2020-03-01 22:53:41 -08:00
|
|
|
// This file is part of Moonfire NVR, a security camera network video recorder.
|
2021-10-28 12:38:29 -07:00
|
|
|
// Copyright (C) 2021 The Moonfire NVR Authors; see AUTHORS and LICENSE.txt.
|
2021-02-17 13:28:48 -08:00
|
|
|
// SPDX-License-Identifier: GPL-v3.0-or-later WITH GPL-3.0-linking-exception.
|
2016-11-25 14:34:00 -08:00
|
|
|
|
2021-10-28 12:38:29 -07:00
|
|
|
mod path;
|
2021-10-28 12:49:50 -07:00
|
|
|
mod static_file;
|
2021-10-28 12:38:29 -07:00
|
|
|
|
|
|
|
|
use self::path::Path;
|
2020-05-30 19:08:54 -07:00
|
|
|
use crate::body::Body;
|
2018-12-28 21:53:29 -06:00
|
|
|
use crate::json;
|
|
|
|
|
use crate::mp4;
|
2021-02-16 22:15:54 -08:00
|
|
|
use base::{bail_t, ErrorKind};
|
2021-03-10 16:18:47 -08:00
|
|
|
use base::{clock::Clocks, format_err_t};
|
2016-11-25 14:34:00 -08:00
|
|
|
use core::borrow::Borrow;
|
|
|
|
|
use core::str::FromStr;
|
2018-12-28 21:53:29 -06:00
|
|
|
use db::dir::SampleFileDir;
|
2021-02-16 22:15:54 -08:00
|
|
|
use db::{auth, recording};
|
2021-10-21 10:25:37 -07:00
|
|
|
use failure::{format_err, Error};
|
2018-02-11 22:45:51 -08:00
|
|
|
use fnv::FnvHashMap;
|
2020-02-28 21:41:31 -08:00
|
|
|
use futures::stream::StreamExt;
|
2021-03-25 23:01:38 -07:00
|
|
|
use futures::{future::Either, sink::SinkExt};
|
2018-08-29 22:26:19 -07:00
|
|
|
use http::header::{self, HeaderValue};
|
2021-09-01 15:01:42 -07:00
|
|
|
use http::method::Method;
|
2021-02-16 22:15:54 -08:00
|
|
|
use http::{status::StatusCode, Request, Response};
|
2020-05-29 21:20:14 -07:00
|
|
|
use http_serve::dir::FsDir;
|
2021-02-16 22:15:54 -08:00
|
|
|
use hyper::body::Bytes;
|
2021-06-04 23:28:48 -07:00
|
|
|
use log::{debug, info, trace, warn};
|
2020-05-29 21:20:14 -07:00
|
|
|
use memchr::memchr;
|
2021-02-16 22:15:54 -08:00
|
|
|
use nom::bytes::complete::{tag, take_while1};
|
2020-04-17 23:02:02 -07:00
|
|
|
use nom::combinator::{all_consuming, map, map_res, opt};
|
|
|
|
|
use nom::sequence::{preceded, tuple};
|
2021-02-16 22:15:54 -08:00
|
|
|
use nom::IResult;
|
2016-12-20 22:08:18 -08:00
|
|
|
use std::cmp;
|
2021-02-16 22:15:54 -08:00
|
|
|
use std::convert::TryFrom;
|
2018-11-28 14:22:30 -08:00
|
|
|
use std::net::IpAddr;
|
2016-12-08 21:28:50 -08:00
|
|
|
use std::ops::Range;
|
2017-02-24 21:33:26 -08:00
|
|
|
use std::sync::Arc;
|
2020-02-28 21:41:31 -08:00
|
|
|
use tokio_tungstenite::tungstenite;
|
2016-11-25 14:34:00 -08:00
|
|
|
use url::form_urlencoded;
|
|
|
|
|
use uuid::Uuid;
|
|
|
|
|
|
2021-03-10 16:18:47 -08:00
|
|
|
/// An HTTP error response.
|
|
|
|
|
/// This is a thin wrapper over the hyper response type; it doesn't even verify
|
|
|
|
|
/// that the response actually uses a non-2xx status code. Its purpose is to
|
|
|
|
|
/// allow automatic conversion from `base::Error`. Rust's orphan rule prevents
|
|
|
|
|
/// this crate from defining a direct conversion from `base::Error` to
|
|
|
|
|
/// `hyper::Response`.
|
|
|
|
|
struct HttpError(Response<Body>);
|
|
|
|
|
|
|
|
|
|
impl From<Response<Body>> for HttpError {
|
|
|
|
|
fn from(response: Response<Body>) -> Self {
|
|
|
|
|
HttpError(response)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl From<base::Error> for HttpError {
|
|
|
|
|
fn from(err: base::Error) -> Self {
|
|
|
|
|
HttpError(from_base_error(err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-25 21:31:50 -08:00
|
|
|
fn plain_response<B: Into<Body>>(status: http::StatusCode, body: B) -> Response<Body> {
|
|
|
|
|
Response::builder()
|
|
|
|
|
.status(status)
|
|
|
|
|
.header(header::CONTENT_TYPE, HeaderValue::from_static("text/plain"))
|
2021-02-16 22:15:54 -08:00
|
|
|
.body(body.into())
|
|
|
|
|
.expect("hardcoded head should be valid")
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
|
|
|
|
|
2021-03-10 16:18:47 -08:00
|
|
|
fn not_found<B: Into<Body>>(body: B) -> HttpError {
|
|
|
|
|
HttpError(plain_response(StatusCode::NOT_FOUND, body))
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
|
|
|
|
|
2021-03-10 16:18:47 -08:00
|
|
|
fn bad_req<B: Into<Body>>(body: B) -> HttpError {
|
|
|
|
|
HttpError(plain_response(StatusCode::BAD_REQUEST, body))
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
|
|
|
|
|
2021-03-10 16:18:47 -08:00
|
|
|
fn internal_server_err<E: Into<Error>>(err: E) -> HttpError {
|
|
|
|
|
HttpError(plain_response(
|
|
|
|
|
StatusCode::INTERNAL_SERVER_ERROR,
|
|
|
|
|
err.into().to_string(),
|
|
|
|
|
))
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
|
|
|
|
|
2018-12-28 17:30:33 -06:00
|
|
|
fn from_base_error(err: base::Error) -> Response<Body> {
|
2021-03-10 16:18:47 -08:00
|
|
|
use ErrorKind::*;
|
2018-12-28 17:30:33 -06:00
|
|
|
let status_code = match err.kind() {
|
2021-03-10 16:18:47 -08:00
|
|
|
Unauthenticated => StatusCode::UNAUTHORIZED,
|
|
|
|
|
PermissionDenied => StatusCode::FORBIDDEN,
|
|
|
|
|
InvalidArgument | FailedPrecondition => StatusCode::BAD_REQUEST,
|
|
|
|
|
NotFound => StatusCode::NOT_FOUND,
|
2018-12-28 17:30:33 -06:00
|
|
|
_ => StatusCode::INTERNAL_SERVER_ERROR,
|
|
|
|
|
};
|
|
|
|
|
plain_response(status_code, err.to_string())
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-20 22:08:18 -08:00
|
|
|
#[derive(Debug, Eq, PartialEq)]
|
|
|
|
|
struct Segments {
|
|
|
|
|
ids: Range<i32>,
|
2018-03-02 11:38:11 -08:00
|
|
|
open_id: Option<u32>,
|
2016-12-20 22:08:18 -08:00
|
|
|
start_time: i64,
|
|
|
|
|
end_time: Option<i64>,
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-23 00:23:03 -08:00
|
|
|
fn num<'a, T: FromStr>() -> impl FnMut(&'a str) -> IResult<&'a str, T> {
|
2020-04-17 23:02:02 -07:00
|
|
|
map_res(take_while1(|c: char| c.is_ascii_digit()), FromStr::from_str)
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-20 22:08:18 -08:00
|
|
|
impl Segments {
|
2020-04-17 23:02:02 -07:00
|
|
|
/// Parses the `s` query parameter to `view.mp4` as described in `design/api.md`.
|
|
|
|
|
/// Doesn't do any validation.
|
|
|
|
|
fn parse(i: &str) -> IResult<&str, Segments> {
|
|
|
|
|
// Parse START_ID[-END_ID] into Range<i32>.
|
|
|
|
|
// Note that END_ID is inclusive, but Ranges are half-open.
