mirror of
https://github.com/iv-org/invidious.git
synced 2025-01-03 13:41:47 +05:30
Use a dedicated endpoind for downloads
This allows us to not pass file name ("title") in the form data and to enforce some sanity checks
This commit is contained in:
parent
fe057c7873
commit
2f335b3d2c
@ -236,6 +236,7 @@ before_all do |env|
|
||||
"/api/manifest/",
|
||||
"/videoplayback",
|
||||
"/latest_version",
|
||||
"/download",
|
||||
}.any? { |r| env.request.resource.starts_with? r }
|
||||
|
||||
if env.request.cookies.has_key? "SID"
|
||||
@ -348,6 +349,8 @@ end
|
||||
Invidious::Routing.get "/e/:id", Invidious::Routes::Watch, :redirect
|
||||
Invidious::Routing.get "/redirect", Invidious::Routes::Misc, :cross_instance_redirect
|
||||
|
||||
Invidious::Routing.post "/download", Invidious::Routes::Watch, :download
|
||||
|
||||
Invidious::Routing.get "/embed/", Invidious::Routes::Embed, :redirect
|
||||
Invidious::Routing.get "/embed/:id", Invidious::Routes::Embed, :show
|
||||
|
||||
|
@ -26,12 +26,16 @@ module Invidious::Frontend::WatchPage
|
||||
return String.build(4000) do |str|
|
||||
str << "<form"
|
||||
str << " class=\"pure-form pure-form-stacked\""
|
||||
str << " action='/latest_version'"
|
||||
str << " method='get'"
|
||||
str << " action='/download'"
|
||||
str << " method='post'"
|
||||
str << " rel='noopener'"
|
||||
str << " target='_blank'>"
|
||||
str << '\n'
|
||||
|
||||
# Hidden inputs for video id and title
|
||||
str << "<input type='hidden' name='id' value='" << video.id << "'/>\n"
|
||||
str << "<input type='hidden' name='title' value='" << HTML.escape(video.title) << "'/>\n"
|
||||
|
||||
str << "\t<div class=\"pure-control-group\">\n"
|
||||
|
||||
str << "\t\t<label for='download_widget'>"
|
||||
@ -48,8 +52,7 @@ module Invidious::Frontend::WatchPage
|
||||
|
||||
height = itag_to_metadata?(option["itag"]).try &.["height"]?
|
||||
|
||||
title = URI.encode_www_form("#{video.title}-#{video.id}.#{mimetype.split("/")[1]}")
|
||||
value = {"id": video.id, "itag": option["itag"], "title": title}.to_json
|
||||
value = {"itag": option["itag"], "ext": mimetype.split("/")[1]}.to_json
|
||||
|
||||
str << "\t\t\t<option value='" << value << "'>"
|
||||
str << (height || "~240") << "p - " << mimetype
|
||||
@ -61,8 +64,7 @@ module Invidious::Frontend::WatchPage
|
||||
video_assets.video_streams.each do |option|
|
||||
mimetype = option["mimeType"].as_s.split(";")[0]
|
||||
|
||||
title = URI.encode_www_form("#{video.title}-#{video.id}.#{mimetype.split("/")[1]}")
|
||||
value = {"id": video.id, "itag": option["itag"], "title": title}.to_json
|
||||
value = {"itag": option["itag"], "ext": mimetype.split("/")[1]}.to_json
|
||||
|
||||
str << "\t\t\t<option value='" << value << "'>"
|
||||
str << option["qualityLabel"] << " - " << mimetype << " @ " << option["fps"] << "fps - video only"
|
||||
@ -74,8 +76,7 @@ module Invidious::Frontend::WatchPage
|
||||
video_assets.audio_streams.each do |option|
|
||||
mimetype = option["mimeType"].as_s.split(";")[0]
|
||||
|
||||
title = URI.encode_www_form("#{video.title}-#{video.id}.#{mimetype.split("/")[1]}")
|
||||
value = {"id": video.id, "itag": option["itag"], "title": title}.to_json
|
||||
value = {"itag": option["itag"], "ext": mimetype.split("/")[1]}.to_json
|
||||
|
||||
str << "\t\t\t<option value='" << value << "'>"
|
||||
str << mimetype << " @ " << (option["bitrate"]?.try &.as_i./ 1000) << "k - audio only"
|
||||
@ -85,8 +86,7 @@ module Invidious::Frontend::WatchPage
|
||||
# Subtitles (a.k.a "closed captions")
|
||||
|
||||
video_assets.captions.each do |caption|
|
||||
title = URI.encode_www_form("#{video.title}-#{video.id}.#{caption.language_code}.vtt")
|
||||
value = {"id": video.id, "label": caption.name, "title": title}.to_json
|
||||
value = {"label": caption.name, "ext": "#{caption.language_code}.vtt"}.to_json
|
||||
|
||||
str << "\t\t\t<option value='" << value << "'>"
|
||||
str << translate(locale, "download_subtitles", translate(locale, caption.name))
|
||||
|
@ -23,7 +23,11 @@ module Invidious::Routes::API::V1::Videos
|
||||
env.response.content_type = "application/json"
|
||||
|
||||
id = env.params.url["id"]
|
||||
region = env.params.query["region"]?
|
||||
region = env.params.query["region"]? || env.params.body["region"]?
