cobalt/src/modules/stream/manage.js

import NodeCache from "node-cache";
import { randomBytes } from "crypto";
import { nanoid } from 'nanoid';

import { decryptStream, encryptStream, generateHmac } from "../sub/crypto.js";
import { streamLifespan } from "../config.js";

const streamNoAccess = {
    error: "i couldn't verify if you have access to this stream. go back and try again!",
    status: 401
}
const streamNoExist = {
    error: "this download link has expired or doesn't exist. go back and try again!",
    status: 400
}

const streamCache = new NodeCache({
    stdTTL: streamLifespan/1000,
    checkperiod: 10,
    deleteOnExpire: true
})

streamCache.on("expired", (key) => {
    streamCache.del(key);
})

const hmacSalt = randomBytes(64).toString('hex');

export function createStream(obj) {
    const streamID = nanoid(),
        iv = randomBytes(16).toString('base64url'),
        secret = randomBytes(32).toString('base64url'),
        exp = new Date().getTime() + streamLifespan,
        hmac = generateHmac(`${streamID},${exp},${iv},${secret}`, hmacSalt),
        streamData = {
            exp: exp,
            type: obj.type,
            urls: obj.u,
            service: obj.service,
            filename: obj.filename,
            audioFormat: obj.audioFormat,
            isAudioOnly: !!obj.isAudioOnly,
            copy: !!obj.copy,
            mute: !!obj.mute,
            metadata: obj.fileMetadata || false
        };

    streamCache.set(
        streamID,
        encryptStream(streamData, iv, secret)
    )

    let streamLink = new URL('/api/stream', process.env.API_URL);

    const params = {
        't': streamID,
        'e': exp,
        'h': hmac,
        's': secret,
        'i': iv
    }

    for (const [key, value] of Object.entries(params)) {
        streamLink.searchParams.append(key, value);
    }

    return streamLink.toString();
}

export function verifyStream(id, hmac, exp, secret, iv) {
    try {
        const ghmac = generateHmac(`${id},${exp},${iv},${secret}`, hmacSalt);
        const cache = streamCache.get(id.toString());

        if (ghmac !== String(hmac)) return streamNoAccess;
        if (!cache) return streamNoExist;

        const streamInfo = JSON.parse(decryptStream(cache, iv, secret));

        if (!streamInfo) return streamNoExist;

        if (Number(exp) <= new Date().getTime())
            return streamNoExist;

        return streamInfo;
    }
    catch (e) {
        return {
            error: "something went wrong and i couldn't verify this stream. go back and try again!",
            status: 500
        }
    }
}
moved to new repo 2022-07-08 19:17:56 +01:00			`import NodeCache from "node-cache";`
5.4.7: added support for ancient vk videos & salt improvements - now you can download 240p hardbass videos from 2008! - implemented updated stream salt and ip salt properly 2023-04-29 16:30:59 +01:00			`import { randomBytes } from "crypto";`
5.3.2: link sharing and nanoid - you can now share video links directly from cobalt! - cobalt is now using nanoid for stream ids instead of giant sha256 hashes - one more fix to address the copy animation, this time on pc 2023-04-08 17:55:44 +01:00			`import { nanoid } from 'nanoid';`
moved to new repo 2022-07-08 19:17:56 +01:00
crypto: rename sha256 func to generateHmac it has always been actually hmac 2024-03-05 14:55:17 +00:00			`import { decryptStream, encryptStream, generateHmac } from "../sub/crypto.js";`
moved to new repo 2022-07-08 19:17:56 +01:00			`import { streamLifespan } from "../config.js";`

stream/manage: fix and clean up verifyStream function - no longer throws an incorrect type of error - checks whether cache exists before attempting to decrypt it 2024-03-22 16:43:56 +00:00			`const streamNoAccess = {`
			`error: "i couldn't verify if you have access to this stream. go back and try again!",`
			`status: 401`
			`}`
			`const streamNoExist = {`
			`error: "this download link has expired or doesn't exist. go back and try again!",`
			`status: 400`
			`}`

twitter: remux all videos - increased stream link lifespan to 90 seconds - decreased max video duration back to 3 hours 2023-12-02 14:44:19 +00:00			`const streamCache = new NodeCache({`
			`stdTTL: streamLifespan/1000,`
			`checkperiod: 10,`
			`deleteOnExpire: true`
			`})`
moved to new repo 2022-07-08 19:17:56 +01:00
4.7 fixes #63, #67, #68, and #71, among other issues 2023-01-13 18:34:48 +00:00			`streamCache.on("expired", (key) => {`
			`streamCache.del(key);`
twitter: remux all videos - increased stream link lifespan to 90 seconds - decreased max video duration back to 3 hours 2023-12-02 14:44:19 +00:00			`})`

