stash
stash copied to clipboard
stashapp
[Feature] Serve adult website
I would like to serve all content tagged Non Copyrighted as a public website where users would be limited to only browse, and view the content without the option to modify anything. Related to Account system #12 and [Feature] Multiple Users with Permissions #2337
With federation and an option to search on all instances instead of only the current one.
Optionally add subscription, and limit resource intensive features for non subscriptors, like only being able to search and download a few times a day. Optionally require uploads, to be able to download like spankbang. Uploads would need to be approved before showing them. Related to Scene upload from UI #13
Optionally show metadata for all content not tagged Non Copyrighted. So content tagged Non Copyrighted would allow watching the actual content and the content not tagged Non Copyrighted would only allow seeing the metadata like stash-box.
Optionally I would like users to be able to curate the content like in stash-box. Waiting for moderation approval on deletes, merges etc. Allowing the admin to choose moderators.
I'd suggest you use Stashbox instead of trying to add these features to Stash.
Adding links/video to Stashbox would be trivial, compared to add the user stuff to Stash.
Don't use a hammer when you want a screwdriver.
IMO...I don't think Stash instances (or the folks hosting them on their personal machines) are nearly mature enough for it to be exposed to the public world and I think this opens folks up to a lot of security risk that they may not have been ready for/expecting.
https://github.com/stashapp/stash/issues/2792#issuecomment-1201306801
I'd suggest you use Stashbox instead of trying to add these features to Stash.
Adding links/video to Stashbox would be trivial, compared to add the user stuff to Stash.
Don't use a hammer when you want a screwdriver.
Maybe you mean that you suggest I use stash-box in combination with stash. That would make sense, but using stash-box alone doesn't.
Between the two, stash is the only one that can already be used to serve content. Implementing a video player, markers, advanced search, etc isn't trivial and would be far more elaborate than to "add the user stuff to Stash".
IMO...I don't think Stash instances (or the folks hosting them on their personal machines) are nearly mature enough for it to be exposed to the public world and I think this opens folks up to a lot of security risk that they may not have been ready for/expecting.
As long as there was at least one public stash instance the number of people using stash would be far greater than it is right now and all issues would probably be solved faster.
Besides, hacks usually happen because server maintainers don't upgrade the software after a security vulnerability is noticed and fixed, not because the software "isn't mature enough".
Rather than a public website which requires a lot of complex setup, it would be nice if Stash nodes could connect to each other via some kind of P2P, and share content metadata along with its hash ID, such as magnet links or ed2k links. And then Stash should forward this links to external download client. Much more robust and convenient!
While stashDB won't collect those urls, you could certainly setup a Stashbox instance that collected links like that... Stash itself needs multiple urls support but if that's added, the rest would be easy. Feel free to make a stashbox if that floats your boat. I'll repeat: screwdriver or hammer...
YurikaL Rather than a public website which requires a lot of complex setup, it would be nice if Stash nodes could connect to each other via some kind of P2P, and share content metadata along with its hash ID, such as magnet links or ed2k links. And then Stash should forward this links to external download client. Much more robust and convenient!
I don't see the use in that. If you want to share content you can just use nicotine or fopnu independently of whether or not stash nodes share metadata, which I don't think is a good idea anyways since we already have stash-box for that.
Anyways, if you want that, you should create a different issue, instead of mentioning it on this issue.
IMO...I don't think Stash instances (or the folks hosting them on their personal machines) are nearly mature enough for it to be exposed to the public world and I think this opens folks up to a lot of security risk that they may not have been ready for/expecting.
As long as there was at least one public stash instance the number of people using stash would be far greater than it is right now and all issues would probably be solved faster.
Besides, hacks usually happen because server maintainers don't upgrade the software after a security vulnerability is noticed and fixed, not because the software "isn't mature enough".
Nah man...putting my security hat on for a second, I'm going to have to completely disagree with you here. When I say "this project isn't mature enough yet to have average users expose their servers to the public web" I mean we have no HTTPS support, we have no IP address logging, our update process is entirely voluntary with no education to the user on when updates have occurred (compromising our ability to fix vulnerabilities even if they are patched), we have no multi user support, we have no 2FA support, we have no support for mitigating abusive behaviors (brute force attacks, etc) and I have no idea how much work we've put in towards sanitizing inputs, URLs, forms, etc to avoid malicious behavior.
This isn't intended to disparage the great work our dev team has put in, but trying to learn from the issues other media platforms like Plex have battled through, I very much want to avoid a scenario where compromised machines running Stash now become part of some massive botnet used for DDOS or something.
Optionally show metadata for all content not tagged Non Copyrighted. So content tagged Non Copyrighted would allow watching the actual content and the content not tagged Non Copyrighted would only allow seeing the metadata like stash-box.
This isn't how copyright works though-- as soon as the media is created, the creator of that media becomes the copyright holder. Yeah there's more to it in terms of registering the copyright in order to sue someone on it, but "non copyrighted" isn't a thing.
we have no HTTPS support, we have no IP address logging, our update process is entirely voluntary with no education to the user on when updates have occurred (compromising our ability to fix vulnerabilities even if they are patched), we have no multi user support, we have no 2FA support, we have no support for mitigating abusive behaviors (brute force attacks, etc) and I have no idea how much work we've put in towards sanitizing inputs, URLs, forms, etc to avoid malicious behavior.
