Previously, the user's session cookie was being checked against the
database for all non-static requests. However, this is not really
needed and wastes resources (and is slow).
For most page views (e.g. index, channel page), just parsing the value
of the cookie is sufficient:
* The cookies are already HMAC signed, so tampering with them ought to
be for all reasonable purposes, impossible.
* Assuming the worst case, all a nefarious user could manage to do is
change the text of the "Welcome, {user}" and cause a (non-functional)
ACP link to appear clientside, both of which are already possible by
using the Inspect Element tool.
For authenticated pages (currently, the ACP, and anything under
/account/), the full database check is still performed (for now).
The `cytube-common` module was created as part of a now-defunct
experiment and since then has just remained a crufty container for a few
utils. Moved the utils to the main repo and removed the dependency.
Add a dependency on `prom-client` and emit a basic latency metric for
testing purposes. Add a new configuration file for enabling/disabling
prometheus exporter and configuring the listen address.
The use of the channel library as a cache for metadata to avoid
re-requesting metadata for known media is an optimization that dates
back to 1.0. However, it doesn't have any TTL, is prone to bugs, and is
of dubious value.
This commit ignores the results of the library check when queueing a new
video, opting to always re-request the metadata. This fixes a few bugs:
* Google Drive metadata being lost when storing in library
* Streamable metadata being lost when storing in library
* Videos in the channel library that are now unavailable on their
source website being queueable and then failing to play (e.g. deleted
YouTube videos).
In its place, a small fail-open check is left behind to emit metric
counters on how many queues would have been cache-hits, to provide
insight into whether a proper caching solution (i.e. one not tacked on
top of the library) would be worth pursuing or not. This will be
removed eventually.
Allows switching resolutions via the video.js UI. Also added support on
the player side for 540p, 1440p, and 2160p videos, although the metadata
extractors have not been updated to provide these sources yet.
At various times in the past, upgrades in the sanitize-html library that
changed behavior of HTML filtering have caused things like emotes to
break unexpectedly. This commit adds a basic test to sanitize
non-alphanumeric characters found in channels' emote codes so that if
the library changes, the test will break and give a heads up that
something changed.
Fixes#681. Technically, resending the entire userlist is not
necessary; it would be sufficient to resent setUserMeta, but there's not
currently a bulk frame for that so sending the userlist is probably more
efficient.
Camo: https://github.com/atmos/camo. This has a couple advantages over
just allowing images to be dumped as-is:
- Prevents mixed-content warnings by allowing the server to proxy HTTP
images to an HTTPS camo instance
- Protects users' privacy by not exposing their browser directly to
the image host
- Allows the camo proxy to intercept and reject bad image sources
(URLs that are not actually images, gigapixel-sized images likely to
DoS users' browsers, etc.)
Whitelisting specific domains is supported for cases where the source is
known to be trustworthy.
Old version of `yamljs` was bringing in deprecated dependencies causing
`npm install` warnings. Newer version is still buggy and doesn't
fully support the YAML spec, but it seems to work at least as well as
the old version, as far as I can tell.
User.prototype.refreshAccount was responsible for multiple race
condition bugs as well as inefficient duplication of DB queries in an
attempt to correct such race conditions.
It has now been replaced by a more reasonable model:
* Global user account information and aliases are fetched in parallel
on socket connection
* Channel rank is fetched when the user tries to join a channel
Really the entire "Account" thing needs to be refactored/deleted and
replaced with separate global account and per-channel state, which I
plan to do, but this brings some minor benefit in the meantime
The dependency on status-message-polyfill appeared to be missing part of its URL, judging by the rest of the file. Changing this line allowed me to build and install on a self-hosted server.
The previous commits do not handle all of the edge cases of #583
appropriately. This is a short term solution that will work, but is not
as efficient as it could be. The whole refreshAccount function needs to
be reconsidered and replaced with a more sane way of handling atomic
updates to the user's account state.
Since all channels were saved sequentially, this would cause huge lag
spikes every time the channel save interval fired. This change adds a
delay between each channel so that the additional load is spread evenly
across the save interval.
Instead of emitting frames to each individual socket, group them into
socket.io rooms of people who can see hidden poll results and people who
can't, then just do 2 broadcasts.
Refactored the ffprobe stream-selection logic to handle rejected files
better:
* Streams tagged as a non-default disposition are not considered
* If a file has any video stream, the audio stream will be ignored
This should prevent videos from being misreported as invalid audio
codecs, etc.
If clients call it quickly in succession with large playlists, it can
cause node to get stuck stringifying socket.io frames and cause an out
of memory crash.