fahricansecer/indir-fe
1
0
Fork 0
generated from fahricansecer/boilerplate-fe
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ce7702b1cb21658deb78581b23359e7810a105bc
indir-fe/plans/social-media-downloader-plan.md
Fahri Can ce7702b1cb
All checks were successful
UI Deploy - indir.bilgich.com 🎨 / build-and-deploy (push) Successful in 4m8s
Details
main
2026-03-06 15:44:44 +03:00

522 lines
12 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Sosyal Medya İndirici - Mimari Plan
> **Tarih:** 2026-03-05
> **Öncelik:** Yüksek
> **Karmaşıklık:** Düşük-Orta
> **Yaklaşım:** Basit ve Minimal
---
## 📋 Özet
Sosyal medya platformlarından (Instagram, YouTube, TikTok, X, Facebook vb.) video/post indirme özelliği. Kullanıcı bir URL girer, sistem içeriği tespit eder ve indirir.
### Basitleştirilmiş Gereksinimler
- ❌ Auth/giriş sistemi **YOK** (herkes kullanabilir)
- ✅ Basit IP-based rate limiting (abuse önleme)
- ✅ Public Cobalt API kullanımı
- ✅ Minimal ve temiz UI
---
## 🎯 Gereksinimler
### Fonksiyonel Gereksinimler
- URL input ile çoklu platform desteği
- Tek tıkla indirme
- Video kalite seçimi (mümkünse)
- İndirme ilerleme durumu
- Hata yönetimi ve kullanıcı bildirimleri
### Fonksiyonel Olmayan Gereksinimler
- **Güvenlik:** Rate limiting, input validation, abuse prevention
- **Performans:** Async processing, streaming downloads
- **UX:** Responsive design, dark/light mode, i18n support
- **Reliability:** Error recovery, timeout handling
---
## 🏗️ Mimari Tasarım
### High-Level Architecture
```mermaid
flowchart TB
subgraph Frontend[Frontend - Next.js]
UI[Download Page]
Form[URL Input Form]
Progress[Progress Indicator]
Result[Download Result]
end
subgraph API[Next.js API Routes]
Validate[Input Validation]
Detect[Platform Detection]
RateLimit[Rate Limiter]
Download[Download Handler]
end
subgraph External[External Services]
Cobalt[Cobalt API]
YtDlp[yt-dlp wrapper]
Direct[Direct URL Fetch]
end
UI --> Form
Form --> Validate
Validate --> RateLimit
RateLimit --> Detect
Detect --> Download
Download --> Cobalt
Download --> YtDlp
Download --> Direct
Cobalt --> Result
YtDlp --> Result
Direct --> Result
```
---
## 🔐 Güvenlik Katmanları
### 1. Input Validation & Sanitization
```typescript
// src/lib/utils/url-validator.ts
const ALLOWED_DOMAINS = [
"youtube.com",
"youtu.be",
"instagram.com",
"instagr.am",
"tiktok.com",
"vm.tiktok.com",
"twitter.com",
"x.com",
"facebook.com",
"fb.watch",
"vimeo.com",
"pinterest.com",
];
export function validateUrl(url: string): ValidationResult {
// 1. URL format check
// 2. Protocol check (https only)
// 3. Domain whitelist check
// 4. XSS prevention
// 5. SQL injection prevention
}
```
### 2. Rate Limiting
```typescript
// src/lib/security/rate-limiter.ts
const RATE_LIMIT_CONFIG = {
anonymous: { requests: 5, window: 3600 }, // 5 requests/hour
authenticated: { requests: 20, window: 3600 }, // 20 requests/hour
premium: { requests: 100, window: 3600 }, // 100 requests/hour
};
```
**Stratejiler:**
- IP-based limiting (Redis/Memory store)
- User-based limiting (auth token)
- Global rate limit (DDoS prevention)
### 3. Abuse Prevention
- **URL Pattern Blocking:** Malicious patterns engelleme
- **Bot Detection:** User-agent analysis
- **Request Fingerprinting:** Browser fingerprinting
- **CAPTCHA:** Şüpheli aktivitede CAPTCHA tetikleme
### 4. Content Security
- **Virus Scanning:** İndirilen dosyaları tara
- **File Size Limits:** Maksimum dosya boyutu
- **Content-Type Validation:** Sadece izin verilen formatlar
---
## 📁 Dosya Yapısı
```
src/
├── app/
│ ├── [locale]/
│ │ └── (site)/
│ │ └── download/
│ │ └── page.tsx # Download page
│ └── api/
│ └── download/
