"Fair streaming for creators, secure content for viewers, and freedom for everyone."

PPV Stream is a production-ready, self-hosted Pay-Per-View video platform built with Rust (Axum) and PostgreSQL. It ships everything a creator marketplace needs — multi-provider payments, an internal wallet, an affiliate system, forensic watermarking, adaptive HLS streaming, and a plugin-based storage/payment architecture — all open-source and white-label.

🎥 Demo on YouTube:

• https://www.youtube.com/watch?v=WOsDwBcD03A
• https://www.youtube.com/watch?v=IuSjkMoYEHk
• https://www.youtube.com/watch?v=dm8eRdstBHY

• 💰 Internal Wallet — deposit, withdraw, P2P transfer; admin-managed payouts; details →
• 💳 3-Tab Payment Panel — Wallet / Crypto X402 / Fiat Gateway in one UI
• ⛓️ X402 Smart Contract — on-chain payments with auto-split (creator 90%, platform 10%); details →
• 🏦 Multi-Provider Fiat — Stripe, PayPal, Midtrans, Xendit via plugin architecture; details →
• 🔔 Webhook Receivers — each provider delivers payment notifications automatically
• 🏧 Xendit Auto-Disburse — 90% of payment goes to creator's bank account instantly

• 🤝 Affiliate System — creators set commission % per video; affiliates earn from referral sales; details →
• 🔗 Referral Links — ?ref=USERNAME captured across all payment paths (wallet, x402, fiat)
• 📊 Earnings Dashboard — affiliates track commissions; creators track program performance

• 🎥 Video Upload — MP4 with size limit, MIME validation, atomic writes
• ⚡ Adaptive HLS Transcoding — FFmpeg multi-rendition (240p/360p/480p) in a single process
• 💧 Forensic Watermarking — per-viewer moving watermark to deter piracy
• 🔐 Session-Scoped HLS — each viewer gets a unique, isolated stream segment set

• 👤 User & Admin Authentication — HMAC-SHA256 signed cookies, Argon2 password hashing; details →
• 👥 Allowlist System — creators grant manual access; purchases auto-grant
• 📧 SMTP Email Notifications — password reset, change-password confirmation
• 🧩 Admin Panel — users, videos, wallet transactions, fiat invoices, SMTP, affiliate commissions
• 💵 USD → IDR Conversion — live exchange rate from /api/kurs
• 🗄️ Storage Plugins — local disk or cloud storage via plugin registry

To make it possible for every creator, teacher, performer, or filmmaker to earn money directly from their audience — using a fair, transparent, and forensically protected pay-per-view system with no centralized gatekeepers.

→ Read the full vision: VISION.md

PPV Stream Rust enables a consumer-to-consumer (C2C) marketplace where users pay other users directly:

• Creators upload exclusive content and set their price
• Buyers purchase access with wallet balance, crypto, or fiat
• Affiliates share referral links and earn commission
• Platform retains a configurable fee (default 10%)

The affiliate layer means creators can grow their audience without advertising spend — they pay commissions only when sales actually happen.

The X402 integration processes on-chain payments with automatic fund splitting:

• Decentralized Settlement — funds go directly from viewer to creator via smart contract
• Auto-Split — creator 90%, platform admin 10% (configurable via basis points)
• Multi-Token — native coins (MATIC, ETH) or ERC-20 tokens (USDC, USDT)
• Invoice Hashing — Keccak256 hash binds each payment to a specific invoice + video

→ See PAYMENT.md for the full payment flow including wallet and fiat.

1. User registers via POST /auth/register — Argon2 password hash, DB user row.
2. Login via POST /auth/login — HMAC-SHA256 signed ppv_session cookie.
3. Every protected endpoint verifies signature, loads session, checks expiry.
4. Admin login via POST /admin/login — requires is_admin = true.
5. Password recovery via time-limited single-use token.