|
2021-02-16 22:15:54 -08:00
|
|
|
let (i, ids) = map(
|
|
|
|
|
tuple((num::<i32>(), opt(preceded(tag("-"), num::<i32>())))),
|
|
|
|
|
|(start, end)| start..end.unwrap_or(start) + 1,
|
|
|
|
|
)(i)?;
|
2020-04-17 23:02:02 -07:00
|
|
|
|
|
|
|
|
// Parse [@OPEN_ID] into Option<u32>.
|
|
|
|
|
let (i, open_id) = opt(preceded(tag("@"), num::<u32>()))(i)?;
|
|
|
|
|
|
|
|
|
|
// Parse [.[REL_START_TIME]-[REL_END_TIME]] into (i64, Option<i64>).
|
|
|
|
|
let (i, (start_time, end_time)) = map(
|
2021-02-16 22:15:54 -08:00
|
|
|
opt(preceded(
|
|
|
|
|
tag("."),
|
|
|
|
|
tuple((opt(num::<i64>()), tag("-"), opt(num::<i64>()))),
|
|
|
|
|
)),
|
|
|
|
|
|t| t.map(|(s, _, e)| (s.unwrap_or(0), e)).unwrap_or((0, None)),
|
|
|
|
|
)(i)?;
|
|
|
|
|
|
|
|
|
|
Ok((
|
|
|
|
|
i,
|
|
|
|
|
Segments {
|
|
|
|
|
ids,
|
|
|
|
|
open_id,
|
|
|
|
|
start_time,
|
|
|
|
|
end_time,
|
|
|
|
|
},
|
|
|
|
|
))
|
2020-04-17 23:02:02 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl FromStr for Segments {
|
|
|
|
|
type Err = ();
|
|
|
|
|
|
|
|
|
|
fn from_str(s: &str) -> Result<Self, Self::Err> {
|
|
|
|
|
let (_, s) = all_consuming(Segments::parse)(s).map_err(|_| ())?;
|
|
|
|
|
if s.ids.end <= s.ids.start {
|
2016-12-20 22:08:18 -08:00
|
|
|
return Err(());
|
|
|
|
|
}
|
2020-04-17 23:02:02 -07:00
|
|
|
if let Some(e) = s.end_time {
|
|
|
|
|
if e < s.start_time {
|
|
|
|
|
return Err(());
|
|
|
|
|
}
|
2016-12-20 22:08:18 -08:00
|
|
|
}
|
2020-04-17 23:02:02 -07:00
|
|
|
Ok(s)
|
2016-12-20 22:08:18 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-19 15:17:50 -07:00
|
|
|
struct Caller {
|
|
|
|
|
permissions: db::Permissions,
|
2021-09-01 15:01:42 -07:00
|
|
|
user: Option<json::ToplevelUser>,
|
2019-06-19 15:17:50 -07:00
|
|
|
}
|
|
|
|
|
|
2021-03-10 16:18:47 -08:00
|
|
|
type ResponseResult = Result<Response<Body>, HttpError>;
|
2016-11-25 14:34:00 -08:00
|
|
|
|
2019-06-06 16:18:13 -07:00
|
|
|
fn serve_json<T: serde::ser::Serialize>(req: &Request<hyper::Body>, out: &T) -> ResponseResult {
|
|
|
|
|
let (mut resp, writer) = http_serve::streaming_body(&req).build();
|
2021-02-16 22:15:54 -08:00
|
|
|
resp.headers_mut().insert(
|
|
|
|
|
header::CONTENT_TYPE,
|
|
|
|
|
HeaderValue::from_static("application/json"),
|
|
|
|
|
);
|
2019-06-06 16:18:13 -07:00
|
|
|
if let Some(mut w) = writer {
|
|
|
|
|
serde_json::to_writer(&mut w, out).map_err(internal_server_err)?;
|
|
|
|
|
}
|
|
|
|
|
Ok(resp)
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-30 19:08:54 -07:00
|
|
|
fn csrf_matches(csrf: &str, session: auth::SessionHash) -> bool {
|
|
|
|
|
let mut b64 = [0u8; 32];
|
|
|
|
|
session.encode_base64(&mut b64);
|
|
|
|
|
::ring::constant_time::verify_slices_are_equal(&b64[..], csrf.as_bytes()).is_ok()
|
|
|
|
|
}
|
2017-10-21 21:54:27 -07:00
|
|
|
|
2020-05-30 19:08:54 -07:00
|
|
|
/// Extracts `s` cookie from the HTTP request. Does not authenticate.
|
|
|
|
|
fn extract_sid(req: &Request<hyper::Body>) -> Option<auth::RawSessionId> {
|
|
|
|
|
let hdr = match req.headers().get(header::COOKIE) {
|
|
|
|
|
None => return None,
|
|
|
|
|
Some(c) => c,
|
|
|
|
|
};
|
|
|
|
|
for mut cookie in hdr.as_bytes().split(|&b| b == b';') {
|
|
|
|
|
if cookie.starts_with(b" ") {
|
|
|
|
|
cookie = &cookie[1..];
|
|
|
|
|
}
|
|
|
|
|
if cookie.starts_with(b"s=") {
|
|
|
|
|
let s = &cookie[2..];
|
|
|
|
|
if let Ok(s) = auth::RawSessionId::decode_base64(s) {
|
|
|
|
|
return Some(s);
|
2019-06-19 15:17:50 -07:00
|
|
|
}
|
|
|
|
|
}
|
2016-11-25 14:34:00 -08:00
|
|
|
}
|
2020-05-30 19:08:54 -07:00
|
|
|
None
|
|
|
|
|
}
|
2016-11-25 14:34:00 -08:00
|
|
|
|
2020-05-30 19:08:54 -07:00
|
|
|
/// Extracts an `application/json` POST body from a request.
|
|
|
|
|
///
|
|
|
|
|
/// This returns the request body as bytes rather than performing
|
|
|
|
|
/// deserialization. Keeping the bytes allows the caller to use a `Deserialize`
|
|
|
|
|
/// that borrows from the bytes.
|
2021-03-10 16:18:47 -08:00
|
|
|
async fn extract_json_body(req: &mut Request<hyper::Body>) -> Result<Bytes, HttpError> {
|
2021-09-01 15:01:42 -07:00
|
|
|
if *req.method() != Method::POST {
|
2021-03-10 16:18:47 -08:00
|
|
|
return Err(plain_response(StatusCode::METHOD_NOT_ALLOWED, "POST expected").into());
|
2020-05-30 19:08:54 -07:00
|
|
|
}
|
|
|
|
|
let correct_mime_type = match req.headers().get(header::CONTENT_TYPE) {
|
|
|
|
|
Some(t) if t == "application/json" => true,
|
|
|
|
|
Some(t) if t == "application/json; charset=UTF-8" => true,
|
2021-02-16 22:15:54 -08:00
|
|
|
_ => false,
|
2020-05-30 19:08:54 -07:00
|
|
|
};
|
|
|
|
|
if !correct_mime_type {
|
|
|
|
|
return Err(bad_req("expected application/json request body"));
|
2016-11-25 14:34:00 -08:00
|
|
|
}
|
2020-05-30 19:08:54 -07:00
|
|
|
let b = ::std::mem::replace(req.body_mut(), hyper::Body::empty());
|
2021-02-16 22:15:54 -08:00
|
|
|
hyper::body::to_bytes(b)
|
|
|
|
|
.await
|
2020-05-30 19:08:54 -07:00
|
|
|
.map_err(|e| internal_server_err(format_err!("unable to read request body: {}", e)))
|
|
|
|
|
}
|
2016-11-25 14:34:00 -08:00
|
|
|
|
2020-05-30 19:08:54 -07:00
|
|
|
pub struct Config<'a> {
|
|
|
|
|
pub db: Arc<db::Database>,
|
|
|
|
|
pub ui_dir: Option<&'a std::path::Path>,
|
|
|
|
|
pub trust_forward_hdrs: bool,
|
|
|
|
|
pub time_zone_name: String,
|
|
|
|
|
pub allow_unauthenticated_permissions: Option<db::Permissions>,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub struct Service {
|
|
|
|
|
db: Arc<db::Database>,
|
|
|
|
|
ui_dir: Option<Arc<FsDir>>,
|
|
|
|
|
dirs_by_stream_id: Arc<FnvHashMap<i32, Arc<SampleFileDir>>>,
|
|
|
|
|
time_zone_name: String,
|
|
|
|
|
allow_unauthenticated_permissions: Option<db::Permissions>,
|
|
|
|
|
trust_forward_hdrs: bool,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Useful HTTP `Cache-Control` values to set on successful (HTTP 200) API responses.
|
|
|
|
|
enum CacheControl {
|
|
|
|
|
/// For endpoints which have private data that may change from request to request.
