vinny/iptv-stream-web
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add comprehensive unit tests for Security, UserModel, and Validation utilities

Browse source 
- Implemented SecurityTest to validate token generation, CSRF protection, input sanitization, and rate limiting.
- Created UserModelTest to ensure correct database operations for user management, including creation, updating, banning, and fetching active users.
- Developed ValidationTest to verify input validation and sanitization for user IDs, nicknames, messages, and API requests.
- Introduced Security and Validation utility classes with methods for secure token generation, input sanitization, and comprehensive validation rules.
This commit is contained in:
Vincent 2025-09-30 21:22:28 -04:00
parent 5692874b10
commit 41cd7a4fd8
32 changed files with 5796 additions and 368 deletions
Download patch file Download diff file Expand all files Collapse all files

505
DEPLOYMENT.md Normal file
View file

@ -0,0 +1,505 @@
# 🚀 Dodgers IPTV - Deployment Guide
## Overview
The Dodgers IPTV Stream Theater has been completely rebuilt with enterprise-grade security, performance, and reliability. This deployment guide covers setup, configuration, and maintenance of the production-ready application.
---
## 📋 Prerequisites
### System Requirements
- **PHP**: 8.1 or higher
- **Database**: SQLite 3 (included with PHP)
- **Web Server**: Apache/Nginx with PHP-FPM recommended
- **Extensions**: pdo, pdo_sqlite, mbstring, json
- **Memory**: 128MB minimum, 256MB recommended
- **Storage**: 50MB for application, expandable for logs/database
### Development Tools
```bash
# Install Composer (PHP dependency manager)
curl -sS https://getcomposer.org/installer | php
sudo mv composer.phar /usr/local/bin/composer
# Verify installations
php --version # Should be 8.1+
composer --version # Should work
php -m | grep -E "(pdo|sqlite|mbstring|json)" # Extensions present
```
---
## 🛠️ Step-by-Step Setup
### 1. Code Deployment
```bash
# Clone or download the application
cd /var/www/html/
git clone https://your-repo-url/dodgers-iptv.git
cd dodgers-iptv
# Or extract from ZIP file
unzip dodgers-iptv-v1.0.0.zip
cd dodgers-iptv/
```
### 2. Dependency Installation
```bash
# Install PHP dependencies
composer install --no-dev --optimize-autoloader
# Verify autoloader
php -r "require 'vendor/autoload.php'; echo '✓ Composer setup complete\n';"
```
### 3. Environment Configuration
```bash
# Copy environment template
cp .env.example .env
# Edit configuration
nano .env
```
**Essential .env Configuration:**
```bash
# Environment
APP_ENV=production
# Admin Credentials (generate with included script)
ADMIN_USERNAME=your_admin_username
ADMIN_PASSWORD_HASH=run_php_generate_hash.php
# Database (SQLite - no configuration needed)
DB_DATABASE=data/app.db
# Security
SECRET_KEY=generate_random_64_char_key_here
# Stream Settings
STREAM_BASE_URL=http://your-stream-server:port
STREAM_ALLOWED_IPS=127.0.0.1,your.stream.ip
# Logging
LOG_LEVEL=WARNING
LOG_FILE=logs/app.log
```
### 4. Generate Admin Password
```bash
# Use included script to generate secure password hash
php generate_hash.php
# Enter your desired admin password
# Copy the generated hash to .env ADM_PASSWORD_HASH
```
### 5. Database Setup
```bash
# Run database migrations
make db
# Or manually:
php -r "
require_once 'bootstrap.php';
\$db = Database::getInstance()->getConnection();
\$sql = file_get_contents('migrations/001_create_tables.sql');
\$db->exec(\$sql);
echo 'Database initialized!\n';
"
```
### 6. File Permissions
```bash
# Set correct ownership (replace www-data with your web user)
sudo chown -R www-data:www-data /var/www/html/dodgers-iptv/
