feat(auth): add cookie-based authentication for private/restricted video downloads#2
Open
Yinchaochen wants to merge 1 commit intosh13y:mainfrom
Open
feat(auth): add cookie-based authentication for private/restricted video downloads#2Yinchaochen wants to merge 1 commit intosh13y:mainfrom
Yinchaochen wants to merge 1 commit intosh13y:mainfrom
Conversation
Closes sh13y#1 — users can now download login-required or age-restricted Facebook videos by supplying their browser cookies. Two modes are supported: - Per-request: pass a Netscape-format cookie string in the `cookies` field of the JSON body. The string is written to a temp file, used for that request only, and deleted immediately after. - Server-side: set the FB_COOKIES_FILE env var to a cookies.txt path on the server. All requests share that session automatically. Changes: - models.py: add optional `cookies: str` field to VideoDownloadRequest - config.py: add COOKIES_FILE setting backed by FB_COOKIES_FILE env var - video_service.py: resolve cookie source in get_video_info(), pass cookiefile to _extract_info(), clean up temp file in finally block - main.py: forward request.cookies to video_service in both /download and /info endpoints
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Closes #1 — videos that require a Facebook login (friend-only posts, age-restricted reels, etc.) return
"This video is private or not available for download"even when they are publicly visible to any logged-in user.The root cause is that yt-dlp has no session context, so Facebook's CDN rejects the request.
Solution
Add optional cookie authentication in two modes:
1. Per-request cookies (for self-hosted / personal use)
Pass your browser cookies as a Netscape-format string in the
cookiesfield:Export your cookies with the Get cookies.txt LOCALLY Chrome extension, then paste the file contents into the
cookiesfield.2. Server-side cookies file (for shared deployments)
Set the
FB_COOKIES_FILEenvironment variable to a pre-exportedcookies.txtpath on the server. All requests will share that session without requiring callers to send cookies each time:Implementation
app/models.pycookies: strfield toVideoDownloadRequestapp/config.pyCOOKIES_FILEsetting backed byFB_COOKIES_FILEenv varapp/services/video_service.pycookiefileto yt-dlp, delete temp file infinallyapp/main.pyrequest.cookiestovideo_servicein both/downloadand/infoendpointsSecurity notes
tempfile, used for exactly one yt-dlp call, and deleted in afinallyblock — they are never stored on disk beyond the request lifetime.cookiesfield is optional and defaults toNone; existing unauthenticated usage is unchanged.FB_COOKIES_FILEpath is never exposed in API responses.