Merge pull request #11 from Sydney-Elvis/alpha.3

Alpha.3 - UI and Endpoint Security

Author: jake1164

.env.example

@@ -23,3 +23,24 @@ M3UNDLE_ENCRYPTION_KEY=your-base64-32-byte-key-here
 # MY_HOST=provider.example.com
 # MY_USER=your_username
 # MY_PASS=your_password
+
+# ─────────────────────────────────────────────────────────────────────────────
+# HDHomeRun emulation (optional)
+# ─────────────────────────────────────────────────────────────────────────────
+
+# Enable/disable HDHomeRun HTTP endpoints (/discover.json, /lineup.json, etc)
+# M3UNDLE_HDHR_ENABLED=true
+
+# Enable UDP auto-discovery listeners (SSDP 1900 + SiliconDust 65001)
+# Manual add via /discover.json works even when this is false.
+# M3UNDLE_HDHR_DISCOVERY_ENABLED=false
+
+# Optional discovery protocol toggles when discovery is enabled
+# M3UNDLE_HDHR_SSDP_ENABLED=true
+# M3UNDLE_HDHR_SILICONDUST_DISCOVERY_ENABLED=true
+
+# Number of exposed tuners (current implementation reports this value)
+# M3UNDLE_HDHR_TUNER_COUNT=1
+
+# Recommended behind Docker/reverse proxy so discovery advertises a client-reachable URL
+# M3UNDLE_HDHR_ADVERTISED_BASE_URL=http://192.168.1.10:8080

.vscode/launch.json

@@ -10,11 +10,18 @@
       "cwd": "${workspaceFolder}/src/M3Undle.Web",
       "console": "internalConsole",
       "stopAtEntry": false,
+      "justMyCode": true,
       "env": {
         "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_URLS": "http://localhost:5283",
+        "ASPNETCORE_URLS": "http://0.0.0.0:5283",
         "M3UNDLE_CONFIG_DIR": "${workspaceFolder}/.config",
-        "M3UNDLE_DATA_DIR": "${workspaceFolder}/data"
+        "M3UNDLE_DATA_DIR": "${workspaceFolder}/data",
+        "M3UNDLE_HDHR_ENABLED": "true",
+        "M3UNDLE_HDHR_DISCOVERY_ENABLED": "true",
+        "M3UNDLE_HDHR_SSDP_ENABLED": "true",
+        "M3UNDLE_HDHR_SILICONDUST_DISCOVERY_ENABLED": "true",
+        "M3UNDLE_HDHR_TUNER_COUNT": "1",
+        "M3UNDLE_HDHR_ADVERTISED_BASE_URL": "${env:M3UNDLE_HDHR_ADVERTISED_BASE_URL}"
       },
       "serverReadyAction": {
         "action": "openExternally",
@@ -30,7 +37,8 @@
       "postDebugTask": "docker-stop: m3undle-debug",
       "platform": "netCore",
       "netCore": {
-        "appProject": "${workspaceFolder}/src/M3Undle.Web/M3Undle.Web.csproj"
+        "appProject": "${workspaceFolder}/src/M3Undle.Web/M3Undle.Web.csproj",
+        "justMyCode": true
       },
       "dockerServerReadyAction": {
         "action": "openExternally",
@@ -46,7 +54,8 @@
       "postDebugTask": "docker-stop: m3undle-debug",
       "platform": "netCore",
       "netCore": {
-        "appProject": "${workspaceFolder}/src/M3Undle.Web/M3Undle.Web.csproj"
+        "appProject": "${workspaceFolder}/src/M3Undle.Web/M3Undle.Web.csproj",
+        "justMyCode": true
       },
       "dockerServerReadyAction": {
         "action": "openExternally",

