lucille-node 0.0.1

package/lucille.js

@@ -0,0 +1,498 @@
+import express from 'express';
+import cors from 'cors';
+import fileUpload from 'express-fileupload';
+import crypto from 'crypto';
+import path from 'path';
+import os from 'os';
+import fs from 'fs';
+import { fileURLToPath } from 'url';
+import sessionless from 'sessionless-node';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const PLAYER_HTML = fs.readFileSync(path.join(__dirname, 'templates', 'player.html'), 'utf8');
+
+import db from './src/persistence/db.js';
+import { uploadVideoBuffer, cdnUrl } from './src/spaces.js';
+import { startTracker } from './src/tracker.js';
+import { seedVideo, seedAll, getMagnet, getStatus, destroySeeder, updateTrackerList } from './src/seeder.js';
+import { loadConfig, getConfig, updateConfig, getTiers, getTierById, getFederationPeers } from './src/config.js';
+
+const PORT = parseInt(process.env.PORT) || 5444;
+const allowedTimeDifference = parseInt(process.env.ALLOWED_TIME_DIFFERENCE) || 600000;
+const MODE = process.env.LUCILLE_MODE || 'all'; // 'all' | 'tracker' | 'api'
+
+// ── Startup ───────────────────────────────────────────────────────────────────
+
+// Load config (tiers, federation peers, etc.)
+await loadConfig();
+
+// Load or create service keys
+let keys = await db.getKeys();
+if (!keys) {
+  keys = await sessionless.generateKeys(db.saveKeys, db.getKeys);
+}
+sessionless.getKeys = () => keys;
+
+// Start tracker and/or seeder
+if (MODE !== 'api') {
+  await startTracker();
+  console.log('[lucille] Tracker started');
+}
+
+if (MODE !== 'tracker') {
+  // Fetch federation peer trackers before seeding so all torrents announce everywhere
+  await initFederationTrackers();
+  seedAll().catch(err => console.error('[lucille] seedAll error:', err.message));
+}
+
+// ── Federation tracker bootstrap ──────────────────────────────────────────────
+
+async function fetchTrackerUrl(peerBaseUrl) {
+  try {
+    const res = await fetch(`${peerBaseUrl}/federation/trackers`, { signal: AbortSignal.timeout(5000) });
+    if (!res.ok) return null;
+    const data = await res.json();
+    return data.trackerUrl || null;
+  } catch {
+    return null;
+  }
+}
+
+async function initFederationTrackers() {
+  const peers = getFederationPeers();
+  if (peers.length === 0) return;
+
+  console.log(`[lucille] Fetching tracker URLs from ${peers.length} federation peer(s)…`);
+  const urls = (await Promise.all(peers.map(fetchTrackerUrl))).filter(Boolean);
+  if (urls.length > 0) updateTrackerList(urls);
+}
+
+// ── Express app ───────────────────────────────────────────────────────────────
+
+const app = express();
+
+app.use(cors());
+app.use(fileUpload({ createParentPath: true }));
+app.use(express.json({ limit: '10mb' }));
+app.use(express.urlencoded({ extended: true }));
+
+app.use((req, res, next) => {
+  console.log(req.method, req.url);
+  next();
+});
+
+// Timestamp guard — skip for file uploads (transit time varies)
+app.use((req, res, next) => {
+  if (req.path.includes('/file')) return next();
+  const requestTime = +req.query.timestamp || +req.body?.timestamp;
+  if (!requestTime) return next();
+  if (Math.abs(Date.now() - requestTime) > allowedTimeDifference) {
+    return res.status(400).json({ error: 'no time like the present' });
+  }
+  next();
+});
+
+// ── Auth helper ───────────────────────────────────────────────────────────────
+
+const verifyUser = async (uuid, timestamp, signature) => {
+  if (!uuid || !timestamp || !signature) throw new Error('invalid signature');
+  const user = await db.getUserByUUID(uuid);
+  const message = timestamp + user.pubKey;
+  let isValid = false;
+  try {
+    isValid = await sessionless.verifySignature(signature, message, user.pubKey);
+  } catch { /* invalid sig format */ }
+  if (!isValid) throw new Error('invalid signature');
+  return user;
+};
+
+// ── Quota helpers ─────────────────────────────────────────────────────────────
+
+function checkQuota(user, fileSize) {
+  const tier = getTierById(user.tier || 'free');
+  const errors = [];
+
+  if (tier.storageLimit > 0 && (user.storageUsed || 0) + fileSize > tier.storageLimit) {
+    const usedMB = ((user.storageUsed || 0) / 1e6).toFixed(1);
+    const limitMB = (tier.storageLimit / 1e6).toFixed(0);
