Update version to 1.8.8 and enhance video detection features

- Bump version in README.md, manifest.json, SPECIFICATION.md, main.py, and worker.py to 1.8.8.
- Introduce deep manifest interception to detect disguised streams, improving video URL detection capabilities.
- Update documentation to reflect new features and changes in functionality.
- Implement response content-type detection for HLS manifests regardless of URL extension.
- Adjust rate limiting for read and write endpoints to optimize performance.
- Add tests for format hint acceptance and rate limit behavior.

Author: asdfghj1237890

README.md

@@ -8,7 +8,7 @@
 
 **Languages**: **English** (`README.md`) | **繁體中文** (`README.zh-TW.md`)
 
-> Seamlessly capture web video URLs (M3U8 and MP4) from Chrome and download them to your NAS
+> Seamlessly capture web video URLs (M3U8 and MP4) from Chrome and download them to your NAS — even when sites disguise streams with non-standard URLs
 
 > [!IMPORTANT]
 > This project does **not** guarantee every video can be downloaded. Some sites use DRM, expiring URLs, anti-hotlinking, IP restrictions, or change their delivery logic at any time.
@@ -39,7 +39,7 @@
 ## Overview
 
 This system enables you to:
-1. 🔍 Detect M3U8 and MP4 video URLs in Chrome
+1. 🔍 Detect M3U8 and MP4 video URLs in Chrome (including disguised streams)
 2. 📤 Send URLs to your NAS with one click
 3. ⬇️ Automatically download and convert to MP4
 4. 💾 Store videos on your NAS storage
@@ -72,6 +72,7 @@ Chrome Extension → NAS Docker (API + Worker) → Video Storage
 
 ### Chrome Extension
 - ✅ Automatic M3U8 and MP4 URL detection
+- ✅ Deep manifest interception — detects disguised streams (e.g. `.jpg`-wrapped HLS) via fetch/XHR content inspection
 - ✅ One-click send to NAS
 - ✅ Side panel interface for easy access
 - ✅ Real-time download progress
@@ -280,6 +281,7 @@ You can now:
 - ✅ Deploy Docker stack on Synology NAS or any Docker host
 - ✅ Download M3U8 video streams to MP4
 - ✅ Download MP4 videos directly
+- ✅ Detect disguised manifests via JS-level content interception
 - ✅ Use Chrome extension for automatic detection (M3U8 & MP4)
 - ✅ Forward cookies & headers for authenticated streams
 - ✅ Monitor download progress in side panel
@@ -644,6 +646,8 @@ async function detectM3u8Urls(details) {
 WebVideo2NAS/
 ├── chrome-extension/      # Chrome extension source
 │   ├── background.js      # Background service worker
+│   ├── content.js         # Content script (ISOLATED world)
+│   ├── inject.js          # Manifest interceptor (MAIN world)
 │   ├── sidepanel.*        # Extension side panel UI
 │   ├── options/           # Extension options page
 │   ├── icons/             # Extension icons
@@ -735,6 +739,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 <details>
 <summary><strong>Full Changelog (click to expand)</strong></summary>
 
+### [1.8.8] - 2026-03-11
+
+#### Added
+- **Deep manifest interception** (`inject.js`): New MAIN-world content script that patches `fetch()` and `XMLHttpRequest` to inspect the first bytes of every response for `#EXTM3U` signatures — catches HLS manifests served from arbitrary URLs without `.m3u8` extension or correct MIME type (e.g. sites that disguise streams as `.jpg`)
+- **Response Content-Type detection**: Identify HLS manifests by `Content-Type` header regardless of URL extension
+- `format` hint field in download API — allows the extension to tell the backend the stream type even when the URL has no recognizable extension
+
+#### Changed
+- `sendToNAS()` accepts URLs detected by Content-Type or content interception (not just URL pattern)
+- NAS API validator uses `model_validator` to allow `format` hint to bypass URL pattern check
+
+#### Fixed
+- **Rate limit no longer blocks normal usage**: Read-only endpoints (job list, job status) now use a separate, higher rate-limit bucket so side panel polling no longer starves download requests
+
 ### [1.8.6] - 2026-01-13
 
 #### Added
@@ -942,8 +960,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ---
 
-**Version**: 1.8.6  
-**Last Updated**: 2025-12-16  
+**Version**: 1.8.8  
+**Last Updated**: 2026-03-11  
 **Port**: 52052 (NAS host port → API container :8000)
 
 ## Star History

chrome-extension/manifest.json

@@ -1,7 +1,7 @@
 {
   "manifest_version": 3,
   "name": "WebVideo2NAS",
-  "version": "1.8.6",
+  "version": "1.8.8",
   "description": "Send web videos (m3u8, mpd, mp4) to your NAS for download",
   "permissions": [
     "storage",

chrome-extension/tests/background.test.js

@@ -26,6 +26,7 @@ function makeChromeStub() {
     webRequest: {
       onBeforeRequest: { addListener: () => {} },
       onSendHeaders: { addListener: () => {} },
+      onHeadersReceived: { addListener: () => {} },
     },
     action: {
       setBadgeText: () => {},

docs/SPECIFICATION.md

@@ -101,8 +101,8 @@ This document specifies a complete system for capturing web video URLs (m3u8 str
 {
   "manifest_version": 3,
   "name": "WebVideo2NAS",
-  "version": "1.8.6",
-  "description": "Send m3u8 and mp4 videos to your NAS for download",
+  "version": "1.8.8",
+  "description": "Send m3u8, mpd, and mp4 videos to your NAS for download",
   "permissions": [
     "storage",
     "contextMenus",

video-downloader/docker/api/main.py

@@ -44,7 +44,7 @@
 app = FastAPI(
     title="WebVideo2NAS API",
     description="API for managing web video downloads (M3U8 and MP4)",
-    version="1.8.6"
+    version="1.8.8"
 )
 
