Commit graph

2489 commits

Author SHA1 Message Date
Calvin Montgomery 6043647cb7 Skip full user auth for most page renders
Previously, the user's session cookie was being checked against the
database for all non-static requests.  However, this is not really
needed and wastes resources (and is slow).

For most page views (e.g. index, channel page), just parsing the value
of the cookie is sufficient:

  * The cookies are already HMAC signed, so tampering with them ought to
    be for all reasonable purposes, impossible.
  * Assuming the worst case, all a nefarious user could manage to do is
    change the text of the "Welcome, {user}" and cause a (non-functional)
    ACP link to appear clientside, both of which are already possible by
    using the Inspect Element tool.

For authenticated pages (currently, the ACP, and anything under
/account/), the full database check is still performed (for now).
2017-08-01 21:40:26 -07:00
Calvin Montgomery 0118a6fb15 Refactor socket.io controller 2017-08-01 19:29:11 -07:00
Calvin Montgomery 107155a661 Stop knex from thrashing idle connections 2017-07-27 18:01:40 -07:00
Calvin Montgomery 7bd9934e58 Minor cleanup of no longer used things 2017-07-26 20:32:51 -07:00
Calvin Montgomery f593f7283c Replace alert() with modal for ACP password reset
Some browsers (e.g. Chrome) don't allow copying text out of alert()
dialogs.
2017-07-24 22:35:15 -07:00
Calvin Montgomery 5a78056c91 Some small refactoring 2017-07-24 22:08:26 -07:00
Calvin Montgomery e80613c7ec Fix rtmp again because chrome is picky about mime types 2017-07-23 17:55:25 -07:00
Calvin Montgomery 9dd0ee4446 Fix logger misreference in copied-over lualoader 2017-07-22 11:44:33 -07:00
Calvin Montgomery 08a42f6739 ffmpeg: add specific error for invalid SSL cert 2017-07-22 11:32:43 -07:00
Calvin Montgomery 282ad986b6 Deprecate legacy vimeo-oauth lookup 2017-07-22 11:14:29 -07:00
Calvin Montgomery 52030506b5 deps: remove status-message-polyfill
This hasn't been necessary since node v0.10, and CyTube only supports
node v6.x+ by this point.
2017-07-22 10:45:36 -07:00
Calvin Montgomery a8f1e48157 ffmpeg: remove bitrate and codec warning
Browsers which don't support CyTube's limited subset of
generally-supported codecs probably aren't worth warning about.

1Mbps is way too low of a threshold to warn about bandwidth, but even if
the threshold for warning were raised, it's probably still not that
useful.
2017-07-22 10:43:18 -07:00
Calvin Montgomery ffde151ebd Make redis announcement channel configurable
Finally fix the bug where announcements bleed across beta & live due to
sharing a redis pubsub channel.
2017-07-22 10:41:22 -07:00
Calvin Montgomery 964feb7243 Add id field to announcements and hide previously closed announcements 2017-07-22 10:35:45 -07:00
Calvin Montgomery ff3ececc36 Copy utils from cytube-common and remove dep
The `cytube-common` module was created as part of a now-defunct
experiment and since then has just remained a crufty container for a few
utils.  Moved the utils to the main repo and removed the dependency.
2017-07-19 20:47:02 -07:00
Calvin Montgomery e780e7dadb Deprecate stats table in favor of prometheus integration 2017-07-17 21:58:58 -07:00
Calvin Montgomery c7bec6251e Begin prometheus integration
Add a dependency on `prom-client` and emit a basic latency metric for
testing purposes.  Add a new configuration file for enabling/disabling
prometheus exporter and configuring the listen address.
2017-07-16 22:35:33 -07:00
Calvin Montgomery dd770137e5 Fix error for rtmp player 2017-07-15 20:17:13 -07:00
Calvin Montgomery 7efa3d4704 deps: upgrade to socket.io 2.0 2017-07-15 14:56:36 -07:00
Calvin Montgomery d9813e6244 Remove legacy tab complete (no longer used) 2017-07-15 14:48:53 -07:00
Calvin Montgomery c152a19624 Ignore library cached metadata when queueing
The use of the channel library as a cache for metadata to avoid
re-requesting metadata for known media is an optimization that dates
back to 1.0.  However, it doesn't have any TTL, is prone to bugs, and is
of dubious value.

This commit ignores the results of the library check when queueing a new
video, opting to always re-request the metadata.  This fixes a few bugs:

  * Google Drive metadata being lost when storing in library
  * Streamable metadata being lost when storing in library
  * Videos in the channel library that are now unavailable on their
    source website being queueable and then failing to play (e.g. deleted
    YouTube videos).

In its place, a small fail-open check is left behind to emit metric
counters on how many queues would have been cache-hits, to provide
insight into whether a proper caching solution (i.e. one not tacked on
top of the library) would be worth pursuing or not.  This will be
removed eventually.
2017-07-15 14:41:37 -07:00
Calvin Montgomery b7ceee8ef4 Fix video sources being lost when playlist is saved 2017-07-15 14:12:32 -07:00
Calvin Montgomery 30a5657d62 soundcloud: fix volume issue
It took them 4 years, but they finally did actually make the player
accept volume in the range 0-100 like their documentation suggests.