+    errors.push(`Storage limit reached (${usedMB} MB used of ${limitMB} MB on ${tier.name} tier)`);
+  }
+
+  if (tier.videoLimit > 0) {
+    const videoCount = Object.keys(user.videos || {}).length;
+    if (videoCount >= tier.videoLimit) {
+      errors.push(`Video limit reached (${videoCount}/${tier.videoLimit} on ${tier.name} tier)`);
+    }
+  }
+
+  return errors;
+}
+
+// ── Routes ────────────────────────────────────────────────────────────────────
+
+// Health
+app.get('/health', (req, res) => {
+  res.json({ status: 'ok', service: 'lucille', port: PORT, mode: MODE });
+});
+
+// Seeder / tracker status
+app.get('/status', (req, res) => res.json(getStatus()));
+
+// ── Config (called by wiki plugin on startup) ─────────────────────────────────
+
+app.get('/config', (req, res) => {
+  const cfg = getConfig();
+  // Never expose DO Spaces credentials over the wire
+  res.json({
+    tiers: cfg.tiers,
+    federationPeers: cfg.federationPeers,
+    sanoraUrl: cfg.sanoraUrl,
+    mode: MODE
+  });
+});
+
+app.post('/config', express.json(), async (req, res) => {
+  try {
+    const { tiers, federationPeers, sanoraUrl, addieUrl } = req.body;
+    const patch = {};
+    if (tiers)           patch.tiers = tiers;
+    if (federationPeers) patch.federationPeers = federationPeers;
+    if (sanoraUrl)       patch.sanoraUrl = sanoraUrl;
+    if (addieUrl)        patch.addieUrl = addieUrl;
+
+    const updated = await updateConfig(patch);
+
+    // If federation peers changed, re-fetch tracker list
+    if (federationPeers) await initFederationTrackers();
+
+    res.json({
+      success: true,
+      tiers: updated.tiers,
+      federationPeers: updated.federationPeers,
+      sanoraUrl: updated.sanoraUrl
+    });
+  } catch (err) {
+    console.error('[lucille] Config update error:', err);
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// ── Tiers ─────────────────────────────────────────────────────────────────────
+
+app.get('/tiers', (req, res) => res.json(getTiers()));
+
+// ── Federation ────────────────────────────────────────────────────────────────
+
+// Public: peers call this to discover our tracker URL
+app.get('/federation/trackers', (req, res) => {
+  const ownTracker = process.env.TRACKER_URL ||
+    `ws://${req.hostname}:${process.env.TRACKER_PORT || 8000}`;
+  res.json({ trackerUrl: ownTracker, lucilleUrl: `${req.protocol}://${req.get('host')}` });
+});
+
+// ── User management ───────────────────────────────────────────────────────────
+
+// PUT /user/create
+app.put('/user/create', async (req, res) => {
+  try {
+    const { timestamp, pubKey, signature } = req.body;
+    if (!timestamp || !pubKey || !signature) {
+      return res.status(400).json({ error: 'timestamp, pubKey, and signature required' });
+    }
+
+    const message = timestamp + pubKey;
+    let isValid = false;
+    try {
+      isValid = await sessionless.verifySignature(signature, message, pubKey);
+    } catch { /* invalid sig format */ }
+    if (!isValid) return res.status(401).json({ error: 'invalid signature' });
+
+    let user;
+    try {
+      user = await db.getUserByPublicKey(pubKey);
+    } catch {
+      user = await db.putUser({ pubKey, videos: {}, tier: 'free', storageUsed: 0 });
+    }
+
+    res.json({ uuid: user.uuid, pubKey: user.pubKey, tier: user.tier || 'free' });
+  } catch (err) {
+    console.error('[lucille] create user error:', err);
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// GET /user/:uuid
+app.get('/user/:uuid', async (req, res) => {
+  try {
+    const { uuid } = req.params;
+    const { timestamp, signature } = req.query;
+    const user = await verifyUser(uuid, timestamp, signature);
+    const tier = getTierById(user.tier || 'free');
+    res.json({
+      uuid: user.uuid,
+      pubKey: user.pubKey,
+      tier: user.tier || 'free',
+      storageUsed: user.storageUsed || 0,
+      tierDetails: tier
+    });
+  } catch (err) {
+    res.status(err.message === 'invalid signature' ? 401 : 404).json({ error: err.message });
+  }
+});
+
+// ── Tier upgrade ──────────────────────────────────────────────────────────────
+
+// PUT /user/:uuid/tier
+// Body: { timestamp, signature, tierId }
+// Payment validation happens via Addie — client must have already completed payment
+// and passes the Addie payment confirmation back here.
