+1

js/app/components/index.tsx

reviewed

··· 1 1 export { Countdown } from "./countdown"; 2 2 export { default as Provider } from "./provider/provider"; 3 3 + export { BrandingAdmin } from "./settings/branding-admin"; 3 4 export { Settings } from "./settings/settings";

+450

js/app/components/settings/branding-admin.tsx

reviewed

··· 1 1 + import { 2 2 + Button, 3 3 + Input, 4 4 + Text, 5 5 + useToast, 6 6 + View, 7 7 + zero, 8 8 + } from "@streamplace/components"; 9 9 + import { 10 10 + useBrandingAsset, 11 11 + useFetchBranding, 12 12 + } from "@streamplace/components/src/streamplace-store/branding"; 13 13 + import { usePDSAgent } from "@streamplace/components/src/streamplace-store/xrpc"; 14 14 + import { useEffect, useState } from "react"; 15 15 + import { ActivityIndicator, Image, Platform, ScrollView } from "react-native"; 16 16 + 17 17 + export function BrandingAdmin() { 18 18 + const agent = usePDSAgent(); 19 19 + const fetchBranding = useFetchBranding(); 20 20 + const toast = useToast(); 21 21 + 22 22 + // state for form inputs 23 23 + const [siteTitle, setSiteTitle] = useState(""); 24 24 + const [siteDescription, setSiteDescription] = useState(""); 25 25 + const [primaryColor, setPrimaryColor] = useState(""); 26 26 + const [accentColor, setAccentColor] = useState(""); 27 27 + const [defaultStreamer, setDefaultStreamer] = useState(""); 28 28 + const [broadcasterDID, setBroadcasterDID] = useState(""); 29 29 + const [uploading, setUploading] = useState(false); 30 30 + 31 31 + // get current values 32 32 + const currentTitle = useBrandingAsset("siteTitle"); 33 33 + const currentDescription = useBrandingAsset("siteDescription"); 34 34 + const currentPrimaryColor = useBrandingAsset("primaryColor"); 35 35 + const currentAccentColor = useBrandingAsset("accentColor"); 36 36 + const currentDefaultStreamer = useBrandingAsset("defaultStreamer"); 37 37 + const currentLogo = useBrandingAsset("mainLogo"); 38 38 + const currentFavicon = useBrandingAsset("favicon"); 39 39 + 40 40 + // load current branding on mount 41 41 + useEffect(() => { 42 42 + fetchBranding(); 43 43 + }, []); 44 44 + 45 45 + const uploadText = async (key: string, value: string) => { 46 46 + if (!agent) { 47 47 + toast.show("Not authenticated", "Please log in first", { 48 48 + variant: "error", 49 49 + }); 50 50 + return; 51 51 + } 52 52 + 53 53 + if (!value.trim()) { 54 54 + toast.show("Empty value", "Please enter a value", { variant: "error" }); 55 55 + return; 56 56 + } 57 57 + 58 58 + setUploading(true); 59 59 + try { 60 60 + const textBytes = new TextEncoder().encode(value.trim()); 61 61 + const base64Data = btoa(String.fromCharCode(...textBytes)); 62 62 + 63 63 + await agent.place.stream.branding.updateBlob({ 64 64 + key, 65 65 + broadcaster: broadcasterDID || undefined, 66 66 + data: base64Data, 67 67 + mimeType: "text/plain", 68 68 + }); 69 69 + 70 70 + toast.show("Success", `${key} updated successfully`, { 71 71 + variant: "success", 72 72 + }); 73 73 + 74 74 + // clear input based on key 75 75 + switch (key) { 76 76 + case "siteTitle": 77 77 + setSiteTitle(""); 78 78 + break; 79 79 + case "siteDescription": 80 80 + setSiteDescription(""); 81 81 + break; 82 82 + case "primaryColor": 83 83 + setPrimaryColor(""); 84 84 + break; 85 85 + case "accentColor": 86 86 + setAccentColor(""); 87 87 + break; 88 88 + case "defaultStreamer": 89 89 + setDefaultStreamer(""); 90 90 + break; 91 91 + } 92 92 + 93 93 + // reload branding 94 94 + setTimeout(() => fetchBranding(), 500); 95 95 + } catch (err: any) { 96 96 + toast.show("Upload failed", err.message || "Failed to upload", { 97 97 + variant: "error", 98 98 + }); 99 99 + } finally { 100 100 + setUploading(false); 101 101 + } 102 102 + }; 103 103 + 104 104 + const uploadFile = async (key: string, file: File) => { 105 105 + if (!agent) { 106 106 + toast.show("Not authenticated", "Please log in first", { 107 107 + variant: "error", 108 108 + }); 109 109 + return; 110 110 + } 111 111 + 112 112 + setUploading(true); 113 113 + try { 114 114 + const arrayBuffer = await file.arrayBuffer(); 115 115 + const uint8Array = new Uint8Array(arrayBuffer); 116 116 + const base64Data = btoa(String.fromCharCode(...uint8Array)); 117 117 + 118 118 + await agent.place.stream.branding.updateBlob({ 119 119 + key, 120 120 + broadcaster: broadcasterDID || undefined, 121 121 + data: base64Data, 122 122 + mimeType: file.type, 123 123 + }); 124 124 + 125 125 + toast.show("Success", `${key} uploaded successfully`, { 126 126 + variant: "success", 127 127 + }); 128 128 + 129 129 + // reload branding 130 130 + setTimeout(() => fetchBranding(), 500); 131 131 + } catch (err: any) { 132 132 + toast.show("Upload failed", err.message || "Failed to upload", { 133 133 + variant: "error", 134 134 + }); 135 135 + } finally { 136 136 + setUploading(false); 137 137 + } 138 138 + }; 139 139 + 140 140 + const handleFileSelect = (key: string, accept: string) => { 141 141 + if (Platform.OS !