From 93abcb053828f67d8eebc1ec652c4e9dfa40a4c7 Mon Sep 17 00:00:00 2001 From: knotteye Date: Sat, 16 Nov 2019 14:42:26 -0600 Subject: [PATCH 1/5] Move from exec to execFile to avoid any potential security issues. --- package-lock.json | 7 ++++++- package.json | 1 + src/server.ts | 9 ++++++--- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index f911d2c..7f2b918 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "satyr", - "version": "0.3.2", + "version": "0.4.0", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -2857,6 +2857,11 @@ "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=" }, + "strftime": { + "version": "0.10.0", + "resolved": "https://registry.npmjs.org/strftime/-/strftime-0.10.0.tgz", + "integrity": "sha1-s/D6QZKVICpaKJ9ta+n0kJphcZM=" + }, "string-width": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/string-width/-/string-width-1.0.2.tgz", diff --git a/package.json b/package.json index 8692982..f63156f 100644 --- a/package.json +++ b/package.json @@ -26,6 +26,7 @@ "nunjucks": "^3.2.0", "recursive-readdir": "^2.2.2", "socket.io": "^2.3.0", + "strftime": "^0.10.0", "toml": "^3.0.0" }, "devDependencies": { diff --git a/src/server.ts b/src/server.ts index 26ec0c5..1983610 100644 --- a/src/server.ts +++ b/src/server.ts @@ -1,5 +1,6 @@ import * as NodeMediaServer from "node-media-server"; import { mkdir, fstat, access } from "fs"; +import * as strf from "strftime"; import * as db from "./database"; const sleep = ms => new Promise(resolve => setTimeout(resolve, ms)); const { exec, execFile } = require('child_process'); @@ -40,7 +41,7 @@ function init (mediaconfig: any, satyrconfig: any) { console.log('[NodeMediaServer] Initiating recording for stream:',id); mkdir(satyrconfig.directory+'/'+satyrconfig.publicEndpoint+'/'+results[0].username, { recursive : true }, (err) => { if (err) throw err; - let subprocess = exec('ffmpeg -i rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.publicEndpoint+'/'+results[0].username+' -vcodec copy -acodec copy '+satyrconfig.directory+'/'+satyrconfig.publicEndpoint+'/'+results[0].username+'/$(date +%d%b%Y-%H%M).mp4',{ + let subprocess = execFile('/usr/bin/ffmpeg', ['-i', 'rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.publicEndpoint+'/'+results[0].username, '-vcodec', 'copy', '-acodec', 'copy', satyrconfig.directory+'/'+satyrconfig.publicEndpoint+'/'+results[0].username+'/'+strf('%d%b%Y-%H%M')+'.mp4'], { detached : true, stdio : 'inherit' }); @@ -71,12 +72,14 @@ function init (mediaconfig: any, satyrconfig: any) { db.query('select username from users where stream_key='+db.raw.escape(key)+' limit 1').then(async (results) => { if(results[0]){ //push to rtmp - exec('ffmpeg -analyzeduration 0 -i rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.privateEndpoint+'/'+key+' -vcodec copy -acodec copy -crf 18 -f flv rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.publicEndpoint+'/'+results[0].username); + execFile('/usr/bin/ffmpeg', ['-analyzeduration', '0', '-i', 'rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.privateEndpoint+'/'+key, '-vcodec', 'copy', '-acodec', 'copy', '-crf', '18', '-f', 'flv', 'rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.publicEndpoint+'/'+results[0].username]); + //exec('ffmpeg -analyzeduration 0 -i rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.privateEndpoint+'/'+key+' -vcodec copy -acodec copy -crf 18 -f flv rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.publicEndpoint+'/'+results[0].username); //push to mpd after making sure directory exists mkdir(satyrconfig.directory+'/'+satyrconfig.publicEndpoint+'/'+results[0].username, { recursive : true }, (err) => {;}); sleep(5000).then( () => { //wait for stream to initialize, but i'm not happy about this - exec('ffmpeg -y -i rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.privateEndpoint+'/'+key+' -map 0:2 -map 0:2 -map 0:2 -map 0:1 -c:a copy -c:v:0 copy -c:v:1 libx264 -c:v:2 libx264 -crf:1 33 -crf:2 40 -b:v:1 3000K -b:v:2 1500K -remove_at_exit 1 -seg_duration 1 -window_size 30 -f dash '+satyrconfig.directory+'/'+satyrconfig.publicEndpoint+'/'+results[0].username+'/index.mpd'); + execFile('/usr/bin/ffmpeg', ['-y', '-i', 'rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.privateEndpoint+'/'+key, '-map', '0:2', '-map', '0:2', '-map', '0:2', '-map', '0:1', '-c:a', 'copy', '-c:v:0', 'copy', '-c:v:1', 'libx264', '-c:v:2', 'libx264', '-crf:1', '33', '-crf:2', '40', '-b:v:1', '3000K', '-b:v:2', '1500K', '-remove_at_exit', '1', '-seg_duration', '1', '-window_size', '30', '-f', 'dash', satyrconfig.directory+'/'+satyrconfig.publicEndpoint+'/'+results[0].username+'/index.mpd']); + //exec('ffmpeg -y -i rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.privateEndpoint+'/'+key+' -map 0:2 -map 0:2 -map 0:2 -map 0:1 -c:a copy -c:v:0 copy -c:v:1 libx264 -c:v:2 libx264 -crf:1 33 -crf:2 40 -b:v:1 3000K -b:v:2 1500K -remove_at_exit 1 -seg_duration 1 -window_size 30 -f dash '+satyrconfig.directory+'/'+satyrconfig.publicEndpoint+'/'+results[0].username+'/index.mpd'); }); //switch to execFile at some point, it's safer //execFile('/usr/bin/ffmpeg',['-analyzeduration 0', '-i rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.privateEndpoint+'/'+key, '-vcodec copy', '-acodec copy', '-crf 18', '-f flv', 'rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.publicEndpoint+'/'+results[0].username]); From 189599232605eab2c4886b9996ac5dad256c0364 Mon Sep 17 00:00:00 2001 From: knotteye Date: Sat, 16 Nov 2019 14:43:52 -0600 Subject: [PATCH 2/5] Bump version to 0.4.1 --- package-lock.json | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7f2b918..3eff12b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "satyr", - "version": "0.4.0", + "version": "0.4.1", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index f63156f..a1716b4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "satyr", - "version": "0.4.0", + "version": "0.4.1", "description": "A livestreaming server.", "license": "AGPL-3.0", "author": "knotteye", From efc087c7a36fa93ff2380d3c6fdb54addbc540de Mon Sep 17 00:00:00 2001 From: knotteye Date: Sat, 16 Nov 2019 15:23:42 -0600 Subject: [PATCH 3/5] Fix systemd service to restart properly --- install/satyr.service | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/install/satyr.service b/install/satyr.service index 29d2ccb..c5df3cc 100644 --- a/install/satyr.service +++ b/install/satyr.service @@ -3,8 +3,7 @@ Description=A livestreaming server. After=network.target [Service] -ExecReload=/bin/kill $MAINPID -KillMode=process +KillMode=control-group Restart=on-failure User=satyr From 7db22a974dd068bf3eb84fcf01a6a09827c6937d Mon Sep 17 00:00:00 2001 From: knotteye Date: Sat, 16 Nov 2019 15:35:30 -0600 Subject: [PATCH 4/5] Fix hardcoding of ffmpeg binary --- src/controller.ts | 3 ++- src/server.ts | 8 +++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/controller.ts b/src/controller.ts index 46c6b66..0b62fc4 100644 --- a/src/controller.ts +++ b/src/controller.ts @@ -20,7 +20,8 @@ async function run() { email: config.satyr.email, rootredirect: config.satyr.rootredirect, version: process.env.npm_package_version, - directory: config.server.http.directory + directory: config.server.http.directory, + ffmpeg: config.media.ffmpeg }; const nms: object = { logType: config.server.logs, diff --git a/src/server.ts b/src/server.ts index 1983610..3dc1811 100644 --- a/src/server.ts +++ b/src/server.ts @@ -41,7 +41,7 @@ function init (mediaconfig: any, satyrconfig: any) { console.log('[NodeMediaServer] Initiating recording for stream:',id); mkdir(satyrconfig.directory+'/'+satyrconfig.publicEndpoint+'/'+results[0].username, { recursive : true }, (err) => { if (err) throw err; - let subprocess = execFile('/usr/bin/ffmpeg', ['-i', 'rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.publicEndpoint+'/'+results[0].username, '-vcodec', 'copy', '-acodec', 'copy', satyrconfig.directory+'/'+satyrconfig.publicEndpoint+'/'+results[0].username+'/'+strf('%d%b%Y-%H%M')+'.mp4'], { + let