* Able to authenticate user against IndieAuth. For #1273
* WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272
* Add migration to remove access tokens from user
* Add authenticated bool to user for display purposes
* Add indieauth modal and auth flair to display names. For #1273
* Validate URLs and display errors
* Renames, cleanups
* Handle relative auth endpoint paths. Add error handling for missing redirects.
* Disallow using display names in use by registered users. Closes#1810
* Verify code verifier via code challenge on callback
* Use relative path to authorization_endpoint
* Post-rebase fixes
* Use a timestamp instead of a bool for authenticated
* Propertly handle and display error in modal
* Use auth'ed timestamp to derive authenticated flag to display in chat
* don't redirect unless a URL is present
avoids redirecting to `undefined` if there was an error
* improve error message if owncast server URL isn't set
* fix IndieAuth PKCE implementation
use SHA256 instead of SHA1, generates a longer code verifier (must be 43-128 chars long), fixes URL-safe SHA256 encoding
* return real profile data for IndieAuth response
* check the code verifier in the IndieAuth server
* Linting
* Add new chat settings modal anad split up indieauth ui
* Remove logging error
* Update the IndieAuth modal UI. For #1273
* Add IndieAuth repsonse error checking
* Disable IndieAuth client if server URL is not set.
* Add explicit error messages for specific error types
* Fix bad logic
* Return OAuth-keyed error responses for indieauth server
* Display IndieAuth error in plain text with link to return to main page
* Remove redundant check
* Add additional detail to error
* Hide IndieAuth details behind disclosure details
* Break out migration into two steps because some people have been runing dev in production
* Add auth option to user dropdown
Co-authored-by: Aaron Parecki <aaron@parecki.com>
* add videotoolbox codec
* add -realtime flag for medium and below quality
* add quality level to extra arguments
* use variant flags instead of extra arguments
* add videotoolbox test
* fix test
* Support webfinger requests for the live account. Closes https://github.com/owncast/owncast/issues/1193
* Support for actor requests. Returns response for live actor. Closes https://github.com/owncast/owncast/issues/1203
* Handle follow and unfollow requests. Closes
https://github.com/owncast/owncast/issues/1191 and https://github.com/owncast/owncast/issues/1205 and https://github.com/owncast/owncast/issues/1206 and https://github.com/owncast/owncast/issues/1194
* Add basic support for sending out text activities. For https://github.com/owncast/owncast/issues/1192
* Some error handling and passing of dynamic local account names.
* Add hardcoded example image attachment to test post
* Centralize the map of accounts and inboxes
* No longer disable the preview generator based on YP toggle
* Send a federated message to followers when stream starts. For https://github.com/owncast/owncast/issues/1192
* Placeholder for attaching tags
* Add image description
* Save and get to outbox persistence. Return using outbox endpoint for actor
* Pass payloads to be handled through the gochan
* Handle undo follow requests explitly, not all undo requests
* Add API for manually sending simple federated messages. Closes#1215
* Verify inbox requests. Closes#1321
* Add route to fetch a single AP object by ID. For #1329
* Add responses to fediverse nodeinfo requests
* Set and get federation config values for admin
* Handle host-meta requests
* Do not send out message if disabled. Use saved go live message.
* Require AP-compatible content types for AP-related requests
* Rename ap models to apmodels for clarity
* Change how content type matching takes place.
* io -> ioutil
* Add stub delete activity callback
* Handle likes and announces to surface engagement in chat. Part of #1229
* Append url to go live posts
* Do not require specific content types for nodeinfo requests
* Add follow engagement chat message via AP
* add owncast user-agent to requests
* Set note visibility to public (for now)
* Fix saving/fetching a single object
* Add support for x-nodeinfo2 responses
* Point to the dev admin branch for ap
* Bundle in dev admin for testing
* Add error logging
* Add AP middleware back
* Point to the new external compatible logo endpoint
* Clean up more AP logging to help testing
* Tweak go live text and link hashtags
* Fix bug in fetching init time
* Send update actor activities when server details/profile is updated
* Add federation config overview to web client config
* Add additional actor properties
* Make the AP middleware checking more flexible when looking at types
* First pass at remote fediverse follow flow. For #1371
* Added a basic AP actor followers endpoint
* WIP client followers API
* Add profile-page reference to webfinger response
* Add aliases to webfinger response
* Fix content-type returned to be expected activitypub+json
* First pass at followers api
* Point at local dev copy of go-fed/activity
* Add custom toot Hashtag objects to posts
* Store additional user details to followers table
* Fix AP followers endpoint. Closes#1204
* Add owncast hashtag as an invisible tag to go live posts
* Reject AP requests when it is disabled
* Add actor util for generating full account user from person object
* Verify inbox requests before performing any other work
* Accept actor update requests
* Fix linter errors in federation branch
* Migrate AP SQL to sqlc for type safe queries
* Use the @unclearParadigm REST parameter helper
* Fix verifying post ID on AP engagement
* WIP privacy/request approval
* Style the remote follow modal
* First pass at a followers list component w/ mock data. #1370
* Revert "Use the @unclearParadigm REST parameter helper"
This reverts commit c8af8a413f.
