VeritableValor/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2026-05-18 14:11:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

Use request host for cookie domain

Browse Source
This commit is contained in:
diegog956 2026-05-11 14:04:17 -03:00
parent f914ce8040
commit 57c27a2d08
4 changed files with 70 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
spec/invidious/helpers_spec.cr
View File

@ -1,8 +1,36 @@
require "../spec_helper" require "../spec_helper"
CONFIG = Config.from_yaml(File.open("config/config.example.yml")) CONFIG = Config.from_yaml(File.open("config/config.example.yml"))
require "../../src/invidious/user/cookies"
Spectator.describe "Helper" do Spectator.describe "Helper" do
describe "Invidious::User::Cookies.domain_for_host" do
it "keeps the configured cookie domain for matching hosts" do
original_domain = CONFIG.domain
CONFIG.domain = "example.com"
begin
expect(Invidious::User::Cookies.domain_for_host("example.com")).to eq("example.com")
expect(Invidious::User::Cookies.domain_for_host("www.example.com:443")).to eq("example.com")
expect(Invidious::User::Cookies.domain_for_host("www.example.com, proxy")).to eq("example.com")
ensure
CONFIG.domain = original_domain
end
end
it "uses host-only cookies for unrelated hosts" do
original_domain = CONFIG.domain
CONFIG.domain = "example.com"
begin
expect(Invidious::User::Cookies.domain_for_host("example.onion")).to be_nil
expect(Invidious::User::Cookies.domain_for_host("example.com.evil.test")).to be_nil
ensure
CONFIG.domain = original_domain
end
end
end
describe "#produce_channel_search_continuation" do describe "#produce_channel_search_continuation" do
it "correctly produces token for searching a specific channel" do it "correctly produces token for searching a specific channel" do
expect(produce_channel_search_continuation("UCXuqSBlHAE6Xw-yeJA0Tunw", "", 100)).to eq("4qmFsgJqEhhVQ1h1cVNCbEhBRTZYdy15ZUpBMFR1bncaIEVnWnpaV0Z5WTJnd0FUZ0JZQUY2QkVkS2IxaTRBUUE9WgCaAilicm93c2UtZmVlZFVDWHVxU0JsSEFFNlh3LXllSkEwVHVud3NlYXJjaA%3D%3D") expect(produce_channel_search_continuation("UCXuqSBlHAE6Xw-yeJA0Tunw", "", 100)).to eq("4qmFsgJqEhhVQ1h1cVNCbEhBRTZYdy15ZUpBMFR1bncaIEVnWnpaV0Z5WTJnd0FUZ0JZQUY2QkVkS2IxaTRBUUE9WgCaAilicm93c2UtZmVlZFVDWHVxU0JsSEFFNlh3LXllSkEwVHVud3NlYXJjaA%3D%3D")

6
src/invidious/routes/login.cr
View File

@ -57,7 +57,8 @@ module Invidious::Routes::Login
sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
Invidious::Database::SessionIDs.insert(sid, email) Invidious::Database::SessionIDs.insert(sid, email)
env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid) cookie_domain = Invidious::User::Cookies.domain_for_request(env)
env.response.cookies["SID"] = Invidious::User::Cookies.sid(cookie_domain, sid)
else else
return error_template(401, "Wrong username or password") return error_template(401, "Wrong username or password")
end end
@ -123,7 +124,8 @@ module Invidious::Routes::Login
view_name = "subscriptions_#{sha256(user.email)}" view_name = "subscriptions_#{sha256(user.email)}"
PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}") PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}")
env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid) cookie_domain = Invidious::User::Cookies.domain_for_request(env)
env.response.cookies["SID"] = Invidious::User::Cookies.sid(cookie_domain, sid)
if env.request.cookies["PREFS"]? if env.request.cookies["PREFS"]?
user.preferences = env.get("preferences").as(Preferences) user.preferences = env.get("preferences").as(Preferences)

6
src/invidious/routes/preferences.cr
View File

@ -226,7 +226,8 @@ module Invidious::Routes::PreferencesRoute
File.write("config/config.yml", CONFIG.to_yaml) File.write("config/config.yml", CONFIG.to_yaml)
end end
else else
env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences) cookie_domain = Invidious::User::Cookies.domain_for_request(env)
env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(cookie_domain, preferences)
end end
env.redirect referer env.redirect referer
@ -261,7 +262,8 @@ module Invidious::Routes::PreferencesRoute
preferences.dark_mode = "dark" preferences.dark_mode = "dark"
end end
env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences) cookie_domain = Invidious::User::Cookies.domain_for_request(env)
env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(cookie_domain, preferences)
end end
if redirect if redirect

34
src/invidious/user/cookies.cr
View File

@ -8,6 +8,40 @@ struct Invidious::User
# used in here are not booleans. # used in here are not booleans.
SECURE = (Kemal.config.ssl || CONFIG.https_only) ? true : false SECURE = (Kemal.config.ssl || CONFIG.https_only) ? true : false
def domain_for_request(env) : String?
return domain_for_host(env.request.headers["X-Forwarded-Host"]? || env.request.headers["Host"]?)
end
def domain_for_host(request_host : String?) : String?
configured_domain = CONFIG.domain
return nil if configured_domain.nil?
return configured_domain if request_host.nil? || request_host.empty?
normalized_config = configured_domain.lchop(".").rchop(".").downcase
normalized_host = normalize_host(request_host)
if normalized_host == normalized_config || normalized_host.ends_with?(".#{normalized_config}")
return configured_domain
end
return nil
end
private def normalize_host(request_host : String) : String
host = request_host.split(",").first.strip.downcase
if host.starts_with?("[")
if bracket_index = host.index(']')
host = host[1, bracket_index - 1]
end
elsif colon_index = host.index(':')
host = host[0, colon_index]
end
return host.rchop(".")
end
# Session ID (SID) cookie # Session ID (SID) cookie
# Parameter "domain" comes from the global config # Parameter "domain" comes from the global config
def sid(domain : String?, sid) : HTTP::Cookie def sid(domain : String?, sid) : HTTP::Cookie