diff --git a/backend/app.js b/backend/app.js index 9547c497..2db9ee7d 100644 --- a/backend/app.js +++ b/backend/app.js @@ -35,6 +35,8 @@ const db = low(adapter) // check if debug mode let debugMode = process.env.YTDL_MODE === 'debug'; +const admin_token = '4241b401-7236-493e-92b5-b72696b9d853'; + // logging setup // console format @@ -1218,12 +1220,25 @@ const deleteFolderRecursive = function(folder_to_delete) { }; app.use(function(req, res, next) { - var client_origin = req.get('origin'); - if (client_origin === getOrigin() || (req.headers.authorization && config_api.getConfigItem('ytdl_use_api_key') && req.headers.authorization === config_api.getConfigItem('ytdl_api_key'))) { - res.header("Access-Control-Allow-Origin", client_origin); + res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization"); + res.header("Access-Control-Allow-Origin", getOrigin()); + if (req.method === 'OPTIONS') { + res.sendStatus(200); + } else { + next(); + } +}); + +app.use(function(req, res, next) { + if (req.headers.authorization === admin_token) { + next(); + } else if (req.headers.authorization && config_api.getConfigItem('ytdl_use_api_key') && req.headers.authorization === config_api.getConfigItem('ytdl_api_key')) { + next(); + } else if (req.path.includes('/api/video/') || req.path.includes('/api/audio/')) { + next(); + } else { + req.socket.end(); } - res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); - next(); }); app.use(compression()); diff --git a/backend/consts.js b/backend/consts.js index 6627ab60..c94aba4f 100644 --- a/backend/consts.js +++ b/backend/consts.js @@ -134,5 +134,5 @@ let CONFIG_ITEMS = { module.exports = { CONFIG_ITEMS: CONFIG_ITEMS, - CURRENT_VERSION: 'v3.6.0' + CURRENT_VERSION: 'v3.6' } \ No newline at end of file diff --git a/package.json b/package.json index c61e878d..049687ba 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "youtube-dl-material", - "version": "3.6.0", + "version": "3.6", "license": "MIT", "scripts": { "ng": "ng", diff --git a/src/app/consts.ts b/src/app/consts.ts index 5b1ec6cb..14c6abdd 100644 --- a/src/app/consts.ts +++ b/src/app/consts.ts @@ -1 +1 @@ -export const CURRENT_VERSION = 'v3.5'; +export const CURRENT_VERSION = 'v3.6'; diff --git a/src/app/posts.services.ts b/src/app/posts.services.ts index d40a070c..53ec330c 100644 --- a/src/app/posts.services.ts +++ b/src/app/posts.services.ts @@ -1,8 +1,6 @@ import {Injectable, isDevMode, Inject} from '@angular/core'; -import { HttpClient, HttpHeaders, HttpRequest, HttpResponseBase } from '@angular/common/http'; -import config from '../assets/default.json'; +import { HttpClient, HttpHeaders } from '@angular/common/http'; import 'rxjs/add/operator/map'; -import { Observable } from 'rxjs/Observable'; import 'rxjs/add/operator/map'; import 'rxjs/add/operator/catch'; import 'rxjs/add/observable/throw'; @@ -22,6 +20,8 @@ export class PostsService { THEMES_CONFIG = THEMES_CONFIG; theme; settings_changed = new BehaviorSubject(false); + auth_token = '4241b401-7236-493e-92b5-b72696b9d853'; + httpOptions = null; debugMode = false; constructor(private http: HttpClient, private router: Router, @Inject(DOCUMENT) private document: Document) { @@ -34,6 +34,12 @@ export class PostsService { this.debugMode = true; this.path = 'http://localhost:17442/api/'; } + + this.httpOptions = { + headers: new HttpHeaders({ + 'Authorization': '4241b401-7236-493e-92b5-b72696b9d853' + }), + }; } setTheme(theme) { @@ -64,7 +70,7 @@ export class PostsService { customArgs: customArgs, customOutput: customOutput, youtubeUsername: