Commit Graph

52 Commits

Author SHA1 Message Date
dakriy 2985d8554a
feat(legacy): trused header sso auth (#3095)
### Description

Allows LibreTime to support Trusted Header SSO Authentication.

**This is a new feature**:

Yes

**I have updated the documentation to reflect these changes**:

Yes

### Testing Notes

**What I did:**

I spun up an Authelia/Traefik pair and configured them to protect
LibreTime according to Authelia's documentation, I then tested that you
could log in via the trusted headers, and tested that old methods of
authentication were not affected.

**How you can replicate my testing:**

Using the following `docker-compose.yml` file

```yml
services:
  postgres:
    image: postgres:15
    networks:
      - internal
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-libretime}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-libretime} # Change me !
    healthcheck:
      test: pg_isready -U libretime

  rabbitmq:
    image: rabbitmq:3.13-alpine
    networks:
      - internal
    environment:
      RABBITMQ_DEFAULT_VHOST: ${RABBITMQ_DEFAULT_VHOST:-/libretime}
      RABBITMQ_DEFAULT_USER: ${RABBITMQ_DEFAULT_USER:-libretime}
      RABBITMQ_DEFAULT_PASS: ${RABBITMQ_DEFAULT_PASS:-libretime} # Change me !
    healthcheck:
      test: nc -z 127.0.0.1 5672

  playout:
    image: ghcr.io/libretime/libretime-playout:${LIBRETIME_VERSION:-latest}
    networks:
      - internal
    init: true
    ulimits:
      nofile: 1024
    depends_on:
      - rabbitmq
    volumes:
      - ${LIBRETIME_CONFIG_FILEPATH:-./config.yml}:/etc/libretime/config.yml:ro
      - libretime_playout:/app
    environment:
      LIBRETIME_GENERAL_PUBLIC_URL: http://nginx:8080

  liquidsoap:
    image: ghcr.io/libretime/libretime-playout:${LIBRETIME_VERSION:-latest}
    networks:
      - internal
    command: /usr/local/bin/libretime-liquidsoap
    init: true
    ulimits:
      nofile: 1024
    ports:
      - 8001:8001
      - 8002:8002
    depends_on:
      - rabbitmq
    volumes:
      - ${LIBRETIME_CONFIG_FILEPATH:-./config.yml}:/etc/libretime/config.yml:ro
      - libretime_playout:/app
    environment:
      LIBRETIME_GENERAL_PUBLIC_URL: http://nginx:8080

  analyzer:
    image: ghcr.io/libretime/libretime-analyzer:${LIBRETIME_VERSION:-latest}
    networks:
      - internal
    init: true
    ulimits:
      nofile: 1024
    depends_on:
      - rabbitmq
    volumes:
      - ${LIBRETIME_CONFIG_FILEPATH:-./config.yml}:/etc/libretime/config.yml:ro
      - libretime_storage:/srv/libretime
    environment:
      LIBRETIME_GENERAL_PUBLIC_URL: http://nginx:8080

  worker:
    image: ghcr.io/libretime/libretime-worker:${LIBRETIME_VERSION:-latest}
    networks:
      - internal
    init: true
    ulimits:
      nofile: 1024
    depends_on:
      - rabbitmq
    volumes:
      - ${LIBRETIME_CONFIG_FILEPATH:-./config.yml}:/etc/libretime/config.yml:ro
    environment:
      LIBRETIME_GENERAL_PUBLIC_URL: http://nginx:8080

  api:
    image: ghcr.io/libretime/libretime-api:${LIBRETIME_VERSION:-latest}
    networks:
      - internal
    init: true
    ulimits:
      nofile: 1024
    depends_on:
      - postgres
      - rabbitmq
    volumes:
      - ${LIBRETIME_CONFIG_FILEPATH:-./config.yml}:/etc/libretime/config.yml:ro
      - libretime_storage:/srv/libretime

  legacy:
    image: ghcr.io/libretime/libretime-legacy:${LIBRETIME_VERSION:-latest}
    networks:
      - internal
    init: true
    ulimits:
      nofile: 1024
    depends_on:
      - postgres
      - rabbitmq
    volumes:
      - ${LIBRETIME_CONFIG_FILEPATH:-./config.yml}:/etc/libretime/config.yml:ro
      - libretime_assets:/var/www/html
      - libretime_storage:/srv/libretime

  nginx:
    image: nginx
    networks:
      - internal
      - net
    ports:
      - 8080:8080
    depends_on:
      - legacy
    volumes:
      - libretime_assets:/var/www/html:ro
      - libretime_storage:/srv/libretime:ro
      - ${NGINX_CONFIG_FILEPATH:-./nginx.conf}:/etc/nginx/conf.d/default.conf:ro
    labels:
      - 'traefik.enable=true'
      - 'traefik.docker.network=libretime_net'
      - 'traefik.http.routers.libretime.rule=Host(`libretime.example.com`)'
      - 'traefik.http.routers.libretime.entrypoints=https'
      - 'traefik.http.routers.libretime.tls=true'
      - 'traefik.http.routers.libretime.tls.options=default'
      - 'traefik.http.routers.libretime.middlewares=authelia@docker'
      - 'traefik.http.services.libretime.loadbalancer.server.port=8080'

  icecast:
    image: ghcr.io/libretime/icecast:2.4.4
    networks:
      - internal
    ports:
      - 8000:8000
    environment:
      ICECAST_SOURCE_PASSWORD: ${ICECAST_SOURCE_PASSWORD:-hackme} # Change me !
      ICECAST_ADMIN_PASSWORD: ${ICECAST_ADMIN_PASSWORD:-hackme} # Change me !
      ICECAST_RELAY_PASSWORD: ${ICECAST_RELAY_PASSWORD:-hackme} # Change me !

  traefik:
    image: traefik:v2.11.12
    container_name: traefik
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - net
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.api.rule=Host(`traefik.example.com`)'
      - 'traefik.http.routers.api.entrypoints=https'
      - 'traefik.http.routers.api.service=api@internal'
      - 'traefik.http.routers.api.tls=true'
      - 'traefik.http.routers.api.tls.options=default'
      - 'traefik.http.routers.api.middlewares=authelia@docker'
    ports:
      - '80:80'
      - '443:443'
    command:
      - '--api'
      - '--providers.docker=true'
      - '--providers.docker.exposedByDefault=false'
      - '--entrypoints.http=true'
      - '--entrypoints.http.address=:80'
      - '--entrypoints.http.http.redirections.entrypoint.to=https'
      - '--entrypoints.http.http.redirections.entrypoint.scheme=https'
      - '--entrypoints.https=true'
      - '--entrypoints.https.address=:443'
      - '--log=true'
      - '--log.level=DEBUG'

  authelia:
    image: authelia/authelia
    container_name: authelia
    networks:
      - net
    volumes:
      - ./authelia:/config
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)'
      - 'traefik.http.routers.authelia.entrypoints=https'
      - 'traefik.http.routers.authelia.tls=true'
      - 'traefik.http.routers.authelia.tls.options=default'
      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth'  # yamllint disable-line rule:line-length
      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'  # yamllint disable-line rule:line-length
      - 'traefik.http.services.authelia.loadbalancer.server.port=9091'
    restart: unless-stopped
    environment:
      - TZ=America/Los_Angeles

volumes:
  postgres_data: {}
  libretime_storage: {}
  libretime_assets: {}
  libretime_playout: {}

networks:
  internal:
  net:
```