* Fix get followers API
* Add support for requiring approval. Closes https://github.com/owncast/owncast/issues/1208
* Handle Applications as Actors partly for PeerTube support
* add temp todo list
* check route on load, this might change later
* style followers
* account for just 1 tab case
* Remove mock data. Allow showing follow button even when there are no external actions defined
* Point to actual followers API
* Support fallback img for follower views
* Remove duplicate verification. Add some additional verbose logging
* Bundle dev admin
* Add type to host-meta webfinger template response
* Tweak remote follow modal content
* WIP federation followers refactor
* Do not send pointer to middleware
* Update admin
* Add setting for toggling displaying fediverse engagement. Closes#1404
* Add in-development admin
* Do not enable cors on admin followers api
* Add db migration for updating messages table
* Enable empty string go live messages to disable
* Remove debug messages
* Rework some ActivityPub handling.
Create new Actor->Person handling.
Create new Actor->Service handling.
Add engagement handlers to send chat events and store event objects.
Store inbound activities to new ap_inbound_activities table.
* Support federated engagement events.
Store them in the messages table and surface them via chat events.
* Support federated event engatement in the chat
* Tweak web UI followers handling
* Point go.mod at remote fork instead of local
* Update admin
* Merged in develop. Couple fixes
* Update dev admin
* Update fedi engagement posts.
- Fix incorrect action text.
- Add action icons.
* Set public as to instead of cc for ap msg
* Updated styling for federated actions in chat
* Add support for blocking federated domains. Closes#1209
* Force checking of https in verify step
* Update dev admin
* Return user scopes in chat history api. Closes#1586
* Update dev admin
* Add AP outbound request worker pool. Closes#1571
* Disable (temporarily?) owncast tag on AP posts
* Consolidate creating activity+notes in outbound AP messages
* Add inbox worker pool. Closes#1570
* Update dev admin bundle
* Clean up some logs
* Re-enable inbound verfication
* Save full IRI to outbox instead of path
* Reject if full IRI is not found in outbox
* Use full ActivityPub user account in chat event
* Fix and expand follower APIs
- Add missing IDs to AP follower endpoints
- Split AP follower endpoints into initial request and pages.
- Support pagination in AP requests.
* Include IRI in error message
* Hide chat toggle when chat is hidden. Closes#1606
* Updates to followers pagination
* Set default go live message
* Remove log
* indirect -> direct import
* Updates for inbound federated event handling.
- Keep track of existing events and reject duplicates.
- Change what is sent to chat for surfing federated engagement.
- Keep track if outbound events are automated "go live" events or not.
* Update chat federated engagement.
* Update dev admin.
