From 29f967a3ec463cc431a74fde325483199cad12c6 Mon Sep 17 00:00:00 2001
From: dumbmoron <log@riseup.net>
Date: Tue, 17 Sep 2024 15:37:01 +0000
Subject: [PATCH 1/4] api: fix accept & content-type validation when not using
 authentication

---
 api/src/core/api.js | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/api/src/core/api.js b/api/src/core/api.js
index 51ec1697..fdd13ce1 100644
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -105,6 +105,18 @@ export const runAPI = (express, app, __dirname) => {
     app.post('/', apiLimiter);
     app.use('/tunnel', apiLimiterStream);
 
+    app.post('/', (req, res, next) => {
+        if (!acceptRegex.test(req.header('Accept'))) {
+            return fail(res, "error.api.header.accept");
+        }
+
+        if (!acceptRegex.test(req.header('Content-Type'))) {
+            return fail(res, "error.api.header.content_type");
+        }
+
+        next();
+    });
+
     app.post('/', (req, res, next) => {
         if (!env.turnstileSecret || !env.jwtSecret) {
             return next();
@@ -128,14 +140,6 @@ export const runAPI = (express, app, __dirname) => {
                 return fail(res, "error.api.auth.jwt.invalid");
             }
 
-            if (!acceptRegex.test(req.header('Accept'))) {
-                return fail(res, "error.api.header.accept");
-            }
-
-            if (!acceptRegex.test(req.header('Content-Type'))) {
-                return fail(res, "error.api.header.content_type");
-            }
-
             req.authorized = true;
         } catch {
             return fail(res, "error.api.generic");

From d560c0d34a1a088593260a789831dcc86a2c5746 Mon Sep 17 00:00:00 2001
From: dumbmoron <log@riseup.net>
Date: Wed, 18 Sep 2024 18:03:04 +0000
Subject: [PATCH 2/4] api: return correct extension for gif downloads in api
 response

---
 api/src/misc/utils.js              | 11 +++++++++++
 api/src/processing/match-action.js | 10 ++++++----
 api/src/stream/types.js            |  2 +-
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/api/src/misc/utils.js b/api/src/misc/utils.js
index 05192d97..34666d1c 100644
--- a/api/src/misc/utils.js
+++ b/api/src/misc/utils.js
@@ -65,3 +65,14 @@ export function merge(a, b) {
 
     return a;
 }
+
+export function splitFilenameExtension(filename) {
+    const parts = filename.split('.');
+    const ext = parts.pop();
+
+    if (!parts.length) {
+        return [ ext, "" ]
+    } else {
+        return [ parts.join('.'), ext ]
+    }
+}
diff --git a/api/src/processing/match-action.js b/api/src/processing/match-action.js
index 6b5395d4..4fdb24f6 100644
--- a/api/src/processing/match-action.js
+++ b/api/src/processing/match-action.js
@@ -3,6 +3,7 @@ import createFilename from "./create-filename.js";
 import { createResponse } from "./request.js";
 import { audioIgnore } from "./service-config.js";
 import { createStream } from "../stream/manage.js";
+import { splitFilenameExtension } from "../misc/utils.js";
 
 export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disableMetadata, filenameStyle, twitterGif, requestIP, audioBitrate, alwaysProxy }) {
     let action,
@@ -32,10 +33,11 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
     }
 
     if (action === "muteVideo" && isAudioMuted && !r.filenameAttributes) {
-        const parts = r.filename.split(".");
-        const ext = parts.pop();
-
-        defaultParams.filename = `${parts.join(".")}_mute.${ext}`;
+        const [ name, ext ] = splitFilenameExtension(r.filename);
+        defaultParams.filename = `${name}_mute.${ext}`;
+    } else if (action === "gif") {
+        const [ name ] = splitFilenameExtension(r.filename);
+        defaultParams.filename = `${name}.gif`;
     }
 
     switch (action) {
diff --git a/api/src/stream/types.js b/api/src/stream/types.js
index aa9becf2..184af873 100644
--- a/api/src/stream/types.js
+++ b/api/src/stream/types.js
@@ -291,7 +291,7 @@ const convertGif = (streamInfo, res) => {
         const [,,, muxOutput] = process.stdio;
 
         res.setHeader('Connection', 'keep-alive');
-        res.setHeader('Content-Disposition', contentDisposition(streamInfo.filename.split('.')[0] + ".gif"));
+        res.setHeader('Content-Disposition', contentDisposition(streamInfo.filename));
 
         pipe(muxOutput, res, shutdown);
 