== "web") { 142 142 + toast.show("Not available", "File uploads are only available on web", { 143 143 + variant: "error", 144 144 + }); 145 145 + return; 146 146 + } 147 147 + 148 148 + // TypeScript doesn't know about document in react-native-web context 149 149 + // @ts-ignore - document exists on web 150 150 + const input = document.createElement("input"); 151 151 + input.type = "file"; 152 152 + input.accept = accept; 153 153 + input.onchange = (e) => { 154 154 + const file = (e.target as HTMLInputElement).files?.[0]; 155 155 + if (file) { 156 156 + uploadFile(key, file); 157 157 + } 158 158 + }; 159 159 + input.click(); 160 160 + }; 161 161 + 162 162 + const deleteBlob = async (key: string) => { 163 163 + if (!agent) { 164 164 + toast.show("Not authenticated", "Please log in first", { 165 165 + variant: "error", 166 166 + }); 167 167 + return; 168 168 + } 169 169 + 170 170 + setUploading(true); 171 171 + try { 172 172 + await agent.place.stream.branding.deleteBlob({ 173 173 + key, 174 174 + broadcaster: broadcasterDID || undefined, 175 175 + }); 176 176 + 177 177 + toast.show("Success", `${key} deleted successfully`, { 178 178 + variant: "success", 179 179 + }); 180 180 + 181 181 + // reload branding 182 182 + setTimeout(() => fetchBranding(), 500); 183 183 + } catch (err: any) { 184 184 + toast.show("Delete failed", err.message || "Failed to delete", { 185 185 + variant: "error", 186 186 + }); 187 187 + } finally { 188 188 + setUploading(false); 189 189 + } 190 190 + }; 191 191 + 192 192 + if (!agent) { 193 193 + return ( 194 194 + <View style={[zero.layout.flex.align.center, zero.px[16], zero.py[24]]}> 195 195 + <Text>Please log in to manage branding</Text> 196 196 + </View> 197 197 + ); 198 198 + } 199 199 + 200 200 + return ( 201 201 + <ScrollView> 202 202 + <View style={[zero.layout.flex.align.center, zero.px[16], zero.py[24]]}> 203 203 + <View 204 204 + style={[ 205 205 + zero.gap.all[12], 206 206 + { paddingVertical: 24, maxWidth: 600, width: "100%" }, 207 207 + ]} 208 208 + > 209 209 + <View> 210 210 + <Text size="2xl" weight="bold"> 211 211 + Branding Administration 212 212 + </Text> 213 213 + <Text color="muted">Customize your Streamplace instance</Text> 214 214 + </View> 215 215 + 216 216 + {uploading && ( 217 217 + <View style={[zero.layout.flex.align.center, zero.py[16]]}> 218 218 + <ActivityIndicator /> 219 219 + </View> 220 220 + )} 221 221 + 222 222 + {/* Broadcaster DID */} 223 223 + <View style={[zero.gap.all[8]]}> 224 224 + <Text size="lg" weight="semibold"> 225 225 + Broadcaster DID 226 226 + </Text> 227 227 + <Text size="sm" color="muted"> 228 228 + Leave empty to use server default 229 229 + </Text> 230 230 + <Input 231 231 + placeholder="did:plc:..." 232 232 + value={broadcasterDID} 233 233 + onChangeText={setBroadcasterDID} 234 234 + /> 235 235 + </View> 236 236 + 237 237 + {/* Site Title */} 238 238 + <View style={[zero.gap.all[8]]}> 239 239 + <Text size="lg" weight="semibold"> 240 240 + Site Title 241 241 + </Text> 242 242 + <Text size="sm" color="muted"> 243 243 + Current: {currentTitle?.data || "Streamplace"} 244 244 + </Text> 245 245 + <View style={[zero.layout.flex.direction.row, zero.gap.all[8]]}> 246 246 + <View style={{ flex: 1 }}> 247 247 + <Input 248 248 + placeholder="Enter new site title" 249 249 + value={siteTitle} 250 250 + onChangeText={setSiteTitle} 251 251 + /> 252 252 + </View> 253 253 + <Button 254 254 + onPress={() => uploadText("siteTitle", siteTitle)} 255 255 + disabled={uploading || !siteTitle.trim()} 256 256 + > 257 257 + Update 258 258 + </Button> 259 259 + </View> 260 260 + </View> 261 261 + 262 262 + {/* Site Description */} 263 263 + <View style={[zero.gap.all[8]]}> 264 264 + <Text size="lg" weight="semibold"> 265 265 + Site Description 266 266 + </Text> 267 267 + <Text size="sm" color="muted"> 268 268 + Current: {currentDescription?.data || "Live streaming platform"} 269 269 + </Text> 270 270 + <View style={[zero.layout.flex.direction.row, zero.gap.all[8]]}> 271 271 + <View style={{ flex: 1 }}> 272 272 + <Input 273 273 + placeholder="Enter site description" 274 274 + value={siteDescription} 275 275 + onChangeText={setSiteDescription} 276 276 + /> 277 277 + </View> 278 278 + <Button 279 279 + onPress={() => uploadText("siteDescription", siteDescription)} 280 280 + disabled={uploading || !siteDescription.trim()} 281 281 + > 282 282 + Update 283 283 + </Button> 284 284 + </View> 285 285 + </View> 286 286 + 287 287 + {/* Primary Color */} 288 288 + <View style={[zero.gap.all[8]]}> 289 289 + <Text size="lg" weight="semibold"> 290 290 + Primary Color 291 291 + </Text> 292 292 + <Text