.vscode/tasks.json

@@ -81,15 +81,24 @@
 				"docker-ensure: dev dirs"
 			],
 			"dependsOrder": "sequence",
-			"dockerRun": {
-				"containerName": "m3undle-dev",
-				"image": "m3undle:web-debug",
-				"remove": false,
-				"env": {
-					"ASPNETCORE_ENVIRONMENT": "Development",
-					"ASPNETCORE_URLS": "http://+:8080",
-					"M3UNDLE_CONFIG_DIR": "/config"
-				},
+				"dockerRun": {
+					"containerName": "m3undle-dev",
+					"image": "m3undle:web-debug",
+					"remove": false,
+					"env": {
+						"ASPNETCORE_ENVIRONMENT": "Development",
+						"ASPNETCORE_URLS": "http://+:8080",
+						"M3UNDLE_CONFIG_DIR": "/config",
+						"M3UNDLE_ADMIN_USER": "admin",
+						"M3UNDLE_ADMIN_PASSWORD": "dog123",
+						"M3UNDLE_AUTH_ENABLED": "true",
+						"M3UNDLE_HDHR_ENABLED": "true",
+						"M3UNDLE_HDHR_DISCOVERY_ENABLED": "true",
+						"M3UNDLE_HDHR_SSDP_ENABLED": "true",
+						"M3UNDLE_HDHR_SILICONDUST_DISCOVERY_ENABLED": "true",
+						"M3UNDLE_HDHR_TUNER_COUNT": "1",
+						"M3UNDLE_HDHR_ADVERTISED_BASE_URL": "${env:M3UNDLE_HDHR_ADVERTISED_BASE_URL}"
+					},
 				"volumes": [
 					{
 						"localPath": "${workspaceFolder}/.config",
@@ -107,11 +116,11 @@
 						"permissions": "rw"
 					}
 				],
-				"customOptions": "--user root --label m3undle.run_mode=existing",
-				"ports": [
-					{
-						"hostPort": 8080,
-						"containerPort": 8080
+					"customOptions": "--user root --label m3undle.run_mode=existing -p 1900:1900/udp -p 65001:65001/udp",
+					"ports": [
+						{
+							"hostPort": 8080,
+							"containerPort": 8080
 					}
 				]
 			},
@@ -129,15 +138,24 @@
 				"docker-build: force-debug"
 			],
 			"dependsOrder": "sequence",
-			"dockerRun": {
-				"containerName": "m3undle-dev",
-				"image": "m3undle:web-debug",
-				"remove": false,
-				"env": {
-					"ASPNETCORE_ENVIRONMENT": "Development",
-					"ASPNETCORE_URLS": "http://+:8080",
-					"M3UNDLE_CONFIG_DIR": "/config"
-				},
+				"dockerRun": {
+					"containerName": "m3undle-dev",
+					"image": "m3undle:web-debug",
+					"remove": false,
+					"env": {
+						"ASPNETCORE_ENVIRONMENT": "Development",
+						"ASPNETCORE_URLS": "http://+:8080",
+						"M3UNDLE_CONFIG_DIR": "/config",
+						"M3UNDLE_ADMIN_USER": "admin",
+						"M3UNDLE_ADMIN_PASSWORD": "dog123",
+						"M3UNDLE_AUTH_ENABLED": "true",
+						"M3UNDLE_HDHR_ENABLED": "true",
+						"M3UNDLE_HDHR_DISCOVERY_ENABLED": "true",
+						"M3UNDLE_HDHR_SSDP_ENABLED": "true",
+						"M3UNDLE_HDHR_SILICONDUST_DISCOVERY_ENABLED": "true",
+						"M3UNDLE_HDHR_TUNER_COUNT": "1",
+						"M3UNDLE_HDHR_ADVERTISED_BASE_URL": "${env:M3UNDLE_HDHR_ADVERTISED_BASE_URL}"
+					},
 				"volumes": [
 					{
 						"localPath": "${workspaceFolder}/.config",
@@ -155,11 +173,11 @@
 						"permissions": "rw"
 					}
 				],
-				"customOptions": "--user root --label m3undle.run_mode=force",
-				"ports": [
-					{
-						"hostPort": 8080,
-						"containerPort": 8080
+					"customOptions": "--user root --label m3undle.run_mode=force -p 1900:1900/udp -p 65001:65001/udp",
+					"ports": [
+						{
+							"hostPort": 8080,
+							"containerPort": 8080
 					}
 				]
 			},

README.md

@@ -15,15 +15,15 @@ Designed for self-hosted systems like NextPVR, Jellyfin, or any client that cons
 > - Database-backed provider configuration
 > - Provider switching with snapshot lifecycle
 > - Group preview (read-only catalog browsing)
-> - Compatibility endpoints: `/m3u/`, `/xmltv/`, `/stream/`
+> - Compatibility endpoints: `/m3u/`, `/xmltv/`, `/stream/`, HDHomeRun HTTP API
 > - Stream relay proxy (relay-only, no buffering)
 > - Web UI for provider management (Pre-Alpha)
+> - HDHomeRun tuner emulation endpoints (`/discover.json`, `/lineup.json`, `/tune/<streamKey>`)
 > 
 > **Forthcoming**
 > - Group-based inclusion rules
 > - Channel numbering controls
 > - Advanced channel filtering workflows
-> - HDHomeRun emulation
 > - Additional Service/Web UI hardening toward Alpha
 
 ---
@@ -106,15 +106,46 @@ Current Pre-Alpha work includes:
 - Provider switching with snapshot lifecycle
 - Group preview (read-only catalog browse)
 - HTTP compatibility endpoints (`/m3u/`, `/xmltv/`, `/stream/`)
+- HDHomeRun HTTP endpoints (`/discover.json`, `/lineup.json`, `/lineup.xml`, `/lineup.m3u`, `/lineup_status.json`, `/device.xml`)
 - Stream relay proxy (relay-only, no buffering)
 - Web UI for provider management
 
-Future releases will add: group-based inclusion rules, channel numbering, filtering, HDHomeRun emulation, and more.
+Future releases will add: group-based inclusion rules, channel numbering, filtering, and more.
 