1. Creator POSTs to POST /api/upload — extension whitelist + MIME check + size limit.
2. Written to *.part file → atomic rename to prevent partial uploads.
3. Video record created with status = queued, submitted to in-process worker.
4. Worker generates fast-start MP4, then multi-rendition HLS (240p/360p/480p).
5. On success: hls_ready = true, processing_state = ready, hls_master set.

1. Buyer opens watch.html?video_id=X (optionally with ?ref=AFFILIATE_USERNAME).
2. GET /api/pay/all_options returns wallet balance, x402 tokens, fiat providers in one call.
3. Buyer selects Wallet tab → POST /api/wallet/pay with { video_id, ref_code }.
4. Atomic DB transaction: debit buyer, credit creator (90%), create ledger rows, insert purchase + allowlist.
5. If ref_code is set and affiliate program is active: commission deducted from creator, credited to affiliate.

1. POST /api/pay/x402/start — invoice created, signed with admin ECDSA key, affiliate_ref stored.
2. MetaMask executes payNativeSigned / payERC20Signed on-chain.
3. POST /api/pay/x402/confirm — receipt verified, Paid event decoded, invoice updated.
4. Purchase + allowlist inserted; affiliate commission processed.

1. POST /api/pay/:provider/start — fiat_invoices row pre-inserted, affiliate_ref stored, provider checkout URL returned.
2. Buyer pays on provider's hosted page.
3. Provider webhook → POST /api/pay/:provider/webhook — signature verified, access granted.
4. Affiliate commission processed after access is confirmed.

1. Creator configures commission % via POST /api/affiliate/settings (0–90%).
2. Affiliate gets referral link from GET /api/affiliate/link?video_id=X.
3. Buyer arrives via ?ref=AFFILIATE_USERNAME; referral notice shown in payment panel.
4. On purchase: commission_cents = price * commission_pct / 100 moved from creator → affiliate wallet.
5. Affiliate sees earnings in GET /api/affiliate/earnings.

→ Full details: AFFILIATE.md

1. GET /api/request_play?video_id=X — session + ownership/allowlist check.
2. Per-viewer HLS session created with moving username+timestamp watermark via FFmpeg.
3. Segments streamed via GET /hls/:session/:file with Cache-Control: no-store.

1. Deposit: user submits amount → admin approves → balance credited.
2. Withdrawal: balance held immediately → admin marks paid or rejects (auto-refund).
3. P2P Transfer: instant, atomic, both parties get ledger rows.
4. All operations append to wallet_transactions for full audit trail.

→ Full details: WALLET.md

• GET /admin/data — users, sessions, videos, purchases, allowlists
• GET /admin/payments — fiat invoices with filter/disburse
• GET /admin/wallet/transactions — all wallet operations with approve/reject
• GET /admin/affiliate/commissions — full commission ledger
• GET/POST /admin/smtp — email configuration

erDiagram
    USERS ||--o{ VIDEOS : owns
    USERS ||--o{ WALLET_TRANSACTIONS : has
    USERS ||--o{ AFFILIATE_COMMISSIONS : earns
    VIDEOS ||--o{ AFFILIATE_SETTINGS : has
    VIDEOS ||--o{ X402_INVOICES : billed_for
    VIDEOS ||--o{ FIAT_INVOICES : billed_for
    VIDEOS ||--o{ PURCHASES : purchased_as
    VIDEOS ||--o{ ALLOWLIST : grants