size="sm" color="muted"> 293 293 + Current: {currentPrimaryColor?.data || "#6366f1"} 294 294 + </Text> 295 295 + <View style={[zero.layout.flex.direction.row, zero.gap.all[8]]}> 296 296 + <View style={{ flex: 1 }}> 297 297 + <Input 298 298 + placeholder="#6366f1" 299 299 + value={primaryColor} 300 300 + onChangeText={setPrimaryColor} 301 301 + /> 302 302 + </View> 303 303 + <Button 304 304 + onPress={() => uploadText("primaryColor", primaryColor)} 305 305 + disabled={uploading || !primaryColor.trim()} 306 306 + > 307 307 + Update 308 308 + </Button> 309 309 + </View> 310 310 + </View> 311 311 + 312 312 + {/* Accent Color */} 313 313 + <View style={[zero.gap.all[8]]}> 314 314 + <Text size="lg" weight="semibold"> 315 315 + Accent Color 316 316 + </Text> 317 317 + <Text size="sm" color="muted"> 318 318 + Current: {currentAccentColor?.data || "#8b5cf6"} 319 319 + </Text> 320 320 + <View style={[zero.layout.flex.direction.row, zero.gap.all[8]]}> 321 321 + <View style={{ flex: 1 }}> 322 322 + <Input 323 323 + placeholder="#8b5cf6" 324 324 + value={accentColor} 325 325 + onChangeText={setAccentColor} 326 326 + /> 327 327 + </View> 328 328 + <Button 329 329 + onPress={() => uploadText("accentColor", accentColor)} 330 330 + disabled={uploading || !accentColor.trim()} 331 331 + > 332 332 + Update 333 333 + </Button> 334 334 + </View> 335 335 + </View> 336 336 + 337 337 + {/* Default Streamer */} 338 338 + <View style={[zero.gap.all[8]]}> 339 339 + <Text size="lg" weight="semibold"> 340 340 + Default Streamer 341 341 + </Text> 342 342 + <Text size="sm" color="muted"> 343 343 + Current: {currentDefaultStreamer?.data || "None"} 344 344 + </Text> 345 345 + <View style={[zero.layout.flex.direction.row, zero.gap.all[8]]}> 346 346 + <View style={{ flex: 1 }}> 347 347 + <Input 348 348 + placeholder="did:plc:..." 349 349 + value={defaultStreamer} 350 350 + onChangeText={setDefaultStreamer} 351 351 + /> 352 352 + </View> 353 353 + <Button 354 354 + onPress={() => uploadText("defaultStreamer", defaultStreamer)} 355 355 + disabled={uploading || !defaultStreamer.trim()} 356 356 + > 357 357 + Update 358 358 + </Button> 359 359 + </View> 360 360 + <Button 361 361 + variant="destructive" 362 362 + onPress={() => deleteBlob("defaultStreamer")} 363 363 + disabled={uploading} 364 364 + > 365 365 + Clear Default Streamer 366 366 + </Button> 367 367 + </View> 368 368 + 369 369 + {/* Main Logo */} 370 370 + <View style={[zero.gap.all[8]]}> 371 371 + <Text size="lg" weight="semibold"> 372 372 + Main Logo 373 373 + </Text> 374 374 + <Text size="sm" color="muted"> 375 375 + SVG, PNG, or JPEG (max 500KB) - Web only 376 376 + </Text> 377 377 + {currentLogo?.data && ( 378 378 + <Image 379 379 + source={{ uri: currentLogo.data }} 380 380 + style={{ width: 200, height: 100, resizeMode: "contain" }} 381 381 + /> 382 382 + )} 383 383 + <View style={[zero.layout.flex.direction.row, zero.gap.all[8]]}> 384 384 + <Button 385 385 + onPress={() => 386 386 + handleFileSelect( 387 387 + "mainLogo", 388 388 + "image/svg+xml,image/png,image/jpeg", 389 389 + ) 390 390 + } 391 391 + disabled={uploading || Platform.OS !== "web"} 392 392 + > 393 393 + Upload Logo 394 394 + </Button> 395 395 + <Button 396 396 + variant="destructive" 397 397 + onPress={() => deleteBlob("mainLogo")} 398 398 + disabled={uploading} 399 399 + > 400 400 + Delete Logo 401 401 + </Button> 402 402 + </View> 403 403 + </View> 404 404 + 405 405 + {/* Favicon */} 406 406 + <View style={[zero.gap.all[8]]}> 407 407 + <Text size="lg" weight="semibold"> 408 408 + Favicon 409 409 + </Text> 410 410 + <Text size="sm" color="muted"> 411 411 + SVG, PNG, or ICO (max 100KB) - Web only 412 412 + </Text> 413 413 + {currentFavicon?.data && ( 414 414 + <Image 415 415 + source={{ uri: currentFavicon.data }} 416 416 + style={{ width: 64, height: 64, resizeMode: "contain" }} 417 417 + /> 418 418 + )} 419 419 + <View style={[zero.layout.flex.direction.row, zero.gap.all[8]]}> 420 420 + <Button 421 421 + onPress={() => 422 422 + handleFileSelect( 423 423 + "favicon", 424 424 + "image/svg+xml,image/png,image/x-icon", 425 425 + ) 426 426 + } 427 427 + disabled={uploading || Platform.OS !== "web"} 428 428 + > 429 429 + Upload Favicon 430 430 + </Button> 431 431 + <Button 432 432 + variant="destructive" 433 433 + onPress={() => deleteBlob("favicon")} 434 434 + disabled={uploading} 435 435 + > 436 436 + Delete Favicon 437 437 + </Button> 438 438 + </View> 439 439 + </View> 440 440 + 441 441 + <Text size="sm" color="muted" style={{ marginTop: 16 }}> 442 442 + Note: You must be an authorized admin DID to make changes. 443 443 + {Platform.OS !== "web" && 444 444 + " Image uploads are only available on web."} 445 445 + </Text> 446 446 + </View> 447 447 + </View> 448 448 + </ScrollView> 449 449 + ); 450 450 + }

