Upload 57 files

Dockerfile

@@ -0,0 +1,61 @@
+FROM golang:bookworm as builder
+WORKDIR /go/src
+EXPOSE 8080
+
+# Install git first as it is required for go mod tidy
+RUN apt-get update && apt-get install -y git build-essential
+
+# Copy everything first
+COPY go.mod go.sum ./
+COPY warp.go server.go ./
+
+# Resolution ambiguity fix: Explicitly fetch the main module and tidy
+RUN go mod download && go mod tidy
+
+# Build binaries
+RUN CGO_ENABLED=0 GOOS=linux \
+    go build -a -installsuffix cgo -ldflags '-s' -o warp warp.go && \
+    go build -a -installsuffix cgo -ldflags '-s' -o server server.go
+
+FROM ubuntu:22.04
+
+# Copy binaries
+COPY --from=builder /go/src/warp /usr/local/bin/
+COPY --from=builder /go/src/server /usr/local/bin/
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+
+COPY entrypoint.sh   /usr/local/bin/
+
+# Install dependencies and Deno
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    bash \
+    curl \
+    ca-certificates \
+    unzip \
+    ffmpeg \
+    && rm -rf /var/lib/apt/lists/* \
+    && curl -fsSL https://deno.land/x/install/install.sh | sh \
+    && mv /root/.deno/bin/deno /usr/local/bin/deno \
+    && chmod +x /usr/local/bin/entrypoint.sh
+
+# Copy Deno App
+WORKDIR /app
+COPY deno.json deno.lock compile.env grafana_dashboard.json ./
+COPY config ./config
+COPY src ./src
+
+ENV         DAEMON_MODE                     false
+ENV         PROXY_UP                        ""
+ENV         PROXY_PORT                      "8080"
+ENV         PROXY_USER                      ""
+ENV         PROXY_PASS                      ""
+ENV         WIREGUARD_UP                    ""
+ENV         WIREGUARD_CONFIG                ""
+ENV         WIREGUARD_INTERFACE_PRIVATE_KEY ""
+ENV         WIREGUARD_INTERFACE_DNS         "1.1.1.1"
+ENV         WIREGUARD_INTERFACE_ADDRESS     ""
+ENV         WIREGUARD_PEER_PUBLIC_KEY       ""
+ENV         WIREGUARD_PEER_ALLOWED_IPS      "0.0.0.0/0"
+ENV         WIREGUARD_PEER_ENDPOINT         ""
+
+ENTRYPOINT  [ "entrypoint.sh" ]

LICENSE

@@ -0,0 +1,661 @@
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU Affero General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<http://www.gnu.org/licenses/>.

compile.env

@@ -0,0 +1 @@
+DENO_COMPILED=true

config/config.example.toml

@@ -0,0 +1,80 @@
+#####
+# The configuration options listed below are able to be enabled as needed.
+# The values in this example are the defaults. Some values can alternatively
+# be set using an environment variable.
+#
+# In order to enable an option, make sure you uncomment both the option
+# and the block header for the section it belongs to. Any other commented
+# options will continue to use default values.
+# See https://toml.io/en/ for details on the configuration format.
+#####
+
+# [server]
+# port = 8282 # env variable: PORT
+# host = "127.0.0.1" # env variable: HOST
+# # Listens to a unix socket on instead of a TCP socket
+# use_unix_socket = false # env variable: SERVER_USE_UNIX_SOCKET
+# unix_socket_path = "/tmp/invidious-companion.sock" # env variable: SERVER_UNIX_SOCKET_PATH
+# # Base path Invidious companion will serve from
+# base_path = "/companion" # env variable: SERVER_BASE_PATH
+# # secret key needs to be exactly 16 characters long
+# secret_key = "CHANGE_ME" # env variable: SERVER_SECRET_KEY
+# verify_requests = false # env variable: SERVER_VERIFY_REQUESTS
+# encrypt_query_params = false # env variable: SERVER_ENCRYPT_QUERY_PARAMS
+# enable_metrics = false # env variable: SERVER_ENABLE_METRICS
+ 
+# [cache]
+# enabled = true # env variable: CACHE_ENABLED
+# # will get cached in /var/tmp/youtubei.js if you specify /var/tmp
+# # you need to change the --allow-write from deno run too
+# directory = "/var/tmp" # env variable: CACHE_DIRECTORY
+ 
+# [networking]
+## Proxy type supported: https://docs.deno.com/api/deno/~/Deno.Proxy
+# #proxy = "" # env variable: PROXY
+# # Enable automatic proxy fetching from antpeak.com (free proxies, auto-rotates when failed)
+# # When enabled, ignores the `proxy` setting above and fetches proxies automatically
+# auto_proxy = false # env variable: NETWORKING_AUTO_PROXY
+# # IPv6 rotation settings - allows sending requests with unique IPv6 addresses
+# # This requires IPv6 setup: https://github.com/iv-org/invidious-companion/wiki/How-to-send-IPv6-requests-with-a-new-IPv6-address-for-each-request-on-a-server-with-a-whole-IPv6-range
+# # Randomizes all bits after the block prefix (e.g., /32 randomizes bits 33-128)
+# #ipv6_block = "2001:db8::/32" # env variable: NETWORKING_IPV6_BLOCK
+
+# [networking.videoplayback]
+# # Enable YouTube new video format UMP
+# ump = false # env variable: NETWORKING_VIDEOPLAYBACK_UMP
+# # size of chunks to request from google servers for rate limiting reductions
+# video_fetch_chunk_size_mb = 5 # env variable: NETWORKING_VIDEOPLAYBACK_VIDEO_FETCH_CHUNK_SIZE_MB
+ 
+###
+# Network call timeouts when talking to YouTube. 
+# Needed in order to ensure Deno closes hanging connections
+###
+# [networking.fetch]
+# timeout_ms = 30000 # env variable: NETWORKING_FETCH_TIMEOUT_MS
+ 
+###
+# Network call retries when talking to YouTube, using
+# https://docs.deno.com/examples/exponential_backoff/
+###
+# [networking.fetch.retry]
+# # enable retries on calls to YouTube
+# enabled = false # env variable: NETWORKING_FETCH_RETRY_ENABLED
+# # max number of times to retry
+# times = 1 # env variable: NETWORKING_FETCH_RETRY_TIMES
+# # minimum wait after first call (ms)
+# initial_debounce = 0 # env variable: NETWORKING_FETCH_RETRY_INITIAL_DEBOUNCE
+# # how much to back off after each retry (multiplier of initial_debounce)
+# debounce_multiplier = 0 # env variable: NETWORKING_FETCH_RETRY_DEBOUNCE_MULTIPLIER
+ 
+# [jobs]
+ 
+# [jobs.youtube_session]
+# # whether to generate PO tokens
+# po_token_enabled = true # env variable: JOBS_YOUTUBE_SESSION_PO_TOKEN_ENABLED
+# # frequency of PO token refresh in cron format
+# frequency = "*/5 * * * *" # env variable: JOBS_YOUTUBE_SESSION_FREQUENCY
+ 
+# [youtube_session]
+# oauth_enabled = false # env variable: YOUTUBE_SESSION_OAUTH_ENABLED
+# cookies = "" # env variable: YOUTUBE_SESSION_COOKIES

config/config.toml

@@ -0,0 +1,60 @@
+#####
+# Invidious Companion Configuration
+# 
+# See https://toml.io/en/ for details on the configuration format.
+#####
+
+[server]
+port = 7860                        # env: PORT
+host = "0.0.0.0"                   # env: HOST
+secret_key = "0123456789abcdef"    # env: SERVER_SECRET_KEY
+
+# Optional Server Settings
+# use_unix_socket = false          # env: SERVER_USE_UNIX_SOCKET
+# unix_socket_path = "/tmp/invidious-companion.sock"
+base_path = "/"                  # env: SERVER_BASE_PATH
+# verify_requests = false          # env: SERVER_VERIFY_REQUESTS
+# encrypt_query_params = false     # env: SERVER_ENCRYPT_QUERY_PARAMS
+enable_metrics = true              # env: SERVER_ENABLE_METRICS
+
+[cache]
+enabled = false                    # env: CACHE_ENABLED
+# directory = "/var/tmp"           # env: CACHE_DIRECTORY
+
+[networking]
+# Auto Proxy Settings
+# auto_proxy: enable automatic proxy fetching (rotates on failure)
+auto_proxy = false               # env: NETWORKING_AUTO_PROXY
+
+# VPN Source: Which service to use for auto_proxy
+# 1 = AntPeak (Default)
+# 2 = Urban VPN
+# 3 = Custom Proxy API (self hosted)
+vpn_source = 2                    # env: NETWORKING_VPN_SOURCE
+
+# Manual Proxy (overrides auto_proxy if set)
+ proxy = "http://127.0.0.1:8080"
+
+# IPv6 Rotation
+# ipv6_block = "2001:db8::/32"     # env: NETWORKING_IPV6_BLOCK
+
+[networking.videoplayback]
+ump = false                        # env: NETWORKING_VIDEOPLAYBACK_UMP
+video_fetch_chunk_size_mb = 5      # env: NETWORKING_VIDEOPLAYBACK_VIDEO_FETCH_CHUNK_SIZE_MB
+
+[networking.fetch]
+# timeout_ms = 30000               # env: NETWORKING_FETCH_TIMEOUT_MS
+
+[networking.fetch.retry]
+# enabled = false                  # env: NETWORKING_FETCH_RETRY_ENABLED
+# times = 1                        # env: NETWORKING_FETCH_RETRY_TIMES
+# initial_debounce = 0
+# debounce_multiplier = 0
+
+[jobs.youtube_session]
+po_token_enabled = true            # env: JOBS_YOUTUBE_SESSION_PO_TOKEN_ENABLED
+frequency = "*/5 * * * *"          # env: JOBS_YOUTUBE_SESSION_FREQUENCY
+
+[youtube_session]
+# oauth_enabled = true             # env: YOUTUBE_SESSION_OAUTH_ENABLED
+# cookies = ""                     # env: YOUTUBE_SESSION_COOKIES

deno.json

@@ -0,0 +1,47 @@
+{
+  "tasks": {
+    "dev": "deno run --allow-import=github.com:443,jsr.io:443,cdn.jsdelivr.net:443,esm.sh:443,deno.land:443 --allow-net --allow-env --allow-sys=hostname --allow-read=.,/var/tmp/youtubei.js,/tmp/invidious-companion.sock,/tmp/mp3-downloads --allow-write=/var/tmp/youtubei.js,/tmp/invidious-companion.sock,/tmp/mp3-downloads --allow-run=ffmpeg --watch src/main.ts",
+    "compile": "deno compile --include ./src/lib/helpers/youtubePlayerReq.ts --include ./src/lib/helpers/getFetchClient.ts --output invidious_companion --allow-import=github.com:443,jsr.io:443,cdn.jsdelivr.net:443,esm.sh:443,deno.land:443 --allow-net --allow-env --allow-read --allow-sys=hostname --allow-write=/var/tmp/youtubei.js,/tmp/invidious-companion.sock,/tmp/mp3-downloads --allow-run=ffmpeg src/main.ts --_version_date=\"$(git log -1 --format=%ci | awk '{print $1}' | sed s/-/./g)\" --_version_commit=\"$(git rev-list HEAD --max-count=1 --abbrev-commit)\"",
+    "test": "deno test --allow-import=github.com:443,jsr.io:443,cdn.jsdelivr.net:443,esm.sh:443,deno.land:443 --allow-net --allow-env --allow-sys=hostname --allow-read=.,/var/tmp/youtubei.js,/tmp/invidious-companion.sock --allow-write=/var/tmp/youtubei.js",
+    "format": "deno fmt src/**",
+    "check": "deno check src/**",
+    "lint": "deno lint src/**"
+  },
+  "imports": {
+    "@std/cli": "jsr:@std/cli@^1.0.17",
+    "hono": "jsr:@hono/hono@4.7.4",
+    "@std/toml": "jsr:@std/toml@1.0.2",
+    "prom-client": "https://esm.sh/prom-client@15.1.3?pin=v135",
+    "youtubei.js": "https://cdn.jsdelivr.net/gh/LuanRT/YouTube.js@v16.0.0-deno/deno.ts",
+    "youtubei.js/Utils": "https://cdn.jsdelivr.net/gh/LuanRT/YouTube.js@v16.0.0-deno/deno/src/utils/Utils.ts",
+    "youtubei.js/NavigationEndpoint": "https://cdn.jsdelivr.net/gh/LuanRT/YouTube.js@v16.0.0-deno/deno/src/parser/classes/NavigationEndpoint.ts",
+    "youtubei.js/PlayerCaptionsTracklist": "https://cdn.jsdelivr.net/gh/LuanRT/YouTube.js@v16.0.0-deno/deno/src/parser/classes/PlayerCaptionsTracklist.ts",
+    "youtubei.js/TabbedFeed": "https://cdn.jsdelivr.net/gh/LuanRT/YouTube.js@v16.0.0-deno/deno/src/core/mixins/TabbedFeed.ts",
+    "jsdom": "npm:jsdom@26.1.0",
+    "bgutils": "https://esm.sh/bgutils-js@3.2.0",
+    "estree": "https://esm.sh/@types/estree@1.0.6",
+    "youtubePlayerReq": "./src/lib/helpers/youtubePlayerReq.ts",
+    "getFetchClient": "./src/lib/helpers/getFetchClient.ts",
+    "googlevideo": "jsr:@luanrt/googlevideo@2.0.0",
+    "meriyah": "npm:meriyah@6.1.4",
+    "crypto/": "https://deno.land/x/crypto@v0.11.0/",
+    "@std/encoding/base64": "jsr:@std/encoding@1.0.7/base64",
+    "@std/async": "jsr:@std/async@1.0.11",
+    "@std/fs": "jsr:@std/fs@1.0.14",
+    "@std/path": "jsr:@std/path@1.0.8",
+    "brotli": "https://deno.land/x/brotli@0.1.7/mod.ts",
+    "zod": "https://deno.land/x/zod@v3.24.2/mod.ts",
+    "canvas": "./src/lib/extra/emptyExport.ts",
+    "bufferutil": "./src/lib/extra/emptyExport.ts",
+    "utf-8-validate": "./src/lib/extra/emptyExport.ts"
+  },
+  "unstable": [
+    "cron",
+    "kv",
+    "http",
+    "temporal"
+  ],
+  "fmt": {
+    "indentWidth": 4
+  }
+}

entrypoint.sh

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+set -ex
+
+echo "[ENTRYPOINT] Starting WireGuard HTTP Proxy"
+
+# Check if WireGuard config should be generated
+if [[ -z "${WIREGUARD_INTERFACE_PRIVATE_KEY}" ]]; then
+    echo "[ENTRYPOINT] Generating Cloudflare Warp configuration..."
+    
+    # Run warp binary to generate config
+    WARP_OUTPUT=$(warp)
+    
+    # Parse the warp output to extract config values
+    export WIREGUARD_INTERFACE_PRIVATE_KEY=$(echo "$WARP_OUTPUT" | grep "PrivateKey" | awk '{print $3}')
+    export WIREGUARD_INTERFACE_ADDRESS=$(echo "$WARP_OUTPUT" | grep "Address" | awk '{print $3}')
+    export WIREGUARD_PEER_PUBLIC_KEY=$(echo "$WARP_OUTPUT" | grep "PublicKey" | awk '{print $3}')
+    export WIREGUARD_PEER_ENDPOINT=$(echo "$WARP_OUTPUT" | grep "Endpoint" | awk '{print $3}')
+    export WIREGUARD_INTERFACE_DNS="${WIREGUARD_INTERFACE_DNS:-1.1.1.1}"
+    
+    echo "[ENTRYPOINT] Warp config generated successfully"
+else
+    echo "[ENTRYPOINT] Using provided WireGuard configuration"
+fi
+
+# Start the proxy server in the background
+echo "[ENTRYPOINT] Starting HTTP proxy server (internal)..."
+server &
+SERVER_PID=$!
+
+# Wait for proxy to start
+echo "[ENTRYPOINT] Waiting for proxy to be ready on port 8080..."
+while ! curl -v http://127.0.0.1:8080/ 2>&1 | grep "Proxy Running"; do
+    if ! kill -0 $SERVER_PID 2>/dev/null; then
+        echo "[FATAL] Server process exited unexpectedly!"
+        wait $SERVER_PID
+        exit 1
+    fi
+    echo "[ENTRYPOINT] Proxy not ready yet... retrying in 1s"
+    sleep 1
+done
+echo "[ENTRYPOINT] Proxy is ready!"
+
+# Start Proxy Check
+echo "[ENTRYPOINT] Checking proxy connection..."
+curl -s -x http://127.0.0.1:8080 https://cloudflare.com/cdn-cgi/trace
+echo ""
+echo "[ENTRYPOINT] Proxy check complete."
+
+# Start Streamion
+echo "[ENTRYPOINT] Starting Streamion..."
+exec deno task dev

go.mod

@@ -0,0 +1,11 @@
+module streamion
+
+go 1.20
+
+require (
+	github.com/caarlos0/env v3.5.0+incompatible
+	golang.org/x/crypto v0.47.0
+	golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb
+)
+
+exclude golang.zx2c4.com/wireguard/tun/netstack v0.0.0-20220703234212-c31a7b1ab478

grafana_dashboard.json

@@ -0,0 +1,888 @@
+{
+  "__inputs": [
+    {
+      "name": "DS_PROMETHEUS-REIMU",
+      "label": "prometheus-reimu",
+      "description": "",
+      "type": "datasource",
+      "pluginId": "prometheus",
+      "pluginName": "Prometheus"
+    }
+  ],
+  "__elements": {},
+  "__requires": [
+    {
+      "type": "grafana",
+      "id": "grafana",
+      "name": "Grafana",
+      "version": "12.3.1"
+    },
+    {
+      "type": "datasource",
+      "id": "prometheus",
+      "name": "Prometheus",
+      "version": "1.0.0"
+    },
+    {
+      "type": "panel",
+      "id": "timeseries",
+      "name": "Time series",
+      "version": ""
+    }
+  ],
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": {
+          "type": "grafana",
+          "uid": "-- Grafana --"
+        },
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "type": "dashboard"
+      }
+    ]
+  },
+  "editable": true,
+  "fiscalYearStartMonth": 0,
+  "graphTooltip": 0,
+  "links": [],
+  "panels": [
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 0
+      },
+      "id": 24,
+      "panels": [],
+      "title": "Videoplayback requests",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS-REIMU}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "showValues": false,
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": 0
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 10,
+        "w": 24,
+        "x": 0,
+        "y": 1
+      },
+      "id": 26,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "12.3.1",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS-REIMU}"
+          },
+          "editorMode": "builder",
+          "expr": "rate(invidious_companion_videoplayback_forbidden_total[$__rate_interval])",
+          "instant": false,
+          "legendFormat": "{{instance}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Forbidden Videoplayback (403 from Youtube servers)",
+      "type": "timeseries"
+    },
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 11
+      },
+      "id": 18,
+      "panels": [],
+      "title": "Requests",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS-REIMU}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "showValues": false,
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": 0
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 10,
+        "w": 12,
+        "x": 0,
+        "y": 12
+      },
+      "id": 12,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "12.3.1",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS-REIMU}"
+          },
+          "disableTextWrap": false,
+          "editorMode": "builder",
+          "expr": "rate(invidious_companion_innertube_successful_request_total[$__rate_interval])",
+          "fullMetaSearch": false,
+          "includeNullMetadata": false,
+          "instant": false,
+          "legendFormat": "{{instance}}",
+          "range": true,
+          "refId": "A",
+          "useBackend": false
+        }
+      ],
+      "title": "Successful Requests Rate",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS-REIMU}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "showValues": false,
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": 0
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 10,
+        "w": 12,
+        "x": 12,
+        "y": 12
+      },
+      "id": 13,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "12.3.1",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS-REIMU}"
+          },
+          "editorMode": "code",
+          "expr": "rate(invidious_companion_innertube_failed_request_total[$__rate_interval])",
+          "instant": false,
+          "legendFormat": "{{instance}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "Failed Requests Rate",
+      "type": "timeseries"
+    },
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 22
+      },
+      "id": 19,
+      "panels": [],
+      "title": "Status",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS-REIMU}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineStyle": {
+              "fill": "solid"
+            },
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "showValues": false,
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": 0
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 10,
+        "w": 24,
+        "x": 0,
+        "y": 23
+      },
+      "id": 22,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "12.3.1",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS-REIMU}"
+          },
+          "editorMode": "code",
+          "expr": "rate(invidious_companion_innertube_error_status_loginRequired_total[$__rate_interval])",
+          "instant": false,
+          "legendFormat": "{{instance}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "\"LOGIN_REQUIRED\" Rate",
+      "type": "timeseries"
+    },
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 33
+      },
+      "id": 8,
+      "panels": [],
+      "title": "Reasons",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS-REIMU}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineStyle": {
+              "fill": "solid"
+            },
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "showValues": false,
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": 0
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 10,
+        "w": 24,
+        "x": 0,
+        "y": 34
+      },
+      "id": 4,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "12.3.1",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS-REIMU}"
+          },
+          "editorMode": "code",
+          "expr": "rate(invidious_companion_innertube_error_reason_SignIn_total[$__rate_interval])",
+          "instant": false,
+          "legendFormat": "{{instance}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "\"Sign in to confirm you’re not a bot.\" Rate",
+      "type": "timeseries"
+    },
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 44
+      },
+      "id": 9,
+      "panels": [],
+      "title": "Subreasons",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS-REIMU}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "showValues": false,
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": 0
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 10,
+        "w": 24,
+        "x": 0,
+        "y": 45
+      },
+      "id": 6,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "12.3.1",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS-REIMU}"
+          },
+          "editorMode": "code",
+          "expr": "rate(invidious_companion_innertube_error_subreason_ProtectCommunity_total[$__rate_interval])",
+          "instant": false,
+          "legendFormat": "{{instance}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "\"This helps protect our community.\" Rate",
+      "type": "timeseries"
+    },
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 55
+      },
+      "id": 20,
+      "panels": [],
+      "title": "Jobs",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS-REIMU}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineStyle": {
+              "fill": "solid"
+            },
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "showValues": false,
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": 0
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 9,
+        "w": 24,
+        "x": 0,
+        "y": 56
+      },
+      "id": 16,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "hideZeros": false,
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "12.3.1",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS-REIMU}"
+          },
+          "editorMode": "code",
+          "expr": "invidious_companion_potoken_generation_failure_total",
+          "instant": false,
+          "legendFormat": "{{instance}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "poToken Generation Failure Rate",
+      "type": "timeseries"
+    }
+  ],
+  "preload": false,
+  "refresh": "10s",
+  "schemaVersion": 42,
+  "tags": [],
+  "templating": {
+    "list": [
+      {
+        "current": {},
+        "label": "datasource",
+        "name": "Datasource",
+        "options": [],
+        "query": "prometheus",
+        "refresh": 1,
+        "regex": "",
+        "type": "datasource"
+      },
+      {
+        "current": {},
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${Datasource}"
+        },
+        "definition": "label_values(invidious_companion_innertube_successful_request_total,job)",
+        "description": "",
+        "label": "Job",
+        "name": "job",
+        "options": [],
+        "query": {
+          "qryType": 1,
+          "query": "label_values(invidious_companion_innertube_successful_request_total,job)",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 2,
+        "regex": "",
+        "type": "query"
+      }
+    ]
+  },
+  "time": {
+    "from": "now-1h",
+    "to": "now"
+  },
+  "timepicker": {},
+  "timezone": "browser",
+  "title": "Invidious Companion2",
+  "uid": "1-0-1",
+  "version": 9,
+  "weekStart": "",
+  "id": null
+}

invidious-companion.service

@@ -0,0 +1,42 @@
+[Unit]
+Description=invidious-companion (companion for Invidious which handles all the video stream retrieval from YouTube servers)
+After=syslog.target
+After=network.target
+
+[Service]
+RestartSec=2s
+Type=simple
+
+User=invidious
+Group=invidious
+
+# Security hardening - balanced approach for Deno applications
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+RestrictNamespaces=true
+RestrictSUIDSGID=true
+RestrictRealtime=true
+
+# Filesystem access
+BindReadOnlyPaths=/home/invidious/invidious-companion
+BindPaths=/home/invidious/tmp
+BindPaths=/var/tmp/youtubei.js
+
+WorkingDirectory=/home/invidious/invidious-companion
+ExecStart=/home/invidious/invidious-companion/invidious_companion
+
+Environment=SERVER_SECRET_KEY=CHANGE_ME
+Environment=CACHE_DIRECTORY=/var/tmp/youtubei.js
+
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

