- `/sioconfig` has been deprecated for ages in favor of
`/socketconfig/${channel}.json`
- Each website administrator should be responsible for determining the
appropriate terms of service for their website instead of CyTube
providing a default one.
Tampermonkey automatically requests www/js/cytube-google-drive.meta.js
to check for updates. Changed the userscript generator to write an
additional .meta.js file so that works instead of 404ing.
Previously, the user's session cookie was being checked against the
database for all non-static requests. However, this is not really
needed and wastes resources (and is slow).
For most page views (e.g. index, channel page), just parsing the value
of the cookie is sufficient:
* The cookies are already HMAC signed, so tampering with them ought to
be for all reasonable purposes, impossible.
* Assuming the worst case, all a nefarious user could manage to do is
change the text of the "Welcome, {user}" and cause a (non-functional)
ACP link to appear clientside, both of which are already possible by
using the Inspect Element tool.
For authenticated pages (currently, the ACP, and anything under
/account/), the full database check is still performed (for now).
Browsers which don't support CyTube's limited subset of
generally-supported codecs probably aren't worth warning about.
1Mbps is way too low of a threshold to warn about bandwidth, but even if
the threshold for warning were raised, it's probably still not that
useful.
The `cytube-common` module was created as part of a now-defunct
experiment and since then has just remained a crufty container for a few
utils. Moved the utils to the main repo and removed the dependency.
Add a dependency on `prom-client` and emit a basic latency metric for
testing purposes. Add a new configuration file for enabling/disabling
prometheus exporter and configuring the listen address.
