From 0a71d0a94b65ed7d58da5d17a9ae3b1bd077fb3b Mon Sep 17 00:00:00 2001 From: xbdm Date: Sat, 15 Jul 2023 19:23:47 +0000 Subject: [PATCH 1/3] harden docker --- docker-compose.yml | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index a801c0b..08c1b22 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,10 +1,22 @@ -version: "3.9" +version: "3.7" + services: - backend: +safetwitch-backend: build: context: . - dockerfile: ./Dockerfile + dockerfile: Dockerfile + #image: codeberg.org/dragongoose/safetwitch-backend:latest + restart: always + container_name: safetwitch-backend + hostname: safetwitch-backend + user: 65534:65534 + read_only: true + security_opt: + - no-new-privileges:true + cap_drop: + - ALL ports: - - "7000:8080" + - "127.0.0.1:7100:7000" environment: - - URL=http://localhost:7000 \ No newline at end of file + - PORT=7000 + - URL=https://changethis \ No newline at end of file From 4376dc4e112e7ee4468a5d00a72d2363c5a4a69c Mon Sep 17 00:00:00 2001 From: xbdm Date: Sat, 15 Jul 2023 19:24:46 +0000 Subject: [PATCH 2/3] Create backend-nginx.conf example --- nginx.conf | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 nginx.conf diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..41f3aea --- /dev/null +++ b/nginx.conf @@ -0,0 +1,42 @@ +server { + server_name changethis; + + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + ssl_certificate /etc/letsencrypt/live/changethis/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/changethis/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + add_header strict_sni on; + add_header strict_sni_header on; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header Content-Security-Policy upgrade-insecure-requests; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "DENY"; + add_header Clear-Site-Data "cookies"; + add_header Referrer-Policy "no-referrer"; + add_header Permissions-Policy "interest-cohort=(),accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"; + resolver 1.1.1.1; + + ssl_trusted_certificate /etc/letsencrypt/live/changethis/chain.pem; + ssl_stapling on; + ssl_stapling_verify on; + + access_log /dev/null; + error_log /dev/null; + + location / { + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://localhost:7100; + } +} + +server { + listen 80; + listen [::]:80; + server_name changethis; + return 301 https://changethis$request_uri; + } From 71062f240daa401f9f0027c6bc7cf77a61fc4c2a Mon Sep 17 00:00:00 2001 From: xbdm Date: Sat, 15 Jul 2023 19:31:29 +0000 Subject: [PATCH 3/3] new instance: stream.whateveritworks.org --- README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 5b935e8..83b9532 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Every endpoint can return a 500 status code, and it follows this schema: } ``` -### /api/users/:username +### https://streamapi.whateveritworks.org/api/users/xqc **GET** - :username is any streamer Gets a specific twitch streamer @@ -62,7 +62,7 @@ The request was successful, returns data of type [Streamer](https://codeberg.org The streamer was not found -### /api/discover +### https://streamapi.whateveritworks.org/api/discover **GET** Gets the discover page of twitch, a list of categories @@ -93,7 +93,7 @@ The request was successful, returns a [CategoryData[]](https://codeberg.org/drag } ``` -### /api/discover/:game +### https://streamapi.whateveritworks.org/api/discover/Grand Theft Auto V **GET** - :game is a name of a twitch category Gets a specific twitch category @@ -144,7 +144,7 @@ The server found the category, returns data of type [CategoryPreview[]](https:// The category was not found -### /api/badges?streamerName=NAME +### https://streamapi.whateveritworks.org/api/badges?streamerName=xqc **GET** Gets global twitch chat badges @@ -178,7 +178,7 @@ Server retrieved the badges, returns type [Badge[]](hhttps://codeberg.org/dragon } ``` -### /api/search?query=SEARCHQUERY +### https://streamapi.whateveritworks.org/api/search?query=xqc **GET** - SEARCHQUERY is any string Searches for categories, streamers, tags, and live streamers. Returns data of type [SearchResult](https://codeberg.org/dragongoose/safetwitch-backend/src/branch/master/extractor/structs/parsed.go) @@ -271,7 +271,7 @@ The server found the search data, returns: ## Proxying Endpoints -### /proxy/img/:base64Url +### https://streamapi.whateveritworks.org/proxy/img/base64Url **GET** Proxies an image through the server @@ -287,7 +287,7 @@ Server returns the requested image The requested image was invalid -### /proxy/stream/:username/hls.m3u8 +### https://streamapi.whateveritworks.org/proxy/stream/xqc/hls.m3u8 **GET** Gets the m3u8 manifest for a streamer. This manifest will contain all stream qualities if they are live @@ -310,7 +310,7 @@ The streamer is not live } ``` -### /proxy/stream/sub/:encodedUrl +### https://streamapi.whateveritworks.org/proxy/stream/sub/encodedUrl **GET** Returns the m3u8 manifest for a specific quality under the [master manifest](#/proxy/stream/:username/hls.m3u8) @@ -319,7 +319,7 @@ Returns the m3u8 manifest for a specific quality under the [master manifest](#/p Returns the manifest file -### /proxy/stream/segment/:encodedUrl +### https://streamapi.whateveritworks.org/proxy/stream/segment/encodedUrl **GET** Gets a segment from one of the quality's manifest file. This is the actual video thats displayed on your screen