MovieNight/settings.go

package main

import (
	"crypto/rand"
	"encoding/json"
	"fmt"
	"io/ioutil"
	"math/big"
	"net/http"
	"strings"
	"sync"
	"time"

	"github.com/gorilla/sessions"
)

var settings *Settings
var settingsMtx sync.Mutex
var sstore *sessions.CookieStore

type Settings struct {
	// Non-Saved settings
	filename   string
	cmdLineKey string // stream key from the command line

	// Saved settings
	StreamStats     bool
	MaxMessageCount int
	TitleLength     int // maximum length of the title that can be set with the /playing
	AdminPassword   string
	Bans            []BanInfo
	StreamKey       string
	ListenAddress   string
	SessionKey      string // key for session data
	RoomAccess      AccessMode
	RoomAccessPin   string // auto generate this,
}

type AccessMode string

const (
	AccessOpen    AccessMode = "open"
	AccessPin     AccessMode = "pin"
	AccessRequest AccessMode = "request"
)

type BanInfo struct {
	IP    string
	Names []string
	When  time.Time
}

func init() {
	var err error
	settings, err = LoadSettings("settings.json")
	if err != nil {
		panic("Unable to load settings: " + err.Error())
	}
	if len(settings.StreamKey) == 0 {
		panic("Missing stream key is settings.json")
	}

	if settings.TitleLength <= 0 {
		settings.TitleLength = 50
	}

	// Is this a good way to do this? Probably not...
	if len(settings.SessionKey) == 0 {
		out := ""
		large := big.NewInt(int64(1 << 60))
		large = large.Add(large, large)
		for len(out) < 50 {
			num, err := rand.Int(rand.Reader, large)
			if err != nil {
				panic("Error generating session key: " + err.Error())
			}
			out = fmt.Sprintf("%s%X", out, num)
		}
		settings.SessionKey = out
	}

	if len(settings.RoomAccess) == 0 {
		settings.RoomAccess = AccessOpen
	}

	if settings.RoomAccess != AccessOpen && len(settings.RoomAccessPin) == 0 {
		settings.RoomAccessPin = "1234"
	}

	sstore = sessions.NewCookieStore([]byte(settings.SessionKey))
	sstore.Options = &sessions.Options{
		Path:     "/",
		MaxAge:   60 * 60 * 24, // one day
		SameSite: http.SameSiteStrictMode,
	}

	// Save admin password to file
	if err = settings.Save(); err != nil {
		panic("Unable to save settings: " + err.Error())
	}
}

func LoadSettings(filename string) (*Settings, error) {
	raw, err := ioutil.ReadFile(filename)
	if err != nil {
		return nil, fmt.Errorf("error reading file: %s", err)
	}

	var s *Settings
	err = json.Unmarshal(raw, &s)
	if err != nil {
		return nil, fmt.Errorf("error unmarshaling: %s", err)
	}
	s.filename = filename

	// have a default of 200
	if s.MaxMessageCount == 0 {
		s.MaxMessageCount = 300
	} else if s.MaxMessageCount < 0 {
		return s, fmt.Errorf("value for MaxMessageCount must be greater than 0, given %d", s.MaxMessageCount)
	}

	s.AdminPassword, err = generatePass(time.Now().Unix())
	if err != nil {
		return nil, fmt.Errorf("unable to generate admin password: %s", err)
	}
	fmt.Printf("Settings reloaded.  New admin password: %s\n", s.AdminPassword)

	return s, nil
}

func generatePass(seed int64) (string, error) {
	out := ""
	for len(out) < 20 {
		num, err := rand.Int(rand.Reader, big.NewInt(int64(15)))
		if err != nil {
			return "", err
		}

		out = fmt.Sprintf("%s%X", out, num)
	}
	return out, nil
}

func (s *Settings) Save() error {
	marshaled, err := json.MarshalIndent(s, "", "\t")
	if err != nil {
		return fmt.Errorf("error marshaling: %s", err)
	}

	err = ioutil.WriteFile(s.filename, marshaled, 0777)
	if err != nil {
		return fmt.Errorf("error saving: %s", err)
	}
	return nil
}