stream: encrypt cached stream data & clean up related modules also limited CORS methods to GET and POST 2024-03-05 12:14:26 +00:00			`const hmacSalt = randomBytes(64).toString('hex');`
4.7 fixes #63, #67, #68, and #71, among other issues 2023-01-13 18:34:48 +00:00
moved to new repo 2022-07-08 19:17:56 +01:00			`export function createStream(obj) {`
stream: encrypt cached stream data & clean up related modules also limited CORS methods to GET and POST 2024-03-05 12:14:26 +00:00			`const streamID = nanoid(),`
stream/manage: replace base64 with base64url 2024-03-05 15:15:13 +00:00			`iv = randomBytes(16).toString('base64url'),`
crypto: use secret directly instead of deriving key 2024-03-05 16:49:00 +00:00			`secret = randomBytes(32).toString('base64url'),`
stream/manage: remove unnecessary Math.floor for timestamp from prehistoric times 2024-03-05 14:41:08 +00:00			`exp = new Date().getTime() + streamLifespan,`
crypto: rename sha256 func to generateHmac it has always been actually hmac 2024-03-05 14:55:17 +00:00			hmac = generateHmac(`${streamID},${exp},${iv},${secret}`, hmacSalt),
stream: encrypt cached stream data & clean up related modules also limited CORS methods to GET and POST 2024-03-05 12:14:26 +00:00			`streamData = {`
createStream: removed an outdated variable 2024-03-05 14:45:54 +00:00			`exp: exp,`
4.7 fixes #63, #67, #68, and #71, among other issues 2023-01-13 18:34:48 +00:00			`type: obj.type,`
			`urls: obj.u,`
createStream: removed an outdated variable 2024-03-05 14:45:54 +00:00			`service: obj.service,`
4.7 fixes #63, #67, #68, and #71, among other issues 2023-01-13 18:34:48 +00:00			`filename: obj.filename,`
			`audioFormat: obj.audioFormat,`
stream: encrypt cached stream data & clean up related modules also limited CORS methods to GET and POST 2024-03-05 12:14:26 +00:00			`isAudioOnly: !!obj.isAudioOnly,`
4.7 fixes #63, #67, #68, and #71, among other issues 2023-01-13 18:34:48 +00:00			`copy: !!obj.copy,`
			`mute: !!obj.mute,`
stream: encrypt cached stream data & clean up related modules also limited CORS methods to GET and POST 2024-03-05 12:14:26 +00:00			`metadata: obj.fileMetadata \|\| false`
			`};`

			`streamCache.set(`
			`streamID,`
			`encryptStream(streamData, iv, secret)`
			`)`

Merge branch '7.11' into encrypt-stream Signed-off-by: jj <log@riseup.net> 2024-03-05 16:58:37 +00:00			`let streamLink = new URL('/api/stream', process.env.API_URL);`
stream: encrypt cached stream data & clean up related modules also limited CORS methods to GET and POST 2024-03-05 12:14:26 +00:00
			`const params = {`
			`'t': streamID,`
			`'e': exp,`
			`'h': hmac,`
			`'s': secret,`
			`'i': iv`
4.7 fixes #63, #67, #68, and #71, among other issues 2023-01-13 18:34:48 +00:00			`}`
stream: encrypt cached stream data & clean up related modules also limited CORS methods to GET and POST 2024-03-05 12:14:26 +00:00
			`for (const [key, value] of Object.entries(params)) {`
			`streamLink.searchParams.append(key, value);`
			`}`

			`return streamLink.toString();`
moved to new repo 2022-07-08 19:17:56 +01:00			`}`

stream: encrypt cached stream data & clean up related modules also limited CORS methods to GET and POST 2024-03-05 12:14:26 +00:00			`export function verifyStream(id, hmac, exp, secret, iv) {`
moved to new repo 2022-07-08 19:17:56 +01:00			`try {`
crypto: rename sha256 func to generateHmac it has always been actually hmac 2024-03-05 14:55:17 +00:00			const ghmac = generateHmac(`${id},${exp},${iv},${secret}`, hmacSalt);
stream/manage: fix and clean up verifyStream function - no longer throws an incorrect type of error - checks whether cache exists before attempting to decrypt it 2024-03-22 16:43:56 +00:00			`const cache = streamCache.get(id.toString());`
stream: encrypt cached stream data & clean up related modules also limited CORS methods to GET and POST 2024-03-05 12:14:26 +00:00
stream/manage: fix and clean up verifyStream function - no longer throws an incorrect type of error - checks whether cache exists before attempting to decrypt it 2024-03-22 16:43:56 +00:00			`if (ghmac !== String(hmac)) return streamNoAccess;`
			`if (!cache) return streamNoExist;`
stream: encrypt cached stream data & clean up related modules also limited CORS methods to GET and POST 2024-03-05 12:14:26 +00:00
stream/manage: fix and clean up verifyStream function - no longer throws an incorrect type of error - checks whether cache exists before attempting to decrypt it 2024-03-22 16:43:56 +00:00			`const streamInfo = JSON.parse(decryptStream(cache, iv, secret));`
6.2: no more ip verification - removed ip verification and updated privacy policy to reflect this change. - streamable links now last for 20 seconds instead of 2 minutes. - cleaned up stream verification algorithm. now the same function isn't run 4 times in a row. - removed deprecated way of hosting a cobalt instance. 2023-06-27 14:56:15 +01:00
stream/manage: fix and clean up verifyStream function - no longer throws an incorrect type of error - checks whether cache exists before attempting to decrypt it 2024-03-22 16:43:56 +00:00			`if (!streamInfo) return streamNoExist;`

			`if (Number(exp) <= new Date().getTime())`
			`return streamNoExist;`

			`return streamInfo;`
			`}`
			`catch (e) {`
twitter: remux all videos - increased stream link lifespan to 90 seconds - decreased max video duration back to 3 hours 2023-12-02 14:44:19 +00:00			`return {`
stream/manage: fix and clean up verifyStream function - no longer throws an incorrect type of error - checks whether cache exists before attempting to decrypt it 2024-03-22 16:43:56 +00:00			`error: "something went wrong and i couldn't verify this stream. go back and try again!",`
			`status: 500`
twitter: remux all videos - increased stream link lifespan to 90 seconds - decreased max video duration back to 3 hours 2023-12-02 14:44:19 +00:00			`}`
moved to new repo 2022-07-08 19:17:56 +01:00			`}`
basically new readme and more languages - indonesian localization by @LyfeV - rewrote readme - added new line at the end for files that were missing it 2022-08-01 16:48:37 +01:00			`}`