README.md

   1 # Unnamed Youtube Frontend
   2
   3 Note: this is a work in progress, still unreleased software. Feel free to look around, but keep in mind that this repository will move servers for its public release.
   4
   5 Contributors wanted! Please send me an email (see commit log) or contact `girst` on irc.freenode.net (hanging out in `#invidious` for now)
   6
   7 Test Instance: http://delta.gir.st:8000/ (will move in the future)
   8
   9 TODO:
  10  - implement authentication
  11  - abstract database access, implement nice config system
  12  - fetch cipher.txt and cache it in memory
  13  - use 'card'-css for Info- and Endcards
  14  - don't hardcode reddit-links in the template
  15  - csrf protection (sub, unsub, pin, unpin, hide)
  16    https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#hmac-based-token-pattern
  17    if we have a session (i.e. user is logged in), we can use flask-login or session['uid']=uuid.uuid4(). fallback: user ip (beware of reverse proxies!)
  18    automagic csrf protection: modify html-responses to include a csrf-token in every form and check all post requests if it has the token. the token
  19    is derived from the flask secret key and is uniqe per user.
  20  - use html error pages for watch?show=metadata
  21  - use invidious api for channels/playlists/search (with query parameter provider=https://invidio.us/api or similar)
  22  - rewrite frontend-'card' with flexbox
  23    https://css-tricks.com/snippets/css/a-guide-to-flexbox/
  24  - write documentation, theory of operation, overview diagram, risk (of getting banned) assessment, ...
  25  - provide gunicorn configs, config.ini, ...
  26  - organize repo directory structure, automate install/setup somewhat
  27  - asynchronically call update-subs and pull-subs after subscribing to a channel
  28  - we are currently misclassifying some subscription videos as old, when they are uploaded unlisted and made public later. this could be solved by querying get_video_info for websub-videos that are not yet in the database to get the actual published date.
  29
  30 # Installation
  31
  32 see INSTALL file
  33
  34 # Usage
  35
  36 Since user authentication is not yet implemented, users are for now identified by a randomized token. To "log in", just visit `/feed/subscriptions?token=....`. at the bottom, click 'Manage Subscriptions' and paste the UC...-URLs of channels you want to subscribe to.
  37
  38 If no token is specified, it defaults to `guest`. Since this is a readonly account, you can populate it by directly writing into the database:
  39
  40 first, prepare a file (guest.csv) of channel ids like so:
  41     UCxxxxxxxxxxxxxxxxxxxxxxxx,guest,channel
  42 then from the sqlite3 console, issue:
  43     .mode csv
  44     .import guest.csv subscriptions
  45
  46
  47 # Notes
  48  - caching external api requests
  49    currently using in-memory-backend, which is purged every 10minutes. a real installation should use redis, which should scale better and handle purging for us.