server.go

@@ -0,0 +1,311 @@
+package main
+
+import (
+	"encoding/base64"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"log"
+	"net"
+	"net/http"
+	"net/netip"
+	"strings"
+	"time"
+
+	"github.com/caarlos0/env"
+	"golang.zx2c4.com/wireguard/conn"
+	"golang.zx2c4.com/wireguard/device"
+	"golang.zx2c4.com/wireguard/tun/netstack"
+)
+
+type params struct {
+	User     string `env:"PROXY_USER" envDefault:""`
+	Password string `env:"PROXY_PASS" envDefault:""`
+	Port     string `env:"PORT" envDefault:"8080"`
+	// WireGuard Params
+	WgPrivateKey    string `env:"WIREGUARD_INTERFACE_PRIVATE_KEY"`
+	WgAddress       string `env:"WIREGUARD_INTERFACE_ADDRESS"` // e.g., 10.0.0.2/32
+	WgPeerPublicKey string `env:"WIREGUARD_PEER_PUBLIC_KEY"`
+	WgPeerEndpoint  string `env:"WIREGUARD_PEER_ENDPOINT"`     // e.g., 1.2.3.4:51820
+	WgDNS           string `env:"WIREGUARD_INTERFACE_DNS" envDefault:"1.1.1.1"`
+}
+
+var tnet *netstack.Net
+
+func handleTunneling(w http.ResponseWriter, r *http.Request) {
+	dest := r.URL.Host
+	if dest == "" {
+		dest = r.Host
+	}
+
+	// Hijack the connection first to allow custom response writing
+	hijacker, ok := w.(http.Hijacker)
+	if !ok {
+		http.Error(w, "Hijacking not supported", http.StatusInternalServerError)
+		return
+	}
+	client_conn, _, err := hijacker.Hijack()
+	if err != nil {
+		// If hijack fails, we can't do much as headers might be sent or connection broken
+		http.Error(w, err.Error(), http.StatusServiceUnavailable)
+		return
+	}
+
+	var dest_conn net.Conn
+
+	if tnet == nil {
+		dest_conn, err = net.DialTimeout("tcp", dest, 10*time.Second)
+	} else {
+		// Use tnet.Dial to connect through WireGuard
+		dest_conn, err = tnet.Dial("tcp", dest)
+	}
+
+	if err != nil {
+		log.Printf("[ERROR] TUNNEL Dial failed to %s: %v", dest, err)
+		// Send a 503 to the client through the hijacked connection and close
+		// Simple HTTP response since we hijacked
+		client_conn.Write([]byte("HTTP/1.1 503 Service Unavailable\r\n\r\n"))
+		client_conn.Close()
+		return
+	}
+
+	// Write 200 Connection Established to the client
+	// This signals the client that the tunnel is ready
+	_, err = client_conn.Write([]byte("HTTP/1.1 200 Connection Established\r\n\r\n"))
+	if err != nil {
+		log.Printf("[ERROR] TUNNEL Write 200 failed: %v", err)
+		dest_conn.Close()
+		client_conn.Close()
+		return
+	}
+
+	go transfer(dest_conn, client_conn)
+	go transfer(client_conn, dest_conn)
+}
+
+func transfer(destination io.WriteCloser, source io.ReadCloser) {
+	defer destination.Close()
+	defer source.Close()
+	io.Copy(destination, source)
+}
+
+func handleHTTP(w http.ResponseWriter, r *http.Request) {
+	transport := http.DefaultTransport.(*http.Transport).Clone()
+	
+	if tnet != nil {
+		// Use tnet.DialContext for HTTP requests
+		transport.DialContext = tnet.DialContext
+	}
+
+	resp, err := transport.RoundTrip(r)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusServiceUnavailable)
+		return
+	}
+	defer resp.Body.Close()
+	copyHeader(w.Header(), resp.Header)
+	w.WriteHeader(resp.StatusCode)
+	io.Copy(w, resp.Body)
+}
+
+func handleDebug(w http.ResponseWriter, r *http.Request) {
+	if tnet == nil {
+		w.Header().Set("Content-Type", "text/plain")
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte("Error: WireGuard not initialized (Direct Mode)"))
+		return
+	}
+
+	client := &http.Client{
+		Transport: &http.Transport{
+			DialContext: tnet.DialContext,
+		},
+		Timeout: 10 * time.Second,
+	}
+
+	resp, err := client.Get("http://ifconfig.me")
+	if err != nil {
+		log.Printf("[DEBUG] VPN Test Failed: %v", err)
+		http.Error(w, fmt.Sprintf("VPN Connection Failed: %v", err), http.StatusServiceUnavailable)
+		return
+	}
+	defer resp.Body.Close()
+	
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		http.Error(w, fmt.Sprintf("Failed to read response: %v", err), http.StatusInternalServerError)
+		return
+	}
+	
+	log.Printf("[DEBUG] VPN Test Success. IP: %s", string(body))
+	w.Header().Set("Content-Type", "text/plain")
+	w.WriteHeader(http.StatusOK)
+	w.Write([]byte(fmt.Sprintf("VPN Connected! Public IP: %s", string(body))))
+}
+
+func copyHeader(dst, src http.Header) {
+	for k, vv := range src {
+		for _, v := range vv {
+			dst.Add(k, v)
+		}
+	}
+}
+
+func startWireGuard(cfg params) error {
+	if cfg.WgPrivateKey == "" || cfg.WgPeerEndpoint == "" {
+		log.Println("[INFO] WireGuard config missing, running in DIRECT mode (no VPN)")
+		return nil
+	}
+
+	log.Println("[INFO] Initializing Userspace WireGuard...")
+
+	localIPs := []netip.Addr{}
+	if cfg.WgAddress != "" {
+		// Handle CIDR notation if present (e.g., 10.0.0.2/32)
+		addrStr := strings.Split(cfg.WgAddress, "/")[0]
+		addr, err := netip.ParseAddr(addrStr)
+		if err == nil {
+			localIPs = append(localIPs, addr)
+			log.Printf("[INFO] Local VPN IP: %s", addr)
+		} else {
+			log.Printf("[WARN] Failed to parse local IP: %v", err)
+		}
+	}
+	
+	dnsIP, err := netip.ParseAddr(cfg.WgDNS)
+	if err != nil {
+		log.Printf("[WARN] Failed to parse DNS IP, using default: %v", err)
+		dnsIP, _ = netip.ParseAddr("1.1.1.1")
+	}
+	log.Printf("[INFO] DNS Server: %s", dnsIP)
+
+	log.Println("[INFO] Creating virtual network interface...")
+	tunDev, tnetInstance, err := netstack.CreateNetTUN(
+		localIPs,
+		[]netip.Addr{dnsIP},
+		1420,
+	)
+	if err != nil {
+		return fmt.Errorf("failed to create TUN: %w", err)
+	}
+	tnet = tnetInstance
+	log.Println("[INFO] Virtual TUN device created successfully")
+
+	log.Println("[INFO] Initializing WireGuard device...")
+	dev := device.NewDevice(tunDev, conn.NewDefaultBind(), device.NewLogger(device.LogLevelSilent, ""))
+	
+	log.Printf("[INFO] Configuring peer endpoint: %s", cfg.WgPeerEndpoint)
+
+	// Convert keys from Base64 to Hex
+	// wireguard-go expects hex keys in UAPI, but inputs are usually Base64
+	privateKeyHex, err := base64ToHex(cfg.WgPrivateKey)
+	if err != nil {
+		return fmt.Errorf("invalid private key (base64 decode failed): %w", err)
+	}
+
+	publicKeyHex, err := base64ToHex(cfg.WgPeerPublicKey)
+	if err != nil {
+		return fmt.Errorf("invalid peer public key (base64 decode failed): %w", err)
+	}
+
+	uapi := fmt.Sprintf(`private_key=%s
+public_key=%s
+endpoint=%s
+allowed_ip=0.0.0.0/0
+`, privateKeyHex, publicKeyHex, cfg.WgPeerEndpoint)
+
+	if err := dev.IpcSet(uapi); err != nil {
+		return fmt.Errorf("failed to configure device: %w", err)
+	}
+	log.Println("[INFO] WireGuard peer configured")
+	
+	if err := dev.Up(); err != nil {
+		return fmt.Errorf("failed to bring up device: %w", err)
+	}
+
+	log.Println("[SUCCESS] WireGuard interface is UP - All traffic will route through VPN")
+	return nil
+}
+
+func main() {
+	log.SetFlags(log.LstdFlags | log.Lmsgprefix)
+	log.Println("[STARTUP] Initializing HTTP Proxy with Userspace WireGuard")
+	
+	cfg := params{}
+	if err := env.Parse(&cfg); err != nil {
+		log.Printf("[WARN] Config parse warning: %+v\n", err)
+	}
+
+	log.Printf("[CONFIG] Proxy Port: %s", cfg.Port)
+	if cfg.User != "" {
+		log.Printf("[CONFIG] Authentication: Enabled (user: %s)", cfg.User)
+	} else {
+		log.Println("[CONFIG] Authentication: Disabled")
+	}
+
+	if err := startWireGuard(cfg); err != nil {
+		log.Fatalf("[FATAL] Failed to start WireGuard: %v", err)
+	}
+
+	log.Printf("[STARTUP] Starting HTTP proxy server on port %s\n", cfg.Port)
+
+	server := &http.Server{
+		Addr: ":" + cfg.Port,
+		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if cfg.User != "" && cfg.Password != "" {
+				user, pass, ok := r.BasicAuth()
+				if !ok || user != cfg.User || pass != cfg.Password {
+					log.Printf("[AUTH] Unauthorized access attempt from %s", r.RemoteAddr)
+					w.Header().Set("Proxy-Authenticate", `Basic realm="Proxy"`)
+					http.Error(w, "Unauthorized", http.StatusProxyAuthRequired)
+					return
+				}
+			}
+			
+			// Handle CONNECT (HTTPS tunnel)
+			if r.Method == http.MethodConnect {
+				log.Printf("[CONNECT] %s -> %s", r.RemoteAddr, r.Host)
+				handleTunneling(w, r)
+				return
+			}
+			
+			// Direct requests to the proxy server (Health check & Debug)
+			// We check r.URL.Host == "" which means it's a direct request, not a proxy request
+			if r.URL.Host == "" {
+				if r.URL.Path == "/" {
+					log.Printf("[HEALTH] Health check from %s", r.RemoteAddr)
+					w.WriteHeader(http.StatusOK)
+					if tnet != nil {
+						w.Write([]byte("Proxy Running via Userspace WireGuard"))
+					} else {
+						w.Write([]byte("Proxy Running in Direct Mode (No VPN)"))
+					}
+					return
+				}
+				
+				if r.URL.Path == "/debug" {
+					log.Printf("[DEBUG] Debug check from %s", r.RemoteAddr)
+					handleDebug(w, r)
+					return
+				}
+			}
+
+			// Proxy HTTP requests
+			log.Printf("[HTTP] %s %s -> %s", r.Method, r.RemoteAddr, r.URL.String())
+			handleHTTP(w, r)
+		}),
+	}
+	
+	log.Println("[READY] Proxy server is ready to accept connections")
+	if err := server.ListenAndServe(); err != nil {
+		log.Fatalf("[FATAL] Server error: %v", err)
+	}
+}
+
+func base64ToHex(b64 string) (string, error) {
+	decoded, err := base64.StdEncoding.DecodeString(b64)
+	if err != nil {
+		return "", err
+	}
+	return hex.EncodeToString(decoded), nil
+}

src/constants.ts

@@ -0,0 +1,11 @@
+// Set to `undefined` if it's no longer in use!
+//
+// Old Players IDs are usually available for a few more days after Youtube
+// rolls out a new Player. This is helpful when Youtube.JS is not able to
+// extract the signature decipher algorithm and we need to wait for a fix
+// in Youtube.JS.
+export const PLAYER_ID = undefined;
+
+// Error message shown when tokenMinter is not yet ready
+export const TOKEN_MINTER_NOT_READY_MESSAGE =
+    "Companion is starting. Please wait until a valid potoken is found. If this process takes too long, please consult: https://docs.invidious.io/youtube-errors-explained/#po-token-initialization-taking-too-much-time-to-complete";

src/lib/extra/emptyExport.ts

@@ -0,0 +1 @@
+export default {};

src/lib/helpers/config.ts

@@ -0,0 +1,180 @@
+import { z, ZodError } from "zod";
+import { parse } from "@std/toml";
+
+export const ConfigSchema = z.object({
+    server: z.object({
+        port: z.number().default(Number(Deno.env.get("PORT")) || 8282),
+        host: z.string().default(Deno.env.get("HOST") || "127.0.0.1"),
+        use_unix_socket: z.boolean().default(
+            Deno.env.get("SERVER_USE_UNIX_SOCKET") === "true" || false,
+        ),
+        unix_socket_path: z.string().default(
+            Deno.env.get("SERVER_UNIX_SOCKET_PATH") ||
+            "/tmp/invidious-companion.sock",
+        ),
+        base_path: z.string()
+            .default(Deno.env.get("SERVER_BASE_PATH") || "/companion")
+            .refine(
+                (path) => path.startsWith("/"),
+                {
+                    message:
+                        "SERVER_BASE_PATH must start with a forward slash (/). Example: '/companion'",
+                },
+            )
+            .refine(
+                (path) => !path.endsWith("/") || path === "/",
+                {
+                    message:
+                        "SERVER_BASE_PATH must not end with a forward slash (/) unless it's the root path. Example: '/companion' not '/companion/'",
+                },
+            )
+            .refine(
+                (path) => !path.includes("//"),
+                {
+                    message:
+                        "SERVER_BASE_PATH must not contain double slashes (//). Example: '/companion' not '//companion' or '/comp//anion'",
+                },
+            ),
+        secret_key: z.preprocess(
+            (val) =>
+                val === undefined
+                    ? Deno.env.get("SERVER_SECRET_KEY") || ""
+                    : val,
+            z.string().min(1),
+        ).default(undefined),
+        verify_requests: z.boolean().default(
+            Deno.env.get("SERVER_VERIFY_REQUESTS") === "true" || false,
+        ),
+        encrypt_query_params: z.boolean().default(
+            Deno.env.get("SERVER_ENCRYPT_QUERY_PARAMS") === "true" || false,
+        ),
+        enable_metrics: z.boolean().default(
+            Deno.env.get("SERVER_ENABLE_METRICS") === "true" || false,
+        ),
+    }).strict().default({}),
+    cache: z.object({
+        enabled: z.boolean().default(
+            Deno.env.get("CACHE_ENABLED") === "false" ? false : true,
+        ),
+        directory: z.string().default(
+            Deno.env.get("CACHE_DIRECTORY") || "/var/tmp",
+        ),
+    }).strict().default({}),
+    networking: z.object({
+        proxy: z.string().nullable().default(Deno.env.get("PROXY") || null),
+        auto_proxy: z.boolean().default(
+            Deno.env.get("NETWORKING_AUTO_PROXY") === "true" || false,
+        ),
+        vpn_source: z.number().default(
+            Number(Deno.env.get("NETWORKING_VPN_SOURCE")) || 1,
+        ),
+        ipv6_block: z.string().nullable().default(
+            Deno.env.get("NETWORKING_IPV6_BLOCK") || null,
+        ),
+        fetch: z.object({
+            timeout_ms: z.number().default(
+                Number(Deno.env.get("NETWORKING_FETCH_TIMEOUT_MS")) || 30_000,
+            ),
+            retry: z.object({
+                enabled: z.boolean().default(
+                    Deno.env.get("NETWORKING_FETCH_RETRY_ENABLED") === "true" ||
+                    false,
+                ),
+                times: z.number().optional().default(
+                    Number(Deno.env.get("NETWORKING_FETCH_RETRY_TIMES")) || 1,
+                ),
+                initial_debounce: z.number().optional().default(
+                    Number(
+                        Deno.env.get("NETWORKING_FETCH_RETRY_INITIAL_DEBOUNCE"),
+                    ) || 0,
+                ),
+                debounce_multiplier: z.number().optional().default(
+                    Number(
+                        Deno.env.get(
+                            "NETWORKING_FETCH_RETRY_DEBOUNCE_MULTIPLIER",
+                        ),
+                    ) || 0,
+                ),
+            }).strict().default({}),
+        }).strict().default({}),
+        videoplayback: z.object({
+            ump: z.boolean().default(
+                Deno.env.get("NETWORKING_VIDEOPLAYBACK_UMP") === "true" ||
+                false,
+            ),
+            video_fetch_chunk_size_mb: z.number().default(
+                Number(
+                    Deno.env.get(
+                        "NETWORKING_VIDEOPLAYBACK_VIDEO_FETCH_CHUNK_SIZE_MB",
+                    ),
+                ) || 5,
+            ),
+        }).strict().default({}),
+    }).strict().default({}),
+    jobs: z.object({
+        youtube_session: z.object({
+            po_token_enabled: z.boolean().default(
+                Deno.env.get("JOBS_YOUTUBE_SESSION_PO_TOKEN_ENABLED") ===
+                    "false"
+                    ? false
+                    : true,
+            ),
+            frequency: z.string().default(
+                Deno.env.get("JOBS_YOUTUBE_SESSION_FREQUENCY") || "*/5 * * * *",
+            ),
+        }).strict().default({}),
+    }).strict().default({}),
+    youtube_session: z.object({
+        oauth_enabled: z.boolean().default(
+            Deno.env.get("YOUTUBE_SESSION_OAUTH_ENABLED") === "true" || false,
+        ),
+        cookies: z.string().default(
+            Deno.env.get("YOUTUBE_SESSION_COOKIES") || "",
+        ),
+    }).strict().default({}),
+}).strict();
+
+export type Config = z.infer<typeof ConfigSchema>;
+
+export async function parseConfig() {
+    const configFileName = Deno.env.get("CONFIG_FILE") || "config/config.toml";
+    const configFileContents = await Deno.readTextFile(configFileName).catch(
+        () => null,
+    );
+    if (configFileContents) {
+        console.log("[INFO] Using custom settings local file");
+    } else {
+        console.log(
+            "[INFO] No local config file found, using default config",
+        );
+    }
+
+    try {
+        const rawConfig = configFileContents ? parse(configFileContents) : {};
+        const validatedConfig = ConfigSchema.parse(rawConfig);
+
+        console.log("Loaded Configuration", validatedConfig);
+
+        return validatedConfig;
+    } catch (err) {
+        let errorMessage =
+            "There is an error in your configuration, check your environment variables";
+        if (configFileContents) {
+            errorMessage +=
+                ` or in your configuration file located at ${configFileName}`;
+        }
+        console.log(errorMessage);
+        if (err instanceof ZodError) {
+            console.log(err.issues);
+            // Include detailed error information in the thrown error for testing
+            const detailedMessage = err.issues.map((issue) =>
+                `${issue.path.join(".")}: ${issue.message}`
+            ).join("; ");
+            throw new Error(
+                `Failed to parse configuration file: ${detailedMessage}`,
+            );
+        }
+        // rethrow error if not Zod
+        throw err;
+    }
+}

src/lib/helpers/encodeRFC5987ValueChars.ts

@@ -0,0 +1,21 @@
+// Taken from
+// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent#encoding_for_content-disposition_and_link_headers
+export function encodeRFC5987ValueChars(str: string) {
+    return (
+        encodeURIComponent(str)
+            // The following creates the sequences %27 %28 %29 %2A (Note that
+            // the valid encoding of "*" is %2A, which necessitates calling
+            // toUpperCase() to properly encode). Although RFC3986 reserves "!",
+            // RFC5987 does not, so we do not need to escape it.
+            .replace(
+                /['()*]/g,
+                (c) => `%${c.charCodeAt(0).toString(16).toUpperCase()}`,
+            )
+            // The following are not required for percent-encoding per RFC5987,
+            // so we can allow for a little better readability over the wire: |`^
+            .replace(
+                /%(7C|60|5E)/g,
+                (_str, hex) => String.fromCharCode(parseInt(hex, 16)),
+            )
+    );
+}

src/lib/helpers/encryptQuery.ts

@@ -0,0 +1,56 @@
+import { decodeBase64, encodeBase64 } from "@std/encoding/base64";
+import { Aes } from "crypto/aes.ts";
+import { Ecb, Padding } from "crypto/block-modes.ts";
+import type { Config } from "./config.ts";
+
+export const encryptQuery = (
+    queryParams: string,
+    config: Config,
+): string => {
+    try {
+        const cipher = new Ecb(
+            Aes,
+            new TextEncoder().encode(
+                config.server.secret_key,
+            ),
+            Padding.PKCS7,
+        );
+
+        const encodedData = new TextEncoder().encode(
+            queryParams,
+        );
+
+        const encryptedData = cipher.encrypt(encodedData);
+
+        return encodeBase64(encryptedData);
+    } catch (err) {
+        console.error("[ERROR] Failed to encrypt query parameters:", err);
+        return "";
+    }
+};
+
+export const decryptQuery = (
+    queryParams: string,
+    config: Config,
+): string => {
+    try {
+        const decipher = new Ecb(
+            Aes,
+            new TextEncoder().encode(config.server.secret_key),
+            Padding.PKCS7,
+        );
+
+        const decryptedData = new TextDecoder().decode(
+            decipher.decrypt(
+                decodeBase64(
+                    queryParams,
+                ),
+            ),
+        );
+
+        return decryptedData;
+    } catch (err) {
+        console.error("[ERROR] Failed to decrypt query parameters:", err);
+        return "";
+    }
+};

src/lib/helpers/getFetchClient.ts

@@ -0,0 +1,107 @@
+import { retry, type RetryOptions } from "@std/async";
+import type { Config } from "./config.ts";
+import { generateRandomIPv6 } from "./ipv6Rotation.ts";
+import { getCurrentProxy } from "./proxyManager.ts";
+
+type FetchInputParameter = Parameters<typeof fetch>[0];
+type FetchInitParameterWithClient =
+    | RequestInit
+    | RequestInit & { client: Deno.HttpClient };
+type FetchReturn = ReturnType<typeof fetch>;
+
+export const getFetchClient = (config: Config): {
+    (
+        input: FetchInputParameter,
+        init?: FetchInitParameterWithClient,
+    ): FetchReturn;
+} => {
+    return async (
+        input: FetchInputParameter,
+        init?: RequestInit,
+    ) => {
+        // Use auto-fetched proxy if enabled, otherwise use configured proxy
+        const proxyAddress = config.networking.auto_proxy
+            ? getCurrentProxy()
+            : config.networking.proxy;
+        const ipv6Block = config.networking.ipv6_block;
+
+        // If proxy or IPv6 rotation is configured, create a custom HTTP client
+        if (proxyAddress || ipv6Block) {
+            const clientOptions: Deno.CreateHttpClientOptions = {};
+
+            if (proxyAddress) {
+                try {
+                    const proxyUrl = new URL(proxyAddress);
+                    // Extract credentials if present
+                    if (proxyUrl.username && proxyUrl.password) {
+                        clientOptions.proxy = {
+                            url: `${proxyUrl.protocol}//${proxyUrl.host}`,
+                            basicAuth: {
+                                username: decodeURIComponent(proxyUrl.username),
+                                password: decodeURIComponent(proxyUrl.password),
+                            },
+                        };
+                    } else {
+                        clientOptions.proxy = {
+                            url: proxyAddress,
+                        };
+                    }
+                } catch {
+                    clientOptions.proxy = {
+                        url: proxyAddress,
+                    };
+                }
+            }
+
+            if (ipv6Block) {
+                clientOptions.localAddress = generateRandomIPv6(ipv6Block);
+            }
+
+            const client = Deno.createHttpClient(clientOptions);
+            const fetchRes = await fetchShim(config, input, {
+                client,
+                headers: init?.headers,
+                method: init?.method,
+                body: init?.body,
+            });
+            client.close(); // Important: close client to avoid leaking resources
+            return new Response(fetchRes.body, {
+                status: fetchRes.status,
+                headers: fetchRes.headers,
+            });
+        }
+
+        return fetchShim(config, input, init);
+    };
+};
+
+function fetchShim(
+    config: Config,
+    input: FetchInputParameter,
+    init?: FetchInitParameterWithClient,
+): FetchReturn {
+    const fetchTimeout = config.networking.fetch?.timeout_ms;
+    const fetchRetry = config.networking.fetch?.retry?.enabled;
+    const fetchMaxAttempts = config.networking.fetch?.retry?.times;
+    const fetchInitialDebounce = config.networking.fetch?.retry
+        ?.initial_debounce;
+    const fetchDebounceMultiplier = config.networking.fetch?.retry
+        ?.debounce_multiplier;
+    const retryOptions: RetryOptions = {
+        maxAttempts: fetchMaxAttempts,
+        minTimeout: fetchInitialDebounce,
+        multiplier: fetchDebounceMultiplier,
+        jitter: 0,
+    };
+
+    const callFetch = () =>
+        fetch(input, {
+            // only set the AbortSignal if the timeout is supplied in the config
+            signal: fetchTimeout
+                ? AbortSignal.timeout(Number(fetchTimeout))
+                : null,
+            ...(init || {}),
+        });
+    // if retry enabled, call retry with the fetch shim, otherwise pass the fetch shim back directly
+    return fetchRetry ? retry(callFetch, retryOptions) : callFetch();
+}