# Set permissions
find . -type f -name "*.php" -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
# Database and logs need write access
chmod 664 data/app.db
chmod 775 logs/
chmod 664 logs/app.log
```
### 7. Web Server Configuration
#### Apache (recommended)
```apache
<VirtualHost *:80>
ServerName your-domain.com
DocumentRoot /var/www/html/dodgers-iptv
<Directory /var/www/html/dodgers-iptv>
AllowOverride All
Require all granted
# Security headers
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
Header always set Referrer-Policy strict-origin-when-cross-origin
</Directory>
# Logs
ErrorLog /var/log/apache2/dodgers-error.log
CustomLog /var/log/apache2/dodgers-access.log combined
</VirtualHost>
```
#### Nginx
```nginx
server {
listen 80;
server_name your-domain.com;
root /var/www/html/dodgers-iptv;
index index.php;
# Security headers
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
# Deny access to sensitive files
location ~ /(config|\.env|logs)/ {
deny all;
}
}
```
---
## 🔧 Post-Installation Tasks
### Run Tests (Recommended)
```bash
# Install development dependencies
composer install
# Run test suite
make test
# Check code coverage
make test-coverage
```
### Health Check
```bash
# Basic functionality test
curl -I http://your-domain.com/
# Database connection test
php -r "
require_once 'bootstrap.php';
\$db = Database::getInstance();
echo 'Database connection: ✓\n';
"
# Chat system test
php -r "
require_once 'bootstrap.php';
\$chat = new ChatServer();
echo 'Chat system: ✓\n';
"
```
### SSL Certificate (Production Recommended)
```bash
# Using Let's Encrypt (certbot)
sudo certbot --apache -d your-domain.com
# Or manual certificates
# Place fullchain.pem and privkey.pem in /etc/ssl/certs/
# Update Apache/Nginx config with SSL settings
```
---
## 🔍 Monitoring & Maintenance
### Log Monitoring
```bash
# View recent logs
tail -f logs/app.log
# Search for errors
grep "ERROR\|CRITICAL" logs/app.log
# Log rotation (add to cron)
0 0 * * * /usr/sbin/logrotate /etc/logrotate.d/dodgers
# Logrotate configuration (/etc/logrotate.d/dodgers)
/var/www/html/dodgers-iptv/logs/*.log {
daily
rotate 30
compress
delaycompress
missingok
notifempty
create 644 www-data www-data
postrotate
systemctl reload apache2 2>/dev/null || true
endscript
}
```
### Performance Monitoring
```bash
# Check PHP-FPM status
systemctl status php8.1-fpm
# Monitor resource usage
htop
# PHP performance metrics
php -r "
echo 'Memory limit: ' . ini_get('memory_limit') . PHP_EOL;
echo 'Max execution time: ' . ini_get('max_execution_time') . PHP_EOL;
echo 'Upload max size: ' . ini_get('upload_max_filesize') . PHP_EOL;
"
```
### Database Maintenance
```bash
# Database size check
ls -lh data/app.db
# Optimization (run weekly)
php -r "
require_once 'bootstrap.php';
\$db = Database::getInstance()->getConnection();
\$db->exec('VACUUM');
\$db->exec('REINDEX');
echo 'Database optimized!\n';
"
```
### Backup Strategy
```bash
#!/bin/bash
# Weekly backup script (/etc/cron.weekly/dodgers-backup)
BACKUP_DIR="/var/backups/dodgers"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
# Create backup directory
mkdir -p $BACKUP_DIR
# Database backup
sqlite3 data/app.db ".backup '$BACKUP_DIR/app_$TIMESTAMP.db'"
# Log archive
tar -czf $BACKUP_DIR/logs_$TIMESTAMP.tar.gz logs/
# Configuration backup
cp .env $BACKUP_DIR/env_$TIMESTAMP.bak
# Cleanup old backups (keep 30 days)
find $BACKUP_DIR -name "*.db" -mtime +30 -delete
find $BACKUP_DIR -name "*.tar.gz" -mtime +30 -delete
find $BACKUP_DIR -name "*.bak" -mtime +30 -delete
```
---
## 🚨 Troubleshooting
### Common Issues
#### 1. White Screen / 500 Error
```bash
# Check PHP error logs
tail -f /var/log/apache2/error.log
tail -f /var/log/php8.1-fpm.log
