add patch to encrypt query parameters

2025-03-24 21:38:50 -03:00 · 2025-03-24 21:38:50 -03:00 · bf1edd2e92
commit bf1edd2e92
parent b36a351d68
10 changed files with 190 additions and 18 deletions
--- a/patches/0001-feat-add-support-for-an-external-videoplayback-proxy.patch
+++ b/patches/0001-feat-add-support-for-an-external-videoplayback-proxy.patch
@ -1,7 +1,7 @@
-From 96bdf8e66394985e16b6e0a3f7e755d81f5b0149 Mon Sep 17 00:00:00 2001
+From 36964b3308ae64fa262cf75a3139f72ec0b4ddb6 Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 18:44:10 -0300
-Subject: [PATCH 1/9] feat: add support for an external videoplayback proxy
+Subject: [PATCH 01/10] feat: add support for an external videoplayback proxy
 ---
 config/config.example.toml                   | 1 +
--- a/patches/0002-feat-report-the-external-videoplayback-proxy-via-inf.patch
+++ b/patches/0002-feat-report-the-external-videoplayback-proxy-via-inf.patch
@ -1,7 +1,7 @@
-From afe62c8510f1813dbe73e62342a25f07f9a3ee2d Mon Sep 17 00:00:00 2001
+From f417f917ae71707e024af334047818beaf85b032 Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 18:52:53 -0300
-Subject: [PATCH 2/9] feat: report the external videoplayback proxy via /info
+Subject: [PATCH 02/10] feat: report the external videoplayback proxy via /info
 endpoint
 ---
--- a/patches/0003-feat-add-resolution-limit-on-DASH-streams-to-save-ba.patch
+++ b/patches/0003-feat-add-resolution-limit-on-DASH-streams-to-save-ba.patch
@ -1,7 +1,7 @@
-From 5a60828ab0b1dd6505d9c963fe2fd6a2d84cf442 Mon Sep 17 00:00:00 2001
+From 5b4ddd3e53d47638b12e34089ebcda72566fc154 Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 19:02:01 -0300
-Subject: [PATCH 3/9] feat: add resolution limit on DASH streams to save
+Subject: [PATCH 03/10] feat: add resolution limit on DASH streams to save
 bandwidth
 ---
--- a/patches/0004-feat-add-env-variable-to-set-verify_requests.patch
+++ b/patches/0004-feat-add-env-variable-to-set-verify_requests.patch
@ -1,7 +1,7 @@
-From 619d93518e6700e93c8ad599dca3676eb01f1bc8 Mon Sep 17 00:00:00 2001
+From 1c1ee023f629036e0c391f4baea9bf7d5863dd8f Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 19:06:04 -0300
-Subject: [PATCH 4/9] feat: add env variable to set verify_requests
+Subject: [PATCH 04/10] feat: add env variable to set verify_requests
 ---
 src/lib/helpers/config.ts | 4 +++-
--- a/patches/0005-feat-add-support-for-multiple-proxies.patch
+++ b/patches/0005-feat-add-support-for-multiple-proxies.patch
@ -1,7 +1,7 @@
-From bead21794d3fd1fbe713e331c22709f85b0e9aa3 Mon Sep 17 00:00:00 2001
+From 855b0ebc1e072442c9c12d8cb56fd8edba177e23 Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 19:20:52 -0300
-Subject: [PATCH 5/9] feat: add support for multiple proxies
+Subject: [PATCH 05/10] feat: add support for multiple proxies
 ---
 src/lib/helpers/getFetchClient.ts | 17 ++++++++++++++++-
--- a/patches/0006-ci-update-deno-to-2.2.4.patch
+++ b/patches/0006-ci-update-deno-to-2.2.4.patch
@ -1,7 +1,7 @@
-From 98c5dab9f5a7495a38bff97003cb32bec6111185 Mon Sep 17 00:00:00 2001
+From 7b46627077debdd473e50f3c7cf2ccf9a98d4bd3 Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 19:37:34 -0300
-Subject: [PATCH 6/9] ci: update deno to 2.2.4
+Subject: [PATCH 06/10] ci: update deno to 2.2.4
 ---
 Dockerfile | 2 +-
--- a/patches/0007-fix-temporary-player_id-override-until-an-official-f.patch
+++ b/patches/0007-fix-temporary-player_id-override-until-an-official-f.patch
@ -1,7 +1,7 @@
-From cbebc6a7e7c1ab1aa8699abfa0695c342c7d5470 Mon Sep 17 00:00:00 2001
+From 350c0637f2a6c6fb45901b5f451ab7bc86761db4 Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 20:06:47 -0300
-Subject: [PATCH 7/9] fix: temporary player_id override until an official fix
+Subject: [PATCH 07/10] fix: temporary player_id override until an official fix
 cames out
 ---