|
|
|
|
|
PrivateDynamic,
|
|
|
|
|
|
|
|
|
|
/// For endpoints which rarely change for a given URL.
|
|
|
|
|
/// E.g., a fixed segment of video. The underlying video logically never changes; there may
|
|
|
|
|
/// rarely be some software change to the actual bytes (which would result in a new etag) so
|
|
|
|
|
/// (unlike the content-hashed static content) it's not entirely immutable.
|
|
|
|
|
PrivateStatic,
|
|
|
|
|
|
|
|
|
|
None,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl Service {
|
|
|
|
|
pub fn new(config: Config) -> Result<Self, Error> {
|
|
|
|
|
let mut ui_dir = None;
|
|
|
|
|
if let Some(d) = config.ui_dir {
|
|
|
|
|
match FsDir::builder().for_path(&d) {
|
|
|
|
|
Err(e) => {
|
2021-02-16 22:15:54 -08:00
|
|
|
warn!(
|
|
|
|
|
"Unable to load --ui-dir={}; will serve no static files: {}",
|
|
|
|
|
d.display(),
|
|
|
|
|
e
|
|
|
|
|
);
|
|
|
|
|
}
|
2020-05-30 19:08:54 -07:00
|
|
|
Ok(d) => ui_dir = Some(d),
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
let dirs_by_stream_id = {
|
|
|
|
|
let l = config.db.lock();
|
|
|
|
|
let mut d =
|
|
|
|
|
FnvHashMap::with_capacity_and_hasher(l.streams_by_id().len(), Default::default());
|
|
|
|
|
for (&id, s) in l.streams_by_id().iter() {
|
|
|
|
|
let dir_id = match s.sample_file_dir_id {
|
|
|
|
|
Some(d) => d,
|
|
|
|
|
None => continue,
|
2017-10-17 09:00:05 -07:00
|
|
|
};
|
2021-02-16 22:15:54 -08:00
|
|
|
d.insert(id, l.sample_file_dirs_by_id().get(&dir_id).unwrap().get()?);
|
2017-10-17 09:00:05 -07:00
|
|
|
}
|
2020-05-30 19:08:54 -07:00
|
|
|
Arc::new(d)
|
2020-03-13 21:20:51 -07:00
|
|
|
};
|
2016-11-25 14:34:00 -08:00
|
|
|
|
2020-05-30 19:08:54 -07:00
|
|
|
Ok(Service {
|
|
|
|
|
db: config.db,
|
|
|
|
|
dirs_by_stream_id,
|
|
|
|
|
ui_dir,
|
|
|
|
|
allow_unauthenticated_permissions: config.allow_unauthenticated_permissions,
|
|
|
|
|
trust_forward_hdrs: config.trust_forward_hdrs,
|
|
|
|
|
time_zone_name: config.time_zone_name,
|
|
|
|
|
})
|
2017-10-01 15:29:22 -07:00
|
|
|
}
|
|
|
|
|
|
2021-02-16 22:15:54 -08:00
|
|
|
fn stream_live_m4s(
|
|
|
|
|
self: Arc<Self>,
|
|
|
|
|
req: Request<::hyper::Body>,
|
|
|
|
|
caller: Caller,
|
|
|
|
|
uuid: Uuid,
|
|
|
|
|
stream_type: db::StreamType,
|
|
|
|
|
) -> ResponseResult {
|
2019-06-19 15:17:50 -07:00
|
|
|
if !caller.permissions.view_video {
|
2021-03-10 16:18:47 -08:00
|
|
|
bail_t!(PermissionDenied, "view_video required");
|
2019-06-19 15:17:50 -07:00
|
|
|
}
|
2020-05-30 19:08:54 -07:00
|
|
|
|
|
|
|
|
let stream_id;
|
|
|
|
|
let open_id;
|
|
|
|
|
let (sub_tx, sub_rx) = futures::channel::mpsc::unbounded();
|
2020-02-16 23:16:19 -08:00
|
|
|
{
|
2020-05-30 19:08:54 -07:00
|
|
|
let mut db = self.db.lock();
|
|
|
|
|
open_id = match db.open {
|
2021-02-16 22:15:54 -08:00
|
|
|
None => {
|
2021-03-10 16:18:47 -08:00
|
|
|
bail_t!(
|
|
|
|
|
FailedPrecondition,
|
|
|
|
|
"database is read-only; there are no live streams"
|
|
|
|
|
);
|
2021-02-16 22:15:54 -08:00
|
|
|
}
|
2020-05-30 19:08:54 -07:00
|
|
|
Some(o) => o.id,
|
|
|
|
|
};
|
2021-02-16 22:15:54 -08:00
|
|
|
let camera = db.get_camera(uuid).ok_or_else(|| {
|
|
|
|
|
plain_response(StatusCode::NOT_FOUND, format!("no such camera {}", uuid))
|
|
|
|
|
})?;
|
|
|
|
|
stream_id = camera.streams[stream_type.index()].ok_or_else(|| {
|
2021-03-10 16:18:47 -08:00
|
|
|
format_err_t!(NotFound, "no such stream {}/{}", uuid, stream_type)
|
2021-02-16 22:15:54 -08:00
|
|
|
})?;
|
|
|
|
|
db.watch_live(
|
|
|
|
|
stream_id,
|
|
|
|
|
Box::new(move |l| sub_tx.unbounded_send(l).is_ok()),
|
|
|
|
|
)
|
|
|
|
|
.expect("stream_id refed by camera");
|
2020-05-30 19:08:54 -07:00
|
|
|
}
|
|
|
|
|
|
2021-01-27 11:47:52 -08:00
|
|
|
let response =
|
2021-02-16 22:15:54 -08:00
|
|
|
tungstenite::handshake::server::create_response_with_body(&req, hyper::Body::empty)
|
|
|
|
|
.map_err(|e| bad_req(e.to_string()))?;
|
2021-01-27 11:47:52 -08:00
|
|
|
let (parts, _) = response.into_parts();
|
2020-05-30 19:08:54 -07:00
|
|
|
|
2021-01-27 11:47:52 -08:00
|
|
|
tokio::spawn(self.stream_live_m4s_ws(stream_id, open_id, req, sub_rx));
|
2020-05-30 19:08:54 -07:00
|
|
|
|
|
|
|
|
Ok(Response::from_parts(parts, Body::from("")))
|
|
|
|
|
}
|
2020-02-16 23:16:19 -08:00
|
|
|
|
2020-05-30 19:08:54 -07:00
|
|
|
async fn stream_live_m4s_ws(
|
2021-02-16 22:15:54 -08:00
|
|
|
self: Arc<Self>,
|
|
|
|
|
stream_id: i32,
|
|
|
|
|
open_id: u32,
|
|
|
|
|
req: hyper::Request<hyper::Body>,
|
2021-03-25 23:01:38 -07:00
|
|
|
sub_rx: futures::channel::mpsc::UnboundedReceiver<db::LiveSegment>,
|
2021-02-16 22:15:54 -08:00
|
|
|
) {
|
2021-01-27 11:47:52 -08:00
|
|
|
let upgraded = match hyper::upgrade::on(req).await {
|
2020-05-30 19:08:54 -07:00
|
|
|
Ok(u) => u,
|
|
|
|
|
Err(e) => {
|
|
|
|
|
warn!("Unable to upgrade stream to websocket: {}", e);
|
|
|
|
|
return;
|
2021-02-16 22:15:54 -08:00
|
|
|
}
|
2016-11-25 14:34:00 -08:00
|
|
|
};
|
2021-03-25 23:01:38 -07:00
|
|
|
let ws = tokio_tungstenite::WebSocketStream::from_raw_socket(
|
2020-05-30 19:08:54 -07:00
|
|
|
upgraded,
|
|
|
|
|
tungstenite::protocol::Role::Server,
|
|
|
|
|
None,
|
2021-02-16 22:15:54 -08:00
|
|
|
)
|
|
|
|
|
.await;
|
2020-08-07 15:30:22 -07:00
|
|
|
|
2021-03-25 23:01:38 -07:00
|
|
|
if let Err(e) = self
|
|
|
|
|
.stream_live_m4s_ws_loop(stream_id, open_id, sub_rx, ws)
|
|
|
|
|
.await
|
|
|
|
|
{
|
|
|
|
|
info!("Dropping WebSocket after error: {}", e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Helper for `stream_live_m4s_ws` that returns error when the stream is dropped.
|
|
|
|
|
/// The outer function logs the error.
