Clean useless database arguments (2/5)

This commit is contained in:
Samantaz Fox 2021-12-06 22:28:16 +01:00
parent 9bad7e2940
commit c25d664edc
No known key found for this signature in database
GPG key ID: F42821059186176E
8 changed files with 46 additions and 46 deletions

View file

@ -256,7 +256,7 @@ before_all do |env|
":subscription_ajax", ":subscription_ajax",
":token_ajax", ":token_ajax",
":watch_ajax", ":watch_ajax",
}, HMAC_KEY, PG_DB, 1.week) }, HMAC_KEY, 1.week)
preferences = user.preferences preferences = user.preferences
env.set "preferences", preferences env.set "preferences", preferences
@ -270,7 +270,7 @@ before_all do |env|
headers["Cookie"] = env.request.headers["Cookie"] headers["Cookie"] = env.request.headers["Cookie"]
begin begin
user, sid = get_user(sid, headers, PG_DB, false) user, sid = get_user(sid, headers, false)
csrf_token = generate_response(sid, { csrf_token = generate_response(sid, {
":authorize_token", ":authorize_token",
":playlist_ajax", ":playlist_ajax",
@ -278,7 +278,7 @@ before_all do |env|
":subscription_ajax", ":subscription_ajax",
":token_ajax", ":token_ajax",
":watch_ajax", ":watch_ajax",
}, HMAC_KEY, PG_DB, 1.week) }, HMAC_KEY, 1.week)
preferences = user.preferences preferences = user.preferences
env.set "preferences", preferences env.set "preferences", preferences
@ -438,7 +438,7 @@ post "/watch_ajax" do |env|
end end
begin begin
validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) validate_request(token, sid, env.request, HMAC_KEY, locale)
rescue ex rescue ex
if redirect if redirect
next error_template(400, ex) next error_template(400, ex)
@ -575,7 +575,7 @@ post "/subscription_ajax" do |env|
token = env.params.body["csrf_token"]? token = env.params.body["csrf_token"]?
begin begin
validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) validate_request(token, sid, env.request, HMAC_KEY, locale)
rescue ex rescue ex
if redirect if redirect
next error_template(400, ex) next error_template(400, ex)
@ -639,7 +639,7 @@ get "/subscription_manager" do |env|
headers = HTTP::Headers.new headers = HTTP::Headers.new
headers["Cookie"] = env.request.headers["Cookie"] headers["Cookie"] = env.request.headers["Cookie"]
user, sid = get_user(sid, headers, PG_DB) user, sid = get_user(sid, headers)
end end
action_takeout = env.params.query["action_takeout"]?.try &.to_i? action_takeout = env.params.query["action_takeout"]?.try &.to_i?
@ -906,7 +906,7 @@ get "/change_password" do |env|
user = user.as(User) user = user.as(User)
sid = sid.as(String) sid = sid.as(String)
csrf_token = generate_response(sid, {":change_password"}, HMAC_KEY, PG_DB) csrf_token = generate_response(sid, {":change_password"}, HMAC_KEY)
templated "change_password" templated "change_password"
end end
@ -932,7 +932,7 @@ post "/change_password" do |env|
end end
begin begin
validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) validate_request(token, sid, env.request, HMAC_KEY, locale)
rescue ex rescue ex
next error_template(400, ex) next error_template(400, ex)
end end
@ -980,7 +980,7 @@ get "/delete_account" do |env|
user = user.as(User) user = user.as(User)
sid = sid.as(String) sid = sid.as(String)
csrf_token = generate_response(sid, {":delete_account"}, HMAC_KEY, PG_DB) csrf_token = generate_response(sid, {":delete_account"}, HMAC_KEY)
templated "delete_account" templated "delete_account"
end end
@ -1001,7 +1001,7 @@ post "/delete_account" do |env|
token = env.params.body["csrf_token"]? token = env.params.body["csrf_token"]?
begin begin
validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) validate_request(token, sid, env.request, HMAC_KEY, locale)
rescue ex rescue ex
next error_template(400, ex) next error_template(400, ex)
end end
@ -1032,7 +1032,7 @@ get "/clear_watch_history" do |env|
user = user.as(User) user = user.as(User)
sid = sid.as(String) sid = sid.as(String)
csrf_token = generate_response(sid, {":clear_watch_history"}, HMAC_KEY, PG_DB) csrf_token = generate_response(sid, {":clear_watch_history"}, HMAC_KEY)
templated "clear_watch_history" templated "clear_watch_history"
end end
@ -1053,7 +1053,7 @@ post "/clear_watch_history" do |env|
token = env.params.body["csrf_token"]? token = env.params.body["csrf_token"]?
begin begin
validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) validate_request(token, sid, env.request, HMAC_KEY, locale)
rescue ex rescue ex
next error_template(400, ex) next error_template(400, ex)
end end
@ -1075,7 +1075,7 @@ get "/authorize_token" do |env|
user = user.as(User) user = user.as(User)
sid = sid.as(String) sid = sid.as(String)
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY, PG_DB) csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY)
scopes = env.params.query["scopes"]?.try &.split(",") scopes = env.params.query["scopes"]?.try &.split(",")
scopes ||= [] of String scopes ||= [] of String
@ -1106,7 +1106,7 @@ post "/authorize_token" do |env|
token = env.params.body["csrf_token"]? token = env.params.body["csrf_token"]?
begin begin
validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) validate_request(token, sid, env.request, HMAC_KEY, locale)
rescue ex rescue ex
next error_template(400, ex) next error_template(400, ex)
end end
@ -1115,7 +1115,7 @@ post "/authorize_token" do |env|
callback_url = env.params.body["callbackUrl"]? callback_url = env.params.body["callbackUrl"]?
expire = env.params.body["expire"]?.try &.to_i? expire = env.params.body["expire"]?.try &.to_i?
access_token = generate_token(user.email, scopes, expire, HMAC_KEY, PG_DB) access_token = generate_token(user.email, scopes, expire, HMAC_KEY)
if callback_url if callback_url
access_token = URI.encode_www_form(access_token) access_token = URI.encode_www_form(access_token)
@ -1179,7 +1179,7 @@ post "/token_ajax" do |env|
token = env.params.body["csrf_token"]? token = env.params.body["csrf_token"]?
begin begin
validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) validate_request(token, sid, env.request, HMAC_KEY, locale)
rescue ex rescue ex
if redirect if redirect
next error_template(400, ex) next error_template(400, ex)

