cloudtube/utils/getuser.js

const crypto = require("crypto")
const {parse: parseCookie} = require("cookie")
const constants = require("./constants")
const db = require("./db")

function getToken(req, responseHeaders) {
	if (!req.headers.cookie) req.headers.cookie = ""
	const cookie = parseCookie(req.headers.cookie)
	let token = cookie.token
	if (!token) {
		if (responseHeaders) { // we should create a token
			token = setToken(responseHeaders).token
		} else {
			return null
		}
	}
	db.prepare(
		"INSERT INTO SeenTokens (token, seen) VALUES (?, ?)"
			+ " ON CONFLICT (token) DO UPDATE SET seen = excluded.seen"
	).run([token, Date.now()])
	return token
}

function setToken(responseHeaders, token) {
	const setCookie = responseHeaders["set-cookie"] || []
	if (!token) token = crypto.randomBytes(18).toString("base64").replace(/\W/g, "_")
	setCookie.push(`token=${token}; Path=/; Max-Age=2147483647; HttpOnly; SameSite=Lax`)
	responseHeaders["set-cookie"] = setCookie
	return {token, responseHeaders}
}

class User {
	constructor(token) {
		this.token = token
	}

	/** @return {{instance?: string, save_history?: boolean, local?: boolean, quality?: number}} */
	getSettings() {
		if (this.token) {
			return db.prepare("SELECT * FROM Settings WHERE token = ?").get(this.token) || {}
		} else {
			return {}
		}
	}

	/** @return {{instance?: string, save_history?: boolean, local?: boolean, quality?: number}} */
	getSettingsOrDefaults() {
		const settings = this.getSettings()
		for (const key of Object.keys(constants.user_settings)) {
			if (settings[key] == null) settings[key] = constants.user_settings[key].default
		}
		return settings
	}

	getSubscriptions() {
		if (this.token) {
			return db.prepare("SELECT ucid FROM Subscriptions WHERE token = ?").pluck().all(this.token)
		} else {
			return []
		}
	}

	isSubscribed(ucid) {
		if (this.token) {
			return !!db.prepare("SELECT * FROM Subscriptions WHERE token = ? AND ucid = ?").get([this.token, ucid])
		} else {
			return false
		}
	}

	getWatchedVideos() {
		const settings = this.getSettingsOrDefaults()
		if (this.token && settings.save_history) {
			return db.prepare("SELECT videoID FROM WatchedVideos WHERE token = ?").pluck().all(this.token)
		} else {
			return []
		}
	}

	addWatchedVideoMaybe(videoID) {
		const settings = this.getSettingsOrDefaults()
		if (videoID && this.token && settings.save_history) {
			db.prepare("INSERT OR IGNORE INTO WatchedVideos (token, videoID) VALUES (?, ?)").run([this.token, videoID])
		}
	}

	getFilters() {
		if (this.token) {
			return db.prepare("SELECT * FROM Filters WHERE token = ? ORDER BY data ASC").all(this.token)
		} else {
			return []
		}
	}
}

/**
 * @param {any} [responseHeaders] supply this to create a token
 */
function getUser(req, responseHeaders) {
	const token = getToken(req, responseHeaders)
	return new User(token)
}

function generateCSRF() {
	const token = crypto.randomBytes(16).toString("hex")
	const expires = Date.now() + constants.caching.csrf_time
	db.prepare("INSERT INTO CSRFTokens (token, expires) VALUES (?, ?)").run(token, expires)
	return token
}

function checkCSRF(token) {
	const row = db.prepare("SELECT * FROM CSRFTokens WHERE token = ? AND expires > ?").get(token, Date.now())
	if (row) {
		db.prepare("DELETE FROM CSRFTokens WHERE token = ?").run(token)
		return true
	} else {
		return false
	}
}

function cleanCSRF() {
	db.prepare("DELETE FROM CSRFTokens WHERE expires <= ?").run(Date.now())
}
cleanCSRF()
setInterval(cleanCSRF, constants.caching.csrf_time).unref()

module.exports.getToken = getToken
module.exports.setToken = setToken
module.exports.generateCSRF = generateCSRF
module.exports.checkCSRF = checkCSRF
module.exports.getUser = getUser
Add database and subscribe button 2020-08-30 13:54:59 +00:00			`const crypto = require("crypto")`
			`const {parse: parseCookie} = require("cookie")`
			`const constants = require("./constants")`
			`const db = require("./db")`

