mirrors/irs
1
1
Fork 0
mirror of https://github.com/cooperhammond/irs.git synced 2024-12-22 17:35:28 +00:00
Code Issues Projects Releases Wiki Activity

make youtube url validation safer

Browse source
This commit is contained in:
imsamuka 2022-01-02 18:04:05 -03:00
parent ac7bc02ec5
commit f962a0ab75
No known key found for this signature in database
GPG key ID: AF9ACFEF1FD372EE
2 changed files with 16 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/glue/song.cr
View file

@ -115,8 +115,9 @@ class Song
outputter("url", 1)
else
outputter("url", 2)
if !Youtube.is_valid_url(url)
raise("The url '#{url}' is an invalid youtube URL " +
url = Youtube.validate_url(url)
if !url
raise("The url is an invalid youtube URL " +
"Check the URL and try again")
end
outputter("url", 3)

38
src/search/youtube.cr
View file

@ -170,45 +170,33 @@ module Youtube
return video_metadata
end
# Checks if the given URL is a valid youtube URL
# Returns as a valid URL if possible
#
# ```
# Youtube.is_valid_url("https://www.youtube.com/watch?v=NOTANACTUALVIDEOID")
# => false
# Youtube.validate_url("https://www.youtube.com/watch?v=NOTANACTUALVIDEOID")
# => nil
# ```
def is_valid_url(url : String) : Bool
def validate_url(url : String) : String | Nil
uri = URI.parse url
return nil if !uri
# is it a video on youtube, with a query
query = uri.query
if !uri || !query || !uri.host || uri.path != "/watch" ||
!uri.host.not_nil!.ends_with?("youtube.com")
return false
end
queries = query.split('&')
return nil if !query
# find the video ID
i = 0
while i < queries.size
if queries[i].starts_with?("v=")
vID = queries[i][2..-1]
break
vID = nil
query.split('&').each do |q|
if q.starts_with?("v=")
vID = q[2..-1]
end
i += 1
end
if !vID
return false
end
return nil if !vID
url = "https://www.youtube.com/watch?v=#{vID}"
# this is an internal endpoint to validate the video ID
response = HTTP::Client.get "https://www.youtube.com/oembed?format=json&url=#{url}"
return response.success?
return response.success? ? url : nil
end
end