+app.put('/user/:uuid/tier', async (req, res) => {
+  try {
+    const { uuid } = req.params;
+    const { timestamp, signature, tierId } = req.body;
+
+    const user = await verifyUser(uuid, timestamp, signature);
+    const targetTier = getTierById(tierId);
+
+    if (!targetTier) {
+      return res.status(400).json({ error: `Unknown tier: ${tierId}` });
+    }
+
+    user.tier = targetTier.id;
+    await db.saveUser(user);
+
+    res.json({ uuid: user.uuid, tier: user.tier, tierDetails: targetTier });
+  } catch (err) {
+    res.status(err.message === 'invalid signature' ? 401 : 500).json({ error: err.message });
+  }
+});
+
+// ── Video metadata ────────────────────────────────────────────────────────────
+
+// PUT /user/:uuid/video/:title
+app.put('/user/:uuid/video/:title', async (req, res) => {
+  try {
+    const { uuid, title } = req.params;
+    const { timestamp, signature, description = '', tags = [], price = 0 } = req.body;
+
+    const user = await verifyUser(uuid, timestamp, signature);
+
+    // Check video count quota before registering
+    const tier = getTierById(user.tier || 'free');
+    if (tier.videoLimit > 0) {
+      const videoCount = Object.keys(user.videos || {}).length;
+      if (videoCount >= tier.videoLimit) {
+        return res.status(402).json({
+          error: `Video limit reached (${videoCount}/${tier.videoLimit} on ${tier.name} tier)`,
+          upgradeRequired: true
+        });
+      }
+    }
+
+    let video;
+    try {
+      video = await db.getVideo(uuid, title);
+    } catch {
+      video = { title, description, tags, price };
+    }
+
+    video.description = description || video.description;
+    video.tags        = tags        || video.tags;
+    video.price       = price       ?? video.price;
+
+    const saved = await db.putVideo(user, video);
+    res.json(saved);
+  } catch (err) {
+    console.error('[lucille] put video error:', err);
+    res.status(err.message === 'invalid signature' ? 401 : 500).json({ error: err.message });
+  }
+});
+
+// GET /user/:uuid/videos
+app.get('/user/:uuid/videos', async (req, res) => {
+  try {
+    const { uuid } = req.params;
+    const { timestamp, signature } = req.query;
+    await verifyUser(uuid, timestamp, signature);
+    const videos = await db.getVideos(uuid);
+    res.json(videos);
+  } catch (err) {
+    res.status(err.message === 'invalid signature' ? 401 : 500).json({ error: err.message });
+  }
+});
+
+// GET /videos/:uuid — public listing (no auth)
+app.get('/videos/:uuid', async (req, res) => {
+  try {
+    const { uuid } = req.params;
+    const videos = await db.getVideos(uuid);
+    const pub = {};
+    for (const [title, video] of Object.entries(videos)) {
+      pub[title] = {
+        videoId: video.videoId,
+        title: video.title,
+        description: video.description,
+        tags: video.tags,
+        price: video.price || 0,
+        spacesKey: video.spacesKey,
+        magnetURI: video.magnetURI,
+        contentHash: video.contentHash,
+        createdAt: video.createdAt
+      };
+    }
+    res.json(pub);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// ── Video file upload ─────────────────────────────────────────────────────────
+
+// PUT /user/:uuid/video/:title/file
+// Multipart: field `video`
+// Headers: x-pn-timestamp, x-pn-signature
+app.put('/user/:uuid/video/:title/file', async (req, res) => {
+  try {
+    const { uuid, title } = req.params;
+    const timestamp = req.headers['x-pn-timestamp'];
+    const signature = req.headers['x-pn-signature'];
+
+    const user = await verifyUser(uuid, timestamp, signature);
+
+    if (!req.files || !req.files.video) {
+      return res.status(400).json({ error: 'video file required (field: video)' });
+    }
+
+    const file = req.files.video;
+
+    // Quota check — enforce storage and video count limits
+    const quotaErrors = checkQuota(user, file.size);
+    if (quotaErrors.length > 0) {
+      return res.status(402).json({ error: quotaErrors[0], upgradeRequired: true });
+    }
+
+    const ext       = path.extname(file.name) || '.mp4';
+    const spacesKey = `videos/${uuid}/${title}${ext}`;
+
+    // Write to temp file, hash, upload to Spaces
+    const tmpPath = path.join(os.tmpdir(), `lucille_${uuid}_${Date.now()}${ext}`);
+    await file.mv(tmpPath);
+
+    const fileBytes   = fs.readFileSync(tmpPath);
+    const contentHash = crypto.createHash('sha256').update(fileBytes).digest('hex');
+    await uploadVideoBuffer(fileBytes, spacesKey, file.mimetype || 'video/mp4');
