Add invidious companion support

[unixfox]

Description

Invidious companion is the new tool created for the retrieval of the YouTube streams: https://github.com/iv-org/invidious-companion

Invidious will not handle the videos streams retrieval anymore, as it has become a burner for the Invidious team to adapt. Instead, invidious companion will be based on https://github.com/LuanRT/YouTube.js which is the most up to date when it comes to video streams retrieval.

This allows us to spend more time on actually improving the Invidious frontend.

What does this PR do?

Invidious send the /player request to Invidious companion in HTTP(S). Invidious companion does all of its magic then Invidious does the usual parsing of the player endpoint.

Invidious also delegate the work of latest_version, /api/manifest/dash/id and /videoplayback to Invidious companion.

What does invidious companion do

• You can set multiple invidious_companion. Allowing you to utilize multiple external servers
• It supports SOCKS proxy - related to Allow to use proxies (HTTP(s) & socks) #301
• There is a plan to support multiple proxies: handle the ability to use multiple proxies invidious-companion#5
• There is no need to use inv_sig_helper as the program automatically handle the deciphering.
• There is no need for youtube-trusted-session-generator as the program automatically generate a po_token at a configurable frequency.
• You can logging with a yt account

Incompatibilities

• You can't use inv_sig_helper with invidious companion

Not supported yet - will be work in progress after this PR is merged

• The Invidious API is not fully supported. At least, if companion and invidious are not using the same "public" IP address, this won't work. Issue [Enhancement] Support Invidious API invidious-companion#22
• Download feature is not supported. Issue invidious: support download function invidious-companion#13

Future potential work

• Have Invidious proxying the requests to Invidious companion in order to make it easier for beginners.

How to try?

1. Run Invidious companion with a secret key: https://github.com/iv-org/invidious-companion?tab=readme-ov-file#run-locally
2. Configure Invidious companion in the config.yaml and with the same secret key:

invidious_companion:
  - private_url: "http://localhost:8282/"
    public_url: "http://localhost:8282/"
invidious_companion_key: hoMyBeautifulKey

3. Run Invidious

Fixes

• Fixes [Bug] "This helps protect our community." - "Please sign in to confirm you’re not a bot" #4734 - Any new issue around YouTube breaking the /player will know have to happen on https://github.com/iv-org/invidious-companion/issues
• Fixes [Enhancement] Add support for multiples audio tracks #2007 - youtube.js provide DASH files with multi audio support
• Fixes [Bug] Auto-generated subtitles no longer display in the video player #4660 - youtube.js provide the captions
• Fixes [Feature request] Add option to sign in to Google account (as workaround for "Please sign in" blocking playback) #4977 - youtube oauth is available thanks to youtube.js
• Fixes [Bug] DASH on Safari iPadOS is broken - Playback cannot continue. No available working or supported playlists. #2720 - dash manifest generated works with ipadOS
• Fixes [Bug] DASH on Safari macOS is broken - Playback cannot continue. No available working or supported playlists. #4199 - dash manifest generated works with safari on macos
• To investigate: [Bug] DASH quality on safari iOS #2236
• To investigate: [Feature request] Add support for transcripts #2564
• To investigate: [Enhancement] Throw an error on Widevine content #3021

Related to

• [Enhancement] Print message about guide on how to configure invidious companion when "This helps protect our community." message is found #4838

[SamantazFox]

As the get_video() call above already talks to the companion and gets playable URLs, why still redirect to the companion manifest handler? Why not let invidious generate the manifest?

PS: I realized that there is an important oversight here: what if the video object (e.g returned from cache) doesn't have a companion field, or the companion base URL is not present anymore in the config?

PPS: Why handling that case at all when the URL is already replaced in components/player.ecr?

[unixfox]

There are multiple reasons:

• One may configure a proxy in invidious_companion. And invidious companion is going to handle multiple proxies soon, so this can't be handled inside Invidious: handle the ability to use multiple proxies invidious-companion#5
• DASH manifest generation from youtube.js include way more things than invidious. which includes multi-language audio support, see here for more: https://github.com/LuanRT/YouTube.js/blob/4e9c2a585bf84751dd4e3964f70fba284c8b8e38/src/utils/DashManifest.tsx#L68-L267
• If an external program relies on the dash api, it makes more sense to redirect this request to Invidious companion because it avoids making unnecessary process in invidious as Invidious companion is the one requesting the video streams from YouTube.
• One may configure multiple invidious companion, we need to make sure that the video stream used is from the same public IP address that generated the video stream.

In the design plan, I said that everything related to the video retrieval should be handled now in invidious companion. It doesn't make a lot of sense to handle all the logic explained above in invidious.

[SamantazFox]

One may configure a proxy in invidious_companion. And invidious companion is going to handle multiple proxies soon, so this can't be handled inside Invidious

Unless this is done transparently to the end user (e.g with NGINX rules), the CSP header will need to reflect the use of these external proxies, and so Invidious will need to take care of it.

