Validate id, avoid db call if not needed

author: Brahim Hadriche <brahim.hadriche@gmail.com> 2023-03-02 14:47:14 -0500
committer: Brahim Hadriche <brahim.hadriche@gmail.com> 2023-03-02 14:47:14 -0500
commit: 38f6d08be6559915262cd246b7a82988700250a5 (patch)
tree: 70c3e259de689ee328212d2290cef630298b326a /src
parent: 8c0efb3ea9e409796ae860128b16d8aac860c5c6 (diff)
download: invidious-38f6d08be6559915262cd246b7a82988700250a5.tar.gz
invidious-38f6d08be6559915262cd246b7a82988700250a5.tar.bz2
invidious-38f6d08be6559915262cd246b7a82988700250a5.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/src/invidious/routes/api/v1/authenticated.cr b/src/invidious/routes/api/v1/authenticated.cr
index 75dad6df..e8e7c524 100644
--- a/src/invidious/routes/api/v1/authenticated.cr
+++ b/src/invidious/routes/api/v1/authenticated.cr
@@ -82,7 +82,7 @@ module Invidious::Routes::API::V1::Authenticated
     end
 
     id = env.params.url["id"]?.try &.as(String)
-    if !id
+    if !id.match(/[a-zA-Z0-9_-]{11}/)
       return error_json(400, "Invalid video id.")
     end
 
@@ -93,6 +93,10 @@ module Invidious::Routes::API::V1::Authenticated
   def self.mark_unwatched(env)
     user = env.get("user").as(User)
 
+    if !user.preferences.watch_history
+      return error_json(409, "Watch history is disabled in preferences.")
+    end
+
     id = env.params.url["id"]?.try &.as(String)
     if !id.match(/[a-zA-Z0-9_-]{11}/)
       return error_json(400, "Invalid video id.")
author	Brahim Hadriche <brahim.hadriche@gmail.com>	2023-03-02 14:47:14 -0500
committer	Brahim Hadriche <brahim.hadriche@gmail.com>	2023-03-02 14:47:14 -0500
commit	38f6d08be6559915262cd246b7a82988700250a5 (patch)
tree	70c3e259de689ee328212d2290cef630298b326a /src
parent	8c0efb3ea9e409796ae860128b16d8aac860c5c6 (diff)
download	invidious-38f6d08be6559915262cd246b7a82988700250a5.tar.gz invidious-38f6d08be6559915262cd246b7a82988700250a5.tar.bz2 invidious-38f6d08be6559915262cd246b7a82988700250a5.zip