|
|
|
|
|
async fn stream_live_m4s_ws_loop(
|
|
|
|
|
self: Arc<Self>,
|
|
|
|
|
stream_id: i32,
|
|
|
|
|
open_id: u32,
|
|
|
|
|
sub_rx: futures::channel::mpsc::UnboundedReceiver<db::LiveSegment>,
|
|
|
|
|
mut ws: tokio_tungstenite::WebSocketStream<hyper::upgrade::Upgraded>,
|
|
|
|
|
) -> Result<(), Error> {
|
|
|
|
|
let keepalive = tokio_stream::wrappers::IntervalStream::new(tokio::time::interval(
|
|
|
|
|
std::time::Duration::new(30, 0),
|
|
|
|
|
));
|
|
|
|
|
let mut combo = futures::stream::select(
|
2021-05-17 14:31:50 -07:00
|
|
|
sub_rx.map(Either::Left),
|
2021-03-25 23:01:38 -07:00
|
|
|
keepalive.map(|_| Either::Right(())),
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
// On the first LiveSegment, send all the data from the previous key frame onward.
|
|
|
|
|
// For LiveSegments, it's okay to send a single non-key frame at a time.
|
2020-08-07 15:30:22 -07:00
|
|
|
let mut start_at_key = true;
|
2020-05-30 19:08:54 -07:00
|
|
|
loop {
|
2021-03-25 23:01:38 -07:00
|
|
|
let next = combo
|
|
|
|
|
.next()
|
2021-02-16 22:15:54 -08:00
|
|
|
.await
|
2021-03-25 23:01:38 -07:00
|
|
|
.unwrap_or_else(|| unreachable!("timer stream never ends"));
|
|
|
|
|
match next {
|
|
|
|
|
Either::Left(live) => {
|
|
|
|
|
self.stream_live_m4s_chunk(open_id, stream_id, &mut ws, live, start_at_key)
|
|
|
|
|
.await?;
|
|
|
|
|
start_at_key = false;
|
|
|
|
|
}
|
|
|
|
|
Either::Right(_) => {
|
|
|
|
|
ws.send(tungstenite::Message::Ping(Vec::new())).await?;
|
|
|
|
|
}
|
2020-05-30 19:08:54 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-25 23:01:38 -07:00
|
|
|
/// Sends a single live segment chunk of a `live.m4s` stream.
|
2020-05-30 19:08:54 -07:00
|
|
|
async fn stream_live_m4s_chunk(
|
2021-02-16 22:15:54 -08:00
|
|
|
&self,
|
|
|
|
|
open_id: u32,
|
|
|
|
|
stream_id: i32,
|
2020-05-30 19:08:54 -07:00
|
|
|
ws: &mut tokio_tungstenite::WebSocketStream<hyper::upgrade::Upgraded>,
|
2021-02-16 22:15:54 -08:00
|
|
|
live: db::LiveSegment,
|
|
|
|
|
start_at_key: bool,
|
|
|
|
|
) -> Result<(), Error> {
|
2020-05-30 19:08:54 -07:00
|
|
|
let mut builder = mp4::FileBuilder::new(mp4::Type::MediaSegment);
|
2020-06-09 22:06:03 -07:00
|
|
|
let mut row = None;
|
2020-05-30 19:08:54 -07:00
|
|
|
{
|
|
|
|
|
let db = self.db.lock();
|
|
|
|
|
let mut rows = 0;
|
2021-02-16 22:15:54 -08:00
|
|
|
db.list_recordings_by_id(stream_id, live.recording..live.recording + 1, &mut |r| {
|
2020-05-30 19:08:54 -07:00
|
|
|
rows += 1;
|
2020-06-09 22:06:03 -07:00
|
|
|
row = Some(r);
|
2020-08-07 15:30:22 -07:00
|
|
|
builder.append(&db, r, live.media_off_90k.clone(), start_at_key)?;
|
2020-05-30 19:08:54 -07:00
|
|
|
Ok(())
|
|
|
|
|
})?;
|
|
|
|
|
if rows != 1 {
|
|
|
|
|
bail_t!(Internal, "unable to find {:?}", live);
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-06-09 22:06:03 -07:00
|
|
|
let row = row.unwrap();
|
2020-05-30 19:08:54 -07:00
|
|
|
use http_serve::Entity;
|
|
|
|
|
let mp4 = builder.build(self.db.clone(), self.dirs_by_stream_id.clone())?;
|
|
|
|
|
let mut hdrs = header::HeaderMap::new();
|
|
|
|
|
mp4.add_headers(&mut hdrs);
|
|
|
|
|
let mime_type = hdrs.get(header::CONTENT_TYPE).unwrap();
|
2020-08-04 21:44:01 -07:00
|
|
|
let (prev_media_duration, prev_runs) = row.prev_media_duration_and_runs.unwrap();
|
2020-05-30 19:08:54 -07:00
|
|
|
let hdr = format!(
|
|
|
|
|
"Content-Type: {}\r\n\
|
|
|
|
|
X-Recording-Start: {}\r\n\
|
|
|
|
|
X-Recording-Id: {}.{}\r\n\
|
2020-08-07 10:16:06 -07:00
|
|
|
X-Media-Time-Range: {}-{}\r\n\
|
2020-08-04 21:44:01 -07:00
|
|
|
X-Prev-Media-Duration: {}\r\n\
|
2020-06-09 22:06:03 -07:00
|
|
|
X-Runs: {}\r\n\
|
2020-06-02 22:58:11 -07:00
|
|
|
X-Video-Sample-Entry-Id: {}\r\n\r\n",
|
2020-05-30 19:08:54 -07:00
|
|
|
mime_type.to_str().unwrap(),
|
2020-06-09 22:06:03 -07:00
|
|
|
row.start.0,
|
2020-05-30 19:08:54 -07:00
|
|
|
open_id,
|
|
|
|
|
live.recording,
|
2020-08-07 10:16:06 -07:00
|
|
|
live.media_off_90k.start,
|
|
|
|
|
live.media_off_90k.end,
|
2020-08-04 21:44:01 -07:00
|
|
|
prev_media_duration.0,
|
2020-06-09 22:06:03 -07:00
|
|
|
prev_runs + if row.run_offset == 0 { 1 } else { 0 },
|
2021-02-16 22:15:54 -08:00
|
|
|
&row.video_sample_entry_id
|
|
|
|
|
);
|
2020-06-09 22:06:03 -07:00
|
|
|
let mut v = hdr.into_bytes();
|
2020-05-30 19:08:54 -07:00
|
|
|
mp4.append_into_vec(&mut v).await?;
|
|
|
|
|
ws.send(tungstenite::Message::Binary(v)).await?;
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async fn signals(&self, req: Request<hyper::Body>, caller: Caller) -> ResponseResult {
|
|
|
|
|
match *req.method() {
|
|
|
|
|
Method::POST => self.post_signals(req, caller).await,
|
|
|
|
|
Method::GET | Method::HEAD => self.get_signals(&req),
|
2021-02-16 22:15:54 -08:00
|
|
|
_ => Err(plain_response(
|
|
|
|
|
StatusCode::METHOD_NOT_ALLOWED,
|
|
|
|
|
"POST, GET, or HEAD expected",
|
2021-03-10 16:18:47 -08:00
|
|
|
)
|
|
|
|
|
.into()),
|
2020-05-30 19:08:54 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-10 16:18:47 -08:00
|
|
|
/// Serves an HTTP request.
|
|
|
|
|
/// Note that the `serve` wrapper handles responses the same whether they
|
|
|
|
|
/// are `Ok` or `Err`. But returning `Err` here with the `?` operator is
|
|
|
|
|
/// convenient for error paths.
