2985d8554a
feat(legacy): trused header sso auth ( #3095 )
...
### Description
Allows LibreTime to support Trusted Header SSO Authentication.
**This is a new feature**:
Yes
**I have updated the documentation to reflect these changes**:
Yes
### Testing Notes
**What I did:**
I spun up an Authelia/Traefik pair and configured them to protect
LibreTime according to Authelia's documentation, I then tested that you
could log in via the trusted headers, and tested that old methods of
authentication were not affected.
**How you can replicate my testing:**
Using the following `docker-compose.yml` file
```yml
services:
postgres:
image: postgres:15
networks:
- internal
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_USER: ${POSTGRES_USER:-libretime}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-libretime} # Change me !
healthcheck:
test: pg_isready -U libretime
rabbitmq:
image: rabbitmq:3.13-alpine
networks:
- internal
environment:
RABBITMQ_DEFAULT_VHOST: ${RABBITMQ_DEFAULT_VHOST:-/libretime}
RABBITMQ_DEFAULT_USER: ${RABBITMQ_DEFAULT_USER:-libretime}
RABBITMQ_DEFAULT_PASS: ${RABBITMQ_DEFAULT_PASS:-libretime} # Change me !
healthcheck:
test: nc -z 127.0.0.1 5672
playout:
image: ghcr.io/libretime/libretime-playout:${LIBRETIME_VERSION:-latest}
networks:
- internal
init: true
ulimits:
nofile: 1024
depends_on:
- rabbitmq
volumes:
- ${LIBRETIME_CONFIG_FILEPATH:-./config.yml}:/etc/libretime/config.yml:ro
- libretime_playout:/app
environment:
LIBRETIME_GENERAL_PUBLIC_URL: http://nginx:8080
liquidsoap:
image: ghcr.io/libretime/libretime-playout:${LIBRETIME_VERSION:-latest}
networks:
- internal
command: /usr/local/bin/libretime-liquidsoap
init: true
ulimits:
nofile: 1024
ports:
- 8001:8001
- 8002:8002
depends_on:
- rabbitmq
volumes:
- ${LIBRETIME_CONFIG_FILEPATH:-./config.yml}:/etc/libretime/config.yml:ro
- libretime_playout:/app
environment:
LIBRETIME_GENERAL_PUBLIC_URL: http://nginx:8080
analyzer:
image: ghcr.io/libretime/libretime-analyzer:${LIBRETIME_VERSION:-latest}
networks:
- internal
init: true
ulimits:
nofile: 1024
depends_on:
- rabbitmq
volumes:
- ${LIBRETIME_CONFIG_FILEPATH:-./config.yml}:/etc/libretime/config.yml:ro
- libretime_storage:/srv/libretime
environment:
LIBRETIME_GENERAL_PUBLIC_URL: http://nginx:8080
worker:
image: ghcr.io/libretime/libretime-worker:${LIBRETIME_VERSION:-latest}
networks:
- internal
init: true
ulimits:
nofile: 1024
depends_on:
- rabbitmq
volumes:
- ${LIBRETIME_CONFIG_FILEPATH:-./config.yml}:/etc/libretime/config.yml:ro
environment:
LIBRETIME_GENERAL_PUBLIC_URL: http://nginx:8080
api:
image: ghcr.io/libretime/libretime-api:${LIBRETIME_VERSION:-latest}
networks:
- internal
init: true
ulimits:
nofile: 1024
depends_on:
- postgres
- rabbitmq
volumes:
- ${LIBRETIME_CONFIG_FILEPATH:-./config.yml}:/etc/libretime/config.yml:ro
- libretime_storage:/srv/libretime
legacy:
image: ghcr.io/libretime/libretime-legacy:${LIBRETIME_VERSION:-latest}
networks:
- internal
init: true
ulimits:
nofile: 1024
depends_on:
- postgres
- rabbitmq
volumes:
- ${LIBRETIME_CONFIG_FILEPATH:-./config.yml}:/etc/libretime/config.yml:ro
- libretime_assets:/var/www/html
- libretime_storage:/srv/libretime
nginx:
image: nginx
networks:
- internal
- net
ports:
- 8080:8080
depends_on:
- legacy
volumes:
- libretime_assets:/var/www/html:ro
- libretime_storage:/srv/libretime:ro
- ${NGINX_CONFIG_FILEPATH:-./nginx.conf}:/etc/nginx/conf.d/default.conf:ro
labels:
- 'traefik.enable=true'
- 'traefik.docker.network=libretime_net'
- 'traefik.http.routers.libretime.rule=Host(`libretime.example.com`)'
- 'traefik.http.routers.libretime.entrypoints=https'
- 'traefik.http.routers.libretime.tls=true'
- 'traefik.http.routers.libretime.tls.options=default'
- 'traefik.http.routers.libretime.middlewares=authelia@docker'
- 'traefik.http.services.libretime.loadbalancer.server.port=8080'
icecast:
image: ghcr.io/libretime/icecast:2.4.4
networks:
- internal
ports:
- 8000:8000
environment:
ICECAST_SOURCE_PASSWORD: ${ICECAST_SOURCE_PASSWORD:-hackme} # Change me !
