From 3ba2a7d92176efde9f96514f3f19605beb5d2b7f Mon Sep 17 00:00:00 2001 From: Omar Roth Date: Fri, 17 Aug 2018 10:19:20 -0500 Subject: [PATCH] Fix referers --- src/invidious.cr | 20 ++++++++++++++++---- src/invidious/helpers/utils.cr | 21 +++++++++++++++++++-- src/invidious/views/channel.ecr | 6 +++--- src/invidious/views/login.ecr | 4 ++-- src/invidious/views/template.ecr | 8 ++++---- src/invidious/views/watch.ecr | 6 +++--- 6 files changed, 47 insertions(+), 18 deletions(-) diff --git a/src/invidious.cr b/src/invidious.cr index 4b3c473e..1f33c2db 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -131,6 +131,19 @@ before_all do |env| end end end + + current_page = env.request.path + if env.request.query + query = HTTP::Params.parse(env.request.query.not_nil!) + + if query["referer"]? + query["referer"] = get_referer(env, "/") + end + + current_page += "?#{query}" + end + + env.set "current_page", URI.escape(current_page) end get "/" do |env| @@ -411,8 +424,7 @@ end # See https://github.com/rg3/youtube-dl/blob/master/youtube_dl/extractor/youtube.py#L79 post "/login" do |env| - referer = env.params.query["referer"]? - referer ||= get_referer(env, "/feed/subscriptions") + referer = get_referer(env, "/feed/subscriptions") email = env.params.body["email"]? password = env.params.body["password"]? @@ -506,7 +518,7 @@ post "/login" do |env| end if !tfa_code - next env.redirect "/login?tfa=true&type=google" + next env.redirect "/login?tfa=true&type=google&referer=#{URI.escape(referer)}" end tl = challenge_results[1][2] @@ -677,7 +689,7 @@ get "/signout" do |env| end env.request.cookies.add_response_headers(env.response.headers) - env.redirect referer + env.redirect URI.unescape(referer) end get "/preferences" do |env| diff --git a/src/invidious/helpers/utils.cr b/src/invidious/helpers/utils.cr index 9ff411cd..4690a405 100644 --- a/src/invidious/helpers/utils.cr +++ b/src/invidious/helpers/utils.cr @@ -150,10 +150,27 @@ def make_host_url(ssl, host) end def get_referer(env, fallback = "/") - referer = env.request.headers["referer"]? + referer = env.params.query["referer"]? + referer ||= env.request.headers["referer"]? referer ||= fallback - referer = URI.parse(referer).full_path + referer = URI.parse(referer) + + # "Unroll" nested referers + loop do + if referer.query + params = HTTP::Params.parse(referer.query.not_nil!) + if params["referer"]? + referer = URI.parse(URI.unescape(params["referer"])) + else + break + end + else + break + end + end + + referer = referer.full_path if referer == env.request.path referer = fallback diff --git a/src/invidious/views/channel.ecr b/src/invidious/views/channel.ecr index ab8c0b2e..3e2df0ba 100644 --- a/src/invidious/views/channel.ecr +++ b/src/invidious/views/channel.ecr @@ -16,16 +16,16 @@

<% if user %> <% if subscriptions.includes? ucid %> - + "> Unsubscribe from <%= author %> <% else %> - + "> Subscribe to <%= author %> <% end %> <% else %> - + "> Login to subscribe to <%= author %> <% end %> diff --git a/src/invidious/views/login.ecr b/src/invidious/views/login.ecr index 3f19ba53..dc88379f 100644 --- a/src/invidious/views/login.ecr +++ b/src/invidious/views/login.ecr @@ -16,7 +16,7 @@


<% if account_type == "invidious" %> -
+
@@ -34,7 +34,7 @@
<% elsif account_type == "google" %> -
+
diff --git a/src/invidious/views/template.ecr b/src/invidious/views/template.ecr index 2f565541..871a5f78 100644 --- a/src/invidious/views/template.ecr +++ b/src/invidious/views/template.ecr @@ -34,7 +34,7 @@ diff --git a/src/invidious/views/watch.ecr b/src/invidious/views/watch.ecr index c09da851..ca5e9372 100644 --- a/src/invidious/views/watch.ecr +++ b/src/invidious/views/watch.ecr @@ -232,20 +232,20 @@ get_youtube_comments(); <% if user %> <% if subscriptions.includes? video.ucid %>

- + "> Unsubscribe from <%= video.author %>

<% else %>

- + "> Subscribe to <%= video.author %>

<% end %> <% else %>

- + "> Login to subscribe to <%= video.author %>