|
2021-02-16 22:15:54 -08:00
|
|
|
async fn serve_inner(
|
|
|
|
|
self: Arc<Self>,
|
|
|
|
|
req: Request<::hyper::Body>,
|
|
|
|
|
p: Path,
|
|
|
|
|
caller: Caller,
|
|
|
|
|
) -> ResponseResult {
|
2020-05-30 19:08:54 -07:00
|
|
|
let (cache, mut response) = match p {
|
2021-02-16 22:15:54 -08:00
|
|
|
Path::InitSegment(sha1, debug) => (
|
|
|
|
|
CacheControl::PrivateStatic,
|
|
|
|
|
self.init_segment(sha1, debug, &req)?,
|
|
|
|
|
),
|
2020-05-30 19:08:54 -07:00
|
|
|
Path::TopLevel => (CacheControl::PrivateDynamic, self.top_level(&req, caller)?),
|
|
|
|
|
Path::Request => (CacheControl::PrivateDynamic, self.request(&req)?),
|
|
|
|
|
Path::Camera(uuid) => (CacheControl::PrivateDynamic, self.camera(&req, uuid)?),
|
2021-02-16 22:15:54 -08:00
|
|
|
Path::StreamRecordings(uuid, type_) => (
|
|
|
|
|
CacheControl::PrivateDynamic,
|
|
|
|
|
self.stream_recordings(&req, uuid, type_)?,
|
|
|
|
|
),
|
|
|
|
|
Path::StreamViewMp4(uuid, type_, debug) => (
|
|
|
|
|
CacheControl::PrivateStatic,
|
|
|
|
|
self.stream_view_mp4(&req, caller, uuid, type_, mp4::Type::Normal, debug)?,
|
|
|
|
|
),
|
|
|
|
|
Path::StreamViewMp4Segment(uuid, type_, debug) => (
|
|
|
|
|
CacheControl::PrivateStatic,
|
|
|
|
|
self.stream_view_mp4(&req, caller, uuid, type_, mp4::Type::MediaSegment, debug)?,
|
|
|
|
|
),
|
|
|
|
|
Path::StreamLiveMp4Segments(uuid, type_) => (
|
|
|
|
|
CacheControl::PrivateDynamic,
|
|
|
|
|
self.stream_live_m4s(req, caller, uuid, type_)?,
|
|
|
|
|
),
|
2020-05-30 19:08:54 -07:00
|
|
|
Path::NotFound => return Err(not_found("path not understood")),
|
|
|
|
|
Path::Login => (CacheControl::PrivateDynamic, self.login(req).await?),
|
|
|
|
|
Path::Logout => (CacheControl::PrivateDynamic, self.logout(req).await?),
|
2021-02-16 22:15:54 -08:00
|
|
|
Path::Signals => (
|
|
|
|
|
CacheControl::PrivateDynamic,
|
|
|
|
|
self.signals(req, caller).await?,
|
|
|
|
|
),
|
|
|
|
|
Path::Static => (CacheControl::None, self.static_file(req).await?),
|
2021-09-01 15:01:42 -07:00
|
|
|
Path::User(id) => (
|
|
|
|
|
CacheControl::PrivateDynamic,
|
|
|
|
|
self.user(req, caller, id).await?,
|
|
|
|
|
),
|
2020-05-30 19:08:54 -07:00
|
|
|
};
|
|
|
|
|
match cache {
|
|
|
|
|
CacheControl::PrivateStatic => {
|
2021-02-16 22:15:54 -08:00
|
|
|
response.headers_mut().insert(
|
|
|
|
|
header::CACHE_CONTROL,
|
|
|
|
|
HeaderValue::from_static("private, max-age=3600"),
|
|
|
|
|
);
|
|
|
|
|
}
|
2020-05-30 19:08:54 -07:00
|
|
|
CacheControl::PrivateDynamic => {
|
2021-02-16 22:15:54 -08:00
|
|
|
response.headers_mut().insert(
|
|
|
|
|
header::CACHE_CONTROL,
|
|
|
|
|
HeaderValue::from_static("private, no-cache"),
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
CacheControl::None => {}
|
2020-05-30 19:08:54 -07:00
|
|
|
}
|
|
|
|
|
Ok(response)
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-10 16:18:47 -08:00
|
|
|
/// Serves an HTTP request.
|
|
|
|
|
/// An error return from this method causes hyper to abruptly drop the
|
|
|
|
|
/// HTTP connection rather than respond. That's not terribly useful, so this
|
|
|
|
|
/// method always returns `Ok`. It delegates to a `serve_inner` which is
|
|
|
|
|
/// allowed to generate `Err` results with the `?` operator, but returns
|
|
|
|
|
/// them to hyper as `Ok` results.
|
2021-02-16 22:15:54 -08:00
|
|
|
pub async fn serve(
|
|
|
|
|
self: Arc<Self>,
|
|
|
|
|
req: Request<::hyper::Body>,
|
|
|
|
|
) -> Result<Response<Body>, std::convert::Infallible> {
|
2020-05-30 19:08:54 -07:00
|
|
|
let p = Path::decode(req.uri().path());
|
2021-05-17 14:31:50 -07:00
|
|
|
let always_allow_unauthenticated = matches!(
|
|
|
|
|
p,
|
|
|
|
|
Path::NotFound | Path::Request | Path::Login | Path::Logout | Path::Static
|
|
|
|
|
);
|
2020-05-30 19:08:54 -07:00
|
|
|
debug!("request on: {}: {:?}", req.uri(), p);
|
|
|
|
|
let caller = match self.authenticate(&req, always_allow_unauthenticated) {
|
|
|
|
|
Ok(c) => c,
|
|
|
|
|
Err(e) => return Ok(from_base_error(e)),
|
|
|
|
|
};
|
2021-03-10 16:18:47 -08:00
|
|
|
Ok(self
|
|
|
|
|
.serve_inner(req, p, caller)
|
|
|
|
|
.await
|
|
|
|
|
.unwrap_or_else(|e| e.0))
|
2020-05-30 19:08:54 -07:00
|
|
|
}
|
|
|
|
|
|
2019-06-19 15:17:50 -07:00
|
|
|
fn top_level(&self, req: &Request<::hyper::Body>, caller: Caller) -> ResponseResult {
|
2017-10-21 21:54:27 -07:00
|
|
|
let mut days = false;
|
2019-06-19 15:17:50 -07:00
|
|
|
let mut camera_configs = false;
|
2018-01-23 11:22:23 -08:00
|
|
|
if let Some(q) = req.uri().query() {
|
2017-10-21 21:54:27 -07:00
|
|
|
for (key, value) in form_urlencoded::parse(q.as_bytes()) {
|
2018-11-25 21:31:50 -08:00
|
|
|
let (key, value): (_, &str) = (key.borrow(), value.borrow());
|
2017-10-21 21:54:27 -07:00
|
|
|
match key {
|
|
|
|
|
"days" => days = value == "true",
|
2019-06-19 15:17:50 -07:00
|
|
|
"cameraConfigs" => camera_configs = value == "true",
|
2021-02-16 22:15:54 -08:00
|
|
|
_ => {}
|
2017-10-21 21:54:27 -07:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-17 14:31:50 -07:00
|
|
|
if camera_configs && !caller.permissions.read_camera_configs {
|
|
|
|
|
bail_t!(PermissionDenied, "read_camera_configs required");
|
2019-06-19 15:17:50 -07:00
|
|
|
}
|
|
|
|
|
|
2019-06-06 16:18:13 -07:00
|
|
|
let db = self.db.lock();
|
2021-02-16 22:15:54 -08:00
|
|
|
serve_json(
|
|
|
|
|
req,
|
|
|
|
|
&json::TopLevel {
|
|
|
|
|
time_zone_name: &self.time_zone_name,
|
2021-10-27 13:09:20 -07:00
|
|
|
server_version: env!("CARGO_PKG_VERSION"),
|
2021-02-16 22:15:54 -08:00
|
|
|
cameras: (&db, days, camera_configs),
|
2021-09-01 15:01:42 -07:00
|
|
|
user: caller.user,
|
2021-02-16 22:15:54 -08:00
|
|
|
signals: (&db, days),
|
|
|
|
|
signal_types: &db,
|
|
|
|
|
},
|
|
|
|
|
)
|
2016-11-25 14:34:00 -08:00
|
|
|
}
|
|
|
|
|
|
2018-11-25 21:31:50 -08:00
|
|
|
fn camera(&self, req: &Request<::hyper::Body>, uuid: Uuid) -> ResponseResult {
|
2019-06-06 16:18:13 -07:00
|
|
|
let db = self.db.lock();
|
2021-02-16 22:15:54 -08:00
|
|
|
let camera = db
|
|
|
|
|
.get_camera(uuid)
|
|
|
|
|
.ok_or_else(|| not_found(format!("no such camera {}", uuid)))?;
|
|
|
|
|
serve_json(
|
|
|
|
|
req,
|
|
|
|
|
&json::Camera::wrap(camera, &db, true, false).map_err(internal_server_err)?,
|
|
|
|
|
)
|
2016-11-25 14:34:00 -08:00
|
|
|
}
|
|
|
|
|
|
2021-02-16 22:15:54 -08:00
|
|
|
fn stream_recordings(
|
|
|
|
|
&self,
|
|
|
|
|
req: &Request<::hyper::Body>,
|
|
|
|
|
uuid: Uuid,
|
|
|
|
|
type_: db::StreamType,
|
|
|
|
|
) -> ResponseResult {
|
2017-10-17 09:00:05 -07:00
|
|
|
let (r, split) = {
|
2021-02-16 22:15:54 -08:00
|
|
|
let mut time = recording::Time::min_value()..recording::Time::max_value();
|
2017-10-17 09:00:05 -07:00
|
|
|
let mut split = recording::Duration(i64::max_value());
|
2018-01-23 11:22:23 -08:00
|
|
|
if let Some(q) = req.uri().query() {
|
2017-10-17 09:00:05 -07:00
|
|
|
for (key, value) in form_urlencoded::parse(q.as_bytes()) {
|
|
|
|
|
let (key, value) = (key.borrow(), value.borrow());
|
|
|
|
|
match key {
|
2018-11-25 21:31:50 -08:00
|
|
|
"startTime90k" => {
|
|
|
|
|
time.start = recording::Time::parse(value)
|
|
|
|
|
.map_err(|_| bad_req("unparseable startTime90k"))?
