1
0
mirror of https://github.com/iv-org/invidious.git synced 2024-12-22 05:55:09 -05:00
Commit Graph

2045 Commits

Author SHA1 Message Date
Omar Roth
bd7950b757
Add toggle_parent to dynamic handlers 2020-03-15 18:52:49 -04:00
Omar Roth
59a15ceef6
Remove VarInt class 2020-03-15 17:47:16 -04:00
Omar Roth
4011a113cc
Strip invalid characters from referer URLs 2020-03-15 17:47:16 -04:00
leonklingele
70cbe91776
Migrate to a good Content Security Policy ()
So attacks such as XSS (see [0]) will no longer be of an issue.

[0]: https://github.com/omarroth/invidious/issues/1022
2020-03-15 16:46:08 -05:00
Omar Roth
f92027c44b
Escape 'sort_by' 2020-03-10 11:25:32 -04:00
Omar Roth
1443335315
Switch textcaptcha to HTTPS 2020-03-10 11:12:11 -04:00
Omar Roth
6ff2229a09
Bump dependencies 2020-03-06 13:59:42 -05:00
Omar Roth
bb72672dd9
Replace static asset requests with QUIC 2020-03-06 13:53:35 -05:00
Omar Roth
d96dee3aa6
Add debug info to videoplayback 2020-03-06 13:50:00 -05:00
Omar Roth
bd0aaa343b
Prevent storyboards from hanging 2020-03-05 13:49:06 -05:00
Omar Roth
3126e1ac94
docker: allow to configure Invidious by env var ()
Invidious gained support to read its configuration from an env var
instead of config file in e3c10d779d.

Unfortunately, Docker doesn't allow newline characters in env var
values (see [0]) which means we can only provide a proper YAML config
by using the inlined configuration in docker-compose.yml which,
unfortunately, is tracked by Git. Once support for multiline env var
values has been added to Docker, we should migrate and read the config
from a .env file instead (which is not tracked by Git).

[0]: https://github.com/docker/compose/issues/3527
2020-03-04 12:33:13 -06:00
Omar Roth
a117d87f33
Skip validation checks for videoplayback, ggpht 2020-03-04 13:06:17 -05:00
Omar Roth
9dc4f8a1aa
Escape item titles in search page 2020-03-04 13:03:14 -05:00
leonklingele
0d536d11e3
Verify token signature in constant time, Run cheap checks first in token validation process ()
* Verify token signature in constant time

To prevent timing side channel attacks

* Run cheap checks first in token validation process

Expensive checks such as the nonce lookup on the database or the
signature check can be run after cheap/fast checks.
2020-03-02 10:04:36 -06:00
B͈̤̖̪̪̱ͅl̯̯̮̼͎̬͚̳̩̖̲u̜̼͉͈̠b͙̬̘̙̱̗̲͙b͍̞̬̬͓̼l̰̪͖̯̼̟̟͈̖͕̜̱̜ͅl̻̗͔̝̭̰͚͇̯̥
72a4962fd0
add lapisTube () 2020-03-02 09:35:28 -06:00
Kyle Copperfield
a3045a3953
Use a MediaQueryListener to toggle on demand. Tested on OSX. ()
Closes .
2020-03-02 09:33:47 -06:00
Tommy Miland
c620a22017
Add logfile to logrotate () 2020-03-02 09:19:07 -06:00
Omar Roth
856ec03cc7
Revert "Add HOST_AUTH_METHOD=trust to docker compose (see )"
This reverts commit ef70668a77.
2020-03-01 11:07:37 -05:00
leonklingele
c80c5631f0
docker: do not require password for PostgreSQL superuser, docker,kubernetes: create "privacy" type before using it, travis: do not run "docker-compose up" in detached mode ()
* docker: do not require password for PostgreSQL superuser

A password is now required by the postgres Docker image which makes
initial setup (and our CI build) fail with the following error:

    postgres_1   | Error: Database is uninitialized and superuser password is not specified.
    postgres_1   |        You must specify POSTGRES_PASSWORD for the superuser. Use
    postgres_1   |        "-e POSTGRES_PASSWORD=password" to set it in "docker run".
    postgres_1   |
    postgres_1   |        You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
    postgres_1   |        without a password. This is *not* recommended. See PostgreSQL
    postgres_1   |        documentation about "trust":
    postgres_1   |        https://www.postgresql.org/docs/current/auth-trust.html

See https://github.com/docker-library/postgres/issues/681.

