diff --git a/.github/workflows/ci.yml b/.forgejo/workflows/ci.yml similarity index 51% rename from .github/workflows/ci.yml rename to .forgejo/workflows/ci.yml index dd5fc7d..82ee799 100644 --- a/.github/workflows/ci.yml +++ b/.forgejo/workflows/ci.yml @@ -12,35 +12,26 @@ permissions: jobs: test: name: Test - runs-on: ubuntu-latest - strategy: - matrix: - go-version: ["1.25"] + runs-on: docker + container: + image: docker.io/library/golang:1.25 steps: - - uses: actions/checkout@v6 - - - name: Set up Go - uses: actions/setup-go@v6 - with: - go-version: ${{ matrix.go-version }} + - uses: actions/checkout@v4 - name: Run tests run: go test -v -race -count=1 ./... build: name: Build - runs-on: ubuntu-latest + runs-on: docker + container: + image: docker.io/library/golang:1.25 strategy: matrix: goos: [linux, darwin, windows] goarch: [amd64, arm64] steps: - - uses: actions/checkout@v6 - - - name: Set up Go - uses: actions/setup-go@v6 - with: - go-version: "1.25" + - uses: actions/checkout@v4 - name: Build env: @@ -50,30 +41,30 @@ jobs: lint: name: Lint - runs-on: ubuntu-latest + runs-on: docker + container: + image: docker.io/library/golang:1.25 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v4 - - name: Set up Go - uses: actions/setup-go@v6 - with: - go-version: "1.25" + - name: Install golangci-lint + run: | + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/v2.11.4/install.sh \ + | sh -s -- -b /usr/local/bin v2.11.4 - name: Run golangci-lint - uses: golangci/golangci-lint-action@v9 - with: - version: v2.11.4 + run: golangci-lint run ./... coverage: name: Coverage - runs-on: ubuntu-latest + runs-on: docker + container: + image: docker.io/library/golang:1.25 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v4 - - name: Set up Go - uses: actions/setup-go@v6 - with: - go-version: "1.25" + - name: Install python3 + run: apt-get update && apt-get install -y --no-install-recommends python3 - name: Run tests with coverage (all packages) run: | @@ -86,14 +77,11 @@ jobs: run: | # Threshold applies only to engine and agent — cmd contains interactive UI # commands (config menus, daemon, auth browser) that are not unit-testable. - # WebRTC files are excluded: deprecated, slated for removal in 0.9.0. go test -race -coverprofile=coverage-core.out -covermode=atomic \ ./internal/engine/... \ ./internal/agent/... - # Strip webrtc lines from the profile before computing the threshold. - grep -v '/internal/engine/webrtc' coverage-core.out > coverage-core-filtered.out - COVERAGE=$(go tool cover -func=coverage-core-filtered.out | grep ^total | awk '{print $3}' | tr -d '%') - echo "Coverage on engine+agent (excluding webrtc): ${COVERAGE}%" + COVERAGE=$(go tool cover -func=coverage-core.out | grep ^total | awk '{print $3}' | tr -d '%') + echo "Coverage on engine+agent: ${COVERAGE}%" python3 -c " coverage = float('${COVERAGE}') threshold = 50.0 @@ -105,24 +93,13 @@ jobs: print('OK: Coverage meets minimum threshold') " - - name: Upload coverage to Codecov - uses: codecov/codecov-action@v6 - with: - files: ./coverage.out - fail_ci_if_error: false - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - vet: name: Vet - runs-on: ubuntu-latest + runs-on: docker + container: + image: docker.io/library/golang:1.25 steps: - - uses: actions/checkout@v6 - - - name: Set up Go - uses: actions/setup-go@v6 - with: - go-version: "1.25" + - uses: actions/checkout@v4 - name: Run go vet run: go vet ./... diff --git a/.forgejo/workflows/docker-rebuild.yml b/.forgejo/workflows/docker-rebuild.yml new file mode 100644 index 0000000..34cc3d6 --- /dev/null +++ b/.forgejo/workflows/docker-rebuild.yml @@ -0,0 +1,61 @@ +# Rebuilds and re-pushes the `latest` image without a version bump so newly +# *fixed* Alpine / ffmpeg / Go patches land between tagged releases. Versioned +# tags are immutable and never touched here. Runs weekly and on demand. +name: Docker rebuild + +on: + schedule: + # Mondays 04:17 UTC (off the hour to avoid the scheduler rush) + - cron: "17 4 * * 1" + workflow_dispatch: + +jobs: + rebuild: + runs-on: docker + container: + image: docker.io/library/docker:27-cli + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install build deps + run: apk add --no-cache curl git bash + + - name: Install buildx + run: | + mkdir -p ~/.docker/cli-plugins + curl -sSL https://github.com/docker/buildx/releases/latest/download/buildx-linux-amd64 \ + -o ~/.docker/cli-plugins/docker-buildx + chmod +x ~/.docker/cli-plugins/docker-buildx + + - name: Set up qemu + run: docker run --rm --privileged tonistiigi/binfmt --install all + + # Stamp the binary with the most recent release tag (not "dev"). + - name: Resolve version + id: ver + run: | + v=$(git describe --tags --abbrev=0 2>/dev/null || echo dev) + echo "version=$v" >> "$GITHUB_OUTPUT" + + - name: Login to Docker Hub + env: + DH_USER: ${{ secrets.DOCKERHUB_USERNAME }} + DH_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + run: echo "$DH_TOKEN" | docker login -u "$DH_USER" --password-stdin + + - name: Build + push (refresh latest) + env: + VERSION: ${{ steps.ver.outputs.version }} + run: | + docker buildx create --name builder --use --driver docker-container + # Refresh the floating tag only — never overwrite a versioned release. + # Force a fresh base pull so apk upgrade picks up new patches. + docker buildx build \ + --platform linux/amd64,linux/arm64 \ + --build-arg "VERSION=$VERSION" \ + --tag "torrentclaw/unarr:latest" \ + --no-cache \ + --push \ + . diff --git a/.forgejo/workflows/release.yml b/.forgejo/workflows/release.yml new file mode 100644 index 0000000..d757612 --- /dev/null +++ b/.forgejo/workflows/release.yml @@ -0,0 +1,118 @@ +name: Release + +on: + push: + tags: + - "v*" + workflow_dispatch: + +permissions: + contents: write + +jobs: + release: + runs-on: docker + container: + image: docker.io/library/golang:1.25 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install build deps (bash, curl, jq, ffmpeg fetch deps) + run: | + apt-get update + apt-get install -y --no-install-recommends bash curl ca-certificates jq xz-utils unzip + + - name: Install goreleaser + run: | + curl -sSfL https://github.com/goreleaser/goreleaser/releases/latest/download/goreleaser_Linux_x86_64.tar.gz \ + | tar -xz -C /usr/local/bin goreleaser + + - name: Run goreleaser + env: + # Forgejo runner auto-injects GITHUB_TOKEN (a per-job, instance-scoped + # token usable against the Forgejo REST API). goreleaser only accepts + # one token; with both GITHUB_TOKEN + GITEA_TOKEN set it errors out + # ("multiple tokens"). Unset GITHUB_TOKEN before invoking goreleaser so + # it picks the Gitea code path + the gitea_urls block in .goreleaser.yml. + GITEA_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SENTRY_DSN: ${{ secrets.SENTRY_DSN }} + # Empty when RELEASE_SIGNING_PUBKEY variable is unset — goreleaser + # accepts it and the resulting binary disables signature checks + # (back-compat: pre-signing releases continue to update). Set + # RELEASE_SIGNING_PUBKEY (variable) + RELEASE_SIGNING_KEY (secret) + # to turn verification on. + RELEASE_SIGNING_PUBKEY: ${{ vars.RELEASE_SIGNING_PUBKEY }} + run: | + unset GITHUB_TOKEN + goreleaser release --clean + + - name: Sign checksums.txt with ed25519 + if: ${{ vars.RELEASE_SIGNING_PUBKEY != '' && secrets.RELEASE_SIGNING_KEY != '' }} + env: + RELEASE_SIGNING_KEY: ${{ secrets.RELEASE_SIGNING_KEY }} + RELEASE_TAG: ${{ github.ref_name }} + FORGEJO_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Tailscale IP — domain-agnostic; the runner shares the dokploy-network with + # forgejo (hostname `forgejo`), so the in-cluster hostname is fastest, but the + # Tailscale IP is the documented fallback. + FORGEJO_API: http://forgejo:3000/api/v1 + REPO: torrentclaw/unarr + run: | + set -euo pipefail + go run ./scripts/sign-checksums \ + -key "$RELEASE_SIGNING_KEY" \ + -in dist/checksums.txt \ + -out dist/checksums.txt.sig + + # Find the release ID for this tag, then upload the sig as an asset. + rel_id=$(curl -sSf "$FORGEJO_API/repos/$REPO/releases/tags/$RELEASE_TAG" \ + -H "Authorization: token $FORGEJO_TOKEN" | jq -r '.id') + curl -sSf -X POST \ + "$FORGEJO_API/repos/$REPO/releases/$rel_id/assets?name=checksums.txt.sig" \ + -H "Authorization: token $FORGEJO_TOKEN" \ + -F "attachment=@dist/checksums.txt.sig" + + docker: + needs: release + runs-on: docker + container: + # Docker-in-Docker capable image — buildx + qemu pre-installed. + image: docker.io/library/docker:27-cli + steps: + - uses: actions/checkout@v4 + + - name: Install buildx + run: | + apk add --no-cache curl + mkdir -p ~/.docker/cli-plugins + curl -sSL https://github.com/docker/buildx/releases/latest/download/buildx-linux-amd64 \ + -o ~/.docker/cli-plugins/docker-buildx + chmod +x ~/.docker/cli-plugins/docker-buildx + + - name: Login to Docker Hub + env: + DH_USER: ${{ secrets.DOCKERHUB_USERNAME }} + DH_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + run: echo "$DH_TOKEN" | docker login -u "$DH_USER" --password-stdin + + - name: Set up qemu + run: docker run --rm --privileged tonistiigi/binfmt --install all + + - name: Build + push multi-arch image + env: + VERSION: ${{ github.ref_name }} + run: | + set -euo pipefail + VERSION_SEMVER="${VERSION#v}" + MAJOR_MINOR="${VERSION_SEMVER%.*}" + docker buildx create --name builder --use --driver docker-container + docker buildx build \ + --platform linux/amd64,linux/arm64 \ + --build-arg "VERSION=$VERSION" \ + --tag "torrentclaw/unarr:$VERSION_SEMVER" \ + --tag "torrentclaw/unarr:$MAJOR_MINOR" \ + --tag "torrentclaw/unarr:latest" \ + --push \ + . diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index e419595..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,197 +0,0 @@ -name: Release - -on: - push: - tags: - - "v*" - -permissions: - contents: write - -jobs: - release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - with: - fetch-depth: 0 - - - uses: actions/setup-go@v6 - with: - go-version-file: go.mod - - - uses: goreleaser/goreleaser-action@v6 - with: - version: "~> v2" - args: release --clean - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SENTRY_DSN: ${{ secrets.SENTRY_DSN }} - # Empty when RELEASE_SIGNING_PUBKEY variable is unset — goreleaser - # accepts it and the resulting binary disables signature checks - # (back-compat: pre-signing releases continue to update). Set - # RELEASE_SIGNING_PUBKEY (variable) + RELEASE_SIGNING_KEY (secret) - # to turn verification on. - RELEASE_SIGNING_PUBKEY: ${{ vars.RELEASE_SIGNING_PUBKEY }} - - - name: Sign checksums.txt with ed25519 - # Reference secrets.X directly — step-level env defined in this same - # step is unreliable to read from this step's own if: expression. - if: ${{ vars.RELEASE_SIGNING_PUBKEY != '' && secrets.RELEASE_SIGNING_KEY != '' }} - env: - RELEASE_SIGNING_KEY: ${{ secrets.RELEASE_SIGNING_KEY }} - RELEASE_TAG: ${{ github.ref_name }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - set -euo pipefail - go run ./scripts/sign-checksums \ - -key "$RELEASE_SIGNING_KEY" \ - -in dist/checksums.txt \ - -out dist/checksums.txt.sig - gh release upload "$RELEASE_TAG" dist/checksums.txt.sig --clobber - - docker: - needs: release - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v6 - with: - images: torrentclaw/unarr - tags: | - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=raw,value=latest - - - uses: docker/setup-qemu-action@v4 - - uses: docker/setup-buildx-action@v4 - - - uses: docker/login-action@v4 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - uses: docker/build-push-action@v7 - with: - context: . - push: true - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - build-args: | - VERSION=${{ github.ref_name }} - - # Sync the Docker Hub repo description from DOCKERHUB.md. Non-fatal: a - # description-API auth hiccup must not undo a successful image push. - - name: Update Docker Hub description - uses: peter-evans/dockerhub-description@v4 - continue-on-error: true - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - repository: torrentclaw/unarr - readme-filepath: ./DOCKERHUB.md - short-description: "unarr — the single binary that replaces your *arr stack" - - - virustotal: - needs: release - runs-on: ubuntu-latest - if: vars.VT_ENABLED == 'true' - steps: - - name: Get release tag - id: tag - run: echo "tag=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT" - - - name: Download release assets - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - mkdir -p assets - gh release download "${{ steps.tag.outputs.tag }}" \ - --repo "${{ github.repository }}" \ - --dir assets \ - --pattern '*.tar.gz' \ - --pattern '*.zip' \ - --pattern 'checksums.txt' - - - name: Scan assets with VirusTotal - env: - VT_API_KEY: ${{ secrets.VT_API_KEY }} - run: | - mkdir -p results - for file in assets/*; do - filename=$(basename "$file") - echo "Uploading $filename to VirusTotal..." - - response=$(curl -s --request POST \ - --url https://www.virustotal.com/api/v3/files \ - --header "x-apikey: $VT_API_KEY" \ - --form "file=@$file") - - analysis_id=$(echo "$response" | jq -r '.data.id // empty') - if [ -z "$analysis_id" ]; then - echo "::warning::Failed to upload $filename: $response" - continue - fi - - echo "$filename=$analysis_id" >> results/scans.txt - echo " Analysis ID: $analysis_id" - - # Rate limit: VT free tier allows 4 req/min - sleep 16 - done - - - name: Wait for analysis completion - env: - VT_API_KEY: ${{ secrets.VT_API_KEY }} - run: | - echo "Waiting 60s for VirusTotal analysis to complete..." - sleep 60 - - vt_report="## 🛡️ VirusTotal Scan Results\n\n" - vt_report+="| File | Result | Link |\n" - vt_report+="|------|--------|------|\n" - - while IFS='=' read -r filename analysis_id; do - result=$(curl -s --request GET \ - --url "https://www.virustotal.com/api/v3/analyses/$analysis_id" \ - --header "x-apikey: $VT_API_KEY") - - malicious=$(echo "$result" | jq -r '.data.attributes.stats.malicious // 0') - undetected=$(echo "$result" | jq -r '.data.attributes.stats.undetected // 0') - sha256=$(echo "$result" | jq -r '.meta.file_info.sha256 // empty') - - if [ "$malicious" = "0" ]; then - status="✅ Clean ($undetected engines)" - else - status="⚠️ $malicious detections" - fi - - link="https://www.virustotal.com/gui/file/$sha256" - vt_report+="| \`$filename\` | $status | [View]($link) |\n" - - sleep 16 - done < results/scans.txt - - echo -e "$vt_report" > results/report.md - cat results/report.md - - - name: Append scan results to release notes - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - current_body=$(gh release view "${{ steps.tag.outputs.tag }}" \ - --repo "${{ github.repository }}" \ - --json body --jq '.body') - - new_body="${current_body} - - $(cat results/report.md)" - - gh release edit "${{ steps.tag.outputs.tag }}" \ - --repo "${{ github.repository }}" \ - --notes "$new_body" diff --git a/.gitignore b/.gitignore index 81f1284..8015bab 100644 --- a/.gitignore +++ b/.gitignore @@ -41,4 +41,7 @@ dist-ffbinaries/ # Docker tmp/ config/ -dist-ffbinaries/ \ No newline at end of file +dist-ffbinaries/ + +# Claude Code: keep entirely local, do not track +.claude/ \ No newline at end of file diff --git a/.goreleaser.yml b/.goreleaser.yml index 26ce802..6bc4a51 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -59,6 +59,22 @@ changelog: - "^test:" - "^chore:" +# Self-hosted Forgejo at git.torrentclaw.com. goreleaser detects GITEA_TOKEN + +# these URLs and publishes the release there instead of GitHub. Reachable via +# `forgejo` hostname inside the dokploy-network (the runner shares it); for +# local goreleaser runs outside the network, override via env GITEA_API_URL. +# +# In goreleaser v2 `gitea_urls` is a top-level key (was nested under `release` +# in v1). +gitea_urls: + api: http://forgejo:3000/api/v1 + download: https://git.torrentclaw.com + skip_tls_verify: false + +release: + draft: false + prerelease: auto + # Homebrew tap — requires PAT with repo scope (not GITHUB_TOKEN) # Enable when torrentclaw/homebrew-tap PAT is configured as HOMEBREW_TAP_TOKEN # brews: diff --git a/.nojekyll b/.nojekyll new file mode 100644 index 0000000..e69de29 diff --git a/CHANGELOG.md b/CHANGELOG.md index 4bd396a..de1dd6e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,145 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [0.9.15] - 2026-05-27 + + +### Added + +- **sentry**: enhance error handling by skipping user input errors in CaptureError + +### Changed + +- **ci**: point Forgejo URLs at torrentclaw org (post-transfer) +- **sentry**: decouple agent import via string-match, rename predicate + +### Documentation + +- **positioning**: reframe unarr around download/stream/transcode, drop misleading search-first wording + +### Fixed + +- **ci**: unset GITHUB_TOKEN so goreleaser uses GITEA_TOKEN +- **sentry**: skip "daemon not running" stop/reload errors + +### Other + +- **scripts**: harden release.sh against double-release and inline version bumps +- untrack .claude/ (private local config) +## [0.9.14] - 2026-05-27 + + +### Added + +- **vaapi**: hybrid CPU-scale + hwupload encode path (QW2, 0.9.14) + +### CI/CD + +- port workflows from .github/ to .forgejo/ (Forgejo Actions) + +### Fixed + +- **daemon**: defensive IsClosed check in watchSessionReady poll loop +- **daemon**: use parent ctx for MarkSessionReady so cancel propagates +- **release**: move gitea_urls to top-level (goreleaser v2 schema) +## [0.9.13] - 2026-05-27 + + +### Added + +- **agent**: session-ready webhook for SSE-driven player handshake (0.9.13) +- **agent**: send full transcoder diagnostic in register payload (0.9.12) + +### Fixed + +- **daemon**: defer probeCancel so a panic mid-diagnostic still releases ctx + +### Other + +- **release**: add ship.sh end-to-end pipeline as GH Actions backup +- **skills**: add /publish slash command + allow .claude/ in git +## [0.9.11] - 2026-05-27 + + +### Added + +- **hls**: pre-segmentación delantada — 2 s segments + async session start (0.9.10) +- **hls**: faster first-start — probe cache + tighter encoder presets (0.9.9) + +### Changed + +- **hls**: critico-driven hardening of fase 3.2 + +### Fixed + +- **cors**: allow play from .to / staging / onion mirrors +- **library**: classify resolution by width + height, not height alone +- **transcode**: make preset libx264-only + restore quality opt-in + +### Other + +- **release**: 0.9.11 +## [0.9.8] - 2026-05-27 + + +### Fixed + +- **upgrade**: break auto-apply restart loop (0.9.8) +## [0.9.7] - 2026-05-26 + + +### Added + +- **hls**: persistent fMP4 segment cache + integrity + stats (0.9.7) +## [0.9.6] - 2026-05-26 + + +### Added + +- **daemon**: auto-apply upgrades when server signals (0.9.6) +## [0.9.5] - 2026-05-26 + + +### Added + +- **funnel**: cloudflare quick tunnel embedded subprocess (0.9.5) +## [0.9.4] - 2026-05-26 + + +### Added + +- **stream**: retire WebRTC, HLS-only, bump 0.9.4 (**BREAKING**) +## [0.9.3] - 2026-05-26 + + +### Added + +- **usenet**: warn at startup when par2 or extractor is missing + +### Fixed + +- **engine**: truncate errorMessage before reporting status +- **hls**: clamp ffmpeg bitrate to the level we derive from outputHeight +## [0.9.2] - 2026-05-22 + + +### Added + +- **vpn**: unarr vpn command + report/arbitrate the WireGuard slot +## [0.9.1] - 2026-05-21 + + +### Added + +- **mirror**: update fallback URLs to use IPFS and remove GitHub Pages + +### Fixed + +- **security**: bump golang.org/x deps and add container CVE scan gate + +### Other + +- **release**: 0.9.1 ## [0.9.0] - 2026-05-21 @@ -14,12 +153,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - **vpn**: local config_file for self-hosted/personal VPN testing - **vpn**: split-tunnel torrent traffic through managed WireGuard +### CI/CD + +- deploy install scripts to GitHub Pages + +### Documentation + +- **docker**: refresh Docker Hub README + sync description in CI + ### Fixed - **security**: CORS allowlist, URL scheme guard, state perms, ZIP slip, mirror docs - **security**: UPnP opt-in, bounded SSE reader, signed self-update - **security**: harden HLS session IDs, /health disclosure, archive password handling - **upgrade**: fetch releases from TorrentClaw app, not GitHub + +### Other + +- **pages**: add .nojekyll to disable Jekyll processing +- **pages**: set custom domain unarr.torrentclaw.com +- **release**: 0.9.0 ## [0.8.1] - 2026-05-08 @@ -392,6 +545,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Build - add -s -w -trimpath to Makefile, add build-small target with UPX +[0.9.15]: https://github.com/torrentclaw/unarr/compare/v0.9.14...v0.9.15 +[0.9.14]: https://github.com/torrentclaw/unarr/compare/v0.9.13...v0.9.14 +[0.9.13]: https://github.com/torrentclaw/unarr/compare/v0.9.11...v0.9.13 +[0.9.11]: https://github.com/torrentclaw/unarr/compare/v0.9.8...v0.9.11 +[0.9.8]: https://github.com/torrentclaw/unarr/compare/v0.9.7...v0.9.8 +[0.9.7]: https://github.com/torrentclaw/unarr/compare/v0.9.6...v0.9.7 +[0.9.6]: https://github.com/torrentclaw/unarr/compare/v0.9.5...v0.9.6 +[0.9.5]: https://github.com/torrentclaw/unarr/compare/v0.9.4...v0.9.5 +[0.9.4]: https://github.com/torrentclaw/unarr/compare/v0.9.3...v0.9.4 +[0.9.3]: https://github.com/torrentclaw/unarr/compare/v0.9.2...v0.9.3 +[0.9.2]: https://github.com/torrentclaw/unarr/compare/v0.9.1...v0.9.2 +[0.9.1]: https://github.com/torrentclaw/unarr/compare/v0.9.0...v0.9.1 [0.9.0]: https://github.com/torrentclaw/unarr/compare/v0.8.1...v0.9.0 [0.8.1]: https://github.com/torrentclaw/unarr/compare/v0.8.0...v0.8.1 [0.8.0]: https://github.com/torrentclaw/unarr/compare/v0.7.0...v0.8.0 diff --git a/CNAME b/CNAME new file mode 100644 index 0000000..d892572 --- /dev/null +++ b/CNAME @@ -0,0 +1 @@ +unarr.torrentclaw.com \ No newline at end of file diff --git a/DOCKERHUB.md b/DOCKERHUB.md index 7a9bc0e..3df5b70 100644 --- a/DOCKERHUB.md +++ b/DOCKERHUB.md @@ -1,8 +1,9 @@ # unarr -**The single binary that replaces your whole *arr stack.** Search 30+ torrent -sources, inspect real quality before you download, grab subtitles, and manage -your media library — all from one terminal tool or a headless daemon. +**The single binary that replaces your whole *arr stack.** Built-in torrent, +debrid, and usenet engines. Stream, transcode, and organize your library from +one terminal — or run it as a headless daemon with a web dashboard, WireGuard +split-tunnel, and Cloudflare Funnel remote access. **[Website & docs](https://torrentclaw.com/unarr)** · **[Install guide](https://torrentclaw.com/cli)** · **[Get an API key](https://torrentclaw.com)** diff --git a/Dockerfile b/Dockerfile index 1773622..64ea4e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,10 +21,23 @@ FROM alpine:3.22 # Use Alpine's native musl ffmpeg + ffprobe instead of the johnvansickle / # BtbN static glibc builds — those need a glibc shim on Alpine and the # vector-math symbols the GPL builds reference are not satisfiable by -# gcompat. Alpine ships ffmpeg ~7.x which is fine for the WebRTC -# transcoding pipeline (libx264 + libfdk-aac alternatives included). +# gcompat. Alpine ships ffmpeg ~7.x which is fine for the HLS transcoding +# pipeline (libx264 + libfdk-aac alternatives included). RUN apk upgrade --no-cache && \ - apk add --no-cache ca-certificates tzdata ffmpeg + apk add --no-cache ca-certificates tzdata ffmpeg wget + +# Bundle cloudflared so `unarr funnel on` (default: on, see config defaults) +# Just Works on a headless container with no first-run network round-trip. +# TARGETARCH is set automatically by Docker buildx during cross-builds. +ARG TARGETARCH=amd64 +RUN case "$TARGETARCH" in \ + amd64) CF_ARCH=amd64 ;; \ + arm64) CF_ARCH=arm64 ;; \ + arm) CF_ARCH=armhf ;; \ + *) echo "unsupported TARGETARCH=$TARGETARCH" >&2; exit 1 ;; \ + esac && \ + wget -qO /usr/local/bin/cloudflared "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-$CF_ARCH" && \ + chmod +x /usr/local/bin/cloudflared # Non-root user (UID 1000 matches typical host user for volume permissions) RUN addgroup -g 1000 unarr && adduser -u 1000 -G unarr -D -h /home/unarr unarr diff --git a/Makefile b/Makefile index 08462b6..b3325bc 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: all build test lint coverage clean fmt vet check install-hooks changelog release release-patch release-minor release-major release-dry +.PHONY: all build test lint coverage clean fmt vet check install-hooks changelog release release-patch release-minor release-major release-dry ship ship-dry ship-push BINARY = unarr SENTRY_DSN ?= @@ -71,6 +71,19 @@ release-dry: @test -n "$(V)" || { echo "Usage: make release-dry V=patch|minor|major|0.5.0"; exit 1; } @./scripts/release.sh --dry-run $(V) +## Ship a release end-to-end (goreleaser + Hetzner + Docker Hub). Standalone backup for GH Actions. +## Reads version from internal/cmd/version.go unless V= is provided. +ship: + @./scripts/ship.sh $(V) + +## Ship + git push tag to GH afterwards +ship-push: + @./scripts/ship.sh --push $(V) + +## Preview ship steps without executing +ship-dry: + @./scripts/ship.sh --dry-run $(V) + ## Remove generated files clean: rm -f $(BINARY) coverage.out coverage.html diff --git a/README.md b/README.md index 102d151..75c9c62 100644 --- a/README.md +++ b/README.md @@ -11,9 +11,9 @@ [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE) [![Go Version](https://img.shields.io/github/go-mod/go-version/torrentclaw/unarr)](go.mod) -Powerful terminal tool for torrent search and management. **Free and open source.** +The single-binary terminal client for torrent, debrid, and usenet downloads. **Free and open source.** -Search 30+ torrent sources, inspect torrent quality, discover popular content, find streaming providers, and manage your media collection — all from your terminal. +Built-in torrent engine, debrid (Real-Debrid / AllDebrid), and NZB support. Stream to mpv/vlc, transcode on the fly with hardware acceleration, and manage your library — one binary or a headless daemon with WireGuard split-tunnel and Cloudflare Funnel remote access. @@ -171,6 +171,9 @@ unarr start | `unarr status` | Show daemon status and active downloads | | `unarr daemon install` | Install as system service (systemd/launchd) | | `unarr daemon uninstall` | Remove the system service | +| `unarr vpn status` | Show managed-VPN config and live tunnel state | +| `unarr vpn enable` | Turn the managed VPN on | +| `unarr vpn disable` | Turn the managed VPN off | ### System & Diagnostics @@ -280,6 +283,53 @@ The daemon connects via WebSocket for instant task delivery, with automatic HTTP - Linux: `~/.config/systemd/user/unarr.service` (systemd) - macOS: `~/Library/LaunchAgents/com.torrentclaw.unarr.plist` (launchd) +## VPN + +unarr can route your **downloads** through a managed WireGuard VPN, so peers and +trackers see the VPN server's IP instead of yours. It runs entirely in userspace +(wireguard-go + a gVisor netstack) — **no root, no `wg-quick`, no changes to your +OS routing table**. + +Requires a **PRO+ plan with the VPN add-on**. Set it up at +[torrentclaw.com/vpn](https://torrentclaw.com/vpn). + +```bash +# Turn it on (writes [downloads.vpn] enabled = true to your config) +unarr vpn enable + +# Restart the daemon so it brings the tunnel up at startup +unarr daemon restart # or: unarr start (if not installed as a service) + +# Check it's working — shows the exit server when the tunnel is up +unarr vpn status + +# Verify your account is provisioned (queries the API) +unarr vpn status --check + +# Turn it off again +unarr vpn disable +``` + +**Split-tunnel — read this:** only the torrent client's traffic goes through the +VPN. Your browser, `curl`, and every other app keep using your **real IP** — that +is by design. To check the VPN is working, look at `unarr vpn status` (or the +peer/announce IP), **not** your browser's "what's my IP". To protect your other +devices (phone, laptop), use the **OpenVPN credentials** from your profile — those +support ~10 concurrent devices and do **not** share the agent's WireGuard slot. + +**When does it fetch the config?** Once, at daemon startup. There's no periodic +refresh — after changing your exit server in the web panel or re-provisioning, +restart the daemon to pick it up. If the fetch fails the daemon logs a `[vpn]` +line and downloads in the clear (never refuses to run). + +**Self-hosted / personal VPN:** instead of the managed config, point unarr at a +local WireGuard `.conf`: + +```toml +[downloads.vpn] +config_file = "/path/to/wg.conf" # takes precedence over `enabled` +``` + ## Diagnostics ```bash @@ -293,6 +343,58 @@ unarr self-update --force # reinstall even if up to date `unarr doctor` checks: config file, API key, server connectivity (with latency), agent registration, download directory, disk space, and version. +### Updating unarr + +unarr supports three update paths. Pick whichever fits your workflow. + +**1. Manual self-update (always available).** + +```bash +unarr self-update # interactive update to latest +unarr self-update --force # reinstall same version +unarr self-update --allow-unsigned # accept releases without checksum signature +``` + +The CLI downloads the new release archive over HTTPS (from +`torrentclaw.com/releases/download/v/`), verifies SHA-256, swaps the +binary in place (`.backup` kept next to it), and restarts the systemd +user unit if the daemon is running. + +**2. Auto-apply on server signal (default, since 0.9.6).** + +When you press **"Force update now"** on the web (Settings → Agent → Force +update), the server sets a flag your daemon polls every sync (~3 s). On +the next sync the daemon downloads the new binary, replaces itself, and +exits — `systemd Restart=always` respawns on the new version. No SSH, no +terminal access required. Works headless on NAS / Docker. + +The button shows an amber warning if your agent is below 0.9.6 (older +daemons see the signal but only log "run unarr update" — the operator +must run the command manually that one time). + +**Opt out of auto-apply.** Some users prefer reviewing CHANGELOG before +applying. Disable in `config.toml`: + +```toml +[daemon] +auto_upgrade = false +``` + +With `auto_upgrade = false`, pressing the web button still flags your +agent (so the daemon logs the new version on next sync), but the daemon +will not download / replace anything — you run `unarr self-update` when +you're ready. + +**3. Docker auto-restart with a new tag.