OMEAPI UPDATES

John Rogers · John Rogers · commit 392990a0916a · 2025-03-07T01:41:23.000Z
diff --git a/README.md b/README.md
@@ -11,7 +11,7 @@ ColourStream is a self-hosted livestreaming review platform designed for colouri
 
 - **⚡️ Ultra-Low Latency**: Experience less than 5 frames of latency for real-time collaboration
 - **🔐 Modern Authentication**: Secure passwordless authentication using WebAuthn/passkeys
-- **🎭 Multi-Room Support**: Host multiple review sessions simultaneously with separate rooms - this is currently functional but the automatic OBS control will not run. 
+- **🎭 Multi-Room Support**: Host multiple review sessions simultaneously with separate rooms - this is currently functional but the automatic OBS control will only control one room. manual stream key copy and paste is still availible 
 - **🔄 OBS Integration**: Stream directly from OBS or other RTMP/SRT sources
 - **💬 Built-in Video Conferencing**: Real-time communication via Mirotalk's WebRTC capabilities
 - **🛡️ Secure by Design**: End-to-end security for your sensitive content, Colourstream folllows Industry Best practices and uses a full SSL pipeline to ensure your review remains safe, 
diff --git a/backend/.env.template b/backend/.env.template
@@ -1,15 +1,16 @@
 # Backend-specific environment variables
 PORT=5001
 DATABASE_URL=postgresql://colourstream:your_secure_password_here@colourstream-postgres:5432/colourstream
-OVENMEDIA_API_URL=http://origin:8081
-OVENMEDIA_API_TOKEN=your_ovenmedia_api_token_here
+OME_API_URL=http://origin:8081
+OME_API_ACCESS_TOKEN=your_ovenmedia_api_token_here
 OBS_WS_HOST=localhost
 OBS_WS_PORT=4455
 JWT_SECRET=your_jwt_secret_here
 WEBAUTHN_RP_NAME=ColourStream
 WEBAUTHN_RP_ID=live.colourstream.example.com
 WEBAUTHN_RP_ICON=https://live.colourstream.example.com/favicon.ico
 ADMIN_PASSWORD=your_secure_admin_password_here
+ADMIN_AUTH_SECRET=your_admin_auth_secret_here
 
 # OpenID Connect Configuration (optional)
 OIDC_ENABLED=false
diff --git a/backend/dist/services/omenService.js b/backend/dist/services/omenService.js
@@ -38,9 +38,19 @@ const axios_1 = __importStar(require("axios"));
 const logger_1 = require("../utils/logger");
 class OvenMediaEngineService {
     constructor() {
-        this.baseURL = process.env.OVENMEDIA_API_URL || 'http://origin:8081';
-        this.accessToken = process.env.OVENMEDIA_API_TOKEN || '0fc62ea62790ad7c';
+        this.baseURL = process.env.OME_API_URL || 'http://origin:8081';
+        this.accessToken = process.env.OME_API_ACCESS_TOKEN || '0fc62ea62790ad7c';
+        
         logger_1.logger.info(`Initialized OvenMediaEngine Service with URL: ${this.baseURL}`);
+        logger_1.logger.info(`Using API access token: ${this.accessToken ? '********' : 'default token'}`);
+        
+        if (!this.baseURL) {
+            logger_1.logger.error('OvenMediaEngine API URL is not configured! Set OME_API_URL environment variable.');
+        }
+        
+        if (!this.accessToken) {
+            logger_1.logger.error('OvenMediaEngine API access token is not configured! Set OME_API_ACCESS_TOKEN environment variable.');
+        }
     }
     validateParameters(...params) {
         const invalidParams = params.filter(param => !param || typeof param !== 'string');
diff --git a/docs/api-flow-table.md b/docs/api-flow-table.md
@@ -37,16 +37,13 @@ Accept: application/json
 