ICECAST_ADMIN_PASSWORD: ${ICECAST_ADMIN_PASSWORD:-hackme} # Change me !
ICECAST_RELAY_PASSWORD: ${ICECAST_RELAY_PASSWORD:-hackme} # Change me !
traefik:
image: traefik:v2.11.12
container_name: traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- net
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.api.rule=Host(`traefik.example.com`)'
- 'traefik.http.routers.api.entrypoints=https'
- 'traefik.http.routers.api.service=api@internal'
- 'traefik.http.routers.api.tls=true'
- 'traefik.http.routers.api.tls.options=default'
- 'traefik.http.routers.api.middlewares=authelia@docker'
ports:
- '80:80'
- '443:443'
command:
- '--api'
- '--providers.docker=true'
- '--providers.docker.exposedByDefault=false'
- '--entrypoints.http=true'
- '--entrypoints.http.address=:80'
- '--entrypoints.http.http.redirections.entrypoint.to=https'
- '--entrypoints.http.http.redirections.entrypoint.scheme=https'
- '--entrypoints.https=true'
- '--entrypoints.https.address=:443'
- '--log=true'
- '--log.level=DEBUG'
authelia:
image: authelia/authelia
container_name: authelia
networks:
- net
volumes:
- ./authelia:/config
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)'
- 'traefik.http.routers.authelia.entrypoints=https'
- 'traefik.http.routers.authelia.tls=true'
- 'traefik.http.routers.authelia.tls.options=default'
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth ' # yamllint disable-line rule:line-length
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length
- 'traefik.http.services.authelia.loadbalancer.server.port=9091'
restart: unless-stopped
environment:
- TZ=America/Los_Angeles
volumes:
postgres_data: {}
libretime_storage: {}
libretime_assets: {}
libretime_playout: {}
networks:
internal:
net:
```
The following libretime dev config modification:
```yml
general:
public_url: https://libretime.example.com
auth: LibreTime_Auth_Adaptor_Header
header_auth:
group_map:
host: lt-host
program_manager: lt-pm
admin: lt-admin
superadmin: lt-superadmin
```
And the following authelia config file:
```yml
---
###############################################################
# Authelia configuration #
###############################################################
server:
address: 'tcp://:9091'
buffers:
read: 16384
write: 16384
log:
level: 'debug'
totp:
issuer: 'authelia.com'
identity_validation:
reset_password:
jwt_secret: 'a_very_important_secret'
authentication_backend:
file:
path: '/config/users_database.yml'
access_control:
default_policy: 'deny'
rules:
- domain: 'traefik.example.com'
policy: 'one_factor'
- domain: 'libretime.example.com'
policy: 'one_factor'
session:
secret: 'insecure_session_secret'
cookies:
- name: 'authelia_session'
domain: 'example.com' # Should match whatever your root protected domain is
authelia_url: 'https://auth.example.com '
expiration: '1 hour' # 1 hour
inactivity: '5 minutes' # 5 minutes
regulation:
max_retries: 3
find_time: '2 minutes'
ban_time: '5 minutes'
storage:
encryption_key: 'you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this'
local:
path: '/config/db.sqlite3'
notifier:
filesystem:
filename: '/config/notification.txt'
...
```
And the following authelia users database:
```yml
---
###############################################################
# Users Database #
###############################################################
# This file can be used if you do not have an LDAP set up.
# List of users
users:
test:
disabled: false
displayname: "First Last"
password: "$argon2id$v=19$m=16,t=2,p=1$SWVVVzcySlRLUEFkWWh2eA$qPs1ZmzmDXR/9WckDzIN9Q"
email: test@example.com
groups:
- admins
- dev
- lt-admin
...
