Commit graph

135 commits

Author SHA1 Message Date
Gabe Kangas
bb7de347c5
chore: reverting the current implementation of http response caching 2023-12-19 18:27:42 -08:00
Gabe Kangas
9215d9ba0f
fix(auth): limit admin cors access to only localhost:3000 2023-12-18 22:05:49 -08:00
Gabe Kangas
e235c7aea2
chore: remove reponse cache from root route 2023-12-11 20:19:50 -08:00
Gabe Kangas
2217f0614a
feat(api): add server-side caching for requests that could benefit (#3463)
* feat(api): add server-side caching for requests that could benefit for them

* fix(tests): do not cache responses while in tests

* fix: remove commented out leftover code

* chore(deps): update dependency html-webpack-plugin to v5.5.4

* Bundle embedded web app

* fix: remove caching for web app assets under test

* chore(tests): re-enable temporarily disabled test

* chore(deps): update dependency typescript to v5.3.3

* Bundle embedded web app

* chore(deps): update dependency npm to v10.2.5

* Bundle embedded web app

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Owncast <owncast@owncast.online>
2023-12-09 16:31:50 -08:00
Alyssa Ross
092134f3f3
Fix parsing of Authorization Bearer header (#3376)
The semantics of the Authorization header are defined by RFC 9110, which says:

> It uses a case-insensitive token to identify the authentication scheme:

Therefore, "bearer", "Bearer", and "bEARER" are equivalent.  This patch fixes
the parsing of the Authorization header to check for the Bearer authentication
scheme case insensitively.

I've modified one of the test cases to use lowercase "bearer", so there's test
coverage for this.
2023-10-21 10:00:50 -07:00
Gabe Kangas
3ed5a0b7f3
feat: simplify console logs 2023-06-05 08:44:14 -07:00
Gabe Kangas
cd458630ec
Support using the custom video serving endpoint even if you don't use object storage (#2924)
* feat(video): refactor video serving endpoint

It can now be used without an object storage provider. Closes #2785

* fix: remove debug log
2023-05-30 14:05:24 -07:00
Gabe Kangas
15dc718e61
feat: add support for robots.txt disabling search indexing (#2929)
* feat: add support for robots.txt

Can toggle disabling search engine indexing. Closes #2684

* fix: unexport ts const
2023-05-30 11:09:51 -07:00
Gabe Kangas
f7d84bc15b
Fix HTML scaffolding of admin pages rendering without auth. Closes #2789 2023-03-10 12:16:28 -08:00
Gabe Kangas
d61e14fb4c
Fix chat embed redirect breaking chat embeds. Closes #2739 2023-02-26 14:20:31 -08:00
Pranav Joglekar
d76875d2de
Chore: update gzipping library to use CAFxX/httpcompression (#2741)
* chore: replace nanmu/gzip by CAFxX/httpcompression for compression

Instead of using nanmu42/gzip which imports the whole gin framework,
we replace it with CAFxX/httpcompression which is more lightweight.

Fixes #2697

* Run go mod tidy

---------

Co-authored-by: Gabe Kangas <gabek@real-ity.com>
2023-02-26 12:19:17 -08:00
Gabe Kangas
593adb19c3
Fix trailing slash issue on /embed/chat redirect. Closes #2716 2023-02-24 15:47:24 -08:00
Gabe Kangas
3cccfbfc06
Redirect /embed/chat to /embed/chat/readonly. Closes #2716 2023-02-19 18:18:23 -08:00
Gabe Kangas
19c228eaf6
Allow adding custom javascript to the page. Closes #2604 2023-01-18 22:38:24 -08:00
Gabe Kangas
44fe52fc5a
Make the public dir live inside data to make volume mounting easier 2023-01-17 17:04:07 -08:00
Michael David Kuckuk
59e5cfefd4
Remove twitter notification configuration (#2598) 2023-01-17 13:20:29 -08:00
Gabe Kangas
6951943afe
Serve content with gzip encoding directly from our webserver. Improves performance re: #2167. Closes #2566 2023-01-09 01:08:23 -08:00
Gabe Kangas
0d1684c1e0
Merge remote-tracking branch 'origin/develop' into webv2 2022-12-15 12:07:09 -08:00
Gabe Kangas
2fdbb1e482
Support CSP nonce for webv2. Closes #2127 2022-12-12 17:04:00 -08:00
Philipp
dc54dfe363
Feature: emoji editor (#2411)
* Custom emoji editor: implement backend

