This Tampermonkey script allows users to play Google Drive videos on CyTube, a platform for synchronized video watching. Here's a detailed breakdown of its components and functionality:
Metadata
javascript
Copy code
// ==UserScript==
//
@NAme Google Drive Video Player for CyTube
// @namespace gdcytube
// @description Play Google Drive videos on CyTube
// @include
https://cytu.be/r/*
// @include
https://www.cytu.be/r/*
// @grant unsafeWindow
// @grant GM_xmlhttpRequest
// @grant GM.xmlHttpRequest
// @connect docs.google.com
// @run-at document-end
// @version 1.7.0
// ==/UserScript==
- @NAme: Name of the script.
- @namespace: Namespace to prevent naming conflicts.
- @description: Short description of the script.
- @include: URLs where the script should run.
- @grant: Permissions the script requires (unsafeWindow for interacting with the webpage's window object, GM_xmlhttpRequest and GM.xmlHttpRequest for making cross-origin requests).
- @connect: Domain allowed for cross-origin requests.
- @run-at: Specifies when the script should run (at the end of the document loading).
Main Script
Utility Functions
- debug: Logs messages to the console.
- httpRequest: Handles HTTP requests, compatible with different versions of Greasemonkey/Tampermonkey.
- ITAG_QMAP and ITAG_CMAP: Maps ITAG values to video quality and content types.
Core Functionality
- getVideoInfo: Fetches video information from Google Drive using the provided video ID.
- Constructs the URL for the request.
- Makes the HTTP GET request.
- Processes the response to extract video metadata.
- Handles various errors (e.g., requiring login, missing video streams).
- mapLinks: Organizes video links by quality using the ITAG mappings.
Polling Mechanism
- getGoogleDriveMetadata_GM: Sets up polling for fetching video metadata.
- Polls for the video ID.
- Calls the callback with the fetched metadata.
- setupGDPoll: Sets up a polling mechanism to handle cross-boundary communication between the browser's JS environment and the script's sandbox.
Compatibility and Initialization
- isTampermonkeyCompatible: Checks if the script is running under a compatible environment (Tampermonkey or Violentmonkey).
- Initialization: Depending on compatibility:
- Directly assigns getVideoInfo to unsafeWindow.getGoogleDriveMetadata.
- Uses the polling workaround for other environments.
javascript
Copy code
if (isTampermonkeyCompatible()) {
unsafeWindow.getGoogleDriveMetadata = getVideoInfo;
} else {
debug('Using non-TM polling workaround');
unsafeWindow.getGoogleDriveMetadata = exportFunction(
getGoogleDriveMetadata_GM, unsafeWindow);
setupGDPoll();
}
unsafeWindow.console.log('Initialized userscript Google Drive player');
unsafeWindow.hasDriveUserscript = true;
unsafeWindow.driveUserscriptVersion = '1.7';
- Initializes the userscript, setting up the necessary functions and indicating that the script is active.
Error Handling
- Catches any errors during the script execution and logs them to the console.
Overall, this script allows CyTube users to fetch and play Google Drive videos by handling the necessary metadata requests and processing the video streams, accommodating different environments with a polling mechanism when required.
Is there anything weird or suspicious going on with the script?
The script appears to be designed for a legitimate purpose: enabling the playback of Google Drive videos on CyTube. However, there are a few points to consider to ensure its safety and legitimacy:
1. Permissions and API Usage
- @grant unsafeWindow: This allows the script to access the webpage's window object, which can be risky if misused. It can potentially interact with or alter the webpage in ways that the user might not expect.
- @grant GM_xmlhttpRequest / GM.xmlHttpRequest: These are necessary for making cross-origin requests, but they also have the potential to be misused for data exfiltration.
2. HTTP Requests to Google
- The script makes requests to https://docs.google.com/get_video_info to fetch video metadata. This is a normal use case for obtaining video streams, but it's important to ensure that these requests are not being used to collect sensitive information.
3. Polling Mechanism
- The script uses a polling mechanism to check for metadata requests, which is a bit unconventional. This might be a workaround for sandbox limitations, but it can also introduce performance overhead and complexity.
4. Potential Privacy Concerns
- The script requires the user to be logged into their Google account to access certain videos. This means that it might be able to access information associated with the user's Google session if misused.
5. Debugging Messages
- The script logs messages to the console, which is typical for debugging. However, excessive logging can sometimes be used to mask other activities.
Recommendations for Verification
- Review the Source: Ensure that the source of the script is trustworthy and well-reviewed by other users.
- Analyze Network Traffic: Use browser developer tools to monitor the network requests made by the script to confirm that no unexpected data is being sent.
- Check for Updates: Ensure that the script is regularly updated and maintained, reducing the risk of security vulnerabilities.
Detailed Review
- Error Handling: The script has robust error handling, which is a good practice.
- Compatibility Handling: The script accounts for different environments (Tampermonkey, Violentmonkey), which indicates thorough development.
- Metadata Mapping: The mapping of video quality and content types is straightforward and seems focused on its intended functionality.
Conclusion
There doesn't appear to be anything overtly malicious or suspicious in the script. However, the use of unsafeWindow and the need for cross-origin requests necessitate a careful review of the source and behavior. Ensuring the script is sourced from a reputable place and monitoring its network activity can help mitigate potential risks.