func (s *Settings) AddBan(host string, names []string) error {
	if host == "127.0.0.1" {
		return fmt.Errorf("Cannot add a ban for localhost.")
	}

	b := BanInfo{
		Names: names,
		IP:    host,
		When:  time.Now(),
	}
	settings.Bans = append(settings.Bans, b)

	fmt.Printf("[BAN] %q (%s) has been banned.\n", strings.Join(names, ", "), host)

	return settings.Save()
}

func (s *Settings) RemoveBan(name string) error {
	defer settingsMtx.Unlock()
	settingsMtx.Lock()

	name = strings.ToLower(name)
	newBans := []BanInfo{}
	for _, b := range s.Bans {
		for _, n := range b.Names {
			if n == name {
				fmt.Printf("[ban] Removed ban for %s [%s]\n", b.IP, n)
			} else {
				newBans = append(newBans, b)
			}
		}
	}
	s.Bans = newBans
	return settings.Save()
}

func (s *Settings) IsBanned(host string) (bool, []string) {
	defer settingsMtx.Unlock()
	settingsMtx.Lock()

	for _, b := range s.Bans {
		if b.IP == host {
			return true, b.Names
		}
	}
	return false, nil
}

func (s *Settings) SetTempKey(key string) {
	defer settingsMtx.Unlock()
	settingsMtx.Lock()

	s.cmdLineKey = key
}

func (s *Settings) GetStreamKey() string {
	defer settingsMtx.Unlock()
	settingsMtx.Lock()

	if len(s.cmdLineKey) > 0 {
		return s.cmdLineKey
	}
	return s.StreamKey
}

func (s *Settings) generateNewPin() (string, error) {
	num, err := rand.Int(rand.Reader, big.NewInt(int64(9999)))
	if err != nil {
		return "", err
	}
	settings.RoomAccessPin = fmt.Sprintf("%04d", num)
	return settings.RoomAccessPin, nil
}
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`package main`

			`import (`
Add single-use mod passwords Single-use moderator passwords can only be generated by an admin with the /modpass command. To redeem the password and gain moderator privileges, a user just needs to call /auth with the password. The passwords are generated using the same function as the admin password. Additionally, generating passwords now uses crypto/rand instead of math/rand. Resolves #15 2019-03-13 21:47:32 +01:00			`"crypto/rand"`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`"encoding/json"`
			`"fmt"`
			`"io/ioutil"`
Add single-use mod passwords Single-use moderator passwords can only be generated by an admin with the /modpass command. To redeem the password and gain moderator privileges, a user just needs to call /auth with the password. The passwords are generated using the same function as the admin password. Additionally, generating passwords now uses crypto/rand instead of math/rand. Resolves #15 2019-03-13 21:47:32 +01:00			`"math/big"`
Start adding room access restrictions So far only PIN and Open modes are implemented. It uses a session cookie to store the validity of the pin/password. The "Enter pin" page has some unreadable messages on it right now, but it kinda works. 2019-03-23 02:39:55 +01:00			`"net/http"`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`"strings"`
			`"sync"`
			`"time"`
Start adding room access restrictions So far only PIN and Open modes are implemented. It uses a session cookie to store the validity of the pin/password. The "Enter pin" page has some unreadable messages on it right now, but it kinda works. 2019-03-23 02:39:55 +01:00
			`"github.com/gorilla/sessions"`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`)`

			`var settings *Settings`
			`var settingsMtx sync.Mutex`
Start adding room access restrictions So far only PIN and Open modes are implemented. It uses a session cookie to store the validity of the pin/password. The "Enter pin" page has some unreadable messages on it right now, but it kinda works. 2019-03-23 02:39:55 +01:00			`var sstore *sessions.CookieStore`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00
			`type Settings struct {`
Add stream stats, minor changes in main, and adding ctrl+c handling Stream statistics will now print when enabled in settings.json. There is messages in, messages out, and total time running. The main function was changed so the server setups for the main and rtmp are in separate functions, and both are started with their own goroutine. OS Interrupt catching was added, and if stream stats is true, the stats will be printed. 2019-03-21 21:20:50 +01:00			`// Non-Saved settings`
			`filename string`
			`cmdLineKey string // stream key from the command line`

