diff options
| author | Brahim Hadriche <brahim.hadriche@gmail.com> | 2023-03-02 14:47:14 -0500 |
|---|---|---|
| committer | Brahim Hadriche <brahim.hadriche@gmail.com> | 2023-03-02 14:47:14 -0500 |
| commit | 38f6d08be6559915262cd246b7a82988700250a5 (patch) | |
| tree | 70c3e259de689ee328212d2290cef630298b326a | |
| parent | 8c0efb3ea9e409796ae860128b16d8aac860c5c6 (diff) | |
| download | invidious-38f6d08be6559915262cd246b7a82988700250a5.tar.gz invidious-38f6d08be6559915262cd246b7a82988700250a5.tar.bz2 invidious-38f6d08be6559915262cd246b7a82988700250a5.zip | |
Validate id, avoid db call if not needed
| -rw-r--r-- | src/invidious/routes/api/v1/authenticated.cr | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/invidious/routes/api/v1/authenticated.cr b/src/invidious/routes/api/v1/authenticated.cr index 75dad6df..e8e7c524 100644 --- a/src/invidious/routes/api/v1/authenticated.cr +++ b/src/invidious/routes/api/v1/authenticated.cr @@ -82,7 +82,7 @@ module Invidious::Routes::API::V1::Authenticated end id = env.params.url["id"]?.try &.as(String) - if !id + if !id.match(/[a-zA-Z0-9_-]{11}/) return error_json(400, "Invalid video id.") end @@ -93,6 +93,10 @@ module Invidious::Routes::API::V1::Authenticated def self.mark_unwatched(env) user = env.get("user").as(User) + if !user.preferences.watch_history + return error_json(409, "Watch history is disabled in preferences.") + end + id = env.params.url["id"]?.try &.as(String) if !id.match(/[a-zA-Z0-9_-]{11}/) return error_json(400, "Invalid video id.") |