|
|
@ -14,8 +14,10 @@
|
|
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
require "crypto/bcrypt/password"
|
|
|
|
require "detect_language"
|
|
|
|
require "detect_language"
|
|
|
|
require "kemal"
|
|
|
|
require "kemal"
|
|
|
|
|
|
|
|
require "openssl/hmac"
|
|
|
|
require "option_parser"
|
|
|
|
require "option_parser"
|
|
|
|
require "pg"
|
|
|
|
require "pg"
|
|
|
|
require "xml"
|
|
|
|
require "xml"
|
|
|
@ -23,6 +25,7 @@ require "yaml"
|
|
|
|
require "./invidious/*"
|
|
|
|
require "./invidious/*"
|
|
|
|
|
|
|
|
|
|
|
|
CONFIG = Config.from_yaml(File.read("config/config.yml"))
|
|
|
|
CONFIG = Config.from_yaml(File.read("config/config.yml"))
|
|
|
|
|
|
|
|
HMAC_KEY = Random::Secure.random_bytes(32)
|
|
|
|
|
|
|
|
|
|
|
|
crawl_threads = CONFIG.crawl_threads
|
|
|
|
crawl_threads = CONFIG.crawl_threads
|
|
|
|
channel_threads = CONFIG.channel_threads
|
|
|
|
channel_threads = CONFIG.channel_threads
|
|
|
@ -233,6 +236,14 @@ before_all do |env|
|
|
|
|
|
|
|
|
|
|
|
|
sid = env.request.cookies["SID"].value
|
|
|
|
sid = env.request.cookies["SID"].value
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Invidious users only have SID
|
|
|
|
|
|
|
|
if !env.request.cookies.has_key? "SSID"
|
|
|
|
|
|
|
|
user = PG_DB.query_one?("SELECT * FROM users WHERE id = $1", sid, as: User)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if user
|
|
|
|
|
|
|
|
env.set "user", user
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
else
|
|
|
|
begin
|
|
|
|
begin
|
|
|
|
client = make_client(YT_URL)
|
|
|
|
client = make_client(YT_URL)
|
|
|
|
user = get_user(sid, client, headers, PG_DB, false)
|
|
|
|
user = get_user(sid, client, headers, PG_DB, false)
|
|
|
@ -242,6 +253,7 @@ before_all do |env|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
get "/" do |env|
|
|
|
|
get "/" do |env|
|
|
|
|
templated "index"
|
|
|
|
templated "index"
|
|
|
@ -514,9 +526,21 @@ get "/search" do |env|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
get "/login" do |env|
|
|
|
|
get "/login" do |env|
|
|
|
|
|
|
|
|
user = env.get? "user"
|
|
|
|
|
|
|
|
if user
|
|
|
|
|
|
|
|
next env.redirect "/feed/subscriptions"
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
referer = env.request.headers["referer"]?
|
|
|
|
referer = env.request.headers["referer"]?
|
|
|
|
referer ||= "/feed/subscriptions"
|
|
|
|
referer ||= "/feed/subscriptions"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
account_type = env.params.query["type"]?
|
|
|
|
|
|
|
|
account_type ||= "google"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if account_type == "invidious"
|
|
|
|
|
|
|
|
captcha = generate_captcha(HMAC_KEY)
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
tfa = env.params.query["tfa"]?
|
|
|
|
tfa = env.params.query["tfa"]?
|
|
|
|
tfa ||= false
|
|
|
|
tfa ||= false
|
|
|
|
|
|
|
|
|
|
|
@ -538,6 +562,11 @@ post "/login" do |env|
|
|
|
|
|
|
|
|
|
|
|
|
email = env.params.body["email"]?
|
|
|
|
email = env.params.body["email"]?
|
|
|
|
password = env.params.body["password"]?
|
|
|
|
password = env.params.body["password"]?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
account_type = env.params.query["type"]?