youtubeUsername, - youtubePassword: youtubePassword}); + youtubePassword: youtubePassword}, this.httpOptions); } // tslint:disable-next-line: max-line-length @@ -75,22 +81,22 @@ export class PostsService { customArgs: customArgs, customOutput: customOutput, youtubeUsername: youtubeUsername, - youtubePassword: youtubePassword}); + youtubePassword: youtubePassword}, this.httpOptions); } getFileStatusMp3(name: string) { - return this.http.post(this.path + 'fileStatusMp3', {name: name}); + return this.http.post(this.path + 'fileStatusMp3', {name: name}, this.httpOptions); } getFileStatusMp4(name: string) { - return this.http.post(this.path + 'fileStatusMp4', {name: name}); + return this.http.post(this.path + 'fileStatusMp4', {name: name}, this.httpOptions); } loadNavItems() { if (isDevMode()) { return this.http.get('./assets/default.json'); } else { - return this.http.get(this.path + 'config'); + return this.http.get(this.path + 'config', this.httpOptions); } } @@ -99,27 +105,27 @@ export class PostsService { } setConfig(config) { - return this.http.post(this.path + 'setConfig', {new_config_file: config}); + return this.http.post(this.path + 'setConfig', {new_config_file: config}, this.httpOptions); } deleteFile(uid: string, isAudio: boolean, blacklistMode = false) { if (isAudio) { - return this.http.post(this.path + 'deleteMp3', {uid: uid, blacklistMode: blacklistMode}); + return this.http.post(this.path + 'deleteMp3', {uid: uid, blacklistMode: blacklistMode}, this.httpOptions); } else { - return this.http.post(this.path + 'deleteMp4', {uid: uid, blacklistMode: blacklistMode}); + return this.http.post(this.path + 'deleteMp4', {uid: uid, blacklistMode: blacklistMode}, this.httpOptions); } } getMp3s() { - return this.http.get(this.path + 'getMp3s', {}); + return this.http.get(this.path + 'getMp3s', this.httpOptions); } getMp4s() { - return this.http.get(this.path + 'getMp4s', {}); + return this.http.get(this.path + 'getMp4s', this.httpOptions); } getFile(uid, type) { - return this.http.post(this.path + 'getFile', {uid: uid, type: type}); + return this.http.post(this.path + 'getFile', {uid: uid, type: type}, this.httpOptions); } downloadFileFromServer(fileName, type, outputName = null, fullPathProvided = null, subscriptionName = null, subPlaylist = null) { @@ -131,90 +137,91 @@ export class PostsService { subscriptionName: subscriptionName, subPlaylist: subPlaylist }, - {responseType: 'blob'}); + {responseType: 'blob', headers: this.httpOptions.headers}); } downloadArchive(sub) { - return this.http.post(this.path + 'downloadArchive', {sub: sub}, {responseType: 'blob'}); + return this.http.post(this.path + 'downloadArchive', {sub: sub}, {responseType: 'blob', headers: this.httpOptions.headers}); } getFileInfo(fileNames, type, urlMode) { - return this.http.post(this.path + 'getVideoInfos', {fileNames: fileNames, type: type, urlMode: urlMode}); + return this.http.post(this.path + 'getVideoInfos', {fileNames: fileNames, type: type, urlMode: urlMode}, this.httpOptions); } isPinSet() { - return this.http.post(this.path + 'isPinSet', {}); + return this.http.post(this.path + 'isPinSet', {}, this.httpOptions); } setPin(unhashed_pin) { - return this.http.post(this.path + 'setPin', {pin: unhashed_pin}); + return this.http.post(this.path + 'setPin', {pin: unhashed_pin}, this.httpOptions); } checkPin(unhashed_pin) { - return this.http.post(this.path + 'checkPin', {input_pin: unhashed_pin}); + return this.http.post(this.path + 'checkPin', {input_pin: unhashed_pin}, this.httpOptions); } generateNewAPIKey() { - return