mirror of
				https://github.com/iv-org/invidious.git
				synced 2025-10-23 01:08:30 -05:00 
			
		
		
		
	Merge pull request #2871 from SamantazFox/user-code-cleaning
User code cleaning & fixing
This commit is contained in:
		
						commit
						85ba04b715
					
				| @ -25,9 +25,9 @@ def csv_sample | |||||||
|   CSV |   CSV | ||||||
| end | end | ||||||
| 
 | 
 | ||||||
| Spectator.describe "Invidious::User::Imports" do | Spectator.describe Invidious::User::Import do | ||||||
|   it "imports CSV" do |   it "imports CSV" do | ||||||
|     subscriptions = parse_subscription_export_csv(csv_sample) |     subscriptions = Invidious::User::Import.parse_subscription_export_csv(csv_sample) | ||||||
| 
 | 
 | ||||||
|     expect(subscriptions).to be_an(Array(String)) |     expect(subscriptions).to be_an(Array(String)) | ||||||
|     expect(subscriptions.size).to eq(13) |     expect(subscriptions.size).to eq(13) | ||||||
|  | |||||||
							
								
								
									
										333
									
								
								src/invidious.cr
									
									
									
									
									
								
							
							
						
						
									
										333
									
								
								src/invidious.cr
									
									
									
									
									
								
							| @ -43,7 +43,6 @@ ARCHIVE_URL     = URI.parse("https://archive.org") | |||||||
| LOGIN_URL   = URI.parse("https://accounts.google.com") | LOGIN_URL   = URI.parse("https://accounts.google.com") | ||||||
| PUBSUB_URL  = URI.parse("https://pubsubhubbub.appspot.com") | PUBSUB_URL  = URI.parse("https://pubsubhubbub.appspot.com") | ||||||
| REDDIT_URL  = URI.parse("https://www.reddit.com") | REDDIT_URL  = URI.parse("https://www.reddit.com") | ||||||
| TEXTCAPTCHA_URL = URI.parse("https://textcaptcha.com") |  | ||||||
| YT_URL      = URI.parse("https://www.youtube.com") | YT_URL      = URI.parse("https://www.youtube.com") | ||||||
| HOST_URL    = make_host_url(Kemal.config) | HOST_URL    = make_host_url(Kemal.config) | ||||||
| 
 | 
 | ||||||
| @ -366,15 +365,8 @@ end | |||||||
|   Invidious::Routing.get "/results", Invidious::Routes::Search, :results |   Invidious::Routing.get "/results", Invidious::Routes::Search, :results | ||||||
|   Invidious::Routing.get "/search", Invidious::Routes::Search, :search |   Invidious::Routing.get "/search", Invidious::Routes::Search, :search | ||||||
| 
 | 
 | ||||||
|   Invidious::Routing.get "/login", Invidious::Routes::Login, :login_page |   # User routes | ||||||
|   Invidious::Routing.post "/login", Invidious::Routes::Login, :login |   define_user_routes() | ||||||
|   Invidious::Routing.post "/signout", Invidious::Routes::Login, :signout |  | ||||||
| 
 |  | ||||||
|   Invidious::Routing.get "/preferences", Invidious::Routes::PreferencesRoute, :show |  | ||||||
|   Invidious::Routing.post "/preferences", Invidious::Routes::PreferencesRoute, :update |  | ||||||
|   Invidious::Routing.get "/toggle_theme", Invidious::Routes::PreferencesRoute, :toggle_theme |  | ||||||
|   Invidious::Routing.get "/data_control", Invidious::Routes::PreferencesRoute, :data_control |  | ||||||
|   Invidious::Routing.post "/data_control", Invidious::Routes::PreferencesRoute, :update_data_control |  | ||||||
| 
 | 
 | ||||||
|   # Feeds |   # Feeds | ||||||
|   Invidious::Routing.get "/view_all_playlists", Invidious::Routes::Feeds, :view_all_playlists_redirect |   Invidious::Routing.get "/view_all_playlists", Invidious::Routes::Feeds, :view_all_playlists_redirect | ||||||
| @ -414,325 +406,6 @@ define_v1_api_routes() | |||||||
| define_api_manifest_routes() | define_api_manifest_routes() | ||||||
| define_video_playback_routes() | define_video_playback_routes() | ||||||
| 
 | 
 | ||||||
| get "/change_password" do |env| |  | ||||||
|   locale = env.get("preferences").as(Preferences).locale |  | ||||||
| 
 |  | ||||||
|   user = env.get? "user" |  | ||||||
|   sid = env.get? "sid" |  | ||||||
|   referer = get_referer(env) |  | ||||||
| 
 |  | ||||||
|   if !user |  | ||||||
|     next env.redirect referer |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   user = user.as(User) |  | ||||||
|   sid = sid.as(String) |  | ||||||
|   csrf_token = generate_response(sid, {":change_password"}, HMAC_KEY) |  | ||||||
| 
 |  | ||||||
|   templated "change_password" |  | ||||||
| end |  | ||||||
| 
 |  | ||||||
| post "/change_password" do |env| |  | ||||||
|   locale = env.get("preferences").as(Preferences).locale |  | ||||||
| 
 |  | ||||||
|   user = env.get? "user" |  | ||||||
|   sid = env.get? "sid" |  | ||||||
|   referer = get_referer(env) |  | ||||||
| 
 |  | ||||||
|   if !user |  | ||||||
|     next env.redirect referer |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   user = user.as(User) |  | ||||||
|   sid = sid.as(String) |  | ||||||
|   token = env.params.body["csrf_token"]? |  | ||||||
| 
 |  | ||||||
|   # We don't store passwords for Google accounts |  | ||||||
|   if !user.password |  | ||||||
|     next error_template(400, "Cannot change password for Google accounts") |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   begin |  | ||||||
|     validate_request(token, sid, env.request, HMAC_KEY, locale) |  | ||||||
|   rescue ex |  | ||||||
|     next error_template(400, ex) |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   password = env.params.body["password"]? |  | ||||||
|   if !password |  | ||||||
|     next error_template(401, "Password is a required field") |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   new_passwords = env.params.body.select { |k, v| k.match(/^new_password\[\d+\]$/) }.map { |k, v| v } |  | ||||||
| 
 |  | ||||||
|   if new_passwords.size <= 1 || new_passwords.uniq.size != 1 |  | ||||||
|     next error_template(400, "New passwords must match") |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   new_password = new_passwords.uniq[0] |  | ||||||
|   if new_password.empty? |  | ||||||
|     next error_template(401, "Password cannot be empty") |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   if new_password.bytesize > 55 |  | ||||||
|     next error_template(400, "Password cannot be longer than 55 characters") |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   if !Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55)) |  | ||||||
|     next error_template(401, "Incorrect password") |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   new_password = Crypto::Bcrypt::Password.create(new_password, cost: 10) |  | ||||||
|   Invidious::Database::Users.update_password(user, new_password.to_s) |  | ||||||
| 
 |  | ||||||
|   env.redirect referer |  | ||||||
| end |  | ||||||
| 
 |  | ||||||
| get "/delete_account" do |env| |  | ||||||
|   locale = env.get("preferences").as(Preferences).locale |  | ||||||
| 
 |  | ||||||
|   user = env.get? "user" |  | ||||||
|   sid = env.get? "sid" |  | ||||||
|   referer = get_referer(env) |  | ||||||
| 
 |  | ||||||
|   if !user |  | ||||||
|     next env.redirect referer |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   user = user.as(User) |  | ||||||
|   sid = sid.as(String) |  | ||||||
|   csrf_token = generate_response(sid, {":delete_account"}, HMAC_KEY) |  | ||||||
| 
 |  | ||||||
|   templated "delete_account" |  | ||||||
| end |  | ||||||
| 
 |  | ||||||
| post "/delete_account" do |env| |  | ||||||
|   locale = env.get("preferences").as(Preferences).locale |  | ||||||
| 
 |  | ||||||
|   user = env.get? "user" |  | ||||||
|   sid = env.get? "sid" |  | ||||||
|   referer = get_referer(env) |  | ||||||
| 
 |  | ||||||
|   if !user |  | ||||||
|     next env.redirect referer |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   user = user.as(User) |  | ||||||
|   sid = sid.as(String) |  | ||||||
|   token = env.params.body["csrf_token"]? |  | ||||||
| 
 |  | ||||||
|   begin |  | ||||||
|     validate_request(token, sid, env.request, HMAC_KEY, locale) |  | ||||||
|   rescue ex |  | ||||||
|     next error_template(400, ex) |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   view_name = "subscriptions_#{sha256(user.email)}" |  | ||||||
|   Invidious::Database::Users.delete(user) |  | ||||||
|   Invidious::Database::SessionIDs.delete(email: user.email) |  | ||||||
|   PG_DB.exec("DROP MATERIALIZED VIEW #{view_name}") |  | ||||||
