
|
end
|
||||||
|
|
||||||
|
user = user.as(User)
|
||||||
|
sid = sid.as(String)
|
||||||
|
token = env.params.body["csrf_token"]?
|
||||||
|
|
||||||
|
# We don't store passwords for Google accounts
|
||||||
|
if !user.password
|
||||||
|
return error_template(400, "Cannot change password for Google accounts")
|
||||||
|
end
|
||||||
|
|
||||||
|
begin
|
||||||
|
validate_request(token, sid, env.request, HMAC_KEY, locale)
|
||||||
|
rescue ex
|
||||||
|
return error_template(400, ex)
|
||||||
|
end
|
||||||
|
|
||||||
|
password = env.params.body["password"]?
|
||||||
|
if !password
|
||||||
|
return error_template(401, "Password is a required field")
|
||||||
|
end
|
||||||
|
|
||||||
|
new_passwords = env.params.body.select { |k, v| k.match(/^new_password\[\d+\]$/) }.map { |k, v| v }
|
||||||
|
|
||||||
|
if new_passwords.size <= 1 || new_passwords.uniq.size != 1
|
||||||
|
return error_template(400, "New passwords must match")
|
||||||
|
end
|
||||||
|
|
||||||
|
new_password = new_passwords.uniq[0]
|
||||||
|
if new_password.empty?
|
||||||
|
return error_template(401, "Password cannot be empty")
|
||||||
|
end
|
||||||
|
|
||||||
|
if new_password.bytesize > 55
|
||||||
|
return error_template(400, "Password cannot be longer than 55 characters")
|
||||||
|
end
|
||||||
|
|
||||||
|
if !Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55))
|
||||||
|
return error_template(401, "Incorrect password")
|
||||||
|
end
|
||||||
|
|
||||||
|
new_password = Crypto::Bcrypt::Password.create(new_password, cost: 10)
|
||||||
|
Invidious::Database::Users.update_password(user, new_password.to_s)
|
||||||
|
|
||||||
|
env.redirect referer
|
||||||
|
end
|
||||||
|
|
||||||
|
# -------------------
|
||||||
|
# Account deletion
|
||||||
|
# -------------------
|
||||||
|
|
||||||
|
# Show the account deletion confirmation prompt (GET request)
|
||||||
|
def get_delete(env)
|
||||||
|
locale = env.get("preferences").as(Preferences).locale
|
||||||
|
|
||||||
|
user = env.get? "user"
|
||||||
|
sid = env.get? "sid"
|
||||||
|
referer = get_referer(env)
|
||||||
|
|
||||||
|
if !user
|
||||||
|
return env.redirect referer
|
||||||
|
end
|
||||||
|
|
||||||
|
user = user.as(User)
|
||||||
|
sid = sid.as(String)
|
||||||
|
csrf_token = generate_response(sid, {":delete_account"}, HMAC_KEY)
|
||||||
|
|
||||||
|
templated "user/delete_account"
|
||||||
|
end
|
||||||
|
|
||||||
|
# Handle the account deletion (POST request)
|
||||||
|
def post_delete(env)
|
||||||
|
locale = env.get("preferences").as(Preferences).locale
|
||||||
|
|
||||||
|
user = env.get? "user"
|
||||||
|
sid = env.get? "sid"
|
||||||
|
referer = get_referer(env)
|
||||||
|
|
||||||
|
if !user
|
||||||
|
return env.redirect referer
|
||||||
|
end
|
||||||
|
|
||||||
|
user = user.as(User)
|
||||||
|
sid = sid.as(String)
|
||||||
|
token = env.params.body["csrf_token"]?
|
||||||
|
|
||||||
|
begin
|
||||||
|
validate_request(token, sid, env.request, HMAC_KEY, locale)
|
||||||
|
rescue ex
|
||||||
|
return error_template(400, ex)
|
||||||
|
end
|
||||||
|
|
||||||
|
view_name = "subscriptions_#{sha256(user.email)}"
|
||||||
|
Invidious::Database::Users.delete(user)
|
||||||
|
Invidious::Database::SessionIDs.delete(email: user.email)
|
||||||
|
PG_DB.exec("DROP MATERIALIZED VIEW #{view_name}")
|
||||||
|
|
||||||
|
env.request.cookies.each do |cookie|
|
||||||
|
cookie.expires = Time.utc(1990, 1, 1)
|
||||||
|
env.response.cookies << cookie
|
||||||
|
end
|
||||||
|
|
||||||
|
env.redirect referer
|
||||||
|
end
|
||||||
|
|
||||||
|
# -------------------
|
||||||
|
# Clear history
|
||||||
|
# -------------------
|
||||||
|
|
||||||
|
# Show the watch history deletion confirmation prompt (GET request)
|
||||||
|
def get_clear_history(env)
|
||||||
|
locale = env.get("preferences").as(Preferences).locale
|
||||||
|
|
||||||
|
user = env.get? "user"
|
||||||
|
sid = env.get? "sid"
|
||||||
|
referer = get_referer(env)
|
||||||
|
|
||||||
|
if !user
|
||||||
|
return env.redirect referer
|
||||||
|
end
|
||||||
|
|
||||||
|
user = user.as(User)
|
||||||
|
sid = sid.as(String)
|
||||||
|
csrf_token = generate_response(sid, {":clear_watch_history"}, HMAC_KEY)
|
||||||
|
|
||||||
|
templated "user/clear_watch_history"
|
||||||
|
end
|
||||||
|
|
||||||
|
# Handle the watch history clearing (POST request)
|
||||||
|
def post_clear_history(env)
|
||||||
|
locale = env.get("preferences").as(Preferences).locale
|
||||||
|
|
||||||
|
user = env.get? "user"
|
||||||
|
sid = env.get? "sid"
|
||||||
|
referer = get_referer(env)
|
||||||
|
|
||||||
|
if !user
|
||||||
|
return env.redirect referer
|
||||||
|
end
|
||||||
|
|
||||||
|
user = user.as(User)
|
||||||
|
sid = sid.as(String)
|
||||||
|
token = env.params.body["csrf_token"]?
|
||||||
|
|
||||||
|
begin
|
||||||
|
validate_request(token, sid, env.request, HMAC_KEY, locale)
|
||||||
|
rescue ex
|
||||||
|
return error_template(400, ex)
|
||||||
|
end
|
||||||
|
|
||||||
|
Invidious::Database::Users.clear_watch_history(user)
|
||||||
|
env.redirect referer
|
||||||
|
end
|
||||||
|
|
||||||
|
# -------------------
|
||||||
|
# Authorize tokens
|
||||||
|
# -------------------
|
||||||
|
|
||||||
|
# Show the "authorize token?" confirmation prompt (GET request)
|
||||||
|
def get_authorize_token(env)
|
||||||
|
locale = env.get("preferences").as(Preferences).locale
|
||||||
|
|
||||||
|
user = env.get? "user"
|
||||||
|
sid = env.get? "sid"
|
||||||
|
referer = get_referer(env)
|
||||||
|
|
||||||
|
if !user
|
||||||
|
return env.redirect referer
|
||||||
|
end
|
||||||
|
|
||||||
|
user = user.as(User)
|
||||||
|
sid = sid.as(String)
|
||||||
|
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY)
|
||||||
|
|
||||||
|
scopes = env.params.query["scopes"]?.try &.split(",")
|
||||||
|
scopes ||= [] of String
|
||||||
|
|
||||||
|
callback_url = env.params.query["callback_url"]?
|
||||||
|
if callback_url
|
||||||
|
callback_url = URI.parse(callback_url)
|
||||||
|
end
|
||||||
|
|
||||||
|
expire = env.params.query["expire"]?.try &.to_i?
