* Add bcrypt hashing helpers
* SetAdminPassword now hashes the password before saving it
* BasicAuth now compares the bcrypt hash for the password
* Modify migration2 to avoid a double password hash when upgrading
* Add migration for bcrypt hashed password
* Do not show admin password hash as initial value
* Update api tests to compare the bcrypt hash of the admin password instead
* Remove old admin password api tests
---------
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
* chore(deps): update dependency sass to v1.74.1
* Bundle embedded web app
* chore(deps): update dependency typescript to v5.4.4
* Bundle embedded web app
* Commit screenshots
* fix(deps): update module github.com/yuin/goldmark to v1.7.1
* chore(deps): lock file maintenance (#3662)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bundle embedded web app
* Commit screenshots
* chore(deps): update dependency @types/node to v20.12.5
* Bundle embedded web app
* fix(deps): update module github.com/shirou/gopsutil/v3 to v3.24.3
* fix(deps): update module github.com/aws/aws-sdk-go to v1.51.17
* fix(deps): update module golang.org/x/net to v0.24.0
* fix(deps): update module golang.org/x/mod to v0.17.0
* add get admin chat clients
* comment out old code
* add get admin logs
* add get admin warnings
* add get admin chat
* add post admin chat messageVisibility
* add post admin chat users enabled
* add post admin chat users ipban create
* add post admin chat users ipban remove
* add get admin chat users ipbans
* chore(deps): update dependency sass-loader to v14 (#3674)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update typescript-eslint monorepo to v7 (#3680)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update dependency less-loader to v12 (#3673)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update dependency chromatic to v11 (#3669)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update dependency knip to v5 (#3672)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update nick-fields/retry action to v3 (#3678)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update dependency @types/markdown-it to v14 (#3668)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update chromaui/action action to v11 (#3666)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bundle embedded web app
* Bump version number
* Bundle embedded web app
* Bundle embedded web app
* Bundle embedded web app
* fix(deps): update dependency react-virtuoso to v4.7.8
* Commit screenshots
* Bundle embedded web app
* Optionally disable chat rate limiter and add optional chat slur/language filter (#3681)
* feat(chat): basic profanity filter. For #3139
* feat(chat): add setting for disabling chat spam protection. Closes#3523
* feat(chat): wire up the new chat slur filter to admin and chat. Closes#3139
* Bundle embedded web app
* chore(deps): update peter-evans/create-or-update-comment digest to 48bb05b
* fix(deps): update dependency @codemirror/language-data to v6.5.0
* Bundle embedded web app
* chore(deps): update dependency css-loader to v7 (#3670)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bundle embedded web app
* add get admin chat users disabled
* add get admin chat users setModerator
* add get admin chat users moderators
* add get admin followers
* chore(deps): update tj-actions/changed-files action to v44 (#3679)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Fix for copying stream key without revealing it only copies asterisks (#3663)
* asterisk copy fix for #3460
* rename text to keys for consistency + linting fix
* make onCopy spawn an antd message directly, remove redundant copyText function
---------
Co-authored-by: Muaz Ahmad <mahmad2000@protonmail.com>
* Commit updated Storybook stories
* Bundle embedded web app
* Commit screenshots
* chore(deps): update dependency css-loader to v7.1.0
* Bundle embedded web app
* chore(deps): update typescript-eslint monorepo to v7.6.0
* Bundle embedded web app
* chore(deps): update dependency @types/react to v18.2.75 (#3686)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bundle embedded web app
* stream offline status embed updated (#3684)
* Commit screenshots
* add get admin followers pending
* add get admin followers blocked
* add post admin followers approve
* add 400 error to admin requests
* add post admin emoji upload
* add post admin emoji delete
* add post admin config adminpass
* add post admin config streamkeys
* add post admin config pagecontent
* add post admin config streamtitle
* add post admin config streamtitle
* add post admin config serversummary
* add post admin config offlinemessage
* add post admin config welcomemessage
* add post admin config chat disable
* add post admin config chat joinmessageenabled
* add post admin config chat establishedusermode
* add post admin config chat forbiddenusernames
* add post admin config chat suggestedusernames
* add post admin config video codec