| 
 |  | ||||||
|   env.request.cookies.each do |cookie| |  | ||||||
|     cookie.expires = Time.utc(1990, 1, 1) |  | ||||||
|     env.response.cookies << cookie |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   env.redirect referer |  | ||||||
| end |  | ||||||
| 
 |  | ||||||
| get "/clear_watch_history" do |env| |  | ||||||
|   locale = env.get("preferences").as(Preferences).locale |  | ||||||
| 
 |  | ||||||
|   user = env.get? "user" |  | ||||||
|   sid = env.get? "sid" |  | ||||||
|   referer = get_referer(env) |  | ||||||
| 
 |  | ||||||
|   if !user |  | ||||||
|     next env.redirect referer |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   user = user.as(User) |  | ||||||
|   sid = sid.as(String) |  | ||||||
|   csrf_token = generate_response(sid, {":clear_watch_history"}, HMAC_KEY) |  | ||||||
| 
 |  | ||||||
|   templated "clear_watch_history" |  | ||||||
| end |  | ||||||
| 
 |  | ||||||
| post "/clear_watch_history" do |env| |  | ||||||
|   locale = env.get("preferences").as(Preferences).locale |  | ||||||
| 
 |  | ||||||
|   user = env.get? "user" |  | ||||||
|   sid = env.get? "sid" |  | ||||||
|   referer = get_referer(env) |  | ||||||
| 
 |  | ||||||
|   if !user |  | ||||||
|     next env.redirect referer |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   user = user.as(User) |  | ||||||
|   sid = sid.as(String) |  | ||||||
|   token = env.params.body["csrf_token"]? |  | ||||||
| 
 |  | ||||||
|   begin |  | ||||||
|     validate_request(token, sid, env.request, HMAC_KEY, locale) |  | ||||||
|   rescue ex |  | ||||||
|     next error_template(400, ex) |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   Invidious::Database::Users.clear_watch_history(user) |  | ||||||
|   env.redirect referer |  | ||||||
| end |  | ||||||
| 
 |  | ||||||
| get "/authorize_token" do |env| |  | ||||||
|   locale = env.get("preferences").as(Preferences).locale |  | ||||||
| 
 |  | ||||||
|   user = env.get? "user" |  | ||||||
|   sid = env.get? "sid" |  | ||||||
|   referer = get_referer(env) |  | ||||||
| 
 |  | ||||||
|   if !user |  | ||||||
|     next env.redirect referer |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   user = user.as(User) |  | ||||||
|   sid = sid.as(String) |  | ||||||
|   csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY) |  | ||||||
| 
 |  | ||||||
|   scopes = env.params.query["scopes"]?.try &.split(",") |  | ||||||
|   scopes ||= [] of String |  | ||||||
| 
 |  | ||||||
|   callback_url = env.params.query["callback_url"]? |  | ||||||
|   if callback_url |  | ||||||
|     callback_url = URI.parse(callback_url) |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   expire = env.params.query["expire"]?.try &.to_i? |  | ||||||
| 
 |  | ||||||
|   templated "authorize_token" |  | ||||||
| end |  | ||||||
| 
 |  | ||||||
| post "/authorize_token" do |env| |  | ||||||
|   locale = env.get("preferences").as(Preferences).locale |  | ||||||
| 
 |  | ||||||
|   user = env.get? "user" |  | ||||||
|   sid = env.get? "sid" |  | ||||||
|   referer = get_referer(env) |  | ||||||
| 
 |  | ||||||
|   if !user |  | ||||||
|     next env.redirect referer |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   user = env.get("user").as(User) |  | ||||||
|   sid = sid.as(String) |  | ||||||
|   token = env.params.body["csrf_token"]? |  | ||||||
| 
 |  | ||||||
|   begin |  | ||||||
|     validate_request(token, sid, env.request, HMAC_KEY, locale) |  | ||||||
|   rescue ex |  | ||||||
|     next error_template(400, ex) |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   scopes = env.params.body.select { |k, v| k.match(/^scopes\[\d+\]$/) }.map { |k, v| v } |  | ||||||
|   callback_url = env.params.body["callbackUrl"]? |  | ||||||
|   expire = env.params.body["expire"]?.try &.to_i? |  | ||||||
| 
 |  | ||||||
|   access_token = generate_token(user.email, scopes, expire, HMAC_KEY) |  | ||||||
| 
 |  | ||||||
|   if callback_url |  | ||||||
|     access_token = URI.encode_www_form(access_token) |  | ||||||
|     url = URI.parse(callback_url) |  | ||||||
| 
 |  | ||||||
|     if url.query |  | ||||||
|       query = HTTP::Params.parse(url.query.not_nil!) |  | ||||||
|     else |  | ||||||
|       query = HTTP::Params.new |  | ||||||
|     end |  | ||||||
| 
 |  | ||||||
|     query["token"] = access_token |  | ||||||
|     url.query = query.to_s |  | ||||||
| 
 |  | ||||||
|     env.redirect url.to_s |  | ||||||
|   else |  | ||||||
|     csrf_token = "" |  | ||||||
|     env.set "access_token", access_token |  | ||||||
|     templated "authorize_token" |  | ||||||
|   end |  | ||||||
| end |  | ||||||
| 
 |  | ||||||
| get "/token_manager" do |env| |  | ||||||
|   locale = env.get("preferences").as(Preferences).locale |  | ||||||
| 
 |  | ||||||
|   user = env.get? "user" |  | ||||||
|   sid = env.get? "sid" |  | ||||||
|   referer = get_referer(env, "/subscription_manager") |  | ||||||
| 
 |  | ||||||
|   if !user |  | ||||||
|     next env.redirect referer |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   user = user.as(User) |  | ||||||
|   tokens = Invidious::Database::SessionIDs.select_all(user.email) |  | ||||||
| 
 |  | ||||||
|   templated "token_manager" |  | ||||||
| end |  | ||||||
| 
 |  | ||||||
| post "/token_ajax" do |env| |  | ||||||
|   locale = env.get("preferences").as(Preferences).locale |  | ||||||
| 
 |  | ||||||
|   user = env.get? "user" |  | ||||||
|   sid = env.get? "sid" |  | ||||||
|   referer = get_referer(env) |  | ||||||
| 
 |  | ||||||
|   redirect = env.params.query["redirect"]? |  | ||||||
|   redirect ||= "true" |  | ||||||
|   redirect = redirect == "true" |  | ||||||
| 
 |  | ||||||
|   if !user |  | ||||||
|     if redirect |  | ||||||
|       next env.redirect referer |  | ||||||
|     else |  | ||||||
|       next error_json(403, "No such user") |  | ||||||
|     end |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   user = user.as(User) |  | ||||||
|   sid = sid.as(String) |  | ||||||
|   token = env.params.body["csrf_token"]? |  | ||||||
| 
 |  | ||||||
|   begin |  | ||||||
|     validate_request(token, sid, env.request, HMAC_KEY, locale) |  | ||||||
|   rescue ex |  | ||||||
|     if redirect |  | ||||||
|       next error_template(400, ex) |  | ||||||
|     else |  | ||||||
|       next error_json(400, ex) |  | ||||||
|     end |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   if env.params.query["action_revoke_token"]? |  | ||||||
|     action = "action_revoke_token" |  | ||||||
|   else |  | ||||||
|     next env.redirect referer |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   session = env.params.query["session"]? |  | ||||||
|   session ||= "" |  | ||||||
| 
 |  | ||||||
|   case action |  | ||||||
|   when .starts_with? "action_revoke_token" |  | ||||||
|     Invidious::Database::SessionIDs.delete(sid: session, email: user.email) |  | ||||||
|   else |  | ||||||
|     next error_json(400, "Unsupported action #{action}") |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   if redirect |  | ||||||
|     env.redirect referer |  | ||||||
|   else |  | ||||||
|     env.response.content_type = "application/json" |  | ||||||
|     "{}" |  | ||||||
|   end |  | ||||||
| end |  | ||||||
| 
 |  | ||||||
| # Channels | # Channels | ||||||
| 
 | 
 | ||||||
| {"/channel/:ucid/live", "/user/:user/live", "/c/:user/live"}.each do |route| | {"/channel/:ucid/live", "/user/:user/live", "/c/:user/live"}.each do |route| | ||||||
| @ -876,7 +549,7 @@ add_handler AuthHandler.new | |||||||
| add_handler DenyFrame.new | add_handler DenyFrame.new | ||||||
| add_context_storage_type(Array(String)) | add_context_storage_type(Array(String)) | ||||||
| add_context_storage_type(Preferences) | add_context_storage_type(Preferences) | ||||||
| add_context_storage_type(User) | add_context_storage_type(Invidious::User) | ||||||
| 
 | 
 | ||||||
| Kemal.config.logger = LOGGER | Kemal.config.logger = LOGGER | ||||||
| Kemal.config.host_binding = Kemal.config.host_binding != "0.0.0.0" ? Kemal.config.host_binding : CONFIG.host_binding | Kemal.config.host_binding = Kemal.config.host_binding != "0.0.0.0" ? Kemal.config.host_binding : CONFIG.host_binding | ||||||
|  | |||||||
							
