From 88316e701761bfad0ce4af6eb28b862ea3e74c4c Mon Sep 17 00:00:00 2001 From: Deivid Soto Date: Tue, 26 May 2026 20:39:57 +0200 Subject: [PATCH] feat(funnel): cloudflare quick tunnel embedded subprocess (0.9.5) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Gives the daemon a public HTTPS hostname (`https://.trycloudflare.com`) so the in-browser player on torrentclaw.com plays cross-network without Tailscale or port forwarding — the mixed-content block that was breaking HTTPS-page → HTTP-daemon fetches is gone. Bytes proxy through CloudFlare, never through TorrentClaw infra (preserves the aggregator legal posture). New surface: • `internal/funnel/` package: subprocess wrapper + auto-download for cloudflared. Linux amd64/arm64/armhf/386 fetched from GitHub releases on first run, validated by ELF magic + size sanity, O_EXCL partial write so concurrent daemons don't clobber each other. • `unarr funnel on/off/status` cobra command (sibling of `unarr vpn`). • Daemon supervisor goroutine keeps cloudflared up across crashes + CF's ~6h Quick Tunnel rotation. Exponential backoff (2 s → 5 min). On exit the reported URL is cleared so the web stops handing out a dead host. • Wire: agent registers/syncs a FunnelURL field; web prefers it over Tailscale/LAN for in-browser playback (HlsStreamPlayer + Stremio addon). Default ON for fresh installs (NAS/Docker get it without terminal-in); existing configs that pre-date the feature stay off until the operator opts in with `unarr funnel on`. Docker image now bundles cloudflared (built per TARGETARCH via buildx). Also fixed: libx264 'frame MB size > level limit' on anamorphic >16:9 sources. The level we hint to libx264 was derived from height alone, which busted on 720p cinemascope (1728×720 = 4860 MBs > level 3.1's 3600). Bumped each tier: 720p → 4.0, 1080p → 4.1. Version: 0.9.4 → 0.9.5. --- CHANGELOG.md | 38 +++++++ Dockerfile | 19 +++- README.md | 58 +++++++++++ internal/agent/daemon.go | 18 ++++ internal/agent/state.go | 5 + internal/agent/sync.go | 6 ++ internal/agent/types.go | 5 + internal/cmd/daemon.go | 61 ++++++++++++ internal/cmd/funnel.go | 165 ++++++++++++++++++++++++++++++ internal/cmd/root.go | 3 + internal/cmd/version.go | 2 +- internal/config/config.go | 23 +++++ internal/engine/hwaccel.go | 22 ++-- internal/funnel/funnel.go | 199 +++++++++++++++++++++++++++++++++++++ internal/funnel/install.go | 167 +++++++++++++++++++++++++++++++ 15 files changed, 778 insertions(+), 13 deletions(-) create mode 100644 internal/cmd/funnel.go create mode 100644 internal/funnel/funnel.go create mode 100644 internal/funnel/install.go diff --git a/CHANGELOG.md b/CHANGELOG.md index dfc0f79..38118cb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,44 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [0.9.5] - 2026-05-26 + +### Added + +- **funnel**: optional CloudFlare Quick Tunnel subprocess. `unarr funnel on` + spawns `cloudflared` as a child process and registers an anonymous + `https://.trycloudflare.com` hostname tunnelled to the daemon's + HLS server. The hostname is reported back to the web on every sync so the + in-browser player picks it up automatically — cross-network playback now + works on torrentclaw.com without Tailscale or port forwarding. Bytes + proxy through CloudFlare; TorrentClaw still doesn't relay content. +- **funnel**: on by default for fresh installs (NAS/Docker get cross-network + HTTPS automatically); existing configs that pre-date the feature stay + off until the operator runs `unarr funnel on`. +- **funnel**: auto-downloads cloudflared to the unarr data dir when not on + PATH (Linux amd64/arm64/armhf/386). ELF magic + size sanity check on the + download; `O_EXCL` partial-write so concurrent daemons don't clobber + each other. +- **funnel**: subprocess supervisor keeps the tunnel up across cloudflared + crashes + CF's ~6h Quick Tunnel rotation. Exponential backoff (2 s → 5 min) + on persistent failures. The web's reported URL is cleared the moment + cloudflared exits so an outdated hostname doesn't keep handing out 502s. +- **funnel**: `unarr funnel status` shows the live URL once registered. + See README §`[downloads.funnel]` for the throughput / latency caveats of + CF's free Quick Tunnels. +- **docker**: the official `torrentclaw/unarr` image now bundles + `cloudflared` so the funnel works the moment the container starts — no + first-run download. + +### Fixed + +- **hls/libx264**: bump the H.264 level we hint to libx264 by one tier so + anamorphic (>16:9) sources stop emitting unplayable streams. 