* add post admin config appearance
* Allow react/no-danger
* Commit screenshots
* Change tag to self-closing since the linter complains otherwise (#3690)
Co-authored-by: Muaz Ahmad <mahmad2000@protonmail.com>
* Bundle embedded web app
* chore(deps): update dependency css-loader to v7.1.1 (#3691)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bundle embedded web app
* chore(deps): update dependency @types/node to v20.12.7 (#3688)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bundle embedded web app
* Commit screenshots
* chore(deps): update dependency npm to v10.5.2
* Bundle embedded web app
* chore(deps): update dependency knip to v5.9.4
* Bundle embedded web app
* chore(deps): update dependency typescript to v5.4.5
* Bundle embedded web app
* prevent css-loader v7 renaming default to _default, needed for storybook (#3692)
Co-authored-by: Muaz Ahmad <mahmad2000@protonmail.com>
* Bundle embedded web app
* chore(deps): update dependency cypress to v13.7.3
* Bundle embedded web app
* Fix custom runtimeCaching rules, default runtimeCaching rule order (#3685)
Co-authored-by: Muaz Ahmad <mahmad2000@protonmail.com>
* Bundle embedded web app
* Fixes for aria-live bugs (#3694)
* make the aria-live text adhere to the last message's username
* Wrap lastMessage in an Interweave to handle pre-encoded characters properly
---------
Co-authored-by: Muaz Ahmad <mahmad2000@protonmail.com>
* Bundle embedded web app
* chore(deps): update dependency @types/react to v18.2.77
* Bundle embedded web app
* chore(deps): update dependency @storybook/addon-styling-webpack to v1 (#3667)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bundle embedded web app
* chore(deps): update dependency storybook-addon-fetch-mock to v2 (#3675)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bundle embedded web app
* chore(deps): update dependency sass to v1.75.0
* Bundle embedded web app
* Commit screenshots
* chore(deps): update dependency sass-loader to v14.2.0
* Bundle embedded web app
* fix(deps): update codemirror
* add get admin webhooks
* add create and delete webhooks
* add get, delete, create access token endpoints
* add update endpoints
* Bundle embedded web app
* fix(deps): update nextjs monorepo to v14.2.0
* Bundle embedded web app
* fix(deps): update nextjs monorepo to v14.2.1
* Bundle embedded web app
* Commit screenshots
* chore(deps): update dependency @types/markdown-it to v14.0.1
* Bundle embedded web app
* chore(deps): update dependency @types/react to v18.2.78
* Bundle embedded web app
* add send message to connected client
* add deprecated send user message
* add send message to 3rd party
* add send user action
* add update external message visibility
* add update external stream title
* add external get chat messages and fixed error with chat
* add external get clients
* remove options request
* add update logo
* add update tags
* add update ffmpeg path
* add update server port
* add update server ip
* add update rtmp port
* add update websocket host override
* add update custom video serving endpoint
* add update nsfw
* add update directory enabled
* Commit screenshots
* add update social handles
* add update stream latency level
* add update stream output variants
* add update s3 config
* add update server url
* add reset yp registration
* add update external action links
* add update custom styles
* add update custom javascript
* add get video metrics
* add update hide viewer count
* add update search indexing
* Change fediAuth message to be more succinct (#3696)
* Change fediAuth message to be more succint
* Update controllers/auth/fediverse/fediverse.go
for -> from
---------
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
* Mute the 'stream ended' clip's audio (#3630)
* Mute the 'stream ended' clip's audio
The 'stream ended' clip plays at the at the end of every stream broadcast using owncast.
It currently contains audio that peaks at -7.1db. (according to ffmpeg's volumedetect audio filter)
This can result in a bad experience for viewers if the stream that they were just watching had a much lower average volume, and they had turned up their speakers or headphones to compensate. In extreme cases this could theoretically cause harm to viewers and/or their equipment.
As an admin running owncast, there is no way to remove this audio *except* for patching the file. Even if you do patch the file, you need to notify your viewers to clear their browser caches if they have ever seen the clip, because offline.ts has a cache-control max-age header specifying 365 days. The caching of the previous version of this clip is out of scope of this PR.
This issue is discussed in more detail in #1965.
Unlike my previous attempt in #3332, which removed the audio track, this PR *mutes* the audio.
Specifically, I used this ffmpeg command:
```
ffmpeg -i offline.ts -filter:a "volume=0.0" output.ts
```
There are no other modifications to the clip.