│ ├── route.ts # Main download endpoint
│ └── info/
│ └── route.ts # Get video info endpoint
├── components/
│ └── site/
│ └── download/
│ ├── download-form.tsx # URL input form
│ ├── download-result.tsx # Result display
│ ├── platform-badge.tsx # Platform indicator
│ ├── quality-selector.tsx # Quality options
│ └── download-progress.tsx # Progress indicator
├── lib/
│ ├── api/
│ │ └── download/
│ │ ├── types.ts # TypeScript interfaces
│ │ ├── service.ts # API service functions
│ │ └── use-hooks.ts # React Query hooks
│ ├── download/
│ │ ├── platform-detector.ts # URL -> Platform mapping
│ │ ├── cobalt-client.ts # Cobalt API client
│ │ └── download-manager.ts # Download orchestration
│ └── security/
│ ├── rate-limiter.ts # Rate limiting logic
│ ├── url-validator.ts # URL validation
│ └── abuse-detector.ts # Abuse detection
└── types/
└── download.ts # Shared types
```
---
## 🔌 API Endpoints
### POST /api/download
**Request:**
```typescript
interface DownloadRequest {
url: string; // Sosyal medya URL
quality?: "high" | "medium" | "low";
format?: "mp4" | "mp3" | "webm";
}
```
**Response:**
```typescript
interface DownloadResponse {
success: boolean;
data?: {
downloadUrl: string;
filename: string;
fileSize: number;
platform: Platform;
metadata: VideoMetadata;
};
error?: {
code: ErrorCode;
message: string;
};
}
```
### POST /api/download/info
**Request:**
```typescript
interface InfoRequest {
url: string;
}
```
**Response:**
```typescript
interface InfoResponse {
success: boolean;
data?: {
platform: Platform;
title: string;
thumbnail: string;
duration: number;
qualities: QualityOption[];
};
}
```
---
## 🌐 Platform Detection Algorithm
```typescript
// src/lib/download/platform-detector.ts
interface PlatformConfig {
name: Platform;
domains: string[];
patterns: RegExp[];
extractor: ExtractorType;
}
const PLATFORM_CONFIGS: PlatformConfig[] = [
{
name: "youtube",
domains: ["youtube.com", "youtu.be", "music.youtube.com"],
patterns: [
/youtube\.com\/watch\?v=[\w-]+/,
/youtu\.be\/[\w-]+/,
/youtube\.com\/shorts\/[\w-]+/,
],
extractor: "cobalt",
},
{
name: "instagram",
domains: ["instagram.com", "instagr.am"],
patterns: [/instagram\.com\/(p|reel|tv)\/[\w-]+/],
extractor: "cobalt",
},
{
name: "tiktok",
domains: ["tiktok.com", "vm.tiktok.com"],
patterns: [/tiktok\.com\/@[\w.]+\/video\/\d+/, /vm\.tiktok\.com\/[\w-]+/],
extractor: "cobalt",
},
{
name: "twitter",
domains: ["twitter.com", "x.com"],
patterns: [/twitter\.com\/\w+\/status\/\d+/, /x\.com\/\w+\/status\/\d+/],
extractor: "cobalt",
},
{
name: "facebook",
domains: ["facebook.com", "fb.watch"],
patterns: [/facebook\.com\/.*\/videos\/\d+/, /fb\.watch\/[\w-]+/],
extractor: "cobalt",
},
];
export function detectPlatform(url: string): Platform | null {
const urlObj = new URL(url);
for (const config of PLATFORM_CONFIGS) {
if (config.domains.some((d) => urlObj.hostname.includes(d))) {
return config.name;
}
}
return null;
}
```
---
## 🎨 UI Component Hierarchy
```mermaid
flowchart TD
Page[DownloadPage] --> Form[DownloadForm]
Page --> Result[DownloadResult]
Form --> Input[URLInput]
Form --> PlatformBadge[PlatformBadge]
Form --> QualitySelector[QualitySelector]
Form --> SubmitButton[SubmitButton]
Result --> Progress[DownloadProgress]
Result --> SuccessResult[SuccessResult]
Result --> ErrorResult[ErrorResult]
Progress --> ProgressBar[ProgressBar]
Progress --> StatusText[StatusText]
SuccessResult --> FilePreview[FilePreview]
SuccessResult --> DownloadButton[DownloadButton]
ErrorResult --> ErrorIcon[ErrorIcon]
ErrorResult --> ErrorMessage[ErrorMessage]
ErrorResult --> RetryButton[RetryButton]
```
---
## 🔄 Veri Akışı
```mermaid
sequenceDiagram
participant User