720p at + level 3.1 silently rejected 1728×720 cinemascope frames with + `frame MB size > level limit`; 720p now ships at level 4.0, 1080p at 4.1. + Decoder compatibility is unaffected — every device that handles 1080p + already handles ≥ 4.1. + ## [0.9.4] - 2026-05-26 ### Removed diff --git a/Dockerfile b/Dockerfile index 1773622..64ea4e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,10 +21,23 @@ FROM alpine:3.22 # Use Alpine's native musl ffmpeg + ffprobe instead of the johnvansickle / # BtbN static glibc builds — those need a glibc shim on Alpine and the # vector-math symbols the GPL builds reference are not satisfiable by -# gcompat. Alpine ships ffmpeg ~7.x which is fine for the WebRTC -# transcoding pipeline (libx264 + libfdk-aac alternatives included). +# gcompat. Alpine ships ffmpeg ~7.x which is fine for the HLS transcoding +# pipeline (libx264 + libfdk-aac alternatives included). RUN apk upgrade --no-cache && \ - apk add --no-cache ca-certificates tzdata ffmpeg + apk add --no-cache ca-certificates tzdata ffmpeg wget + +# Bundle cloudflared so `unarr funnel on` (default: on, see config defaults) +# Just Works on a headless container with no first-run network round-trip. +# TARGETARCH is set automatically by Docker buildx during cross-builds. +ARG TARGETARCH=amd64 +RUN case "$TARGETARCH" in \ + amd64) CF_ARCH=amd64 ;; \ + arm64) CF_ARCH=arm64 ;; \ + arm) CF_ARCH=armhf ;; \ + *) echo "unsupported TARGETARCH=$TARGETARCH" >&2; exit 1 ;; \ + esac && \ + wget -qO /usr/local/bin/cloudflared "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-$CF_ARCH" && \ + chmod +x /usr/local/bin/cloudflared # Non-root user (UID 1000 matches typical host user for volume permissions) RUN addgroup -g 1000 unarr && adduser -u 1000 -G unarr -D -h /home/unarr unarr diff --git a/README.md b/README.md index e1cc6e3..4129ffb 100644 --- a/README.md +++ b/README.md @@ -476,6 +476,64 @@ with a clear error — install ffmpeg or set `enabled = false`. See the [VPN](#vpn) section above for how it works (split-tunnel, no root) and how to protect your other devices. +#### `[downloads.funnel]` — public HTTPS hostname for the daemon (CloudFlare Quick Tunnel) + +```toml +[downloads.funnel] +enabled = false # off by default +``` + +| Key | Type | Default | Notes | +|-----|------|---------|-------| +| `enabled` | bool | `false` | Spawns `cloudflared tunnel --url http://localhost:` as a child process at daemon startup. Toggle with `unarr funnel on` / `off`. Requires `cloudflared` on PATH. | + +**What it does.** Without a tunnel, the daemon is reachable on `localhost`, +your LAN, and (if installed) Tailscale. That covers the same-machine and +Tailscale-connected cases, but the **browser-based player on torrentclaw.com +fails on any other network** because HTTPS pages can't fetch HTTP resources +("mixed content"). Enabling the funnel gives the daemon a public +`https://.trycloudflare.com` hostname so the web player picks it up +and playback works from anywhere — phone on cellular, friend's laptop on a +foreign Wi-Fi, anywhere. The Stremio addon already works cross-network +(native mpv/VLC players ignore CORS), so this is strictly a web-player fix. + +**Privacy posture.** Bytes pass through CloudFlare's edge — TorrentClaw never +relays content (we don't see your traffic), CloudFlare does. Quick Tunnels +are **anonymous** (no CF account required); the registration is unauthenticated +and the hostname is a random label, but CF logs request metadata like any CDN +would. If you want zero third-party byte access, use Tailscale instead. + +**Limitations (free Quick Tunnels).** +| Aspect | Limit | +|--------|-------| +| Session lifetime | ~6 hours, then the hostname rotates. cloudflared re-registers automatically; the web picks up the new URL on the next sync. In-flight HLS sessions break across the rotation (browser retries). | +| Bandwidth | No documented hard cap, but CF reserves the right to throttle. 1080p HLS (~6 Mbps) is fine; 4K HEVC at 25 Mbps may hit throttling. | +| Latency | +20–80 ms vs direct LAN/Tailscale (extra hop browser → CF edge → tunnel). HLS player buffer absorbs it. | +| Concurrency | One tunnel serves N viewers. CF rate-limits ~200 req/s, plenty for HLS segments. | +| TOS | CloudFlare flags Quick Tunnels as "not for production traffic". They can decommission an abusive tunnel without notice. | + +For heavy / high-throughput / persistent-URL use cases, switch to a CloudFlare +Named Tunnel (free, needs a CF account) or run your own reverse proxy — both +out of scope for the bundled command. + +**Disable.** `unarr funnel off` flips `enabled` to `false` in the TOML and +prompts you to restart the daemon. You can also edit `config.toml` directly: + +```toml +[downloads.funnel] +enabled = false +``` + +**Install cloudflared.