								
								
									
										358
									
								
								src/invidious/routes/account.cr
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										358
									
								
								src/invidious/routes/account.cr
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,358 @@ | |||||||
|  | {% skip_file if flag?(:api_only) %} | ||||||
|  | 
 | ||||||
|  | module Invidious::Routes::Account | ||||||
|  |   extend self | ||||||
|  | 
 | ||||||
|  |   # ------------------- | ||||||
|  |   #  Password update | ||||||
|  |   # ------------------- | ||||||
|  | 
 | ||||||
|  |   # Show the password change interface (GET request) | ||||||
|  |   def get_change_password(env) | ||||||
|  |     locale = env.get("preferences").as(Preferences).locale | ||||||
|  | 
 | ||||||
|  |     user = env.get? "user" | ||||||
|  |     sid = env.get? "sid" | ||||||
|  |     referer = get_referer(env) | ||||||
|  | 
 | ||||||
|  |     if !user | ||||||
|  |       return env.redirect referer | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     user = user.as(User) | ||||||
|  |     sid = sid.as(String) | ||||||
|  |     csrf_token = generate_response(sid, {":change_password"}, HMAC_KEY) | ||||||
|  | 
 | ||||||
|  |     templated "user/change_password" | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   # Handle the password change (POST request) | ||||||
|  |   def post_change_password(env) | ||||||
|  |     locale = env.get("preferences").as(Preferences).locale | ||||||
|  | 
 | ||||||
|  |     user = env.get? "user" | ||||||
|  |     sid = env.get? "sid" | ||||||
|  |     referer = get_referer(env) | ||||||
|  | 
 | ||||||
|  |     if !user | ||||||
|  |       return env.redirect referer | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     user = user.as(User) | ||||||
|  |     sid = sid.as(String) | ||||||
|  |     token = env.params.body["csrf_token"]? | ||||||
|  | 
 | ||||||
|  |     # We don't store passwords for Google accounts | ||||||
|  |     if !user.password | ||||||
|  |       return error_template(400, "Cannot change password for Google accounts") | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     begin | ||||||
|  |       validate_request(token, sid, env.request, HMAC_KEY, locale) | ||||||
|  |     rescue ex | ||||||
|  |       return error_template(400, ex) | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     password = env.params.body["password"]? | ||||||
|  |     if !password | ||||||
|  |       return error_template(401, "Password is a required field") | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     new_passwords = env.params.body.select { |k, v| k.match(/^new_password\[\d+\]$/) }.map { |k, v| v } | ||||||
|  | 
 | ||||||
|  |     if new_passwords.size <= 1 || new_passwords.uniq.size != 1 | ||||||
|  |       return error_template(400, "New passwords must match") | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     new_password = new_passwords.uniq[0] | ||||||
|  |     if new_password.empty? | ||||||
|  |       return error_template(401, "Password cannot be empty") | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     if new_password.bytesize > 55 | ||||||
|  |       return error_template(400, "Password cannot be longer than 55 characters") | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     if !Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55)) | ||||||
|  |       return error_template(401, "Incorrect password") | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     new_password = Crypto::Bcrypt::Password.create(new_password, cost: 10) | ||||||
|  |     Invidious::Database::Users.update_password(user, new_password.to_s) | ||||||
|  | 
 | ||||||
|  |     env.redirect referer | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   # ------------------- | ||||||
|  |   #  Account deletion | ||||||
|  |   # ------------------- | ||||||
|  | 
 | ||||||
|  |   # Show the account deletion confirmation prompt (GET request) | ||||||
|  |   def get_delete(env) | ||||||
|  |     locale = env.get("preferences").as(Preferences).locale | ||||||
|  | 
 | ||||||
|  |     user = env.get? "user" | ||||||
|  |     sid = env.get? "sid" | ||||||
|  |     referer = get_referer(env) | ||||||
|  | 
 | ||||||
|  |     if !user | ||||||
|  |       return env.redirect referer | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     user = user.as(User) | ||||||
|  |     sid = sid.as(String) | ||||||
|  |     csrf_token = generate_response(sid, {":delete_account"}, HMAC_KEY) | ||||||
|  | 
 | ||||||
|  |     templated "user/delete_account" | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   # Handle the account deletion (POST request) | ||||||
|  |   def post_delete(env) | ||||||
|  |     locale = env.get("preferences").as(Preferences).locale | ||||||
|  | 
 | ||||||
|  |     user = env.get? "user" | ||||||
|  |     sid = env.get? "sid" | ||||||
|  |     referer = get_referer(env) | ||||||
|  | 
 | ||||||
|  |     if !user | ||||||
|  |       return env.redirect referer | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     user = user.as(User) | ||||||
|  |     sid = sid.as(String) | ||||||
|  |     token = env.params.body["csrf_token"]? | ||||||
|  | 
 | ||||||
|  |     begin | ||||||
|  |       validate_request(token, sid, env.request, HMAC_KEY, locale) | ||||||
|  |     rescue ex | ||||||
|  |       return error_template(400, ex) | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     view_name = "subscriptions_#{sha256(user.email)}" | ||||||
|  |     Invidious::Database::Users.delete(user) | ||||||
|  |     Invidious::Database::SessionIDs.delete(email: user.email) | ||||||
|  |     PG_DB.exec("DROP MATERIALIZED VIEW #{view_name}") | ||||||
|  | 
 | ||||||
|  |     env.request.cookies.each do |cookie| | ||||||
|  |       cookie.expires = Time.utc(1990, 1, 1) | ||||||
|  |       env.response.cookies << cookie | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     env.redirect referer | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   # ------------------- | ||||||
|  |   #  Clear history | ||||||
|  |   # ------------------- | ||||||
|  | 
 | ||||||
|  |   # Show the watch history deletion confirmation prompt (GET request) | ||||||
|  |   def get_clear_history(env) | ||||||
|  |     locale = env.get("preferences").as(Preferences).locale | ||||||
|  | 
 | ||||||
|  |     user = env.get? "user" | ||||||
|  |     sid = env.get? "sid" | ||||||
|  |     referer = get_referer(env) | ||||||
|  | 
 | ||||||
|  |     if !user | ||||||
|  |       return env.redirect referer | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     user = user.as(User) | ||||||
|  |     sid = sid.as(String) | ||||||
|  |     csrf_token = generate_response(sid, {":clear_watch_history"}, HMAC_KEY) | ||||||
|  | 
 | ||||||
|  |     templated "user/clear_watch_history" | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   # Handle the watch history clearing (POST request) | ||||||
|  |   def post_clear_history(env) | ||||||
|  |     locale = env.get("preferences").as(Preferences).locale | ||||||
|  | 
 | ||||||
|  |     user = env.get? "user" | ||||||
|  |     sid = env.get? "sid" | ||||||
|  |     referer = get_referer(env) | ||||||
|  | 
 | ||||||
|  |     if !user | ||||||
|  |       return env.redirect referer | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     user = user.as(User) | ||||||
|  |     sid = sid.as(String) | ||||||
|  |     token = env.params.body["csrf_token"]? | ||||||
|  | 
 | ||||||
|  |     begin | ||||||
|  |       validate_request(token, sid, env.request, HMAC_KEY, locale) | ||||||
|  |     rescue ex | ||||||
|  |       return error_template(400, ex) | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     Invidious::Database::Users.clear_watch_history(user) | ||||||
|  |     env.redirect referer | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   # ------------------- | ||||||
|  |   #  Authorize tokens | ||||||
|  |   # ------------------- | ||||||
|  | 
 | ||||||
|  |   # Show the "authorize token?" confirmation prompt (GET request) | ||||||
|  |   def get_authorize_token(env) | ||||||
|  |     locale = env.get("preferences").as(Preferences).locale | ||||||
|  | 
 | ||||||
|  |     user = env.get? "user" | ||||||
|  |     sid = env.get? "sid" | ||||||
|  |     referer = get_referer(env) | ||||||
|  | 
 | ||||||
|  |     if !user | ||||||
|  |       return env.redirect referer | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     user = user.as(User) | ||||||
|  |     sid = sid.as(String) | ||||||
|  |     csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY) | ||||||
|  | 
 | ||||||
|  |     scopes = env.params.query["scopes"]?.try &.split(",") | ||||||
|  |     scopes ||= [] of String | ||||||
|  | 
 | ||||||
|  |     callback_url = env.params.query["callback_url"]? | ||||||
|  |     if callback_url | ||||||
|  |       callback_url = URI.parse(callback_url) | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     expire = env.params.query["expire"]?.try &.to_i? | ||||||
|  | 
 | ||||||
|  |     templated "user/authorize_token" | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   # Handle token authorization (POST request) | ||||||
|  |   def post_authorize_token(env) | ||||||
|  |     locale = env.get("preferences").as(Preferences).locale | ||||||
|  | 
 | ||||||
|  |     user = env.get? "user" | ||||||
|  |     sid = env.get? "sid" | ||||||
|  |     referer = get_referer(env) | ||||||
|  | 
 | ||||||
|  |     if !user | ||||||
|  |       return env.redirect referer | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     user = env.get("user").as(User) | ||||||
|  |     sid = sid.as(String) | ||||||
|  |     token = env.params.body["csrf_token"]? | ||||||
|  | 
 | ||||||
|  |     begin | ||||||
|  |       validate_request(token, sid, env.request, HMAC_KEY, locale) | ||||||
|  |     rescue ex | ||||||
|  |       return error_template(400, ex) | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     scopes = env.params.body.select { |k, v| k.match(/^scopes\[\d+\]$/) }.map { |k, v| v } | ||||||
|  |     callback_url = env.params.body["callbackUrl"]? | ||||||
|  |     expire = env.params.body["expire"]?.try &.to_i? | ||||||
|  | 
 | ||||||
|  |     access_token = generate_token(user.email, scopes, expire, HMAC_KEY) | ||||||
|  | 
 | ||||||
|  |     if callback_url | ||||||
|  |       access_token = URI.encode_www_form(access_token) | ||||||
|  |       url = URI.parse(callback_url) | ||||||
|  | 
 | ||||||
|  |       if url.query | ||||||
|  |         query = HTTP::Params.parse(url.query.not_nil!) | ||||||
|  |       else | ||||||
|  |         query = HTTP::Params.new | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       query["token"] = access_token | ||||||
|  |       url.query = query.to_s | ||||||
|  | 
 | ||||||
|  |       env.redirect url.to_s | ||||||
|  |     else | ||||||
|  |       csrf_token = "" | ||||||
|  |       env.set "access_token", access_token | ||||||
|  |       templated "user/authorize_token" | ||||||
|  |     end | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   # ------------------- | ||||||
|  |   #  Manage tokens | ||||||
|  |   # ------------------- | ||||||
|  | 
 | ||||||
|  |   # Show the token manager page (GET request) | ||||||
|  |   def token_manager(env) | ||||||
|  |     locale = env.get("preferences").as(Preferences).locale | ||||||
|  | 
 | ||||||
|  |     user = env.get? "user" | ||||||
|  |     sid = env.get? "sid" | ||||||
|  |     referer = get_referer(env, "/subscription_manager") | ||||||
|  | 
 | ||||||
|  |     if !user | ||||||
|  |       return env.redirect referer | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     user = user.as(User) | ||||||
|  |     tokens = Invidious::Database::SessionIDs.select_all(user.email) | ||||||
|  | 
 | ||||||
|  |     templated "user/token_manager" | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|  |   # ------------------- | ||||||
|  |   #  AJAX for tokens | ||||||
|  |   # ------------------- | ||||||
|  | 
 | ||||||
|  |   # Handle internal (non-API) token actions (POST request) | ||||||
|  |   def token_ajax(env) | ||||||
|  |     locale = env.get("preferences").as(Preferences).locale | ||||||