# Enable debug mode temporarily
# Set APP_ENV=development in .env
# Reload web server
systemctl reload apache2
```
#### 2. Database Connection Failed
```bash
# Check file permissions
ls -la data/app.db
# Test connection manually
php -r "
try {
\$pdo = new PDO('sqlite:data/app.db');
echo '✓ Database connection successful\n';
} catch(Exception \$e) {
echo '✗ Database error: ' . \$e->getMessage() . '\n';
}
"
```
#### 3. Chat Not Working
```bash
# Check SSE endpoint
curl -H "Accept: text/event-stream" "http://your-domain.com/?sse=1&user_id=test&csrf=test"
# Review chat logs
grep "chat\|ChatServer" logs/app.log
```
#### 4. High Memory Usage
```bash
# Monitor processes
ps aux | grep php
# Check PHP memory settings
php -r "echo 'Current memory_limit: ' . ini_get('memory_limit') . '\n';"
# Increase if needed (php.ini or .user.ini)
memory_limit = 256M
```
---
## 🔐 Security Hardening
### Additional Security Measures
```bash
# Install fail2ban for IP banning
sudo apt-get install fail2ban
# Configure fail2ban for application logs
# /etc/fail2ban/jail.local
[dodgers]
enabled = true
port = http,https
filter = dodgers
logpath = /var/www/html/dodgers-iptv/logs/app.log
maxretry = 3
bantime = 86400
# Create filter
# /etc/fail2ban/filter.d/dodgers.conf
[Definition]
failregex = ^.*SECURITY.*ip.*<HOST>.*$
ignoreregex =
```
### Firewall Configuration
```bash
# Allow only necessary ports
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 'Apache Full'
# Enable firewall
sudo ufw enable
```
---
## 🚀 Performance Optimization
### PHP-FPM Tuning
```ini
# /etc/php/8.1/fpm/pool.d/www.conf
[www]
user = www-data
group = www-data
listen = /run/php/php8.1-fpm.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.process_idle_timeout = 10s
# Memory and timeouts
php_admin_value[memory_limit] = 128M
request_terminate_timeout = 300
```
### OPCache Configuration
```ini
# /etc/php/8.1/fpm/conf.d/opcache.ini
zend_extension=opcache.so
opcache.enable=1
opcache.memory_consumption=128
opcache.max_accelerated_files=7963
opcache.revalidate_freq=0
opcache.fast_shutdown=1
opcache.enable_cli=1
```
---
## 📊 Monitoring
### Health Check Endpoint
Add to monitoring system:
```
Health Check: http://your-domain.com/?api=health
Response: {"status":"ok","timestamp":"2025-01-01T12:00:00Z"}
```
### Metrics Collection
```bash
# Log analysis
#!/bin/bash
LOG_FILE="logs/app.log"
echo "=== Dodgers IPTV Daily Report ==="
echo "Requests today: $(grep "$(date +%Y-%m-%d)" "$LOG_FILE" | wc -l)"
echo "Errors today: $(grep "$(date +%Y-%m-%d)" "$LOG_FILE" | grep -i error | wc -l)"
echo "Chat messages today: $(grep "$(date +%Y-%m-%d)" "$LOG_FILE" | grep "message_sent" | wc -l)"
echo "Database size: $(ls -lh data/app.db | awk '{print $5}')"
echo "Log size: $(ls -lh logs/app.log | awk '{print $5}')"
```
---
## 🎯 Success Checklist
- [ ] PHP dependencies installed
- [ ] Environment variables configured
- [ ] Admin password hash generated
- [ ] Database tables created
- [ ] File permissions set correctly
- [ ] Web server configured and restarted
- [ ] SSL certificate installed (production)
- [ ] Basic functionality tested
- [ ] Application accessible at domain
- [ ] Chat system working
- [ ] Admin login functional
- [ ] Security headers verified
- [ ] Monitoring tools set up
- [ ] Backup strategy implemented
---
## 🎉 Deployment Complete!
Your Dodgers IPTV Stream Theater is now running with:
- ✅ Enterprise-grade security
- ✅ Real-time chat system
- ✅ Database-driven architecture
- ✅ Comprehensive monitoring
- ✅ Production-ready performance
**Access your application at: https://your-domain.com**
For support or questions, check the logs and test outputs for detailed error information.