kavin/Piped-Backend
1
0
Fork 0
mirror of https://github.com/TeamPiped/Piped-Backend.git synced 2025-04-29 16:30:29 +05:30
Code Issues Projects Releases Wiki Activity

Merge pull request #488 from TeamPiped/fiter-invalid-id

Browse Source 
Filter invalid channel IDs
This commit is contained in:
Kavin 2022-12-14 20:44:30 +00:00 committed by GitHub
commit 262b5e07f2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/me/kavin/piped/Main.java
View File

@ -12,7 +12,6 @@ import me.kavin.piped.utils.obj.db.PlaylistVideo;
import me.kavin.piped.utils.obj.db.PubSub; import me.kavin.piped.utils.obj.db.PubSub;
import me.kavin.piped.utils.obj.db.Video; import me.kavin.piped.utils.obj.db.Video;
import okhttp3.OkHttpClient; import okhttp3.OkHttpClient;
import org.apache.commons.lang3.StringUtils;
import org.hibernate.Session; import org.hibernate.Session;
import org.hibernate.StatelessSession; import org.hibernate.StatelessSession;
import org.schabi.newpipe.extractor.NewPipe; import org.schabi.newpipe.extractor.NewPipe;
@ -123,9 +122,8 @@ public class Main {
.setParameter("unauthSubbed", System.currentTimeMillis() - TimeUnit.DAYS.toMillis(Constants.SUBSCRIPTIONS_EXPIRY)) .setParameter("unauthSubbed", System.currentTimeMillis() - TimeUnit.DAYS.toMillis(Constants.SUBSCRIPTIONS_EXPIRY))
.getResultStream() .getResultStream()
.parallel() .parallel()
.filter(ChannelHelpers::isValidId)
.forEach(id -> Multithreading.runAsyncLimitedPubSub(() -> { .forEach(id -> Multithreading.runAsyncLimitedPubSub(() -> {
if (StringUtils.isBlank(id) || !id.matches("UC[A-Za-z\\d_-]{22}"))
return;
try (StatelessSession sess = DatabaseSessionFactory.createStatelessSession()) { try (StatelessSession sess = DatabaseSessionFactory.createStatelessSession()) {
var pubsub = new PubSub(id, -1); var pubsub = new PubSub(id, -1);
var tr = sess.beginTransaction(); var tr = sess.beginTransaction();

17
src/main/java/me/kavin/piped/server/handlers/auth/FeedHandlers.java
View File

@ -8,10 +8,7 @@ import jakarta.persistence.criteria.CriteriaBuilder;
import jakarta.persistence.criteria.CriteriaQuery; import jakarta.persistence.criteria.CriteriaQuery;
import jakarta.persistence.criteria.JoinType; import jakarta.persistence.criteria.JoinType;
import me.kavin.piped.consts.Constants; import me.kavin.piped.consts.Constants;
import me.kavin.piped.utils.DatabaseHelper; import me.kavin.piped.utils.*;
import me.kavin.piped.utils.DatabaseSessionFactory;
import me.kavin.piped.utils.ExceptionHandler;
import me.kavin.piped.utils.Multithreading;
import me.kavin.piped.utils.obj.StreamItem; import me.kavin.piped.utils.obj.StreamItem;
import me.kavin.piped.utils.obj.SubscriptionChannel; import me.kavin.piped.utils.obj.SubscriptionChannel;
import me.kavin.piped.utils.obj.db.Channel; import me.kavin.piped.utils.obj.db.Channel;
@ -42,6 +39,9 @@ public class FeedHandlers {
if (StringUtils.isBlank(session) || StringUtils.isBlank(channelId)) if (StringUtils.isBlank(session) || StringUtils.isBlank(channelId))
ExceptionHandler.throwErrorResponse(new InvalidRequestResponse("session and channelId are required parameters")); ExceptionHandler.throwErrorResponse(new InvalidRequestResponse("session and channelId are required parameters"));
if (!ChannelHelpers.isValidId(channelId))
ExceptionHandler.throwErrorResponse(new InvalidRequestResponse("channelId is not a valid YouTube channel ID"));
try (Session s = DatabaseSessionFactory.createSession()) { try (Session s = DatabaseSessionFactory.createSession()) {
User user = DatabaseHelper.getUserFromSessionWithSubscribed(session); User user = DatabaseHelper.getUserFromSessionWithSubscribed(session);
@ -208,8 +208,7 @@ public class FeedHandlers {
public static byte[] unauthenticatedFeedResponse(String[] channelIds) throws Exception { public static byte[] unauthenticatedFeedResponse(String[] channelIds) throws Exception {
Set<String> filtered = Arrays.stream(channelIds) Set<String> filtered = Arrays.stream(channelIds)
.filter(StringUtils::isNotBlank) .filter(ChannelHelpers::isValidId)
.filter(id -> id.matches("[A-Za-z\\d_-]+"))
.collect(Collectors.toUnmodifiableSet()); .collect(Collectors.toUnmodifiableSet());
if (filtered.isEmpty()) if (filtered.isEmpty())
@ -250,8 +249,7 @@ public class FeedHandlers {
public static byte[] unauthenticatedFeedResponseRSS(String[] channelIds) throws Exception { public static byte[] unauthenticatedFeedResponseRSS(String[] channelIds) throws Exception {
Set<String> filtered = Arrays.stream(channelIds) Set<String> filtered = Arrays.stream(channelIds)
.filter(StringUtils::isNotBlank) .filter(ChannelHelpers::isValidId)
.filter(id -> id.matches("[A-Za-z\\d_-]+"))
.collect(Collectors.toUnmodifiableSet()); .collect(Collectors.toUnmodifiableSet());
if (filtered.isEmpty()) if (filtered.isEmpty())
@ -469,8 +467,7 @@ public class FeedHandlers {
throws IOException { throws IOException {
Set<String> filtered = Arrays.stream(channelIds) Set<String> filtered = Arrays.stream(channelIds)
.filter(StringUtils::isNotBlank) .filter(ChannelHelpers::isValidId)
.filter(id -> id.matches("[A-Za-z\\d_-]+"))
.collect(Collectors.toUnmodifiableSet()); .collect(Collectors.toUnmodifiableSet());
if (filtered.isEmpty()) if (filtered.isEmpty())