|
|
|
|
|
|
|
|
account_type ||= "google"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if account_type == "google"
|
|
|
|
tfa_code = env.params.body["tfa"]?.try &.lchop("G-")
|
|
|
|
tfa_code = env.params.body["tfa"]?.try &.lchop("G-")
|
|
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
begin
|
|
|
@ -680,6 +709,90 @@ post "/login" do |env|
|
|
|
|
error_message = "Login failed. This may be because two-factor authentication is not enabled on your account."
|
|
|
|
error_message = "Login failed. This may be because two-factor authentication is not enabled on your account."
|
|
|
|
next templated "error"
|
|
|
|
next templated "error"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
elsif account_type == "invidious"
|
|
|
|
|
|
|
|
challenge_response = env.params.body["challenge_response"]?
|
|
|
|
|
|
|
|
token = env.params.body["token"]?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
action = env.params.body["action"]?
|
|
|
|
|
|
|
|
action ||= "signin"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if !email
|
|
|
|
|
|
|
|
error_message = "User ID is a required field"
|
|
|
|
|
|
|
|
next templated "error"
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if !password
|
|
|
|
|
|
|
|
error_message = "Password is a required field"
|
|
|
|
|
|
|
|
next templated "error"
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if !challenge_response || !token
|
|
|
|
|
|
|
|
error_message = "CAPTCHA is a required field"
|
|
|
|
|
|
|
|
next templated "error"
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
challenge_response = challenge_response.lstrip('0')
|
|
|
|
|
|
|
|
if OpenSSL::HMAC.digest(:sha256, HMAC_KEY, challenge_response) == Base64.decode(token)
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
error_message = "Invalid CAPTCHA response"
|
|
|
|
|
|
|
|
next templated "error"
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if action == "signin"
|
|
|
|
|
|
|
|
user = PG_DB.query_one?("SELECT * FROM users WHERE email = $1 AND password IS NOT NULL", email, as: User)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if !user
|
|
|
|
|
|
|
|
error_message = "Cannot find user with ID #{email}."
|
|
|
|
|
|
|
|
next templated "error"
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if !user.password
|
|
|
|
|
|
|
|
error_message = "Account appears to be a Google account."
|
|
|
|
|
|
|
|
next templated "error"
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if Crypto::Bcrypt::Password.new(user.password.not_nil!) == password
|
|
|
|
|
|
|
|
sid = Base64.encode(Random::Secure.random_bytes(50))
|
|
|
|
|
|
|
|
PG_DB.exec("UPDATE users SET id = $1 WHERE email = $2", sid, email)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if Kemal.config.ssl
|
|
|
|
|
|
|
|
secure = true
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
secure = false
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.now + 2.years, secure: secure, http_only: true)
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
error_message = "Invalid password"
|
|
|
|
|
|
|
|
next templated "error"
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
elsif action == "register"
|
|
|
|
|
|
|
|
user = PG_DB.query_one?("SELECT * FROM users WHERE email = $1 AND password IS NOT NULL", email, as: User)
|
|
|
|
|
|
|
|
if user
|
|
|
|
|
|
|
|
error_message = "User already exists, please sign in"
|
|
|
|
|
|
|
|
next templated "error"
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sid = Base64.encode(Random::Secure.random_bytes(50))
|
|
|
|
|
|
|
|
user = create_user(sid, email, password)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
user_array = user.to_a
|
|
|
|
|
|
|
|
user_array[5] = user_array[5].to_json
|
|
|
|
|
|
|
|
args = arg_array(user_array)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