+19 -2

js/app/src/router.tsx

reviewed

··· 22 22 useTheme, 23 23 useToast, 24 24 } from "@streamplace/components"; 25 25 - import { Provider, Settings } from "components"; 25 25 + import { BrandingAdmin, Provider, Settings } from "components"; 26 26 import AQLink from "components/aqlink"; 27 27 import Login from "components/login/login"; 28 28 import LoginModal from "components/login/login-modal"; ··· 136 136 Multi: { config: string }; 137 137 Support: undefined; 138 138 Settings: NavigatorScreenParams<SettingsStackParamList>; 139 139 + BrandingAdmin: undefined; 139 140 KeyManagement: undefined; 140 141 GoLive: undefined; 141 142 LiveDashboard: undefined; ··· 186 187 DeveloperSettings: "settings/developer", 187 188 }, 188 189 }, 190 190 + BrandingAdmin: "admin", 189 191 KeyManagement: "key-management", 190 192 GoLive: "golive", 191 193 LiveDashboard: "live", ··· 593 595 }, 594 596 }} 595 597 /> 596 596 - 598 598 + <Drawer.Screen 599 599 + name="BrandingAdmin" 600 600 + component={BrandingAdmin} 601 601 + options={{ 602 602 + drawerLabel: () => <Text variant="h5">Branding Admin</Text>, 603 603 + drawerItemStyle: { display: "none" }, 604 604 + }} 605 605 + /> 606 606 + <Drawer.Screen 607 607 + name="KeyManagement" 608 608 + component={KeyManager} 609 609 + options={{ 610 610 + drawerLabel: () => <Text variant="h5">Key Manager</Text>, 611 611 + drawerItemStyle: { display: "none" }, 612 612 + }} 613 613 + /> 597 614 <Drawer.Screen 598 615 name="Support" 599 616 component={SupportScreen}

+50

lexicons/place/stream/branding/deleteBlob.json

reviewed

··· 1 1 + { 2 2 + "lexicon": 1, 3 3 + "id": "place.stream.branding.deleteBlob", 4 4 + "defs": { 5 5 + "main": { 6 6 + "type": "procedure", 7 7 + "description": "Delete a branding asset blob. Requires admin authorization.", 8 8 + "input": { 9 9 + "encoding": "application/json", 10 10 + "schema": { 11 11 + "type": "object", 12 12 + "required": ["key"], 13 13 + "properties": { 14 14 + "key": { 15 15 + "type": "string", 16 16 + "description": "Branding asset key (mainLogo, favicon, siteTitle, etc.)" 17 17 + }, 18 18 + "broadcaster": { 19 19 + "type": "string", 20 20 + "format": "did", 21 21 + "description": "DID of the broadcaster. If not provided, uses the server's default broadcaster." 22 22 + } 23 23 + } 24 24 + } 25 25 + }, 26 26 + "output": { 27 27 + "encoding": "application/json", 28 28 + "schema": { 29 29 + "type": "object", 30 30 + "required": ["success"], 31 31 + "properties": { 32 32 + "success": { 33 33 + "type": "boolean" 34 34 + } 35 35 + } 36 36 + } 37 37 + }, 38 38 + "errors": [ 39 39 + { 40 40 + "name": "Unauthorized", 41 41 + "description": "The authenticated DID is not authorized to modify branding" 42 42 + }, 43 43 + { 44 44 + "name": "BrandingNotFound", 45 45 + "description": "The requested branding asset does not exist" 46 46 + } 47 47 + ] 48 48 + } 49 49 + } 50 50 + }