 See: `docs/SERVICE.md`
 
 ---
 
+## UI Authentication
+
+The web UI supports a simple local authentication model:
+
+- One access level only: authenticated or not authenticated
+- No roles or user tiers
+- Endpoint authentication is configured separately in the UI
+
+### Setup
+
+Authentication is controlled entirely by environment variables — no UI toggle required.
+
+| Variable | Default | Description |
+|---|---|---|
+| `M3UNDLE_AUTH_ENABLED` | `false` | Set to `true` to require login for the UI and management APIs |
+| `M3UNDLE_ADMIN_USER` | `admin` | Admin username/email (used on first startup only) |
+| `M3UNDLE_ADMIN_PASSWORD` | *(none)* | **Required** when `M3UNDLE_AUTH_ENABLED=true` and no account exists yet |
+
+On first startup with `M3UNDLE_AUTH_ENABLED=true`, the admin account is created automatically from these variables. On subsequent startups the account already exists — changing the env vars does not affect the stored password (use **Settings → Change Password** instead).
+
+### Behavior
+
+- If `M3UNDLE_AUTH_ENABLED=false` (default), the UI and management APIs are open on your network.
+- If `M3UNDLE_AUTH_ENABLED=true`, the UI and `/api/v1/*` management APIs require login.
+- Compatibility endpoints can be secured independently from UI auth using **Settings → Endpoint Security**.
+- Endpoint credentials are stored hashed in the database and validated with stateless username/password auth.
+- `/status` and `/health` remain unauthenticated.
+
+---
+
 ## Docker
 
 ```bash
@@ -141,6 +172,20 @@ M3Undle publishes endpoints compatible with common clients:
 - `/m3u/m3undle.m3u`
 - `/xmltv/m3undle.xml`
 - `/stream/<streamKey>`
+- `/hdhr/discover.json`
+- `/hdhr/lineup.json`
+- `/hdhr/lineup.xml`
+- `/hdhr/lineup.m3u`
+- `/hdhr/lineup_status.json`
+- `/hdhr/device.xml`
+- `/hdhr/tune/<streamKey>`
+
+Legacy HDHomeRun root aliases (`/discover.json`, `/lineup.json`, etc.) are still available for compatibility.
+
+Automatic discovery support:
+- SSDP/UPnP (`UDP 1900`)
+- SiliconDust discovery (`UDP 65001`)
+- Discovery is disabled by default; manual add works without discovery
 
 See: `docs/design/HTTP_COMPATIBILITY.md`
 

docs/DOCKER.md

@@ -135,6 +135,16 @@ See [spec/config_spec.md](spec/config_spec.md) for the config file format.
 | `TZ` | host timezone | Timezone for log timestamps (e.g. `America/New_York`, `Europe/London`, `UTC`) |
 | `M3UNDLE_ENCRYPTION_KEY` | *(none)* | **Required for Xtream Codes providers.** Base64-encoded 32-byte AES key used to encrypt passwords at rest. Generate with `openssl rand -base64 32`. Keep this secret — treat it like a master password. |
 
+### Optional — Authentication
+
+| Variable | Default | Description |
+|---|---|---|
+| `M3UNDLE_AUTH_ENABLED` | `false` | Set to `true` to require login for the UI and management APIs. |
+| `M3UNDLE_ADMIN_USER` | `admin` | Admin username/email. Used only on first startup when no account exists. |
+| `M3UNDLE_ADMIN_PASSWORD` | *(none)* | **Required** when `M3UNDLE_AUTH_ENABLED=true` and no admin account exists yet. Used only for the initial seed — changing this later has no effect (use Settings → Change Password instead). |
+
+Endpoint security (M3U/XMLTV/stream/HDHR username/password auth) is managed in **Settings → Endpoint Security** and stored in the database.
+
 ### Optional — Provider Features
 
 | Variable | Default | Description |

docs/design/ARCHITECTURE_MAP.md

@@ -3,7 +3,8 @@
 ## Purpose
 A single unified process (`M3Undle.Web`) provides:
 - Web UI (configuration + status) — Blazor Server
-- REST API for UI communication (`/api/v1/*`)
+- Internal application services used directly by Blazor components (no loopback HTTP required)
+- REST API (`/api/v1/*`) for management/integration clients and external tooling