src/lib/helpers/ipv6Rotation.ts

@@ -0,0 +1,109 @@
+/**
+ * IPv6 Rotation Utility
+ *
+ * This module provides IPv6 address rotation functionality to help avoid
+ * "Please login" errors from YouTube by sending each request from a unique
+ * IPv6 address within a configured IPv6 block.
+ *
+ * Setup instructions: https://gist.github.com/unixfox/2a9dbcb23d8f69c4582f7c85a849d5cc#linux-setup
+ */
+
+/**
+ * Generate a random IPv6 address within the specified IPv6 block
+ * @param ipv6Block - The IPv6 block in CIDR notation (e.g., "2001:db8::/32")
+ * @returns A random IPv6 address within the specified IPv6 block
+ */
+export function generateRandomIPv6(ipv6Block: string): string {
+    // Parse the IPv6 block
+    const [baseAddress, blockSize] = ipv6Block.split("/");
+    const blockBits = parseInt(blockSize, 10);
+
+    if (isNaN(blockBits) || blockBits < 1 || blockBits > 128) {
+        throw new Error("Invalid IPv6 block size");
+    }
+
+    // Expand IPv6 address to full form
+    const expandedBase = expandIPv6(baseAddress);
+
+    // Convert to binary representation
+    const baseBytes = ipv6ToBytes(expandedBase);
+
+    // Randomize all bits after the block prefix
+    for (let i = Math.floor(blockBits / 8); i < 16; i++) {
+        const bitOffset = Math.max(0, blockBits - i * 8);
+        if (bitOffset === 0) {
+            // Fully random byte
+            baseBytes[i] = Math.floor(Math.random() * 256);
+        } else if (bitOffset < 8) {
+            // Partially random byte
+            const mask = (1 << (8 - bitOffset)) - 1;
+            const randomPart = Math.floor(Math.random() * (mask + 1));
+            baseBytes[i] = (baseBytes[i] & ~mask) | randomPart;
+        }
+        // else: keep the original byte (bitOffset >= 8)
+    }
+
+    // Convert back to IPv6 string
+    return bytesToIPv6(baseBytes);
+}
+
+/**
+ * Expand an IPv6 address to its full form
+ */
+function expandIPv6(address: string): string {
+    // Handle :: expansion
+    if (address.includes("::")) {
+        const parts = address.split("::");
+        const leftParts = parts[0] ? parts[0].split(":") : [];
+        const rightParts = parts[1] ? parts[1].split(":") : [];
+        const missingParts = 8 - leftParts.length - rightParts.length;
+        const middle = Array(missingParts).fill("0000");
+        const allParts = [...leftParts, ...middle, ...rightParts];
+        return allParts.map((p) => p.padStart(4, "0")).join(":");
+    }
+
+    // Pad each part to 4 characters
+    return address.split(":").map((p) => p.padStart(4, "0")).join(":");
+}
+
+/**
+ * Convert IPv6 address string to byte array
+ */
+function ipv6ToBytes(address: string): number[] {
+    const parts = address.split(":");
+    const bytes: number[] = [];
+
+    for (const part of parts) {
+        const value = parseInt(part, 16);
+        bytes.push((value >> 8) & 0xFF);
+        bytes.push(value & 0xFF);
+    }
+
+    return bytes;
+}
+
+/**
+ * Convert byte array back to IPv6 address string
+ */
+function bytesToIPv6(bytes: number[]): string {
+    const parts: string[] = [];
+
+    for (let i = 0; i < 16; i += 2) {
+        const value = (bytes[i] << 8) | bytes[i + 1];
+        parts.push(value.toString(16));
+    }
+
+    // Compress consecutive zeros
+    let ipv6 = parts.join(":");
+
+    // Find the longest sequence of consecutive zeros
+    const zeroSequences = ipv6.match(/(^|:)(0:)+/g);
+    if (zeroSequences) {
+        const longestZeroSeq = zeroSequences.reduce((a, b) =>
+            a.length > b.length ? a : b
+        );
+        ipv6 = ipv6.replace(longestZeroSeq, longestZeroSeq[0] + ":");
+    }
+
+    return ipv6;
+}

src/lib/helpers/jsInterpreter.ts

@@ -0,0 +1,22 @@
+import { Platform, Types } from "youtubei.js";
+
+// https://ytjs.dev/guide/getting-started.html#providing-a-custom-javascript-interpreter
+// deno-lint-ignore require-await
+export const jsInterpreter = Platform.shim.eval = async (
+    data: Types.BuildScriptResult,
+    env: Record<string, Types.VMPrimative>,
+) => {
+    const properties = [];
+
+    if (env.n) {
+        properties.push(`n: exportedVars.nFunction("${env.n}")`);
+    }
+
+    if (env.sig) {
+        properties.push(`sig: exportedVars.sigFunction("${env.sig}")`);
+    }
+
+    const code = `${data.output}\nreturn { ${properties.join(", ")} }`;
+
+    return new Function(code)();
+};

src/lib/helpers/metrics.ts

@@ -0,0 +1,126 @@
+import { IRawResponse } from "youtubei.js";
+import { Counter, Registry } from "prom-client";
+
+export class Metrics {
+    private METRICS_PREFIX = "invidious_companion_";
+    public register = new Registry();
+
+    public createCounter(name: string, help?: string): Counter {
+        return new Counter({
+            name: `${this.METRICS_PREFIX}${name}`,
+            help: help || "No help has been provided for this metric",
+            registers: [this.register],
+        });
+    }
+
+    public potokenGenerationFailure = this.createCounter(
+        "potoken_generation_failure_total",
+        "Number of times that the PoToken generation job has failed for whatever reason",
+    );
+
+    private innertubeErrorStatusLoginRequired = this.createCounter(
+        "innertube_error_status_loginRequired_total",
+        'Number of times that the status "LOGIN_REQUIRED" has been returned by Innertube API',
+    );
+
+    private innertubeErrorStatusUnknown = this.createCounter(
+        "innertube_error_status_unknown_total",
+        "Number of times that an unknown status has been returned by Innertube API",
+    );
+
+    private innertubeErrorReasonSignIn = this.createCounter(
+        "innertube_error_reason_SignIn_total",
+        'Number of times that the message "Sign in to confirm you’re not a bot." has been returned by Innertube API',
+    );
+
+    private innertubeErrorSubreasonProtectCommunity = this.createCounter(
+        "innertube_error_subreason_ProtectCommunity_total",
+        'Number of times that the message "This helps protect our community." has been returned by Innertube API',
+    );
+
+    private innertubeErrorReasonUnknown = this.createCounter(
+        "innertube_error_reason_unknown_total",
+        "Number of times that an unknown reason has been returned by the Innertube API",
+    );
+
+    private innertubeErrorSubreasonUnknown = this.createCounter(
+        "innertube_error_subreason_unknown_total",
+        "Number of times that an unknown subreason has been returned by the Innertube API",
+    );
+
+    public innertubeSuccessfulRequest = this.createCounter(
+        "innertube_successful_request_total",
+        "Number successful requests made to the Innertube API",
+    );
+
+    private innertubeFailedRequest = this.createCounter(
+        "innertube_failed_request_total",
+        "Number failed requests made to the Innertube API for whatever reason",
+    );
+
+    private checkStatus(videoData: IRawResponse) {
+        const status = videoData.playabilityStatus?.status;
+
+        return {
+            unplayable: status ===
+                "UNPLAYABLE",
+            contentCheckRequired: status ===
+                "CONTENT_CHECK_REQUIRED",
+            loginRequired: status === "LOGIN_REQUIRED",
+        };
+    }
+
+    private checkReason(videoData: IRawResponse) {
+        const reason = videoData.playabilityStatus?.reason;
+
+        return {
+            signInToConfirmAge: reason?.includes(
+                "Sign in to confirm your age",
+            ),
+            SignInToConfirmBot: reason?.includes(
+                "Sign in to confirm you’re not a bot",
+            ),
+        };
+    }
+
+    private checkSubreason(videoData: IRawResponse) {
+        const subReason = videoData.playabilityStatus?.errorScreen
+            ?.playerErrorMessageRenderer
+            ?.subreason?.runs?.[0]?.text;
+
+        return {
+            thisHelpsProtectCommunity: subReason?.includes(
+                "This helps protect our community",
+            ),
+        };
+    }
+
+    public checkInnertubeResponse(videoData: IRawResponse) {
+        this.innertubeFailedRequest.inc();
+        const status = this.checkStatus(videoData);
+
+        if (status.contentCheckRequired || status.unplayable) return;
+
+        if (status.loginRequired) {
+            this.innertubeErrorStatusLoginRequired.inc();
+            const reason = this.checkReason(videoData);
+
+            if (reason.signInToConfirmAge) return;
+
+            if (reason.SignInToConfirmBot) {
+                this.innertubeErrorReasonSignIn.inc();
+                const subReason = this.checkSubreason(videoData);
+
+                if (subReason.thisHelpsProtectCommunity) {
+                    this.innertubeErrorSubreasonProtectCommunity.inc();
+                } else {
+                    this.innertubeErrorSubreasonUnknown.inc();
+                }
+            } else {
+                this.innertubeErrorReasonUnknown.inc();
+            }
+        } else {
+            this.innertubeErrorStatusUnknown.inc();
+        }
+    }
+}

src/lib/helpers/proxyManager.ts

@@ -0,0 +1,452 @@
+/**
+ * Automatic Proxy Manager
+ * Fetches free proxies from antpeak.com API and auto-rotates when they fail.
+ * Tests proxies against YouTube to ensure they work for the application's needs.
+ */
+
+import { fetchUrbanProxy } from "./urbanProxy.ts";
+
+// --- Configuration ---
+const API_BASE = "https://antpeak.com";
+const USER_AGENT =
+    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36";
+const APP_VERSION = "3.7.8";
+const YOUTUBE_TEST_URL = "https://www.youtube.com/watch?v=bzbsJGMVHxQ";
+const CUSTOM_PROXY_URL = "https://ytdlp-api-gbdn.onrender.com/proxies";
+
+// --- Types ---
+interface DeviceInfo {
+    udid: string;
+    appVersion: string;
+    platform: string;
+    platformVersion: string;
+    timeZone: string;
+    deviceName: string;
+}
+
+interface Location {
+    id: string;
+    region: string;
+    name: string;
+    countryCode: string;
+    type: number;
+    proxyType: number;
+}
+
+interface ProxyServer {
+    addresses: string[];
+    protocol: string;
+    port: number;
+    username?: string;
+    password?: string;
+}
+
+// --- Singleton State ---
+let currentProxyUrl: string | null = null;
+let accessToken: string | null = null;
+let freeLocations: Location[] = [];
+let isInitialized = false;
+let initializationPromise: Promise<void> | null = null;
+let vpnSource = 1;
+
+// --- Helpers ---
+
+async function fetchJson(
+    endpoint: string,
+    method: string,
+    body?: unknown,
+    token?: string,
+): Promise<unknown> {
+    const url = `${API_BASE}${endpoint}`;
+    const headers: Record<string, string> = {
+        "User-Agent": USER_AGENT,
+        "Content-Type": "application/json",
+        "Accept": "application/json",
+    };
+
+    if (token) {
+        headers["Authorization"] = `Bearer ${token}`;
+    }
+
+    const response = await fetch(url, {
+        method,
+        headers,
+        body: body ? JSON.stringify(body) : undefined,
+    });
+
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`API Error ${response.status}: ${text}`);
+    }
+
+    return await response.json();
+}
+
+async function testProxyAgainstYouTube(proxyUrl: string): Promise<number | boolean> {
+    try {
+        const proxyUrlObj = new URL(proxyUrl);
+        const clientOptions: Deno.CreateHttpClientOptions = {};
+
+        if (proxyUrlObj.username && proxyUrlObj.password) {
+            clientOptions.proxy = {
+                url: `${proxyUrlObj.protocol}//${proxyUrlObj.host}`,
+                basicAuth: {
+                    username: decodeURIComponent(proxyUrlObj.username),
+                    password: decodeURIComponent(proxyUrlObj.password),
+                },
+            };
+        } else {
+            clientOptions.proxy = {
+                url: proxyUrl,
+            };
+        }
+
+        const client = Deno.createHttpClient(clientOptions);
+
+        const response = await fetch(YOUTUBE_TEST_URL, {
+            client,
+            signal: AbortSignal.timeout(15000), // 15 second timeout for test
+            headers: {
+                "User-Agent": USER_AGENT,
+            },
+        });
+
+        client.close();
+
+        // YouTube should return 200 or a redirect (3xx)
+        if (response.ok || (response.status >= 300 && response.status < 400)) {
+            return true;
+        }
+        return response.status;
+    } catch (err) {
+        // console.error("[ProxyManager] Proxy test failed:", err); // Verified by user request to just move to next
+        return false;
+    }
+}
+
+async function registerDevice(): Promise<string> {
+    const deviceInfo: DeviceInfo = {
+        udid: crypto.randomUUID(),
+        appVersion: APP_VERSION,
+        platform: "chrome",
+        platformVersion: USER_AGENT,
+        timeZone: Intl.DateTimeFormat().resolvedOptions().timeZone || "UTC",
+        deviceName: "Chrome 120.0.0.0",
+    };
+
+    const launchResponse = await fetchJson(
+        "/api/launch/",
+        "POST",
+        deviceInfo,
+    ) as {
+        success: boolean;
+        data?: { accessToken: string };
+    };
+
+    if (!launchResponse.success || !launchResponse.data?.accessToken) {
+        throw new Error("Failed to register device with antpeak.com");
+    }
+
+    return launchResponse.data.accessToken;
+}
+
+async function fetchLocations(token: string): Promise<Location[]> {
+    const locationsResponse = await fetchJson(
+        "/api/location/list/",
+        "POST",
+        undefined,
+        token,
+    ) as {
+        success: boolean;
+        data?: { locations: Location[] };
+    };
+
+    if (!locationsResponse.success || !locationsResponse.data?.locations) {
+        throw new Error("Failed to fetch locations from antpeak.com");
+    }
+
+    // Filter for free locations (proxyType === 0)
+    return locationsResponse.data.locations.filter((l) => l.proxyType === 0);
+}
+
+async function fetchProxyServer(
+    token: string,
+    location: Location,
+): Promise<string | null> {
+    const serverPayload = {
+        protocol: "https",
+        region: location.region,
+        type: location.type,
+    };
+
+    const serverResponse = await fetchJson(
+        "/api/server/list/",
+        "POST",
+        serverPayload,
+        token,
+    ) as {
+        success: boolean;
+        data?: ProxyServer[];
+    };
+
+    if (
+        !serverResponse.success ||
+        !Array.isArray(serverResponse.data) ||
+        serverResponse.data.length === 0
+    ) {
+        return null;
+    }
+
+    const server = serverResponse.data[0];
+    const ip = server.addresses[0];
+    const port = server.port;
+    const username = server.username || "";
+    const password = server.password || "";
+
+    if (!username) {
+        return `https://${ip}:${port}`;
+    } else {
+        return `https://${encodeURIComponent(username)}:${encodeURIComponent(password)}@${ip}:${port}`;
+    }
+}
+
+// --- Public API ---
+
+/**
+ * Initialize the proxy manager. Fetches initial token and locations.
+ * Safe to call multiple times - will only initialize once.
+ */
+export async function initProxyManager(source: number = 1): Promise<void> {
+    vpnSource = source;
+    if (isInitialized) return;
+
+    if (initializationPromise) {
+        return initializationPromise;
+    }
+
+    initializationPromise = (async () => {
+        console.log("[ProxyManager] Initializing automatic proxy manager...");
+
+        try {
+            if (vpnSource === 1) {
+                accessToken = await registerDevice();
+                console.log("[ProxyManager] ✅ Registered with antpeak.com");
+
+                freeLocations = await fetchLocations(accessToken);
+                console.log(
+                    `[ProxyManager] ✅ Found ${freeLocations.length} free locations`,
+                );
+
+                if (freeLocations.length === 0) {
+                    throw new Error("No free proxy locations available");
+                }
+            } else if (vpnSource === 2) {
+                console.log("[ProxyManager] Using Urban VPN source");
+            } else if (vpnSource === 3) {
+                console.log("[ProxyManager] Using Custom Proxy API source");
+            }
+
+            // Fetch initial proxy
+            await rotateProxy();
+
+            isInitialized = true;
+            console.log("[ProxyManager] ✅ Initialization complete");
+        } catch (err) {
+            console.error("[ProxyManager] ❌ Initialization failed:", err);
+            throw err;
+        }
+    })();
+
+    return initializationPromise;
+}
+
+/**
+ * Get the current proxy URL. Returns null if no proxy is available.
+ */
+export function getCurrentProxy(): string | null {
+    return currentProxyUrl;
+}
+
+/**
+ * Rotate to a new proxy. Tests against YouTube before accepting.
+ * Will try multiple locations until a working proxy is found.
+ */
+export async function rotateProxy(): Promise<string | null> {
+    console.log(`[ProxyManager] Rotation requested. Source: ${vpnSource}`);
+
+    if (vpnSource === 2) {
+        // Urban VPN Logic
+        try {
+            const urbanResult = await fetchUrbanProxy();
+            if (urbanResult) {
+                console.log(`[ProxyManager] Testing Urban proxy against YouTube...`);
+                const result = await testProxyAgainstYouTube(urbanResult.url);
+                if (result === true) {
+                    currentProxyUrl = urbanResult.url;
+                    console.log(`[ProxyManager] ✅ New Urban proxy active: ${urbanResult.host}`);
+                    return currentProxyUrl;
+                } else {
+                    console.log(`[ProxyManager] ❌ Urban proxy failed YouTube test`);
+                }
+            }
+        } catch (err) {
+            console.error("[ProxyManager] Failed to fetch/test Urban proxy", err);
+        }
+        console.error("[ProxyManager] ❌ Could not find a working Urban proxy");
+        currentProxyUrl = null;
+        return null;
+    }
+
+    if (vpnSource === 3) {
+        // Custom Proxy Logic
+        console.log("[ProxyManager] Fetching proxies from custom API...");
+
+        let attempts = 0;
+        const maxAttempts = 10; // Increased retry limit as requested
+
+        while (attempts < maxAttempts) {
+            try {
+                const response = await fetch(CUSTOM_PROXY_URL);
+                if (!response.ok) {
+                    throw new Error(`Failed to fetch proxies: ${response.statusText}`);
+                }
+                const data = await response.json() as { proxies: string[] };
+
+                if (!data.proxies || !Array.isArray(data.proxies) || data.proxies.length === 0) {
+                    console.log("[ProxyManager] No proxies returned from API, retrying...");
+                    attempts++;
+                    continue;
+                }
+
+                console.log(`[ProxyManager] Got ${data.proxies.length} proxies from API. Testing...`);
+
+                for (const proxy of data.proxies) {
+                    console.log(`[ProxyManager] Testing ${proxy}...`);
+                    const result = await testProxyAgainstYouTube(proxy);
+
+                    if (result === true) {
+                        currentProxyUrl = proxy;
+                        console.log(`[ProxyManager] ✅ New custom proxy active: ${proxy}`);
+                        return currentProxyUrl;
+                    } else if (typeof result === 'number') {
+                        console.log(`[ProxyManager] ❌ Proxy returned status ${result}, trying next...`);
+                    } else {
+                        console.log(`[ProxyManager] ❌ Proxy unreachable, trying next...`);
+                    }
+                }
+
+                console.log("[ProxyManager] All proxies from this batch failed. Refetching...");
+                attempts++;
+
+            } catch (err) {
+                console.error("[ProxyManager] Error fetching custom proxies:", err);
+                attempts++;
+                // Wait a bit before retrying if it's a fetch error
+                await new Promise(resolve => setTimeout(resolve, 2000));
+            }
+        }
+
+        console.error("[ProxyManager] ❌ Failed to find a working custom proxy after multiple attempts.");
+        currentProxyUrl = null;
+        return null;
+    }
+
+    if (!accessToken || freeLocations.length === 0) {
+        console.error(
+            "[ProxyManager] Not initialized or no locations available",
+        );
+        return null;
+    }
+
+    // Default AntPeak Logic (vpnSource === 1)
+    if (!accessToken || freeLocations.length === 0) {
+        console.error(
+            "[ProxyManager] Not initialized or no locations available",
+        );
+        return null;
+    }
+
+    console.log("[ProxyManager] Rotating to new proxy (AntPeak)...");
+
+    // Shuffle locations to get variety
+    const shuffledLocations = [...freeLocations].sort(() =>
+        Math.random() - 0.5
+    );
+
+    for (const location of shuffledLocations) {
+        try {
+            console.log(
+                `[ProxyManager] Trying location: ${location.region} (${location.countryCode})`,
+            );
+
+            const proxyUrl = await fetchProxyServer(accessToken, location);
+            if (!proxyUrl) {
+                console.log(
+                    `[ProxyManager] No server available for ${location.region}`,
+                );
+                continue;
+            }
+
+            // Test proxy against YouTube
+            console.log(`[ProxyManager] Testing proxy against YouTube...`);
+            const result = await testProxyAgainstYouTube(proxyUrl);
+
+            if (result === true) {
+                currentProxyUrl = proxyUrl;
+                // Log without credentials for security
+                const sanitizedUrl = proxyUrl.replace(
+                    /:\/\/[^@]+@/,
+                    "://***:***@",
+                );
+                console.log(
+                    `[ProxyManager] ✅ New proxy active: ${sanitizedUrl}`,
+                );
+                return currentProxyUrl;
+            } else {
+                console.log(
+                    `[ProxyManager] ❌ Proxy failed YouTube test, trying next...`,
+                );
+            }
+        } catch (err) {
+            console.error(
+                `[ProxyManager] Error with location ${location.region}:`,
+                err,
+            );
+        }
+    }
+
+    console.error("[ProxyManager] ❌ Could not find a working proxy");
+    currentProxyUrl = null;
+    return null;
+}
+
+/**
+ * Mark the current proxy as failed and rotate to a new one.
+ * Call this when a request fails due to proxy issues.
+ */
+export async function markProxyFailed(): Promise<string | null> {
+    console.log("[ProxyManager] Current proxy marked as failed, rotating...");
+    return await rotateProxy();
+}
+
+/**
+ * Check if the proxy manager is initialized and has a working proxy.
+ */
+export function isProxyManagerReady(): boolean {
+    return isInitialized && currentProxyUrl !== null;
+}
+
+/**
+ * Re-register with the API (in case token expires).
+ */
+export async function refreshRegistration(): Promise<void> {
+    console.log("[ProxyManager] Refreshing registration...");
+    try {
+        accessToken = await registerDevice();
+        freeLocations = await fetchLocations(accessToken);
+        console.log("[ProxyManager] ✅ Registration refreshed");
+    } catch (err) {
+        console.error("[ProxyManager] ❌ Failed to refresh registration:", err);
+        throw err;
+    }
+}

src/lib/helpers/urbanProxy.ts

@@ -0,0 +1,233 @@
+const ACCOUNT_API = "https://api-pro.urban-vpn.com/rest/v1";
+const STATS_API = "https://stats.urban-vpn.com/api/rest/v2";
+const CLIENT_APP = "URBAN_VPN_BROWSER_EXTENSION";
+const BROWSER = "CHROME";
+
+interface UrbanProxyResult {
+    url: string;
+    protocol: string;
+    host: string;
+    port: number;
+    username?: string;
+    password?: string;
+}
+
+const PREFERRED_COUNTRIES = ["US", "GB", "CA", "DE", "FR", "NL", "ES", "IT", "JP", "KR", "SG", "AU"];
+
+export async function fetchUrbanProxy(targetCountryCode = "RANDOM"): Promise<UrbanProxyResult | null> {
+    console.log(`[UrbanVPN] Fetching Urban VPN Proxy (Target: ${targetCountryCode})...`);
+
+    // 1. Register Anonymous
+    // console.log("[UrbanVPN] 1. Registering Anonymous User...");
+    const regUrl = `${ACCOUNT_API}/registrations/clientApps/${CLIENT_APP}/users/anonymous`;
+
+    const regHeaders = {
+        "content-type": "application/json",
+        "accept": "application/json, text/plain, */*",
+        "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36"
+    };
+
+    const regPayload = {
+        clientApp: {
+            name: CLIENT_APP,
+            browser: BROWSER
+        }
+    };
+
+    let regResp;
+    try {
+        regResp = await fetch(regUrl, {
+            method: "POST",
+            headers: regHeaders,
+            body: JSON.stringify(regPayload)
+        });
+    } catch (err) {
+        console.error("[UrbanVPN] Network error during registration:", err);
+        return null;
+    }
+
+    if (!regResp.ok) {
+        const text = await regResp.text();
+        console.error(`[UrbanVPN] Registration failed: ${regResp.status} ${regResp.statusText}`);
+        console.error(text);
+        return null;
+    }
+
+    const regData = await regResp.json();
+    const idToken = regData.id_token || regData.idToken || regData.value;
+
+    if (!idToken) {
+        console.error("[UrbanVPN] No ID token found in registration response.");
+        return null;
+    }
+
+    // 2. Get Security Token
+    // console.log("[UrbanVPN] 2. Getting Security Token...");
+    const secUrl = `${ACCOUNT_API}/security/tokens/accs`;
+    const secHeaders = {
+        ...regHeaders,
+        "authorization": `Bearer ${idToken}`
+    };
+    const secPayload = {
+        type: "accs",
+        clientApp: {
+            name: CLIENT_APP
+        }
+    };
+
+    const secResp = await fetch(secUrl, {
+        method: "POST",
+        headers: secHeaders,
+        body: JSON.stringify(secPayload)
+    });
+
+    if (!secResp.ok) {
+        const text = await secResp.text();
+        console.error(`[UrbanVPN] Security Token request failed: ${secResp.status}`);
+        console.error(text);
+        return null;
+    }
+
+    const secData = await secResp.json();
+
+    let tokenString = "";
+    let credUsername = "";
+    const credPassword = "1";
+
+    if (secData.token && typeof secData.token === 'object' && secData.token.value) {
+        tokenString = secData.token.value;
+        credUsername = secData.token.value;
+    } else if (typeof secData.token === 'string') {
+        tokenString = secData.token;
+        credUsername = secData.token;
+
+    } else if (secData.value) {
+        tokenString = secData.value;
+        credUsername = secData.value;
+    }
+
+    if (!tokenString) {
+        console.error("[UrbanVPN] No security token found.");
+        return null;
+    }
+
+    // 3. Get Countries / Proxies
+    // console.log("[UrbanVPN] 3. Fetching Proxy List...");
+    const countriesUrl = `${STATS_API}/entrypoints/countries`;
+    const proxyHeaders = {
+        ...regHeaders,
+        "authorization": `Bearer ${tokenString}`,
+        "X-Client-App": CLIENT_APP
+    };
+
+    // @ts-ignore: delete operator on string index signature
+    delete proxyHeaders["content-type"];
+
+    const countriesResp = await fetch(countriesUrl, {
+        headers: proxyHeaders
+    });
+
+    if (!countriesResp.ok) {
+        const text = await countriesResp.text();
+        console.error(`[UrbanVPN] Failed to fetch countries: ${countriesResp.status}`);
+        console.error(text);
+        return null;
+    }
+
+    const countriesData = await countriesResp.json();
+
+    if (!countriesData.countries || !countriesData.countries.elements) {
+        console.error("[UrbanVPN] Invalid countries data format.");
+        return null;
+    }
+
+    const countries = countriesData.countries.elements;
+
+    // Pick a country
+    let selectedCountryCode = targetCountryCode;
+    if (selectedCountryCode === "RANDOM") {
+        selectedCountryCode = PREFERRED_COUNTRIES[Math.floor(Math.random() * PREFERRED_COUNTRIES.length)];
+    }
+
+    // Find target country proxy
+    // deno-lint-ignore no-explicit-any
+    let targetCountry = countries.find((c: any) => c.code.iso2 === selectedCountryCode);
+
+    // Fallback if random choice not found
+    if (!targetCountry) {
+        targetCountry = countries[0];
+        console.log(`[UrbanVPN] Requested country ${selectedCountryCode} not found, falling back to ${targetCountry.code.iso2}`);
+    }
+
+    if (targetCountry) {
+        console.log(`[UrbanVPN] Selected Country: ${targetCountry.title} (${targetCountry.code.iso2})`);
+
+        let proxyHost = null;
+        let proxyPort = null;
+        let signature = null;
+
+        if (targetCountry.address && targetCountry.address.primary) {
+            proxyHost = targetCountry.address.primary.host;
+            proxyPort = targetCountry.address.primary.port;
+        }
+        else if (targetCountry.servers && targetCountry.servers.elements && targetCountry.servers.elements.length > 0) {
+            // Pick a RANDOM server from the list
+            const serverIndex = Math.floor(Math.random() * targetCountry.servers.elements.length);
+            const srv = targetCountry.servers.elements[serverIndex];
+
+            if (srv.address && srv.address.primary) {
+                proxyHost = srv.address.primary.host;
+                proxyPort = srv.address.primary.port || srv.address.primary.port_min;
+                signature = srv.signature;
+            }
+        }
+
+        if (signature) {
+            // console.log("[UrbanVPN] Found proxy signature, fetching Auth Proxy Token...");
+            const proxyTokenUrl = `${ACCOUNT_API}/security/tokens/accs-proxy`;
+            const proxyTokenPayload = {
+                type: "accs-proxy",
+                clientApp: { name: CLIENT_APP },
+                signature: signature
+            };
+
+            const proxyTokenHeaders = {
+                ...regHeaders,
+                "authorization": `Bearer ${tokenString}`
+            };
+
+            const ptResp = await fetch(proxyTokenUrl, {
+                method: "POST",
+                headers: proxyTokenHeaders,
+                body: JSON.stringify(proxyTokenPayload)
+            });
+
+            if (ptResp.ok) {
+                const ptData = await ptResp.json();
+                if (ptData.value) {
+                    credUsername = ptData.value;
+                } else if (ptData.token && ptData.token.value) {
+                    credUsername = ptData.token.value;
+                }
+            } else {
+                console.error(`[UrbanVPN] Failed to get Proxy Auth Token: ${ptResp.status}`);
+            }
+        }
+
+        if (proxyHost) {
+            const proxyUrl = `http://${encodeURIComponent(credUsername)}:${encodeURIComponent(credPassword)}@${proxyHost}:${proxyPort}`;
+            console.log(`[UrbanVPN] Proxy found: ${proxyHost}:${proxyPort}`);
+            return {
+                url: proxyUrl,
+                protocol: 'http',
+                host: proxyHost,
+                port: proxyPort,
+                username: credUsername,
+                password: credPassword
+            };
+        }
+    }
+
+    console.error("[UrbanVPN] No proxy server details found.");
+    return null;
+}

