Commit graph

442 commits

Author SHA1 Message Date
Calvin Montgomery db2361aee9 Misc fixes for password reset
* Remove messaging about asking an administrator for help if no email
    is associated with the account (no longer correct or relevant)
  * Compare user-provided email with registered email case-insensitively
    (#755)
  * Replace antiquated hash generator with cryptographically secure
    random byte string generator
2018-07-11 19:21:32 -07:00
Calvin Montgomery 3db751b65f Fix socket count metric leak 2018-07-09 20:24:53 -07:00
Calvin Montgomery aca40dde0c Add note about unsupported filetypes 2018-06-15 20:33:55 -07:00
Calvin Montgomery dd23564c15 link-domain-blacklist: fix blank blacklist matching empty string 2018-06-14 18:45:35 -07:00
Calvin Montgomery 90b5e5e09f deps: bump mocha and babel 2018-06-03 21:55:41 -07:00
Calvin Montgomery 125a781cc7 deps: updates to support node.js 10 2018-06-03 21:19:12 -07:00
Calvin Montgomery fdab26b792 Hoist sortUserlist outside of userlist population inner loop 2018-05-26 13:28:26 -07:00
Calvin Montgomery 976b0a2168 Fix error introduced by lint changes 2018-04-08 19:17:03 -07:00
Calvin Montgomery 62417f7fb8
Add eslint (#741) 2018-04-07 15:30:30 -07:00
Calvin Montgomery c1e78fd4dc Kill process if www/js/player.js is not found at startup 2018-04-05 20:39:49 -07:00
Calvin Montgomery fcfc45dd70 Save YouTube playlists to library in batch to avoid connection pool starvation 2018-03-05 22:19:51 -08:00
Calvin Montgomery 54bf7f1c5b Strip GDrive metadata from saved channel playlists 2018-03-05 21:56:08 -08:00
Calvin Montgomery 8340bf2c81 Add notice that quality preference doesn't work for YouTube anymore (#726) 2018-03-05 21:51:40 -08:00
Calvin Montgomery 81e1947656 Clear template cache on /reload (#734) 2018-03-05 21:46:58 -08:00
Calvin Montgomery 247cf770d0 Avoid O(N^2) loop when loading channel emotes on channel load 2018-03-05 21:35:56 -08:00
Calvin Montgomery 79556d9365
deps: remove "q" (#731)
Insert Star Trek joke here.

Also did significant refactoring of the surrounding logic for the things
that depended on Q.
2018-02-24 19:47:50 -08:00
Calvin Montgomery 49661a95ab Upgrade dependencies 2018-02-15 19:58:33 -08:00
Calvin Montgomery 03f30a82b9 Fix botched version bump in package.json 2018-02-01 17:41:06 -08:00
Calvin Montgomery 966da1ac58 Revert "Replace quadratic emote list impl with Map"
This reverts commit 0f9bc44925.

The original commit was not backwards compatible with use cases that
users were relying on, such as emotes being sorted in insertion order by
default.

I will develop a new patch which fixes the performance issue in a
backwards compatible way.
2018-02-01 17:39:45 -08:00
Calvin Montgomery aeab31825e Fix a raw file error caused by facebook CDN violating RFC 2616 2018-01-21 18:53:16 -08:00
Calvin Montgomery 0f9bc44925 Replace quadratic emote list impl with Map 2018-01-18 19:34:57 -08:00
Calvin Montgomery 8399eab33f Fix error on invalid regex for /clean 2018-01-17 21:54:43 -08:00
Calvin Montgomery 1797e11b43 Sanitize google drive IDs to remove URL hash etc. 2018-01-14 15:15:59 -08:00
Calvin Montgomery d706bf63b1 Fix ustream 2018-01-14 15:02:15 -08:00
Calvin Montgomery c07cf7c13a Remove confirmation prompt from postinstall 2018-01-07 15:42:08 -08:00
Calvin Montgomery e350eb731b Fix #728 2018-01-07 15:14:20 -08:00
Calvin Montgomery 78bffad888 Fix errored channels getting stuck during unload 2018-01-06 09:59:18 -08:00
Calvin Montgomery 95e147b5a0 Use socket.handshake instead of socket.client.request
Fixes a bug where sockets would be rejected if they connected directly
with the 'websocket' transport instead of doing an AJAX connection with
websocket upgrade (e.g. if `transports: ['websocket']` is passed to the
socket.io-client constructor).

