From bf1edd2e92ab704356bc7a5b13b86bd83742db8f Mon Sep 17 00:00:00 2001
From: Fijxu <fijxu@nadeko.net>
Date: Mon, 24 Mar 2025 21:38:50 -0300
Subject: [PATCH] add patch to encrypt query parameters

---
 ...-for-an-external-videoplayback-proxy.patch |   4 +-
 ...external-videoplayback-proxy-via-inf.patch |   4 +-
 ...ion-limit-on-DASH-streams-to-save-ba.patch |   4 +-
 ...-env-variable-to-set-verify_requests.patch |   4 +-
 ...eat-add-support-for-multiple-proxies.patch |   4 +-
 patches/0006-ci-update-deno-to-2.2.4.patch    |   4 +-
 ...ayer_id-override-until-an-official-f.patch |   4 +-
 ...-cut-off-secret_key-to-16-characters.patch |   4 +-
 ...-to-disable-potoken-generation-check.patch |   4 +-
 ...pport-for-encrypted-query-parameters.patch | 172 ++++++++++++++++++
 10 files changed, 190 insertions(+), 18 deletions(-)
 create mode 100644 patches/0010-feat-add-support-for-encrypted-query-parameters.patch

diff --git a/patches/0001-feat-add-support-for-an-external-videoplayback-proxy.patch b/patches/0001-feat-add-support-for-an-external-videoplayback-proxy.patch
index ec8887d..1b94daa 100644
--- a/patches/0001-feat-add-support-for-an-external-videoplayback-proxy.patch
+++ b/patches/0001-feat-add-support-for-an-external-videoplayback-proxy.patch
@@ -1,7 +1,7 @@
-From 96bdf8e66394985e16b6e0a3f7e755d81f5b0149 Mon Sep 17 00:00:00 2001
+From 36964b3308ae64fa262cf75a3139f72ec0b4ddb6 Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 18:44:10 -0300
-Subject: [PATCH 1/9] feat: add support for an external videoplayback proxy
+Subject: [PATCH 01/10] feat: add support for an external videoplayback proxy
 
 ---
  config/config.example.toml                   | 1 +
diff --git a/patches/0002-feat-report-the-external-videoplayback-proxy-via-inf.patch b/patches/0002-feat-report-the-external-videoplayback-proxy-via-inf.patch
index 8d5f137..7e7af25 100644
--- a/patches/0002-feat-report-the-external-videoplayback-proxy-via-inf.patch
+++ b/patches/0002-feat-report-the-external-videoplayback-proxy-via-inf.patch
@@ -1,7 +1,7 @@
-From afe62c8510f1813dbe73e62342a25f07f9a3ee2d Mon Sep 17 00:00:00 2001
+From f417f917ae71707e024af334047818beaf85b032 Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 18:52:53 -0300
-Subject: [PATCH 2/9] feat: report the external videoplayback proxy via /info
+Subject: [PATCH 02/10] feat: report the external videoplayback proxy via /info
  endpoint
 
 ---
diff --git a/patches/0003-feat-add-resolution-limit-on-DASH-streams-to-save-ba.patch b/patches/0003-feat-add-resolution-limit-on-DASH-streams-to-save-ba.patch
index 09bf9c6..e5e2e93 100644
--- a/patches/0003-feat-add-resolution-limit-on-DASH-streams-to-save-ba.patch
+++ b/patches/0003-feat-add-resolution-limit-on-DASH-streams-to-save-ba.patch
@@ -1,7 +1,7 @@
-From 5a60828ab0b1dd6505d9c963fe2fd6a2d84cf442 Mon Sep 17 00:00:00 2001
+From 5b4ddd3e53d47638b12e34089ebcda72566fc154 Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 19:02:01 -0300
-Subject: [PATCH 3/9] feat: add resolution limit on DASH streams to save
+Subject: [PATCH 03/10] feat: add resolution limit on DASH streams to save
  bandwidth
 
