mirror of
https://github.com/imgfloat/server.git
synced 2026-02-05 11:49:25 +00:00
Add settings
This commit is contained in:
@@ -2,7 +2,9 @@ package dev.kruhlmann.imgfloat;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.scheduling.annotation.EnableAsync;
|
||||
|
||||
@EnableAsync
|
||||
@SpringBootApplication
|
||||
public class ImgfloatApplication {
|
||||
public static void main(String[] args) {
|
||||
|
||||
@@ -26,20 +26,10 @@ public class SystemEnvironmentValidator {
|
||||
private String assetsPath;
|
||||
@Value("${IMGFLOAT_PREVIEWS_PATH:#{null}}")
|
||||
private String previewsPath;
|
||||
@Value("${IMGFLOAT_DB_PATH}")
|
||||
@Value("${IMGFLOAT_DB_PATH:#{null}}")
|
||||
private String dbPath;
|
||||
@Value("${IMGFLOAT_MAX_SPEED}")
|
||||
private double maxSpeed;
|
||||
@Value("${IMGFLOAT_MIN_AUDIO_SPEED}")
|
||||
private double minAudioSpeed;
|
||||
@Value("${IMGFLOAT_MAX_AUDIO_SPEED}")
|
||||
private double maxAudioSpeed;
|
||||
@Value("${IMGFLOAT_MIN_AUDIO_PITCH}")
|
||||
private double minAudioPitch;
|
||||
@Value("${IMGFLOAT_MAX_AUDIO_PITCH}")
|
||||
private double maxAudioPitch;
|
||||
@Value("${IMGFLOAT_MAX_AUDIO_VOLUME}")
|
||||
private double maxAudioVolume;
|
||||
@Value("${IMGFLOAT_INITIAL_TWITCH_USERNAME_SYSADMIN:#{null}}")
|
||||
private String initialSysadmin;
|
||||
|
||||
private long maxUploadBytes;
|
||||
private long maxRequestBytes;
|
||||
@@ -52,13 +42,8 @@ public class SystemEnvironmentValidator {
|
||||
maxRequestBytes = DataSize.parse(springMaxRequestSize).toBytes();
|
||||
checkUnsignedNumeric(maxUploadBytes, "SPRING_SERVLET_MULTIPART_MAX_FILE_SIZE", missing);
|
||||
checkUnsignedNumeric(maxRequestBytes, "SPRING_SERVLET_MULTIPART_MAX_REQUEST_SIZE", missing);
|
||||
checkUnsignedNumeric(maxSpeed, "IMGFLOAT_MAX_SPEED", missing);;
|
||||
checkUnsignedNumeric(minAudioSpeed, "IMGFLOAT_MIN_AUDIO_SPEED", missing);;
|
||||
checkUnsignedNumeric(maxAudioSpeed, "IMGFLOAT_MAX_AUDIO_SPEED", missing);;
|
||||
checkUnsignedNumeric(minAudioPitch, "IMGFLOAT_MIN_AUDIO_PITCH", missing);;
|
||||
checkUnsignedNumeric(maxAudioPitch, "IMGFLOAT_MAX_AUDIO_PITCH", missing);;
|
||||
checkUnsignedNumeric(maxAudioVolume, "IMGFLOAT_MAX_AUDIO_VOLUME", missing);;
|
||||
checkString(twitchClientId, "TWITCH_CLIENT_ID", missing);
|
||||
checkString(initialSysadmin, "IMGFLOAT_INITIAL_TWITCH_USERNAME_SYSADMIN", missing);
|
||||
checkString(dbPath, "IMGFLOAT_DB_PATH", missing);
|
||||
checkString(twitchClientSecret, "TWITCH_CLIENT_SECRET", missing);
|
||||
checkString(assetsPath, "IMGFLOAT_ASSETS_PATH", missing);
|
||||
@@ -78,15 +63,10 @@ public class SystemEnvironmentValidator {
|
||||
springMaxFileSize, maxUploadBytes);
|
||||
log.info(" - SPRING_SERVLET_MULTIPART_MAX_REQUEST_SIZE: {} ({} bytes)",
|
||||
springMaxRequestSize, maxRequestBytes);
|
||||
log.info(" - IMGFLOAT_DB_PATH: {}", dbPath);
|
||||
log.info(" - IMGFLOAT_INITIAL_TWITCH_USERNAME_SYSADMIN: {}", initialSysadmin);
|
||||
log.info(" - IMGFLOAT_ASSETS_PATH: {}", assetsPath);
|
||||
log.info(" - IMGFLOAT_PREVIEWS_PATH: {}", previewsPath);
|
||||
log.info(" - IMGFLOAT_DB_PATH: {}", dbPath);
|
||||
log.info(" - IMGFLOAT_MAX_SPEED: {}", maxSpeed);
|
||||
log.info(" - IMGFLOAT_MIN_AUDIO_SPEED: {}", minAudioSpeed);
|
||||
log.info(" - IMGFLOAT_MAX_AUDIO_SPEED: {}", maxAudioSpeed);
|
||||
log.info(" - IMGFLOAT_MIN_AUDIO_PITCH: {}", minAudioPitch);
|
||||
log.info(" - IMGFLOAT_MAX_AUDIO_PITCH: {}", maxAudioPitch);
|
||||
log.info(" - IMGFLOAT_MAX_AUDIO_VOLUME: {}", maxAudioVolume);
|
||||
}
|
||||
|
||||
private void checkString(String value, String name, StringBuilder missing) {
|
||||
|
||||
@@ -7,8 +7,10 @@ import dev.kruhlmann.imgfloat.model.PlaybackRequest;
|
||||
import dev.kruhlmann.imgfloat.model.TransformRequest;
|
||||
import dev.kruhlmann.imgfloat.model.TwitchUserProfile;
|
||||
import dev.kruhlmann.imgfloat.model.VisibilityRequest;
|
||||
import dev.kruhlmann.imgfloat.model.OauthSessionUser;
|
||||
import dev.kruhlmann.imgfloat.service.ChannelDirectoryService;
|
||||
import dev.kruhlmann.imgfloat.service.TwitchUserLookupService;
|
||||
import dev.kruhlmann.imgfloat.service.AuthorizationService;
|
||||
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
|
||||
import jakarta.validation.Valid;
|
||||
import org.slf4j.Logger;
|
||||
@@ -49,22 +51,27 @@ public class ChannelApiController {
|
||||
private final ChannelDirectoryService channelDirectoryService;
|
||||
private final OAuth2AuthorizedClientService authorizedClientService;
|
||||
private final TwitchUserLookupService twitchUserLookupService;
|
||||
private final AuthorizationService authorizationService;
|
||||
|
||||
public ChannelApiController(ChannelDirectoryService channelDirectoryService,
|
||||
OAuth2AuthorizedClientService authorizedClientService,
|
||||
TwitchUserLookupService twitchUserLookupService) {
|
||||
public ChannelApiController(
|
||||
ChannelDirectoryService channelDirectoryService,
|
||||
OAuth2AuthorizedClientService authorizedClientService,
|
||||
TwitchUserLookupService twitchUserLookupService,
|
||||
AuthorizationService authorizationService
|
||||
) {
|
||||
this.channelDirectoryService = channelDirectoryService;
|
||||
this.authorizedClientService = authorizedClientService;
|
||||
this.twitchUserLookupService = twitchUserLookupService;
|
||||
this.authorizationService = authorizationService;
|
||||
}
|
||||
|
||||
@PostMapping("/admins")
|
||||
public ResponseEntity<?> addAdmin(@PathVariable("broadcaster") String broadcaster,
|
||||
@Valid @RequestBody AdminRequest request,
|
||||
OAuth2AuthenticationToken authentication) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
ensureBroadcaster(broadcaster, login);
|
||||
LOG.info("User {} adding admin {} to {}", login, request.getUsername(), broadcaster);
|
||||
OAuth2AuthenticationToken oauthToken) {
|
||||
String sessionUsername = OauthSessionUser.from(oauthToken).login();
|
||||
authorizationService.userMatchesSessionUsernameOrThrowHttpError(broadcaster, sessionUsername);
|
||||
LOG.info("User {} adding admin {} to {}", sessionUsername, request.getUsername(), broadcaster);
|
||||
boolean added = channelDirectoryService.addAdmin(broadcaster, request.getUsername());
|
||||
if (!added) {
|
||||
LOG.info("User {} already admin for {} or could not be added", request.getUsername(), broadcaster);
|
||||
@@ -74,16 +81,16 @@ public class ChannelApiController {
|
||||
|
||||
@GetMapping("/admins")
|
||||
public Collection<TwitchUserProfile> listAdmins(@PathVariable("broadcaster") String broadcaster,
|
||||
OAuth2AuthenticationToken authentication,
|
||||
OAuth2AuthenticationToken oauthToken,
|
||||
@RegisteredOAuth2AuthorizedClient("twitch") OAuth2AuthorizedClient authorizedClient) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
ensureBroadcaster(broadcaster, login);
|
||||
LOG.debug("Listing admins for {} by {}", broadcaster, login);
|
||||
String sessionUsername = OauthSessionUser.from(oauthToken).login();
|
||||
authorizationService.userMatchesSessionUsernameOrThrowHttpError(broadcaster, sessionUsername);
|
||||
LOG.debug("Listing admins for {} by {}", broadcaster, sessionUsername);
|
||||
var channel = channelDirectoryService.getOrCreateChannel(broadcaster);
|
||||
List<String> admins = channel.getAdmins().stream()
|
||||
.sorted(Comparator.naturalOrder())
|
||||
.toList();
|
||||
authorizedClient = resolveAuthorizedClient(authentication, authorizedClient);
|
||||
authorizedClient = resolveAuthorizedClient(oauthToken, authorizedClient);