src/lib/helpers/validateVideoId.ts

@@ -0,0 +1,23 @@
+/**
+ * Validates a YouTube video ID format
+ * YouTube video IDs are 11 characters long and contain alphanumeric characters, hyphens, and underscores
+ * Reference: https://webapps.stackexchange.com/questions/54443/format-for-id-of-youtube-video
+ *
+ * @param videoId - The video ID to validate
+ * @returns true if the video ID is valid, false otherwise
+ */
+export const validateVideoId = (videoId: string): boolean => {
+    // Handle null, undefined, or non-string values
+    if (!videoId || typeof videoId !== "string") {
+        return false;
+    }
+
+    // YouTube video IDs are exactly 11 characters
+    if (videoId.length !== 11) {
+        return false;
+    }
+
+    // Valid characters: A-Z, a-z, 0-9, -, _
+    const validPattern = /^[A-Za-z0-9_-]{11}$/;
+    return validPattern.test(videoId);
+};

src/lib/helpers/verifyRequest.ts

@@ -0,0 +1,39 @@
+import { decodeBase64 } from "@std/encoding/base64";
+import { Aes } from "crypto/aes.ts";
+import { Ecb, Padding } from "crypto/block-modes.ts";
+import type { Config } from "./config.ts";
+
+export const verifyRequest = (
+    stringToCheck: string,
+    videoId: string,
+    config: Config,
+): boolean => {
+    try {
+        const decipher = new Ecb(
+            Aes,
+            new TextEncoder().encode(config.server.secret_key),
+            Padding.PKCS7,
+        );
+
+        const encryptedData = new TextDecoder().decode(
+            decipher.decrypt(
+                decodeBase64(
+                    stringToCheck.replace(/-/g, "+").replace(/_/g, "/"),
+                ),
+            ),
+        );
+        const [parsedTimestamp, parsedVideoId] = encryptedData.split("|");
+        const parsedTimestampInt = parseInt(parsedTimestamp);
+        const timestampNow = Math.round(+new Date() / 1000);
+        if (parsedVideoId !== videoId) {
+            return false;
+        }
+        // only allow ID to live for 6 hours
+        if ((timestampNow + 6 * 60 * 60) - parsedTimestampInt < 0) {
+            return false;
+        }
+    } catch (_) {
+        return false;
+    }
+    return true;
+};

src/lib/helpers/youtubePlayerHandling.ts

@@ -0,0 +1,195 @@
+import { ApiResponse, Innertube, YT } from "youtubei.js";
+import { generateRandomString } from "youtubei.js/Utils";
+import { compress, decompress } from "brotli";
+import type { TokenMinter } from "../jobs/potoken.ts";
+import { Metrics } from "../helpers/metrics.ts";
+let youtubePlayerReqLocation = "youtubePlayerReq";
+if (Deno.env.get("YT_PLAYER_REQ_LOCATION")) {
+    if (Deno.env.has("DENO_COMPILED")) {
+        youtubePlayerReqLocation = Deno.mainModule.replace("src/main.ts", "") +
+            Deno.env.get("YT_PLAYER_REQ_LOCATION");
+    } else {
+        youtubePlayerReqLocation = Deno.env.get(
+            "YT_PLAYER_REQ_LOCATION",
+        ) as string;
+    }
+}
+const { youtubePlayerReq } = await import(youtubePlayerReqLocation);
+
+import type { Config } from "./config.ts";
+
+const kv = await Deno.openKv();
+
+export const youtubePlayerParsing = async ({
+    innertubeClient,
+    videoId,
+    config,
+    tokenMinter,
+    metrics,
+    overrideCache = false,
+}: {
+    innertubeClient: Innertube;
+    videoId: string;
+    config: Config;
+    tokenMinter: TokenMinter;
+    metrics: Metrics | undefined;
+    overrideCache?: boolean;
+}): Promise<object> => {
+    const cacheEnabled = overrideCache ? false : config.cache.enabled;
+
+    const videoCached = (await kv.get(["video_cache", videoId]))
+        .value as Uint8Array;
+
+    if (videoCached != null && cacheEnabled) {
+        return JSON.parse(new TextDecoder().decode(decompress(videoCached)));
+    } else {
+        const youtubePlayerResponse = await youtubePlayerReq(
+            innertubeClient,
+            videoId,
+            config,
+            tokenMinter,
+        );
+        const videoData = youtubePlayerResponse.data;
+
+        if (videoData.playabilityStatus.status === "ERROR") {
+            return videoData;
+        }
+
+        const video = new YT.VideoInfo(
+            [youtubePlayerResponse],
+            innertubeClient.actions,
+            generateRandomString(16),
+        );
+
+        const streamingData = video.streaming_data;
+
+        // Modify the original YouTube response to include deciphered URLs
+        if (streamingData && videoData && videoData.streamingData) {
+            const ecatcherServiceTracking = videoData.responseContext
+                ?.serviceTrackingParams.find((o: { service: string }) =>
+                    o.service === "ECATCHER"
+                );
+            const clientNameUsed = ecatcherServiceTracking?.params?.find((
+                o: { key: string },
+            ) => o.key === "client.name");
+            // no need to decipher on IOS nor ANDROID
+            if (
+                !clientNameUsed?.value.includes("IOS") &&
+                !clientNameUsed?.value.includes("ANDROID")
+            ) {
+                for (const [index, format] of streamingData.formats.entries()) {
+                    videoData.streamingData.formats[index].url = await format
+                        .decipher(
+                            innertubeClient.session.player,
+                        );
+                    if (
+                        videoData.streamingData.formats[index]
+                            .signatureCipher !==
+                            undefined
+                    ) {
+                        delete videoData.streamingData.formats[index]
+                            .signatureCipher;
+                    }
+                    if (
+                        videoData.streamingData.formats[index].url.includes(
+                            "alr=yes",
+                        )
+                    ) {
+                        videoData.streamingData.formats[index].url.replace(
+                            "alr=yes",
+                            "alr=no",
+                        );
+                    } else {
+                        videoData.streamingData.formats[index].url += "&alr=no";
+                    }
+                }
+                for (
+                    const [index, adaptive_format] of streamingData
+                        .adaptive_formats
+                        .entries()
+                ) {
+                    videoData.streamingData.adaptiveFormats[index].url =
+                        await adaptive_format
+                            .decipher(
+                                innertubeClient.session.player,
+                            );
+                    if (
+                        videoData.streamingData.adaptiveFormats[index]
+                            .signatureCipher !==
+                            undefined
+                    ) {
+                        delete videoData.streamingData.adaptiveFormats[index]
+                            .signatureCipher;
+                    }
+                    if (
+                        videoData.streamingData.adaptiveFormats[index].url
+                            .includes("alr=yes")
+                    ) {
+                        videoData.streamingData.adaptiveFormats[index].url
+                            .replace("alr=yes", "alr=no");
+                    } else {
+                        videoData.streamingData.adaptiveFormats[index].url +=
+                            "&alr=no";
+                    }
+                }
+            }
+        }
+
+        const videoOnlyNecessaryInfo = ((
+            {
+                captions,
+                playabilityStatus,
+                storyboards,
+                streamingData,
+                videoDetails,
+                microformat,
+            },
+        ) => ({
+            captions,
+            playabilityStatus,
+            storyboards,
+            streamingData,
+            videoDetails,
+            microformat,
+        }))(videoData);
+
+        if (videoData.playabilityStatus?.status == "OK") {
+            metrics?.innertubeSuccessfulRequest.inc();
+            if (cacheEnabled) {
+                (async () => {
+                    await kv.set(
+                        ["video_cache", videoId],
+                        compress(
+                            new TextEncoder().encode(
+                                JSON.stringify(videoOnlyNecessaryInfo),
+                            ),
+                        ),
+                        {
+                            expireIn: 1000 * 60 * 60,
+                        },
+                    );
+                })();
+            }
+        } else {
+            metrics?.checkInnertubeResponse(videoData);
+        }
+
+        return videoOnlyNecessaryInfo;
+    }
+};
+
+export const youtubeVideoInfo = (
+    innertubeClient: Innertube,
+    youtubePlayerResponseJson: object,
+): YT.VideoInfo => {
+    const playerResponse = {
+        success: true,
+        status_code: 200,
+        data: youtubePlayerResponseJson,
+    } as ApiResponse;
+    return new YT.VideoInfo(
+        [playerResponse],
+        innertubeClient.actions,
+        "",
+    );
+};

src/lib/helpers/youtubePlayerReq.ts

@@ -0,0 +1,105 @@
+import { ApiResponse, Innertube } from "youtubei.js";
+import NavigationEndpoint from "youtubei.js/NavigationEndpoint";
+import type { TokenMinter } from "../jobs/potoken.ts";
+
+import type { Config } from "./config.ts";
+
+function callWatchEndpoint(
+    videoId: string,
+    innertubeClient: Innertube,
+    innertubeClientType: string,
+    contentPoToken: string,
+) {
+    const watch_endpoint = new NavigationEndpoint({
+        watchEndpoint: {
+            videoId: videoId,
+            // Allow companion to gather sensitive content videos like
+            // `VuSU7PcEKpU`
+            racyCheckOk: true,
+            contentCheckOk: true,
+        },
+    });
+
+    return watch_endpoint.call(
+        innertubeClient.actions,
+        {
+            playbackContext: {
+                contentPlaybackContext: {
+                    vis: 0,
+                    splay: false,
+                    lactMilliseconds: "-1",
+                    signatureTimestamp: innertubeClient.session.player
+                        ?.signature_timestamp,
+                },
+            },
+            serviceIntegrityDimensions: {
+                poToken: contentPoToken,
+            },
+            client: innertubeClientType,
+        },
+    );
+}
+
+export const youtubePlayerReq = async (
+    innertubeClient: Innertube,
+    videoId: string,
+    config: Config,
+    tokenMinter: TokenMinter,
+): Promise<ApiResponse> => {
+    const innertubeClientOauthEnabled = config.youtube_session.oauth_enabled;
+
+    let innertubeClientUsed = "WEB";
+    if (innertubeClientOauthEnabled) {
+        innertubeClientUsed = "TV";
+    }
+
+    const contentPoToken = await tokenMinter(videoId);
+
+    const youtubePlayerResponse = await callWatchEndpoint(
+        videoId,
+        innertubeClient,
+        innertubeClientUsed,
+        contentPoToken,
+    );
+
+    // Check if the first adaptive format URL is undefined, if it is then fallback to multiple YT clients
+
+    if (
+        !innertubeClientOauthEnabled &&
+        youtubePlayerResponse.data.streamingData &&
+        youtubePlayerResponse.data.streamingData.adaptiveFormats[0].url ===
+            undefined
+    ) {
+        console.log(
+            "[WARNING] No URLs found for adaptive formats. Falling back to other YT clients.",
+        );
+        const innertubeClientsTypeFallback = ["TV_SIMPLY", "MWEB"];
+
+        for await (const innertubeClientType of innertubeClientsTypeFallback) {
+            console.log(
+                `[WARNING] Trying fallback YT client ${innertubeClientType}`,
+            );
+            const youtubePlayerResponseFallback = await callWatchEndpoint(
+                videoId,
+                innertubeClient,
+                innertubeClientType,
+                contentPoToken,
+            );
+            if (
+                youtubePlayerResponseFallback.data.streamingData && (
+                    youtubePlayerResponseFallback.data.streamingData
+                        .adaptiveFormats[0].url ||
+                    youtubePlayerResponseFallback.data.streamingData
+                        .adaptiveFormats[0].signatureCipher
+                )
+            ) {
+                youtubePlayerResponse.data.streamingData.adaptiveFormats =
+                    youtubePlayerResponseFallback.data.streamingData
+                        .adaptiveFormats;
+                break;
+            }
+        }
+    }
+
+    return youtubePlayerResponse;
+};

src/lib/helpers/youtubeTranscriptsHandling.ts

@@ -0,0 +1,90 @@
+import { Innertube } from "youtubei.js";
+import type { CaptionTrackData } from "youtubei.js/PlayerCaptionsTracklist";
+import { HTTPException } from "hono/http-exception";
+
+function createTemporalDuration(milliseconds: number) {
+    return new Temporal.Duration(
+        undefined,
+        undefined,
+        undefined,
+        undefined,
+        undefined,
+        undefined,
+        undefined,
+        milliseconds,
+    );
+}
+
+const ESCAPE_SUBSTITUTIONS = {
+    "&": "&",
+    "<": "&lt;",
+    ">": "&gt;",
+    "\u200E": "&lrm;",
+    "\u200F": "&rlm;",
+    "\u00A0": "&nbsp;",
+};
+
+export async function handleTranscripts(
+    innertubeClient: Innertube,
+    videoId: string,
+    selectedCaption: CaptionTrackData,
+) {
+    const lines: string[] = ["WEBVTT"];
+
+    const info = await innertubeClient.getInfo(videoId);
+    const transcriptInfo = await (await info.getTranscript()).selectLanguage(
+        selectedCaption.name.text || "",
+    );
+    const rawTranscriptLines = transcriptInfo.transcript.content?.body
+        ?.initial_segments;
+
+    if (rawTranscriptLines == undefined) throw new HTTPException(404);
+
+    rawTranscriptLines.forEach((line) => {
+        const timestampFormatOptions = {
+            style: "digital",
+            minutesDisplay: "always",
+            fractionalDigits: 3,
+        };
+
+        // Temporal.Duration.prototype.toLocaleString() is supposed to delegate to Intl.DurationFormat
+        // which Deno does not support. However, instead of following specs and having toLocaleString return
+        // the same toString() it seems to have its own implementation of Intl.DurationFormat,
+        // with its options parameter type incorrectly restricted to the same as the one for Intl.DateTimeFormatOptions
+        // even though they do not share the same arguments.
+        //
+        // The above matches the options parameter of Intl.DurationFormat, and the resulting output is as expected.
+        // Until this is fixed typechecking must be disabled for the two use cases below
+        //
+        // See
+        // https://docs.deno.com/api/web/~/Intl.DateTimeFormatOptions
+        // https://docs.deno.com/api/web/~/Temporal.Duration.prototype.toLocaleString
+        // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Temporal/Duration/toLocaleString
+        // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Intl/DurationFormat/DurationFormat
+
+        const start_ms = createTemporalDuration(Number(line.start_ms)).round({
+            largestUnit: "year",
+            relativeTo: Temporal.PlainDateTime.from("2022-01-01"),
+            //@ts-ignore see above
+        }).toLocaleString("en-US", timestampFormatOptions);
+
+        const end_ms = createTemporalDuration(Number(line.end_ms)).round({
+            largestUnit: "year",
+            relativeTo: Temporal.PlainDateTime.from("2022-01-01"),
+            //@ts-ignore see above
+        }).toLocaleString("en-US", timestampFormatOptions);
+        const timestamp = `${start_ms} --> ${end_ms}`;
+
+        const text = (line.snippet?.text || "").replace(
+            /[&<>‍‍\u200E\u200F\u00A0]/g,
+            (match: string) =>
+                ESCAPE_SUBSTITUTIONS[
+                    match as keyof typeof ESCAPE_SUBSTITUTIONS
+                ],
+        );
+
+        lines.push(`${timestamp}\n${text}`);
+    });
+
+    return lines.join("\n\n");
+}

src/lib/jobs/potoken.ts

@@ -0,0 +1,252 @@
+import { Innertube } from "youtubei.js";
+import {
+    youtubePlayerParsing,
+    youtubeVideoInfo,
+} from "../helpers/youtubePlayerHandling.ts";
+import type { Config } from "../helpers/config.ts";
+import { Metrics } from "../helpers/metrics.ts";
+let getFetchClientLocation = "getFetchClient";
+if (Deno.env.get("GET_FETCH_CLIENT_LOCATION")) {
+    if (Deno.env.has("DENO_COMPILED")) {
+        getFetchClientLocation = Deno.mainModule.replace("src/main.ts", "") +
+            Deno.env.get("GET_FETCH_CLIENT_LOCATION");
+    } else {
+        getFetchClientLocation = Deno.env.get(
+            "GET_FETCH_CLIENT_LOCATION",
+        ) as string;
+    }
+}
+const { getFetchClient } = await import(getFetchClientLocation);
+
+import { InputMessage, OutputMessageSchema } from "./worker.ts";
+import { PLAYER_ID } from "../../constants.ts";
+
+interface TokenGeneratorWorker extends Omit<Worker, "postMessage"> {
+    postMessage(message: InputMessage): void;
+}
+
+const workers: TokenGeneratorWorker[] = [];
+
+function createMinter(worker: TokenGeneratorWorker) {
+    return (videoId: string): Promise<string> => {
+        const { promise, resolve } = Promise.withResolvers<string>();
+        // generate a UUID to identify the request as many minter calls
+        // may be made within a timespan, and this function will be
+        // informed about all of them until it's got its own
+        const requestId = crypto.randomUUID();
+        const listener = (message: MessageEvent) => {
+            const parsedMessage = OutputMessageSchema.parse(message.data);
+            if (
+                parsedMessage.type === "content-token" &&
+                parsedMessage.requestId === requestId
+            ) {
+                worker.removeEventListener("message", listener);
+                resolve(parsedMessage.contentToken);
+            }
+        };
+        worker.addEventListener("message", listener);
+        worker.postMessage({
+            type: "content-token-request",
+            videoId,
+            requestId,
+        });
+
+        return promise;
+    };
+}
+
+export type TokenMinter = ReturnType<typeof createMinter>;
+
+// Adapted from https://github.com/LuanRT/BgUtils/blob/main/examples/node/index.ts
+export const poTokenGenerate = (
+    config: Config,
+    metrics: Metrics | undefined,
+): Promise<{ innertubeClient: Innertube; tokenMinter: TokenMinter }> => {
+    const { promise, resolve, reject } = Promise.withResolvers<
+        Awaited<ReturnType<typeof poTokenGenerate>>
+    >();
+
+    const worker: TokenGeneratorWorker = new Worker(
+        new URL("./worker.ts", import.meta.url).href,
+        {
+            type: "module",
+            name: "PO Token Generator",
+        },
+    );
+    // take note of the worker so we can kill it once a new one takes its place
+    workers.push(worker);
+    worker.addEventListener("message", async (event) => {
+        const parsedMessage = OutputMessageSchema.parse(event.data);
+
+        // worker is listening for messages
+        if (parsedMessage.type === "ready") {
+            const untypedPostMessage = worker.postMessage.bind(worker);
+            worker.postMessage = (message: InputMessage) =>
+                untypedPostMessage(message);
+            worker.postMessage({ type: "initialise", config });
+        }
+
+        if (parsedMessage.type === "error") {
+            console.log({ errorFromWorker: parsedMessage.error });
+            worker.terminate();
+            reject(parsedMessage.error);
+        }
+
+        // worker is initialised and has passed back a session token and visitor data
+        if (parsedMessage.type === "initialised") {
+            try {
+                const instantiatedInnertubeClient = await Innertube.create({
+                    enable_session_cache: false,
+                    po_token: parsedMessage.sessionPoToken,
+                    visitor_data: parsedMessage.visitorData,
+                    fetch: getFetchClient(config),
+                    generate_session_locally: true,
+                    cookie: config.youtube_session.cookies || undefined,
+                    player_id: PLAYER_ID,
+                });
+                const minter = createMinter(worker);
+                // check token from minter
+                await checkToken({
+                    instantiatedInnertubeClient,
+                    config,
+                    integrityTokenBasedMinter: minter,
+                    metrics,
+                });
+                console.log("[INFO] Successfully generated PO token");
+                const numberToKill = workers.length - 1;
+                for (let i = 0; i < numberToKill; i++) {
+                    const workerToKill = workers.shift();
+                    workerToKill?.terminate();
+                }
+                return resolve({
+                    innertubeClient: instantiatedInnertubeClient,
+                    tokenMinter: minter,
+                });
+            } catch (err) {
+                console.log("[WARN] Failed to get valid PO token, will retry", {
+                    err,
+                });
+                worker.terminate();
+                reject(err);
+            }
+        }
+    });
+
+    return promise;
+};
+
+async function checkToken({
+    instantiatedInnertubeClient,
+    config,
+    integrityTokenBasedMinter,
+    metrics,
+}: {
+    instantiatedInnertubeClient: Innertube;
+    config: Config;
+    integrityTokenBasedMinter: TokenMinter;
+    metrics: Metrics | undefined;
+}) {
+    const fetchImpl = getFetchClient(config);
+
+    try {
+        console.log("[INFO] Searching for videos to validate PO token");
+        const searchResults = await instantiatedInnertubeClient.search("news", {
+            type: "video",
+            upload_date: "week",
+            duration: "medium",
+        });
+
+        // Get all videos that have an id property and shuffle them randomly
+        const videos = searchResults.videos
+            .filter((video) =>
+                video.type === "Video" && "id" in video && video.id
+            )
+            .map((value) => ({ value, sort: Math.random() }))
+            .sort((a, b) => a.sort - b.sort)
+            .map(({ value }) => value);
+
+        if (videos.length === 0) {
+            throw new Error("No videos with valid IDs found in search results");
+        }
+
+        // Try up to 3 random videos to validate the token
+        const maxAttempts = Math.min(3, videos.length);
+        for (let attempt = 0; attempt < maxAttempts; attempt++) {
+            const video = videos[attempt];
+
+            try {
+                // Type guard to ensure video has an id property
+                if (!("id" in video) || !video.id) {
+                    console.log(
+                        `[WARN] Video at index ${attempt} has no valid ID, trying next video`,
+                    );
+                    continue;
+                }
+
+                console.log(
+                    `[INFO] Validating PO token with video: ${video.id}`,
+                );
+
+                const youtubePlayerResponseJson = await youtubePlayerParsing({
+                    innertubeClient: instantiatedInnertubeClient,
+                    videoId: video.id,
+                    config,
+                    tokenMinter: integrityTokenBasedMinter,
+                    metrics,
+                    overrideCache: true,
+                });
+
+                const videoInfo = youtubeVideoInfo(
+                    instantiatedInnertubeClient,
+                    youtubePlayerResponseJson,
+                );
+
+                const validFormat = videoInfo.streaming_data
+                    ?.adaptive_formats[0];
+                if (!validFormat) {
+                    console.log(
+                        `[WARN] No valid format found for video ${video.id}, trying next video`,
+                    );
+                    continue;
+                }
+
+                const result = await fetchImpl(validFormat?.url, {
+                    method: "HEAD",
+                });
+
+                if (result.status !== 200) {
+                    console.log(
+                        `[WARN] Got status ${result.status} for video ${video.id}, trying next video`,
+                    );
+                    continue;
+                } else {
+                    console.log(
+                        `[INFO] Successfully validated PO token with video: ${video.id}`,
+                    );
+                    return; // Success
+                }
+            } catch (err) {
+                const videoId = ("id" in video && video.id)
+                    ? video.id
+                    : "unknown";
+                console.log(
+                    `[WARN] Failed to validate with video ${videoId}:`,
+                    { err },
+                );
+                if (attempt === maxAttempts - 1) {
+                    throw new Error(
+                        "Failed to validate PO token with any available videos",
+                    );
+                }
+                continue;
+            }
+        }
+        // If we reach here, all attempts failed without throwing an exception
+        throw new Error(
+            "Failed to validate PO token: all validation attempts returned non-200 status codes",
+        );
+    } catch (err) {
+        console.log("Failed to validate PO token using search method", { err });
+        throw err;
+    }
+}