See https://github.com/socketio/socket.io/blob/master/docs/API.md#sockethandshake
2017-12-27 14:24:33 -08:00
Calvin Montgomery 0b6106a89e Clarify gdrive userscript error when fmt_stream_map is missing 2017-12-26 20:40:12 -08:00
Calvin Montgomery b7bc93f194 Disable vid.me (RIP) 2017-12-24 11:19:30 -08:00
Calvin Montgomery 0c330a82ce Add dirty check to playlist for efficiency of channel saving 2017-12-16 10:34:04 -08:00
Calvin Montgomery a4e72a002a Fix #719 2017-12-16 00:05:28 -08:00
Calvin Montgomery 7fbd62142e Minor tweaks/fixes 2017-12-15 19:10:32 -08:00
Calvin Montgomery 29be9233e9 Add check for weird setAFK edge case 2017-12-11 22:46:41 -08:00
Calvin Montgomery 1e969117c4 Fix #722 2017-12-10 19:28:05 -08:00
Calvin Montgomery fbee6d2ab7 Fix a few common causes of error logs (incl. better ffprobe error messages) 2017-12-10 16:39:06 -08:00
Calvin Montgomery 39587a8448 Add DB query error count metric 2017-12-06 22:13:07 -08:00
Calvin Montgomery 9886f648f2 Workaround for #724 2017-12-06 22:10:06 -08:00
Xaekai aa5066762b This resolves an issue where Google returns HTTP200 but provides an HTML redirect to a login portal instead of video data.
Closes #718
2017-11-27 23:37:41 -08:00
Calvin Montgomery 85169fbb56 Update drive userscript (#714) 2017-11-15 22:27:31 -08:00
Calvin Montgomery 875337d9a6 web/account: add referrer check 2017-11-05 16:17:37 -08:00
Calvin Montgomery b876c8907a ffmpeg: preserve cookies when following redirects in pre-flight req 2017-11-05 16:01:39 -08:00
Calvin Montgomery b453aecee5 Replace froogaloop
Froogaloop no longer appears to work.

Followed migration guide: https://github.com/vimeo/player.js/blob/master/docs/migrate-from-froogaloop.md
2017-10-28 23:10:15 -07:00
Calvin Montgomery 3cd8bfa8c7 Remove /sioconfig for real 2017-09-30 15:26:47 -07:00
Calvin Montgomery 014f3f008e Remove config key that is no longer used 2017-09-27 21:50:51 -07:00
Calvin Montgomery f975f7ef85 Update password reset to use new nodemailer impl 2017-09-26 21:22:15 -07:00
Calvin Montgomery 9cfe71d4c4 Start working on nodemailer upgrade 2017-09-25 22:31:45 -07:00
Calvin Montgomery 8db22ad924 Implement playerjs for streamable (#706) 2017-09-25 19:18:46 -07:00
Calvin Montgomery c159fa8060 Remove old HTTPS redirect kludges 2017-09-19 20:49:33 -07:00
Calvin Montgomery 9a1d50dcd3 Add support for v8-profiler (optional dep) 2017-09-18 21:54:36 -07:00
Calvin Montgomery 97231e515c player: support HLS vod for vidme (fixes #703)
- Upgrade videojs-contrib-hls to latest version
  - Update VideoJSPlayer to support "auto" quality tag to delegate to
    the HLS plugin for automatic quality selection
  - mediaquery change:
    9f5122e031
2017-09-04 09:44:30 -07:00
Calvin Montgomery 8b1b501bbd Start working on /account/data controller 2017-08-30 22:45:48 -07:00
Calvin Montgomery 0885a619b9 Generate .meta.js for gdrive userscript for update checks
Tampermonkey automatically requests www/js/cytube-google-drive.meta.js
to check for updates.  Changed the userscript generator to write an
additional .meta.js file so that works instead of 404ing.
2017-08-19 16:31:02 -07:00
Calvin Montgomery 791a712a68 Move channel register/delete reload logic to message bus 2017-08-15 18:55:36 -07:00
Calvin Montgomery d16cfb7328 Add message bus for #677 2017-08-15 18:23:03 -07:00
Calvin Montgomery 4102d6eaf2 Refactor index.js logic into src/main 2017-08-13 22:16:42 -07:00
Calvin Montgomery ba8088b678 videojs: default quality to 480 instead of 1080 2017-08-13 21:48:50 -07:00
Calvin Montgomery d0c1e8cbd9 Change metric names to follow prometheus naming guide 2017-08-12 13:12:58 -07:00
Calvin Montgomery 04c9d48779 custom-media: implement queueing and playback changes 2017-08-08 20:35:17 -07:00
Calvin Montgomery 8b7cdfd4c3 soundcloud: fix getVolume to match setVolume 2017-08-07 21:08:04 -07:00
Calvin Montgomery 0b560f15a9 Add prometheus counter for changeMedia 2017-08-05 18:50:27 -07:00
Calvin Montgomery dac2e41488 Fix and enable efficient emotes by default 2017-08-05 12:22:58 -07:00
Calvin Montgomery cb6cfc8455 Instrument some more metrics with prometheus 2017-08-02 21:24:44 -07:00
Calvin Montgomery 6043647cb7 Skip full user auth for most page renders
Previously, the user's session cookie was being checked against the
database for all non-static requests.  However, this is not really
needed and wastes resources (and is slow).