|
||||
String accessToken = Optional.ofNullable(authorizedClient)
|
||||
.map(OAuth2AuthorizedClient::getAccessToken)
|
||||
.map(token -> token.getTokenValue())
|
||||
@@ -97,16 +104,16 @@ public class ChannelApiController {
|
||||
|
||||
@GetMapping("/admins/suggestions")
|
||||
public Collection<TwitchUserProfile> listAdminSuggestions(@PathVariable("broadcaster") String broadcaster,
|
||||
OAuth2AuthenticationToken authentication,
|
||||
OAuth2AuthenticationToken oauthToken,
|
||||
@RegisteredOAuth2AuthorizedClient("twitch") OAuth2AuthorizedClient authorizedClient) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
ensureBroadcaster(broadcaster, login);
|
||||
LOG.debug("Listing admin suggestions for {} by {}", broadcaster, login);
|
||||
String sessionUsername = OauthSessionUser.from(oauthToken).login();
|
||||
authorizationService.userMatchesSessionUsernameOrThrowHttpError(broadcaster, sessionUsername);
|
||||
LOG.debug("Listing admin suggestions for {} by {}", broadcaster, sessionUsername);
|
||||
var channel = channelDirectoryService.getOrCreateChannel(broadcaster);
|
||||
authorizedClient = resolveAuthorizedClient(authentication, authorizedClient);
|
||||
authorizedClient = resolveAuthorizedClient(oauthToken, authorizedClient);
|
||||
|
||||
if (authorizedClient == null) {
|
||||
LOG.warn("No authorized Twitch client found for {} while fetching admin suggestions for {}", login, broadcaster);
|
||||
LOG.warn("No authorized Twitch client found for {} while fetching admin suggestions for {}", sessionUsername, broadcaster);
|
||||
return List.of();
|
||||
}
|
||||
String accessToken = Optional.ofNullable(authorizedClient)
|
||||
@@ -118,7 +125,7 @@ public class ChannelApiController {
|
||||
.map(registration -> registration.getClientId())
|
||||
.orElse(null);
|
||||
if (accessToken == null || accessToken.isBlank() || clientId == null || clientId.isBlank()) {
|
||||
LOG.warn("Missing Twitch credentials for {} while fetching admin suggestions for {}", login, broadcaster);
|
||||
LOG.warn("Missing Twitch credentials for {} while fetching admin suggestions for {}", sessionUsername, broadcaster);
|
||||
return List.of();
|
||||
}
|
||||
return twitchUserLookupService.fetchModerators(broadcaster, channel.getAdmins(), accessToken, clientId);
|
||||
@@ -127,24 +134,16 @@ public class ChannelApiController {
|
||||
@DeleteMapping("/admins/{username}")
|
||||
public ResponseEntity<?> removeAdmin(@PathVariable("broadcaster") String broadcaster,
|
||||
@PathVariable("username") String username,
|
||||
OAuth2AuthenticationToken authentication) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
ensureBroadcaster(broadcaster, login);
|
||||
LOG.info("User {} removing admin {} from {}", login, username, broadcaster);
|
||||
OAuth2AuthenticationToken oauthToken) {
|
||||
String sessionUsername = OauthSessionUser.from(oauthToken).login();
|
||||
authorizationService.userMatchesSessionUsernameOrThrowHttpError(broadcaster, sessionUsername);
|
||||
LOG.info("User {} removing admin {} from {}", sessionUsername, username, broadcaster);
|
||||
boolean removed = channelDirectoryService.removeAdmin(broadcaster, username);
|
||||
return ResponseEntity.ok().body(removed);
|
||||
}
|
||||
|
||||
@GetMapping("/assets")
|
||||
public Collection<AssetView> listAssets(@PathVariable("broadcaster") String broadcaster,
|
||||
OAuth2AuthenticationToken authentication) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
if (!channelDirectoryService.isBroadcaster(broadcaster, login)
|
||||
&& !channelDirectoryService.isAdmin(broadcaster, login)) {
|
||||
LOG.warn("Unauthorized asset listing attempt for {} by {}", broadcaster, login);
|
||||
throw new ResponseStatusException(FORBIDDEN, "Not authorized");
|
||||
}
|
||||
LOG.info("Listing assets for {} requested by {}", broadcaster, login);
|
||||
public Collection<AssetView> listAssets(@PathVariable("broadcaster") String broadcaster) {
|
||||
return channelDirectoryService.getAssetsForAdmin(broadcaster);
|
||||
}
|
||||
|
||||
@@ -155,37 +154,36 @@ public class ChannelApiController {
|
||||
|
||||
@GetMapping("/canvas")
|
||||
public CanvasSettingsRequest getCanvas(@PathVariable("broadcaster") String broadcaster) {
|
||||
LOG.debug("Fetching canvas settings for {}", broadcaster);
|
||||
return channelDirectoryService.getCanvasSettings(broadcaster);
|
||||
}
|
||||
|
||||
@PutMapping("/canvas")
|
||||
public CanvasSettingsRequest updateCanvas(@PathVariable("broadcaster") String broadcaster,
|
||||
@Valid @RequestBody CanvasSettingsRequest request,
|
||||
OAuth2AuthenticationToken authentication) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
ensureBroadcaster(broadcaster, login);
|
||||
LOG.info("Updating canvas for {} by {}: {}x{}", broadcaster, login, request.getWidth(), request.getHeight());
|
||||
OAuth2AuthenticationToken oauthToken) {
|
||||
String sessionUsername = OauthSessionUser.from(oauthToken).login();
|
||||
authorizationService.userMatchesSessionUsernameOrThrowHttpError(broadcaster, sessionUsername);
|
||||
LOG.info("Updating canvas for {} by {}: {}x{}", broadcaster, sessionUsername, request.getWidth(), request.getHeight());
|
||||
return channelDirectoryService.updateCanvasSettings(broadcaster, request);
|
||||
}
|
||||
|
||||
@PostMapping(value = "/assets", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
|
||||
public ResponseEntity<AssetView> createAsset(@PathVariable("broadcaster") String broadcaster,
|
||||
@org.springframework.web.bind.annotation.RequestPart("file") MultipartFile file,
|
||||
OAuth2AuthenticationToken authentication) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
ensureAuthorized(broadcaster, login);
|
||||
OAuth2AuthenticationToken oauthToken) {
|
||||
String sessionUsername = OauthSessionUser.from(oauthToken).login();
|
||||
authorizationService.userIsBroadcasterOrChannelAdminForBroadcasterOrThrowHttpError(broadcaster, sessionUsername);
|
||||
if (file == null || file.isEmpty()) {
|
||||
LOG.warn("User {} attempted to upload empty file to {}", login, broadcaster);
|
||||
LOG.warn("User {} attempted to upload empty file to {}", sessionUsername, broadcaster);
|
||||
throw new ResponseStatusException(BAD_REQUEST, "Asset file is required");
|
||||
}
|
||||
try {
|
||||
LOG.info("User {} uploading asset {} to {}", login, file.getOriginalFilename(), broadcaster);
|
||||
LOG.info("User {} uploading asset {} to {}", sessionUsername, file.getOriginalFilename(), broadcaster);
|
||||
return channelDirectoryService.createAsset(broadcaster, file)
|
||||
.map(ResponseEntity::ok)
|
||||
.orElseThrow(() -> new ResponseStatusException(BAD_REQUEST, "Unable to read image"));
|
||||
} catch (IOException e) {
|
||||
LOG.error("Failed to process asset upload for {} by {}", broadcaster, login, e);
|
||||
LOG.error("Failed to process asset upload for {} by {}", broadcaster, sessionUsername, e);
|
||||
throw new ResponseStatusException(BAD_REQUEST, "Failed to process image", e);
|
||||
}
|
||||
}
|
||||
@@ -194,14 +192,14 @@ public class ChannelApiController {
|
||||
public ResponseEntity<AssetView> transform(@PathVariable("broadcaster") String broadcaster,
|
||||
@PathVariable("assetId") String assetId,
|
||||
@Valid @RequestBody TransformRequest request,
|
||||
OAuth2AuthenticationToken authentication) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
ensureAuthorized(broadcaster, login);
|
||||
LOG.debug("Applying transform to asset {} on {} by {}", assetId, broadcaster, login);
|