The following libretime dev config modification:
```yml
general:
  public_url: https://libretime.example.com
  auth: LibreTime_Auth_Adaptor_Header

header_auth:
  group_map:
    host: lt-host
    program_manager: lt-pm
    admin: lt-admin
    superadmin: lt-superadmin
```

And the following authelia config file:

```yml
---
###############################################################
#                   Authelia configuration                    #
###############################################################

server:
  address: 'tcp://:9091'
  buffers:
    read: 16384
    write: 16384

log:
  level: 'debug'

totp:
  issuer: 'authelia.com'

identity_validation:
  reset_password:
    jwt_secret: 'a_very_important_secret'

authentication_backend:
  file:
    path: '/config/users_database.yml'

access_control:
  default_policy: 'deny'
  rules:
    - domain: 'traefik.example.com'
      policy: 'one_factor'
    - domain: 'libretime.example.com'
      policy: 'one_factor'

session:
  secret: 'insecure_session_secret'

  cookies:
    - name: 'authelia_session'
      domain: 'example.com'  # Should match whatever your root protected domain is
      authelia_url: 'https://auth.example.com'
      expiration: '1 hour'  # 1 hour
      inactivity: '5 minutes'  # 5 minutes

regulation:
  max_retries: 3
  find_time: '2 minutes'
  ban_time: '5 minutes'

storage:
  encryption_key: 'you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this'
  local:
    path: '/config/db.sqlite3'

notifier:
  filesystem:
    filename: '/config/notification.txt'
...
```

