Commit graph

728 commits

Author SHA1 Message Date
TonyBlu
e7b5cc3a2f
Merge pull request #2 from TonyBlur/codex/rename-project-to-mytube-and-update-references-xpf5ex
fixes
2026-05-01 13:21:41 +08:00
TonyBlu
82a6a51b21 Fix public download ownership routing by key 2026-05-01 12:23:45 +08:00
TonyBlu
d41bd21b60
Merge branch 'master' into codex/rename-project-to-mytube-and-update-references-xpf5ex 2026-05-01 12:10:31 +08:00
TonyBlu
5fec503512 Fix downloads service tests with optional visit header 2026-05-01 11:54:30 +08:00
TonyBlu
0ac4769ca3
Merge pull request #1 from TonyBlur/codex/rename-project-to-mytube-and-update-references
Rebrand to MyTube, add PUBLIC_MODE, update UI and workflows
2026-05-01 11:32:15 +08:00
TonyBlur
6656efabba update README and docker-compose configuration
Co-authored-by: Copilot <copilot@github.com>
2026-05-01 10:24:22 +08:00
TonyBlu
3c32421b2a Use backend download key in frontend queue/done maps 2026-05-01 09:33:45 +08:00
TonyBlu
b0fa114663 Allow same URL downloads for different output types 2026-05-01 09:14:54 +08:00
TonyBlu
85b86cb47f Fix thumbnail completed filename detection 2026-05-01 08:47:18 +08:00
TonyBlu
bcb2560347 Support multi-link input parsing and multiline URL composer UI 2026-05-01 07:47:32 +08:00
TonyBlu
6f1723b44d Add PUBLIC_MODE and ENV_FILE defaults to Dockerfile 2026-04-30 20:56:31 +08:00
TonyBlu
57350924a5 Support loading env vars from .env files in container 2026-04-30 20:51:01 +08:00
TonyBlu
0c3860cf9b Make PUBLIC_MODE per-visit isolated sessions like reclip 2026-04-30 16:11:06 +08:00
TonyBlu
b6da1e0e7a Tighten PUBLIC_MODE isolation and hide subscription option controls 2026-04-30 16:04:03 +08:00
TonyBlu
fdecd20bbc Enforce PUBLIC_MODE client isolation and hide subscribe UI 2026-04-30 15:55:16 +08:00
TonyBlu
d6fa81b5de Fix dist path rename to mytube for Docker/runtime 2026-04-30 15:35:12 +08:00
TonyBlu
44c42b3773 Refresh frontend with cohesive modern UI styling 2026-04-30 14:58:14 +08:00
Alex Shnitman
5d96a581b9 allow filtering out members-only videos in subscriptions (closes #971) 2026-04-28 22:02:05 +03:00
Alex Shnitman
4f83174d05 implement time-clipped downloads (closes #969, replaces #907) 2026-04-26 23:07:50 +03:00
Alex Shnitman
91ee8312bf title filter for subscriptions (closes #968) 2026-04-26 22:51:48 +03:00
dependabot[bot]
d89a5ddbe5
Bump aquasecurity/trivy-action in the github-actions group
Bumps the github-actions group with 1 update: [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).


Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-26 16:12:39 +00:00
Alex Shnitman
abb9492d21 upgrade dependencies 2026-04-21 16:20:39 +03:00
Alex Shnitman
23de9824f0 cr fixes 2026-04-21 16:13:58 +03:00
rdiaz738
0ea934c08f Updated import and fixed race condition 2026-04-20 17:24:16 -07:00
Alex Shnitman
e9f979b349 fix yt-dlp options overrides (closes #958) 2026-04-18 08:46:29 +03:00
Alex Shnitman
ab42325db5 upgrade dependencies 2026-04-16 22:30:42 +03:00
Alex Shnitman
1a32eba474 fix PUBLIC_HOST_URL without a trailing slash (closes #959) 2026-04-16 22:08:08 +03:00
Alex Shnitman
29ccc42409 don't run workflow on README changes 2026-04-13 20:49:10 +03:00
Alex Shnitman
f2d71cbe2e add more CORS details 2026-04-13 20:45:20 +03:00
Alex Shnitman
03f71fd257 fix asterisk CORS_ALLOWED_ORIGINS, mentioned in #955 2026-04-13 19:02:27 +03:00
Alex Shnitman
210c607c53 fix pnpm build 2026-04-12 23:07:22 +03:00
dependabot[bot]
381896901a
Bump softprops/action-gh-release from 2 to 3 in the github-actions group
Bumps the github-actions group with 1 update: [softprops/action-gh-release](https://github.com/softprops/action-gh-release).