||||
OAuth2AuthenticationToken oauthToken) {
|
||||
String sessionUsername = OauthSessionUser.from(oauthToken).login();
|
||||
authorizationService.userIsBroadcasterOrChannelAdminForBroadcasterOrThrowHttpError(broadcaster, sessionUsername);
|
||||
LOG.debug("Applying transform to asset {} on {} by {}", assetId, broadcaster, sessionUsername);
|
||||
return channelDirectoryService.updateTransform(broadcaster, assetId, request)
|
||||
.map(ResponseEntity::ok)
|
||||
.orElseThrow(() -> {
|
||||
LOG.warn("Transform request for missing asset {} on {} by {}", assetId, broadcaster, login);
|
||||
LOG.warn("Transform request for missing asset {} on {} by {}", assetId, broadcaster, sessionUsername);
|
||||
return new ResponseStatusException(NOT_FOUND, "Asset not found");
|
||||
});
|
||||
}
|
||||
@@ -210,9 +208,10 @@ public class ChannelApiController {
|
||||
public ResponseEntity<AssetView> play(@PathVariable("broadcaster") String broadcaster,
|
||||
@PathVariable("assetId") String assetId,
|
||||
@RequestBody(required = false) PlaybackRequest request,
|
||||
OAuth2AuthenticationToken authentication) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
ensureAuthorized(broadcaster, login);
|
||||
OAuth2AuthenticationToken oauthToken) {
|
||||
String sessionUsername = OauthSessionUser.from(oauthToken).login();
|
||||
authorizationService.userIsBroadcasterOrChannelAdminForBroadcasterOrThrowHttpError(broadcaster, sessionUsername);
|
||||
LOG.info("Triggering playback for asset {} on {} by {}", assetId, broadcaster, sessionUsername);
|
||||
return channelDirectoryService.triggerPlayback(broadcaster, assetId, request)
|
||||
.map(ResponseEntity::ok)
|
||||
.orElseThrow(() -> new ResponseStatusException(NOT_FOUND, "Asset not found"));
|
||||
@@ -222,76 +221,41 @@ public class ChannelApiController {
|
||||
public ResponseEntity<AssetView> visibility(@PathVariable("broadcaster") String broadcaster,
|
||||
@PathVariable("assetId") String assetId,
|
||||
@RequestBody VisibilityRequest request,
|
||||
OAuth2AuthenticationToken authentication) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
ensureAuthorized(broadcaster, login);
|
||||
LOG.info("Updating visibility for asset {} on {} by {} to hidden={} ", assetId, broadcaster, login, request.isHidden());
|
||||
OAuth2AuthenticationToken oauthToken) {
|
||||
String sessionUsername = OauthSessionUser.from(oauthToken).login();
|
||||
authorizationService.userIsBroadcasterOrChannelAdminForBroadcasterOrThrowHttpError(broadcaster, sessionUsername);
|
||||
LOG.info("Updating visibility for asset {} on {} by {} to hidden={} ", assetId, broadcaster, sessionUsername , request.isHidden());
|
||||
return channelDirectoryService.updateVisibility(broadcaster, assetId, request)
|
||||
.map(ResponseEntity::ok)
|
||||
.orElseThrow(() -> {
|
||||
LOG.warn("Visibility update for missing asset {} on {} by {}", assetId, broadcaster, login);
|
||||
LOG.warn("Visibility update for missing asset {} on {} by {}", assetId, broadcaster, sessionUsername);
|
||||
return new ResponseStatusException(NOT_FOUND, "Asset not found");
|
||||
});
|
||||
}
|
||||
|
||||
@GetMapping("/assets/{assetId}/content")
|
||||
public ResponseEntity<byte[]> getAssetContent(@PathVariable("broadcaster") String broadcaster,
|
||||
@PathVariable("assetId") String assetId,
|
||||
OAuth2AuthenticationToken authentication) {
|
||||
boolean authorized = false;
|
||||
if (authentication != null) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
authorized = channelDirectoryService.isBroadcaster(broadcaster, login)
|
||||
|| channelDirectoryService.isAdmin(broadcaster, login);
|
||||
}
|
||||
|
||||
if (authorized) {
|
||||
LOG.debug("Serving asset {} for broadcaster {} to authenticated user {}", assetId, broadcaster, authentication.getName());
|
||||
return channelDirectoryService.getAssetContent(assetId)
|
||||
.map(content -> ResponseEntity.ok()
|
||||
.header("X-Content-Type-Options", "nosniff")
|
||||
.header(HttpHeaders.CONTENT_DISPOSITION, contentDispositionFor(content.mediaType()))
|
||||
.contentType(MediaType.parseMediaType(content.mediaType()))
|
||||
.body(content.bytes()))
|
||||
.orElseThrow(() -> new ResponseStatusException(NOT_FOUND, "Asset not found"));
|
||||
}
|
||||
|
||||
return channelDirectoryService.getVisibleAssetContent(assetId)
|
||||
.map(content -> ResponseEntity.ok()
|
||||
.header("X-Content-Type-Options", "nosniff")
|
||||
.header(HttpHeaders.CONTENT_DISPOSITION, contentDispositionFor(content.mediaType()))
|
||||
.contentType(MediaType.parseMediaType(content.mediaType()))
|
||||
.body(content.bytes()))
|
||||
.orElseThrow(() -> new ResponseStatusException(FORBIDDEN, "Asset not available"));
|
||||
@PathVariable("assetId") String assetId) {
|
||||
LOG.debug("Serving asset {} for broadcaster {}", assetId, broadcaster);
|
||||
return channelDirectoryService.getAssetContent(assetId)
|
||||
.map(content -> ResponseEntity.ok()
|
||||
.header("X-Content-Type-Options", "nosniff")
|
||||
.header(HttpHeaders.CONTENT_DISPOSITION, contentDispositionFor(content.mediaType()))
|
||||
.contentType(MediaType.parseMediaType(content.mediaType()))
|
||||
.body(content.bytes()))
|
||||
.orElseThrow(() -> new ResponseStatusException(NOT_FOUND, "Asset not found"));
|
||||
}
|
||||
|
||||
@GetMapping("/assets/{assetId}/preview")
|
||||
public ResponseEntity<byte[]> getAssetPreview(@PathVariable("broadcaster") String broadcaster,
|
||||
@PathVariable("assetId") String assetId,
|
||||
OAuth2AuthenticationToken authentication) {
|
||||
boolean authorized = false;
|
||||
if (authentication != null) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
authorized = channelDirectoryService.isBroadcaster(broadcaster, login)
|
||||
|| channelDirectoryService.isAdmin(broadcaster, login);
|
||||
}
|
||||
|
||||
if (authorized) {
|
||||
LOG.debug("Serving preview for asset {} for broadcaster {}", assetId, broadcaster);
|
||||
return channelDirectoryService.getAssetPreview(assetId, true)
|
||||
.map(content -> ResponseEntity.ok()
|
||||
.header("X-Content-Type-Options", "nosniff")
|
||||
.contentType(MediaType.parseMediaType(content.mediaType()))
|
||||
.body(content.bytes()))
|
||||
.orElseThrow(() -> new ResponseStatusException(NOT_FOUND, "Preview not found"));
|
||||
}
|
||||
|
||||
return channelDirectoryService.getAssetPreview(assetId, false)
|
||||
.map(content -> ResponseEntity.ok()
|
||||
.header("X-Content-Type-Options", "nosniff")
|
||||
.contentType(MediaType.parseMediaType(content.mediaType()))
|
||||
.body(content.bytes()))
|
||||
.orElseThrow(() -> new ResponseStatusException(FORBIDDEN, "Preview not available"));
|
||||
@PathVariable("assetId") String assetId) {
|
||||
LOG.debug("Serving preview for asset {} for broadcaster {}", assetId, broadcaster);
|
||||
return channelDirectoryService.getAssetPreview(assetId, true)
|
||||
.map(content -> ResponseEntity.ok()
|
||||
.header("X-Content-Type-Options", "nosniff")
|
||||
.contentType(MediaType.parseMediaType(content.mediaType()))
|
||||
.body(content.bytes()))
|
||||
.orElseThrow(() -> new ResponseStatusException(NOT_FOUND, "Preview not found"));
|
||||
}
|
||||
|
||||
private String contentDispositionFor(String mediaType) {
|
||||
@@ -304,43 +268,26 @@ public class ChannelApiController {
|
||||
@DeleteMapping("/assets/{assetId}")
|
||||
public ResponseEntity<?> delete(@PathVariable("broadcaster") String broadcaster,
|
||||
@PathVariable("assetId") String assetId,
|
||||
