discourse/lib/onebox/engine/youtube_onebox.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

187 lines
5.5 KiB
Ruby
Raw Normal View History

# frozen_string_literal: true
module Onebox
module Engine
class YoutubeOnebox
include Engine
include StandardEmbed
matches_regexp(/^https?:\/\/(?:www\.)?(?:m\.)?(?:youtube\.com|youtu\.be)\/.+$/)
requires_iframe_origins "https://www.youtube.com"
always_https
WIDTH ||= 480
HEIGHT ||= 360
def parse_embed_response
return unless video_id
return @parse_embed_response if defined?(@parse_embed_response)
embed_url = "https://www.youtube.com/embed/#{video_id}"
@embed_doc ||= Onebox::Helpers.fetch_html_doc(embed_url)
begin
script_tag = @embed_doc.xpath('//script').find { |tag| tag.to_s.include?('ytcfg.set') }.to_s
match = script_tag.to_s.match(/ytcfg\.set\((?<json>.*)\)/)
yt_json = ::JSON.parse(match[:json])
renderer = ::JSON.parse(yt_json['PLAYER_VARS']['embedded_player_response'])['embedPreview']['thumbnailPreviewRenderer']
title = renderer['title']['runs'].first['text']
image = "https://img.youtube.com/vi/#{video_id}/hqdefault.jpg"
rescue
return
end
@parse_embed_response = { image: image, title: title }
end
def placeholder_html
if video_id || list_id
result = parse_embed_response
result ||= get_opengraph.data
"<img src='#{result[:image]}' width='#{WIDTH}' height='#{HEIGHT}' title='#{CGI::escapeHTML(result[:title])}'>"
else
to_html
end
end
def to_html
if video_id
<<-HTML
<iframe
src="https://www.youtube.com/embed/#{video_id}?#{embed_params}"
width="#{WIDTH}"
height="#{HEIGHT}"
frameborder="0"
allowfullscreen
class="youtube-onebox"
></iframe>
HTML
elsif list_id
<<-HTML
<iframe
src="https://www.youtube.com/embed/videoseries?list=#{list_id}&wmode=transparent&rel=0&autohide=1&showinfo=1&enablejsapi=1"
width="#{WIDTH}"
height="#{HEIGHT}"
frameborder="0"
allowfullscreen
class="youtube-onebox"
></iframe>
HTML
else
# for channel pages
html = Onebox::Engine::AllowlistedGenericOnebox.new(@url, @timeout).to_html
return if Onebox::Helpers.blank?(html)
html.gsub!(/['"]\/\//, "https://")
html
end
end
def video_title
@video_title ||= begin
result = parse_embed_response || get_opengraph.data
result[:title]
end
end
private
def video_id
@video_id ||= begin
id = nil
# http://youtu.be/afyK1HSFfgw
if uri.host["youtu.be"]
id = uri.path[/\/([\w\-]+)/, 1]
end
# https://www.youtube.com/embed/vsF0K3Ou1v0
if uri.path["/embed/"]
id ||= uri.path[/\/embed\/([\w\-]+)/, 1]
end
# https://www.youtube.com/shorts/wi2jAtpBl0Y
if uri.path["/shorts/"]
id ||= uri.path[/\/shorts\/([\w\-]+)/, 1]
end
# https://www.youtube.com/watch?v=Z0UISCEe52Y
id ||= params['v']
sanitize_yt_id(id)
end
end
def list_id
@list_id ||= sanitize_yt_id(params['list'])
end
def sanitize_yt_id(raw)
raw&.match?(/\A[\w-]+\z/) ? raw : nil
end
def embed_params
p = { 'feature' => 'oembed', 'wmode' => 'opaque' }
p['list'] = list_id if list_id
# Parse timestrings, and assign the result as a start= parameter
start = if params['start']
params['start']
elsif params['t']
params['t']
elsif uri.fragment && uri.fragment.start_with?('t=')
# referencing uri is safe here because any throws were already caught by video_id returning nil
# remove the t= from the start
uri.fragment[2..-1]
end
p['start'] = parse_timestring(start) if start
p['end'] = parse_timestring params['end'] if params['end']
# Official workaround for looping videos
# https://developers.google.com/youtube/player_parameters#loop
# use params.include? so that you can just add "&loop"
if params.include?('loop')
p['loop'] = 1
p['playlist'] = video_id
end
# https://developers.google.com/youtube/player_parameters#rel
p['rel'] = 0 if params.include?('rel')
# https://developers.google.com/youtube/player_parameters#enablejsapi
p['enablejsapi'] = params['enablejsapi'] if params.include?('enablejsapi')
URI.encode_www_form(p)
end
def parse_timestring(string)
if string =~ /(\d+h)?(\d+m)?(\d+s?)?/
($1.to_i * 3600) + ($2.to_i * 60) + $3.to_i
end
end
def params
return {} unless uri.query
# This mapping is necessary because CGI.parse returns a hash of keys to arrays.
# And *that* is necessary because querystrings support arrays, so they
# force you to deal with it to avoid security issues that would pop up
# if one day it suddenly gave you an array.
#
# However, we aren't interested. Just take the first one.
@params ||= begin
p = {}
CGI.parse(uri.query).each { |k, v| p[k] = v.first }
p
end
rescue
{}
end
end
end
end