** + +```bash +docker pull torrentclaw/unarr:latest +docker compose up -d +``` + +Tags published: `latest`, `0.9`, `0.9.7`, ... — pin to a minor (`0.9`) +for opt-in patch updates without surprises. + ## Clean Remove temporary files, logs, resume data, and other artifacts generated by unarr. Shows what will be removed and asks for confirmation before deleting. @@ -374,6 +476,7 @@ tv_shows_dir = "~/Media/TV Shows" [daemon] poll_interval = "30s" heartbeat_interval = "30s" +auto_upgrade = true # apply server-flagged upgrades in-place (since 0.9.6) [notifications] enabled = true @@ -384,24 +487,12 @@ country = "US" ### Streaming reference -The in-browser player on torrentclaw.com streams from the daemon over WebRTC -(low-latency P2P) or HLS (HTTP fragments + ffmpeg transcode for codecs the -browser can't decode natively). Both are enabled by default — a fresh install -"just works" without editing the TOML. Disable surgically only if you have a -reason. +The in-browser player on torrentclaw.com streams from the daemon over HLS +(HTTP fragments + ffmpeg transcode for codecs the browser can't decode +natively). Enabled by default — a fresh install "just works" without editing +the TOML. ```toml -[downloads.webrtc] -enabled = true # master switch -trackers = ["wss://tracker.torrentclaw.com"] # signaling trackers -stun_servers = [ # NAT traversal - "stun:stun.l.google.com:19302", - "stun:stun1.l.google.com:19302", -] -turn_servers = [] # optional TURN relays -turn_user = "" -turn_pass = "" - [downloads.transcode] enabled = true # master switch hw_accel = "auto" # auto | none | nvenc | qsv | vaapi | videotoolbox @@ -412,16 +503,6 @@ max_height = 0 # 0 = no cap; e.g. 720 forces 720p max max_concurrent = 2 # max simultaneous ffmpeg processes ``` -#### `[downloads.webrtc]` - -| Key | Type | Default | Notes | -|-----|------|---------|-------| -| `enabled` | bool | `true` | Browser↔daemon WebRTC peer for the in-browser P2P player. Disable to skip WebRTC tracker signalling (saves ~5MB RAM, blocks WebRTC streaming — HLS still works). | -| `trackers` | `[]string` | `["wss://tracker.torrentclaw.com"]` | Signaling trackers for peer discovery. | -| `stun_servers` | `[]string` | Google public STUN ×2 | ICE candidate gathering. | -| `turn_servers` | `[]string` | `[]` | Optional TURN relays for symmetric-NAT users. | -| `turn_user` / `turn_pass` | string | `""` | Credentials for authed TURN servers. Applied to all `turn_servers`. | - #### `[downloads.transcode]` | Key | Type | Default | Notes | @@ -438,6 +519,108 @@ If `transcode.enabled = true` but `ffmpeg` / `ffprobe` aren't on PATH, the daemon logs a warning at startup and HLS sessions are rejected at runtime with a clear error — install ffmpeg or set `enabled = false`. +#### `[downloads.hls_cache]` — persistent HLS segment cache + +```toml +[downloads.hls_cache] +enabled = true # on by default +size_gb = 5 # disk budget; LRU eviction once exceeded +dir = "" # custom path; empty = ~/.cache/unarr/hls-cache +``` + +| Key | Type | Default | Notes | +|-----|------|---------|-------| +| `enabled` | bool | `true` | Persists finished HLS encodes per `(source, quality, audio_index)`. A second play of the same file at the same quality reuses the segments — no ffmpeg, near-zero CPU, instant playback. Set to `false` to delete segments on session close (original behavior). | +| `size_gb` | int | `5` | Cache budget in gigabytes. When exceeded the LRU sweeper evicts the least-recently-used cached encodes hourly. Minimum 1 GB (smaller values are clamped up). | +| `dir` | string | `""` | Custom storage path. Empty defaults to `~/.cache/unarr/hls-cache` (Linux/macOS) or the user cache dir (Windows). | + +**What it does.** First play encodes normally (ffmpeg writes segments). +On session close, if every segment is on disk and ffmpeg exited cleanly, +the directory is sealed with a `.complete` marker and kept. Next time the +same source + quality combo is requested, the daemon serves segments +straight from disk — no transcode, no warm-up, no CPU cost. + +**Why per (source, quality, audio).** Renaming the file or switching +quality invalidates the entry: the segments are tied to the exact source +bytes and the exact ffmpeg parameters. Re-encoding generates a new key. + +**Eviction.** A background goroutine wakes every hour. If total cache size +exceeds `size_gb`, it deletes the oldest entries (by mtime) until under +budget. Active sessions are pinned — they never get evicted mid-play. + +**Disable.** Either edit the TOML to set `enabled = false`, or remove the +cache directory manually (it'll be recreated as needed). Disabling does +not delete existing cached segments — drop `dir` (or `~/.cache/unarr/hls-cache`) +to reclaim the space. + +#### `[downloads.vpn]` + +| Key | Type | Default | Notes | +|-----|------|---------|-------| +| `enabled` | bool | `false` | Managed VPN: at startup the daemon fetches a WireGuard config from your account and split-tunnels torrent traffic through it. Needs a PRO+ plan with the VPN add-on. Toggle with `unarr vpn enable` / `disable`. | +| `config_file` | string | `""` | Self-hosted / personal VPN: path to a local WireGuard `.conf`. **Takes precedence over `enabled`** — when set, the daemon uses this file and never calls the API. | + +See the [VPN](#vpn) section above for how it works (split-tunnel, no root) and +how to protect your other devices. + +#### `[downloads.funnel]` — public HTTPS hostname for the daemon (CloudFlare Quick Tunnel) + +```toml +[downloads.funnel] +enabled = false # off by default +``` + +| Key | Type | Default | Notes | +|-----|------|---------|-------| +| `enabled` | bool | `false` | Spawns `cloudflared tunnel --url http://localhost:` as a child process at daemon startup. Toggle with `unarr funnel on` / `off`. Requires `cloudflared` on PATH. | + +**What it does.** Without a tunnel, the daemon is reachable on `localhost`, +your LAN, and (if installed) Tailscale. That covers the same-machine and +Tailscale-connected cases, but the **browser-based player on torrentclaw.com +fails on any other network** because HTTPS pages can't fetch HTTP resources +("mixed content"). Enabling the funnel gives the daemon a public +`https://.trycloudflare.com` hostname so the web player picks it up +and playback works from anywhere — phone on cellular, friend's laptop on a +foreign Wi-Fi, anywhere. The Stremio addon already works cross-network +(native mpv/VLC players ignore CORS), so this is strictly a web-player fix. + +**Privacy posture.** Bytes pass through CloudFlare's edge — TorrentClaw never +relays content (we don't see your traffic), CloudFlare does. Quick Tunnels +are **anonymous** (no CF account required); the registration is unauthenticated +and the hostname is a random label, but CF logs request metadata like any CDN +would. If you want zero third-party byte access, use Tailscale instead. + +**Limitations (free Quick Tunnels).** +| Aspect | Limit | +|--------|-------| +| Session lifetime | ~6 hours, then the hostname rotates. cloudflared re-registers automatically; the web picks up the new URL on the next sync. In-flight HLS sessions break across the rotation (browser retries). | +| Bandwidth | No documented hard cap, but CF reserves the right to throttle. 1080p HLS (~6 Mbps) is fine; 4K HEVC at 25 Mbps may hit throttling. | +| Latency | +20–80 ms vs direct LAN/Tailscale (extra hop browser → CF edge → tunnel). HLS player buffer absorbs it. | +| Concurrency | One tunnel serves N viewers. CF rate-limits ~200 req/s, plenty for HLS segments. | +| TOS | CloudFlare flags Quick Tunnels as "not for production traffic". They can decommission an abusive tunnel without notice. | + +For heavy / high-throughput / persistent-URL use cases, switch to a CloudFlare +Named Tunnel (free, needs a CF account) or run your own reverse proxy — both +out of scope for the bundled command. + +**Disable.** `unarr funnel off` flips `enabled` to `false` in the TOML and +prompts you to restart the daemon. You can also edit `config.toml` directly: + +```toml +[downloads.funnel] +enabled = false +``` + +**Install cloudflared.** +- Linux: `apt install cloudflared` (after adding CF's apt repo) — see + . Or pull the static binary from + . +- macOS: `brew install cloudflared`. +- Windows: `winget install --id Cloudflare.cloudflared`. + +If `cloudflared` is not on PATH the daemon logs a warning at startup and +falls back to LAN/Tailscale-only reachability. + ### Environment variables Environment variables override config file values: diff --git a/SECURITY.md b/SECURITY.md index a7a3399..b88b335 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -59,6 +59,50 @@ This project follows these security practices: - **Non-root Docker** — Container runs as unprivileged user (UID 1000) - **Dependency scanning** — Automated via Dependabot +## Container Image Vulnerability Scanning + +The Docker image (`torrentclaw/unarr`) is scanned by Docker Scout on Docker Hub and +by a CVE gate in CI (see `.github/workflows/`). Two things matter when reading the +Docker Hub vulnerability count: + +- **Scanner database differs.** Docker Hub (Scout) matches `package@version` against + NVD/GHSA. Trivy/Alpine `secdb` only lists CVEs Alpine has acknowledged and patched. + A high Scout count with a clean Trivy report is expected, not a contradiction. +- **The bulk comes from the bundled `ffmpeg` codec stack.** Alpine's `ffmpeg` + package pulls ~40 codec/parser libraries (`x264`, `x265`, `libvpx`, `aom`, + `dav1d`, `libtheora`, `libvorbis`, `libwebp`, `libbluray`, `libopenmpt`, …). + Each carries a long NVD history that Alpine does not backport. ffmpeg is a + **functional dependency** — the HLS transcode pipeline shells out to + `ffmpeg`/`ffprobe` to decode untrusted media and re-encode to H.264 + AAC. + +### Accepted risk and policy + +- **Fixable** CRITICAL/HIGH findings **block** a release (CI CVE gate, `only-fixed`). +- **Unfixed-upstream** codec CVEs are tracked but **accepted**: there is no patched + Alpine package to move to, and dropping codecs would break playback of common + formats. They are mitigated by the hardening below rather than eliminated. +- Images are **rebuilt and re-pushed weekly** (scheduled workflow) so any newly + *fixed* base/ffmpeg/Go patch lands between tagged releases. + +### Mitigations (run the container hardened) + +Crafted media (torrents are untrusted input) is the realistic attack vector against +ffmpeg's parsers. The shipped `docker-compose.yml` already applies: + +- **Non-root** user (UID 1000), **read-only** root filesystem, writable `tmpfs` only. +- **Resource limits** (memory/CPU) to bound a runaway decode. + +Recommended additions for exposed deployments: + +```yaml + cap_drop: ["ALL"] + security_opt: + - no-new-privileges:true +``` + +If you do not need HLS transcoding, you can run with transcoding disabled to +avoid feeding untrusted media to ffmpeg at all. + ## Disclosure Policy We follow coordinated disclosure. We will credit reporters in the release notes unless they prefer to remain anonymous. diff --git a/cmd/wstracker-probe/main.go b/cmd/wstracker-probe/main.go deleted file mode 100644 index 7eecaa5..0000000 --- a/cmd/wstracker-probe/main.go +++ /dev/null @@ -1,268 +0,0 @@ -// wstracker-probe — connects to a WebSocket BitTorrent tracker and either -// (a) advertises a fake info_hash to verify announce signalling, or -// (b) seeds a real file via the WebTorrent protocol so a browser -// webtorrent.js client can fetch it for end-to-end verification. -// -// Modes: -// -// wstracker-probe -tracker wss://tracker.torrentclaw.com -// Announces a random info_hash; exits 0 on TrackerAnnounceSuccessful. -// -// wstracker-probe -tracker wss://… -seed /path/to/file.mp4 -// Builds a single-file torrent in memory, seeds forever, prints the -// magnet (with the WSS tracker injected). Ctrl-C to stop. -// -// Useful for browser ↔ unarr e2e — point a webtorrent.js page at the -// printed magnet and the player should pull pieces via WebRTC data channel. -package main - -import ( - "context" - "crypto/rand" - "flag" - "fmt" - "log" - "net/url" - "os" - "os/signal" - "path/filepath" - "syscall" - "time" - - alog "github.com/anacrolix/log" - "github.com/anacrolix/torrent" - "github.com/anacrolix/torrent/bencode" - "github.com/anacrolix/torrent/metainfo" - "github.com/anacrolix/torrent/storage" - "github.com/pion/webrtc/v4" -) - -func main() { - tracker := flag.String("tracker", "wss://tracker.torrentclaw.com", "WSS tracker URL to probe") - timeout := flag.Duration("timeout", 30*time.Second, "max wait for successful announce (ignored in -seed mode)") - seedPath := flag.String("seed", "", "path to a file to seed (single-file torrent). When set, runs forever instead of exiting on first announce.") - flag.Parse() - - if *seedPath != "" { - runSeeder(*seedPath, *tracker) - return - } - - runProbe(*tracker, *timeout) -} - -// runProbe — single random-hash announce, exits on success/error/timeout. -func runProbe(trackerURL string, timeout time.Duration) { - tmp, err := os.MkdirTemp("", "wstracker-probe-*") - if err != nil { - log.Fatalf("temp dir: %v", err) - } - defer os.RemoveAll(tmp) - - cfg := baseClientConfig(tmp) - - annSuccess := make(chan struct{}, 1) - annError := make(chan error, 1) - cfg.Callbacks.StatusUpdated = append( - cfg.Callbacks.StatusUpdated, - func(e torrent.StatusUpdatedEvent) { - switch e.Event { //nolint:exhaustive // peer events are noise for tracker probe - case torrent.TrackerConnected: - if e.Error != nil { - fmt.Printf("[probe] tracker connect FAILED: %v\n", e.Error) - } else { - fmt.Printf("[probe] tracker connected: %s\n", e.Url) - } - case torrent.TrackerAnnounceSuccessful: - fmt.Printf("[probe] tracker announce OK: %s ih=%s\n", e.Url, e.InfoHash) - select { - case annSuccess <- struct{}{}: - default: - } - case torrent.TrackerAnnounceError: - fmt.Printf("[probe] tracker announce ERROR: %s ih=%s err=%v\n", e.Url, e.InfoHash, e.Error) - select { - case annError <- e.Error: - default: - } - case torrent.TrackerDisconnected: - fmt.Printf("[probe] tracker disconnected: %s err=%v\n", e.Url, e.Error) - } - }, - ) - - client, err := torrent.NewClient(cfg) - if err != nil { - log.Fatalf("create torrent client: %v", err) - } - defer client.Close() - - var ih [20]byte - if _, err := rand.Read(ih[:]); err != nil { - log.Fatalf("random info_hash: %v", err) - } - magnet := fmt.Sprintf("magnet:?xt=urn:btih:%x&tr=%s", ih, trackerURL) - fmt.Printf("[probe] tracker=%s info_hash=%x timeout=%s\n", trackerURL, ih, timeout) - - t, err := client.AddMagnet(magnet) - if err != nil { - log.Fatalf("add magnet: %v", err) - } - defer t.Drop() - - ctx, cancel := context.WithTimeout(context.Background(), timeout) - defer cancel() - - select { - case <-annSuccess: - fmt.Println("[probe] OK — tracker announce succeeded") - os.Exit(0) - case err := <-annError: - fmt.Printf("[probe] FAIL — tracker announce error: %v\n", err) - os.Exit(1) - case <-ctx.Done(): - fmt.Printf("[probe] FAIL — timeout after %s\n", timeout) - os.Exit(2) - } -} - -// runSeeder — builds a single-file torrent for the given path, adds it to -// a WebTorrent-enabled client, and seeds until SIGINT/SIGTERM. -func runSeeder(filePath, trackerURL string) { - abs, err := filepath.Abs(filePath) - if err != nil { - log.Fatalf("resolve seed path: %v", err) - } - st, err := os.Stat(abs) - if err != nil { - log.Fatalf("stat seed file: %v", err) - } - if st.IsDir() { - log.Fatalf("-seed currently supports a single file, not a directory: %s", abs) - } - - dataDir := filepath.Dir(abs) - - // Build single-file torrent metadata. - info := metainfo.Info{ - PieceLength: chooseSeedPieceLength(st.Size()), - Name: filepath.Base(abs), - } - if err := info.BuildFromFilePath(abs); err != nil { - log.Fatalf("build info from file: %v", err) - } - infoBytes, err := bencode.Marshal(info) - if err != nil { - log.Fatalf("marshal info: %v", err) - } - - mi := &metainfo.MetaInfo{ - InfoBytes: infoBytes, - AnnounceList: metainfo.AnnounceList{{trackerURL}}, - CreatedBy: "wstracker-probe", - } - ih := mi.HashInfoBytes() - - cfg := baseClientConfig(dataDir) - cfg.Seed = true - - cfg.Callbacks.StatusUpdated = append( - cfg.Callbacks.StatusUpdated, - func(e torrent.StatusUpdatedEvent) { - switch e.Event { //nolint:exhaustive - case torrent.TrackerConnected: - if e.Error != nil { - fmt.Printf("[seed] tracker connect FAILED: %v\n", e.Error) - } else { - fmt.Printf("[seed] tracker connected: %s\n", e.Url) - } - case torrent.TrackerAnnounceSuccessful: - fmt.Printf("[seed] tracker announce OK: %s ih=%s\n", e.Url, e.InfoHash) - case torrent.TrackerAnnounceError: - fmt.Printf("[seed] tracker announce ERROR: %s err=%v\n", e.Url, e.Error) - case torrent.TrackerDisconnected: - fmt.Printf("[seed] tracker disconnected: %s err=%v\n", e.Url, e.Error) - } - }, - ) - - client, err := torrent.NewClient(cfg) - if err != nil { - log.Fatalf("create torrent client: %v", err) - } - defer client.Close() - - t, err := client.AddTorrent(mi) - if err != nil { - log.Fatalf("add torrent: %v", err) - } - t.DownloadAll() - - dn := url.QueryEscape(info.Name) - enc := url.QueryEscape(trackerURL) - magnet := fmt.Sprintf("magnet:?xt=urn:btih:%s&dn=%s&tr=%s", ih.HexString(), dn, enc) - - fmt.Printf("[seed] file=%s size=%d bytes piece_length=%d\n", abs, st.Size(), info.PieceLength) - fmt.Printf("[seed] info_hash=%s\n", ih.HexString()) - fmt.Printf("[seed] magnet=%s\n", magnet) - fmt.Println("[seed] seeding via WebRTC. Ctrl-C to stop.") - - stop := make(chan os.Signal, 1) - signal.Notify(stop, syscall.SIGINT, syscall.SIGTERM) - statTicker := time.NewTicker(5 * time.Second) - defer statTicker.Stop() - - for { - select { - case <-statTicker.C: - s := t.Stats() - fmt.Printf("[seed] peers=%d uploaded=%d bytes seeders=%d leechers=%d\n", - s.ActivePeers, s.BytesWrittenData.Int64(), - s.ConnectedSeeders, s.ActivePeers-s.ConnectedSeeders) - case <-stop: - fmt.Println("[seed] stopping") - return - } - } -} - -// baseClientConfig — shared anacrolix client config for both modes. -// WebTorrent is the only transport enabled; TCP/uTP/DHT/IPv6 are disabled -// to keep the moving parts to the minimum required for a WSS-only test. -func baseClientConfig(dataDir string) *torrent.ClientConfig { - cfg := torrent.NewDefaultClientConfig() - cfg.DataDir = dataDir - cfg.DefaultStorage = storage.NewMMap(dataDir) - cfg.NoUpload = false - cfg.DisableTCP = true - cfg.DisableUTP = true - cfg.DisableIPv6 = true - cfg.NoDHT = true - cfg.NoDefaultPortForwarding = true - cfg.ListenPort = 0 - cfg.Logger = alog.Default.FilterLevel(alog.Critical) - cfg.DisableWebtorrent = false - cfg.ICEServerList = []webrtc.ICEServer{ - {URLs: []string{"stun:stun.l.google.com:19302"}}, - {URLs: []string{"stun:stun1.l.google.com:19302"}}, - } - return cfg -} - -// chooseSeedPieceLength picks a sane piece size for a given file size. -// Mirrors the libtorrent / qBittorrent ladder so the resulting torrent -// is interoperable with mainstream clients. -func chooseSeedPieceLength(size int64) int64 { - switch { - case size < 4*1024*1024: // < 4 MiB - return 16 * 1024 // 16 KiB - case size < 64*1024*1024: // < 64 MiB - return 64 * 1024 // 64 KiB - case size < 512*1024*1024: // < 512 MiB - return 256 * 1024 // 256 KiB - case size < 4*1024*1024*1024: // < 4 GiB - return 1024 * 1024 // 1 MiB - default: - return 4 * 1024 * 1024 // 4 MiB - } -} diff --git a/go.mod b/go.mod index e4e0b6b..a47f6e3 100644 --- a/go.mod +++ b/go.mod @@ -13,10 +13,9 @@ require ( github.com/google/uuid v1.6.0 github.com/huin/goupnp v1.3.0 github.com/olekukonko/tablewriter v1.1.4 - github.com/pion/webrtc/v4 v4.2.11 github.com/spf13/cobra v1.10.2 github.com/torrentclaw/go-client v0.2.0 - golang.org/x/term v0.41.0 + golang.org/x/term v0.43.0 golang.org/x/time v0.15.0 golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb ) @@ -107,6 +106,7 @@ require ( github.com/pion/stun/v3 v3.1.1 // indirect github.com/pion/transport/v4 v4.0.1 // indirect github.com/pion/turn/v4 v4.1.4 // indirect + github.com/pion/webrtc/v4 v4.2.11 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/protolambda/ctxlock v0.1.0 // indirect github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect @@ -122,12 +122,12 @@ require ( go.opentelemetry.io/otel v1.42.0 // indirect go.opentelemetry.io/otel/metric v1.42.0 // indirect go.opentelemetry.io/otel/trace v1.42.0 // indirect - golang.org/x/crypto v0.49.0 // indirect + golang.org/x/crypto v0.51.0 // indirect golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 // indirect - golang.org/x/net v0.52.0 // indirect + golang.org/x/net v0.54.0 // indirect golang.org/x/sync v0.20.0 // indirect - golang.org/x/sys v0.42.0 // indirect - golang.org/x/text v0.35.0 // indirect + golang.org/x/sys v0.44.0 // indirect + golang.org/x/text v0.37.0 // indirect golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect gvisor.dev/gvisor v0.0.0-20250503011706-39ed1f5ac29c // indirect lukechampine.com/blake3 v1.4.1 // indirect diff --git a/go.sum b/go.sum index ad123db..d1c9fe6 100644 --- a/go.sum +++ b/go.sum @@ -473,8 +473,8 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= -golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= +golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI= +golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20220428152302-39d4317da171/go.mod h1:lgLbSvA5ygNOMpwM/9anMpWVlVJ7Z+cHWq/eFuinpGE= golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 h1:jiDhWWeC7jfWqR9c/uplMOqJ0sbNlNWv0UkzE0vX1MA= @@ -485,8 +485,8 @@ golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTk golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= -golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= -golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY= +golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM= +golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -500,8 +500,8 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= -golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= +golang.org/x/net v0.54.0 h1:2zJIZAxAHV/OHCDTCOHAYehQzLfSXuf/5SoL/Dv6w/w= +golang.org/x/net v0.54.0/go.mod h1:Sj4oj8jK6XmHpBZU/zWHw3BV3abl4Kvi+Ut7cQcY+cQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -532,18 +532,18 @@ golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ= +golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= -golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= +golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= +golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= -golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -554,8 +554,8 @@ golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.8-0.20211029000441-d6a9af8af023/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= -golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= -golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0= +golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c= +golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/internal/agent/client.go b/internal/agent/client.go index 9aa3c2a..e7f2c37 100644 --- a/internal/agent/client.go +++ b/internal/agent/client.go @@ -91,6 +91,45 @@ func (c *Client) Deregister(ctx context.Context, agentID string) error { return nil } +// ReportUpgradeResult tells the server the outcome of a previously requested +// upgrade so the server can clear `upgrade_requested`. Without this call the +// flag stays sticky and the daemon would re-trigger applyAutoUpgrade on every +// sync after upgrade — even for "already on target version" no-ops. +func (c *Client) ReportUpgradeResult(ctx context.Context, agentID string, success bool, version, errMsg string) error { + req := struct { + AgentID string `json:"agentId"` + Success bool `json:"success"` + Version string `json:"version,omitempty"` + Error string `json:"error,omitempty"` + }{AgentID: agentID, Success: success, Version: version, Error: errMsg} + var resp StatusResponse + if err := c.doPost(ctx, "/api/internal/agent/upgrade-result", req, &resp); err != nil { + return fmt.Errorf("report upgrade result: %w", err) + } + return nil +} + +// MarkSessionReady signals the server that the first HLS segment + init.mp4 +// landed on disk for the given session. The web side flips +// streaming_session.ready_at = NOW(), which its SSE endpoint emits to +// subscribed players so the "Preparando…" UI ends without polling HEAD +// on /hls//master.m3u8. +// +// Best-effort: the server is the source of truth for session state and +// will reach the same conclusion via HEAD probes anyway if this call +// fails. We log the error in the caller but don't retry — by the time +// a retry would land the user is likely already playing. +func (c *Client) MarkSessionReady(ctx context.Context, sessionID string) error { + req := struct { + SessionID string `json:"sessionId"` + }{SessionID: sessionID} + var resp StatusResponse + if err := c.doPost(ctx, "/api/internal/agent/session-ready", req, &resp); err != nil { + return fmt.Errorf("mark session ready: %w", err) + } + return nil +} + // ReportStatus reports download progress. Returns server-side flags the CLI must act on. func (c *Client) ReportStatus(ctx context.Context, update StatusUpdate) (*StatusResponse, error) { var resp StatusResponse diff --git a/internal/agent/daemon.go b/internal/agent/daemon.go index 1c324d5..f7994fb 100644 --- a/internal/agent/daemon.go +++ b/internal/agent/daemon.go @@ -6,10 +6,13 @@ import ( "fmt" "log" "os" + "os/exec" "runtime" "strings" "sync/atomic" "time" + + "github.com/torrentclaw/unarr/internal/upgrade" ) // DaemonConfig holds daemon runtime settings. @@ -25,6 +28,15 @@ type DaemonConfig struct { ScanPaths []string // configured scan paths for file deletion validation HWAccel string // detected encoder backend ("nvenc"/"qsv"/"vaapi"/"videotoolbox"/"none") MaxTranscodeHeight int // resolution cap the agent can transcode comfortably (px) + // Diagnostic data populated by engine.DetectHWAccelDiagnostic at daemon + // start. Surfaced in the web "Diagnose transcoder" modal — lets a user + // see which encoders the ffmpeg binary supports and which devices the + // host exposes without running `unarr probe-hwaccel`. + FFmpegVersion string // first line of `ffmpeg -version` + FFmpegPath string // resolved binary path + HWEncoders []string // HW-class encoder names found in `ffmpeg -encoders` + HWDevices []string // device files + driver bins detected at probe time + AutoUpgrade bool // honor server-flagged upgrades by downloading + restarting (default: true) } // Daemon manages agent registration and the sync loop. @@ -37,7 +49,7 @@ type Daemon struct { // Callbacks — set by cmd/daemon.go before calling Run. OnTasksClaimed func(tasks []Task) OnStreamRequested func(req StreamRequest) - OnWebRTCSession func(sess WebRTCSession) + OnStreamSession func(sess StreamSession) OnControlAction func(action, taskID string, deleteFiles bool) GetActiveCount func() int // returns number of active downloads (wired from manager) @@ -48,6 +60,16 @@ type Daemon struct { State DaemonState lastNotifiedVersion string + // Managed-VPN split-tunnel state, set by cmd/daemon.go before Run and folded + // into DaemonState on every write so external tools (`unarr vpn status`) see it. + vpnActive bool + vpnMode string + vpnServer string + + // CloudFlare Quick Tunnel public URL; folded into DaemonState + heartbeat + // so the web can prefer it over Tailscale/LAN for in-browser playback. + funnelURL string + // Watching tracks whether a user is viewing download progress in the web UI. Watching atomic.Bool @@ -70,6 +92,23 @@ func NewDaemon(cfg DaemonConfig, client *Client) *Daemon { // SyncClient returns the sync client for external wiring. func (d *Daemon) SyncClient() *SyncClient { return d.sync } +// SetVPNState records the managed-VPN split-tunnel state so it's reflected in the +// daemon state file (read by `unarr vpn status`). Call before Run. +func (d *Daemon) SetVPNState(active bool, mode, server string) { + d.vpnActive = active + d.vpnMode = mode + d.vpnServer = server +} + +// SetFunnelURL records the CloudFlare Quick Tunnel hostname so it's reflected +// in the daemon state file (read by `unarr funnel status`) and in heartbeat +// requests (so the web prefers it over Tailscale/LAN). Pass "" to clear. +func (d *Daemon) SetFunnelURL(url string) { + d.funnelURL = url + d.State.FunnelURL = url + WriteState(&d.State) +} + // UpdateStreamPort updates the stream port reported in sync requests. func (d *Daemon) UpdateStreamPort(port int) { d.cfg.StreamPort = port @@ -91,6 +130,14 @@ func (d *Daemon) Register(ctx context.Context) error { TailscaleIP: d.cfg.TailscaleIP, HWAccel: d.cfg.HWAccel, MaxTranscodeHeight: d.cfg.MaxTranscodeHeight, + FFmpegVersion: d.cfg.FFmpegVersion, + FFmpegPath: d.cfg.FFmpegPath, + HWEncoders: d.cfg.HWEncoders, + HWDevices: d.cfg.HWDevices, + VPNActive: d.vpnActive, + VPNMode: d.vpnMode, + VPNServer: d.vpnServer, + FunnelURL: d.funnelURL, } if free, total, err := DiskInfo(d.cfg.DownloadDir); err == nil { req.DiskFreeBytes = free @@ -141,6 +188,10 @@ func (d *Daemon) Register(ctx context.Context) error { PID: os.Getpid(), StartedAt: now, MethodStats: make(map[string]int), + VPNActive: d.vpnActive, + VPNMode: d.vpnMode, + VPNServer: d.vpnServer, + FunnelURL: d.funnelURL, } WriteState(&d.State) @@ -158,6 +209,21 @@ func (d *Daemon) Run(ctx context.Context) error { log.Printf("Agent registered: %s (%s) [%s]", d.User.Name, d.User.Email, d.User.Plan) log.Printf("Features: torrent=%v debrid=%v usenet=%v", d.Features.Torrent, d.Features.Debrid, d.Features.Usenet) + // Usenet needs par2 (segment repair) + an extractor (RAR/7z) on the host. + // Without par2, a single bad segment corrupts the file silently; without + // an extractor, RAR-packed downloads can't be unpacked. Warn loudly at + // startup so the operator installs them before the first download fails. + if d.Features.Usenet { + if _, err := exec.LookPath("par2"); err != nil { + log.Printf("[usenet] WARNING: par2 not found in PATH — corrupted segments cannot be repaired and extraction may fail. Install par2 (apt install par2 / brew install par2).") + } + _, unrarErr := exec.LookPath("unrar") + _, sevenZErr := exec.LookPath("7z") + if unrarErr != nil && sevenZErr != nil { + log.Printf("[usenet] WARNING: no archive extractor (unrar or 7z) found — RAR-packed downloads cannot be unpacked. Install unrar or 7z.") + } + } + // Wire sync callbacks d.sync.OnNewTasks = func(tasks []Task) { if d.OnTasksClaimed != nil { @@ -174,16 +240,22 @@ func (d *Daemon) Run(ctx context.Context) error { d.OnStreamRequested(req) } } - d.sync.OnWebRTCSession = func(sess WebRTCSession) { - if d.OnWebRTCSession != nil { - d.OnWebRTCSession(sess) + d.sync.OnStreamSession = func(sess StreamSession) { + if d.OnStreamSession != nil { + d.OnStreamSession(sess) } } d.sync.OnUpgrade = func(version string) { - if version != d.lastNotifiedVersion { - d.lastNotifiedVersion = version - log.Printf("New version available: %s (run `unarr self-update` to upgrade)", version) + if version == d.lastNotifiedVersion { + return } + d.lastNotifiedVersion = version + if !d.cfg.AutoUpgrade { + log.Printf("[upgrade] new version available: %s — auto_upgrade=false, run `unarr update` to apply", version) + return + } + log.Printf("[upgrade] new version available: %s — applying auto-upgrade", version) + go d.applyAutoUpgrade(version) } d.sync.OnScan = func() { log.Printf("Library scan requested by server") @@ -195,6 +267,12 @@ func (d *Daemon) Run(ctx context.Context) error { d.sync.OnWatchingChange = func(watching bool) { d.Watching.Store(watching) } + d.sync.GetVPNState = func() (bool, string, string) { + return d.vpnActive, d.vpnMode, d.vpnServer + } + d.sync.GetFunnelURL = func() string { + return d.funnelURL + } d.sync.OnSyncSuccess = func() { d.State.LastHeartbeat = time.Now() if d.GetActiveCount != nil { @@ -224,6 +302,67 @@ func (d *Daemon) Deregister() { RemoveState() } +// applyAutoUpgrade downloads the target version and exits so the service +// supervisor (systemd Restart=always on Linux) respawns on the new binary. +// Triggered by the server's upgrade signal — opt-in flag set by the user from +// the web UI; the daemon never auto-upgrades on a passive version bump. +// +// Reports the outcome to /api/internal/agent/upgrade-result so the server +// clears `upgrade_requested`. Without this report the flag stays sticky and +// the daemon would loop on every sync — including the no-op case where it's +// already on the target version. +func (d *Daemon) applyAutoUpgrade(targetVersion string) { + currentClean := strings.TrimPrefix(d.cfg.Version, "v") + targetClean := strings.TrimPrefix(targetVersion, "v") + + // No-op: server signal arrived but we're already running the target. This + // happens when the daemon restarts after a previous auto-upgrade before + // reportUpgradeResult cleared the flag, or when the operator manually + // installed the same version off-band. Skip Execute (which would also + // no-op) AND skip os.Exit, but DO clear the flag — otherwise we loop. + if currentClean == targetClean { + log.Printf("[upgrade] already on v%s — clearing server flag", currentClean) + ctxR, cancelR := context.WithTimeout(context.Background(), 10*time.Second) + defer cancelR() + if err := d.client.ReportUpgradeResult(ctxR, d.cfg.AgentID, true, currentClean, ""); err != nil { + log.Printf("[upgrade] report-result failed (will retry on next signal): %v", err) + } + return + } + + upgrader := &upgrade.Upgrader{ + CurrentVersion: currentClean, + OnProgress: func(msg string) { + log.Printf("[upgrade] %s", msg) + }, + } + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute) + defer cancel() + result := upgrader.Execute(ctx, targetVersion) + if !result.Success { + log.Printf("[upgrade] auto-upgrade failed: %v", result.Error) + errMsg := "" + if result.Error != nil { + errMsg = result.Error.Error() + } + ctxR, cancelR := context.WithTimeout(context.Background(), 10*time.Second) + defer cancelR() + if err := d.client.ReportUpgradeResult(ctxR, d.cfg.AgentID, false, targetClean, errMsg); err != nil { + log.Printf("[upgrade] report-result failed: %v", err) + } + return + } + log.Printf("[upgrade] upgraded v%s → v%s; reporting result + exiting so service supervisor restarts on new binary", + result.OldVersion, result.NewVersion) + ctxR, cancelR := context.WithTimeout(context.Background(), 10*time.Second) + if err := d.client.ReportUpgradeResult(ctxR, d.cfg.AgentID, true, result.NewVersion, ""); err != nil { + log.Printf("[upgrade] report-result failed: %v", err) + } + cancelR() + time.Sleep(500 * time.Millisecond) + os.Exit(0) +} + // isTransientError returns true for errors worth retrying (429, 5xx, network). func isTransientError(err error) bool { if err == nil { diff --git a/internal/agent/mirror_client.go b/internal/agent/mirror_client.go index 0f82202..683b92b 100644 --- a/internal/agent/mirror_client.go +++ b/internal/agent/mirror_client.go @@ -37,19 +37,28 @@ type MirrorsResponse struct { // Hard-coded here (not loaded from config) because the whole point is to // have something to consult when config-driven URLs all fail. // -// Today there is one provider (GitHub Pages). The slice is intentionally -// shaped to take more — a second independent host (Cloudflare Pages, -// IPFS-Fleek, etc.) should be added as soon as it is provisioned. Keep -// any addition in sync with `STATIC_FALLBACKS` in -// `torrentclaw-web/src/lib/mirrors-config.ts` and `Docs/plans/security-stream-token.md`. +// Hosted on IPFS (content-addressed, re-pinnable, no host can take it down +// permanently — same bytes re-pinned anywhere keep the same CID). Multiple +// public gateways are listed so a single gateway being blocked doesn't kill +// the fallback; the /ipfs// path is identical across all gateways. +// +// GitHub Pages was removed 2026-05-17: the whole torrentclaw org is +// shadow-banned (public repos 404 to anonymous users). Do NOT re-add any +// github.io URL. Keep this slice in sync with `STATIC_FALLBACKS` in +// `torrentclaw-web/src/lib/mirrors-config.ts` — when the IPFS CID changes +// (scripts/publish-mirrors-ipfs.sh), update both. // // Future hardening: sign mirrors.json with the same ed25519 release key // (or a sibling) so a hijack of any single static host cannot serve a // malicious mirror list. Today the only signal is "agreement between // independent providers" via cross-checking, which we leave to the // operator. +const mirrorsIPFSCID = "bafybeigwux74fek7uky7nct47z5eqwwnpylakfxppqqnzbuxdw7p3ikfdy" + var DefaultStaticFallbackURLs = []string{ - "https://torrentclaw.github.io/mirrors/mirrors.json", + "https://ipfs.io/ipfs/" + mirrorsIPFSCID + "/mirrors.json", + "https://dweb.link/ipfs/" + mirrorsIPFSCID + "/mirrors.json", + "https://gateway.pinata.cloud/ipfs/" + mirrorsIPFSCID + "/mirrors.json", } // FetchMirrorsWithFallback pulls the mirror list using FetchMirrors against @@ -78,8 +87,8 @@ func FetchMirrorsWithFallback(ctx context.Context, candidates []string, userAgen } // fetchMirrorsJSON pulls a MirrorsResponse from already-fully-qualified URLs -// (e.g. https://torrentclaw.github.io/mirrors/mirrors.json). Each candidate -// is tried in order; the first success wins. +// (e.g. https://ipfs.io/ipfs//mirrors.json). Each candidate is tried +// in order; the first success wins. func fetchMirrorsJSON(ctx context.Context, urls []string, userAgent string) (*MirrorsResponse, error) { if len(urls) == 0 { return nil, fmt.Errorf("no static fallback URLs configured") diff --git a/internal/agent/signal_client.go b/internal/agent/signal_client.go deleted file mode 100644 index 624dc6c..0000000 --- a/internal/agent/signal_client.go +++ /dev/null @@ -1,258 +0,0 @@ -package agent - -import ( - "bufio" - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" -) - -// SignalRole identifies who produced a signalling message. The opposite role -// receives it. -type SignalRole string - -const ( - SignalRoleBrowser SignalRole = "browser" - SignalRoleAgent SignalRole = "agent" -) - -// SignalMessageType matches the server-side z.enum on -// /api/internal/stream/signal/[sessionId] route. -type SignalMessageType string - -const ( - SignalMsgOffer SignalMessageType = "offer" - SignalMsgAnswer SignalMessageType = "answer" - SignalMsgCandidate SignalMessageType = "candidate" - SignalMsgCandidateEnd SignalMessageType = "candidate-end" - SignalMsgBye SignalMessageType = "bye" -) - -// SignalMessage mirrors the bus envelope on the web side. -type SignalMessage struct { - From SignalRole `json:"from"` - Type SignalMessageType `json:"type"` - Payload string `json:"payload"` - TS int64 `json:"ts"` -} - -// PostSignal enqueues a signalling message produced by this agent. The -// browser receives it on its next SSE event push. -func (c *Client) PostSignal(ctx context.Context, sessionID string, msg SignalMessage) error { - body := map[string]any{ - "from": string(SignalRoleAgent), - "type": string(msg.Type), - "payload": msg.Payload, - } - path := fmt.Sprintf("/api/internal/stream/signal/%s", sessionID) - return c.doPost(ctx, path, body, &struct { - OK bool `json:"ok"` - }{}) -} - -// SignalEventStream wraps an open SSE connection. Read messages from Events() -// until the channel closes (server timeout or context cancel). Always defer -// Close() to release the underlying response body. -type SignalEventStream struct { - resp *http.Response - cancel context.CancelFunc - events chan SignalMessage - errs chan error - done chan struct{} -} - -// Events streams browser-produced messages addressed to the agent. -// The channel closes when the SSE connection ends; the caller should then -// call Close() and reopen if it wants to keep listening. -func (s *SignalEventStream) Events() <-chan SignalMessage { return s.events } - -// Err returns the terminating error (if any) once Events() has closed. -func (s *SignalEventStream) Err() error { - select { - case err := <-s.errs: - return err - default: - return nil - } -} - -// Close cancels the underlying HTTP request and waits for the reader goroutine -// to drain. Safe to call more than once. -func (s *SignalEventStream) Close() error { - if s.cancel != nil { - s.cancel() - } - if s.resp != nil { - s.resp.Body.Close() - } - <-s.done - return nil -} - -// OpenSignalStream opens a long-lived SSE connection to the signal events -// endpoint. Caller MUST cancel ctx (or call Close()) to free resources. -// -// The server caps each response at ~25 s; OpenSignalStream surfaces the -// disconnect by closing the events channel. Caller should reopen until the -// session ends. -func (c *Client) OpenSignalStream(ctx context.Context, sessionID string) (*SignalEventStream, error) { - streamCtx, cancel := context.WithCancel(ctx) - - url := fmt.Sprintf("%s/api/internal/stream/signal/%s/events", c.baseURL(), sessionID) - req, err := http.NewRequestWithContext(streamCtx, http.MethodGet, url, nil) - if err != nil { - cancel() - return nil, fmt.Errorf("open signal stream: %w", err) - } - req.Header.Set("Accept", "text/event-stream") - req.Header.Set("Authorization", "Bearer "+c.apiKey) - req.Header.Set("User-Agent", c.userAgent) - req.Header.Set("Cache-Control", "no-cache") - - // Use a per-call client with no timeout (SSE connections are long). - sseClient := &http.Client{} - resp, err := sseClient.Do(req) - if err != nil { - cancel() - return nil, fmt.Errorf("open signal stream: %w", err) - } - if resp.StatusCode != http.StatusOK { - body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024)) - resp.Body.Close() - cancel() - return nil, fmt.Errorf("open signal stream: HTTP %d: %s", resp.StatusCode, strings.TrimSpace(string(body))) - } - - stream := &SignalEventStream{ - resp: resp, - cancel: cancel, - events: make(chan SignalMessage, 8), - errs: make(chan error, 1), - done: make(chan struct{}), - } - - go stream.read() - return stream, nil -} - -// sseMaxLineBytes caps the size of a single SSE line. Real signalling lines -// are JSON payloads of a few hundred bytes; 256 KiB is generous enough to -// survive a future schema bump but small enough that a hostile or buggy -// server cannot grow daemon memory by streaming a single line forever. -const sseMaxLineBytes = 256 * 1024 - -// sseMaxEventBytes caps the total bytes buffered across the lines of one -// SSE event. Without a cap, a peer could send unbounded `data:` continuation -// lines and OOM the daemon between blank-line dispatches. -const sseMaxEventBytes = 1024 * 1024 - -func (s *SignalEventStream) read() { - defer close(s.done) - defer close(s.events) - - scanner := bufio.NewScanner(s.resp.Body) - scanner.Buffer(make([]byte, 16*1024), sseMaxLineBytes) - - var dataBuf bytes.Buffer - var eventName string - - for scanner.Scan() { - line := strings.TrimRight(scanner.Text(), "\r") - if line == "" { - // End of an event — dispatch if we have data. - if dataBuf.Len() == 0 { - eventName = "" - continue - } - if eventName == "" || eventName == "signal" { - var msg SignalMessage - if err := json.Unmarshal(dataBuf.Bytes(), &msg); err == nil { - select { - case s.events <- msg: - case <-s.resp.Request.Context().Done(): - return - } - } - } - dataBuf.Reset() - eventName = "" - continue - } - if strings.HasPrefix(line, ":") { - // SSE comment (heartbeat); ignore. - continue - } - if strings.HasPrefix(line, "event:") { - eventName = strings.TrimSpace(line[len("event:"):]) - continue - } - if strings.HasPrefix(line, "data:") { - payload := strings.TrimSpace(line[len("data:"):]) - // Refuse to grow the event buffer past the cap. Reset so a - // well-formed event after the offender can still be parsed, - // and surface an error so SignalLoop reconnects. - if dataBuf.Len()+len(payload)+1 > sseMaxEventBytes { - dataBuf.Reset() - eventName = "" - select { - case s.errs <- fmt.Errorf("sse: event exceeded %d bytes", sseMaxEventBytes): - default: - } - return - } - if dataBuf.Len() > 0 { - dataBuf.WriteByte('\n') - } - dataBuf.WriteString(payload) - continue - } - // id:, retry:, anything else — ignore for now. - } - if err := scanner.Err(); err != nil { - select { - case s.errs <- err: - default: - } - } -} - -// SignalLoop runs an SSE consumer that reconnects automatically on disconnect. -// onMessage is called for every browser-produced message. Returns when ctx is -// cancelled. Reconnect backoff is fixed at 1 s — the server already paces -// reconnects with `retry: 1500` headers so churn is bounded. -func (c *Client) SignalLoop(ctx context.Context, sessionID string, onMessage func(SignalMessage)) error { - for ctx.Err() == nil { - stream, err := c.OpenSignalStream(ctx, sessionID) - if err != nil { - select { - case <-time.After(time.Second): - case <-ctx.Done(): - return ctx.Err() - } - continue - } - for msg := range stream.Events() { - onMessage(msg) - } - streamErr := stream.Err() - stream.Close() - if ctx.Err() != nil { - return ctx.Err() - } - // Server closes the SSE every ~25 s; reconnect immediately. - // Hard error → small backoff so we don't hammer. - if streamErr != nil { - select { - case <-time.After(time.Second): - case <-ctx.Done(): - return ctx.Err() - } - } - } - return ctx.Err() -} diff --git a/internal/agent/signal_client_test.go b/internal/agent/signal_client_test.go deleted file mode 100644 index 796b545..0000000 --- a/internal/agent/signal_client_test.go +++ /dev/null @@ -1,196 +0,0 @@ -package agent - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - "net/http/httptest" - "strings" - "sync" - "testing" - "time" -) - -// fakeSSEServer streams a fixed set of SSE events then closes the connection. -func fakeSSEServer(t *testing.T, msgs []SignalMessage, holdOpenAfter bool) *httptest.Server { - t.Helper() - return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Header.Get("Authorization") != "Bearer test-key" { - http.Error(w, "auth", http.StatusUnauthorized) - return - } - w.Header().Set("Content-Type", "text/event-stream") - w.Header().Set("Cache-Control", "no-cache") - flusher, ok := w.(http.Flusher) - if !ok { - t.Fatal("server: ResponseWriter is not a Flusher") - } - fmt.Fprint(w, "retry: 1500\n\n") - flusher.Flush() - for _, m := range msgs { - data, _ := json.Marshal(m) - fmt.Fprintf(w, "id: %d\nevent: signal\ndata: %s\n\n", m.TS, data) - flusher.Flush() - } - // Send a heartbeat comment to verify it's ignored. - fmt.Fprint(w, ": heartbeat\n\n") - flusher.Flush() - if holdOpenAfter { - // Hold the connection until the client disconnects so the test can - // exercise stream.Close(). - <-r.Context().Done() - } - })) -} - -func TestSignalStreamReadsMessages(t *testing.T) { - want := []SignalMessage{ - {From: SignalRoleBrowser, Type: SignalMsgOffer, Payload: "{sdp:1}", TS: 1}, - {From: SignalRoleBrowser, Type: SignalMsgCandidate, Payload: "{cand:1}", TS: 2}, - } - srv := fakeSSEServer(t, want, false) - defer srv.Close() - - c := NewClient(srv.URL, "test-key", "test-ua") - ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second) - defer cancel() - - stream, err := c.OpenSignalStream(ctx, "session-1") - if err != nil { - t.Fatalf("open: %v", err) - } - defer stream.Close() - - var got []SignalMessage - for m := range stream.Events() { - got = append(got, m) - if len(got) == len(want) { - break - } - } - if len(got) != len(want) { - t.Fatalf("got %d messages, want %d", len(got), len(want)) - } - for i, m := range got { - if m.From != want[i].From || m.Type != want[i].Type || m.Payload != want[i].Payload { - t.Errorf("[%d] mismatch: %+v want %+v", i, m, want[i]) - } - } -} - -func TestSignalStreamPropagatesAuthError(t *testing.T) { - srv := fakeSSEServer(t, nil, false) - defer srv.Close() - - c := NewClient(srv.URL, "wrong-key", "test-ua") - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) - defer cancel() - - _, err := c.OpenSignalStream(ctx, "session-1") - if err == nil { - t.Fatal("expected auth error, got nil") - } -} - -func TestSignalStreamCloseCancelsRead(t *testing.T) { - srv := fakeSSEServer(t, nil, true) - defer srv.Close() - - c := NewClient(srv.URL, "test-key", "test-ua") - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) - defer cancel() - - stream, err := c.OpenSignalStream(ctx, "session-1") - if err != nil { - t.Fatalf("open: %v", err) - } - - // Close on a separate goroutine then make sure the events channel drains. - var wg sync.WaitGroup - wg.Add(1) - go func() { - defer wg.Done() - time.Sleep(50 * time.Millisecond) - stream.Close() - }() - - for range stream.Events() { - // drain - } - wg.Wait() -} - -// TestSignalStreamRejectsOversizedEvent verifies that a hostile or buggy -// server sending an unbounded `data:` event surfaces an error and stops -// the reader instead of growing daemon memory forever. -func TestSignalStreamRejectsOversizedEvent(t *testing.T) { - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Header.Get("Authorization") != "Bearer test-key" { - http.Error(w, "auth", http.StatusUnauthorized) - return - } - w.Header().Set("Content-Type", "text/event-stream") - flusher := w.(http.Flusher) - // Send many data: continuation lines until we blow past the - // per-event cap. Each chunk is a short legitimate-looking line. - chunk := "data: " + strings.Repeat("x", 4096) + "\n" - fmt.Fprint(w, "event: signal\n") - for i := 0; i < (sseMaxEventBytes/4096)+8; i++ { - fmt.Fprint(w, chunk) - } - flusher.Flush() - <-r.Context().Done() - })) - defer srv.Close() - - c := NewClient(srv.URL, "test-key", "test-ua") - ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second) - defer cancel() - - stream, err := c.OpenSignalStream(ctx, "session-overflow") - if err != nil { - t.Fatalf("open: %v", err) - } - defer stream.Close() - - for range stream.Events() { - // Should never receive a parsed event — the over-sized buffer must - // be rejected before dispatch. - } - if err := stream.Err(); err == nil { - t.Fatal("expected error from oversized event, got nil") - } -} - -func TestPostSignalSendsCorrectBody(t *testing.T) { - var bodySeen map[string]any - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Header.Get("Authorization") != "Bearer test-key" { - http.Error(w, "auth", http.StatusUnauthorized) - return - } - _ = json.NewDecoder(r.Body).Decode(&bodySeen) - w.Header().Set("Content-Type", "application/json") - fmt.Fprint(w, `{"ok":true}`) - })) - defer srv.Close() - - c := NewClient(srv.URL, "test-key", "test-ua") - err := c.PostSignal(context.Background(), "sess-x", SignalMessage{ - Type: SignalMsgAnswer, - Payload: "{sdp:answer}", - }) - if err != nil { - t.Fatalf("post: %v", err) - } - if bodySeen["from"] != string(SignalRoleAgent) { - t.Errorf("expected from=agent, got %v", bodySeen["from"]) - } - if bodySeen["type"] != string(SignalMsgAnswer) { - t.Errorf("expected type=answer, got %v", bodySeen["type"]) - } - if bodySeen["payload"] != "{sdp:answer}" { - t.Errorf("expected payload mismatch, got %v", bodySeen["payload"]) - } -} diff --git a/internal/agent/state.go b/internal/agent/state.go index 0bbd246..cc08ae5 100644 --- a/internal/agent/state.go +++ b/internal/agent/state.go @@ -2,6 +2,8 @@ package agent import ( "encoding/json" + "errors" + "fmt" "os" "path/filepath" "time" @@ -9,6 +11,13 @@ import ( "github.com/torrentclaw/unarr/internal/config" ) +// ErrDaemonNotRunning is returned when no daemon state file exists on disk. +// Callers may wrap it with %w; downstream code uses errors.Is to detect it. +// NOTE: the message text is matched by the sentry package (string-match, to +// avoid an import cycle). Keep the prefix "daemon does not appear to be +// running" stable, or update sentry.daemonNotRunningMarker accordingly. +var ErrDaemonNotRunning = errors.New("daemon does not appear to be running (state file not found)") + // DaemonState is written to disk every heartbeat for external tools to read. type DaemonState struct { AgentID string `json:"agentId"` @@ -22,6 +31,18 @@ type DaemonState struct { FailedCount int `json:"failedCount"` TotalDownloaded int64 `json:"totalDownloaded"` MethodStats map[string]int `json:"methodStats,omitempty"` + + // Managed-VPN split-tunnel state, so `unarr vpn status` can report whether + // torrent traffic is actually being routed through the tunnel (vs. the daemon + // running but the tunnel having failed to come up → downloading in the clear). + VPNActive bool `json:"vpnActive,omitempty"` + VPNMode string `json:"vpnMode,omitempty"` // managed | self-hosted + VPNServer string `json:"vpnServer,omitempty"` // WireGuard endpoint (ip:port) + + // CloudFlare Quick Tunnel state, so `unarr funnel status` can report the + // HTTPS hostname the daemon is reachable at from anywhere on the internet. + // Empty when the funnel is off or hasn't registered yet. + FunnelURL string `json:"funnelUrl,omitempty"` } // stateFilePathFn is overridable for testing. @@ -57,17 +78,31 @@ func WriteState(state *DaemonState) { os.Rename(tmp, path) } -// ReadState reads the daemon state from disk. Returns nil if not found. +// ReadState reads the daemon state from disk. Returns nil if not found or +// unreadable. Use LoadState when callers need to distinguish "not running" +// from "state file corrupted". func ReadState() *DaemonState { + state, _ := LoadState() + return state +} + +// LoadState reads the daemon state and returns explicit errors: +// - ErrDaemonNotRunning when the state file does not exist +// - a wrapped json error when the file exists but cannot be decoded +// (a real bug worth reporting to Sentry) +func LoadState() (*DaemonState, error) { data, err := os.ReadFile(StateFilePath()) if err != nil { - return nil + if errors.Is(err, os.ErrNotExist) { + return nil, ErrDaemonNotRunning + } + return nil, err } var state DaemonState - if json.Unmarshal(data, &state) != nil { - return nil + if err := json.Unmarshal(data, &state); err != nil { + return nil, fmt.Errorf("decode daemon state %s: %w", StateFilePath(), err) } - return &state + return &state, nil } // RemoveState deletes the state file (called on clean shutdown). diff --git a/internal/agent/state_test.go b/internal/agent/state_test.go index 6c9abdd..7e275be 100644 --- a/internal/agent/state_test.go +++ b/internal/agent/state_test.go @@ -1,6 +1,7 @@ package agent import ( + "errors" "os" "path/filepath" "testing" @@ -104,3 +105,39 @@ func TestReadStateCorruptedJSON(t *testing.T) { t.Errorf("ReadState() should return nil for corrupted JSON, got %+v", state) } } + +func TestLoadStateNotFound(t *testing.T) { + tmpDir := t.TempDir() + origFn := stateFilePathFn + stateFilePathFn = func() string { return filepath.Join(tmpDir, "nonexistent.json") } + defer func() { stateFilePathFn = origFn }() + + state, err := LoadState() + if state != nil { + t.Errorf("LoadState() state = %+v, want nil", state) + } + if !errors.Is(err, ErrDaemonNotRunning) { + t.Errorf("LoadState() err = %v, want ErrDaemonNotRunning", err) + } +} + +func TestLoadStateCorruptedJSON(t *testing.T) { + tmpDir := t.TempDir() + origFn := stateFilePathFn + path := filepath.Join(tmpDir, "daemon.state.json") + stateFilePathFn = func() string { return path } + defer func() { stateFilePathFn = origFn }() + + os.WriteFile(path, []byte("not valid json{{{"), 0o644) + + state, err := LoadState() + if state != nil { + t.Errorf("LoadState() state = %+v, want nil", state) + } + if err == nil { + t.Fatal("LoadState() err = nil, want decode error") + } + if errors.Is(err, ErrDaemonNotRunning) { + t.Error("corrupt state must not be reported as ErrDaemonNotRunning — it would be filtered from Sentry") + } +} diff --git a/internal/agent/sync.go b/internal/agent/sync.go index 864de8a..ac856a5 100644 --- a/internal/agent/sync.go +++ b/internal/agent/sync.go @@ -29,13 +29,20 @@ type SyncClient struct { OnNewTasks func(tasks []Task) OnControl func(action, taskID string, deleteFiles bool) OnStreamRequest func(req StreamRequest) - OnWebRTCSession func(sess WebRTCSession) + OnStreamSession func(sess StreamSession) OnUpgrade func(version string) OnScan func() OnWatchingChange func(watching bool) OnSyncSuccess func() // called after each successful sync (e.g. to update state file) GetFreeSlots func() int GetTaskStates func() []TaskState // returns current state of all active + recently finished tasks + // GetVPNState returns the live managed-VPN split-tunnel state (whether the + // WireGuard tunnel is up, the mode, and the exit server) so the web can track + // which agent holds the single WG slot. + GetVPNState func() (active bool, mode, server string) + // GetFunnelURL returns the CloudFlare Quick Tunnel public hostname if one + // is active, else "". Sent on every sync so the web picks it up live. + GetFunnelURL func() string // OnDeleteFiles is called when the server requests file deletion from disk. // It should delete the files and return the IDs of successfully deleted items. OnDeleteFiles func(items []LibraryDeleteRequest) []int @@ -155,6 +162,12 @@ func (sc *SyncClient) buildRequest() SyncRequest { if sc.GetFreeSlots != nil { req.FreeSlots = sc.GetFreeSlots() } + if sc.GetVPNState != nil { + req.VPNActive, req.VPNMode, req.VPNServer = sc.GetVPNState() + } + if sc.GetFunnelURL != nil { + req.FunnelURL = sc.GetFunnelURL() + } // Flush confirmed deletions from previous cycle. // Once flushed, remove IDs from deleteInFlight — the server will stop sending // them after this sync, so deduplication protection is no longer needed. @@ -192,10 +205,10 @@ func (sc *SyncClient) processResponse(resp *SyncResponse) { } } - // WebRTC streaming sessions - for _, ws := range resp.WebRTCSessions { - if sc.OnWebRTCSession != nil { - sc.OnWebRTCSession(ws) + // HLS streaming sessions. + for _, ws := range resp.StreamSessions { + if sc.OnStreamSession != nil { + sc.OnStreamSession(ws) } } diff --git a/internal/agent/types.go b/internal/agent/types.go index 487e681..ae87bb6 100644 --- a/internal/agent/types.go +++ b/internal/agent/types.go @@ -26,6 +26,26 @@ type RegisterRequest struct { // up to 2160p. HWAccel string `json:"hwAccel,omitempty"` MaxTranscodeHeight int `json:"maxTranscodeHeight,omitempty"` + // Diagnostic surface filled by engine.DetectHWAccelDiagnostic at daemon + // start. Surfaced in the web "Diagnose transcoder" modal so users can + // see *why* their HWAccel landed on "none" without running + // `unarr probe-hwaccel` locally — most commonly the ffmpeg binary + // shipped without HW encoders (linuxbrew, brew's default formula). + FFmpegVersion string `json:"ffmpegVersion,omitempty"` + FFmpegPath string `json:"ffmpegPath,omitempty"` + HWEncoders []string `json:"hwEncoders,omitempty"` + HWDevices []string `json:"hwDevices,omitempty"` + // Managed-VPN split-tunnel state. The web tracks which agent holds the single + // WireGuard slot (1 VPNResellers account = 1 WG keypair = 1 concurrent + // connection); other agents are told to use OpenVPN on their host instead. + // VPNActive has no omitempty: false is a meaningful state (tunnel down), not + // "unset" — the server must see it to release the slot. + VPNActive bool `json:"vpnActive"` + VPNMode string `json:"vpnMode,omitempty"` // managed | self-hosted + VPNServer string `json:"vpnServer,omitempty"` + // CloudFlare Quick Tunnel hostname when enabled; the web prefers it over + // Tailscale/LAN for in-browser playback because it works on any network. + FunnelURL string `json:"funnelUrl,omitempty"` } // RegisterResponse is returned by the server after registration. @@ -344,6 +364,15 @@ type SyncRequest struct { Tasks []TaskState `json:"tasks"` CanDelete bool `json:"canDelete"` // library.allow_delete is enabled DeleteConfirmed []int `json:"deleteConfirmed,omitempty"` // library item IDs successfully deleted from disk + // Live managed-VPN split-tunnel state, sent every sync so the web sees the + // WireGuard slot owner update in near-realtime (vs. register, once at startup). + // VPNActive has no omitempty: false (tunnel down) must reach the server so it + // releases the slot, not be elided as "unset". + VPNActive bool `json:"vpnActive"` + VPNMode string `json:"vpnMode,omitempty"` + VPNServer string `json:"vpnServer,omitempty"` + // CloudFlare Quick Tunnel hostname when enabled, else empty. + FunnelURL string `json:"funnelUrl,omitempty"` } // ControlAction represents a server-side control signal for a task. @@ -359,29 +388,22 @@ type LibraryDeleteRequest struct { FilePath string `json:"filePath"` } -// WebRTCSession is a request to open a streaming session for a browser -// player. Transport selects the on-the-wire protocol: empty/"webrtc" runs the -// legacy custom WebRTC DataChannel pipeline; "hls" spawns an HLS session -// (ffmpeg producing fragmented MP4 served over HTTP). The CLI must POST an -// SDP answer to /api/internal/stream/signal/ for WebRTC sessions -// and register the HLS session in the StreamServer's HLS registry for HLS -// sessions; either way the source bytes come from FilePath (or, when only -// InfoHash is set, from a download_task on disk). -type WebRTCSession struct { - SessionID string `json:"sessionId"` - // Transport selects the streaming protocol. "" or "webrtc" → legacy - // WebRTC + MSE pipeline (Phase 1). "hls" → HLS over HTTP (Phase 2). - Transport string `json:"transport,omitempty"` - FilePath string `json:"filePath,omitempty"` - InfoHash string `json:"infoHash,omitempty"` - TaskID string `json:"taskId,omitempty"` - FileName string `json:"fileName,omitempty"` - FileSize int64 `json:"fileSize,omitempty"` +// StreamSession is a request to open an HLS streaming session for an +// in-browser player. The CLI registers the HLS session in the StreamServer's +// HLS registry; source bytes come from FilePath (or, when only InfoHash is +// set, from a download_task on disk). +type StreamSession struct { + SessionID string `json:"sessionId"` + FilePath string `json:"filePath,omitempty"` + InfoHash string `json:"infoHash,omitempty"` + TaskID string `json:"taskId,omitempty"` + FileName string `json:"fileName,omitempty"` + FileSize int64 `json:"fileSize,omitempty"` // Quality target the daemon should aim for when transcoding. One of // "2160p" | "1080p" | "720p" | "480p" | "original" | "" (defer to config). Quality string `json:"quality,omitempty"` // AudioIndex selects the source audio track (-map 0:a:N). -1 means - // "use the default/first track" (HLS) or ignored (WebRTC). + // "use the default/first track". AudioIndex int `json:"audioIndex,omitempty"` } @@ -390,7 +412,7 @@ type SyncResponse struct { NewTasks []Task `json:"newTasks,omitempty"` Controls []ControlAction `json:"controls,omitempty"` StreamRequests []StreamRequest `json:"streamRequests,omitempty"` - WebRTCSessions []WebRTCSession `json:"webrtcSessions,omitempty"` + StreamSessions []StreamSession `json:"streamSessions,omitempty"` Watching bool `json:"watching"` Upgrade *UpgradeSignal `json:"upgrade,omitempty"` Scan bool `json:"scan,omitempty"` diff --git a/internal/cmd/daemon.go b/internal/cmd/daemon.go index 771e9b4..2e0c074 100644 --- a/internal/cmd/daemon.go +++ b/internal/cmd/daemon.go @@ -17,6 +17,7 @@ import ( "github.com/torrentclaw/unarr/internal/agent" "github.com/torrentclaw/unarr/internal/config" "github.com/torrentclaw/unarr/internal/engine" + "github.com/torrentclaw/unarr/internal/funnel" "github.com/torrentclaw/unarr/internal/library" "github.com/torrentclaw/unarr/internal/library/mediainfo" "github.com/torrentclaw/unarr/internal/usenet/download" @@ -142,7 +143,19 @@ func runDaemonStart() error { // is what the web side uses to decide whether the user should pre-empt // transcoding by downloading a smaller version (4K source on a software // libx264-only host is the canonical case where pre-download wins). - hwAccelPick := engine.DetectHWAccel(context.Background(), cfg.Library.FFmpegPath) + // + // Use the full diagnostic (encoders + devices + ffmpeg version) instead + // of just the picked backend — the extra fields ride along in the + // register payload so the web "Diagnose transcoder" modal can show *why* + // libx264 was selected on a host with a GPU (e.g. brew's ffmpeg without + // --enable-nvenc). 