From 8ae48fa524a3270fcc5f99052e53a14ae31f740e Mon Sep 17 00:00:00 2001
From: dumbmoron <log@riseup.net>
Date: Sat, 21 Sep 2024 13:23:12 +0000
Subject: [PATCH 3/4] api: allow colons (`:`) in url paths

---
 api/src/processing/service-config.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/service-config.js b/api/src/processing/service-config.js
index 67542e97..f091d448 100644
--- a/api/src/processing/service-config.js
+++ b/api/src/processing/service-config.js
@@ -176,7 +176,7 @@ export const services = {
 Object.values(services).forEach(service => {
     service.patterns = service.patterns.map(
         pattern => new UrlPattern(pattern, {
-            segmentValueCharset: UrlPattern.defaultOptions.segmentValueCharset + '@\\.'
+            segmentValueCharset: UrlPattern.defaultOptions.segmentValueCharset + '@\\.:'
         })
     )
 })

From f83537a73e825a89c427b94126d0b3d21b56ad7b Mon Sep 17 00:00:00 2001
From: dumbmoron <log@riseup.net>
Date: Sat, 21 Sep 2024 13:24:15 +0000
Subject: [PATCH 4/4] tests/bsky: fix tests & use `did`s instead of usernames

---
 api/src/util/tests.json | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/api/src/util/tests.json b/api/src/util/tests.json
index 78340691..17952595 100644
--- a/api/src/util/tests.json
+++ b/api/src/util/tests.json
@@ -1401,7 +1401,7 @@
     "bsky": [
         {
             "name": "horizontal video",
-            "url": "https://bsky.app/profile/haileyok.com/post/3l3giwtwp222m",
+            "url": "https://bsky.app/profile/did:plc:oisofpd7lj26yvgiivf3lxsi/post/3l3giwtwp222m",
             "params": {},
             "expected": {
                 "code": 200,
@@ -1410,7 +1410,7 @@
         },
         {
             "name": "horizontal video, recordWithMedia",
-            "url": "https://bsky.app/profile/juicysteak117.gay/post/3l3wonhk23g2i",
+            "url": "https://bsky.app/profile/did:plc:ywbm3iywnhzep3ckt6efhoh7/post/3l3wonhk23g2i",
             "params": {},
             "expected": {
                 "code": 200,
@@ -1419,7 +1419,7 @@
         },
         {
             "name": "vertical video",
-            "url": "https://bsky.app/profile/haileyok.com/post/3l3jhpomhjk2m",
+            "url": "https://bsky.app/profile/did:plc:oisofpd7lj26yvgiivf3lxsi/post/3l3jhpomhjk2m",
             "params": {},
             "expected": {
                 "code": 200,
@@ -1428,7 +1428,7 @@
         },
         {
             "name": "vertical video (muted)",
-            "url": "https://bsky.app/profile/haileyok.com/post/3l3jhpomhjk2m",
+            "url": "https://bsky.app/profile/did:plc:oisofpd7lj26yvgiivf3lxsi/post/3l3jhpomhjk2m",
             "params": {
                 "downloadMode": "mute"
             },
@@ -1439,7 +1439,7 @@
         },
         {
             "name": "vertical video (audio)",
-            "url": "https://bsky.app/profile/haileyok.com/post/3l3jhpomhjk2m",
+            "url": "https://bsky.app/profile/did:plc:oisofpd7lj26yvgiivf3lxsi/post/3l3jhpomhjk2m",
             "params": {
                 "downloadMode": "audio"
             },
@@ -1450,7 +1450,7 @@
         },
         {
             "name": "single image",
-            "url": "https://bsky.app/profile/thehardyboycats.bsky.social/post/3l33flpoygt26",
+            "url": "https://bsky.app/profile/did:plc:k4a7d65fcyevbrnntjxh57go/post/3l33flpoygt26",
             "params": {},
             "expected": {
                 "code": 200,
@@ -1459,7 +1459,7 @@
         },
         {
             "name": "several images",
-            "url": "https://bsky.app/profile/tracey-m.bsky.social/post/3kzxuxbiul626",
+            "url": "https://bsky.app/profile/did:plc:rai7s6su2sy22ss7skouedl7/post/3kzxuxbiul626",
             "params": {},
             "expected": {
                 "code": 200,
@@ -1476,4 +1476,4 @@
             }
         }
     ]
-}
\ No newline at end of file
+}