From 78773d732672d8985795fb040a39dd7e946c7b7c Mon Sep 17 00:00:00 2001 From: Emilien Devos Date: Sat, 22 May 2021 17:42:23 +0200 Subject: [PATCH 1/8] add the ability to listen on unix sockets --- src/invidious.cr | 15 ++++++++++++--- src/invidious/helpers/helpers.cr | 1 + 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/invidious.cr b/src/invidious.cr index ae20e13e5..65b1091bb 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -3917,6 +3917,15 @@ add_context_storage_type(Preferences) add_context_storage_type(User) Kemal.config.logger = LOGGER -Kemal.config.host_binding = Kemal.config.host_binding != "0.0.0.0" ? Kemal.config.host_binding : CONFIG.host_binding -Kemal.config.port = Kemal.config.port != 3000 ? Kemal.config.port : CONFIG.port -Kemal.run + +Kemal.run do |config| + if CONFIG.bind_unix + if File.exists?(CONFIG.bind_unix.not_nil!) + File.delete(CONFIG.bind_unix.not_nil!) + end + config.server.not_nil!.bind_unix CONFIG.bind_unix.not_nil! + else + config.host_binding = config.host_binding != "0.0.0.0" ? config.host_binding : CONFIG.host_binding + config.port = config.port != 3000 ? config.port : CONFIG.port + end +end diff --git a/src/invidious/helpers/helpers.cr b/src/invidious/helpers/helpers.cr index e1d877b78..6a5789a0e 100644 --- a/src/invidious/helpers/helpers.cr +++ b/src/invidious/helpers/helpers.cr @@ -98,6 +98,7 @@ class Config property force_resolve : Socket::Family = Socket::Family::UNSPEC # Connect to YouTube over 'ipv6', 'ipv4'. Will sometimes resolve fix issues with rate-limiting (see https://github.com/ytdl-org/youtube-dl/issues/21729) property port : Int32 = 3000 # Port to listen for connections (overrided by command line argument) property host_binding : String = "0.0.0.0" # Host to bind (overrided by command line argument) + property bind_unix : String? = nil # Make Invidious listening on UNIX sockets - Example: /tmp/invidious.sock property pool_size : Int32 = 100 # Pool size for HTTP requests to youtube.com and ytimg.com (each domain has a separate pool of `pool_size`) property use_quic : Bool = true # Use quic transport for youtube api From b4e930f3bcfa7996ac48e8fe288b5ab82e518aaa Mon Sep 17 00:00:00 2001 From: Caian Benedicto Date: Fri, 13 Dec 2024 21:29:48 -0300 Subject: [PATCH 2/8] Change bind_unix to socket_binding, add socket_permissions and config example --- config/config.example.yml | 25 +++++++++++++++++++++++-- src/invidious.cr | 12 ++++++++---- src/invidious/config.cr | 6 ++++-- 3 files changed, 35 insertions(+), 8 deletions(-) diff --git a/config/config.example.yml b/config/config.example.yml index a3a2eeb76..439063e1e 100644 --- a/config/config.example.yml +++ b/config/config.example.yml @@ -130,6 +130,27 @@ https_only: false ## #hsts: true +## +## Path of a UNIX socket to listen on for incoming connections. +## +## Note: Enabling socket will make invidious stop listening on the address +## specified by 'host_binding' and 'port'. +## +## Accepted values: Any path to a new file (that doesn't exist yet) +## Default: +## +socket_binding: /tmp/invidious.sock + +## +## Permissions for the UNIX socket specified by 'socket_binding'. +## +## Note: The permissions are given in octal, following UNIX convention. +## +## Accepted values: 000-777 +## Default: 777 +## +socket_permissions: 777 + # ----------------------------- # Network (outbound) @@ -177,7 +198,7 @@ https_only: false ## Configuration for using a HTTP proxy ## ## If unset, then no HTTP proxy will be used. -## +## http_proxy: user: password: @@ -839,7 +860,7 @@ default_user_preferences: ## Default: true ## #vr_mode: true - + ## ## Save the playback position ## Allow to continue watching at the previous position when diff --git a/src/invidious.cr b/src/invidious.cr index 0be735552..92ae80454 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -248,11 +248,15 @@ Kemal.config.app_name = "Invidious" {% end %} Kemal.run do |config| - if CONFIG.bind_unix - if File.exists?(CONFIG.bind_unix.not_nil!) - File.delete(CONFIG.bind_unix.not_nil!) + if CONFIG.socket_binding + if File.exists?