* Commit updated API documentation
* feat(video): make compatible muted offline clip. Rename clip as a v2 so it is not cached
* Fix conflict
* force add new offline file
---------
Co-authored-by: vivlim <vivlim@vivl.im>
Co-authored-by: Owncast <owncast@owncast.online>
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
* Commit screenshots
* chore(tests): retry cypress tests on failure
* fix(deps): update module github.com/aws/aws-sdk-go to v1.51.23
* chore(deps): update dependency @types/video.js to v7.3.58 (#3705)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bundle embedded web app
* fix(deps): update dependency @codemirror/language-data to v6.5.1 (#3706)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bundle embedded web app
* add update message visibility
* add update user status
* add get moderation user details
* create file for /admin/config endpoints
* chore(deps): update dependency style-loader to v4 (#3703)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bundle embedded web app
* chore(deps): update typescript-eslint monorepo to v7.7.0
* Bundle embedded web app
* add non-api endpoints to new router
* add set federation enabled
* add set federation private
* chore(tests): attempt to clean up test flakiness (#3710)
* chore(deps): update dependency @types/react to v18.2.79
* add show federation engagement
* add set federation username
* add set federation go live message
* add set federation blocked domains
* add set discord notification configuration
* add set browser notification configuration
* add prometheus endpoint
* add send federation message
* add get federation activities
* add indie auth documentation
* add changes to indie auth server
* Bundle embedded web app
* add fediverse auth
* add spam protection and slur filter
* Commit screenshots
* fix bug with hls endpoint
* Add effect to set media session metadata (#3713)
* Bundle embedded web app
* chore(deps): update dependency sass-loader to v14.2.1
* Bundle embedded web app
* Commit screenshots
* fix(deps): update nextjs monorepo to v14.2.2
* Bundle embedded web app
* Commit screenshots
* fix(deps): update dependency react-virtuoso to v4.7.9
* Bundle embedded web app
* chore(deps): update dependency cypress to v13.8.0
* Bundle embedded web app
* Commit screenshots
* chore(deps): lock file maintenance
* Bundle embedded web app
* add options requests and reformat operationIds
* chore(go): update to go 1.22 (#3708)
* chore(go): update to go 1.22
* fix: install go before running codeql to fix autobild
* chore(test): explicitly set base crosscompile image
* fix(test): do not point at image with incorrect version of Go
* chore: troubleshoot js autoformating in workflow
* Commit screenshots
* add wildcard to index path
* give /admin/ routes precedence
* fix(deps): update dependency @fontsource/poppins to v5.0.14
* Bundle embedded web app
* Bump formidable and artillery in /test/load (#3718)
Removes [formidable](https://github.com/node-formidable/formidable). It's no longer used after updating ancestor dependency [artillery](https://github.com/artilleryio/artillery). These dependencies need to be updated together.
Removes `formidable`
Updates `artillery` from 2.0.2 to 2.0.10
- [Release notes](https://github.com/artilleryio/artillery/releases)
- [Commits](https://github.com/artilleryio/artillery/compare/artillery-2.0.2...artillery-2.0.10)
---
updated-dependencies:
- dependency-name: formidable
dependency-type: indirect
- dependency-name: artillery
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Commit screenshots
* chore(deps): update peter-evans/create-or-update-comment digest to da12db3
* fix(deps): update dependency react-virtuoso to v4.7.10
* add verbose logging and update handler precedence
* Bundle embedded web app
* Commit screenshots
* chore(deps): update golangci/golangci-lint-action action to v5 (#3722)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update typescript-eslint monorepo to v7.7.1
* Bundle embedded web app
* Commit screenshots
* chore(deps): update dependency knip to v5.10.0
* Bundle embedded web app
* add federation routers
* updated comments to pass linter
* fix bug with mount
* fix linting errors
* add router logs to log files
* update emoji dir
* fixed linting error
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Owncast <owncast@owncast.online>
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
Co-authored-by: mahmed2000 <49453542+mahmed2000@users.noreply.github.com>
Co-authored-by: Muaz Ahmad <mahmad2000@protonmail.com>
Co-authored-by: Jeet Chawda <68128367+Jeetch8@users.noreply.github.com>
Co-authored-by: Vivian Lim ⭐ <1565930+vivlim@users.noreply.github.com>
Co-authored-by: vivlim <vivlim@vivl.im>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat(chat): basic profanity filter. For #3139
* feat(chat): add setting for disabling chat spam protection. Closes#3523
* feat(chat): wire up the new chat slur filter to admin and chat. Closes#3139
* feat(api): add server-side caching for requests that could benefit for them
* fix(tests): do not cache responses while in tests
* fix: remove commented out leftover code
* chore(deps): update dependency html-webpack-plugin to v5.5.4
* Bundle embedded web app
* fix: remove caching for web app assets under test
* chore(tests): re-enable temporarily disabled test
* chore(deps): update dependency typescript to v5.3.3
* Bundle embedded web app
* chore(deps): update dependency npm to v10.2.5
* Bundle embedded web app
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Owncast <owncast@owncast.online>
The semantics of the Authorization header are defined by RFC 9110, which says:
> It uses a case-insensitive token to identify the authentication scheme:
Therefore, "bearer", "Bearer", and "bEARER" are equivalent. This patch fixes
the parsing of the Authorization header to check for the Bearer authentication
scheme case insensitively.