src/lib/jobs/worker.ts

@@ -0,0 +1,251 @@
+/// <reference lib="webworker" />
+
+import { z } from "zod";
+import { Config, ConfigSchema } from "../helpers/config.ts";
+import { BG, buildURL, GOOG_API_KEY, USER_AGENT } from "bgutils";
+import type { WebPoSignalOutput } from "bgutils";
+import { JSDOM } from "jsdom";
+import { Innertube } from "youtubei.js";
+import { PLAYER_ID } from "../../constants.ts";
+let getFetchClientLocation = "getFetchClient";
+if (Deno.env.get("GET_FETCH_CLIENT_LOCATION")) {
+    if (Deno.env.has("DENO_COMPILED")) {
+        getFetchClientLocation = Deno.mainModule.replace("src/main.ts", "") +
+            Deno.env.get("GET_FETCH_CLIENT_LOCATION");
+    } else {
+        getFetchClientLocation = Deno.env.get(
+            "GET_FETCH_CLIENT_LOCATION",
+        ) as string;
+    }
+}
+
+type FetchFunction = typeof fetch;
+const { getFetchClient }: {
+    getFetchClient: (config: Config) => Promise<FetchFunction>;
+} = await import(getFetchClientLocation);
+
+// ---- Messages to send to the webworker ----
+const InputInitialiseSchema = z.object({
+    type: z.literal("initialise"),
+    config: ConfigSchema,
+}).strict();
+
+const InputContentTokenSchema = z.object({
+    type: z.literal("content-token-request"),
+    videoId: z.string(),
+    requestId: z.string().uuid(),
+}).strict();
+export type InputInitialise = z.infer<typeof InputInitialiseSchema>;
+export type InputContentToken = z.infer<typeof InputContentTokenSchema>;
+const InputMessageSchema = z.union([
+    InputInitialiseSchema,
+    InputContentTokenSchema,
+]);
+export type InputMessage = z.infer<typeof InputMessageSchema>;
+
+// ---- Messages that the webworker sends to the parent ----
+const OutputReadySchema = z.object({
+    type: z.literal("ready"),
+}).strict();
+
+const OutputInitialiseSchema = z.object({
+    type: z.literal("initialised"),
+    sessionPoToken: z.string(),
+    visitorData: z.string(),
+}).strict();
+
+const OutputContentTokenSchema = z.object({
+    type: z.literal("content-token"),
+    contentToken: z.string(),
+    requestId: InputContentTokenSchema.shape.requestId,
+}).strict();
+
+const OutputErrorSchema = z.object({
+    type: z.literal("error"),
+    error: z.any(),
+}).strict();
+export const OutputMessageSchema = z.union([
+    OutputReadySchema,
+    OutputInitialiseSchema,
+    OutputContentTokenSchema,
+    OutputErrorSchema,
+]);
+type OutputMessage = z.infer<typeof OutputMessageSchema>;
+
+const IntegrityTokenResponse = z.tuple([z.string()]).rest(z.any());
+
+const isWorker = typeof WorkerGlobalScope !== "undefined" &&
+    self instanceof WorkerGlobalScope;
+if (isWorker) {
+    // helper function to force type-checking
+    const untypedPostmessage = self.postMessage.bind(self);
+    const postMessage = (message: OutputMessage) => {
+        untypedPostmessage(message);
+    };
+
+    let minter: BG.WebPoMinter;
+
+    onmessage = async (event) => {
+        const message = InputMessageSchema.parse(event.data);
+        if (message.type === "initialise") {
+            const fetchImpl: typeof fetch = await getFetchClient(
+                message.config,
+            );
+            try {
+                const {
+                    sessionPoToken,
+                    visitorData,
+                    generatedMinter,
+                } = await setup({
+                    fetchImpl,
+                    innertubeClientCookies:
+                        message.config.youtube_session.cookies,
+                });
+                minter = generatedMinter;
+                postMessage({
+                    type: "initialised",
+                    sessionPoToken,
+                    visitorData,
+                });
+            } catch (err) {
+                postMessage({ type: "error", error: err });
+            }
+        }
+        // this is called every time a video needs a content token
+        if (message.type === "content-token-request") {
+            if (!minter) {
+                throw new Error(
+                    "Minter not yet ready, must initialise first",
+                );
+            }
+            const contentToken = await minter.mintAsWebsafeString(
+                message.videoId,
+            );
+            postMessage({
+                type: "content-token",
+                contentToken,
+                requestId: message.requestId,
+            });
+        }
+    };
+
+    postMessage({ type: "ready" });
+}
+
+async function setup(
+    { fetchImpl, innertubeClientCookies }: {
+        fetchImpl: FetchFunction;
+        innertubeClientCookies: string;
+    },
+) {
+    const innertubeClient = await Innertube.create({
+        enable_session_cache: false,
+        fetch: fetchImpl,
+        user_agent: USER_AGENT,
+        retrieve_player: false,
+        cookie: innertubeClientCookies || undefined,
+        player_id: PLAYER_ID,
+    });
+
+    const visitorData = innertubeClient.session.context.client.visitorData;
+
+    if (!visitorData) {
+        throw new Error("Could not get visitor data");
+    }
+
+    const dom = new JSDOM(
+        '<!DOCTYPE html><html lang="en"><head><title></title></head><body></body></html>',
+        {
+            url: "https://www.youtube.com/",
+            referrer: "https://www.youtube.com/",
+            userAgent: USER_AGENT,
+        },
+    );
+
+    Object.assign(globalThis, {
+        window: dom.window,
+        document: dom.window.document,
+        // location: dom.window.location, // --- doesn't seem to be necessary and the Web Worker doesn't like it
+        origin: dom.window.origin,
+    });
+
+    if (!Reflect.has(globalThis, "navigator")) {
+        Object.defineProperty(globalThis, "navigator", {
+            value: dom.window.navigator,
+        });
+    }
+
+    const challengeResponse = await innertubeClient.getAttestationChallenge(
+        "ENGAGEMENT_TYPE_UNBOUND",
+    );
+    if (!challengeResponse.bg_challenge) {
+        throw new Error("Could not get challenge");
+    }
+
+    // Mock HTMLCanvasElement.prototype.getContext to silence "Not implemented" error
+    // and prevent unnecessary noise in logs.
+    if (dom.window.HTMLCanvasElement) {
+        dom.window.HTMLCanvasElement.prototype.getContext = ((
+            _contextId: string,
+            _options?: any,
+        ) => {
+            return new Proxy({}, {
+                get: (_target, _prop) => {
+                    return () => { };
+                },
+            });
+        }) as any;
+        dom.window.HTMLCanvasElement.prototype.toDataURL = () => "";
+    }
+
+    const interpreterUrl = challengeResponse.bg_challenge.interpreter_url
+        .private_do_not_access_or_else_trusted_resource_url_wrapped_value;
+    const bgScriptResponse = await fetchImpl(
+        `https:${interpreterUrl}`,
+    );
+    const interpreterJavascript = await bgScriptResponse.text();
+
+    if (interpreterJavascript) {
+        new Function(interpreterJavascript)();
+    } else throw new Error("Could not load VM");
+    const botguard = await BG.BotGuardClient.create({
+        program: challengeResponse.bg_challenge.program,
+        globalName: challengeResponse.bg_challenge.global_name,
+        globalObj: globalThis,
+    });
+
+    const webPoSignalOutput: WebPoSignalOutput = [];
+    const botguardResponse = await botguard.snapshot({ webPoSignalOutput });
+    const requestKey = "O43z0dpjhgX20SCx4KAo";
+
+    const integrityTokenResponse = await fetchImpl(
+        buildURL("GenerateIT", true),
+        {
+            method: "POST",
+            headers: {
+                "content-type": "application/json+protobuf",
+                "x-goog-api-key": GOOG_API_KEY,
+                "x-user-agent": "grpc-web-javascript/0.1",
+                "user-agent": USER_AGENT,
+            },
+            body: JSON.stringify([requestKey, botguardResponse]),
+        },
+    );
+    const integrityTokenBody = IntegrityTokenResponse.parse(
+        await integrityTokenResponse.json(),
+    );
+
+    const integrityTokenBasedMinter = await BG.WebPoMinter.create({
+        integrityToken: integrityTokenBody[0],
+    }, webPoSignalOutput);
+
+    const sessionPoToken = await integrityTokenBasedMinter.mintAsWebsafeString(
+        visitorData,
+    );
+
+    return {
+        sessionPoToken,
+        visitorData,
+        generatedMinter: integrityTokenBasedMinter,
+    };
+}

src/lib/types/HonoVariables.ts

@@ -0,0 +1,11 @@
+import { Innertube } from "youtubei.js";
+import type { TokenMinter } from "../jobs/potoken.ts";
+import type { Config } from "../helpers/config.ts";
+import { Metrics } from "../helpers/metrics.ts";
+
+export type HonoVariables = {
+    innertubeClient: Innertube;
+    config: Config;
+    tokenMinter: TokenMinter | undefined;
+    metrics: Metrics | undefined;
+};

src/main.ts

@@ -0,0 +1,264 @@
+import { Hono } from "hono";
+import { companionRoutes, miscRoutes } from "./routes/index.ts";
+import { Innertube, Platform } from "youtubei.js";
+import { poTokenGenerate, type TokenMinter } from "./lib/jobs/potoken.ts";
+import { USER_AGENT } from "bgutils";
+import { retry } from "@std/async";
+import type { HonoVariables } from "./lib/types/HonoVariables.ts";
+import { parseArgs } from "@std/cli/parse-args";
+import { existsSync } from "@std/fs/exists";
+
+import { parseConfig } from "./lib/helpers/config.ts";
+const config = await parseConfig();
+import { Metrics } from "./lib/helpers/metrics.ts";
+import { PLAYER_ID } from "./constants.ts";
+import { jsInterpreter } from "./lib/helpers/jsInterpreter.ts";
+import {
+    initProxyManager,
+    markProxyFailed,
+    isProxyManagerReady,
+} from "./lib/helpers/proxyManager.ts";
+
+// Initialize auto proxy manager if enabled
+if (config.networking.auto_proxy) {
+    console.log("[INFO] Auto proxy is enabled, initializing proxy manager...");
+    try {
+        await initProxyManager(config.networking.vpn_source);
+    } catch (err) {
+        console.error("[ERROR] Failed to initialize proxy manager:", err);
+        console.log("[WARN] Continuing without auto proxy...");
+    }
+}
+
+const args = parseArgs(Deno.args);
+
+if (args._version_date && args._version_commit) {
+    console.log(
+        `[INFO] Using Invidious companion version ${args._version_date}-${args._version_commit}`,
+    );
+}
+
+let getFetchClientLocation = "getFetchClient";
+if (Deno.env.get("GET_FETCH_CLIENT_LOCATION")) {
+    if (Deno.env.has("DENO_COMPILED")) {
+        getFetchClientLocation = Deno.mainModule.replace("src/main.ts", "") +
+            Deno.env.get("GET_FETCH_CLIENT_LOCATION");
+    } else {
+        getFetchClientLocation = Deno.env.get(
+            "GET_FETCH_CLIENT_LOCATION",
+        ) as string;
+    }
+}
+const { getFetchClient } = await import(getFetchClientLocation);
+
+declare module "hono" {
+    interface ContextVariableMap extends HonoVariables { }
+}
+
+const app = new Hono({
+    getPath: (req) => new URL(req.url).pathname,
+});
+const companionApp = new Hono({
+    getPath: (req) => new URL(req.url).pathname,
+}).basePath(config.server.base_path);
+const metrics = config.server.enable_metrics ? new Metrics() : undefined;
+
+let tokenMinter: TokenMinter | undefined;
+let innertubeClient: Innertube;
+let innertubeClientFetchPlayer = true;
+const innertubeClientOauthEnabled = config.youtube_session.oauth_enabled;
+const innertubeClientJobPoTokenEnabled =
+    config.jobs.youtube_session.po_token_enabled;
+const innertubeClientCookies = config.youtube_session.cookies;
+
+// Promise that resolves when tokenMinter initialization is complete (for tests)
+let tokenMinterReadyResolve: (() => void) | undefined;
+export const tokenMinterReady = new Promise<void>((resolve) => {
+    tokenMinterReadyResolve = resolve;
+});
+
+if (!innertubeClientOauthEnabled) {
+    if (innertubeClientJobPoTokenEnabled) {
+        console.log("[INFO] job po_token is active.");
+        // Don't fetch fetch player yet for po_token
+        innertubeClientFetchPlayer = false;
+    } else if (!innertubeClientJobPoTokenEnabled) {
+        console.log("[INFO] job po_token is NOT active.");
+    }
+}
+
+Platform.shim.eval = jsInterpreter;
+
+innertubeClient = await Innertube.create({
+    enable_session_cache: false,
+    retrieve_player: innertubeClientFetchPlayer,
+    fetch: getFetchClient(config),
+    cookie: innertubeClientCookies || undefined,
+    user_agent: USER_AGENT,
+    player_id: PLAYER_ID,
+});
+
+if (!innertubeClientOauthEnabled) {
+    if (innertubeClientJobPoTokenEnabled) {
+        // Initialize tokenMinter in background to not block server startup
+        console.log("[INFO] Starting PO token generation in background...");
+
+        // Wrapper function that rotates proxy on failure when auto_proxy is enabled
+        const poTokenGenerateWithProxyRotation = async () => {
+            try {
+                return await poTokenGenerate(config, metrics);
+            } catch (err) {
+                // If auto_proxy is enabled and PO token generation failed, rotate to a new proxy
+                if (config.networking.auto_proxy) {
+                    console.log(
+                        "[INFO] PO token generation failed, rotating to new proxy...",
+                    );
+                    await markProxyFailed();
+                }
+                throw err; // Re-throw to trigger retry
+            }
+        };
+
+        retry(
+            poTokenGenerateWithProxyRotation,
+            { minTimeout: 1_000, maxTimeout: 60_000, multiplier: 5, jitter: 0 },
+        ).then((result) => {
+            innertubeClient = result.innertubeClient;
+            tokenMinter = result.tokenMinter;
+            tokenMinterReadyResolve?.();
+        }).catch((err) => {
+            console.error("[ERROR] Failed to initialize PO token:", err);
+            metrics?.potokenGenerationFailure.inc();
+            tokenMinterReadyResolve?.();
+        });
+    } else {
+        // If PO token is not enabled, resolve immediately
+        tokenMinterReadyResolve?.();
+    }
+    // Resolve promise for tests
+    tokenMinterReadyResolve?.();
+}
+
+const regenerateSession = async () => {
+    if (innertubeClientJobPoTokenEnabled) {
+        try {
+            ({ innertubeClient, tokenMinter } = await poTokenGenerate(
+                config,
+                metrics,
+            ));
+        } catch (err) {
+            metrics?.potokenGenerationFailure.inc();
+            // If auto_proxy is enabled and PO token generation failed, rotate to a new proxy
+            if (config.networking.auto_proxy) {
+                console.log(
+                    "[INFO] Session regeneration failed, rotating to new proxy...",
+                );
+                await markProxyFailed();
+            }
+            // Don't rethrow for cron/manual trigger to avoid crashing the server loop
+            console.error("[ERROR] Failed to regenerate session:", err);
+        }
+    } else {
+        innertubeClient = await Innertube.create({
+            enable_session_cache: false,
+            fetch: getFetchClient(config),
+            retrieve_player: innertubeClientFetchPlayer,
+            user_agent: USER_AGENT,
+            cookie: innertubeClientCookies || undefined,
+            player_id: PLAYER_ID,
+        });
+    }
+};
+
+if (!innertubeClientOauthEnabled) {
+    Deno.cron(
+        "regenerate youtube session",
+        config.jobs.youtube_session.frequency,
+        { backoffSchedule: [5_000, 15_000, 60_000, 180_000] },
+        regenerateSession,
+    );
+}
+
+companionApp.use("*", async (c, next) => {
+    c.set("innertubeClient", innertubeClient);
+    c.set("tokenMinter", tokenMinter);
+    c.set("config", config);
+    c.set("metrics", metrics);
+    await next();
+});
+companionRoutes(companionApp, config);
+
+app.use("*", async (c, next) => {
+    c.set("metrics", metrics);
+    await next();
+});
+miscRoutes(app, config, regenerateSession);
+
+app.route("/", companionApp);
+
+// This cannot be changed since companion restricts the
+// files it can access using deno `--allow-write` argument
+const udsPath = config.server.unix_socket_path;
+
+export function run(signal: AbortSignal, port: number, hostname: string) {
+    if (config.server.use_unix_socket) {
+        try {
+            if (existsSync(udsPath)) {
+                // Delete the unix domain socket manually before starting the server
+                Deno.removeSync(udsPath);
+            }
+        } catch (err) {
+            console.log(
+                `[ERROR] Failed to delete unix domain socket '${udsPath}' before starting the server:`,
+                err,
+            );
+        }
+
+        const srv = Deno.serve(
+            {
+                onListen() {
+                    Deno.chmodSync(udsPath, 0o777);
+                    console.log(
+                        `[INFO] Server successfully started at ${udsPath} with permissions set to 777.`,
+                    );
+                },
+                signal: signal,
+                path: udsPath,
+            },
+            app.fetch,
+        );
+
+        return srv;
+    } else {
+        return Deno.serve(
+            {
+                onListen() {
+                    console.log(
+                        `[INFO] Server successfully started at http://${config.server.host}:${config.server.port}${config.server.base_path}`,
+                    );
+                },
+                signal: signal,
+                port: port,
+                hostname: hostname,
+            },
+            app.fetch,
+        );
+    }
+}
+if (import.meta.main) {
+    const controller = new AbortController();
+    const { signal } = controller;
+    run(signal, config.server.port, config.server.host);
+
+    Deno.addSignalListener("SIGTERM", () => {
+        console.log("Caught SIGINT, shutting down...");
+        controller.abort();
+        Deno.exit(0);
+    });
+
+    Deno.addSignalListener("SIGINT", () => {
+        console.log("Caught SIGINT, shutting down...");
+        controller.abort();
+        Deno.exit(0);
+    });
+}

src/routes/health.ts

@@ -0,0 +1,12 @@
+import { Hono } from "hono";
+
+const health = new Hono();
+
+health.get("/", () => {
+    return new Response("OK", {
+        status: 200,
+        headers: { "Content-Type": "text/plain" },
+    });
+});
+
+export default health;

src/routes/index.ts

@@ -0,0 +1,89 @@
+import { Hono } from "hono";
+import { logger } from "hono/logger";
+import { bearerAuth } from "hono/bearer-auth";
+
+import youtubeApiPlayer from "./youtube_api_routes/player.ts";
+import invidiousRouteLatestVersion from "./invidious_routes/latestVersion.ts";
+import invidiousRouteDashManifest from "./invidious_routes/dashManifest.ts";
+import invidiousCaptionsApi from "./invidious_routes/captions.ts";
+import invidiousVideosApi from "./invidious_routes/videos.ts";
+import invidiousSearchApi from "./invidious_routes/search.ts";
+import invidiousChannelsApi from "./invidious_routes/channels.ts";
+import invidiousPlaylistsApi from "./invidious_routes/playlists.ts";
+import invidiousMixesApi from "./invidious_routes/mixes.ts";
+
+import getDownloadHandler from "./invidious_routes/download.ts";
+import videoPlaybackProxy from "./videoPlaybackProxy.ts";
+import type { Config } from "../lib/helpers/config.ts";
+import metrics from "./metrics.ts";
+import health from "./health.ts";
+
+export const companionRoutes = (
+    app: Hono,
+    config: Config,
+) => {
+    const loggerUnixSocket = (message: string, ...rest: string[]) => {
+        message = message.replace("//localhost/", "/");
+        console.log(message, ...rest);
+    };
+
+    if (config.server.use_unix_socket) {
+        app.use("*", logger(loggerUnixSocket));
+    } else {
+        app.use("*", logger());
+    }
+
+    app.use(
+        "/youtubei/v1/*",
+        bearerAuth({
+            token: config.server.secret_key,
+        }),
+    );
+
+    app.route("/youtubei/v1", youtubeApiPlayer);
+
+    app.get("/", (c) => {
+        return c.text("(this is not actual invidious its just designed to be used in place of it a custom invidious based on invidious-companion)");
+    });
+
+    app.route("/latest_version", invidiousRouteLatestVersion);
+    // Needs app for app.request in order to call /latest_version endpoint
+    app.post("/download", getDownloadHandler(app));
+    app.route("/api/manifest/dash/id", invidiousRouteDashManifest);
+    app.route("/api/v1/captions", invidiousCaptionsApi);
+    app.route("/api/v1/videos", invidiousVideosApi);
+    app.route("/api/v1/search", invidiousSearchApi);
+    app.route("/api/v1/channels", invidiousChannelsApi);
+    app.route("/api/v1/playlists", invidiousPlaylistsApi);
+    app.route("/api/v1/mixes", invidiousMixesApi);
+
+    app.route("/videoplayback", videoPlaybackProxy);
+};
+
+export const miscRoutes = (
+    app: Hono,
+    config: Config,
+    regenerateSession?: () => Promise<void>,
+) => {
+    app.route("/healthz", health);
+    if (config.server.enable_metrics) {
+        app.route("/metrics", metrics);
+    }
+
+    app.get("/api/set/proxy/:proxy", async (c) => {
+        let proxy = c.req.param("proxy");
+        if (proxy) {
+            proxy = decodeURIComponent(proxy);
+            config.networking.proxy = proxy;
+            console.log(`[INFO] Proxy updated to: ${proxy}`);
+
+            if (regenerateSession) {
+                console.log("[INFO] Triggering session regeneration...");
+                await regenerateSession();
+            }
+
+            return c.text(`Proxy updated to: ${proxy}`);
+        }
+        return c.text("Invalid proxy", 400);
+    });
+};

src/routes/invidious_routes/captions.ts

@@ -0,0 +1,114 @@
+import { Hono } from "hono";
+import type { HonoVariables } from "../../lib/types/HonoVariables.ts";
+import { verifyRequest } from "../../lib/helpers/verifyRequest.ts";
+import {
+    youtubePlayerParsing,
+    youtubeVideoInfo,
+} from "../../lib/helpers/youtubePlayerHandling.ts";
+import type { CaptionTrackData } from "youtubei.js/PlayerCaptionsTracklist";
+import { handleTranscripts } from "../../lib/helpers/youtubeTranscriptsHandling.ts";
+import { HTTPException } from "hono/http-exception";
+import { validateVideoId } from "../../lib/helpers/validateVideoId.ts";
+import { TOKEN_MINTER_NOT_READY_MESSAGE } from "../../constants.ts";
+
+interface AvailableCaption {
+    label: string;
+    languageCode: string;
+    url: string;
+}
+
+const captionsHandler = new Hono<{ Variables: HonoVariables }>();
+captionsHandler.get("/:videoId", async (c) => {
+    const { videoId } = c.req.param();
+    const config = c.get("config");
+    const metrics = c.get("metrics");
+    const tokenMinter = c.get("tokenMinter");
+
+    const check = c.req.query("check");
+
+    if (!validateVideoId(videoId)) {
+        throw new HTTPException(400, {
+            res: new Response("Invalid video ID format."),
+        });
+    }
+
+    // Check if tokenMinter is ready (only needed when PO token is enabled)
+    if (config.jobs.youtube_session.po_token_enabled && !tokenMinter) {
+        throw new HTTPException(503, {
+            res: new Response(TOKEN_MINTER_NOT_READY_MESSAGE),
+        });
+    }
+
+    if (config.server.verify_requests && check == undefined) {
+        throw new HTTPException(400, {
+            res: new Response("No check ID."),
+        });
+    } else if (config.server.verify_requests && check) {
+        if (verifyRequest(check, videoId, config) === false) {
+            throw new HTTPException(400, {
+                res: new Response("ID incorrect."),
+            });
+        }
+    }
+
+    const innertubeClient = c.get("innertubeClient");
+
+    const youtubePlayerResponseJson = await youtubePlayerParsing({
+        innertubeClient,
+        videoId,
+        config,
+        metrics,
+        tokenMinter: tokenMinter!,
+    });
+
+    const videoInfo = youtubeVideoInfo(
+        innertubeClient,
+        youtubePlayerResponseJson,
+    );
+
+    const captionsTrackArray = videoInfo.captions?.caption_tracks;
+    if (captionsTrackArray == undefined) throw new HTTPException(404);
+
+    const label = c.req.query("label");
+    const lang = c.req.query("lang");
+
+    // Show all available captions when a specific one is not selected
+    if (label == undefined && lang == undefined) {
+        const invidiousAvailableCaptionsArr: AvailableCaption[] = [];
+
+        for (const caption_track of captionsTrackArray) {
+            invidiousAvailableCaptionsArr.push({
+                label: caption_track.name.text || "",
+                languageCode: caption_track.language_code,
+                url: `${config.server.base_path}/api/v1/captions/${videoId}?label=${
+                    encodeURIComponent(caption_track.name.text || "")
+                }`,
+            });
+        }
+
+        return c.json({ captions: invidiousAvailableCaptionsArr });
+    }
+
+    // Extract selected caption
+    let filterSelected: CaptionTrackData[];
+
+    if (lang) {
+        filterSelected = captionsTrackArray.filter((c: CaptionTrackData) =>
+            c.language_code === lang
+        );
+    } else {
+        filterSelected = captionsTrackArray.filter((c: CaptionTrackData) =>
+            c.name.text === label
+        );
+    }
+
+    if (filterSelected.length == 0) throw new HTTPException(404);
+
+    c.header("Content-Type", "text/vtt; charset=UTF-8");
+    c.header("Access-Control-Allow-Origin", "*");
+    return c.body(
+        await handleTranscripts(innertubeClient, videoId, filterSelected[0]),
+    );
+});
+
+export default captionsHandler;

