diff --git a/config/config.example.yml b/config/config.example.yml index 38085a20..ef0c219d 100644 --- a/config/config.example.yml +++ b/config/config.example.yml @@ -236,6 +236,22 @@ https_only: false # Users and accounts # ----------------------------- +## +## Allow/Forbid the usage of the Invidious Instance without an account. +## Only /login and /privacy are accessible on such instances for unregistered +## users on the web interface. Moreover, certain API endpoints are accessible, +## to allow third-party clients to add the instance and login to an existing +## account. +## +## To avoid any data leakage it is recommended to set popular_enabled and +## statistics_enabled to 'false'. Furthermore, registration_enabled should be +## set to 'false' to only allow existing users to access the instance. +## +## Accepted values: true, false +## Default: false +## +#private_instance: false + ## ## Allow/Forbid Invidious (local) account creation. Invidious ## accounts allow users to subscribe to channels and to create @@ -756,7 +772,7 @@ default_user_preferences: ## ## Default dash video quality. ## - ## Note: this setting only takes effet if the + ## Note: this setting only takes effect if the ## 'quality' parameter is set to "dash". ## ## Accepted values: @@ -791,7 +807,7 @@ default_user_preferences: ## Default: true ## #vr_mode: true - + ## ## Save the playback position ## Allow to continue watching at the previous position when diff --git a/src/invidious/config.cr b/src/invidious/config.cr index 09c2168b..0b9e8598 100644 --- a/src/invidious/config.cr +++ b/src/invidious/config.cr @@ -92,6 +92,8 @@ class Config property use_pubsub_feeds : Bool | Int32 = false property popular_enabled : Bool = true property captcha_enabled : Bool = true + # Only allow usage of the Invidious instance with an existing account + property private_instance : Bool = false property login_enabled : Bool = true property registration_enabled : Bool = true property statistics_enabled : Bool = false diff --git a/src/invidious/routes/before_all.cr b/src/invidious/routes/before_all.cr index 396840a4..67bdc7af 100644 --- a/src/invidious/routes/before_all.cr +++ b/src/invidious/routes/before_all.cr @@ -61,18 +61,6 @@ module Invidious::Routes::BeforeAll env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" end - return if { - "/sb/", - "/vi/", - "/s_p/", - "/yts/", - "/ggpht/", - "/api/manifest/", - "/videoplayback", - "/latest_version", - "/download", - }.any? { |r| env.request.resource.starts_with? r } - if env.request.cookies.has_key? "SID" sid = env.request.cookies["SID"].value @@ -100,6 +88,38 @@ module Invidious::Routes::BeforeAll end end + # TODO: popular and trending are whitelisted for clients that require these endpoints to be accessible e.g. Clipious + # can be removed as soon as those clients can handele these request on private instances + unregistered_path_whitelist = { + "/login", + "/privacy", + "/api/v1/stats", + "/api/v1/popular", + "/api/v1/trending", + "/feed/webhook/v1:", + "/api/v1/videos/dQw4w9WgXcQ", + "/api/v1/comments/jNQXAC9IVRw", + } + + if CONFIG.private_instance && !env.get?("user") && !unregistered_path_whitelist.any? { |r| env.request.path.starts_with? r } + env.response.headers["Location"] = "/login" + haltf env, status_code: 302 + end + + return if { + "/sb/", + "/vi/", + "/s_p/", + "/yts/", + "/ggpht/", + "/download", + "/licenses", + "/api/manifest/", + "/videoplayback", + "/latest_version", + "/opensearch.xml", + }.any? { |r| env.request.resource.starts_with? r } + dark_mode = convert_theme(env.params.query["dark_mode"]?) || preferences.dark_mode.to_s thin_mode = env.params.query["thin_mode"]? || preferences.thin_mode.to_s thin_mode = thin_mode == "true"