+58

lexicons/place/stream/branding/updateBlob.json

reviewed

··· 1 1 + { 2 2 + "lexicon": 1, 3 3 + "id": "place.stream.branding.updateBlob", 4 4 + "defs": { 5 5 + "main": { 6 6 + "type": "procedure", 7 7 + "description": "Update or create a branding asset blob. Requires admin authorization.", 8 8 + "input": { 9 9 + "encoding": "application/json", 10 10 + "schema": { 11 11 + "type": "object", 12 12 + "required": ["key", "data", "mimeType"], 13 13 + "properties": { 14 14 + "key": { 15 15 + "type": "string", 16 16 + "description": "Branding asset key (mainLogo, favicon, siteTitle, etc.)" 17 17 + }, 18 18 + "broadcaster": { 19 19 + "type": "string", 20 20 + "format": "did", 21 21 + "description": "DID of the broadcaster. If not provided, uses the server's default broadcaster." 22 22 + }, 23 23 + "data": { 24 24 + "type": "string", 25 25 + "description": "Base64-encoded blob data" 26 26 + }, 27 27 + "mimeType": { 28 28 + "type": "string", 29 29 + "description": "MIME type of the blob (e.g., image/png, text/plain)" 30 30 + } 31 31 + } 32 32 + } 33 33 + }, 34 34 + "output": { 35 35 + "encoding": "application/json", 36 36 + "schema": { 37 37 + "type": "object", 38 38 + "required": ["success"], 39 39 + "properties": { 40 40 + "success": { 41 41 + "type": "boolean" 42 42 + } 43 43 + } 44 44 + } 45 45 + }, 46 46 + "errors": [ 47 47 + { 48 48 + "name": "Unauthorized", 49 49 + "description": "The authenticated DID is not authorized to modify branding" 50 50 + }, 51 51 + { 52 52 + "name": "BlobTooLarge", 53 53 + "description": "The blob exceeds the maximum size limit" 54 54 + } 55 55 + ] 56 56 + } 57 57 + } 58 58 + }

-78

pkg/api/api_internal.go

reviewed

··· 487 487 } 488 488 }) 489 489 490 490 - router.PUT("/branding/:key", func(w http.ResponseWriter, r *http.Request, p httprouter.Params) { 491 491 - key := p.ByName("key") 492 492 - if key == "" { 493 493 - errors.WriteHTTPBadRequest(w, "key required", nil) 494 494 - return 495 495 - } 496 496 - 497 497 - // get broadcaster from query param or use default 498 498 - broadcasterID := r.URL.Query().Get("broadcaster") 499 499 - if broadcasterID == "" { 500 500 - broadcasterID = a.CLI.BroadcasterHost 501 501 - } 502 502 - 503 503 - // read body 504 504 - data, err := io.ReadAll(r.Body) 505 505 - if err != nil { 506 506 - errors.WriteHTTPBadRequest(w, "unable to read request body", err) 507 507 - return 508 508 - } 509 509 - 510 510 - // validate size based on key type 511 511 - maxSize := 500 * 1024 // 500KB default for logos 512 512 - if key == "favicon" { 513 513 - maxSize = 100 * 1024 // 100KB for favicons 514 514 - } else if key == "siteTitle" || key == "siteDescription" || key == "primaryColor" || key == "accentColor" || key == "defaultStreamKey" || key == "defaultStreamer" { 515 515 - maxSize = 1024 // 1KB for text values 516 516 - } 517 517 - if len(data) > maxSize { 518 518 - errors.WriteHTTPBadRequest(w, fmt.Sprintf("blob too large (max %d bytes)", maxSize), nil) 519 519 - return 520 520 - } 521 521 - 522 522 - // determine mime type from content-type header 523 523 - mimeType := r.Header.Get("Content-Type") 524 524 - if mimeType == "" { 525 525 - mimeType = "application/octet-stream" 526 526 - } 527 527 - 528 528 - // store in database 529 529 - err = a.StatefulDB.PutBrandingBlob(broadcasterID, key, mimeType, data) 530 530 - if err != nil { 531 531 - errors.WriteHTTPInternalServerError(w, "unable to store branding blob", err) 532 532 - return 533 533 - } 534 534 - 535 535 - // invalidate cache 536 536 - cacheKey := fmt.Sprintf("%s:%s", broadcasterID, key) 537 537 - a.XRPCServer.BrandingCache.Delete(cacheKey) 538 538 - 539 539 - w.WriteHeader(http.StatusNoContent) 540 540 - }) 541 541 - 542 542 - router.DELETE("/branding/:key", func(w http.ResponseWriter, r *http.Request, p httprouter.Params) { 543 543 - key := p.ByName("key") 544 544 - if key == "" { 545 545 - errors.WriteHTTPBadRequest(w, "key required", nil) 546 546 - return 547 547 - } 548 548 - 549 549 - // get broadcaster from query param or use default 550 550 - broadcasterID := r.URL.Query().Get("broadcaster") 551 551 - if broadcasterID == "" { 552 552 - broadcasterID = a.CLI.BroadcasterHost 553 553 - } 554 554 - 555 555 - err := a.StatefulDB.DeleteBrandingBlob(broadcasterID, key) 556 556 - if err != nil { 557 557 - errors.WriteHTTPInternalServerError(w, "unable to delete branding blob", err) 558 558 - return 559 559 - } 560 560 - 561 561 - // invalidate cache 562 562 - cacheKey := fmt.Sprintf("%s:%s", broadcasterID, key) 563 563 - a.XRPCServer.BrandingCache.Delete(cacheKey) 564 564 - 565 565 - w.WriteHeader(http.StatusNoContent) 566 566 - }) 567 567 - 568 490 router.POST("/notification-blast", func(w http.ResponseWriter, r *http.Request, p httprouter.Params) { 569 491 var payload notificationpkg.NotificationBlast 570 492 if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {

+2

pkg/config/config.go

reviewed

··· 137 137 WebsocketURL string 138 138 BehindHTTPSProxy bool 139 139 SegmentDebugDir string 140 140 + AdminDIDs []string 140 141 Syndicate []string 141 142 } 142 143 ··· 235 236 cli.StringSliceFlag(fs, &cli.Replicators, "replicators", []string{ReplicatorWebsocket}, "list of replication protocols to use (http, iroh)") 236 237 fs.StringVar(&cli.WebsocketURL, "websocket-url", "", "override the websocket (ws:// or wss://) url to use for replication (normally not necessary, used for testing)") 237 238 fs.BoolVar(&cli.BehindHTTPSProxy, "behind-https-proxy", false, "set to true if this node is behind an https proxy and we should report https URLs even though the node isn't serving HTTPS") 239 239 + cli.StringSliceFlag(fs, &cli.AdminDIDs, "admin-dids", []string{}, "comma-separated list of DIDs that are authorized to modify branding and other admin operations") 238 240 cli.StringSliceFlag(fs, &cli.Syndicate, "syndicate", []string{}, "list of DIDs that we should rebroadcast ('*' for everybody)") 239 241 240 242 fs.Bool("external-signing", true, "DEPRECATED, does nothing.")

+103

pkg/spxrpc/place_stream_branding.go

reviewed

··· 4 4 "bytes" 5 5 "context" 6 6 _ "embed" 7 7 + "encoding/base64" 7 8 "fmt" 8 9 "io" 10 10 + "net/http" 9 11 12 12 + "github.com/labstack/echo/v4" 10 13 "github.com/patrickmn/go-cache" 14 14 + "github.com/streamplace/oatproxy/pkg/oatproxy" 11 15 "gorm.io/gorm" 16 16 + "stream.place/streamplace/pkg/log" 12 17 placestreamtypes "stream.place/streamplace/pkg/streamplace" 13 18 ) 14 19 ··· 143 148 Assets: assets, 144 149 }, nil 145 150 } 151 151 + 152 152 + func (s *Server) isAdminDID(did string) bool { 153 153 + for _, adminDID := range s.cli.AdminDIDs { 154 154 + if adminDID == did { 155 155 + return true 156 156 + } 157 157 + } 158 158 + return false 159 159 + } 160 160 + 161 161 + func (s *Server) handlePlaceStreamBrandingUpdateBlob(ctx context.Context, input *placestreamtypes.BrandingUpdateBlob_Input) (*placestreamtypes.BrandingUpdateBlob_Output, error) { 162 162 + // check authentication 163 163 + session, _ := oatproxy.GetOAuthSession(ctx) 164 164 + if session == nil { 165 165 + return nil, echo.NewHTTPError(http.StatusUnauthorized, "oauth session not found") 166 166 + } 167 167 + 168 168 + // check admin authorization 169 169 + if !s.isAdminDID(session.DID) { 170 170 + log.Warn(ctx, "unauthorized branding update attempt", "did", session.DID) 171 171 + return nil, echo.NewHTTPError(http.StatusUnauthorized, "not authorized to modify branding") 172 172 + } 173 173 + 174 174 + var broadcasterDID string 175 175 + if input.Broadcaster != nil { 176 176 + broadcasterDID = *input.Broadcaster 177 177 + } 178 178 + broadcasterID := s.getBroadcasterID(ctx, broadcasterDID) 179 179 + 180 180 + // decode base64 data 181 181 + data, err := base64.StdEncoding.DecodeString(input.Data) 182 182 + if err != nil { 183 183 + return nil, echo.NewHTTPError(http.StatusBadRequest, "invalid base64 data") 184 184 + } 185 185 + 186 186 + // validate size based on key type 187 187 + maxSize := 500 * 1024 // 500KB default for logos 188 188 + if input.Key == "favicon" { 189 189 + maxSize = 100 * 1024 // 100KB for favicons 190 190 + } else if input.Key == "siteTitle" || input.Key == "siteDescription" || input.Key == "primaryColor" || input.Key == "accentColor" || input.Key == "defaultStreamKey" || input.Key == "defaultStreamer" { 191 191 + maxSize = 1024 // 1KB for text values 192 192 + } 193 193 + if len(data) > maxSize { 194 194 + return nil, echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("blob too large (max %d bytes)", maxSize)) 195 195 + } 196 196 + 197 197 + // store in database 198 198 + err = s.statefulDB.PutBrandingBlob(broadcasterID, input.Key, input.MimeType, data) 199 199 + if err != nil { 200 200 + log.Error(ctx, "failed to store branding blob", "err", err) 201 201 + return nil, echo.NewHTTPError(http.StatusInternalServerError, "unable to store branding blob") 202 202 + } 203 203 + 204 204 + // invalidate cache 205 205 + cacheKey := fmt.Sprintf("%s:%s", broadcasterID, input.Key) 206 206 + s.BrandingCache.Delete(cacheKey) 207 207 + 208 208 + return &placestreamtypes.BrandingUpdateBlob_Output{ 209 209 + Success: true, 210 210 + }, nil 211 211 + } 212 212 + 213 213 + func (s *Server) handlePlaceStreamBrandingDeleteBlob(ctx context.Context, input *placestreamtypes.BrandingDeleteBlob_Input) (*placestreamtypes.BrandingDeleteBlob_Output, error) { 214 214 + // check authentication 215 215 + session, _ := oatproxy.GetOAuthSession(ctx) 216 216 + if session == nil { 217 217 + return nil, echo.NewHTTPError(http.StatusUnauthorized, "oauth session not found") 218 218 + } 219 219 + 220 220 + // check admin authorization 221 221 + if !s.isAdminDID(session.DID) { 222 222 + log.Warn(ctx, "unauthorized branding delete attempt", "did", session.DID) 223 223 + return nil, echo.NewHTTPError(http.StatusUnauthorized, "not authorized to modify branding") 224 224 + } 225 225 + 226 226 + var broadcasterDID string 227 227 + if input.Broadcaster != nil { 228 228 + broadcasterDID = *input.Broadcaster 229 229 + } 230 230 + broadcasterID := s.getBroadcasterID(ctx, broadcasterDID) 231 231 + 232 232 + err := s.statefulDB.DeleteBrandingBlob(broadcasterID, input.Key) 233 233 + if err != nil { 234 234 + if err == gorm.ErrRecordNotFound { 235 235 + return nil, echo.NewHTTPError(http.StatusNotFound, "branding asset not found") 236 236 + } 237 237 + log.Error(ctx, "failed to delete branding blob", "err", err) 238 238 + return nil, echo.NewHTTPError(http.StatusInternalServerError, "unable to delete branding blob") 239 239 + } 240 240 + 241 241 + // invalidate cache 242 242 + cacheKey := fmt.Sprintf("%s:%s", broadcasterID, input.Key) 243 243 + s.BrandingCache.Delete(cacheKey) 244 244 + 245 245 + return &placestreamtypes.BrandingDeleteBlob_Output{ 246 246 + Success: true, 247 247 + }, nil 248 248 + }

