Merge remote-tracking branch 'upstream/main'

Author: munishkhatri720

.github/workflows/publish.yml

@@ -11,37 +11,37 @@ jobs:
       MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Setup Java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: zulu
           java-version: 17
           cache: gradle
 
       - name: Setup Gradle
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/actions/setup-gradle@v4
 
       - name: Build and Publish
         run: ./gradlew build publish --no-daemon -PMAVEN_USERNAME=$MAVEN_USERNAME -PMAVEN_PASSWORD=$MAVEN_PASSWORD
 
       - name: Upload common Artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: youtube-common.jar
           path: common/build/libs/youtube-common-*.jar
 
       - name: Upload lldevs Artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: youtube-v2.jar
           path: v2/build/libs/youtube-v2-*.jar
 
       - name: Upload plugin Artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: youtube-plugin.jar
           path: plugin/build/libs/youtube-plugin-*.jar
@@ -52,20 +52,20 @@ jobs:
     if: github.event_name == 'release'
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Download youtube-common Artifact
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: youtube-common.jar
 
       - name: Download youtube-v2 Artifact
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: youtube-v2.jar
 
       - name: Download youtube-plugin Artifact
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: youtube-plugin.jar
 

README.md

@@ -185,43 +185,23 @@ plugins:
 ## Available Clients
 Currently, the following clients are available for use:
 
-- `MUSIC`
-  - ✔ Provides support for searching YouTube music (`ytmsearch:`).
-  - ❌ Cannot be used for playback, or playlist/mix/livestream loading.
-- `WEB`
-  - ✔ Opus formats.
-- `MWEB`
-  - ✔ Opus formats.
-- `WEBEMBEDDED`
-  - ✔ Opus formats.
-  - ✔ Limited age-restricted video playback.
-  - ❌ No mix/playlist/search support.
-- `ANDROID`
-  - ❌ Heavily restricted, frequently dysfunctional.
-- `ANDROID_MUSIC`
-  - ✔ Opus formats.
-  - ❌ No playlist/livestream support.
-- `ANDROID_VR`
-  - ✔ Opus formats.
-- `IOS`
-  - ❌ No Opus formats (requires transcoding).
-- `TV`
-  - ✔ Opus formats.
-  - ✔ OAuth compatibility.
-  - ❌ No mix/playlist/search/video *lookup* support.
-  - ❌ Playback only.
-- `TVHTML5EMBEDDED`
-  - ✔ Opus formats.
-  - ✔ OAuth compatibility.
-  - ❌ No playlist support.
-  - ❌ Playback requires sign-in.
+| Identifier        | Opus Formats | OAuth | Age-restriction Support | Playback Support | Metadata Support             | Additional Notes                                     |
+|-------------------|--------------|-------|-------------------------|------------------|------------------------------|------------------------------------------------------|
+| `MUSIC`           | No           | No    | No                      | No               | Search                       | YouTube music search support via `ytmsearch:` prefix |
+| `WEB`             | Yes          | No    | No                      | Yes + Livestream | Video, Search, Playlist, Mix |                                                      |
+| `MWEB`            | Yes          | No    | No                      | Yes + Livestream | Video, Search, Playlist, Mix |                                                      |
+| `WEBEMBEDDED`     | Yes          | No    | Limited                 | Yes + Livestream | Video                        |                                                      |
+| `ANDROID`         | Yes          | No    | No                      | Yes + Livestream | Video, Search, Playlist, Mix | Heavily restricted, frequently dysfunctional         |
+| `ANDROID_MUSIC`   | Yes          | No    | No                      | Yes              | Video, Search, Mix           |                                                      |
+| `ANDROID_VR`      | Yes          | No    | No                      | Yes + Livestream | Video, Search, Playlist, Mix |                                                      |
+| `IOS`             | No           | No    | No                      | Yes + Livestream | Video, Search, Playlist, Mix |                                                      |
+| `TV`              | Yes          | Yes   | With OAuth              | Yes + Livestream | None                         | Playback requires sign-in                            |
+| `TVHTML5EMBEDDED` | Yes          | Yes   | With OAuth              | Yes + Livestream | Video, Search, Mix           | Playback requires sign-in                            |
 
 > [!NOTE]
+> Clients that do not return Opus formats will require transcoding.
 > Livestreams do not yield Opus formats so will always require transcoding.
 