participant Frontend
participant API as Next.js API
participant Validator
participant RateLimiter
participant Cobalt as Cobalt API
User->>Frontend: URL Gir + İndir
Frontend->>Frontend: URL Format Validation
Frontend->>API: POST /api/download/info
API->>Validator: Validate URL
Validator-->>API: Valid
API->>RateLimiter: Check Rate Limit
RateLimiter-->>API: Allowed
API->>Cobalt: Get Video Info
Cobalt-->>API: Video Metadata
API-->>Frontend: Info Response
Frontend->>User: Show Options
User->>Frontend: Select Quality
Frontend->>API: POST /api/download
API->>Cobalt: Request Download
Cobalt-->>API: Download URL
API-->>Frontend: Download Response
Frontend->>User: Download File
```
---
## 🛡️ Güvenlik Checklist
### Input Security
- [ ] URL format validation
- [ ] Protocol whitelist (https only)
- [ ] Domain whitelist
- [ ] XSS prevention (DOMPurify)
- [ ] SQL injection prevention
- [ ] Path traversal prevention
### Rate Limiting
- [ ] IP-based limiting
- [ ] User-based limiting (authenticated)
- [ ] Global request limiting
- [ ] Sliding window algorithm
### Content Security
- [ ] File type validation
- [ ] File size limits
- [ ] Virus/malware scanning (optional)
- [ ] Content-Disposition headers
### API Security
- [ ] CSRF protection
- [ ] Content-Type validation
- [ ] Request size limits
- [ ] Timeout handling
---
## 📊 Error Handling Strategy
| Error Code | Message | User Action |
| ---------------------- | -------------------------- | ---------------------------- |
| `INVALID_URL` | Geçersiz URL formatı | URL'yi kontrol et |
| `UNSUPPORTED_PLATFORM` | Bu platform desteklenmiyor | Desteklenen platformları gör |
| `RATE_LIMIT_EXCEEDED` | Çok fazla istek | Bekle veya giriş yap |
| `VIDEO_NOT_FOUND` | Video bulunamadı | URL'yi kontrol et |
| `VIDEO_PRIVATE` | Video özel/gizli | Herkese açık video kullan |
| `DOWNLOAD_FAILED` | İndirme başarısız | Tekrar dene |
| `FILE_TOO_LARGE` | Dosya çok büyük | Düşük kalite seç |
---
## 🧪 Test Strategy
### Unit Tests
- URL validator fonksiyonları
- Platform detector logic
- Rate limiter calculations
- API service functions
### Integration Tests
- API endpoint tests
- External API mock tests
- Error scenario tests
### E2E Tests
- Complete download flow
- Error handling UI
- Rate limit scenarios
---
## 📦 Dependencies
### Production
```json
{
"axios": "^1.x",
"zod": "^3.x"
}
```
### Development
```json
{
"@types/node": "^20",
"vitest": "^1.x",
"msw": "^2.x"
}
```
---
## 🚀 Implementation Phases
### Phase 1: Core Infrastructure
1. URL validation ve platform detection
2. API route structure
3. Basic UI components
### Phase 2: External API Integration
1. Cobalt API client
2. Download orchestration
3. Error handling
### Phase 3: Security Layer
1. Rate limiting implementation
2. Abuse detection
3. Input sanitization
### Phase 4: UI/UX Polish
1. Progress indicators
2. Responsive design
3. Dark/light mode
4. i18n translations
### Phase 5: Testing & Optimization
1. Unit tests
2. Integration tests
3. Performance optimization
---
## 💡 Önemli Notlar
1. **Cobalt API:**ık kaynaklı, self-hosted bir sosyal medya indirici API. Kullanımı için:
- Self-hosted instance (önerilen)
- Public instance (rate limit riski)
2. **Copyright Uyarısı:** Kullanıcılara telif hakkı uyarısı gösterilmeli
3. **Terms of Service:** Her platformun ToS'u kontrol edilmeli
4. **Monitoring:** API kullanımı ve hata oranları izlenmeli
---
## ❓ Açık Sorular
1. Cobalt API self-hosted mu kullanılacak yoksa public instance mi?
2. Video maksimum boyutu ne olacak?
3. Oturum açmamış kullanıcılar için limit ne kadar?
4. İndirilen dosyalar sunucuda saklanacak mı (cache)?
Reference in New Issue View Git Blame Copy Permalink