|
2021-02-16 22:15:54 -08:00
|
|
|
}
|
2018-11-25 21:31:50 -08:00
|
|
|
"endTime90k" => {
|
|
|
|
|
time.end = recording::Time::parse(value)
|
|
|
|
|
.map_err(|_| bad_req("unparseable endTime90k"))?
|
2021-02-16 22:15:54 -08:00
|
|
|
}
|
2018-11-25 21:31:50 -08:00
|
|
|
"split90k" => {
|
2021-02-16 22:15:54 -08:00
|
|
|
split = recording::Duration(
|
|
|
|
|
i64::from_str(value)
|
|
|
|
|
.map_err(|_| bad_req("unparseable split90k"))?,
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
_ => {}
|
2017-10-17 09:00:05 -07:00
|
|
|
}
|
2021-02-16 22:15:54 -08:00
|
|
|
}
|
2017-10-17 09:00:05 -07:00
|
|
|
}
|
|
|
|
|
(time, split)
|
|
|
|
|
};
|
2020-03-13 21:20:51 -07:00
|
|
|
let db = self.db.lock();
|
|
|
|
|
let mut out = json::ListRecordings {
|
|
|
|
|
recordings: Vec::new(),
|
|
|
|
|
video_sample_entries: (&db, Vec::new()),
|
|
|
|
|
};
|
2021-02-16 22:15:54 -08:00
|
|
|
let camera = db.get_camera(uuid).ok_or_else(|| {
|
|
|
|
|
plain_response(StatusCode::NOT_FOUND, format!("no such camera {}", uuid))
|
|
|
|
|
})?;
|
|
|
|
|
let stream_id = camera.streams[type_.index()].ok_or_else(|| {
|
|
|
|
|
plain_response(
|
|
|
|
|
StatusCode::NOT_FOUND,
|
|
|
|
|
format!("no such stream {}/{}", uuid, type_),
|
|
|
|
|
)
|
|
|
|
|
})?;
|
2020-03-13 21:20:51 -07:00
|
|
|
db.list_aggregated_recordings(stream_id, r, split, &mut |row| {
|
2021-02-16 22:15:54 -08:00
|
|
|
let end = row.ids.end - 1; // in api, ids are inclusive.
|
2020-03-13 21:20:51 -07:00
|
|
|
out.recordings.push(json::Recording {
|
|
|
|
|
start_id: row.ids.start,
|
2021-02-16 22:15:54 -08:00
|
|
|
end_id: if end == row.ids.start {
|
|
|
|
|
None
|
|
|
|
|
} else {
|
|
|
|
|
Some(end)
|
|
|
|
|
},
|
2020-03-13 21:20:51 -07:00
|
|
|
start_time_90k: row.time.start.0,
|
|
|
|
|
end_time_90k: row.time.end.0,
|
|
|
|
|
sample_file_bytes: row.sample_file_bytes,
|
|
|
|
|
open_id: row.open_id,
|
|
|
|
|
first_uncommitted: row.first_uncommitted,
|
|
|
|
|
video_samples: row.video_samples,
|
2021-02-22 13:46:51 -08:00
|
|
|
video_sample_entry_id: row.video_sample_entry_id,
|
2020-03-13 21:20:51 -07:00
|
|
|
growing: row.growing,
|
2021-10-10 16:13:57 -07:00
|
|
|
has_trailing_zero: row.has_trailing_zero,
|
2020-03-13 21:20:51 -07:00
|
|
|
});
|
2021-02-16 22:15:54 -08:00
|
|
|
if !out
|
|
|
|
|
.video_sample_entries
|
|
|
|
|
.1
|
|
|
|
|
.contains(&row.video_sample_entry_id)
|
|
|
|
|
{
|
2020-03-13 21:20:51 -07:00
|
|
|
out.video_sample_entries.1.push(row.video_sample_entry_id);
|
|
|
|
|
}
|
|
|
|
|
Ok(())
|
2021-02-16 22:15:54 -08:00
|
|
|
})
|
|
|
|
|
.map_err(internal_server_err)?;
|
2019-06-06 16:18:13 -07:00
|
|
|
serve_json(req, &out)
|
2016-11-25 14:34:00 -08:00
|
|
|
}
|
|
|
|
|
|
2021-02-16 22:15:54 -08:00
|
|
|
fn init_segment(&self, id: i32, debug: bool, req: &Request<::hyper::Body>) -> ResponseResult {
|
2017-10-01 15:29:22 -07:00
|
|
|
let mut builder = mp4::FileBuilder::new(mp4::Type::InitSegment);
|
|
|
|
|
let db = self.db.lock();
|
2021-02-16 22:15:54 -08:00
|
|
|
let ent = db
|
|
|
|
|
.video_sample_entries_by_id()
|
|
|
|
|
.get(&id)
|
2020-03-20 20:52:30 -07:00
|
|
|
.ok_or_else(|| not_found("not such init segment"))?;
|
|
|
|
|
builder.append_video_sample_entry(ent.clone());
|
2021-02-16 22:15:54 -08:00
|
|
|
let mp4 = builder
|
|
|
|
|
.build(self.db.clone(), self.dirs_by_stream_id.clone())
|
2020-03-20 20:52:30 -07:00
|
|
|
.map_err(from_base_error)?;
|
|
|
|
|
if debug {
|
|
|
|
|
Ok(plain_response(StatusCode::OK, format!("{:#?}", mp4)))
|
|
|
|
|
} else {
|
|
|
|
|
Ok(http_serve::serve(mp4, req))
|
2017-10-01 15:29:22 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-16 22:15:54 -08:00
|
|
|
fn stream_view_mp4(
|
|
|
|
|
&self,
|
|
|
|
|
req: &Request<::hyper::Body>,
|
|
|
|
|
caller: Caller,
|
|
|
|
|
uuid: Uuid,
|
|
|
|
|
stream_type: db::StreamType,
|
|
|
|
|
mp4_type: mp4::Type,
|
|
|
|
|
debug: bool,
|
|
|
|
|
) -> ResponseResult {
|
2019-06-19 15:17:50 -07:00
|
|
|
if !caller.permissions.view_video {
|
2021-03-10 16:18:47 -08:00
|
|
|
bail_t!(PermissionDenied, "view_video required");
|
2019-06-19 15:17:50 -07:00
|
|
|
}
|
2020-02-16 23:16:19 -08:00
|
|
|
let (stream_id, camera_name);
|
|
|
|
|
{
|
2016-11-25 14:34:00 -08:00
|
|
|
let db = self.db.lock();
|
2021-02-16 22:15:54 -08:00
|
|
|
let camera = db.get_camera(uuid).ok_or_else(|| {
|
|
|
|
|
plain_response(StatusCode::NOT_FOUND, format!("no such camera {}", uuid))
|
|
|
|
|
})?;
|
2020-02-16 23:16:19 -08:00
|
|
|
camera_name = camera.short_name.clone();
|
2021-02-16 22:15:54 -08:00
|
|
|
stream_id = camera.streams[stream_type.index()].ok_or_else(|| {
|
|
|
|
|
plain_response(
|
|
|
|
|
StatusCode::NOT_FOUND,
|
|
|
|
|
format!("no such stream {}/{}", uuid, stream_type),
|
|
|
|
|
)
|
|
|
|
|
})?;
|
2016-11-25 14:34:00 -08:00
|
|
|
};
|
2020-02-16 23:16:19 -08:00
|
|
|
let mut start_time_for_filename = None;
|
2019-01-21 15:58:52 -08:00
|
|
|
let mut builder = mp4::FileBuilder::new(mp4_type);
|
2018-01-23 11:05:07 -08:00
|
|
|
if let Some(q) = req.uri().query() {
|
2017-03-02 19:29:28 -08:00
|
|
|
for (key, value) in form_urlencoded::parse(q.as_bytes()) {
|
|
|
|
|
let (key, value) = (key.borrow(), value.borrow());
|
|
|
|
|
match key {
|
|
|
|
|
"s" => {
|
2021-02-16 22:15:54 -08:00
|
|
|
let s = Segments::from_str(value).map_err(|()| {
|
|
|
|
|
plain_response(
|
|
|
|
|
StatusCode::BAD_REQUEST,
|
|
|
|
|
format!("invalid s parameter: {}", value),
|
|
|
|
|
)
|
|
|
|
|
})?;
|
2021-06-04 23:28:48 -07:00
|
|
|
trace!("stream_view_mp4: appending s={:?}", s);
|
2020-08-04 21:44:01 -07:00
|
|
|
let mut est_segments = usize::try_from(s.ids.end - s.ids.start).unwrap();
|
2017-03-02 19:29:28 -08:00
|
|
|
if let Some(end) = s.end_time {
|
|
|
|
|
// There should be roughly ceil((end - start) /
|
|
|
|
|
// desired_recording_duration) recordings in the desired timespan if
|
|
|
|
|
// there are no gaps or overlap, possibly another for misalignment of
|
|
|
|
|
// the requested timespan with the rotate offset and another because
|
|
|
|
|
// rotation only happens at key frames.