View file

@ -97,7 +97,7 @@ class AuthHandler < Kemal::Handler
if token = env.request.headers["Authorization"]? if token = env.request.headers["Authorization"]?
token = JSON.parse(URI.decode_www_form(token.lchop("Bearer "))) token = JSON.parse(URI.decode_www_form(token.lchop("Bearer ")))
session = URI.decode_www_form(token["session"].as_s) session = URI.decode_www_form(token["session"].as_s)
scopes, expire, signature = validate_request(token, session, env.request, HMAC_KEY, PG_DB, nil) scopes, expire, signature = validate_request(token, session, env.request, HMAC_KEY, nil)
if email = Invidious::Database::SessionIDs.select_email(session) if email = Invidious::Database::SessionIDs.select_email(session)
user = Invidious::Database::Users.select!(email: email) user = Invidious::Database::Users.select!(email: email)

View file

@ -1,6 +1,6 @@
require "crypto/subtle" require "crypto/subtle"
def generate_token(email, scopes, expire, key, db) def generate_token(email, scopes, expire, key)
session = "v1:#{Base64.urlsafe_encode(Random::Secure.random_bytes(32))}" session = "v1:#{Base64.urlsafe_encode(Random::Secure.random_bytes(32))}"
Invidious::Database::SessionIDs.insert(session, email) Invidious::Database::SessionIDs.insert(session, email)
@ -19,7 +19,7 @@ def generate_token(email, scopes, expire, key, db)
return token.to_json return token.to_json
end end
def generate_response(session, scopes, key, db, expire = 6.hours, use_nonce = false) def generate_response(session, scopes, key, expire = 6.hours, use_nonce = false)
expire = Time.utc + expire expire = Time.utc + expire
token = { token = {
@ -63,7 +63,7 @@ def sign_token(key, hash)
return Base64.urlsafe_encode(OpenSSL::HMAC.digest(:sha256, key, string_to_sign)).strip return Base64.urlsafe_encode(OpenSSL::HMAC.digest(:sha256, key, string_to_sign)).strip
end end
def validate_request(token, session, request, key, db, locale = nil) def validate_request(token, session, request, key, locale = nil)
case token case token
when String when String
token = JSON.parse(URI.decode_www_form(token)).as_h token = JSON.parse(URI.decode_www_form(token)).as_h