```
add the following entries to your `hosts` file:
```
127.0.0.1 traefik.example.com
127.0.0.1 auth.example.com
127.0.0.1 libretime.example.com
```
Then visit `libretime.example.com` in your browser, and login as the
user `test` with password of `password`. You should then be taken to the
LibreTime homepage, and when you click on login, you should be
automatically logged in.
### **Links**
https://www.authelia.com/integration/trusted-header-sso/introduction/
https://doc.traefik.io/traefik/middlewares/http/forwardauth/
---------
Co-authored-by: Kyle Robbertze <paddatrapper@users.noreply.github.com>
2024-12-07 10:21:57 +00:00
16deaf08c6
feat(legacy): show filename and size on edit page and add filename datatable column ( #3083 )
...
### Description
Add File Name and Size to the metadata editor screen, and added a File
Name column to the tracks data table.
**This is a new feature**:
Yes
**I have updated the documentation to reflect these changes**:
No, just some simple UI additions so no documentation needed.
### Testing Notes
**What I did:**
I uploaded some tracks, clicked on edit, and saw that the filename and
size showed up at the top. I also went out to the tracks view and added
the File Name column and saw that the filename displayed properly.
**How you can replicate my testing:**
Do what I did
### **Links**
Fixes #3053
2024-10-13 08:45:54 +01:00
4e0953d513
refactor: remove non existent asset file ( #3042 )
...
The file is non existent.
Added in c669d3cb47ea2a6b3f68
2024-06-22 17:18:16 +02:00
40b4fc7f66
feat: build schedule events exclusively in playout ( #2946 )
...
### Description
Build and use the schedule events only in playout, the events generated
by legacy are not used anymore.
This ensure that we don't have to maintain 2 different implementation in
2 different languages. We still need the php function to run to make
sure the side effects of this function are executed (filling the
schedule in the DB).
2024-04-27 20:09:16 +02:00
da02e74f21
feat(legacy): visual cue point editor ( #2947 )
...
A visual cue point editor in the track editor view. This view displays the track as a waveform and allows you to set where the in- and out-cue points are set. These cue points determine the start and end points of the track.
---------
Co-authored-by: Thomas Göttgens <tgoettgens@mail.com>
Co-authored-by: Kyle Robbertze <paddatrapper@users.noreply.github.com>
2024-04-21 10:13:43 +01:00
5ad69bf0b7
fix(legacy): ensure validation is performed on the track type form ( #2985 )
...
### Description
Fixes #2939
The zend form validation was not performed, only a custom method to
validate the code was used. This merge both validation, and leverage the
Zend form validation framework.
Also allow updating the track type code from the track type form.
Related to #2955
2024-04-13 15:54:47 +02:00
a95ce3d229
feat(legacy): trim overbooked shows after autoloading a playlist ( #2897 )
...
### Description
Some combination of preload/postload and autoloding playlists with
smartblocks generate massively overbooked shows that clutter up the
interface. This addition performs a 'trim overbooked' after filling up
the autoload list, and does the same as pushing the 'trim overbooked'
button in the UI.
### Testing Notes
Define an autoloading playlist of 2 hours and schedule it for a one hour
show. Without patch, you'll get entries for 2 hours, with the patch, you
only get one hour and a 'overboarding' orange entry at most.
---------
Co-authored-by: Kyle Robbertze <paddatrapper@users.noreply.github.com>
Co-authored-by: Thomas Göttgens <tgoettgens@mail.com>
Co-authored-by: jo <ljonas@riseup.net>
2024-02-02 20:17:23 +01:00
170d09545e
feat(legacy): disable public radio page and redirect to login ( #2903 )
...
### Description
Many people don't need the public page and use libretime purely for
playout management. This adds the ability to have libretime publicly
available but only present the login page to the user.
**I have updated the documentation to reflect these changes**:
no, but i will add documentation if this PR is accepted.
### Testing Notes
**What I did:**
Toggle the new ceckbox on the general settings, log out and back in and
check behaviour.
note: this may have conflicts with the trim overbooked PR since the
toggle sits in the same place. If both are accepted this needs to be
formatted nicely :-)
---------
Co-authored-by: Thomas Göttgens <tgoettgens@mail.com>
Co-authored-by: Jonas L. <jooola@users.noreply.github.com>
Co-authored-by: Kyle Robbertze <paddatrapper@users.noreply.github.com>
Co-authored-by: jo <ljonas@riseup.net>
2024-02-02 19:04:12 +01:00
12dd477312
fix(legacy): avoid crash when lot of streams in configuration ( #2915 )
...