|  | 
 | ||||||
|  |     user = env.get? "user" | ||||||
|  |     sid = env.get? "sid" | ||||||
|  |     referer = get_referer(env) | ||||||
|  | 
 | ||||||
|  |     redirect = env.params.query["redirect"]? | ||||||
|  |     redirect ||= "true" | ||||||
|  |     redirect = redirect == "true" | ||||||
|  | 
 | ||||||
|  |     if !user | ||||||
|  |       if redirect | ||||||
|  |         return env.redirect referer | ||||||
|  |       else | ||||||
|  |         return error_json(403, "No such user") | ||||||
|  |       end | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     user = user.as(User) | ||||||
|  |     sid = sid.as(String) | ||||||
|  |     token = env.params.body["csrf_token"]? | ||||||
|  | 
 | ||||||
|  |     begin | ||||||
|  |       validate_request(token, sid, env.request, HMAC_KEY, locale) | ||||||
|  |     rescue ex | ||||||
|  |       if redirect | ||||||
|  |         return error_template(400, ex) | ||||||
|  |       else | ||||||
|  |         return error_json(400, ex) | ||||||
|  |       end | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     if env.params.query["action_revoke_token"]? | ||||||
|  |       action = "action_revoke_token" | ||||||
|  |     else | ||||||
|  |       return env.redirect referer | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     session = env.params.query["session"]? | ||||||
|  |     session ||= "" | ||||||
|  | 
 | ||||||
|  |     case action | ||||||
|  |     when .starts_with? "action_revoke_token" | ||||||
|  |       Invidious::Database::SessionIDs.delete(sid: session, email: user.email) | ||||||
|  |     else | ||||||
|  |       return error_json(400, "Unsupported action #{action}") | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     if redirect | ||||||
|  |       return env.redirect referer | ||||||
|  |     else | ||||||
|  |       env.response.content_type = "application/json" | ||||||
|  |       return "{}" | ||||||
|  |     end | ||||||
|  |   end | ||||||
|  | end | ||||||
| @ -343,7 +343,7 @@ module Invidious::Routes::API::V1::Authenticated | |||||||
|       env.response.content_type = "text/html" |       env.response.content_type = "text/html" | ||||||
| 
 | 
 | ||||||
|       csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY, use_nonce: true) |       csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY, use_nonce: true) | ||||||
|       return templated "authorize_token" |       return templated "user/authorize_token" | ||||||
|     else |     else | ||||||
|       env.response.content_type = "application/json" |       env.response.content_type = "application/json" | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -27,7 +27,7 @@ module Invidious::Routes::Login | |||||||
|     tfa = env.params.query["tfa"]? |     tfa = env.params.query["tfa"]? | ||||||
|     prompt = nil |     prompt = nil | ||||||
| 
 | 
 | ||||||
|     templated "login" |     templated "user/login" | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|   def self.login(env) |   def self.login(env) | ||||||
| @ -133,7 +133,7 @@ module Invidious::Routes::Login | |||||||
|           tfa = tfa_code |           tfa = tfa_code | ||||||
|           captcha = {tokens: [token], question: ""} |           captcha = {tokens: [token], question: ""} | ||||||
| 
 | 
 | ||||||
|           return templated "login" |           return templated "user/login" | ||||||
|         end |         end | ||||||
| 
 | 
 | ||||||
|         if challenge_results[0][-1]?.try &.[5] == "INCORRECT_ANSWER_ENTERED" |         if challenge_results[0][-1]?.try &.[5] == "INCORRECT_ANSWER_ENTERED" | ||||||
| @ -190,7 +190,7 @@ module Invidious::Routes::Login | |||||||
| 
 | 
 | ||||||
|             tfa = nil |             tfa = nil | ||||||
|             captcha = nil |             captcha = nil | ||||||
|             return templated "login" |             return templated "user/login" | ||||||
|           end |           end | ||||||
| 
 | 
 | ||||||
|           tl = challenge_results[1][2] |           tl = challenge_results[1][2] | ||||||
| @ -282,18 +282,8 @@ module Invidious::Routes::Login | |||||||
| 
 | 
 | ||||||
|         host = URI.parse(env.request.headers["Host"]).host |         host = URI.parse(env.request.headers["Host"]).host | ||||||
| 
 | 
 | ||||||
|         if Kemal.config.ssl || CONFIG.https_only |  | ||||||
|           secure = true |  | ||||||
|         else |  | ||||||
|           secure = false |  | ||||||
|         end |  | ||||||
| 
 |  | ||||||
|         cookies.each do |cookie| |         cookies.each do |cookie| | ||||||
|           if Kemal.config.ssl || CONFIG.https_only |           cookie.secure = Invidious::User::Cookies::SECURE | ||||||
|             cookie.secure = secure |  | ||||||
|           else |  | ||||||
|             cookie.secure = secure |  | ||||||
|           end |  | ||||||
| 
 | 
 | ||||||
|           if cookie.extension |           if cookie.extension | ||||||
|             cookie.extension = cookie.extension.not_nil!.gsub(".youtube.com", host) |             cookie.extension = cookie.extension.not_nil!.gsub(".youtube.com", host) | ||||||
| @ -338,19 +328,7 @@ module Invidious::Routes::Login | |||||||
|           sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) |           sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) | ||||||
|           Invidious::Database::SessionIDs.insert(sid, email) |           Invidious::Database::SessionIDs.insert(sid, email) | ||||||
| 
 | 
 | ||||||
|           if Kemal.config.ssl || CONFIG.https_only |           env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid) | ||||||
|             secure = true |  | ||||||
|           else |  | ||||||
|             secure = false |  | ||||||
|           end |  | ||||||
| 
 |  | ||||||
|           if CONFIG.domain |  | ||||||
|             env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", domain: "#{CONFIG.domain}", value: sid, expires: Time.utc + 2.years, |  | ||||||
|               secure: secure, http_only: true) |  | ||||||
|           else |  | ||||||
|             env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.utc + 2.years, |  | ||||||
|               secure: secure, http_only: true) |  | ||||||
|           end |  | ||||||
|         else |         else | ||||||
|           return error_template(401, "Wrong username or password") |           return error_template(401, "Wrong username or password") | ||||||
|         end |         end | ||||||
| @ -393,12 +371,12 @@ module Invidious::Routes::Login | |||||||
|             prompt = "" |             prompt = "" | ||||||
| 
 | 
 | ||||||
|             if captcha_type == "image" |             if captcha_type == "image" | ||||||
|               captcha = generate_captcha(HMAC_KEY) |               captcha = Invidious::User::Captcha.generate_image(HMAC_KEY) | ||||||
|             else |             else | ||||||
|               captcha = generate_text_captcha(HMAC_KEY) |               captcha = Invidious::User::Captcha.generate_text(HMAC_KEY) | ||||||
|             end |             end | ||||||
| 
 | 
 | ||||||
|             return templated "login" |             return templated "user/login" | ||||||
|           end |           end | ||||||
| 
 | 
 | ||||||
|           tokens = env.params.body.select { |k, _| k.match(/^token\[\d+\]$/) }.map { |_, v| v } |           tokens = env.params.body.select { |k, _| k.match(/^token\[\d+\]$/) }.map { |_, v| v } | ||||||
| @ -455,19 +433,7 @@ module Invidious::Routes::Login | |||||||
|         view_name = "subscriptions_#{sha256(user.email)}" |         view_name = "subscriptions_#{sha256(user.email)}" | ||||||
|         PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}") |         PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}") | ||||||
| 
 | 
 | ||||||
|         if Kemal.config.ssl || CONFIG.https_only |         env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid) | ||||||
|           secure = true |  | ||||||
|         else |  | ||||||
|           secure = false |  | ||||||
|         end |  | ||||||
| 
 |  | ||||||
|         if CONFIG.domain |  | ||||||
|           env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", domain: "#{CONFIG.domain}", value: sid, expires: Time.utc + 2.years, |  | ||||||
|             secure: secure, http_only: true) |  | ||||||
|         else |  | ||||||
|           env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.utc + 2.years, |  | ||||||
|             secure: secure, http_only: true) |  | ||||||
|         end |  | ||||||
| 
 | 
 | ||||||
|         if env.request.cookies["PREFS"]? |         if env.request.cookies["PREFS"]? | ||||||
|           user.preferences = env.get("preferences").as(Preferences) |           user.preferences = env.get("preferences").as(Preferences) | ||||||
|  | |||||||
| @ -8,7 +8,7 @@ module Invidious::Routes::PreferencesRoute | |||||||
| 
 | 
 | ||||||
|     preferences = env.get("preferences").as(Preferences) |     preferences = env.get("preferences").as(Preferences) | ||||||
| 
 | 
 | ||||||
|     templated "preferences" |     templated "user/preferences" | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|   def self.update(env) |   def self.update(env) | ||||||
| @ -214,19 +214,7 @@ module Invidious::Routes::PreferencesRoute | |||||||
|         File.write("config/config.yml", CONFIG.to_yaml) |         File.write("config/config.yml", CONFIG.to_yaml) | ||||||
|       end |       end | ||||||
|     else |     else | ||||||
|       if Kemal.config.ssl || CONFIG.https_only |       env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences) | ||||||
|         secure = true |  | ||||||
|       else |  | ||||||
|         secure = false |  | ||||||
|       end |  | ||||||
| 
 |  | ||||||
|       if CONFIG.domain |  | ||||||
|         env.response.cookies["PREFS"] = HTTP::Cookie.new(name: "PREFS", domain: "#{CONFIG.domain}", value: URI.encode_www_form(preferences.to_json), expires: Time.utc + 2.years, |  | ||||||
|           secure: secure, http_only: true) |  | ||||||
|       else |  | ||||||
|         env.response.cookies["PREFS"] = HTTP::Cookie.new(name: "PREFS", value: URI.encode_www_form(preferences.to_json), expires: Time.utc + 2.years, |  | ||||||
|           secure: secure, http_only: true) |  | ||||||
|       end |  | ||||||
|     end |     end | ||||||
| 
 | 
 | ||||||
|     env.redirect referer |     env.redirect referer | ||||||
| @ -261,21 +249,7 @@ module Invidious::Routes::PreferencesRoute | |||||||
|         preferences.dark_mode = "dark" |         preferences.dark_mode = "dark" | ||||||
|       end |       end | ||||||
| 
 | 
 | ||||||
|       preferences = preferences.to_json |       env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences) | ||||||
| 
 |  | ||||||
|       if Kemal.config.ssl || CONFIG.https_only |  | ||||||
|         secure = true |  | ||||||
|       else |  | ||||||
|         secure = false |  | ||||||
|       end |  | ||||||
| 
 |  | ||||||
|       if CONFIG.domain |  | ||||||
|         env.response.cookies["PREFS"] = HTTP::Cookie.new(name: "PREFS", domain: "#{CONFIG.domain}", value: URI.encode_www_form(preferences), expires: Time.utc + 2.years, |  | ||||||
|           secure: secure, http_only: true) |  | ||||||
|       else |  | ||||||
|         env.response.cookies["PREFS"] = HTTP::Cookie.new(name: "PREFS", value: URI.encode_www_form(preferences), expires: Time.utc + 2.years, |  | ||||||
|           secure: secure, http_only: true) |  | ||||||
|       end |  | ||||||
|     end |     end | ||||||
| 
 | 
 | ||||||
|     if redirect |     if redirect | ||||||
| @ -298,7 +272,7 @@ module Invidious::Routes::PreferencesRoute | |||||||
| 
 | 
 | ||||||
|     user = user.as(User) |     user = user.as(User) | ||||||
| 
 | 
 | ||||||
|     templated "data_control" |     templated "user/data_control" | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|   def self.update_data_control(env) |   def self.update_data_control(env) | ||||||
| @ -321,149 +295,27 @@ module Invidious::Routes::PreferencesRoute | |||||||
|         # TODO: Unify into single import based on content-type |         # TODO: Unify into single import based on content-type | ||||||
|         case part.name |         case part.name | ||||||