(CONFIG.socket_binding.not_nil!) + File.delete(CONFIG.socket_binding.not_nil!) end - config.server.not_nil!.bind_unix CONFIG.bind_unix.not_nil! + # Create a socket and set its desired permissions + server = UNIXServer.new(CONFIG.socket_binding.not_nil!) + perms = CONFIG.socket_permissions.to_i(base: 8) + File.chmod(CONFIG.socket_binding.not_nil!, perms) + config.server.not_nil!.bind server else Kemal.config.host_binding = Kemal.config.host_binding != "0.0.0.0" ? Kemal.config.host_binding : CONFIG.host_binding Kemal.config.port = Kemal.config.port != 3000 ? Kemal.config.port : CONFIG.port diff --git a/src/invidious/config.cr b/src/invidious/config.cr index ff7681979..7c9e9ca64 100644 --- a/src/invidious/config.cr +++ b/src/invidious/config.cr @@ -138,8 +138,10 @@ class Config property port : Int32 = 3000 # Host to bind (overridden by command line argument) property host_binding : String = "0.0.0.0" - # Make Invidious listening on UNIX sockets - Example: /tmp/invidious.sock - property bind_unix : String? = nil + # Make Invidious listen on a UNIX socket instead of a TCP port - Example: /tmp/invidious.sock + property socket_binding : String? = nil + # Permissions of the listening socket in octal + property socket_permissions : String = "777" # Pool size for HTTP requests to youtube.com and ytimg.com (each domain has a separate pool of `pool_size`) property pool_size : Int32 = 100 # HTTP Proxy configuration From 5f8130fd03a767f77bf8abe4a3f7260d2781850a Mon Sep 17 00:00:00 2001 From: Caian Benedicto Date: Sat, 14 Dec 2024 05:39:03 -0300 Subject: [PATCH 3/8] Leave socket_binding disabled by default in the configuration example --- config/config.example.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/config.example.yml b/config/config.example.yml index 439063e1e..3c0904817 100644 --- a/config/config.example.yml +++ b/config/config.example.yml @@ -139,7 +139,7 @@ https_only: false ## Accepted values: Any path to a new file (that doesn't exist yet) ## Default: ## -socket_binding: /tmp/invidious.sock +#socket_binding: /tmp/invidious.sock ## ## Permissions for the UNIX socket specified by 'socket_binding'. @@ -149,7 +149,7 @@ socket_binding: /tmp/invidious.sock ## Accepted values: 000-777 ## Default: 777 ## -socket_permissions: 777 +#socket_permissions: 777 # ----------------------------- From 48d225002427e874a3b02ee0ba88ba6169304c52 Mon Sep 17 00:00:00 2001 From: Caian Benedicto Date: Sat, 14 Dec 2024 06:53:30 -0300 Subject: [PATCH 4/8] Unify socket_binding and socket_permissions --- config/config.example.yml | 17 ++++------------- src/invidious.cr | 12 +++++++----- src/invidious/config.cr | 4 +--- 3 files changed, 12 insertions(+), 21 deletions(-) diff --git a/config/config.example.yml b/config/config.example.yml index 3c0904817..afa1d2524 100644 --- a/config/config.example.yml +++ b/config/config.example.yml @@ -131,25 +131,16 @@ https_only: false #hsts: true ## -## Path of a UNIX socket to listen on for incoming connections. +## Path and permissions of a UNIX socket to listen on for incoming connections. ## ## Note: Enabling socket will make invidious stop listening on the address ## specified by 'host_binding' and 'port'. ## -## Accepted values: Any path to a new file (that doesn't exist yet) +## Accepted values: Any path to a new file (that doesn't exist yet) and its +## permissions following the UNIX octal convention. ## Default: ## -#socket_binding: /tmp/invidious.sock - -## -## Permissions for the UNIX socket specified by 'socket_binding'. -## -## Note: The permissions are given in octal, following UNIX convention. -## -## Accepted values: 000-777 -## Default: 777 -## -#socket_permissions: 777 +#socket_binding: /tmp/invidious.sock,777 # ----------------------------- diff --git a/src/invidious.cr b/src/invidious.cr index 92ae80454..afbffcdee 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -249,13 +249,15 @@ Kemal.config.app_name = "Invidious" Kemal.run do |config| if CONFIG.socket_binding - if File.exists?