Commit Graph

2353 Commits (b30db728cc8435b3debbaa27aad940fe482683ac)
 

Author SHA1 Message Date
Omar Roth c97cdf551e
Refactor extract_plid
Omar Roth 80fc60b5e2
Add spec for extract_plid
Omar Roth 3b2e142542
Fix JSON serialization
Omar Roth 0e58d99f4e Fix player mouseover events
Omar Roth 92798abb5d Add manifest-src to CSP
Omar Roth bd7950b757
Add toggle_parent to dynamic handlers
Omar Roth 59a15ceef6
Remove VarInt class
Omar Roth 4011a113cc
Strip invalid characters from referer URLs
leonklingele 70cbe91776
Migrate to a good Content Security Policy ()
So attacks such as XSS (see [0]) will no longer be of an issue.

[0]: https://github.com/omarroth/invidious/issues/1022
Omar Roth f92027c44b
Escape 'sort_by'
Omar Roth 1443335315
Switch textcaptcha to HTTPS
Omar Roth 6ff2229a09
Bump dependencies
Omar Roth bb72672dd9
Replace static asset requests with QUIC
Omar Roth d96dee3aa6
Add debug info to videoplayback
Omar Roth bd0aaa343b
Prevent storyboards from hanging
Omar Roth 3126e1ac94
docker: allow to configure Invidious by env var ()
Invidious gained support to read its configuration from an env var
instead of config file in e3c10d779d.

Unfortunately, Docker doesn't allow newline characters in env var
values (see [0]) which means we can only provide a proper YAML config
by using the inlined configuration in docker-compose.yml which,
unfortunately, is tracked by Git. Once support for multiline env var
values has been added to Docker, we should migrate and read the config
from a .env file instead (which is not tracked by Git).

[0]: https://github.com/docker/compose/issues/3527
Omar Roth a117d87f33
Skip validation checks for videoplayback, ggpht
Omar Roth 9dc4f8a1aa
Escape item titles in search page
leonklingele 0d536d11e3
Verify token signature in constant time, Run cheap checks first in token validation process ()
* Verify token signature in constant time

To prevent timing side channel attacks

* Run cheap checks first in token validation process

Expensive checks such as the nonce lookup on the database or the
signature check can be run after cheap/fast checks.
B͈̤̖̪̪̱ͅl̯̯̮̼͎̬͚̳̩̖̲u̜̼͉͈̠b͙̬̘̙̱̗̲͙b͍̞̬̬͓̼l̰̪͖̯̼̟̟͈̖͕̜̱̜ͅl̻̗͔̝̭̰͚͇̯̥ 72a4962fd0
add lapisTube ()
Kyle Copperfield a3045a3953
Use a MediaQueryListener to toggle on demand. Tested on OSX. ()
Closes .
Tommy Miland c620a22017
Add logfile to logrotate ()
Leon Klingele e3593fe197
js: add support to detect media keys in keydown handler
See [0] for all the relevant codes.

[0]: https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/key/Key_Values#Multimedia_keys

Fixes a regression introduced in e6b4e12689.
Fixes https://github.com/omarroth/invidious/issues/712.
Omar Roth 856ec03cc7
Revert "Add HOST_AUTH_METHOD=trust to docker compose (see )"
This reverts commit ef70668a77.
leonklingele c80c5631f0
docker: do not require password for PostgreSQL superuser, docker,kubernetes: create "privacy" type before using it, travis: do not run "docker-compose up" in detached mode ()
* docker: do not require password for PostgreSQL superuser

A password is now required by the postgres Docker image which makes
initial setup (and our CI build) fail with the following error:

    postgres_1   | Error: Database is uninitialized and superuser password is not specified.
    postgres_1   |        You must specify POSTGRES_PASSWORD for the superuser. Use
    postgres_1   |        "-e POSTGRES_PASSWORD=password" to set it in "docker run".
    postgres_1   |
    postgres_1   |        You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
    postgres_1   |        without a password. This is *not* recommended. See PostgreSQL
    postgres_1   |        documentation about "trust":
    postgres_1   |        https://www.postgresql.org/docs/current/auth-trust.html

See https://github.com/docker-library/postgres/issues/681.

