add gunicorn

.gitignore

@@ -5,6 +5,7 @@ teste.py
 old
 link.sh
 *.key*
+dbs/
 
 # Created by https://www.toptal.com/developers/gitignore/api/python,pycharm+all
 # Edit at https://www.toptal.com/developers/gitignore?templates=python,pycharm+all

gunicorn_config.py

@@ -0,0 +1,2 @@
+workers = 4  # Adjust this based on your server's capabilities
+bind = "0.0.0.0:8080"  # Use the appropriate IP and port

requirements.txt

@@ -2,3 +2,4 @@ bcrypt
 flask
 pyjwt
 tinydb
+gunicorn

src/stream_auth/keys/generate_keys.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
+openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
+
+openssl ec -in streamkeyEC256.key -pubout -outform PEM -out streamkeyEC256.key.pub
+ssh-keygen -t ecdsa -b 256 -m PEM -f streamkeyEC256.key

src/stream_auth/main.py

@@ -13,12 +13,11 @@ app = Flask(__name__)
 logging.basicConfig(level=logging.INFO)
 
 
-def main():
-    app.register_blueprint(user_routes)
-    app.register_blueprint(stream_routes)
-
-    app.run(host=settings.HOST, port=settings.PORT)
+# def main(*args, **kwargs):
+app.register_blueprint(user_routes)
+app.register_blueprint(stream_routes)
 
 
 if __name__ == "__main__":
-    main()
+    app.run(host=settings.HOST, port=settings.PORT)
+    # main()

src/stream_auth/middlewares/jwt.py

@@ -1,5 +1,5 @@
 import time
-import jwt
+import jwt as jwtlib
 from stream_auth import settings
 
 
@@ -11,27 +11,43 @@ def read_key(path):
 
 JWT_PRIV_KEY = read_key(settings.JWT_PRIV_PATH)
 JWT_PUB_KEY = read_key(settings.JWT_PUB_PATH)
+STREAM_KEY_PRIV_KEY = read_key(settings.STREAM_KEY_PRIV_PATH)
+STREAM_KEY_PUB_KEY = read_key(settings.STREAM_KEY_PRIV_PATH)
 
 
 def create_stream_key(username: str):
     payload = {'username': username}
-    return jwt.encode(payload, JWT_PRIV_KEY, algorithm="RS256")
+    return jwtlib.encode(payload, STREAM_KEY_PRIV_KEY, algorithm="ES256")
+
+
+def verify_stream_key(stream_key: str):
+    try:
+        jwtlib.decode(stream_key, STREAM_KEY_PUB_KEY, algorithms=["ES256"])
+    except (jwtlib.exceptions.ExpiredSignatureError, jwtlib.InvalidTokenError):
+        return False
+
+    return True
+
+
+def decode_stream_key(stream_key: str):
+    return jwtlib.decode(stream_key, STREAM_KEY_PUB_KEY, algorithms=["RS256"])
 
 
 def create_token(username: str, stream_key: str, exp: int = settings.JWT_EXP_TIME):
     exp = time.time() + exp
     payload = {'username': username, 'stream_key': stream_key, 'exp': exp}
-    return jwt.encode(payload, JWT_PRIV_KEY, algorithm="RS256")
+    return jwtlib.encode(payload, JWT_PRIV_KEY, algorithm="RS256")
 
 
-def verify(token: str):
+def verify_token(token: str):
+    # return jwtlib.decode(token, JWT_PUB_KEY, algorithms=["RS256"])
     try:
-        jwt.decode(token, JWT_PUB_KEY, algorithms=["RS256"])
-    except (jwt.exceptions.ExpiredSignatureError, jwt.InvalidTokenError):
+        jwtlib.decode(token, JWT_PUB_KEY, algorithms=["RS256"])
+    except (jwtlib.exceptions.ExpiredSignatureError, jwtlib.InvalidTokenError):
         return False
 
     return True
 
 
 def decode_token(token: str):
-    return jwt.decode(token, JWT_PUB_KEY, algorithms=["RS256"])
+    return jwtlib.decode(token, JWT_PUB_KEY, algorithms=["RS256"])

src/stream_auth/routes/stream.py

@@ -22,21 +22,34 @@ def create_stream():
     StreamModel(username, title, description)
 
 
-@stream.route('/publish_check')
+@stream.route('/publish_check', methods=['POST'])
 def publish_check():
 
     # TODO: check if user created stream
 
     # get user
+    stream_key = request.form.get('stream_key')
+    username = request.form.get('name')
+    print(username, stream_key)
     try:
-        stream_key = request.form.get('stream_key')
-        username = request.form.get('name')
-        stream_user = user.search_stream_key(stream_key)[0]
-        if username != stream_user['username']:
-            raise ValueError
+        stream_user = user.search_user(username)[0]
+
+        if username != stream_user['username'] or not jwt.verify_stream_key(stream_key):
+            raise ValueError('Invalid Token')
 
     except (IndexError, ValueError):
-        print('vish')
         return Response('Invalid Stream Key', 401)
 
     return Response('OK', 200)
+
+
+@stream.route('/test')
+def test():
+
+    stream_key = request.args.get('stream_key')
+    if jwt.verify_token(stream_key):
+        return Response('OK', 200)
+
+    return Response('Invalid Stream Key', 401)
+
+    # jwt.verify(stream_key)

src/stream_auth/routes/user.py

@@ -26,7 +26,7 @@ def create():
     logging.info('User %s created with stream key %s',
                  new_user.username, new_user.stream_key)
 
-    res = {'username': new_user.username, 'stream_key': str(new_user.stream_key)}
+    res = {'username': new_user.username, 'stream_key': new_user.stream_key}
     return make_response(jsonify(res), 200)
 
 

src/stream_auth/settings.py

@@ -11,10 +11,13 @@ KEY_DIR = os.path.join(APP_DIR, 'keys')
 
 JWT_PRIV_PATH = os.path.join(KEY_DIR, 'jwtRS256.key')
 JWT_PUB_PATH = os.path.join(KEY_DIR, 'jwtRS256.key.pub')
+STREAM_KEY_PRIV_PATH = os.path.join(KEY_DIR, 'streamkeyEC256.key')
+STREAM_KEY_PUB_PATH = os.path.join(KEY_DIR, 'streamkeyEC256.key.pub')
 JWT_EXP_TIME = 2592000
+
 DBS_PATH = os.path.join(APP_DIR, 'dbs')
-os.path.join(DBS_PATH, 'x.json')
 USER_DATABASE = os.path.join(DBS_PATH, 'users.json')
 STREAM_DATABASE = os.path.join(DBS_PATH, 'streams.json')
 LIVE_STREAM_DATABASE = os.path.join(DBS_PATH, 'live_streams.json')
+
 STREAM_KEY_LENGTH = 32