[Bug] HLS proxy returns 401 to FFmpeg when PASSWORD is set
Description
When the PASSWORD environment variable is set (described as "Optional password required to access the web interface"), the authentication middleware blocks FFmpeg from fetching HLS segments through the internal proxy, causing all recordings to fail immediately.
Steps to Reproduce
- Set
PASSWORD=anything in your .env
- Add a model and start a recording
- FFmpeg starts but immediately stops with a
401 on /api/proxy/hls/
Logs
[401] /api/proxy/hls/<token>.m3u8 (0.23ms)
Writer loop: end of stream
Segment recording closed
Fragment recording deleted
Note the sub-millisecond response time — the 401 is returned by the FastAPI auth middleware itself, not by Chaturbate. FFmpeg cannot send a session cookie, so it is always rejected.
Root Cause
In main.py, the auth middleware only exempts a small list of public paths:
public_paths = ["/login", "/api/login", "/favicon.ico"]
public_prefixes = ["/static/", "/api/chaturbate/status"]
/api/proxy/hls/ is missing from public_prefixes. Since FFmpeg makes raw HTTP requests without cookies, every HLS segment fetch is rejected with 401.
The proxy tokens (e.g. eOcAhR-QhdkuKwOrx6LH1z...) are already unguessable, time-limited (15 min TTL), and single-use — they provide sufficient security without requiring cookie authentication.
Proposed Fix
public_prefixes = [
"/static/",
"/api/chaturbate/status",
"/api/proxy/hls/", # FFmpeg cannot send cookies — token in URL is sufficient
"/streams/", # browser capture live streams
]
⚠️ Note: I have not been able to test this fix myself. However, I confirmed the root cause by removing PASSWORD from my .env — recordings work perfectly without a password set. This strongly points to the middleware as the sole issue.
Environment
- Docker, France (age verification enforced by Chaturbate)
PASSWORD set in .env ("Optional password required to access the web interface")CHATURBATE_USERNAME / CHATURBATE_PASSWORD / FLARESOLVERR_URL all correctly set- Provider shows as connected in Settings → Providers
Expected Behavior
Recordings work normally when PASSWORD is set.
Actual Behavior
Every recording fails instantly with 401 on the HLS proxy route.
[Bug] HLS proxy returns 401 to FFmpeg when PASSWORD is set
Description
When the
PASSWORDenvironment variable is set (described as "Optional password required to access the web interface"), the authentication middleware blocks FFmpeg from fetching HLS segments through the internal proxy, causing all recordings to fail immediately.Steps to Reproduce
PASSWORD=anythingin your.env401on/api/proxy/hls/Logs
Note the sub-millisecond response time — the
401is returned by the FastAPI auth middleware itself, not by Chaturbate. FFmpeg cannot send a session cookie, so it is always rejected.Root Cause
In
main.py, the auth middleware only exempts a small list of public paths:/api/proxy/hls/is missing frompublic_prefixes. Since FFmpeg makes raw HTTP requests without cookies, every HLS segment fetch is rejected with401.The proxy tokens (e.g.
eOcAhR-QhdkuKwOrx6LH1z...) are already unguessable, time-limited (15 min TTL), and single-use — they provide sufficient security without requiring cookie authentication.Proposed Fix
Environment
PASSWORDset in.env("Optional password required to access the web interface")CHATURBATE_USERNAME/CHATURBATE_PASSWORD/FLARESOLVERR_URLall correctly setExpected Behavior
Recordings work normally when
PASSWORDis set.Actual Behavior
Every recording fails instantly with
401on the HLS proxy route.