tv icon indicating copy to clipboard operation
tv copied to clipboard
verified publisher icon algora-io

feat(security): implement stream key authentication

Open onyedikachi-david opened this issue 1 year ago • 2 comments

/claim #41 Fixes: #41

onyedikachi-david avatar Aug 16 '24 16:08 onyedikachi-david

Thanks for the PR. Once it's done can you share a short demo of the feature?

I’ve been trying to run the setup locally using a modified Docker files and seeds.exs. However, I encountered an issue: I can't access the channel/settings endpoint because I need to be authenticated to see the settings. Could you please share your local development setup?

Here’s what I’ve tried:

docker-compose.yml ```yml services: db: image: postgres:13 environment: POSTGRES_USER: dev_user POSTGRES_PASSWORD: dev_password POSTGRES_DB: dev_db ports: - "5432:5432" volumes: - postgres_data:/var/lib/postgresql/data

app: build: context: . dockerfile: Dockerfile environment: MIX_ENV: dev DATABASE_URL: "postgres://dev_user:dev_password@db:5432/dev_db" SEED_DB: "true" # Set this to "true" to run seeds ports: - "4000:4000" depends_on: - db command: ["phx.server"] volumes: - .:/app - deps:/app/deps - _build:/app/_build

volumes: postgres_data: deps: _build:

