Spaces:

akborana4
/

test

Sleeping

App Files Files Community

akborana4 commited on Sep 16, 2025

Commit

7e2652b

verified ·

1 Parent(s): 47281e6

Update server/server.js

Browse files

Files changed (1) hide show

server/server.js +109 -146

server/server.js CHANGED Viewed

@@ -31,7 +31,7 @@ function short(v, n = 400) {
   } catch { return String(v).slice(0, n) + '…'; }
 }
-// ---------- Room state ----------
 const rooms = new Map();
 function ensureRoom(roomId) {
   if (!rooms.has(roomId)) {
@@ -110,7 +110,7 @@ function findUserByName(room, targetNameRaw) {
 // Health
 app.get('/healthz', (_req, res) => res.send('OK'));
-// ---------- JioSaavn proxies ----------
 app.get('/api/result', async (req, res) => {
   try {
     const q = req.query.q || '';
@@ -121,34 +121,10 @@ app.get('/api/result', async (req, res) => {
     res.status(500).json({ error: e.message });
   }
 });
-app.get('/api/song', async (req, res) => {
-  try {
-    const q = req.query.q || '';
-    const data = await getSong(q);
-    res.json(data);
-  } catch (e) { log('/api/song error', e?.message || short(e?.response?.data)); res.status(500).json({ error: e.message }); }
-});
-app.get('/api/album', async (req, res) => {
-  try {
-    const q = req.query.q || '';
-    const data = await getAlbum(q);
-    res.json(data);
-  } catch (e) { log('/api/album error', e?.message || short(e?.response?.data)); res.status(500).json({ error: e.message }); }
-});
-app.get('/api/playlist', async (req, res) => {
-  try {
-    const q = req.query.q || '';
-    const data = await getPlaylist(q);
-    res.json(data);
-  } catch (e) { log('/api/playlist error', e?.message || short(e?.response?.data)); res.status(500).json({ error: e.message }); }
-});
-app.get('/api/lyrics', async (req, res) => {
-  try {
-    const q = req.query.q || '';
-    const data = await getLyrics(q);
-    res.json(data);
-  } catch (e) { log('/api/lyrics error', e?.message || short(e?.response?.data)); res.status(500).json({ error: e.message }); }
-});
 // ---------- YouTube search (optional) ----------
 app.get('/api/ytsearch', async (req, res) => {
@@ -173,7 +149,7 @@ app.get('/api/ytsearch', async (req, res) => {
   }
 });
-// ---------- VidFly config & debug ----------
 const VIDFLY_API = process.env.VIDFLY_API || 'https://api.vidfly.ai/api/media/youtube/download';
 app.get('/api/vidfly/debug', async (req, res) => {
@@ -238,7 +214,14 @@ app.get('/api/yt/source', async (req, res) => {
   }
 });
-// ---------- Proxy & debug (googlevideo) ----------
 function isAllowedProxyHost(urlStr) {
   try {
     const u = new URL(urlStr);
@@ -249,147 +232,122 @@ function isAllowedProxyHost(urlStr) {
   }
 }
-// Debug endpoint for the signed googlevideo URL (small ranged GET, returns headers + snippet)
-app.get('/api/yt/proxy/debug', async (req, res) => {
   try {
-    let raw = (req.query.url || '').trim();
-    if (!raw) return res.status(400).json({ error: 'Missing url' });
-    if (/^[a-zA-Z0-9_-]{11}$/.test(raw)) raw = `https://www.youtube.com/watch?v=${raw}`;
-    try {
-      const u = new URL(raw);
-      const host = u.hostname.toLowerCase();
-      if (!(host.endsWith('googlevideo.com') || host.endsWith('redirector.googlevideo.com'))) {
-        return res.status(400).json({ error: 'Debug only allows googlevideo redirector URLs' });
-      }
-    } catch (e) {
-      return res.status(400).json({ error: 'Invalid URL' });
-    }