** +- Linux: `apt install cloudflared` (after adding CF's apt repo) — see + . Or pull the static binary from + . +- macOS: `brew install cloudflared`. +- Windows: `winget install --id Cloudflare.cloudflared`. + +If `cloudflared` is not on PATH the daemon logs a warning at startup and +falls back to LAN/Tailscale-only reachability. + ### Environment variables Environment variables override config file values: diff --git a/internal/agent/daemon.go b/internal/agent/daemon.go index d0b1458..109dfbb 100644 --- a/internal/agent/daemon.go +++ b/internal/agent/daemon.go @@ -55,6 +55,10 @@ type Daemon struct { vpnMode string vpnServer string + // CloudFlare Quick Tunnel public URL; folded into DaemonState + heartbeat + // so the web can prefer it over Tailscale/LAN for in-browser playback. + funnelURL string + // Watching tracks whether a user is viewing download progress in the web UI. Watching atomic.Bool @@ -85,6 +89,15 @@ func (d *Daemon) SetVPNState(active bool, mode, server string) { d.vpnServer = server } +// SetFunnelURL records the CloudFlare Quick Tunnel hostname so it's reflected +// in the daemon state file (read by `unarr funnel status`) and in heartbeat +// requests (so the web prefers it over Tailscale/LAN). Pass "" to clear. +func (d *Daemon) SetFunnelURL(url string) { + d.funnelURL = url + d.State.FunnelURL = url + WriteState(&d.State) +} + // UpdateStreamPort updates the stream port reported in sync requests. func (d *Daemon) UpdateStreamPort(port int) { d.cfg.StreamPort = port @@ -109,6 +122,7 @@ func (d *Daemon) Register(ctx context.Context) error { VPNActive: d.vpnActive, VPNMode: d.vpnMode, VPNServer: d.vpnServer, + FunnelURL: d.funnelURL, } if free, total, err := DiskInfo(d.cfg.DownloadDir); err == nil { req.DiskFreeBytes = free @@ -162,6 +176,7 @@ func (d *Daemon) Register(ctx context.Context) error { VPNActive: d.vpnActive, VPNMode: d.vpnMode, VPNServer: d.vpnServer, + FunnelURL: d.funnelURL, } WriteState(&d.State) @@ -234,6 +249,9 @@ func (d *Daemon) Run(ctx context.Context) error { d.sync.GetVPNState = func() (bool, string, string) { return d.vpnActive, d.vpnMode, d.vpnServer } + d.sync.GetFunnelURL = func() string { + return d.funnelURL + } d.sync.OnSyncSuccess = func() { d.State.LastHeartbeat = time.Now() if d.GetActiveCount != nil { diff --git a/internal/agent/state.go b/internal/agent/state.go index 1de71bf..1f00033 100644 --- a/internal/agent/state.go +++ b/internal/agent/state.go @@ -29,6 +29,11 @@ type DaemonState struct { VPNActive bool `json:"vpnActive,omitempty"` VPNMode string `json:"vpnMode,omitempty"` // managed | self-hosted VPNServer string `json:"vpnServer,omitempty"` // WireGuard endpoint (ip:port) + + // CloudFlare Quick Tunnel state, so `unarr funnel status` can report the + // HTTPS hostname the daemon is reachable at from anywhere on the internet. + // Empty when the funnel is off or hasn't registered yet. + FunnelURL string `json:"funnelUrl,omitempty"` } // stateFilePathFn is overridable for testing. diff --git a/internal/agent/sync.go b/internal/agent/sync.go index c28c65f..ac856a5 100644 --- a/internal/agent/sync.go +++ b/internal/agent/sync.go @@ -40,6 +40,9 @@ type SyncClient struct { // WireGuard tunnel is up, the mode, and the exit server) so the web can track // which agent holds the single WG slot. GetVPNState func() (active bool, mode, server string) + // GetFunnelURL returns the CloudFlare Quick Tunnel public hostname if one + // is active, else "". Sent on every sync so the web picks it up live. + GetFunnelURL func() string // OnDeleteFiles is called when the server requests file deletion from disk. // It should delete the files and return the IDs of successfully deleted items. OnDeleteFiles func(items []LibraryDeleteRequest) []int @@ -162,6 +165,9 @@ func (sc *SyncClient) buildRequest() SyncRequest { if sc.GetVPNState != nil { req.VPNActive, req.VPNMode, req.VPNServer = sc.GetVPNState() } + if sc.GetFunnelURL != nil { + req.FunnelURL = sc.GetFunnelURL() + } // Flush confirmed deletions from previous cycle. // Once flushed, remove IDs from deleteInFlight — the server will stop sending // them after this sync, so deduplication protection is no longer needed. diff --git a/internal/agent/types.go b/internal/agent/types.go index 72e8af5..00802bc 100644 --- a/internal/agent/types.go +++ b/internal/agent/types.go @@ -34,6 +34,9 @@ type RegisterRequest struct { VPNActive bool `json:"vpnActive"` VPNMode string `json:"vpnMode,omitempty"` // managed | self-hosted VPNServer string `json:"vpnServer,omitempty"` + // CloudFlare Quick Tunnel hostname when enabled; the web prefers it over + // Tailscale/LAN for in-browser playback because it works on any network. + FunnelURL string `json:"funnelUrl,omitempty"` } // RegisterResponse is returned by the server after registration. @@ -359,6 +362,8 @@ type SyncRequest struct { VPNActive bool `json:"vpnActive"` VPNMode string `json:"vpnMode,omitempty"` VPNServer string `json:"vpnServer,omitempty"` + // CloudFlare Quick Tunnel hostname when enabled, else empty. + FunnelURL string `json:"funnelUrl,omitempty"` } // ControlAction represents a server-side control signal for a task. diff --git a/internal/cmd/daemon.go b/internal/cmd/daemon.go index 84c458c..6c00e95 100644 --- a/internal/cmd/daemon.go +++ b/internal/cmd/daemon.go @@ -17,6 +17,7 @@ import ( "github.com/torrentclaw/unarr/internal/agent" "github.com/torrentclaw/unarr/internal/config" "github.com/torrentclaw/unarr/internal/engine" + "github.com/torrentclaw/unarr/internal/funnel" "github.com/torrentclaw/unarr/internal/library" "github.com/torrentclaw/unarr/internal/library/mediainfo" "github.com/torrentclaw/unarr/internal/usenet/download" @@ -303,6 +304,15 @@ func runDaemonStart() error { } d.UpdateStreamPort(streamSrv.Port()) + // CloudFlare Quick Tunnel — needs the ACTUAL listening port (the + // configured port may have been busy and bumped). Spawning here ensures + // cloudflared --url points at the right socket. Failures degrade to + // Tailscale/LAN only; the supervisor keeps the tunnel up across CF's + // periodic rotation + transient cloudflared crashes. + if cfg.Download.Funnel.Enabled { + go superviseFunnel(ctx, d, streamSrv.Port()) + } + // Warn at startup if transcode is enabled but ffmpeg/ffprobe are missing. // HLS sessions get rejected at runtime (see daemon.go ~line 455), but // surfacing it here gives the operator a chance to install ffmpeg before @@ -773,3 +783,54 @@ func runAutoScan(ctx context.Context, cfg config.Config, interval time.Duration, } } } + +// superviseFunnel keeps a CloudFlare Quick Tunnel up across cloudflared +// crashes and CF's ~6h tunnel rotation. On a clean exit (cancellation) it +// returns; on a crash it clears the reported URL and respawns with an +// exponential backoff so we don't hammer cloudflared into a tight loop when +// it can't reach the CF edge. +func superviseFunnel(ctx context.Context, d *agent.Daemon, port int) { + backoff := 2 * time.Second + const maxBackoff = 5 * time.Minute + for ctx.Err() == nil { + t, err := funnel.Start(ctx, funnel.Config{Port: port}) + if err != nil { + log.Printf("[funnel] could not start CloudFlare tunnel (%v) — retrying in %s", err, backoff) + select { + case <-time.After(backoff): + case <-ctx.Done(): + return + } + backoff = min(backoff*2, maxBackoff) + continue + } + log.Printf("[funnel] cloudflared started, waiting for public URL...") + go func() { + url, werr := t.WaitURL(45 * time.Second) + if werr != nil { + log.Printf("[funnel] cloudflared did not emit a URL (%v)", werr) + return + } + log.Printf("[funnel] public URL: %s", url) + d.SetFunnelURL(url) + }() + // Block until cloudflared exits (CF rotation, crash, or shutdown). + exitErr := <-t.Done() + _ = t.Close() + d.SetFunnelURL("") + if ctx.Err() != nil { + return + } + if exitErr != nil { + log.Printf("[funnel] cloudflared exited: %v — restarting in %s", exitErr, backoff) + } else { + log.Printf("[funnel] cloudflared exited cleanly — restarting in %s", backoff) + } + select { + case <-time.After(backoff): + case <-ctx.Done(): + return + } + backoff = min(backoff*2, maxBackoff) + } +} diff --git a/internal/cmd/funnel.go b/internal/cmd/funnel.go new file mode 100644 index 0000000..5ce793d --- /dev/null +++ b/internal/cmd/funnel.go @@ -0,0 +1,165 @@ +package cmd + +import ( + "fmt" + + "github.com/fatih/color" + "github.com/spf13/cobra" + "github.com/torrentclaw/unarr/internal/agent" + "github.com/torrentclaw/unarr/internal/config" +) + +func newFunnelCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "funnel", + Short: "Expose the daemon over a public HTTPS hostname via CloudFlare Quick Tunnel", + Long: `Turn the CloudFlare Quick Tunnel on/off and check its status. + +When on, the daemon spawns cloudflared as a child process and registers a +` + "`https://.trycloudflare.com`" + ` hostname tunnelled to its local +HLS server. The torrentclaw.com / torrentclaw.to web player picks the tunnel +URL first so cross-network playback works from any browser without Tailscale +or port forwarding. + +Trade-offs: + • Bytes proxy through CloudFlare. We don't relay; CF does. Preserves the + TorrentClaw legal posture but means CF sees your traffic shape. + • Quick Tunnels are anonymous — no CF account required. + • Hostname is random per session and rotates roughly every 6 h. + +Requires the cloudflared binary on PATH. Install: + Linux : https://pkg.cloudflare.com (apt) or download from + https://github.com/cloudflare/cloudflared/releases + macOS : brew install cloudflared + Windows: winget install --id Cloudflare.cloudflared`, + Example: ` unarr funnel status # is the tunnel up? what's the URL? + unarr funnel on # turn it on + unarr funnel off # turn it off`, + RunE: func(cmd *cobra.Command, args []string) error { + return cmd.Help() + }, + } + cmd.AddCommand(newFunnelStatusCmd(), newFunnelOnCmd(), newFunnelOffCmd()) + return cmd +} + +func newFunnelStatusCmd() *cobra.Command { + return &cobra.Command{ + Use: "status", + Short: "Show CloudFlare tunnel configuration + live URL", + Example: " unarr funnel status", + RunE: func(cmd *cobra.Command, args []string) error { + return runFunnelStatus() + }, + } +} + +func runFunnelStatus() error { + bold := color.New(color.Bold) + dim := color.New(color.FgHiBlack) + green := color.New(color.FgGreen) + yellow := color.New(color.FgYellow) + cyan := color.New(color.FgCyan) + + cfg := loadConfig() + + fmt.Println() + bold.Println(" CloudFlare Quick Tunnel") + fmt.Println() + + if !cfg.Download.Funnel.Enabled { + dim.Println(" Mode: off") + fmt.Println() + dim.Println(" Enable with `unarr funnel on` to give the daemon a public HTTPS URL") + dim.Println(" so cross-network browser playback works without Tailscale.") + fmt.Println() + return nil + } + cyan.Println(" Mode: on") + + state := agent.ReadState() + alive := state != nil && isDaemonAlive(state) + fmt.Println() + switch { + case alive && state.FunnelURL != "": + green.Println(" ✓ Tunnel ACTIVE") + fmt.Printf(" URL: %s\n", state.FunnelURL) + fmt.Println() + dim.Println(" This URL rotates roughly every 6 h. The web player picks it up") + dim.Println(" automatically — no action needed on your side.") + case alive: + yellow.Println(" ⚠ Daemon is running but the tunnel hasn't registered yet.") + dim.Println(" Check `unarr daemon logs` for a [funnel] line. Common cause:") + dim.Println(" cloudflared isn't installed on PATH.") + default: + dim.Println(" Daemon not running — start it (`unarr start`) to bring the tunnel up.") + } + fmt.Println() + return nil +} + +func newFunnelOnCmd() *cobra.Command { + return &cobra.Command{ + Use: "on", + Short: "Turn the CloudFlare tunnel on", + Example: " unarr funnel on", + RunE: func(cmd *cobra.Command, args []string) error { + return setFunnelEnabled(true) + }, + } +} + +func newFunnelOffCmd() *cobra.Command { + return &cobra.Command{ + Use: "off", + Short: "Turn the CloudFlare tunnel off", + Example: " unarr funnel off", + RunE: func(cmd *cobra.Command, args []string) error { + return setFunnelEnabled(false) + }, + } +} + +func setFunnelEnabled(enabled bool) error { + green := color.New(color.FgGreen) + dim := color.New(color.FgHiBlack) + + cfg := loadConfig() + if cfg.Download.Funnel.Enabled == enabled { + fmt.Println() + dim.Printf(" Tunnel is already %s — nothing to do.\n", onOffWord(enabled)) + fmt.Println() + return nil + } + + cfg.Download.Funnel.Enabled = enabled + + configPath := config.FilePath() + if cfgFile != "" { + configPath = cfgFile + } + if err := config.Save(cfg, configPath); err != nil { + return fmt.Errorf("save config: %w", err) + } + appCfg = cfg + + fmt.Println() + green.Printf(" ✓ CloudFlare tunnel %s.\n", onOffWord(enabled)) + + // Subprocess is launched/torn down by the daemon at startup; a plain config + // reload does not bring it up. Prompt for a restart when the daemon is alive. + if state := agent.ReadState(); state != nil && isDaemonAlive(state) { + fmt.Println() + dim.Println(" The daemon is running. Restart it for this to take effect:") + dim.Println(" unarr daemon restart") + } + fmt.Println() + return nil +} + +func onOffWord(enabled bool) string { + if enabled { + return "on" + } + return "off" +} diff --git a/internal/cmd/root.go b/internal/cmd/root.go index 55786fb..b28ec92 100644 --- a/internal/cmd/root.go +++ b/internal/cmd/root.go @@ -105,6 +105,8 @@ Source: https://github.com/torrentclaw/unarr`, daemonCmd.GroupID = "daemon" vpnCmd := newVPNCmd() vpnCmd.GroupID = "daemon" + funnelCmd := newFunnelCmd() + funnelCmd.GroupID = "daemon" // System & Diagnostics statsCmd := newStatsCmd() @@ -149,6 +151,7 @@ Source: https://github.com/torrentclaw/unarr`, statusCmd, daemonCmd, vpnCmd, + funnelCmd, // System & Diagnostics statsCmd, doctorCmd, diff --git a/internal/cmd/version.go b/internal/cmd/version.go index 4cd7a03..3009c5a 100644 --- a/internal/cmd/version.go +++ b/internal/cmd/version.go @@ -1,4 +1,4 @@ package cmd // Version is the CLI version. Overridden by goreleaser ldflags at release time. -var Version = "0.9.4" +var Version = "0.9.5" diff --git a/internal/config/config.go b/internal/config/config.go index 6e65df8..12573b4 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -53,6 +53,16 @@ type DownloadConfig struct { CORSExtraOrigins []string `toml:"cors_extra_origins"` // extra browser origins added on top of the baked-in allowlist (torrentclaw.com, app.torrentclaw.com, localhost:3030) Transcode TranscodeConfig `toml:"transcode"` VPN VPNConfig `toml:"vpn"` + Funnel FunnelConfig `toml:"funnel"` +} + +// FunnelConfig gates the optional CloudFlare Quick Tunnel that exposes the +// daemon's HLS server over a public HTTPS hostname (https://.try +// cloudflare.com). Enabling it lets the web player on torrentclaw.com play +// from this daemon across any network without Tailscale or a public IP — +// the cost is that bytes proxy through CloudFlare's network. Off by default. +type FunnelConfig struct { + Enabled bool `toml:"enabled"` } // VPNConfig gates the managed-VPN add-on