For most page views (e.g. index, channel page), just parsing the value
of the cookie is sufficient:

  * The cookies are already HMAC signed, so tampering with them ought to
    be for all reasonable purposes, impossible.
  * Assuming the worst case, all a nefarious user could manage to do is
    change the text of the "Welcome, {user}" and cause a (non-functional)
    ACP link to appear clientside, both of which are already possible by
    using the Inspect Element tool.

For authenticated pages (currently, the ACP, and anything under
/account/), the full database check is still performed (for now).
2017-08-01 21:40:26 -07:00
Calvin Montgomery 7bd9934e58 Minor cleanup of no longer used things 2017-07-26 20:32:51 -07:00
Calvin Montgomery 5a78056c91 Some small refactoring 2017-07-24 22:08:26 -07:00
Calvin Montgomery e80613c7ec Fix rtmp again because chrome is picky about mime types 2017-07-23 17:55:25 -07:00
Calvin Montgomery 282ad986b6 Deprecate legacy vimeo-oauth lookup 2017-07-22 11:14:29 -07:00
Calvin Montgomery 52030506b5 deps: remove status-message-polyfill
This hasn't been necessary since node v0.10, and CyTube only supports
node v6.x+ by this point.
2017-07-22 10:45:36 -07:00
Calvin Montgomery 964feb7243 Add id field to announcements and hide previously closed announcements 2017-07-22 10:35:45 -07:00
Calvin Montgomery ff3ececc36 Copy utils from cytube-common and remove dep
The `cytube-common` module was created as part of a now-defunct
experiment and since then has just remained a crufty container for a few
utils.  Moved the utils to the main repo and removed the dependency.
2017-07-19 20:47:02 -07:00
Calvin Montgomery e780e7dadb Deprecate stats table in favor of prometheus integration 2017-07-17 21:58:58 -07:00
Calvin Montgomery c7bec6251e Begin prometheus integration
Add a dependency on `prom-client` and emit a basic latency metric for
testing purposes.  Add a new configuration file for enabling/disabling
prometheus exporter and configuring the listen address.
2017-07-16 22:35:33 -07:00
Calvin Montgomery dd770137e5 Fix error for rtmp player 2017-07-15 20:17:13 -07:00
Calvin Montgomery 7efa3d4704 deps: upgrade to socket.io 2.0 2017-07-15 14:56:36 -07:00
Calvin Montgomery d9813e6244 Remove legacy tab complete (no longer used) 2017-07-15 14:48:53 -07:00
Calvin Montgomery c152a19624 Ignore library cached metadata when queueing
The use of the channel library as a cache for metadata to avoid
re-requesting metadata for known media is an optimization that dates
back to 1.0.  However, it doesn't have any TTL, is prone to bugs, and is
of dubious value.

