Dockerfile: Switch to 84codes crystal compiler container image

2026-06-10 10:44:38 +05:30 · 2026-05-30 16:56:50 -04:00
13 changed files with 15 additions and 72 deletions
@@ -86,7 +86,7 @@ jobs:

      # https://github.com/marketplace/actions/docker-manifest-create-action
      - name: Create and push manifest
-        uses: int128/docker-manifest-create-action@v2.22.0
+        uses: int128/docker-manifest-create-action@v2.21.0
        with:
          push: true
          tags: quay.io/invidious/invidious:master
@@ -78,7 +78,7 @@ jobs:

      # https://github.com/marketplace/actions/docker-manifest-create-action
      - name: Create and push manifest
-        uses: int128/docker-manifest-create-action@v2.22.0
+        uses: int128/docker-manifest-create-action@v2.21.0
        with:
          push: true
          tags: quay.io/invidious/invidious:latest
@@ -151,26 +151,6 @@ db:
 ##
 domain:

-##
-## List of alternative domains where the invidious instance is being served.
-## This needs to be set in order to be able to login and update user preferences
-## when using a domain that is not the same as the `domain` configuration,
-## like a .`onion` address, `.i2p` address, `.b32.i2p` address, etc.
-##
-## It will detect the alternative domain trough the `X-Forwarded-Host` header.
-## https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-Host
-##
-## Accepted values: a list of fully qualified domain names (FQDN)
-## Default: <none>
-##
-## Example:
-## alternative_domains:
-##   - invidious.example.com
-##   - inv.example.com
-##   - videos.example.com
-##
-alternative_domains:
-
 ##
 ## Tell Invidious that it is behind a proxy that provides only
 ## HTTPS, so all links must use the https:// scheme. This
@@ -121,8 +121,6 @@ class Config
  property hmac_key : String = ""
  # Domain to be used for links to resources on the site where an absolute URL is required
  property domain : String?
-  # Additional domain list that is going to be used for cookie domain validation
-  property alternative_domains : Array(String) = [] of String
  # Subscribe to channels using PubSubHubbub (requires domain, hmac_key)
  property use_pubsub_feeds : Bool | Int32 = false
  property popular_enabled : Bool = true
@@ -201,7 +201,7 @@ def error_redirect_helper(env : HTTP::Server::Context)
          <a href="/redirect?referer=#{env.get("current_page")}">#{switch_instance}</a>
        </li>
        <li>
-          <a rel="noreferrer noopener" href="https://www.youtube.com#{env.request.resource}">#{go_to_youtube}</a>
+          <a rel="noreferrer noopener" href="https://youtube.com#{env.request.resource}">#{go_to_youtube}</a>
        </li>
      </ul>
    END_HTML
@@ -32,8 +32,6 @@ module Invidious::Routes::BeforeAll
    env.response.headers["X-XSS-Protection"] = "1; mode=block"
    env.response.headers["X-Content-Type-Options"] = "nosniff"

-    env.set "header_x-forwarded-host", env.request.headers["X-Forwarded-Host"]?
-
    # Only allow the pages at /embed/* to be embedded
    if env.request.resource.starts_with?("/embed")
      frame_ancestors = "'self' file: http: https:"
@@ -351,7 +351,7 @@ module Invidious::Routes::Channels
    invidious_url_params.delete_all("user")

    begin
-      resolved_url = YoutubeAPI.resolve_url("https://www.youtube.com#{env.request.path}#{yt_url_params.size > 0 ? "?#{yt_url_params}" : ""}")
+      resolved_url = YoutubeAPI.resolve_url("https://youtube.com#{env.request.path}#{yt_url_params.size > 0 ? "?#{yt_url_params}" : ""}")
      ucid = resolved_url["endpoint"]["browseEndpoint"]["browseId"]
    rescue ex : InfoException | KeyError
      return error_template(404, I18n.translate(locale, "This channel does not exist."))
@@ -8,7 +8,7 @@ module Invidious::Routes::ErrorRoutes
    if md = env.request.path.match(/^\/(?<id>([a-zA-Z0-9_-]{11})|(\w+))$/)
      item = md["id"]

-      # Check if item is branding URL e.g. https://www.youtube.com/gaming
+      # Check if item is branding URL e.g. https://youtube.com/gaming
      response = YT_POOL.client &.get("/#{item}")

      if response.status_code == 301
@@ -320,7 +320,7 @@ module Invidious::Routes::Feeds
        case attribute.name
        when "url", "href"
          request_target = URI.parse(node[attribute.name]).request_target
-          query_string_opt = request_target.starts_with?("/watch?v=") ? ("&#{params}" if !params.empty?) : ""
+          query_string_opt = request_target.starts_with?("/watch?v=") ? "&#{params}" : ""
          node[attribute.name] = "#{HOST_URL}#{request_target}#{query_string_opt}"
        else nil # Skip
        end
@@ -26,7 +26,6 @@ module Invidious::Routes::Login

  def self.login(env)
    locale = env.get("preferences").as(Preferences).locale
-    host = env.get("header_x-forwarded-host")

    referer = get_referer(env, "/feed/subscriptions")