|
||||||
|
|
||||||
|
templated "user/authorize_token"
|
||||||
|
end
|
||||||
|
|
||||||
|
# Handle token authorization (POST request)
|
||||||
|
def post_authorize_token(env)
|
||||||
|
locale = env.get("preferences").as(Preferences).locale
|
||||||
|
|
||||||
|
user = env.get? "user"
|
||||||
|
sid = env.get? "sid"
|
||||||
|
referer = get_referer(env)
|
||||||
|
|
||||||
|
if !user
|
||||||
|
return env.redirect referer
|
||||||
|
end
|
||||||
|
|
||||||
|
user = env.get("user").as(User)
|
||||||
|
sid = sid.as(String)
|
||||||
|
token = env.params.body["csrf_token"]?
|
||||||
|
|
||||||
|
begin
|
||||||
|
validate_request(token, sid, env.request, HMAC_KEY, locale)
|
||||||
|
rescue ex
|
||||||
|
return error_template(400, ex)
|
||||||
|
end
|
||||||
|
|
||||||
|
scopes = env.params.body.select { |k, v| k.match(/^scopes\[\d+\]$/) }.map { |k, v| v }
|
||||||
|
callback_url = env.params.body["callbackUrl"]?
|
||||||
|
expire = env.params.body["expire"]?.try &.to_i?
|
||||||
|
|
||||||
|
access_token = generate_token(user.email, scopes, expire, HMAC_KEY)
|
||||||
|
|
||||||
|
if callback_url
|
||||||
|
access_token = URI.encode_www_form(access_token)
|
||||||
|
url = URI.parse(callback_url)
|
||||||
|
|
||||||
|
if url.query
|
||||||
|
query = HTTP::Params.parse(url.query.not_nil!)
|
||||||
|
else
|
||||||
|
query = HTTP::Params.new
|
||||||
|
end
|
||||||
|
|
||||||
|
query["token"] = access_token
|
||||||
|
url.query = query.to_s
|
||||||
|
|
||||||
|
env.redirect url.to_s
|
||||||
|
else
|
||||||
|
csrf_token = ""
|
||||||
|
env.set "access_token", access_token
|
||||||
|
templated "user/authorize_token"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# -------------------
|
||||||
|
# Manage tokens
|
||||||
|
# -------------------
|
||||||
|
|
||||||
|
# Show the token manager page (GET request)
|
||||||
|
def token_manager(env)
|
||||||
|
locale = env.get("preferences").as(Preferences).locale
|
||||||
|
|
||||||
|
user = env.get? "user"
|
||||||
|
sid = env.get? "sid"
|
||||||
|
referer = get_referer(env, "/subscription_manager")
|
||||||
|
|
||||||
|
if !user
|
||||||
|
return env.redirect referer
|
||||||
|
end
|
||||||
|
|
||||||
|
user = user.as(User)
|
||||||
|
tokens = Invidious::Database::SessionIDs.select_all(user.email)
|
||||||
|
|
||||||
|
templated "user/token_manager"
|
||||||
|
end
|
||||||
|
|
||||||
|
# -------------------
|
||||||
|
# AJAX for tokens
|
||||||
|
# -------------------
|
||||||
|
|
||||||
|
# Handle internal (non-API) token actions (POST request)
|
||||||
|
def token_ajax(env)
|
||||||
|
locale = env.get("preferences").as(Preferences).locale
|
||||||
|
|
||||||
|
user = env.get? "user"
|
||||||
|
sid = env.get? "sid"
|
||||||
|
referer = get_referer(env)
|
||||||
|
|
||||||
|
redirect = env.params.query["redirect"]?
|
||||||
|
redirect ||= "true"
|
||||||
|
redirect = redirect == "true"
|
||||||
|
|
||||||
|
if !user
|
||||||
|
if redirect
|
||||||
|
return env.redirect referer
|
||||||
|
else
|
||||||
|
return error_json(403, "No such user")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
user = user.as(User)
|
||||||
|
sid = sid.as(String)
|
||||||
|
token = env.params.body["csrf_token"]?
|
||||||
|
|
||||||
|
begin
|
||||||
|
validate_request(token, sid, env.request, HMAC_KEY, locale)
|
||||||
|
rescue ex
|
||||||
|
if redirect
|
||||||
|
return error_template(400, ex)
|
||||||
|
else
|
||||||
|
return error_json(400, ex)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
if env.params.query["action_revoke_token"]?
|
||||||
|
action = "action_revoke_token"
|
||||||
|
else
|
||||||
|
return env.redirect referer
|
||||||
|
end
|
||||||
|
|
||||||
|
session = env.params.query["session"]?
|
||||||
|
session ||= ""
|
||||||
|
|
||||||
|
case action
|
||||||
|
when .starts_with? "action_revoke_token"
|
||||||
|
Invidious::Database::SessionIDs.delete(sid: session, email: user.email)
|
||||||
|
else
|
||||||
|
return error_json(400, "Unsupported action #{action}")
|
||||||
|
end
|
||||||
|
|
||||||
|
if redirect
|
||||||
|
return env.redirect referer
|
||||||
|
else
|
||||||
|
env.response.content_type = "application/json"
|
||||||
|
return "{}"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -343,7 +343,7 @@ module Invidious::Routes::API::V1::Authenticated
|
||||||
env.response.content_type = "text/html"
|
env.response.content_type = "text/html"
|
||||||
|
|
||||||
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY, use_nonce: true)
|
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY, use_nonce: true)
|
||||||
return templated "authorize_token"
|
return templated "user/authorize_token"
|
||||||
else
|
else
|
||||||
env.response.content_type = "application/json"
|
env.response.content_type = "application/json"
|
||||||
|
|
||||||
|
|
|
@ -27,7 +27,7 @@ module Invidious::Routes::Login
|
||||||
tfa = env.params.query["tfa"]?
|
tfa = env.params.query["tfa"]?
