diff --git a/config/config.example.yml b/config/config.example.yml index 5d76acc1..85fdd0cd 100644 --- a/config/config.example.yml +++ b/config/config.example.yml @@ -205,7 +205,6 @@ https_only: false # path: /tmp/invidious.sock # permissions: 777 - # ----------------------------- # Network (outbound) # ----------------------------- @@ -228,7 +227,6 @@ https_only: false ## #pool_size: 100 - ## ## Additional cookies to be sent when requesting the youtube API. ## @@ -263,7 +261,6 @@ https_only: false # host: # port: - ## ## Use Innertube's transcripts API instead of timedtext for closed captions ## @@ -344,7 +341,6 @@ https_only: false ## #statistics_enabled: false - # ----------------------------- # Users and accounts # ----------------------------- @@ -456,12 +452,25 @@ full_refresh: false ## feed_threads: 1 +## +## Setting to disable easy to abuse API endpoints that can +## be spammed and therefore blocking your Invidious instance. +## +## Useful for public instance maintainers. +## +## Notes: The following API endpoints will be disabled: +## - /api/v1/videos +## - /api/v1/clips +## - /api/v1/transcripts +## +## Accepted values: true, false +## Default: false +## +disable_abusable_api: false jobs: - ## Options for the database cleaning job clear_expired_items: - ## Enable/Disable job ## ## Accepted values: true, false @@ -471,7 +480,6 @@ jobs: ## Options for the channels updater job refresh_channels: - ## Enable/Disable job ## ## Accepted values: true, false @@ -481,7 +489,6 @@ jobs: ## Options for the RSS feeds updater job refresh_feeds: - ## Enable/Disable job ## ## Accepted values: true, false @@ -489,7 +496,6 @@ jobs: ## enable: true - # ----------------------------- # Miscellaneous # ----------------------------- @@ -688,7 +694,6 @@ default_user_preferences: ## #captions: ["", "", ""] - # ----------------------------- # Interface # ----------------------------- @@ -790,7 +795,6 @@ default_user_preferences: ## #related_videos: true - # ----------------------------- # Video player behavior # ----------------------------- @@ -854,7 +858,6 @@ default_user_preferences: ## #video_loop: false - # ----------------------------- # Video playback settings # ----------------------------- @@ -966,7 +969,6 @@ default_user_preferences: ## #sort: published - # ----------------------------- # Miscellaneous # ----------------------------- diff --git a/src/invidious.cr b/src/invidious.cr index d7c5b80b..09fbb624 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -217,6 +217,7 @@ end Kemal.config.powered_by_header = false add_handler FilteredCompressHandler.new add_handler APIHandler.new +add_handler DisableAbusableAPIHandler.new add_handler AuthHandler.new add_handler DenyFrame.new diff --git a/src/invidious/config.cr b/src/invidious/config.cr index af76bb8e..829b7755 100644 --- a/src/invidious/config.cr +++ b/src/invidious/config.cr @@ -183,6 +183,9 @@ class Config # Playlist length limit property playlist_length_limit : Int32 = 500 + # Disable easy to abuse API endpoints + property disable_abusable_api : Bool = false + def disabled?(option) case disabled = CONFIG.disable_proxy when Bool diff --git a/src/invidious/helpers/handlers.cr b/src/invidious/helpers/handlers.cr index 7c5ef118..8395c7a4 100644 --- a/src/invidious/helpers/handlers.cr +++ b/src/invidious/helpers/handlers.cr @@ -133,6 +133,26 @@ class APIHandler < Kemal::Handler end end +class DisableAbusableAPIHandler < Kemal::Handler + {% for method in %w(GET HEAD) %} + # This endpoints make a video request to Invidious companion. + {% for endpoint in %w(videos clips transcripts) %} + only ["/api/v1/{{ endpoint.id }}/:id"], {{ method }} + {% end %} + {% end %} + + def call(env) + return call_next env unless only_match?(env) && CONFIG.disable_abusable_api + + env.response.content_type = "application/json" + env.response.status_code = 403 + message = {"error" => "This API endpoint has been disabled by the administrator."}.to_json + env.response.print message + env.response.close + return + end +end + class DenyFrame < Kemal::Handler exclude ["/embed/*"]