split-tunnel. When enabled, the daemon @@ -139,6 +149,13 @@ func Default() Config { AudioBitrate: "192k", MaxConcurrent: 2, }, + Funnel: FunnelConfig{ + // On by default so headless installs (NAS / Docker) get cross-network + // HTTPS playback without anyone having to terminal in. Users who + // don't want bytes proxied through CloudFlare can opt out with + // `unarr funnel off` (sets enabled=false in the TOML). + Enabled: true, + }, }, Organize: OrganizeConfig{ Enabled: true, @@ -227,6 +244,12 @@ func applyDefaults(cfg *Config, meta toml.MetaData) { if !meta.IsDefined("downloads", "transcode", "max_concurrent") { cfg.Download.Transcode.MaxConcurrent = 2 } + // NOTE: Funnel default-ON only applies to fresh installs (no config file → + // Default() returns Funnel.Enabled=true straight off). When an existing + // config file lacks `[downloads.funnel]` entirely we intentionally do NOT + // flip it on here — that would silently route an upgraded operator's + // traffic through CloudFlare without their consent. They opt in with + // `unarr funnel on` whenever they're ready. } // Save writes config to the default or specified path using atomic write. diff --git a/internal/engine/hwaccel.go b/internal/engine/hwaccel.go index 886a295..7108379 100644 --- a/internal/engine/hwaccel.go +++ b/internal/engine/hwaccel.go @@ -129,12 +129,13 @@ func (h HWAccel) FFmpegVideoCodec(target string) string { } } -// H264LevelForHeight returns the lowest H.264 profile level capable of encoding -// a stream at the given output pixel height (assumes ~16:9, ≤30 fps). The -// previous code used a fixed "4.0" which silently rejects anything above 1080p -// — libx264 logs "frame MB size > level limit" and emits a corrupt stream. -// Returning a tighter level on smaller outputs keeps player compatibility on -// older devices where the encoder can't auto-pick. +// H264LevelForHeight returns the lowest H.264 profile level capable of +// encoding a stream at the given output pixel height. Each tier carries +// enough macroblock headroom to handle ANAMORPHIC content (up to ~2.4:1 +// cinemascope) at 30 fps — a fixed 16:9 assumption used to silently bust +// the level on a 720p movie shot in 2.4:1 (1728×720 = 4860 MBs > 3.1's +// 3600 limit; libx264 logs "frame MB size > level limit" and emits a +// corrupt stream). func H264LevelForHeight(height int) string { switch { case height <= 0: @@ -142,11 +143,14 @@ func H264LevelForHeight(height int) string { // re-introduce the silent-failure mode that motivated this helper. return "5.1" case height <= 480: - return "3.0" - case height <= 720: return "3.1" - case height <= 1080: + case height <= 720: + // 4.0 instead of 3.1: covers 720p anamorphic (e.g. 1728×720) + + // MB rate up to 245k/s (3.1 caps at 108k/s — broken at 24 fps). return "4.0" + case height <= 1080: + // 4.1 instead of 4.0: covers 1080p anamorphic + 30 fps (~245k MBs/s). + return "4.1" case height <= 1440: return "5.0" case height <= 2160: diff --git a/internal/funnel/funnel.go b/internal/funnel/funnel.go new file mode 100644 index 0000000..6a8640a --- /dev/null +++ b/internal/funnel/funnel.go @@ -0,0 +1,199 @@ +// Package funnel manages the optional CloudFlare Quick Tunnel subprocess +// that gives the daemon a public HTTPS hostname for cross-network playback +// from browser-based clients (web player on torrentclaw.com / torrentclaw.to). +// +// Why: HTTPS pages can't fetch HTTP resources (mixed content). Without a +// tunnel the daemon is only reachable from the same machine (localhost is +// exempt) or via Tailscale (which users can install themselves but most +// won't). CF Quick Tunnels are anonymous — no CF account, no DNS, no port +// forwarding — and assign a one-shot `https://.trycloudflare.com` +// URL. Bytes flow through CF, never through our infra (legal posture: we +// don't relay; CF does). +// +// Lifecycle: +// +// t, err := funnel.Start(ctx, funnel.Config{Port: 11819}) +// defer t.Close() +// url, err := t.WaitURL(30 * time.Second) // blocks until cloudflared emits the URL +// +// The tunnel runs until the context is cancelled or t.Close() is called. +package funnel + +import ( + "bufio" + "context" + "errors" + "fmt" + "io" + "os/exec" + "regexp" + "sync" + "time" +) + +// urlPattern matches the `https://.trycloudflare.com` URL cloudflared +// prints when a Quick Tunnel is registered. The hostname has a random +// hyphen-separated label followed by .trycloudflare.com. +var urlPattern = regexp.MustCompile(`https://[a-z0-9-]+\.trycloudflare\.com`) + +// Config controls how the tunnel is launched. +type Config struct { + // Port is the local upstream port cloudflared will tunnel to. Required. + Port int + // Binary is the cloudflared executable path. When empty the package looks + // it up via $PATH. + Binary string +} + +// Tunnel is a handle on a running cloudflared Quick Tunnel. +type