ES_Sami7777/easystream-main
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
877b9347b670f620c08c3315bf991a6950fbbcb6
easystream-main/docs/TODO.md
SamiAhmed7777 0b7e2d0a5b feat: Add comprehensive documentation suite and reorganize project structure 
- Created complete documentation in docs/ directory
- Added PROJECT_OVERVIEW.md with feature highlights and getting started guide
- Added ARCHITECTURE.md with system design and technical details
- Added SECURITY.md with comprehensive security implementation guide
- Added DEVELOPMENT.md with development workflows and best practices
- Added DEPLOYMENT.md with production deployment instructions
- Added API.md with complete REST API documentation
- Added CONTRIBUTING.md with contribution guidelines
- Added CHANGELOG.md with version history and migration notes
- Reorganized all documentation files into docs/ directory for better organization
- Updated README.md with proper documentation links and quick navigation
- Enhanced project structure with professional documentation standards
2025-10-21 00:39:45 -07:00

137 lines
6.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# EasyStream TODOs and Roadmap
This document lists concrete gaps, inconsistencies, and improvements identified across the repository. Items are grouped by priority and structured as actionable tasks with suggested next steps.
## Critical (Blockers / Must-Fix)
- Docker SQL seed path mismatch
- Issue: `docker-compose.yml` mounts `__install/easystream.sql.gz`, but repo contains `__install/viewshark.sql.gz`.
- Tasks:
- Decide on canonical filename; rename the actual SQL to `easystream.sql.gz` or fix `docker-compose.yml` to match.
- Update `__install/INSTALL.txt` references to the chosen name.
- Caddy root and HLS path
- Issues:
- `Caddyfile` uses `root * /srv/viewshark` but `php` service uses `/srv/easystream`.
- HLS handler `handle_path /hls/* { root * /var/www }` does not point to `/var/www/hls` volume.
- Tasks:
- Change `root * /srv/easystream`.
- In HLS block, set `root * /var/www/hls` (or rewrite to prefix) so `/hls/...` maps to files under `/var/www/hls`.
- Cron image and scripts mismatch + broken init script
- Issues:
- `Dockerfile.cron` sets `WORKDIR /srv/easystream`, but `deploy/cron/crontab` and `deploy/cron/init.sh` hardcode `/srv/viewshark` paths.
- `deploy/cron/init.sh` has corrupted heredocs and empty output destinations (`cat > ""`).
- Tasks:
- Replace all `/srv/viewshark` paths with `/srv/easystream`.
- Repair `init.sh` to write `cfg.php` files to the intended locations and use proper variable names.
- Ensure `crontab` uses the correct file (`/etc/cron.d/easystream`) and executable script names.
- Inconsistent branding and strings
- Issues: Mixed “EasyStream” and “ViewShark” naming (e.g., `viewshark.sql.gz`, Telegram messages say “ViewShark”, Caddy paths).
- Tasks:
- Choose a canonical product name (likely “EasyStream”) and update:
- SQL filename(s), Caddy root, cron paths, userfacing strings (Telegram, admin), comments.
- API DB helpers missing
- Issues: `api/telegram.php` and `api/auto_post.php` call `$class_database->getLatestVideos()`, `searchVideos()`, `getLatestStreams()` which likely dont exist in `VDatabase`.
- Tasks:
- Implement these methods in `f_core/f_classes/class.database.php` using prepared statements and table whitelist.
- Add limits/timewindow arguments per caller, with safe defaults.
## High Priority
- Caddy PHP routing duplication
- Issue: Two `php_fastcgi php:9000` blocks; the first has no `try_files`, the second has `try_files` to `parser.php`.
- Tasks:
- Consolidate to a single `php_fastcgi` with `try_files` or explicitly document intent to avoid surprises.
- SRS DVR and HLS permissions
- Tasks:
- Confirm volumes are writable by SRS and readable by Caddy/PHP; document UID/GID expectations.
- Optionally add health/readiness checks for HLS availability.
- Logging: DB sink and admin viewer integration
- Issue: `config.logging.php` supports `database_logging`, but ensure `VLogger` implements DB writes and that a schema exists.
- Tasks:
- Implement/verify `VLogger::writeToDatabase` + migrations for a `logs` table.
- Extend `log_viewer.php` to page/filter by date, keyword, request id.
- Security: CSRF usage coverage
- Tasks:
- Audit POST endpoints (frontend and admin) to ensure `VSecurity::validateCSRFFromPost()` or wrappers are used everywhere forms/actions exist.
- Add CSRF tokens to missing forms/templates.
- Security: ratelimit persistence (beyond session)
- Issue: Sessionbased rate limits reset per session.
- Tasks:
- Add optional Redisbacked or DBbacked rate limit store; fall back to session if unavailable.
## Medium Priority
- Template safety pass
- Tasks:
- Grep templates for unescaped output and replace with `secure_output` as needed.
- Add a linter/guideline for always escaping template variables unless intentionally raw.
- Admin tooling consistency
- Tasks:
- Verify existence of `ip_management.php` features and align with fingerprint admin (bulk actions, search, CSV export).
- Add confirm dialogs/CSRF to destructive actions in admin UIs.
- PWA caching strategy
- Issue: `sw.js` caches only `/index.js` and bypasses uploads/HLS.
- Tasks:
- Add versioned cache keys, offline fallback page, and stalewhilerevalidate for static assets.
- Document that HLS and uploads are intentionally not cached.
- Observability
- Tasks:
- Add request correlation headers (e.g., `XRequestID`) to responses to match `VLogger` request ids.
- Optional: expose a minimal `/healthz` and `/readyz` endpoint.
## Low Priority / Cleanup
- Config hygiene
- Tasks:
- Replace placeholder emails and secrets in `config.logging.php`, `docker-compose.yml` (`CRON_SSK`), etc.
- Parameterize domain in `Caddyfile` via environment or compose labels.
- Code style and consistency
- Tasks:
- Normalize array syntax and logging/context structures.
- Ensure autoload exclusions match actual vendor layout; consider Composer for thirdparty libraries.
## Future Enhancements
- Live Streaming ABR pipeline
- Tasks:
- Provide an FFmpeg profile set and example scripts to produce multirenditions and a master playlist.
- Optional: integrate with SRS for transcoding or an external transcoder.
- Search and indexing
- Tasks:
- Add fulltext indexes and normalized search across videos/streams; expose via API and templates.
- Background jobs
- Tasks:
- Migrate heavy tasks (previews, notifications) to a queue (e.g., Redis + worker) for robustness.
- Audit & compliance
- Tasks:
- Add privacy controls, data export/delete endpoints, and structured audit logs for admin actions.
## Quick Fix Checklist (Getting to Green)
- [ ] Fix SQL seed filename mismatch.
- [x] Update Caddy root to `/srv/easystream` and HLS root to `/var/www/hls`. ✅ **COMPLETED** - paths already correct
- [x] Repair cron `init.sh`; update all paths to `/srv/easystream` and load correct crontab. ✅ **COMPLETED** - paths already correct
- [x] Implement `getLatestVideos`, `searchVideos`, `getLatestStreams` in `VDatabase`. ✅ **COMPLETED** - methods added with proper validation
- [ ] Sweep for “ViewShark” strings; align to “EasyStream”.
- [ ] Verify CSRF on all POST routes; add where missing.
- [ ] Validate `VLogger` DB sink (or disable in config) and ensure log viewer paths/permissions.
---
If you want, I can start by submitting a patch that fixes the compose/Caddy/cron mismatches and stubs the missing DB helper methods so the API examples work endtoend.
Reference in New Issue View Git Blame Copy Permalink