### Description
lot of streams forbid
http://libretime.example.org/preference/stream-setting to open (max=4)
this patch prevent the crash by displaying an error message and truncate
streamcount to 4.
Co-authored-by: Kyle Robbertze <paddatrapper@users.noreply.github.com>
2024-01-30 17:24:28 +00:00
1820970ce3
fix(deps): update dependency friendsofphp/php-cs-fixer to <3.41.2 (stable) ( #2766 )
...
* fix(deps): update dependency friendsofphp/php-cs-fixer to <3.41.2
* style: format files using php-cs-fixer
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jo <ljonas@riseup.net>
2023-12-18 19:02:03 +01:00
2f1a0a8efa
fix(deps): update dependency friendsofphp/php-cs-fixer to <3.27.1 (main) ( #2714 )
...
* fix(deps): update dependency friendsofphp/php-cs-fixer to <3.27.1
* style: format legacy files
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jo <ljonas@riseup.net>
2023-09-17 17:14:59 +02:00
9af3050432
fix(deps): update dependency friendsofphp/php-cs-fixer to <3.26.1 (main) ( #2677 )
...
* fix(deps): update dependency friendsofphp/php-cs-fixer to <3.26.1
* style: format code
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jo <ljonas@riseup.net>
2023-09-08 15:45:24 +02:00
ab16cb47c5
fix(deps): update dependency friendsofphp/php-cs-fixer to <3.23.1 (stable) ( #2656 )
...
* fix(deps): update dependency friendsofphp/php-cs-fixer to <3.23.1
* style: format files using php-cs-fixer
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jo <ljonas@riseup.net>
2023-08-15 18:28:18 +02:00
8b41302ddd
fix(deps): update dependency friendsofphp/php-cs-fixer to <3.17.1 (main) ( #2556 )
...
* fix(deps): update dependency friendsofphp/php-cs-fixer to <3.17.1
* style(legacy): format using php-cs-fixer
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jo <ljonas@riseup.net>
2023-05-25 15:06:18 +02:00
5fbd4f54a2
fix(legacy): on air light fails when no shows are scheduled
2023-02-26 18:13:00 +01:00
f5e46c6f3d
feat: configure cue points analysis per track type
2023-02-15 10:13:32 +02:00
d73555fa65
style(legacy): format using php-cs-fixer
2022-10-12 17:29:28 +02:00
cff98f2d23
feat(legacy): remove db allowed_cors_origins preference ( #2095 )
...
- Remove after deprecation in eb8e7b3415
2022-10-11 13:38:31 +02:00
5ed0bf67cb
fix(legacy): jquery i18n translations for plupload
2022-10-07 16:33:21 +02:00
6fb667d510
fix(legacy): correct log levels ( #2196 )
2022-09-27 13:16:03 +02:00
3ef42413d8
fix(legacy): add play button to stream player ( #2190 )
2022-09-27 08:14:53 +02:00
060fb9d24b
fix(legacy): fail when uploading wma files ( #2172 )
...
Fix #1449
2022-09-21 14:04:56 +02:00
6b16df8966
fix(legacy): update or remove broken links
2022-09-21 08:28:43 +02:00
23578da4e2
feat(legacy): invalidate cached assets using md5sum ( #2161 )
...
* feat(legacy): invalidate cached assets using md5sum
Don't rely on version to invalidate cached assets
* use Assets::url() when loading legacy pages
* fix script docs
2022-09-19 11:58:31 +02:00
9b3207b8a4
feat: move timezone preference to config file ( #2096 )
...
BREAKING CHANGE: The timezone preference moved to the configuration
file.
2022-09-14 12:48:08 +02:00
5bf62dd9cb
feat(legacy): read stream config from file
...
- We don't delete the stream preferences from the database to prevent data loss. This will be handled in a future release.
