diff options
Diffstat (limited to 'src/invidious.cr')
| -rw-r--r-- | src/invidious.cr | 55 |
1 files changed, 29 insertions, 26 deletions
diff --git a/src/invidious.cr b/src/invidious.cr index a0702820..cb2bb5fe 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -73,8 +73,11 @@ LOCALES = { "eo" => load_locale("eo"), "es" => load_locale("es"), "fa" => load_locale("fa"), + "fi" => load_locale("fi"), "fr" => load_locale("fr"), + "he" => load_locale("he"), "hr" => load_locale("hr"), + "id" => load_locale("id"), "is" => load_locale("is"), "it" => load_locale("it"), "ja" => load_locale("ja"), @@ -207,7 +210,7 @@ before_all do |env| extra_media_csp += " https://*.youtube.com:443" end # TODO: Remove style-src's 'unsafe-inline', requires to remove all inline styles (<style> [..] </style>, style=" [..] ") - env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob:#{extra_media_csp}" + env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob:#{extra_media_csp}; child-src blob:" env.response.headers["Referrer-Policy"] = "same-origin" if (Kemal.config.ssl || CONFIG.https_only) && CONFIG.hsts @@ -301,12 +304,12 @@ before_all do |env| env.set "current_page", URI.encode_www_form(current_page) end -Invidious::Routing.get "/", Invidious::Routes::Home -Invidious::Routing.get "/privacy", Invidious::Routes::Privacy -Invidious::Routing.get "/licenses", Invidious::Routes::Licenses +Invidious::Routing.get "/", Invidious::Routes::Misc, :home +Invidious::Routing.get "/privacy", Invidious::Routes::Misc, :privacy +Invidious::Routing.get "/licenses", Invidious::Routes::Misc, :licenses Invidious::Routing.get "/watch", Invidious::Routes::Watch -Invidious::Routing.get "/embed/", Invidious::Routes::Embed::Index -Invidious::Routing.get "/embed/:id", Invidious::Routes::Embed::Show +Invidious::Routing.get "/embed/", Invidious::Routes::Embed, :redirect +Invidious::Routing.get "/embed/:id", Invidious::Routes::Embed, :show Invidious::Routing.get "/view_all_playlists", Invidious::Routes::Playlists, :index Invidious::Routing.get "/create_playlist", Invidious::Routes::Playlists, :new Invidious::Routing.post "/create_playlist", Invidious::Routes::Playlists, :create @@ -325,9 +328,9 @@ Invidious::Routing.get "/search", Invidious::Routes::Search, :search Invidious::Routing.get "/login", Invidious::Routes::Login, :login_page Invidious::Routing.post "/login", Invidious::Routes::Login, :login Invidious::Routing.post "/signout", Invidious::Routes::Login, :signout -Invidious::Routing.get "/preferences", Invidious::Routes::UserPreferences, :show -Invidious::Routing.post "/preferences", Invidious::Routes::UserPreferences, :update -Invidious::Routing.get "/toggle_theme", Invidious::Routes::UserPreferences, :toggle_theme +Invidious::Routing.get "/preferences", Invidious::Routes::PreferencesRoute, :show +Invidious::Routing.post "/preferences", Invidious::Routes::PreferencesRoute, :update +Invidious::Routing.get "/toggle_theme", Invidious::Routes::PreferencesRoute, :toggle_theme # Users @@ -1418,9 +1421,9 @@ get "/feed/playlist/:plid" do |env| node.attributes.each do |attribute| case attribute.name when "url", "href" - full_path = URI.parse(node[attribute.name]).full_path - query_string_opt = full_path.starts_with?("/watch?v=") ? "&#{params}" : "" - node[attribute.name] = "#{HOST_URL}#{full_path}#{query_string_opt}" + request_target = URI.parse(node[attribute.name]).request_target + query_string_opt = request_target.starts_with?("/watch?v=") ? "&#{params}" : "" + node[attribute.name] = "#{HOST_URL}#{request_target}#{query_string_opt}" else nil # Skip end end @@ -1429,7 +1432,7 @@ get "/feed/playlist/:plid" do |env| document = document.to_xml(options: XML::SaveOptions::NO_DECL) document.scan(/<uri>(?