eliott/worldmonitor
1
0
Fork 0
mirror of https://github.com/koala73/worldmonitor.git synced 2026-05-13 18:46:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
cfbd1ad8a1f2d792f7dbba9560de61ba8522bb76
worldmonitor/api/youtube/live.js
Elie Habib a9224254a5 fix: security hardening — CORS, auth bypass, origin validation & bump v2.2.7 
- Tighten CORS regex to block worldmonitorEVIL.vercel.app spoofing
- Move sidecar /api/local-env-update behind token auth + add key allowlist
- Add postMessage origin/source validation in LiveNewsPanel
- Replace postMessage wildcard '*' targetOrigin with specific origin
- Add isDisallowedOrigin() check to 25 API endpoints missing it
- Migrate gdelt-geo & EIA from custom CORS to shared _cors.js
- Add CORS to firms-fires, stock-index, youtube/live endpoints
- Tighten youtube/embed.js ALLOWED_ORIGINS regex
- Remove 'unsafe-inline' from CSP script-src
- Add iframe sandbox attribute to YouTube embed
- Validate meta-tags URL query params with regex allowlist
2026-02-15 20:33:20 +04:00

77 lines
2.4 KiB
JavaScript
Raw Blame History

// YouTube Live Stream Detection API
// Uses YouTube's oembed endpoint to check for live streams
import { getCorsHeaders, isDisallowedOrigin } from '../_cors.js';
export const config = {
runtime: 'edge',
};
export default async function handler(request) {
const cors = getCorsHeaders(request);
if (request.method === 'OPTIONS') return new Response(null, { status: 204, headers: cors });
if (isDisallowedOrigin(request)) {
return new Response(JSON.stringify({ error: 'Origin not allowed' }), { status: 403, headers: cors });
}
const url = new URL(request.url);
const channel = url.searchParams.get('channel');
if (!channel) {
return new Response(JSON.stringify({ error: 'Missing channel parameter' }), {
status: 400,
headers: { 'Content-Type': 'application/json' },
});
}
try {
// Try to fetch the channel's live page
const channelHandle = channel.startsWith('@') ? channel : `@${channel}`;
const liveUrl = `https://www.youtube.com/${channelHandle}/live`;
const response = await fetch(liveUrl, {
headers: {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
},
redirect: 'follow',
});
if (!response.ok) {
return new Response(JSON.stringify({ videoId: null }), {
status: 200,
headers: { 'Content-Type': 'application/json' },
});
}
const html = await response.text();
// Extract video ID from the page
const videoIdMatch = html.match(/"videoId":"([a-zA-Z0-9_-]{11})"/);
const isLiveMatch = html.match(/"isLive":\s*true/);
if (videoIdMatch && isLiveMatch) {
return new Response(JSON.stringify({ videoId: videoIdMatch[1], isLive: true }), {
status: 200,
headers: {
'Content-Type': 'application/json',
'Cache-Control': 'public, max-age=300, s-maxage=300, stale-while-revalidate=60', // Cache for 5 minutes
},
});
}
// Return null if no live stream found
return new Response(JSON.stringify({ videoId: null, isLive: false }), {
status: 200,
headers: {
'Content-Type': 'application/json',
'Cache-Control': 'public, max-age=300, s-maxage=300, stale-while-revalidate=60',
},
});
} catch (error) {
console.error('YouTube live check error:', error);
return new Response(JSON.stringify({ videoId: null, error: error.message }), {
status: 200,
headers: { 'Content-Type': 'application/json' },
});
}
}
Reference in New Issue View Git Blame Copy Permalink