 ## Environment Variables
 
-### Frontend
-```env
-VITE_API_URL=https://live.colourstream.johnrogerscolour.co.uk/api
 ```
+# Backend Environment
+OME_API_URL=http://origin:8081
+OME_API_ACCESS_TOKEN=0fc62ea62790ad7c
 
-### Backend
-```env
-OVENMEDIA_API_URL=http://origin:8081
-OVENMEDIA_API_TOKEN=0fc62ea62790ad7c
-JWT_SECRET=your-super-secret-jwt-key
+# Frontend Environment
+VITE_API_URL=https://live.colourstream.johnrogerscolour.co.uk/api
 ```
 
 ## Notes
diff --git a/docs/omen-api-flow.md b/docs/omen-api-flow.md
@@ -99,8 +99,8 @@ TRAEFIK_ACME_EMAIL=your-email@example.com
 VITE_API_URL=https://live.colourstream.johnrogerscolour.co.uk/api
 
 # Backend Configuration
-OVENMEDIA_API_URL=http://origin:8081
-OVENMEDIA_API_TOKEN=0fc62ea62790ad7c
+OME_API_URL=http://origin:8081
+OME_API_ACCESS_TOKEN=0fc62ea62790ad7c
 ```
 
 ## Data Flow Example
diff --git a/docs/token-flow.md b/docs/token-flow.md
@@ -72,28 +72,25 @@ This document describes the token authentication flow between different componen
    | Expiration: 24 hours
 
 2. **Backend to OvenMediaEngine:**
-   - Uses Basic Authentication
-   - Token from environment variable: `OVENMEDIA_API_TOKEN`
-   - Format: `Basic <base64_encoded_token>`
+   - Backend passes API requests to OvenMediaEngine with Basic Auth
+   - Token from environment variable: `OME_API_ACCESS_TOKEN`
+   - Encoded as Base64 in the Authorization header
 
 ### OvenMediaEngine Authentication
-- Expects Basic Authentication
-- Validates against configured access token
-- Returns 401 if token is invalid or missing
+- Configured to accept Basic Auth with a token
+- No sensitive tokens exposed to frontend
+- All API calls proxied through backend
 
 ## Environment Configuration
 
 ```env
 # Backend Environment Variables
 JWT_SECRET=your-super-secret-jwt-key-change-this-in-production
-OVENMEDIA_API_URL=http://origin:8081
-OVENMEDIA_API_TOKEN=0fc62ea62790ad7c
+OME_API_URL=http://origin:8081
+OME_API_ACCESS_TOKEN=0fc62ea62790ad7c
 
 # Frontend Environment Variables
 VITE_API_URL=https://live.colourstream.johnrogerscolour.co.uk/api
-
-# OvenMediaEngine Environment Variables
-OME_API_ACCESS_TOKEN=0fc62ea62790ad7c
 ```
 
 ## Security Notes
diff --git a/frontend/src/components/OvenMediaConfig/README.md b/frontend/src/components/OvenMediaConfig/README.md
@@ -118,9 +118,9 @@ const streamStats = await api.getStreamStats('default', 'app', 'stream');
 
 ```typescript
 // Frontend
-VITE_API_URL=https://your-domain.com/api  // Points to your backend API
+VITE_API_URL=https://your-api-endpoint.com
 