			`// Saved settings`
			`StreamStats bool`
divs in #messages are removed after set count maxes out. Default is 300 closes #20 2019-03-13 05:02:36 +01:00			`MaxMessageCount int`
Add a limit to the title length Added a limit to how long the title can be when set from the /playing command. The default value is 50 if it is not in the settings file or if the value in the settings is below zero. Resolves #43 2019-03-17 02:04:11 +01:00			`TitleLength int // maximum length of the title that can be set with the /playing`
divs in #messages are removed after set count maxes out. Default is 300 closes #20 2019-03-13 05:02:36 +01:00			`AdminPassword string`
Start adding room access restrictions So far only PIN and Open modes are implemented. It uses a session cookie to store the validity of the pin/password. The "Enter pin" page has some unreadable messages on it right now, but it kinda works. 2019-03-23 02:39:55 +01:00			`Bans []BanInfo`
divs in #messages are removed after set count maxes out. Default is 300 closes #20 2019-03-13 05:02:36 +01:00			`StreamKey string`
			`ListenAddress string`
Start adding room access restrictions So far only PIN and Open modes are implemented. It uses a session cookie to store the validity of the pin/password. The "Enter pin" page has some unreadable messages on it right now, but it kinda works. 2019-03-23 02:39:55 +01:00			`SessionKey string // key for session data`
			`RoomAccess AccessMode`
			`RoomAccessPin string // auto generate this,`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`}`

Start adding room access restrictions So far only PIN and Open modes are implemented. It uses a session cookie to store the validity of the pin/password. The "Enter pin" page has some unreadable messages on it right now, but it kinda works. 2019-03-23 02:39:55 +01:00			`type AccessMode string`

			`const (`
			`AccessOpen AccessMode = "open"`
			`AccessPin AccessMode = "pin"`
			`AccessRequest AccessMode = "request"`
			`)`

Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`type BanInfo struct {`
			`IP string`
			`Names []string`
			`When time.Time`
			`}`

			`func init() {`
			`var err error`
			`settings, err = LoadSettings("settings.json")`
			`if err != nil {`
			`panic("Unable to load settings: " + err.Error())`
			`}`
Add stream key and listen address to settings.json This resolves #14. If the stream key or address are passed on the command line, those values take precedence over whatever is in the settings file. 2019-03-12 04:05:01 +01:00			`if len(settings.StreamKey) == 0 {`
			`panic("Missing stream key is settings.json")`
			`}`

Add a limit to the title length Added a limit to how long the title can be when set from the /playing command. The default value is 50 if it is not in the settings file or if the value in the settings is below zero. Resolves #43 2019-03-17 02:04:11 +01:00			`if settings.TitleLength <= 0 {`
			`settings.TitleLength = 50`
			`}`

Start adding room access restrictions So far only PIN and Open modes are implemented. It uses a session cookie to store the validity of the pin/password. The "Enter pin" page has some unreadable messages on it right now, but it kinda works. 2019-03-23 02:39:55 +01:00			`// Is this a good way to do this? Probably not...`
			`if len(settings.SessionKey) == 0 {`
			`out := ""`
			`large := big.NewInt(int64(1 << 60))`
			`large = large.Add(large, large)`
			`for len(out) < 50 {`
			`num, err := rand.Int(rand.Reader, large)`
			`if err != nil {`
			`panic("Error generating session key: " + err.Error())`
			`}`
			`out = fmt.Sprintf("%s%X", out, num)`
			`}`
			`settings.SessionKey = out`
			`}`

			`if len(settings.RoomAccess) == 0 {`
			`settings.RoomAccess = AccessOpen`
			`}`

			`if settings.RoomAccess != AccessOpen && len(settings.RoomAccessPin) == 0 {`
			`settings.RoomAccessPin = "1234"`
			`}`

