From 212f6d6bf5861ed54024992e5babd50dc5ac62a6 Mon Sep 17 00:00:00 2001 From: matthewmcgarvey Date: Mon, 17 Jan 2022 09:36:42 -0600 Subject: [PATCH 1/6] Fix channel search json parse to not raise --- src/invidious/search.cr | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/invidious/search.cr b/src/invidious/search.cr index 2095721c8..0bb7c69d3 100644 --- a/src/invidious/search.cr +++ b/src/invidious/search.cr @@ -5,7 +5,7 @@ def channel_search(query, page, channel) response = YT_POOL.client &.get("/user/#{channel}") response = YT_POOL.client &.get("/c/#{channel}") if response.status_code == 404 initial_data = extract_initial_data(response.body) - ucid = initial_data["header"]["c4TabbedHeaderRenderer"]?.try &.["channelId"].as_s? + ucid = initial_data.dig?("header", "c4TabbedHeaderRenderer", "channelId").try(&.as_s?) raise InfoException.new("Impossible to extract channel ID from page") if !ucid else ucid = channel From 97dceb3a5a8037fffc28b0e2deca4ebc42b24177 Mon Sep 17 00:00:00 2001 From: matthewmcgarvey Date: Mon, 17 Jan 2022 09:49:29 -0600 Subject: [PATCH 2/6] Custom error on channel search, handle in search --- src/invidious/search.cr | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/invidious/search.cr b/src/invidious/search.cr index 0bb7c69d3..6cb61e7d8 100644 --- a/src/invidious/search.cr +++ b/src/invidious/search.cr @@ -1,3 +1,6 @@ +class ChannelSearchException < InfoException +end + def channel_search(query, page, channel) response = YT_POOL.client &.get("/channel/#{channel}") @@ -6,7 +9,7 @@ def channel_search(query, page, channel) response = YT_POOL.client &.get("/c/#{channel}") if response.status_code == 404 initial_data = extract_initial_data(response.body) ucid = initial_data.dig?("header", "c4TabbedHeaderRenderer", "channelId").try(&.as_s?) - raise InfoException.new("Impossible to extract channel ID from page") if !ucid + raise ChannelSearchException.new("Impossible to extract channel ID from page") if !ucid else ucid = channel end @@ -210,7 +213,13 @@ def process_search_query(query, page, user, region) search_query = (query.split(" ") - operators).join(" ") if channel - count, items = channel_search(search_query, page, channel) + begin + count, items = channel_search(search_query, page, channel) + rescue ChannelSearchException + # most likely reason for this is that they provided an invalid channel id to the search + count = 0 + items = [] of ChannelVideo + end elsif subscriptions if view_name items = PG_DB.query_all("SELECT id,title,published,updated,ucid,author,length_seconds FROM ( From d4f3139b734c401714682559b7b0137a5db9b3bd Mon Sep 17 00:00:00 2001 From: matthewmcgarvey Date: Mon, 17 Jan 2022 09:59:42 -0600 Subject: [PATCH 3/6] Don't catch and provide better error message instead --- src/invidious/search.cr | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/src/invidious/search.cr b/src/invidious/search.cr index 6cb61e7d8..5b824307f 100644 --- a/src/invidious/search.cr +++ b/src/invidious/search.cr @@ -1,4 +1,7 @@ class ChannelSearchException < InfoException + def initialize(channel : String) + super "Unable to find channel with id of '#{channel}'. Are you sure that's an actual channel id?" + end end def channel_search(query, page, channel) @@ -9,7 +12,7 @@ def channel_search(query, page, channel) response = YT_POOL.client &.get("/c/#{channel}") if response.status_code == 404 initial_data = extract_initial_data(response.body) ucid = initial_data.dig?