+38

pkg/spxrpc/stubs.go

reviewed

··· 262 262 } 263 263 264 264 func (s *Server) RegisterHandlersPlaceStream(e *echo.Echo) error { 265 265 + e.POST("/xrpc/place.stream.branding.deleteBlob", s.HandlePlaceStreamBrandingDeleteBlob) 265 266 e.GET("/xrpc/place.stream.branding.getBlob", s.HandlePlaceStreamBrandingGetBlob) 266 267 e.GET("/xrpc/place.stream.branding.getBranding", s.HandlePlaceStreamBrandingGetBranding) 268 268 + e.POST("/xrpc/place.stream.branding.updateBlob", s.HandlePlaceStreamBrandingUpdateBlob) 267 269 e.GET("/xrpc/place.stream.broadcast.getBroadcaster", s.HandlePlaceStreamBroadcastGetBroadcaster) 268 270 e.GET("/xrpc/place.stream.graph.getFollowingUser", s.HandlePlaceStreamGraphGetFollowingUser) 269 271 e.GET("/xrpc/place.stream.live.getLiveUsers", s.HandlePlaceStreamLiveGetLiveUsers) ··· 280 282 return nil 281 283 } 282 284 285 285 + func (s *Server) HandlePlaceStreamBrandingDeleteBlob(c echo.Context) error { 286 286 + ctx, span := otel.Tracer("server").Start(c.Request().Context(), "HandlePlaceStreamBrandingDeleteBlob") 287 287 + defer span.End() 288 288 + 289 289 + var body placestreamtypes.BrandingDeleteBlob_Input 290 290 + if err := c.Bind(&body); err != nil { 291 291 + return err 292 292 + } 293 293 + var out *placestreamtypes.BrandingDeleteBlob_Output 294 294 + var handleErr error 295 295 + // func (s *Server) handlePlaceStreamBrandingDeleteBlob(ctx context.Context,body *placestreamtypes.BrandingDeleteBlob_Input) (*placestreamtypes.BrandingDeleteBlob_Output, error) 296 296 + out, handleErr = s.handlePlaceStreamBrandingDeleteBlob(ctx, &body) 297 297 + if handleErr != nil { 298 298 + return handleErr 299 299 + } 300 300 + return c.JSON(200, out) 301 301 + } 302 302 + 283 303 func (s *Server) HandlePlaceStreamBrandingGetBlob(c echo.Context) error { 284 304 ctx, span := otel.Tracer("server").Start(c.Request().Context(), "HandlePlaceStreamBrandingGetBlob") 285 305 defer span.End() ··· 303 323 var handleErr error 304 324 // func (s *Server) handlePlaceStreamBrandingGetBranding(ctx context.Context,broadcaster string) (*placestreamtypes.BrandingGetBranding_Output, error) 305 325 out, handleErr = s.handlePlaceStreamBrandingGetBranding(ctx, broadcaster) 326 326 + if handleErr != nil { 327 327 + return handleErr 328 328 + } 329 329 + return c.JSON(200, out) 330 330 + } 331 331 + 332 332 + func (s *Server) HandlePlaceStreamBrandingUpdateBlob(c echo.Context) error { 333 333 + ctx, span := otel.Tracer("server").Start(c.Request().Context(), "HandlePlaceStreamBrandingUpdateBlob") 334 334 + defer span.End() 335 335 + 336 336 + var body placestreamtypes.BrandingUpdateBlob_Input 337 337 + if err := c.Bind(&body); err != nil { 338 338 + return err 339 339 + } 340 340 + var out *placestreamtypes.BrandingUpdateBlob_Output 341 341 + var handleErr error 342 342 + // func (s *Server) handlePlaceStreamBrandingUpdateBlob(ctx context.Context,body *placestreamtypes.BrandingUpdateBlob_Input) (*placestreamtypes.BrandingUpdateBlob_Output, error) 343 343 + out, handleErr = s.handlePlaceStreamBrandingUpdateBlob(ctx, &body) 306 344 if handleErr != nil { 307 345 return handleErr 308 346 }

