Git-Mirrors/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-04-20 15:45:46 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Routing

Browse Source 
Mistakes were made
This commit is contained in:
Ryan G 2023-06-13 16:14:19 -07:00
parent 42f484f733
commit 42d7b1d724
2 changed files with 8 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/invidious/helpers/tokens.cr
View File

@ -86,11 +86,12 @@ def validate_request(token, session, request, key, locale = nil)
end
scopes = token["scopes"].as_a.map(&.as_s)
scope = ""
if request.path.includes?("auth")
scope = "#{request.method}:#{request.path.lchop("/api/v1/auth/").lstrip("/")}"
elsif request.path.includes?("v1")
scope = "#{request.method}:#{request.path.lchop("/api/v1/").lstrip("/")}"
else
scope = "#{request.method}::#{request.path.lchop("/api/v1/").lstrip("/")}"
scope = "#{request.method}:#{request.path.lstrip("/")}"
end
if !scopes_include_scope(scopes, scope)
raise InfoException.new("Invalid scope")
@ -112,16 +113,11 @@ def validate_request(token, session, request, key, locale = nil)
end
def scope_includes_scope(scope, subset)
if scope.includes?("::")
methods, endpoint = scope.split("::")
subset_methods, subset_endpoint = subset.split("::")
else
methods, endpoint = scope.split(":")
subset_methods, subset_endpoint = subset.split(":")
end
methods, endpoint = scope.split(":")
methods = methods.split(";").map(&.upcase).reject(&.empty?).sort!
endpoint = endpoint.downcase
subset_methods, subset_endpoint = subset.split(":")
subset_methods = subset_methods.split(";").map(&.upcase).sort!
subset_endpoint = subset_endpoint.downcase

7
src/invidious/routing.cr
View File

@ -245,10 +245,9 @@ module Invidious::Routing
get "/api/v1/hashtag/:hashtag", {{namespace}}::Search, :hashtag
# Authentication
post "/api/v1/register", {{namespace}}::Authentication, :register
post "/api/v1/captcha", {{namespace}}::Authentication, :captcha
post "/api/v1/login", {{namespace}}::Authentication, :login
post "/api/v1/signout", {{namespace}}::Authentication, :signout
post "/api/v1/register", {{namespace}}::Authentication, :api_register
post "/api/v1/login", {{namespace}}::Authentication, :api_login
post "/api/v1/signout", {{namespace}}::Authentication, :api_signout
# Authenticated