 # CORS middleware
@@ -107,19 +107,22 @@ def _enforce_client_allowlist(request: Request) -> None:
     raise HTTPException(status_code=403, detail="Client IP not allowed")
 
 
+_RATE_LIMIT_MULTIPLIERS = {"read": 6, "write": 1}
+
 def _rate_limit(request: Request, bucket: str) -> None:
     if RATE_LIMIT_PER_MINUTE <= 0:
         return
+    multiplier = _RATE_LIMIT_MULTIPLIERS.get(bucket, 1)
+    limit = RATE_LIMIT_PER_MINUTE * multiplier
     client_ip = _get_client_ip(request)
     window = int(datetime.utcnow().timestamp() // 60)
     key = f"rl:{bucket}:{client_ip}:{window}"
     try:
         count = redis_client.incr(key)
         redis_client.expire(key, 90)
     except Exception:
-        # If Redis is unavailable, skip rate limiting (avoid breaking core API).
         return
-    if count > RATE_LIMIT_PER_MINUTE:
+    if count > limit:
         raise HTTPException(status_code=429, detail="Rate limit exceeded")
 
 
@@ -204,30 +207,33 @@ def get_db():
     finally:
         db.close()
 
-def verify_api_key(request: Request, authorization: Optional[str] = Header(None)):
-    """Verify API key from Authorization header"""
+def _verify_key_common(request: Request, authorization: Optional[str], bucket: str) -> str:
     _enforce_client_allowlist(request)
-    _rate_limit(request, bucket="auth")
+    _rate_limit(request, bucket=bucket)
     if not API_KEY or API_KEY.strip() == "" or API_KEY.strip() == "change-this-key":
         raise HTTPException(status_code=503, detail="Server not configured: API_KEY is not set")
     if not authorization:
         raise HTTPException(status_code=401, detail="Missing Authorization header")
-    
-    # Support both "Bearer TOKEN" and just "TOKEN"
     token = authorization.replace("Bearer ", "").strip()
-    
     if token != API_KEY:
         raise HTTPException(status_code=401, detail="Invalid API key")
-    
     return token
 
+def verify_api_key(request: Request, authorization: Optional[str] = Header(None)):
+    """Verify API key — write-endpoint rate limit (RATE_LIMIT_PER_MINUTE)."""
+    return _verify_key_common(request, authorization, bucket="write")
+
+def verify_api_key_read(request: Request, authorization: Optional[str] = Header(None)):
+    """Verify API key — read-endpoint rate limit (6x write limit)."""
+    return _verify_key_common(request, authorization, bucket="read")
+
 # Routes
 @app.get("/")
 async def root():
     """Root endpoint"""
     return {
         "name": "WebVideo2NAS API",
-        "version": "1.8.6",
+        "version": "1.8.8",
         "status": "running"
     }
 
@@ -316,7 +322,7 @@ async def list_jobs(
     status: Optional[str] = None,
     limit: int = 50,
     db: Session = Depends(get_db),
-    api_key: str = Depends(verify_api_key)
+    api_key: str = Depends(verify_api_key_read)
 ):
     """List all jobs with optional status filter"""
     try:
@@ -363,7 +369,7 @@ async def list_jobs(
 async def get_job(
     job_id: str,
     db: Session = Depends(get_db),
-    api_key: str = Depends(verify_api_key)
+    api_key: str = Depends(verify_api_key_read)
 ):
     """Get details of a specific job"""
     try:
@@ -430,7 +436,7 @@ async def delete_job(
 @app.get("/api/status", response_model=SystemStatus)
 async def get_status(
     db: Session = Depends(get_db),
-    api_key: str = Depends(verify_api_key)
+    api_key: str = Depends(verify_api_key_read)
 ):
     """Get system status"""
     try:

video-downloader/docker/api/tests/test_api_validation.py

@@ -41,3 +41,23 @@ def test_download_request_allows_localhost_when_ssrf_guard_disabled(monkeypatch)
     api_main = _reload_api_main(monkeypatch, SSRF_GUARD="false")
     r = api_main.DownloadRequest(url="http://127.0.0.1/video.mp4")
     assert str(r.url).startswith("http://127.0.0.1")
+
+
+def test_download_request_accepts_format_hint_for_non_standard_url(monkeypatch):
+    api_main = _reload_api_main(monkeypatch, SSRF_GUARD="false")
+    r = api_main.DownloadRequest(
+        url="https://example.com/stream/index.jpg",
+        format="m3u8",
+    )
+    assert r.format == "m3u8"
+
+
+def test_download_request_rejects_non_standard_url_without_format_hint(monkeypatch):
+    api_main = _reload_api_main(monkeypatch, SSRF_GUARD="false")
+    with pytest.raises(Exception):
+        api_main.DownloadRequest(url="https://example.com/stream/index.jpg")
+
+
+def test_rate_limit_read_bucket_has_higher_limit(monkeypatch):
+    api_main = _reload_api_main(monkeypatch, RATE_LIMIT_PER_MINUTE="10")
+    assert api_main._RATE_LIMIT_MULTIPLIERS["read"] > api_main._RATE_LIMIT_MULTIPLIERS["write"]

video-downloader/docker/worker/worker.py

@@ -1134,7 +1134,7 @@ def main():
     """Main entry point"""
     logger.info("="*50)
     logger.info("WebVideo2NAS Worker")
-    logger.info("Version: 1.8.6")
+    logger.info("Version: 1.8.8")
     logger.info("="*50)
 
     # Wait for database to be ready