|         when "import_invidious" |         when "import_invidious" | ||||||
|           body = JSON.parse(body) |           Invidious::User::Import.from_invidious(user, body) | ||||||
| 
 |  | ||||||
|           if body["subscriptions"]? |  | ||||||
|             user.subscriptions += body["subscriptions"].as_a.map(&.as_s) |  | ||||||
|             user.subscriptions.uniq! |  | ||||||
| 
 |  | ||||||
|             user.subscriptions = get_batch_channels(user.subscriptions) |  | ||||||
| 
 |  | ||||||
|             Invidious::Database::Users.update_subscriptions(user) |  | ||||||
|           end |  | ||||||
| 
 |  | ||||||
|           if body["watch_history"]? |  | ||||||
|             user.watched += body["watch_history"].as_a.map(&.as_s) |  | ||||||
|             user.watched.uniq! |  | ||||||
|             Invidious::Database::Users.update_watch_history(user) |  | ||||||
|           end |  | ||||||
| 
 |  | ||||||
|           if body["preferences"]? |  | ||||||
|             user.preferences = Preferences.from_json(body["preferences"].to_json) |  | ||||||
|             Invidious::Database::Users.update_preferences(user) |  | ||||||
|           end |  | ||||||
| 
 |  | ||||||
|           if playlists = body["playlists"]?.try &.as_a? |  | ||||||
|             playlists.each do |item| |  | ||||||
|               title = item["title"]?.try &.as_s?.try &.delete("<>") |  | ||||||
|               description = item["description"]?.try &.as_s?.try &.delete("\r") |  | ||||||
|               privacy = item["privacy"]?.try &.as_s?.try { |privacy| PlaylistPrivacy.parse? privacy } |  | ||||||
| 
 |  | ||||||
|               next if !title |  | ||||||
|               next if !description |  | ||||||
|               next if !privacy |  | ||||||
| 
 |  | ||||||
|               playlist = create_playlist(title, privacy, user) |  | ||||||
|               Invidious::Database::Playlists.update_description(playlist.id, description) |  | ||||||
| 
 |  | ||||||
|               videos = item["videos"]?.try &.as_a?.try &.each_with_index do |video_id, idx| |  | ||||||
|                 raise InfoException.new("Playlist cannot have more than 500 videos") if idx > 500 |  | ||||||
| 
 |  | ||||||
|                 video_id = video_id.try &.as_s? |  | ||||||
|                 next if !video_id |  | ||||||
| 
 |  | ||||||
|                 begin |  | ||||||
|                   video = get_video(video_id) |  | ||||||
|                 rescue ex |  | ||||||
|                   next |  | ||||||
|                 end |  | ||||||
| 
 |  | ||||||
|                 playlist_video = PlaylistVideo.new({ |  | ||||||
|                   title:          video.title, |  | ||||||
|                   id:             video.id, |  | ||||||
|                   author:         video.author, |  | ||||||
|                   ucid:           video.ucid, |  | ||||||
|                   length_seconds: video.length_seconds, |  | ||||||
|                   published:      video.published, |  | ||||||
|                   plid:           playlist.id, |  | ||||||
|                   live_now:       video.live_now, |  | ||||||
|                   index:          Random::Secure.rand(0_i64..Int64::MAX), |  | ||||||
|                 }) |  | ||||||
| 
 |  | ||||||
|                 Invidious::Database::PlaylistVideos.insert(playlist_video) |  | ||||||
|                 Invidious::Database::Playlists.update_video_added(playlist.id, playlist_video.index) |  | ||||||
|               end |  | ||||||
|             end |  | ||||||
|           end |  | ||||||
|         when "import_youtube" |         when "import_youtube" | ||||||
|           filename = part.filename || "" |           filename = part.filename || "" | ||||||
|           extension = filename.split(".").last |           success = Invidious::User::Import.from_youtube(user, body, filename, type) | ||||||
| 
 | 
 | ||||||
|           if extension == "xml" || type == "application/xml" || type == "text/xml" |           if !success | ||||||
|             subscriptions = XML.parse(body) |  | ||||||
|             user.subscriptions += subscriptions.xpath_nodes(%q(//outline[@type="rss"])).map do |channel| |  | ||||||
|               channel["xmlUrl"].match(/UC[a-zA-Z0-9_-]{22}/).not_nil![0] |  | ||||||
|             end |  | ||||||
|           elsif extension == "json" || type == "application/json" |  | ||||||
|             subscriptions = JSON.parse(body) |  | ||||||
|             user.subscriptions += subscriptions.as_a.compact_map do |entry| |  | ||||||
|               entry["snippet"]["resourceId"]["channelId"].as_s |  | ||||||
|             end |  | ||||||
|           elsif extension == "csv" || type == "text/csv" |  | ||||||
|             subscriptions = parse_subscription_export_csv(body) |  | ||||||
|             user.subscriptions += subscriptions |  | ||||||
|           else |  | ||||||
|             haltf(env, status_code: 415, |             haltf(env, status_code: 415, | ||||||
|               response: error_template(415, "Invalid subscription file uploaded") |               response: error_template(415, "Invalid subscription file uploaded") | ||||||
|             ) |             ) | ||||||
|           end |           end | ||||||
| 
 |  | ||||||
|           user.subscriptions.uniq! |  | ||||||
|           user.subscriptions = get_batch_channels(user.subscriptions) |  | ||||||
| 
 |  | ||||||
|           Invidious::Database::Users.update_subscriptions(user) |  | ||||||
|         when "import_freetube" |         when "import_freetube" | ||||||
|           user.subscriptions += body.scan(/"channelId":"(?<channel_id>[a-zA-Z0-9_-]{24})"/).map do |md| |           Invidious::User::Import.from_freetube(user, body) | ||||||
|             md["channel_id"] |  | ||||||
|           end |  | ||||||
|           user.subscriptions.uniq! |  | ||||||
| 
 |  | ||||||
|           user.subscriptions = get_batch_channels(user.subscriptions) |  | ||||||
| 
 |  | ||||||
|           Invidious::Database::Users.update_subscriptions(user) |  | ||||||
|         when "import_newpipe_subscriptions" |         when "import_newpipe_subscriptions" | ||||||
|           body = JSON.parse(body) |           Invidious::User::Import.from_newpipe_subs(user, body) | ||||||
|           user.subscriptions += body["subscriptions"].as_a.compact_map do |channel| |  | ||||||
|             if match = channel["url"].as_s.match(/\/channel\/(?<channel>UC[a-zA-Z0-9_-]{22})/) |  | ||||||
|               next match["channel"] |  | ||||||
|             elsif match = channel["url"].as_s.match(/\/user\/(?<user>.+)/) |  | ||||||
|               response = YT_POOL.client &.get("/user/#{match["user"]}?disable_polymer=1&hl=en&gl=US") |  | ||||||
|               html = XML.parse_html(response.body) |  | ||||||
|               ucid = html.xpath_node(%q(//link[@rel="canonical"])).try &.["href"].split("/")[-1] |  | ||||||
|               next ucid if ucid |  | ||||||
|             end |  | ||||||
| 
 |  | ||||||
|             nil |  | ||||||
|           end |  | ||||||
|           user.subscriptions.uniq! |  | ||||||
| 
 |  | ||||||
|           user.subscriptions = get_batch_channels(user.subscriptions) |  | ||||||
| 
 |  | ||||||
|           Invidious::Database::Users.update_subscriptions(user) |  | ||||||
|         when "import_newpipe" |         when "import_newpipe" | ||||||
|           Compress::Zip::Reader.open(IO::Memory.new(body)) do |file| |           success = Invidious::User::Import.from_newpipe(user, body) | ||||||
|             file.each_entry do |entry| |  | ||||||
|               if entry.filename == "newpipe.db" |  | ||||||
|                 tempfile = File.tempfile(".db") |  | ||||||
|                 File.write(tempfile.path, entry.io.gets_to_end) |  | ||||||
|                 db = DB.open("sqlite3://" + tempfile.path) |  | ||||||
| 
 | 
 | ||||||
|                 user.watched += db.query_all("SELECT url FROM streams", as: String).map(&.lchop("https://www.youtube.com/watch?v=")) |           if !success | ||||||
|                 user.watched.uniq! |             haltf(env, status_code: 415, | ||||||
| 
 |               response: error_template(415, "Uploaded file is too large") | ||||||
|                 Invidious::Database::Users.update_watch_history(user) |             ) | ||||||
| 
 |  | ||||||
|                 user.subscriptions += db.query_all("SELECT url FROM subscriptions", as: String).map(&.lchop("https://www.youtube.com/channel/")) |  | ||||||
|                 user.subscriptions.uniq! |  | ||||||
| 
 |  | ||||||
|                 user.subscriptions = get_batch_channels(user.subscriptions) |  | ||||||
| 
 |  | ||||||
|                 Invidious::Database::Users.update_subscriptions(user) |  | ||||||
| 
 |  | ||||||
|                 db.close |  | ||||||
|                 tempfile.delete |  | ||||||
|               end |  | ||||||
|             end |  | ||||||
|           end |           end | ||||||
|         else nil # Ignore |         else nil # Ignore | ||||||
|         end |         end | ||||||
|  | |||||||
| @ -163,6 +163,6 @@ module Invidious::Routes::Subscriptions | |||||||
|       end |       end | ||||||
|     end |     end | ||||||
| 
 | 
 | ||||||
|     templated "subscription_manager" |     templated "user/subscription_manager" | ||||||
|   end |   end | ||||||
| end | end | ||||||
|  | |||||||
| @ -10,6 +10,32 @@ module Invidious::Routing | |||||||
|   {% end %} |   {% end %} | ||||||
| end | end | ||||||
| 
 | 
 | ||||||
|  | macro define_user_routes | ||||||
|  |   # User login/out | ||||||
|  |   Invidious::Routing.get "/login", Invidious::Routes::Login, :login_page | ||||||
|  |   Invidious::Routing.post "/login", Invidious::Routes::Login, :login | ||||||
|  |   Invidious::Routing.post "/signout", Invidious::Routes::Login, :signout | ||||||
|  | 
 | ||||||
|  |   # User preferences | ||||||
|  |   Invidious::Routing.get "/preferences", Invidious::Routes::PreferencesRoute, :show | ||||||
|  |   Invidious::Routing.post "/preferences", Invidious::Routes::PreferencesRoute, :update | ||||||
|  |   Invidious::Routing.get "/toggle_theme", Invidious::Routes::PreferencesRoute, :toggle_theme | ||||||
|  |   Invidious::Routing.get "/data_control", Invidious::Routes::PreferencesRoute, :data_control | ||||||
|  |   Invidious::Routing.post "/data_control", Invidious::Routes::PreferencesRoute, :update_data_control | ||||||
|  | 
 | ||||||
|  |   # User account management | ||||||
|  |   Invidious::Routing.get "/change_password", Invidious::Routes::Account, :get_change_password | ||||||
|  |   Invidious::Routing.post "/change_password", Invidious::Routes::Account, :post_change_password | ||||||
|  |   Invidious::Routing.get "/delete_account", Invidious::Routes::Account, :get_delete | ||||||
|  |   Invidious::Routing.post "/delete_account", Invidious::Routes::Account, :post_delete | ||||||
|  |   Invidious::Routing.get "/clear_watch_history", Invidious::Routes::Account, :get_clear_history | ||||||
|  |   Invidious::Routing.post "/clear_watch_history", Invidious::Routes::Account, :post_clear_history | ||||||
|  |   Invidious::Routing.get "/authorize_token", Invidious::Routes::Account, :get_authorize_token | ||||||
|  |   Invidious::Routing.post "/authorize_token", Invidious::Routes::Account, :post_authorize_token | ||||||
|  |   Invidious::Routing.get "/token_manager", Invidious::Routes::Account, :token_manager | ||||||
|  |   Invidious::Routing.post "/token_ajax", Invidious::Routes::Account, :token_ajax | ||||||
|  | end | ||||||
|  | 
 | ||||||
| macro define_v1_api_routes | macro define_v1_api_routes | ||||||
|   {{namespace = Invidious::Routes::API::V1}} |   {{namespace = Invidious::Routes::API::V1}} | ||||||
|   # Videos |   # Videos | ||||||
|  | |||||||
| @ -176,7 +176,7 @@ end | |||||||
| 
 | 
 | ||||||
| def process_search_query(query, page, user, region) | def process_search_query(query, page, user, region) | ||||||
|   if user |   if user | ||||||
|     user = user.as(User) |     user = user.as(Invidious::User) | ||||||
|     view_name = "subscriptions_#{sha256(user.email)}" |     view_name = "subscriptions_#{sha256(user.email)}" | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|  | |||||||
							
