SergeantPanda
c3fb9c0073
security: Fixed missing network_access_allowed checks in the VOD proxy. stream_vod, head_vod, stream_xc_movie, and stream_xc_episode were not checking the STREAMS network policy, unlike the equivalent TS proxy endpoints.
2026-04-10 11:09:27 -05:00
SergeantPanda
fa9a7868ff
security: proxy streaming endpoints (stream_ts, stream_xc, stream_vod, head_vod, stream_xc_movie, stream_xc_episode) use @permission_classes([AllowAny]) (access is controlled by the per-stream-type network allow-list inside the view body); the UserAgentViewSet, StreamProfileViewSet, CoreSettingsViewSet, and ProxySettingsViewSet gained get_permissions() methods mapping read actions to IsStandardUser and write actions to IsAdmin; and AuthViewSet.logout was updated to return [Authenticated()].
2026-04-10 10:47:50 -05:00
SergeantPanda
dcefc6541c
chore(cleanup): - Removed dead VODConnectionManager class (apps/proxy/vod_proxy/connection_manager.py) and its associated helpers, which had been superseded by MultiWorkerVODConnectionManager. All active code already used the multi-worker implementation. Removed the unused VODConnectionManager import from vod_proxy/views.py, the unscheduled cleanup_vod_connections task from apps/proxy/tasks.py, and the unscheduled cleanup_vod_persistent_connections task from core/tasks.py.
...
CI Pipeline / prepare (push) Waiting to run
CI Pipeline / docker (amd64, ubuntu-24.04) (push) Blocked by required conditions
CI Pipeline / docker (arm64, ubuntu-24.04-arm) (push) Blocked by required conditions
CI Pipeline / create-manifest (push) Blocked by required conditions
Build and Push Multi-Arch Docker Image / build-and-push (push) Waiting to run
Frontend Tests / test (push) Waiting to run
- Removed dead VOD URL routes: `VODPlaylistView` (playlist generation), `VODPositionView` (position tracking), and the class-based `VODStatsView` (replaced by the existing function-based `vod_stats` view).
- Removed dead `updateVODPosition()` API method from `frontend/src/api.js`, which called the now-removed position tracking endpoint.
2026-04-09 19:59:50 -05:00
None
763f42cfff
fix: pass TLS parameters to all external connection points in modular mode
...
- Add setup_pg_ssl_env() to export libpq PGSSL* env vars; all child psql/pg_dump/pg_isready commands inherit TLS automatically
- Move TLS client key permission fix before external PG connections (was running after, defeating the fix)
- Enhance key fix to trigger on ownership mismatch (root-owned 0600 key unreadable by app user)
- Extract key fix to shared script (docker/init/00-fix-pg-ssl-key.sh) sourced by both entrypoints
- Default POSTGRES_PASSWORD to empty in modular mode (cert-only auth sends no spurious password)
- Propagate TLS OPTIONS to backup pg_dump/pg_restore subprocess calls via _get_pg_env()
- Pass SSL kwargs to dropdb management command's psycopg2.connect()
- Add REDIS_SSL_PARAMS to VOD proxy Redis connections missed in original TLS PR
- Add 8-scenario TLS integration test suite (PG mTLS, Redis TLS, verify-full, key fix, Celery, regression)
- Add 6 unit tests for _get_pg_env() and dropdb TLS parameter passing
2026-03-30 20:19:27 -05:00
SergeantPanda
086cc74959
Bug Fix: M3U profile URL rewriting now uses the regex module instead of re across all URL transform code paths (url_utils.transform_url, core/views.py, vod_proxy/_transform_url, tasks.get_transformed_credentials, and the WebSocket live-preview handler in consumers.py). The regex module natively accepts JavaScript/PCRE-style named capture groups ((?<name>...)) without any conversion, eliminating the root cause of patterns that matched in the frontend live preview but failed on the backend with a re.error. As a further improvement, regex also supports variable-length lookbehind assertions (e.g. (?<=a+)), which re rejects with an error; patterns using these will now work correctly on the backend as well. Replace-pattern JS tokens are still normalised before calling regex.sub: $<name> → \g<name> and $1/$2/… → \1/\2/… (Python replacement syntax). Also fixed a bug in the WebSocket preview handler where a pattern error was incorrectly returning the search pattern string as the preview output instead of the original URL. ( Fixes #1005 )
CI Pipeline / prepare (push) Waiting to run
CI Pipeline / docker (amd64, ubuntu-24.04) (push) Blocked by required conditions
CI Pipeline / docker (arm64, ubuntu-24.04-arm) (push) Blocked by required conditions
CI Pipeline / create-manifest (push) Blocked by required conditions
Build and Push Multi-Arch Docker Image / build-and-push (push) Waiting to run
Frontend Tests / test (push) Has been cancelled
2026-03-29 17:55:08 -05:00
SergeantPanda
38f5156ca6
Enhancement: Show username in VOD cards.
2026-03-28 16:46:06 -05:00
SergeantPanda
aa6fb033d3
fix: update user stream limit checks to include media_id and rename user_limits_settings key
2026-03-26 20:02:54 -05:00
dekzter
a19be96ced
fleshed out user limits and termination logic
2026-03-25 17:33:26 -04:00
dekzter
6f4665e6eb
merged in dev
2026-02-26 08:20:20 -05:00
None
e217960500
feat: Add Redis authentication support for modular deployment
...
Add support for authentication when connecting to external Redis instances in modular deployment mode. This enables secure Redis deployments using either password-only authentication (Redis <6) or
username + password authentication (Redis 6+ ACL).
Changes:
- Add REDIS_PASSWORD and REDIS_USER environment variables
- Implement URL encoding for special characters in passwords
- Update all Redis connection points to support auth
- Add comprehensive documentation and examples to docker-compose.yml
- Maintains full backward compatibility (empty defaults = no auth)
All authentication mechanisms have been fully tested including pasword-only authentication, Redis 6+ ACL authentication with username + password, volume-mounted configuration files, and special character handling.
Existing deployments are not effected, authentication support is entirely opt-in using docker-compose.
Also, acknowledging the fact that the docker-compose file for modular deployments has been getting out of hand with auth support, the docker-compose.yml file was re-formatted for better visibility in configuration. This seemed like a better way to go than mandating a .env file.
2026-02-03 21:42:06 -06:00
SergeantPanda
de31826137
refactor: externalize Redis and Celery configuration via environment variables
...
Replace hardcoded localhost:6379 values throughout codebase with environment-based configuration. Add REDIS_PORT support and allow REDIS_URL override for external Redis services. Configure Celery broker/result backend to use Redis settings with environment variable overrides.
Closes #762
2025-12-18 16:54:59 -06:00
SergeantPanda
2558ea0b0b
Enhancement: Add VOD client stop functionality to Stats page
2025-12-17 16:54:10 -06:00
dekzter
50e9075bb5
initial run of a binary and encoded redis client - no more encoding / decoding data into redis, huge PITA (still some outstanding spots I need to patch)
2025-10-25 08:15:39 -04:00
SergeantPanda
7bb4df78c8
Enhancement: Update M3U profile retrieval to include current connection counts and session handling during vod session start.
2025-09-26 09:18:42 -05:00
SergeantPanda
d961d4cad1
Bug fix: VOD will now select the correct M3U profile while starting.Fixes #461
2025-09-26 09:18:22 -05:00
SergeantPanda
b45c6eda38
Better content-type detection
2025-09-07 18:25:39 -05:00
SergeantPanda
adf960753c
Changed user-agent for head request to use m3u account
2025-09-07 15:17:19 -05:00
SergeantPanda
c239f0300f
Better progress tracking for clients that start a new session on every seek instead of reusing existing session.
2025-09-06 15:36:14 -05:00
SergeantPanda
4ca6bf763e
Add position calculation
2025-09-06 10:16:54 -05:00
SergeantPanda
6b9d42fec1
Refactor VODStatsView to use correct field names for content type and M3U profile ID, and update user agent handling
2025-09-05 20:34:43 -05:00
SergeantPanda
18b8462a5f
Refactor user-agent handling to use 'client_user_agent' for consistency across VOD connection management
2025-09-05 20:15:11 -05:00
SergeantPanda
1080b1fb94
Refactor stats and vod proxy
2025-09-05 19:30:13 -05:00
SergeantPanda
3590265836
Show all available options for VODs and their corresponding quality.
2025-08-21 15:04:47 -05:00
SergeantPanda
a4df1f1fb8
Allow specifying which account to play from.
2025-08-21 13:14:16 -05:00
SergeantPanda
24f876d09f
Add priority for providers so VOD's can be auto selected based on the priority.
2025-08-20 17:38:21 -05:00
SergeantPanda
97b82e5520
Use redis to track provider connections to work with multi-worker uwsgi.
2025-08-19 17:35:51 -05:00
SergeantPanda
fa19525ab9
Remove url from movie table and save custom_properties for series.
2025-08-19 11:25:56 -05:00
SergeantPanda
54404339c2
Fix batch processing using simpler method for duplicate detection.
2025-08-19 10:01:37 -05:00
SergeantPanda
3e16614eab
Store full content-length if using head request to initalize.
2025-08-12 17:32:07 -05:00
SergeantPanda
5eeb51585d
Support HEAD requests, keep connection alive.
2025-08-12 15:27:39 -05:00
SergeantPanda
be51be7872
Switched to connection tracking by url instead of parameter and 301 redirect instead of 302.
2025-08-12 14:48:35 -05:00
SergeantPanda
6addcebaf5
Fix duplicate connection counting in redis.
2025-08-12 10:59:40 -05:00
SergeantPanda
07966424f8
Fix seeking not working.
2025-08-12 08:29:26 -05:00
SergeantPanda
345247df11
Fix vod streaming.
2025-08-08 08:35:59 -05:00
SergeantPanda
a332678cfb
Remove URL from episode relation table.
2025-08-08 08:06:28 -05:00
SergeantPanda
0e388968c4
Convert to relation tables to support multiple providers for each vod.
2025-08-07 12:31:05 -05:00
SergeantPanda
44a2cf518c
Track active connections the same way as ts_proxy
2025-08-05 21:35:04 -05:00
SergeantPanda
d18817acb0
Track VOD connections in Redis.
2025-08-05 21:24:41 -05:00
SergeantPanda
0585fc1dfe
Separate Movies, Series and Episodes into their own tables
2025-08-02 13:32:44 -05:00
SergeantPanda
84aa631196
Initial backend commit for vod
2025-08-02 10:42:36 -05:00