-    const rangeHeader = 'bytes=0-16383';
-    const requestHeaders = {
-      'User-Agent': req.headers['user-agent'] || 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)',
-      'Accept': '*/*',
-      'Referer': 'https://www.youtube.com/',
-      Range: rangeHeader
-    };
-    const resp = await axios.get(raw, {
-      responseType: 'arraybuffer',
-      headers: requestHeaders,
-      timeout: 15000,
       maxRedirects: 5,
       validateStatus: () => true
     });
-    const buf = Buffer.from(resp.data || new Uint8Array());
-    const b64 = buf.length ? buf.slice(0, 4096).toString('base64') : null;
-    const ct = String(resp.headers['content-type'] || '').toLowerCase();
-    let textSnippet = null;
-    if (ct.includes('text') || ct.includes('html') || ct.includes('json')) {
-      try { textSnippet = buf.toString('utf8', 0, Math.min(buf.length, 2000)); } catch {}
-    }
-    return res.json({
-      upstreamStatus: resp.status,
-      upstreamHeaders: resp.headers,
-      snippetBase64: b64,
-      textSnippet
     });
-  } catch (err) {
-    const detail = err?.response?.data ?? err?.message ?? String(err);
-    return res.status(500).json({ error: 'Debug fetch failed', detail: String(detail).slice(0, 1000) });
   }
-});
 app.get('/api/yt/proxy', async (req, res) => {
   try {
     const raw = (req.query.url || '').trim();
     if (!raw) return res.status(400).json({ error: 'Missing url' });
     if (!isAllowedProxyHost(raw)) {
       return res.status(400).json({ error: 'Proxy to this host is not allowed by server policy' });
     }
-    const rangeHeader = req.headers.range || null;
     const requestHeaders = {
       'User-Agent': req.headers['user-agent'] || 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)',
       'Accept': '*/*',
       'Referer': 'https://www.youtube.com/',
-      ...(rangeHeader ? { Range: rangeHeader } : {})
     };
-    log('/api/yt/proxy fetching', short(raw, 200), 'Range:', rangeHeader ? rangeHeader.slice(0,120) : 'none');
-    const resp = await axios.get(raw, {
-      responseType: 'stream',
-      timeout: 20000,
-      headers: requestHeaders,
-      maxRedirects: 5,
-      validateStatus: () => true
-    });
-    if (resp.status >= 400) {
-      let snippet = '';
-      try {
-        const reader = resp.data;
-        const chunk = await new Promise((resolve) => {
-          let done = false;
-          const onData = (c) => { if (!done) { done = true; cleanup(); resolve(c); } };
-          const onEnd = () => { if (!done) { done = true; cleanup(); resolve(null); } };
-          const onErr = () => { if (!done) { done = true; cleanup(); resolve(null); } };
-          const cleanup = () => { reader.removeListener('data', onData); reader.removeListener('end', onEnd); reader.removeListener('error', onErr); };
-          reader.once('data', onData);
-          reader.once('end', onEnd);
-          reader.once('error', onErr);
-        });
-        if (chunk) snippet = chunk.toString('utf8', 0, 800);
-      } catch (xx) { /* ignore */ }
-      log('/api/yt/proxy remote returned error status', resp.status, 'snippet:', short(snippet, 400));
-      return res.status(502).json({ error: 'Remote returned error', status: resp.status, snippet: short(snippet, 800) });
     }
-    const ct = String(resp.headers['content-type'] || '').toLowerCase();
-    if (ct.includes('text/html') || ct.includes('application/json') || ct.includes('text/plain')) {