(CONFIG.socket_binding.not_nil!) - File.delete(CONFIG.socket_binding.not_nil!) + socket_binding = CONFIG.socket_binding.not_nil! + if File.exists?(socket_binding) + File.delete(socket_binding) end # Create a socket and set its desired permissions - server = UNIXServer.new(CONFIG.socket_binding.not_nil!) - perms = CONFIG.socket_permissions.to_i(base: 8) - File.chmod(CONFIG.socket_binding.not_nil!, perms) + tokens = socket_binding.rpartition(',') + server = UNIXServer.new(tokens[0]) + perms = tokens[2].to_i(base: 8) + File.chmod(tokens[0], perms) config.server.not_nil!.bind server else Kemal.config.host_binding = Kemal.config.host_binding != "0.0.0.0" ? Kemal.config.host_binding : CONFIG.host_binding diff --git a/src/invidious/config.cr b/src/invidious/config.cr index 7c9e9ca64..feda3958e 100644 --- a/src/invidious/config.cr +++ b/src/invidious/config.cr @@ -138,10 +138,8 @@ class Config property port : Int32 = 3000 # Host to bind (overridden by command line argument) property host_binding : String = "0.0.0.0" - # Make Invidious listen on a UNIX socket instead of a TCP port - Example: /tmp/invidious.sock + # Path and permissions to make Invidious listen on a UNIX socket instead of a TCP port - Example: /tmp/invidious.sock,777 property socket_binding : String? = nil - # Permissions of the listening socket in octal - property socket_permissions : String = "777" # Pool size for HTTP requests to youtube.com and ytimg.com (each domain has a separate pool of `pool_size`) property pool_size : Int32 = 100 # HTTP Proxy configuration From 275318dae2056737f101054b8e4527091fb0e73f Mon Sep 17 00:00:00 2001 From: Caian Benedicto Date: Sat, 14 Dec 2024 15:18:25 -0300 Subject: [PATCH 5/8] Change socket_binding to a nested configuration in YAML --- config/config.example.yml | 4 +++- src/invidious.cr | 11 +++++------ src/invidious/config.cr | 9 ++++++++- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/config/config.example.yml b/config/config.example.yml index afa1d2524..bb6163283 100644 --- a/config/config.example.yml +++ b/config/config.example.yml @@ -140,7 +140,9 @@ https_only: false ## permissions following the UNIX octal convention. ## Default: ## -#socket_binding: /tmp/invidious.sock,777 +#socket_binding: +# path: /tmp/invidious.sock +# permissions: 777 # ----------------------------- diff --git a/src/invidious.cr b/src/invidious.cr index afbffcdee..8b0ab9118 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -250,14 +250,13 @@ Kemal.config.app_name = "Invidious" Kemal.run do |config| if CONFIG.socket_binding socket_binding = CONFIG.socket_binding.not_nil! - if File.exists?(socket_binding) - File.delete(socket_binding) + if File.exists?(socket_binding.path) + File.delete(socket_binding.path) end # Create a socket and set its desired permissions - tokens = socket_binding.rpartition(',') - server = UNIXServer.new(tokens[0]) - perms = tokens[2].to_i(base: 8) - File.chmod(tokens[0], perms) + server = UNIXServer.new(socket_binding.path) + perms = socket_binding.permissions.to_i(base: 8) + File.chmod(socket_binding.path, perms) config.server.not_nil!.bind server else Kemal.config.host_binding = Kemal.config.host_binding != "0.0.0.0" ? Kemal.config.host_binding : CONFIG.host_binding diff --git a/src/invidious/config.cr b/src/invidious/config.cr index feda3958e..b15cf832b 100644 --- a/src/invidious/config.cr +++ b/src/invidious/config.cr @@ -8,6 +8,13 @@ struct DBConfig property dbname : String end +struct SocketBindingConfig + include YAML::Serializable + + property path : String + property permissions : String +end + struct ConfigPreferences include YAML::Serializable @@ -139,7 +146,7 @@ class Config # Host to bind (overridden by command line argument) property host_binding : String = "0.0.0.0" # Path and permissions to make Invidious listen on a UNIX socket instead of a TCP port - Example: /tmp/invidious.sock,777 - property socket_binding : String? = nil + property socket_binding : SocketBindingConfig? = nil # Pool size for HTTP requests to youtube.com and ytimg.com (each domain has a separate pool of `pool_size`) property pool_size : Int32 = 100 # HTTP Proxy configuration From f9885cca8e770fbbfec1c1360b71f19b344bb3fc Mon Sep 17 00:00:00 2001 From: Caian Benedicto Date: Fri, 27 Dec 2024 15:09:05 -0300 Subject: [PATCH 6/8] Revert changes made to other parameters --- config/config.example.