|
||||||
prompt = nil
|
prompt = nil
|
||||||
|
|
||||||
templated "login"
|
templated "user/login"
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.login(env)
|
def self.login(env)
|
||||||
|
@ -133,7 +133,7 @@ module Invidious::Routes::Login
|
||||||
tfa = tfa_code
|
tfa = tfa_code
|
||||||
captcha = {tokens: [token], question: ""}
|
captcha = {tokens: [token], question: ""}
|
||||||
|
|
||||||
return templated "login"
|
return templated "user/login"
|
||||||
end
|
end
|
||||||
|
|
||||||
if challenge_results[0][-1]?.try &.[5] == "INCORRECT_ANSWER_ENTERED"
|
if challenge_results[0][-1]?.try &.[5] == "INCORRECT_ANSWER_ENTERED"
|
||||||
|
@ -190,7 +190,7 @@ module Invidious::Routes::Login
|
||||||
|
|
||||||
tfa = nil
|
tfa = nil
|
||||||
captcha = nil
|
captcha = nil
|
||||||
return templated "login"
|
return templated "user/login"
|
||||||
end
|
end
|
||||||
|
|
||||||
tl = challenge_results[1][2]
|
tl = challenge_results[1][2]
|
||||||
|
@ -282,18 +282,8 @@ module Invidious::Routes::Login
|
||||||
|
|
||||||
host = URI.parse(env.request.headers["Host"]).host
|
host = URI.parse(env.request.headers["Host"]).host
|
||||||
|
|
||||||
if Kemal.config.ssl || CONFIG.https_only
|
|
||||||
secure = true
|
|
||||||
else
|
|
||||||
secure = false
|
|
||||||
end
|
|
||||||
|
|
||||||
cookies.each do |cookie|
|
cookies.each do |cookie|
|
||||||
if Kemal.config.ssl || CONFIG.https_only
|
cookie.secure = Invidious::User::Cookies::SECURE
|
||||||
cookie.secure = secure
|
|
||||||
else
|
|
||||||
cookie.secure = secure
|
|
||||||
end
|
|
||||||
|
|
||||||
if cookie.extension
|
if cookie.extension
|
||||||
cookie.extension = cookie.extension.not_nil!.gsub(".youtube.com", host)
|
cookie.extension = cookie.extension.not_nil!.gsub(".youtube.com", host)
|
||||||
|
@ -338,19 +328,7 @@ module Invidious::Routes::Login
|
||||||
sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
|
sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
|
||||||
Invidious::Database::SessionIDs.insert(sid, email)
|
Invidious::Database::SessionIDs.insert(sid, email)
|
||||||
|
|
||||||
if Kemal.config.ssl || CONFIG.https_only
|
env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid)
|
||||||
secure = true
|
|
||||||
else
|
|
||||||
secure = false
|
|
||||||
end
|
|
||||||
|
|
||||||
if CONFIG.domain
|
|
||||||
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", domain: "#{CONFIG.domain}", value: sid, expires: Time.utc + 2.years,
|
|
||||||
secure: secure, http_only: true)
|
|
||||||
else
|
|
||||||
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.utc + 2.years,
|
|
||||||
secure: secure, http_only: true)
|
|
||||||
end
|
|
||||||
else
|
else
|
||||||
return error_template(401, "Wrong username or password")
|
return error_template(401, "Wrong username or password")
|
||||||
end
|
end
|
||||||
|
@ -393,12 +371,12 @@ module Invidious::Routes::Login
|
||||||
prompt = ""
|
prompt = ""
|
||||||
|
|
||||||
if captcha_type == "image"
|
if captcha_type == "image"
|
||||||
captcha = generate_captcha(HMAC_KEY)
|
captcha = Invidious::User::Captcha.generate_image(HMAC_KEY)
|
||||||
else
|
else
|
||||||
captcha = generate_text_captcha(HMAC_KEY)
|
captcha = Invidious::User::Captcha.generate_text(HMAC_KEY)
|
||||||
end
|
end
|
||||||
|
|
||||||
return templated "login"
|
return templated "user/login"
|
||||||
end
|
end
|
||||||
|
|
||||||
tokens = env.params.body.select { |k, _| k.match(/^token\[\d+\]$/) }.map { |_, v| v }
|
tokens = env.params.body.select { |k, _| k.match(/^token\[\d+\]$/) }.map { |_, v| v }
|
||||||
|
@ -455,19 +433,7 @@ module Invidious::Routes::Login
|
||||||
view_name = "subscriptions_#{sha256(user.email)}"
|
view_name = "subscriptions_#{sha256(user.email)}"
|
||||||
PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}")
|
PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}")
|
||||||
|
|
||||||
if Kemal.config.ssl || CONFIG.https_only
|
env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid)
|
||||||
secure = true
|
|
||||||
else
|
|
||||||
secure = false
|
|
||||||
end
|
|
||||||
|
|
||||||
if CONFIG.domain
|
|
||||||
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", domain: "#{CONFIG.domain}", value: sid, expires: Time.utc + 2.years,
|
|
||||||
secure: secure, http_only: true)
|
|
||||||
else
|
|
||||||
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.utc + 2.years,
|
|
||||||
secure: secure, http_only: true)
|
|
||||||
end
|
|
||||||
|
|
||||||
if env.request.cookies["PREFS"]?
|
if env.request.cookies["PREFS"]?
|
||||||
user.preferences = env.get("preferences").as(Preferences)
|
user.preferences = env.get("preferences").as(Preferences)
|
||||||
|
|
|
@ -8,7 +8,7 @@ module Invidious::Routes::PreferencesRoute
|
||||||
|
|
||||||
preferences = env.get("preferences").as(Preferences)
|
preferences = env.get("preferences").as(Preferences)
|
||||||
|
|
||||||
templated "preferences"
|
templated "user/preferences"
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.update(env)
|
def self.update(env)
|
||||||
|
@ -214,19 +214,7 @@ module Invidious::Routes::PreferencesRoute
|
||||||
File.write("config/config.yml", CONFIG.to_yaml)
|
File.write("config/config.yml", CONFIG.to_yaml)
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
if Kemal.config.ssl || CONFIG.https_only
|
env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences)
|
||||||
secure = true
|
|
||||||
else
|
|
||||||
secure = false
|
|
||||||
end
|
|
||||||
|
|
||||||
if CONFIG.domain
|
|
||||||
env.response.cookies["PREFS"] = HTTP::Cookie.new(name: "PREFS", domain: "#{CONFIG.domain}", value: URI.encode_www_form(preferences.to_json), expires: Time.utc + 2.years,
|
|
||||||
secure: secure, http_only: true)
|
|
||||||
else
|
|
||||||
env.response.cookies["PREFS"] = HTTP::Cookie.new(name: "PREFS", value: URI.encode_www_form(preferences.to_json), expires: Time.utc + 2.years,
|
|
||||||
secure: secure, http_only: true)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
env.redirect referer
|
env.redirect referer
|
||||||
|
@ -261,21 +249,7 @@ module Invidious::Routes::PreferencesRoute
|
||||||
preferences.dark_mode = "dark"
|
preferences.dark_mode = "dark"
|
||||||
end
|
end
|
||||||
|
|
||||||
preferences = preferences.to_json
|
env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences)
|
||||||
|
|
||||||
if Kemal.config.ssl || CONFIG.https_only
|
|
||||||
secure = true
|
|
||||||
else
|
|
||||||
secure = false
|
|
||||||
end
|
|
||||||
|
|
||||||
if CONFIG.domain
|
|
||||||
env.response.cookies["PREFS"] = HTTP::Cookie.new(name: "PREFS", domain: "#{CONFIG.domain}", value: URI.encode_www_form(preferences), expires: Time.utc + 2.years,
|
|
||||||
secure: secure, http_only: true)
|
|
||||||
else
|
|
||||||
env.response.cookies["PREFS"] = HTTP::Cookie.new(name: "PREFS", value: URI.encode_www_form(preferences), expires: Time.utc + 2.years,
|
|
||||||
secure: secure, http_only: true)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
if redirect
|
if redirect
|
||||||
|
@ -298,7 +272,7 @@ module Invidious::Routes::PreferencesRoute
|
||||||
|
|
||||||
user = user.as(User)
|
user = user.as(User)
|
||||||
|
|
||||||
templated "data_control"
|
templated "user/data_control"
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.update_data_control(env)
|
def self.update_data_control(env)
|
||||||
|
@ -321,149 +295,27 @@ module Invidious::Routes::PreferencesRoute
|
||||||
# TODO: Unify into single import based on content-type
|
# TODO: Unify into single import based on content-type
|
||||||
case part.name
|
case part.name
|
||||||
when "import_invidious"
|
when "import_invidious"
|
||||||
body = JSON.parse(body)
|
Invidious::User::Import.from_invidious(user, body)
|
||||||
|
|
||||||
if body["subscriptions"]?
|
|
||||||
user.subscriptions += body["subscriptions"].as_a.map(&.as_s)
|
|
||||||
user.subscriptions.uniq!
|
|
||||||
|
|
||||||
user.subscriptions = get_batch_channels(user.subscriptions)
|
|
||||||
|
|
||||||
Invidious::Database::Users.update_subscriptions(user)
|
|
||||||
end
|
|
||||||
|
|
||||||
if body["watch_history"]?