Tunnel struct { + cmd *exec.Cmd + cancel context.CancelFunc + urlCh chan string + exitCh chan error + mu sync.Mutex + url string + stopped bool +} + +// Start launches cloudflared as a subprocess. The returned *Tunnel exposes the +// public URL via WaitURL once cloudflared registers it (usually 2–5 s). +// +// The subprocess inherits the cancellation of the supplied context. Closing +// the *Tunnel sends SIGTERM and waits for the subprocess to exit. +func Start(ctx context.Context, cfg Config) (*Tunnel, error) { + if cfg.Port <= 0 { + return nil, fmt.Errorf("funnel: invalid Port %d", cfg.Port) + } + binary := cfg.Binary + if binary == "" { + resolved, err := ResolveBinary() + if err != nil { + return nil, err + } + binary = resolved + } + + subCtx, cancel := context.WithCancel(ctx) + // `--no-autoupdate` disables cloudflared's daily self-update check (the + // daemon manages binary rotation). `--metrics 127.0.0.1:0` suppresses the + // default `:9090` listener that would collide on a shared box. + cmd := exec.CommandContext(subCtx, binary, + "tunnel", + "--no-autoupdate", + "--metrics", "127.0.0.1:0", + "--url", fmt.Sprintf("http://localhost:%d", cfg.Port), + ) + + // cloudflared writes the connect log + assigned URL to stderr. + stderr, err := cmd.StderrPipe() + if err != nil { + cancel() + return nil, fmt.Errorf("funnel: pipe stderr: %w", err) + } + cmd.Stdout = io.Discard // quick tunnels print nothing useful on stdout + + if err := cmd.Start(); err != nil { + cancel() + return nil, fmt.Errorf("funnel: start cloudflared: %w", err) + } + + t := &Tunnel{ + cmd: cmd, + cancel: cancel, + urlCh: make(chan string, 1), + exitCh: make(chan error, 1), + } + + // Reader goroutine: scan cloudflared's stderr for the URL, surface the + // rest as a single string we don't try to interpret. + go t.scanStderr(stderr) + + // Waiter goroutine: signal exit so callers can react (e.g. restart). + go func() { + t.exitCh <- cmd.Wait() + }() + + return t, nil +} + +// WaitURL blocks until cloudflared has registered the tunnel and emitted the +// public URL, or `timeout` elapses, or the subprocess exits. The returned URL +// has the form `https://.trycloudflare.com`. +func (t *Tunnel) WaitURL(timeout time.Duration) (string, error) { + t.mu.Lock() + if t.url != "" { + u := t.url + t.mu.Unlock() + return u, nil + } + t.mu.Unlock() + + select { + case u := <-t.urlCh: + return u, nil + case err := <-t.exitCh: + if err == nil { + return "", errors.New("funnel: cloudflared exited before URL") + } + return "", fmt.Errorf("funnel: cloudflared exited: %w", err) + case <-time.After(timeout): + return "", fmt.Errorf("funnel: timed out waiting for URL after %s", timeout) + } +} + +// URL returns the assigned tunnel URL, or "" if not yet emitted. +func (t *Tunnel) URL() string { + t.mu.Lock() + defer t.mu.Unlock() + return t.url +} + +// Done returns a channel that closes once the subprocess exits. The error sent +// before close describes the exit reason (nil = clean shutdown via Close). +func (t *Tunnel) Done() <-chan error { + return t.exitCh +} + +// Close terminates the subprocess and waits for it to exit. Safe to call +// multiple times. +func (t *Tunnel) Close() error { + t.mu.Lock() + if t.stopped { + t.mu.Unlock() + return nil + } + t.stopped = true + t.mu.Unlock() + t.cancel() + // Drain the exit channel so the Wait goroutine doesn't leak. + select { + case <-t.exitCh: + case <-time.After(5 * time.Second): + } + return nil +} + +func (t *Tunnel) scanStderr(r io.Reader) { + scanner := bufio.NewScanner(r) + // Some cloudflared lines exceed the default 64KiB scanner buffer (when it + // prints connection diagnostics). Bump to 1MiB. + scanner.Buffer(make([]byte, 0, 64*1024), 1024*1024) + for scanner.Scan() { + line := scanner.Text() + if t.URL() == "" { + if m := urlPattern.FindString(line); m != "" { + t.mu.Lock() + t.url = m + t.mu.Unlock() + // Non-blocking send: if no one is listening, just drop — + // the URL field carries the value for any later WaitURL call. + select { + case t.urlCh <- m: + default: + } + } + } + } +} + diff --git a/internal/funnel/install.go b/internal/funnel/install.go new file mode 100644 index 0000000..1e827a4 --- /dev/null +++ b/internal/funnel/install.go @@ -0,0 +1,167 @@ +package funnel + +import ( + "bytes" + "errors" + "fmt" + "io" + "net/http" + "os" + "os/exec" + "path/filepath" + "runtime" + "time" + + "github.com/torrentclaw/unarr/internal/config" +) + +// ResolveBinary returns the path to a usable cloudflared executable, downloading +// one into the unarr data dir if neither $PATH nor the cached location has it. +// This makes the funnel feature usable on headless installs (NAS / Docker) +// where the user can't easily install cloudflared via the OS package manager. +// +// Resolution order: +// +// 1. cloudflared on $PATH (operator already installed it) +// 