Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
322 changes: 248 additions & 74 deletions api/docs/docs.go

Large diffs are not rendered by default.

322 changes: 248 additions & 74 deletions api/docs/swagger.json

Large diffs are not rendered by default.

253 changes: 187 additions & 66 deletions api/docs/swagger.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -213,12 +213,13 @@ definitions:
type: array
name:
type: string
playback_auth:
playback_policy:
description: |-
PlaybackAuth overrides the global media-auth default policy for this
stream: "public" (no token) or "token" (signed token required). Empty
inherits auth.media.default_policy. Static rules (IP/country/UA/domains)
remain global. See internal/mediaauth.
PlaybackPolicy binds this stream to a named media-auth Policy by its
code (see domain.Policy). Empty means no policy — the stream is public
(allow-all). The referenced policy carries the full rule set (token
requirement + secret, IP/country/UA/domain allow-deny lists). See
internal/mediaauth.
type: string
protocols:
allOf:
Expand Down Expand Up @@ -338,8 +339,6 @@ definitions:
properties:
api:
$ref: '#/definitions/config.APIAuthConfig'
media:
$ref: '#/definitions/config.MediaAuthConfig'
type: object
config.BufferConfig:
properties:
Expand Down Expand Up @@ -451,56 +450,6 @@ definitions:
healthy primary will be falsely failed over to a lower priority.
type: integer
type: object
config.MediaAuthConfig:
properties:
allow_countries:
items:
type: string
type: array
allow_ips:
description: |-
Static allow/deny chain. IPs accept exact addresses or CIDR ranges;
Countries are ISO 3166-1 alpha-2 codes (need a GeoIP DB — see
SessionsConfig.GeoIPDBPath); UserAgents match case-insensitive substring;
AllowedDomains match the Referer host (exact or parent domain).
items:
type: string
type: array
allow_user_agents:
items:
type: string
type: array
allowed_domains:
items:
type: string
type: array
default_policy:
description: |-
DefaultPolicy is "public" (no token needed) or "token" (signed token
required) for streams that don't set their own. Empty = public.
type: string
deny_countries:
items:
type: string
type: array
deny_ips:
items:
type: string
type: array
deny_user_agents:
items:
type: string
type: array
enabled:
type: boolean
token_secret:
description: |-
TokenSecret is the HMAC-SHA256 key the server uses to VERIFY playback
tokens. Clients (your app) mint tokens with the same secret — the server
never issues them. Required when any stream's effective policy is "token".
See internal/mediaauth.SignToken for the canonical token format.
type: string
type: object
config.PublisherConfig:
properties:
dash:
Expand Down Expand Up @@ -721,8 +670,6 @@ definitions:
type: object
domain.EventType:
enum:
- session.opened
- session.closed
- stream.created
- stream.updated
- stream.started
Expand Down Expand Up @@ -755,8 +702,13 @@ definitions:
- template.created
- template.updated
- template.deleted
- policy.created
- policy.updated
- policy.deleted
- stream.runtime_created
- stream.runtime_expired
- session.opened
- session.closed
type: string
x-enum-comments:
EventDVRSegmentPruned: retention loop deleted an aged-out segment
Expand All @@ -774,8 +726,6 @@ definitions:
EventStreamUpdated: PUT /streams/{code} on existing record
x-enum-descriptions:
- ""
- ""
- ""
- PUT /streams/{code} on existing record
- ""
- ""
Expand Down Expand Up @@ -809,9 +759,12 @@ definitions:
- ""
- ""
- ""
- ""
- ""
- ""
- ""
- ""
x-enum-varnames:
- EventSessionOpened
- EventSessionClosed
- EventStreamCreated
- EventStreamUpdated
- EventStreamStarted
Expand Down Expand Up @@ -844,8 +797,13 @@ definitions:
- EventTemplateCreated
- EventTemplateUpdated
- EventTemplateDeleted
- EventPolicyCreated
- EventPolicyUpdated
- EventPolicyDeleted
- EventStreamRuntimeCreated
- EventStreamRuntimeExpired
- EventSessionOpened
- EventSessionClosed
domain.GlobalConfig:
properties:
auth:
Expand Down Expand Up @@ -1249,6 +1207,62 @@ definitions:
be resolved.
type: string
type: object
domain.Policy:
properties:
allow_countries:
items:
type: string
type: array
allow_ips:
description: |-
Static allow/deny chain. IPs accept exact addresses or CIDR ranges;
Countries are ISO 3166-1 alpha-2 codes (need a GeoIP DB — see
SessionsConfig.GeoIPDBPath); UserAgents match case-insensitive substring;
AllowedDomains match the Referer host (exact or parent domain).
items:
type: string
type: array
allow_user_agents:
items:
type: string
type: array
allowed_domains:
items:
type: string
type: array
code:
description: Code is the unique key chosen by the operator.
type: string
deny_countries:
items:
type: string
type: array
deny_ips:
items:
type: string
type: array
deny_user_agents:
items:
type: string
type: array
description:
type: string
name:
description: Name and Description are operator-facing metadata.
type: string
require_token:
description: |-
RequireToken makes a valid signed playback token mandatory. The server
only VERIFIES tokens; clients mint them with TokenSecret — see
internal/mediaauth.SignToken for the canonical token format.
type: boolean
token_secret:
description: |-
TokenSecret is this policy's HMAC-SHA256 verification key. Required when
RequireToken is true. Each policy owns its own secret so revoking one
policy's key never affects another.
type: string
type: object
domain.PushDestination:
properties:
comment:
Expand Down Expand Up @@ -1464,10 +1478,11 @@ definitions:
keep their own Name / Description fields — the template metadata is
for operator-facing tooling, not for downstream consumers.
type: string
playback_auth:
playback_policy:
description: |-
PlaybackAuth is the media-auth policy ("public"/"token") inherited by
streams referencing this template. Empty = inherit global default.
PlaybackPolicy is the media-auth Policy code inherited by streams
referencing this template (see domain.Policy). Empty = no policy
(inheriting streams stay public unless they set their own).
type: string
prefixes:
description: |-
Expand Down Expand Up @@ -2500,6 +2515,112 @@ paths:
summary: Test hook delivery
tags:
- hooks
/policies:
get:
produces:
- application/json
responses:
"200":
description: OK
schema:
additionalProperties: true
type: object
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/apidocs.ErrorBody'
summary: List media-auth policies
tags:
- policies
/policies/{code}:
delete:
parameters:
- description: Policy code
in: path
name: code
required: true
type: string
produces:
- application/json
responses:
"204":
description: No Content
"404":
description: Not Found
schema:
$ref: '#/definitions/apidocs.ErrorBody'
"409":
description: Conflict
schema:
$ref: '#/definitions/apidocs.ErrorBody'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/apidocs.ErrorBody'
summary: Delete media-auth policy
tags:
- policies
get:
parameters:
- description: Policy code
in: path
name: code
required: true
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
additionalProperties: true
type: object
"404":
description: Not Found
schema:
$ref: '#/definitions/apidocs.ErrorBody'
summary: Get media-auth policy
tags:
- policies
post:
consumes:
- application/json
parameters:
- description: Policy code
in: path
name: code
required: true
type: string
- description: Policy configuration
in: body
name: body
required: true
schema:
$ref: '#/definitions/domain.Policy'
produces:
- application/json
responses:
"200":
description: OK
schema:
additionalProperties: true
type: object
"201":
description: Created
schema:
additionalProperties: true
type: object
"400":
description: Bad Request
schema:
$ref: '#/definitions/apidocs.ErrorBody'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/apidocs.ErrorBody'
summary: Create or update media-auth policy
tags:
- policies
/readyz:
get:
description: Returns 200 when the server accepts traffic (basic check).
Expand Down
Loading