I've modified one of the test cases to use lowercase "bearer", so there's test
coverage for this.
* chore: replace nanmu/gzip by CAFxX/httpcompression for compression
Instead of using nanmu42/gzip which imports the whole gin framework,
we replace it with CAFxX/httpcompression which is more lightweight.
Fixes#2697
* Run go mod tidy
---------
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
* Custom emoji editor: implement backend
This reuses the logo upload code
* Implement emoji edit admin interface
Again reuse base64 logic from the logo upload
* Allow toggling between uploaded and default emojis
* Add route that always serves uploaded emojis
This is needed for the admin emoji interface,
as otherwise the emojis will 404 if custom emojis are disabled
* Fix linter warnings
* Remove custom/uploaded emoji logic
* Reset timer after emoji deletion
* Setup: copy built-in emojis to emoji directory
* Able to authenticate user against IndieAuth. For #1273
* WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272
* Add migration to remove access tokens from user
* Add authenticated bool to user for display purposes
* Add indieauth modal and auth flair to display names. For #1273
* Validate URLs and display errors
* Renames, cleanups
* Handle relative auth endpoint paths. Add error handling for missing redirects.
* Disallow using display names in use by registered users. Closes#1810
* Verify code verifier via code challenge on callback
* Use relative path to authorization_endpoint
* Post-rebase fixes
* Use a timestamp instead of a bool for authenticated
* Propertly handle and display error in modal
* Use auth'ed timestamp to derive authenticated flag to display in chat
* Fediverse chat auth via OTP
* Increase validity time just in case
* Add fediverse auth into auth modal
* Text, validation, cleanup updates for fedi auth
* Fix typo
* Remove unused images
* Remove unused file
* Add chat display name to auth modal text
* Able to authenticate user against IndieAuth. For #1273
* WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272
* Add migration to remove access tokens from user
* Add authenticated bool to user for display purposes
* Add indieauth modal and auth flair to display names. For #1273
* Validate URLs and display errors
* Renames, cleanups
* Handle relative auth endpoint paths. Add error handling for missing redirects.
* Disallow using display names in use by registered users. Closes#1810
* Verify code verifier via code challenge on callback
* Use relative path to authorization_endpoint
* Post-rebase fixes
* Use a timestamp instead of a bool for authenticated
* Propertly handle and display error in modal
* Use auth'ed timestamp to derive authenticated flag to display in chat
* don't redirect unless a URL is present
avoids redirecting to `undefined` if there was an error
* improve error message if owncast server URL isn't set
* fix IndieAuth PKCE implementation
use SHA256 instead of SHA1, generates a longer code verifier (must be 43-128 chars long), fixes URL-safe SHA256 encoding
* return real profile data for IndieAuth response
* check the code verifier in the IndieAuth server
* Linting
* Add new chat settings modal anad split up indieauth ui
* Remove logging error
* Update the IndieAuth modal UI. For #1273
* Add IndieAuth repsonse error checking
* Disable IndieAuth client if server URL is not set.
* Add explicit error messages for specific error types
* Fix bad logic
* Return OAuth-keyed error responses for indieauth server
* Display IndieAuth error in plain text with link to return to main page
* Remove redundant check
* Add additional detail to error
* Hide IndieAuth details behind disclosure details
* Break out migration into two steps because some people have been runing dev in production
* Add auth option to user dropdown
Co-authored-by: Aaron Parecki <aaron@parecki.com>