This commit ignores the results of the library check when queueing a new
video, opting to always re-request the metadata.  This fixes a few bugs:

  * Google Drive metadata being lost when storing in library
  * Streamable metadata being lost when storing in library
  * Videos in the channel library that are now unavailable on their
    source website being queueable and then failing to play (e.g. deleted
    YouTube videos).

In its place, a small fail-open check is left behind to emit metric
counters on how many queues would have been cache-hits, to provide
insight into whether a proper caching solution (i.e. one not tacked on
top of the library) would be worth pursuing or not.  This will be
removed eventually.
2017-07-15 14:41:37 -07:00
Calvin Montgomery b7ceee8ef4 Fix video sources being lost when playlist is saved 2017-07-15 14:12:32 -07:00
Calvin Montgomery 637bcad816 camo: include subdomains of whitelisted domains in whitelist 2017-07-08 20:46:42 -07:00
Calvin Montgomery 07179d6c83 Upgrade to jsli 2.0 2017-07-08 20:11:54 -07:00
Calvin Montgomery 486ce04a3e camo: support URL encoding option 2017-07-08 19:21:14 -07:00
Calvin Montgomery 860775a90b Remove html5hack (legacy google drive setting) 2017-07-02 22:30:19 -07:00
Calvin Montgomery 5500054b84 Add resolution switcher plugin for video.js
Allows switching resolutions via the video.js UI.  Also added support on
the player side for 540p, 1440p, and 2160p videos, although the metadata
extractors have not been updated to provide these sources yet.
2017-07-01 16:54:19 -07:00
Calvin Montgomery 76e0d1b7ec Use proxy-addr for parsing x-forwarded-for
Closes #683 by providing functionality to trust proxies other than
localhost.
2017-06-27 23:37:18 -07:00
Calvin Montgomery 9fc399c200 Upgrade babel preset for node 6, add async transform 2017-06-20 23:16:33 -07:00
Calvin Montgomery a96f7976d8 Change Tor exit list
Use the endpoint suggested in #688 to avoid unnecessarilly banning
relays.
2017-06-17 10:12:15 -07:00
Calvin Montgomery 6633e23aa3 Add characterization test for sanitize-html
At various times in the past, upgrades in the sanitize-html library that
changed behavior of HTML filtering have caused things like emotes to
break unexpectedly.  This commit adds a basic test to sanitize
non-alphanumeric characters found in channels' emote codes so that if
the library changes, the test will break and give a heads up that
something changed.
2017-06-17 09:47:22 -07:00
Calvin Montgomery 53cee986c6 Resend userlist if rank changes meta visibility
Fixes #681.  Technically, resending the entire userlist is not
necessary; it would be sufficient to resent setUserMeta, but there's not
currently a bulk frame for that so sending the userlist is probably more
efficient.
2017-06-17 09:47:22 -07:00
Calvin Montgomery 00a65a1584 Deprecate legacy global ban junk 2017-06-05 23:18:20 -07:00
Calvin Montgomery d0712d007e Work on refactoring global IP ban database calls 2017-05-31 22:46:15 -07:00
Calvin Montgomery 7fcf31dec6 Merge pull request #671 from calzoneman/knex
The knexening: part 1
2017-05-29 13:16:35 -07:00
Calvin Montgomery 2a694e73af The knexening: part 1 2017-05-28 22:39:27 -07:00
Calvin Montgomery 22a9acfc90 Support proxying chat images via camo
Camo: https://github.com/atmos/camo.  This has a couple advantages over
just allowing images to be dumped as-is:

  - Prevents mixed-content warnings by allowing the server to proxy HTTP
    images to an HTTPS camo instance
  - Protects users' privacy by not exposing their browser directly to
    the image host
  - Allows the camo proxy to intercept and reject bad image sources
    (URLs that are not actually images, gigapixel-sized images likely to
    DoS users' browsers, etc.)

