Override login page

modules/server/containers/apps/invidious.nix

@@ -3,30 +3,18 @@ let
   serverCfg = config.syscfg.server;
 
   patchedInvidious = pkgs.invidious.overrideAttrs (oldAttrs: {
-    # If using a standard .patch file:
-    # patches = (oldAttrs.patches or []) ++ [ ./your-file-replacement.patch ];
-
     postPatch = (oldAttrs.postPatch or "") + ''
       cp ${../data/invidious/login.cr} src/invidious/routes/login.cr
     '';
   });
 
   image = pkgs.dockerTools.streamLayeredImage {
-    name = "invidious-custom";
+    name = pkgs.invidious.name;
-    tag = "1.0.0";
+    tag = pkgs.invidious.version;
-    # Include both patched invidious and companion/helper packages
-    contents = [ 
-      patchedInvidious 
-      pkgs.inv-sig-helper # The companion signature helper tool
-      pkgs.bashInteractive 
-    ];
     config = {
-      # Point to your custom invidious binary location
       Entrypoint = [ "${patchedInvidious}/bin/invidious" ];
       Cmd = [ "--config" "/etc/invidious/config.yml" ];
-      ExposedPorts = {
+      ExposedPorts = { "3000/tcp" = {}; };
-        "3000/tcp" = {}; # Default Invidious web UI port
-      };
     };
   };
 
@@ -43,7 +31,7 @@ in {
       extraEnv = {
         INVIDIOUS_DATABASE_URL = "postgres://invidious_user:\${DB_PASS}@${builder.host}/invidious_db";
         INVIDIOUS_HMAC_KEY = "\${HMAC_KEY}";
-        INVIDIOUS_COMPANION_URL = "http://invidious-companion:12999";
+        INVIDIOUS_COMPANION_URL = "http://invidious-companion:8282/companion";
         INVIDIOUS_PO_TOKEN = "\${PO_TOKEN}";
         INVIDIOUS_VISITOR_DATA = "\${VISITOR_DATA}";
         INVIDIOUS_PORT = "3000";

modules/server/containers/data/invidious/login.cr

@@ -0,0 +1,92 @@
+{% skip_file if flag?(:api_only) %}
+
+module Invidious::Routes::Login
+    def self.login_page(env)
+        locale = env.get("preferences").as(Preferences).locale
+
+        user = env.get? "user"
+        referer = get_referer(env, "/feed/subscriptions")
+        return env.redirect referer if user
+        return error_template(400, "Login has been disabled by administrator.") if !CONFIG.login_enabled
+        
+
+        if forwarded_user = env.request.headers["X-authentik-email"]? begin
+            email = forwarded_user?.try &.downcase.byte_slice(0, 254)
+            
+            return error_template(401, "User ID is a required field") if email.nil? || email.empty?
+            
+            user = Invidious::Database::Users.select(email: email)
+            if user
+                sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
+                Invidious::Database::SessionIDs.insert(sid, email)
+                env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid)
+
+                if env.request.cookies["PREFS"]?
+                    cookie = env.request.cookies["PREFS"]
+                    cookie.expires = Time.utc(1990, 1, 1)
+                    env.response.cookies << cookie
+                end
+            else
+                return error_template(400, "Registration has been disabled by administrator.") if !CONFIG.registration_enabled
+
+                sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
+                user, sid = create_user(sid, email, "")
+
+                if language_header = env.request.headers["Accept-Language"]?
+                    if language = ANG.language_negotiator.best(language_header, I18n::LOCALES.keys)
+                        user.preferences.locale = language.header
+                    end
+                end
+
+                Invidious::Database::Users.insert(user)
+                Invidious::Database::SessionIDs.insert(sid, email)
+
+                view_name = "subscriptions_#{sha256(user.email)}"
+                PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}")
+                env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid)
+
+                if env.request.cookies["PREFS"]?
+                    user.preferences = env.get("preferences").as(Preferences)
+                    Invidious::Database::Users.update_preferences(user)
+
+                    cookie = env.request.cookies["PREFS"]
+                    cookie.expires = Time.utc(1990, 1, 1)
+                    env.response.cookies << cookie
+                end
+            end
+
+            env.redirect referer
+        else
+            env.redirect referer
+        end
+    end
+
+    def self.signout(env)
+        locale = env.get("preferences").as(Preferences).locale
+
+        user = env.get? "user"
+        sid = env.get? "sid"
+        referer = get_referer(env)
+
+        return env.redirect referer if !user
+
+        user = user.as(User)
+        sid = sid.as(String)
+        token = env.params.body["csrf_token"]?
+
+        begin
+            validate_request(token, sid, env.request, HMAC_KEY, locale)
+        rescue ex
+            return error_template(400, ex)
+        end
+
+        Invidious::Database::SessionIDs.delete(sid: sid)
+
+        env.request.cookies.each do |cookie|
+            cookie.expires = Time.utc(1990, 1, 1)
+            env.response.cookies << cookie
+        end
+
+        env.redirect referer
+    end
+end