|
|
||||||
user.watched += body["watch_history"].as_a.map(&.as_s)
|
|
||||||
user.watched.uniq!
|
|
||||||
Invidious::Database::Users.update_watch_history(user)
|
|
||||||
end
|
|
||||||
|
|
||||||
if body["preferences"]?
|
|
||||||
user.preferences = Preferences.from_json(body["preferences"].to_json)
|
|
||||||
Invidious::Database::Users.update_preferences(user)
|
|
||||||
end
|
|
||||||
|
|
||||||
if playlists = body["playlists"]?.try &.as_a?
|
|
||||||
playlists.each do |item|
|
|
||||||
title = item["title"]?.try &.as_s?.try &.delete("<>")
|
|
||||||
description = item["description"]?.try &.as_s?.try &.delete("\r")
|
|
||||||
privacy = item["privacy"]?.try &.as_s?.try { |privacy| PlaylistPrivacy.parse? privacy }
|
|
||||||
|
|
||||||
next if !title
|
|
||||||
next if !description
|
|
||||||
next if !privacy
|
|
||||||
|
|
||||||
playlist = create_playlist(title, privacy, user)
|
|
||||||
Invidious::Database::Playlists.update_description(playlist.id, description)
|
|
||||||
|
|
||||||
videos = item["videos"]?.try &.as_a?.try &.each_with_index do |video_id, idx|
|
|
||||||
raise InfoException.new("Playlist cannot have more than 500 videos") if idx > 500
|
|
||||||
|
|
||||||
video_id = video_id.try &.as_s?
|
|
||||||
next if !video_id
|
|
||||||
|
|
||||||
begin
|
|
||||||
video = get_video(video_id)
|
|
||||||
rescue ex
|
|
||||||
next
|
|
||||||
end
|
|
||||||
|
|
||||||
playlist_video = PlaylistVideo.new({
|
|
||||||
title: video.title,
|
|
||||||
id: video.id,
|
|
||||||
author: video.author,
|
|
||||||
ucid: video.ucid,
|
|
||||||
length_seconds: video.length_seconds,
|
|
||||||
published: video.published,
|
|
||||||
plid: playlist.id,
|
|
||||||
live_now: video.live_now,
|
|
||||||
index: Random::Secure.rand(0_i64..Int64::MAX),
|
|
||||||
})
|
|
||||||
|
|
||||||
Invidious::Database::PlaylistVideos.insert(playlist_video)
|
|
||||||
Invidious::Database::Playlists.update_video_added(playlist.id, playlist_video.index)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
when "import_youtube"
|
when "import_youtube"
|
||||||
filename = part.filename || ""
|
filename = part.filename || ""
|
||||||
extension = filename.split(".").last
|
success = Invidious::User::Import.from_youtube(user, body, filename, type)
|
||||||
|
|
||||||
if extension == "xml" || type == "application/xml" || type == "text/xml"
|
if !success
|
||||||
subscriptions = XML.parse(body)
|
|
||||||
user.subscriptions += subscriptions.xpath_nodes(%q(//outline[@type="rss"])).map do |channel|
|
|
||||||
channel["xmlUrl"].match(/UC[a-zA-Z0-9_-]{22}/).not_nil![0]
|
|
||||||
end
|
|
||||||
elsif extension == "json" || type == "application/json"
|
|
||||||
subscriptions = JSON.parse(body)
|
|
||||||
user.subscriptions += subscriptions.as_a.compact_map do |entry|
|
|
||||||
entry["snippet"]["resourceId"]["channelId"].as_s
|
|
||||||
end
|
|
||||||
elsif extension == "csv" || type == "text/csv"
|
|
||||||
subscriptions = parse_subscription_export_csv(body)
|
|
||||||
user.subscriptions += subscriptions
|
|
||||||
else
|
|
||||||
haltf(env, status_code: 415,
|
haltf(env, status_code: 415,
|
||||||
response: error_template(415, "Invalid subscription file uploaded")
|
response: error_template(415, "Invalid subscription file uploaded")
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
user.subscriptions.uniq!
|
|
||||||
user.subscriptions = get_batch_channels(user.subscriptions)
|
|
||||||
|
|
||||||
Invidious::Database::Users.update_subscriptions(user)
|
|
||||||
when "import_freetube"
|
when "import_freetube"
|
||||||
user.subscriptions += body.scan(/"channelId":"(?<channel_id>[a-zA-Z0-9_-]{24})"/).map do |md|
|
Invidious::User::Import.from_freetube(user, body)
|
||||||
md["channel_id"]
|
|
||||||
end
|
|
||||||
user.subscriptions.uniq!
|
|
||||||
|
|
||||||
user.subscriptions = get_batch_channels(user.subscriptions)
|
|
||||||
|
|
||||||
Invidious::Database::Users.update_subscriptions(user)
|
|
||||||
when "import_newpipe_subscriptions"
|
when "import_newpipe_subscriptions"
|
||||||
body = JSON.parse(body)
|
Invidious::User::Import.from_newpipe_subs(user, body)
|
||||||
user.subscriptions += body["subscriptions"].as_a.compact_map do |channel|
|
|
||||||
if match = channel["url"].as_s.match(/\/channel\/(?<channel>UC[a-zA-Z0-9_-]{22})/)
|
|
||||||
next match["channel"]
|
|
||||||
elsif match = channel["url"].as_s.match(/\/user\/(?<user>.+)/)
|
|
||||||
response = YT_POOL.client &.get("/user/#{match["user"]}?disable_polymer=1&hl=en&gl=US")
|
|
||||||
html = XML.parse_html(response.body)
|
|
||||||
ucid = html.xpath_node(%q(//link[@rel="canonical"])).try &.["href"].split("/")[-1]
|
|
||||||
next ucid if ucid
|
|
||||||
end
|
|
||||||
|
|
||||||
nil
|
|
||||||
end
|
|
||||||
user.subscriptions.uniq!
|
|
||||||
|
|
||||||
user.subscriptions = get_batch_channels(user.subscriptions)
|
|
||||||
|
|
||||||
Invidious::Database::Users.update_subscriptions(user)
|
|
||||||
when "import_newpipe"
|
when "import_newpipe"
|
||||||
Compress::Zip::Reader.open(IO::Memory.new(body)) do |file|
|
success = Invidious::User::Import.from_newpipe(user, body)
|
||||||
file.each_entry do |entry|
|
|
||||||
if entry.filename == "newpipe.db"
|
|
||||||
tempfile = File.tempfile(".db")
|
|
||||||
File.write(tempfile.path, entry.io.gets_to_end)
|
|
||||||
db = DB.open("sqlite3://" + tempfile.path)
|
|
||||||
|
|
||||||
user.watched += db.query_all("SELECT url FROM streams", as: String).map(&.lchop("https://www.youtube.com/watch?v="))
|
if !success
|
||||||
user.watched.uniq!
|
haltf(env, status_code: 415,
|
||||||
|
response: error_template(415, "Uploaded file is too large")
|
||||||
Invidious::Database::Users.update_watch_history(user)
|
)
|
||||||
|
|
||||||
user.subscriptions += db.query_all("SELECT url FROM subscriptions", as: String).map(&.lchop("https://www.youtube.com/channel/"))
|
|
||||||
user.subscriptions.uniq!
