(this file is a work-in-progress)
This program has several perl requirements:
Mojolicious
File::Slurper
TOML
Mojo::JSON (?)
Mojo::UserAgent (?)
MIME::Base64 (?)
(? = I don't know if they're bundled with mojolicious, or core (MIME::Base64))
This program sits in between Owncast's API and your user. This user is able to use /api/admin/ paths if his 'role' allows it. Each route has an array of 'roles' associated with it.
One particularly useful feature of this program is it's ability to append or delete stream-keys without nuking an entire set. It can also create stream-keys for users using their password and can watch the user file for changes and automatically update Owncast's stream-key set.
This program, for now 👀️, doesn't work with Owncast's admin web-page.
[users]
jjakke = ["streamer", "password"]
[passwords_username]
username = "owncast"
[passwords]
the-password-for-admin-which-sh0uld-probably-change = "admin"
aorsneitoarnets = "irc-tv-bot"
aorinsteoiarsos = "streamer"In 'users' mode, only jjakke (role: "streamer", password: "password") will be allowed to poke admin api.
In 'passwords' mode, only the username (in this case, "owncast"), will be allowed to poke the admin api. The value of the password is the 'role' associated with it.
With 'both' mode, either is ok.
With environment variable 'OAM_USERS_TO_STREAM_KEYS' enabled, users will be able to stream just by using their password as the stream key.
# OAM special
/oam/api/streamkeys = [] # GET admin implied
/oam/api/streamkeys/append = [] # POST [{"key":"comment"},{...}]
/oam/api/streamkeys/delete = [] # POST ["the-key","another-key"]
# Basic Auth ONLY
/api/admin/accesstokens/delete = ["irc-tv-bot"]
/api/admin/accesstokens/create = ["irc-tv-bot"]
/api/admin/accesstokens = ["irc-tv-bot"]
/api/admin/config/streamtitle = ["streamer"]The value of the routes is an array of roles allowed to poke it. "admin" role is freely passed to owncast without consulting this file.
the-admin-password
The plain-text admin password. Needs to be readable by the program.
Note that there aren't any 'default values' but these are ok for development. All of them, unless mentioned otherwise, are required or the program will refuse to start.
| name | value | description |
|---|---|---|
| OAM_ADMIN_FILE | './admin.txt' | the location of the plaintext admin password |
| OAM_USER_FILE | './users.toml' | the location of the TOML users file |
| OAM_ROUTE_FILE | './routes.toml' | the location of the TOML routes file |
| OAM_MODE | 'both' | what kind of authentication (users, passwords, or both) |
| OAM_VERBOSITY | 1 | 0 besides errors no output, 1 ip addresses and request, 2 programming stuff, 3 secrets |
| OAM_OWNCAST_HOSTNAME | localhost | where can your owncast install be found |
| OAM_OWNCAST_PORT | 8080 | the port that owncast is listening on |
| OAM_STREAMKEY_PREFIX | 'OAM__' | prefix for stream key comments so the program knows which ones it is responsible for |
| OAM_USERS_TO_STREAM_KEYS | 1 | 1 = yes, automagically convert users passwords into streamkeys, 0 = don't |
| MOJO_REVERSE_PROXY | 1 | not required, helps mojolicious know which remote ip is 'real'. ANY VALUE = under a rerseve proxy (omit if not) |
A suggested start method that will automatically restart the program if changes have been made to any TOML file:
morbo -m production -l http://127.0.0.23:3000 -w "$OAM_ADMIN_FILE" -w "$OAM_USER_FILE" -w "$OAM_ROUTE_FILE" ./owncast-admin-middleware.pl
There is also a 'start.sh' that exports all environment variables and launches morbo like in the code block.
If OAM_USERS_TO_STREAM_KEYS is false, remove the relevant stream keys. A work-around is to access the admin section on owncast and click the trashcan icon.