			`sstore = sessions.NewCookieStore([]byte(settings.SessionKey))`
			`sstore.Options = &sessions.Options{`
			`Path: "/",`
			`MaxAge: 60 * 60 * 24, // one day`
			`SameSite: http.SameSiteStrictMode,`
			`}`

Add stream key and listen address to settings.json This resolves #14. If the stream key or address are passed on the command line, those values take precedence over whatever is in the settings file. 2019-03-12 04:05:01 +01:00			`// Save admin password to file`
			`if err = settings.Save(); err != nil {`
			`panic("Unable to save settings: " + err.Error())`
			`}`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`}`

			`func LoadSettings(filename string) (*Settings, error) {`
			`raw, err := ioutil.ReadFile(filename)`
			`if err != nil {`
Fix some linting errors with error messages 2019-03-14 20:19:36 +01:00			`return nil, fmt.Errorf("error reading file: %s", err)`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`}`

			`var s *Settings`
			`err = json.Unmarshal(raw, &s)`
			`if err != nil {`
Fix some linting errors with error messages 2019-03-14 20:19:36 +01:00			`return nil, fmt.Errorf("error unmarshaling: %s", err)`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`}`
			`s.filename = filename`

divs in #messages are removed after set count maxes out. Default is 300 closes #20 2019-03-13 05:02:36 +01:00			`// have a default of 200`
			`if s.MaxMessageCount == 0 {`
			`s.MaxMessageCount = 300`
			`} else if s.MaxMessageCount < 0 {`
Fix some linting errors with error messages 2019-03-14 20:19:36 +01:00			`return s, fmt.Errorf("value for MaxMessageCount must be greater than 0, given %d", s.MaxMessageCount)`
divs in #messages are removed after set count maxes out. Default is 300 closes #20 2019-03-13 05:02:36 +01:00			`}`

Add single-use mod passwords Single-use moderator passwords can only be generated by an admin with the /modpass command. To redeem the password and gain moderator privileges, a user just needs to call /auth with the password. The passwords are generated using the same function as the admin password. Additionally, generating passwords now uses crypto/rand instead of math/rand. Resolves #15 2019-03-13 21:47:32 +01:00			`s.AdminPassword, err = generatePass(time.Now().Unix())`
			`if err != nil {`
Fix some linting errors with error messages 2019-03-14 20:19:36 +01:00			`return nil, fmt.Errorf("unable to generate admin password: %s", err)`
Add single-use mod passwords Single-use moderator passwords can only be generated by an admin with the /modpass command. To redeem the password and gain moderator privileges, a user just needs to call /auth with the password. The passwords are generated using the same function as the admin password. Additionally, generating passwords now uses crypto/rand instead of math/rand. Resolves #15 2019-03-13 21:47:32 +01:00			`}`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`fmt.Printf("Settings reloaded. New admin password: %s\n", s.AdminPassword)`

			`return s, nil`
			`}`

Add single-use mod passwords Single-use moderator passwords can only be generated by an admin with the /modpass command. To redeem the password and gain moderator privileges, a user just needs to call /auth with the password. The passwords are generated using the same function as the admin password. Additionally, generating passwords now uses crypto/rand instead of math/rand. Resolves #15 2019-03-13 21:47:32 +01:00			`func generatePass(seed int64) (string, error) {`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`out := ""`
			`for len(out) < 20 {`
Add single-use mod passwords Single-use moderator passwords can only be generated by an admin with the /modpass command. To redeem the password and gain moderator privileges, a user just needs to call /auth with the password. The passwords are generated using the same function as the admin password. Additionally, generating passwords now uses crypto/rand instead of math/rand. Resolves #15 2019-03-13 21:47:32 +01:00			`num, err := rand.Int(rand.Reader, big.NewInt(int64(15)))`
			`if err != nil {`
			`return "", err`
			`}`

			`out = fmt.Sprintf("%s%X", out, num)`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`}`
Add single-use mod passwords Single-use moderator passwords can only be generated by an admin with the /modpass command. To redeem the password and gain moderator privileges, a user just needs to call /auth with the password. The passwords are generated using the same function as the admin password. Additionally, generating passwords now uses crypto/rand instead of math/rand. Resolves #15 2019-03-13 21:47:32 +01:00			`return out, nil`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`}`