|
|
||||||
|
|
||||||
user.subscriptions = get_batch_channels(user.subscriptions)
|
|
||||||
|
|
||||||
Invidious::Database::Users.update_subscriptions(user)
|
|
||||||
|
|
||||||
db.close
|
|
||||||
tempfile.delete
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
else nil # Ignore
|
else nil # Ignore
|
||||||
end
|
end
|
||||||
|
|
|
@ -163,6 +163,6 @@ module Invidious::Routes::Subscriptions
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
templated "subscription_manager"
|
templated "user/subscription_manager"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -10,6 +10,32 @@ module Invidious::Routing
|
||||||
{% end %}
|
{% end %}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
macro define_user_routes
|
||||||
|
# User login/out
|
||||||
|
Invidious::Routing.get "/login", Invidious::Routes::Login, :login_page
|
||||||
|
Invidious::Routing.post "/login", Invidious::Routes::Login, :login
|
||||||
|
Invidious::Routing.post "/signout", Invidious::Routes::Login, :signout
|
||||||
|
|
||||||
|
# User preferences
|
||||||
|
Invidious::Routing.get "/preferences", Invidious::Routes::PreferencesRoute, :show
|
||||||
|
Invidious::Routing.post "/preferences", Invidious::Routes::PreferencesRoute, :update
|
||||||
|
Invidious::Routing.get "/toggle_theme", Invidious::Routes::PreferencesRoute, :toggle_theme
|
||||||
|
Invidious::Routing.get "/data_control", Invidious::Routes::PreferencesRoute, :data_control
|
||||||
|
Invidious::Routing.post "/data_control", Invidious::Routes::PreferencesRoute, :update_data_control
|
||||||
|
|
||||||
|
# User account management
|
||||||
|
Invidious::Routing.get "/change_password", Invidious::Routes::Account, :get_change_password
|
||||||
|
Invidious::Routing.post "/change_password", Invidious::Routes::Account, :post_change_password
|
||||||
|
Invidious::Routing.get "/delete_account", Invidious::Routes::Account, :get_delete
|
||||||
|
Invidious::Routing.post "/delete_account", Invidious::Routes::Account, :post_delete
|
||||||
|
Invidious::Routing.get "/clear_watch_history", Invidious::Routes::Account, :get_clear_history
|
||||||
|
Invidious::Routing.post "/clear_watch_history", Invidious::Routes::Account, :post_clear_history
|
||||||
|
Invidious::Routing.get "/authorize_token", Invidious::Routes::Account, :get_authorize_token
|
||||||
|
Invidious::Routing.post "/authorize_token", Invidious::Routes::Account, :post_authorize_token
|
||||||
|
Invidious::Routing.get "/token_manager", Invidious::Routes::Account, :token_manager
|
||||||
|
Invidious::Routing.post "/token_ajax", Invidious::Routes::Account, :token_ajax
|
||||||
|
end
|
||||||
|
|
||||||
macro define_v1_api_routes
|
macro define_v1_api_routes
|
||||||
{{namespace = Invidious::Routes::API::V1}}
|
{{namespace = Invidious::Routes::API::V1}}
|
||||||
# Videos
|
# Videos
|
||||||
|
|
|
@ -176,7 +176,7 @@ end
|
||||||
|
|
||||||
def process_search_query(query, page, user, region)
|
def process_search_query(query, page, user, region)
|
||||||
if user
|
if user
|
||||||
user = user.as(User)
|
user = user.as(Invidious::User)
|
||||||
view_name = "subscriptions_#{sha256(user.email)}"
|
view_name = "subscriptions_#{sha256(user.email)}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
78
src/invidious/user/captcha.cr
Normal file
78
src/invidious/user/captcha.cr
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
require "openssl/hmac"
|
||||||
|
|
||||||
|
struct Invidious::User
|
||||||
|
module Captcha
|
||||||
|
extend self
|
||||||
|
|
||||||
|
private TEXTCAPTCHA_URL = URI.parse("https://textcaptcha.com")
|
||||||
|
|
||||||
|
def generate_image(key)
|
||||||
|
second = Random::Secure.rand(12)
|
||||||
|
second_angle = second * 30
|
||||||
|
second = second * 5
|
||||||
|
|
||||||
|
minute = Random::Secure.rand(12)
|
||||||
|
minute_angle = minute * 30
|
||||||
|
minute = minute * 5
|
||||||
|
|
||||||
|
hour = Random::Secure.rand(12)
|
||||||
|
hour_angle = hour * 30 + minute_angle.to_f / 12
|
||||||
|
if hour == 0
|
||||||
|
hour = 12
|
||||||
|
end
|
||||||
|
|
||||||
|
clock_svg = <<-END_SVG
|
||||||
|
<svg viewBox="0 0 100 100" width="200px" height="200px">
|
||||||
|
<circle cx="50" cy="50" r="45" fill="#eee" stroke="black" stroke-width="2"></circle>
|
||||||
|
|
||||||
|
<text x="69" y="20.091" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 1</text>
|
||||||
|
<text x="82.909" y="34" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 2</text>
|
||||||
|
<text x="88" y="53" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 3</text>
|
||||||
|
<text x="82.909" y="72" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 4</text>
|
||||||
|
<text x="69" y="85.909" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 5</text>
|
||||||
|
<text x="50" y="91" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 6</text>
|
||||||
|
<text x="31" y="85.909" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 7</text>
|
||||||
|
<text x="17.091" y="72" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 8</text>
|
||||||
|
<text x="12" y="53" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 9</text>
|
||||||
|
<text x="17.091" y="34" text-anchor="middle" fill="black" font-family="Arial" font-size="10px">10</text>
|
||||||
|
<text x="31" y="20.091" text-anchor="middle" fill="black" font-family="Arial" font-size="10px">11</text>
|
||||||
|
<text x="50" y="15" text-anchor="middle" fill="black" font-family="Arial" font-size="10px">12</text>
|
||||||
|
|
||||||
|
<circle cx="50" cy="50" r="3" fill="black"></circle>
|
||||||
|
<line id="second" transform="rotate(#{second_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="12" fill="black" stroke="black" stroke-width="1"></line>
|
||||||
|
<line id="minute" transform="rotate(#{minute_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="16" fill="black" stroke="black" stroke-width="2"></line>
|
||||||
|
<line id="hour" transform="rotate(#{hour_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="24" fill="black" stroke="black" stroke-width="2"></line>
|
||||||
|
</svg>
|
||||||
|
END_SVG
|
||||||
|
|
||||||
|
image = "data:image/png;base64,"
|
||||||
|
image += Process.run(%(rsvg-convert -w 400 -h 400 -b none -f png), shell: true,
|
||||||
|
input: IO::Memory.new(clock_svg), output: Process::Redirect::Pipe
|
||||||
|
) do |proc|
|
||||||
|
Base64.strict_encode(proc.output.gets_to_end)
|
||||||
|
end
|
||||||
|
|
||||||
|
answer = "#{hour}:#{minute.to_s.rjust(2, '0')}:#{second.to_s.rjust(2, '0')}"
|
||||||
|
answer = OpenSSL::HMAC.hexdigest(:sha256, key, answer)
|
||||||
|
|
||||||
|
return {
|
||||||
|
question: image,
|
||||||
|
tokens: {generate_response(answer, {":login"}, key, use_nonce: true)},
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
def generate_text(key)
|
||||||
|
response = make_client(TEXTCAPTCHA_URL, &.get("/github.com/iv.org/invidious.json").body)
|
||||||
|
response = JSON.parse(response)
|
||||||
|
|
||||||
|
tokens = response["a"].as_a.map do |answer|
|
||||||
|
generate_response(answer.as_s, {":login"}, key, use_nonce: true)
|
||||||
|
end
|
||||||
|
|
||||||
|
return {
|
||||||
|
question: response["q"].as_s,
|
||||||
|
tokens: tokens,
|
||||||
|
}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
37
src/invidious/user/cookies.cr
Normal file
37
src/invidious/user/cookies.cr
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
require "http/cookie"