OAuth2AuthenticationToken authentication) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
ensureAuthorized(broadcaster, login);
|
||||
OAuth2AuthenticationToken oauthToken) {
|
||||
String sessionUsername = OauthSessionUser.from(oauthToken).login();
|
||||
authorizationService.userIsBroadcasterOrChannelAdminForBroadcasterOrThrowHttpError(broadcaster, sessionUsername);
|
||||
boolean removed = channelDirectoryService.deleteAsset(assetId);
|
||||
if (!removed) {
|
||||
LOG.warn("Attempt to delete missing asset {} on {} by {}", assetId, broadcaster, login);
|
||||
LOG.warn("Attempt to delete missing asset {} on {} by {}", assetId, broadcaster, sessionUsername);
|
||||
throw new ResponseStatusException(NOT_FOUND, "Asset not found");
|
||||
}
|
||||
LOG.info("Asset {} deleted on {} by {}", assetId, broadcaster, login);
|
||||
LOG.info("Asset {} deleted on {} by {}", assetId, broadcaster, sessionUsername);
|
||||
return ResponseEntity.ok().build();
|
||||
}
|
||||
|
||||
private void ensureBroadcaster(String broadcaster, String login) {
|
||||
if (!channelDirectoryService.isBroadcaster(broadcaster, login)) {
|
||||
LOG.warn("Access denied for broadcaster-only action on {} by {}", broadcaster, login);
|
||||
throw new ResponseStatusException(FORBIDDEN, "Only broadcasters can manage admins");
|
||||
}
|
||||
}
|
||||
|
||||
private void ensureAuthorized(String broadcaster, String login) {
|
||||
if (!channelDirectoryService.isBroadcaster(broadcaster, login)
|
||||
&& !channelDirectoryService.isAdmin(broadcaster, login)) {
|
||||
LOG.warn("Unauthorized access to channel {} by {}", broadcaster, login);
|
||||
throw new ResponseStatusException(FORBIDDEN, "No permission for channel");
|
||||
}
|
||||
}
|
||||
|
||||
private OAuth2AuthorizedClient resolveAuthorizedClient(OAuth2AuthenticationToken authentication,
|
||||
private OAuth2AuthorizedClient resolveAuthorizedClient(OAuth2AuthenticationToken oauthToken,
|
||||
OAuth2AuthorizedClient authorizedClient) {
|
||||
if (authorizedClient != null) {
|
||||
return authorizedClient;
|
||||
}
|
||||
if (authentication == null) {
|
||||
if (oauthToken == null) {
|
||||
return null;
|
||||
}
|
||||
return authorizedClientService.loadAuthorizedClient(
|
||||
authentication.getAuthorizedClientRegistrationId(),
|
||||
authentication.getName());
|
||||
return authorizedClientService.loadAuthorizedClient(oauthToken.getAuthorizedClientRegistrationId(), oauthToken.getName());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,63 @@
|
||||
package dev.kruhlmann.imgfloat.controller;
|
||||
|
||||
import dev.kruhlmann.imgfloat.model.Settings;
|
||||
import dev.kruhlmann.imgfloat.model.OauthSessionUser;
|
||||
import dev.kruhlmann.imgfloat.service.SettingsService;
|
||||
import dev.kruhlmann.imgfloat.service.AuthorizationService;
|
||||
|
||||
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
|
||||
import jakarta.validation.Valid;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
|
||||
import org.springframework.web.bind.annotation.DeleteMapping;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.PutMapping;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.server.ResponseStatusException;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.io.IOException;
|
||||
import java.util.Comparator;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
import static org.springframework.http.HttpStatus.FORBIDDEN;
|
||||
import static org.springframework.http.HttpStatus.NOT_FOUND;
|
||||
import static org.springframework.http.HttpStatus.BAD_REQUEST;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/api/settings")
|
||||
@SecurityRequirement(name = "administrator")
|
||||
public class SettingsApiController {
|
||||
private static final Logger LOG = LoggerFactory.getLogger(ChannelApiController.class);
|
||||
|
||||
private final SettingsService settingsService;
|
||||
private final AuthorizationService authorizationService;
|
||||
|
||||
public SettingsApiController(SettingsService settingsService, AuthorizationService authorizationService) {
|
||||
this.settingsService = settingsService;
|
||||
this.authorizationService = authorizationService;
|
||||
}
|
||||
|
||||
@PutMapping("/set")
|
||||
public ResponseEntity<Settings> setSettings(@Valid @RequestBody Settings newSettings, OAuth2AuthenticationToken oauthToken) {
|
||||
String sessionUsername = OauthSessionUser.from(oauthToken).login();
|
||||
authorizationService.userIsSystemAdministratorOrThrowHttpError(sessionUsername);
|
||||
|
||||
Settings currentSettings = settingsService.get();
|
||||
LOG.info("Sytem administrator settings change request");
|
||||
settingsService.logSettings("From: ", currentSettings);
|
||||
settingsService.logSettings("To: ", newSettings);
|
||||
|
||||
return ResponseEntity.ok().body(newSettings);
|
||||
}
|
||||
}
|
||||
@@ -2,6 +2,13 @@ package dev.kruhlmann.imgfloat.controller;
|
||||
|
||||
import dev.kruhlmann.imgfloat.service.ChannelDirectoryService;
|
||||
import dev.kruhlmann.imgfloat.service.VersionService;
|
||||
import dev.kruhlmann.imgfloat.service.SettingsService;
|
||||
import dev.kruhlmann.imgfloat.service.AuthorizationService;
|
||||
import dev.kruhlmann.imgfloat.model.Settings;
|
||||
import dev.kruhlmann.imgfloat.model.OauthSessionUser;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -13,51 +20,42 @@ import org.springframework.util.unit.DataSize;
|
||||
import org.springframework.web.server.ResponseStatusException;
|
||||
|
||||
import static org.springframework.http.HttpStatus.FORBIDDEN;
|
||||
import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR;
|
||||
|
||||
@Controller
|
||||
public class ViewController {
|
||||
private static final Logger LOG = LoggerFactory.getLogger(ViewController.class);
|
||||
private final ChannelDirectoryService channelDirectoryService;
|
||||
private final VersionService versionService;
|
||||
private final SettingsService settingsService;
|
||||
private final ObjectMapper objectMapper;
|
||||
private final AuthorizationService authorizationService;
|
||||
|
||||
@Autowired
|
||||
private long uploadLimitBytes;
|
||||
|
||||
private double maxSpeed;
|
||||
private double minAudioSpeed;
|
||||
private double maxAudioSpeed;
|
||||
private double minAudioPitch;
|
||||
private double maxAudioPitch;
|
||||
private double maxAudioVolume;
|
||||
|
||||
public ViewController(
|
||||
ChannelDirectoryService channelDirectoryService,
|
||||
VersionService versionService,
|
||||
@Value("${IMGFLOAT_MAX_SPEED}") double maxSpeed,
|
||||
@Value("${IMGFLOAT_MIN_AUDIO_SPEED}") double minAudioSpeed,
|
||||
@Value("${IMGFLOAT_MAX_AUDIO_SPEED}") double maxAudioSpeed,
|
||||
@Value("${IMGFLOAT_MIN_AUDIO_PITCH}") double minAudioPitch,
|
||||
@Value("${IMGFLOAT_MAX_AUDIO_PITCH}") double maxAudioPitch,
|
||||
@Value("${IMGFLOAT_MAX_AUDIO_VOLUME}") double maxAudioVolume
|
||||
SettingsService settingsService,
|
||||
ObjectMapper objectMapper,
|
||||
AuthorizationService authorizationService
|
||||
) {
|
||||
this.channelDirectoryService = channelDirectoryService;
|
||||
this.versionService = versionService;
|
||||
this.maxSpeed = maxSpeed;
|
||||
this.minAudioSpeed = minAudioSpeed;
|
||||
this.maxAudioSpeed = maxAudioSpeed;
|
||||
this.minAudioPitch = minAudioPitch;
|
||||
this.maxAudioPitch = maxAudioPitch;
|
||||
this.maxAudioVolume = maxAudioVolume;
|
||||
this.settingsService = settingsService;
|
||||
this.objectMapper = objectMapper;
|
||||
this.authorizationService = authorizationService;
|
||||
}
|
||||
|
||||