--- a/patches/0008-fix-cut-off-secret_key-to-16-characters.patch
+++ b/patches/0008-fix-cut-off-secret_key-to-16-characters.patch
@ -1,7 +1,7 @@
-From f37a3301db5d703f7ab1db9670620a494e2e6bce Mon Sep 17 00:00:00 2001
+From 2250607fe6e490c9918560eab48c807257a0d9ed Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 20:22:19 -0300
-Subject: [PATCH 8/9] fix: cut off secret_key to 16 characters
+Subject: [PATCH 08/10] fix: cut off secret_key to 16 characters
 ---
 src/lib/helpers/verifyRequest.ts | 2 +-
--- a/patches/0009-feat-add-option-to-disable-potoken-generation-check.patch
+++ b/patches/0009-feat-add-option-to-disable-potoken-generation-check.patch
@ -1,7 +1,7 @@
-From 4e0bbf67f713a9f30f66d978f1b8b0077c478c87 Mon Sep 17 00:00:00 2001
+From 9a955b474825e81164e4dc56294b8822dace8c1d Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 20:34:33 -0300
-Subject: [PATCH 9/9] feat: add option to disable potoken generation check
+Subject: [PATCH 09/10] feat: add option to disable potoken generation check
 ---
 config/config.example.toml |  1 +
--- a/patches/0010-feat-add-support-for-encrypted-query-parameters.patch
+++ b/patches/0010-feat-add-support-for-encrypted-query-parameters.patch
@ -0,0 +1,172 @@
 From 8a67c778bb2dd889a32b0b6921a6decf07b71ec0 Mon Sep 17 00:00:00 2001
 From: Fijxu <fijxu@nadeko.net>
 Date: Mon, 24 Mar 2025 21:38:33 -0300
 Subject: [PATCH 10/10] feat: add support for encrypted query parameters
 ---
 src/lib/helpers/config.ts                    |  9 ++++
 src/lib/helpers/encrypter.ts                 | 56 ++++++++++++++++++++
 src/routes/invidious_routes/dashManifest.ts  | 18 +++++--
 src/routes/invidious_routes/latestVersion.ts | 14 ++++-
 4 files changed, 91 insertions(+), 6 deletions(-)
 create mode 100644 src/lib/helpers/encrypter.ts
 diff --git a/src/lib/helpers/config.ts b/src/lib/helpers/config.ts
 index a2f6be0..83ce0fa 100644
 --- a/src/lib/helpers/config.ts
 +++ b/src/lib/helpers/config.ts
@@ -14,6 +14,15 @@ const ConfigSchema = z.object({
         max_dash_resolution: z.number().default(
             Number(Deno.env.get("SERVER_MAX_DASH_RESOLUTION")),
         ),
 +        encrypt_query_params: z
 +            .boolean()
 +            .default(
 +                Deno.env.get("ENCRYPT_QUERY_PARAMS") === "true"
 +                    ? true
 +                    : Deno.env.get("ENCRYPT_QUERY_PARAMS") === "false"
 +                    ? false
 +                    : true,
 +            ),
     }).strict().default({}),
     cache: z.object({
         enabled: z.boolean().default(true),
 diff --git a/src/lib/helpers/encrypter.ts b/src/lib/helpers/encrypter.ts
 new file mode 100644
 index 0000000..4b45590
 --- /dev/null
 +++ b/src/lib/helpers/encrypter.ts
@@ -0,0 +1,56 @@
 +import { decodeBase64, encodeBase64 } from "@std/encoding/base64";
 +import { Aes } from "crypto/aes.ts";
 +import { Ecb, Padding } from "crypto/block-modes.ts";
 +import { Config } from "./config.ts";
 +
 +export const encryptQuery = (
 +    queryParams: string,
 +    config: Config,
 +): string => {
 +    try {
 +        const cipher = new Ecb(
 +            Aes,
 +            new TextEncoder().encode(config.server.secret_key.substring(0, 16)),
 +            Padding.PKCS7,
 +        );
 +
 +        const encodedData = new TextEncoder().encode(
 +            queryParams,
 +        );
 +
 +        const encryptedData = cipher.encrypt(encodedData);
 +
 +        return encodeBase64(encryptedData).replace(/\+/g, "-").replace(
 +            /\//g,
 +            "_",
 +        );
 +    } catch (_) {
 +        return "";
 +    }
 +};
 +
 +export const decryptQuery = (
 +    queryParams: string,
 +    config: Config,
 +): string => {
 +    try {
 +        const decipher = new Ecb(
 +            Aes,
 +            new TextEncoder().encode(config.server.secret_key.substring(0, 16)),