Updates `softprops/action-gh-release` from 2 to 3
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v2...v3)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-12 16:12:38 +00:00
Alex Shnitman
4330d3b6c6 fix yt-dlp options examples 2026-04-10 14:06:08 +03:00
Alex Shnitman
06c4a2c4a8 update documentation 2026-04-10 08:38:32 +03:00
Alex Shnitman
388aeb180d Merge branch 'bgervan/master' 2026-04-10 08:10:00 +03:00
Alex Shnitman
aa60420ead document CORS_ALLOWED_ORIGINS variable 2026-04-10 08:09:20 +03:00
Benjamin Gervan
a6e8617ad8 Don't mark live streams as seen 2026-04-10 06:41:45 +02:00
az10b
0072d3488a Fix permissive CORS policy that allows cross-origin attacks
The on_prepare handler unconditionally reflected the Origin request
header into Access-Control-Allow-Origin, and Socket.IO was configured
with cors_allowed_origins='*'. This allowed any website to make
authenticated cross-origin requests to all API endpoints, enabling
cross-origin download initiation, cookie overwrite, and data deletion.

Replace the blanket origin reflection with an explicit allowlist via
the CORS_ALLOWED_ORIGINS environment variable. When unset, cross-origin
requests are denied by default. Users who need cross-origin access can
set CORS_ALLOWED_ORIGINS to a comma-separated list of trusted origins.
2026-04-09 19:45:51 -05:00
Alex Shnitman
0b3645aea1 upgrade dependencies 2026-04-09 21:00:26 +03:00
Alex Shnitman
2c838e3d3d Merge branch 'dependabot/github_actions/github-actions-7530ffc9b9' of https://github.com/alexta69/metube into McSwindler/master 2026-04-09 20:59:13 +03:00
McSwindler
d38d7bd1b1 fix: handle playlists that don't supply video ids 2026-04-09 10:15:11 -05:00
dependabot[bot]
b7709d3536
Bump astral-sh/setup-uv from 6 to 7 in the github-actions group
Bumps the github-actions group with 1 update: [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv).


Updates `astral-sh/setup-uv` from 6 to 7
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/v6...v7)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-05 16:12:43 +00:00
Alex
1f79883b75
Merge pull request #944 from jacinli/codex/fix-subscription-enabled-parsing
Fix string boolean parsing for subscription enabled updates
2026-04-05 10:25:46 +03:00
jacinli
373692ac65 fix: parse string boolean values when updating subscriptions 2026-04-05 14:05:59 +08:00
Alex Shnitman
54680c405c explain yt-dlp configuration in detail 2026-04-04 12:58:47 +03:00
Alex Shnitman
dd0f98d12f change option presets to be multi-select 2026-04-04 10:25:46 +03:00
Alex Shnitman
d41bdf61e2 finalize custom options (closes #563, #482, #261, #681) 2026-04-03 13:20:37 +03:00
copilot-swe-agent[bot]
a02abf5853
Keep override controls on dedicated row
Agent-Logs-Url: https://github.com/alexta69/metube/sessions/aef158da-f919-4a3d-a5ee-b71df51c124d

Co-authored-by: alexta69 <7450369+alexta69@users.noreply.github.com>
2026-04-03 09:21:44 +00:00
copilot-swe-agent[bot]
b16e597125
Fix frontend test typing for override flag
Agent-Logs-Url: https://github.com/alexta69/metube/sessions/31b4274d-cf48-4260-b73b-633cbcd2bb09

Co-authored-by: alexta69 <7450369+alexta69@users.noreply.github.com>
2026-04-03 09:07:34 +00:00
copilot-swe-agent[bot]
6e9b2dd7b3
Gate manual yt-dlp overrides behind flag
Agent-Logs-Url: https://github.com/alexta69/metube/sessions/31b4274d-cf48-4260-b73b-633cbcd2bb09

Co-authored-by: alexta69 <7450369+alexta69@users.noreply.github.com>
2026-04-03 09:05:19 +00:00