@org.springframework.web.bind.annotation.GetMapping("/")
|
||||
public String home(OAuth2AuthenticationToken authentication, Model model) {
|
||||
if (authentication != null) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
LOG.info("Rendering dashboard for {}", login);
|
||||
model.addAttribute("username", login);
|
||||
model.addAttribute("channel", login);
|
||||
model.addAttribute("adminChannels", channelDirectoryService.adminChannelsFor(login));
|
||||
public String home(OAuth2AuthenticationToken oauthToken, Model model) {
|
||||
if (oauthToken != null) {
|
||||
String sessionUsername = OauthSessionUser.from(oauthToken).login();
|
||||
LOG.info("Rendering dashboard for {}", sessionUsername);
|
||||
model.addAttribute("username", sessionUsername);
|
||||
model.addAttribute("channel", sessionUsername);
|
||||
model.addAttribute("adminChannels", channelDirectoryService.adminChannelsFor(sessionUsername));
|
||||
return "dashboard";
|
||||
}
|
||||
model.addAttribute("version", versionService.getVersion());
|
||||
@@ -72,25 +70,21 @@ public class ViewController {
|
||||
|
||||
@org.springframework.web.bind.annotation.GetMapping("/view/{broadcaster}/admin")
|
||||
public String adminView(@org.springframework.web.bind.annotation.PathVariable("broadcaster") String broadcaster,
|
||||
OAuth2AuthenticationToken authentication,
|
||||
Model model) {
|
||||
String login = TwitchUser.from(authentication).login();
|
||||
if (!channelDirectoryService.isBroadcaster(broadcaster, login)
|
||||
&& !channelDirectoryService.isAdmin(broadcaster, login)) {
|
||||
LOG.warn("Unauthorized admin console access attempt for {} by {}", broadcaster, login);
|
||||
throw new ResponseStatusException(FORBIDDEN, "Not authorized for admin tools");
|
||||
}
|
||||
LOG.info("Rendering admin console for {} (requested by {})", broadcaster, login);
|
||||
OAuth2AuthenticationToken oauthToken,
|
||||
Model model) {
|
||||
String sessionUsername = OauthSessionUser.from(oauthToken).login();
|
||||
authorizationService.userIsBroadcasterOrChannelAdminForBroadcasterOrThrowHttpError(broadcaster, sessionUsername);
|
||||
LOG.info("Rendering admin console for {} (requested by {})", broadcaster, sessionUsername);
|
||||
Settings settings = settingsService.get();
|
||||
model.addAttribute("broadcaster", broadcaster.toLowerCase());
|
||||
model.addAttribute("username", login);
|
||||
model.addAttribute("username", sessionUsername);
|
||||
model.addAttribute("uploadLimitBytes", uploadLimitBytes);
|
||||
|
||||
model.addAttribute("maxSpeed", maxSpeed);
|
||||
model.addAttribute("minAudioSpeed", minAudioSpeed);
|
||||
model.addAttribute("maxAudioSpeed", maxAudioSpeed);
|
||||
model.addAttribute("minAudioPitch", minAudioPitch);
|
||||
model.addAttribute("maxAudioPitch", maxAudioPitch);
|
||||
model.addAttribute("maxAudioVolume", maxAudioVolume);
|
||||
try {
|
||||
model.addAttribute("settingsJson", objectMapper.writeValueAsString(settings));
|
||||
} catch (JsonProcessingException e) {
|
||||
LOG.error("Failed to serialize settings for admin view", e);
|
||||
throw new ResponseStatusException(INTERNAL_SERVER_ERROR, "Failed to serialize settings");
|
||||
}
|
||||
|
||||
return "admin";
|
||||
}
|
||||
@@ -103,23 +97,3 @@ public class ViewController {
|
||||
return "broadcast";
|
||||
}
|
||||
}
|
||||
|
||||
record TwitchUser(String login, String displayName) {
|
||||
static TwitchUser from(OAuth2AuthenticationToken authentication) {
|
||||
if (authentication == null) {
|
||||
throw new ResponseStatusException(FORBIDDEN, "Authentication required");
|
||||
}
|
||||
String login = authentication.getPrincipal().<String>getAttribute("preferred_username");
|
||||
if (login == null) {
|
||||
login = authentication.getPrincipal().<String>getAttribute("login");
|
||||
}
|
||||
if (login == null) {
|
||||
login = authentication.getPrincipal().getName();
|
||||
}
|
||||
String displayName = authentication.getPrincipal().<String>getAttribute("display_name");
|
||||
if (displayName == null) {
|
||||
displayName = login;
|
||||
}
|
||||
return new TwitchUser(login, displayName);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
package dev.kruhlmann.imgfloat.model;
|
||||
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
|
||||
|
||||
public record OauthSessionUser(String login, String displayName) {
|
||||
public static OauthSessionUser from(OAuth2AuthenticationToken authentication) {
|
||||
if (authentication == null) {
|
||||
return null;
|
||||
}
|
||||
String login = authentication.getPrincipal().<String>getAttribute("preferred_username");
|
||||
if (login == null) {
|
||||
login = authentication.getPrincipal().<String>getAttribute("login");
|
||||
}
|
||||
if (login == null) {
|
||||
login = authentication.getPrincipal().getName();
|
||||
}
|
||||
String displayName = authentication.getPrincipal().<String>getAttribute("display_name");
|
||||
if (displayName == null) {
|
||||
displayName = login;
|
||||
}
|
||||
return new OauthSessionUser(login, displayName);
|
||||
}
|
||||
}
|
||||
121
src/main/java/dev/kruhlmann/imgfloat/model/Settings.java
Normal file
121
src/main/java/dev/kruhlmann/imgfloat/model/Settings.java
Normal file
@@ -0,0 +1,121 @@
|
||||
package dev.kruhlmann.imgfloat.model;
|
||||
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Id;
|
||||
import jakarta.persistence.PrePersist;
|
||||
import jakarta.persistence.Table;
|
||||
import jakarta.persistence.PreUpdate;
|
||||
|
||||
@Entity
|
||||
@Table(name = "settings")
|
||||
public class Settings {
|
||||
@Id
|
||||
@Column(nullable = false)
|
||||
private int id = 1;
|
||||
@Column(nullable = false)
|
||||
private double minAssetPlaybackSpeedFraction;
|
||||
@Column(nullable = false)
|
||||
private double maxAssetPlaybackSpeedFraction;
|
||||
@Column(nullable = false)
|
||||
private double minAssetAudioPitchFraction;
|
||||
@Column(nullable = false)
|
||||
private double maxAssetAudioPitchFraction;
|
||||
@Column(nullable = false)
|
||||
private double minAssetVolumeFraction;
|
||||
@Column(nullable = false)
|
||||
private double maxAssetVolumeFraction;
|
||||
@Column(nullable = false)
|
||||
private int maxCanvasSideLengthPixels;
|
||||
@Column(nullable = false)
|
||||
private int canvasFramesPerSecond;
|
||||
|
||||
protected Settings() {
|
||||
}
|
||||
|
||||
public static Settings defaults() {
|
||||
Settings s = new Settings();
|
||||
s.setMinAssetPlaybackSpeedFraction(0.1);
|
||||
s.setMaxAssetPlaybackSpeedFraction(4.0);
|
||||
s.setMinAssetAudioPitchFraction(0.1);
|
||||
s.setMaxAssetAudioPitchFraction(4.0);
|
||||
s.setMinAssetVolumeFraction(0.01);
|
||||
s.setMaxAssetVolumeFraction(5.0);
|
||||
s.setMaxCanvasSideLengthPixels(7680);
|
||||
s.setCanvasFramesPerSecond(60);
|
||||
return s;
|
||||
}
|
||||
|
||||
public void setId(int id) {
|
||||
this.id = id;
|
||||
}
|
||||
|
||||
public int getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
public double getMinAssetPlaybackSpeedFraction() {
|
||||
return minAssetPlaybackSpeedFraction;
|
||||
}
|
||||
|
||||
public void setMinAssetPlaybackSpeedFraction(double value) {
|
||||
this.minAssetPlaybackSpeedFraction = value;
|
||||
}
|
||||
|
||||
public double getMaxAssetPlaybackSpeedFraction() {
|
||||
return maxAssetPlaybackSpeedFraction;
|
||||
}
|
||||
|
||||
public void setMaxAssetPlaybackSpeedFraction(double value) {
|
||||
this.maxAssetPlaybackSpeedFraction = value;
|
||||
}
|
||||
|
||||
public double getMinAssetAudioPitchFraction() {
|
||||
