fix(OAuth): client identity matching #421
Conversation
|
I've been thinking about the situation that occurred before the changes in this PR, where the entire node process locks up because regex keeps trying to find a match. Just wondering if anything can be done about it... worker threads + aborting on timeout comes to mind, but maintaining compatibility across browser, node.js ...is something I am not familiar with. |
|
If it really is the regex itself that was causing the process to lock up, then moving it to worker threads is not solving the actual core problem, it's just working around the issue. |
|
I was just thinking of guarding against unforeseeable cases where catastrophic backtracking may occur, but you are right that the regex itself should be worked on instead. So would you mind reviewing the modified regex to see if it is foolproof enough to handle future YT changes, as in not locking up the process when no match is possible? My knowledge of this is rather limited so would appreciate some help here.. |
|
I can confirm indeed regex and or model_name was causing my app to stop responding. |
|
I'll merge this PR right now and publish a new version as this is quite urgent. I plan on doing a small refactor in this portion of the code soon, so I can look into fixing the unsafe regular exp, but anyone feel free to contribute if you can. Thanks Patrick! |
YouTube seems to have changed their Auth script which breaks
OAuth#getClientIdentity(). The Client Identity regex used to match against the body of the script is bound to fail. The result is blocking of the entire process while the regex tries futilely to find a match.This PR fixes the Client Identity matching part. From what I see, the request payload for device code also seems to have changed. Instead of
model_name, it's nowdevice_model:So I have included this change in the PR too.