adds MEDIA_ROOT environment variable for starting the server
This commit is contained in:
parent
0783e08fe9
commit
5f7b1aa7c1
3 changed files with 76 additions and 64 deletions
|
|
@ -3,19 +3,27 @@
|
|||
* get_files.php - Recursively scans media directories and returns file structure as JSON
|
||||
*/
|
||||
declare(strict_types=1);
|
||||
|
||||
require_once __DIR__ . '/auth.php';
|
||||
require_auth(true);
|
||||
|
||||
|
||||
|
||||
header('Content-Type: application/json; charset=utf-8');
|
||||
|
||||
// Media type from query parameter (default: videos)
|
||||
$type = $_GET['type'] ?? 'videos';
|
||||
|
||||
// Resolve base directory (make this configurable via env in production)
|
||||
$homeDir = getenv('HOME') ?: (getenv('USERPROFILE') ?: ('/home/' . get_current_user()));
|
||||
$baseDir = rtrim($homeDir, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . 'GDrive';
|
||||
// Resolve base directory via MEDIA_ROOT
|
||||
$mediaRoot = getenv('MEDIA_ROOT');
|
||||
if ($mediaRoot === false || trim($mediaRoot) === '') {
|
||||
echo json_encode(['error' => 'MEDIA_ROOT is not set']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$baseDir = realpath(trim($mediaRoot));
|
||||
if ($baseDir === false || !is_dir($baseDir)) {
|
||||
echo json_encode(['error' => 'MEDIA_ROOT base directory not found']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$directories = [
|
||||
'videos' => $baseDir . DIRECTORY_SEPARATOR . 'Videos',
|
||||
|
|
@ -50,6 +58,13 @@ function scanDirectory(string $dir, string $baseDir, array $validExtensions): ar
|
|||
{
|
||||
$result = [];
|
||||
|
||||
// Resolve base once (prevents per-file realpath overhead and handles normalization)
|
||||
$realBase = realpath($baseDir);
|
||||
if ($realBase === false) {
|
||||
return [];
|
||||
}
|
||||
$realBase = rtrim($realBase, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR;
|
||||
|
||||
// scandir() can return false on permissions
|
||||
$items = @scandir($dir);
|
||||
if ($items === false) return [];
|
||||
|
|
@ -75,19 +90,17 @@ function scanDirectory(string $dir, string $baseDir, array $validExtensions): ar
|
|||
continue;
|
||||
}
|
||||
|
||||
// Build a relative path from baseDir. Use realpath() to normalize.
|
||||
$realBase = realpath($baseDir);
|
||||
// Normalize and enforce: file must live under baseDir
|
||||
$realFile = realpath($fullPath);
|
||||
if ($realBase === false || $realFile === false) {
|
||||
if ($realFile === false) {
|
||||
continue;
|
||||
}
|
||||
if (strpos($realFile, $realBase) !== 0) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// Enforce: file must live under baseDir
|
||||
if (strpos($realFile, $realBase . DIRECTORY_SEPARATOR) !== 0) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$relativePath = substr($realFile, strlen($realBase) + 1); // +1 skips the slash
|
||||
// Return relative path from baseDir
|
||||
$relativePath = substr($realFile, strlen($realBase));
|
||||
$result[$item] = $relativePath;
|
||||
}
|
||||
|
||||
|
|
@ -103,7 +116,6 @@ function scanDirectory(string $dir, string $baseDir, array $validExtensions): ar
|
|||
return strcasecmp((string)$a, (string)$b);
|
||||
});
|
||||