return minAssetAudioPitchFraction;
|
||||
}
|
||||
|
||||
public void setMinAssetAudioPitchFraction(double value) {
|
||||
this.minAssetAudioPitchFraction = value;
|
||||
}
|
||||
|
||||
public double getMaxAssetAudioPitchFraction() {
|
||||
return maxAssetAudioPitchFraction;
|
||||
}
|
||||
|
||||
public void setMaxAssetAudioPitchFraction(double value) {
|
||||
this.maxAssetAudioPitchFraction = value;
|
||||
}
|
||||
|
||||
public double getMinAssetVolumeFraction() {
|
||||
return minAssetVolumeFraction;
|
||||
}
|
||||
|
||||
public void setMinAssetVolumeFraction(double value) {
|
||||
this.minAssetVolumeFraction = value;
|
||||
}
|
||||
|
||||
public double getMaxAssetVolumeFraction() {
|
||||
return maxAssetVolumeFraction;
|
||||
}
|
||||
|
||||
public void setMaxAssetVolumeFraction(double value) {
|
||||
this.maxAssetVolumeFraction = value;
|
||||
}
|
||||
|
||||
public int getCanvasFramesPerSecond() {
|
||||
return canvasFramesPerSecond;
|
||||
}
|
||||
|
||||
public int getMaxCanvasSideLengthPixels() {
|
||||
return maxCanvasSideLengthPixels;
|
||||
}
|
||||
|
||||
public void setMaxCanvasSideLengthPixels(int maxCanvasSideLengthPixels) {
|
||||
this.maxCanvasSideLengthPixels = maxCanvasSideLengthPixels;
|
||||
}
|
||||
|
||||
public void setCanvasFramesPerSecond(int canvasFramesPerSecond) {
|
||||
this.canvasFramesPerSecond = canvasFramesPerSecond;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,54 @@
|
||||
package dev.kruhlmann.imgfloat.model;
|
||||
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Id;
|
||||
import jakarta.persistence.PrePersist;
|
||||
import jakarta.persistence.Table;
|
||||
import jakarta.persistence.PreUpdate;
|
||||
import jakarta.persistence.UniqueConstraint;
|
||||
|
||||
import java.time.Instant;
|
||||
import java.util.Locale;
|
||||
import java.util.UUID;
|
||||
|
||||
@Entity
|
||||
@Table(
|
||||
name = "system_administrators",
|
||||
uniqueConstraints = @UniqueConstraint(columnNames = "twitch_username")
|
||||
)
|
||||
public class SystemAdministrator {
|
||||
@Id
|
||||
private String id;
|
||||
@Column(name = "twitch_username", nullable = false)
|
||||
private String twitchUsername;
|
||||
|
||||
public SystemAdministrator() {
|
||||
}
|
||||
|
||||
public SystemAdministrator(String twitchUsername) {
|
||||
this.twitchUsername = twitchUsername;
|
||||
}
|
||||
|
||||
@PrePersist
|
||||
@PreUpdate
|
||||
public void prepare() {
|
||||
if (this.id == null) {
|
||||
this.id = UUID.randomUUID().toString();
|
||||
}
|
||||
twitchUsername = twitchUsername.toLowerCase(Locale.ROOT);
|
||||
}
|
||||
|
||||
public String getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
|
||||
public String getTwitchUsername() {
|
||||
return twitchUsername;
|
||||
}
|
||||
|
||||
public void setTwitchUsername(String twitchUsername) {
|
||||
this.twitchUsername = twitchUsername;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
package dev.kruhlmann.imgfloat.repository;
|
||||
|
||||
import dev.kruhlmann.imgfloat.model.Settings;
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
|
||||
public interface SettingsRepository extends JpaRepository<Settings, Integer> {
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
package dev.kruhlmann.imgfloat.repository;
|
||||
|
||||
import dev.kruhlmann.imgfloat.model.SystemAdministrator;
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
|
||||
public interface SystemAdministratorRepository extends JpaRepository<SystemAdministrator, String> {
|
||||
boolean existsByTwitchUsername(String twitchUsername);
|
||||
long deleteByTwitchUsername(String twitchUsername);
|
||||
}
|
||||
@@ -0,0 +1,51 @@
|
||||
package dev.kruhlmann.imgfloat.service;
|
||||
|
||||
import dev.kruhlmann.imgfloat.model.Asset;
|
||||
import dev.kruhlmann.imgfloat.repository.AssetRepository;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.boot.context.event.ApplicationReadyEvent;
|
||||
import org.springframework.scheduling.annotation.Async;
|
||||
import org.springframework.context.event.EventListener;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
@Service
|
||||
public class AssetCleanupService {
|
||||
|
||||
private static final Logger logger =
|
||||
LoggerFactory.getLogger(AssetCleanupService.class);
|
||||
|
||||
private final AssetRepository assetRepository;
|
||||
private final AssetStorageService assetStorageService;
|
||||
|
||||
public AssetCleanupService(
|
||||
AssetRepository assetRepository,
|
||||
AssetStorageService assetStorageService
|
||||
) {
|
||||
this.assetRepository = assetRepository;
|
||||
this.assetStorageService = assetStorageService;
|
||||
}
|
||||
|
||||
@Async
|
||||
@EventListener(ApplicationReadyEvent.class)
|
||||
@Transactional(readOnly = true)
|
||||
public void cleanup() {
|
||||
logger.info("Collecting referenced assets");
|
||||
|
||||
Set<String> referencedIds = assetRepository.findAll()
|
||||
.stream()
|
||||
.map(Asset::getId)
|
||||
.collect(Collectors.toSet());
|
||||
|
||||
assetStorageService.deleteOrphanedAssets(referencedIds);
|
||||
}
|
||||
}
|
||||
@@ -12,6 +12,8 @@ import java.nio.file.*;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
@Service
|
||||
public class AssetStorageService {
|
||||
@@ -137,17 +139,36 @@ public class AssetStorageService {
|
||||
}
|
||||
}
|
||||
|
||||
public void deletePreviewFile(String relativePath) {
|
||||
if (relativePath == null || relativePath.isBlank()) return;
|
||||
public void deleteOrphanedAssets(Set<String> referencedAssetIds) {
|
||||
deleteOrphansUnder(assetRoot, referencedAssetIds);
|
||||
deleteOrphansUnder(previewRoot, referencedAssetIds);
|
||||
}
|
||||
|
||||
try {
|
||||
Path file = safeJoin(previewRoot, relativePath);
|
||||
Files.deleteIfExists(file);
|
||||
} catch (Exception e) {
|
||||
logger.warn("Failed to delete preview {}", relativePath, e);
|
||||
private void deleteOrphansUnder(Path root, Set<String> referencedAssetIds) {
|
||||
try (var paths = Files.walk(root)) {
|
||||
paths.filter(Files::isRegularFile)
|
||||
.filter(p -> isOrphan(p, referencedAssetIds))
|
||||
.forEach(p -> {
|
||||
try {
|
||||
Files.delete(p);
|
||||
logger.warn("Deleted orphan file {}", p);
|
||||
} catch (IOException e) {
|
||||
logger.error("Failed to delete {}", p, e);
|
||||
}
|
||||
});
|
||||
} catch (IOException e) {
|
||||
logger.error("Failed to walk {}", root, e);
|
||||
}
|
||||
}
|
||||
|
||||
private boolean isOrphan(Path file, Set<String> referencedAssetIds) {
|
||||
String name = file.getFileName().toString();
|
||||
int dot = name.indexOf('.');
|
||||
if (dot == -1) return true;
|
||||
String assetId = name.substring(0, dot);
|
||||
return !referencedAssetIds.contains(assetId);
|
||||
}
|
||||
|
||||
private String sanitizeUserSegment(String value) {
|
||||
if (value == null) throw new IllegalArgumentException("Broadcaster is null");
|
||||
|
||||
|
||||
@@ -0,0 +1,85 @@
|
||||
package dev.kruhlmann.imgfloat.service;
|
||||
|
||||
import dev.kruhlmann.imgfloat.model.OauthSessionUser;
|
||||
import dev.kruhlmann.imgfloat.service.ChannelDirectoryService;
|
||||
import dev.kruhlmann.imgfloat.service.SystemAdministratorService;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.web.server.ResponseStatusException;
|
||||
|
||||
import static org.springframework.http.HttpStatus.UNAUTHORIZED;
|
||||
import static org.springframework.http.HttpStatus.FORBIDDEN;
|
||||
import static org.springframework.http.HttpStatus.NOT_FOUND;
|
||||
|
||||
@Service
|
||||
public class AuthorizationService {