View file

@ -353,7 +353,7 @@ module Invidious::Routes::API::V1::Authenticated
if sid = env.get?("sid").try &.as(String) if sid = env.get?("sid").try &.as(String)
env.response.content_type = "text/html" env.response.content_type = "text/html"
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY, PG_DB, use_nonce: true) csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY, use_nonce: true)
return templated "authorize_token" return templated "authorize_token"
else else
env.response.content_type = "application/json" env.response.content_type = "application/json"
@ -367,7 +367,7 @@ module Invidious::Routes::API::V1::Authenticated
end end
end end
access_token = generate_token(user.email, authorized_scopes, expire, HMAC_KEY, PG_DB) access_token = generate_token(user.email, authorized_scopes, expire, HMAC_KEY)
if callback_url if callback_url
access_token = URI.encode_www_form(access_token) access_token = URI.encode_www_form(access_token)

View file

@ -84,7 +84,7 @@ module Invidious::Routes::Feeds
headers["Cookie"] = env.request.headers["Cookie"] headers["Cookie"] = env.request.headers["Cookie"]
if !user.password if !user.password
user, sid = get_user(sid, headers, PG_DB) user, sid = get_user(sid, headers)
end end
max_results = env.params.query["max_results"]?.try &.to_i?.try &.clamp(0, MAX_ITEMS_PER_PAGE) max_results = env.params.query["max_results"]?.try &.to_i?.try &.clamp(0, MAX_ITEMS_PER_PAGE)

View file

@ -275,7 +275,7 @@ module Invidious::Routes::Login
raise "Couldn't get SID." raise "Couldn't get SID."
end end
user, sid = get_user(sid, headers, PG_DB) user, sid = get_user(sid, headers)
# We are now logged in # We are now logged in
traceback << "done.<br/>" traceback << "done.<br/>"
@ -393,9 +393,9 @@ module Invidious::Routes::Login
prompt = "" prompt = ""
if captcha_type == "image" if captcha_type == "image"
captcha = generate_captcha(HMAC_KEY, PG_DB) captcha = generate_captcha(HMAC_KEY)
else else
captcha = generate_text_captcha(HMAC_KEY, PG_DB) captcha = generate_text_captcha(HMAC_KEY)
end end
return templated "login" return templated "login"
@ -412,7 +412,7 @@ module Invidious::Routes::Login
answer = OpenSSL::HMAC.hexdigest(:sha256, HMAC_KEY, answer) answer = OpenSSL::HMAC.hexdigest(:sha256, HMAC_KEY, answer)
begin begin
validate_request(tokens[0], answer, env.request, HMAC_KEY, PG_DB, locale) validate_request(tokens[0], answer, env.request, HMAC_KEY, locale)
rescue ex rescue ex
return error_template(400, ex) return error_template(400, ex)
end end
@ -427,7 +427,7 @@ module Invidious::Routes::Login
error_exception = Exception.new error_exception = Exception.new
tokens.each do |token| tokens.each do |token|
begin begin
validate_request(token, answer, env.request, HMAC_KEY, PG_DB, locale) validate_request(token, answer, env.request, HMAC_KEY, locale)
found_valid_captcha = true found_valid_captcha = true
rescue ex rescue ex
error_exception = ex error_exception = ex
@ -501,7 +501,7 @@ module Invidious::Routes::Login
token = env.params.body["csrf_token"]? token = env.params.body["csrf_token"]?
begin begin
validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) validate_request(token, sid, env.request, HMAC_KEY, locale)
rescue ex rescue ex
return error_template(400, ex) return error_template(400, ex)
end end

View file

@ -12,7 +12,7 @@ module Invidious::Routes::Playlists
user = user.as(User) user = user.as(User)
sid = sid.as(String) sid = sid.as(String)
csrf_token = generate_response(sid, {":create_playlist"}, HMAC_KEY, PG_DB) csrf_token = generate_response(sid, {":create_playlist"}, HMAC_KEY)
templated "create_playlist" templated "create_playlist"
end end
@ -31,7 +31,7 @@ module Invidious::Routes::Playlists
token = env.params.body["csrf_token"]? token = env.params.body["csrf_token"]?
begin begin
validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) validate_request(token, sid, env.request, HMAC_KEY, locale)
rescue ex rescue ex
return error_template(400, ex) return error_template(400, ex)
end end
@ -94,7 +94,7 @@ module Invidious::Routes::Playlists
return env.redirect referer return env.redirect referer
end end
csrf_token = generate_response(sid, {":delete_playlist"}, HMAC_KEY, PG_DB) csrf_token = generate_response(sid, {":delete_playlist"}, HMAC_KEY)
templated "delete_playlist" templated "delete_playlist"
end end
@ -116,7 +116,7 @@ module Invidious::Routes::Playlists
token = env.params.body["csrf_token"]? token = env.params.body["csrf_token"]?
begin begin
validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) validate_request(token, sid, env.request, HMAC_KEY, locale)
rescue ex rescue ex
return error_template(400, ex) return error_template(400, ex)
end end
@ -166,7 +166,7 @@ module Invidious::Routes::Playlists
videos = [] of PlaylistVideo videos = [] of PlaylistVideo
end end
csrf_token = generate_response(sid, {":edit_playlist"}, HMAC_KEY, PG_DB) csrf_token = generate_response(sid, {":edit_playlist"}, HMAC_KEY)
templated "edit_playlist" templated "edit_playlist"
end end
@ -188,7 +188,7 @@ module Invidious::Routes::Playlists
token = env.params.body["csrf_token"]? token = env.params.body["csrf_token"]?
begin begin
validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) validate_request(token, sid, env.request, HMAC_KEY, locale)
rescue ex rescue ex
return error_template(400, ex) return error_template(400, ex)
end end
@ -286,7 +286,7 @@ module Invidious::Routes::Playlists
token = env.params.body["csrf_token"]? token = env.params.body["csrf_token"]?
begin begin
validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) validate_request(token, sid, env.request, HMAC_KEY, locale)
rescue ex rescue ex
if redirect if redirect
return error_template(400, ex) return error_template(400, ex)