|
||||||
|
|
||||||
|
struct Invidious::User
|
||||||
|
module Cookies
|
||||||
|
extend self
|
||||||
|
|
||||||
|
# Note: we use ternary operator because the two variables
|
||||||
|
# used in here are not booleans.
|
||||||
|
SECURE = (Kemal.config.ssl || CONFIG.https_only) ? true : false
|
||||||
|
|
||||||
|
# Session ID (SID) cookie
|
||||||
|
# Parameter "domain" comes from the global config
|
||||||
|
def sid(domain : String?, sid) : HTTP::Cookie
|
||||||
|
return HTTP::Cookie.new(
|
||||||
|
name: "SID",
|
||||||
|
domain: domain,
|
||||||
|
value: sid,
|
||||||
|
expires: Time.utc + 2.years,
|
||||||
|
secure: SECURE,
|
||||||
|
http_only: true
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
# Preferences (PREFS) cookie
|
||||||
|
# Parameter "domain" comes from the global config
|
||||||
|
def prefs(domain : String?, preferences : Preferences) : HTTP::Cookie
|
||||||
|
return HTTP::Cookie.new(
|
||||||
|
name: "PREFS",
|
||||||
|
domain: domain,
|
||||||
|
value: URI.encode_www_form(preferences.to_json),
|
||||||
|
expires: Time.utc + 2.years,
|
||||||
|
secure: SECURE,
|
||||||
|
http_only: true
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,6 +1,11 @@
|
||||||
require "csv"
|
require "csv"
|
||||||
|
|
||||||
def parse_subscription_export_csv(csv_content : String)
|
struct Invidious::User
|
||||||
|
module Import
|
||||||
|
extend self
|
||||||
|
|
||||||
|
# Parse a youtube CSV subscription file
|
||||||
|
def parse_subscription_export_csv(csv_content : String)
|
||||||
rows = CSV.new(csv_content, headers: true)
|
rows = CSV.new(csv_content, headers: true)
|
||||||
subscriptions = Array(String).new
|
subscriptions = Array(String).new
|
||||||
|
|
||||||
|
@ -19,9 +24,219 @@ def parse_subscription_export_csv(csv_content : String)
|
||||||
channel_id = row[0].strip
|
channel_id = row[0].strip
|
||||||
|
|
||||||
next if channel_id.empty?
|
next if channel_id.empty?
|
||||||
|
|
||||||
subscriptions << channel_id
|
subscriptions << channel_id
|
||||||
end
|
end
|
||||||
|
|
||||||
return subscriptions
|
return subscriptions
|
||||||
|
end
|
||||||
|
|
||||||
|
# -------------------
|
||||||
|
# Invidious
|
||||||
|
# -------------------
|
||||||
|
|
||||||
|
# Import from another invidious account
|
||||||
|
def from_invidious(user : User, body : String)
|
||||||
|
data = JSON.parse(body)
|
||||||
|
|
||||||
|
if data["subscriptions"]?
|
||||||
|
user.subscriptions += data["subscriptions"].as_a.map(&.as_s)
|
||||||
|
user.subscriptions.uniq!
|
||||||
|
user.subscriptions = get_batch_channels(user.subscriptions)
|
||||||
|
|
||||||
|
Invidious::Database::Users.update_subscriptions(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
if data["watch_history"]?
|
||||||
|
user.watched += data["watch_history"].as_a.map(&.as_s)
|
||||||
|
user.watched.uniq!
|
||||||
|
Invidious::Database::Users.update_watch_history(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
if data["preferences"]?
|
||||||
|
user.preferences = Preferences.from_json(data["preferences"].to_json)
|
||||||
|
Invidious::Database::Users.update_preferences(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
if playlists = data["playlists"]?.try &.as_a?
|
||||||
|
playlists.each do |item|
|
||||||
|
title = item["title"]?.try &.as_s?.try &.delete("<>")
|
||||||
|
description = item["description"]?.try &.as_s?.try &.delete("\r")
|
||||||
|
privacy = item["privacy"]?.try &.as_s?.try { |privacy| PlaylistPrivacy.parse? privacy }
|
||||||
|
|
||||||
|
next if !title
|
||||||
|
next if !description
|
||||||
|
next if !privacy
|
||||||
|
|
||||||
|
playlist = create_playlist(title, privacy, user)
|
||||||
|
Invidious::Database::Playlists.update_description(playlist.id, description)
|
||||||
|
|
||||||
|
videos = item["videos"]?.try &.as_a?.try &.each_with_index do |video_id, idx|
|
||||||
|
raise InfoException.new("Playlist cannot have more than 500 videos") if idx > 500
|
||||||
|
|
||||||
|
video_id = video_id.try &.as_s?
|
||||||
|
next if !video_id
|
||||||
|
|
||||||
|
begin
|
||||||
|
video = get_video(video_id)
|
||||||
|
rescue ex
|
||||||
|
next
|
||||||
|
end
|
||||||
|
|
||||||
|
playlist_video = PlaylistVideo.new({
|
||||||
|
title: video.title,
|
||||||
|
id: video.id,
|
||||||
|
author: video.author,
|
||||||
|
ucid: video.ucid,
|
||||||
|
length_seconds: video.length_seconds,
|
||||||
|
published: video.published,
|
||||||
|
plid: playlist.id,
|
||||||
|
live_now: video.live_now,
|
||||||
|
index: Random::Secure.rand(0_i64..Int64::MAX),
|
||||||
|
})
|
||||||
|
|
||||||
|
Invidious::Database::PlaylistVideos.insert(playlist_video)
|
||||||
|
Invidious::Database::Playlists.update_video_added(playlist.id, playlist_video.index)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# -------------------
|
||||||
|
# Youtube
|
||||||
|
# -------------------
|
||||||
|
|
||||||
|
private def is_opml?(mimetype : String, extension : String)
|
||||||
|
opml_mimetypes = [
|
||||||
|
"application/xml",
|
||||||
|
"text/xml",
|
||||||
|
"text/x-opml",
|
||||||
|
"text/x-opml+xml",
|
||||||
|
]
|
||||||
|
|
||||||
|
opml_extensions = ["xml", "opml"]
|
||||||
|
|
||||||
|
return opml_mimetypes.any?(&.== mimetype) || opml_extensions.any?(&.== extension)
|
||||||
|
end
|
||||||
|
|
||||||
|
# Import subscribed channels from Youtube
|
||||||
|
# Returns success status
|
||||||
|
def from_youtube(user : User, body : String, filename : String, type : String) : Bool
|
||||||
|
extension = filename.split(".").last
|
||||||
|
|
||||||
|
if is_opml?(type, extension)
|
||||||
|
subscriptions = XML.parse(body)
|
||||||
|
user.subscriptions += subscriptions.xpath_nodes(%q(//outline[@type="rss"])).map do |channel|
|
||||||
|
channel["xmlUrl"].match(/UC[a-zA-Z0-9_-]{22}/).not_nil![0]
|
||||||
|
end
|
||||||
|
elsif extension == "json" || type == "application/json"
|
||||||
|
subscriptions = JSON.parse(body)
|
||||||
|
user.subscriptions += subscriptions.as_a.compact_map do |entry|
|
||||||
|
entry["snippet"]["resourceId"]["channelId"].as_s
|
||||||
|
end
|
||||||
|
elsif extension == "csv" || type == "text/csv"
|
||||||
|
subscriptions = parse_subscription_export_csv(body)
|
||||||
|
user.subscriptions += subscriptions
|
||||||
|
else
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
user.subscriptions.uniq!