-> [!NOTE]
-> Assume clients do not work with OAuth unless stated.
-
 
 ## Using OAuth Tokens
 You may notice that some requests are flagged by YouTube, causing an error message asking you to sign in to confirm you're not a bot.
@@ -280,6 +260,17 @@ plugins:
       # cookie: "paste your google account cookie here which your exported from browser"
 ```
 
+### Passing an oauth token from your client
+Another option to use oauth is by using oauth access tokens that are managed from your client. In this case your 
+bot/client provides LavaLink with the token to use when playing a track. To do this simply add the oauth access token 
+to a track's [userData](https://lavalink.dev/api/rest#track) field in a json format when updating the player to 
+play a track like:
+```json
+{
+  "oauth-token": "access token to use"
+}
+```
+
 ## Using a `poToken`
 A `poToken`, also known as a "Proof of Origin Token" is a way to identify what requests originate from.
 In YouTube's case, this is sent as a JavaScript challenge that browsers must evaluate, and send back the resolved

common/src/main/java/dev/lavalink/youtube/YoutubeAudioSourceManager.java

@@ -31,6 +31,7 @@
 import java.io.DataOutput;
 import java.io.IOException;
 import java.net.URI;
+import java.util.Arrays;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -169,6 +170,12 @@ public void setPlaylistPageCount(int count) {
      */
     public void useOauth2(@Nullable String refreshToken, boolean skipInitialization) {
         oauth2Handler.setRefreshToken(refreshToken, skipInitialization);
+
+        if (Arrays.stream(clients).noneMatch(Client::supportsOAuth)) {
+            log.warn("OAuth has been enabled without registering any OAuth-compatible clients. " +
+                "Please consult https://github.com/lavalink-devs/youtube-source?tab=readme-ov-file#available-clients for a list of " +
+                "OAuth-compatible clients.");
+        }
     }
 
     @Nullable

common/src/main/java/dev/lavalink/youtube/YoutubeSource.java

@@ -1,9 +1,16 @@
 package dev.lavalink.youtube;
 
+import dev.lavalink.youtube.clients.Web;
+import dev.lavalink.youtube.clients.WebEmbedded;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.io.IOException;
 import java.io.InputStream;
 
 public class YoutubeSource {
+    private static final Logger log = LoggerFactory.getLogger(YoutubeSource.class);
+
     public static String VERSION = "Unknown";
 
     static {
@@ -22,4 +29,18 @@ public class YoutubeSource {
 
         }
     }
+
+    /**
+     * Sets the given PoToken and VisitorData pair on all POT-supporting clients.
+     * This is a convenience method to allow for setting this from one method call.
+     * @param poToken The poToken to use. This must be paired to the specified visitorData.
+     *                You may specify {@code null} to unset.
+     * @param visitorData The visitorData to use. This must be paired to the specified poToken.
+     *                    You may specify {@code null} to unset.
+     */
+    public static void setPoTokenAndVisitorData(String poToken, String visitorData) {
+        log.debug("Applying pot: {} vd: {} to WEB, WEBEMBEDDED", poToken, visitorData);
+        Web.setPoTokenAndVisitorData(poToken, visitorData);
+        WebEmbedded.setPoTokenAndVisitorData(poToken, visitorData);
+    }
 }

common/src/main/java/dev/lavalink/youtube/cipher/SignatureCipher.java

@@ -17,12 +17,19 @@ public class SignatureCipher {
   public final String scriptTimestamp;
   public final String rawScript;
 
+  public final boolean tceScript;
+  public final String tceVars;
+
   public SignatureCipher(@NotNull String nFunction,
                          @NotNull String timestamp,
-                         @NotNull String rawScript) {
+                         @NotNull String rawScript,
+                         boolean tceScript,
+                         @NotNull String tceVars) {
     this.nFunction = nFunction;
     this.scriptTimestamp = timestamp;
     this.rawScript = rawScript;
+    this.tceScript = tceScript;
+    this.tceVars = tceVars;
   }
 
   /**
@@ -63,7 +70,7 @@ public String apply(@NotNull String text) {
   public String transform(@NotNull String text, @NotNull ScriptEngine scriptEngine) throws ScriptException, NoSuchMethodException {
     String transformed;
 
-    scriptEngine.eval("n=" + nFunction);
+    scriptEngine.eval("n=" + nFunction + (tceScript ? tceVars : ""));
     transformed = (String) ((Invocable) scriptEngine).invokeFunction("n", text);
 
     return transformed;

common/src/main/java/dev/lavalink/youtube/cipher/SignatureCipherManager.java

@@ -45,7 +45,7 @@
 public class SignatureCipherManager {
   private static final Logger log = LoggerFactory.getLogger(SignatureCipherManager.class);
 
-  private static final String VARIABLE_PART = "[a-zA-Z_\\$][a-zA-Z_0-9]*";
+  private static final String VARIABLE_PART = "[a-zA-Z_\\$][a-zA-Z_0-9\\$]*";
   private static final String VARIABLE_PART_DEFINE = "\\\"?" + VARIABLE_PART + "\\\"?";
   private static final String BEFORE_ACCESS = "(?:\\[\\\"|\\.)";
   private static final String AFTER_ACCESS = "(?:\\\"\\]|)";
@@ -89,6 +89,24 @@ public class SignatureCipherManager {
           "\\s*return\"[\\w-]+([A-z0-9-]+)\"\\s*\\+\\s*\\1\\s*}" +
           "\\s*return\\s*(\\2\\.join\\(\"\"\\)|Array\\.prototype\\.join\\.call\\(\\2,.*?\\))};", Pattern.DOTALL);
 
+  private static final Pattern tceGlobalVarsPattern = Pattern.compile(
+      "(?:^|[;,])\\s*(var\\s+([\\w$]+)\\s*=\\s*\"(?:[^\"\\\\]|\\\\.)+\"\\s*\\.\\s*split\\(\"([^\"\\\\]|\\\\.)\"\\))(?=\\s*[,;])"
+  );
+
+  private static final Pattern functionTcePattern = Pattern.compile(
+      "function(?:\\s+[a-zA-Z_\\$][a-zA-Z0-9_\\$]*)?\\(\\w\\)\\{" +
+          "\\w=\\w\\.split\\((?:\"\"|[a-zA-Z0-9_$]*\\[\\d+])\\);" +
+          "\\s*((?:(?:\\w=)?[a-zA-Z_\\$][a-zA-Z0-9_\\$]*(?:\\[\\\"|\\.)[a-zA-Z_\\$][a-zA-Z0-9_\\$]*(?:\\\"\\]|)\\(\\w,\\d+\\);)+)" +
+          "return \\w\\.join\\((?:\"\"|[a-zA-Z0-9_$]*\\[\\d+])\\)}"
+  );
+
+  private static final Pattern nFunctionTcePattern = Pattern.compile(
+      "function\\(\\s*(\\w+)\\s*\\)\\s*\\{" +
+          "\\s*var\\s*(\\w+)=\\1\\.split\\(\\1\\.slice\\(0,0\\)\\),\\s*(\\w+)=\\[.*?];" +
+          ".*?catch\\(\\s*(\\w+)\\s*\\)\\s*\\{" +
+          "\\s*return(?:\"[^\"]+\"|\\s*[a-zA-Z_0-9$]*\\[\\d+])\\s*\\+\\s*\\1\\s*}" +
+          "\\s*return\\s*\\2\\.join\\((?:\"\"|[a-zA-Z_0-9$]*\\[\\d+])\\)};", Pattern.DOTALL);
+
   private final ConcurrentMap<String, SignatureCipher> cipherCache;
   private final Set<String> dumpedScriptUrls;
   private final ScriptEngine scriptEngine;
@@ -244,9 +262,10 @@ private void dumpProblematicScript(@NotNull String script, @NotNull String sourc
 
   private SignatureCipher extractFromScript(@NotNull String script, @NotNull String sourceUrl) {
     Matcher actions = actionsPattern.matcher(script);
-    Matcher nFunctionMatcher = nFunctionPattern.matcher(script);
     Matcher scriptTimestamp = timestampPattern.matcher(script);
 
+    boolean matchedTce = false;
+
     if (!actions.find()) {
       dumpProblematicScript(script, sourceUrl, "no actions match");
       throw new IllegalStateException("Must find action functions from script: " + sourceUrl);
@@ -267,28 +286,62 @@ private SignatureCipher extractFromScript(@NotNull String script, @NotNull Strin
 
     Matcher functions = functionPattern.matcher(script);
     if (!functions.find()) {
-      dumpProblematicScript(script, sourceUrl, "no decipher function match");
-      throw new IllegalStateException("Must find decipher function from script.");
+      functions = functionTcePattern.matcher(script);
+
+      if (!functions.find()) {
+        dumpProblematicScript(script, sourceUrl, "no decipher function match");
+        throw new IllegalStateException("Must find decipher function from script.");
+      }
+
+      matchedTce = true;
     }
 
-    Matcher matcher = extractor.matcher(functions.group(2));
+    Matcher matcher = extractor.matcher(functions.group(matchedTce ? 1 : 2));
 
     if (!scriptTimestamp.find()) {
       dumpProblematicScript(script, sourceUrl, "no timestamp match");
       throw new IllegalStateException("Must find timestamp from script: " + sourceUrl);
     }
 
+    // use matchedTce hint to determine which regex we should use to parse the script.
+    Matcher nFunctionMatcher = matchedTce ? nFunctionTcePattern.matcher(script) : nFunctionPattern.matcher(script);
+
     if (!nFunctionMatcher.find()) {
-      dumpProblematicScript(script, sourceUrl, "no n function match");