subprocess = execFile(satyrconfig.ffmpeg, ['-i', 'rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.publicEndpoint+'/'+results[0].username, '-vcodec', 'copy', '-acodec', 'copy', satyrconfig.directory+'/'+satyrconfig.publicEndpoint+'/'+results[0].username+'/'+strf('%d%b%Y-%H%M')+'.mp4'], { detached : true, stdio : 'inherit' }); @@ -72,17 +72,15 @@ function init (mediaconfig: any, satyrconfig: any) { db.query('select username from users where stream_key='+db.raw.escape(key)+' limit 1').then(async (results) => { if(results[0]){ //push to rtmp - execFile('/usr/bin/ffmpeg', ['-analyzeduration', '0', '-i', 'rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.privateEndpoint+'/'+key, '-vcodec', 'copy', '-acodec', 'copy', '-crf', '18', '-f', 'flv', 'rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.publicEndpoint+'/'+results[0].username]); + execFile(satyrconfig.ffmpeg, ['-analyzeduration', '0', '-i', 'rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.privateEndpoint+'/'+key, '-vcodec', 'copy', '-acodec', 'copy', '-crf', '18', '-f', 'flv', 'rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.publicEndpoint+'/'+results[0].username]); //exec('ffmpeg -analyzeduration 0 -i rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.privateEndpoint+'/'+key+' -vcodec copy -acodec copy -crf 18 -f flv rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.publicEndpoint+'/'+results[0].username); //push to mpd after making sure directory exists mkdir(satyrconfig.directory+'/'+satyrconfig.publicEndpoint+'/'+results[0].username, { recursive : true }, (err) => {;}); sleep(5000).then( () => { //wait for stream to initialize, but i'm not happy about this - execFile('/usr/bin/ffmpeg', ['-y', '-i', 'rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.privateEndpoint+'/'+key, '-map', '0:2', '-map', '0:2', '-map', '0:2', '-map', '0:1', '-c:a', 'copy', '-c:v:0', 'copy', '-c:v:1', 'libx264', '-c:v:2', 'libx264', '-crf:1', '33', '-crf:2', '40', '-b:v:1', '3000K', '-b:v:2', '1500K', '-remove_at_exit', '1', '-seg_duration', '1', '-window_size', '30', '-f', 'dash', satyrconfig.directory+'/'+satyrconfig.publicEndpoint+'/'+results[0].username+'/index.mpd']); + execFile(satyrconfig.ffmpeg, ['-y', '-i', 'rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.privateEndpoint+'/'+key, '-map', '0:2', '-map', '0:2', '-map', '0:2', '-map', '0:1', '-c:a', 'copy', '-c:v:0', 'copy', '-c:v:1', 'libx264', '-c:v:2', 'libx264', '-crf:1', '33', '-crf:2', '40', '-b:v:1', '3000K', '-b:v:2', '1500K', '-remove_at_exit', '1', '-seg_duration', '1', '-window_size', '30', '-f', 'dash', satyrconfig.directory+'/'+satyrconfig.publicEndpoint+'/'+results[0].username+'/index.mpd']); //exec('ffmpeg -y -i rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.privateEndpoint+'/'+key+' -map 0:2 -map 0:2 -map 0:2 -map 0:1 -c:a copy -c:v:0 copy -c:v:1 libx264 -c:v:2 libx264 -crf:1 33 -crf:2 40 -b:v:1 3000K -b:v:2 1500K -remove_at_exit 1 -seg_duration 1 -window_size 30 -f dash '+satyrconfig.directory+'/'+satyrconfig.publicEndpoint+'/'+results[0].username+'/index.mpd'); }); - //switch to execFile at some point, it's safer - //execFile('/usr/bin/ffmpeg',['-analyzeduration 0', '-i rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.privateEndpoint+'/'+key, '-vcodec copy', '-acodec copy', '-crf 18', '-f flv', 'rtmp://127.0.0.1:'+mediaconfig.rtmp.port+'/'+satyrconfig.publicEndpoint+'/'+results[0].username]); console.log('[NodeMediaServer] Stream key okay for stream:',id); } else{ From 239cd252a25f07d32ed1b6ca615e5ff59e336ac2 Mon Sep 17 00:00:00 2001 From: knotteye Date: Sat, 16 Nov 2019 15:37:19 -0600 Subject: [PATCH 5/5] Bump version to 0.4.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a1716b4..d7003b8 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "satyr", - "version": "0.4.1", + "version": "0.4.2", "description": "A livestreaming server.", "license": "AGPL-3.0", "author": "knotteye",