<url>[^<]+)<\/uri>/).each do |match| - content = "#{HOST_URL}#{URI.parse(match["url"]).full_path}" + content = "#{HOST_URL}#{URI.parse(match["url"]).request_target}" document = document.gsub(match[0], "<uri>#{content}</uri>") end @@ -1624,7 +1627,7 @@ end get "/attribution_link" do |env| if query = env.params.query["u"]? - url = URI.parse(query).full_path + url = URI.parse(query).request_target else url = "/" end @@ -1968,7 +1971,7 @@ get "/api/v1/captions/:id" do |env| caption = caption[0] end - url = URI.parse("#{caption.baseUrl}&tlang=#{tlang}").full_path + url = URI.parse("#{caption.baseUrl}&tlang=#{tlang}").request_target # Auto-generated captions often have cues that aren't aligned properly with the video, # as well as some other markup that makes it cumbersome, so we try to fix that here @@ -2548,12 +2551,12 @@ get "/api/v1/search" do |env| content_type ||= "video" begin - search_params = produce_search_params(sort_by, date, content_type, duration, features) + search_params = produce_search_params(page, sort_by, date, content_type, duration, features) rescue ex next error_json(400, ex) end - count, search_results = search(query, page, search_params, region).as(Tuple) + count, search_results = search(query, search_params, region).as(Tuple) JSON.build do |json| json.array do search_results.each do |item| @@ -3174,7 +3177,7 @@ get "/api/manifest/dash/id/:id" do |env| end if dashmpd = video.dash_manifest_url - manifest = YT_POOL.client &.get(URI.parse(dashmpd).full_path).body + manifest = YT_POOL.client &.get(URI.parse(dashmpd).request_target).body manifest = manifest.gsub(/<BaseURL>[^<]+<\/BaseURL>/) do |baseurl| url = baseurl.lchop("<BaseURL>") @@ -3182,7 +3185,7 @@ get "/api/manifest/dash/id/:id" do |env| if local uri = URI.parse(url) - url = "#{uri.full_path}host/#{uri.host}/" + url = "#{uri.request_target}host/#{uri.host}/" end "<BaseURL>#{url}</BaseURL>" @@ -3195,7 +3198,7 @@ get "/api/manifest/dash/id/:id" do |env| if local adaptive_fmts.each do |fmt| - fmt["url"] = JSON::Any.new(URI.parse(fmt["url"].as_s).full_path) + fmt["url"] = JSON::Any.new(URI.parse(fmt["url"].as_s).request_target) end end @@ -3393,7 +3396,7 @@ get "/latest_version" do |env| next end - url = URI.parse(url).full_path.not_nil! if local + url = URI.parse(url).request_target.not_nil! if local url = "#{url}&title=#{title}" if title env.redirect url @@ -3505,7 +3508,7 @@ get "/videoplayback" do |env| client = make_client(URI.parse(new_host), region) end - url = "#{location.full_path}&host=#{location.host}#{region ? "®ion=#{region}" : ""}" + url = "#{location.request_target}&host=#{location.host}#{region ? "®ion=#{region}" : ""}" else break end @@ -3545,7 +3548,7 @@ get "/videoplayback" do |env| if location = response.headers["Location"]? location = URI.parse(location) - location = "#{location.full_path}&host=#{location.host}" + location = "#{location.request_target}&host=#{location.host}" if region location += "®ion=#{region}" @@ -3609,7 +3612,7 @@ get "/videoplayback" do |env| if location = response.headers["Location"]? location = URI.parse(location) - location = "#{location.full_path}&host=#{location.host}#{region ? "®ion=#{region}" : ""}" + location = "#{location.request_target}&host=#{location.host}#{region ? "®ion=#{region}" : ""}" env.redirect location break @@ -3849,7 +3852,7 @@ end get "/watch_videos" do |env| response = YT_POOL.client &.get(env.request.resource) if url = response.headers["Location"]? - url = URI.parse(url).full_path + url = URI.parse(url).request_target next env.redirect url end @@ -3864,7 +3867,7 @@ error 404 do |env| response = YT_POOL.client &.get("/#{item}") if response.status_code == 301 - response = YT_POOL.client &.get(URI.parse(response.headers["Location"]).full_path) + response = YT_POOL.client &.get(URI.parse(response.headers["Location"]).request_target) end if response.body.empty? |