10 s ceiling so a hung ffmpeg binary can't stall + // startup forever. + ffmpegResolved, _ := mediainfo.ResolveFFmpeg(cfg.Library.FFmpegPath) + probeCtx, probeCancel := context.WithTimeout(context.Background(), 10*time.Second) + defer probeCancel() // guard against a panic inside DetectHWAccelDiagnostic + hwDiag := engine.DetectHWAccelDiagnostic(probeCtx, ffmpegResolved) + log.Println(hwDiag.LogLine()) + hwAccelPick := hwDiag.Pick maxTranscodeHeight := 1080 if hwAccelPick != engine.HWAccelNone { maxTranscodeHeight = 2160 @@ -161,6 +174,11 @@ func runDaemonStart() error { ScanPaths: library.ResolveScanPaths(cfg.Download.Dir, cfg.Organize.MoviesDir, cfg.Organize.TVShowsDir, cfg.Library.ScanPath), HWAccel: string(hwAccelPick), MaxTranscodeHeight: maxTranscodeHeight, + FFmpegVersion: hwDiag.FFmpegVersion, + FFmpegPath: hwDiag.FFmpegPath, + HWEncoders: hwDiag.Encoders, + HWDevices: hwDiag.Devices, + AutoUpgrade: cfg.Daemon.AutoUpgradeEnabled(), } // Create HTTP client with mirror failover so a `.com` block-out rolls @@ -217,12 +235,12 @@ func runDaemonStart() error { apiURL = "https://torrentclaw.com" } fetchCtx, cancel := context.WithTimeout(context.Background(), 25*time.Second) - conf, ferr := vpn.FetchConfig(fetchCtx, apiURL, cfg.Auth.APIKey, "unarr/"+Version) + conf, ferr := vpn.FetchConfig(fetchCtx, apiURL, cfg.Auth.APIKey, "unarr/"+Version, cfg.Agent.ID, false) cancel() var fe *vpn.FetchError switch { case ferr != nil && errors.As(ferr, &fe) && fe.Code == vpn.ErrSlotOnDevice: - log.Printf("[vpn] slot is active on one of your devices — downloads will NOT use the VPN. Switch the slot to unarr in your profile to protect downloads.") + log.Printf("[vpn] the single WireGuard slot is already held by another unarr agent — this one downloads in the clear. To protect this machine too, set up OpenVPN on it (1 agent uses WireGuard, the rest use OpenVPN — up to 10). See https://torrentclaw.com/vpn") case ferr != nil: log.Printf("[vpn] could not enable VPN (%v) — downloading in the clear", ferr) default: @@ -236,6 +254,15 @@ func runDaemonStart() error { } } + // Record VPN split-tunnel state for `unarr vpn status`. + if vpnTunnel != nil { + mode := "managed" + if cfg.Download.VPN.ConfigFile != "" { + mode = "self-hosted" + } + d.SetVPNState(true, mode, vpnTunnel.Endpoint) + } + // Create torrent downloader torrentDl, err := engine.NewTorrentDownloader(engine.TorrentConfig{ DataDir: cfg.Download.Dir, @@ -246,9 +273,6 @@ func runDaemonStart() error { MaxUploadRate: maxUl, ListenPort: cfg.Download.ListenPort, SeedEnabled: false, - WebRTCEnabled: cfg.Download.WebRTC.Enabled, - WebRTCTrackers: cfg.Download.WebRTC.Trackers, - ICEServers: engine.BuildICEServers(cfg.Download.WebRTC), VPNTunnel: vpnTunnel, }) if err != nil { @@ -285,18 +309,61 @@ func runDaemonStart() error { // Create persistent stream server streamSrv := engine.NewStreamServer(cfg.Download.StreamPort) streamSrv.SetUPnPEnabled(cfg.Download.EnableUPnP) - streamSrv.SetCORSAllowedOrigins(cfg.Download.CORSExtraOrigins) + // CORS extras = operator config + dynamic mirror list from /api/mirrors. + // Without the mirror merge, a user playing from `torrentclaw.to` (or any + // future mirror) hits the daemon, gets 200 + body, but no + // `Access-Control-Allow-Origin` → browser drops the response → player + // reports "404 todos los canales". Fetching /api/mirrors at startup + // future-proofs against mirror additions without a CLI rebuild. + corsExtras := append([]string(nil), cfg.Download.CORSExtraOrigins...) + corsExtras = append(corsExtras, mirrorCORSOrigins(ctx, cfg, userAgent)...) + streamSrv.SetCORSAllowedOrigins(corsExtras) // Reap HLS tmpdirs left over from a previous daemon run before we start // accepting new sessions. The in-memory registry doesn't survive a // restart, so without this disk usage grows unbounded across restarts. if err := engine.CleanupHLSOrphanDirs(); err != nil { log.Printf("[hls] orphan tmpdir cleanup: %v", err) } + + // Persistent HLS segment cache — survives across sessions so re-plays + // of the same file at the same quality skip ffmpeg entirely. Off when + // hls_cache.enabled = false; size cap from hls_cache.size_gb; path from + // hls_cache.dir (defaults to ~/.cache/unarr/hls-cache). + var hlsCache *engine.HLSCache + if cfg.Download.HLSCache.Enabled { + cacheDir := cfg.Download.HLSCache.Dir + if cacheDir == "" { + if base, err := os.UserCacheDir(); err == nil { + cacheDir = filepath.Join(base, "unarr", "hls-cache") + } else { + cacheDir = filepath.Join(os.TempDir(), "unarr-hls-cache") + } + } + c, err := engine.NewHLSCache(cacheDir, cfg.Download.HLSCache.SizeGB) + if err != nil { + log.Printf("[hls_cache] init failed (%v) — falling back to per-session tmpdirs", err) + } else { + hlsCache = c + hlsCache.StartSweeper(ctx, time.Hour) + log.Printf("[hls_cache] enabled: dir=%s budget=%dGB", cacheDir, cfg.Download.HLSCache.SizeGB) + } + } else { + log.Printf("[hls_cache] disabled by config — every play re-encodes from scratch") + } if err := streamSrv.Listen(ctx); err != nil { return fmt.Errorf("start stream server: %w", err) } d.UpdateStreamPort(streamSrv.Port()) + // CloudFlare Quick Tunnel — needs the ACTUAL listening port (the + // configured port may have been busy and bumped). Spawning here ensures + // cloudflared --url points at the right socket. Failures degrade to + // Tailscale/LAN only; the supervisor keeps the tunnel up across CF's + // periodic rotation + transient cloudflared crashes. + if cfg.Download.Funnel.Enabled { + go superviseFunnel(ctx, d, streamSrv.Port()) + } + // Warn at startup if transcode is enabled but ffmpeg/ffprobe are missing. // HLS sessions get rejected at runtime (see daemon.go ~line 455), but // surfacing it here gives the operator a chance to install ffmpeg before @@ -321,13 +388,7 @@ func runDaemonStart() error { // Wire: sync receives new tasks → submit to manager or handle stream d.OnTasksClaimed = func(tasks []agent.Task) { for _, t := range tasks { - if t.Mode == "seed_file" { - // Browser asked us to wrap an arbitrary on-disk file as - // a single-file torrent + seed it via WebRTC. Runs in - // its own goroutine so a slow / failing seed can't - // stall the rest of the claim batch. - go handleSeedFileTask(t, torrentDl, agentClient) - } else if t.Mode == "stream" { + if t.Mode == "stream" { if isStreamingTask(t.ID) { continue } @@ -488,23 +549,23 @@ func runDaemonStart() error { }() } - // Wire: sync receives custom WebRTC streaming session requests. - // Each session is a one-shot browser↔daemon DataChannel. Validate the - // FilePath against allowed dirs to prevent path traversal abuse from a - // compromised server, then spawn the pion peer in its own goroutine. - d.OnWebRTCSession = func(sess agent.WebRTCSession) { - if webrtcRegistry.has(sess.SessionID) { + // Wire: sync receives HLS streaming session requests. Each session spawns + // one ffmpeg process and registers its HLS playlist with the StreamServer. + // Validate FilePath against allowed dirs to prevent path traversal abuse + // from a compromised server. + d.OnStreamSession = func(sess agent.StreamSession) { + if playerSessionRegistry.has(sess.SessionID) { return // already running } filePath := sess.FilePath if filePath == "" { - log.Printf("webrtc session %s rejected: empty file path", agent.ShortID(sess.SessionID)) + log.Printf("[hls %s] rejected: empty file path", agent.ShortID(sess.SessionID)) return } filePath = filepath.Clean(filePath) if !isAllowedStreamPath(filePath, cfg.Download.Dir, cfg.Library.ScanPath, cfg.Organize.MoviesDir, cfg.Organize.TVShowsDir) { - log.Printf("webrtc session %s rejected: path outside allowed dirs: %s", + log.Printf("[hls %s] rejected: path outside allowed dirs: %s", agent.ShortID(sess.SessionID), filePath) return } @@ -512,74 +573,50 @@ func runDaemonStart() error { if info, err := os.Stat(filePath); err == nil && info.IsDir() { found := engine.FindVideoFile(filePath) if found == "" { - log.Printf("webrtc session %s rejected: no video file in dir %s", + log.Printf("[hls %s] rejected: no video file in dir %s", agent.ShortID(sess.SessionID), filePath) return } filePath = found } - // Branch on transport: HLS sessions only need ffmpeg + StreamServer, - // not a WebRTC peer, so they must bypass the WebRTC.Enabled gate. - // Default ("" or "webrtc") runs the DataChannel pipeline and requires it. - if strings.EqualFold(sess.Transport, "hls") { - tcRuntime := buildTranscodeRuntime(ctx, cfg) - if tcRuntime.FFmpegPath == "" || tcRuntime.FFprobePath == "" { - log.Printf("[hls %s] rejected: ffmpeg/ffprobe unavailable", agent.ShortID(sess.SessionID)) - return - } - hlsCtx, hlsCancel := context.WithCancel(ctx) - webrtcRegistry.add(sess.SessionID, hlsCancel) - hlsCfg := engine.HLSSessionConfig{ - SessionID: sess.SessionID, - SourcePath: filePath, - FileName: sess.FileName, - Quality: sess.Quality, - AudioIndex: sess.AudioIndex, - Transcode: tcRuntime, - } + tcRuntime := buildTranscodeRuntime(ctx, cfg) + if tcRuntime.FFmpegPath == "" || tcRuntime.FFprobePath == "" { + log.Printf("[hls %s] rejected: ffmpeg/ffprobe unavailable", agent.ShortID(sess.SessionID)) + return + } + hlsCtx, hlsCancel := context.WithCancel(ctx) + playerSessionRegistry.add(sess.SessionID, hlsCancel) + hlsCfg := engine.HLSSessionConfig{ + SessionID: sess.SessionID, + SourcePath: filePath, + FileName: sess.FileName, + Quality: sess.Quality, + AudioIndex: sess.AudioIndex, + Transcode: tcRuntime, + Cache: hlsCache, + } + // StartHLSSession runs ffprobe (15 s cap, typical 0.3–1 s) before + // returning. Doing this synchronously inside the sync handler holds + // the next sync HTTP cycle until ffprobe is done, so any other + // pending actions (new tasks, deletes) wait too. Hand it off so + // the sync loop returns immediately — browser HEAD probes already + // have a 30 s retry budget that absorbs the gap until + // `streamSrv.HLS().Register` lands. + go func() { hsess, err := engine.StartHLSSession(hlsCtx, hlsCfg) if err != nil { - webrtcRegistry.remove(sess.SessionID) + playerSessionRegistry.remove(sess.SessionID) hlsCancel() log.Printf("[hls %s] start failed: %v", agent.ShortID(sess.SessionID), err) return } streamSrv.HLS().Register(hsess) - return - } - - // Non-HLS transport requires WebRTC peer support. - if !cfg.Download.WebRTC.Enabled { - log.Printf("webrtc session %s rejected: webrtc disabled in config", agent.ShortID(sess.SessionID)) - return - } - - sessCtx, sessCancel := context.WithCancel(ctx) //nolint:gosec // G118 cancel stored in registry - webrtcRegistry.add(sess.SessionID, sessCancel) - go func() { - defer func() { - webrtcRegistry.remove(sess.SessionID) - sessCancel() - }() - tcRuntime := buildTranscodeRuntime(ctx, cfg) - runCfg := engine.WebRTCStreamConfig{ - SessionID: sess.SessionID, - FilePath: filePath, - FileName: sess.FileName, - FileSize: sess.FileSize, - Quality: sess.Quality, - ICEServers: engine.BuildICEServers(cfg.Download.WebRTC), - Signal: agentClient, - Logger: stdLogger{}, - Transcode: tcRuntime, - } - log.Printf("[wrtc %s] starting session: %s", agent.ShortID(sess.SessionID), filepath.Base(filePath)) - if err := engine.RunWebRTCStream(sessCtx, runCfg); err != nil { - if sessCtx.Err() == nil { - log.Printf("[wrtc %s] ended: %v", agent.ShortID(sess.SessionID), err) - } - } + // Tell the server seg-0 is on disk as soon as it lands so the + // player's SSE subscription flips its "Preparando…" UI without + // waiting for the browser HEAD-probe loop to discover it + // independently. Cache-HIT sessions are ready immediately. + go watchSessionReady(hlsCtx, agentClient, hsess, sess.SessionID) }() } @@ -649,7 +686,7 @@ func runDaemonStart() error { case sig := <-sigCh: fmt.Printf("\n Received %s, shutting down...\n", sig) cancelStreamContexts() - cancelAllWebRTCSessions() + cancelAllPlayerSessions() streamSrv.Shutdown(context.Background()) cancel() @@ -664,7 +701,7 @@ func runDaemonStart() error { case err := <-errCh: cancelStreamContexts() - cancelAllWebRTCSessions() + cancelAllPlayerSessions() streamSrv.Shutdown(context.Background()) cancel() return err @@ -812,3 +849,144 @@ func runAutoScan(ctx context.Context, cfg config.Config, interval time.Duration, } } } + +// superviseFunnel keeps a CloudFlare Quick Tunnel up across cloudflared +// crashes and CF's ~6h tunnel rotation. On a clean exit (cancellation) it +// returns; on a crash it clears the reported URL and respawns with an +// exponential backoff so we don't hammer cloudflared into a tight loop when +// it can't reach the CF edge. +func superviseFunnel(ctx context.Context, d *agent.Daemon, port int) { + backoff := 2 * time.Second + const maxBackoff = 5 * time.Minute + for ctx.Err() == nil { + t, err := funnel.Start(ctx, funnel.Config{Port: port}) + if err != nil { + log.Printf("[funnel] could not start CloudFlare tunnel (%v) — retrying in %s", err, backoff) + select { + case <-time.After(backoff): + case <-ctx.Done(): + return + } + backoff = min(backoff*2, maxBackoff) + continue + } + log.Printf("[funnel] cloudflared started, waiting for public URL...") + go func() { + url, werr := t.WaitURL(45 * time.Second) + if werr != nil { + log.Printf("[funnel] cloudflared did not emit a URL (%v)", werr) + return + } + log.Printf("[funnel] public URL: %s", url) + d.SetFunnelURL(url) + }() + // Block until cloudflared exits (CF rotation, crash, or shutdown). + exitErr := <-t.Done() + _ = t.Close() + d.SetFunnelURL("") + if ctx.Err() != nil { + return + } + if exitErr != nil { + log.Printf("[funnel] cloudflared exited: %v — restarting in %s", exitErr, backoff) + } else { + log.Printf("[funnel] cloudflared exited cleanly — restarting in %s", backoff) + } + select { + case <-time.After(backoff): + case <-ctx.Done(): + return + } + backoff = min(backoff*2, maxBackoff) + } +} + +// mirrorCORSOrigins fetches /api/mirrors from the configured primary (+ extra +// mirror candidates + static IPFS fallback) and returns the discovered URLs as +// Origin strings. Best-effort: any failure logs a warning and returns an empty +// slice; the static defaultCORSAllowedOrigins in validate.go covers the known +// mirrors (.com / .to / built-in onion) so the daemon still accepts the +// official surfaces when this call fails. +// +// Bounded to a short timeout so a slow /api/mirrors response can't delay +// daemon startup — every second here is a second the user can't play. +func mirrorCORSOrigins(parent context.Context, cfg config.Config, userAgent string) []string { + ctx, cancel := context.WithTimeout(parent, 10*time.Second) + defer cancel() + + candidates := append([]string{cfg.Auth.APIURL}, cfg.Auth.Mirrors...) + resp, err := agent.FetchMirrorsWithFallback(ctx, candidates, userAgent) + if err != nil { + log.Printf("[cors] mirror discovery failed (%v) — using static allowlist only", err) + return nil + } + + seen := make(map[string]struct{}) + out := make([]string, 0, len(resp.Mirrors)) + add := func(rawURL string) { + if rawURL == "" { + return + } + origin := strings.TrimRight(rawURL, "/") + if _, dup := seen[origin]; dup { + return + } + seen[origin] = struct{}{} + out = append(out, origin) + } + for _, m := range resp.Mirrors { + add(m.URL) + } + if resp.Tor != nil { + add(resp.Tor.URL) + } + if len(out) > 0 { + log.Printf("[cors] merged %d mirror origins from /api/mirrors", len(out)) + } + return out +} + +// watchSessionReady polls HLSSession.ReadyCount until the first segment + +// init.mp4 are on disk, then POSTs /api/internal/agent/session-ready so +// the web side flips streaming_session.ready_at — which its SSE endpoint +// pushes to subscribed players. Cache-HIT sessions are ready the moment +// StartHLSSession returns and POST immediately. +// +// Bounded by a 60 s deadline so a permanently stuck encoder doesn't keep +// a goroutine alive forever; if seg-0 never lands the player falls back +// to its existing HEAD-probe retry path anyway. +func watchSessionReady(ctx context.Context, client *agent.Client, hsess *engine.HLSSession, sessionID string) { + deadline := time.Now().Add(60 * time.Second) + ticker := time.NewTicker(200 * time.Millisecond) + defer ticker.Stop() + for { + // Session torn down through a path that didn't cancel ctx (registry + // replace, idle sweep, internal kill). Bail before polling further — + // without this check the watcher could keep alive for up to 60 s on + // a dead HLSSession that's never going to become ready. + if hsess.IsClosed() { + return + } + // Cache HIT or seg-0 ready → notify + done. + if hsess.FromCache() || hsess.ReadyCount() >= 1 { + // Parent ctx so a session cancel mid-POST (user closed tab, + // daemon shutdown) tears down the in-flight webhook instead of + // blocking the goroutine for up to 10 s on a now-orphan call. + rctx, cancel := context.WithTimeout(ctx, 10*time.Second) + if err := client.MarkSessionReady(rctx, sessionID); err != nil { + log.Printf("[hls %s] mark-ready failed: %v", agent.ShortID(sessionID), err) + } + cancel() + return + } + select { + case <-ctx.Done(): + return + case <-ticker.C: + } + if time.Now().After(deadline) { + log.Printf("[hls %s] mark-ready: timeout waiting for seg-0", agent.ShortID(sessionID)) + return + } + } +} diff --git a/internal/cmd/daemon_control.go b/internal/cmd/daemon_control.go index 558fb26..4ac4d10 100644 --- a/internal/cmd/daemon_control.go +++ b/internal/cmd/daemon_control.go @@ -1,6 +1,7 @@ package cmd import ( + "errors" "fmt" "os" "os/exec" @@ -262,9 +263,12 @@ func runDaemonReload() error { // stopDaemonByPID reads the state file and sends a graceful stop to the daemon PID. // Used as fallback on platforms without a service manager (and as Windows implementation). func stopDaemonByPID() error { - state := agent.ReadState() - if state == nil { - return fmt.Errorf("daemon does not appear to be running (state file not found)") + state, err := agent.LoadState() + if err != nil { + if errors.Is(err, agent.ErrDaemonNotRunning) { + return err + } + return fmt.Errorf("read daemon state: %w", err) } return killPID(state.PID) } diff --git a/internal/cmd/download.go b/internal/cmd/download.go index 5189166..bd5ceab 100644 --- a/internal/cmd/download.go +++ b/internal/cmd/download.go @@ -114,9 +114,6 @@ func runDownloadWithDeps(input, method string, deps downloadDeps) error { StallTimeout: 10 * time.Minute, MaxTimeout: 0, // unlimited SeedEnabled: false, - WebRTCEnabled: cfg.Download.WebRTC.Enabled, - WebRTCTrackers: cfg.Download.WebRTC.Trackers, - ICEServers: engine.BuildICEServers(cfg.Download.WebRTC), }) if err != nil { return fmt.Errorf("create downloader: %w", err) diff --git a/internal/cmd/funnel.go b/internal/cmd/funnel.go new file mode 100644 index 0000000..5ce793d --- /dev/null +++ b/internal/cmd/funnel.go @@ -0,0 +1,165 @@ +package cmd + +import ( + "fmt" + + "github.com/fatih/color" + "github.com/spf13/cobra" + "github.com/torrentclaw/unarr/internal/agent" + "github.com/torrentclaw/unarr/internal/config" +) + +func newFunnelCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "funnel", + Short: "Expose the daemon over a public HTTPS hostname via CloudFlare Quick Tunnel", + Long: `Turn the CloudFlare Quick Tunnel on/off and check its status. + +When on, the daemon spawns cloudflared as a child process and registers a +` + "`https://.trycloudflare.com`" + ` hostname tunnelled to its local +HLS server. The torrentclaw.com / torrentclaw.to web player picks the tunnel +URL first so cross-network playback works from any browser without Tailscale +or port forwarding. + +Trade-offs: + • Bytes proxy through CloudFlare. We don't relay; CF does. Preserves the + TorrentClaw legal posture but means CF sees your traffic shape. + • Quick Tunnels are anonymous — no CF account required. + • Hostname is random per session and rotates roughly every 6 h. + +Requires the cloudflared binary on PATH. Install: + Linux : https://pkg.cloudflare.com (apt) or download from + https://github.com/cloudflare/cloudflared/releases + macOS : brew install cloudflared + Windows: winget install --id Cloudflare.cloudflared`, + Example: ` unarr funnel status # is the tunnel up? what's the URL? + unarr funnel on # turn it on + unarr funnel off # turn it off`, + RunE: func(cmd *cobra.Command, args []string) error { + return cmd.Help() + }, + } + cmd.AddCommand(newFunnelStatusCmd(), newFunnelOnCmd(), newFunnelOffCmd()) + return cmd +} + +func newFunnelStatusCmd() *cobra.Command { + return &cobra.Command{ + Use: "status", + Short: "Show CloudFlare tunnel configuration + live URL", + Example: " unarr funnel status", + RunE: func(cmd *cobra.Command, args []string) error { + return runFunnelStatus() + }, + } +} + +func runFunnelStatus() error { + bold := color.New(color.Bold) + dim := color.New(color.FgHiBlack) + green := color.New(color.FgGreen) + yellow := color.New(color.FgYellow) + cyan := color.New(color.FgCyan) + + cfg := loadConfig() + + fmt.Println() + bold.Println(" CloudFlare Quick Tunnel") + fmt.Println() + + if !cfg.Download.Funnel.Enabled { + dim.Println(" Mode: off") + fmt.Println() + dim.Println(" Enable with `unarr funnel on` to give the daemon a public HTTPS URL") + dim.Println(" so cross-network browser playback works without Tailscale.") + fmt.Println() + return nil + } + cyan.Println(" Mode: on") + + state := agent.ReadState() + alive := state != nil && isDaemonAlive(state) + fmt.Println() + switch { + case alive && state.FunnelURL != "": + green.Println(" ✓ Tunnel ACTIVE") + fmt.Printf(" URL: %s\n", state.FunnelURL) + fmt.Println() + dim.Println(" This URL rotates roughly every 6 h. The web player picks it up") + dim.Println(" automatically — no action needed on your side.") + case alive: + yellow.Println(" ⚠ Daemon is running but the tunnel hasn't registered yet.") + dim.Println(" Check `unarr daemon logs` for a [funnel] line. Common cause:") + dim.Println(" cloudflared isn't installed on PATH.") + default: + dim.Println(" Daemon not running — start it (`unarr start`) to bring the tunnel up.") + } + fmt.Println() + return nil +} + +func newFunnelOnCmd() *cobra.Command { + return &cobra.Command{ + Use: "on", + Short: "Turn the CloudFlare tunnel on", + Example: " unarr funnel on", + RunE: func(cmd *cobra.Command, args []string) error { + return setFunnelEnabled(true) + }, + } +} + +func newFunnelOffCmd() *cobra.Command { + return &cobra.Command{ + Use: "off", + Short: "Turn the CloudFlare tunnel off", + Example: " unarr funnel off", + RunE: func(cmd *cobra.Command, args []string) error { + return setFunnelEnabled(false) + }, + } +} + +func setFunnelEnabled(enabled bool) error { + green := color.New(color.FgGreen) + dim := color.New(color.FgHiBlack) + + cfg := loadConfig() + if cfg.Download.Funnel.Enabled == enabled { + fmt.Println() + dim.Printf(" Tunnel is already %s — nothing to do.\n", onOffWord(enabled)) + fmt.Println() + return nil + } + + cfg.Download.Funnel.Enabled = enabled + + configPath := config.FilePath() + if cfgFile != "" { + configPath = cfgFile + } + if err := config.Save(cfg, configPath); err != nil { + return fmt.Errorf("save config: %w", err) + } + appCfg = cfg + + fmt.Println() + green.Printf(" ✓ CloudFlare tunnel %s.\n", onOffWord(enabled)) + + // Subprocess is launched/torn down by the daemon at startup; a plain config + // reload does not bring it up. Prompt for a restart when the daemon is alive. + if state := agent.ReadState(); state != nil && isDaemonAlive(state) { + fmt.Println() + dim.Println(" The daemon is running. Restart it for this to take effect:") + dim.Println(" unarr daemon restart") + } + fmt.Println() + return nil +} + +func onOffWord(enabled bool) string { + if enabled { + return "on" + } + return "off" +} diff --git a/internal/cmd/webrtc_session_registry.go b/internal/cmd/player_session_registry.go similarity index 51% rename from internal/cmd/webrtc_session_registry.go rename to internal/cmd/player_session_registry.go index a1bf37a..bb3743b 100644 --- a/internal/cmd/webrtc_session_registry.go +++ b/internal/cmd/player_session_registry.go @@ -2,7 +2,6 @@ package cmd import ( "context" - "log" "sync" "github.com/torrentclaw/unarr/internal/config" @@ -10,66 +9,57 @@ import ( "github.com/torrentclaw/unarr/internal/library/mediainfo" ) -// webrtcRegistry tracks per-session cancel funcs for active custom WebRTC -// streams (engine.RunWebRTCStream goroutines). Each session lives only as -// long as its DataChannel; the registry exists so duplicate sync responses -// don't double-spawn the same session and so daemon shutdown can drain. -var webrtcRegistry = &webrtcSessionRegistry{ +// playerSessionRegistry tracks per-session cancel funcs for active in-browser +// HLS streaming sessions. Each session lives only as long as its ffmpeg +// process; the registry exists so duplicate sync responses don't double-spawn +// the same session and so daemon shutdown can drain. +var playerSessionRegistry = &playerSessionRegistryT{ cancels: make(map[string]context.CancelFunc), } -type webrtcSessionRegistry struct { +type playerSessionRegistryT struct { mu sync.Mutex cancels map[string]context.CancelFunc } -func (r *webrtcSessionRegistry) has(sessionID string) bool { +func (r *playerSessionRegistryT) has(sessionID string) bool { r.mu.Lock() defer r.mu.Unlock() _, ok := r.cancels[sessionID] return ok } -func (r *webrtcSessionRegistry) add(sessionID string, cancel context.CancelFunc) { +func (r *playerSessionRegistryT) add(sessionID string, cancel context.CancelFunc) { r.mu.Lock() defer r.mu.Unlock() r.cancels[sessionID] = cancel } -func (r *webrtcSessionRegistry) remove(sessionID string) { +func (r *playerSessionRegistryT) remove(sessionID string) { r.mu.Lock() defer r.mu.Unlock() delete(r.cancels, sessionID) } -// cancelAllWebRTCSessions cancels every running session. Called on daemon -// shutdown so pion peers and SSE consumers exit cleanly. -func cancelAllWebRTCSessions() { - webrtcRegistry.mu.Lock() - cancels := make([]context.CancelFunc, 0, len(webrtcRegistry.cancels)) - for _, c := range webrtcRegistry.cancels { +// cancelAllPlayerSessions cancels every running session. Called on daemon +// shutdown so the ffmpeg children and SSE consumers exit cleanly. +func cancelAllPlayerSessions() { + playerSessionRegistry.mu.Lock() + cancels := make([]context.CancelFunc, 0, len(playerSessionRegistry.cancels)) + for _, c := range playerSessionRegistry.cancels { cancels = append(cancels, c) } - webrtcRegistry.cancels = make(map[string]context.CancelFunc) - webrtcRegistry.mu.Unlock() + playerSessionRegistry.cancels = make(map[string]context.CancelFunc) + playerSessionRegistry.mu.Unlock() for _, c := range cancels { c() } } -// stdLogger is a tiny adapter so engine.RunWebRTCStream can log through the -// standard library logger without pulling in a logging dependency. -type stdLogger struct{} - -func (stdLogger) Infof(format string, args ...any) { log.Printf(format, args...) } -func (stdLogger) Warnf(format string, args ...any) { log.Printf("WARN: "+format, args...) } -func (stdLogger) Errorf(format string, args ...any) { log.Printf("ERROR: "+format, args...) } - // buildTranscodeRuntime resolves the ffmpeg/ffprobe binaries + config knobs -// for the WebRTC streaming pipeline. Failure to resolve a binary returns a -// runtime with empty paths so engine.RunWebRTCStream falls back to -// passthrough — the user gets a clearer codec error from the browser than a -// daemon-side abort. +// for the HLS streaming pipeline. Failure to resolve a binary returns a +// runtime with empty paths so the caller can short-circuit instead of +// launching a transcoder that will immediately fail. func buildTranscodeRuntime(ctx context.Context, cfg config.Config) engine.TranscodeRuntime { if !cfg.Download.Transcode.Enabled { return engine.TranscodeRuntime{Disabled: true} diff --git a/internal/cmd/probe_hwaccel.go b/internal/cmd/probe_hwaccel.go index f7ed1c1..609a443 100644 --- a/internal/cmd/probe_hwaccel.go +++ b/internal/cmd/probe_hwaccel.go @@ -15,7 +15,7 @@ import ( ) // newProbeHWAccelCmd reports the hardware-acceleration capabilities the daemon -// would actually use for HLS/WebRTC transcoding. The