fix: security hardening and code review improvements
Build and Push Docker Image / build (push) Successful in 12s
Build and Push Docker Image / build (push) Successful in 12s
- hls proxy now signs full URL instead of hostname only (SSRF) - viewer token required to start session (prevents stats forgery and password bypass) - weak SECRET_KEY placeholder replaced with REPLACE_ME, startup warning added - api key auth drops query-string fallback, Bearer header only - hls variant playlist DRM detection fetches first variant - dash manifest DRM detection added - android webview detection restricted to Telegram only - privacy comment removed from ip hash (ip is stored in plaintext) - csv export adds range filter (today/7d/30d/all), defaults to 30d - analytics export button integrated as dropdown with range selection - docker-compose placeholder defaults updated - readme and readme.zh-cn updated for v1.2.0 changes
This commit is contained in:
+4
-3
@@ -10,8 +10,9 @@ services:
|
||||
ports:
|
||||
- "8085:8080"
|
||||
environment:
|
||||
SECRET_KEY: "change-this-secret"
|
||||
DATABASE_URL: "postgresql://streamhall:streamhall_pg_password@postgres:5432/streamhall"
|
||||
# Generate with: openssl rand -hex 32
|
||||
SECRET_KEY: "REPLACE_ME"
|
||||
DATABASE_URL: "postgresql://streamhall:REPLACE_DB_PASSWORD@postgres:5432/streamhall"
|
||||
TZ: "UTC"
|
||||
RTMP_HOST: "srs"
|
||||
# Comma-separated list of video directories (optional label:path format)
|
||||
@@ -29,7 +30,7 @@ services:
|
||||
environment:
|
||||
POSTGRES_DB: "streamhall"
|
||||
POSTGRES_USER: "streamhall"
|
||||
POSTGRES_PASSWORD: "streamhall_pg_password"
|
||||
POSTGRES_PASSWORD: "REPLACE_DB_PASSWORD"
|
||||
TZ: "UTC"
|
||||
volumes:
|
||||
- ./postgres-data:/var/lib/postgresql/data
|
||||
|
||||
Reference in New Issue
Block a user