								
								
									
										78
									
								
								src/invidious/user/captcha.cr
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										78
									
								
								src/invidious/user/captcha.cr
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,78 @@ | |||||||
|  | require "openssl/hmac" | ||||||
|  | 
 | ||||||
|  | struct Invidious::User | ||||||
|  |   module Captcha | ||||||
|  |     extend self | ||||||
|  | 
 | ||||||
|  |     private TEXTCAPTCHA_URL = URI.parse("https://textcaptcha.com") | ||||||
|  | 
 | ||||||
|  |     def generate_image(key) | ||||||
|  |       second = Random::Secure.rand(12) | ||||||
|  |       second_angle = second * 30 | ||||||
|  |       second = second * 5 | ||||||
|  | 
 | ||||||
|  |       minute = Random::Secure.rand(12) | ||||||
|  |       minute_angle = minute * 30 | ||||||
|  |       minute = minute * 5 | ||||||
|  | 
 | ||||||
|  |       hour = Random::Secure.rand(12) | ||||||
|  |       hour_angle = hour * 30 + minute_angle.to_f / 12 | ||||||
|  |       if hour == 0 | ||||||
|  |         hour = 12 | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       clock_svg = <<-END_SVG | ||||||
|  |       <svg viewBox="0 0 100 100" width="200px" height="200px"> | ||||||
|  |       <circle cx="50" cy="50" r="45" fill="#eee" stroke="black" stroke-width="2"></circle> | ||||||
|  | 
 | ||||||
|  |       <text x="69"     y="20.091" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 1</text> | ||||||
|  |       <text x="82.909" y="34"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 2</text> | ||||||
|  |       <text x="88"     y="53"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 3</text> | ||||||
|  |       <text x="82.909" y="72"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 4</text> | ||||||
|  |       <text x="69"     y="85.909" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 5</text> | ||||||
|  |       <text x="50"     y="91"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 6</text> | ||||||
|  |       <text x="31"     y="85.909" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 7</text> | ||||||
|  |       <text x="17.091" y="72"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 8</text> | ||||||
|  |       <text x="12"     y="53"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 9</text> | ||||||
|  |       <text x="17.091" y="34"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px">10</text> | ||||||
|  |       <text x="31"     y="20.091" text-anchor="middle" fill="black" font-family="Arial" font-size="10px">11</text> | ||||||
|  |       <text x="50"     y="15"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px">12</text> | ||||||
|  | 
 | ||||||
|  |       <circle cx="50" cy="50" r="3" fill="black"></circle> | ||||||
|  |       <line id="second" transform="rotate(#{second_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="12" fill="black" stroke="black" stroke-width="1"></line> | ||||||
|  |       <line id="minute" transform="rotate(#{minute_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="16" fill="black" stroke="black" stroke-width="2"></line> | ||||||
|  |       <line id="hour"   transform="rotate(#{hour_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="24" fill="black" stroke="black" stroke-width="2"></line> | ||||||
|  |       </svg> | ||||||
|  |       END_SVG | ||||||
|  | 
 | ||||||
|  |       image = "data:image/png;base64," | ||||||
|  |       image += Process.run(%(rsvg-convert -w 400 -h 400 -b none -f png), shell: true, | ||||||
|  |         input: IO::Memory.new(clock_svg), output: Process::Redirect::Pipe | ||||||
|  |       ) do |proc| | ||||||
|  |         Base64.strict_encode(proc.output.gets_to_end) | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       answer = "#{hour}:#{minute.to_s.rjust(2, '0')}:#{second.to_s.rjust(2, '0')}" | ||||||
|  |       answer = OpenSSL::HMAC.hexdigest(:sha256, key, answer) | ||||||
|  | 
 | ||||||
|  |       return { | ||||||
|  |         question: image, | ||||||
|  |         tokens:   {generate_response(answer, {":login"}, key, use_nonce: true)}, | ||||||
|  |       } | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     def generate_text(key) | ||||||
|  |       response = make_client(TEXTCAPTCHA_URL, &.get("/github.com/iv.org/invidious.json").body) | ||||||
|  |       response = JSON.parse(response) | ||||||
|  | 
 | ||||||
|  |       tokens = response["a"].as_a.map do |answer| | ||||||
|  |         generate_response(answer.as_s, {":login"}, key, use_nonce: true) | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       return { | ||||||
|  |         question: response["q"].as_s, | ||||||
|  |         tokens:   tokens, | ||||||
|  |       } | ||||||
|  |     end | ||||||
|  |   end | ||||||
|  | end | ||||||
							
								
								
									
										37
									
								
								src/invidious/user/cookies.cr
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										37
									