DASH manifest generation from youtube.js include way more things than invidious. which includes multi-language audio support

But is this compatible with videoJS? Our DASH manifest is missing multiple formats because of that.

If an external program relies on the dash api, it makes more sense to redirect this request to Invidious companion because it avoids making unnecessary process in invidious as Invidious companion is the one requesting the video streams from YouTube.

Invidious already requests and parses the whole /player response returned by the companion (if it wasn't already in cache) so I don't think this will represent much more processing.

One may configure multiple invidious companion, we need to make sure that the video stream used is from the same public IP address that generated the video stream.

For an API user, all URLs should already have that companion as the host, and for a web user, all the relevant URLs should already be handled in components/player.ecr. Am I right?

If so, the only way to access invidiou's own /latest_version and manifest endpoints would be willingly by a malicious or careless API user, so broken streams are a non-problem here imo.

[unixfox]

First of all, I would like to say that I have been in your thinking situation. I had long thoughts about the advantages and the disadvantages of each implementation. This current implementation outweighs the one where Invidious handle almost all the logic and Invidious companion is just "dumb proxy".

Also, invidious companion is not entirely new, it's actually based on the ideas of invidious-stripped-down. A project that I have used for 2 years on yewtu.be in order to replace some functions of Invidious. For really improving the performance and user experience of my instance.

Unless this is done transparently to the end user (e.g with NGINX rules), the CSP header will need to reflect the use of these external proxies, and so Invidious will need to take care of it.

Already does in https://github.com/iv-org/invidious/pull/4985/files#diff-a86ced8aa99e3403588538decc008851d3d33dfadbb00d392d5ec8b4696f7df4

But is this compatible with videoJS? Our DASH manifest is missing multiple formats because of that.

Yes. I have used it for 2 years on yewtu.be. I'm stripping out the codec that do not work: https://github.com/iv-org/invidious-companion/blob/master/src/routes/invidious_routes/dashManifest.ts#L41-L43

If an external program relies on the dash api, it makes more sense to redirect this request to Invidious companion because it avoids making unnecessary process in invidious as Invidious companion is the one requesting the video streams from YouTube.

Invidious already requests and parses the whole /player response returned by the companion (if it wasn't already in cache) so I don't think this will represent much more processing.

The benefit of handling latest_version and /api/manifest/dash/id/ is that you can more easily handle all the edge cases in invidious companion itself, no need to add more logic in Invidious. Especially in a time when YouTube is evolving rapidly, we want to keep the pace thanks to youtube.js.

For an API user, all URLs should already have that companion as the host, and for a web user, all the relevant URLs should already be handled in components/player.ecr. Am I right?
If so, the only way to access invidiou's own /latest_version and manifest endpoints would be willingly by a malicious or careless API user, so broken streams are a non-problem here imo.

My number one priority is users using Invidious directly. We can think about API users later. Our main user base uses our frontend.

It doesn't mean that developers using the API are forever forgotten. I have ideas but for the moment, if invidious companion is configured then the video streams given through the API may not always work, especially when "proxying" through the same public IP address is needed.

I'm sorry, but a day is only 24 hours and at the moment I'm a single developer trying to improve the overall usability of Invidious through youtube.js. I can't deal with all the cases at the same time. Happy to receive more help for contribution!

[SamantazFox]

Already does in https://github.com/iv-org/invidious/pull/4985/files#diff-a86ced8aa99e3403588538decc008851d3d33dfadbb00d392d5ec8b4696f7df4

The problem is that it add the companion's domains to the CSP, but not the companion's proxies themselves.

The benefit of handling latest_version and /api/manifest/dash/id/ is that you can more easily handle all the edge cases in invidious companion itself [...]
[...]
My number one priority is users using Invidious directly. We can think about API users later. Our main user base uses our frontend.

My question was about the necessity of adding this redirect logic on these endpoints, where they should never be called in the first place, as none of the URLs in the /watch page should lead to invidious in the first place!

[unixfox]

Already does in #4985 (files)

The problem is that it add the companion's domains to the CSP, but not the companion's proxies themselves.

This adds in the CSP the baseUrl: https://github.com/iv-org/invidious-companion/blob/master/config/default.toml#L5 which is given by invidious companion in the JSON reply. This domain is the same domain that which videojs will use for either latest_version or dash manifest api requests or videoplayback request.

We are not adding the URL passing in here: https://github.com/iv-org/invidious/pull/4985/files#diff-b68cf7cb2cb2dbd2275444b03cdc238962e05b5ccff0b89ba34b1f9126f39187R71

 invidious_companion:
 - http://127.0.0.1:8282

My question was about the necessity of adding this redirect logic on these endpoints, where they should never be called in the first place, as none of the URLs in the /watch page should lead to invidious in the first place!