+    fs.unlinkSync(tmpPath);
+
+    // Update video record
+    let video;
+    try {
+      video = await db.getVideo(uuid, title);
+    } catch {
+      video = { title, description: '', tags: [] };
+    }
+
+    video.spacesKey  = spacesKey;
+    video.cdnUrl     = cdnUrl(spacesKey);
+    video.contentHash = contentHash;
+
+    const saved = await db.putVideo(user, video);
+
+    // Update storageUsed on the user record
+    user.storageUsed = (user.storageUsed || 0) + file.size;
+    await db.saveUser(user);
+
+    // Async: seed the new video
+    seedVideo(spacesKey).then(torrent => {
+      saved.magnetURI = torrent.magnetURI;
+      saved.infoHash  = torrent.infoHash;
+      db.saveVideo(saved).catch(err => console.error('[lucille] saveVideo after seed:', err.message));
+      console.log(`[lucille] ${title} seeding — magnet: ${torrent.magnetURI.slice(0, 60)}…`);
+    }).catch(err => console.error('[lucille] seedVideo error:', err.message));
+
+    res.json(saved);
+  } catch (err) {
+    console.error('[lucille] file upload error:', err);
+    res.status(err.message === 'invalid signature' ? 401 : 500).json({ error: err.message });
+  }
+});
+
+// ── Watch / player ────────────────────────────────────────────────────────────
+
+// GET /watch/:videoId — browser player page (embeddable via iframe)
+app.get('/watch/:videoId', (req, res) => {
+  res.setHeader('Content-Type', 'text/html');
+  res.send(PLAYER_HTML);
+});
+
+// GET /video/:videoId/watch — magnet + tracker for streaming
+app.get('/video/:videoId/watch', async (req, res) => {
+  try {
+    const { videoId } = req.params;
+    const video = await db.getVideoByVideoId(videoId);
+
+    if (!video.spacesKey) {
+      return res.status(404).json({ error: 'video file not yet uploaded' });
+    }
+
+    let magnetInfo;
+    if (video.magnetURI) {
+      magnetInfo = { magnetURI: video.magnetURI, infoHash: video.infoHash, name: video.title };
+    } else {
+      magnetInfo = await getMagnet(video.spacesKey);
+      video.magnetURI = magnetInfo.magnetURI;
+      video.infoHash  = magnetInfo.infoHash;
+      await db.saveVideo(video);
+    }
+
+    const cfg = getConfig();
+    res.json({
+      videoId: video.videoId,
+      title: video.title,
+      description: video.description,
+      price: video.price || 0,
+      ...magnetInfo,
+      trackerUrl: process.env.TRACKER_URL || `ws://localhost:${process.env.TRACKER_PORT || 8000}`
+    });
+  } catch (err) {
+    res.status(err.message === 'not found' ? 404 : 500).json({ error: err.message });
+  }
+});
+
+// GET /magnet?key=videos/...  — internal / seeder API
+app.get('/magnet', async (req, res) => {
+  try {
+    const { key } = req.query;
+    if (!key) return res.status(400).json({ error: 'key required' });
+    const magnetInfo = await getMagnet(key);
+    res.json(magnetInfo);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// POST /seed — notify lucille of a new video key uploaded externally
+app.post('/seed', async (req, res) => {
+  try {
+    const { key } = req.body;
+    if (!key) return res.status(400).json({ error: 'key required' });
+    const torrent = await seedVideo(key);
+    res.json({ magnetURI: torrent.magnetURI });
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// ── Start ─────────────────────────────────────────────────────────────────────
+
+if (MODE !== 'tracker') {
+  app.listen(PORT, () => {
+    console.log(`[lucille] API listening on port ${PORT}`);
+    console.log(`[lucille] Mode: ${MODE}`);
+  });
+}
+
+process.on('SIGTERM', async () => {
+  console.log('[lucille] Shutting down…');
+  await destroySeeder();
+  process.exit(0);
+});

package/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "lucille-node",
+  "version": "0.0.1",
+  "description": "P2P video hosting and streaming service for the Planet Nine ecosystem",
+  "keywords": [
+    "video",
+    "streaming",
+    "webtorrent",
+    "planet-nine"
+  ],
+  "license": "GPL-3.0-or-later",
+  "author": "planetnineisaspaceship",
+  "type": "module",
+  "main": "lucille.js",
+  "scripts": {
+    "start": "node lucille.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "dependencies": {
+    "@aws-sdk/client-s3": "^3.705.0",
+    "@aws-sdk/s3-request-presigner": "^3.705.0",
+    "bittorrent-tracker": "latest",
+    "cors": "^2.8.5",
+    "express": "^4.21.2",
+    "express-fileupload": "^1.5.1",
+    "sessionless-node": "latest",
+    "webtorrent": "^2.5.1"
+  }
+}

package/src/config.js

@@ -0,0 +1,104 @@
+/**
+ * Lucille configuration — tiers, federation peers, service URLs.
