Add support for multiple sessions

This commit is contained in:
Omar Roth 2018-08-15 12:40:42 -05:00
parent 45ce301bd2
commit 8adb4650a0
4 changed files with 25 additions and 17 deletions

View File

@ -4,7 +4,7 @@
CREATE TABLE public.users CREATE TABLE public.users
( (
id text COLLATE pg_catalog."default" NOT NULL, id text[] COLLATE pg_catalog."default" NOT NULL,
updated timestamp with time zone, updated timestamp with time zone,
notifications text[] COLLATE pg_catalog."default", notifications text[] COLLATE pg_catalog."default",
subscriptions text[] COLLATE pg_catalog."default", subscriptions text[] COLLATE pg_catalog."default",

View File

@ -114,10 +114,11 @@ before_all do |env|
# Invidious users only have SID # Invidious users only have SID
if !env.request.cookies.has_key? "SSID" if !env.request.cookies.has_key? "SSID"
user = PG_DB.query_one?("SELECT * FROM users WHERE id = $1", sid, as: User) user = PG_DB.query_one?("SELECT * FROM users WHERE $1 = ANY(id)", sid, as: User)
if user if user
env.set "user", user env.set "user", user
env.set "sid", sid
end end
else else
begin begin
@ -125,6 +126,7 @@ before_all do |env|
user = get_user(sid, client, headers, PG_DB, false) user = get_user(sid, client, headers, PG_DB, false)
env.set "user", user env.set "user", user
env.set "sid", sid
rescue ex rescue ex
end end
end end
@ -621,8 +623,8 @@ post "/login" do |env|
end end
if Crypto::Bcrypt::Password.new(user.password.not_nil!) == password if Crypto::Bcrypt::Password.new(user.password.not_nil!) == password
sid = Base64.encode(Random::Secure.random_bytes(50)) sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
PG_DB.exec("UPDATE users SET id = $1 WHERE email = $2", sid, email) PG_DB.exec("UPDATE users SET id = id || $1 WHERE email = $2", [sid], email)
if Kemal.config.ssl || CONFIG.https_only if Kemal.config.ssl || CONFIG.https_only
secure = true secure = true
@ -643,7 +645,7 @@ post "/login" do |env|
next templated "error" next templated "error"
end end
sid = Base64.encode(Random::Secure.random_bytes(50)) sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
user = create_user(sid, email, password) user = create_user(sid, email, password)
user_array = user.to_a user_array = user.to_a
@ -673,6 +675,12 @@ get "/signout" do |env|
cookie.expires = Time.new(1990, 1, 1) cookie.expires = Time.new(1990, 1, 1)
end end
if env.get? "user"
user = env.get("user").as(User)
sid = env.get("sid").as(String)
PG_DB.exec("UPDATE users SET id = array_remove(id, $1) WHERE email = $2", sid, user.email)
end
env.request.cookies.add_response_headers(env.response.headers) env.request.cookies.add_response_headers(env.response.headers)
env.redirect referer env.redirect referer
end end
@ -865,7 +873,7 @@ get "/subscription_manager" do |env|
headers["Cookie"] = env.request.headers["Cookie"] headers["Cookie"] = env.request.headers["Cookie"]
client = make_client(YT_URL) client = make_client(YT_URL)
user = get_user(user.id, client, headers, PG_DB) user = get_user(user.id[0], client, headers, PG_DB)
end end
action_takeout = env.params.query["action_takeout"]?.try &.to_i? action_takeout = env.params.query["action_takeout"]?.try &.to_i?
@ -1173,7 +1181,7 @@ get "/feed/subscriptions" do |env|
if !user.password if !user.password
client = make_client(YT_URL) client = make_client(YT_URL)
user = get_user(user.id, client, headers, PG_DB) user = get_user(user.id[0], client, headers, PG_DB)
end end
max_results = preferences.max_results max_results = preferences.max_results

View File

@ -269,7 +269,7 @@ def generate_captcha(key)
answer = "#{hour}:#{minute.to_s.rjust(2, '0')}" answer = "#{hour}:#{minute.to_s.rjust(2, '0')}"
token = OpenSSL::HMAC.digest(:sha256, key, answer) token = OpenSSL::HMAC.digest(:sha256, key, answer)
token = Base64.encode(token) token = Base64.urlsafe_encode(token)
return {challenge: challenge, token: token} return {challenge: challenge, token: token}
end end

View File

@ -10,7 +10,7 @@ class User
end end
add_mapping({ add_mapping({
id: String, id: Array(String),
updated: Time, updated: Time,
notifications: Array(String), notifications: Array(String),
subscriptions: Array(String), subscriptions: Array(String),
@ -78,8 +78,8 @@ class Preferences
end end
def get_user(sid, client, headers, db, refresh = true) def get_user(sid, client, headers, db, refresh = true)
if db.query_one?("SELECT EXISTS (SELECT true FROM users WHERE id = $1)", sid, as: Bool) if db.query_one?("SELECT EXISTS (SELECT true FROM users WHERE $1 = ANY(id))", sid, as: Bool)
user = db.query_one("SELECT * FROM users WHERE id = $1", sid, as: User) user = db.query_one("SELECT * FROM users WHERE $1 = ANY(id)", sid, as: User)
if refresh && Time.now - user.updated > 1.minute if refresh && Time.now - user.updated > 1.minute
user = fetch_user(sid, client, headers, db) user = fetch_user(sid, client, headers, db)
@ -89,7 +89,7 @@ def get_user(sid, client, headers, db, refresh = true)
args = arg_array(user_array) args = arg_array(user_array)
db.exec("INSERT INTO users VALUES (#{args}) \ db.exec("INSERT INTO users VALUES (#{args}) \
ON CONFLICT (email) DO UPDATE SET id = $1, updated = $2, subscriptions = $4", user_array) ON CONFLICT (email) DO UPDATE SET id = users.id || $1, updated = $2, subscriptions = $4", user_array)
end end
else else
user = fetch_user(sid, client, headers, db) user = fetch_user(sid, client, headers, db)
@ -99,7 +99,7 @@ def get_user(sid, client, headers, db, refresh = true)
args = arg_array(user.to_a) args = arg_array(user.to_a)
db.exec("INSERT INTO users VALUES (#{args}) \ db.exec("INSERT INTO users VALUES (#{args}) \
ON CONFLICT (email) DO UPDATE SET id = $1, updated = $2, subscriptions = $4", user_array) ON CONFLICT (email) DO UPDATE SET id = users.id || $1, updated = $2, subscriptions = $4", user_array)
end end
return user return user
@ -132,7 +132,7 @@ def fetch_user(sid, client, headers, db)
token = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) token = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
user = User.new(sid, Time.now, [] of String, channels, email, DEFAULT_USER_PREFERENCES, nil, token, [] of String) user = User.new([sid], Time.now, [] of String, channels, email, DEFAULT_USER_PREFERENCES, nil, token, [] of String)
return user return user
end end
@ -140,7 +140,7 @@ def create_user(sid, email, password)
password = Crypto::Bcrypt::Password.create(password, cost: 10) password = Crypto::Bcrypt::Password.create(password, cost: 10)
token = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) token = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
user = User.new(sid, Time.now, [] of String, [] of String, email, DEFAULT_USER_PREFERENCES, password.to_s, token, [] of String) user = User.new([sid], Time.now, [] of String, [] of String, email, DEFAULT_USER_PREFERENCES, password.to_s, token, [] of String)
return user return user
end end