			`func (s *Settings) Save() error {`
Add stream key and listen address to settings.json This resolves #14. If the stream key or address are passed on the command line, those values take precedence over whatever is in the settings file. 2019-03-12 04:05:01 +01:00			`marshaled, err := json.MarshalIndent(s, "", "\t")`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`if err != nil {`
Fix some linting errors with error messages 2019-03-14 20:19:36 +01:00			`return fmt.Errorf("error marshaling: %s", err)`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`}`

			`err = ioutil.WriteFile(s.filename, marshaled, 0777)`
			`if err != nil {`
Fix some linting errors with error messages 2019-03-14 20:19:36 +01:00			`return fmt.Errorf("error saving: %s", err)`
Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`}`
			`return nil`
			`}`

			`func (s *Settings) AddBan(host string, names []string) error {`
Parse X-Forwarded-For header if provided Parse the X-Forwarded-For header if it exists in the connection. This will allow bans to work if the server is sitting behind an Nginx reverse proxy (that has been configured to add the header). Also added a safe-guard to disallow bans for localhost so you cannot accidentally ban everybody from connecting if the server is behind a reverse proxy. This should resolve #49 2019-03-20 21:57:29 +01:00			`if host == "127.0.0.1" {`
			`return fmt.Errorf("Cannot add a ban for localhost.")`
			`}`

Initial commit So far things work. Needs lots of improvements. 2019-03-10 16:42:12 +01:00			`b := BanInfo{`
			`Names: names,`
			`IP: host,`
			`When: time.Now(),`
			`}`
			`settings.Bans = append(settings.Bans, b)`

			`fmt.Printf("[BAN] %q (%s) has been banned.\n", strings.Join(names, ", "), host)`

			`return settings.Save()`
			`}`

			`func (s *Settings) RemoveBan(name string) error {`
			`defer settingsMtx.Unlock()`
			`settingsMtx.Lock()`

			`name = strings.ToLower(name)`
			`newBans := []BanInfo{}`
			`for _, b := range s.Bans {`
			`for _, n := range b.Names {`
			`if n == name {`
			`fmt.Printf("[ban] Removed ban for %s [%s]\n", b.IP, n)`
			`} else {`
			`newBans = append(newBans, b)`
			`}`
			`}`
			`}`
			`s.Bans = newBans`
			`return settings.Save()`
			`}`

			`func (s *Settings) IsBanned(host string) (bool, []string) {`
			`defer settingsMtx.Unlock()`
			`settingsMtx.Lock()`

			`for _, b := range s.Bans {`
			`if b.IP == host {`
			`return true, b.Names`
			`}`
			`}`
			`return false, nil`
			`}`
Fix stream key loading Somehow I broke this without noticing. Also, If a stream key is provided as a command line flag, load it but do not save it to settings.json. 2019-03-12 04:45:23 +01:00
			`func (s *Settings) SetTempKey(key string) {`
			`defer settingsMtx.Unlock()`
			`settingsMtx.Lock()`

			`s.cmdLineKey = key`
			`}`

			`func (s *Settings) GetStreamKey() string {`
			`defer settingsMtx.Unlock()`
			`settingsMtx.Lock()`

			`if len(s.cmdLineKey) > 0 {`
			`return s.cmdLineKey`
			`}`
			`return s.StreamKey`
			`}`
Start adding room access restrictions So far only PIN and Open modes are implemented. It uses a session cookie to store the validity of the pin/password. The "Enter pin" page has some unreadable messages on it right now, but it kinda works. 2019-03-23 02:39:55 +01:00
			`func (s *Settings) generateNewPin() (string, error) {`
			`num, err := rand.Int(rand.Reader, big.NewInt(int64(9999)))`
			`if err != nil {`
			`return "", err`
			`}`
			`settings.RoomAccessPin = fmt.Sprintf("%04d", num)`
			`return settings.RoomAccessPin, nil`
			`}`