You always have stuff that use these endpoints directly without going through the frontend. It's to make sure that we are using invidious companion all the time.

• download function/button in invidious
• bots
• apps that use latest_version or dash manifest api instead of the official api of invidious

It's to make sure that we avoid sending wrong requests to youtube servers and the IP get banned for that.

[SamantazFox]

This adds in the CSP the baseUrl [...] which is given by invidious companion in the JSON reply

I got that ^^ But if the companion has say proxy1.example.com and proxy2.example.com set, those won't be added to the CSP. Unless this is completely transparent to invidious (= the companion forwards the request to the proxies itself, and invidious only ever connects to http://127.0.0.1:8282)

It's to make sure that we avoid sending wrong requests to youtube servers and the IP get banned for that.

Fair enough!

[unixfox]

I have rewritten some part. Let me explain.

If you ENABLE invidious_companion then by default in Invidious:

• /api/manifest/dash/id/ is blocked
• /latest_version is blocked

This makes sense, as those endpoints are not used in Invidious if Invidious companion is enabled. This is to avoid any tries to load some video stream through the incorrect IP and making the requests suspicious to YouTube servers.

But for the "downloads" feature, all requests will now be straight sent to latest_version endpoint of invidious companion.

I know this does not yet download the video file directly but the user can do it by clicking on the download feature in their browser and this works. It's being tracked in iv-org/invidious-companion#13

In my opinion this is not a dealbreaker as the Invidious download function is somewhat not useful anymore since the removal of hd720. Maybe in the future we could look into adding ffmpeg combining video and audio on the fly, but right now I'm prioritizing giving back more stability to Invidious.

[unixfox]

Feedback from @Fijxu:
Try to handle busted or IP blocked invidious companions.

[SamantazFox]

Already does in https://github.com/iv-org/invidious/pull/4985/files#diff-a86ced8aa99e3403588538decc008851d3d33dfadbb00d392d5ec8b4696f7df4

The problem is that it add the companion's domains to the CSP, but not the companion's proxies themselves.

The benefit of handling latest_version and /api/manifest/dash/id/ is that you can more easily handle all the edge cases in invidious companion itself [...]
[...]
My number one priority is users using Invidious directly. We can think about API users later. Our main user base uses our frontend.

My question was about the necessity of adding this redirect logic on these endpoints, where they should never be called in the first place, as none of the URLs in the /watch page should lead to invidious in the first place!

[SamantazFox]

What do you think here to redirect to a random invidious companion, rather than display an error message? Sure, if there are multiple companions, we might not hit the same that initially loaded the watch page, but it might make playback smoother.

[unixfox]

The issue is that you have to do a request to a random invidious companion for knowing its "public" URL. I had ideas to include the public URL inside the config.yml. But my poor Crystal knowledge limited me due to the new URIArrayConverter.

Something like:

invidious_companion:
 - http://127.0.0.1:8282:
      public_url: https://companion1.invidious.com

I want to avoid doing unnecessary requests to invidious companion.

http://127.0.0.1:8282 is the internal address that invidious uses to communicate with invidious companion. but the companion could very well be on another server, and so having a config like this can exist:

invidious_companion:
 - http://10.0.0.2:8282:
      public_url: https://companion1.invidious.com

10.0.0.2 is another server and 10.0.0.0/24 is an internal network faster than the internet network. example: https://www.ovhcloud.com/en/public-cloud/private-network/

[syeopite]

Something like this would be more straight forward to add

invidious_companion:
  - private_url: "http://localhost:8000"
    public_url: "https://example.com"

  - private_url: "http://localhost:8001"
    public_url: "https://example2.com"

struct CompanionConfig
  include YAML::Serializable

  @[YAML::Field(converter: Preferences::URIConverter)]
  property private_url : URI = URI.parse("")

  @[YAML::Field(converter: Preferences::URIConverter)]
  property public_url : URI = URI.parse("")
end

class Config
  # ...

  property invidious_companion : Array(CompanionConfig)? = nil
end

[SamantazFox]

I think that the simplest way to do it would be with an intermediate class, like that. Then the URIArrayConverter is not needed anymore, you can just use the simpler URIConverter

class CompanionConfig
  @[YAML::Field(converter: Preferences::URIConverter)]
  property internal_url : URI

  @[YAML::Field(converter: Preferences::URIConverter)]
  property public_url : URI
end

class Config
  # Invidious companion
  property invidious_companion : Array(CompanionConfig) = [] of CompanionConfig
end

[unixfox]

I have just added a new commit for giving invidious companion the ability to verify that the request originated from an invidious watch page.

This allows to combat against bots that will abuse the latest_version endpoint. This verification is not enabled by default in Invidious companion.