* docker,kubernetes: create PostgreSQL "privacy" type before using it

Fixes the following error when setting up the database:

    postgres_1   | 2020-02-21 01:01:22.371 UTC [172] ERROR:  type "privacy" does not exist at character 200
    postgres_1   | 2020-02-21 01:01:22.371 UTC [172] STATEMENT:  CREATE TABLE public.playlists
    postgres_1   | 	(
    postgres_1   | 	    title text,
    postgres_1   | 	    id text primary key,
    postgres_1   | 	    author text,
    postgres_1   | 	    description text,
    postgres_1   | 	    video_count integer,
    postgres_1   | 	    created timestamptz,
    postgres_1   | 	    updated timestamptz,
    postgres_1   | 	    privacy privacy,
    postgres_1   | 	    index int8[]
    postgres_1   | 	);
    postgres_1   | ERROR:  type "privacy" does not exist
    postgres_1   | LINE 10:     privacy privacy,

* travis: do not run "docker-compose up" in detached mode

Rather, allow database to finish its setup procedure and grant
Invidious time to launch.
2020-03-01 10:06:45 -06:00
Omar Roth
ef70668a77
Add HOST_AUTH_METHOD=trust to docker compose (see ) 2020-03-01 10:51:17 -05:00
Karol Kosek
ebd4691462 Update Polish translation 2020-03-01 16:31:32 +01:00
Tymofij Lytvynenko
28554235be Update Ukrainian translation 2020-03-01 16:31:32 +01:00
Deleted User
efbbb6fd20 Update German translation 2020-03-01 16:31:32 +01:00
Omar Roth
9de57021a3
Update postgres setup 2020-03-01 10:30:55 -05:00
Omar Roth
e21f770485
Fix status check for channel page 2020-02-28 15:57:45 -05:00
Omar Roth
697c00dccf
Sanitize PLID 2020-02-28 14:10:01 -05:00
Omar Roth
1caf6a3298
Fix deadlock when updating notifications 2020-02-28 13:13:48 -05:00
Omar Roth
02fd02d482
Remove DB array concatenation 2020-02-28 12:14:29 -05:00
Pedro Lucas Porcellis
239fb0db94
Remove duplicated Github logo on footer ()
* Remove duplicated Github logo on footer
2020-02-20 18:50:54 -05:00
Omar Roth
fe1d73c3e5
Merge pull request from leonklingele/add-kubernetes
Add support to run on Kubernetes, add Helm chart
2020-02-20 18:45:25 -05:00
Omar Roth
43da06a354
Remove temp fix for 2020-02-20 18:30:46 -05:00
Omar Roth
fea6b67067
Remove 'type' attribute from community embed 2020-02-20 18:30:46 -05:00
Omar Roth
f065ae54d5
Merge pull request from leonklingele/crystal-0.33.0-format
Update code formatting for Crystal 0.33.0
2020-02-20 18:10:56 -05:00
Omar Roth
3cf417766d
Merge pull request from leanderseidlitz/master
readme.md: fix missing playlist relation in postgresql
2020-02-20 18:10:26 -05:00
Leander Seidlitz
0fb41b10e9
readme.md: fix missing playlist relation in postgresql 2020-02-15 20:58:52 +01:00
Leon Klingele
bc9dc3bf1e
Update code formatting for Crystal 0.33.0
Crystal 0.33.0 introduced some changes to to the code formatter.
Run "crystal tool format" so CI doesn't fail anymore.
2020-02-15 19:52:28 +01:00
Leon Klingele
3cde5e28a8
Add support to run on Kubernetes, add Helm chart
See relevant README.md for more details.
2020-02-07 13:46:12 +01:00
Omar Roth
cb8e7181c4
Merge pull request from leonklingele/config-env
Add support to read config from environment variable
2020-02-06 20:13:34 -05:00
Omar Roth
9a3becdecc
Merge pull request from jorgesumle/master
Remove invalid and useless HTML from embed player
2020-02-06 20:12:17 -05:00
Leon Klingele
e3c10d779d
Add support to read config from environment variable
Try to read app config from the "INVIDIOUS_CONFIG" environment variable.
If the variable is undefined, read config from config.yml file as before.

Required by https://github.com/omarroth/invidious/pull/1015 et al.
2020-02-04 15:53:46 +01:00
Jorge Maldonado Ventura
dd9f1024f4 Remove invalid HTML from embed player 2020-02-01 19:25:03 +01:00
Omar Roth
9841f74adc
Add handling for comments with no content 2020-02-01 12:14:37 -05:00
Omar Roth
b56e493d92
Remove frameborder from community embeds 2020-02-01 11:23:12 -05:00
Omar Roth
a2c5211b20
Check /browse_ajax for channel blocks 2020-02-01 11:23:12 -05:00
Omar Roth
b7a7abed48
Merge pull request from outloudvi/zhcn-l10n
Update zh-CN translation
2020-02-01 11:13:03 -05:00
Omar Roth
72bfdfd925
Merge pull request from jorgesumle/embed
Change embed code
2020-02-01 11:11:12 -05:00
Outvi V
b80d34612a
Update zh-CN translation 2020-01-27 13:01:53 +08:00
Omar Roth
648cc0f006
Refactor signature extraction 2020-01-24 17:02:28 -05:00
chr56
830692dd60
Update Chinese (Simplified) translation 2020-01-17 22:50:16 -05:00
Adam Zieliński
95a6759381
Update Polish translation 2020-01-17 22:50:16 -05:00