@@ -58,11 +57,7 @@ module Invidious::Routes::Login
          sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
          Invidious::Database::SessionIDs.insert(sid, email)

-          if alt = CONFIG.alternative_domains.index(host)
-            env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.alternative_domains[alt], sid)
-          else
-            env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid)
-          end
+          env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid)
        else
          return error_template(401, "Wrong username or password")
        end
@@ -128,11 +123,7 @@ module Invidious::Routes::Login
        view_name = "subscriptions_#{sha256(user.email)}"
        PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}")

-        if alt = CONFIG.alternative_domains.index(host)
-          env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.alternative_domains[alt], sid)
-        else
-          env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid)
-        end
+        env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid)

        if env.request.cookies["PREFS"]?
          user.preferences = env.get("preferences").as(Preferences)
@@ -231,12 +231,7 @@ module Invidious::Routes::PreferencesRoute
        File.write("config/config.yml", CONFIG.to_yaml)
      end
    else
-      host = env.get("header_x-forwarded-host")
-      if alt = CONFIG.alternative_domains.index(host)
-        env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.alternative_domains[alt], preferences)
-      else
-        env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences)
-      end
+      env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences)
    end

    env.redirect referer
@@ -271,12 +266,7 @@ module Invidious::Routes::PreferencesRoute
        preferences.dark_mode = "dark"
      end

-      host = env.get("header_x-forwarded-host")
-      if alt = CONFIG.alternative_domains.index(host)
-        env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.alternative_domains[alt], preferences)
-      else
-        env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences)
-      end
+      env.response.cookies["PREFS"] = Invidious::User::Cookies.prefs(CONFIG.domain, preferences)
    end

    if redirect
@@ -6,24 +6,17 @@ struct Invidious::User

    # Note: we use ternary operator because the two variables
    # used in here are not booleans.
-    @@secure = (Kemal.config.ssl || CONFIG.https_only) ? true : false
+    SECURE = (Kemal.config.ssl || CONFIG.https_only) ? true : false

    # Session ID (SID) cookie
    # Parameter "domain" comes from the global config
    def sid(domain : String?, sid) : HTTP::Cookie
-      # Not secure if it's being accessed from I2P
-      # Browsers expect the domain to include https. On I2P there is no HTTPS
-      # Tor browser works fine with secure being true
-      if (domain.try &.split(".").last == "i2p") && @@secure
-        @@secure = false
-      end
-
      return HTTP::Cookie.new(
        name: "SID",
        domain: domain,
        value: sid,
        expires: Time.utc + 2.years,
-        secure: @@secure,
+        secure: SECURE,
        http_only: true,
        samesite: HTTP::Cookie::SameSite::Lax
      )
@@ -32,19 +25,12 @@ struct Invidious::User
    # Preferences (PREFS) cookie
    # Parameter "domain" comes from the global config
    def prefs(domain : String?, preferences : Preferences) : HTTP::Cookie
-      # Not secure if it's being accessed from I2P
-      # Browsers expect the domain to include https. On I2P there is no HTTPS
-      # Tor browser works fine with secure being true
-      if (domain.try &.split(".").last == "i2p") && @@secure
-        @@secure = false
-      end
-
      return HTTP::Cookie.new(
        name: "PREFS",
        domain: domain,
        value: URI.encode_www_form(preferences.to_json),
        expires: Time.utc + 2.years,
-        secure: @@secure,
+        secure: SECURE,
        http_only: false,
        samesite: HTTP::Cookie::SameSite::Lax
      )
@@ -480,7 +480,7 @@ module YoutubeAPI
  #
  # ```
  # # Valid channel "brand URL" gives the related UCID and browse ID
-  # channel_a = YoutubeAPI.resolve_url("https://www.youtube.com/c/google")
+  # channel_a = YoutubeAPI.resolve_url("https://youtube.com/c/google")
  # channel_a # => {
  #   "endpoint": {
  #     "browseEndpoint": {
@@ -492,7 +492,7 @@ module YoutubeAPI
  # }
  #
  # # Invalid URL returns throws an InfoException
-  # channel_b = YoutubeAPI.resolve_url("https://www.youtube.com/c/invalid")
+  # channel_b = YoutubeAPI.resolve_url("https://youtube.com/c/invalid")
  # ```
  #
  def resolve_url(url : String, client_config : ClientConfig | Nil = nil)