			`function getToken(req, responseHeaders) {`
			`if (!req.headers.cookie) req.headers.cookie = ""`
			`const cookie = parseCookie(req.headers.cookie)`
Update feeds in background 2020-09-23 11:45:02 +00:00			`let token = cookie.token`
			`if (!token) {`
			`if (responseHeaders) { // we should create a token`
Fix new session creation 2021-01-08 12:49:22 +00:00			`token = setToken(responseHeaders).token`
Update feeds in background 2020-09-23 11:45:02 +00:00			`} else {`
			`return null`
			`}`
Add database and subscribe button 2020-08-30 13:54:59 +00:00			`}`
11x speed up of subscription page generation My 30 subscriptions now take 25 ms to generate, instead of around 280. Around 120 ms were saved by creating a database index. Around 120 ms were saved by pre-compiling the pug template for video description timestamps. The other changes in this commit produced slight improvements. 2021-08-26 11:47:53 +00:00			`db.prepare(`
			`"INSERT INTO SeenTokens (token, seen) VALUES (?, ?)"`
			`+ " ON CONFLICT (token) DO UPDATE SET seen = excluded.seen"`
			`).run([token, Date.now()])`
Update feeds in background 2020-09-23 11:45:02 +00:00			`return token`
Add database and subscribe button 2020-08-30 13:54:59 +00:00			`}`

Allow data syncing and deletion 2020-12-29 03:21:48 +00:00			`function setToken(responseHeaders, token) {`
			`const setCookie = responseHeaders["set-cookie"] \|\| []`
			`if (!token) token = crypto.randomBytes(18).toString("base64").replace(/\W/g, "_")`
Work around cookie max-age bug in Epiphany 2023-03-05 11:06:09 +00:00			setCookie.push(`token=${token}; Path=/; Max-Age=2147483647; HttpOnly; SameSite=Lax`)
Allow data syncing and deletion 2020-12-29 03:21:48 +00:00			`responseHeaders["set-cookie"] = setCookie`
Fix new session creation 2021-01-08 12:49:22 +00:00			`return {token, responseHeaders}`
Allow data syncing and deletion 2020-12-29 03:21:48 +00:00			`}`

Add database and subscribe button 2020-08-30 13:54:59 +00:00			`class User {`
			`constructor(token) {`
			`this.token = token`
			`}`

Make VSCode type detection happier 2021-05-11 09:27:57 +00:00			`/** @return {{instance?: string, save_history?: boolean, local?: boolean, quality?: number}} */`
Settings page and instance selection 2020-08-31 13:22:16 +00:00			`getSettings() {`
			`if (this.token) {`
			`return db.prepare("SELECT * FROM Settings WHERE token = ?").get(this.token) \|\| {}`
			`} else {`
			`return {}`
			`}`
			`}`

Make VSCode type detection happier 2021-05-11 09:27:57 +00:00			`/** @return {{instance?: string, save_history?: boolean, local?: boolean, quality?: number}} */`
Settings page and instance selection 2020-08-31 13:22:16 +00:00			`getSettingsOrDefaults() {`
			`const settings = this.getSettings()`
Fix default setting merge 2020-08-31 13:40:34 +00:00			`for (const key of Object.keys(constants.user_settings)) {`
			`if (settings[key] == null) settings[key] = constants.user_settings[key].default`
Settings page and instance selection 2020-08-31 13:22:16 +00:00			`}`
			`return settings`
			`}`

