diff --git a/src/invidious/helpers/tokens.cr b/src/invidious/helpers/tokens.cr index a44988cd..29198b4b 100644 --- a/src/invidious/helpers/tokens.cr +++ b/src/invidious/helpers/tokens.cr @@ -86,7 +86,12 @@ def validate_request(token, session, request, key, locale = nil) end scopes = token["scopes"].as_a.map(&.as_s) - scope = "#{request.method}:#{request.path.lchop("/api/v1/auth/").lstrip("/")}" + scope = "" + if scopes.includes?("::") + scope = "#{request.method}::#{request.path.lchop("/api/v1/").lstrip("/")}" + else + scope = "#{request.method}:#{request.path.lchop("/api/v1/auth/").lstrip("/")}" + end if !scopes_include_scope(scopes, scope) raise InfoException.new("Invalid scope") end @@ -107,11 +112,15 @@ def validate_request(token, session, request, key, locale = nil) end def scope_includes_scope(scope, subset) - methods, endpoint = scope.split(":") + if scope.includes?("::") + methods, endpoint = scope.split("::") + subset_methods, subset_endpoint = subset.split("::") + else + methods, endpoint = scope.split(":") + end methods = methods.split(";").map(&.upcase).reject(&.empty?).sort! endpoint = endpoint.downcase - subset_methods, subset_endpoint = subset.split(":") subset_methods = subset_methods.split(";").map(&.upcase).sort! subset_endpoint = subset_endpoint.downcase diff --git a/src/invidious/routes/api/v1/authentication.cr b/src/invidious/routes/api/v1/authentication.cr index 324d55e8..56442836 100644 --- a/src/invidious/routes/api/v1/authentication.cr +++ b/src/invidious/routes/api/v1/authentication.cr @@ -73,7 +73,7 @@ module Invidious::Routes::API::V1::Authentication end else # send captcha - captcha = Invidious::User::Captcha.generate_text(HMAC_KEY, ":register") + captcha = Invidious::User::Captcha.generate_text(HMAC_KEY, "POST::register") # Fix token formatting formatted_tokens : Array(JSON::Any) = Array(JSON::Any).new captcha["tokens"].each do |tok| @@ -280,3 +280,5 @@ struct CredentialsLogin property password : String property token : String end + +text = "Ryan said, \"Hello!\""