* Move from being a person to a bot (service). Closes#1619
* Only set server init date if not already set
* Only save notes to outbox able
* Rework private-mode followers/approvals
* API for returning a list of federated actions for #1573
* Fix too-small follower cells and jumpy tabs. Closes#1616 and closes#1516
* Fix shortcuts getting fired on inputs. Fixes#1489 and #1201
* Add spinner, autoclose + other fixes to follow modal. Fixes#1593
* Fix fetching a single object by IRI
* SendFederationMessage -> SendFederatedMessage
* Autolink and create tag objects from manual posts. Closes#1620
* Update dev admin bundle
* Handle engagement from non-automated/live posts
* Reject federated engagement actions if they do not match a local post
* Update dev admin bundle
* A bunch of cleanup
* Fix unused assignments and logic
* Remove unused function
* Add content warning and sentive content flag if stream is NSFW. Closes#1624
* Disable fetching objects by IRI when in private mode. Closes#1623
* Update the error message of the remote follow dialog. closes#1622
* Update dev admin
* Fix NREs throwing in test content
* Fix query that wasn't properly filtering out hidden messages
* Test against user being disabled instead of message visibility
* Fix automated test NRE
* Update comment
* Adjust federated engagement chat views. Closes#1617
* Add additional index to users table
* Add support for removing followers/requests. Closes#1630
* Reject federated actions from blocked actors. #1631
* Use fallback avatar if it fails to load. Closes#1635
* Fix styling of follower list. Closes#1636
* Add basic blurb stating they should follow the server. Closes#1641
* Update dev admin
* Set default go live message in migration. Closes#1642
* Reset the messages table on 0.0.11 schema migration
* Fix js error with moderation actions. Closes#1621
* Add a bit more clarification on follow modal. Closes#1599
* Remove todos
* Split out actor and domain blocking checks
* Check for errors on default values being set
* Clean up actor rejection due to being blocked
* Update dev admin
* Add colon to error to make it easier to read
* Remove markdown rendering of go live message. Reorganize text. Remove content warning. Closes#1645
* Break out the sort+render messages logic so it can be fired on visibility change. Closes#1643
* Do not send profile updates if federation is disabled
* Save follow references to inbound activities table
* Update dev admin
* Add blocked actor test
* Remove the overloaded term of Follow from social links
* Fix test running in memory only
* Remove "just" in engagement messags
* Replace star with heart for like action.
* Update dev admin
* Explicitly set cc as public
* Remove overly using the stream name in fediverse engagement messages
* Some federated/follow UI tweaks
* Remove explicit cc and bcc as they are not required
* Explicitly set the audience
* Remove extra margin
* Add Join Fediverse button to follow modal. Closes#1651
* Do not allow multiple follows to send multiple events. Closes#1650
* Give events a min height
* Do not allow old posts to be liked/shared. Closes#1652
* Remove value from log message
* Alert followers on private mode toggle
* Ignore clicks to follow button if disabled
* Remove underline from action buttons
* Add moderator icon to join message
* Update admin
* Post-merge remove unused var
* Remove pointing at feature branch
Co-authored-by: Ginger Wong <omqmail@gmail.com>
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* - mock detect when user turns into moderator
- add moderator indicator to display on messages and username changer
* also mock moderator flag in message payload about user to display indicator
* add some menu looking icons and a menu of actions
* WIP chat moderators
* Add support for admin promoting a user to moderator
* WIP-
open a more info panel of user+message info; add some a11y to buttons
* style the details panel
* adjust positioning of menus
* Merge fixes. ChatClient->Client ChatServer->Server
* Remove moderator bool placeholders to use real state
* Support inline hiding of messages by moderators
* Support inline banning of chat users
* Cleanup linter warnings
* Puppeteer tests fail after typing take place
* Manually resolve conflicts in chat between moderator feature and develop
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
* Support path-based S3 storage. Closes#1495
Revert "Remove forcing old path-style URLs with s3. Closes#497"
This reverts commit b2953028cf.
* #1495 Path-style S3 compatibile URLs implemented
https://github.com/owncast/owncast/issues/1495
It gives ability to use S3 compatibile providers that doesn't
support virtual-host-style URLs (i.e. Oracle Cloud Object Storage)
Co-authored-by: Artur Angiel <artur@angiel.ovh>
- Introduce a new Client type to remove the global variables from the file
- Use the sync package to prevent race conditions with the cache and
enabled flag
- Cache results for IPs, even if the result is nil
There are still data races around the client.Geo variable, but that can be
resolved in a future commit.
* Replace pkger with go:embed for bundling the admin. Closes#844
* Remove references to pkged.go
* Point tests to use an updated version of Go
* Add comment to new exported function
* Cleanup
* Add a dummy pkged.go to alert people to stop using it.
* Add simple browser test to make sure the admin is available and renders
* Don't panic
* Embed bot/scraper metadata template.
Add browser test to validate the rendering of this template.