And the following authelia users database:

```yml
---
###############################################################
#                         Users Database                      #
###############################################################

# This file can be used if you do not have an LDAP set up.

# List of users
users:
  test:
    disabled: false
    displayname: "First Last"
    password: "$argon2id$v=19$m=16,t=2,p=1$SWVVVzcySlRLUEFkWWh2eA$qPs1ZmzmDXR/9WckDzIN9Q"
    email: test@example.com
    groups:
      - admins
      - dev
      - lt-admin
...
```

add the following entries to your `hosts` file:

```
127.0.0.1 traefik.example.com
127.0.0.1 auth.example.com
127.0.0.1 libretime.example.com
```

Then visit `libretime.example.com` in your browser, and login as the
user `test` with password of `password`. You should then be taken to the
LibreTime homepage, and when you click on login, you should be
automatically logged in.

### **Links**

https://www.authelia.com/integration/trusted-header-sso/introduction/
https://doc.traefik.io/traefik/middlewares/http/forwardauth/

---------

Co-authored-by: Kyle Robbertze <paddatrapper@users.noreply.github.com>
2024-12-07 10:21:57 +00:00
dakriy 16deaf08c6
feat(legacy): show filename and size on edit page and add filename datatable column (#3083)
### Description

Add File Name and Size to the metadata editor screen, and added a File
Name column to the tracks data table.

**This is a new feature**:

Yes

**I have updated the documentation to reflect these changes**:

No, just some simple UI additions so no documentation needed.

### Testing Notes

**What I did:**

I uploaded some tracks, clicked on edit, and saw that the filename and
size showed up at the top. I also went out to the tracks view and added
the File Name column and saw that the filename displayed properly.

**How you can replicate my testing:**

Do what I did

### **Links**

Fixes #3053
2024-10-13 08:45:54 +01:00
Jonas L 4e0953d513
refactor: remove non existent asset file (#3042)
The file is non existent.

Added in c669d3cb47

Removed in ea2a6b3f68
2024-06-22 17:18:16 +02:00
Jonas L 40b4fc7f66
feat: build schedule events exclusively in playout (#2946)
### Description

Build and use the schedule events only in playout, the events generated
by legacy are not used anymore.

This ensure that we don't have to maintain 2 different implementation in
2 different languages. We still need the php function to run to make
sure the side effects of this function are executed (filling the
schedule in the DB).
2024-04-27 20:09:16 +02:00
Thomas Göttgens da02e74f21
feat(legacy): visual cue point editor (#2947)
A visual cue point editor in the track editor view. This view displays the track as a waveform and allows you to set where the in- and out-cue points are set. These cue points determine the start and end points of the track.

---------

Co-authored-by: Thomas Göttgens <tgoettgens@mail.com>
Co-authored-by: Kyle Robbertze <paddatrapper@users.noreply.github.com>
2024-04-21 10:13:43 +01:00
Jonas L 5ad69bf0b7
fix(legacy): ensure validation is performed on the track type form (#2985)
### Description

Fixes #2939

The zend form validation was not performed, only a custom method to
validate the code was used. This merge both validation, and leverage the
Zend form validation framework.

Also allow updating the track type code from the track type form.
Related to #2955
2024-04-13 15:54:47 +02:00
Thomas Göttgens a95ce3d229
feat(legacy): trim overbooked shows after autoloading a playlist (#2897)
### Description

Some combination of preload/postload and autoloding playlists with
smartblocks generate massively overbooked shows that clutter up the
interface. This addition performs a 'trim overbooked' after filling up
the autoload list, and does the same as pushing the 'trim overbooked'
button in the UI.


### Testing Notes

Define an autoloading playlist of 2 hours and schedule it for a one hour
show. Without patch, you'll get entries for 2 hours, with the patch, you
only get one hour and a 'overboarding' orange entry at most.

---------

Co-authored-by: Kyle Robbertze <paddatrapper@users.noreply.github.com>
Co-authored-by: Thomas Göttgens <tgoettgens@mail.com>
Co-authored-by: jo <ljonas@riseup.net>
2024-02-02 20:17:23 +01:00
Thomas Göttgens 170d09545e
feat(legacy): disable public radio page and redirect to login (#2903)
### Description

Many people don't need the public page and use libretime purely for
playout management. This adds the ability to have libretime publicly
available but only present the login page to the user.

**I have updated the documentation to reflect these changes**:

no, but i will add documentation if this PR is accepted.