motivation: a beefy host +// would actually use for HLS transcoding. The motivation: a beefy host // (e.g. RTX 3090) can still fall back to software encoding when the installed // ffmpeg binary was built without nvenc/qsv/vaapi support — Homebrew ffmpeg // is a common offender. Without this command, users see slow / failing 4K diff --git a/internal/cmd/reload_unix.go b/internal/cmd/reload_unix.go index 056112f..34d8e4d 100644 --- a/internal/cmd/reload_unix.go +++ b/internal/cmd/reload_unix.go @@ -3,6 +3,7 @@ package cmd import ( + "errors" "fmt" "log" "os" @@ -43,9 +44,12 @@ func startReloadWatcher(rc *ReloadableConfig) { // sendReloadSignal sends SIGUSR1 to the running daemon process. func sendReloadSignal() error { - state := agent.ReadState() - if state == nil { - return fmt.Errorf("daemon does not appear to be running (state file not found)") + state, err := agent.LoadState() + if err != nil { + if errors.Is(err, agent.ErrDaemonNotRunning) { + return err + } + return fmt.Errorf("read daemon state: %w", err) } p, err := os.FindProcess(state.PID) if err != nil { diff --git a/internal/cmd/root.go b/internal/cmd/root.go index 2217340..375d8e9 100644 --- a/internal/cmd/root.go +++ b/internal/cmd/root.go @@ -25,16 +25,20 @@ var ( func init() { rootCmd = &cobra.Command{ - Use: "unarr", - Short: "unarr — torrent search and management", - Long: `unarr is a powerful terminal tool for torrent search and management. - -Search 30+ torrent sources, inspect torrent quality, discover popular content, -find streaming providers, and manage your media collection — all from your terminal. + Use: "unarr", + Version: Version, + Short: "Terminal torrent + debrid + usenet client — download, stream, transcode", + Long: `unarr is a terminal-native client that downloads torrents, debrid links, +and usenet (NZB) — all from the same binary. It streams content straight +to mpv/vlc with sequential piece prioritization, transcodes on the fly via +ffmpeg with hardware acceleration (NVENC, QSV, VA-API, VideoToolbox), and +organizes your library into Movies/TV folders. Run it one-shot or as a +long-running daemon with a built-in WireGuard split-tunnel and remote +playback over Cloudflare Funnel. Get started: unarr init First-time configuration wizard - unarr search "breaking bad" Search for content + unarr download Grab a torrent one-shot unarr start Start the download daemon Documentation: https://torrentclaw.com/cli @@ -55,7 +59,7 @@ Source: https://github.com/torrentclaw/unarr`, // Command groups for organized help output rootCmd.AddGroup( &cobra.Group{ID: "start", Title: "Getting Started:"}, - &cobra.Group{ID: "search", Title: "Search & Discovery:"}, + &cobra.Group{ID: "search", Title: "Catalog & Discovery:"}, &cobra.Group{ID: "download", Title: "Downloads & Streaming:"}, &cobra.Group{ID: "daemon", Title: "Daemon Management:"}, &cobra.Group{ID: "system", Title: "System & Diagnostics:"}, @@ -103,6 +107,10 @@ Source: https://github.com/torrentclaw/unarr`, statusCmd.GroupID = "daemon" daemonCmd := newDaemonCmd() daemonCmd.GroupID = "daemon" + vpnCmd := newVPNCmd() + vpnCmd.GroupID = "daemon" + funnelCmd := newFunnelCmd() + funnelCmd.GroupID = "daemon" // System & Diagnostics statsCmd := newStatsCmd() @@ -146,6 +154,8 @@ Source: https://github.com/torrentclaw/unarr`, stopCmd, statusCmd, daemonCmd, + vpnCmd, + funnelCmd, // System & Diagnostics statsCmd, doctorCmd, diff --git a/internal/cmd/scan.go b/internal/cmd/scan.go index df66a18..d05ae29 100644 --- a/internal/cmd/scan.go +++ b/internal/cmd/scan.go @@ -241,7 +241,7 @@ func printScanSummary(cache *library.LibraryCache) { continue } - res := library.ResolveResolution(item.MediaInfo.Video.Height) + res := library.ResolveResolution(item.MediaInfo.Video.Width, item.MediaInfo.Video.Height) if res == "" { res = "other" } diff --git a/internal/cmd/seed_file_handler.go b/internal/cmd/seed_file_handler.go deleted file mode 100644 index fe2438a..0000000 --- a/internal/cmd/seed_file_handler.go +++ /dev/null @@ -1,65 +0,0 @@ -package cmd - -import ( - "context" - "log" - "time" - - "github.com/torrentclaw/unarr/internal/agent" - "github.com/torrentclaw/unarr/internal/engine" -) - -// handleSeedFileTask wraps an arbitrary on-disk file as a single-file -// torrent and adds it to the existing torrent client so the WebRTC -// peer can serve pieces to a browser. Reports the generated info_hash -// back to the server so the web player can target /stream/. -// -// Runs in its own goroutine; never blocks the claim batch. -func handleSeedFileTask(t agent.Task, dl *engine.TorrentDownloader, client *agent.Client) { - short := agent.ShortID(t.ID) - - if t.FilePath == "" { - log.Printf("[%s] seed_file: missing filePath, marking failed", short) - reportSeedFileFailed(client, t.ID, "Missing filePath") - return - } - - log.Printf("[%s] seed_file: building torrent from %s", short, t.FilePath) - hash, err := engine.SeedFileOnDownloader(dl, t.FilePath) - if err != nil { - log.Printf("[%s] seed_file: %v", short, err) - reportSeedFileFailed(client, t.ID, err.Error()) - return - } - - infoHash := hash.HexString() - log.Printf("[%s] seed_file: seeding ih=%s", short, infoHash) - - // Push the info_hash + downloading status (file is on disk; from the - // client's perspective it's already complete). The web side polls - // /api/internal/stream/seed-file/ waiting for this update. - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) - defer cancel() - _, reportErr := client.ReportStatus(ctx, agent.StatusUpdate{ - TaskID: t.ID, - Status: "downloading", // semantic: actively serving - InfoHash: infoHash, - FilePath: t.FilePath, - }) - if reportErr != nil { - log.Printf("[%s] seed_file: failed to push info_hash: %v", short, reportErr) - } -} - -func reportSeedFileFailed(client *agent.Client, taskID, msg string) { - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() - _, err := client.ReportStatus(ctx, agent.StatusUpdate{ - TaskID: taskID, - Status: "failed", - ErrorMessage: msg, - }) - if err != nil { - log.Printf("[%s] seed_file: report-failed itself failed: %v", agent.ShortID(taskID), err) - } -} diff --git a/internal/cmd/version.go b/internal/cmd/version.go index 9753ec4..194e3c0 100644 --- a/internal/cmd/version.go +++ b/internal/cmd/version.go @@ -1,4 +1,4 @@ package cmd // Version is the CLI version. Overridden by goreleaser ldflags at release time. -var Version = "0.9.0" +var Version = "0.9.15" diff --git a/internal/cmd/vpn.go b/internal/cmd/vpn.go new file mode 100644 index 0000000..fb11532 --- /dev/null +++ b/internal/cmd/vpn.go @@ -0,0 +1,213 @@ +package cmd + +import ( + "context" + "fmt" + "net" + "time" + + "github.com/fatih/color" + "github.com/spf13/cobra" + "github.com/torrentclaw/unarr/internal/agent" + "github.com/torrentclaw/unarr/internal/config" + "github.com/torrentclaw/unarr/internal/vpn" +) + +func newVPNCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "vpn", + Short: "Manage the managed-VPN split-tunnel for downloads", + Long: `Enable, disable, and inspect the managed VPN. + +When enabled, the daemon fetches a WireGuard config from your TorrentClaw account +at startup and routes ONLY the torrent client's traffic (peers + trackers) through +an in-process WireGuard tunnel — no root, no OS routing changes. + +This is split-tunnel: your browser and other apps keep using your real IP. Only +your downloads are hidden behind the VPN server. + +The VPN requires a PRO+ plan with the VPN add-on. Set it up at +https://torrentclaw.com/vpn and configure your other devices (phone, laptop) with +the OpenVPN credentials from your profile — those don't share the agent's tunnel.`, + Example: ` unarr vpn status # is the tunnel up? which server? + unarr vpn enable # turn the managed VPN on + unarr vpn disable # turn it off`, + RunE: func(cmd *cobra.Command, args []string) error { + return cmd.Help() + }, + } + cmd.AddCommand(newVPNStatusCmd(), newVPNEnableCmd(), newVPNDisableCmd()) + return cmd +} + +func newVPNStatusCmd() *cobra.Command { + var check bool + cmd := &cobra.Command{ + Use: "status", + Short: "Show VPN configuration and live tunnel state", + Example: " unarr vpn status\n unarr vpn status --check # also verify your account is provisioned", + RunE: func(cmd *cobra.Command, args []string) error { + return runVPNStatus(check) + }, + } + cmd.Flags().BoolVar(&check, "check", false, "query the API to verify the VPN is provisioned on your account") + return cmd +} + +func runVPNStatus(check bool) error { + bold := color.New(color.Bold) + dim := color.New(color.FgHiBlack) + green := color.New(color.FgGreen) + yellow := color.New(color.FgYellow) + cyan := color.New(color.FgCyan) + + cfg := loadConfig() + + fmt.Println() + bold.Println(" Managed VPN") + fmt.Println() + + // ── Configured mode ── + switch { + case cfg.Download.VPN.ConfigFile != "": + cyan.Println(" Mode: self-hosted (local config_file)") + fmt.Printf(" Config: %s\n", cfg.Download.VPN.ConfigFile) + case cfg.Download.VPN.Enabled: + cyan.Println(" Mode: managed (config fetched from your account)") + default: + dim.Println(" Mode: off") + fmt.Println() + dim.Println(" Enable with `unarr vpn enable` (needs a PRO+ plan with the VPN add-on).") + fmt.Println() + return nil + } + + // ── Live tunnel state (from the daemon state file) ── + state := agent.ReadState() + alive := state != nil && isDaemonAlive(state) + fmt.Println() + switch { + case alive && state.VPNActive: + server := state.VPNServer + if host, _, err := net.SplitHostPort(server); err == nil && host != "" { + server = host + } + green.Println(" ✓ Tunnel ACTIVE — torrent traffic is routed through the VPN") + if server != "" { + fmt.Printf(" Exit server: %s\n", server) + } + case alive: + yellow.Println(" ⚠ Daemon is running but the tunnel is NOT up — downloads go in the clear.") + dim.Println(" Check `unarr daemon logs` for a [vpn] line. Common cause: no active") + dim.Println(" VPN on your account (set it up at https://torrentclaw.com/vpn).") + default: + dim.Println(" Daemon not running — start it (`unarr start`) to bring the tunnel up.") + } + + // ── Optional live provisioning check ── + if check { + fmt.Println() + if cfg.Auth.APIKey == "" { + yellow.Println(" ⚠ No API key — run `unarr init` first.") + } else { + apiURL := cfg.Auth.APIURL + if apiURL == "" { + apiURL = "https://torrentclaw.com" + } + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + _, err := vpn.FetchConfig(ctx, apiURL, cfg.Auth.APIKey, "unarr/"+Version, cfg.Agent.ID, true) + cancel() + switch { + case err == nil: + green.Println(" ✓ Account provisioned — a VPN config is available.") + default: + yellow.Printf(" ⚠ %s\n", err) + } + } + } + + // ── Split-tunnel reminder ── + fmt.Println() + dim.Println(" Split-tunnel: only your downloads use the VPN. Your browser and other") + dim.Println(" apps keep your real IP — that's by design. Use the OpenVPN credentials in") + dim.Println(" your profile to protect your other devices.") + fmt.Println() + return nil +} + +func newVPNEnableCmd() *cobra.Command { + return &cobra.Command{ + Use: "enable", + Short: "Turn the managed VPN on", + Example: " unarr vpn enable", + RunE: func(cmd *cobra.Command, args []string) error { + return setVPNEnabled(true) + }, + } +} + +func newVPNDisableCmd() *cobra.Command { + return &cobra.Command{ + Use: "disable", + Short: "Turn the managed VPN off", + Example: " unarr vpn disable", + RunE: func(cmd *cobra.Command, args []string) error { + return setVPNEnabled(false) + }, + } +} + +func setVPNEnabled(enabled bool) error { + green := color.New(color.FgGreen) + yellow := color.New(color.FgYellow) + dim := color.New(color.FgHiBlack) + + cfg := loadConfig() + + if enabled && cfg.Auth.APIKey == "" { + return fmt.Errorf("no API key configured — run `unarr init` first (the managed VPN fetches its config from your account)") + } + + if cfg.Download.VPN.Enabled == enabled { + fmt.Println() + dim.Printf(" VPN is already %s — nothing to do.\n", enabledWord(enabled)) + fmt.Println() + return nil + } + + cfg.Download.VPN.Enabled = enabled + + configPath := config.FilePath() + if cfgFile != "" { + configPath = cfgFile + } + if err := config.Save(cfg, configPath); err != nil { + return fmt.Errorf("save config: %w", err) + } + appCfg = cfg + + fmt.Println() + green.Printf(" ✓ Managed VPN %s.\n", enabledWord(enabled)) + + if enabled && cfg.Download.VPN.ConfigFile != "" { + yellow.Println(" ⚠ A config_file is set, so self-hosted mode takes precedence and the") + yellow.Println(" managed config from your account is ignored. Clear config_file to use it.") + } + + // The tunnel is brought up once at daemon startup; a plain config reload does + // NOT (re)create it. Tell the user to restart the daemon if it's running. + if state := agent.ReadState(); state != nil && isDaemonAlive(state) { + fmt.Println() + dim.Println(" The daemon is running. Restart it for this to take effect:") + dim.Println(" unarr daemon restart") + } + fmt.Println() + return nil +} + +func enabledWord(enabled bool) string { + if enabled { + return "enabled" + } + return "disabled" +} diff --git a/internal/config/config.go b/internal/config/config.go index 9f46b53..dd406a6 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -51,9 +51,30 @@ type DownloadConfig struct { StreamPort int `toml:"stream_port"` // fixed port for streaming HTTP server (default: 11818) EnableUPnP bool `toml:"enable_upnp"` // map StreamPort to the WAN via UPnP/NAT-PMP (default: false; opt-in because it exposes the unauthenticated /stream + /hls endpoints to the public internet) CORSExtraOrigins []string `toml:"cors_extra_origins"` // extra browser origins added on top of the baked-in allowlist (torrentclaw.com, app.torrentclaw.com, localhost:3030) - WebRTC WebRTCConfig `toml:"webrtc"` Transcode TranscodeConfig `toml:"transcode"` + HLSCache HLSCacheConfig `toml:"hls_cache"` VPN VPNConfig `toml:"vpn"` + Funnel FunnelConfig `toml:"funnel"` +} + +// HLSCacheConfig controls the persistent HLS segment cache. A completed encode +// is kept on disk so a second play of the same file at the same quality skips +// ffmpeg entirely. Old entries are evicted (LRU) once the cache exceeds the +// size budget. Enabled by default — disable to save disk space at the cost of +// re-encoding every play. +type HLSCacheConfig struct { + Enabled bool `toml:"enabled"` // default: true + SizeGB int `toml:"size_gb"` // size budget in gigabytes; default: 5; minimum: 1 + Dir string `toml:"dir"` // override storage path; default: ~/.cache/unarr/hls-cache +} + +// FunnelConfig gates the optional CloudFlare Quick Tunnel that exposes the +// daemon's HLS server over a public HTTPS hostname (https://.try +// cloudflare.com). Enabling it lets the web player on torrentclaw.com play +// from this daemon across any network without Tailscale or a public IP — +// the cost is that bytes proxy through CloudFlare's network. Off by default. +type FunnelConfig struct { + Enabled bool `toml:"enabled"` } // VPNConfig gates the managed-VPN add-on split-tunnel. When enabled, the daemon @@ -75,28 +96,33 @@ type VPNConfig struct { // Disabled by default; enabling requires ffmpeg + ffprobe on PATH (or // explicit paths via the library config). type TranscodeConfig struct { - Enabled bool `toml:"enabled"` // master switch - HWAccel string `toml:"hw_accel"` // "auto" | "none" | "nvenc" | "qsv" | "vaapi" | "videotoolbox" - Preset string `toml:"preset"` // libx264 preset; "veryfast" by default + Enabled bool `toml:"enabled"` // master switch + HWAccel string `toml:"hw_accel"` // "auto" | "none" | "nvenc" | "qsv" | "vaapi" | "videotoolbox" + // Preset is the encoder speed/quality dial. Only used on software encode + // (libx264) — HW backends (NVENC/QSV/VAAPI/VideoToolbox) use vendor + // presets that don't share libx264's vocabulary and would be rejected + // by ffmpeg if passed here. + // + // Empty (default) → engine picks "superfast" — latency-biased, ~3 s + // first-play on 1080p source on a modern x86 CPU. Marginal quality loss + // at 5-25 Mbps target bitrates. + // + // For better quality at slower first-play (1-2 s slower per seg): + // "veryfast" — previous default; balanced + // "faster" — slight quality bump + // "fast" — meaningful quality bump + // "medium" — libx264 stock default; CPU-bound on 4K + // "slow" / "slower" / "veryslow" — only for batch encodes, not real-time HLS + // + // Or faster: + // "ultrafast" — lowest quality, fastest encode + Preset string `toml:"preset"` VideoBitrate string `toml:"video_bitrate"` // e.g. "5M" AudioBitrate string `toml:"audio_bitrate"` // e.g. "192k" MaxHeight int `toml:"max_height"` // optional downscale cap (e.g. 720) MaxConcurrent int `toml:"max_concurrent"` // safety cap on simultaneous transcoder processes } -// WebRTCConfig opts the daemon into acting as a WebTorrent peer so browsers -// can fetch pieces via WebRTC data channels — required by the in-browser -// player on torrentclaw.com. Disabled by default; enabling implies upload -// is allowed for active torrents (browsers can't download otherwise). -type WebRTCConfig struct { - Enabled bool `toml:"enabled"` // master switch - Trackers []string `toml:"trackers"` // wss:// signaling trackers - STUNServers []string `toml:"stun_servers"` // stun:host:port - TURNServers []string `toml:"turn_servers"` // turn:host:port (no auth) — see TURNCredentials for authed - TURNUser string `toml:"turn_user"` // optional, applied to all TURNServers - TURNPass string `toml:"turn_pass"` // optional -} - type OrganizeConfig struct { Enabled bool `toml:"enabled"` MoviesDir string `toml:"movies_dir"` @@ -105,8 +131,27 @@ type OrganizeConfig struct { type DaemonConfig struct { StatusInterval string `toml:"status_interval"` + // AutoUpgrade gates the daemon's response to a server-flagged upgrade + // (set via the "Force update" button on the web). When true the daemon + // downloads + replaces the binary in-place and exits so the service + // supervisor respawns on the new version. When false the daemon only + // logs "new version available" and the operator must run `unarr update` + // manually. Default: true. Available since unarr 0.9.6. + AutoUpgrade *bool `toml:"auto_upgrade"` } +// AutoUpgradeEnabled returns the resolved AutoUpgrade flag — defaults to true +// when the user has not set it explicitly. Pointer-vs-bool because Go's +// zero-value bool would collapse "unset" and "false" together. +func (d DaemonConfig) AutoUpgradeEnabled() bool { + if d.AutoUpgrade == nil { + return true + } + return *d.AutoUpgrade +} + +func boolPtr(v bool) *bool { return &v } + type NotificationsConfig struct { Enabled bool `toml:"enabled"` } @@ -121,7 +166,7 @@ type LibraryConfig struct { ScanPath string `toml:"scan_path"` // remembered from last scan Workers int `toml:"workers"` // concurrent ffprobe (default 8) FFprobePath string `toml:"ffprobe_path"` // optional explicit path - FFmpegPath string `toml:"ffmpeg_path"` // optional explicit path (used by WebRTC streaming transcoder) + FFmpegPath string `toml:"ffmpeg_path"` // optional explicit path (used by the HLS streaming transcoder) BackupDir string `toml:"backup_dir"` // for replaced files AutoScan bool `toml:"auto_scan"` // enable daily auto-scan in daemon (default true) ScanInterval string `toml:"scan_interval"` // e.g. "24h", "12h", "6h" (default "24h") @@ -146,23 +191,41 @@ func Default() Config { PreferredMethod: "auto", MaxConcurrent: 3, StreamPort: 11818, - WebRTC: WebRTCConfig{ - Enabled: true, - Trackers: []string{"wss://tracker.torrentclaw.com"}, - STUNServers: []string{"stun:stun.l.google.com:19302", "stun:stun1.l.google.com:19302"}, - }, Transcode: TranscodeConfig{ Enabled: true, HWAccel: "auto", - Preset: "veryfast", + // Empty preset → engine.ResolveEncoderProfile picks the + // latency-biased default ("superfast" on libx264). Override + // in config.toml when quality > first-start latency matters. + Preset: "", AudioBitrate: "192k", MaxConcurrent: 2, }, + Funnel: FunnelConfig{ + // On by default so headless installs (NAS / Docker) get cross-network + // HTTPS playback without anyone having to terminal in. Users who + // don't want bytes proxied through CloudFlare can opt out with + // `unarr funnel off` (sets enabled=false in the TOML). + Enabled: true, + }, + HLSCache: HLSCacheConfig{ + // On by default — second play of a recently watched file at the + // same quality skips ffmpeg (instant start, near-zero CPU). + // Users can opt out (hls_cache.enabled=false) or shrink the + // budget (hls_cache.size_gb) when disk is tight. + Enabled: true, + SizeGB: 5, + }, + }, + Daemon: DaemonConfig{ + // Pointer-to-true so Default() round-trips through TOML marshal + // as `auto_upgrade = true` instead of an omitted key — keeps the + // freshly-written config aligned with what README documents. + AutoUpgrade: boolPtr(true), }, Organize: OrganizeConfig{ Enabled: true, }, - Daemon: DaemonConfig{}, Notifications: NotificationsConfig{ Enabled: true, }, @@ -231,19 +294,6 @@ func applyDefaults(cfg *Config, meta toml.MetaData) { cfg.General.Country = "US" } - if !meta.IsDefined("downloads", "webrtc", "enabled") { - cfg.Download.WebRTC.Enabled = true - } - if !meta.IsDefined("downloads", "webrtc", "trackers") { - cfg.Download.WebRTC.Trackers = []string{"wss://tracker.torrentclaw.com"} - } - if !meta.IsDefined("downloads", "webrtc", "stun_servers") { - cfg.Download.WebRTC.STUNServers = []string{ - "stun:stun.l.google.com:19302", - "stun:stun1.l.google.com:19302", - } - } - if !meta.IsDefined("downloads", "transcode", "enabled") { cfg.Download.Transcode.Enabled = true } @@ -251,7 +301,12 @@ func applyDefaults(cfg *Config, meta toml.MetaData) { cfg.Download.Transcode.HWAccel = "auto" } if !meta.IsDefined("downloads", "transcode", "preset") { - cfg.Download.Transcode.Preset = "veryfast" + // Empty = let engine.ResolveEncoderProfile pick the latency-biased + // default ("superfast" on libx264). Users wanting better quality at + // slower first-play can override to "veryfast" / "fast" / "medium" in + // config.toml. Ignored when hw_accel picks NVENC/QSV/VAAPI/VideoToolbox + // (those have built-in vendor presets). + cfg.Download.Transcode.Preset = "" } if !meta.IsDefined("downloads", "transcode", "audio_bitrate") { cfg.Download.Transcode.AudioBitrate = "192k" @@ -259,6 +314,12 @@ func applyDefaults(cfg *Config, meta toml.MetaData) { if !meta.IsDefined("downloads", "transcode", "max_concurrent") { cfg.Download.Transcode.MaxConcurrent = 2 } + // NOTE: Funnel default-ON only applies to fresh installs (no config file → + // Default() returns Funnel.Enabled=true straight off). When an existing + // config file lacks `[downloads.funnel]` entirely we intentionally do NOT + // flip it on here — that would silently route an upgraded operator's + // traffic through CloudFlare without their consent. They opt in with + // `unarr funnel on` whenever they're ready. } // Save writes config to the default or specified path using atomic write. diff --git a/internal/config/config_test.go b/internal/config/config_test.go index 02fcdc4..c43599f 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -208,17 +208,6 @@ name = "Test" t.Fatalf("Load failed: %v", err) } - // WebRTC should be on by default for fresh installs. - if !cfg.Download.WebRTC.Enabled { - t.Error("WebRTC.Enabled should default to true when [downloads.webrtc] is absent") - } - if len(cfg.Download.WebRTC.Trackers) == 0 { - t.Error("WebRTC.Trackers should default to torrentclaw tracker when absent") - } - if len(cfg.Download.WebRTC.STUNServers) == 0 { - t.Error("WebRTC.STUNServers should default to public STUN list when absent") - } - // Transcode should be on by default. if !cfg.Download.Transcode.Enabled { t.Error("Transcode.Enabled should default to true when [downloads.transcode] is absent") @@ -226,8 +215,11 @@ name = "Test" if cfg.Download.Transcode.HWAccel != "auto" { t.Errorf("Transcode.HWAccel = %q, want auto", cfg.Download.Transcode.HWAccel) } - if cfg.Download.Transcode.Preset != "veryfast" { - t.Errorf("Transcode.Preset = %q, want veryfast", cfg.Download.Transcode.Preset) + if cfg.Download.Transcode.Preset != "" { + // Default is now empty — engine.ResolveEncoderProfile picks + // "superfast" on libx264 for first-start latency. Users + // wanting better quality override in config.toml. + t.Errorf("Transcode.Preset = %q, want empty", cfg.Download.Transcode.Preset) } if cfg.Download.Transcode.MaxConcurrent != 2 { t.Errorf("Transcode.MaxConcurrent = %d, want 2", cfg.Download.Transcode.MaxConcurrent) @@ -238,12 +230,9 @@ func TestLoadRespectsExplicitlyDisabledStreaming(t *testing.T) { tmp := t.TempDir() path := filepath.Join(tmp, "config.toml") - // User explicitly opted out of webrtc + transcode. Defaults must NOT - // override them — that would silently re-enable features the user disabled. - os.WriteFile(path, []byte(`[downloads.webrtc] -enabled = false - -[downloads.transcode] + // User explicitly opted out of transcode. Defaults must NOT override + // it — that would silently re-enable a feature the user disabled. + os.WriteFile(path, []byte(`[downloads.transcode] enabled = false `), 0o644) @@ -252,9 +241,6 @@ enabled = false t.Fatalf("Load failed: %v", err) } - if cfg.Download.WebRTC.Enabled { - t.Error("WebRTC.Enabled = true, want false (user explicitly disabled)") - } if cfg.Download.Transcode.Enabled { t.Error("Transcode.Enabled = true, want false (user explicitly disabled)") } diff --git a/internal/engine/hls.go b/internal/engine/hls.go index 03a9948..86219d5 100644 --- a/internal/engine/hls.go +++ b/internal/engine/hls.go @@ -3,9 +3,7 @@ // Browser ↔ daemon over plain HTTP (LAN / Tailscale / UPnP). The daemon runs // ffmpeg in `-f hls` mode, writing fragmented MP4 segments to a per-session // tmpdir. Master + media playlists are pre-rendered from the probed source -// duration so the player knows the full timeline before any segment exists, -// which fixes the seek/duration/pause/multi-track problems we hit with the -// raw fMP4-over-WebRTC pipeline. +// duration so the player knows the full timeline before any segment exists. // // One HLSSession == one browser playback. Sessions are registered in a // process-wide map keyed by session ID; the StreamServer routes @@ -34,10 +32,46 @@ import ( "time" ) -// hlsSegmentDuration is the target seconds per HLS fragment. Four seconds is -// the Plex/Apple default — short enough that seek granularity is acceptable, -// long enough that GOP overhead doesn't dominate. -const hlsSegmentDuration = 4 +// hlsSegmentDuration is the target seconds per HLS fragment. +// +// We use 2 seconds (not the more common 4-6 s). Trade-off: 2× more segments +// per source (a 2 h movie produces 3600 segments instead of 1800), but the +// player's first-frame wait drops to ~half — ffmpeg only needs to encode +// 2 s before seg-0 lands. For software encodes on 4K this is ~1 s instead +// of ~3 s of cold-cache wait. Well within HLS spec (Apple recommends 6 s, +// but 2-6 s is acceptable; Low-Latency HLS uses 1-2 s segments). +// +// Caveat for existing cached encodes: cache entries from 0.9.9 used 4 s +// segments. After this bump, VerifyComplete (which checks the highest +// expected segment index) returns false for those entries — they're +// invalidated + re-encoded with 2 s segments on next play. Self-healing. +const hlsSegmentDuration = 2 + +// segmentDurationFor returns the target duration (in whole seconds) for the +// segment at index idx. With uniform-duration segments this is always +// hlsSegmentDuration; the helper exists so a future short-first-segment +// variant can be slotted in here without touching every call site. +func segmentDurationFor(idx int) int { + return hlsSegmentDuration +} + +// segmentStartSec returns the wall-clock start time of segment idx. Used +// to compute the `-ss` flag when ffmpeg restarts at a mid-file segment. +func segmentStartSec(idx int) float64 { + if idx <= 0 { + return 0 + } + return float64(idx * hlsSegmentDuration) +} + +// segmentCountForDuration returns how many segments cover a source of the +// given duration. Always returns at least 1. +func segmentCountForDuration(dur float64) int { + if dur <= 0 { + return 1 + } + return int((dur + float64(hlsSegmentDuration) - 1) / float64(hlsSegmentDuration)) +} // hlsSessionTTL is how long a session can sit idle (no segment requests) // before the manager kills ffmpeg + cleans the tmpdir. @@ -102,6 +136,11 @@ type HLSSessionConfig struct { Quality string // "2160p"|"1080p"|"720p"|"480p"|"original"|"" AudioIndex int // 0-based ffmpeg audio stream selection (-map 0:a:N). -1 = default. Transcode TranscodeRuntime + // Cache is an optional persistent segment cache keyed by (source, quality, + // audio). When set, completed encodes are kept across sessions so re-plays + // of the same file at the same quality skip ffmpeg entirely. nil disables + // caching (per-session tmpdir, deleted on Close — original behavior). + Cache *HLSCache } // HLSSession owns a tmpdir + ffmpeg subprocess producing HLS fragments. @@ -133,14 +172,29 @@ type HLSSession struct { restartCount int // bounded auto-restart counter (resets on Close) lastRestartAt time.Time - // readyCond + readyMax track which segments ffmpeg has finished writing. - // Handlers waiting on a future segment block on readyCond until the - // poller advances readyMax past their index (or ffmpeg exits). + // readyCh + readyMax track how many segments ffmpeg has finished writing. + // readyMax is a COUNT (not an index): readyMax=N means seg-0 … seg-(N-1) + // are fully on disk. A handler waiting on `idx` blocks until + // `idx < readyMax` (segment idx is present). The pollSegments goroutine + // advances readyMax and re-creates readyCh on every step. readyMu sync.Mutex - readyMax int // highest segment index whose .m4s file is fully written + readyMax int exitErr error exited bool readyCh chan struct{} // closed + replaced each time readyMax advances + + // Persistent cache state. cache==nil means caching disabled for this session. + // fromCache=true means the session is replaying a completed encode and no + // ffmpeg subprocess was spawned. writerLockHeld=true means this session + // owns the per-key TryAcquireWriter claim — Close must ReleaseWriter. + // subsDone closes when the subtitle extractor goroutine returns (or is + // nil when the source had no subtitle tracks); MarkComplete waits on it + // so a HIT replay never serves partial .vtt files. + cache *HLSCache + cacheKey string + fromCache bool + writerLockHeld bool + subsDone chan struct{} } // hlsSeekAhead is how many segments past the writer's current