 ---
diff --git a/patches/0004-feat-add-env-variable-to-set-verify_requests.patch b/patches/0004-feat-add-env-variable-to-set-verify_requests.patch
index f61868b..fce8201 100644
--- a/patches/0004-feat-add-env-variable-to-set-verify_requests.patch
+++ b/patches/0004-feat-add-env-variable-to-set-verify_requests.patch
@@ -1,7 +1,7 @@
-From 619d93518e6700e93c8ad599dca3676eb01f1bc8 Mon Sep 17 00:00:00 2001
+From 1c1ee023f629036e0c391f4baea9bf7d5863dd8f Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 19:06:04 -0300
-Subject: [PATCH 4/9] feat: add env variable to set verify_requests
+Subject: [PATCH 04/10] feat: add env variable to set verify_requests
 
 ---
  src/lib/helpers/config.ts | 4 +++-
diff --git a/patches/0005-feat-add-support-for-multiple-proxies.patch b/patches/0005-feat-add-support-for-multiple-proxies.patch
index 7f52736..8ddb141 100644
--- a/patches/0005-feat-add-support-for-multiple-proxies.patch
+++ b/patches/0005-feat-add-support-for-multiple-proxies.patch
@@ -1,7 +1,7 @@
-From bead21794d3fd1fbe713e331c22709f85b0e9aa3 Mon Sep 17 00:00:00 2001
+From 855b0ebc1e072442c9c12d8cb56fd8edba177e23 Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 19:20:52 -0300
-Subject: [PATCH 5/9] feat: add support for multiple proxies
+Subject: [PATCH 05/10] feat: add support for multiple proxies
 
 ---
  src/lib/helpers/getFetchClient.ts | 17 ++++++++++++++++-
diff --git a/patches/0006-ci-update-deno-to-2.2.4.patch b/patches/0006-ci-update-deno-to-2.2.4.patch
index 81856eb..33f91b1 100644
--- a/patches/0006-ci-update-deno-to-2.2.4.patch
+++ b/patches/0006-ci-update-deno-to-2.2.4.patch
@@ -1,7 +1,7 @@
-From 98c5dab9f5a7495a38bff97003cb32bec6111185 Mon Sep 17 00:00:00 2001
+From 7b46627077debdd473e50f3c7cf2ccf9a98d4bd3 Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 19:37:34 -0300
-Subject: [PATCH 6/9] ci: update deno to 2.2.4
+Subject: [PATCH 06/10] ci: update deno to 2.2.4
 
 ---
  Dockerfile | 2 +-
diff --git a/patches/0007-fix-temporary-player_id-override-until-an-official-f.patch b/patches/0007-fix-temporary-player_id-override-until-an-official-f.patch
index f3d1d4b..538cff7 100644
--- a/patches/0007-fix-temporary-player_id-override-until-an-official-f.patch
+++ b/patches/0007-fix-temporary-player_id-override-until-an-official-f.patch
@@ -1,7 +1,7 @@
-From cbebc6a7e7c1ab1aa8699abfa0695c342c7d5470 Mon Sep 17 00:00:00 2001
+From 350c0637f2a6c6fb45901b5f451ab7bc86761db4 Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 20:06:47 -0300
-Subject: [PATCH 7/9] fix: temporary player_id override until an official fix
+Subject: [PATCH 07/10] fix: temporary player_id override until an official fix
  cames out
 
 ---
diff --git a/patches/0008-fix-cut-off-secret_key-to-16-characters.patch b/patches/0008-fix-cut-off-secret_key-to-16-characters.patch
index 83d022b..4836536 100644
--- a/patches/0008-fix-cut-off-secret_key-to-16-characters.patch
+++ b/patches/0008-fix-cut-off-secret_key-to-16-characters.patch
@@ -1,7 +1,7 @@
-From f37a3301db5d703f7ab1db9670620a494e2e6bce Mon Sep 17 00:00:00 2001
+From 2250607fe6e490c9918560eab48c807257a0d9ed Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 20:22:19 -0300
-Subject: [PATCH 8/9] fix: cut off secret_key to 16 characters
+Subject: [PATCH 08/10] fix: cut off secret_key to 16 characters
 