|
||||||
|
user.subscriptions = get_batch_channels(user.subscriptions)
|
||||||
|
|
||||||
|
Invidious::Database::Users.update_subscriptions(user)
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
|
||||||
|
# -------------------
|
||||||
|
# Freetube
|
||||||
|
# -------------------
|
||||||
|
|
||||||
|
def from_freetube(user : User, body : String)
|
||||||
|
# Legacy import?
|
||||||
|
matches = body.scan(/"channelId":"(?<channel_id>[a-zA-Z0-9_-]{24})"/)
|
||||||
|
subs = matches.map(&.["channel_id"])
|
||||||
|
|
||||||
|
if subs.empty?
|
||||||
|
data = JSON.parse(body)["subscriptions"]
|
||||||
|
subs = data.as_a.map(&.["id"].as_s)
|
||||||
|
end
|
||||||
|
|
||||||
|
user.subscriptions += subs
|
||||||
|
user.subscriptions.uniq!
|
||||||
|
user.subscriptions = get_batch_channels(user.subscriptions)
|
||||||
|
|
||||||
|
Invidious::Database::Users.update_subscriptions(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
# -------------------
|
||||||
|
# Newpipe
|
||||||
|
# -------------------
|
||||||
|
|
||||||
|
def from_newpipe_subs(user : User, body : String)
|
||||||
|
data = JSON.parse(body)
|
||||||
|
|
||||||
|
user.subscriptions += data["subscriptions"].as_a.compact_map do |channel|
|
||||||
|
if match = channel["url"].as_s.match(/\/channel\/(?<channel>UC[a-zA-Z0-9_-]{22})/)
|
||||||
|
next match["channel"]
|
||||||
|
elsif match = channel["url"].as_s.match(/\/user\/(?<user>.+)/)
|
||||||
|
# Resolve URL using the API
|
||||||
|
resolved_url = YoutubeAPI.resolve_url("https://www.youtube.com/user/#{match["user"]}")
|
||||||
|
ucid = resolved_url.dig?("endpoint", "browseEndpoint", "browseId")
|
||||||
|
next ucid.as_s if ucid
|
||||||
|
end
|
||||||
|
|
||||||
|
nil
|
||||||
|
end
|
||||||
|
|
||||||
|
user.subscriptions.uniq!
|
||||||
|
user.subscriptions = get_batch_channels(user.subscriptions)
|
||||||
|
|
||||||
|
Invidious::Database::Users.update_subscriptions(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
def from_newpipe(user : User, body : String) : Bool
|
||||||
|
io = IO::Memory.new(body)
|
||||||
|
|
||||||
|
Compress::Zip::File.open(io) do |file|
|
||||||
|
file.entries.each do |entry|
|
||||||
|
entry.open do |file_io|
|
||||||
|
# Ensure max size of 4MB
|
||||||
|
io_sized = IO::Sized.new(file_io, 0x400000)
|
||||||
|
|
||||||
|
next if entry.filename != "newpipe.db"
|
||||||
|
|
||||||
|
tempfile = File.tempfile(".db")
|
||||||
|
|
||||||
|
begin
|
||||||
|
File.write(tempfile.path, io_sized.gets_to_end)
|
||||||
|
rescue
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
db = DB.open("sqlite3://" + tempfile.path)
|
||||||
|
|
||||||
|
user.watched += db.query_all("SELECT url FROM streams", as: String)
|
||||||
|
.map(&.lchop("https://www.youtube.com/watch?v="))
|
||||||
|
|
||||||
|
user.watched.uniq!
|
||||||
|
Invidious::Database::Users.update_watch_history(user)
|
||||||
|
|
||||||
|
user.subscriptions += db.query_all("SELECT url FROM subscriptions", as: String)
|
||||||
|
.map(&.lchop("https://www.youtube.com/channel/"))
|
||||||
|
|
||||||
|
user.subscriptions.uniq!
|
||||||
|
user.subscriptions = get_batch_channels(user.subscriptions)
|
||||||
|
|
||||||
|
Invidious::Database::Users.update_subscriptions(user)
|
||||||
|
|
||||||
|
db.close
|
||||||
|
tempfile.delete
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Success!
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
end # module
|
||||||
end
|
end
|
||||||
|
|
27
src/invidious/user/user.cr
Normal file
27
src/invidious/user/user.cr
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
require "db"
|
||||||
|
|
||||||
|
struct Invidious::User
|
||||||
|
include DB::Serializable
|
||||||
|
|
||||||
|
property updated : Time
|
||||||
|
property notifications : Array(String)
|
||||||
|
property subscriptions : Array(String)
|
||||||
|
property email : String
|
||||||
|
|
||||||
|
@[DB::Field(converter: Invidious::User::PreferencesConverter)]
|
||||||
|
property preferences : Preferences
|
||||||
|
property password : String?
|
||||||
|
property token : String
|
||||||
|
property watched : Array(String)
|
||||||
|
property feed_needs_update : Bool?
|
||||||
|
|
||||||
|
module PreferencesConverter
|
||||||
|
def self.from_rs(rs)
|
||||||
|
begin
|
||||||
|
Preferences.from_json(rs.read(String))
|
||||||
|
rescue ex
|
||||||
|
Preferences.from_json("{}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -3,32 +3,6 @@ require "crypto/bcrypt/password"
|
||||||
# Materialized views may not be defined using bound parameters (`$1` as used elsewhere)
|
# Materialized views may not be defined using bound parameters (`$1` as used elsewhere)
|
||||||
MATERIALIZED_VIEW_SQL = ->(email : String) { "SELECT cv.* FROM channel_videos cv WHERE EXISTS (SELECT subscriptions FROM users u WHERE cv.ucid = ANY (u.subscriptions) AND u.email = E'#{email.gsub({'\'' => "\\'", '\\' => "\\\\"})}') ORDER BY published DESC" }
|
MATERIALIZED_VIEW_SQL = ->(email : String) { "SELECT cv.* FROM channel_videos cv WHERE EXISTS (SELECT subscriptions FROM users u WHERE cv.ucid = ANY (u.subscriptions) AND u.email = E'#{email.gsub({'\'' => "\\'", '\\' => "\\\\"})}') ORDER BY published DESC" }
|
||||||
|
|
||||||
struct User
|
|
||||||
include DB::Serializable
|
|
||||||
|
|
||||||
property updated : Time
|
|
||||||
property notifications : Array(String)
|
|
||||||
property subscriptions : Array(String)
|
|
||||||
property email : String
|
|
||||||
|
|
||||||
@[DB::Field(converter: User::PreferencesConverter)]
|
|
||||||
property preferences : Preferences
|
|
||||||
property password : String?
|
|
||||||
property token : String
|
|
||||||
property watched : Array(String)
|
|
||||||
property feed_needs_update : Bool?