src/routes/invidious_routes/channels.ts

@@ -0,0 +1,255 @@
+import { Hono } from "hono";
+import { HTTPException } from "hono/http-exception";
+import type { Innertube } from "youtubei.js";
+
+const channels = new Hono();
+
+interface Thumbnail {
+    url: string;
+    width: number;
+    height: number;
+}
+
+interface VideoThumbnail {
+    quality: string;
+    url: string;
+    width: number;
+    height: number;
+}
+
+interface LatestVideo {
+    type: string;
+    title: string;
+    videoId: string;
+    author: string;
+    authorId: string;
+    authorUrl: string;
+    authorVerified: boolean;
+    videoThumbnails: VideoThumbnail[];
+    description: string;
+    descriptionHtml: string;
+    viewCount: number;
+    viewCountText: string;
+    published: number;
+    publishedText: string;
+    lengthSeconds: number;
+    liveNow: boolean;
+    premium: boolean;
+    isUpcoming: boolean;
+    isNew: boolean;
+    is4k: boolean;
+    is8k: boolean;
+    isVr180: boolean;
+    isVr360: boolean;
+    is3d: boolean;
+    hasCaptions: boolean;
+}
+
+interface ChannelResponse {
+    author: string;
+    authorId: string;
+    authorUrl: string;
+    authorBanners: Thumbnail[];
+    authorThumbnails: Thumbnail[];
+    subCount: number;
+    totalViews: number;
+    joined: number;
+    autoGenerated: boolean;
+    ageGated: boolean;
+    isFamilyFriendly: boolean;
+    description: string;
+    descriptionHtml: string;
+    allowedRegions: string[];
+    tabs: string[];
+    tags: string[];
+    authorVerified: boolean;
+    latestVideos: LatestVideo[];
+    relatedChannels: any[];
+}
+
+// Helper to parse subscriber count text to number
+function parseSubCount(text: string | undefined): number {
+    if (!text) return 0;
+    const cleanText = text.replace(/subscribers?/i, "").trim();
+    const multipliers: { [key: string]: number } = {
+        'K': 1000,
+        'M': 1000000,
+        'B': 1000000000
+    };
+    const match = cleanText.match(/([\d.]+)\s*([KMB])?/i);
+    if (match) {
+        const num = parseFloat(match[1]);
+        const suffix = match[2]?.toUpperCase();
+        return suffix ? Math.round(num * multipliers[suffix]) : Math.round(num);
+    }
+    return parseInt(cleanText.replace(/[,\s]/g, "")) || 0;
+}
+
+// Helper to parse view count text
+function parseViewCount(text: string | undefined): number {
+    if (!text) return 0;
+    const match = text.match(/([\d,]+)/);
+    if (match) {
+        return parseInt(match[1].replace(/,/g, "")) || 0;
+    }
+    return 0;
+}
+
+// Helper to generate video thumbnails
+function generateVideoThumbnails(videoId: string): VideoThumbnail[] {
+    const baseUrl = "https://i.ytimg.com";
+    return [
+        { quality: "maxres", url: `${baseUrl}/vi/${videoId}/maxresdefault.jpg`, width: 1280, height: 720 },
+        { quality: "sddefault", url: `${baseUrl}/vi/${videoId}/sddefault.jpg`, width: 640, height: 480 },
+        { quality: "high", url: `${baseUrl}/vi/${videoId}/hqdefault.jpg`, width: 480, height: 360 },
+        { quality: "medium", url: `${baseUrl}/vi/${videoId}/mqdefault.jpg`, width: 320, height: 180 },
+        { quality: "default", url: `${baseUrl}/vi/${videoId}/default.jpg`, width: 120, height: 90 },
+    ];
+}
+
+// GET /:channelId - Get channel information
+channels.get("/:channelId", async (c) => {
+    const channelId = c.req.param("channelId");
+    const innertubeClient = c.get("innertubeClient") as Innertube;
+
+    if (!channelId) {
+        throw new HTTPException(400, { message: "Channel ID is required" });
+    }
+
+    console.log(`[INFO] Fetching channel: ${channelId}`);
+
+    try {
+        const channel = await innertubeClient.getChannel(channelId);
+
+        // Extract channel metadata
+        const metadata = channel.metadata as any;
+        const header = channel.header as any;
+        const headerContent = header?.content;
+
+        // Parse banners from header.content.banner.image
+        const authorBanners: Thumbnail[] = [];
+        if (headerContent?.banner?.image && Array.isArray(headerContent.banner.image)) {
+            for (const img of headerContent.banner.image) {
+                authorBanners.push({
+                    url: img.url,
+                    width: img.width || 0,
+                    height: img.height || 0
+                });
+            }
+        }
+
+        // Parse thumbnails from header.content.image.avatar.image
+        const authorThumbnails: Thumbnail[] = [];
+        if (headerContent?.image?.avatar?.image && Array.isArray(headerContent.image.avatar.image)) {
+            for (const img of headerContent.image.avatar.image) {
+                authorThumbnails.push({
+                    url: img.url,
+                    width: img.width || 0,
+                    height: img.height || 0
+                });
+            }
+        }
+        // Fallback: try metadata.thumbnail
+        if (authorThumbnails.length === 0 && metadata?.thumbnail && Array.isArray(metadata.thumbnail)) {
+            for (const img of metadata.thumbnail) {
+                authorThumbnails.push({
+                    url: img.url,
+                    width: img.width || 0,
+                    height: img.height || 0
+                });
+            }
+        }
+
+        // Parse subscriber count from header.content.metadata.metadata_rows
+        let subscriberText = "";
+        if (headerContent?.metadata?.metadata_rows) {
+            for (const row of headerContent.metadata.metadata_rows) {
+                if (row.metadata_parts) {
+                    for (const part of row.metadata_parts) {
+                        const text = part.text?.text || "";
+                        if (text.includes("subscriber")) {
+                            subscriberText = text;
+                            break;
+                        }
+                    }
+                }
+                if (subscriberText) break;
+            }
+        }
+
+        // Get latest videos
+        const latestVideos: LatestVideo[] = [];
+        const videosTab = channel.has_videos ? await channel.getVideos() : null;
+        if (videosTab?.videos) {
+            for (const video of videosTab.videos.slice(0, 20)) { // Limit to 20 videos
+                const v = video as any;
+                latestVideos.push({
+                    type: "video",
+                    title: v.title?.text || "",
+                    videoId: v.id || "",
+                    author: metadata?.title || "",
+                    authorId: channelId,
+                    authorUrl: `/channel/${channelId}`,
+                    authorVerified: metadata?.is_verified || false,
+                    videoThumbnails: generateVideoThumbnails(v.id || ""),
+                    description: v.description_snippet?.text || "",
+                    descriptionHtml: v.description_snippet?.text || "",
+                    viewCount: parseViewCount(v.view_count?.text),
+                    viewCountText: v.view_count?.text || "",
+                    published: 0, // Timestamp not easily available
+                    publishedText: v.published?.text || "",
+                    lengthSeconds: v.duration?.seconds || 0,
+                    liveNow: v.is_live || false,
+                    premium: false,
+                    isUpcoming: v.is_upcoming || false,
+                    isNew: false,
+                    is4k: false,
+                    is8k: false,
+                    isVr180: false,
+                    isVr360: false,
+                    is3d: false,
+                    hasCaptions: false
+                });
+            }
+        }
+
+        // Get tabs
+        const tabs: string[] = [];
+        const channelAny = channel as any;
+        if (channelAny.has_home) tabs.push("home");
+        if (channelAny.has_videos) tabs.push("videos");
+        if (channelAny.has_shorts) tabs.push("shorts");
+        if (channelAny.has_live) tabs.push("live");
+        if (channelAny.has_playlists) tabs.push("playlists");
+        if (channelAny.has_community) tabs.push("community");
+
+        const response: ChannelResponse = {
+            author: metadata?.title || "",
+            authorId: channelId,
+            authorUrl: `/channel/${channelId}`,
+            authorBanners: authorBanners,
+            authorThumbnails: authorThumbnails,
+            subCount: parseSubCount(subscriberText),
+            totalViews: 0, // Not easily available
+            joined: 0, // Not easily available
+            autoGenerated: false,
+            ageGated: false,
+            isFamilyFriendly: true,
+            description: metadata?.description || "",
+            descriptionHtml: metadata?.description || "",
+            allowedRegions: [],
+            tabs: tabs,
+            tags: metadata?.keywords || [],
+            authorVerified: metadata?.is_verified || false,
+            latestVideos: latestVideos,
+            relatedChannels: []
+        };
+
+        return c.json(response);
+    } catch (error) {
+        console.error(`[ERROR] Failed to fetch channel ${channelId}:`, error);
+        throw new HTTPException(500, { message: `Failed to fetch channel: ${error}` });
+    }
+});
+
+export default channels;

src/routes/invidious_routes/dashManifest.ts

@@ -0,0 +1,132 @@
+import { Hono } from "hono";
+import { FormatUtils } from "youtubei.js";
+import {
+    youtubePlayerParsing,
+    youtubeVideoInfo,
+} from "../../lib/helpers/youtubePlayerHandling.ts";
+import { verifyRequest } from "../../lib/helpers/verifyRequest.ts";
+import { HTTPException } from "hono/http-exception";
+import { encryptQuery } from "../../lib/helpers/encryptQuery.ts";
+import { validateVideoId } from "../../lib/helpers/validateVideoId.ts";
+import { TOKEN_MINTER_NOT_READY_MESSAGE } from "../../constants.ts";
+
+const dashManifest = new Hono();
+
+dashManifest.get("/:videoId", async (c) => {
+    const { videoId } = c.req.param();
+    const { check, local } = c.req.query();
+    c.header("access-control-allow-origin", "*");
+
+    const innertubeClient = c.get("innertubeClient");
+    const config = c.get("config");
+    const metrics = c.get("metrics");
+    const tokenMinter = c.get("tokenMinter");
+
+    // Check if tokenMinter is ready (only needed when PO token is enabled)
+    if (config.jobs.youtube_session.po_token_enabled && !tokenMinter) {
+        throw new HTTPException(503, {
+            res: new Response(TOKEN_MINTER_NOT_READY_MESSAGE),
+        });
+    }
+
+    if (!validateVideoId(videoId)) {
+        throw new HTTPException(400, {
+            res: new Response("Invalid video ID format."),
+        });
+    }
+
+    if (config.server.verify_requests && check == undefined) {
+        throw new HTTPException(400, {
+            res: new Response("No check ID."),
+        });
+    } else if (config.server.verify_requests && check) {
+        if (verifyRequest(check, videoId, config) === false) {
+            throw new HTTPException(400, {
+                res: new Response("ID incorrect."),
+            });
+        }
+    }
+
+    const youtubePlayerResponseJson = await youtubePlayerParsing({
+        innertubeClient,
+        videoId,
+        config,
+        tokenMinter: tokenMinter!,
+        metrics,
+    });
+    const videoInfo = youtubeVideoInfo(
+        innertubeClient,
+        youtubePlayerResponseJson,
+    );
+
+    if (videoInfo.playability_status?.status !== "OK") {
+        throw ("The video can't be played: " + videoId + " due to reason: " +
+            videoInfo.playability_status?.reason);
+    }
+
+    c.header("content-type", "application/dash+xml");
+
+    if (videoInfo.streaming_data) {
+        // video.js only support MP4 not WEBM
+        videoInfo.streaming_data.adaptive_formats = videoInfo
+            .streaming_data.adaptive_formats
+            .filter((i) =>
+                i.mime_type.includes("mp4")
+            );
+
+        const player_response = videoInfo.page[0];
+        // TODO: fix include storyboards in DASH manifest file
+        //const storyboards = player_response.storyboards;
+        const captions = player_response.captions?.caption_tracks;
+
+        const dashFile = await FormatUtils.toDash(
+            videoInfo.streaming_data,
+            videoInfo.page[0].video_details?.is_post_live_dvr,
+            (url: URL) => {
+                let dashUrl = url;
+                let queryParams = new URLSearchParams(dashUrl.search);
+                // Can't create URL type without host part
+                queryParams.set("host", dashUrl.host);
+
+                if (local) {
+                    if (config.networking.videoplayback.ump) {
+                        queryParams.set("ump", "yes");
+                    }
+                    if (
+                        config.server.encrypt_query_params
+                    ) {
+                        const publicParams = [...queryParams].filter(([key]) =>
+                            ["pot", "ip"].includes(key) === false
+                        );
+                        const privateParams = [...queryParams].filter(([key]) =>
+                            ["pot", "ip"].includes(key) === true
+                        );
+                        const encryptedParams = encryptQuery(
+                            JSON.stringify(privateParams),
+                            config,
+                        );
+                        queryParams = new URLSearchParams(publicParams);
+                        queryParams.set("enc", "true");
+                        queryParams.set("data", encryptedParams);
+                    }
+                    dashUrl =
+                        (config.server.base_path + dashUrl.pathname + "?" +
+                            queryParams.toString()) as unknown as URL;
+                    return dashUrl;
+                } else {
+                    return dashUrl;
+                }
+            },
+            undefined,
+            videoInfo.cpn,
+            undefined,
+            innertubeClient.actions,
+            undefined,
+            captions,
+            undefined,
+        );
+        return c.body(dashFile);
+    }
+});
+
+export default dashManifest;

src/routes/invidious_routes/download.ts

@@ -0,0 +1,100 @@
+import type { Context, Hono } from "hono";
+import { z } from "zod";
+import { HTTPException } from "hono/http-exception";
+import { verifyRequest } from "../../lib/helpers/verifyRequest.ts";
+import { validateVideoId } from "../../lib/helpers/validateVideoId.ts";
+
+const DownloadWidgetSchema = z.union([
+    z.object({ label: z.string(), ext: z.string() }).strict(),
+    z.object({ itag: z.number(), ext: z.string() }).strict(),
+]);
+
+type DownloadWidget = z.infer<typeof DownloadWidgetSchema>;
+
+export default function getDownloadHandler(app: Hono) {
+    async function handler(c: Context) {
+        const body = await c.req.formData();
+
+        const videoId = body.get("id")?.toString();
+        if (videoId == undefined) {
+            throw new HTTPException(400, {
+                res: new Response("Please specify the video ID"),
+            });
+        }
+
+        if (!validateVideoId(videoId)) {
+            throw new HTTPException(400, {
+                res: new Response("Invalid video ID format."),
+            });
+        }
+
+        const config = c.get("config");
+
+        const check = c.req.query("check");
+
+        if (config.server.verify_requests && check == undefined) {
+            throw new HTTPException(400, {
+                res: new Response("No check ID."),
+            });
+        } else if (config.server.verify_requests && check) {
+            if (verifyRequest(check, videoId, config) === false) {
+                throw new HTTPException(400, {
+                    res: new Response("ID incorrect."),
+                });
+            }
+        }
+
+        const title = body.get("title");
+
+        let downloadWidgetData: DownloadWidget;
+
+        try {
+            downloadWidgetData = JSON.parse(
+                body.get("download_widget")?.toString() || "",
+            );
+        } catch {
+            throw new HTTPException(400, {
+                res: new Response("Invalid download_widget json"),
+            });
+        }
+
+        if (
+            !(title && videoId &&
+                DownloadWidgetSchema.safeParse(downloadWidgetData).success)
+        ) {
+            throw new HTTPException(400, {
+                res: new Response("Invalid form data required for download"),
+            });
+        }
+
+        if ("label" in downloadWidgetData) {
+            return await app.request(
+                `${config.server.base_path}/api/v1/captions/${videoId}?label=${
+                    encodeURIComponent(downloadWidgetData.label)
+                }`,
+            );
+        } else {
+            const itag = downloadWidgetData.itag;
+            const ext = downloadWidgetData.ext;
+            const filename = `${title}-${videoId}.${ext}`;
+
+            const urlQueriesForLatestVersion = new URLSearchParams();
+            urlQueriesForLatestVersion.set("id", videoId);
+            urlQueriesForLatestVersion.set("check", check || "");
+            urlQueriesForLatestVersion.set("itag", itag.toString());
+            // "title" for compatibility with how Invidious sets the content disposition header
+            // in /videoplayback and /latest_version
+            urlQueriesForLatestVersion.set(
+                "title",
+                filename,
+            );
+            urlQueriesForLatestVersion.set("local", "true");
+
+            return await app.request(
+                `${config.server.base_path}/latest_version?${urlQueriesForLatestVersion.toString()}`,
+            );
+        }
+    }
+
+    return handler;
+}

src/routes/invidious_routes/latestVersion.ts

@@ -0,0 +1,119 @@
+import { Hono } from "hono";
+import { HTTPException } from "hono/http-exception";
+import {
+    youtubePlayerParsing,
+    youtubeVideoInfo,
+} from "../../lib/helpers/youtubePlayerHandling.ts";
+import { verifyRequest } from "../../lib/helpers/verifyRequest.ts";
+import { encryptQuery } from "../../lib/helpers/encryptQuery.ts";
+import { validateVideoId } from "../../lib/helpers/validateVideoId.ts";
+import { TOKEN_MINTER_NOT_READY_MESSAGE } from "../../constants.ts";
+
+const latestVersion = new Hono();
+
+latestVersion.get("/", async (c) => {
+    const { check, itag, id, local, title } = c.req.query();
+    c.header("access-control-allow-origin", "*");
+
+    if (!id || !itag) {
+        throw new HTTPException(400, {
+            res: new Response("Please specify the itag and video ID."),
+        });
+    }
+
+    if (!validateVideoId(id)) {
+        throw new HTTPException(400, {
+            res: new Response("Invalid video ID format."),
+        });
+    }
+
+    const innertubeClient = c.get("innertubeClient");
+    const config = c.get("config");
+    const metrics = c.get("metrics");
+    const tokenMinter = c.get("tokenMinter");
+
+    // Check if tokenMinter is ready (only needed when PO token is enabled)
+    if (config.jobs.youtube_session.po_token_enabled && !tokenMinter) {
+        throw new HTTPException(503, {
+            res: new Response(TOKEN_MINTER_NOT_READY_MESSAGE),
+        });
+    }
+
+    if (config.server.verify_requests && check == undefined) {
+        throw new HTTPException(400, {
+            res: new Response("No check ID."),
+        });
+    } else if (config.server.verify_requests && check) {
+        if (verifyRequest(check, id, config) === false) {
+            throw new HTTPException(400, {
+                res: new Response("ID incorrect."),
+            });
+        }
+    }
+
+    const youtubePlayerResponseJson = await youtubePlayerParsing({
+        innertubeClient,
+        videoId: id,
+        config,
+        tokenMinter: tokenMinter!,
+        metrics,
+    });
+    const videoInfo = youtubeVideoInfo(
+        innertubeClient,
+        youtubePlayerResponseJson,
+    );
+
+    if (videoInfo.playability_status?.status !== "OK") {
+        throw ("The video can't be played: " + id + " due to reason: " +
+            videoInfo.playability_status?.reason);
+    }
+    const streamingData = videoInfo.streaming_data;
+    const availableFormats = streamingData?.formats.concat(
+        streamingData.adaptive_formats,
+    );
+    const selectedItagFormat = availableFormats?.filter((i) =>
+        i.itag == Number(itag)
+    );
+    if (selectedItagFormat?.length === 0) {
+        throw new HTTPException(400, {
+            res: new Response("No itag found."),
+        });
+    } else if (selectedItagFormat) {
+        // Always offer original audio if possible
+        // This may be changed due to https://github.com/iv-org/invidious/issues/5501
+        const itagUrl = selectedItagFormat.find((itag) =>
+            itag.is_original
+        )?.url as string || selectedItagFormat[0].url as string;
+        const itagUrlParsed = new URL(itagUrl);
+        let queryParams = new URLSearchParams(itagUrlParsed.search);
+        let urlToRedirect = itagUrlParsed.toString();
+
+        if (local) {
+            queryParams.set("host", itagUrlParsed.host);
+            if (config.server.encrypt_query_params) {
+                const publicParams = [...queryParams].filter(([key]) =>
+                    ["pot", "ip"].includes(key) === false
+                );
+                const privateParams = [...queryParams].filter(([key]) =>
+                    ["pot", "ip"].includes(key) === true
+                );
+                const encryptedParams = encryptQuery(
+                    JSON.stringify(privateParams),
+                    config,
+                );
+                queryParams = new URLSearchParams(publicParams);
+                queryParams.set("enc", "true");
+                queryParams.set("data", encryptedParams);
+            }
+            urlToRedirect = config.server.base_path + itagUrlParsed.pathname +
+                "?" +
+                queryParams.toString();
+        }
+
+        if (title) urlToRedirect += `&title=${encodeURIComponent(title)}`;
+
+        return c.redirect(urlToRedirect);
+    }
+});
+
+export default latestVersion;

src/routes/invidious_routes/mixes.ts

@@ -0,0 +1,91 @@
+import { Hono } from "hono";
+import { HTTPException } from "hono/http-exception";
+import type { Innertube } from "youtubei.js";
+
+const mixes = new Hono();
+
+interface VideoThumbnail {
+    quality: string;
+    url: string;
+    width: number;
+    height: number;
+}
+
+interface MixVideo {
+    title: string;
+    videoId: string;
+    author: string;
+    authorId: string;
+    authorUrl: string;
+    videoThumbnails: VideoThumbnail[];
+    index: number;
+    lengthSeconds: number;
+}
+
+interface MixResponse {
+    title: string;
+    mixId: string;
+    videos: MixVideo[];
+}
+
+// Helper to generate video thumbnails
+function generateVideoThumbnails(videoId: string): VideoThumbnail[] {
+    const baseUrl = "https://i.ytimg.com";
+    return [
+        { quality: "maxres", url: `${baseUrl}/vi/${videoId}/maxresdefault.jpg`, width: 1280, height: 720 },
+        { quality: "sddefault", url: `${baseUrl}/vi/${videoId}/sddefault.jpg`, width: 640, height: 480 },
+        { quality: "high", url: `${baseUrl}/vi/${videoId}/hqdefault.jpg`, width: 480, height: 360 },
+        { quality: "medium", url: `${baseUrl}/vi/${videoId}/mqdefault.jpg`, width: 320, height: 180 },
+        { quality: "default", url: `${baseUrl}/vi/${videoId}/default.jpg`, width: 120, height: 90 },
+    ];
+}
+
+// GET /:mixId - Get mix information
+mixes.get("/:mixId", async (c) => {
+    const mixId = c.req.param("mixId");
+    const innertubeClient = c.get("innertubeClient") as Innertube;
+
+    if (!mixId) {
+        throw new HTTPException(400, { message: "Mix ID is required" });
+    }
+
+    console.log(`[INFO] Fetching mix: ${mixId}`);
+
+    try {
+        // Mixes are fetched like playlists
+        const playlist = await innertubeClient.getPlaylist(mixId);
+        const info = playlist.info as any;
+
+        // Get videos
+        const videos: MixVideo[] = [];
+        let index = 0;
+        for (const item of playlist.items) {
+            const v = item as any;
+            if (v.type === "PlaylistVideo" || v.id) {
+                videos.push({
+                    title: v.title?.text || "",
+                    videoId: v.id || "",
+                    author: v.author?.name || "",
+                    authorId: v.author?.id || "",
+                    authorUrl: v.author?.id ? `/channel/${v.author.id}` : "",
+                    videoThumbnails: generateVideoThumbnails(v.id || ""),
+                    index: index++,
+                    lengthSeconds: v.duration?.seconds || 0
+                });
+            }
+        }
+
+        const response: MixResponse = {
+            title: info?.title || "",
+            mixId: mixId,
+            videos: videos
+        };
+
+        return c.json(response);
+    } catch (error) {
+        console.error(`[ERROR] Failed to fetch mix ${mixId}:`, error);
+        throw new HTTPException(500, { message: `Failed to fetch mix: ${error}` });
+    }
+});
+
+export default mixes;