ppv_stream_rust/
├── contracts/                    # Solidity X402Splitter smart contract
│   └── contracts/X402Splitter.sol
├── migrations/                   # Numbered SQL migrations (013–029)
│   ├── 028_wallet.sql
│   └── 029_affiliate.sql
├── public/                       # Frontend HTML + JS
│   ├── admin/
│   │   ├── dashboard.html
│   │   ├── login.html
│   │   └── wallet.html           # Admin wallet management
│   ├── auth/
│   ├── affiliate.html            # Affiliate dashboard
│   ├── wallet.html               # User wallet UI
│   ├── watch.html                # 3-tab payment panel + HLS player
│   └── styles.css
├── sql/                          # Core schema migrations (001–012)
├── src/
│   ├── commission.rs             # Affiliate commission helper (standalone)
│   ├── config.rs                 # Environment-based configuration
│   ├── db.rs                     # PostgreSQL pool setup
│   ├── email.rs                  # SMTP notifications
│   ├── ffmpeg.rs                 # FFmpeg/FFprobe wrappers
│   ├── sessions.rs               # HMAC-signed session cookies
│   ├── validators.rs             # Input validation utilities
│   ├── worker.rs                 # In-process transcode queue
│   ├── handlers/
│   │   ├── admin.rs              # Admin data + wallet admin endpoints
│   │   ├── affiliate.rs          # Affiliate settings, earnings, admin view
│   │   ├── auth_admin.rs         # Admin login/logout/change-password
│   │   ├── auth_user.rs          # User register/login/logout/forgot-password
│   │   ├── kurs.rs               # Exchange rate (USD/IDR)
│   │   ├── me.rs                 # /api/me — current user info
│   │   ├── pay.rs                # X402 + all_options endpoints
│   │   ├── payment_plugins.rs    # Fiat invoice create/confirm/webhook
│   │   ├── setup.rs              # Admin bootstrap
│   │   ├── stream.rs             # HLS playback + watermark
│   │   ├── upload.rs             # Video upload
│   │   ├── users.rs              # Profile CRUD + public profiles
│   │   ├── video.rs              # Video list/update/allowlist
│   │   └── wallet.rs             # Wallet balance/deposit/withdraw/transfer/pay
│   ├── plugins/
│   │   ├── payment/              # Payment plugin registry
│   │   │   └── providers/        # stripe, paypal, midtrans, xendit, x402
│   │   └── storage/              # Storage plugin registry
│   └── services/
│       └── x402_watcher.rs       # Optional WebSocket blockchain event watcher
├── Cargo.toml
├── docker-compose.yml
├── Makefile
└── *.md                          # Documentation (see Documentation Index above)

For the complete installation guide, environment variable reference, admin bootstrap steps, and both Docker and non-Docker workflows, see SETUP.md.

# 1. Start PostgreSQL
make db-up

# 2. Run all migrations
make migrate

# 3. Build and run
make build
make run

# 4. Seed test data (optional)
make seed

The server starts at http://localhost:8080

┌─────────────────────────────────────────────┐
│            User Browser                     │
│  watch.html — 3-tab payment panel           │
│  wallet.html — balance + history            │
│  affiliate.html — earnings + links          │
└──────────────────┬──────────────────────────┘
                   │ HTTP/JSON
                   ▼
┌─────────────────────────────────────────────┐
│           Rust Backend (Axum)               │
│  Auth · Upload · Stream · Pay               │
│  Wallet · Affiliate · Commission            │
│  Payment plugins (stripe/paypal/midtrans/   │
│  xendit/x402) · Storage plugins             │
└──────────┬──────────────────┬───────────────┘
           │                  │
           ▼                  ▼
  ┌──────────────┐   ┌──────────────────────┐
  │  PostgreSQL  │   │  File Storage        │
  │  13 tables   │   │  /storage/ /media/   │
  │  wallet +    │   │  /hls/ (per-viewer)  │
  │  affiliate   │   └──────────────────────┘
  └──────────────┘
           │
           ▼
  ┌──────────────────────┐
  │  EVM Blockchain      │
  │  X402Splitter.sol    │
  │  (optional)          │
  └──────────────────────┘

Apache 2.0

Project : PPV Stream — Secure Pay-Per-View Video Platform
Author  : Kukuh Tripamungkas Wicaksono (Kukuh TW)
Email   : kukuhtw@gmail.com
WhatsApp: https://wa.me/628129893706
LinkedIn: https://id.linkedin.com/in/kukuhtw
GitHub  : https://github.com/kukuhtw/ppv_stream_rust

© 2025–2026 Kukuh Tripamungkas Wicaksono
📧 kukuhtw@gmail.com | 💬 WhatsApp | 🔗 LinkedIn | 💻 GitHub