Add database and subscribe button 2020-08-30 13:54:59 +00:00			`getSubscriptions() {`
			`if (this.token) {`
Rework subscribing to deleted channels 2022-01-10 01:18:45 +00:00			`return db.prepare("SELECT ucid FROM Subscriptions WHERE token = ?").pluck().all(this.token)`
Add database and subscribe button 2020-08-30 13:54:59 +00:00			`} else {`
			`return []`
			`}`
			`}`

			`isSubscribed(ucid) {`
			`if (this.token) {`
Rework subscribing to deleted channels 2022-01-10 01:18:45 +00:00			`return !!db.prepare("SELECT * FROM Subscriptions WHERE token = ? AND ucid = ?").get([this.token, ucid])`
Add database and subscribe button 2020-08-30 13:54:59 +00:00			`} else {`
			`return false`
			`}`
			`}`
Implement watched videos Watched videos on your subscriptions feed will be darkened, and the option to hide all of them has been added. This only takes effect if you have enabled saving watched videos on the server in the settings menu - default is off. 2020-12-28 12:42:25 +00:00
			`getWatchedVideos() {`
			`const settings = this.getSettingsOrDefaults()`
			`if (this.token && settings.save_history) {`
			`return db.prepare("SELECT videoID FROM WatchedVideos WHERE token = ?").pluck().all(this.token)`
			`} else {`
			`return []`
			`}`
			`}`

			`addWatchedVideoMaybe(videoID) {`
			`const settings = this.getSettingsOrDefaults()`
			`if (videoID && this.token && settings.save_history) {`
			`db.prepare("INSERT OR IGNORE INTO WatchedVideos (token, videoID) VALUES (?, ?)").run([this.token, videoID])`
			`}`
			`}`
Implement video filters 2021-05-11 12:29:44 +00:00
			`getFilters() {`
			`if (this.token) {`
			`return db.prepare("SELECT * FROM Filters WHERE token = ? ORDER BY data ASC").all(this.token)`
			`} else {`
			`return []`
			`}`
			`}`
Add database and subscribe button 2020-08-30 13:54:59 +00:00			`}`

			`/**`
General code cleanup from analysis 2021-01-13 11:55:03 +00:00			`* @param {any} [responseHeaders] supply this to create a token`
Add database and subscribe button 2020-08-30 13:54:59 +00:00			`*/`
			`function getUser(req, responseHeaders) {`
			`const token = getToken(req, responseHeaders)`
			`return new User(token)`
			`}`

			`function generateCSRF() {`
			`const token = crypto.randomBytes(16).toString("hex")`
			`const expires = Date.now() + constants.caching.csrf_time`
			`db.prepare("INSERT INTO CSRFTokens (token, expires) VALUES (?, ?)").run(token, expires)`
			`return token`
			`}`

			`function checkCSRF(token) {`
			`const row = db.prepare("SELECT * FROM CSRFTokens WHERE token = ? AND expires > ?").get(token, Date.now())`
			`if (row) {`
			`db.prepare("DELETE FROM CSRFTokens WHERE token = ?").run(token)`
			`return true`
			`} else {`
			`return false`
			`}`
			`}`

			`function cleanCSRF() {`
			`db.prepare("DELETE FROM CSRFTokens WHERE expires <= ?").run(Date.now())`
			`}`
			`cleanCSRF()`
			`setInterval(cleanCSRF, constants.caching.csrf_time).unref()`

			`module.exports.getToken = getToken`
Allow data syncing and deletion 2020-12-29 03:21:48 +00:00			`module.exports.setToken = setToken`
Add database and subscribe button 2020-08-30 13:54:59 +00:00			`module.exports.generateCSRF = generateCSRF`
			`module.exports.checkCSRF = checkCSRF`
			`module.exports.getUser = getUser`