								
								src/invidious/user/cookies.cr
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,37 @@ | |||||||
|  | require "http/cookie" | ||||||
|  | 
 | ||||||
|  | struct Invidious::User | ||||||
|  |   module Cookies | ||||||
|  |     extend self | ||||||
|  | 
 | ||||||
|  |     # Note: we use ternary operator because the two variables | ||||||
|  |     # used in here are not booleans. | ||||||
|  |     SECURE = (Kemal.config.ssl || CONFIG.https_only) ? true : false | ||||||
|  | 
 | ||||||
|  |     # Session ID (SID) cookie | ||||||
|  |     # Parameter "domain" comes from the global config | ||||||
|  |     def sid(domain : String?, sid) : HTTP::Cookie | ||||||
|  |       return HTTP::Cookie.new( | ||||||
|  |         name: "SID", | ||||||
|  |         domain: domain, | ||||||
|  |         value: sid, | ||||||
|  |         expires: Time.utc + 2.years, | ||||||
|  |         secure: SECURE, | ||||||
|  |         http_only: true | ||||||
|  |       ) | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     # Preferences (PREFS) cookie | ||||||
|  |     # Parameter "domain" comes from the global config | ||||||
|  |     def prefs(domain : String?, preferences : Preferences) : HTTP::Cookie | ||||||
|  |       return HTTP::Cookie.new( | ||||||
|  |         name: "PREFS", | ||||||
|  |         domain: domain, | ||||||
|  |         value: URI.encode_www_form(preferences.to_json), | ||||||
|  |         expires: Time.utc + 2.years, | ||||||
|  |         secure: SECURE, | ||||||
|  |         http_only: true | ||||||
|  |       ) | ||||||
|  |     end | ||||||
|  |   end | ||||||
|  | end | ||||||
| @ -1,6 +1,11 @@ | |||||||
| require "csv" | require "csv" | ||||||
| 
 | 
 | ||||||
| def parse_subscription_export_csv(csv_content : String) | struct Invidious::User | ||||||
|  |   module Import | ||||||
|  |     extend self | ||||||
|  | 
 | ||||||
|  |     # Parse a youtube CSV subscription file | ||||||
|  |     def parse_subscription_export_csv(csv_content : String) | ||||||
|       rows = CSV.new(csv_content, headers: true) |       rows = CSV.new(csv_content, headers: true) | ||||||
|       subscriptions = Array(String).new |       subscriptions = Array(String).new | ||||||
| 
 | 
 | ||||||
| @ -19,9 +24,219 @@ def parse_subscription_export_csv(csv_content : String) | |||||||
|         channel_id = row[0].strip |         channel_id = row[0].strip | ||||||
| 
 | 
 | ||||||
|         next if channel_id.empty? |         next if channel_id.empty? | ||||||
| 
 |  | ||||||
|         subscriptions << channel_id |         subscriptions << channel_id | ||||||
|       end |       end | ||||||
| 
 | 
 | ||||||
|       return subscriptions |       return subscriptions | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     # ------------------- | ||||||
|  |     #  Invidious | ||||||
|  |     # ------------------- | ||||||
|  | 
 | ||||||
|  |     # Import from another invidious account | ||||||
|  |     def from_invidious(user : User, body : String) | ||||||
|  |       data = JSON.parse(body) | ||||||
|  | 
 | ||||||
|  |       if data["subscriptions"]? | ||||||
|  |         user.subscriptions += data["subscriptions"].as_a.map(&.as_s) | ||||||
|  |         user.subscriptions.uniq! | ||||||
|  |         user.subscriptions = get_batch_channels(user.subscriptions) | ||||||
|  | 
 | ||||||
|  |         Invidious::Database::Users.update_subscriptions(user) | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       if data["watch_history"]? | ||||||
|  |         user.watched += data["watch_history"].as_a.map(&.as_s) | ||||||
|  |         user.watched.uniq! | ||||||
|  |         Invidious::Database::Users.update_watch_history(user) | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       if data["preferences"]? | ||||||
|  |         user.preferences = Preferences.from_json(data["preferences"].to_json) | ||||||
|  |         Invidious::Database::Users.update_preferences(user) | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       if playlists = data["playlists"]?.try &.as_a? | ||||||
|  |         playlists.each do |item| | ||||||
|  |           title = item["title"]?.try &.as_s?.try &.delete("<>") | ||||||
|  |           description = item["description"]?.try &.as_s?.try &.delete("\r") | ||||||
|  |           privacy = item["privacy"]?.try &.as_s?.try { |privacy| PlaylistPrivacy.parse? privacy } | ||||||
|  | 
 | ||||||
|  |           next if !title | ||||||
|  |           next if !description | ||||||
|  |           next if !privacy | ||||||
|  | 
 | ||||||
|  |           playlist = create_playlist(title, privacy, user) | ||||||
|  |           Invidious::Database::Playlists.update_description(playlist.id, description) | ||||||
|  | 
 | ||||||
|  |           videos = item["videos"]?.try &.as_a?.try &.each_with_index do |video_id, idx| | ||||||
|  |             raise InfoException.new("Playlist cannot have more than 500 videos") if idx > 500 | ||||||
|  | 
 | ||||||
|  |             video_id = video_id.try &.as_s? | ||||||
|  |             next if !video_id | ||||||
|  | 
 | ||||||
|  |             begin | ||||||
|  |               video = get_video(video_id) | ||||||
|  |             rescue ex | ||||||
|  |               next | ||||||
|  |             end | ||||||
|  | 
 | ||||||
|  |             playlist_video = PlaylistVideo.new({ | ||||||
|  |               title:          video.title, | ||||||
|  |               id:             video.id, | ||||||
|  |               author:         video.author, | ||||||
|  |               ucid:           video.ucid, | ||||||
|  |               length_seconds: video.length_seconds, | ||||||
|  |               published:      video.published, | ||||||
|  |               plid:           playlist.id, | ||||||
|  |               live_now:       video.live_now, | ||||||
|  |               index:          Random::Secure.rand(0_i64..Int64::MAX), | ||||||
|  |             }) | ||||||
|  | 
 | ||||||
|  |             Invidious::Database::PlaylistVideos.insert(playlist_video) | ||||||
|  |             Invidious::Database::Playlists.update_video_added(playlist.id, playlist_video.index) | ||||||
|  |           end | ||||||
|  |         end | ||||||
|  |       end | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     # ------------------- | ||||||
|  |     #  Youtube | ||||||
|  |     # ------------------- | ||||||
|  | 
 | ||||||
|  |     private def is_opml?(mimetype : String, extension : String) | ||||||
|  |       opml_mimetypes = [ | ||||||
|  |         "application/xml", | ||||||
|  |         "text/xml", | ||||||
|  |         "text/x-opml", | ||||||
|  |         "text/x-opml+xml", | ||||||
|  |       ] | ||||||
|  | 
 | ||||||
|  |       opml_extensions = ["xml", "opml"] | ||||||
|  | 
 | ||||||
|  |       return opml_mimetypes.any?(&.== mimetype) || opml_extensions.any?(&.== extension) | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     # Import subscribed channels from Youtube | ||||||
|  |     # Returns success status | ||||||
|  |     def from_youtube(user : User, body : String, filename : String, type : String) : Bool | ||||||
|  |       extension = filename.split(".").last | ||||||
|  | 
 | ||||||
|  |       if is_opml?(type, extension) | ||||||
|  |         subscriptions = XML.parse(body) | ||||||
|  |         user.subscriptions += subscriptions.xpath_nodes(%q(//outline[@type="rss"])).map do |channel| | ||||||
|  |           channel["xmlUrl"].match(/UC[a-zA-Z0-9_-]{22}/).not_nil![0] | ||||||
|  |         end | ||||||
|  |       elsif extension == "json" || type == "application/json" | ||||||
|  |         subscriptions = JSON.parse(body) | ||||||
|  |         user.subscriptions += subscriptions.as_a.compact_map do |entry| | ||||||
|  |           entry["snippet"]["resourceId"]["channelId"].as_s | ||||||
|  |         end | ||||||
|  |       elsif extension == "csv" || type == "text/csv" | ||||||
|  |         subscriptions = parse_subscription_export_csv(body) | ||||||
|  |         user.subscriptions += subscriptions | ||||||
|  |       else | ||||||
|  |         return false | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       user.subscriptions.uniq! | ||||||
|  |       user.subscriptions = get_batch_channels(user.subscriptions) | ||||||
|  | 
 | ||||||
|  |       Invidious::Database::Users.update_subscriptions(user) | ||||||
|  |       return true | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     # ------------------- | ||||||
|  |     #  Freetube | ||||||
|  |     # ------------------- | ||||||
|  | 
 | ||||||
|  |     def from_freetube(user : User, body : String) | ||||||
|  |       # Legacy import? | ||||||
|  |       matches = body.scan(/"channelId":"(?<channel_id>[a-zA-Z0-9_-]{24})"/) | ||||||
|  |       subs = matches.map(&.["channel_id"]) | ||||||
|  | 
 | ||||||
|  |       if subs.empty? | ||||||
|  |         data = JSON.parse(body)["subscriptions"] | ||||||
|  |         subs = data.as_a.map(&.["id"].as_s) | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       user.subscriptions += subs | ||||||
|  |       user.subscriptions.uniq! | ||||||
|  |       user.subscriptions = get_batch_channels(user.subscriptions) | ||||||
|  | 
 | ||||||
|  |       Invidious::Database::Users.update_subscriptions(user) | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     # ------------------- | ||||||
|  |     #  Newpipe | ||||||
|  |     # ------------------- | ||||||
|  | 
 | ||||||
|  |     def from_newpipe_subs(user : User, body : String) | ||||||
|  |       data = JSON.parse(body) | ||||||
|  | 
 | ||||||
|  |       user.subscriptions += data["subscriptions"].as_a.compact_map do |channel| | ||||||
|  |         if match = channel["url"].as_s.match(/\/channel\/(?<channel>UC[a-zA-Z0-9_-]{22})/) | ||||||
|  |           next match["channel"] | ||||||
|  |         elsif match = channel["url"].as_s.match(/\/user\/(?<user>.+)/) | ||||||
|  |           # Resolve URL using the API | ||||||
|  |           resolved_url = YoutubeAPI.resolve_url("https://www.youtube.com/user/#{match["user"]}") | ||||||
|  |           ucid = resolved_url.dig?("endpoint", "browseEndpoint", "browseId") | ||||||
|  |           next ucid.as_s if ucid | ||||||
|  |         end | ||||||
|  | 
 | ||||||
|  |         nil | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       user.subscriptions.uniq! | ||||||
|  |       user.subscriptions = get_batch_channels(user.subscriptions) | ||||||
|  | 
 | ||||||
|  |       Invidious::Database::Users.update_subscriptions(user) | ||||||
|  |     end | ||||||
|  | 
 | ||||||
|  |     def from_newpipe(user : User, body : String) : Bool | ||||||
|  |       io = IO::Memory.new(body) | ||||||
|  | 
 | ||||||
|  |       Compress::Zip::File.open(io) do |file| | ||||||
|  |         file.entries.each do |entry| | ||||||
|  |           entry.open do |file_io| | ||||||
|  |             # Ensure max size of 4MB | ||||||
|  |             io_sized = IO::Sized.new(file_io, 0x400000) | ||||||
|  | 
 | ||||||
|  |             next if entry.filename != "newpipe.db" | ||||||
|  | 
 | ||||||
|  |             tempfile = File.tempfile(".db") | ||||||
|  | 
 | ||||||
|  |             begin | ||||||
|  |               File.write(tempfile.path, io_sized.gets_to_end) | ||||||
|  |             rescue | ||||||
|  |               return false | ||||||
|  |             end | ||||||
|  | 
 | ||||||
|  |             db = DB.open("sqlite3://" + tempfile.path) | ||||||
|  | 
 | ||||||
|  |             user.watched += db.query_all("SELECT url FROM streams", as: String) | ||||||
|  |               .map(&.lchop("https://www.youtube.com/watch?v=")) | ||||||
|  | 
 | ||||||
|  |             user.watched.uniq! | ||||||
|  |             Invidious::Database::Users.update_watch_history(user) | ||||||
|  | 
 | ||||||
|  |             user.subscriptions += db.query_all("SELECT url FROM subscriptions", as: String) | ||||||
|  |               .map(&.lchop("https://www.youtube.com/channel/")) | ||||||
|  | 
 | ||||||
|  |             user.subscriptions.uniq! | ||||||
|  |             user.subscriptions = get_batch_channels(user.subscriptions) | ||||||
|  | 
 | ||||||
|  |             Invidious::Database::Users.update_subscriptions(user) | ||||||
|  | 
 | ||||||
|  |             db.close | ||||||
|  |             tempfile.delete | ||||||
|  |           end | ||||||
|  |         end | ||||||
|  |       end | ||||||
|  | 
 | ||||||
|  |       # Success! | ||||||
|  |       return true | ||||||
|  |     end | ||||||
|  |   end # module | ||||||
| end | end | ||||||
|  | |||||||
							
								
								