5
src/main/java/me/kavin/piped/utils/ChannelHelpers.java
View File

@ -3,6 +3,7 @@ package me.kavin.piped.utils;
import me.kavin.piped.consts.Constants; import me.kavin.piped.consts.Constants;
import me.kavin.piped.utils.obj.db.Channel; import me.kavin.piped.utils.obj.db.Channel;
import okhttp3.Request; import okhttp3.Request;
import org.apache.commons.lang3.StringUtils;
import org.hibernate.StatelessSession; import org.hibernate.StatelessSession;
import java.io.IOException; import java.io.IOException;
@ -11,6 +12,10 @@ import java.net.URL;
public class ChannelHelpers { public class ChannelHelpers {
public static boolean isValidId(String id) {
return !StringUtils.isBlank(id) && id.matches("UC[a-zA-Z\\d_-]{22}");
}
public static void updateChannel(StatelessSession s, Channel channel, String name, String avatarUrl, boolean uploaderVerified) { public static void updateChannel(StatelessSession s, Channel channel, String name, String avatarUrl, boolean uploaderVerified) {
boolean changed = false; boolean changed = false;

2
src/main/java/me/kavin/piped/utils/DatabaseHelper.java
View File

@ -175,7 +175,7 @@ public class DatabaseHelper {
public static Channel saveChannel(String channelId) { public static Channel saveChannel(String channelId) {
if (!channelId.matches("[A-Za-z\\d_-]+")) if (!ChannelHelpers.isValidId(channelId))
return null; return null;

3
src/main/java/me/kavin/piped/utils/PubSubHelper.java
View File

@ -13,6 +13,9 @@ import java.util.concurrent.TimeUnit;
public class PubSubHelper { public class PubSubHelper {
public static void subscribePubSub(String channelId) throws IOException { public static void subscribePubSub(String channelId) throws IOException {
if (!ChannelHelpers.isValidId(channelId))
return;
PubSub pubsub = DatabaseHelper.getPubSubFromId(channelId); PubSub pubsub = DatabaseHelper.getPubSubFromId(channelId);
if (pubsub == null || System.currentTimeMillis() - pubsub.getSubbedAt() > TimeUnit.DAYS.toMillis(4)) { if (pubsub == null || System.currentTimeMillis() - pubsub.getSubbedAt() > TimeUnit.DAYS.toMillis(4)) {

2
src/main/java/me/kavin/piped/utils/matrix/SyncRunner.java
View File

@ -148,11 +148,13 @@ public class SyncRunner implements Runnable {
} catch (Exception ignored) { } catch (Exception ignored) {
} }
}); });
continue;
} }
} }
case "video.piped.stream.bypass.response" -> { case "video.piped.stream.bypass.response" -> {
FederatedGeoBypassResponse bypassResponse = mapper.treeToValue(content, FederatedGeoBypassResponse.class); FederatedGeoBypassResponse bypassResponse = mapper.treeToValue(content, FederatedGeoBypassResponse.class);
GeoRestrictionBypassHelper.addResponse(bypassResponse); GeoRestrictionBypassHelper.addResponse(bypassResponse);
continue;
} }
} }
} }