FoundKeyGang/FoundKey
FoundKeyGang/FoundKey
7
19
Fork 22
Code Issues 37 Pull requests 4 Releases Activity

Videos don't load properly #202

New issue
Open
opened 2022-10-14 00:44:20 +00:00 by norm · 10 comments
norm commented 2022-10-14 00:44:20 +00:00
Owner
Copy link

Splitting this from #201 since this issue is affecting MP4 and webm videos on non-Safari browsers.

Videos can sometimes appear blank with a 0 second duration like the following:

image

They will still play once clicked, but this is pretty annoying.

I'm suspecting this has to do with needing to set CORS headers for those to load properly.

Splitting this from #201 since this issue is affecting MP4 and webm videos on non-Safari browsers. Videos can sometimes appear blank with a 0 second duration like the following: ![image](/attachments/7c9d5111-6fc3-4963-9378-62a9259eee2d) They will still play once clicked, but this is pretty annoying. I'm suspecting this has to do with needing to set CORS headers for those to load properly.
image.png
203 KiB
mia commented 2022-11-01 18:54:32 +00:00
Contributor
Copy link

The problem here is that FoundKey serves media files directly from the app, which precludes seeking. With improperly muxed files, this can prevent playback entirely.

One solution to this is letting a reverse proxy like nginx handle this. However:

  • anything under /files is created readable only to the FoundKey user, which is awkward when the nginx process runs as a different user
  • without using X-Accel-Redirect this would also prevent setting the correct MIME type or implementing any sort of access control
The problem here is that FoundKey serves media files directly from the app, which precludes seeking. With improperly muxed files, this can prevent playback entirely. One solution to this is letting a reverse proxy like nginx handle this. However: * anything under `/files` is created readable only to the FoundKey user, which is awkward when the nginx process runs as a different user * without using `X-Accel-Redirect` this would also prevent setting the correct MIME type or implementing any sort of access control
norm commented 2022-11-01 20:08:25 +00:00
Author
Owner
Copy link

FWIW, this doesn't happen in Akkoma. Both are using the default reverse proxy settings that Caddy uses in my case.

FWIW, this doesn't happen in Akkoma. Both are using the default reverse proxy settings that Caddy uses in my case.
mia commented 2022-11-01 20:10:14 +00:00
Contributor
Copy link

I guess Akkoma is handling HTTP range requests then?

I guess Akkoma is handling HTTP range requests then?
norm commented 2022-11-01 20:55:05 +00:00
Author
Owner
Copy link

I'd have to take a closer look when I have time.

I'd have to take a closer look when I have time.
Johann150 commented 2022-11-02 20:44:35 +00:00
Owner
Copy link

anything under /files is created readable only to the FoundKey user

I don't think that is deliberate on our side. We just copy whatever file @koa/multer gives us. I did not see any configuration options for multer (which @koa/multer uses) to set file permissions. It just seems to use node's built in fs.createWriteStream which says the default file mode is 0o666.

Maybe there is something else going on, like umask?

implementing any sort of access control

The access control consists only of knowing the UUID. Foundkey does not implement incoming signed fetch. Even if it did, more access controls would break media for users that are on instances which cannot/do not want to enable caching.

> anything under `/files` is created readable only to the FoundKey user I don't think that is deliberate on our side. We [just copy](https://akkoma.dev/FoundKeyGang/FoundKey/src/commit/0db0db9a87606d726f831507ad1a10031a88a204/packages/backend/src/services/drive/internal-storage.ts#L21) whatever file `@koa/multer` [gives us](https://akkoma.dev/FoundKeyGang/FoundKey/src/commit/0db0db9a87606d726f831507ad1a10031a88a204/packages/backend/src/server/api/index.ts#L57). I did not see any configuration options for `multer` (which `@koa/multer` uses) to set file permissions. It just seems to [use node's](https://github.com/expressjs/multer/blob/6377ed0c21fd7fda51a7d292af7e27b265e8c8fa/storage/disk.js#L38) built in [`fs.createWriteStream`](https://nodejs.org/api/fs.html#fscreatewritestreampath-options) which says the default file mode is `0o666`. Maybe there is something else going on, like umask? > implementing any sort of access control The access control consists only of knowing the UUID. Foundkey does not implement incoming signed fetch. Even if it did, more access controls would break media for users that are on instances which cannot/do not want to enable caching.
mia commented 2022-11-02 21:13:58 +00:00
Contributor
Copy link

Can’t be umask at least. I’ve checked /proc/<pid>/status on all FoundKey processes and they all show Umask: 0022. Can’t be directory ACLs either.

Can’t be umask at least. I’ve checked `/proc/<pid>/status` on all FoundKey processes and they all show `Umask: 0022`. Can’t be directory ACLs either.
norm commented 2022-11-20 05:05:54 +00:00
Author
Owner
Copy link

I don't even think it has to do with anything with filesystem permissions since this tends to happen with remote media (and I have caching turned off).

I don't even think it has to do with anything with filesystem permissions since this tends to happen with remote media (and I have caching turned off).
mia commented 2022-11-20 05:21:04 +00:00
Contributor
Copy link

Yeah I meant fs permissions are only an issue if you want to serve files from a process running as a different user, like nginx (assuming FoundKey gets its own user). Having nginx serve those files fixes video playback. But I guess that still leaves uncached files.

I’m 99% sure the issue is FoundKey not supporting HTTP range requests on media files. FFmpeg also complains about this on ISOBMFF files that were not muxed with the moov atom at the start (“-movflags +faststart” option with FFmpeg’s muxer, or using qt-faststart), and mpv refuses to play them. With browsers it’s a hit and miss; sometimes it works when the whole file is already cached.

Yeah I meant fs permissions are only an issue if you want to serve files from a process running as a different user, like nginx (assuming FoundKey gets its own user). Having nginx serve those files fixes video playback. But I guess that still leaves uncached files. I’m 99% sure the issue is FoundKey not supporting HTTP range requests on media files. FFmpeg also complains about this on ISOBMFF files that were not muxed with the moov atom at the start (“-movflags +faststart” option with FFmpeg’s muxer, or using qt-faststart), and mpv refuses to play them. With browsers it’s a hit and miss; sometimes it works when the whole file is already cached.
toast commented 2022-12-03 10:20:46 +00:00
Owner
Copy link

Yeah the issue is that Koa does not support range requests by default.
There's https://github.com/koajs/koa-range but it's unmaintained.

Yeah the issue is that Koa does not support range requests by default. There's https://github.com/koajs/koa-range but it's unmaintained.
😕 1
Johann150 commented 2023-01-02 11:50:33 +00:00
Owner
Copy link

Since I don't understand what the hell was/is going on that makes multer set different permissions sometimes, we now explicitly set the file permissions to -rw-r--r-- after copying the file from /tmp for internal storage.

Since I don't understand what the hell was/is going on that makes multer set different permissions sometimes, we now explicitly set the file permissions to `-rw-r--r--` after copying the file from `/tmp` for internal storage.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
refactor-deliver-actor
markdown
move-autoblock
feature/requests
context
indicator-circle-v2
v13.0.0-preview6
v13.0.0-preview5.1
v13.0.0-preview5
v13.0.0-preview4
v13.0.0-preview3
v13.0.0-preview2
v13.0.0-preview1
Labels
Clear labels   
feature

task that proposes new feature(s)

  
fix

task to fix behavioral problems in the FoundKey codebase

  
upkeep

task that should make FoundKey smaller and more maintainable

No labels
feature
fix
upkeep
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
4 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: FoundKeyGang/FoundKey#202
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?