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,18 +3,29 @@
|
|||
* serve_media.php - Serves media files with proper headers for streaming + Range
|
||||
*/
|
||||
declare(strict_types=1);
|
||||
|
||||
require_once __DIR__ . '/auth.php';
|
||||
require_auth(false); // plain text is fine for media endpoint
|
||||
set_time_limit(0);
|
||||
|
||||
// ---- Config ----
|
||||
$mediaRoot = getenv('MEDIA_ROOT');
|
||||
if ($mediaRoot === false || trim($mediaRoot) === '') {
|
||||
http_response_code(500);
|
||||
echo 'MEDIA_ROOT is not set';
|
||||
exit;
|
||||
}
|
||||
|
||||
// ---- Config (prefer env vars in production) ----
|
||||
$homeDir = getenv('HOME') ?: (getenv('USERPROFILE') ?: ('/home/' . get_current_user()));
|
||||
$baseDir = rtrim($homeDir, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . 'GDrive';
|
||||
$baseDir = realpath(trim($mediaRoot));
|
||||
if ($baseDir === false || !is_dir($baseDir)) {
|
||||
http_response_code(500);
|
||||
echo 'MEDIA_ROOT base directory not found';
|
||||
exit;
|
||||
}
|
||||
|
||||
// ---- Input ----
|
||||
$requested = $_GET['file'] ?? '';
|
||||
if ($requested === '') {
|
||||
if (!is_string($requested) || $requested === '') {
|
||||
http_response_code(400);
|
||||
echo 'No file specified';
|
||||
exit;
|
||||
|
|
@ -24,16 +35,15 @@ if ($requested === '') {
|
|||
$requested = str_replace(['\\'], '/', $requested);
|
||||
|
||||
// Compute real paths and enforce base directory containment
|
||||
$realBase = realpath($baseDir);
|
||||
$realFile = realpath($baseDir . DIRECTORY_SEPARATOR . $requested);
|
||||
$realBase = rtrim($baseDir, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR;
|
||||
$realFile = realpath($baseDir . DIRECTORY_SEPARATOR . ltrim($requested, "/"));
|
||||
|
||||
if ($realBase === false || $realFile === false) {
|
||||
if ($realFile === false) {
|
||||
http_response_code(404);
|
||||
echo 'File not found';
|
||||
exit;
|
||||
}
|
||||
|
||||
$realBase = rtrim($realBase, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR;
|
||||
if (strpos($realFile, $realBase) !== 0) {
|
||||
http_response_code(403);
|
||||
echo 'Access denied';
|
||||
|
|
@ -82,7 +92,6 @@ if ($size === false) {
|
|||
// Always advertise range support
|
||||
header('Accept-Ranges: bytes');
|
||||
header('Content-Type: ' . $mime);
|
||||
// Optional caching (fine for local LAN usage)
|
||||
header('Cache-Control: public, max-age=3600');
|
||||
|
||||
$rangeHeader = $_SERVER['HTTP_RANGE'] ?? '';
|
||||
|
|
@ -98,7 +107,7 @@ if ($rangeHeader === '') {
|
|||
exit;
|
||||
}
|
||||
|
||||
$buf = 1024 * 256; // 256KB chunks (fewer syscalls than 8KB)
|
||||
$buf = 1024 * 256; // 256KB chunks
|
||||
while (!feof($fp) && !connection_aborted()) {
|
||||
$data = fread($fp, $buf);
|
||||
if ($data === false) break;
|
||||
|
|
@ -109,10 +118,6 @@ if ($rangeHeader === '') {
|
|||
}
|
||||
|
||||
// ---- Range response (single-range only) ----
|
||||
// Examples:
|
||||
// - bytes=0-999
|
||||
// - bytes=1000-
|
||||
// - bytes=-500 (suffix range)
|
||||
if (!preg_match('/^bytes=(\d*)-(\d*)$/', trim($rangeHeader), $m)) {
|
||||
http_response_code(416);
|
||||
header("Content-Range: bytes */{$size}");