</details>
<details>
<summary><strong>Dockerfile</strong></summary>

```yml
# Base images
ARG BUILDER_IMAGE="hexpm/elixir:1.15.7-erlang-26.2-debian-bookworm-20231009-slim"
ARG RUNNER_IMAGE="hexpm/elixir:1.15.7-erlang-26.2-debian-bookworm-20231009-slim"

FROM ${BUILDER_IMAGE} as builder

# Install build dependencies
RUN apt-get update -y && \
    apt-get install -y build-essential git curl postgresql-client && \
    apt-get clean && \
    rm -f /var/lib/apt/lists/*_*

# Prepare build dir
WORKDIR /app

# Install hex + rebar
RUN mix local.hex --force && \
    mix local.rebar --force

# Set build ENV to development
ENV MIX_ENV="dev"

# Install mix dependencies
COPY mix.exs mix.lock ./
RUN mix deps.get --only $MIX_ENV
RUN mkdir config

# Copy compile-time config files
COPY config/config.exs config/${MIX_ENV}.exs config/
RUN mix deps.compile

COPY priv priv

# Compile the release
COPY lib lib

COPY assets assets
RUN mix assets.deploy
RUN mix compile

# Copy runtime config
COPY config/runtime.exs config/
COPY rel rel

# Don't run mix release for dev
# RUN mix release

FROM ${RUNNER_IMAGE}

# Install runtime dependencies
RUN apt-get update -y && \
    apt-get install -y libstdc++6 openssl libncurses5 locales ffmpeg imagemagick postgresql-client inotify-tools && \
    apt-get clean && \
    rm -f /var/lib/apt/lists/*_*

WORKDIR /app

# Copy the built artifact from the builder stage
COPY --from=builder /app /app
COPY --from=builder /root/.mix /root/.mix

# Install hex and rebar
RUN mix local.hex --force && \
    mix local.rebar --force

# Add this near the end of the file
COPY entrypoint.sh /app/
RUN chmod +x /app/entrypoint.sh

# Change the ENTRYPOINT to use shell form
ENTRYPOINT ["/bin/bash", "/app/entrypoint.sh"]
CMD ["phx.server"]
seeds.exs 
alias Algora.Library.Video
alias Algora.Repo
# Script for populating the database. You can run it as:
#
#     mix run priv/repo/seeds.exs
#
# Inside the script, you can read and write to any of your
# repositories directly:
#
#     Algora.Repo.insert!(%Algora.SomeSchema{})

# Uncomment and modify as needed

# Then modify your insert statement:

# At the top of your seeds.exs file:
# alias Algora.Library.Video
# alias Algora.Repo

for i <- 1..200 do
  type = if rem(i, 2) == 0, do: :vod, else: :livestream
  format = if type == :vod, do: :mp4, else: :hls

  video_attrs = %{
    title: "Sample #{if type == :vod, do: "Video", else: "Livestream"} #{i}",
    description: "This is a sample #{if type == :vod, do: "video", else: "livestream"} description.",
    type: type,
    format: format,
    is_live: type == :livestream,
    visibility: :public,
    duration: :rand.uniform(3600)  # Random duration up to 1 hour (3600 seconds)
  }

  changeset =
    %Video{}
    |> Video.changeset(video_attrs)
    |> Video.put_video_url(format)

  # Manually set fields that might not be included in the changeset
  changeset = Ecto.Changeset.force_change(changeset, :type, type)
  changeset = Ecto.Changeset.force_change(changeset, :format, format)

  case Repo.insert(changeset) do
    {:ok, video} ->
      IO.puts("Created video: #{video.id} - #{video.title}")
    {:error, changeset} ->
      IO.puts("Failed to create video:")
      IO.inspect(changeset.errors)
  end
end

Here’s the screenshot of the current state of the app:

image

Log output showing the Docker run success:

Log output 
app-1  | Created video: 392 - Sample Video 188
app-1  | Created video: 393 - Sample Livestream 189
app-1  | Created video: 394 - Sample Video 190
app-1  | Created video: 395 - Sample Livestream 191
app-1  | Created video: 396 - Sample Video 192
app-1  | Created video: 397 - Sample Livestream 193
app-1  | Created video: 398 - Sample Video 194
app-1  | Created video: 399 - Sample Livestream 195
app-1  | Created video: 400 - Sample Video 196
app-1  | Created video: 401 - Sample Livestream 197
app-1  | Created video: 402 - Sample Video 198
app-1  | Created video: 403 - Sample Livestream 199
app-1  | Created video: 404 - Sample Video 200
app-1  | Starting Phoenix app...
app-1  | WARNING: All log messages before absl::InitializeLog() is called are written to STDERR
app-1  | I0000 00:00:1723949312.094452     146 tfrt_cpu_pjrt_client.cc:349] TfrtCpuClient created.
app-1  | [info] Detected running on primary. No local replication to track.
app-1  | [info] Running AlgoraWeb.Endpoint with cowboy 2.10.0 at 0.0.0.0:4000 (http)
app-1  | [info] Access AlgoraWeb.Endpoint at http://localhost:4000
app-1  | [info] Running AlgoraWeb.Embed.Endpoint with cowboy 2.10.0 at 0.0.0.0:4001 (http)
app-1  | [info] Access AlgoraWeb.Embed.Endpoint at http://localhost:4001
app-1  | [watch] build finished, watching for changes...
app-1  | 
app-1  | Rebuilding...
app-1  | 
app-1  | Done in 15731ms.

onyedikachi-david avatar Aug 18 '24 03:08 onyedikachi-david

Hey David, the only way to authenticate right now is to create a GitHub OAuth app (takes less than a minute) with

Homepage URL: http://localhost:4000 Authorization callback URL: http://localhost:4000/oauth/callbacks/github

and then set GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET to your app's values inside your .env file

zcesur avatar Aug 18 '24 14:08 zcesur

Should I create a pull request for the dev setup i used for run locally? It was really difficult to come up with a local dev setup. Skill issue though :) @zcesur. I also will be closing this pull request; I'm creating another.

onyedikachi-david avatar Aug 24 '24 15:08 onyedikachi-david

Sounds good. Was there anything in particular that gave you trouble? Are you running a docker based setup now or a bare mix based one? Feel free to submit your setup, would love to make it easier to contribute!

zcesur avatar Aug 26 '24 16:08 zcesur

Sounds good. Was there anything in particular that gave you trouble? Are you running a docker based setup now or a bare mix based one? Feel free to submit your setup, would love to make it easier to contribute!

A docker based set-up. I'm thinking of making it a devcontainer...

onyedikachi-david avatar Aug 26 '24 16:08 onyedikachi-david

I can't remember all the errors I had then.

onyedikachi-david avatar Aug 26 '24 16:08 onyedikachi-david