From d5ebecb76a8e776c8ee32c7c09d42aa43500c985 Mon Sep 17 00:00:00 2001
From: Ryan G <78384369+SpongeManiac@users.noreply.github.com>
Date: Tue, 13 Jun 2023 15:21:47 -0700
Subject: [PATCH] New Token Scope

+ new scope for /ape/v1/ endpoints
---
 src/invidious/helpers/tokens.cr               | 15 ++++++++++++---
 src/invidious/routes/api/v1/authentication.cr |  4 +++-
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/invidious/helpers/tokens.cr b/src/invidious/helpers/tokens.cr
index a44988cd..29198b4b 100644
--- a/src/invidious/helpers/tokens.cr
+++ b/src/invidious/helpers/tokens.cr
@@ -86,7 +86,12 @@ def validate_request(token, session, request, key, locale = nil)
   end
 
   scopes = token["scopes"].as_a.map(&.as_s)
-  scope = "#{request.method}:#{request.path.lchop("/api/v1/auth/").lstrip("/")}"
+  scope = ""
+  if scopes.includes?("::")
+    scope = "#{request.method}::#{request.path.lchop("/api/v1/").lstrip("/")}"
+  else
+    scope = "#{request.method}:#{request.path.lchop("/api/v1/auth/").lstrip("/")}"
+  end
   if !scopes_include_scope(scopes, scope)
     raise InfoException.new("Invalid scope")
   end
@@ -107,11 +112,15 @@ def validate_request(token, session, request, key, locale = nil)
 end
 
 def scope_includes_scope(scope, subset)
-  methods, endpoint = scope.split(":")
+  if scope.includes?("::")
+    methods, endpoint = scope.split("::")
+    subset_methods, subset_endpoint = subset.split("::")
+  else
+    methods, endpoint = scope.split(":")
+  end
   methods = methods.split(";").map(&.upcase).reject(&.empty?).sort!
   endpoint = endpoint.downcase
 
-  subset_methods, subset_endpoint = subset.split(":")
   subset_methods = subset_methods.split(";").map(&.upcase).sort!
   subset_endpoint = subset_endpoint.downcase
 
diff --git a/src/invidious/routes/api/v1/authentication.cr b/src/invidious/routes/api/v1/authentication.cr
index 324d55e8..56442836 100644
--- a/src/invidious/routes/api/v1/authentication.cr
+++ b/src/invidious/routes/api/v1/authentication.cr
@@ -73,7 +73,7 @@ module Invidious::Routes::API::V1::Authentication
             end
           else
             # send captcha
-            captcha = Invidious::User::Captcha.generate_text(HMAC_KEY, ":register")
+            captcha = Invidious::User::Captcha.generate_text(HMAC_KEY, "POST::register")
             # Fix token formatting
             formatted_tokens : Array(JSON::Any) = Array(JSON::Any).new
             captcha["tokens"].each do |tok|
@@ -280,3 +280,5 @@ struct CredentialsLogin
   property password : String
   property token : String
 end
+
+text = "Ryan said, \"Hello!\""