Whitelisting specific domains is supported for cases where the source is
known to be trustworthy.
2017-05-28 19:38:43 -07:00
Calvin Montgomery f968521936 Remove google drive refresh logic
No longer relevant since the video links are retrieved by the
userscript.
2017-05-28 18:35:13 -07:00
Calvin Montgomery d23b5278b1 Rename Hitbox -> Smashcast 2017-05-20 16:50:00 -07:00
Calvin Montgomery 55b03d51d7 Fix setOptions for playlist_max_duration_per_user 2017-05-20 16:31:52 -07:00
Calvin Montgomery de309d675e Remove redundant signing logic from IP session cookie 2017-05-01 21:51:11 -07:00
Calvin Montgomery 6bfbbc0c01 Support hot-swapping HTTPS certificates 2017-04-30 17:20:19 -07:00
Calvin Montgomery a0af0ccab5 Remove dead/commented-out code 2017-04-29 17:08:43 -07:00
Calvin Montgomery 089ac75e9a Fix DB purge of expired password reset reqs
3 year old bug introduced when refactoring 2.x -> 3.0.
Never worked in the first place.
2017-04-29 17:05:45 -07:00
Calvin Montgomery 8e74b0c765 Tweak setting description for playlist_max_ruation_per_user 2017-04-29 16:50:56 -07:00
Calvin Montgomery fac94d46a6 Bugfix: stringify first parameter to Logger.xxx() 2017-04-27 21:06:16 -07:00
Calvin Montgomery 8d40c87dda Deprecate jwplayer and googleplus videos 2017-04-11 21:55:31 -07:00
Calvin Montgomery 8306d2d1b6 Refactor logging 2017-04-04 23:02:31 -07:00
Calvin Montgomery b1a328d2e0 Implement max total video time per user 2017-04-03 21:18:40 -07:00
Calvin Montgomery f42e3bf2b7 Fix #656 2017-04-03 20:31:21 -07:00
Calvin Montgomery 5bdf8b4aaf Fix #657 2017-03-26 11:13:10 -07:00
Calvin Montgomery 0ce6fbba20 Fix an issue with playlist item matching 2017-03-26 11:04:02 -07:00
Calvin Montgomery 7595faf11d Fix voteskip issue when there are no videos left 2017-03-21 20:04:06 -07:00
Calvin Montgomery 309cd40da2 Compare owner name case-insensitively when deleting channel 2017-03-21 19:47:31 -07:00
Calvin Montgomery 9dc82ad444 Enforce stricter validation on polls 2017-03-20 21:37:32 -07:00
Calvin Montgomery 41a538c655 Fix playlist visibility: wait for U_HAS_CHANNEL_RANK instead of just login 2017-03-18 18:53:49 -07:00
Calvin Montgomery a594b19745 Fix user join ban check for users with blank names (but clean IPs) 2017-03-15 23:44:03 -07:00
Calvin Montgomery f6500ff745 Fix emote regex due to sanitize-html changes 2017-03-14 21:36:44 -07:00
Calvin Montgomery 9239c2d465 Add channels.owner_last_seen column 2017-03-13 21:05:32 -07:00
Calvin Montgomery 8f266ccd44 Add channels.last_loaded column 2017-03-13 20:55:06 -07:00
Calvin Montgomery c721d67080 Add explicit confirmation that accounts are unrecoverable with no email 2017-03-11 17:22:31 -08:00
Calvin Montgomery f8183bea1b Add name_dedupe column instead of using LIKE kludge for similar-looking names 2017-03-11 17:09:50 -08:00
Calvin Montgomery d65cf1beef Change sanitize-html back to the upstream module 2017-03-03 23:51:47 -08:00
Calvin Montgomery a56f0d5b10 Adjust google drive userscript prompt 2017-03-03 23:39:38 -08:00
Calvin Montgomery aea456436e Fix race condition for siteadmin rank socket frames 2017-03-03 23:34:27 -08:00
Calvin Montgomery 70be35e3fa Experimental ustream fix 2017-03-02 18:47:47 -08:00
Calvin Montgomery 20326194f7 Add execEmotesEfficient behind feature flag
For #645.  Disabled by default, I'll selectively enable it to be sure it
works and then remove the old implementation.
2017-03-01 21:16:55 -08:00
Calvin Montgomery d4db459ff9 Fix #647 2017-03-01 20:46:01 -08:00
Calvin Montgomery 5487d15bdf Add config option for mysql pool size, optimize restart login flood case 2017-02-02 23:05:50 -08:00