* docker,kubernetes: create PostgreSQL "privacy" type before using it

Fixes the following error when setting up the database:

    postgres_1   | 2020-02-21 01:01:22.371 UTC [172] ERROR:  type "privacy" does not exist at character 200
    postgres_1   | 2020-02-21 01:01:22.371 UTC [172] STATEMENT:  CREATE TABLE public.playlists
    postgres_1   | 	(
    postgres_1   | 	    title text,
    postgres_1   | 	    id text primary key,
    postgres_1   | 	    author text,
    postgres_1   | 	    description text,
    postgres_1   | 	    video_count integer,
    postgres_1   | 	    created timestamptz,
    postgres_1   | 	    updated timestamptz,
    postgres_1   | 	    privacy privacy,
    postgres_1   | 	    index int8[]
    postgres_1   | 	);
    postgres_1   | ERROR:  type "privacy" does not exist
    postgres_1   | LINE 10:     privacy privacy,

* travis: do not run "docker-compose up" in detached mode

Rather, allow database to finish its setup procedure and grant
Invidious time to launch.
Omar Roth ef70668a77
Add HOST_AUTH_METHOD=trust to docker compose (see )
Karol Kosek ebd4691462 Update Polish translation
Tymofij Lytvynenko 28554235be Update Ukrainian translation
Deleted User efbbb6fd20 Update German translation
Omar Roth 9de57021a3
Update postgres setup
Omar Roth e21f770485
Fix status check for channel page
Omar Roth 697c00dccf
Sanitize PLID
Omar Roth 1caf6a3298
Fix deadlock when updating notifications
Omar Roth 02fd02d482
Remove DB array concatenation
Pedro Lucas Porcellis 239fb0db94
Remove duplicated Github logo on footer ()
* Remove duplicated Github logo on footer
Omar Roth fe1d73c3e5
Merge pull request from leonklingele/add-kubernetes
Add support to run on Kubernetes, add Helm chart
Omar Roth 43da06a354
Remove temp fix for
Omar Roth fea6b67067
Remove 'type' attribute from community embed
Omar Roth f065ae54d5
Merge pull request from leonklingele/crystal-0.33.0-format
Update code formatting for Crystal 0.33.0
Omar Roth 3cf417766d
Merge pull request from leanderseidlitz/master
readme.md: fix missing playlist relation in postgresql
Leander Seidlitz 0fb41b10e9
readme.md: fix missing playlist relation in postgresql
Leon Klingele bc9dc3bf1e
Update code formatting for Crystal 0.33.0
Crystal 0.33.0 introduced some changes to to the code formatter.
Run "crystal tool format" so CI doesn't fail anymore.
Leon Klingele 3cde5e28a8
Add support to run on Kubernetes, add Helm chart
See relevant README.md for more details.
Omar Roth cb8e7181c4
Merge pull request from leonklingele/config-env
Add support to read config from environment variable
Omar Roth 9a3becdecc
Merge pull request from jorgesumle/master
Remove invalid and useless HTML from embed player
Leon Klingele e3c10d779d
Add support to read config from environment variable
Try to read app config from the "INVIDIOUS_CONFIG" environment variable.
If the variable is undefined, read config from config.yml file as before.

Required by https://github.com/omarroth/invidious/pull/1015 et al.
Jorge Maldonado Ventura dd9f1024f4 Remove invalid HTML from embed player
Omar Roth 9841f74adc
Add handling for comments with no content
Omar Roth b56e493d92
Remove frameborder from community embeds
Omar Roth a2c5211b20
Check /browse_ajax for channel blocks