ffmpeg-web-compressor/app.py at main · Hum-Bao/ffmpeg-web-compressor · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
"""Flask web application for video conversion using FFmpeg.

This module provides a web interface for uploading, analyzing, and converting
video files with various codec, resolution, and framerate options.

All processing uses stdin/stdout pipes - ZERO disk I/O, entirely in RAM.
No temporary files are ever created.
"""

import argparse
import ipaddress
import logging
import tempfile
from datetime import UTC, datetime, timedelta
from pathlib import Path

from cryptography import x509
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.x509.oid import NameOID
from flask import Flask, Request

from modules import api, cache, configureos, exif, ramdisk, state

APP_DIR = Path(__file__).resolve().parent
CERT_PATH = APP_DIR / "cert.pem"
KEY_PATH = APP_DIR / "key.pem"


def _ensure_ssl_certificates(logger: logging.Logger) -> tuple[str, str]:
    """Create self-signed HTTPS cert/key on first run and return their paths."""
    if CERT_PATH.exists() and KEY_PATH.exists():
        return str(CERT_PATH), str(KEY_PATH)

    logger.info("Generating self-signed HTTPS certificate for first run")
    private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)

    subject = issuer = x509.Name(
        [
            x509.NameAttribute(NameOID.COUNTRY_NAME, "US"),
            x509.NameAttribute(NameOID.ORGANIZATION_NAME, "ffmpeg-web-compressor"),
            x509.NameAttribute(NameOID.COMMON_NAME, "localhost"),
        ],
    )

    now = datetime.now(UTC)
    cert = (
        x509.CertificateBuilder()
        .subject_name(subject)
        .issuer_name(issuer)
        .public_key(private_key.public_key())
        .serial_number(x509.random_serial_number())
        .not_valid_before(now - timedelta(minutes=1))
        .not_valid_after(now + timedelta(days=3650))
        .add_extension(
            x509.SubjectAlternativeName(
                [
                    x509.DNSName("localhost"),
                    x509.IPAddress(ipaddress.ip_address("127.0.0.1")),
                ],
            ),
            critical=False,
        )
        .sign(private_key, hashes.SHA256())
    )

    KEY_PATH.write_bytes(
        private_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.TraditionalOpenSSL,
            encryption_algorithm=serialization.NoEncryption(),
        ),
    )
    CERT_PATH.write_bytes(cert.public_bytes(serialization.Encoding.PEM))
    logger.info("Generated HTTPS certificate and key: %s, %s", CERT_PATH, KEY_PATH)
    return str(CERT_PATH), str(KEY_PATH)


def _graceful_shutdown(logger: logging.Logger) -> None:
    """Best-effort cleanup for Ctrl+C and normal process exit."""
    cleaned_files = cache.clear_all_files()
    removed_progress = state.clear_all_progress()
    removed_temp_dir = api.cleanup_runtime_temp_dir()
    detached_ramdisk = ramdisk.cleanup_windows_ramdisk(logger)

    logger.info(
        (
            "Shutdown cleanup complete: files=%d, progress_entries=%d, "
            "temp_dir_removed=%s, ramdisk_detached=%s"
        ),
        len(cleaned_files),
        removed_progress,
        removed_temp_dir,
        detached_ramdisk,
    )


class RamBackedRequest(Request):
    """Request class that keeps upload temp streams inside active temp workspace."""

    def _get_file_stream(  # type: ignore[override]
        self,
        total_content_length: int | None,
        content_type: str | None,
        filename: str | None = None,
        content_length: int | None = None,
    ) -> tempfile.SpooledTemporaryFile[bytes]:
        # Werkzeug passes these by keyword; keep names exactly as expected.
        del total_content_length, content_type, filename, content_length
        return tempfile.SpooledTemporaryFile(
            max_size=8 * 1024 * 1024,
            mode="wb+",
            dir=api.get_active_temp_dir(),
        )


# Configure logging
logging.basicConfig(
    level=logging.INFO,
    format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
)
logger = logging.getLogger(__name__)

app = Flask(__name__)
app.request_class = RamBackedRequest
# No file size limit - handle large files
app.config["MAX_CONTENT_LENGTH"] = None

app.register_blueprint(api.api_blueprint)

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description="Run ffmpeg-web server")
    parser.add_argument(
        "--enable-exif-logging",
        action="store_true",
        help="Capture EXIF dump logs to files under logs/exif_dumps",
    )
    args = parser.parse_args()

    exif.set_exif_dump_enabled(enabled=args.enable_exif_logging)
    if args.enable_exif_logging:
        logger.info("EXIF dump logging enabled")

    configureos.configure_runtime(logger)
    cert_file, key_file = _ensure_ssl_certificates(logger)

    # Use pre-generated self-signed certificates for HTTPS
    # (adhoc context was causing startup hangs on some systems)
    # This is needed because iOS won't allow the share button to show on
    # non-HTTPS websites
    try:
        app.run(
            host="0.0.0.0",
            port=5000,
            debug=False,
            ssl_context=(cert_file, key_file),
        )
    finally:
        _graceful_shutdown(logger)