src/routes/invidious_routes/playlists.ts

@@ -0,0 +1,165 @@
+import { Hono } from "hono";
+import { HTTPException } from "hono/http-exception";
+import type { Innertube } from "youtubei.js";
+
+const playlists = new Hono();
+
+interface Thumbnail {
+    url: string;
+    width: number;
+    height: number;
+}
+
+interface VideoThumbnail {
+    quality: string;
+    url: string;
+    width: number;
+    height: number;
+}
+
+interface PlaylistVideo {
+    type: string;
+    title: string;
+    videoId: string;
+    author: string;
+    authorId: string;
+    authorUrl: string;
+    videoThumbnails: VideoThumbnail[];
+    index: number;
+    lengthSeconds: number;
+    liveNow: boolean;
+}
+
+interface PlaylistResponse {
+    type: string;
+    title: string;
+    playlistId: string;
+    playlistThumbnail: string;
+    author: string;
+    authorId: string;
+    authorUrl: string;
+    subtitle: object | null;
+    authorThumbnails: Thumbnail[];
+    description: string;
+    descriptionHtml: string;
+    videoCount: number;
+    viewCount: number;
+    updated: number;
+    isListed: boolean;
+    videos: PlaylistVideo[];
+}
+
+// Helper to generate video thumbnails
+function generateVideoThumbnails(videoId: string): VideoThumbnail[] {
+    const baseUrl = "https://i.ytimg.com";
+    return [
+        { quality: "maxres", url: `${baseUrl}/vi/${videoId}/maxresdefault.jpg`, width: 1280, height: 720 },
+        { quality: "sddefault", url: `${baseUrl}/vi/${videoId}/sddefault.jpg`, width: 640, height: 480 },
+        { quality: "high", url: `${baseUrl}/vi/${videoId}/hqdefault.jpg`, width: 480, height: 360 },
+        { quality: "medium", url: `${baseUrl}/vi/${videoId}/mqdefault.jpg`, width: 320, height: 180 },
+        { quality: "default", url: `${baseUrl}/vi/${videoId}/default.jpg`, width: 120, height: 90 },
+    ];
+}
+
+// Helper to parse view count
+function parseViewCount(text: string | undefined): number {
+    if (!text) return 0;
+    const match = text.match(/([\d,]+)/);
+    if (match) {
+        return parseInt(match[1].replace(/,/g, "")) || 0;
+    }
+    return 0;
+}
+
+// GET /:playlistId - Get playlist information
+playlists.get("/:playlistId", async (c) => {
+    const playlistId = c.req.param("playlistId");
+    const innertubeClient = c.get("innertubeClient") as Innertube;
+
+    if (!playlistId) {
+        throw new HTTPException(400, { message: "Playlist ID is required" });
+    }
+
+    console.log(`[INFO] Fetching playlist: ${playlistId}`);
+
+    try {
+        const playlist = await innertubeClient.getPlaylist(playlistId);
+        const info = playlist.info as any;
+
+        // Extract author info
+        let author = "";
+        let authorId = "";
+        let authorUrl = "";
+        const authorThumbnails: Thumbnail[] = [];
+
+        if (info?.author) {
+            author = info.author.name || "";
+            authorId = info.author.id || "";
+            authorUrl = authorId ? `/channel/${authorId}` : "";
+        }
+
+        // Get author thumbnails
+        if (info?.author?.thumbnails && Array.isArray(info.author.thumbnails)) {
+            for (const thumb of info.author.thumbnails) {
+                authorThumbnails.push({
+                    url: thumb.url,
+                    width: thumb.width || 0,
+                    height: thumb.height || 0
+                });
+            }
+        }
+
+        // Get playlist thumbnail
+        let playlistThumbnail = "";
+        if (info?.thumbnails && info.thumbnails.length > 0) {
+            playlistThumbnail = info.thumbnails[0].url || "";
+        }
+
+        // Get videos
+        const videos: PlaylistVideo[] = [];
+        let index = 0;
+        for (const item of playlist.items) {
+            const v = item as any;
+            if (v.type === "PlaylistVideo" || v.id) {
+                videos.push({
+                    type: "video",
+                    title: v.title?.text || "",
+                    videoId: v.id || "",
+                    author: v.author?.name || author,
+                    authorId: v.author?.id || authorId,
+                    authorUrl: v.author?.id ? `/channel/${v.author.id}` : authorUrl,
+                    videoThumbnails: generateVideoThumbnails(v.id || ""),
+                    index: index++,
+                    lengthSeconds: v.duration?.seconds || 0,
+                    liveNow: v.is_live || false
+                });
+            }
+        }
+
+        const response: PlaylistResponse = {
+            type: "playlist",
+            title: info?.title || "",
+            playlistId: playlistId,
+            playlistThumbnail: playlistThumbnail,
+            author: author,
+            authorId: authorId,
+            authorUrl: authorUrl,
+            subtitle: null,
+            authorThumbnails: authorThumbnails,
+            description: info?.description || "",
+            descriptionHtml: info?.description || "",
+            videoCount: parseViewCount(String(info?.total_items || "")) || videos.length,
+            viewCount: parseViewCount(info?.views?.text),
+            updated: 0, // Not easily available
+            isListed: true,
+            videos: videos
+        };
+
+        return c.json(response);
+    } catch (error) {
+        console.error(`[ERROR] Failed to fetch playlist ${playlistId}:`, error);
+        throw new HTTPException(500, { message: `Failed to fetch playlist: ${error}` });
+    }
+});
+
+export default playlists;

src/routes/invidious_routes/search.ts

@@ -0,0 +1,300 @@
+import { Hono } from "hono";
+import { HTTPException } from "hono/http-exception";
+import type { Innertube } from "youtubei.js";
+
+const search = new Hono();
+
+// Helper to convert duration string to seconds (e.g., "12:34" -> 754)
+function parseDuration(durationVal: string | number | undefined): number {
+    if (typeof durationVal === 'number') return durationVal;
+    if (!durationVal) return 0;
+
+    // Check if it's just seconds as a string
+    if (!durationVal.includes(':')) {
+        return parseInt(durationVal, 10) || 0;
+    }
+
+    const parts = durationVal.split(':').map(Number);
+    if (parts.length === 3) {
+        return parts[0] * 3600 + parts[1] * 60 + parts[2];
+    }
+    if (parts.length === 2) {
+        return parts[0] * 60 + parts[1];
+    }
+    return 0;
+}
+
+// Helper to parse relative time to seconds (approximate)
+function parseRelativeTime(text: string | undefined): number {
+    if (!text) return 0;
+    const now = Date.now();
+    // This is a very rough approximation as we don't have the exact date
+    // You might want to use a library or more complex logic here if needed
+    // For now, we'll just return date.now / 1000 to be safe or 0
+    // A better approach would be to parse "2 years ago" etc. 
+    // But Invidious often returns the timestamp of the upload.
+    // If not available, 0 is often used as a fallback.
+    return Math.floor(now / 1000);
+}
+
+
+search.get("/", async (c) => {
+    const q = c.req.query("q");
+    const page = parseInt(c.req.query("page") || "1");
+    const type = c.req.query("type") || "all";
+
+    c.header("access-control-allow-origin", "*");
+    c.header("content-type", "application/json");
+
+    if (!q) {
+        throw new HTTPException(400, {
+            res: new Response(JSON.stringify({ error: "Query parameter 'q' is required" })),
+        });
+    }
+
+    const innertubeClient = c.get("innertubeClient") as Innertube;
+
+    try {
+        // Map 'type' to YouTubei filters
+        let filters: any = {};
+        if (type === "video") filters.type = "video";
+        else if (type === "channel") filters.type = "channel";
+        else if (type === "playlist") filters.type = "playlist";
+        // 'all' uses default, no filter needed usually, or we can fetch without filters
+
+        const searchResults = await innertubeClient.search(q, filters);
+
+        // Note: Pagination support in InnerTube search is via 'getContinuation', 
+        // but existing stateless endpoints often just fetch the first batch. 
+        // Fully implementing page 2+ requires handling continuation tokens, 
+        // usually passed back to the client. The 'page' param in Invidious 
+        // is often abstraction. For now, we return the initial results. 
+        // If the user needs deep pagination, we'd need to store/pass continuation tokens.
+
+        const items = searchResults.results || [];
+
+        // Mapped results
+        const response: any[] = [];
+
+        for (const item of items) {
+            if (item.type === "Video" || item.type === "CompactVideo") {
+                const video = item as any; // Cast to any to access properties safely
+                response.push({
+                    type: "video",
+                    title: video.title?.text || "",
+                    videoId: video.id,
+                    author: video.author?.name || "",
+                    authorId: video.author?.id || "",
+                    authorUrl: video.author?.url || (video.author?.id ? `/channel/${video.author?.id}` : ""),
+                    authorVerified: video.author?.is_verified || false,
+                    authorThumbnails: video.author?.thumbnails || [],
+                    videoThumbnails: video.thumbnails || [],
+                    description: video.description?.text || "",
+                    descriptionHtml: video.description?.text || "", // Basic text for now
+                    viewCount: video.view_count?.text ? parseInt(video.view_count.text.replace(/[^0-9]/g, '')) : 0,
+                    viewCountText: video.view_count?.text || "0 views",
+                    published: parseRelativeTime(video.published?.text),
+                    publishedText: video.published?.text || "",
+                    lengthSeconds: parseDuration(video.duration?.text),
+                    liveNow: video.is_live || false,
+                    premium: false, // Not easily available
+                    isUpcoming: video.upcoming || false,
+                    isNew: false, // Logic needed
+                    is4k: false, // Check badges?
+                    is8k: false,
+                    isVr180: false,
+                    isVr360: false,
+                    is3d: false,
+                    hasCaptions: false // Check badges?
+                });
+            } else if (item.type === "Channel") {
+                const channel = item as any;
+                response.push({
+                    type: "channel",
+                    author: channel.author?.name || channel.title?.text || "",
+                    authorId: channel.id,
+                    authorUrl: `/channel/${channel.id}`,
+                    authorVerified: channel.author?.is_verified || false,
+                    authorThumbnails: channel.thumbnails || [],
+                    autoGenerated: false,
+                    subCount: channel.subscriber_count?.text ? parseInt(channel.subscriber_count.text.replace(/[^0-9]/g, '')) : 0,
+                    videoCount: 0, // Often not in search snippets
+                    channelHandle: "", // Might be in url
+                    description: channel.description_snippet?.text || "",
+                    descriptionHtml: channel.description_snippet?.text || ""
+                });
+            } else if (item.type === "Playlist") {
+                const playlist = item as any;
+                response.push({
+                    type: "playlist",
+                    title: playlist.title?.text || "",
+                    playlistId: playlist.id,
+                    playlistThumbnail: playlist.thumbnails?.[0]?.url || "",
+                    author: playlist.author?.name || "",
+                    authorId: playlist.author?.id || "",
+                    authorUrl: `/channel/${playlist.author?.id || ""}`,
+                    authorVerified: playlist.author?.is_verified || false,
+                    videoCount: parseInt(playlist.video_count?.replace(/[^0-9]/g, '') || "0"),
+                    videos: [] // Search result usually doesn't have video list inside
+                });
+            } else if (item.type === "LockupView") {
+                const lockup = item as any;
+                const contentId = lockup.content_id;
+
+                if (contentId?.startsWith("PL")) {
+                    // Playlist
+                    let author = "";
+                    let authorId = "";
+                    let authorUrl = "";
+                    let videoCount = 0;
+                    let thumbnail = "";
+
+                    // Extract thumbnail
+                    const primaryThumbnail = lockup.content_image?.primary_thumbnail;
+                    if (primaryThumbnail?.image && primaryThumbnail.image.length > 0) {
+                        thumbnail = primaryThumbnail.image[0].url;
+                    }
+
+                    // Extract video count from overlays
+                    if (primaryThumbnail?.overlays) {
+                        for (const overlay of primaryThumbnail.overlays) {
+                            if (overlay.badges) {
+                                for (const badge of overlay.badges) {
+                                    if (badge.text && badge.text.includes("videos")) {
+                                        const match = badge.text.match(/([\d,]+)\s+videos/);
+                                        if (match) {
+                                            videoCount = parseInt(match[1].replace(/,/g, ""));
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    }
+
+                    // Extract author, authorId, and authorUrl from metadata rows
+                    if (lockup.metadata?.metadata?.metadata_rows) {
+                        for (const row of lockup.metadata.metadata.metadata_rows) {
+                            if (row.metadata_parts) {
+                                for (const part of row.metadata_parts) {
+                                    if (part.text?.runs) {
+                                        for (const run of part.text.runs) {
+                                            if (run.endpoint?.metadata?.page_type === "WEB_PAGE_TYPE_CHANNEL") {
+                                                author = run.text;
+                                                authorId = run.endpoint?.payload?.browseId || "";
+                                                authorUrl = run.endpoint?.payload?.canonicalBaseUrl || (authorId ? `/channel/${authorId}` : "");
+                                                break;
+                                            }
+                                        }
+                                    }
+                                    if (author) break;
+                                }
+                            }
+                            if (author) break;
+                        }
+                    }
+
+                    // Fallback for author
+                    if (!author && lockup.metadata?.metadata?.metadata_rows?.[0]?.metadata_parts?.[0]?.text?.text) {
+                        author = lockup.metadata.metadata.metadata_rows[0].metadata_parts[0].text.text;
+                    }
+
+                    response.push({
+                        type: "playlist",
+                        title: lockup.metadata?.title?.text || "Unknown Playlist",
+                        playlistId: contentId,
+                        playlistThumbnail: thumbnail,
+                        author: author,
+                        authorId: authorId,
+                        authorUrl: authorUrl,
+                        authorVerified: false,
+                        videoCount: videoCount,
+                        videos: []
+                    });
+                } else if (contentId?.startsWith("UC")) {
+                    // Channel
+                    response.push({
+                        type: "channel",
+                        author: lockup.metadata?.title?.text || "Unknown Channel",
+                        authorId: contentId,
+                        authorUrl: `/channel/${contentId}`,
+                        authorVerified: false,
+                        authorThumbnails: lockup.content_image?.primary_thumbnail?.thumbnails || [],
+                        autoGenerated: false,
+                        subCount: 0,
+                        videoCount: 0,
+                        channelHandle: "",
+                        description: "",
+                        descriptionHtml: ""
+                    });
+                } else {
+                    // Assume Video
+                    response.push({
+                        type: "video",
+                        title: lockup.metadata?.title?.text || "Unknown Video",
+                        videoId: contentId,
+                        author: "", // Parsing from metadata lines is complex
+                        authorId: "",
+                        authorUrl: "",
+                        authorVerified: false,
+                        authorThumbnails: [], // Often missing in LockupView
+                        videoThumbnails: lockup.content_image?.primary_thumbnail?.thumbnails || [],
+                        description: "",
+                        descriptionHtml: "",
+                        viewCount: 0,
+                        viewCountText: "",
+                        published: 0,
+                        publishedText: "",
+                        lengthSeconds: 0, // Duration might be in metadata
+                        liveNow: false,
+                        premium: false,
+                        isUpcoming: false,
+                        isNew: false,
+                        is4k: false,
+                        is8k: false,
+                        isVr180: false,
+                        isVr360: false,
+                        is3d: false,
+                        hasCaptions: false
+                    });
+                }
+            }
+        }
+
+        return c.json(response);
+
+    } catch (error) {
+        console.error("[ERROR] Failed to fetch search results:", error);
+        throw new HTTPException(500, {
+            res: new Response(JSON.stringify({ error: "Failed to fetch search results" })),
+        });
+    }
+});
+
+search.get("/suggestions", async (c) => {
+    const q = c.req.query("q");
+    c.header("access-control-allow-origin", "*");
+    c.header("content-type", "application/json");
+
+    if (!q) {
+        throw new HTTPException(400, {
+            res: new Response(JSON.stringify({ error: "Query parameter 'q' is required" })),
+        });
+    }
+
+    const innertubeClient = c.get("innertubeClient") as Innertube;
+
+    try {
+        const suggestions = await innertubeClient.getSearchSuggestions(q);
+        return c.json({
+            query: q,
+            suggestions: suggestions,
+        });
+    } catch (error) {
+        console.error("[ERROR] Failed to fetch search suggestions:", error);
+        throw new HTTPException(500, {
+            res: new Response(JSON.stringify({ error: "Failed to fetch search suggestions" })),
+        });
+    }
+});
+
+export default search;