I don't see your point. That seems like a list of tasks to complete if this issue were to be implemented.
This isn't how copyright works though-- as soon as the media is created, the creator of that media becomes the copyright holder. Yeah there's more to it in terms of registering the copyright in order to sue someone on it, but "non copyrighted" isn't a thing.
That's irrelevant. The main purpose of this issue is for content creators to host their own website, instead of relying on centralized services like manyvids. The tag could be Non Copyrighted as it could be Mine or whatever.
Asking for Stash to add these is way off from Stash development needs. You want to turn this from a screwdriver into a hammer. I suggested Stashbox is a closer fit to a public website, and you dismissed that. It's unlikely your issue will see any development effort given the things that actually need to happen to solve current issues that are about being a screwdriver.
I don't see your point. That seems like a list of tasks to complete if this issue were to be implemented.
My point goes back to my initial comment. You mentioned hacking is usually a result of devs not keeping up with projects and I disagreed for the reasons I brought up. I just don't think Stash, in its current state, is mature enough of a platform for your request given (at a minimum) the poor man's non-exhaustive list of security concerns that I mentioned.
That's irrelevant. The main purpose of this issue is for content creators to host their own website, instead of relying on centralized services like manyvids. The tag could be
Non Copyrightedas it could beMineor whatever.
Maybe I'm in the minority and totally off base, but that main purpose as you're describing it here isn't what I gathered from your initial request (which sounded more like Plex shares tbh)
I mean...thinking out loud here, if I'm hosting Stash at home for the content that I've created, what benefit does that have for me over making use of a platform like ManyVids? Users can't pay me for the content directly like they can on ManyVids, I'm going to reach bandwidth and hardware limitations pretty quick if I start getting a fair amount of traffic (things I don't have to worry about on MV), I'll have to do extensive marketing outside of Stash comparatively as there's no inherent traffic, no form of DRM (even basic UDP stream stuff) for my content, all the security issues I mentioned earlier, and lastly, Stash just isn't really designed for the use case you're inferring here. On a list of platforms I'd use for that use case Stash isn't even on the board for this for me.
It might serve you well to chunk up more of this request into their own separate issues as well, there's a lot of material you're requesting in one go here
It might serve you well to chunk up more of this request into their own separate issues as well, there's a lot of material you're requesting in one go here
Please don't even encourage this. None of this request is actually worth considering. Stashbox does some of this out of the box, and adding video to Stashbox is a trivial task, relatively. You have easy theming and access to video url links, so a player is easy to add with those two things at hand. I'm looking at doing this, for other reasons.
Asking for Stash to add these is way off from Stash development needs. You want to turn this from a screwdriver into a hammer. I suggested Stashbox is a closer fit to a public website, and you dismissed that. It's unlikely your issue will see any development effort given the things that actually need to happen to solve current issues that are about being a screwdriver.
Please stop already with the screwdriver and hammer. Go and troll some other issue. You aren't contributing here.
I just don't think Stash, in its current state, is mature enough of a platform for your request
So we can't consider any future applications for Stash? Is that your point?
we have no HTTPS support, we have no IP address logging, our update process is entirely voluntary with no education to the user on when updates have occurred (compromising our ability to fix vulnerabilities even if they are patched), we have no multi user support, we have no 2FA support, we have no support for mitigating abusive behaviors (brute force attacks, etc) and I have no idea how much work we've put in towards sanitizing inputs, URLs, forms, etc to avoid malicious behavior.
I don't see your point. That seems like a list of tasks to complete if this issue were to be implemented.
But that's not the goal of Stash and implementing it would require a lot of time dev time instead of focusing on features that are in line with what Stash is. It's an open source project, fork it and work on it or hire a developer to assist you if that's something you want.
This isn't how copyright works though-- as soon as the media is created, the creator of that media becomes the copyright holder. Yeah there's more to it in terms of registering the copyright in order to sue someone on it, but "non copyrighted" isn't a thing.
That's irrelevant. The main purpose of this issue is for content creators to host their own website, instead of relying on centralized services like manyvids. The tag could be
Non Copyrightedas it could beMineor whatever.
There are a bunch of decentralized sites already. Nobody is using them. The most popular I think is https://wetspace.com
It is not only about the amount of work and effort. You would also put yourself in serious risk. With the amount of issues a public stash would face (security, performance, content protection, …), it is far more reasonable to start your own project. Build a frontend with a framework of your choice and feed it with stash metadata. There are tons of frameworks out there allowing easy implementation of your feature list in a proper and secure way and with more developers behind than stash will ever have.
I would still see a lot of use in this. I want to share some content I have with a limited amount of other people and I'm writing my own app because Stash doesn't support this.
I don't think anyone's arguing the utility of the request, it's everything else I and others have mentioned. I mean tbh, if you really needed to be able to share your Stash today, you can have it it just comes with some caveats as well as the potential security exposure I brought up.
Hey worst case...if you're already considering writing your own app, you might as well fork Stash to do what you need it to.
For the case of Stash, all I'd need is to have non-admin accounts that can view content but not modify their metadata or edit settings. It would be nice if there was more granular access control (ie. block/allow access to certain videos/actors/sites) but just having multi-user support would be a great first step.
I think the original intent of this issue was to have the same but without login (ie. make non-authenticated users able to view content without being able to modify), and that should tie in to this pretty nicely.