*slow clap*
2017-07-10 21:38:27 -07:00
Calvin Montgomery fc66e758ac Minor fix 2017-07-09 22:40:09 -07:00
Calvin Montgomery 637bcad816 camo: include subdomains of whitelisted domains in whitelist 2017-07-08 20:46:42 -07:00
Calvin Montgomery 07179d6c83 Upgrade to jsli 2.0 2017-07-08 20:11:54 -07:00
Calvin Montgomery 486ce04a3e camo: support URL encoding option 2017-07-08 19:21:14 -07:00
Calvin Montgomery 54045766f2 Replace instances of cytube-common logger with jsli 2017-07-02 22:38:54 -07:00
Calvin Montgomery 00901f9cdb Remove junk from an old abandoned project 2017-07-02 22:35:12 -07:00
Calvin Montgomery 860775a90b Remove html5hack (legacy google drive setting) 2017-07-02 22:30:19 -07:00
Calvin Montgomery 5500054b84 Add resolution switcher plugin for video.js
Allows switching resolutions via the video.js UI.  Also added support on
the player side for 540p, 1440p, and 2160p videos, although the metadata
extractors have not been updated to provide these sources yet.
2017-07-01 16:54:19 -07:00
Calvin Montgomery d36bc160ca Merge pull request #693 from Xaekai/damnit
Minor fixes to afk stuff.
2017-06-29 21:09:54 -07:00
Xaekai 18bf1b946b Minor fixes to afk stuff. 2017-06-29 19:04:49 -07:00
Calvin Montgomery 7ebf3c18ab Add knex AliasesDB 2017-06-28 22:58:40 -07:00
Calvin Montgomery 76e0d1b7ec Use proxy-addr for parsing x-forwarded-for
Closes #683 by providing functionality to trust proxies other than
localhost.
2017-06-27 23:37:18 -07:00
Calvin Montgomery 9cffd7dde8 Merge pull request #691 from calzoneman/upgrade-babel-nodejs-6
Upgrade babel preset for node 6, add async transform
2017-06-21 22:34:46 -07:00
Calvin Montgomery 2427b3ef4b Merge pull request #690 from Xaekai/shadow.anons
Send shadowmuted messages to anons
2017-06-20 23:21:27 -07:00
Calvin Montgomery 9fc399c200 Upgrade babel preset for node 6, add async transform 2017-06-20 23:16:33 -07:00
Xaekai 5f71c4d368 Send shadowmuted messages to anons
Resolves #689
2017-06-20 22:29:27 -07:00
Calvin Montgomery a96f7976d8 Change Tor exit list
Use the endpoint suggested in #688 to avoid unnecessarilly banning
relays.
2017-06-17 10:12:15 -07:00
Calvin Montgomery 6161f4ad44 Add ffmpeg error log for request failure case 2017-06-17 09:47:22 -07:00
Calvin Montgomery 6633e23aa3 Add characterization test for sanitize-html
At various times in the past, upgrades in the sanitize-html library that
changed behavior of HTML filtering have caused things like emotes to
break unexpectedly.  This commit adds a basic test to sanitize
non-alphanumeric characters found in channels' emote codes so that if
the library changes, the test will break and give a heads up that
something changed.
2017-06-17 09:47:22 -07:00
Calvin Montgomery 53cee986c6 Resend userlist if rank changes meta visibility
Fixes #681.  Technically, resending the entire userlist is not
necessary; it would be sufficient to resent setUserMeta, but there's not
currently a bulk frame for that so sending the userlist is probably more
efficient.
2017-06-17 09:47:22 -07:00
Calvin Montgomery efae9c4774 Merge pull request #686 from Xaekai/silly.bug
Fix a typo.
2017-06-16 22:00:02 -07:00
Xaekai be8318f014 Fix a typo. 2017-06-16 21:50:17 -07:00
Calvin Montgomery 33f632036e Merge pull request #684 from Xaekai/afk.meta
Single source of truth for AFK
2017-06-16 21:42:23 -07:00
Xaekai 2dc6504a77 Use a consistent pattern. 2017-06-16 21:37:30 -07:00
Calvin Montgomery 0f5193c700 Merge pull request #685 from Xaekai/custom.path
Customize channel path
2017-06-16 21:22:11 -07:00
Xaekai 6d4558c978 Allow channel path to be customizable
We now allow server operators to customize the /r/ part of the channel links
The new config option in the template is commented and the config module validates and will terminate with status 78 if an improper value is used.
We've also dropped some old cruft and uses a more elegant method to assign CHANNEL.name

Resolves #668
2017-06-16 20:09:36 -07:00
Xaekai f89832a6d1 Gracefully allow script authors time to update their code 2017-06-15 22:09:09 -07:00