From c6762726041906bcc5bcce9f63cf99f6a04180b1 Mon Sep 17 00:00:00 2001 From: John Wong Date: Sat, 8 Apr 2023 22:23:36 +0800 Subject: [PATCH 1/4] login_only --- src/invidious/config.cr | 1 + src/invidious/routes/before_all.cr | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/src/invidious/config.cr b/src/invidious/config.cr index 9fc58409..772bc5a3 100644 --- a/src/invidious/config.cr +++ b/src/invidious/config.cr @@ -84,6 +84,7 @@ class Config # Used to tell Invidious it is behind a proxy, so links to resources should be https:// property https_only : Bool? + property login_only : Bool? # HMAC signing key for CSRF tokens and verifying pubsub subscriptions property hmac_key : String? # Domain to be used for links to resources on the site where an absolute URL is required diff --git a/src/invidious/routes/before_all.cr b/src/invidious/routes/before_all.cr index 8e2a253f..24582bd5 100644 --- a/src/invidious/routes/before_all.cr +++ b/src/invidious/routes/before_all.cr @@ -148,5 +148,11 @@ module Invidious::Routes::BeforeAll end env.set "current_page", URI.encode_www_form(current_page) + + unregistered_path_whitelist = {"/", "/login", "/licenses", "/privacy"} + if !env.get?("user") && !unregistered_path_whitelist.includes?(env.request.path) && CONFIG.login_only + env.response.headers["Location"] = "/login" + haltf env, status_code: 302 + end end end From b3637f20a9373a6580d377ff9e42be95fae18e84 Mon Sep 17 00:00:00 2001 From: John Wong Date: Mon, 10 Apr 2023 10:58:11 +0800 Subject: [PATCH 2/4] check the config flag first --- src/invidious/routes/before_all.cr | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/invidious/routes/before_all.cr b/src/invidious/routes/before_all.cr index 24582bd5..64430d83 100644 --- a/src/invidious/routes/before_all.cr +++ b/src/invidious/routes/before_all.cr @@ -150,7 +150,7 @@ module Invidious::Routes::BeforeAll env.set "current_page", URI.encode_www_form(current_page) unregistered_path_whitelist = {"/", "/login", "/licenses", "/privacy"} - if !env.get?("user") && !unregistered_path_whitelist.includes?(env.request.path) && CONFIG.login_only + if CONFIG.login_only && !env.get?("user") && !unregistered_path_whitelist.includes?(env.request.path) env.response.headers["Location"] = "/login" haltf env, status_code: 302 end From f5244055a27bb0be81e71781e39fc43ce0a14eb5 Mon Sep 17 00:00:00 2001 From: kaka Date: Sat, 15 Jul 2023 06:57:37 +0800 Subject: [PATCH 3/4] @SamantazFox: Put that code before return if (on line 64) --- src/invidious/routes/before_all.cr | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/invidious/routes/before_all.cr b/src/invidious/routes/before_all.cr index ea1af277..495ec57b 100644 --- a/src/invidious/routes/before_all.cr +++ b/src/invidious/routes/before_all.cr @@ -61,6 +61,12 @@ module Invidious::Routes::BeforeAll env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" end + unregistered_path_whitelist = {"/", "/login", "/licenses", "/privacy"} + if CONFIG.login_only && !env.get?("user") && !unregistered_path_whitelist.includes?(env.request.path) + env.response.headers["Location"] = "/login" + haltf env, status_code: 302 + end + return if { "/sb/", "/vi/", @@ -122,11 +128,5 @@ module Invidious::Routes::BeforeAll end env.set "current_page", URI.encode_www_form(current_page) - - unregistered_path_whitelist = {"/", "/login", "/licenses", "/privacy"} - if CONFIG.login_only && !env.get?("user") && !unregistered_path_whitelist.includes?(env.request.path) - env.response.headers["Location"] = "/login" - haltf env, status_code: 302 - end end end From d3e6d7b6c5d5da175f03cf350cd5c67e206e6d3a Mon Sep 17 00:00:00 2001 From: kaka Date: Sat, 15 Jul 2023 08:49:18 +0800 Subject: [PATCH 4/4] Set the cookie first --- src/invidious/routes/before_all.cr | 36 +++++++++++++++--------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/src/invidious/routes/before_all.cr b/src/invidious/routes/before_all.cr index 495ec57b..2685d7b1 100644 --- a/src/invidious/routes/before_all.cr +++ b/src/invidious/routes/before_all.cr @@ -61,24 +61,6 @@ module Invidious::Routes::BeforeAll env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" end - unregistered_path_whitelist = {"/", "/login", "/licenses", "/privacy"} - if CONFIG.login_only && !env.get?("user") && !unregistered_path_whitelist.includes?(env.request.path) - env.response.headers["Location"] = "/login" - haltf env, status_code: 302 - end - - return if { - "/sb/", - "/vi/", - "/s_p/", - "/yts/", - "/ggpht/", - "/api/manifest/", - "/videoplayback", - "/latest_version", - "/download", - }.any? { |r| env.request.resource.starts_with? r } - if env.request.cookies.has_key? "SID" sid = env.request.cookies["SID"].value @@ -106,6 +88,24 @@ module Invidious::Routes::BeforeAll end end + unregistered_path_whitelist = {"/", "/login", "/licenses", "/privacy"} + if CONFIG.login_only && !env.get?("user") && !unregistered_path_whitelist.includes?(env.request.path) + env.response.headers["Location"] = "/login" + haltf env, status_code: 302 + end + + return if { + "/sb/", + "/vi/", + "/s_p/", + "/yts/", + "/ggpht/", + "/api/manifest/", + "/videoplayback", + "/latest_version", + "/download", + }.any? { |r| env.request.resource.starts_with? r } + dark_mode = convert_theme(env.params.query["dark_mode"]?) || preferences.dark_mode.to_s thin_mode = env.params.query["thin_mode"]? || preferences.thin_mode.to_s thin_mode = thin_mode == "true"