+34

pkg/streamplace/brandingdeleteBlob.go

reviewed

··· 1 1 + // Code generated by cmd/lexgen (see Makefile's lexgen); DO NOT EDIT. 2 2 + 3 3 + package streamplace 4 4 + 5 5 + // schema: place.stream.branding.deleteBlob 6 6 + 7 7 + import ( 8 8 + "context" 9 9 + 10 10 + "github.com/bluesky-social/indigo/lex/util" 11 11 + ) 12 12 + 13 13 + // BrandingDeleteBlob_Input is the input argument to a place.stream.branding.deleteBlob call. 14 14 + type BrandingDeleteBlob_Input struct { 15 15 + // broadcaster: DID of the broadcaster. If not provided, uses the server's default broadcaster. 16 16 + Broadcaster *string `json:"broadcaster,omitempty" cborgen:"broadcaster,omitempty"` 17 17 + // key: Branding asset key (mainLogo, favicon, siteTitle, etc.) 18 18 + Key string `json:"key" cborgen:"key"` 19 19 + } 20 20 + 21 21 + // BrandingDeleteBlob_Output is the output of a place.stream.branding.deleteBlob call. 22 22 + type BrandingDeleteBlob_Output struct { 23 23 + Success bool `json:"success" cborgen:"success"` 24 24 + } 25 25 + 26 26 + // BrandingDeleteBlob calls the XRPC method "place.stream.branding.deleteBlob". 27 27 + func BrandingDeleteBlob(ctx context.Context, c util.LexClient, input *BrandingDeleteBlob_Input) (*BrandingDeleteBlob_Output, error) { 28 28 + var out BrandingDeleteBlob_Output 29 29 + if err := c.LexDo(ctx, util.Procedure, "application/json", "place.stream.branding.deleteBlob", nil, input, &out); err != nil { 30 30 + return nil, err 31 31 + } 32 32 + 33 33 + return &out, nil 34 34 + }

+38

pkg/streamplace/brandingupdateBlob.go

reviewed

··· 1 1 + // Code generated by cmd/lexgen (see Makefile's lexgen); DO NOT EDIT. 2 2 + 3 3 + package streamplace 4 4 + 5 5 + // schema: place.stream.branding.updateBlob 6 6 + 7 7 + import ( 8 8 + "context" 9 9 + 10 10 + "github.com/bluesky-social/indigo/lex/util" 11 11 + ) 12 12 + 13 13 + // BrandingUpdateBlob_Input is the input argument to a place.stream.branding.updateBlob call. 14 14 + type BrandingUpdateBlob_Input struct { 15 15 + // broadcaster: DID of the broadcaster. If not provided, uses the server's default broadcaster. 16 16 + Broadcaster *string `json:"broadcaster,omitempty" cborgen:"broadcaster,omitempty"` 17 17 + // data: Base64-encoded blob data 18 18 + Data string `json:"data" cborgen:"data"` 19 19 + // key: Branding asset key (mainLogo, favicon, siteTitle, etc.) 20 20 + Key string `json:"key" cborgen:"key"` 21 21 + // mimeType: MIME type of the blob (e.g., image/png, text/plain) 22 22 + MimeType string `json:"mimeType" cborgen:"mimeType"` 23 23 + } 24 24 + 25 25 + // BrandingUpdateBlob_Output is the output of a place.stream.branding.updateBlob call. 26 26 + type BrandingUpdateBlob_Output struct { 27 27 + Success bool `json:"success" cborgen:"success"` 28 28 + } 29 29 + 30 30 + // BrandingUpdateBlob calls the XRPC method "place.stream.branding.updateBlob". 31 31 + func BrandingUpdateBlob(ctx context.Context, c util.LexClient, input *BrandingUpdateBlob_Input) (*BrandingUpdateBlob_Output, error) { 32 32 + var out BrandingUpdateBlob_Output 33 33 + if err := c.LexDo(ctx, util.Procedure, "application/json", "place.stream.branding.updateBlob", nil, input, &out); err != nil { 34 34 + return nil, err 35 35 + } 36 36 + 37 37 + return &out, nil 38 38 + }