|
2021-02-16 22:15:54 -08:00
|
|
|
let ceil_durations = (end - s.start_time
|
|
|
|
|
+ recording::DESIRED_RECORDING_WALL_DURATION
|
|
|
|
|
- 1)
|
|
|
|
|
/ recording::DESIRED_RECORDING_WALL_DURATION;
|
2017-03-02 19:29:28 -08:00
|
|
|
est_segments = cmp::min(est_segments, (ceil_durations + 2) as usize);
|
|
|
|
|
}
|
|
|
|
|
builder.reserve(est_segments);
|
|
|
|
|
let db = self.db.lock();
|
2020-08-04 21:44:01 -07:00
|
|
|
let mut prev = None; // previous recording id
|
2017-03-02 19:29:28 -08:00
|
|
|
let mut cur_off = 0;
|
2018-02-23 09:19:42 -08:00
|
|
|
db.list_recordings_by_id(stream_id, s.ids.clone(), &mut |r| {
|
2018-02-20 10:11:10 -08:00
|
|
|
let recording_id = r.id.recording();
|
|
|
|
|
|
2018-03-02 11:38:11 -08:00
|
|
|
if let Some(o) = s.open_id {
|
|
|
|
|
if r.open_id != o {
|
2021-10-21 10:25:37 -07:00
|
|
|
bail_t!(
|
|
|
|
|
NotFound,
|
2021-02-16 22:15:54 -08:00
|
|
|
"recording {} has open id {}, requested {}",
|
|
|
|
|
r.id,
|
|
|
|
|
r.open_id,
|
|
|
|
|
o
|
|
|
|
|
);
|
2018-03-02 11:38:11 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-02 19:29:28 -08:00
|
|
|
// Check for missing recordings.
|
|
|
|
|
match prev {
|
2021-02-16 22:15:54 -08:00
|
|
|
None if recording_id == s.ids.start => {}
|
2021-10-21 10:25:37 -07:00
|
|
|
None => bail_t!(
|
|
|
|
|
NotFound,
|
|
|
|
|
"no such recording {}/{}",
|
|
|
|
|
stream_id,
|
|
|
|
|
s.ids.start
|
|
|
|
|
),
|
2018-02-20 10:11:10 -08:00
|
|
|
Some(id) if r.id.recording() != id + 1 => {
|
2021-10-21 10:25:37 -07:00
|
|
|
bail_t!(NotFound, "no such recording {}/{}", stream_id, id + 1);
|
2021-02-16 22:15:54 -08:00
|
|
|
}
|
|
|
|
|
_ => {}
|
2017-03-02 19:29:28 -08:00
|
|
|
};
|
2018-02-20 10:11:10 -08:00
|
|
|
prev = Some(recording_id);
|
2017-03-02 19:29:28 -08:00
|
|
|
|
|
|
|
|
// Add a segment for the relevant part of the recording, if any.
|
2020-08-04 21:44:01 -07:00
|
|
|
// Note all calculations here are in wall times / wall durations.
|
2017-03-02 19:29:28 -08:00
|
|
|
let end_time = s.end_time.unwrap_or(i64::max_value());
|
2020-08-07 10:16:06 -07:00
|
|
|
let wd = i64::from(r.wall_duration_90k);
|
|
|
|
|
if s.start_time <= cur_off + wd && cur_off < end_time {
|
2017-03-02 19:29:28 -08:00
|
|
|
let start = cmp::max(0, s.start_time - cur_off);
|
2020-08-07 10:16:06 -07:00
|
|
|
let end = cmp::min(wd, end_time - cur_off);
|
2021-02-16 22:15:54 -08:00
|
|
|
let wr = i32::try_from(start).unwrap()..i32::try_from(end).unwrap();
|
2021-06-04 23:28:48 -07:00
|
|
|
trace!(
|
2021-02-16 22:15:54 -08:00
|
|
|
"...appending recording {} with wall duration {:?} \
|
|
|
|
|
(out of total {})",
|
2021-06-04 23:28:48 -07:00
|
|
|
r.id,
|
|
|
|
|
wr,
|
|
|
|
|
wd
|
2021-02-16 22:15:54 -08:00
|
|
|
);
|
2020-02-16 23:16:19 -08:00
|
|
|
if start_time_for_filename.is_none() {
|
|
|
|
|
start_time_for_filename =
|
|
|
|
|
Some(r.start + recording::Duration(start));
|
|
|
|
|
}
|
2020-08-07 10:16:06 -07:00
|
|
|
use recording::rescale;
|
|
|
|
|
let mr =
|
2021-02-16 22:15:54 -08:00
|
|
|
rescale(wr.start, r.wall_duration_90k, r.media_duration_90k)
|
|
|
|
|
..rescale(
|
|
|
|
|
wr.end,
|
|
|
|
|
r.wall_duration_90k,
|
|
|
|
|
r.media_duration_90k,
|
|
|
|
|
);
|
2020-08-07 15:30:22 -07:00
|
|
|
builder.append(&db, r, mr, true)?;
|
2017-03-02 19:29:28 -08:00
|
|
|
} else {
|
2021-06-04 23:28:48 -07:00
|
|
|
trace!("...skipping recording {} wall dur {}", r.id, wd);
|
2017-03-02 19:29:28 -08:00
|
|
|
}
|
2020-08-07 10:16:06 -07:00
|
|
|
cur_off += wd;
|
2017-03-02 19:29:28 -08:00
|
|
|
Ok(())
|
2021-10-21 10:25:37 -07:00
|
|
|
})?;
|
2017-03-02 19:29:28 -08:00
|
|
|
|
2016-12-20 22:08:18 -08:00
|
|
|
// Check for missing recordings.
