nixconfig/modules/server/containers/data/invidious/login.cr

{% skip_file if flag?(:api_only) %}

module Invidious::Routes::Login
    def self.login_page(env)
        locale = env.get("preferences").as(Preferences).locale

        user = env.get? "user"
        referer = get_referer(env, "/feed/subscriptions")
        return env.redirect referer if user
        return error_template(400, "Login has been disabled by administrator.") if !CONFIG.login_enabled
        

        if forwarded_user = env.request.headers["X-authentik-email"]? begin
            email = forwarded_user?.try &.downcase.byte_slice(0, 254)
            
            return error_template(401, "User ID is a required field") if email.nil? || email.empty?
            
            user = Invidious::Database::Users.select(email: email)
            if user
                sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
                Invidious::Database::SessionIDs.insert(sid, email)
                env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid)

                if env.request.cookies["PREFS"]?
                    cookie = env.request.cookies["PREFS"]
                    cookie.expires = Time.utc(1990, 1, 1)
                    env.response.cookies << cookie
                end
            else
                return error_template(400, "Registration has been disabled by administrator.") if !CONFIG.registration_enabled

                sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
                user, sid = create_user(sid, email, "")

                if language_header = env.request.headers["Accept-Language"]?
                    if language = ANG.language_negotiator.best(language_header, I18n::LOCALES.keys)
                        user.preferences.locale = language.header
                    end
                end

                Invidious::Database::Users.insert(user)
                Invidious::Database::SessionIDs.insert(sid, email)

                view_name = "subscriptions_#{sha256(user.email)}"
                PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS #{MATERIALIZED_VIEW_SQL.call(user.email)}")
                env.response.cookies["SID"] = Invidious::User::Cookies.sid(CONFIG.domain, sid)

                if env.request.cookies["PREFS"]?
                    user.preferences = env.get("preferences").as(Preferences)
                    Invidious::Database::Users.update_preferences(user)

                    cookie = env.request.cookies["PREFS"]
                    cookie.expires = Time.utc(1990, 1, 1)
                    env.response.cookies << cookie
                end
            end

            env.redirect referer
        else
            env.redirect referer
        end
    end

    def self.signout(env)
        locale = env.get("preferences").as(Preferences).locale

        user = env.get? "user"
        sid = env.get? "sid"
        referer = get_referer(env)

        return env.redirect referer if !user

        user = user.as(User)
        sid = sid.as(String)
        token = env.params.body["csrf_token"]?

        begin
            validate_request(token, sid, env.request, HMAC_KEY, locale)
        rescue ex
            return error_template(400, ex)
        end

        Invidious::Database::SessionIDs.delete(sid: sid)

        env.request.cookies.each do |cookie|
            cookie.expires = Time.utc(1990, 1, 1)
            env.response.cookies << cookie
        end

        env.redirect referer
    end
end