 ---
  src/lib/helpers/verifyRequest.ts | 2 +-
diff --git a/patches/0009-feat-add-option-to-disable-potoken-generation-check.patch b/patches/0009-feat-add-option-to-disable-potoken-generation-check.patch
index 8826834..b3e5ceb 100644
--- a/patches/0009-feat-add-option-to-disable-potoken-generation-check.patch
+++ b/patches/0009-feat-add-option-to-disable-potoken-generation-check.patch
@@ -1,7 +1,7 @@
-From 4e0bbf67f713a9f30f66d978f1b8b0077c478c87 Mon Sep 17 00:00:00 2001
+From 9a955b474825e81164e4dc56294b8822dace8c1d Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 20:34:33 -0300
-Subject: [PATCH 9/9] feat: add option to disable potoken generation check
+Subject: [PATCH 09/10] feat: add option to disable potoken generation check
 
 ---
  config/config.example.toml |  1 +
diff --git a/patches/0010-feat-add-support-for-encrypted-query-parameters.patch b/patches/0010-feat-add-support-for-encrypted-query-parameters.patch
new file mode 100644
index 0000000..b628d12
--- /dev/null
+++ b/patches/0010-feat-add-support-for-encrypted-query-parameters.patch
@@ -0,0 +1,172 @@
+From 8a67c778bb2dd889a32b0b6921a6decf07b71ec0 Mon Sep 17 00:00:00 2001
+From: Fijxu <fijxu@nadeko.net>
+Date: Mon, 24 Mar 2025 21:38:33 -0300
+Subject: [PATCH 10/10] feat: add support for encrypted query parameters
+
+---
+ src/lib/helpers/config.ts                    |  9 ++++
+ src/lib/helpers/encrypter.ts                 | 56 ++++++++++++++++++++
+ src/routes/invidious_routes/dashManifest.ts  | 18 +++++--
+ src/routes/invidious_routes/latestVersion.ts | 14 ++++-
+ 4 files changed, 91 insertions(+), 6 deletions(-)
+ create mode 100644 src/lib/helpers/encrypter.ts
+
+diff --git a/src/lib/helpers/config.ts b/src/lib/helpers/config.ts
+index a2f6be0..83ce0fa 100644
+--- a/src/lib/helpers/config.ts
++++ b/src/lib/helpers/config.ts
+@@ -14,6 +14,15 @@ const ConfigSchema = z.object({
+         max_dash_resolution: z.number().default(
+             Number(Deno.env.get("SERVER_MAX_DASH_RESOLUTION")),
+         ),
++        encrypt_query_params: z
++            .boolean()
++            .default(
++                Deno.env.get("ENCRYPT_QUERY_PARAMS") === "true"
++                    ? true
++                    : Deno.env.get("ENCRYPT_QUERY_PARAMS") === "false"
++                    ? false
++                    : true,
++            ),
+     }).strict().default({}),
+     cache: z.object({
+         enabled: z.boolean().default(true),
+diff --git a/src/lib/helpers/encrypter.ts b/src/lib/helpers/encrypter.ts
+new file mode 100644
+index 0000000..4b45590
+--- /dev/null
++++ b/src/lib/helpers/encrypter.ts
+@@ -0,0 +1,56 @@
++import { decodeBase64, encodeBase64 } from "@std/encoding/base64";
++import { Aes } from "crypto/aes.ts";
++import { Ecb, Padding } from "crypto/block-modes.ts";
++import { Config } from "./config.ts";
++
++export const encryptQuery = (
++    queryParams: string,
++    config: Config,
++): string => {
++    try {
++        const cipher = new Ecb(
++            Aes,
++            new TextEncoder().encode(config.server.secret_key.substring(0, 16)),
++            Padding.PKCS7,
++        );
++
++        const encodedData = new TextEncoder().encode(
++            queryParams,
++        );
++
++        const encryptedData = cipher.encrypt(encodedData);
++
++        return encodeBase64(encryptedData).replace(/\+/g, "-").replace(
++            /\//g,
++            "_",
++        );
++    } catch (_) {
++        return "";
++    }
++};
++
++export const decryptQuery = (
++    queryParams: string,
++    config: Config,
++): string => {
++    try {
++        const decipher = new Ecb(
++            Aes,
++            new TextEncoder().encode(config.server.secret_key.substring(0, 16)),
++            Padding.PKCS7,
++        );
++