|
||||
|
|
|
|||
|
|
@ -1,23 +1,11 @@
|
|||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# start-media-server.sh
|
||||
#
|
||||
# Starts frankenphp with MEDIA_USER and MEDIA_PASS_HASH set.
|
||||
# Hash is generated via:
|
||||
# - system php (preferred) OR
|
||||
# - frankenphp php-cli (fallback)
|
||||
#
|
||||
# Usage:
|
||||
# ./start-media-server.sh --user admin --prompt [--port 9000] [--dir /path/to/docroot]
|
||||
#
|
||||
# Security:
|
||||
# Avoid --pass on command line; use --prompt or --pass-stdin to keep it out of `ps`/history.
|
||||
|
||||
PORT="9000"
|
||||
USER=""
|
||||
PASS=""
|
||||
DOCROOT=""
|
||||
MEDIA_ROOT_ARG=""
|
||||
|
||||
read_pass_stdin=false
|
||||
prompt=false
|
||||
|
|
@ -25,28 +13,27 @@ prompt=false
|
|||
usage() {
|
||||
cat <<'EOF'
|
||||
Usage:
|
||||
start-media-server.sh --user <username> [--pass <password> | --pass-stdin | --prompt] [--port <port>] [--dir <docroot>]
|
||||
start-media-server.sh --user <username> [--pass <password> | --pass-stdin | --prompt]
|
||||
[--media-root <path>] [--port <port>] [--dir <docroot>]
|
||||
|
||||
Options:
|
||||
--user <u> Username to set in MEDIA_USER (required)
|
||||
--pass <p> Password to hash (insecure: visible in process list & shell history)
|
||||
--pass-stdin Read password from stdin (safer)
|
||||
--prompt Prompt for password (safer; hidden input)
|
||||
--media-root <p> Base directory containing Videos/ and Music/ (recommended)
|
||||
--port <p> Listen port (default: 9000)
|
||||
--dir <path> cd into docroot before starting (optional)
|
||||
-h, --help Show help
|
||||
|
||||
Examples:
|
||||
./start-media-server.sh --user admin --prompt --port 9000 --dir /home/me/samba-serv
|
||||
printf '%s\n' 'test123' | ./start-media-server.sh --user admin --pass-stdin
|
||||
./start-media-server.sh --user admin --prompt --media-root /mnt/media --port 9000 --dir /home/me/samba-serv
|
||||
printf '%s\n' 'test123' | ./start-media-server.sh --user admin --pass-stdin --media-root /mnt/media
|
||||
EOF
|
||||
}
|
||||
|
||||
have_cmd() { command -v "$1" >/dev/null 2>&1; }
|
||||
|
||||
# Pick a PHP hashing command:
|
||||
# - If `php` exists: use it.
|
||||
# - Else if `frankenphp` exists and supports php-cli: use it.
|
||||
pick_php_runner() {
|
||||
if have_cmd php; then
|
||||
echo "php"
|
||||
|
|
@ -54,7 +41,6 @@ pick_php_runner() {
|
|||
fi
|
||||
|
||||
if have_cmd frankenphp; then
|
||||
# Verify php-cli is available (frankenphp subcommand)
|
||||
if frankenphp php-cli -v >/dev/null 2>&1; then
|
||||
echo "frankenphp php-cli"
|
||||
return 0
|
||||
|
|
@ -70,6 +56,7 @@ while (($#)); do
|
|||
--pass) PASS="${2-}"; shift 2 ;;
|
||||
--pass-stdin) read_pass_stdin=true; shift ;;
|
||||
--prompt) prompt=true; shift ;;
|
||||
--media-root) MEDIA_ROOT_ARG="${2-}"; shift 2 ;;
|
||||
--port) PORT="${2-}"; shift 2 ;;
|
||||
--dir) DOCROOT="${2-}"; shift 2 ;;
|
||||
-h|--help) usage; exit 0 ;;
|
||||
|
|
@ -117,12 +104,10 @@ fi
|
|||
|
||||
PHP_RUNNER="$(pick_php_runner)" || {
|
||||
echo "Error: neither 'php' nor 'frankenphp php-cli' is available for hashing" >&2
|
||||
echo "Install php OR ensure frankenphp supports 'php-cli'." >&2
|
||||
exit 127
|
||||
}
|
||||
|
||||
# Generate bcrypt hash without needing to escape $.
|
||||
# We pass the password via an env var P to avoid quoting surprises in -r strings.
|
||||
MEDIA_PASS_HASH="$(
|
||||
P="$PASS" $PHP_RUNNER -r 'echo password_hash(getenv("P"), PASSWORD_BCRYPT), PHP_EOL;'
|
||||
)"
|
||||
|
|
@ -130,6 +115,11 @@ MEDIA_PASS_HASH="$(
|
|||
export MEDIA_USER="$USER"
|
||||
export MEDIA_PASS_HASH
|
||||
|
||||
# Export MEDIA_ROOT if provided
|
||||
if [[ -n "${MEDIA_ROOT_ARG}" ]]; then
|
||||
export MEDIA_ROOT="${MEDIA_ROOT_ARG}"
|
||||
fi
|
||||
|
||||
if [[ -n "$DOCROOT" ]]; then
|
||||
cd "$DOCROOT"
|
||||
fi
|
||||
|
|
@ -138,6 +128,11 @@ echo "Using PHP runner: $PHP_RUNNER"
|
|||
echo "Starting frankenphp on :$PORT"
|
||||
echo "MEDIA_USER=$MEDIA_USER"
|
||||
echo "MEDIA_PASS_HASH set (bcrypt)"
|
||||
if [[ -n "${MEDIA_ROOT:-}" ]]; then
|
||||
echo "MEDIA_ROOT=$MEDIA_ROOT"
|
||||
else
|
||||
echo "MEDIA_ROOT not set (get_files.php / serve_media.php will error)"
|
||||
fi
|
||||
echo
|
||||
|
||||
exec frankenphp php-server --listen ":$PORT"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue