search

z-huang / InnerTune

A Material 3 YouTube Music client for Android
GNU General Public License v3.0
4.76k stars 287 forks source link

Allow age restricted songs to play by sending age check confirmation #1676

Closed gechoto closed 3 weeks ago

gechoto commented 3 weeks ago

Before:

"playabilityStatus": {
    "status": "AGE_CHECK_REQUIRED",
    "reason": "This video may be inappropriate for some users.",
    [...]
},

After:

"playabilityStatus": {
    "status": "OK",
    "playableInEmbed": true
},

This implements what the desktop/web player does when you click the button to confirm your age.

I guess you still need to be logged in for this to work. I haven't tested without login but it works with my account.

Maybe fixes https://github.com/z-huang/InnerTune/issues/1442

gechoto commented 3 weeks ago

This does not seem to work anymore since you switched to the IOS client: https://github.com/z-huang/InnerTune/commit/dc6bfce4b70547e8205f84fb2c6963f8acf232b7

Now I have to find out how this is done on IOS but I don't have an IOS device for testing. Can someone with an IOS device help out?

gechoto commented 3 weeks ago

Just saw that ViTune also added this contentCheckOk:

https://github.com/25huizengek1/ViTune/commit/504b6f717b6b3bef8e71e7ff976a0a2fed4c4e0d

but in ViTune it is a String instead of a Boolean. I'm not sure why. I can't test if it makes a difference currently since this confirmation seems to have a cooldown (currently I can play age restricted songs without confirming).

gechoto commented 3 weeks ago

@25huizengek1 what is the reason you made this contentCheckOk field a string instead of a boolean?

25huizengek1 commented 3 weeks ago

@gechoto I actually can't recall, it was a really rushed debugging session in order to fix streaming for ViTune. During testing it didn't seem to matter though.

gechoto commented 3 weeks ago

@25huizengek1 how did you find all the values needed for the IOS client? Do you have a real IOS device for testing?

@z-huang I currently can't get age restricted songs to work with the IOS client. Would it be okay as a quick fix to re-add the ANDROID_MUSIC client? We could maybe do something like this:

z-huang commented 3 weeks ago

It's okay. You can add it in this PR.

gitguardian[bot] commented 3 weeks ago

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

Since your pull request originates from a forked repository, GitGuardian is not able to associate the secrets uncovered with secret incidents on your GitGuardian dashboard. Skipping this check run and merging your pull request will create secret incidents on your GitGuardian dashboard.

🔎 Detected hardcoded secret in your pull request
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | | | -------------- | ------------------ | ------------------------------ | ---------------- | --------------- | -------------------- | | [14305798](https://dashboard.gitguardian.com/workspace/104194/incidents/14305798) | Triggered | Google API Key | 93ac47718d47a34593abab54054b1aaf314d8162 | innertube/src/main/java/com/zionhuang/innertube/models/YouTubeClient.kt | [View secret](https://github.com/z-huang/InnerTune/commit/93ac47718d47a34593abab54054b1aaf314d8162#diff-cec08a0a0aaec41edae40dba5a59b19cc5282eb6821ffa4c8cc6726f05b086e4L71) |
🛠 Guidelines to remediate hardcoded secrets
1. Understand the implications of revoking this secret by investigating where it is used in your code. 2. Replace and store your secret safely. [Learn here](https://blog.gitguardian.com/secrets-api-management?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment) the best practices. 3. Revoke and [rotate this secret](https://docs.gitguardian.com/secrets-detection/secrets-detection-engine/detectors/specifics/googleaiza#revoke-the-secret?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment). 4. If possible, [rewrite git history](https://blog.gitguardian.com/rewriting-git-history-cheatsheet?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment). Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data. To avoid such incidents in the future consider - following these [best practices](https://blog.gitguardian.com/secrets-api-management/?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment) for managing and storing secrets including API keys and other credentials - install [secret detection on pre-commit](https://docs.gitguardian.com/ggshield-docs/integrations/git-hooks/pre-commit?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment) to catch secret before it leaves your machine and ease remediation.

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

gechoto commented 3 weeks ago

@z-huang done. I suggest to squash the commits on merge.

25huizengek1 commented 3 weeks ago

@gechoto Since I don't own any Apple devices, I just tried different combinations of versions (or user agents) I found in the community: for example yt-dlp, https://github.com/zerodytrash/YouTube-Internal-Clients, NewPipeExtractor, etc.

The rest of the values I got myself by just guessing from the traffic on desktop and Android.