* Use embedded offline.ts segment
* Remove placeholder thumbnail as its unnecessary
* Remove copying the static directory into the release
* Cleanup
* add public func to lookup a ChatClient by its clientId
* add facility to send a system message directly to a user
* add clientId field to UserEvent
* implement simple http endpoint to send a message to a user
* let mux handle new directSystemMessageToUser endpoint
* add ClientId to UserEvents across the codebase
* render body of system-message to client
* add clientId to Chat-Message
* add tests showing how url-parsing should work
* add simple rest endpoint helpers for parameter-parsing and easy routing
* use newly added rest-endpoint helper to rout to Client-Messaging controller
* use safe "ReadRestUrlParameter" to parse ClientId
* remove empty HandleFunc in router
* set Header directly to prevent built-in (platform-dependent) canonicalization to kick in
* fix typo in "Parameter" message
* remove debug-logging of HTTP headers in REST-helpers
* convert to uint32 to prevent overruns when converting to wraptype uint later on
* resolve linter-ouchies
* resolve linter potential nil-deref warning
* document the SendSystemMessageToClient endpoint in swaggerdoc
* remove clientId assignment causing potential nil dereference in userDisabledEvent-case
as the clientId isn't relevant here anyway
* make findClientById private, so its not accessible outside of core/chat
* remove redundant string type hint
* Update PR based on linter requirements
Co-authored-by: Raffael Rehberger <raffael@rtrace.io>
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
* Expand the linters and types of warnings to improve consistency and safety
* Fail lint workflow if there are errors
* golint has been replaced by revive
* Hand-pick some of the default exclude list
* Ignore error when trying to delete preview gif
* Ignore linter warning opening playlist path
* Rename user field Id -> ID
* A bunch of renames to address linter warnings
* Rename ChatClient -> Client per linter suggestion best practice
* Rename ChatServer -> Server per linter suggestion best practice
* More linter warning fixes
* Add missing comments to all exported functions and properties
* First pass at chat user registration and validation
* Disable chat if the user is disabled/blocked or the server hits max connections
* Handle dropping sockets if chat is disabled
* Fix origin in automated chat test
* Work for updated chat moderation
* Chat message markdown rendering and fix tests
* Put /api/chat behind a chat user access token. Closes#1085
* Reject blocked username changes
* More WIP moderation
* Defer configuring chat until we know if it is enabled. Closes#1135
* chat user blocking. Closes#1096
* Add tests around user access for #1096
* Add external integration chat message API + update integration auth middleware to pass along integration name. Closes#1092
* Delete old chat messages from db as to not hold on to excessive data. Closes#1152
* Add schema migration for messages. Closes#1155
* Commit updated API documentation
* Add chat load test
* Shared db mutex and db optimizations
* Simplify past display name handling
* Use a new test db for each test run
* Wire up the external messages actions + add tests for them
* Move access tokens to be actual users
* Run message pruning at launch + fix comparison
* Do not return API users in disabled users response
* Fix incorrect highlighting. Closes#1160
* Consolidate user table statements
* Set the max process connection limit to 70% of maximum
* Fix wrong old display name being returned in name change event
* Delete the old chat server files
* Wire back up the webhooks
* Remove unused
* Invalidate user cache on changes
* Do not send rendered body as RawBody
* Some cleanup
* Standardize names for external API users to ExternalAPIUser
* Do not log token
* Checkout branch when building admin for testing
* Bundle in dev admin for testing
* Some cleanup
* Cleanup js logs
* Cleanup and standardize event names
* Clean up some logging
* Update API spec. Closes#1133
* Commit updated API documentation
* Change paths to be better named
* Commit updated API documentation
* Update admin bundle
* Fix duplicate event name
* Rename scope var
* Update admin bundle
* Move connected clients controller into admin package
* Fix collecting usernames for autocomplete purposes
* No longer generate username when it is empty
* Sort clients and users by timestamp
* Move file to admin controller package
* Swap, so the comments stay correct
Co-authored-by: Jannik <jannik@outlook.com>
* Use explicit type alias
Co-authored-by: Jannik <jannik@outlook.com>
* Remove commented code.
Co-authored-by: Jannik <jannik@outlook.com>
* Cleanup test
* Remove some extra logging
* Add some clarity
* Update dev instance of admin for testing
* Consolidate lines
Co-authored-by: Jannik <jannik@outlook.com>
* Remove commented unused vars
Co-authored-by: Jannik <jannik@outlook.com>
* Until needed do not return IP address with client list
* Fix typo of wrong var
* Typo led to a bad test. Fix typo and fix test.
* Guard against the socket reconnecting on error if previously set to shutdown
* Do not log access tokens
* Return success message on enable/disable user
* Clean up some inactionable error messages. Sent ban message. Sort banned users.
* fix styling for when chat is completely disabled
* Unused
* guard against nil clients
* Update dev admin bundle
* Do not unhide messages when unblocking user just to be safe. Send removal action from the controller
* Add convinience function for getting active connections for a single user
* Lock db on these mutations
* Cleanup force disconnect using GetClientsForUser and capture client reference explicitly
* No longer re-showing banned user messages for safety. Removing this test.
* Remove no longer needed comment
* Tweaks to forbidden username handling.