 // Backend (internal only)
-OVENMEDIA_API_URL=http://origin:8081       // Never expose to frontend
-OVENMEDIA_API_TOKEN=your-secret-token      // Never expose to frontend
+OME_API_URL=http://origin:8081       // Never expose to frontend
+OME_API_ACCESS_TOKEN=your-secret-token      // Never expose to frontend
 ``` 
diff --git a/global.env.template b/global.env.template
@@ -20,6 +20,10 @@ WEBAUTHN_ORIGIN=https://live.colourstream.example.com
 # API Configuration
 BASE_PATH=/api 
 
+# OvenMediaEngine Configuration
+OME_LIVE_DOMAIN=live.colourstream.example.com
+OME_VIDEO_DOMAIN=video.colourstream.example.com
+OME_API_ACCESS_TOKEN=your_ome_api_token_here
 
 # MiroTalk Configuration
 HOST_PROTECTED=true
diff --git a/setup-ghcr.sh b/setup-ghcr.sh
@@ -142,7 +142,7 @@ VIDEO_DOMAIN=video.colourstream.${domain_name}
 FRONTEND_URL=https://live.colourstream.${domain_name}
 BASE_PATH=/api
 OME_API_ACCESS_TOKEN=${ome_api_token}
-OME_API_URL=https://live.colourstream.${domain_name}:8081/v1/
+OME_API_URL=http://origin:8081
 EOL
 chmod 600 backend/.env
 echo "✅ Created backend/.env"
@@ -210,6 +210,8 @@ sed -i.bak "s/628db0ebd5d8c8fc4f539e7192fa6ff1/${db_password}/g" docker-compose.
 sed -i.bak "s/015a8afab726389330e5002945d9d27a7de31bc813/${jwt_key}/g" docker-compose.yml
 sed -i.bak "s/a4097b976531c94f5e4cf9d2676751c7/${admin_auth_secret}/g" docker-compose.yml
 sed -i.bak "s/0fc62ea62790ad7c/${ome_api_token}/g" docker-compose.yml
+sed -i.bak "s/41b20d4a33dcca381396b5b83053ef2f/${ome_api_token}/g" docker-compose.yml
+sed -i.bak "s/OME_API_ACCESS_TOKEN: \"[a-f0-9]*\"/OME_API_ACCESS_TOKEN: \"${ome_api_token}\"/g" docker-compose.yml
 sed -i.bak "s/turnserver123/${turn_password}/g" docker-compose.yml
 rm docker-compose.yml.bak
 echo "✅ Updated docker-compose.yml"
diff --git a/setup-template.sh b/setup-template.sh
@@ -169,6 +169,22 @@ if [ -f "backend/.env.template" ]; then
     sed_inplace "s/OME_API_ACCESS_TOKEN=.*/OME_API_ACCESS_TOKEN=$ome_api_token/g" backend/.env
   fi
   
+  # Ensure OME_API_URL is properly set
+  if ! grep -q "OME_API_URL" backend/.env; then
+    echo "OME_API_URL=http://origin:8081" >> backend/.env
+  else
+    sed_inplace "s|OME_API_URL=.*|OME_API_URL=http://origin:8081|g" backend/.env
+  fi
+  
+  # Remove any old variable names to prevent confusion
+  if grep -q "OVENMEDIA_API_URL" backend/.env; then
+    sed_inplace "/OVENMEDIA_API_URL/d" backend/.env
+  fi
+  
+  if grep -q "OVENMEDIA_API_TOKEN" backend/.env; then
+    sed_inplace "/OVENMEDIA_API_TOKEN/d" backend/.env
+  fi
+  
   echo "✅ Created backend/.env"
 else
   echo "❌ backend/.env.template not found"
@@ -214,8 +230,13 @@ if [ -f "docker-compose.yml" ]; then
   # Update ADMIN_AUTH_SECRET in docker-compose.yml
   sed_inplace "s/ADMIN_AUTH_SECRET: [a-f0-9]*/ADMIN_AUTH_SECRET: $admin_auth_secret/g" docker-compose.yml
   
-  # Update OvenMediaEngine API Token
+  # Update OvenMediaEngine API Token - handle both possible variable names
   sed_inplace "s/OME_API_ACCESS_TOKEN: \"[a-f0-9]*\"/OME_API_ACCESS_TOKEN: \"$ome_api_token\"/g" docker-compose.yml
+  sed_inplace "s/OVENMEDIA_API_TOKEN: \"[a-f0-9]*\"/OME_API_ACCESS_TOKEN: \"$ome_api_token\"/g" docker-compose.yml
+  
+  # Update any hardcoded tokens that might be in the file
+  sed_inplace "s/0fc62ea62790ad7c/$ome_api_token/g" docker-compose.yml
+  sed_inplace "s/41b20d4a33dcca381396b5b83053ef2f/$ome_api_token/g" docker-compose.yml
   
   # Update TURN Server Credential
   sed_inplace "s/TURN_SERVER_CREDENTIAL: \"[^\"]*\"/TURN_SERVER_CREDENTIAL: \"$turn_password\"/g" docker-compose.yml