|
||||
private static final Logger LOG = LoggerFactory.getLogger(AuthorizationService.class);
|
||||
|
||||
private final ChannelDirectoryService channelDirectoryService;
|
||||
private final SystemAdministratorService systemAdministratorService;
|
||||
|
||||
public AuthorizationService(ChannelDirectoryService channelDirectoryService, SystemAdministratorService systemAdministratorService) {
|
||||
this.channelDirectoryService = channelDirectoryService;
|
||||
this.systemAdministratorService = systemAdministratorService;
|
||||
}
|
||||
|
||||
public void userMatchesSessionUsernameOrThrowHttpError(String submittedUsername, String sessionUsername) {
|
||||
if (sessionUsername == null) {
|
||||
LOG.warn("Access denied for broadcaster-only action by unauthenticated user");
|
||||
throw new ResponseStatusException(UNAUTHORIZED, "You must be logged in to manage your channel");
|
||||
}
|
||||
if (submittedUsername == null) {
|
||||
LOG.warn("User match with oauth token failed: submitted username is null for user {}", sessionUsername);
|
||||
throw new ResponseStatusException(NOT_FOUND, "You can only manage your own channel");
|
||||
}
|
||||
if (!sessionUsername.equals(submittedUsername)) {
|
||||
LOG.warn("User match with oauth token failed: session user {} does not match submitted user {}", sessionUsername, submittedUsername);
|
||||
throw new ResponseStatusException(FORBIDDEN, "You are not this user");
|
||||
}
|
||||
}
|
||||
|
||||
public void userIsBroadcasterOrChannelAdminForBroadcasterOrThrowHttpError(String broadcaster, String sessionUsername) {
|
||||
if (!userIsBroadcasterOrChannelAdminForBroadcaster(broadcaster, sessionUsername)) {
|
||||
LOG.warn("Access denied for broadcaster/admin-only action by user {} on broadcaster {}", sessionUsername, broadcaster);
|
||||
throw new ResponseStatusException(FORBIDDEN, "You do not have permission to manage this channel");
|
||||
}
|
||||
}
|
||||
|
||||
public void userIsSystemAdministratorOrThrowHttpError(String sessionUsername) {
|
||||
if (!userIsSystemAdministrator(sessionUsername)) {
|
||||
LOG.warn("Access denied for system administrator-only action by user {}", sessionUsername);
|
||||
throw new ResponseStatusException(FORBIDDEN, "You do not have permission to perform this action");
|
||||
}
|
||||
}
|
||||
|
||||
public boolean userIsBroadcaster(String a, String b) {
|
||||
if (a == null || b == null) {
|
||||
LOG.warn("Broadcaster check failed: one or both usernames are null (a: {}, b: {})", a, b);
|
||||
return false;
|
||||
}
|
||||
return a.equals(b);
|
||||
}
|
||||
|
||||
public boolean userIsChannelAdminForBroadcaster(String broadcaster, String sessionUsername) {
|
||||
if (sessionUsername == null || broadcaster == null) {
|
||||
LOG.warn("Channel admin check failed: broadcaster or session username is null (broadcaster: {}, sessionUsername: {})", broadcaster, sessionUsername);
|
||||
return false;
|
||||
}
|
||||
return channelDirectoryService.isAdmin(broadcaster, sessionUsername);
|
||||
}
|
||||
|
||||
public boolean userIsBroadcasterOrChannelAdminForBroadcaster(String broadcaster, String sessionUser) {
|
||||
return userIsBroadcaster(sessionUser, broadcaster) ||
|
||||
userIsChannelAdminForBroadcaster(sessionUser, broadcaster);
|
||||
}
|
||||
|
||||
public boolean userIsSystemAdministrator(String sessionUsername) {
|
||||
if (sessionUsername == null) {
|
||||
LOG.warn("System administrator check failed: session username is null");
|
||||
return false;
|
||||
}
|
||||
return systemAdministratorService.isSysadmin(sessionUsername);
|
||||
}
|
||||
}
|
||||
@@ -7,10 +7,12 @@ import dev.kruhlmann.imgfloat.model.Channel;
|
||||
import dev.kruhlmann.imgfloat.model.AssetView;
|
||||
import dev.kruhlmann.imgfloat.model.CanvasSettingsRequest;
|
||||
import dev.kruhlmann.imgfloat.model.PlaybackRequest;
|
||||
import dev.kruhlmann.imgfloat.model.Settings;
|
||||
import dev.kruhlmann.imgfloat.model.TransformRequest;
|
||||
import dev.kruhlmann.imgfloat.model.VisibilityRequest;
|
||||
import dev.kruhlmann.imgfloat.repository.AssetRepository;
|
||||
import dev.kruhlmann.imgfloat.repository.ChannelRepository;
|
||||
import dev.kruhlmann.imgfloat.service.SettingsService;
|
||||
import dev.kruhlmann.imgfloat.service.media.AssetContent;
|
||||
import dev.kruhlmann.imgfloat.service.media.MediaDetectionService;
|
||||
import dev.kruhlmann.imgfloat.service.media.MediaOptimizationService;
|
||||
@@ -43,30 +45,19 @@ public class ChannelDirectoryService {
|
||||
private final AssetStorageService assetStorageService;
|
||||
private final MediaDetectionService mediaDetectionService;
|
||||
private final MediaOptimizationService mediaOptimizationService;
|
||||
private final SettingsService settingsService;
|
||||
|
||||
@Autowired
|
||||
private long uploadLimitBytes;
|
||||
|
||||
private double maxSpeed;
|
||||
private double minAudioSpeed;
|
||||
private double maxAudioSpeed;
|
||||
private double minAudioPitch;
|
||||
private double maxAudioPitch;
|
||||
private double maxAudioVolume;
|
||||
|
||||
public ChannelDirectoryService(
|
||||
ChannelRepository channelRepository,
|
||||
AssetRepository assetRepository,
|
||||
SimpMessagingTemplate messagingTemplate,
|
||||
AssetStorageService assetStorageService,
|
||||
MediaDetectionService mediaDetectionService,
|
||||
MediaOptimizationService mediaOptimizationService,
|
||||
@Value("${IMGFLOAT_MAX_SPEED}") double maxSpeed,
|
||||
@Value("${IMGFLOAT_MIN_AUDIO_SPEED}") double minAudioSpeed,
|
||||
@Value("${IMGFLOAT_MAX_AUDIO_SPEED}") double maxAudioSpeed,
|
||||
@Value("${IMGFLOAT_MIN_AUDIO_PITCH}") double minAudioPitch,
|
||||
@Value("${IMGFLOAT_MAX_AUDIO_PITCH}") double maxAudioPitch,
|
||||
@Value("${IMGFLOAT_MAX_AUDIO_VOLUME}") double maxAudioVolume
|
||||
ChannelRepository channelRepository,
|
||||
AssetRepository assetRepository,
|
||||
SimpMessagingTemplate messagingTemplate,
|
||||
AssetStorageService assetStorageService,
|
||||
MediaDetectionService mediaDetectionService,
|
||||
MediaOptimizationService mediaOptimizationService,
|
||||
SettingsService settingsService
|
||||
) {
|
||||
this.channelRepository = channelRepository;
|
||||
this.assetRepository = assetRepository;
|
||||
@@ -74,12 +65,7 @@ public class ChannelDirectoryService {
|
||||
this.assetStorageService = assetStorageService;
|
||||
this.mediaDetectionService = mediaDetectionService;
|
||||
this.mediaOptimizationService = mediaOptimizationService;
|
||||
this.maxSpeed = maxSpeed;
|
||||
this.minAudioSpeed = minAudioSpeed;
|
||||
this.maxAudioSpeed = maxAudioSpeed;
|
||||
this.minAudioPitch = minAudioPitch;
|
||||
this.maxAudioPitch = maxAudioPitch;
|
||||
this.maxAudioVolume = maxAudioVolume;
|
||||
this.settingsService = settingsService;
|
||||
}
|
||||
|
||||
|
||||
@@ -255,20 +241,31 @@ public class ChannelDirectoryService {
|
||||
}
|
||||
|
||||
private void validateTransform(TransformRequest req) {
|
||||
if (req.getWidth() <= 0) throw new ResponseStatusException(BAD_REQUEST, "Width must be > 0");
|
||||
if (req.getHeight() <= 0) throw new ResponseStatusException(BAD_REQUEST, "Height must be > 0");
|
||||
if (req.getSpeed() != null && (req.getSpeed() < 0 || req.getSpeed() > maxSpeed))
|
||||
throw new ResponseStatusException(BAD_REQUEST, "Speed must be between 0 and " + maxSpeed);
|
||||
Settings settings = settingsService.get();
|
||||
double maxSpeed = settings.getMaxAssetPlaybackSpeedFraction();
|
||||
double minSpeed = settings.getMinAssetPlaybackSpeedFraction();
|