|
||||
|
||||
if id.nil? || id.size != 11 || !id.matches?(/^[\w-]+$/)
|
||||
return error_json(400, "Invalid video ID")
|
||||
end
|
||||
|
||||
# See https://github.com/ytdl-org/youtube-dl/blob/6ab30ff50bf6bd0585927cb73c7421bef184f87a/youtube_dl/extractor/youtube.py#L1354
|
||||
# It is possible to use `/api/timedtext?type=list&v=#{id}` and
|
||||
|
@ -242,31 +242,25 @@ module Invidious::Routes::VideoPlayback
|
||||
# YouTube /videoplayback links expire after 6 hours,
|
||||
# so we have a mechanism here to redirect to the latest version
|
||||
def self.latest_version(env)
|
||||
if env.params.query["download_widget"]?
|
||||
download_widget = JSON.parse(env.params.query["download_widget"])
|
||||
id = env.params.query["id"]?
|
||||
itag = env.params.query["itag"]?.try &.to_i?
|
||||
|
||||
id = download_widget["id"].as_s
|
||||
title = URI.decode_www_form(download_widget["title"].as_s)
|
||||
|
||||
if label = download_widget["label"]?
|
||||
return env.redirect "/api/v1/captions/#{id}?label=#{label}&title=#{title}"
|
||||
else
|
||||
itag = download_widget["itag"].as_s.to_i
|
||||
local = "true"
|
||||
end
|
||||
# Sanity checks
|
||||
if id.nil? || id.size != 11 || !id.matches?(/^[\w-]+$/)
|
||||
return error_template(400, "Invalid video ID")
|
||||
end
|
||||
|
||||
id ||= env.params.query["id"]?
|
||||
itag ||= env.params.query["itag"]?.try &.to_i
|
||||
if itag.nil? || itag <= 0 || itag >= 1000
|
||||
return error_template(400, "Invalid itag")
|
||||
end
|
||||
|
||||
region = env.params.query["region"]?
|
||||
local = (env.params.query["local"]? == "true")
|
||||
|
||||
local ||= env.params.query["local"]?
|
||||
local ||= "false"
|
||||
local = local == "true"
|
||||
title = env.params.query["title"]?
|
||||
|
||||
if !id || !itag
|
||||
haltf env, status_code: 400, response: "TESTING"
|
||||
if title && CONFIG.disabled?("downloads")
|
||||
return error_template(403, "Administrator has disabled this endpoint.")
|
||||
end
|
||||
|
||||
video = get_video(id, region: region)
|
||||
@ -278,8 +272,10 @@ module Invidious::Routes::VideoPlayback
|
||||
haltf env, status_code: 404
|
||||
end
|
||||
|
||||
url = URI.parse(url).request_target.not_nil! if local
|
||||
url = "#{url}&title=#{title}" if title
|
||||
if local
|
||||
url = URI.parse(url).request_target.not_nil!
|
||||
url += "&title=#{URI.encode_www_form(title, space_to_plus: false)}" if title
|
||||
end
|
||||
|
||||
return env.redirect url
|
||||
end
|
||||
|
@ -289,4 +289,52 @@ module Invidious::Routes::Watch
|
||||
return error_template(404, "The requested clip doesn't exist")
|
||||
end
|
||||
end
|
||||
|
||||
def self.download(env)
|
||||
if CONFIG.disabled?("downloads")
|
||||
return error_template(403, "Administrator has disabled this endpoint.")
|
||||
end
|
||||
|
||||
title = env.params.body["title"]? || ""
|
||||
video_id = env.params.body["id"]? || ""
|
||||
selection = env.params.body["download_widget"]?
|
||||
|
||||
if title.empty? || video_id.empty? || selection.nil?
|
||||
return error_template(400, "Missing form data")
|
||||
end
|
||||
|
||||
download_widget = JSON.parse(selection)
|
||||
extension = download_widget["ext"].as_s
|
||||
|
||||
filename = URI.encode_www_form(
|
||||
"#{video_id}-#{title}.#{extension}",
|
||||
space_to_plus: false
|
||||
)
|
||||
|
||||
# Pass form parameters as URL parameters for the handlers of both
|
||||
# /latest_version and /api/v1/captions. This avoids an un-necessary
|
||||
# redirect and duplicated (and hazardous) sanity checks.
|
||||
env.params.query["id"] = video_id
|
||||
env.params.query["title"] = filename
|
||||
|
||||
# Delete the useless ones
|
||||
env.params.body.delete("id")
|
||||
env.params.body.delete("title")
|
||||
env.params.body.delete("download_widget")
|
||||
|
||||
if label = download_widget["label"]?
|
||||
# URL params specific to /api/v1/captions/:id
|
||||
env.params.query["label"] = URI.encode_www_form(label.as_s, space_to_plus: false)
|
||||
|
||||
return Invidious::Routes::API::V1::Videos.captions(env)
|
||||
elsif itag = download_widget["itag"]?.try &.as_i
|
||||
# URL params specific to /latest_version
|
||||
env.params.query["itag"] = itag.to_s
|
||||
env.params.query["local"] = "true"
|
||||
|
||||
return Invidious::Routes::VideoPlayback.latest_version(env)
|
||||
else
|
||||
return error_template(400, "Invalid label or itag")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user