position the @@ -265,18 +319,78 @@ func StartHLSSession(ctx context.Context, cfg HLSSessionConfig) (*HLSSession, er return nil, errors.New("hls: source has no duration") } - tmpDir := filepath.Join(hlsTmpDirRoot(), cfg.SessionID) + // Resolve tmpDir + cache placement. Three states: + // 1. cache disabled → per-session tmpdir, deleted on Close. + // 2. cache HIT (.complete found) → read from cache dir, no ffmpeg, Pin. + // 3. cache MISS, writer-lock OK → ffmpeg writes to cache dir, Pin + writer-lock. + // 4. cache MISS, writer-lock NO → another session already writing this + // key; fall back to private per-session tmpdir + // (no caching for this session — second-writer + // would corrupt the first one's segments). + var ( + tmpDir string + cacheKey string + fromCache bool + writerLockHeld bool + ) + if cfg.Cache != nil { + cacheKey = cfg.Cache.KeyFor(cfg.SourcePath, cfg.Quality, cfg.AudioIndex) + // Integrity gate: HasComplete just stats the marker. If init.mp4 or + // the last segment vanished (external rm, partial-disk failure), we + // can't actually serve a HIT — drop the dir and re-encode. + segCountForVerify := segmentCountForDuration(probe.DurationSec) + if cfg.Cache.HasComplete(cacheKey) && !cfg.Cache.VerifyComplete(cacheKey, segCountForVerify) { + log.Printf("[hls %s] cache %s sealed but failed integrity check — re-encoding", + shortHLSID(cfg.SessionID), cacheKey) + _ = cfg.Cache.Invalidate(cacheKey) + } + if cfg.Cache.HasComplete(cacheKey) { + // HIT: read-only replay — many concurrent HITs are fine. + tmpDir = cfg.Cache.DirFor(cacheKey) + cfg.Cache.Pin(cacheKey) + fromCache = true + cfg.Cache.RecordHit() + _ = cfg.Cache.Touch(cacheKey) + } else if cfg.Cache.TryAcquireWriter(cacheKey) { + tmpDir = cfg.Cache.DirFor(cacheKey) + cfg.Cache.Pin(cacheKey) + writerLockHeld = true + cfg.Cache.RecordMiss() + } else { + // Another session is writing this key — fall back to private + // dir so we don't trample its segments. + log.Printf("[hls %s] cache key %s busy, falling back to per-session tmpdir", + shortHLSID(cfg.SessionID), cacheKey) + tmpDir = filepath.Join(hlsTmpDirRoot(), cfg.SessionID) + cacheKey = "" // disable caching for this session + cfg.Cache.RecordMiss() + } + } else { + tmpDir = filepath.Join(hlsTmpDirRoot(), cfg.SessionID) + } + + cleanupOnError := func() { + if cfg.Cache != nil && cacheKey != "" { + cfg.Cache.Unpin(cacheKey) + if writerLockHeld { + cfg.Cache.ReleaseWriter(cacheKey) + _ = cfg.Cache.Invalidate(cacheKey) + } + } else { + _ = os.RemoveAll(tmpDir) + } + } + if err := os.MkdirAll(filepath.Join(tmpDir, "video"), 0o755); err != nil { + cleanupOnError() return nil, fmt.Errorf("hls: mkdir video: %w", err) } if err := os.MkdirAll(filepath.Join(tmpDir, "subs"), 0o755); err != nil { + cleanupOnError() return nil, fmt.Errorf("hls: mkdir subs: %w", err) } - segCount := int((probe.DurationSec + float64(hlsSegmentDuration) - 1) / float64(hlsSegmentDuration)) - if segCount < 1 { - segCount = 1 - } + segCount := segmentCountForDuration(probe.DurationSec) s := &HLSSession{ cfg: cfg, @@ -287,10 +401,30 @@ func StartHLSSession(ctx context.Context, cfg HLSSessionConfig) (*HLSSession, er startedAt: time.Now(), lastTouch: time.Now(), readyCh: make(chan struct{}), + cache: cfg.Cache, + cacheKey: cacheKey, + fromCache: fromCache, + writerLockHeld: writerLockHeld, } s.manifestVideo = renderVideoPlaylist(probe.DurationSec, segCount) s.manifestRoot = renderMasterPlaylist(probe, cfg.Quality) + // Cache HIT: every segment + init.mp4 is already on disk. Skip ffmpeg + // entirely and mark readyMax so handlers don't wait. Background subtitle + // extraction is also unnecessary — subs were extracted on the original run. + if fromCache { + s.readyMu.Lock() + s.readyMax = segCount - 1 + s.exited = true + close(s.readyCh) + s.readyCh = nil + s.readyMu.Unlock() + log.Printf("[hls %s] cache HIT %s: %s, %.1fs, %d segs (quality=%s)", + shortHLSID(cfg.SessionID), cacheKey, filepath.Base(cfg.SourcePath), + probe.DurationSec, segCount, coalesce(cfg.Quality, "auto")) + return s, nil + } + // Spawn ffmpeg under a dedicated context so Close() can kill it without // touching the parent ctx. ffCtx, cancel := context.WithCancel(context.Background()) @@ -300,7 +434,7 @@ func StartHLSSession(ctx context.Context, cfg HLSSessionConfig) (*HLSSession, er cmd.Stderr = &hlsStderrCapture{owner: s} if err := cmd.Start(); err != nil { cancel() - _ = os.RemoveAll(tmpDir) + cleanupOnError() return nil, fmt.Errorf("hls: start ffmpeg: %w", err) } s.cmd = cmd @@ -309,12 +443,30 @@ func StartHLSSession(ctx context.Context, cfg HLSSessionConfig) (*HLSSession, er go s.pollSegments(ffCtx) if len(probe.SubtitleTracks) > 0 { - go s.extractSubtitles(ffCtx) + s.subsDone = make(chan struct{}) + go func() { + defer close(s.subsDone) + s.extractSubtitles(ffCtx) + }() } - log.Printf("[hls %s] started: %s, %.1fs, %d segs (quality=%s)", + cachedNote := "" + if cfg.Cache != nil { + cachedNote = fmt.Sprintf(" (cache-miss %s)", cacheKey) + } + // Surface the encoder profile so a "first-start was slow" report can be + // triaged from the agent log alone — `encoder=libx264 accel=none` means + // the user's ffmpeg has no HW encoders compiled in, which is the most + // common root cause (linuxbrew, default brew formula on macOS). + profile := ResolveEncoderProfile(cfg.Transcode.HWAccel, cfg.Transcode.Preset) + presetNote := "" + if profile.Preset != "" { + presetNote = " preset=" + profile.Preset + } + log.Printf("[hls %s] started: %s, %.1fs, %d segs (quality=%s, encoder=%s accel=%s%s)%s", shortHLSID(cfg.SessionID), filepath.Base(cfg.SourcePath), - probe.DurationSec, segCount, coalesce(cfg.Quality, "auto")) + probe.DurationSec, segCount, coalesce(cfg.Quality, "auto"), + profile.Codec, string(cfg.Transcode.HWAccel), presetNote, cachedNote) return s, nil } @@ -367,6 +519,28 @@ func (s *HLSSession) ProbeInfo() map[string]any { } } +// ReadyCount returns how many segments are currently fully on disk. +// Caller can `>= 1` it to check whether seg-0 has landed (and so the +// player can be told to attach). For cache-HIT sessions this is always +// `segmentCount` from the moment StartHLSSession returns. +func (s *HLSSession) ReadyCount() int { + s.readyMu.Lock() + defer s.readyMu.Unlock() + return s.readyMax +} + +// FromCache reports whether this session was served from the HLS cache +// (no ffmpeg subprocess spawned). Used by ready-watcher logic to short- +// circuit polling — a cache HIT is ready the moment we return. +func (s *HLSSession) FromCache() bool { return s.fromCache } + +// IsClosed reports whether Close() has been invoked. Exposed (vs the +// internal isClosed) so external watchers — the ready-webhook +// goroutine in cmd/daemon.go — can short-circuit polling on a session +// that was torn down through a different code path (registry replace, +// idle sweep) without racing on the unexported helper. +func (s *HLSSession) IsClosed() bool { return s.isClosed() } + // MasterPlaylist returns the rendered master.m3u8 contents. func (s *HLSSession) MasterPlaylist() string { return s.manifestRoot } @@ -387,8 +561,15 @@ func (s *HLSSession) Touch() { s.mu.Unlock() } -// Close stops ffmpeg, deletes the tmpdir, and prevents further requests from -// blocking on segment readiness. Idempotent. +// Close stops ffmpeg and prevents further requests from blocking on segment +// readiness. Idempotent. +// +// Disk lifecycle: +// - cache disabled → delete tmpDir (original behavior). +// - cache enabled + this session was a HIT → keep dir, just unpin. +// - cache enabled + this was a write session → if ffmpeg exited cleanly and +// every segment is on disk, persist with .complete and keep dir. Otherwise +// drop the dir so a half-written cache doesn't survive into the next play. func (s *HLSSession) Close() error { s.mu.Lock() if s.closed { @@ -409,7 +590,47 @@ func (s *HLSSession) Close() error { s.readyCh = nil } s.exited = true + exitErr := s.exitErr s.readyMu.Unlock() + + if s.cache != nil && s.cacheKey != "" { + defer s.cache.Unpin(s.cacheKey) + if s.writerLockHeld { + defer s.cache.ReleaseWriter(s.cacheKey) + } + if s.fromCache { + log.Printf("[hls %s] closed (cache reuse)", shortHLSID(s.cfg.SessionID)) + return nil + } + // Wait briefly for the subtitle extractor to finish so a cached + // replay never serves half-written .vtt files. Bounded so a stuck + // extractor can't block Close indefinitely; on timeout we treat + // the cache as incomplete and drop it. + subsOK := true + if s.subsDone != nil { + select { + case <-s.subsDone: + case <-time.After(15 * time.Second): + log.Printf("[hls %s] subtitle extractor timeout — not caching", shortHLSID(s.cfg.SessionID)) + subsOK = false + } + } + if subsOK && exitErr == nil && s.allSegmentsPresent() { + if err := s.cache.MarkComplete(s.cacheKey); err == nil { + log.Printf("[hls %s] cache persisted %s", shortHLSID(s.cfg.SessionID), s.cacheKey) + return nil + } else { + log.Printf("[hls %s] cache persist failed: %v", shortHLSID(s.cfg.SessionID), err) + } + } + // Partial / failed → drop so we re-encode next time. + if err := s.cache.Invalidate(s.cacheKey); err != nil { + log.Printf("[hls %s] cache invalidate failed: %v", shortHLSID(s.cfg.SessionID), err) + } + log.Printf("[hls %s] closed (cache discarded)", shortHLSID(s.cfg.SessionID)) + return nil + } + if tmpDir != "" { _ = os.RemoveAll(tmpDir) } @@ -417,6 +638,31 @@ func (s *HLSSession) Close() error { return nil } +// allSegmentsPresent reports whether every expected segment (and init.mp4) is +// on disk AND validated by the segment poller. Used to decide whether a +// finished session is cacheable. We trust readyMax (advanced by pollSegments +// only after the next segment exists, proving the predecessor is fully closed) +// over a naive Size>0 stat that could accept truncated mid-write files. +func (s *HLSSession) allSegmentsPresent() bool { + if fi, err := os.Stat(filepath.Join(s.tmpDir, "video", "init.mp4")); err != nil || fi.Size() == 0 { + return false + } + s.readyMu.Lock() + readyMax := s.readyMax + s.readyMu.Unlock() + if readyMax < s.segmentCount-1 { + return false + } + for i := 0; i < s.segmentCount; i++ { + path := filepath.Join(s.tmpDir, "video", fmt.Sprintf("seg-%d.m4s", i)) + fi, err := os.Stat(path) + if err != nil || fi.Size() == 0 { + return false + } + } + return true +} + // waitFFmpeg reaps the ffmpeg process and records its exit error for handlers. // // Auto-restart supervisor: if ffmpeg crashes (non-graceful exit) and the @@ -717,8 +963,10 @@ func (s *HLSSession) restartFromSegment(targetIdx int) error { time.Sleep(50 * time.Millisecond) } - // Build args for the new ffmpeg with -ss offset. - startSec := float64(targetIdx * hlsSegmentDuration) + // Build args for the new ffmpeg with -ss offset. Segments are non-uniform + // (seg-0 is hlsInitSegmentDuration s, the rest are hlsSegmentDuration s), + // so use segmentStartSec for the seek time instead of multiplying. + startSec := segmentStartSec(targetIdx) args := buildHLSFFmpegArgsAt(s.cfg, s.probe, s.tmpDir, targetIdx, startSec) ffCtx, cancel := context.WithCancel(context.Background()) @@ -783,23 +1031,77 @@ func buildHLSFFmpegArgs(cfg HLSSessionConfig, probe *StreamProbe, tmpDir string) return buildHLSFFmpegArgsAt(cfg, probe, tmpDir, 0, 0) } +// EncoderProfile names the codec + preset + decoder hint combination the HLS +// pipeline picks for the given hardware backend + transcode config. Exposed +// so callers can log the chosen encoder before ffmpeg launches and so both +// the demuxer-side `-hwaccel` flag and the encoder-side argv stay in sync +// (otherwise the two switches in buildHLSFFmpegArgsAt could silently drift +// when adding a new backend). +type EncoderProfile struct { + Codec string // ffmpeg encoder name (e.g. "h264_nvenc", "libx264") + Preset string // preset string, or "" when the codec has no preset knob + DecodeHwAccel string // ffmpeg `-hwaccel` value (e.g. "cuda", "qsv", "vaapi"), or "" +} + +// ResolveEncoderProfile mirrors the codec + preset selection inside +// buildHLSFFmpegArgsAt so callers (registry, log lines, diagnostic +// endpoints) can know what ffmpeg will be told to do without parsing argv. +// +// The configured preset is libx264-specific by vocabulary (ultrafast… +// veryslow). Passing it through to NVENC / QSV would have ffmpeg reject +// the argv (NVENC uses p1-p7, QSV uses its own subset). So vendor encoders +// always use their hardcoded vendor preset and ignore configuredPreset. +// VideoToolbox has no preset knob at all. +// +// DecodeHwAccel mirrors the encoder family — `-hwaccel cuda` for NVENC, +// `-hwaccel qsv` for QSV, `-hwaccel vaapi` for VAAPI. We intentionally +// do NOT pass `-hwaccel_output_format vaapi`: that pins decoded frames +// to GPU memory, but our filter chain (scale/format/setparams) runs on +// CPU and can't consume VAAPI surfaces. Keeping output frames on CPU +// makes the filter chain work and the VAAPI encoder still benefits from +// HW-accelerated DECODE on the input side. +func ResolveEncoderProfile(hw HWAccel, configuredPreset string) EncoderProfile { + codec := hw.FFmpegVideoCodec("h264") + switch codec { + case "libx264": + preset := configuredPreset + if preset == "" { + preset = "superfast" + } + return EncoderProfile{Codec: codec, Preset: preset, DecodeHwAccel: ""} + case "h264_nvenc": + return EncoderProfile{Codec: codec, Preset: "p3", DecodeHwAccel: "cuda"} + case "h264_qsv": + return EncoderProfile{Codec: codec, Preset: "veryfast", DecodeHwAccel: "qsv"} + case "h264_vaapi": + return EncoderProfile{Codec: codec, Preset: "", DecodeHwAccel: "vaapi"} + case "h264_videotoolbox": + // No preset knob for VideoToolbox; the speed/quality dial is `-q:v`. + // VideoToolbox uses per-encoder flags rather than a demuxer hint. + return EncoderProfile{Codec: codec, Preset: "", DecodeHwAccel: ""} + } + // Unknown / future codecs: software path. + return EncoderProfile{Codec: codec, Preset: "", DecodeHwAccel: ""} +} + // buildHLSFFmpegArgsAt returns the argv for an HLS encode that starts at the // given segment index (`-ss `) and writes segments numbered from // startIdx so they slot into the existing manifest at the correct position. // `-output_ts_offset` keeps the segment PTS aligned with manifest timeline. func buildHLSFFmpegArgsAt(cfg HLSSessionConfig, probe *StreamProbe, tmpDir string, startIdx int, startSec float64) []string { - hwHint := cfg.Transcode.HWAccel + profile := ResolveEncoderProfile(cfg.Transcode.HWAccel, cfg.Transcode.Preset) args := []string{"-y", "-hide_banner", "-loglevel", "warning"} - switch hwHint { - case HWAccelNVENC: - args = append(args, "-hwaccel", "cuda") - case HWAccelQSV: - args = append(args, "-hwaccel", "qsv") - case HWAccelVAAPI: - args = append(args, "-hwaccel", "vaapi", "-hwaccel_output_format", "vaapi") - case HWAccelNone, HWAccelVideoToolbox: - // No demuxer-side hint. + // Demuxer-side HW-decode hint. Sourced from the profile so a future + // codec/hint mismatch is impossible — the encoder + decode hint are + // computed once and stay coherent. Notably we do NOT add + // `-hwaccel_output_format vaapi` on the VAAPI path: that pins decoded + // frames to GPU memory but our CPU filter chain (scale, format, + // setparams) can't consume VAAPI surfaces. Letting frames flow on CPU + // keeps the filter chain working; the encoder still gets HW-accelerated + // decode on the input side. + if profile.DecodeHwAccel != "" { + args = append(args, "-hwaccel", profile.DecodeHwAccel) } // Seek before -i for fast keyframe-aligned start. The new ffmpeg writes @@ -829,24 +1131,54 @@ func buildHLSFFmpegArgsAt(cfg HLSSessionConfig, probe *StreamProbe, tmpDir strin } args = append(args, "-map", fmt.Sprintf("0:a:%d?", audioIdx)) - // Video encode. - codec := hwHint.FFmpegVideoCodec("h264") + // Video encode. Codec + preset come from the EncoderProfile resolved at + // the top of this function so the demuxer hint, the encoder, and the + // per-session log line all stay consistent. + // + // Defaults are biased for FIRST-START LATENCY over quality — the player + // blocks on seg-0 before the first frame paints, and a slow seg-0 is + // what users notice ("preparando sesión" stuck). Users who want better + // quality can override via `download.transcode.preset` in config.toml. + codec := profile.Codec args = append(args, "-c:v", codec) - // Encoder-specific tuning. Each HW encoder takes a different "preset" - // vocabulary; libx264 uses ultrafast→placebo, NVENC uses p1→p7, QSV uses - // veryfast→veryslow, VAAPI/VideoToolbox don't expose presets. switch codec { case "libx264": - preset := cfg.Transcode.Preset - if preset == "" { - preset = "veryfast" - } - args = append(args, "-preset", preset) + // superfast = ~15-20% faster than veryfast at marginal quality loss + // for the bitrates we target (5-25 Mbps). For 4K software encodes + // this is the difference between ~3 s and ~2.5 s per segment on a + // recent x86 CPU. `-threads 0` is libx264's default but explicit + // helps when the user has set GOMAXPROCS. + args = append(args, "-preset", profile.Preset, "-threads", "0") case "h264_nvenc": - // p4 = balanced quality/speed; p1 fastest, p7 highest quality. - args = append(args, "-preset", "p4", "-rc", "vbr", "-tune", "hq") + // p3 + tune=ll trades ~0.3 dB PSNR for 1.5-2× faster encode vs the + // previous p4 + tune=hq pair — first-segment encode drops from + // ~1.5 s to ~0.8 s on RTX-class hardware. + args = append(args, "-preset", profile.Preset, "-rc", "vbr", "-tune", "ll") case "h264_qsv": - args = append(args, "-preset", "medium", "-look_ahead", "0") + // veryfast is the fastest realistic QSV preset; medium was too + // conservative for first-start. look_ahead=0 keeps the encoder + // truly low-latency (no rate-control look-ahead window). + args = append(args, "-preset", profile.Preset, "-look_ahead", "0") + case "h264_videotoolbox": + // VideoToolbox has no "preset" knob; `-realtime` flips into the + // low-latency path used by FaceTime. We let the `-b:v / -maxrate + // / -bufsize` block (added later in this function) drive rate + // control — adding `-q:v` here would conflict because ffmpeg's + // videotoolbox encoder treats `-b:v` as authoritative and + // silently ignores `-q:v`, so the constant-quality knob never + // took effect anyway. + args = append(args, "-realtime", "1") + case "h264_vaapi": + // h264_vaapi has no preset knob. Bitrate args (set later) drive + // rate control. Add `-vaapi_device /dev/dri/renderD128` so the + // encoder doesn't fall back to a NULL device on multi-GPU hosts + // where the default render node is a non-VAAPI GPU (an Nvidia + // dGPU's render node, etc.). The filter chain below switches to + // `format=nv12,hwupload` so frames land on the right VAAPI + // surface before the encoder; we intentionally avoid scale_vaapi + // because mesa 25 + Raphael iGPU emits "Cannot allocate memory" + // per session start, polluting logs even though encode succeeds. + args = append(args, "-vaapi_device", "/dev/dri/renderD128") } // Derive H.264 level from the actual output height. A fixed "4.0" caps the // encoder at 1080p — anything taller (1440p, 4K source on quality=original) @@ -863,7 +1195,17 @@ func buildHLSFFmpegArgsAt(cfg HLSSessionConfig, probe *StreamProbe, tmpDir strin } args = append(args, "-profile:v", "main", "-level:v", H264LevelForHeight(outputHeight)) - bitrate := qcap.VideoBitrate + // Bitrate must match the level libx264 actually picks for outputHeight, + // not the qcap target for the user's requested label. If a user asks for + // "2160p" on a 1080p source, qcap.VideoBitrate is 25 Mbps but the level + // (derived from outputHeight=1080) is 4.0, which rejects bitrates >20 Mbps + // with "VBV bitrate (25000) > level limit (20000)". Re-derive the cap + // from the effective height so the (level, bitrate) pair stays coherent. + effectiveCap := capForHeight(outputHeight) + bitrate := effectiveCap.VideoBitrate + if bitrate == "" { + bitrate = qcap.VideoBitrate + } if bitrate == "" { bitrate = cfg.Transcode.VideoBitrate } @@ -887,14 +1229,32 @@ func buildHLSFFmpegArgsAt(cfg HLSSessionConfig, probe *StreamProbe, tmpDir strin if maxH == 0 { maxH = cfg.Transcode.MaxHeight } + // VAAPI needs frames as nv12 VAAPI surfaces before the encoder. We do + // scale + format conversion on CPU then `hwupload` once at the end — + // skips the mesa 25 + Raphael iGPU "Cannot allocate memory" log spam + // that scale_vaapi triggers per-session-start while still delivering + // the encoder a GPU surface. setparams is dropped because VAAPI + // surfaces don't expose VUI fields the way libx264 does; the encoder + // records its own color metadata via the source PTS chain. + pixFormat := "yuv420p" + hwUploadTail := "" + colorTail := ",setparams=colorspace=bt709:color_trc=bt709:color_primaries=bt709:range=tv" + if codec == "h264_vaapi" { + pixFormat = "nv12" + hwUploadTail = ",hwupload" + colorTail = "" + } var filterChain string if maxH > 0 && probe.Height > maxH { filterChain = fmt.Sprintf( - "scale=-2:%d:force_original_aspect_ratio=decrease,scale=trunc(iw/2)*2:trunc(ih/2)*2,format=yuv420p,setparams=colorspace=bt709:color_trc=bt709:color_primaries=bt709:range=tv", - maxH, + "scale=-2:%d:force_original_aspect_ratio=decrease,scale=trunc(iw/2)*2:trunc(ih/2)*2,format=%s%s%s", + maxH, pixFormat, colorTail, hwUploadTail, ) } else { - filterChain = "scale=trunc(iw/2)*2:trunc(ih/2)*2,format=yuv420p,setparams=colorspace=bt709:color_trc=bt709:color_primaries=bt709:range=tv" + filterChain = fmt.Sprintf( + "scale=trunc(iw/2)*2:trunc(ih/2)*2,format=%s%s%s", + pixFormat, colorTail, hwUploadTail, + ) } args = append(args, "-vf", filterChain) @@ -967,6 +1327,10 @@ func (s *HLSSession) extractSubtitles(ctx context.Context) { // renderVideoPlaylist builds the VOD media playlist for the video stream. // Segment count is derived from the source duration — the player learns the // total timeline from the manifest before any segment is fetched. +// +// seg-0 is the short init segment (hlsInitSegmentDuration s); seg-1 onward +// are hlsSegmentDuration s each. The last segment may be shorter than the +// nominal duration when (duration - init) doesn't divide evenly. func renderVideoPlaylist(durationSec float64, segCount int) string { var b strings.Builder b.WriteString("#EXTM3U\n") @@ -977,7 +1341,7 @@ func renderVideoPlaylist(durationSec float64, segCount int) string { b.WriteString(`#EXT-X-MAP:URI="init.mp4"` + "\n") remaining := durationSec for i := 0; i < segCount; i++ { - segDur := float64(hlsSegmentDuration) + segDur := float64(segmentDurationFor(i)) if remaining < segDur { segDur = remaining } diff --git a/internal/engine/hls_cache.go b/internal/engine/hls_cache.go new file mode 100644 index 0000000..f1bf918 --- /dev/null +++ b/internal/engine/hls_cache.go @@ -0,0 +1,410 @@ +package engine + +import ( + "context" + "crypto/sha256" + "encoding/hex" + "errors" + "fmt" + "log" + "os" + "path/filepath" + "sort" + "sync" + "sync/atomic" + "time" +) + +// HLSCache persists transcoded HLS segments per (source, quality, audio) so a +// second play of the same file at the same quality skips ffmpeg entirely. +// +// Layout on disk: +// +// {root}/{key}/init.mp4 +// {root}/{key}/seg-0.m4s +// {root}/{key}/seg-N.m4s +// {root}/{key}/.complete +// +// Atomicity: the .complete marker is written only when ffmpeg exits 0 AND all +// segments are on disk. A dir without .complete is treated as a partial run — +// next session can reuse the segments already present, ffmpeg fills the gaps. +// +// Concurrency: Pin/Unpin increments a ref counter per key so the LRU sweeper +// never evicts a directory that an active session is reading from. +type HLSCache struct { + root string + maxBytes int64 + + mu sync.Mutex + refs map[string]int + writers map[string]bool // exclusive ffmpeg writer per key; nil entries are absent + + // Counters surfaced via Stats() — useful for /api/internal/agent/cache-stats + // and for the sweeper's daily log line. atomic so RecordHit/RecordMiss are + // safe to call from any goroutine without taking the cache mutex. + hits atomic.Uint64 + misses atomic.Uint64 +} + +const ( + hlsCacheCompleteMarker = ".complete" + // hlsCacheMinBudgetGB clamps absurd / zero / negative SizeGB values to + // a sane floor. NOT a guarantee that any single encode fits — a long + // 4K HEVC re-encode can exceed it. Operators should set size_gb based + // on their actual workload. + hlsCacheMinBudgetGB = 1 + // hlsCacheStartupOrphanAge: directories without .complete older than + // this are removed on cache startup. Long enough that a daemon crash + // during an in-progress encode (which legitimately leaves a partial + // dir) doesn't get nuked too aggressively if the daemon restarts fast. + hlsCacheStartupOrphanAge = 10 * time.Minute +) + +// NewHLSCache creates the cache rooted at the given dir with a size budget in +// gigabytes. A budget < hlsCacheMinBudgetGB is clamped up so a single play +// doesn't get instantly evicted mid-stream. +func NewHLSCache(root string, sizeGB int) (*HLSCache, error) { + if root == "" { + return nil, errors.New("hls_cache: empty root") + } + if sizeGB < hlsCacheMinBudgetGB { + sizeGB = hlsCacheMinBudgetGB + } + if err := os.MkdirAll(root, 0o755); err != nil { + return nil, fmt.Errorf("hls_cache: mkdir root: %w", err) + } + c := &HLSCache{ + root: root, + maxBytes: int64(sizeGB) * 1024 * 1024 * 1024, + refs: make(map[string]int), + writers: make(map[string]bool), + } + // Reap dirs left over from a crashed encode. A dir without .complete that + // hasn't been touched recently was almost certainly orphaned by an + // ungraceful daemon exit — keeping it just feeds the unbounded growth + // pattern the hourly LRU is too slow to contain. + if removed, err := c.cleanStartupOrphans(); err != nil { + log.Printf("[hls_cache] startup orphan cleanup: %v", err) + } else if removed > 0 { + log.Printf("[hls_cache] startup: removed %d orphan dir(s) without .complete", removed) + } + return c, nil +} + +// cleanStartupOrphans removes cache subdirectories that lack a .complete +// marker AND haven't been modified within hlsCacheStartupOrphanAge. Called +// once at construction. Safe at startup because no sessions are active yet, +// so Pin can't race with us. +func (c *HLSCache) cleanStartupOrphans() (int, error) { + entries, err := os.ReadDir(c.root) + if err != nil { + if os.IsNotExist(err) { + return 0, nil + } + return 0, err + } + cutoff := time.Now().Add(-hlsCacheStartupOrphanAge) + removed := 0 + for _, e := range entries { + if !e.IsDir() { + continue + } + dir := filepath.Join(c.root, e.Name()) + if _, err := os.Stat(filepath.Join(dir, hlsCacheCompleteMarker)); err == nil { + continue // sealed, keep + } + info, err := e.Info() + if err != nil { + continue + } + if info.ModTime().After(cutoff) { + continue // too recent — might be a daemon that just restarted mid-encode + } + if err := os.RemoveAll(dir); err == nil { + removed++ + } + } + return removed, nil +} + +// TryAcquireWriter attempts to claim exclusive ffmpeg-write access to a key. +// Returns true on success — the caller is then responsible for ReleaseWriter +// when ffmpeg exits / fails. Returns false if another session is already +// writing this key, in which case the caller must fall back to a private +// per-session tmpdir (no caching for that session). +func (c *HLSCache) TryAcquireWriter(key string) bool { + c.mu.Lock() + defer c.mu.Unlock() + if c.writers[key] { + return false + } + c.writers[key] = true + return true +} + +// ReleaseWriter releases the writer claim acquired via TryAcquireWriter. +// Idempotent on unknown keys. +func (c *HLSCache) ReleaseWriter(key string) { + c.mu.Lock() + delete(c.writers, key) + c.mu.Unlock() +} + +// KeyFor derives a stable cache key for (source, quality, audioIndex). Using +// the absolute source path means renaming a file invalidates the cache, which +// is correct — segment content is tied to the encoded source. +func (c *HLSCache) KeyFor(sourcePath, quality string, audioIndex int) string { + abs, err := filepath.Abs(sourcePath) + if err != nil { + abs = sourcePath + } + h := sha256.Sum256([]byte(fmt.Sprintf("%s|%s|%d", abs, quality, audioIndex))) + return hex.EncodeToString(h[:8]) // 16 hex chars — collision-safe enough for per-host cache +} + +// DirFor returns the on-disk directory for a cache key. Caller is responsible +// for creating it. +func (c *HLSCache) DirFor(key string) string { + return filepath.Join(c.root, key) +} + +// HasComplete returns true when the .complete marker is present, meaning the +// directory holds a full set of segments from a successful encode. +func (c *HLSCache) HasComplete(key string) bool { + if _, err := os.Stat(filepath.Join(c.DirFor(key), hlsCacheCompleteMarker)); err == nil { + return true + } + return false +} + +// MarkComplete writes the .complete marker. Call only after verifying ffmpeg +// exited cleanly AND every expected segment is on disk. The dir must already +// exist — StartHLSSession created it on the writer path. +func (c *HLSCache) MarkComplete(key string) error { + return os.WriteFile(filepath.Join(c.DirFor(key), hlsCacheCompleteMarker), nil, 0o644) +} + +// RecordHit increments the hit counter; called by StartHLSSession on a +// cache-HIT path. +func (c *HLSCache) RecordHit() { c.hits.Add(1) } + +// RecordMiss increments the miss counter; called when a session has to +// encode from scratch (or fails an integrity check on a stale HIT). +func (c *HLSCache) RecordMiss() { c.misses.Add(1) } + +// CacheStats is a snapshot of the cache's runtime counters + on-disk size. +// The size fields are best-effort (computed via dirSize) so callers paying +// for them should cache the result, not poll in a hot loop. +type CacheStats struct { + Hits uint64 + Misses uint64 + EntryCount int + TotalBytes int64 +} + +// Stats returns a snapshot of the cache counters and size. Walks the root +// to total disk usage — O(N segments). Call at most every few minutes. +func (c *HLSCache) Stats() CacheStats { + s := CacheStats{ + Hits: c.hits.Load(), + Misses: c.misses.Load(), + } + entries, err := os.ReadDir(c.root) + if err != nil { + return s + } + for _, e := range entries { + if !e.IsDir() { + continue + } + size, err := dirSize(filepath.Join(c.root, e.Name())) + if err != nil { + continue + } + s.EntryCount++ + s.TotalBytes += size + } + return s +} + +// hitRatePercent returns the current hit/(hit+miss) percentage rounded to +// the nearest int; 0 when no calls have been recorded. +func (c *HLSCache) hitRatePercent() int { + h := c.hits.Load() + m := c.misses.Load() + total := h + m + if total == 0 { + return 0 + } + return int((h*100 + total/2) / total) +} + +// VerifyComplete checks that the .complete marker is present AND the +// essential files (init.mp4 + last segment) exist with non-zero size. A +// dir that passes HasComplete but fails VerifyComplete is treated as +// corrupted — typically external `rm` or a partial-disk-failure scenario. +// When it returns false, callers should Invalidate and re-encode. +func (c *HLSCache) VerifyComplete(key string, segmentCount int) bool { + if !c.HasComplete(key) { + return false + } + dir := c.DirFor(key) + if fi, err := os.Stat(filepath.Join(dir, "video", "init.mp4")); err != nil || fi.Size() == 0 { + return false + } + if segmentCount > 0 { + lastSeg := filepath.Join(dir, "video", fmt.Sprintf("seg-%d.m4s", segmentCount-1)) + if fi, err := os.Stat(lastSeg); err != nil || fi.Size() == 0 { + return false + } + } + return true +} + +// Pin increments the ref counter for a key. The sweeper checks this before +// evicting, so a pinned dir is safe even if its mtime is old. +func (c *HLSCache) Pin(key string) { + c.mu.Lock() + c.refs[key]++ + c.mu.Unlock() +} + +// Unpin decrements; safe to call on unknown keys (no-op). +func (c *HLSCache) Unpin(key string) { + c.mu.Lock() + if c.refs[key] > 0 { + c.refs[key]-- + if c.refs[key] == 0 { + delete(c.refs, key) + } + } + c.mu.Unlock() +} + +func (c *HLSCache) isPinned(key string) bool { + c.mu.Lock() + defer c.mu.Unlock() + return c.refs[key] > 0 +} + +// Touch updates the directory mtime so LRU picks fresher entries as recently +// used. Called when a session starts reading from a cached dir. +func (c *HLSCache) Touch(key string) error { + dir := c.DirFor(key) + now := time.Now() + return os.Chtimes(dir, now, now) +} + +// Sweep enforces the size budget by deleting the least-recently-used cache +// dirs (ignoring pinned ones) until the total size is at or below maxBytes. +// Returns the number of bytes freed. +func (c *HLSCache) Sweep() (int64, error) { + entries, err := os.ReadDir(c.root) + if err != nil { + if os.IsNotExist(err) { + return 0, nil + } + return 0, fmt.Errorf("hls_cache: read root: %w", err) + } + + type item struct { + key string + path string + size int64 + mtime time.Time + } + items := make([]item, 0, len(entries)) + var total, pinned int64 + for _, e := range entries { + if !e.IsDir() { + continue + } + info, err := e.Info() + if err != nil { + continue + } + key := e.Name() + path := filepath.Join(c.root, key) + size, err := dirSize(path) + if err != nil { + continue + } + items = append(items, item{key: key, path: path, size: size, mtime: info.ModTime()}) + total += size + if c.isPinned(key) { + pinned += size + } + } + + if total <= c.maxBytes { + return 0, nil + } + if pinned >= c.maxBytes { + // Every pinned byte already exceeds the budget — even evicting + // every unpinned dir won't bring us under. Warn loudly so the + // operator knows to bump size_gb (or kill the long-running session). + log.Printf("[hls_cache] warn: pinned bytes (%.1f MB) exceed budget (%.1f MB) — cannot enforce limit until sessions release", + float64(pinned)/(1024*1024), float64(c.maxBytes)/(1024*1024)) + return 0, nil + } + + // Oldest first. + sort.Slice(items, func(i, j int) bool { + return items[i].mtime.Before(items[j].mtime) + }) + + var freed int64 + for _, it := range items { + if total-freed <= c.maxBytes { + break + } + if c.isPinned(it.key) { + continue + } + if err := os.RemoveAll(it.path); err != nil { + log.Printf("[hls_cache] evict %s failed: %v", it.key, err) + continue + } + log.Printf("[hls_cache] evicted %s (%.1f MB, age %s)", + it.key, float64(it.size)/(1024*1024), time.Since(it.mtime).Round(time.Second)) + freed += it.size + } + return freed, nil +} + +// StartSweeper kicks off the LRU sweeper goroutine. Cancels on ctx done. +// In addition to enforcing the size budget, logs a daily summary of hit-rate +// + disk usage so operators can see the cache's value at a glance. +func (c *HLSCache) StartSweeper(ctx context.Context, interval time.Duration) { + if interval <= 0 { + interval = time.Hour + } + go func() { + t := time.NewTicker(interval) + defer t.Stop() + statsTick := time.NewTicker(24 * time.Hour) + defer statsTick.Stop() + for { + select { + case <-ctx.Done(): + return + case <-t.C: + if _, err := c.Sweep(); err != nil { + log.Printf("[hls_cache] sweep error: %v", err) + } + case <-statsTick.C: + s := c.Stats() + log.Printf("[hls_cache] day-stats: hits=%d misses=%d ratio=%d%% entries=%d size=%.1fMB", + s.Hits, s.Misses, c.hitRatePercent(), s.EntryCount, + float64(s.TotalBytes)/(1024*1024)) + } + } + }() +} + +// Invalidate removes a cache entry — used when ffmpeg fails to encode the +// source so we don't reuse a half-written dir next time. +func (c *HLSCache) Invalidate(key string) error { + return os.RemoveAll(c.DirFor(key)) +} + diff --git a/internal/engine/hls_cache_smoke_test.go b/internal/engine/hls_cache_smoke_test.go new file mode 100644 index 0000000..a086cb2 --- /dev/null +++ b/internal/engine/hls_cache_smoke_test.go @@ -0,0 +1,134 @@ +//go:build smoke + +package engine + +import ( + "context" + "os/exec" + "path/filepath" + "testing" + "time" +) + +// TestHLSCacheSmoke exercises the end-to-end cache flow against real ffmpeg: +// - First session encodes a 5s test pattern; expect MISS, ffmpeg runs, +// .complete written, MarkComplete logs. +// - Second session for identical (source, quality, audio); expect HIT, +// no ffmpeg, instant Start. +// +// Build tag `smoke` keeps it out of the default `go test ./...` run because +// it depends on a working ffmpeg/ffprobe and takes ~5–10 s. +// +// go test -tags=smoke -run TestHLSCacheSmoke -v ./internal/engine/ +func TestHLSCacheSmoke(t *testing.T) { + ffmpeg, err := exec.LookPath("ffmpeg") + if err != nil { + t.Skipf("ffmpeg not on PATH: %v", err) + } + ffprobe, err := exec.LookPath("ffprobe") + if err != nil { + t.Skipf("ffprobe not on PATH: %v", err) + } + + tmp := t.TempDir() + source := filepath.Join(tmp, "source.mp4") + t.Logf("generating 5 s test pattern → %s", source) + if out, err := exec.Command(ffmpeg, + "-y", "-loglevel", "error", + "-f", "lavfi", "-i", "testsrc=duration=5:size=640x480:rate=30", + "-f", "lavfi", "-i", "sine=frequency=1000:duration=5", + "-c:v", "libx264", "-preset", "ultrafast", "-pix_fmt", "yuv420p", + "-c:a", "aac", + source, + ).CombinedOutput(); err != nil { + t.Fatalf("ffmpeg generate: %v\n%s", err, out) + } + + cacheRoot := filepath.Join(tmp, "cache") + cache, err := NewHLSCache(cacheRoot, 1) + if err != nil { + t.Fatalf("NewHLSCache: %v", err) + } + + cfg := HLSSessionConfig{ + SessionID: "smoke1", + SourcePath: source, + FileName: "source.mp4", + Quality: "720p", + AudioIndex: 0, + Transcode: TranscodeRuntime{ + FFmpegPath: ffmpeg, + FFprobePath: ffprobe, + Preset: "ultrafast", + }, + Cache: cache, + } + + // First run — expect MISS, ffmpeg runs. + t.Log("session 1: expect MISS") + t0 := time.Now() + s1, err := StartHLSSession(context.Background(), cfg) + if err != nil { + t.Fatalf("StartHLSSession #1: %v", err) + } + if s1.fromCache { + t.Fatal("session 1 reported cache HIT on a fresh cache") + } + + // Wait for all segments to land. 5 s source @ 4 s segments → 2 segments. + deadline := time.Now().Add(60 * time.Second) + for { + s1.readyMu.Lock() + ready := s1.readyMax + exited := s1.exited + s1.readyMu.Unlock() + if ready >= s1.segmentCount-1 && exited { + break + } + if time.Now().After(deadline) { + _ = s1.Close() + t.Fatalf("session 1 didn't finish in 60 s (readyMax=%d/%d, exited=%v)", + ready, s1.segmentCount-1, exited) + } + time.Sleep(100 * time.Millisecond) + } + if err := s1.Close(); err != nil { + t.Fatalf("Close #1: %v", err) + } + encodeDur := time.Since(t0) + t.Logf("session 1: MISS completed in %s", encodeDur.Round(time.Millisecond)) + + key := cache.KeyFor(source, "720p", 0) + if !cache.HasComplete(key) { + t.Fatalf("cache.HasComplete(%s) is false after successful encode", key) + } + + // Second run — expect HIT, no ffmpeg. + t.Log("session 2: expect HIT") + cfg.SessionID = "smoke2" + t1 := time.Now() + s2, err := StartHLSSession(context.Background(), cfg) + if err != nil { + t.Fatalf("StartHLSSession #2: %v", err) + } + if !s2.fromCache { + t.Fatal("session 2 should have reported cache HIT") + } + if s2.cmd != nil { + t.Fatal("session 2 should not have spawned ffmpeg (s.cmd != nil)") + } + hitDur := time.Since(t1) + t.Logf("session 2: HIT in %s (%.1f× faster than MISS)", + hitDur.Round(time.Millisecond), float64(encodeDur)/float64(hitDur)) + if hitDur > 500*time.Millisecond { + t.Errorf("HIT path too slow: %s — expected <500 ms", hitDur) + } + if err := s2.Close(); err != nil { + t.Fatalf("Close #2: %v", err) + } + + // After the HIT session closes, the cache dir + .complete must still exist. + if !cache.HasComplete(key) { + t.Fatal(".complete disappeared after HIT session closed") + } +} diff --git a/internal/engine/hls_cache_test.go b/internal/engine/hls_cache_test.go new file mode 100644 index 0000000..cb70ec1 --- /dev/null +++ b/internal/engine/hls_cache_test.go @@ -0,0 +1,361 @@ +package engine + +import ( + "context" + "os" + "path/filepath" + "sync" + "testing" + "time" +) + +func newTestCache(t *testing.T, sizeGB int) *HLSCache { + t.Helper() + root := t.TempDir() + c, err := NewHLSCache(root, sizeGB) + if err != nil { + t.Fatalf("NewHLSCache: %v", err) + } + return c +} + +func TestKeyForStable(t *testing.T) { + c := newTestCache(t, 1) + k1 := c.KeyFor("/a/b/movie.mkv", "1080p", 0) + k2 := c.KeyFor("/a/b/movie.mkv", "1080p", 0) + if k1 != k2 { + t.Fatalf("expected stable keys, got %q vs %q", k1, k2) + } + if c.KeyFor("/a/b/movie.mkv", "720p", 0) == k1 { + t.Fatal("quality should change key") + } + if c.KeyFor("/a/b/movie.mkv", "1080p", 1) == k1 { + t.Fatal("audio index should change key") + } + if c.KeyFor("/x/y/other.mkv", "1080p", 0) == k1 { + t.Fatal("path should change key") + } +} + +func TestMarkCompleteAndHas(t *testing.T) { + c := newTestCache(t, 1) + key := "abc123" + if c.HasComplete(key) { + t.Fatal("fresh cache should not report complete") + } + // Production callers create the dir during StartHLSSession; MarkComplete + // trusts that invariant and fails if the dir was wiped meanwhile. + if err := os.MkdirAll(c.DirFor(key), 0o755); err != nil { + t.Fatalf("mkdir: %v", err) + } + if err := c.MarkComplete(key); err != nil { + t.Fatalf("MarkComplete: %v", err) + } + if !c.HasComplete(key) { + t.Fatal("after MarkComplete, HasComplete must be true") + } +} + +func TestMarkCompleteFailsWithoutDir(t *testing.T) { + c := newTestCache(t, 1) + if err := c.MarkComplete("never-created"); err == nil { + t.Fatal("MarkComplete should error when dir doesn't exist") + } +} + +func TestPinPreventsEviction(t *testing.T) { + c := newTestCache(t, 1) // 1 GB budget, but min clamp keeps it usable + c.maxBytes = 1024 // squeeze budget for the test + + // Write two entries past the budget. + for i, key := range []string{"old", "new"} { + dir := c.DirFor(key) + if err := os.MkdirAll(dir, 0o755); err != nil { + t.Fatalf("mkdir %s: %v", dir, err) + } + path := filepath.Join(dir, "seg.bin") + if err := os.WriteFile(path, make([]byte, 800), 0o644); err != nil { + t.Fatalf("write %s: %v", path, err) + } + now := time.Now().Add(time.Duration(i) * time.Hour) // "old" mtime < "new" + _ = os.Chtimes(dir, now, now) + } + + c.Pin("old") // protect the older one + freed, err := c.Sweep() + if err != nil { + t.Fatalf("Sweep: %v", err) + } + if freed == 0 { + t.Fatal("expected some eviction") + } + if _, err := os.Stat(c.DirFor("old")); err != nil { + t.Fatal("pinned 'old' was evicted") + } + if _, err := os.Stat(c.DirFor("new")); err == nil { + t.Fatal("'new' should have been evicted to make room") + } +} + +func TestSweepNoOpUnderBudget(t *testing.T) { + c := newTestCache(t, 1) + dir := c.DirFor("small") + _ = os.MkdirAll(dir, 0o755) + _ = os.WriteFile(filepath.Join(dir, "x"), []byte("tiny"), 0o644) + freed, err := c.Sweep() + if err != nil { + t.Fatalf("Sweep: %v", err) + } + if freed != 0 { + t.Fatalf("expected 0 freed under budget, got %d", freed) + } + if _, err := os.Stat(dir); err != nil { + t.Fatal("under-budget entry was wrongly evicted") + } +} + +func TestSweepEmptyRoot(t *testing.T) { + c := newTestCache(t, 1) + freed, err := c.Sweep() + if err != nil { + t.Fatalf("Sweep empty: %v", err) + } + if freed != 0 { + t.Fatalf("freed=%d, want 0", freed) + } +} + +func TestInvalidateRemovesDir(t *testing.T) { + c := newTestCache(t, 1) + key := "drop" + dir := c.DirFor(key) + _ = os.MkdirAll(dir, 0o755) + _ = os.WriteFile(filepath.Join(dir, "x"), []byte("y"), 0o644) + if err := c.Invalidate(key); err != nil { + t.Fatalf("Invalidate: %v", err) + } + if _, err := os.Stat(dir); err == nil { + t.Fatal("dir still present after Invalidate") + } +} + +func TestTouchUpdatesMtime(t *testing.T) { + c := newTestCache(t, 1) + key := "touch" + dir := c.DirFor(key) + _ = os.MkdirAll(dir, 0o755) + old := time.Now().Add(-2 * time.Hour) + _ = os.Chtimes(dir, old, old) + + if err := c.Touch(key); err != nil { + t.Fatalf("Touch: %v", err) + } + info, err := os.Stat(dir) + if err != nil { + t.Fatalf("stat: %v", err) + } + if !info.ModTime().After(old.Add(time.Minute)) { + t.Fatalf("mtime not refreshed: %v", info.ModTime()) + } +} + +func TestPinUnpinSymmetry(t *testing.T) { + c := newTestCache(t, 1) + c.Pin("k") + c.Pin("k") + if !c.isPinned("k") { + t.Fatal("Pin twice should leave pinned") + } + c.Unpin("k") + if !c.isPinned("k") { + t.Fatal("Unpin once should keep pinned (refs=1)") + } + c.Unpin("k") + if c.isPinned("k") { + t.Fatal("Unpin twice should drop pin") + } + c.Unpin("k") // safe no-op +} + +func TestConcurrentPinUnpin(t *testing.T) { + c := newTestCache(t, 1) + var wg sync.WaitGroup + for i := 0; i < 100; i++ { + wg.Add(1) + go func() { + defer wg.Done() + c.Pin("race") + time.Sleep(time.Microsecond) + c.Unpin("race") + }() + } + wg.Wait() + if c.isPinned("race") { + t.Fatal("refs leaked") + } +} + +func TestSweeperLoopExits(t *testing.T) { + c := newTestCache(t, 1) + ctx, cancel := context.WithCancel(context.Background()) + c.StartSweeper(ctx, 10*time.Millisecond) + time.Sleep(30 * time.Millisecond) + cancel() + // If StartSweeper doesn't exit on cancel the test would leak a goroutine; + // the leak detector in the test runner will surface it. + time.Sleep(20 * time.Millisecond) +} + +func TestMinBudgetClamp(t *testing.T) { + root := t.TempDir() + c, err := NewHLSCache(root, 0) // below floor + if err != nil { + t.Fatalf("NewHLSCache: %v", err) + } + if c.maxBytes != int64(hlsCacheMinBudgetGB)*1024*1024*1024 { + t.Fatalf("budget not clamped to min: got %d", c.maxBytes) + } +} + +func TestTryAcquireWriterExclusive(t *testing.T) { + c := newTestCache(t, 1) + if !c.TryAcquireWriter("k") { + t.Fatal("first acquire should succeed") + } + if c.TryAcquireWriter("k") { + t.Fatal("second acquire for same key must fail") + } + if !c.TryAcquireWriter("other") { + t.Fatal("different key should not conflict") + } + c.ReleaseWriter("k") + if !c.TryAcquireWriter("k") { + t.Fatal("acquire after release should succeed") + } + c.ReleaseWriter("k") + c.ReleaseWriter("k") // idempotent +} + +func TestStartupOrphanCleanup(t *testing.T) { + root := t.TempDir() + + // Pre-seed: one sealed dir + one orphan old enough + one orphan fresh. + sealed := filepath.Join(root, "sealed") + _ = os.MkdirAll(sealed, 0o755) + _ = os.WriteFile(filepath.Join(sealed, hlsCacheCompleteMarker), nil, 0o644) + + staleOrphan := filepath.Join(root, "stale_orphan") + _ = os.MkdirAll(staleOrphan, 0o755) + old := time.Now().Add(-2 * hlsCacheStartupOrphanAge) + _ = os.Chtimes(staleOrphan, old, old) + + freshOrphan := filepath.Join(root, "fresh_orphan") + _ = os.MkdirAll(freshOrphan, 0o755) + + if _, err := NewHLSCache(root, 1); err != nil { + t.Fatalf("NewHLSCache: %v", err) + } + + if _, err := os.Stat(sealed); err != nil { + t.Fatal("sealed dir was wrongly removed") + } + if _, err := os.Stat(staleOrphan); err == nil { + t.Fatal("stale orphan should have been removed at startup") + } + if _, err := os.Stat(freshOrphan); err != nil { + t.Fatal("fresh orphan should be kept (might be a mid-restart encode)") + } +} + +func TestHitMissCounters(t *testing.T) { + c := newTestCache(t, 1) + if s := c.Stats(); s.Hits != 0 || s.Misses != 0 { + t.Fatalf("fresh cache stats not zero: %+v", s) + } + c.RecordHit() + c.RecordHit() + c.RecordMiss() + s := c.Stats() + if s.Hits != 2 || s.Misses != 1 { + t.Fatalf("counters wrong: %+v", s) + } + // 2/3 = 67% + if got := c.hitRatePercent(); got != 67 { + t.Fatalf("hitRatePercent=%d, want 67", got) + } +} + +func TestStatsEntryCount(t *testing.T) { + c := newTestCache(t, 1) + for _, k := range []string{"a", "b", "c"} { + dir := c.DirFor(k) + _ = os.MkdirAll(dir, 0o755) + _ = os.WriteFile(filepath.Join(dir, "x"), []byte("hello"), 0o644) + } + s := c.Stats() + if s.EntryCount != 3 { + t.Fatalf("EntryCount=%d, want 3", s.EntryCount) + } + if s.TotalBytes != 15 { + t.Fatalf("TotalBytes=%d, want 15", s.TotalBytes) + } +} + +func TestVerifyCompleteRejectsMissingFiles(t *testing.T) { + c := newTestCache(t, 1) + key := "v" + dir := c.DirFor(key) + _ = os.MkdirAll(filepath.Join(dir, "video"), 0o755) + + // No .complete yet → reject. + if c.VerifyComplete(key, 2) { + t.Fatal("VerifyComplete should reject without .complete") + } + + // Mark complete but no files → reject. + if err := c.MarkComplete(key); err != nil { + t.Fatalf("MarkComplete: %v", err) + } + if c.VerifyComplete(key, 2) { + t.Fatal("VerifyComplete should reject when init.mp4 missing") + } + + // Write init.mp4, last seg missing → reject. + _ = os.WriteFile(filepath.Join(dir, "video", "init.mp4"), []byte("..."), 0o644) + if c.VerifyComplete(key, 2) { + t.Fatal("VerifyComplete should reject when last segment missing") + } + + // Write last seg → pass. + _ = os.WriteFile(filepath.Join(dir, "video", "seg-1.m4s"), []byte("..."), 0o644) + if !c.VerifyComplete(key, 2) { + t.Fatal("VerifyComplete should pass with all files present") + } + + // Zero-size last seg → reject. + _ = os.WriteFile(filepath.Join(dir, "video", "seg-1.m4s"), nil, 0o644) + if c.VerifyComplete(key, 2) { + t.Fatal("VerifyComplete should reject zero-size last segment") + } +} + +func TestSweepRespectsPinnedExceedsBudget(t *testing.T) { + c := newTestCache(t, 1) + c.maxBytes = 256 // squeeze + + pinned := c.DirFor("pinned") + _ = os.MkdirAll(pinned, 0o755) + _ = os.WriteFile(filepath.Join(pinned, "x"), make([]byte, 1024), 0o644) + c.Pin("pinned") + + freed, err := c.Sweep() + if err != nil { + t.Fatalf("Sweep: %v", err) + } + if freed != 0 { + t.Fatalf("nothing should have been freed: got %d", freed) + } + if _, err := os.Stat(pinned); err != nil { + t.Fatal("pinned dir wrongly removed despite over-budget pin") + } +} diff --git a/internal/engine/hls_test.go b/internal/engine/hls_test.go index 7c7cfa4..7d4cde3 100644 --- a/internal/engine/hls_test.go +++ b/internal/engine/hls_test.go @@ -115,10 +115,11 @@ func TestRenderVideoPlaylist(t *testing.T) { } func TestRenderVideoPlaylistShortFinalSegment(t *testing.T) { - // 9.5s total, 4s segments → 3 segs of 4/4/1.5 - out := renderVideoPlaylist(9.5, 3) + // 9.5s total, 2s segments → 5 segs of 2/2/2/2/1.5 + segCount := segmentCountForDuration(9.5) + out := renderVideoPlaylist(9.5, segCount) if !strings.Contains(out, "#EXTINF:1.500,") { - t.Errorf("expected final segment 1.5s in playlist, got:\n%s", out) + t.Errorf("expected final segment 1.5s in playlist (segCount=%d), got:\n%s", segCount, out) } } diff --git a/internal/engine/hwaccel.go b/internal/engine/hwaccel.go index 886a295..d7d1bd4 100644 --- a/internal/engine/hwaccel.go +++ b/internal/engine/hwaccel.go @@ -86,6 +86,117 @@ func listFFmpegEncoders(ctx context.Context, ffmpegPath string) string { return string(out) } +// HWAccelDiagnostic bundles what we know about the host's ffmpeg + HW encode +// capabilities so the daemon can log a single coherent line at startup and the +// web side can surface "this agent is software-only" without re-running probes. +type HWAccelDiagnostic struct { + Pick HWAccel // backend selected by DetectHWAccel + FFmpegPath string // resolved ffmpeg binary + FFmpegVersion string // first line of `ffmpeg -version` (e.g. "ffmpeg version 6.1.1") + Encoders []string // HW + libsvtav1/libvpx9-class encoders found in -encoders output + Devices []string // device files / drivers detected at probe time +} + +// DetectHWAccelDiagnostic returns the full diagnostic picture for the host's +// transcode pipeline. Unlike DetectHWAccel, this is NOT cached — callers pay +// for an ffmpeg subprocess on each call (one `-encoders`, one `-version`). +// Daemon startup is the natural caller; per-session lookups should keep using +// DetectHWAccel (cached) and only re-probe diagnostics if the user runs an +// explicit doctor command. +func DetectHWAccelDiagnostic(ctx context.Context, ffmpegPath string) HWAccelDiagnostic { + d := HWAccelDiagnostic{Pick: HWAccelNone, FFmpegPath: ffmpegPath} + if ffmpegPath == "" { + return d + } + d.FFmpegVersion = ffmpegVersionLine(ctx, ffmpegPath) + encoders := listFFmpegEncoders(ctx, ffmpegPath) + for _, name := range hwEncoderNames { + if strings.Contains(encoders, name) { + d.Encoders = append(d.Encoders, name) + } + } + // Device-file checks mirror the picks below so the log line tells the + // reader why a present encoder might still have been rejected (e.g. NVENC + // compiled in but /dev/nvidia0 missing inside a container). + if fileExists("/dev/nvidia0") { + d.Devices = append(d.Devices, "/dev/nvidia0") + } + if fileExists("/dev/dri/renderD128") { + d.Devices = append(d.Devices, "/dev/dri/renderD128") + } + if hasNvidiaDriver() { + d.Devices = append(d.Devices, "nvidia-smi") + } + d.Pick = DetectHWAccel(ctx, ffmpegPath) + return d +} + +// LogLine returns a one-line human-readable summary of the diagnostic, +// suitable for daemon startup output. Format: +// +// "[transcode] ffmpeg 6.1.1 at /usr/bin/ffmpeg, HW=nvenc (h264_nvenc), devices=/dev/nvidia0,nvidia-smi" +// "[transcode] ffmpeg 6.1.1 at /home/linuxbrew/.../ffmpeg, HW=none (software libx264) — no HW encoders compiled in" +func (d HWAccelDiagnostic) LogLine() string { + var b strings.Builder + b.WriteString("[transcode] ") + if d.FFmpegVersion != "" { + b.WriteString(d.FFmpegVersion) + } else { + b.WriteString("ffmpeg") + } + if d.FFmpegPath != "" { + b.WriteString(" at ") + b.WriteString(d.FFmpegPath) + } + b.WriteString(", HW=") + b.WriteString(string(d.Pick)) + if d.Pick == HWAccelNone { + if len(d.Encoders) == 0 { + b.WriteString(" (software libx264) — no HW encoders compiled in") + } else { + b.WriteString(" (software libx264) — encoders found but no matching device: ") + b.WriteString(strings.Join(d.Encoders, ",")) + } + } else { + b.WriteString(" (") + b.WriteString(d.Pick.FFmpegVideoCodec("h264")) + b.WriteString(")") + if len(d.Devices) > 0 { + b.WriteString(", devices=") + b.WriteString(strings.Join(d.Devices, ",")) + } + } + return b.String() +} + +// hwEncoderNames lists the HW-accelerated encoders we care about for the +// startup log. Kept in lookup order so the output reads predictably across +// hosts. +var hwEncoderNames = []string{ + "h264_nvenc", "hevc_nvenc", + "h264_qsv", "hevc_qsv", + "h264_vaapi", "hevc_vaapi", + "h264_videotoolbox", "hevc_videotoolbox", +} + +// ffmpegVersionLine extracts the "ffmpeg version X.Y.Z" prefix from +// `ffmpeg -version`. Bounded to avoid hanging the daemon on a misbehaving +// binary. +func ffmpegVersionLine(ctx context.Context, ffmpegPath string) string { + cmd := exec.CommandContext(ctx, ffmpegPath, "-hide_banner", "-version") + out, err := cmd.CombinedOutput() + if err != nil || len(out) == 0 { + return "" + } + line, _, _ := strings.Cut(string(out), "\n") + // "ffmpeg version 6.1.1-some-build-suffix Copyright..." → keep up to first + // space after "version 6.x" to avoid spamming build flags into the log. + if idx := strings.Index(line, "Copyright"); idx > 0 { + line = strings.TrimSpace(line[:idx]) + } + return strings.TrimSpace(line) +} + func fileExists(path string) bool { _, err := os.Stat(path) return err == nil @@ -129,12 +240,13 @@ func (h HWAccel) FFmpegVideoCodec(target string) string { } } -// H264LevelForHeight returns the lowest H.264 profile level capable of encoding -// a stream at the given output pixel height (assumes ~16:9, ≤30 fps). The -// previous code used a fixed "4.0" which silently rejects anything above 1080p -// — libx264 logs "frame MB size > level limit" and emits a corrupt stream. -// Returning a tighter level on smaller outputs keeps player compatibility on -// older devices where the encoder can't auto-pick. +// H264LevelForHeight returns the lowest H.264 profile level capable of +// encoding a stream at the given output pixel height. Each tier carries +// enough macroblock headroom to handle ANAMORPHIC content (up to ~2.4:1 +// cinemascope) at 30 fps — a fixed 16:9 assumption used to silently bust +// the level on a 720p movie shot in 2.4:1 (1728×720 = 4860 MBs > 3.1's +// 3600 limit; libx264 logs "frame MB size > level limit" and emits a +// corrupt stream). func H264LevelForHeight(height int) string { switch { case height <= 0: @@ -142,11 +254,14 @@ func H264LevelForHeight(height int) string { // re-introduce the silent-failure mode that motivated this helper. return "5.1" case height <= 480: - return "3.0" - case height <= 720: return "3.1" - case height <= 1080: + case height <= 720: + // 4.0 instead of 3.1: covers 720p anamorphic (e.g. 1728×720) + + // MB rate up to 245k/s (3.1 caps at 108k/s — broken at 24 fps). return "4.0" + case height <= 1080: + // 4.1 instead of 4.0: covers 1080p anamorphic + 30 fps (~245k MBs/s). + return "4.1" case height <= 1440: return "5.0" case height <= 2160: diff --git a/internal/engine/hwaccel_test.go b/internal/engine/hwaccel_test.go index f022d29..cf3bec2 100644 --- a/internal/engine/hwaccel_test.go +++ b/internal/engine/hwaccel_test.go @@ -1,6 +1,9 @@ package engine -import "testing" +import ( + "strings" + "testing" +) func TestHWAccelFFmpegVideoCodec(t *testing.T) { cases := []struct { @@ -32,3 +35,122 @@ func TestDetectHWAccelEmptyPathReturnsNone(t *testing.T) { t.Errorf("got %s, want %s", got, HWAccelNone) } } + +func TestResolveEncoderProfileDefaults(t *testing.T) { + cases := []struct { + hw HWAccel + configured string + wantCodec string + wantPreset string + wantHint string + }{ + // Empty configured preset → pick latency-biased default per backend. + // DecodeHwAccel matches the encoder family for HW encoders; libx264 + + // VideoToolbox have no demuxer hint. + {HWAccelNone, "", "libx264", "superfast", ""}, + {HWAccelNVENC, "", "h264_nvenc", "p3", "cuda"}, + {HWAccelQSV, "", "h264_qsv", "veryfast", "qsv"}, + // VAAPI: decoder hint set, no preset, no `-hwaccel_output_format vaapi` + // (so the CPU filter chain can consume the decoded frames). + {HWAccelVAAPI, "", "h264_vaapi", "", "vaapi"}, + // VideoToolbox has no preset knob — Preset should be "" regardless of input. + // VideoToolbox uses per-encoder flags, not a demuxer `-hwaccel` hint. + {HWAccelVideoToolbox, "p4", "h264_videotoolbox", "", ""}, + {HWAccelVideoToolbox, "", "h264_videotoolbox", "", ""}, + } + for _, tc := range cases { + got := ResolveEncoderProfile(tc.hw, tc.configured) + if got.Codec != tc.wantCodec || got.Preset != tc.wantPreset || got.DecodeHwAccel != tc.wantHint { + t.Errorf("ResolveEncoderProfile(%s, %q) = {codec=%s preset=%s hint=%s}, want {codec=%s preset=%s hint=%s}", + tc.hw, tc.configured, + got.Codec, got.Preset, got.DecodeHwAccel, + tc.wantCodec, tc.wantPreset, tc.wantHint) + } + } +} + +func TestResolveEncoderProfileHonoursConfiguredPreset(t *testing.T) { + // Only libx264 honours the configured preset — the libx264 vocabulary + // (ultrafast…veryslow) doesn't apply to vendor encoders. NVENC has its + // own p1-p7 scale; QSV uses a different subset; VideoToolbox has no + // preset knob. Passing a libx264 preset to them would have ffmpeg reject + // the argv, so ResolveEncoderProfile always falls back to the hardcoded + // vendor preset for non-libx264 codecs. + cases := []struct { + hw HWAccel + configured string + wantPreset string + }{ + {HWAccelNone, "ultrafast", "ultrafast"}, // libx264 honours + {HWAccelNone, "medium", "medium"}, // libx264 honours + {HWAccelNVENC, "p1", "p3"}, // NVENC ignores, sticks to p3 + {HWAccelNVENC, "veryfast", "p3"}, // NVENC ignores libx264 vocab + {HWAccelQSV, "veryslow", "veryfast"}, // QSV ignores, sticks to veryfast + {HWAccelVideoToolbox, "veryfast", ""}, // VideoToolbox has no preset + } + for _, tc := range cases { + got := ResolveEncoderProfile(tc.hw, tc.configured) + if got.Preset != tc.wantPreset { + t.Errorf("ResolveEncoderProfile(%s, %q).Preset = %q, want %q", + tc.hw, tc.configured, got.Preset, tc.wantPreset) + } + } +} + +func TestHWAccelDiagnosticLogLineNone(t *testing.T) { + d := HWAccelDiagnostic{ + Pick: HWAccelNone, + FFmpegPath: "/usr/local/bin/ffmpeg", + FFmpegVersion: "ffmpeg version 6.1.1", + Encoders: nil, + Devices: nil, + } + line := d.LogLine() + wantSubstrings := []string{ + "ffmpeg version 6.1.1", + "/usr/local/bin/ffmpeg", + "HW=none", + "software libx264", + "no HW encoders compiled in", + } + for _, want := range wantSubstrings { + if !strings.Contains(line, want) { + t.Errorf("expected substring %q in log line; got %q", want, line) + } + } +} + +func TestHWAccelDiagnosticLogLineNVENCWithDevices(t *testing.T) { + d := HWAccelDiagnostic{ + Pick: HWAccelNVENC, + FFmpegPath: "/usr/bin/ffmpeg", + FFmpegVersion: "ffmpeg version 6.0", + Encoders: []string{"h264_nvenc", "hevc_nvenc", "h264_qsv"}, + Devices: []string{"/dev/nvidia0", "nvidia-smi"}, + } + line := d.LogLine() + for _, want := range []string{"HW=nvenc", "h264_nvenc", "/dev/nvidia0", "nvidia-smi"} { + if !strings.Contains(line, want) { + t.Errorf("expected substring %q in log line; got %q", want, line) + } + } +} + +func TestHWAccelDiagnosticLogLineSoftwareButEncodersFound(t *testing.T) { + // Edge case: ffmpeg compiled WITH nvenc but no /dev/nvidia0 (container w/o GPU). + // LogLine should flag the encoders so the user knows where the gap is. + d := HWAccelDiagnostic{ + Pick: HWAccelNone, + FFmpegPath: "/usr/bin/ffmpeg", + FFmpegVersion: "ffmpeg version 6.0", + Encoders: []string{"h264_nvenc"}, + Devices: nil, + } + line := d.LogLine() + for _, want := range []string{"HW=none", "encoders found but no matching device", "h264_nvenc"} { + if !strings.Contains(line, want) { + t.Errorf("expected substring %q in log line; got %q", want, line) + } + } +} + diff --git a/internal/engine/probe.go b/internal/engine/probe.go index 39ff374..c29c81a 100644 --- a/internal/engine/probe.go +++ b/internal/engine/probe.go @@ -9,7 +9,7 @@ import ( ) // StreamProbe summarises the codec / container shape of a file as it relates -// to the WebRTC streaming pipeline. It tells the transcoder whether bytes can +// to the HLS streaming pipeline. It tells the transcoder whether bytes can // be streamed as-is, just remuxed to fragmented MP4, or fully transcoded. type StreamProbe struct { // VideoCodec lowercased — e.g. "h264", "hevc", "av1", "vp9", "mpeg4". @@ -88,7 +88,15 @@ const ( ) // ProbeFile runs ffprobe and returns a StreamProbe view of the file. +// +// Result is memoised by (path, mtime, size) for probeCacheTTL — repeat plays +// of the same file at the same quality (the HLS cache HIT path) skip ffprobe +// entirely. ffprobe on a 50 GB MKV can cost 1-3 s; first-segment latency +// shrinks by the same amount on the second play. func ProbeFile(ctx context.Context, ffprobePath, filePath string) (*StreamProbe, error) { + if cached, ok := lookupProbeCache(filePath); ok { + return cached, nil + } mi, err := mediainfo.ExtractMediaInfo(ctx, ffprobePath, filePath) if err != nil { return nil, fmt.Errorf("probe: %w", err) @@ -136,6 +144,7 @@ func ProbeFile(ctx context.Context, ffprobePath, filePath string) (*StreamProbe, }) } } + storeProbeCache(filePath, probe) return probe, nil } diff --git a/internal/engine/probe_cache.go b/internal/engine/probe_cache.go new file mode 100644 index 0000000..fcc7dec --- /dev/null +++ b/internal/engine/probe_cache.go @@ -0,0 +1,141 @@ +package engine + +import ( + "os" + "sync" + "time" +) + +// probeCacheTTL is how long a cached probe stays usable. The cache key +// already incorporates mtime + size, so the TTL is a defense against +// runaway memory growth from stale paths, not a freshness guarantee — a +// rename + recreate at the same inode (rare) would still be caught by the +// mtime delta. +const probeCacheTTL = 30 * time.Minute + +// probeCacheJanitorInterval is how often the background sweeper wakes to +// drop expired entries. Lookup-time eviction handles hot paths, but a +// user who browses 5k files and then stops would leak entries until each +// is individually re-touched. 