-      let snippet = '';
-      try {
-        const reader = resp.data;
-        const chunk = await new Promise((resolve) => {
-          let done = false;
-          const onData = (c) => { if (!done) { done = true; cleanup(); resolve(c); } };
-          const onEnd = () => { if (!done) { done = true; cleanup(); resolve(null); } };
-          const onErr = () => { if (!done) { done = true; cleanup(); resolve(null); } };
-          const cleanup = () => { reader.removeListener('data', onData); reader.removeListener('end', onEnd); reader.removeListener('error', onErr); };
-          reader.once('data', onData);
-          reader.once('end', onEnd);
-          reader.once('error', onErr);
-        });
-        if (chunk) snippet = chunk.toString('utf8', 0, 1600);
-      } catch (xx) {}
-      log('/api/yt/proxy remote returned non-media content-type', ct, short(snippet, 400));
-      return res.status(502).json({ error: 'Remote returned non-media content-type', contentType: ct, snippet: short(snippet, 800) });
-    }
-    const forwardable = ['content-type','content-length','content-range','accept-ranges','cache-control','last-modified','etag'];
-    forwardable.forEach(h => {
-      const v = resp.headers[h];
-      if (v !== undefined) res.setHeader(h, v);
-    });
     res.setHeader('Access-Control-Allow-Origin', '*');
-    res.setHeader('Access-Control-Allow-Headers', 'Range,Accept,Content-Type');
-    res.status(resp.status);
-    const upstream = resp.data;
-    upstream.on('error', (err) => {
-      log('/api/yt/proxy upstream stream error:', err?.message || String(err));
-      try {
-        if (!res.headersSent) res.status(502).json({ error: 'Upstream stream error', detail: err?.message || String(err) });
-        else res.destroy(err);
-      } catch {}
-    });
-    upstream.pipe(res).on('error', (err) => {
-      log('/api/yt/proxy pipe error:', err?.message || String(err));
-      try { if (!res.headersSent) res.status(502).json({ error: 'Pipe error', detail: err?.message || String(err) }); } catch {}
-    });
   } catch (e) {
     log('/api/yt/proxy unexpected error:', e?.response?.status ?? e?.message ?? String(e));
@@ -417,7 +375,7 @@ const clientDir = path.resolve(__dirname, '../client/dist');
 app.use(express.static(clientDir));
 app.get('*', (_req, res) => res.sendFile(path.join(clientDir, 'index.html')));
-// ---------- Socket.IO ----------
 const server = http.createServer(app);
 const io = new SocketIOServer(server, {
   cors: { origin: '*', methods: ['GET', 'POST'] }
@@ -428,19 +386,24 @@ io.on('connection', (socket) => {
   socket.on('join_room', ({ roomId, name, asHost = false, roomName = null }, ack) => {
     const room = ensureRoom(roomId);
     if (asHost || !room.hostId) room.hostId = socket.id;
     if (!room.name && roomName) room.name = String(roomName).trim().slice(0, 60) || null;
     const role = socket.id === room.hostId ? 'host' : 'member';
     const cleanName = String(name || 'Guest').slice(0, 40);
     room.users.set(socket.id, { name: cleanName, role });
     socket.join(roomId);
     joinedRoom = roomId;
     ack?.({
       roomId,
       isHost: socket.id === room.hostId,
       state: currentState(room),
       roomName: room.name || room.id
     });
     io.to(roomId).emit('system', { text: `System: ${cleanName} has joined the chat` });
     broadcastMembers(roomId);
   });