2. /bin/cloudflared (we cached it on a previous run) +// 3. download from GitHub releases (Linux-only fallback; macOS / Windows +// return a clear error pointing at brew / winget) +func ResolveBinary() (string, error) { + if p, err := exec.LookPath("cloudflared"); err == nil { + return p, nil + } + cached := cachedBinaryPath() + if _, err := os.Stat(cached); err == nil { + return cached, nil + } + return downloadCloudflared(cached) +} + +func cachedBinaryPath() string { + name := "cloudflared" + if runtime.GOOS == "windows" { + name += ".exe" + } + return filepath.Join(config.DataDir(), "bin", name) +} + +// downloadCloudflared fetches the latest cloudflared release asset matching +// the current GOOS/GOARCH into `dest`. Linux only — macOS/Windows return a +// pointer at the OS package manager. +// +// Supply-chain caveat: we trust GitHub-over-TLS + cloudflare/cloudflared +// repo integrity. The fetch is over HTTPS to api.github.com's release-asset +// redirector, so a network MITM is bounded by Let's Encrypt + GitHub's cert +// chain. We additionally verify the file is an ELF binary (Linux magic +// bytes) so a generic 404 HTML page or a wrong-arch tarball is rejected at +// rest. We do NOT verify a signature because Cloudflare doesn't sign release +// assets at the moment — if you need stricter integrity, install cloudflared +// from your distro's package manager (apt/brew/winget) and unarr will use +// the PATH copy. +func downloadCloudflared(dest string) (string, error) { + if runtime.GOOS != "linux" { + return "", fmt.Errorf("funnel: auto-download not supported on %s — install cloudflared manually or drop a binary at %s", runtime.GOOS, dest) + } + + var asset string + switch runtime.GOARCH { + case "amd64": + asset = "cloudflared-linux-amd64" + case "arm64": + asset = "cloudflared-linux-arm64" + case "arm": + asset = "cloudflared-linux-armhf" + case "386": + asset = "cloudflared-linux-386" + default: + return "", fmt.Errorf("funnel: unsupported linux arch %q — install cloudflared manually", runtime.GOARCH) + } + + url := "https://github.com/cloudflare/cloudflared/releases/latest/download/" + asset + if err := os.MkdirAll(filepath.Dir(dest), 0o755); err != nil { + return "", fmt.Errorf("funnel: create bin dir: %w", err) + } + + // O_EXCL so concurrent unarr-dev / prod daemons don't clobber each + // other's partial download. The loser gets EEXIST → falls back to + // polling for the winner to finish. + tmp := dest + ".partial" + out, err := os.OpenFile(tmp, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0o755) + if err != nil { + if errors.Is(err, os.ErrExist) { + // Another process is downloading. Wait briefly for them to finish. + for range 60 { + time.Sleep(time.Second) + if _, statErr := os.Stat(dest); statErr == nil { + return dest, nil + } + } + return "", fmt.Errorf("funnel: another download in progress at %s (timed out)", tmp) + } + return "", fmt.Errorf("funnel: open dest: %w", err) + } + + client := &http.Client{Timeout: 5 * time.Minute} + resp, err := client.Get(url) + if err != nil { + _ = out.Close() + _ = os.Remove(tmp) + return "", fmt.Errorf("funnel: download cloudflared: %w", err) + } + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { + _ = out.Close() + _ = os.Remove(tmp) + return "", fmt.Errorf("funnel: download cloudflared: HTTP %d from %s", resp.StatusCode, url) + } + + if _, err := io.Copy(out, resp.Body); err != nil { + _ = out.Close() + _ = os.Remove(tmp) + return "", fmt.Errorf("funnel: write dest: %w", err) + } + if err := out.Close(); err != nil { + _ = os.Remove(tmp) + return "", fmt.Errorf("funnel: close dest: %w", err) + } + + // Sanity check before promoting to : must be a Linux + // ELF executable (rejects 404 HTML pages or wrong-arch payloads) and at + // least 1 MB (real cloudflared is ~50 MB; anything smaller is corrupt). + if err := verifyLinuxElf(tmp); err != nil { + _ = os.Remove(tmp) + return "", fmt.Errorf("funnel: downloaded file failed sanity check: %w", err) + } + + if err := os.Rename(tmp, dest); err != nil { + _ = os.Remove(tmp) + return "", fmt.Errorf("funnel: rename dest: %w", err) + } + return dest, nil +} + +// verifyLinuxElf returns nil when the file at `path` starts with the ELF +// magic bytes and is at least 1 MB. Used as a low-cost guard against +// downloading an HTML error page or a wrong-arch payload. +func verifyLinuxElf(path string) error { + st, err := os.Stat(path) + if err != nil { + return err + } + if st.Size() < 1024*1024 { + return errors.New("file is suspiciously small (<1 MB)") + } + f, err := os.Open(path) + if err != nil { + return err + } + defer f.Close() + head := make([]byte, 4) + if _, err := io.ReadFull(f, head); err != nil { + return fmt.Errorf("read magic bytes: %w", err) + } + if !bytes.Equal(head, []byte{0x7f, 'E', 'L', 'F'}) { + return errors.New("not an ELF binary") + } + return nil +}