API + Data changes to support split up of stream keys and admin passwords

core/data/config.go

@@ -18,7 +18,7 @@ import (
 const (
 	extraContentKey                      = "extra_page_content"
 	streamTitleKey                       = "stream_title"
-	streamKeyKey                         = "stream_key"
+	adminPasswordKey                     = "admin_password_key"
 	logoPathKey                          = "logo_path"
 	logoUniquenessKey                    = "logo_uniqueness"
 	serverSummaryKey                     = "server_summary"
@@ -68,6 +68,7 @@ const (
 	hideViewerCountKey                   = "hide_viewer_count"
 	customOfflineMessageKey              = "custom_offline_message"
 	customColorVariableValuesKey         = "custom_color_variable_values"
+	streamKeysKey                        = "stream_keys"
 )
 
 // GetExtraPageBodyContent will return the user-supplied body content.
@@ -101,20 +102,15 @@ func SetStreamTitle(title string) error {
 	return _datastore.SetString(streamTitleKey, title)
 }
 
-// GetStreamKey will return the inbound streaming password.
-func GetStreamKey() string {
-	key, err := _datastore.GetString(streamKeyKey)
-	if err != nil {
-		log.Traceln(streamKeyKey, err)
-		return config.GetDefaults().StreamKey
-	}
-
+// GetAdminPassword will return the admin password.
+func GetAdminPassword() string {
+	key, _ := _datastore.GetString(adminPasswordKey)
 	return key
 }
 
-// SetStreamKey will set the inbound streaming password.
-func SetStreamKey(key string) error {
-	return _datastore.SetString(streamKeyKey, key)
+// SetAdminPassword will set the admin password.
+func SetAdminPassword(key string) error {
+	return _datastore.SetString(adminPasswordKey, key)
 }
 
 // GetLogoPath will return the path for the logo, relative to webroot.
@@ -582,10 +578,14 @@ func GetVideoCodec() string {
 
 // VerifySettings will perform a sanity check for specific settings values.
 func VerifySettings() error {
-	if GetStreamKey() == "" {
+	if len(GetStreamKeys()) == 0 {
 		return errors.New("no stream key set. Please set one via the admin or command line arguments")
 	}
 
+	if GetAdminPassword() == "" {
+		return errors.New("no admin password set. Please set one via the admin or command line arguments")
+	}
+
 	logoPath := GetLogoPath()
 	if !utils.DoesFileExists(filepath.Join(config.DataDirectory, logoPath)) {
 		log.Traceln(logoPath, "not found in the data directory. copying a default logo.")
@@ -944,3 +944,14 @@ func GetCustomColorVariableValues() map[string]string {
 	values, _ := _datastore.GetStringMap(customColorVariableValuesKey)
 	return values
 }
+
+// GetStreamKeys will return valid stream keys.
+func GetStreamKeys() []string {
+	keys, _ := _datastore.GetStringSlice(streamKeysKey)
+	return keys
+}
+
+// SetStreamKeys will set valid stream keys.
+func SetStreamKeys(keys []string) error {
+	return _datastore.SetStringSlice(streamKeysKey, keys)
+}

core/data/datastoreMigrations.go

@@ -7,18 +7,23 @@ import (
 )
 
 const (
-	datastoreValuesVersion   = 1
+	datastoreValuesVersion   = 2
 	datastoreValueVersionKey = "DATA_STORE_VERSION"
 )
 
 func migrateDatastoreValues(datastore *Datastore) {
 	currentVersion, _ := _datastore.GetNumber(datastoreValueVersionKey)
+	if currentVersion == 0 {
+		currentVersion = datastoreValuesVersion
+	}
 
 	for v := currentVersion; v < datastoreValuesVersion; v++ {
-		log.Tracef("Migration datastore values from %d to %d\n", int(v), int(v+1))
+		log.Infof("Migration datastore values from %d to %d\n", int(v), int(v+1))
 		switch v {
 		case 0:
 			migrateToDatastoreValues1(datastore)
+		case 1:
+			migrateToDatastoreValues2(datastore)
 		default:
 			log.Fatalln("missing datastore values migration step")
 		}
@@ -47,3 +52,9 @@ func migrateToDatastoreValues1(datastore *Datastore) {
 		}
 	}
 }
+
+func migrateToDatastoreValues2(datastore *Datastore) {
+	oldAdminPassword, _ := datastore.GetString("stream_key")
+	_ = SetAdminPassword(oldAdminPassword)
+	_ = SetStreamKeys([]string{oldAdminPassword})
+}

core/data/defaults.go

@@ -32,7 +32,8 @@ func PopulateDefaults() {
 		return
 	}
 
-	_ = SetStreamKey(defaults.StreamKey)
+	_ = SetAdminPassword(defaults.AdminPassword)
+	_ = SetStreamKeys(defaults.StreamKeys)
 	_ = SetHTTPPortNumber(float64(defaults.WebServerPort))
 	_ = SetRTMPPortNumber(float64(defaults.RTMPServerPort))
 	_ = SetLogoPath(defaults.Logo)
@@ -40,7 +41,6 @@ func PopulateDefaults() {
 	_ = SetServerSummary(defaults.Summary)
 	_ = SetServerWelcomeMessage("")
 	_ = SetServerName(defaults.Name)
-	_ = SetStreamKey(defaults.StreamKey)
 	_ = SetExtraPageBodyContent(defaults.PageBodyContent)
 	_ = SetFederationGoLiveMessage(defaults.FederationGoLiveMessage)
 	_ = SetSocialHandles([]models.SocialHandle{

core/rtmp/rtmp.go

@@ -15,15 +15,17 @@ import (
 	"github.com/owncast/owncast/models"
 )
 
+var _hasInboundRTMPConnection = false
+
 var (
-	_hasInboundRTMPConnection = false
+	_pipe           *io.PipeWriter
+	_rtmpConnection net.Conn
 )
 
-var _pipe *io.PipeWriter
-var _rtmpConnection net.Conn
-
-var _setStreamAsConnected func(*io.PipeReader)
-var _setBroadcaster func(models.Broadcaster)
+var (
+	_setStreamAsConnected func(*io.PipeReader)
+	_setBroadcaster       func(models.Broadcaster)
+)
 
 // Start starts the rtmp service, listening on specified RTMP port.
 func Start(setStreamAsConnected func(*io.PipeReader), setBroadcaster func(models.Broadcaster)) {
@@ -75,12 +77,28 @@ func HandleConn(c *rtmp.Conn, nc net.Conn) {
 		return
 	}
 
-	if !secretMatch(data.GetStreamKey(), c.URL.Path) {
+	accessGranted := false
+	validStreamingKeys := data.GetStreamKeys()
+
+	for _, key := range validStreamingKeys {
+		if secretMatch(key, c.URL.Path) {
+			accessGranted = true
+			break
+		}
+	}
+
+	if !accessGranted {
 		log.Errorln("invalid streaming key; rejecting incoming stream")
 		_ = nc.Close()
 		return
 	}
 
+	// if !secretMatch(data.GetAdminPassword(), c.URL.Path) {
+	// 	log.Errorln("invalid streaming key; rejecting incoming stream")
+	// 	_ = nc.Close()
+	// 	return
+	// }
+
 	rtmpOut, rtmpIn := io.Pipe()
 	_pipe = rtmpIn
 	log.Infoln("Inbound stream connected.")