WildDragonLLC/dragonflight
1
0
Fork 0
Code Issues 18 Pull requests 3 Projects Releases Packages Wiki Activity Actions
Dragonflight - self-hosted broadcast media asset management. SRT/RTMP/SDI ingest via Blackmagic DeckLink, FFmpeg proxy generation, growing-file editing via SMB + Premiere Pro CEP panel, BullMQ job queue, S3-compatible storage (RustFS). Replaces Grass Valley AMPP FramelightX.
232 commits 13 branches 1 tag 8.3 MiB
JavaScript 81.5%
CSS 13.6%
HTML 2.1%
Shell 1.9%
Dockerfile 0.5%
Other 0.4%
Find a file
ZGaetano 1e8cde81be fix(projects): prevent JS injection via bin names in onclick handlers 
binCard() was building onclick="renameBinPrompt('id', 'NAME')" by
calling esc() then .replace(/'/g, "\\'").  The problem: esc() converts
' to ', so the replace never fires on raw single quotes.  When the
HTML parser evaluates the attribute it decodes ' back to ', breaking
the JS string — and for injected payloads like `'; alert(1)//` this is
stored XSS.

Fix: use JSON.stringify(b.name) to produce a properly-escaped double-
quoted JS string literal, then esc() to HTML-encode the surrounding
double-quotes for safe embedding in the HTML attribute.
2026-05-19 00:09:49 -04:00
docs/superpowers docs: add Phase 1 NLE Editor implementation plan 2026-05-18 19:34:53 -04:00
services fix(projects): prevent JS injection via bin names in onclick handlers 2026-05-19 00:09:49 -04:00
.env.example fix(infra+workers): S3 creds, ffprobe, BullMQ awaits, thumbnail seek, bin optional, docker-compose vars, jobs Redis, recorders stop codes: .env.example 2026-05-16 00:29:45 -04:00
.gitignore feat(editor): integrate openreel-video as services/editor with MAM hooks 2026-05-17 21:44:37 -04:00
docker-compose.yml feat(growing-files): Phase 1 - live HLS preview during recording 2026-05-18 07:29:50 -04:00
README.md add README.md 2026-04-07 21:58:16 -04:00
setup-repo.sh add setup-repo.sh 2026-04-07 21:58:16 -04:00

README.md

Wild Dragon

Self-hosted Media Asset Management platform built to replace Grass Valley AMPP FramelightX.

Services

Service Port Description
web-ui 8080 Browser-based MAM interface + capture controls
mam-api 3000 REST API — assets, projects, bins, jobs
capture 3001 SDI capture daemon (Blackmagic DeckLink + FFmpeg)
worker Async job processor (proxy gen, thumbnails, conform)
db 5432 PostgreSQL 16 metadata store
queue 6379 Redis 7 job queue (BullMQ)

Quick Start

# Clone
git clone https://forge.wilddragon.net/zgaetano/wild-dragon.git
cd wild-dragon

# Configure
cp .env.example .env
# Edit .env with your S3 credentials and secrets

# Launch
docker compose up -d

# Open
open http://localhost:8080

Architecture

SDI Input (DeckLink) → capture service → dual FFmpeg streams
                                          ├─ HiRes (ProRes) → S3
                                          └─ Proxy (H.264)  → S3
                                                                ↓
                        web-ui ← mam-api ← PostgreSQL ← worker (BullMQ)
                                                          ├─ proxy_gen
                                                          ├─ thumbnail
                                                          └─ conform (EDL → FFmpeg → export)

Tech Stack

  • Backend: Node.js / Express
  • Frontend: Vanilla HTML/CSS/JS
  • Database: PostgreSQL 16
  • Queue: Redis 7 + BullMQ
  • Storage: S3-compatible (RustFS)
  • Media Processing: FFmpeg
  • Capture: Blackmagic DeckLink SDK
  • Deployment: Docker Compose

License

MIT