Calvin Montgomery 2c57719318 Support changing the ratio of video:chat width 2017-01-23 21:47:21 -08:00
Calvin Montgomery b0ff4d5ef0 Make delete from channel library a configurable permission 2017-01-23 21:16:39 -08:00
Calvin Montgomery 27e168ba8b Integrate new tab completion methods
There is now an option to choose which tab completion method to use.
Also, emotes can be tab completed.
2017-01-10 22:26:46 -08:00
Calvin Montgomery e1ad7c63af Clarify custom embed error to remove the clause about switching to plain HTTP 2017-01-09 23:47:11 -08:00
Calvin Montgomery e2abb90d14 Add HTTPS check for ffmpeg and custom embeds 2017-01-05 20:58:07 -08:00
Calvin Montgomery 31880fa625 Fix an issue where one broken channel can prevent others from saving
Son of a bitch.
2016-12-28 23:24:08 -08:00
Calvin Montgomery f6c201f3ba Add a few safeguards around channel saving 2016-12-20 00:09:24 -08:00
Calvin Montgomery d21943ecc7 Whitelist m4a/aac for ffmpeg 2016-12-17 19:53:17 -08:00
Calvin Montgomery 453ed607ba [http deprecation] enforce HTTPS for externalcss URLs 2016-12-10 23:23:57 -08:00
Calvin Montgomery e8d39850c5 Fix null check for youtube livestream check 2016-11-30 09:24:28 -08:00
Calvin Montgomery a624f45493 Fix warning in node 7 2016-11-17 23:01:20 -08:00
Calvin Montgomery aa06884bd6 Ignore cached metadata for youtube livestreams 2016-11-17 23:00:06 -08:00
Calvin Montgomery 632ffdfa8f deps: upgrade yamljs
Old version of `yamljs` was bringing in deprecated dependencies causing
`npm install` warnings.  Newer version is still buggy and doesn't
fully support the YAML spec, but it seems to work at least as well as
the old version, as far as I can tell.
2016-11-02 22:55:14 -07:00
Calvin Montgomery 9302a271d0 Remove default contact config 2016-11-01 22:44:26 -07:00
Calvin Montgomery bfad626b2d Merge pull request #632 from calzoneman/partition-refactor
Refactor partitioning a bit
2016-10-25 20:21:34 -07:00
Calvin Montgomery afa18c4749 Fix Google Drive URL 2016-10-20 19:07:03 -07:00
Calvin Montgomery d2cce4f166 Work on auto reloading partition map from redis 2016-10-15 12:36:20 -07:00
Calvin Montgomery 3c11ac6cf5 Add jitter and retry logic to google drive userscript lookups 2016-10-08 10:33:18 -07:00
Calvin Montgomery d0d2002a5f Fix some drive userscript issues 2016-10-07 19:55:41 -07:00
Calvin Montgomery 7c3f2d0a8b only set channel rank for non-guest 2016-10-06 23:22:02 -07:00
Calvin Montgomery ad4ee4bd02 Fix profile/rank for bot logins 2016-10-06 23:01:42 -07:00
Calvin Montgomery 99760b6989 Purge the awful refreshAccount logic
User.prototype.refreshAccount was responsible for multiple race
condition bugs as well as inefficient duplication of DB queries in an
attempt to correct such race conditions.

It has now been replaced by a more reasonable model:

  * Global user account information and aliases are fetched in parallel
    on socket connection
  * Channel rank is fetched when the user tries to join a channel
2016-10-03 23:12:22 -07:00
Calvin Montgomery 35a8e2b52a Fix age old bug with /login redirecting to /register after registration 2016-10-01 21:31:04 -07:00
Calvin Montgomery c88c63a422 Merge getGlobalRank and getProfile into one query
Really the entire "Account" thing needs to be refactored/deleted and
replaced with separate global account and per-channel state, which I
plan to do, but this brings some minor benefit in the meantime
2016-09-26 22:36:17 -07:00
Calvin Montgomery e1120455b2 Cache channel ID for quicker loads/saves 2016-09-26 22:20:58 -07:00