#!/bin/bash _invidiousPsql() { runFileOp docker exec -i invidious-db psql -U kemal -d invidious -At -c "$1" 2>&1 } _invidiousBcrypt() { if ! command -v htpasswd >/dev/null 2>&1; then isError "htpasswd is required to bcrypt the password."; return 1 fi htpasswd -bnBC 10 "" "$1" | tr -d ':\n' } authAdapter_invidious_setPassword() { local user="$1" password="$2" [[ -z "$user" ]] && { isError "Email/username is required."; return 1; } [[ -z "$password" ]] && password=$(generateRandomPassword) local hash; hash=$(_invidiousBcrypt "$password") || return 1 local esc_hash="${hash//\'/\'\'}" local esc_user="${user//\'/\'\'}" local out; out=$(_invidiousPsql "UPDATE users SET password = E'$esc_hash' WHERE email = E'$esc_user' RETURNING email;") if [[ -z "$out" ]]; then isError "No Invidious user with email '$user'."; return 1; fi if [[ "$user" == "${CFG_INVIDIOUS_ADMIN_USER:-}" ]]; then authPersistCfg invidious ADMIN_PASSWORD "$password" fi isSuccessful "Invidious password set for $user — New password: $password" } authAdapter_invidious_createUser() { local user="$1" password="$2" _email="$3" isAdmin="$4" [[ -z "$user" ]] && { isError "Email is required (Invidious uses email as username)."; return 1; } [[ -z "$password" ]] && password=$(generateRandomPassword) local hash; hash=$(_invidiousBcrypt "$password") || return 1 local esc_hash="${hash//\'/\'\'}" esc_user="${user//\'/\'\'}" local out; out=$(_invidiousPsql "INSERT INTO users (email, password, updated, notifications, subscriptions, preferences, token, watched, feed_needs_update) VALUES (E'$esc_user', E'$esc_hash', now(), array[]::text[], array[]::text[], '{}', '', array[]::text[], true) RETURNING email;") if [[ -z "$out" ]]; then isError "Invidious create failed: $out"; return 1; fi if [[ "$isAdmin" == "true" && -z "${CFG_INVIDIOUS_ADMIN_USER:-}" ]]; then authPersistCfg invidious ADMIN_USER "$user" authPersistCfg invidious ADMIN_PASSWORD "$password" fi isSuccessful "Invidious user created — Email: $user — Password: $password" } authAdapter_invidious_listUsers() { _invidiousPsql "SELECT 'EZ_USER' || E'\t' || email || E'\t' || email || E'\t-' FROM users ORDER BY email;" } authAdapter_invidious_deleteUser() { local user="$1" [[ -z "$user" ]] && { isError "Email is required."; return 1; } local esc="${user//\'/\'\'}" local out; out=$(_invidiousPsql "DELETE FROM users WHERE email = E'$esc' RETURNING email;") [[ -z "$out" ]] && { isError "No Invidious user '$user'."; return 1; } isSuccessful "Invidious user '$user' deleted." } authAdapter_invidious_setAdmin() { isNotice "Invidious admin status is configured in invidious.yml — not editable via the WebUI." return 1 }