|
|
||||||
|
|
||||||
module PreferencesConverter
|
|
||||||
def self.from_rs(rs)
|
|
||||||
begin
|
|
||||||
Preferences.from_json(rs.read(String))
|
|
||||||
rescue ex
|
|
||||||
Preferences.from_json("{}")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def get_user(sid, headers, refresh = true)
|
def get_user(sid, headers, refresh = true)
|
||||||
if email = Invidious::Database::SessionIDs.select_email(sid)
|
if email = Invidious::Database::SessionIDs.select_email(sid)
|
||||||
user = Invidious::Database::Users.select!(email: email)
|
user = Invidious::Database::Users.select!(email: email)
|
||||||
|
@ -84,7 +58,7 @@ def fetch_user(sid, headers)
|
||||||
|
|
||||||
token = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
|
token = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
|
||||||
|
|
||||||
user = User.new({
|
user = Invidious::User.new({
|
||||||
updated: Time.utc,
|
updated: Time.utc,
|
||||||
notifications: [] of String,
|
notifications: [] of String,
|
||||||
subscriptions: channels,
|
subscriptions: channels,
|
||||||
|
@ -102,7 +76,7 @@ def create_user(sid, email, password)
|
||||||
password = Crypto::Bcrypt::Password.create(password, cost: 10)
|
password = Crypto::Bcrypt::Password.create(password, cost: 10)
|
||||||
token = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
|
token = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
|
||||||
|
|
||||||
user = User.new({
|
user = Invidious::User.new({
|
||||||
updated: Time.utc,
|
updated: Time.utc,
|
||||||
notifications: [] of String,
|
notifications: [] of String,
|
||||||
subscriptions: [] of String,
|
subscriptions: [] of String,
|
||||||
|
@ -117,75 +91,6 @@ def create_user(sid, email, password)
|
||||||
return user, sid
|
return user, sid
|
||||||
end
|
end
|
||||||
|
|
||||||
def generate_captcha(key)
|
|
||||||
second = Random::Secure.rand(12)
|
|
||||||
second_angle = second * 30
|
|
||||||
second = second * 5
|
|
||||||
|
|
||||||
minute = Random::Secure.rand(12)
|
|
||||||
minute_angle = minute * 30
|
|
||||||
minute = minute * 5
|
|
||||||
|
|
||||||
hour = Random::Secure.rand(12)
|
|
||||||
hour_angle = hour * 30 + minute_angle.to_f / 12
|
|
||||||
if hour == 0
|
|
||||||
hour = 12
|
|
||||||
end
|
|
||||||
|
|
||||||
clock_svg = <<-END_SVG
|
|
||||||
<svg viewBox="0 0 100 100" width="200px" height="200px">
|
|
||||||
<circle cx="50" cy="50" r="45" fill="#eee" stroke="black" stroke-width="2"></circle>
|
|
||||||
|
|
||||||
<text x="69" y="20.091" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 1</text>
|
|
||||||
<text x="82.909" y="34" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 2</text>
|
|
||||||
<text x="88" y="53" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 3</text>
|
|
||||||
<text x="82.909" y="72" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 4</text>
|
|
||||||
<text x="69" y="85.909" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 5</text>
|
|
||||||
<text x="50" y="91" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 6</text>
|
|
||||||
<text x="31" y="85.909" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 7</text>
|
|
||||||
<text x="17.091" y="72" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 8</text>
|
|
||||||
<text x="12" y="53" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 9</text>
|
|
||||||
<text x="17.091" y="34" text-anchor="middle" fill="black" font-family="Arial" font-size="10px">10</text>
|
|
||||||
<text x="31" y="20.091" text-anchor="middle" fill="black" font-family="Arial" font-size="10px">11</text>
|
|
||||||
<text x="50" y="15" text-anchor="middle" fill="black" font-family="Arial" font-size="10px">12</text>
|
|
||||||
|
|
||||||
<circle cx="50" cy="50" r="3" fill="black"></circle>
|
|
||||||
<line id="second" transform="rotate(#{second_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="12" fill="black" stroke="black" stroke-width="1"></line>
|
|
||||||
<line id="minute" transform="rotate(#{minute_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="16" fill="black" stroke="black" stroke-width="2"></line>
|
|
||||||
<line id="hour" transform="rotate(#{hour_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="24" fill="black" stroke="black" stroke-width="2"></line>
|
|
||||||
</svg>
|
|
||||||
END_SVG
|
|
||||||
|
|
||||||
image = "data:image/png;base64,"
|
|
||||||
image += Process.run(%(rsvg-convert -w 400 -h 400 -b none -f png), shell: true,
|
|
||||||
input: IO::Memory.new(clock_svg), output: Process::Redirect::Pipe
|
|
||||||
) do |proc|
|
|
||||||
Base64.strict_encode(proc.output.gets_to_end)
|
|
||||||
end
|
|
||||||
|
|
||||||
answer = "#{hour}:#{minute.to_s.rjust(2, '0')}:#{second.to_s.rjust(2, '0')}"
|
|
||||||
answer = OpenSSL::HMAC.hexdigest(:sha256, key, answer)
|
|
||||||
|
|
||||||
return {
|
|
||||||
question: image,
|
|
||||||
tokens: {generate_response(answer, {":login"}, key, use_nonce: true)},
|
|
||||||
}
|
|
||||||
end
|
|
||||||
|
|
||||||
def generate_text_captcha(key)
|
|
||||||
response = make_client(TEXTCAPTCHA_URL, &.get("/github.com/iv.org/invidious.json").body)
|
|
||||||
response = JSON.parse(response)
|
|
||||||
|
|
||||||
tokens = response["a"].as_a.map do |answer|
|
|
||||||
generate_response(answer.as_s, {":login"}, key, use_nonce: true)
|
|
||||||
end
|
|
||||||
|
|
||||||
return {
|
|
||||||
question: response["q"].as_s,
|
|
||||||
tokens: tokens,
|
|
||||||
}
|
|
||||||
end
|
|
||||||
|
|
||||||
def subscribe_ajax(channel_id, action, env_headers)
|
def subscribe_ajax(channel_id, action, env_headers)
|
||||||
headers = HTTP::Headers.new
|
headers = HTTP::Headers.new
|
||||||
headers["Cookie"] = env_headers["Cookie"]
|
headers["Cookie"] = env_headers["Cookie"]
|
||||||
|
|
|
@ -52,7 +52,7 @@
|
||||||
</div>
|
</div>
|
||||||
<div class="pure-u-1-4">
|
<div class="pure-u-1-4">
|
||||||
<a id="notification_ticker" title="<%= translate(locale, "Subscriptions") %>" href="/feed/subscriptions" class="pure-menu-heading">
|
<a id="notification_ticker" title="<%= translate(locale, "Subscriptions") %>" href="/feed/subscriptions" class="pure-menu-heading">
|
||||||
<% notification_count = env.get("user").as(User).notifications.size %>
|
<% notification_count = env.get("user").as(Invidious::User).notifications.size %>
|
||||||
<% if notification_count > 0 %>
|
<% if notification_count > 0 %>
|
||||||
<span id="notification_count"><%= notification_count %></span> <i class="icon ion-ios-notifications"></i>
|
<span id="notification_count"><%= notification_count %></span> <i class="icon ion-ios-notifications"></i>
|
||||||
<% else %>
|
<% else %>
|
||||||
|
@ -67,7 +67,7 @@
|
||||||
</div>
|
</div>
|
||||||
<% if env.get("preferences").as(Preferences).show_nick %>
|
<% if env.get("preferences").as(Preferences).show_nick %>
|
||||||
<div class="pure-u-1-4">
|
<div class="pure-u-1-4">
|
||||||
<span id="user_name"><%= env.get("user").as(User).email %></span>
|
<span id="user_name"><%= env.get("user").as(Invidious::User).email %></span>
|
||||||
</div>
|
</div>
|
||||||
<% end %>
|
<% end %>
|
||||||
<div class="pure-u-1-4">
|
<div class="pure-u-1-4">
|
||||||
|
|
|
@ -252,7 +252,7 @@
|
||||||
<% end %>
|
<% end %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<% if env.get?("user") && CONFIG.admins.includes? env.get?("user").as(User).email %>
|
<% if env.get?("user") && CONFIG.admins.includes? env.get?("user").as(Invidious::User).email %>
|
||||||
<legend><%= translate(locale, "preferences_category_admin") %></legend>
|
<legend><%= translate(locale, "preferences_category_admin") %></legend>
|
||||||
|
|
||||||
<div class="pure-control-group">
|
<div class="pure-control-group">
|
Loading…
Reference in a new issue