salvacybersec/Youtube2Feed
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

api key and security

Browse Source
This commit is contained in:
salvacybersec
2025-11-13 03:40:05 +03:00
parent 763a5a0a01
commit 372ed6401b
7 changed files with 1210 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
src/database.py
View File

@@ -3,6 +3,7 @@ SQLite veritabanı yönetimi modülü
"""
import sqlite3
import os
import re
from datetime import datetime, timezone
from typing import Optional, List, Dict
@@ -89,8 +90,24 @@ class Database:
if self.conn:
self.conn.close()
def _validate_video_id(self, video_id: str) -> bool:
"""Video ID formatını doğrula (SQL injection koruması)"""
if not video_id or len(video_id) > 20:
return False
# YouTube video ID: 11 karakter, alfanumerik + _ -
return bool(re.match(r'^[a-zA-Z0-9_-]{11}$', video_id))
def _validate_channel_id(self, channel_id: str) -> bool:
"""Channel ID formatını doğrula (SQL injection koruması)"""
if not channel_id or len(channel_id) > 50:
return False
# YouTube channel ID: UC ile başlayan 24 karakter
return bool(re.match(r'^UC[a-zA-Z0-9_-]{22}$', channel_id))
def is_video_processed(self, video_id: str) -> bool:
"""Video işlenmiş mi kontrol et"""
if not self._validate_video_id(video_id):
raise ValueError(f"Geçersiz video_id formatı: {video_id}")
cursor = self.conn.cursor()
cursor.execute("SELECT video_id FROM videos WHERE video_id = ?", (video_id,))
return cursor.fetchone() is not None
@@ -107,16 +124,26 @@ class Database:
def add_video(self, video_data: Dict):
"""Yeni video ekle (status=0 olarak)"""
# Input validation
video_id = video_data.get('video_id')
channel_id = video_data.get('channel_id')
if not self._validate_video_id(video_id):
raise ValueError(f"Geçersiz video_id formatı: {video_id}")
if channel_id and not self._validate_channel_id(channel_id):
raise ValueError(f"Geçersiz channel_id formatı: {channel_id}")
cursor = self.conn.cursor()
cursor.execute("""
INSERT OR IGNORE INTO videos
(video_id, channel_id, video_title, video_url, published_at_utc, transcript_status)
VALUES (?, ?, ?, ?, ?, 0)
""", (
video_data['video_id'],
video_data.get('channel_id'),
video_data.get('video_title'),
video_data.get('video_url'),
video_id,
channel_id,
video_data.get('video_title', '')[:500], # Max length
video_data.get('video_url', '')[:500], # Max length
video_data.get('published_at_utc')
))
self.conn.commit()
@@ -124,6 +151,13 @@ class Database:
def update_video_transcript(self, video_id: str, raw: str, clean: str,
status: int, language: Optional[str] = None):
"""Video transcript'ini güncelle"""
# Input validation
if not self._validate_video_id(video_id):
raise ValueError(f"Geçersiz video_id formatı: {video_id}")
if status not in [0, 1, 2]:
raise ValueError(f"Geçersiz status değeri: {status}")
cursor = self.conn.cursor()
now_utc = datetime.now(timezone.utc).isoformat()
cursor.execute("""
@@ -141,6 +175,13 @@ class Database:
def get_processed_videos(self, limit: Optional[int] = None,
channel_id: Optional[str] = None) -> List[Dict]:
"""İşlenmiş videoları getir (status=1)"""
# Input validation
if channel_id and not self._validate_channel_id(channel_id):
raise ValueError(f"Geçersiz channel_id formatı: {channel_id}")
if limit is not None and (not isinstance(limit, int) or limit < 1 or limit > 1000):
raise ValueError(f"Geçersiz limit değeri: {limit} (1-1000 arası olmalı)")
cursor = self.conn.cursor()
query = """
SELECT * FROM videos
@@ -163,6 +204,10 @@ class Database:
def mark_video_failed(self, video_id: str, reason: Optional[str] = None):
"""Video'yu başarısız olarak işaretle (status=2)"""
# Input validation
if not self._validate_video_id(video_id):
raise ValueError(f"Geçersiz video_id formatı: {video_id}")
cursor = self.conn.cursor()
cursor.execute("""
UPDATE videos