-      throw new IllegalStateException("Must find n function from script: " + sourceUrl);
+      // fall back to the opposite of what we used above.
+      nFunctionMatcher = matchedTce ? nFunctionPattern.matcher(script) : nFunctionTcePattern.matcher(script);
+
+      if (!nFunctionMatcher.find()) {
+        dumpProblematicScript(script, sourceUrl, "no n function match");
+        throw new IllegalStateException("Must find n function from script: " + sourceUrl);
+      }
+
+      // unconditionally set this to true.
+      // we either start with the non-tce regex and then fall back to the tce regex,
+      // in which case we have matched a tce script.
+      // otherwise, we first checked with the tce regex but didn't match and defaulted to
+      // the legacy regex, but in this case the variable can only have a value of true.
+      matchedTce = true;
+    }
+
+    Matcher tceVars = tceGlobalVarsPattern.matcher(script);
+    String tceText = "";
+
+    if (!tceVars.find()) {
+      if (matchedTce) {
+        dumpProblematicScript(script, sourceUrl, "no tce variables match");
+        log.warn("Got tce player script but could not find global variables: {}", sourceUrl);
+      }
+    } else {
+      tceText = tceVars.group(1);
     }
 
     String nFunction = nFunctionMatcher.group(0);
     String nfParameterName = DataFormatTools.extractBetween(nFunction, "(", ")");
     // remove short-circuit that prevents n challenge transformation
-    nFunction = nFunction.replaceAll("if\\s*\\(\\s*typeof\\s*\\w+\\s*===?.*?\\)\\s*return\\s+" + nfParameterName + "\\s*;?", "");
+//    nFunction = nFunction.replaceAll("if\\s*\\(\\s*typeof\\s*[\\w$]+\\s*===?.*?\\)\\s*return\\s+" + nfParameterName + "\\s*;?", "");
+    nFunction = nFunction.replaceAll("if\\s*\\(typeof\\s*[^\\s()]+\\s*===?.*?\\)return " + nfParameterName + "\\s*;?", "");
 
-    SignatureCipher cipherKey = new SignatureCipher(nFunction, scriptTimestamp.group(2), script);
+    SignatureCipher cipherKey = new SignatureCipher(nFunction, scriptTimestamp.group(2), script, matchedTce, tceText);
 
     while (matcher.find()) {
       String type = matcher.group(1);

common/src/main/java/dev/lavalink/youtube/http/YoutubeHttpContextFilter.java

@@ -14,6 +14,7 @@
 import org.slf4j.LoggerFactory;
 
 import static com.sedmelluq.discord.lavaplayer.tools.FriendlyException.Severity.COMMON;
+import static dev.lavalink.youtube.http.YoutubeOauth2Handler.OAUTH_INJECT_CONTEXT_ATTRIBUTE;
 
 public class YoutubeHttpContextFilter extends BaseYoutubeHttpContextFilter {
   private static final Logger log = LoggerFactory.getLogger(YoutubeHttpContextFilter.class);
@@ -84,7 +85,12 @@ public void onRequest(HttpClientContext context,
       boolean isRequestFromOauthedClient = context.getAttribute(Client.OAUTH_CLIENT_ATTRIBUTE) == Boolean.TRUE;
 
       if (isRequestFromOauthedClient && request.getURI().toString().contains("/youtubei/v1/player")) {
-        oauth2Handler.applyToken(request);
+        String oauthToken = context.getAttribute(OAUTH_INJECT_CONTEXT_ATTRIBUTE, String.class);
+        if (oauthToken != null && !oauthToken.isEmpty()) {
+          oauth2Handler.applyToken(request, oauthToken);
+        } else {
+          oauth2Handler.applyToken(request);
+        }
         oauthApplied = true;
       }
 

common/src/main/java/dev/lavalink/youtube/http/YoutubeOauth2Handler.java

@@ -40,6 +40,7 @@ public class YoutubeOauth2Handler {
     private static final String CLIENT_SECRET = "SboVhoG9s0rNafixCSGGKXAT";
     private static final String SCOPES = "http://gdata.youtube.com https://www.googleapis.com/auth/youtube";
     private static final String OAUTH_FETCH_CONTEXT_ATTRIBUTE = "yt-oauth";
+    public static final String OAUTH_INJECT_CONTEXT_ATTRIBUTE = "yt-oauth-token";
 
     private final HttpInterfaceManager httpInterfaceManager;
 
@@ -359,6 +360,10 @@ public void applyToken(HttpUriRequest request) {
         }
     }
 
+    public void applyToken(HttpUriRequest request, String token) {
+        request.setHeader("Authorization", String.format("%s %s", "Bearer", token));
+    }
+
     private HttpInterface getHttpInterface() {
         HttpInterface httpInterface = httpInterfaceManager.getInterface();
         httpInterface.getContext().setAttribute(OAUTH_FETCH_CONTEXT_ATTRIBUTE, true);