2022-09-06 13:21:54 +02:00
c28c048bf4
chore: use https links ( #2075 )
2022-08-25 16:25:54 +02:00
4d0cbe4d15
fix(legacy): 404 on listeners stats
2022-08-25 10:52:38 +02:00
406d42323a
feat: move stream stats status to pref table
2022-08-07 08:50:06 +02:00
2b533d4724
feat: move stream liquisoap status to pref table
2022-08-07 08:50:06 +02:00
6c59ff588b
feat: move off_air_meta stream setting to pref table ( #2023 )
2022-08-06 19:18:40 +02:00
c28fe32cdc
style(legacy): php-cs-fixer upgrade
2022-07-11 17:30:52 +02:00
829b9bcd5b
chore(legacy): use Config::getPublicUrl helper
...
Replace Application_Common_HTTPHelper::getStationUrl with Config::getPublicUrl.
2022-07-08 11:03:10 +02:00
72960593c7
chore(legacy): use Config::getBasePath helper
...
Replace Application_Common_OsPath::getBaseDir with Config::getBasePath.
2022-07-08 11:03:10 +02:00
db976881f0
fix: use constrained foreign key for files track_type
2022-07-07 21:07:41 +02:00
4d393fa14e
style(legacy): format files ( #1946 )
2022-07-07 20:01:15 +02:00
c6bba21ef9
fix(legacy): station-metadata api endpoint
...
- Remove hardcoded http://
- Add missing $request variable
2022-07-07 16:44:27 +02:00
be7447b28f
style(legacy): format ApiController.php
2022-07-07 16:44:27 +02:00
703a8e5856
chore: remove cloud storage remainings ( #1934 )
2022-07-04 22:09:14 +02:00
f7bb6e7592
feat: move storage path setting to configuration file
...
- change default storage path to /srv/libretime
- remove music dirs table
- use /tmp for testing storage
- storage dir should always have a trailing slash
2022-06-08 23:23:08 +02:00
0e4bc4cacd
feat: replace php migration with django migration
...
- keep latest legacy version in initial migration file
- move propel schema to api legacy app
- remove legacy upgrade tool
2022-06-08 23:23:08 +02:00
331df277b4
docs: fix and update links ( #1714 )
2022-03-29 13:07:38 +02:00
69d8eae845
style(legacy): fix code format with php-cs-fixer ( #1674 )
2022-03-14 12:15:04 +02:00
ae5746d26d
style: fix php-cs-fixer linting ( #1575 )
2022-02-08 11:14:59 +02:00
729a7b99e0
feat(legacy): consolidate constants ( #1558 )
...
* remove unused file
* fix paths leading slash
* remove useless imports
* refactor(legacy): use constants everywhere
* fix path leading slash
* remove useless import
* consolidate legacy contants
* format code
* reuse LIBRETIME_CONFIG_DIR
* fix test config path
* remove ci legacy log dir creation
* some logs improvements
2022-02-04 12:00:41 +02:00
86948e7b93
fix(legacy): add more null check in api live info
2022-01-27 16:01:09 +02:00
ace167fe10
fix(legacy): do not catch too broad exceptions
2022-01-27 16:01:09 +02:00
8569af9328
style(legacy): force semicolon on same line ( #1534 )
2022-01-23 20:15:55 +02:00
5e8d8db6e9
Feature: Support php7.4 ( #1354 )
...
* Run CI tests against php 7.4
* Sort composer dependencies
* Remove unused Aws S3 php library
* Pin simplepie dependency to ^1.5
* Pin getid3 dependency to ^1.9
* Pin composer semver to ^3.2
* Pin php-amqplib to ^2.12
* Drop sentry logging support
* Update composer dependencies
* Move propel regenerate to Makefile
* Regenerate propel files with v1.7.0
* Pin propel orm to ^1.7
* Regenerate propel files with v1.7.2
* fix: generator_version in airtime-conf-production.php
* Replace propel/propel1 with jooola/propel1
* Regenerate propel files with v1.7.3-dev
* Fix php7.4 compatibility
Using php-cs-fixer:
'@PhpCsFixer' => true,
'concat_space' => ['spacing' => 'one'],
'ordered_class_elements' => false,
'yoda_style' => false,
'@PHP74Migration' => true,
'assign_null_coalescing_to_coalesce_equal' => false,
'ternary_to_null_coalescing' => false,
'heredoc_indentation' => false,
'@PHP74Migration:risky' => true,
'declare_strict_types' => false,
'void_return' => false,
'use_arrow_functions' => false,
* Fix pre-commit
2021-10-17 17:19:53 +02:00
83b7e4162e
Run pre-commit on legacy code
2021-10-12 11:17:57 +02:00
dakriy
Jonas L
Thomas Göttgens
Julien Valentin
renovate[bot]
jo