   } catch { return String(v).slice(0, n) + '…'; }
 }
+// ---------- Room state (your original code) ----------
 const rooms = new Map();
 function ensureRoom(roomId) {
   if (!rooms.has(roomId)) {
 // Health
 app.get('/healthz', (_req, res) => res.send('OK'));
+// ---------- JioSaavn proxies (unchanged) ----------
 app.get('/api/result', async (req, res) => {
   try {
     const q = req.query.q || '';
     res.status(500).json({ error: e.message });
   }
 });
+app.get('/api/song', async (req, res) => { try { const q = req.query.q || ''; const data = await getSong(q); res.json(data); } catch (e) { log('/api/song error', e?.message || short(e?.response?.data)); res.status(500).json({ error: e.message }); } });
+app.get('/api/album', async (req, res) => { try { const q = req.query.q || ''; const data = await getAlbum(q); res.json(data); } catch (e) { log('/api/album error', e?.message || short(e?.response?.data)); res.status(500).json({ error: e.message }); } });
+app.get('/api/playlist', async (req, res) => { try { const q = req.query.q || ''; const data = await getPlaylist(q); res.json(data); } catch (e) { log('/api/playlist error', e?.message || short(e?.response?.data)); res.status(500).json({ error: e.message }); } });
+app.get('/api/lyrics', async (req, res) => { try { const q = req.query.q || ''; const data = await getLyrics(q); res.json(data); } catch (e) { log('/api/lyrics error', e?.message || short(e?.response?.data)); res.status(500).json({ error: e.message }); } });
 // ---------- YouTube search (optional) ----------
 app.get('/api/ytsearch', async (req, res) => {
   }
 });
+// ---------- VidFly resolver (unchanged) ----------
 const VIDFLY_API = process.env.VIDFLY_API || 'https://api.vidfly.ai/api/media/youtube/download';
 app.get('/api/vidfly/debug', async (req, res) => {
   }
 });
+// ---------- Proxy with probe + redirect fallback ----------
+function isProbablyMediaContentType(ct) {
+  if (!ct) return false;
+  const t = String(ct).toLowerCase();
+  return t.startsWith('video/') || t.startsWith('audio/') || t.includes('mpeg') || t.includes('mp4') || t.includes('ogg') || t.includes('webm');
+}
+// Allowed hosts for proxy to avoid open SSRF — keep limited to googlevideo/redirector
 function isAllowedProxyHost(urlStr) {
   try {
     const u = new URL(urlStr);
   }
 }
+// probe function: try HEAD, else small ranged GET
+async function probeUrl(url, headers = {}) {
+  // Attempt HEAD first
   try {
+    const hresp = await axios.head(url, {
+      headers,
+      timeout: 8000,
       maxRedirects: 5,
       validateStatus: () => true
     });
+    return { status: hresp.status, headers: hresp.headers, probeMethod: 'HEAD' };
+  } catch (e) {
+    // HEAD might be blocked; try tiny GET
+  }
+  try {
+    const gresp = await axios.get(url, {
+      headers: { ...headers, Range: 'bytes=0-1023' },
+      timeout: 10000,
+      responseType: 'arraybuffer',
+      maxRedirects: 5,
+      validateStatus: () => true
     });
+    return { status: gresp.status, headers: gresp.headers, probeMethod: 'GET', snippet: Buffer.from(gresp.data || new Uint8Array()).slice(0, 2048).toString('base64') };
+  } catch (e) {
+    return { error: e, probeMethod: 'ERR' };
   }
+}
 app.get('/api/yt/proxy', async (req, res) => {
   try {
     const raw = (req.query.url || '').trim();
     if (!raw) return res.status(400).json({ error: 'Missing url' });
+    // Only allow googlevideo redirector (adjust if you want other hosts)
     if (!isAllowedProxyHost(raw)) {
       return res.status(400).json({ error: 'Proxy to this host is not allowed by server policy' });
     }
+    // Forward range header from client (if any)
+    const clientRange = req.headers.range || null;
+    // Common browser-like headers to increase chance of upstream acceptance
     const requestHeaders = {
       'User-Agent': req.headers['user-agent'] || 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)',
       'Accept': '*/*',
       'Referer': 'https://www.youtube.com/',
+      'Origin': 'https://www.youtube.com/',
+      ...(clientRange ? { Range: clientRange } : {})
     };
+    log('/api/yt/proxy probe', short(raw, 200), 'clientRange=', clientRange ? clientRange.slice(0,120) : 'none');
+    const probe = await probeUrl(raw, requestHeaders);
+    if (probe.error) {