This reuses the logo upload code

* Implement emoji edit admin interface

Again reuse base64 logic from the logo upload

* Allow toggling between uploaded and default emojis

* Add route that always serves uploaded emojis

This is needed for the admin emoji interface,
as otherwise the emojis will 404 if custom emojis are disabled

* Fix linter warnings

* Remove custom/uploaded emoji logic

* Reset timer after emoji deletion

* Setup: copy built-in emojis to emoji directory
2022-12-12 08:40:43 -08:00
Gabe Kangas
75e22c58ef
Explicitly block requests to /debug/vars 2022-12-09 15:33:18 -08:00
Gabe Kangas
c9e3ccad45 API + Data changes to support split up of stream keys and admin passwords 2022-11-29 16:05:44 -08:00
Gabe Kangas
813f8692f0
Support color customization from the admin (#2338)
* Add user-customizable theming. Closes #1915

* Prettified Code!

* Add user-customizable theming. Closes #1915

* Add explicit color for page content background

* Prettified Code!

Co-authored-by: gabek <gabek@users.noreply.github.com>
2022-11-12 20:26:55 -08:00
Gabe Kangas
ae7c02b421
Add support for public static files. Closes #2234 2022-10-27 22:30:39 -07:00
Gabe Kangas
d94723bd3a
Fix embeds not loading on prod builds. Closes #2186 2022-10-10 14:06:02 -07:00
Gabe Kangas
681067ab93
Add custom offline message+api. Part of #1901 2022-08-09 22:09:43 -07:00
Gabe Kangas
49f977ea45
Set ReadHeaderTimeout in http server 2022-07-20 22:45:38 -07:00
Gabe Kangas
f3a16be0dd
Add user detail API + modal. Closes #2002 2022-07-20 22:36:20 -07:00
Gabe Kangas
b75cb1784b
Set ReadHeaderTimeout in http server 2022-07-18 11:08:49 -07:00
Gabe Kangas
506d1fa4cf
Merge remote-tracking branch 'origin/develop' into webv2 2022-07-11 21:21:07 -07:00
Gabe Kangas
b08393295f
Add option to hide viewer count. Closes #1939 2022-06-26 00:46:55 -07:00
Gabe Kangas
97db93e0d7
Support a custom emoji override directory. Closes #1967 2022-06-25 23:06:31 -07:00
Gabe Kangas
718d6d312b
Use thumbnail and preview gif controllers 2022-06-20 22:18:27 -07:00
Gabe Kangas
9c477e16a2
Use static servers for serving embedded web assets 2022-06-20 22:12:44 -07:00
Gabe Kangas
18a184eeb7
Use bundled images instead of old webroot files 2022-06-20 22:10:55 -07:00
Gabe Kangas
3741196de6
Standardize endpoint name and fix doc. Closes #1966 2022-06-20 08:46:53 -07:00
Gabe Kangas
78c6189c02
First pass at bundling web app into service. Working. 2022-06-19 15:32:42 -07:00
Gabe Kangas
d6814b516a
Require auth middleware only on GET requests 2022-06-05 22:46:46 -07:00
Gabe Kangas
c841e4d32d
Fix middleware attached to wrong endpoint 2022-06-04 22:41:25 -07:00
tobi
2307321c79
Check multiple Accept headers for content-type (#1935) 2022-05-27 10:19:14 -07:00
Gabe Kangas
677bd9efe3
Re-add missing required auth middleware to callback 2022-05-23 12:34:47 -07:00
Gabe Kangas
dcac6783dd
Remove extra newline 2022-05-16 11:43:57 -07:00
Meisam
b4c798f511
rm FLoC-specific header (#1908)
A big thanks to Google engineers for shaping our dystopia
2022-05-16 11:04:00 -07:00
Gabe Kangas
a082cf3a77
Fediverse-based authentication (#1846)
* Able to authenticate user against IndieAuth. For #1273

* WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272

* Add migration to remove access tokens from user

* Add authenticated bool to user for display purposes

* Add indieauth modal and auth flair to display names. For #1273

* Validate URLs and display errors

* Renames, cleanups

* Handle relative auth endpoint paths. Add error handling for missing redirects.

* Disallow using display names in use by registered users. Closes #1810

* Verify code verifier via code challenge on callback

* Use relative path to authorization_endpoint

* Post-rebase fixes

* Use a timestamp instead of a bool for authenticated

* Propertly handle and display error in modal

* Use auth'ed timestamp to derive authenticated flag to display in chat

* Fediverse chat auth via OTP

* Increase validity time just in case

* Add fediverse auth into auth modal

* Text, validation, cleanup updates for fedi auth

* Fix typo

* Remove unused images

* Remove unused file

* Add chat display name to auth modal text
2022-04-22 17:23:14 -07:00
Gabe Kangas
b835de2dc4
IndieAuth support (#1811)
* Able to authenticate user against IndieAuth. For #1273

* WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272

* Add migration to remove access tokens from user

* Add authenticated bool to user for display purposes

* Add indieauth modal and auth flair to display names. For #1273

* Validate URLs and display errors

* Renames, cleanups

* Handle relative auth endpoint paths. Add error handling for missing redirects.

* Disallow using display names in use by registered users. Closes #1810

* Verify code verifier via code challenge on callback

* Use relative path to authorization_endpoint

* Post-rebase fixes

* Use a timestamp instead of a bool for authenticated

* Propertly handle and display error in modal

* Use auth'ed timestamp to derive authenticated flag to display in chat

* don't redirect unless a URL is present

avoids redirecting to `undefined` if there was an error

* improve error message if owncast server URL isn't set

* fix IndieAuth PKCE implementation

use SHA256 instead of SHA1, generates a longer code verifier (must be 43-128 chars long), fixes URL-safe SHA256 encoding

* return real profile data for IndieAuth response

* check the code verifier in the IndieAuth server

* Linting

* Add new chat settings modal anad split up indieauth ui

* Remove logging error

* Update the IndieAuth modal UI. For #1273

* Add IndieAuth repsonse error checking

* Disable IndieAuth client if server URL is not set.

* Add explicit error messages for specific error types

* Fix bad logic

* Return OAuth-keyed error responses for indieauth server

* Display IndieAuth error in plain text with link to return to main page

* Remove redundant check

* Add additional detail to error

* Hide IndieAuth details behind disclosure details

* Break out migration into two steps because some people have been runing dev in production

* Add auth option to user dropdown

Co-authored-by: Aaron Parecki <aaron@parecki.com>
2022-04-21 14:55:26 -07:00
Gabe Kangas
926560cd02
Add extended content type for ActivityPub objects. Closes #1827 2022-04-15 22:44:40 -07:00
Gabe Kangas
e4589a4462
Experiment with supporting h2c 2022-04-07 11:43:26 -07:00
Gabe Kangas
4a17f30da8
Outbound live stream notifications (#1663)
* First pass at browser, discord, twilio notifications

* Commit updated Javascript packages

* Remove twilio notification support

* Email notifications/smtp support

* Fix Firefox notification support, remove chrome checks

* WIP more email work

* Add support for twitter notifications

* Add stream title to discord and twitter notifications

* Update notification registration modal

* Fix hide/show email section

* Commit updated API documentation

* Commit updated Javascript packages

* Fix post-rebase missing var

* Remove unused var

* Handle unsubscribe errors for browser push

* Standardize email config prop names

* Allow overriding go live email template

* Some notifications cleanup

* Commit updated Javascript packages

* Remove email/smtp/mailjet support

* Remove more references to email notifications

Co-authored-by: Owncast <owncast@owncast.online>
2022-03-18 13:33:23 -07:00
Gabe Kangas
babbcecc9c
Stream performance metrics (#1785)
* WIP playback metrics

* Playback metrics collecting + APIs. Closes #793

* Cleanup console messages

* Update test

* Increase browser test timeout

* Update browser tests to not fail
2022-03-16 17:34:44 -07:00
Gabe Kangas
e0a75d5d54
Add support for established chat user mode. #1587 (#1681)
* Add support for established user mode. #1587

* Tweak tests

* Tweak tests

* Update test

* Fix test.
2022-03-06 23:26:24 -08:00