+ * Loaded on startup, updated via POST /config from the wiki plugin.
+ * Stored in data/lucille/config.json (alongside the key-value db).
+ */
+
+import { readFile, writeFile, mkdir } from 'fs/promises';
+import { existsSync } from 'fs';
+import { join, dirname } from 'path';
+import { fileURLToPath } from 'url';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const DATA_DIR   = join(__dirname, '../../data/lucille');
+const CONFIG_FILE = join(DATA_DIR, 'config.json');
+
+// ── Default tiers (wiki owner can replace all of these) ───────────────────────
+
+export const DEFAULT_TIERS = [
+  {
+    id: 'free',
+    name: 'Free',
+    price: 0,                    // MP cost to unlock (0 = no payment required)
+    storageLimit: 524288000,     // 500 MB in bytes  (0 = unlimited)
+    videoLimit: 5,               // max videos       (0 = unlimited)
+    durationLimit: 600           // max seconds/video (0 = unlimited)
+  },
+  {
+    id: 'creator',
+    name: 'Creator',
+    price: 500,                  // 500 MP
+    storageLimit: 10737418240,   // 10 GB
+    videoLimit: 50,
+    durationLimit: 3600          // 1 hour
+  },
+  {
+    id: 'pro',
+    name: 'Pro',
+    price: 2000,                 // 2000 MP
+    storageLimit: 0,             // unlimited
+    videoLimit: 0,               // unlimited
+    durationLimit: 0             // unlimited
+  }
+];
+
+// ── In-memory config (loaded once on startup) ─────────────────────────────────
+
+let _config = null;
+
+// ── Helpers ───────────────────────────────────────────────────────────────────
+
+async function ensureDataDir() {
+  if (!existsSync(DATA_DIR)) {
+    await mkdir(DATA_DIR, { recursive: true });
+  }
+}
+
+// ── Public API ────────────────────────────────────────────────────────────────
+
+export async function loadConfig() {
+  try {
+    const raw = await readFile(CONFIG_FILE, 'utf-8');
+    _config = JSON.parse(raw);
+    console.log('[lucille] Config loaded');
+  } catch {
+    // First run — write defaults
+    _config = {
+      tiers: DEFAULT_TIERS,
+      federationPeers: [],   // list of peer lucille base URLs
+      sanoraUrl: process.env.SANORA_URL || '',
+      addieUrl:  process.env.ADDIE_URL  || ''
+    };
+    await saveConfig();
+    console.log('[lucille] Default config written');
+  }
+  return _config;
+}
+
+async function saveConfig() {
+  await ensureDataDir();
+  await writeFile(CONFIG_FILE, JSON.stringify(_config, null, 2), 'utf-8');
+}
+
+export function getConfig() {
+  return _config || { tiers: DEFAULT_TIERS, federationPeers: [] };
+}
+
+export async function updateConfig(partial) {
+  if (!_config) await loadConfig();
+  _config = { ..._config, ...partial };
+  await saveConfig();
+  return _config;
+}
+
+export function getTiers() {
+  return getConfig().tiers || DEFAULT_TIERS;
+}
+
+export function getTierById(id) {
+  return getTiers().find(t => t.id === id) || getTiers()[0];
+}
+
+export function getFederationPeers() {
+  return getConfig().federationPeers || [];
+}