("header", "c4TabbedHeaderRenderer", "channelId").try(&.as_s?) - raise ChannelSearchException.new("Impossible to extract channel ID from page") if !ucid + raise ChannelSearchException.new(channel) if !ucid else ucid = channel end @@ -213,13 +216,7 @@ def process_search_query(query, page, user, region) search_query = (query.split(" ") - operators).join(" ") if channel - begin - count, items = channel_search(search_query, page, channel) - rescue ChannelSearchException - # most likely reason for this is that they provided an invalid channel id to the search - count = 0 - items = [] of ChannelVideo - end + count, items = channel_search(search_query, page, channel) elsif subscriptions if view_name items = PG_DB.query_all("SELECT id,title,published,updated,ucid,author,length_seconds FROM ( From 56e505164d5faa1b3db15a18e0a0359d4b66d468 Mon Sep 17 00:00:00 2001 From: matthewmcgarvey Date: Tue, 18 Jan 2022 18:56:26 -0600 Subject: [PATCH 4/6] 404 error with message and provide example --- src/invidious/routes/search.cr | 2 ++ src/invidious/search.cr | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/invidious/routes/search.cr b/src/invidious/routes/search.cr index c256d156c..5f9bf5e0f 100644 --- a/src/invidious/routes/search.cr +++ b/src/invidious/routes/search.cr @@ -55,6 +55,8 @@ module Invidious::Routes::Search begin search_query, count, videos, operators = process_search_query(query, page, user, region: region) + rescue ex : ChannelSearchException + return error_template(404, "Unable to find channel with id of '#{ex.channel}'. Are you sure that's an actual channel id? It will look like 'UC4QobU6STFB0P71PMvOGN5A'.") rescue ex return error_template(500, ex) end diff --git a/src/invidious/search.cr b/src/invidious/search.cr index 5b824307f..0f6dc6eba 100644 --- a/src/invidious/search.cr +++ b/src/invidious/search.cr @@ -1,6 +1,7 @@ class ChannelSearchException < InfoException - def initialize(channel : String) - super "Unable to find channel with id of '#{channel}'. Are you sure that's an actual channel id?" + getter channel : String + + def initialize(@channel) end end From 574e35a720adea4132ae91ce1c70ca0c34461d6c Mon Sep 17 00:00:00 2001 From: matthewmcgarvey Date: Wed, 19 Jan 2022 09:01:13 -0600 Subject: [PATCH 5/6] HTML escape user input --- src/invidious/routes/search.cr | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/invidious/routes/search.cr b/src/invidious/routes/search.cr index 5f9bf5e0f..19f33a403 100644 --- a/src/invidious/routes/search.cr +++ b/src/invidious/routes/search.cr @@ -56,7 +56,7 @@ module Invidious::Routes::Search begin search_query, count, videos, operators = process_search_query(query, page, user, region: region) rescue ex : ChannelSearchException - return error_template(404, "Unable to find channel with id of '#{ex.channel}'. Are you sure that's an actual channel id? It will look like 'UC4QobU6STFB0P71PMvOGN5A'.") + return error_template(404, "Unable to find channel with id of '#{HTML.escape(ex.channel)}'. Are you sure that's an actual channel id? It will look like 'UC4QobU6STFB0P71PMvOGN5A'.") rescue ex return error_template(500, ex) end From c5967ad572191ad7b99dec08111974b04dffc6d0 Mon Sep 17 00:00:00 2001 From: Matthew McGarvey Date: Tue, 25 Jan 2022 11:35:19 -0600 Subject: [PATCH 6/6] will -> should Co-authored-by: Samantaz Fox --- src/invidious/routes/search.cr | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/invidious/routes/search.cr b/src/invidious/routes/search.cr index 19f33a403..5e606adf7 100644 --- a/src/invidious/routes/search.cr +++ b/src/invidious/routes/search.cr @@ -56,7 +56,7 @@ module Invidious::Routes::Search begin search_query, count, videos, operators = process_search_query(query, page, user, region: region) rescue ex : ChannelSearchException - return error_template(404, "Unable to find channel with id of '#{HTML.escape(ex.channel)}'. Are you sure that's an actual channel id? It will look like 'UC4QobU6STFB0P71PMvOGN5A'.") + return error_template(404, "Unable to find channel with id of '#{HTML.escape(ex.channel)}'. Are you sure that's an actual channel id? It should look like 'UC4QobU6STFB0P71PMvOGN5A'.") rescue ex return error_template(500, ex) end