src/routes/invidious_routes/videos.ts

@@ -0,0 +1,622 @@
+import { Hono } from "hono";
+import { HTTPException } from "hono/http-exception";
+import {
+    youtubePlayerParsing,
+    youtubeVideoInfo,
+} from "../../lib/helpers/youtubePlayerHandling.ts";
+import { validateVideoId } from "../../lib/helpers/validateVideoId.ts";
+import { encryptQuery } from "../../lib/helpers/encryptQuery.ts";
+import { TOKEN_MINTER_NOT_READY_MESSAGE } from "../../constants.ts";
+
+const videos = new Hono();
+
+interface Thumbnail {
+    quality: string;
+    url: string;
+    width: number;
+    height: number;
+}
+
+interface AuthorThumbnail {
+    url: string;
+    width: number;
+    height: number;
+}
+
+interface Storyboard {
+    url: string;
+    templateUrl: string;
+    width: number;
+    height: number;
+    count: number;
+    interval: number;
+    storyboardWidth: number;
+    storyboardHeight: number;
+    storyboardCount: number;
+}
+
+interface AdaptiveFormat {
+    init?: string;
+    index?: string;
+    bitrate: string;
+    url: string;
+    itag: string;
+    type: string;
+    clen?: string;
+    lmt?: string;
+    projectionType: string;
+    fps?: number;
+    size?: string;
+    resolution?: string;
+    qualityLabel?: string;
+    container?: string;
+    encoding?: string;
+    audioQuality?: string;
+    audioSampleRate?: number;
+    audioChannels?: number;
+    colorInfo?: object;
+}
+
+interface FormatStream {
+    url: string;
+    itag: string;
+    type: string;
+    quality: string;
+    bitrate: string;
+    fps?: number;
+    size?: string;
+    resolution?: string;
+    qualityLabel?: string;
+    container?: string;
+    encoding?: string;
+}
+
+interface Caption {
+    label: string;
+    language_code: string;
+    url: string;
+}
+
+interface RecommendedVideo {
+    videoId: string;
+    title: string;
+    videoThumbnails: Thumbnail[];
+    author: string;
+    authorUrl: string;
+    authorId: string;
+    authorVerified: boolean;
+    lengthSeconds: number;
+    viewCountText: string;
+    published?: string;
+    publishedText?: string;
+}
+
+// Generate thumbnail URLs for a video
+function generateThumbnails(videoId: string, baseUrl: string): Thumbnail[] {
+    return [
+        { quality: "maxres", url: `${baseUrl}/vi/${videoId}/maxres.jpg`, width: 1280, height: 720 },
+        { quality: "maxresdefault", url: `${baseUrl}/vi/${videoId}/maxresdefault.jpg`, width: 1280, height: 720 },
+        { quality: "sddefault", url: `${baseUrl}/vi/${videoId}/sddefault.jpg`, width: 640, height: 480 },
+        { quality: "high", url: `${baseUrl}/vi/${videoId}/hqdefault.jpg`, width: 480, height: 360 },
+        { quality: "medium", url: `${baseUrl}/vi/${videoId}/mqdefault.jpg`, width: 320, height: 180 },
+        { quality: "default", url: `${baseUrl}/vi/${videoId}/default.jpg`, width: 120, height: 90 },
+        { quality: "start", url: `${baseUrl}/vi/${videoId}/1.jpg`, width: 120, height: 90 },
+        { quality: "middle", url: `${baseUrl}/vi/${videoId}/2.jpg`, width: 120, height: 90 },
+        { quality: "end", url: `${baseUrl}/vi/${videoId}/3.jpg`, width: 120, height: 90 },
+    ];
+}
+
+// Parse storyboards from YouTube response
+function parseStoryboards(storyboards: any, videoId: string): Storyboard[] {
+    const result: Storyboard[] = [];
+    if (!storyboards) return result;
+
+    // Handle PlayerStoryboardSpec format
+    if (storyboards.type === "PlayerStoryboardSpec" && storyboards.boards) {
+        for (const board of storyboards.boards) {
+            if (!board.template_url) continue;
+            result.push({
+                url: `/api/v1/storyboards/${videoId}?width=${board.thumbnail_width}&height=${board.thumbnail_height}`,
+                templateUrl: board.template_url,
+                width: board.thumbnail_width || 0,
+                height: board.thumbnail_height || 0,
+                count: board.thumbnail_count || 0,
+                interval: board.interval || 0,
+                storyboardWidth: board.columns || 0,
+                storyboardHeight: board.rows || 0,
+                storyboardCount: board.storyboard_count || 1,
+            });
+        }
+    }
+
+    return result;
+}
+
+// Convert YouTube format to Invidious adaptive format
+function convertAdaptiveFormat(format: any): AdaptiveFormat {
+    const result: AdaptiveFormat = {
+        bitrate: String(format.bitrate || "0"),
+        url: format.url || "",
+        itag: String(format.itag || "0"),
+        type: format.mime_type || "",
+        projectionType: format.projection_type || "RECTANGULAR",
+    };
+
+    if (format.init_range) {
+        result.init = `${format.init_range.start}-${format.init_range.end}`;
+    }
+    if (format.index_range) {
+        result.index = `${format.index_range.start}-${format.index_range.end}`;
+    }
+    if (format.content_length) result.clen = String(format.content_length);
+    if (format.last_modified) result.lmt = String(format.last_modified);
+    if (format.fps) result.fps = format.fps;
+    if (format.width && format.height) result.size = `${format.width}x${format.height}`;
+    if (format.quality_label) {
+        result.qualityLabel = format.quality_label;
+        result.resolution = format.quality_label;
+    }
+
+    // Parse container and encoding from mime type
+    const mimeMatch = format.mime_type?.match(/^(video|audio)\/(\w+)/);
+    if (mimeMatch) {
+        result.container = mimeMatch[2];
+    }
+
+    const codecMatch = format.mime_type?.match(/codecs="([^"]+)"/);
+    if (codecMatch) {
+        result.encoding = codecMatch[1].split(",")[0].trim();
+    }
+
+    if (format.audio_quality) result.audioQuality = format.audio_quality;
+    if (format.audio_sample_rate) result.audioSampleRate = parseInt(format.audio_sample_rate);
+    if (format.audio_channels) result.audioChannels = format.audio_channels;
+    if (format.color_info) result.colorInfo = format.color_info;
+
+    return result;
+}
+
+// Convert YouTube format to Invidious format stream (combined video+audio)
+function convertFormatStream(format: any): FormatStream {
+    const result: FormatStream = {
+        url: format.url || "",
+        itag: String(format.itag || "0"),
+        type: format.mime_type || "",
+        quality: format.quality || "medium",
+        bitrate: String(format.bitrate || "0"),
+    };
+
+    if (format.fps) result.fps = format.fps;
+    if (format.width && format.height) result.size = `${format.width}x${format.height}`;
+    if (format.quality_label) {
+        result.qualityLabel = format.quality_label;
+        result.resolution = format.quality_label;
+    }
+
+    const mimeMatch = format.mime_type?.match(/^video\/(\w+)/);
+    if (mimeMatch) {
+        result.container = mimeMatch[1];
+    }
+
+    const codecMatch = format.mime_type?.match(/codecs="([^"]+)"/);
+    if (codecMatch) {
+        result.encoding = codecMatch[1].split(",")[0].trim();
+    }
+
+    return result;
+}
+
+// Convert description to HTML with links
+function descriptionToHtml(description: string): string {
+    if (!description) return "";
+
+    // Escape HTML entities
+    let html = description
+        .replace(/&/g, "&")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;");
+
+    // Convert URLs to links
+    html = html.replace(
+        /(https?:\/\/[^\s]+)/g,
+        (url) => {
+            const displayUrl = url.replace(/^https?:\/\//, "");
+            return `<a href="${url}">${displayUrl}</a>`;
+        }
+    );
+
+    // Convert hashtags to links
+    html = html.replace(
+        /#(\w+)/g,
+        '<a href="/hashtag/$1">#$1</a>'
+    );
+
+    return html;
+}
+
+// Calculate relative time string
+function getRelativeTimeString(date: Date): string {
+    const now = new Date();
+    const diffMs = now.getTime() - date.getTime();
+    const diffSeconds = Math.floor(diffMs / 1000);
+    const diffMinutes = Math.floor(diffSeconds / 60);
+    const diffHours = Math.floor(diffMinutes / 60);
+    const diffDays = Math.floor(diffHours / 24);
+    const diffWeeks = Math.floor(diffDays / 7);
+    const diffMonths = Math.floor(diffDays / 30);
+    const diffYears = Math.floor(diffDays / 365);
+
+    if (diffYears > 0) return `${diffYears} year${diffYears > 1 ? "s" : ""} ago`;
+    if (diffMonths > 0) return `${diffMonths} month${diffMonths > 1 ? "s" : ""} ago`;
+    if (diffWeeks > 0) return `${diffWeeks} week${diffWeeks > 1 ? "s" : ""} ago`;
+    if (diffDays > 0) return `${diffDays} day${diffDays > 1 ? "s" : ""} ago`;
+    if (diffHours > 0) return `${diffHours} hour${diffHours > 1 ? "s" : ""} ago`;
+    if (diffMinutes > 0) return `${diffMinutes} minute${diffMinutes > 1 ? "s" : ""} ago`;
+    return "just now";
+}
+
+// Localize URL to route through local server
+function localizeUrl(url: string, config: any): string {
+    if (!url) return url;
+    try {
+        const urlParsed = new URL(url);
+        let queryParams = new URLSearchParams(urlParsed.search);
+        queryParams.set("host", urlParsed.host);
+
+        if (config.server.encrypt_query_params) {
+            const publicParams = [...queryParams].filter(([key]) =>
+                ["pot", "ip"].includes(key) === false
+            );
+            const privateParams = [...queryParams].filter(([key]) =>
+                ["pot", "ip"].includes(key) === true
+            );
+            const encryptedParams = encryptQuery(
+                JSON.stringify(privateParams),
+                config,
+            );
+            queryParams = new URLSearchParams(publicParams);
+            queryParams.set("enc", "true");
+            queryParams.set("data", encryptedParams);
+        }
+
+        return config.server.base_path + urlParsed.pathname + "?" + queryParams.toString();
+    } catch {
+        return url;
+    }
+}
+
+videos.get("/:videoId", async (c) => {
+    const videoId = c.req.param("videoId");
+    const { local } = c.req.query();
+    c.header("access-control-allow-origin", "*");
+    c.header("content-type", "application/json");
+
+    if (!videoId) {
+        throw new HTTPException(400, {
+            res: new Response(JSON.stringify({ error: "Video ID is required" })),
+        });
+    }
+
+    if (!validateVideoId(videoId)) {
+        throw new HTTPException(400, {
+            res: new Response(JSON.stringify({ error: "Invalid video ID format" })),
+        });
+    }
+
+    const innertubeClient = c.get("innertubeClient");
+    const config = c.get("config");
+    const metrics = c.get("metrics");
+    const tokenMinter = c.get("tokenMinter");
+
+    // Check if tokenMinter is ready (only needed when PO token is enabled)
+    if (config.jobs.youtube_session.po_token_enabled && !tokenMinter) {
+        throw new HTTPException(503, {
+            res: new Response(JSON.stringify({ error: TOKEN_MINTER_NOT_READY_MESSAGE })),
+        });
+    }
+
+    const youtubePlayerResponseJson = await youtubePlayerParsing({
+        innertubeClient,
+        videoId,
+        config,
+        tokenMinter: tokenMinter!,
+        metrics,
+    }) as any;
+
+    const videoInfo = youtubeVideoInfo(innertubeClient, youtubePlayerResponseJson);
+
+    if (videoInfo.playability_status?.status !== "OK") {
+        throw new HTTPException(400, {
+            res: new Response(JSON.stringify({
+                error: "Video unavailable",
+                reason: videoInfo.playability_status?.reason,
+            })),
+        });
+    }
+
+    // Get the request origin for thumbnail URLs
+    const origin = new URL(c.req.url).origin;
+    const thumbnailBaseUrl = origin;
+
+    // Build video details
+    const details = videoInfo.basic_info;
+    const streamingData = videoInfo.streaming_data;
+
+    // Parse publish date
+    let publishedTimestamp = 0;
+    let publishedText = "";
+    if (youtubePlayerResponseJson.microformat?.playerMicroformatRenderer?.publishDate) {
+        const publishDate = new Date(youtubePlayerResponseJson.microformat.playerMicroformatRenderer.publishDate);
+        publishedTimestamp = Math.floor(publishDate.getTime() / 1000);
+        publishedText = getRelativeTimeString(publishDate);
+    }
+
+    // Build adaptive formats
+    const adaptiveFormats: AdaptiveFormat[] = [];
+    if (streamingData?.adaptive_formats) {
+        for (const format of streamingData.adaptive_formats) {
+            const converted = convertAdaptiveFormat(format);
+            if (local) {
+                converted.url = localizeUrl(converted.url, config);
+            }
+            adaptiveFormats.push(converted);
+        }
+    }
+
+    // Build format streams (combined video+audio)
+    const formatStreams: FormatStream[] = [];
+    if (streamingData?.formats) {
+        for (const format of streamingData.formats) {
+            const converted = convertFormatStream(format);
+            if (local) {
+                converted.url = localizeUrl(converted.url, config);
+            }
+            formatStreams.push(converted);
+        }
+    }
+
+    // Build captions
+    const captions: Caption[] = [];
+    if (videoInfo.captions?.caption_tracks) {
+        for (const track of videoInfo.captions.caption_tracks) {
+            captions.push({
+                label: track.name?.text || track.language_code || "Unknown",
+                language_code: track.language_code || "en",
+                url: `/api/v1/captions/${videoId}?label=${encodeURIComponent(track.name?.text || track.language_code || "")}`,
+            });
+        }
+    }
+
+    // Build recommended videos
+    const recommendedVideos: RecommendedVideo[] = [];
+    // Note: Related videos require a separate API call to /next endpoint
+    // For now, we return an empty array - this can be enhanced later
+
+    // Build author thumbnails from raw YouTube response
+    const authorThumbnails: AuthorThumbnail[] = [];
+    const channelThumbnails = youtubePlayerResponseJson.videoDetails?.author?.thumbnail?.thumbnails ||
+        youtubePlayerResponseJson.microformat?.playerMicroformatRenderer?.ownerProfileUrl ? [] : [];
+
+    // Generate standard author thumbnail sizes if we have the channel ID
+    if (details.channel_id) {
+        const sizes = [32, 48, 76, 100, 176, 512];
+        for (const size of sizes) {
+            authorThumbnails.push({
+                url: `https://yt3.ggpht.com/a/default-user=s${size}-c-k-c0x00ffffff-no-rj`,
+                width: size,
+                height: size,
+            });
+        }
+    }
+
+    // Get raw YouTube response data
+    const videoDetails = (youtubePlayerResponseJson as any).videoDetails || {};
+    const microformat = (youtubePlayerResponseJson as any).microformat?.playerMicroformatRenderer || {};
+    const playabilityStatus = (youtubePlayerResponseJson as any).playabilityStatus || {};
+    const streamingDataRaw = (youtubePlayerResponseJson as any).streamingData || {};
+    const captionsRaw = (youtubePlayerResponseJson as any).captions || {};
+    const storyboardsRaw = (youtubePlayerResponseJson as any).storyboards || {};
+
+    // Map thumbnails directly from videoDetails
+    const thumbnailArray = [];
+    if (videoDetails.thumbnail?.thumbnails) {
+        for (const thumb of videoDetails.thumbnail.thumbnails) {
+            thumbnailArray.push({
+                url: thumb.url,
+                width: thumb.width,
+                height: thumb.height,
+            });
+        }
+    }
+
+    // Map storyboards directly from API response
+    const storyboardsArray = [];
+    if (storyboardsRaw.playerStoryboardSpecRenderer?.spec) {
+        const spec = storyboardsRaw.playerStoryboardSpecRenderer.spec;
+        const specParts = spec.split('|');
+
+        for (let i = 3; i < specParts.length; i++) {
+            const parts = specParts[i].split('#');
+            if (parts.length >= 8) {
+                const baseUrl = specParts[0];
+                const [width, height, count, columns, rows, interval, name, sigh] = parts;
+                const storyboardCount = Math.ceil(parseInt(count) / (parseInt(columns) * parseInt(rows)));
+
+                const urls = [];
+                for (let j = 0; j < storyboardCount; j++) {
+                    let url = baseUrl.replace('$L', i - 3).replace('$N', name) + j;
+                    if (sigh) url += '&sigh=' + sigh;
+                    urls.push(url);
+                }
+
+                storyboardsArray.push({
+                    width: width,
+                    height: height,
+                    thumbsCount: count,
+                    columns: columns,
+                    rows: rows,
+                    interval: interval,
+                    storyboardCount: storyboardCount,
+                    url: urls,
+                });
+            }
+        }
+    }
+
+    // Map captions directly from API response
+    const captionTracks = [];
+    if (captionsRaw.playerCaptionsTracklistRenderer?.captionTracks) {
+        for (const track of captionsRaw.playerCaptionsTracklistRenderer.captionTracks) {
+            captionTracks.push({
+                baseUrl: track.baseUrl,
+                name: track.name?.simpleText || track.languageCode,
+                vssId: track.vssId || "",
+                languageCode: track.languageCode,
+                isTranslatable: track.isTranslatable ?? true,
+            });
+        }
+    }
+
+    // Map audioTracks directly from API response
+    const audioTracks = [];
+    if (captionsRaw.playerCaptionsTracklistRenderer?.audioTracks) {
+        for (const track of captionsRaw.playerCaptionsTracklistRenderer.audioTracks) {
+            audioTracks.push({
+                languageName: track.displayName || track.id,
+                languageCode: track.id,
+            });
+        }
+    } else if (captionsRaw.playerCaptionsTracklistRenderer?.captionTracks) {
+        // Fallback: extract unique languages from caption tracks
+        const uniqueLangs = new Set();
+        for (const track of captionsRaw.playerCaptionsTracklistRenderer.captionTracks) {
+            const langCode = track.languageCode;
+            if (!uniqueLangs.has(langCode)) {
+                uniqueLangs.add(langCode);
+                audioTracks.push({
+                    languageName: track.name?.simpleText || langCode,
+                    languageCode: langCode,
+                });
+            }
+        }
+    }
+
+    // Map formats directly from streamingData
+    const formatsArray = [];
+    if (streamingDataRaw.formats) {
+        for (const format of streamingDataRaw.formats) {
+            const formatObj: any = {
+                itag: format.itag,
+                url: format.url,
+                mimeType: format.mimeType,
+                bitrate: format.bitrate,
+                width: format.width || 0,
+                height: format.height || 0,
+                lastModified: format.lastModified,
+                contentLength: format.contentLength,
+                quality: format.quality,
+                fps: format.fps,
+                qualityLabel: format.qualityLabel,
+                projectionType: format.projectionType || "RECTANGULAR",
+                averageBitrate: format.averageBitrate,
+                approxDurationMs: format.approxDurationMs,
+            };
+
+            if (format.audioQuality) formatObj.audioQuality = format.audioQuality;
+            if (format.audioSampleRate) formatObj.audioSampleRate = format.audioSampleRate;
+            if (format.audioChannels) formatObj.audioChannels = format.audioChannels;
+            if (format.qualityLabel) {
+                formatObj.qualityOrdinal = "QUALITY_ORDINAL_" + format.qualityLabel.replace(/\d+/, "").replace('p', 'P');
+            }
+
+            formatsArray.push(formatObj);
+        }
+    }
+
+    // Map adaptiveFormats directly from streamingData
+    const adaptiveFormatsArray = [];
+    if (streamingDataRaw.adaptiveFormats) {
+        for (const format of streamingDataRaw.adaptiveFormats) {
+            const adaptiveFormat: any = {
+                itag: format.itag,
+                url: format.url,
+                mimeType: format.mimeType,
+                bitrate: format.bitrate,
+                width: format.width || 0,
+                height: format.height || 0,
+                lastModified: format.lastModified,
+                contentLength: format.contentLength,
+                quality: format.quality,
+                fps: format.fps,
+                qualityLabel: format.qualityLabel,
+                projectionType: format.projectionType || "RECTANGULAR",
+                averageBitrate: format.averageBitrate,
+                approxDurationMs: format.approxDurationMs,
+            };
+
+            if (format.initRange) {
+                adaptiveFormat.initRange = {
+                    start: format.initRange.start,
+                    end: format.initRange.end,
+                };
+            }
+            if (format.indexRange) {
+                adaptiveFormat.indexRange = {
+                    start: format.indexRange.start,
+                    end: format.indexRange.end,
+                };
+            }
+
+            if (format.audioQuality) adaptiveFormat.audioQuality = format.audioQuality;
+            if (format.audioSampleRate) adaptiveFormat.audioSampleRate = format.audioSampleRate;
+            if (format.audioChannels) adaptiveFormat.audioChannels = format.audioChannels;
+            if (format.colorInfo) adaptiveFormat.colorInfo = format.colorInfo;
+            if (format.highReplication) adaptiveFormat.highReplication = format.highReplication;
+            if (format.loudnessDb !== undefined) adaptiveFormat.loudnessDb = format.loudnessDb;
+
+            if (format.qualityLabel) {
+                adaptiveFormat.qualityOrdinal = "QUALITY_ORDINAL_" + format.qualityLabel.replace(/\d+/, "").replace('p', 'P');
+            } else {
+                adaptiveFormat.qualityOrdinal = "QUALITY_ORDINAL_UNKNOWN";
+            }
+
+            adaptiveFormatsArray.push(adaptiveFormat);
+        }
+    }
+
+    const currentTimestamp = Math.floor(Date.now() / 1000);
+
+    const response = {
+        status: playabilityStatus.status || "OK",
+        id: videoDetails.videoId || videoId,
+        title: videoDetails.title || "",
+        lengthSeconds: videoDetails.lengthSeconds || "0",
+        keywords: videoDetails.keywords || [],
+        channelTitle: videoDetails.author || "",
+        channelId: videoDetails.channelId || "",
+        description: videoDetails.shortDescription || "",
+        thumbnail: thumbnailArray,
+        allowRatings: videoDetails.allowRatings ?? true,
+        viewCount: videoDetails.viewCount || "0",
+        isPrivate: videoDetails.isPrivate || false,
+        isUnpluggedCorpus: videoDetails.isUnpluggedCorpus || false,
+        isLiveContent: videoDetails.isLiveContent || false,
+        storyboards: storyboardsArray,
+        captions: {
+            captionTracks: captionTracks,
+        },
+        audioTracks: audioTracks,
+        defaultVideoLanguage: microformat.defaultLanguage || "English",
+        defaultVideoLanguageCode: microformat.defaultLanguage || "en",
+        fetchedTS: currentTimestamp,
+        expiresInSeconds: streamingDataRaw.expiresInSeconds || "21540",
+        formats: formatsArray,
+        isGCR: false,
+        adaptiveFormats: adaptiveFormatsArray,
+        availableAt: currentTimestamp,
+    };
+
+    return c.json(response);
+});
+
+export default videos;

src/routes/metrics.ts

@@ -0,0 +1,11 @@
+import { Hono } from "hono";
+
+const metrics = new Hono();
+
+metrics.get("/", async (c) => {
+    return new Response(await c.get("metrics")?.register.metrics(), {
+        headers: { "Content-Type": "text/plain" },
+    });
+});
+
+export default metrics;

src/routes/videoPlaybackProxy.ts

@@ -0,0 +1,240 @@
+import { Hono } from "hono";
+import { HTTPException } from "hono/http-exception";
+import { encodeRFC5987ValueChars } from "../lib/helpers/encodeRFC5987ValueChars.ts";
+import { decryptQuery } from "../lib/helpers/encryptQuery.ts";
+import { StreamingApi } from "hono/utils/stream";
+
+let getFetchClientLocation = "getFetchClient";
+if (Deno.env.get("GET_FETCH_CLIENT_LOCATION")) {
+    if (Deno.env.has("DENO_COMPILED")) {
+        getFetchClientLocation = Deno.mainModule.replace("src/main.ts", "") +
+            Deno.env.get("GET_FETCH_CLIENT_LOCATION");
+    } else {
+        getFetchClientLocation = Deno.env.get(
+            "GET_FETCH_CLIENT_LOCATION",
+        ) as string;
+    }
+}
+const { getFetchClient } = await import(getFetchClientLocation);
+
+const videoPlaybackProxy = new Hono();
+
+videoPlaybackProxy.options("/", () => {
+    const headersForResponse: Record<string, string> = {
+        "access-control-allow-origin": "*",
+        "access-control-allow-methods": "GET, OPTIONS",
+        "access-control-allow-headers": "Content-Type, Range",
+    };
+    return new Response("OK", {
+        status: 200,
+        headers: headersForResponse,
+    });
+});
+
+videoPlaybackProxy.get("/", async (c) => {
+    const { c: client, expire, title } = c.req.query();
+    const urlReq = new URL(c.req.url);
+    const config = c.get("config");
+    const queryParams = new URLSearchParams(urlReq.search);
+
+    if (c.req.query("enc") === "true") {
+        const { data: encryptedQuery } = c.req.query();
+        const decryptedQueryParams = decryptQuery(encryptedQuery, config);
+        const parsedDecryptedQueryParams = new URLSearchParams(
+            JSON.parse(decryptedQueryParams),
+        );
+        queryParams.delete("enc");
+        queryParams.delete("data");
+        queryParams.set("pot", parsedDecryptedQueryParams.get("pot") as string);
+        queryParams.set("ip", parsedDecryptedQueryParams.get("ip") as string);
+    }
+
+
+
+    if (
+        expire == undefined ||
+        Number(expire) < Number(Date.now().toString().slice(0, -3))
+    ) {
+        throw new HTTPException(400, {
+            res: new Response(
+                "Expire query string undefined or videoplayback URL has expired.",
+            ),
+        });
+    }
+
+    if (client == undefined) {
+        throw new HTTPException(400, {
+            res: new Response("'c' query string undefined."),
+        });
+    }
+
+
+    queryParams.delete("title");
+
+    const rangeHeader = c.req.header("range");
+    const requestBytes = rangeHeader ? rangeHeader.split("=")[1] : null;
+    const [firstByte, lastByte] = requestBytes?.split("-") || [];
+    if (requestBytes) {
+        queryParams.append(
+            "range",
+            requestBytes,
+        );
+    }
+
+    const headersToSend: HeadersInit = {
+        "accept": "*/*",
+        "accept-encoding": "gzip, deflate, br, zstd",
+        "accept-language": "en-us,en;q=0.5",
+        "origin": "https://www.youtube.com",
+        "referer": "https://www.youtube.com",
+    };
+
+    if (client == "ANDROID") {
+        headersToSend["user-agent"] =
+            "com.google.android.youtube/1537338816 (Linux; U; Android 13; en_US; ; Build/TQ2A.230505.002; Cronet/113.0.5672.24)";
+    } else if (client == "IOS") {
+        headersToSend["user-agent"] =
+            "com.google.ios.youtube/19.32.8 (iPhone14,5; U; CPU iOS 17_6 like Mac OS X;)";
+    } else {
+        headersToSend["user-agent"] =
+            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36";
+    }
+
+    const fetchClient = await getFetchClient(config);
+
+    let headResponse: Response | undefined;
+    let location = `https://redirector.googlevideo.com/videoplayback?${queryParams.toString()}`;
+
+    // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-p2-semantics-17#section-7.3
+    // A maximum of 5 redirections is defined in the note of the section 7.3
+    // of this RFC, that's why `i < 5`
+    for (let i = 0; i < 5; i++) {
+        const googlevideoResponse: Response = await fetchClient(location, {
+            method: "HEAD",
+            headers: headersToSend,
+            redirect: "manual",
+        });
+        if (googlevideoResponse.status == 403) {
+            return new Response(googlevideoResponse.body, {
+                status: googlevideoResponse.status,
+                statusText: googlevideoResponse.statusText,
+            });
+        }
+        if (googlevideoResponse.headers.has("Location")) {
+            location = googlevideoResponse.headers.get("Location") as string;
+            continue;
+        } else {
+            headResponse = googlevideoResponse;
+            break;
+        }
+    }
+    if (headResponse === undefined) {
+        throw new HTTPException(502, {
+            res: new Response(
+                "Google headResponse redirected too many times",
+            ),
+        });
+    }
+
+    // =================== REQUEST CHUNKING =======================
+    // if the requested response is larger than the chunkSize, break up the response
+    // into chunks and stream the response back to the client to avoid rate limiting
+    const { readable, writable } = new TransformStream();
+    const stream = new StreamingApi(writable, readable);
+    const googleVideoUrl = new URL(location);
+    const getChunk = async (start: number, end: number) => {
+        googleVideoUrl.searchParams.set(
+            "range",
+            `${start}-${end}`,
+        );
+        const postResponse = await fetchClient(googleVideoUrl, {
+            method: "POST",
+            body: new Uint8Array([0x78, 0]), // protobuf: { 15: 0 } (no idea what it means but this is what YouTube uses),
+            headers: headersToSend,
+        });
+        if (postResponse.status !== 200) {
+            throw new Error("Non-200 response from google servers");
+        }
+        await stream.pipe(postResponse.body);
+    };
+
+    const chunkSize =
+        config.networking.videoplayback.video_fetch_chunk_size_mb * 1_000_000;
+    const totalBytes = Number(
+        headResponse.headers.get("Content-Length") || "0",
+    );
+
+    // if no range sent, the client wants thw whole file, i.e. for downloads
+    const wholeRequestStartByte = Number(firstByte || "0");
+    const wholeRequestEndByte = wholeRequestStartByte + Number(totalBytes) - 1;
+
+    let chunk = Promise.resolve();
+    for (
+        let startByte = wholeRequestStartByte;
+        startByte < wholeRequestEndByte;
+        startByte += chunkSize
+    ) {
+        // i.e.
+        // 0 - 4_999_999, then
+        // 5_000_000 - 9_999_999, then
+        // 10_000_000 - 14_999_999
+        let endByte = startByte + chunkSize - 1;
+        if (endByte > wholeRequestEndByte) {
+            endByte = wholeRequestEndByte;
+        }
+        chunk = chunk.then(() => getChunk(startByte, endByte));
+    }
+    chunk.catch(() => {
+        stream.abort();
+    });
+    // =================== REQUEST CHUNKING =======================
+
+    const headersForResponse: Record<string, string> = {
+        "content-length": headResponse.headers.get("content-length") || "",
+        "access-control-allow-origin": "*",
+        "accept-ranges": headResponse.headers.get("accept-ranges") || "",
+        "content-type": headResponse.headers.get("content-type") || "",
+        "expires": headResponse.headers.get("expires") || "",
+        "last-modified": headResponse.headers.get("last-modified") || "",
+    };
+
+    if (title) {
+        headersForResponse["content-disposition"] = `attachment; filename="${encodeURIComponent(title)
+            }"; filename*=UTF-8''${encodeRFC5987ValueChars(title)}`;
+    }
+
+    let responseStatus = headResponse.status;
+    if (requestBytes && responseStatus == 200) {
+        // check for range headers in the forms:
+        // "bytes=0-" get full length from start
+        // "bytes=500-" get full length from 500 bytes in
+        // "bytes=500-1000" get 500 bytes starting from 500
+        if (lastByte) {
+            responseStatus = 206;
+            headersForResponse["content-range"] = `bytes ${requestBytes}/${queryParams.get("clen") || "*"
+                }`;
+        } else {
+            // i.e. "bytes=0-", "bytes=600-"
+            // full size of content is able to be calculated, so a full Content-Range header can be constructed
+            const bytesReceived = headersForResponse["content-length"];
+            // last byte should always be one less than the length
+            const totalContentLength = Number(firstByte) +
+                Number(bytesReceived);
+            const lastByte = totalContentLength - 1;
+            if (firstByte !== "0") {
+                // only part of the total content returned, 206
+                responseStatus = 206;
+            }
+            headersForResponse["content-range"] =
+                `bytes ${firstByte}-${lastByte}/${totalContentLength}`;
+        }
+    }
+
+    return new Response(stream.responseReadable, {
+        status: responseStatus,
+        statusText: headResponse.statusText,
+        headers: headersForResponse,
+    });
+});
+
+export default videoPlaybackProxy;

src/routes/youtube_api_routes/player.ts

@@ -0,0 +1,54 @@
+import { Hono } from "hono";
+import { youtubePlayerParsing } from "../../lib/helpers/youtubePlayerHandling.ts";
+import { HTTPException } from "hono/http-exception";
+import { validateVideoId } from "../../lib/helpers/validateVideoId.ts";
+import { TOKEN_MINTER_NOT_READY_MESSAGE } from "../../constants.ts";
+
+const player = new Hono();
+
+player.post("/player", async (c) => {
+    const jsonReq = await c.req.json();
+    const innertubeClient = c.get("innertubeClient");
+    const config = c.get("config");
+    const metrics = c.get("metrics");
+    const tokenMinter = c.get("tokenMinter");
+
+    // Check if tokenMinter is ready (only needed when PO token is enabled)
+    if (config.jobs.youtube_session.po_token_enabled && !tokenMinter) {
+        return c.json({
+            playabilityStatus: {
+                status: "ERROR",
+                reason: TOKEN_MINTER_NOT_READY_MESSAGE,
+                errorScreen: {
+                    playerErrorMessageRenderer: {
+                        reason: {
+                            simpleText: TOKEN_MINTER_NOT_READY_MESSAGE,
+                        },
+                        subreason: {
+                            simpleText: TOKEN_MINTER_NOT_READY_MESSAGE,
+                        },
+                    },
+                },
+            },
+        });
+    }
+
+    if (jsonReq.videoId) {
+        if (!validateVideoId(jsonReq.videoId)) {
+            throw new HTTPException(400, {
+                res: new Response("Invalid video ID format."),
+            });
+        }
+        return c.json(
+            await youtubePlayerParsing({
+                innertubeClient,
+                videoId: jsonReq.videoId,
+                config,
+                tokenMinter: tokenMinter!,
+                metrics,
+            }),
+        );
+    }
+});
+
+export default player;

src/tests/dashManifest.ts

@@ -0,0 +1,13 @@
+import { assertEquals } from "./deps.ts";
+
+export async function dashManifest(baseUrl: string) {
+    const resp = await fetch(
+        `${baseUrl}/api/manifest/dash/id/jNQXAC9IVRw?local=true&unique_res=1`,
+        {
+            method: "GET",
+        },
+    );
+
+    await resp.body?.cancel();
+    assertEquals(resp.status, 200, "response status code is not 200");
+}

src/tests/deps.ts

@@ -0,0 +1,6 @@
+export {
+    assert,
+    assertEquals,
+    assertRejects,
+    assertThrows,
+} from "jsr:@std/assert@1.0.12";