I made it on purpose to not include the verification ID for the internal latest_version redirect. Mainly because this would defeat the purpose of combatting bots since the ID would be given by Invidious.

[unixfox]

I just marked this PR as ready as I think the code is now production ready.

@SamantazFox @syeopite could you please take a look again at the code? Thanks.

[syeopite]

Codestlye nitpick

What do you think about replacing !empty? with present? instead or unless {...}.empty?

I've seen a couple discussions in the Crystal community regarding if !empty? being harder to process cognitively due to an essentially double negation.

Related discussions:
https://forum.crystal-lang.org/t/collections-any-vs-empty/5303
crystal-lang/crystal#13847
crystal-lang/shards#577 (comment)

[unixfox]

That's perfect for me. That was already odd for me to do !empty?, happy there is an alternative.

[syeopite]

Can you move these to the before_all handler instead maybe under a:

if {"/embed", "/watch"}.any? { |r| env.request.resource.starts_with? r }
      env.response.headers["Content-Security-Policy"] =
        env.response.headers["Content-Security-Policy"]
          .gsub("media-src", "media-src #{companion_base_url}")
          .gsub("connect-src", "connect-src #{companion_base_url}")
end

[syeopite]

Suggested change

	if !CONFIG.invidious_companion.empty?
	if CONFIG.invidious_companion.empty?

The Invidious stream data workarounds should run when invidious companion is not set

[syeopite]

Since Invidious is expected to constantly make requests to the Invidious companion shouldn't it use a connection pool?

It shouldn't be too difficult to modify the connection pool's factory method to randomly select a companion URL for each client it creates.

[unixfox]

Could you suggest how to do that? I'm not very familiar with this stuff.

[syeopite]

I haven't tested it but something like this should do the trick:

Patch

diff --git a/src/invidious.cr b/src/invidious.cr
index b422dcbb..c0c78a79 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -97,6 +97,10 @@ YT_POOL = YoutubeConnectionPool.new(YT_URL, capacity: CONFIG.pool_size)
 
 GGPHT_POOL = YoutubeConnectionPool.new(URI.parse("https://yt3.ggpht.com"), capacity: CONFIG.pool_size)
 
+COMPANION_POOL = CompanionConnectionPool.new(
+  capacity: CONFIG.pool_size
+)
+
 # CLI
 Kemal.config.extra_options do |parser|
   parser.banner = "Usage: invidious [arguments]"
diff --git a/src/invidious/yt_backend/connection_pool.cr b/src/invidious/yt_backend/connection_pool.cr
index c4a73aa7..6f1ef9bd 100644
--- a/src/invidious/yt_backend/connection_pool.cr
+++ b/src/invidious/yt_backend/connection_pool.cr
@@ -46,6 +46,45 @@ struct YoutubeConnectionPool
   end
 end
 
+struct CompanionConnectionPool
+  property pool : DB::Pool(HTTP::Client)
+
+  def initialize(capacity = 5, timeout = 5.0)
+    options = DB::Pool::Options.new(
+      initial_pool_size: 0,
+      max_pool_size: capacity,
+      max_idle_pool_size: capacity,
+      checkout_timeout: timeout
+    )
+
+    @pool = DB::Pool(HTTP::Client).new(options) do
+      companion = CONFIG.invidious_companion.sample
+      next make_client(companion.private_url, force_resolve: true)
+    end
+  end
+
+  def client(&)
+    conn = pool.checkout
+    # Proxy needs to be reinstated every time we get a client from the pool
+    conn.proxy = make_configured_http_proxy_client() if CONFIG.http_proxy
+
+    begin
+      response = yield conn
+    rescue ex
+      conn.close
+
+      companion = CONFIG.invidious_companion.sample
+      conn = make_client(companion.private_url, force_resolve: true)
+
+      response = yield conn
+    ensure
+      pool.release(conn)
+    end
+
+    response
+  end
+end
+
 def add_yt_headers(request)
   request.headers.delete("User-Agent") if request.headers["User-Agent"] == "Crystal"
   request.headers["User-Agent"] ||= "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
diff --git a/src/invidious/yt_backend/youtube_api.cr b/src/invidious/yt_backend/youtube_api.cr
index 74f65449..9bc6fe05 100644
--- a/src/invidious/yt_backend/youtube_api.cr
+++ b/src/invidious/yt_backend/youtube_api.cr
@@ -695,9 +695,7 @@ module YoutubeAPI
     # Send the POST request
 
     begin
-      invidious_companion = CONFIG.invidious_companion.sample
-      response = make_client(invidious_companion.private_url,
-        &.post(endpoint, headers: headers, body: data.to_json))
+      response = COMPANION_POOL.client &.post(endpoint, headers: headers, body: data.to_json)
       body = response.body
       if (response.status_code != 200)
         raise Exception.new(

Keep in mind that the connection pool will have the behavior described here #4326 (comment)