- Standardize naming to not use "block" but "forbidden" instead.
- Pass array over the wire instead of string.
- Add API test
- Fix default list incorrectly being appended to custom list.
* Logging cleanup
* Update dev admin bundle
* Add an artificial delay in order to visually see message being hidden when testing
* Remove the user cache as it is a premature optimization
* When connected to chat let the user know their current user details to sync the username in the UI
* On connected send current display name back to client.
- Move name change out of chat component.
- Add additional event type constants.
* Fix broken workflow due to typo
* Troubleshoot workflow
* Bump htm from 3.0.4 to 3.1.0 in /build/javascript (#1181)
* Bump htm from 3.0.4 to 3.1.0 in /build/javascript
Bumps [htm](https://github.com/developit/htm) from 3.0.4 to 3.1.0.
- [Release notes](https://github.com/developit/htm/releases)
- [Commits](https://github.com/developit/htm/compare/3.0.4...3.1.0)
---
updated-dependencies:
- dependency-name: htm
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Run npm run build and update libraries
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
* Commit updated Javascript packages
* Re-send current user info when a rejected name change takes place
* All socket writes should be through the send chan and not directly
* Seed the random generator
* Add keys and indexes to users table
* a util to generate consistent emoji markup
* console clean up
* mod tidy
* Commit updated API documentation
* Handle the max payload size of a socket message.
- Only close socket if x2 greater than the max size.
- Send the user a message if a message is too large.
- Surface the max size in bytes in the config.
* Update admin bundle
* Force all events to be sent in their own socket message and do not concatinate in a single message
* Update chat embed to register for access token
* Use a different access token for embed chat
* Update the chat message bubble background color to be bolder
* add base tag to open links in new window, closes#1220
* Support text input of :emoji: in chat (#1190)
* Initial implementation of emoji injection
* fix bookkeeping with multiple emoji
* make the emoji lookup case-insensitive
* try another solution for Caretposition
* add title to emojis
minor refactoring
* bind moji injection to InputKeyUp
* simplify the code
replace all found emojis
* inject emoji if the modifer is released earlier
* more efficient emoji tag search
* use json emoji.emoji as url
* use createEmojiMarkup()
* move emojify() to chat.js
* emojify on paste
* cleanup emoji titles in paste
* update inputText in InputKeyup
* mark emoji titles with 2*zwnj
this way paste cleanup will not interfere with text which include zwnj
* emoji should not change the inputText
* Do not show join messages when chat is offline. Closes#1224
- Show stream starting/ending messages in chat.
- When stream starts show everyone the welcome message.
* Force scrolling chat to bottom after history is populated regardless of scroll position. Closes https://github.com/owncast/owncast/issues/1222
* use maxSocketPayloadSize to calculate total bytes of message payload (#1221)
* utilize maxSocketPayloadSize from config; update chatInput to calculate based on that value instead of text value; remove usage of inputText for counting
* add a buffer to account for entire websocket payload for message char counting; trim nbsp;'s from ends of messages when calculating count
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
Co-authored-by: Owncast <owncast@owncast.online>
Co-authored-by: Jannik <jannik@outlook.com>
Co-authored-by: Ginger Wong <omqmail@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Meisam <39205857+MFTabriz@users.noreply.github.com>
This removes the usage of `syscall.Mkfifo` which was previously used and
won't work on Windows systems and opens the door for other processes on
the computer to interfere in the rtmp stream (dumping bad content in the
fifo, removing the file, blocking the file in offline status).
Instead, this patch introduces an `io.Pipe` which pipes the RTMP stream
to the ffmpeg command while staying in Owncast.
Further links:
* ffmpeg on using `pipe:0` as an input: https://ffmpeg.org/ffmpeg-protocols.html#pipe
* read BackupDirectory from command line flag
* Change the default backup directory
* mkdir BackupDirectory
* use config for backup file path
* migrateDatabase to the backup directory
* use DoesFileExists
change permission on the directory to 0700
* declare err
* generate backupFile where needed
* style fix
* more style fixes
* more style fixes
* Fix rtmp secret validation to allow `/` (#1069)
* add negative test cases for stuff before /live/
* simplify since Url.Path is already stripping the host
This means that we can simplify the code and make it much clearer.
Removes the tests that checked for the host and stuff between the host and /live/.
* Fix#981 Use -webserverip to set http listen address
* use 0.0.0.0 as default http listen address
* add Admin REST API for setting http listen address
* full input validation of port and IP