									
										27
									
								
								src/invidious/user/user.cr
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								src/invidious/user/user.cr
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,27 @@ | |||||||
|  | require "db" | ||||||
|  | 
 | ||||||
|  | struct Invidious::User | ||||||
|  |   include DB::Serializable | ||||||
|  | 
 | ||||||
|  |   property updated : Time | ||||||
|  |   property notifications : Array(String) | ||||||
|  |   property subscriptions : Array(String) | ||||||
|  |   property email : String | ||||||
|  | 
 | ||||||
|  |   @[DB::Field(converter: Invidious::User::PreferencesConverter)] | ||||||
|  |   property preferences : Preferences | ||||||
|  |   property password : String? | ||||||
|  |   property token : String | ||||||
|  |   property watched : Array(String) | ||||||
|  |   property feed_needs_update : Bool? | ||||||
|  | 
 | ||||||
|  |   module PreferencesConverter | ||||||
|  |     def self.from_rs(rs) | ||||||
|  |       begin | ||||||
|  |         Preferences.from_json(rs.read(String)) | ||||||
|  |       rescue ex | ||||||
|  |         Preferences.from_json("{}") | ||||||
|  |       end | ||||||
|  |     end | ||||||
|  |   end | ||||||
|  | end | ||||||
| @ -3,32 +3,6 @@ require "crypto/bcrypt/password" | |||||||
| # Materialized views may not be defined using bound parameters (`$1` as used elsewhere) | # Materialized views may not be defined using bound parameters (`$1` as used elsewhere) | ||||||
| MATERIALIZED_VIEW_SQL = ->(email : String) { "SELECT cv.* FROM channel_videos cv WHERE EXISTS (SELECT subscriptions FROM users u WHERE cv.ucid = ANY (u.subscriptions) AND u.email = E'#{email.gsub({'\'' => "\\'", '\\' => "\\\\"})}') ORDER BY published DESC" } | MATERIALIZED_VIEW_SQL = ->(email : String) { "SELECT cv.* FROM channel_videos cv WHERE EXISTS (SELECT subscriptions FROM users u WHERE cv.ucid = ANY (u.subscriptions) AND u.email = E'#{email.gsub({'\'' => "\\'", '\\' => "\\\\"})}') ORDER BY published DESC" } | ||||||
| 
 | 
 | ||||||
| struct User |  | ||||||
|   include DB::Serializable |  | ||||||
| 
 |  | ||||||
|   property updated : Time |  | ||||||
|   property notifications : Array(String) |  | ||||||
|   property subscriptions : Array(String) |  | ||||||
|   property email : String |  | ||||||
| 
 |  | ||||||
|   @[DB::Field(converter: User::PreferencesConverter)] |  | ||||||
|   property preferences : Preferences |  | ||||||
|   property password : String? |  | ||||||
|   property token : String |  | ||||||
|   property watched : Array(String) |  | ||||||
|   property feed_needs_update : Bool? |  | ||||||
| 
 |  | ||||||
|   module PreferencesConverter |  | ||||||
|     def self.from_rs(rs) |  | ||||||
|       begin |  | ||||||
|         Preferences.from_json(rs.read(String)) |  | ||||||
|       rescue ex |  | ||||||
|         Preferences.from_json("{}") |  | ||||||
|       end |  | ||||||
|     end |  | ||||||
|   end |  | ||||||
| end |  | ||||||
| 
 |  | ||||||
| def get_user(sid, headers, refresh = true) | def get_user(sid, headers, refresh = true) | ||||||
|   if email = Invidious::Database::SessionIDs.select_email(sid) |   if email = Invidious::Database::SessionIDs.select_email(sid) | ||||||
|     user = Invidious::Database::Users.select!(email: email) |     user = Invidious::Database::Users.select!(email: email) | ||||||
| @ -84,7 +58,7 @@ def fetch_user(sid, headers) | |||||||
| 
 | 
 | ||||||
|   token = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) |   token = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) | ||||||
| 
 | 
 | ||||||
|   user = User.new({ |   user = Invidious::User.new({ | ||||||
|     updated:           Time.utc, |     updated:           Time.utc, | ||||||
|     notifications:     [] of String, |     notifications:     [] of String, | ||||||
|     subscriptions:     channels, |     subscriptions:     channels, | ||||||
| @ -102,7 +76,7 @@ def create_user(sid, email, password) | |||||||
|   password = Crypto::Bcrypt::Password.create(password, cost: 10) |   password = Crypto::Bcrypt::Password.create(password, cost: 10) | ||||||
|   token = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) |   token = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) | ||||||
| 
 | 
 | ||||||
|   user = User.new({ |   user = Invidious::User.new({ | ||||||
|     updated:           Time.utc, |     updated:           Time.utc, | ||||||
|     notifications:     [] of String, |     notifications:     [] of String, | ||||||
|     subscriptions:     [] of String, |     subscriptions:     [] of String, | ||||||
| @ -117,75 +91,6 @@ def create_user(sid, email, password) | |||||||
|   return user, sid |   return user, sid | ||||||
| end | end | ||||||
| 
 | 
 | ||||||
| def generate_captcha(key) |  | ||||||
|   second = Random::Secure.rand(12) |  | ||||||
|   second_angle = second * 30 |  | ||||||
|   second = second * 5 |  | ||||||
| 
 |  | ||||||
|   minute = Random::Secure.rand(12) |  | ||||||
|   minute_angle = minute * 30 |  | ||||||
|   minute = minute * 5 |  | ||||||
| 
 |  | ||||||
|   hour = Random::Secure.rand(12) |  | ||||||
|   hour_angle = hour * 30 + minute_angle.to_f / 12 |  | ||||||
|   if hour == 0 |  | ||||||
|     hour = 12 |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   clock_svg = <<-END_SVG |  | ||||||
|   <svg viewBox="0 0 100 100" width="200px" height="200px"> |  | ||||||
|   <circle cx="50" cy="50" r="45" fill="#eee" stroke="black" stroke-width="2"></circle> |  | ||||||
| 
 |  | ||||||
|   <text x="69"     y="20.091" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 1</text> |  | ||||||
|   <text x="82.909" y="34"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 2</text> |  | ||||||
|   <text x="88"     y="53"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 3</text> |  | ||||||
|   <text x="82.909" y="72"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 4</text> |  | ||||||
|   <text x="69"     y="85.909" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 5</text> |  | ||||||
|   <text x="50"     y="91"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 6</text> |  | ||||||
|   <text x="31"     y="85.909" text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 7</text> |  | ||||||
|   <text x="17.091" y="72"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 8</text> |  | ||||||
|   <text x="12"     y="53"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px"> 9</text> |  | ||||||
|   <text x="17.091" y="34"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px">10</text> |  | ||||||
|   <text x="31"     y="20.091" text-anchor="middle" fill="black" font-family="Arial" font-size="10px">11</text> |  | ||||||
|   <text x="50"     y="15"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px">12</text> |  | ||||||
| 
 |  | ||||||
|   <circle cx="50" cy="50" r="3" fill="black"></circle> |  | ||||||
|   <line id="second" transform="rotate(#{second_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="12" fill="black" stroke="black" stroke-width="1"></line> |  | ||||||
|   <line id="minute" transform="rotate(#{minute_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="16" fill="black" stroke="black" stroke-width="2"></line> |  | ||||||
|   <line id="hour"   transform="rotate(#{hour_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="24" fill="black" stroke="black" stroke-width="2"></line> |  | ||||||
|   </svg> |  | ||||||
|   END_SVG |  | ||||||
| 
 |  | ||||||
|   image = "data:image/png;base64," |  | ||||||
|   image += Process.run(%(rsvg-convert -w 400 -h 400 -b none -f png), shell: true, |  | ||||||
|     input: IO::Memory.new(clock_svg), output: Process::Redirect::Pipe |  | ||||||
|   ) do |proc| |  | ||||||
|     Base64.strict_encode(proc.output.gets_to_end) |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   answer = "#{hour}:#{minute.to_s.rjust(2, '0')}:#{second.to_s.rjust(2, '0')}" |  | ||||||
|   answer = OpenSSL::HMAC.hexdigest(:sha256, key, answer) |  | ||||||
| 
 |  | ||||||
|   return { |  | ||||||
|     question: image, |  | ||||||
|     tokens:   {generate_response(answer, {":login"}, key, use_nonce: true)}, |  | ||||||
|   } |  | ||||||
| end |  | ||||||
| 
 |  | ||||||
| def generate_text_captcha(key) |  | ||||||
|   response = make_client(TEXTCAPTCHA_URL, &.get("/github.com/iv.org/invidious.json").body) |  | ||||||
|   response = JSON.parse(response) |  | ||||||
| 
 |  | ||||||
|   tokens = response["a"].as_a.map do |answer| |  | ||||||
|     generate_response(answer.as_s, {":login"}, key, use_nonce: true) |  | ||||||
|   end |  | ||||||
| 
 |  | ||||||
|   return { |  | ||||||
|     question: response["q"].as_s, |  | ||||||
|     tokens:   tokens, |  | ||||||
|   } |  | ||||||
| end |  | ||||||
| 
 |  | ||||||
| def subscribe_ajax(channel_id, action, env_headers) | def subscribe_ajax(channel_id, action, env_headers) | ||||||
|   headers = HTTP::Headers.new |   headers = HTTP::Headers.new | ||||||
|   headers["Cookie"] = env_headers["Cookie"] |   headers["Cookie"] = env_headers["Cookie"] | ||||||
|  | |||||||
| @ -52,7 +52,7 @@ | |||||||
|                         </div> |                         </div> | ||||||
|                         <div class="pure-u-1-4"> |                         <div class="pure-u-1-4"> | ||||||
|                             <a id="notification_ticker" title="<%= translate(locale, "Subscriptions") %>" href="/feed/subscriptions" class="pure-menu-heading"> |                             <a id="notification_ticker" title="<%= translate(locale, "Subscriptions") %>" href="/feed/subscriptions" class="pure-menu-heading"> | ||||||
|                                 <% notification_count = env.get("user").as(User).notifications.size %> |                                 <% notification_count = env.get("user").as(Invidious::User).notifications.size %> | ||||||
|                                 <% if notification_count > 0 %> |                                 <% if notification_count > 0 %> | ||||||
|                                     <span id="notification_count"><%= notification_count %></span> <i class="icon ion-ios-notifications"></i> |                                     <span id="notification_count"><%= notification_count %></span> <i class="icon ion-ios-notifications"></i> | ||||||
|                                 <% else %> |                                 <% else %> | ||||||
| @ -67,7 +67,7 @@ | |||||||
|                         </div> |                         </div> | ||||||
|                         <% if env.get("preferences").as(Preferences).show_nick %> |                         <% if env.get("preferences").as(Preferences).show_nick %> | ||||||
|                             <div class="pure-u-1-4"> |                             <div class="pure-u-1-4"> | ||||||
|                                 <span id="user_name"><%= env.get("user").as(User).email %></span> |                                 <span id="user_name"><%= env.get("user").as(Invidious::User).email %></span> | ||||||
|                             </div> |                             </div> | ||||||
|                         <% end %> |                         <% end %> | ||||||
|                         <div class="pure-u-1-4"> |                         <div class="pure-u-1-4"> | ||||||
|  | |||||||
| @ -252,7 +252,7 @@ | |||||||
|                 <% end %> |                 <% end %> | ||||||
|             <% end %> |             <% end %> | ||||||
| 
 | 
 | ||||||
|             <% if env.get?("user") && CONFIG.admins.includes? env.get?("user").as(User).email %> |             <% if env.get?("user") && CONFIG.admins.includes? env.get?("user").as(Invidious::User).email %> | ||||||
|                 <legend><%= translate(locale, "preferences_category_admin") %></legend> |                 <legend><%= translate(locale, "preferences_category_admin") %></legend> | ||||||
| 
 | 
 | ||||||
|                 <div class="pure-control-group"> |                 <div class="pure-control-group"> | ||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user