### Testing Notes

**What I did:**

Toggle the new ceckbox on the general settings, log out and back in and
check behaviour.

note: this may have conflicts with the trim overbooked PR since the
toggle sits in the same place. If both are accepted this needs to be
formatted nicely :-)

---------

Co-authored-by: Thomas Göttgens <tgoettgens@mail.com>
Co-authored-by: Jonas L. <jooola@users.noreply.github.com>
Co-authored-by: Kyle Robbertze <paddatrapper@users.noreply.github.com>
Co-authored-by: jo <ljonas@riseup.net>
2024-02-02 19:04:12 +01:00
Julien Valentin 12dd477312
fix(legacy): avoid crash when lot of streams in configuration (#2915)
### Description

lot of streams forbid
http://libretime.example.org/preference/stream-setting to open (max=4)
this patch prevent the crash by displaying an error message and truncate
streamcount to 4.

Co-authored-by: Kyle Robbertze <paddatrapper@users.noreply.github.com>
2024-01-30 17:24:28 +00:00
renovate[bot] 1820970ce3
fix(deps): update dependency friendsofphp/php-cs-fixer to <3.41.2 (stable) (#2766)
* fix(deps): update dependency friendsofphp/php-cs-fixer to <3.41.2

* style: format files using php-cs-fixer

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jo <ljonas@riseup.net>
2023-12-18 19:02:03 +01:00
renovate[bot] 2f1a0a8efa
fix(deps): update dependency friendsofphp/php-cs-fixer to <3.27.1 (main) (#2714)
* fix(deps): update dependency friendsofphp/php-cs-fixer to <3.27.1

* style: format legacy files

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jo <ljonas@riseup.net>
2023-09-17 17:14:59 +02:00
renovate[bot] 9af3050432
fix(deps): update dependency friendsofphp/php-cs-fixer to <3.26.1 (main) (#2677)
* fix(deps): update dependency friendsofphp/php-cs-fixer to <3.26.1

* style: format code

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jo <ljonas@riseup.net>
2023-09-08 15:45:24 +02:00
renovate[bot] ab16cb47c5
fix(deps): update dependency friendsofphp/php-cs-fixer to <3.23.1 (stable) (#2656)
* fix(deps): update dependency friendsofphp/php-cs-fixer to <3.23.1

* style: format files using php-cs-fixer

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jo <ljonas@riseup.net>
2023-08-15 18:28:18 +02:00
renovate[bot] 8b41302ddd
fix(deps): update dependency friendsofphp/php-cs-fixer to <3.17.1 (main) (#2556)
* fix(deps): update dependency friendsofphp/php-cs-fixer to <3.17.1

* style(legacy): format using php-cs-fixer

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jo <ljonas@riseup.net>
2023-05-25 15:06:18 +02:00
jo 5fbd4f54a2 fix(legacy): on air light fails when no shows are scheduled 2023-02-26 18:13:00 +01:00
jo f5e46c6f3d feat: configure cue points analysis per track type 2023-02-15 10:13:32 +02:00
jo d73555fa65 style(legacy): format using php-cs-fixer 2022-10-12 17:29:28 +02:00
Jonas L cff98f2d23
feat(legacy): remove db allowed_cors_origins preference (#2095)
- Remove after deprecation in eb8e7b3415
2022-10-11 13:38:31 +02:00
jo 5ed0bf67cb fix(legacy): jquery i18n translations for plupload 2022-10-07 16:33:21 +02:00
Jonas L 6fb667d510
fix(legacy): correct log levels (#2196) 2022-09-27 13:16:03 +02:00
Jonas L 3ef42413d8
fix(legacy): add play button to stream player (#2190) 2022-09-27 08:14:53 +02:00
Jonas L 060fb9d24b
fix(legacy): fail when uploading wma files (#2172)
Fix #1449
2022-09-21 14:04:56 +02:00
jo 6b16df8966 fix(legacy): update or remove broken links 2022-09-21 08:28:43 +02:00
Jonas L 23578da4e2
feat(legacy): invalidate cached assets using md5sum (#2161)
* feat(legacy): invalidate cached assets  using md5sum