 +            Padding.PKCS7,
 +        );
 +
 +        const decryptedData = new TextDecoder().decode(
 +            decipher.decrypt(
 +                decodeBase64(
 +                    queryParams.replace(/-/g, "+").replace(/_/g, "/"),
 +                ),
 +            ),
 +        );
 +
 +        console.log(decryptedData);
 +        return decryptedData;
 +    } catch (_) {
 +        return "";
 +    }
 +};
 diff --git a/src/routes/invidious_routes/dashManifest.ts b/src/routes/invidious_routes/dashManifest.ts
 index 68ae21d..a4c0950 100644
 --- a/src/routes/invidious_routes/dashManifest.ts
 +++ b/src/routes/invidious_routes/dashManifest.ts
@@ -6,6 +6,7 @@ import {
 } from "../../lib/helpers/youtubePlayerHandling.ts";
 import { verifyRequest } from "../../lib/helpers/verifyRequest.ts";
 import { HTTPException } from "hono/http-exception";
 +import { encryptQuery } from "../../lib/helpers/encrypter.ts";
 const dashManifest = new Hono();
@@ -88,14 +89,23 @@ dashManifest.get("/:videoId", async (c) => {
             videoInfo.page[0].video_details?.is_post_live_dvr,
             (url: URL) => {
                 let dashUrl = url;
 +                let queryParams = dashUrl.search.substring(1) + "&host=" +
 +                    dashUrl.host;
 +
                 if (local) {
 -                    // Can't create URL type without host part
 -                    dashUrl = config.networking.external_videoplayback_proxy +
 -                        (dashUrl.pathname + dashUrl.search + "&host=" +
 -                            dashUrl.host) as unknown as URL;
                     if (config.networking.ump) {
                         dashUrl = dashUrl + "&ump=1" as unknown as URL;
                     }
 +                    if (config.server.encrypt_query_params) {
 +                        queryParams = "enc=yes&data=" + encryptQuery(
 +                            queryParams,
 +                            config,
 +                        );
 +                    }
 +                    // Can't create URL type without host part
 +                    dashUrl = config.networking.external_videoplayback_proxy +
 +                        (dashUrl.pathname + "?" +
 +                            queryParams) as unknown as URL;
                     return dashUrl;
                 } else {
                     return dashUrl;
 diff --git a/src/routes/invidious_routes/latestVersion.ts b/src/routes/invidious_routes/latestVersion.ts
 index a8ead67..f1a7605 100644
 --- a/src/routes/invidious_routes/latestVersion.ts
 +++ b/src/routes/invidious_routes/latestVersion.ts
@@ -5,6 +5,7 @@ import {
     youtubeVideoInfo,
 } from "../../lib/helpers/youtubePlayerHandling.ts";
 import { verifyRequest } from "../../lib/helpers/verifyRequest.ts";
 +import { encryptQuery } from "../../lib/helpers/encrypter.ts";
 const latestVersion = new Hono();
@@ -63,10 +64,19 @@ latestVersion.get("/", async (c) => {
         const itagUrl = selectedItagFormat[0].url as string;
         const itagUrlParsed = new URL(itagUrl);
         let urlToRedirect = itagUrlParsed.toString();
 +        let queryParams = itagUrlParsed.search.substring(1) + "&host=" +
 +            itagUrlParsed.host;
 +
         if (local) {
 +            if (config.server.encrypt_query_params) {
 +                queryParams = "enc=yes&data=" + encryptQuery(
 +                    queryParams,
 +                    config,
 +                );
 +            }
 +
             urlToRedirect = config.networking.external_videoplayback_proxy +
 -                itagUrlParsed.pathname + itagUrlParsed.search +
 -                "&host=" + itagUrlParsed.host;
 +                itagUrlParsed.pathname + "?" + queryParams;
         }
         if (title) urlToRedirect += `&title=${encodeURIComponent(title)}`;
 -- 
 2.49.0