View file

@ -29,31 +29,31 @@ struct User
end end
end end
def get_user(sid, headers, db, refresh = true) def get_user(sid, headers, refresh = true)
if email = Invidious::Database::SessionIDs.select_email(sid) if email = Invidious::Database::SessionIDs.select_email(sid)
user = Invidious::Database::Users.select!(email: email) user = Invidious::Database::Users.select!(email: email)
if refresh && Time.utc - user.updated > 1.minute if refresh && Time.utc - user.updated > 1.minute
user, sid = fetch_user(sid, headers, db) user, sid = fetch_user(sid, headers)
Invidious::Database::Users.insert(user, update_on_conflict: true) Invidious::Database::Users.insert(user, update_on_conflict: true)
Invidious::Database::SessionIDs.insert(sid, user.email, handle_conflicts: true) Invidious::Database::SessionIDs.insert(sid, user.email, handle_conflicts: true)
begin begin
view_name = "subscriptions_#{sha256(user.email)}" view_name = "subscriptions_#{sha256(user.email)}"
db.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}") PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}")
rescue ex rescue ex
end end
end end
else else
user, sid = fetch_user(sid, headers, db) user, sid = fetch_user(sid, headers)
Invidious::Database::Users.insert(user, update_on_conflict: true) Invidious::Database::Users.insert(user, update_on_conflict: true)
Invidious::Database::SessionIDs.insert(sid, user.email, handle_conflicts: true) Invidious::Database::SessionIDs.insert(sid, user.email, handle_conflicts: true)
begin begin
view_name = "subscriptions_#{sha256(user.email)}" view_name = "subscriptions_#{sha256(user.email)}"
db.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}") PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}")
rescue ex rescue ex
end end
end end
@ -61,7 +61,7 @@ def get_user(sid, headers, db, refresh = true)
return user, sid return user, sid
end end
def fetch_user(sid, headers, db) def fetch_user(sid, headers)
feed = YT_POOL.client &.get("/subscription_manager?disable_polymer=1", headers) feed = YT_POOL.client &.get("/subscription_manager?disable_polymer=1", headers)
feed = XML.parse_html(feed.body) feed = XML.parse_html(feed.body)
@ -118,7 +118,7 @@ def create_user(sid, email, password)
return user, sid return user, sid
end end
def generate_captcha(key, db) def generate_captcha(key)
second = Random::Secure.rand(12) second = Random::Secure.rand(12)
second_angle = second * 30 second_angle = second * 30
second = second * 5 second = second * 5
@ -170,16 +170,16 @@ def generate_captcha(key, db)
return { return {
question: image, question: image,
tokens: {generate_response(answer, {":login"}, key, db, use_nonce: true)}, tokens: {generate_response(answer, {":login"}, key, use_nonce: true)},
} }
end end
def generate_text_captcha(key, db) def generate_text_captcha(key)
response = make_client(TEXTCAPTCHA_URL, &.get("/github.com/iv.org/invidious.json").body) response = make_client(TEXTCAPTCHA_URL, &.get("/github.com/iv.org/invidious.json").body)
response = JSON.parse(response) response = JSON.parse(response)
tokens = response["a"].as_a.map do |answer| tokens = response["a"].as_a.map do |answer|
generate_response(answer.as_s, {":login"}, key, db, use_nonce: true) generate_response(answer.as_s, {":login"}, key, use_nonce: true)
end end
return { return {