 - HTTP compatibility endpoints for Media Players:
   - M3U — `/m3u/m3undle.m3u` (output name locked in Core)
   - XMLTV — `/xmltv/m3undle.xml`

docs/design/HTTP_COMPATIBILITY.md

@@ -6,13 +6,27 @@
 - The playlist and stream URL contract is stable even if internal implementation changes.
 - Provider credentials are never exposed to clients. Stream relay is a security requirement.
 
+## Scope Note
+- This document defines the external HTTP contract for client consumption and compatibility.
+- Blazor Server UI internals may call application services directly instead of issuing loopback HTTP calls to `/api/v1/*`.
+- Internal implementation choices MUST NOT change compatibility endpoint behavior.
+
 ## Endpoint Naming
 
 The service uses lineup-scoped endpoint paths. In Core, the lineup name is fixed to `m3undle`:
 
 - `/m3u/m3undle.m3u`
 - `/xmltv/m3undle.xml`
 - `/stream/<streamKey>`
+- `/hdhr/discover.json`
+- `/hdhr/lineup.json`
+- `/hdhr/lineup.xml`
+- `/hdhr/lineup.m3u`
+- `/hdhr/lineup_status.json`
+- `/hdhr/device.xml`
+- `/hdhr/tune/<streamKey>`
+
+Legacy aliases (`/discover.json`, `/lineup.json`, `/lineup.xml`, `/lineup.m3u`, `/lineup_status.json`, `/device.xml`, `/tune/<streamKey>`) remain available for compatibility.
 
 ## Endpoints
 
@@ -72,6 +86,7 @@ The service uses lineup-scoped endpoint paths. In Core, the lineup name is fixed
 
 ### Stream
 - GET /stream/<streamKey>
+- GET /tune/<streamKey>
   - Resolves streamKey -> canonical channel in active snapshot
   - Serves playable stream for that channel
   - Must be resilient:
@@ -82,5 +97,32 @@ The service uses lineup-scoped endpoint paths. In Core, the lineup name is fixed
     An HTTP 302 redirect would deliver raw credentials to every client that follows the stream URL.
     Relay is a security contract, not an implementation detail. This MUST NOT be changed to a redirect.
 
+### HDHomeRun HTTP API
+- GET `/hdhr/discover.json`
+  - Returns stable device identity metadata (`DeviceID`, `DeviceAuth`, `FriendlyName`, `ModelNumber`, `BaseURL`, `LineupURL`, `TunerCount`).
+- GET `/hdhr/lineup.json`
+  - Returns live channels from the active snapshot with stable `GuideNumber`, `GuideName`, and M3Undle-owned tune URLs.
+- GET `/hdhr/lineup.xml`
+  - XML lineup equivalent of `/lineup.json`.
+- GET `/hdhr/lineup.m3u`
+  - M3U lineup equivalent of `/lineup.json`.
+- GET `/hdhr/lineup_status.json`
+  - Returns lineup readiness and channel count.
+- GET/POST `/hdhr/lineup.post`
+  - No-op compatibility endpoint expected by some HDHomeRun clients.
+- GET `/hdhr/device.xml`
+  - UPnP device description used by SSDP/manual client probes.
+
+### Discovery (optional)
+- SSDP / UPnP listener on UDP `1900`
+- SiliconDust discovery listener on UDP `65001`
+- Discovery uses the same device identity and base URL as manual HTTP endpoints.
+- Discovery is disabled by default; manual add via `/discover.json` remains available.
+
 ## Authentication
-Auth infrastructure (ASP.NET Core Identity) is present in the codebase. Whether to enable it is configured at first-run setup. Compatibility endpoints (`/m3u/`, `/xmltv/`, `/stream/`) are designed to be accessible without auth to support LAN clients. The web UI can optionally require login.
+UI authentication and client endpoint authentication are independent:
+
+- UI auth (`M3UNDLE_AUTH_ENABLED`) controls access to the web UI and management APIs.
+- Endpoint auth is configured in the web UI (**Settings → Endpoint Security**) and stored in the database.
+- When endpoint auth is enabled, M3U/XMLTV/stream/HDHR endpoints require stateless username/password access (no redirects, no session-cookie requirements).
+- When endpoint auth is disabled, endpoint behavior remains open as before.