PG_DB.exec("INSERT INTO users VALUES (#{args})", user_array)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if Kemal.config.ssl
|
|
|
|
|
|
|
|
secure = true
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
secure = false
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.now + 2.years, secure: secure, http_only: true)
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
env.redirect referer
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
get "/signout" do |env|
|
|
|
|
get "/signout" do |env|
|
|
|
@ -782,8 +895,10 @@ get "/feed/subscriptions" do |env|
|
|
|
|
headers = HTTP::Headers.new
|
|
|
|
headers = HTTP::Headers.new
|
|
|
|
headers["Cookie"] = env.request.headers["Cookie"]
|
|
|
|
headers["Cookie"] = env.request.headers["Cookie"]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if !user.password
|
|
|
|
client = make_client(YT_URL)
|
|
|
|
client = make_client(YT_URL)
|
|
|
|
user = get_user(user.id, client, headers, PG_DB)
|
|
|
|
user = get_user(user.id, client, headers, PG_DB)
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
max_results = preferences.max_results
|
|
|
|
max_results = preferences.max_results
|
|
|
|
max_results ||= env.params.query["maxResults"]?.try &.to_i
|
|
|
|
max_results ||= env.params.query["maxResults"]?.try &.to_i
|
|
|
@ -903,15 +1018,15 @@ get "/subscription_manager" do |env|
|
|
|
|
|
|
|
|
|
|
|
|
user = user.as(User)
|
|
|
|
user = user.as(User)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if !user.password
|
|
|
|
# Refresh account
|
|
|
|
# Refresh account
|
|
|
|
headers = HTTP::Headers.new
|
|
|
|
headers = HTTP::Headers.new
|
|
|
|
headers["Cookie"] = env.request.headers["Cookie"]
|
|
|
|
headers["Cookie"] = env.request.headers["Cookie"]
|
|
|
|
|
|
|
|
|
|
|
|
client = make_client(YT_URL)
|
|
|
|
client = make_client(YT_URL)
|
|
|
|
user = get_user(user.id, client, headers, PG_DB)
|
|
|
|
user = get_user(user.id, client, headers, PG_DB)
|
|
|
|
|
|
|
|
end
|
|
|
|
subscriptions = user.subscriptions
|
|
|
|
subscriptions = user.subscriptions
|
|
|
|
subscriptions ||= [] of String
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
client = make_client(YT_URL)
|
|
|
|
client = make_client(YT_URL)
|
|
|
|
subscriptions = subscriptions.map do |ucid|
|
|
|
|
subscriptions = subscriptions.map do |ucid|
|
|
|
@ -941,6 +1056,7 @@ get "/subscription_ajax" do |env|
|
|
|
|
channel_id = env.params.query["c"]?
|
|
|
|
channel_id = env.params.query["c"]?
|
|
|
|
channel_id ||= ""
|
|
|
|
channel_id ||= ""
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if !user.password
|
|
|
|
headers = HTTP::Headers.new
|
|
|
|
headers = HTTP::Headers.new
|
|
|
|
headers["Cookie"] = env.request.headers["Cookie"]
|
|
|
|
headers["Cookie"] = env.request.headers["Cookie"]
|
|
|
|
|
|
|
|
|
|
|
@ -973,6 +1089,21 @@ get "/subscription_ajax" do |env|
|
|
|
|
PG_DB.exec("UPDATE users SET subscriptions = array_remove(subscriptions,$1) WHERE id = $2", channel_id, sid)
|
|
|
|
PG_DB.exec("UPDATE users SET subscriptions = array_remove(subscriptions,$1) WHERE id = $2", channel_id, sid)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
sid = user.id
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
case action
|
|
|
|
|
|
|
|
when .starts_with? "action_create"
|
|
|
|
|
|
|
|
if !user.subscriptions.includes? channel_id
|
|
|
|
|
|
|
|
PG_DB.exec("UPDATE users SET subscriptions = array_append(subscriptions,$1) WHERE id = $2", channel_id, sid)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
client = make_client(YT_URL)
|
|
|
|
|
|
|
|
get_channel(channel_id, client, PG_DB, false, false)
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
when .starts_with? "action_remove"
|
|
|
|
|
|
|
|
PG_DB.exec("UPDATE users SET subscriptions = array_remove(subscriptions,$1) WHERE id = $2", channel_id, sid)
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
env.redirect referer
|
|
|
|
env.redirect referer
|
|
|
|