Don't rely on version to invalidate cached assets

* use Assets::url() when loading legacy pages

* fix script docs
2022-09-19 11:58:31 +02:00
Jonas L 9b3207b8a4
feat: move timezone preference to config file (#2096)
BREAKING CHANGE: The timezone preference moved to the configuration
file.
2022-09-14 12:48:08 +02:00
jo 5bf62dd9cb feat(legacy): read stream config from file
- We don't delete the stream preferences from the database to prevent data loss. This will be handled in a future release.
2022-09-06 13:21:54 +02:00
Jonas L c28c048bf4
chore: use https links (#2075) 2022-08-25 16:25:54 +02:00
jo 4d0cbe4d15 fix(legacy): 404 on listeners stats 2022-08-25 10:52:38 +02:00
jo 406d42323a feat: move stream stats status to pref table 2022-08-07 08:50:06 +02:00
jo 2b533d4724 feat: move stream liquisoap status to pref table 2022-08-07 08:50:06 +02:00
Jonas L 6c59ff588b
feat: move off_air_meta stream setting to pref table (#2023) 2022-08-06 19:18:40 +02:00
jo c28fe32cdc style(legacy): php-cs-fixer upgrade 2022-07-11 17:30:52 +02:00
jo 829b9bcd5b chore(legacy): use Config::getPublicUrl helper
Replace Application_Common_HTTPHelper::getStationUrl with Config::getPublicUrl.
2022-07-08 11:03:10 +02:00
jo 72960593c7 chore(legacy): use Config::getBasePath helper
Replace Application_Common_OsPath::getBaseDir with Config::getBasePath.
2022-07-08 11:03:10 +02:00
jo db976881f0 fix: use constrained foreign key for files track_type 2022-07-07 21:07:41 +02:00
Jonas L 4d393fa14e
style(legacy): format files (#1946) 2022-07-07 20:01:15 +02:00
jo c6bba21ef9 fix(legacy): station-metadata api endpoint
- Remove hardcoded http://
- Add missing $request variable
2022-07-07 16:44:27 +02:00
jo be7447b28f style(legacy): format ApiController.php 2022-07-07 16:44:27 +02:00
Jonas L 703a8e5856
chore: remove cloud storage remainings (#1934) 2022-07-04 22:09:14 +02:00
jo f7bb6e7592 feat: move storage path setting to configuration file
- change default storage path to /srv/libretime
- remove music dirs table
- use /tmp for testing storage
- storage dir should always have a trailing slash
2022-06-08 23:23:08 +02:00
jo 0e4bc4cacd feat: replace php migration with django migration
- keep latest legacy version in initial migration file
- move propel schema to api legacy app
- remove legacy upgrade tool
2022-06-08 23:23:08 +02:00
Jonas L 331df277b4
docs: fix and update links (#1714) 2022-03-29 13:07:38 +02:00
Jonas L 69d8eae845
style(legacy): fix code format with php-cs-fixer (#1674) 2022-03-14 12:15:04 +02:00
Jonas L ae5746d26d
style: fix php-cs-fixer linting (#1575) 2022-02-08 11:14:59 +02:00
Jonas L 729a7b99e0
feat(legacy): consolidate constants (#1558)
* remove unused file

* fix paths leading slash

* remove useless imports

* refactor(legacy): use constants everywhere

* fix path leading slash

* remove useless import

* consolidate legacy contants

* format code

* reuse LIBRETIME_CONFIG_DIR

* fix test config path

* remove ci legacy log dir creation

* some logs improvements
2022-02-04 12:00:41 +02:00
jo 86948e7b93 fix(legacy): add more null check in api live info 2022-01-27 16:01:09 +02:00
jo ace167fe10 fix(legacy): do not catch too broad exceptions 2022-01-27 16:01:09 +02:00
Jonas L 8569af9328
style(legacy): force semicolon on same line (#1534) 2022-01-23 20:15:55 +02:00
Jonas L 5e8d8db6e9
Feature: Support php7.4 (#1354)
* Run CI tests against php 7.4

* Sort composer dependencies

* Remove unused Aws S3 php library

* Pin simplepie dependency to ^1.5

* Pin getid3 dependency to ^1.9

* Pin composer semver to ^3.2

* Pin php-amqplib to ^2.12

* Drop sentry logging support

* Update composer dependencies

* Move propel regenerate to Makefile

* Regenerate propel files with v1.7.0

* Pin propel orm to ^1.7

* Regenerate propel files with v1.7.2

* fix: generator_version in airtime-conf-production.php

* Replace propel/propel1 with jooola/propel1

* Regenerate propel files with v1.7.3-dev

* Fix php7.4 compatibility

Using php-cs-fixer:

    '@PhpCsFixer' => true,
    'concat_space' => ['spacing' => 'one'],
    'ordered_class_elements' => false,
    'yoda_style' => false,
    '@PHP74Migration' => true,
    'assign_null_coalescing_to_coalesce_equal' => false,
    'ternary_to_null_coalescing' => false,
    'heredoc_indentation' => false,
    '@PHP74Migration:risky' => true,
    'declare_strict_types' => false,
    'void_return' => false,
    'use_arrow_functions' => false,

* Fix pre-commit
2021-10-17 17:19:53 +02:00
jo 83b7e4162e Run pre-commit on legacy code 2021-10-12 11:17:57 +02:00