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/config.example.yml b/config/config.example.yml index bb6163283..c5c3109dc 100644 --- a/config/config.example.yml +++ b/config/config.example.yml @@ -191,7 +191,7 @@ https_only: false ## Configuration for using a HTTP proxy ## ## If unset, then no HTTP proxy will be used. -## +## http_proxy: user: password: @@ -853,7 +853,7 @@ default_user_preferences: ## Default: true ## #vr_mode: true - + ## ## Save the playback position ## Allow to continue watching at the previous position when From 525dea1e2a2d8cbe274d00ac797ce4e65e745493 Mon Sep 17 00:00:00 2001 From: Caian Benedicto Date: Fri, 27 Dec 2024 20:05:53 -0300 Subject: [PATCH 7/8] Add checks for socket path and permissions --- src/invidious/config.cr | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/invidious/config.cr b/src/invidious/config.cr index b15cf832b..6578709ed 100644 --- a/src/invidious/config.cr +++ b/src/invidious/config.cr @@ -145,7 +145,7 @@ class Config property port : Int32 = 3000 # Host to bind (overridden by command line argument) property host_binding : String = "0.0.0.0" - # Path and permissions to make Invidious listen on a UNIX socket instead of a TCP port - Example: /tmp/invidious.sock,777 + # Path and permissions to make Invidious listen on a UNIX socket instead of a TCP port property socket_binding : SocketBindingConfig? = nil # Pool size for HTTP requests to youtube.com and ytimg.com (each domain has a separate pool of `pool_size`) property pool_size : Int32 = 100 @@ -258,6 +258,25 @@ class Config end end + # Check if the socket configuration is valid + if config.socket_binding + sb = config.socket_binding.not_nil! + if sb.path.ends_with?("/") || File.directory?(sb.path) + puts "Config: The socket path " + sb.path + " must not be a directory!" + exit(1) + end + d = File.dirname(sb.path) + if !File.directory?(d) + puts "Config: Socket directory " + sb.path + " does not exist or is not a directory!" + exit(1) + end + p = sb.permissions.to_i?(base: 8) + if !p || p < 0 || p > 0o777 + puts "Config: Socket permissions must be an octal between 0 and 777!" + exit(1) + end + end + return config end end From b4a61936427545dd545c5581ea898f2d1c29d3ab Mon Sep 17 00:00:00 2001 From: Caian Benedicto <2220062+Caian@users.noreply.github.com> Date: Sun, 5 Jan 2025 09:56:00 +0000 Subject: [PATCH 8/8] Improve syntax Co-authored-by: syeopite <70992037+syeopite@users.noreply.github.com> --- src/invidious.cr | 7 ++----- src/invidious/config.cr | 3 +-- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/src/invidious.cr b/src/invidious.cr index 8b0ab9118..b11137f68 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -248,11 +248,8 @@ Kemal.config.app_name = "Invidious" {% end %} Kemal.run do |config| - if CONFIG.socket_binding - socket_binding = CONFIG.socket_binding.not_nil! - if File.exists?(socket_binding.path) - File.delete(socket_binding.path) - end + if socket_binding = CONFIG.socket_binding +File.delete?(socket_binding.path) # Create a socket and set its desired permissions server = UNIXServer.new(socket_binding.path) perms = socket_binding.permissions.to_i(base: 8) diff --git a/src/invidious/config.cr b/src/invidious/config.cr index 6578709ed..a9b786864 100644 --- a/src/invidious/config.cr +++ b/src/invidious/config.cr @@ -259,8 +259,7 @@ class Config end # Check if the socket configuration is valid - if config.socket_binding - sb = config.socket_binding.not_nil! + if sb = config.socket_binding if sb.path.ends_with?("/") || File.directory?(sb.path) puts "Config: The socket path " + sb.path + " must not be a directory!" exit(1)