diff --git a/src/invidious/helpers/utils.cr b/src/invidious/helpers/utils.cr index 1ac8ed09..f871bd50 100644 --- a/src/invidious/helpers/utils.cr +++ b/src/invidious/helpers/utils.cr @@ -1,5 +1,3 @@ -require "uri/params/serializable" - # See http://www.evanmiller.org/how-not-to-sort-by-average-rating.html def ci_lower_bound(pos, n) if n == 0 @@ -411,15 +409,20 @@ def invidious_companion_encrypt(data) end struct PrivateParams - include URI::Params::Serializable include JSON::Serializable property ip : String = "" - property pot : String = "" + property pot : String? = nil + + def initialize(@ip, @pot) + end end def encrypt_query_params(query_params : URI::Params) : String - private_params = PrivateParams.from_www_form(query_params.to_s).to_json + private_params = PrivateParams.new( + query_params["ip"], + query_params["pot"]?, + ).to_json encrypted_data = ecb_without_salt(private_params, CONFIG.hmac_key, :encrypt) return Base64.urlsafe_encode(encrypted_data) end diff --git a/src/invidious/http_server/utils.cr b/src/invidious/http_server/utils.cr index d4b90bb2..8bb54222 100644 --- a/src/invidious/http_server/utils.cr +++ b/src/invidious/http_server/utils.cr @@ -14,7 +14,7 @@ module Invidious::HttpServer params["enc"] = "true" params["data"] = encrypted_data params.delete("ip") - params.delete("pot") + params.delete("pot") if params.has_key?("pot") end params["host"] = url.host.not_nil! # Should never be nil, in theory params["region"] = region if !region.nil? diff --git a/src/invidious/routes/video_playback.cr b/src/invidious/routes/video_playback.cr index bf4d798f..80c14570 100644 --- a/src/invidious/routes/video_playback.cr +++ b/src/invidious/routes/video_playback.cr @@ -6,8 +6,10 @@ module Invidious::Routes::VideoPlayback if query_params["enc"]? == "true" decrypted_data = decrypt_query_params(query_params["data"]) - query_params["ip"] = decrypted_data.ip - query_params["pot"] = decrypted_data.pot + query_params.add("ip", decrypted_data.ip) + if pot = decrypted_data.pot + query_params.add("pot", pot) + end query_params.delete("enc") query_params.delete("data") end