Security Model

Security

Stream authentication without database lookups. Cryptographic token validation. Secret isolation. Internal control channels.

Token Architecture

Traditional panels validate every stream request against a database. Under load, this becomes a bottleneck and a single point of failure. Xtream Shield uses HMAC-signed tokens that carry their own authorization proof.

xtoken Extended Token

Used for client authentication. Contains user ID, expiry, and reseller hierarchy. Signed with per-reseller secret.

ptoken Playback Token

Short-lived token for stream playback. Bound to IP fingerprint and session. Single-use or time-windowed.

token_structure.go

type StreamToken struct {
    UserID    uint64    `json:"u"`
    Reseller  uint64    `json:"r"`
    ExpiresAt int64     `json:"e"`
    StreamID  string    `json:"s"`
}

func (t *StreamToken) Sign(secret []byte) string {
    payload, _ := json.Marshal(t)
    mac := hmac.New(sha256.New, secret)
    mac.Write(payload)
    sig := base64.URLEncoding.EncodeToString(mac.Sum(nil))
    return base64.URLEncoding.EncodeToString(payload) + ":" + sig
}

Defense in Depth

Security is not a feature. It is a property of the architecture.

No DB Lookup for Streams

Stream validation is performed using HMAC signatures. The data plane never connects to the user database, eliminating a critical attack surface and performance bottleneck.

HMAC Validation

SHA-256 HMAC with timing-safe comparison. Tokens are bound to time windows and can include IP/session fingerprints for replay resistance.

Internal Control Channels

Control plane communicates with data plane nodes over authenticated internal channels. No management APIs exposed to the public internet.

Secret Isolation

Each reseller operates with a unique signing secret. Compromise of one tenant does not affect others. Secrets are never logged or transmitted in clear text.

Discuss Security Architecture