+      log('/api/yt/proxy probe error', probe.error?.message || String(probe.error));
+      // Inconclusive probe — safest option: redirect the browser to the signed URL to let client fetch it
+      res.setHeader('Access-Control-Allow-Origin', '*');
+      res.setHeader('Access-Control-Allow-Credentials', 'true');
+      return res.redirect(307, raw);
     }
+    const upstreamStatus = probe.status;
+    const upstreamCT = String((probe.headers && probe.headers['content-type']) || '').toLowerCase();
+    // If upstream says it's media (video/audio) and status is 200/206 -> stream via proxy
+    if ((upstreamStatus === 200 || upstreamStatus === 206) && isProbablyMediaContentType(upstreamCT)) {
+      log('/api/yt/proxy streaming via server; content-type=', upstreamCT);
+      // Make streaming request (forward Range if client provided)
+      const streamResp = await axios.get(raw, {
+        responseType: 'stream',
+        headers: requestHeaders,
+        timeout: 20000,
+        maxRedirects: 5,
+        validateStatus: () => true
+      });
+      // If upstream returned non-success now, fall back to redirect
+      if (streamResp.status >= 400) {
+        log('/api/yt/proxy stream request failed, status=', streamResp.status, 'falling back to redirect');
+        res.setHeader('Access-Control-Allow-Origin', '*');
+        res.setHeader('Access-Control-Allow-Credentials', 'true');
+        return res.redirect(307, raw);
+      }
+      // Forward useful headers
+      const forwardable = ['content-type','content-length','content-range','accept-ranges','cache-control','last-modified','etag'];
+      forwardable.forEach(h => {
+        const v = streamResp.headers[h];
+        if (v !== undefined) res.setHeader(h, v);
+      });
+      // CORS & expose headers so browser JS can see ranges
+      res.setHeader('Access-Control-Allow-Origin', '*');
+      res.setHeader('Access-Control-Allow-Headers', 'Range,Accept,Content-Type');
+      // Expose these headers to client
+      res.setHeader('Access-Control-Expose-Headers', 'Content-Length,Content-Range,Accept-Ranges');
+      res.status(streamResp.status);
+      // Pipe upstream stream to client
+      streamResp.data.on('error', (err) => {
+        log('/api/yt/proxy upstream stream error', err?.message || err);
+        try { if (!res.headersSent) res.status(502).json({ error: 'Upstream stream error', detail: String(err) }); else res.destroy(err); } catch {}
+      });
+      streamResp.data.pipe(res).on('error', (err) => {
+        log('/api/yt/proxy pipe error', err?.message || err);
+        try { if (!res.headersSent) res.status(502).json({ error: 'Pipe error', detail: String(err) }); } catch {}
+      });
+      return;
+    }
+    // For anything else (403/404 or non-media content-type), redirect browser to the signed URL
+    log('/api/yt/proxy falling back to redirect; upstreamStatus=', upstreamStatus, 'ct=', upstreamCT);
     res.setHeader('Access-Control-Allow-Origin', '*');
+    res.setHeader('Access-Control-Allow-Credentials', 'true');
+    return res.redirect(307, raw);
   } catch (e) {
     log('/api/yt/proxy unexpected error:', e?.response?.status ?? e?.message ?? String(e));
 app.use(express.static(clientDir));
 app.get('*', (_req, res) => res.sendFile(path.join(clientDir, 'index.html')));
+// ---------- Socket.IO (your previous handlers) ----------
 const server = http.createServer(app);
 const io = new SocketIOServer(server, {
   cors: { origin: '*', methods: ['GET', 'POST'] }
   socket.on('join_room', ({ roomId, name, asHost = false, roomName = null }, ack) => {
     const room = ensureRoom(roomId);
     if (asHost || !room.hostId) room.hostId = socket.id;
     if (!room.name && roomName) room.name = String(roomName).trim().slice(0, 60) || null;
     const role = socket.id === room.hostId ? 'host' : 'member';
     const cleanName = String(name || 'Guest').slice(0, 40);
     room.users.set(socket.id, { name: cleanName, role });
     socket.join(roomId);
     joinedRoom = roomId;
     ack?.({
       roomId,
       isHost: socket.id === room.hostId,
       state: currentState(room),
       roomName: room.name || room.id
     });
     io.to(roomId).emit('system', { text: `System: ${cleanName} has joined the chat` });
     broadcastMembers(roomId);
   });