||||
double minPitch = settings.getMinAssetAudioPitchFraction();
|
||||
double maxPitch = settings.getMaxAssetAudioPitchFraction();
|
||||
double minVolume = settings.getMinAssetVolumeFraction();
|
||||
double maxVolume = settings.getMaxAssetVolumeFraction();
|
||||
int canvasMaxSizePixels = settings.getMaxCanvasSideLengthPixels();
|
||||
|
||||
if (req.getWidth() <= 0 || req.getWidth() > canvasMaxSizePixels)
|
||||
throw new ResponseStatusException(BAD_REQUEST, "Canvas width out of range [0 to " + canvasMaxSizePixels + "]");
|
||||
if (req.getHeight() <= 0)
|
||||
throw new ResponseStatusException(BAD_REQUEST, "Canvas height out of range [0 to " + canvasMaxSizePixels + "]");
|
||||
if (req.getSpeed() != null && (req.getSpeed() < minSpeed || req.getSpeed() > maxSpeed))
|
||||
throw new ResponseStatusException(BAD_REQUEST, "Speed out of range [" + minSpeed + " to " + maxSpeed + "]");
|
||||
if (req.getZIndex() != null && req.getZIndex() < 1)
|
||||
throw new ResponseStatusException(BAD_REQUEST, "zIndex must be >= 1");
|
||||
if (req.getAudioDelayMillis() != null && req.getAudioDelayMillis() < 0)
|
||||
throw new ResponseStatusException(BAD_REQUEST, "Audio delay >= 0");
|
||||
if (req.getAudioSpeed() != null && (req.getAudioSpeed() < minAudioSpeed || req.getAudioSpeed() > maxAudioSpeed))
|
||||
if (req.getAudioSpeed() != null && (req.getAudioSpeed() < minSpeed || req.getAudioSpeed() > maxSpeed))
|
||||
throw new ResponseStatusException(BAD_REQUEST, "Audio speed out of range");
|
||||
if (req.getAudioPitch() != null && (req.getAudioPitch() < minAudioPitch || req.getAudioPitch() > maxAudioPitch))
|
||||
if (req.getAudioPitch() != null && (req.getAudioPitch() < minPitch || req.getAudioPitch() > maxPitch))
|
||||
throw new ResponseStatusException(BAD_REQUEST, "Audio pitch out of range");
|
||||
if (req.getAudioVolume() != null && (req.getAudioVolume() < 0 || req.getAudioVolume() > maxAudioVolume))
|
||||
throw new ResponseStatusException(BAD_REQUEST, "Audio volume out of range");
|
||||
if (req.getAudioVolume() != null && (req.getAudioVolume() < minVolume || req.getAudioVolume() > maxVolume))
|
||||
throw new ResponseStatusException(BAD_REQUEST, "Audio volume out of range [" + minVolume + " to " + maxVolume + "]");
|
||||
}
|
||||
|
||||
public Optional<AssetView> triggerPlayback(String broadcaster, String assetId, PlaybackRequest req) {
|
||||
@@ -314,22 +311,12 @@ public class ChannelDirectoryService {
|
||||
return assetRepository.findById(assetId).flatMap(assetStorageService::loadAssetFileSafely);
|
||||
}
|
||||
|
||||
public Optional<AssetContent> getVisibleAssetContent(String assetId) {
|
||||
return assetRepository.findById(assetId)
|
||||
.filter(a -> !a.isHidden())
|
||||
.flatMap(assetStorageService::loadAssetFileSafely);
|
||||
}
|
||||
|
||||
public Optional<AssetContent> getAssetPreview(String assetId, boolean includeHidden) {
|
||||
return assetRepository.findById(assetId)
|
||||
.filter(a -> includeHidden || !a.isHidden())
|
||||
.flatMap(assetStorageService::loadPreviewSafely);
|
||||
}
|
||||
|
||||
public boolean isBroadcaster(String broadcaster, String username) {
|
||||
return broadcaster != null && broadcaster.equalsIgnoreCase(username);
|
||||
}
|
||||
|
||||
public boolean isAdmin(String broadcaster, String username) {
|
||||
return channelRepository.findById(normalize(broadcaster))
|
||||
.map(Channel::getAdmins)
|
||||
|
||||
@@ -0,0 +1,57 @@
|
||||
package dev.kruhlmann.imgfloat.service;
|
||||
|
||||
import dev.kruhlmann.imgfloat.model.Settings;
|
||||
import dev.kruhlmann.imgfloat.repository.SettingsRepository;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import jakarta.annotation.PostConstruct;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
@Service
|
||||
public class SettingsService {
|
||||
private static final Logger logger = LoggerFactory.getLogger(SettingsService.class);
|
||||
|
||||
private final SettingsRepository repo;
|
||||
private final ObjectMapper objectMapper;
|
||||
|
||||
public SettingsService(SettingsRepository repo, ObjectMapper objectMapper) {
|
||||
this.repo = repo;
|
||||
this.objectMapper = objectMapper;
|
||||
}
|
||||
|
||||
@PostConstruct
|
||||
public void initDefaults() {
|
||||
if (repo.existsById(1)) {
|
||||
return;
|
||||
}
|
||||
Settings s = Settings.defaults();
|
||||
logSettings("Initializing default settings", s);
|
||||
repo.save(s);
|
||||
}
|
||||
|
||||
public Settings get() {
|
||||
return repo.findById(1).orElseThrow();
|
||||
}
|
||||
|
||||
public Settings save(Settings settings) {
|
||||
settings.setId(1);
|
||||
logSettings("Saving settings", settings);
|
||||
return repo.save(settings);
|
||||
}
|
||||
|
||||
public void logSettings(String msg, Settings settings) {
|
||||
try {
|
||||
logger.info("{}:\n{}",
|
||||
msg,
|
||||
objectMapper
|
||||
.writerWithDefaultPrettyPrinter()
|
||||
.writeValueAsString(settings)
|
||||
);
|
||||
} catch (JsonProcessingException e) {
|
||||
logger.error("Failed to serialize settings", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,80 @@
|
||||
package dev.kruhlmann.imgfloat.service;
|
||||
|
||||
import dev.kruhlmann.imgfloat.model.SystemAdministrator;
|
||||
import dev.kruhlmann.imgfloat.repository.SystemAdministratorRepository;
|
||||
import jakarta.annotation.PostConstruct;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.Locale;
|
||||
|
||||
@Service
|
||||
public class SystemAdministratorService {
|
||||
|
||||
private static final Logger logger =
|
||||
LoggerFactory.getLogger(SystemAdministratorService.class);
|
||||
|
||||
private final SystemAdministratorRepository repo;
|
||||
private final String initialSysadmin;
|
||||
|
||||
public SystemAdministratorService(
|
||||
SystemAdministratorRepository repo,
|
||||
@Value("${IMGFLOAT_INITIAL_TWITCH_USERNAME_SYSADMIN:#{null}}")
|
||||
String initialSysadmin
|
||||
) {
|
||||
this.repo = repo;
|
||||
this.initialSysadmin = initialSysadmin;
|
||||
}
|
||||
|
||||
@PostConstruct
|
||||
public void initDefaults() {
|
||||
if (repo.count() > 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (initialSysadmin == null || initialSysadmin.isBlank()) {
|
||||
throw new IllegalStateException(
|
||||
"No system administrators exist and IMGFLOAT_INITIAL_TWITCH_USERNAME_SYSADMIN is not set"
|
||||
);
|
||||
}
|
||||
|
||||
addSysadmin(initialSysadmin);
|
||||
logger.info("Created initial system administrator '{}'", initialSysadmin);
|
||||
}
|
||||
|
||||
public void addSysadmin(String twitchUsername) {
|
||||
String normalized = normalize(twitchUsername);
|
||||
|
||||
if (repo.existsByTwitchUsername(normalized)) {
|
||||
return;
|
||||
}
|
||||
|
||||
repo.save(new SystemAdministrator(normalized));
|
||||
}
|
||||
|
||||
public void removeSysadmin(String twitchUsername) {
|
||||
if (repo.count() <= 1) {
|
||||
throw new IllegalStateException(
|
||||
"Cannot remove the last system administrator"
|
||||
);
|
||||
}
|
||||
|
||||
long deleted = repo.deleteByTwitchUsername(normalize(twitchUsername));
|
||||
|
||||
if (deleted == 0) {
|
||||
throw new IllegalArgumentException(
|
||||
"System administrator does not exist"
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
public boolean isSysadmin(String twitchUsername) {
|
||||
return repo.existsByTwitchUsername(normalize(twitchUsername));
|
||||
}
|
||||
|
||||
private String normalize(String username) {
|
||||
return username.trim().toLowerCase(Locale.ROOT);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user