this.http.post(this.path + 'generateNewAPIKey', {}); + return this.http.post(this.path + 'generateNewAPIKey', {}, this.httpOptions); } enableSharing(uid, type, is_playlist) { - return this.http.post(this.path + 'enableSharing', {uid: uid, type: type, is_playlist: is_playlist}); + return this.http.post(this.path + 'enableSharing', {uid: uid, type: type, is_playlist: is_playlist}, this.httpOptions); } disableSharing(uid, type, is_playlist) { - return this.http.post(this.path + 'disableSharing', {uid: uid, type: type, is_playlist: is_playlist}); + return this.http.post(this.path + 'disableSharing', {uid: uid, type: type, is_playlist: is_playlist}, this.httpOptions); } createPlaylist(playlistName, fileNames, type, thumbnailURL) { return this.http.post(this.path + 'createPlaylist', {playlistName: playlistName, fileNames: fileNames, type: type, - thumbnailURL: thumbnailURL}); + thumbnailURL: thumbnailURL}, this.httpOptions); } getPlaylist(playlistID, type) { return this.http.post(this.path + 'getPlaylist', {playlistID: playlistID, - type: type}); + type: type}, this.httpOptions); } updatePlaylist(playlistID, fileNames, type) { return this.http.post(this.path + 'updatePlaylist', {playlistID: playlistID, fileNames: fileNames, - type: type}); + type: type}, this.httpOptions); } removePlaylist(playlistID, type) { - return this.http.post(this.path + 'deletePlaylist', {playlistID: playlistID, type: type}); + return this.http.post(this.path + 'deletePlaylist', {playlistID: playlistID, type: type}, this.httpOptions); } createSubscription(url, name, timerange = null, streamingOnly = false) { - return this.http.post(this.path + 'subscribe', {url: url, name: name, timerange: timerange, streamingOnly: streamingOnly}); + return this.http.post(this.path + 'subscribe', {url: url, name: name, timerange: timerange, streamingOnly: streamingOnly}, + this.httpOptions); } unsubscribe(sub, deleteMode = false) { - return this.http.post(this.path + 'unsubscribe', {sub: sub, deleteMode: deleteMode}) + return this.http.post(this.path + 'unsubscribe', {sub: sub, deleteMode: deleteMode}, this.httpOptions) } deleteSubscriptionFile(sub, file, deleteForever) { - return this.http.post(this.path + 'deleteSubscriptionFile', {sub: sub, file: file, deleteForever: deleteForever}) + return this.http.post(this.path + 'deleteSubscriptionFile', {sub: sub, file: file, deleteForever: deleteForever}, this.httpOptions) } getSubscription(id) { - return this.http.post(this.path + 'getSubscription', {id: id}); + return this.http.post(this.path + 'getSubscription', {id: id}, this.httpOptions); } getAllSubscriptions() { - return this.http.post(this.path + 'getAllSubscriptions', {}); + return this.http.post(this.path + 'getAllSubscriptions', {}, this.httpOptions); } // updates the server to the latest version updateServer(tag) { - return this.http.post(this.path + 'updateServer', {tag: tag}); + return this.http.post(this.path + 'updateServer', {tag: tag}, this.httpOptions); } getUpdaterStatus() { - return this.http.get(this.path + 'updaterStatus'); + return this.http.get(this.path + 'updaterStatus', this.httpOptions); } // gets tag of the latest version of youtubedl-material @@ -227,6 +234,3 @@ export class PostsService { } } - - - diff --git a/src/assets/default.json b/src/assets/default.json index fb23b410..ad4211ca 100644 --- a/src/assets/default.json +++ b/src/assets/default.json @@ -24,6 +24,8 @@ "settings_pin_required": false }, "API": { + "use_API_key": false, + "API_key": "", "use_youtube_API": false, "youtube_API_key": "" },