diff --git a/shard.yml b/shard.yml
index 0d54a2f98..0e33c2fad 100644
--- a/shard.yml
+++ b/shard.yml
@@ -13,9 +13,10 @@ dependencies:
github: kemalcr/kemal
pg:
github: will/crystal-pg
+ branch: cafe69e
sqlite3:
github: crystal-lang/crystal-sqlite3
-crystal: 0.28.0
+crystal: 0.29.0
license: AGPLv3
diff --git a/src/invidious.cr b/src/invidious.cr
index 83bdc5be4..573855c7d 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -1089,7 +1089,7 @@ post "/login" do |env|
PG_DB.exec("UPDATE users SET preferences = $1 WHERE email = $2", preferences.to_json, user.email)
cookie = env.request.cookies["PREFS"]
- cookie.expires = Time.new(1990, 1, 1)
+ cookie.expires = Time.utc(1990, 1, 1)
env.response.cookies << cookie
end
@@ -1117,7 +1117,7 @@ post "/login" do |env|
next templated "error"
end
- if Crypto::Bcrypt::Password.new(user.password.not_nil!) == password.byte_slice(0, 55)
+ if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55))
sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
PG_DB.exec("INSERT INTO session_ids VALUES ($1, $2, $3)", sid, email, Time.utc)
@@ -1142,7 +1142,7 @@ post "/login" do |env|
# Since this user has already registered, we don't want to overwrite their preferences
if env.request.cookies["PREFS"]?
cookie = env.request.cookies["PREFS"]
- cookie.expires = Time.new(1990, 1, 1)
+ cookie.expires = Time.utc(1990, 1, 1)
env.response.cookies << cookie
end
else
@@ -1260,7 +1260,7 @@ post "/login" do |env|
PG_DB.exec("UPDATE users SET preferences = $1 WHERE email = $2", preferences.to_json, user.email)
cookie = env.request.cookies["PREFS"]
- cookie.expires = Time.new(1990, 1, 1)
+ cookie.expires = Time.utc(1990, 1, 1)
env.response.cookies << cookie
end
end
@@ -1294,7 +1294,7 @@ post "/signout" do |env|
PG_DB.exec("DELETE FROM session_ids * WHERE id = $1", sid)
env.request.cookies.each do |cookie|
- cookie.expires = Time.new(1990, 1, 1)
+ cookie.expires = Time.utc(1990, 1, 1)
env.response.cookies << cookie
end
end
@@ -2064,7 +2064,7 @@ post "/change_password" do |env|
next templated "error"
end
- if Crypto::Bcrypt::Password.new(user.password.not_nil!) != password
+ if !Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password)
error_message = translate(locale, "Incorrect password")
next templated "error"
end
@@ -2120,7 +2120,7 @@ post "/delete_account" do |env|
PG_DB.exec("DROP MATERIALIZED VIEW #{view_name}")
env.request.cookies.each do |cookie|
- cookie.expires = Time.new(1990, 1, 1)
+ cookie.expires = Time.utc(1990, 1, 1)
env.response.cookies << cookie
end
end
diff --git a/src/invidious/helpers/tokens.cr b/src/invidious/helpers/tokens.cr
index 31b70c3be..f946fc2c2 100644
--- a/src/invidious/helpers/tokens.cr
+++ b/src/invidious/helpers/tokens.cr
@@ -86,7 +86,7 @@ def validate_request(token, session, request, key, db, locale = nil)
if token["nonce"]? && (nonce = db.query_one?("SELECT * FROM nonces WHERE nonce = $1", token["nonce"], as: {String, Time}))
if nonce[1] > Time.utc
- db.exec("UPDATE nonces SET expire = $1 WHERE nonce = $2", Time.new(1990, 1, 1), nonce[0])
+ db.exec("UPDATE nonces SET expire = $1 WHERE nonce = $2", Time.utc(1990, 1, 1), nonce[0])
else
raise translate(locale, "Erroneous token")
end
diff --git a/src/invidious/helpers/utils.cr b/src/invidious/helpers/utils.cr
index 37cc2eb84..3ed067ad3 100644
--- a/src/invidious/helpers/utils.cr
+++ b/src/invidious/helpers/utils.cr
@@ -90,7 +90,7 @@ def decode_time(string)
millis = /(?
<%= translate(locale, "Engagement: ") %><%= engagement.round(2) %>%
<% if video.allowed_regions.size != REGIONS.size %>- <% if video.allowed_regions.size < REGIONS.size / 2 %> + <% if video.allowed_regions.size < REGIONS.size // 2 %> <%= translate(locale, "Whitelisted regions: ") %><%= video.allowed_regions.join(", ") %> <% else %> <%= translate(locale, "Blacklisted regions: ") %><%= (REGIONS.to_a - video.allowed_regions).join(", ") %>