5 min ≈ 6 sweeps per TTL window — enough +// to keep memory bounded without burning CPU. +const probeCacheJanitorInterval = 5 * time.Minute + +type probeCacheEntry struct { + probe *StreamProbe + expires time.Time +} + +type probeCacheKey struct { + path string + mtime int64 // ModTime().UnixNano() + size int64 +} + +var ( + probeCacheMu sync.RWMutex + probeCache = make(map[probeCacheKey]probeCacheEntry) + probeCacheJanitor sync.Once +) + +// startProbeCacheJanitor launches the background sweeper exactly once per +// process. Lazy — fired on first storeProbeCache. Drops expired entries +// every probeCacheJanitorInterval. Idempotent (sync.Once). +func startProbeCacheJanitor() { + probeCacheJanitor.Do(func() { + go func() { + ticker := time.NewTicker(probeCacheJanitorInterval) + defer ticker.Stop() + for range ticker.C { + sweepProbeCache(time.Now()) + } + }() + }) +} + +// sweepProbeCache removes every entry whose expiry is at or before `now`. +// Exposed for tests; production code calls it indirectly via the janitor +// goroutine. +func sweepProbeCache(now time.Time) int { + probeCacheMu.Lock() + defer probeCacheMu.Unlock() + removed := 0 + for k, e := range probeCache { + if !now.Before(e.expires) { + delete(probeCache, k) + removed++ + } + } + return removed +} + +// lookupProbeCache returns the cached StreamProbe for the given path if its +// mtime + size still match the value recorded at insert time, AND the cache +// entry hasn't expired. Any stat failure / mismatch returns (nil, false) so +// the caller falls through to a fresh ffprobe run. +func lookupProbeCache(path string) (*StreamProbe, bool) { + fi, err := os.Stat(path) + if err != nil { + return nil, false + } + key := probeCacheKey{ + path: path, + mtime: fi.ModTime().UnixNano(), + size: fi.Size(), + } + probeCacheMu.RLock() + entry, ok := probeCache[key] + probeCacheMu.RUnlock() + if !ok { + return nil, false + } + if time.Now().After(entry.expires) { + // Re-check under the write lock so a concurrent re-insert (same key, + // fresh expiry) isn't accidentally evicted. + probeCacheMu.Lock() + if cur, stillThere := probeCache[key]; stillThere && time.Now().After(cur.expires) { + delete(probeCache, key) + } + probeCacheMu.Unlock() + return nil, false + } + return entry.probe, true +} + +// storeProbeCache stashes a fresh probe result under the (path, mtime, size) +// key. A subsequent ffprobe-skipping HIT requires the file to still have the +// same mtime + size — anything else (re-encoded, renamed+recreated at the +// same path, truncated) misses and triggers a re-probe. +func storeProbeCache(path string, probe *StreamProbe) { + fi, err := os.Stat(path) + if err != nil { + return + } + key := probeCacheKey{ + path: path, + mtime: fi.ModTime().UnixNano(), + size: fi.Size(), + } + probeCacheMu.Lock() + probeCache[key] = probeCacheEntry{ + probe: probe, + expires: time.Now().Add(probeCacheTTL), + } + probeCacheMu.Unlock() + // Lazy janitor — fires once per process. No-op after first call. + startProbeCacheJanitor() +} + +// ResetProbeCache clears the in-memory probe cache. Test-only. +func ResetProbeCache() { + probeCacheMu.Lock() + probeCache = make(map[probeCacheKey]probeCacheEntry) + probeCacheMu.Unlock() +} + +// ProbeCacheSize returns the number of entries currently cached. Exposed +// for diagnostics + tests. +func ProbeCacheSize() int { + probeCacheMu.RLock() + defer probeCacheMu.RUnlock() + return len(probeCache) +} diff --git a/internal/engine/probe_cache_test.go b/internal/engine/probe_cache_test.go new file mode 100644 index 0000000..76c79da --- /dev/null +++ b/internal/engine/probe_cache_test.go @@ -0,0 +1,202 @@ +package engine + +import ( + "os" + "path/filepath" + "testing" + "time" +) + +func TestProbeCache_LookupMissNonexistent(t *testing.T) { + ResetProbeCache() + t.Cleanup(ResetProbeCache) + + if _, ok := lookupProbeCache("/path/that/does/not/exist"); ok { + t.Fatal("expected MISS for non-existent path") + } +} + +func TestProbeCache_StoreThenLookupHit(t *testing.T) { + ResetProbeCache() + t.Cleanup(ResetProbeCache) + + dir := t.TempDir() + path := filepath.Join(dir, "movie.mkv") + if err := os.WriteFile(path, []byte("fake content"), 0o644); err != nil { + t.Fatalf("write tmp file: %v", err) + } + + probe := &StreamProbe{VideoCodec: "h264", Width: 1920, Height: 1080, DurationSec: 5400} + storeProbeCache(path, probe) + + got, ok := lookupProbeCache(path) + if !ok { + t.Fatal("expected HIT after store") + } + if got != probe { + t.Fatalf("expected pointer-identical probe; got different") + } +} + +func TestProbeCache_MtimeChangeInvalidates(t *testing.T) { + ResetProbeCache() + t.Cleanup(ResetProbeCache) + + dir := t.TempDir() + path := filepath.Join(dir, "movie.mkv") + if err := os.WriteFile(path, []byte("original"), 0o644); err != nil { + t.Fatalf("write: %v", err) + } + + probe := &StreamProbe{VideoCodec: "h264", DurationSec: 100} + storeProbeCache(path, probe) + + // Force mtime change. WriteFile doesn't guarantee a different mtime if + // the filesystem timestamp resolution is coarse, so set it explicitly + // to a value 1 hour in the future. + future := time.Now().Add(1 * time.Hour) + if err := os.Chtimes(path, future, future); err != nil { + t.Fatalf("chtimes: %v", err) + } + + if _, ok := lookupProbeCache(path); ok { + t.Fatal("expected MISS after mtime change") + } +} + +func TestProbeCache_SizeChangeInvalidates(t *testing.T) { + ResetProbeCache() + t.Cleanup(ResetProbeCache) + + dir := t.TempDir() + path := filepath.Join(dir, "movie.mkv") + if err := os.WriteFile(path, []byte("aaaaa"), 0o644); err != nil { + t.Fatalf("write: %v", err) + } + originalMtime := time.Now().Add(-1 * time.Hour) // stable, in the past + if err := os.Chtimes(path, originalMtime, originalMtime); err != nil { + t.Fatalf("chtimes original: %v", err) + } + + probe := &StreamProbe{VideoCodec: "h264", DurationSec: 100} + storeProbeCache(path, probe) + + // Truncate to a different size, then reset mtime to the original so + // only `size` differs between store and lookup keys — isolates the + // size-check path. Without the Chtimes, WriteFile bumps mtime and the + // test would pass via mtime invalidation regardless of size logic. + if err := os.WriteFile(path, []byte("a"), 0o644); err != nil { + t.Fatalf("rewrite: %v", err) + } + if err := os.Chtimes(path, originalMtime, originalMtime); err != nil { + t.Fatalf("chtimes restore: %v", err) + } + + if _, ok := lookupProbeCache(path); ok { + t.Fatal("expected MISS after size change") + } +} + +func TestProbeCache_ExpiryDropsEntry(t *testing.T) { + ResetProbeCache() + t.Cleanup(ResetProbeCache) + + dir := t.TempDir() + path := filepath.Join(dir, "movie.mkv") + if err := os.WriteFile(path, []byte("content"), 0o644); err != nil { + t.Fatalf("write: %v", err) + } + + // Stash an entry whose expires is already in the past — simulates TTL + // having elapsed without sleeping for 30 min. + fi, err := os.Stat(path) + if err != nil { + t.Fatalf("stat: %v", err) + } + key := probeCacheKey{path: path, mtime: fi.ModTime().UnixNano(), size: fi.Size()} + probeCacheMu.Lock() + probeCache[key] = probeCacheEntry{ + probe: &StreamProbe{VideoCodec: "h264"}, + expires: time.Now().Add(-1 * time.Minute), + } + probeCacheMu.Unlock() + + if _, ok := lookupProbeCache(path); ok { + t.Fatal("expected MISS for expired entry") + } + // Side-effect: lookup should have evicted the stale entry. + if ProbeCacheSize() != 0 { + t.Fatalf("expected cache size 0 after expiry eviction; got %d", ProbeCacheSize()) + } +} + +func TestProbeCache_ResetClears(t *testing.T) { + ResetProbeCache() + + dir := t.TempDir() + path := filepath.Join(dir, "movie.mkv") + if err := os.WriteFile(path, []byte("x"), 0o644); err != nil { + t.Fatalf("write: %v", err) + } + + storeProbeCache(path, &StreamProbe{VideoCodec: "h264"}) + if ProbeCacheSize() != 1 { + t.Fatalf("expected size 1 after store; got %d", ProbeCacheSize()) + } + + ResetProbeCache() + if ProbeCacheSize() != 0 { + t.Fatalf("expected size 0 after reset; got %d", ProbeCacheSize()) + } +} + +func TestProbeCache_StoreNonexistentNoOp(t *testing.T) { + ResetProbeCache() + t.Cleanup(ResetProbeCache) + + // Store on a non-existent path should silently do nothing (stat fails), + // not panic, and not poison the cache with a zero key. + storeProbeCache("/nope/never/exists.mkv", &StreamProbe{VideoCodec: "h264"}) + if ProbeCacheSize() != 0 { + t.Fatalf("expected 0 entries; got %d", ProbeCacheSize()) + } +} + +func TestProbeCache_SweepDropsExpired(t *testing.T) { + ResetProbeCache() + t.Cleanup(ResetProbeCache) + + dir := t.TempDir() + // Two entries: one expired, one fresh. + expiredPath := filepath.Join(dir, "old.mkv") + freshPath := filepath.Join(dir, "new.mkv") + if err := os.WriteFile(expiredPath, []byte("a"), 0o644); err != nil { + t.Fatalf("write expired: %v", err) + } + if err := os.WriteFile(freshPath, []byte("b"), 0o644); err != nil { + t.Fatalf("write fresh: %v", err) + } + + now := time.Now() + fiExp, _ := os.Stat(expiredPath) + fiFresh, _ := os.Stat(freshPath) + + probeCacheMu.Lock() + probeCache[probeCacheKey{path: expiredPath, mtime: fiExp.ModTime().UnixNano(), size: fiExp.Size()}] = probeCacheEntry{ + probe: &StreamProbe{VideoCodec: "h264"}, + expires: now.Add(-1 * time.Minute), // expired + } + probeCache[probeCacheKey{path: freshPath, mtime: fiFresh.ModTime().UnixNano(), size: fiFresh.Size()}] = probeCacheEntry{ + probe: &StreamProbe{VideoCodec: "h264"}, + expires: now.Add(10 * time.Minute), // fresh + } + probeCacheMu.Unlock() + + removed := sweepProbeCache(now) + if removed != 1 { + t.Fatalf("expected 1 expired entry removed; got %d", removed) + } + if ProbeCacheSize() != 1 { + t.Fatalf("expected 1 fresh entry kept; got %d", ProbeCacheSize()) + } +} diff --git a/internal/engine/seed_file.go b/internal/engine/seed_file.go deleted file mode 100644 index 7d9a046..0000000 --- a/internal/engine/seed_file.go +++ /dev/null @@ -1,138 +0,0 @@ -package engine - -import ( - "errors" - "fmt" - "os" - "path/filepath" - "time" - - "github.com/anacrolix/torrent" - "github.com/anacrolix/torrent/bencode" - "github.com/anacrolix/torrent/metainfo" -) - -// SeedFile builds a single-file torrent from an arbitrary on-disk file -// and adds it to an existing torrent client so the WebRTC peer wire -// (already configured on the client) can serve the file to a browser -// that knows the resulting info-hash. -// -// Returns the generated info-hash. The torrent is left attached to the -// client — caller is responsible for keeping it alive while a browser -// is watching. Drop it via Client.RemoveTorrent / Torrent.Drop when -// idle to free resources. -// -// Behaviour notes: -// - The file must already exist; no download is attempted. -// - Piece length follows the libtorrent ladder (16 KiB → 4 MiB). -// - The torrent is "complete" from the agent's POV — it has every -// piece — so the upload-only flow kicks in immediately. -// - WebRTC peer behaviour comes from the client config the caller -// constructed; SeedFile does not toggle DisableWebtorrent itself. -// If the operator's [downloads.webrtc].enabled = false, the file -// is still added but no browser will discover it via WSS tracker. -func SeedFile(client *torrent.Client, filePath string, trackerURLs []string) (metainfo.Hash, error) { - if client == nil { - return metainfo.Hash{}, errors.New("seed_file: torrent client is nil") - } - if filePath == "" { - return metainfo.Hash{}, errors.New("seed_file: filePath is empty") - } - - abs, err := filepath.Abs(filePath) - if err != nil { - return metainfo.Hash{}, fmt.Errorf("seed_file: resolve path: %w", err) - } - st, err := os.Stat(abs) - if err != nil { - return metainfo.Hash{}, fmt.Errorf("seed_file: stat: %w", err) - } - if st.IsDir() { - return metainfo.Hash{}, fmt.Errorf("seed_file: only single files are supported, %s is a directory", abs) - } - - info := metainfo.Info{ - PieceLength: chooseSeedPieceLength(st.Size()), - Name: filepath.Base(abs), - } - if err := info.BuildFromFilePath(abs); err != nil { - return metainfo.Hash{}, fmt.Errorf("seed_file: build info: %w", err) - } - infoBytes, err := bencode.Marshal(info) - if err != nil { - return metainfo.Hash{}, fmt.Errorf("seed_file: marshal info: %w", err) - } - - mi := &metainfo.MetaInfo{ - InfoBytes: infoBytes, - AnnounceList: makeAnnounceList(trackerURLs), - CreatedBy: "unarr-seed-file", - CreationDate: time.Now().Unix(), - } - ih := mi.HashInfoBytes() - - t, err := client.AddTorrent(mi) - if err != nil { - return metainfo.Hash{}, fmt.Errorf("seed_file: add torrent: %w", err) - } - // Mark every piece as needed so the client treats us as a complete - // seeder right away — anacrolix's verifier will hash the file - // asynchronously and flip pieces to "have" as it goes. - t.DownloadAll() - - return ih, nil -} - -// makeAnnounceList shapes the tracker URL slice into the bencoded -// AnnounceList format anacrolix expects. -func makeAnnounceList(urls []string) metainfo.AnnounceList { - if len(urls) == 0 { - return nil - } - tier := make([]string, 0, len(urls)) - for _, u := range urls { - if u == "" { - continue - } - tier = append(tier, u) - } - if len(tier) == 0 { - return nil - } - return metainfo.AnnounceList{tier} -} - -// chooseSeedPieceLength picks the piece size for a single-file torrent -// based on the libtorrent / qBittorrent ladder. Mirrored from the -// wstracker-probe seeder so generated torrents are interoperable. -func chooseSeedPieceLength(size int64) int64 { - switch { - case size < 4*1024*1024: - return 16 * 1024 - case size < 64*1024*1024: - return 64 * 1024 - case size < 512*1024*1024: - return 256 * 1024 - case size < 4*1024*1024*1024: - return 1024 * 1024 - default: - return 4 * 1024 * 1024 - } -} - -// SeedFileOnDownloader is a convenience wrapper that pulls the -// underlying anacrolix client out of a TorrentDownloader and forwards -// to SeedFile. trackerURLs default to the downloader's WebRTC -// trackers when nil/empty. -func SeedFileOnDownloader(d *TorrentDownloader, filePath string) (metainfo.Hash, error) { - if d == nil { - return metainfo.Hash{}, errors.New("seed_file: downloader is nil") - } - trackers := d.cfg.WebRTCTrackers - if !d.cfg.WebRTCEnabled { - // We could still build the torrent, but no browser would find - // it via the WSS tracker — bail loud so the operator notices. - return metainfo.Hash{}, errors.New("seed_file: WebRTC peer disabled in config; set [downloads.webrtc].enabled = true to use this feature") - } - return SeedFile(d.client, filePath, trackers) -} diff --git a/internal/engine/seed_file_test.go b/internal/engine/seed_file_test.go deleted file mode 100644 index 1c0f616..0000000 --- a/internal/engine/seed_file_test.go +++ /dev/null @@ -1,164 +0,0 @@ -package engine - -import ( - "context" - "os" - "path/filepath" - "testing" -) - -// TestSeedFile_RejectsMissingFile — explicit error rather than crashing -// inside anacrolix when the path doesn't exist. -func TestSeedFile_RejectsMissingFile(t *testing.T) { - dir := t.TempDir() - dl, err := NewTorrentDownloader(TorrentConfig{ - DataDir: dir, - ListenPort: 0, - WebRTCEnabled: true, - WebRTCTrackers: []string{"wss://tracker.torrentclaw.com"}, - }) - if err != nil { - t.Fatalf("NewTorrentDownloader: %v", err) - } - defer dl.Shutdown(context.Background()) - - if _, err := SeedFile(dl.client, "/nonexistent/path", nil); err == nil { - t.Fatal("expected error for missing file") - } -} - -// TestSeedFile_RejectsDirectory — single-file torrents only for now. -func TestSeedFile_RejectsDirectory(t *testing.T) { - dir := t.TempDir() - dl, err := NewTorrentDownloader(TorrentConfig{ - DataDir: dir, - ListenPort: 0, - WebRTCEnabled: true, - WebRTCTrackers: []string{"wss://tracker.torrentclaw.com"}, - }) - if err != nil { - t.Fatalf("NewTorrentDownloader: %v", err) - } - defer dl.Shutdown(context.Background()) - - subDir := filepath.Join(dir, "sub") - if err := os.Mkdir(subDir, 0o755); err != nil { - t.Fatalf("mkdir: %v", err) - } - - if _, err := SeedFile(dl.client, subDir, nil); err == nil { - t.Fatal("expected error for directory path") - } -} - -// TestSeedFile_BuildsDeterministicInfoHash — the same file should yield -// the same info_hash on every call so the web client can poll for it. -func TestSeedFile_BuildsDeterministicInfoHash(t *testing.T) { - dir := t.TempDir() - file := filepath.Join(dir, "data.bin") - payload := []byte("hello world — torrentclaw seed_file test") - if err := os.WriteFile(file, payload, 0o644); err != nil { - t.Fatalf("write file: %v", err) - } - - mkClient := func() *TorrentDownloader { - dl, err := NewTorrentDownloader(TorrentConfig{ - DataDir: t.TempDir(), - ListenPort: 0, - WebRTCEnabled: true, - WebRTCTrackers: []string{"wss://tracker.torrentclaw.com"}, - }) - if err != nil { - t.Fatalf("NewTorrentDownloader: %v", err) - } - return dl - } - - dl1 := mkClient() - defer dl1.Shutdown(context.Background()) - hash1, err := SeedFile(dl1.client, file, []string{"wss://tracker.torrentclaw.com"}) - if err != nil { - t.Fatalf("first SeedFile: %v", err) - } - - dl2 := mkClient() - defer dl2.Shutdown(context.Background()) - hash2, err := SeedFile(dl2.client, file, []string{"wss://tracker.torrentclaw.com"}) - if err != nil { - t.Fatalf("second SeedFile: %v", err) - } - - if hash1 != hash2 { - t.Fatalf("info_hash not deterministic: %s vs %s", hash1.HexString(), hash2.HexString()) - } - if hash1.HexString() == "" || len(hash1.HexString()) != 40 { - t.Fatalf("info_hash is not 40 hex chars: %q", hash1.HexString()) - } -} - -// TestSeedFileOnDownloader_RequiresWebRTC — silent failure mode is the -// worst UX; bail loud when the operator hasn't opted into WebRTC. -func TestSeedFileOnDownloader_RequiresWebRTC(t *testing.T) { - dir := t.TempDir() - dl, err := NewTorrentDownloader(TorrentConfig{ - DataDir: dir, - ListenPort: 0, - WebRTCEnabled: false, - }) - if err != nil { - t.Fatalf("NewTorrentDownloader: %v", err) - } - defer dl.Shutdown(context.Background()) - - file := filepath.Join(dir, "data.bin") - if err := os.WriteFile(file, []byte("x"), 0o644); err != nil { - t.Fatalf("write file: %v", err) - } - - if _, err := SeedFileOnDownloader(dl, file); err == nil { - t.Fatal("expected error when WebRTC disabled") - } -} - -// TestChooseSeedPieceLength_LadderShape — sanity-check the breakpoints -// stay aligned with the libtorrent reference (16 KiB → 4 MiB). -func TestChooseSeedPieceLength_LadderShape(t *testing.T) { - cases := []struct { - size int64 - expect int64 - }{ - {1, 16 * 1024}, - {4 * 1024 * 1024, 64 * 1024}, - {64 * 1024 * 1024, 256 * 1024}, - {512 * 1024 * 1024, 1024 * 1024}, - {4 * 1024 * 1024 * 1024, 4 * 1024 * 1024}, - } - for _, c := range cases { - if got := chooseSeedPieceLength(c.size); got != c.expect { - t.Errorf("chooseSeedPieceLength(%d) = %d want %d", c.size, got, c.expect) - } - } -} - -// TestMakeAnnounceList_HandlesEmpty — nil/empty in → nil out, so -// AddTorrent doesn't see a dangling tier with no URLs. -func TestMakeAnnounceList_HandlesEmpty(t *testing.T) { - if got := makeAnnounceList(nil); got != nil { - t.Errorf("nil input should yield nil announce list, got %+v", got) - } - if got := makeAnnounceList([]string{}); got != nil { - t.Errorf("empty input should yield nil announce list, got %+v", got) - } - if got := makeAnnounceList([]string{"", " ", ""}); got != nil { - // Empty strings should be filtered; if everything is empty, - // nil is the right answer. - // (We do NOT trim whitespace today — only literal "".) - if len(got) != 1 || len(got[0]) != 1 { - t.Errorf("expected 1 single-element tier, got %+v", got) - } - } - got := makeAnnounceList([]string{"wss://a", "", "wss://b"}) - if len(got) != 1 || len(got[0]) != 2 { - t.Fatalf("expected 1 tier of 2 URLs, got %+v", got) - } -} diff --git a/internal/engine/stream_source.go b/internal/engine/stream_source.go index 2dc1d3c..b418e61 100644 --- a/internal/engine/stream_source.go +++ b/internal/engine/stream_source.go @@ -12,7 +12,7 @@ import ( "time" ) -// streamSource abstracts the byte source served over the WebRTC DataChannel. +// streamSource abstracts the byte source consumed by the HLS transcoder. // Two implementations: // - diskFileSource — direct passthrough of the on-disk file. // - transcodeSource — ffmpeg writes a fragmented MP4 to a temp file in diff --git a/internal/engine/task.go b/internal/engine/task.go index ceba6c9..09621e8 100644 --- a/internal/engine/task.go +++ b/internal/engine/task.go @@ -4,6 +4,7 @@ import ( "fmt" "sync" "time" + "unicode/utf8" "github.com/torrentclaw/unarr/internal/agent" ) @@ -229,10 +230,25 @@ func (t *Task) ToStatusUpdate() agent.StatusUpdate { FileName: t.FileName, FilePath: t.FilePath, StreamURL: t.StreamURL, - ErrorMessage: t.ErrorMessage, + // Cap to the server's stored length. A failed extract can carry a + // multi-KB unrar/par2 dump; sending it raw made /agent/status 400 + // the whole report, leaving the task stuck non-terminal. + ErrorMessage: truncateMsg(t.ErrorMessage, 2000), } } +// truncateMsg caps s to at most max bytes without splitting a UTF-8 rune. +func truncateMsg(s string, max int) string { + if len(s) <= max { + return s + } + cut := max + for cut > 0 && !utf8.RuneStart(s[cut]) { + cut-- + } + return s[:cut] +} + // MagnetURI builds a magnet link from the info hash. func (t *Task) MagnetURI() string { return "magnet:?xt=urn:btih:" + t.InfoHash diff --git a/internal/engine/torrent.go b/internal/engine/torrent.go index 445f317..f4b1b6d 100644 --- a/internal/engine/torrent.go +++ b/internal/engine/torrent.go @@ -16,7 +16,6 @@ import ( alog "github.com/anacrolix/log" "github.com/anacrolix/torrent" "github.com/anacrolix/torrent/storage" - "github.com/pion/webrtc/v4" "github.com/torrentclaw/unarr/internal/config" "github.com/torrentclaw/unarr/internal/vpn" "golang.org/x/term" @@ -73,14 +72,6 @@ type TorrentConfig struct { SeedRatio float64 // target seed ratio (default 0, meaning seed until SeedTime) SeedTime time.Duration // min seed time after completion (default 0) - // WebRTC peer (WebTorrent protocol) for browser ↔ unarr P2P streaming. - // When enabled, anacrolix/torrent's built-in webtorrent package handles - // the WSS signaling + WebRTC data channels. Implies upload allowed for - // every torrent in the client (browsers can't pull pieces otherwise). - WebRTCEnabled bool - WebRTCTrackers []string // wss://… signaling trackers added to every magnet - ICEServers []webrtc.ICEServer // STUN + TURN servers for NAT traversal - // VPNTunnel, when set, split-tunnels the torrent client's peer + tracker // traffic through an in-process userspace WireGuard tunnel (managed-VPN // add-on). nil = downloads in the clear. Brought up by the daemon. @@ -111,26 +102,11 @@ func NewTorrentDownloader(cfg TorrentConfig) (*TorrentDownloader, error) { tcfg := torrent.NewDefaultClientConfig() tcfg.DataDir = cfg.DataDir tcfg.Seed = cfg.SeedEnabled - // WebRTC peers (browsers) can only pull pieces from us if upload is - // enabled. We honour SeedEnabled for the long-tail seed-after-complete - // behaviour but unconditionally allow upload while WebRTC is on so an - // active download can still serve to a watching browser. - tcfg.NoUpload = !cfg.SeedEnabled && !cfg.WebRTCEnabled - tcfg.Logger = alog.Default.FilterLevel(alog.Warning) // bumped from Critical for WebRTC peer + tracker announce visibility + tcfg.NoUpload = !cfg.SeedEnabled + tcfg.Logger = alog.Default.FilterLevel(alog.Warning) - // WebRTC / WebTorrent peer: anacrolix auto-routes ws://+wss:// trackers - // to the bundled webtorrent.TrackerClient. We only need to populate the - // ICE server list so the SDP offers we send carry usable candidates. - if cfg.WebRTCEnabled { - tcfg.DisableWebtorrent = false - if len(cfg.ICEServers) > 0 { - tcfg.ICEServerList = cfg.ICEServers - } - log.Printf("[torrent] WebRTC peer enabled (trackers=%d ice_servers=%d)", - len(cfg.WebRTCTrackers), len(cfg.ICEServers)) - } else { - tcfg.DisableWebtorrent = true - } + // No browser-facing WebTorrent peer; daemon never seeds via WSS. + tcfg.DisableWebtorrent = true // --- Performance optimizations --- @@ -657,30 +633,17 @@ func (d *TorrentDownloader) selectFiles(t *torrent.Torrent, taskID string) (tota return totalBytes, fileName } -// buildMagnet composes a magnet URI for the info hash. extraTrackers (e.g. -// wss://… for WebRTC peer signaling) are prepended so anacrolix's -// webtorrent.TrackerClient picks them up first; the static UDP list -// follows. Empty / whitespace entries in extraTrackers are skipped. -func buildMagnet(infoHash string, extraTrackers ...string) string { +// buildMagnet composes a magnet URI for the info hash with the static +// tracker list. +func buildMagnet(infoHash string) string { params := []string{"xt=urn:btih:" + infoHash} - for _, t := range extraTrackers { - t = strings.TrimSpace(t) - if t == "" { - continue - } - params = append(params, "tr="+url.QueryEscape(t)) - } for _, tracker := range defaultTrackers { params = append(params, "tr="+url.QueryEscape(tracker)) } return "magnet:?" + strings.Join(params, "&") } -// buildMagnet on the downloader injects its WebRTC trackers when enabled. func (d *TorrentDownloader) buildMagnet(infoHash string) string { - if d != nil && d.cfg.WebRTCEnabled { - return buildMagnet(infoHash, d.cfg.WebRTCTrackers...) - } return buildMagnet(infoHash) } diff --git a/internal/engine/transcode_quality.go b/internal/engine/transcode_quality.go new file mode 100644 index 0000000..4efda59 --- /dev/null +++ b/internal/engine/transcode_quality.go @@ -0,0 +1,64 @@ +package engine + +// TranscodeRuntime carries the resolved ffmpeg/ffprobe paths + tunables so +// each session can decide whether to passthrough or pipe through ffmpeg. +type TranscodeRuntime struct { + FFmpegPath string + FFprobePath string + HWAccel HWAccel + Preset string + VideoBitrate string + AudioBitrate string + MaxHeight int + // Disabled forces passthrough for every file even when codecs are not + // browser-friendly. Useful when the user explicitly turns transcoding + // off in config. + Disabled bool +} + +// qualityCap maps a session's Quality label to a (MaxHeight, VideoBitrate) +// pair. An empty label or "original" returns zero-values, signalling "no +// override" to the caller. +type qualityCap struct { + MaxHeight int + VideoBitrate string // ffmpeg -b:v string, e.g. "3500k" +} + +func resolveQualityCap(label string) qualityCap { + switch label { + case "2160p": + return qualityCap{MaxHeight: 2160, VideoBitrate: "25000k"} + case "1080p": + return qualityCap{MaxHeight: 1080, VideoBitrate: "6000k"} + case "720p": + return qualityCap{MaxHeight: 720, VideoBitrate: "3500k"} + case "480p": + return qualityCap{MaxHeight: 480, VideoBitrate: "1500k"} + default: + // "original", "auto", "" → defer to config. + return qualityCap{} + } +} + +// capForHeight returns the bitrate-cap pair appropriate for an effective +// output height. Used after clamping outputHeight to the source's resolution: +// asking ffmpeg for "2160p" bitrate (25 Mbps) on a 1080p source overshoots +// the H.264 level we derived from the EFFECTIVE height (4.0, max 20 Mbps) and +// makes libx264 refuse with "VBV bitrate > level limit". This helper picks +// the bitrate that matches the level libx264 will actually accept. +func capForHeight(height int) qualityCap { + switch { + case height <= 0: + return qualityCap{} + case height <= 480: + return qualityCap{MaxHeight: 480, VideoBitrate: "1500k"} + case height <= 720: + return qualityCap{MaxHeight: 720, VideoBitrate: "3500k"} + case height <= 1080: + return qualityCap{MaxHeight: 1080, VideoBitrate: "6000k"} + case height <= 1440: + return qualityCap{MaxHeight: 1440, VideoBitrate: "12000k"} + default: + return qualityCap{MaxHeight: 2160, VideoBitrate: "25000k"} + } +} diff --git a/internal/engine/transcoder.go b/internal/engine/transcoder.go index 9ea37cc..030c28c 100644 --- a/internal/engine/transcoder.go +++ b/internal/engine/transcoder.go @@ -11,10 +11,9 @@ import ( "time" ) -// TranscodeOpts steers how Transcoder builds its ffmpeg command line. Defaults -// match the project's plan/clever-weaving-dove.md (Fase 2.5): +// TranscodeOpts steers how Transcoder builds its ffmpeg command line. // -// - Output: fragmented MP4 readable by browser