++        const decryptedData = new TextDecoder().decode(
++            decipher.decrypt(
++                decodeBase64(
++                    queryParams.replace(/-/g, "+").replace(/_/g, "/"),
++                ),
++            ),
++        );
++
++        console.log(decryptedData);
++        return decryptedData;
++    } catch (_) {
++        return "";
++    }
++};
+diff --git a/src/routes/invidious_routes/dashManifest.ts b/src/routes/invidious_routes/dashManifest.ts
+index 68ae21d..a4c0950 100644
+--- a/src/routes/invidious_routes/dashManifest.ts
++++ b/src/routes/invidious_routes/dashManifest.ts
+@@ -6,6 +6,7 @@ import {
+ } from "../../lib/helpers/youtubePlayerHandling.ts";
+ import { verifyRequest } from "../../lib/helpers/verifyRequest.ts";
+ import { HTTPException } from "hono/http-exception";
++import { encryptQuery } from "../../lib/helpers/encrypter.ts";
+ 
+ const dashManifest = new Hono();
+ 
+@@ -88,14 +89,23 @@ dashManifest.get("/:videoId", async (c) => {
+             videoInfo.page[0].video_details?.is_post_live_dvr,
+             (url: URL) => {
+                 let dashUrl = url;
++                let queryParams = dashUrl.search.substring(1) + "&host=" +
++                    dashUrl.host;
++
+                 if (local) {
+-                    // Can't create URL type without host part
+-                    dashUrl = config.networking.external_videoplayback_proxy +
+-                        (dashUrl.pathname + dashUrl.search + "&host=" +
+-                            dashUrl.host) as unknown as URL;
+                     if (config.networking.ump) {
+                         dashUrl = dashUrl + "&ump=1" as unknown as URL;
+                     }
++                    if (config.server.encrypt_query_params) {
++                        queryParams = "enc=yes&data=" + encryptQuery(
++                            queryParams,
++                            config,
++                        );
++                    }
++                    // Can't create URL type without host part
++                    dashUrl = config.networking.external_videoplayback_proxy +
++                        (dashUrl.pathname + "?" +
++                            queryParams) as unknown as URL;
+                     return dashUrl;
+                 } else {
+                     return dashUrl;
+diff --git a/src/routes/invidious_routes/latestVersion.ts b/src/routes/invidious_routes/latestVersion.ts
+index a8ead67..f1a7605 100644
+--- a/src/routes/invidious_routes/latestVersion.ts
++++ b/src/routes/invidious_routes/latestVersion.ts
+@@ -5,6 +5,7 @@ import {
+     youtubeVideoInfo,
+ } from "../../lib/helpers/youtubePlayerHandling.ts";
+ import { verifyRequest } from "../../lib/helpers/verifyRequest.ts";
++import { encryptQuery } from "../../lib/helpers/encrypter.ts";
+ 
+ const latestVersion = new Hono();
+ 
+@@ -63,10 +64,19 @@ latestVersion.get("/", async (c) => {
+         const itagUrl = selectedItagFormat[0].url as string;
+         const itagUrlParsed = new URL(itagUrl);
+         let urlToRedirect = itagUrlParsed.toString();
++        let queryParams = itagUrlParsed.search.substring(1) + "&host=" +
++            itagUrlParsed.host;
++
+         if (local) {
++            if (config.server.encrypt_query_params) {
++                queryParams = "enc=yes&data=" + encryptQuery(
++                    queryParams,
++                    config,
++                );
++            }
++
+             urlToRedirect = config.networking.external_videoplayback_proxy +
+-                itagUrlParsed.pathname + itagUrlParsed.search +
+-                "&host=" + itagUrlParsed.host;
++                itagUrlParsed.pathname + "?" + queryParams;
+         }
+ 
+         if (title) urlToRedirect += `&title=${encodeURIComponent(title)}`;
+-- 
+2.49.0
+