Feat/variables #279
Closed
Feat/variables #279
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Refactor DataPath and TempPath to be read from DATA_PATH and TEMP_PATH environment variables respectively. - Add sensible fallbacks to ./data and ./temp if environment variables are not set. - Update config package to handle environment variable loading.
- Add a new Credential struct with Username, Password, and Expiration fields. - Update parseCredentials to parse the CREDENTIALS environment variable as a JSON array of Credential objects. - The authentication logic now uses the new struct, but is not yet fully updated.
- Update M3UHTTPHandler to parse and cache credentials at startup. - Implement constant-time comparison for passwords to prevent timing attacks. - Add check for credential expiration. - The authentication logic now uses the in-memory cache.
- Update m3u_http_test.go to use JSON for credentials. - Add test cases for credential expiration. - Ensure existing tests pass with the new credential format.
- Update the environment variable description to reflect the new JSON array format. - Add and environment variables to the documentation.
…unctions - Add comprehensive logging to M3UHTTPHandler for better debugging - Log credential loading, authentication attempts, and authorization results - Include information about parsed credentials without exposing sensitive data - Add logging for file serving operations
|
Thanks for this! Do you mind resolving the failing test cases for me? I'll see if I can merge this over the weekend. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
This PR enhances the authentication system by adding comprehensive logging to help diagnose authentication issues. The primary goal is to provide better visibility into the credential parsing and authentication process without changing the core functionality. This will help administrators quickly identify and resolve authentication problems in production environments.
The PR also maintains full compatibility with the new JSON format for credentials that was recently implemented, ensuring that existing deployments continue to work correctly.
Choices
I solved this by adding detailed logging at key points in the authentication flow:
Credential Loading: Added logging when credentials are loaded from the environment variable, including the number of credentials parsed and details about each credential (without exposing sensitive information).
Authentication Attempts: Added logging for each authentication attempt, including the username (but not password) and the result of the authentication.
Authorization Results: Added logging for successful authorizations and various failure modes (missing credentials, invalid username, invalid password, expired credentials).
File Serving: Added logging when the M3U file is served, which helps confirm successful authentication.
This approach was chosen because:
Test instructions
Environment Setup:
CREDENTIALS='[{"username":"user1","password":"pass1","expiration":"2026-02-01T00:00:00Z"},{"username":"user2","password":"pass2"}]'DEBUG=trueAuthentication Testing:
curl "http://localhost:PORT/playlist.m3u?username=user2&password=pass2"curl "http://localhost:PORT/playlist.m3u?username=user2&password=wrongpass"curl "http://localhost:PORT/playlist.m3u"curl "http://localhost:PORT/playlist.m3u?username=user1&password=pass1"(if the expiration date has passed)Log Verification:
Checklist before requesting a review