|
|
|
|
|
match prev {
|
2017-03-02 19:29:28 -08:00
|
|
|
Some(id) if s.ids.end != id + 1 => {
|
2021-02-16 22:15:54 -08:00
|
|
|
return Err(not_found(format!(
|
|
|
|
|
"no such recording {}/{}",
|
|
|
|
|
stream_id,
|
|
|
|
|
s.ids.end - 1
|
|
|
|
|
)));
|
|
|
|
|
}
|
2017-03-02 19:29:28 -08:00
|
|
|
None => {
|
2021-02-16 22:15:54 -08:00
|
|
|
return Err(not_found(format!(
|
|
|
|
|
"no such recording {}/{}",
|
|
|
|
|
stream_id, s.ids.start
|
|
|
|
|
)));
|
|
|
|
|
}
|
|
|
|
|
_ => {}
|
2016-12-20 22:08:18 -08:00
|
|
|
};
|
2017-03-02 19:29:28 -08:00
|
|
|
if let Some(end) = s.end_time {
|
|
|
|
|
if end > cur_off {
|
2021-03-10 16:18:47 -08:00
|
|
|
bail_t!(
|
|
|
|
|
InvalidArgument,
|
|
|
|
|
"end time {} is beyond specified recordings",
|
|
|
|
|
end
|
|
|
|
|
);
|
2017-03-02 19:29:28 -08:00
|
|
|
}
|
2016-12-20 22:08:18 -08:00
|
|
|
}
|
2021-02-16 22:15:54 -08:00
|
|
|
}
|
|
|
|
|
"ts" => builder
|
|
|
|
|
.include_timestamp_subtitle_track(value == "true")
|
|
|
|
|
.map_err(from_base_error)?,
|
2018-11-25 21:31:50 -08:00
|
|
|
_ => return Err(bad_req(format!("parameter {} not understood", key))),
|
2017-03-02 19:29:28 -08:00
|
|
|
}
|
2021-02-16 22:15:54 -08:00
|
|
|
}
|
2017-03-02 19:29:28 -08:00
|
|
|
}
|
2020-02-16 23:16:19 -08:00
|
|
|
if let Some(start) = start_time_for_filename {
|
2021-02-16 22:15:54 -08:00
|
|
|
let tm = time::at(time::Timespec {
|
|
|
|
|
sec: start.unix_seconds(),
|
|
|
|
|
nsec: 0,
|
|
|
|
|
});
|
2021-05-17 14:31:50 -07:00
|
|
|
let stream_abbrev = if stream_type == db::StreamType::Main {
|
2021-02-16 22:15:54 -08:00
|
|
|
"main"
|
|
|
|
|
} else {
|
|
|
|
|
"sub"
|
|
|
|
|
};
|
|
|
|
|
let suffix = if mp4_type == mp4::Type::Normal {
|
|
|
|
|
"mp4"
|
|
|
|
|
} else {
|
|
|
|
|
"m4s"
|
|
|
|
|
};
|
|
|
|
|
builder
|
|
|
|
|
.set_filename(&format!(
|
|
|
|
|
"{}-{}-{}.{}",
|
|
|
|
|
tm.strftime("%Y%m%d%H%M%S").unwrap(),
|
|
|
|
|
camera_name,
|
|
|
|
|
stream_abbrev,
|
|
|
|
|
suffix
|
|
|
|
|
))
|
2020-02-16 23:16:19 -08:00
|
|
|
.map_err(from_base_error)?;
|
|
|
|
|
}
|
2021-02-16 22:15:54 -08:00
|
|
|
let mp4 = builder
|
|
|
|
|
.build(self.db.clone(), self.dirs_by_stream_id.clone())
|
|
|
|
|
.map_err(from_base_error)?;
|
2018-12-29 13:06:44 -06:00
|
|
|
if debug {
|
|
|
|
|
return Ok(plain_response(StatusCode::OK, format!("{:#?}", mp4)));
|
|
|
|
|
}
|
2018-01-23 11:08:21 -08:00
|
|
|
Ok(http_serve::serve(mp4, req))
|
2016-11-25 14:34:00 -08:00
|
|
|
}
|
2017-10-21 21:54:27 -07:00
|
|
|
|
2021-09-01 15:01:42 -07:00
|
|
|
async fn user(&self, req: Request<hyper::Body>, caller: Caller, id: i32) -> ResponseResult {
|
|
|
|
|
if caller.user.map(|u| u.id) != Some(id) {
|
|
|
|
|
bail_t!(Unauthenticated, "must be authenticated as supplied user");
|
|
|
|
|
}
|
|
|
|
|
match *req.method() {
|
|
|
|
|
Method::POST => self.post_user(req, id).await,
|
|
|
|
|
_ => Err(plain_response(StatusCode::METHOD_NOT_ALLOWED, "POST expected").into()),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async fn post_user(&self, mut req: Request<hyper::Body>, id: i32) -> ResponseResult {
|
|
|
|
|
let r = extract_json_body(&mut req).await?;
|
|
|
|
|
let r: json::PostUser = serde_json::from_slice(&r).map_err(|e| bad_req(e.to_string()))?;
|
|
|
|
|
let mut db = self.db.lock();
|
|
|
|
|
let user = db
|
|
|
|
|
.users_by_id()
|
|
|
|
|
.get(&id)
|
|
|
|
|
.ok_or_else(|| format_err_t!(Internal, "can't find currently authenticated user"))?;
|
|
|
|
|
if let Some(precondition) = r.precondition {
|
2021-10-26 13:08:45 -07:00
|
|
|
if matches!(precondition.preferences, Some(p) if p != user.config.preferences) {
|
2021-09-01 15:01:42 -07:00
|
|
|
bail_t!(FailedPrecondition, "preferences mismatch");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if let Some(update) = r.update {
|
|
|
|
|
let mut change = user.change();
|
|
|
|
|
if let Some(preferences) = update.preferences {
|
2021-10-26 13:08:45 -07:00
|
|
|
change.config.preferences = preferences;
|
2021-09-01 15:01:42 -07:00
|
|
|
}
|
|
|
|
|
db.apply_user_change(change).map_err(internal_server_err)?;
|
|
|
|
|
}
|
|
|
|
|
Ok(plain_response(StatusCode::NO_CONTENT, &b""[..]))
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-25 21:31:50 -08:00
|
|
|
fn authreq(&self, req: &Request<::hyper::Body>) -> auth::Request {
|
|
|
|
|
auth::Request {
|
|
|
|
|
when_sec: Some(self.db.clocks().realtime().sec),
|
2018-11-28 14:22:30 -08:00
|
|
|
addr: if self.trust_forward_hdrs {
|
2021-02-16 22:15:54 -08:00
|
|
|
req.headers()
|
|
|
|
|
.get("X-Real-IP")
|
|
|
|
|
.and_then(|v| v.to_str().ok())
|
|
|
|
|
.and_then(|v| IpAddr::from_str(v).ok())
|
|
|
|
|
} else {
|
|
|
|
|
None
|
|
|
|
|
},
|
|
|
|
|
user_agent: req
|
|
|
|
|
.headers()
|
|
|
|
|
.get(header::USER_AGENT)
|
|
|
|
|
.map(|ua| ua.as_bytes().to_vec()),
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-01 00:44:19 -08:00
|
|
|
fn request(&self, req: &Request<::hyper::Body>) -> ResponseResult {
|
|
|
|
|
let authreq = self.authreq(req);
|
2021-02-16 22:15:54 -08:00
|
|
|
let host = req
|
|
|
|
|
.headers()
|
|
|
|
|
.get(header::HOST)
|
|
|
|
|
.map(|h| String::from_utf8_lossy(h.as_bytes()));
|
|
|
|
|
let agent = authreq
|
|
|
|
|
.user_agent
|
|
|
|
|
.as_ref()
|
|
|
|
|
.map(|u| String::from_utf8_lossy(&u[..]));
|
|
|
|
|
Ok(plain_response(
|
|
|
|
|
StatusCode::OK,
|
|
|
|
|
format!(
|
|
|
|
|
"when: {}\n\
|
2018-12-27 16:00:15 -06:00
|
|
|
host: {:?}\n\
|
2018-12-01 00:44:19 -08:00
|
|
|
addr: {:?}\n\
|
|
|
|
|
user_agent: {:?}\n\
|
|
|
|
|
secure: {:?}",
|
2021-02-16 22:15:54 -08:00
|
|
|
time::at(time::Timespec {
|
|
|
|
|
sec: authreq.when_sec.unwrap(),
|
|
|
|
|
nsec: 0
|
|
|
|
|
})
|
|
|
|
|
.strftime("%FT%T")
|
|
|
|
|
.map(|f| f.to_string())
|
|
|
|
|
.unwrap_or_else(|e| e.to_string()),
|
2021-05-06 09:47:07 -07:00
|
|
|
host.as_deref(),
|
2021-02-16 22:15:54 -08:00
|
|
|
&authreq.addr,
|
2021-05-06 09:47:07 -07:00
|
|
|
agent.as_deref(),
|
2021-02-16 22:15:54 -08:00
|
|
|
self.is_secure(req)
|
|
|
|
|
),
|
|
|
|
|
))
|
2018-12-01 00:44:19 -08:00
|
|
|
}
|
|
|
|
|
|
2021-03-10 16:18:47 -08:00
|
|
|
/// Returns true iff the client is connected over `https`.
|
|
|
|
|
/// Moonfire NVR currently doesn't directly serve `https`, but it supports
|
|
|
|
|
/// proxies which set the `X-Forwarded-Proto` header. See `guide/secure.md`
|
|
|
|
|
/// for more information.
|
2018-11-28 14:22:30 -08:00
|
|
|
fn is_secure(&self, req: &Request<::hyper::Body>) -> bool {
|
2021-02-16 22:15:54 -08:00
|
|
|
self.trust_forward_hdrs
|
|
|
|
|
&& req
|
|
|
|
|
.headers()
|
|
|
|
|
.get("X-Forwarded-Proto")
|
|
|
|
|
.map(|v| v.as_bytes() == b"https")
|
|
|
|
|
.unwrap_or(false)
|
2018-11-28 14:22:30 -08:00
|
|
|
}
|
|
|
|
|
|
2020-05-30 19:08:54 -07:00
|
|
|
async fn login(&self, mut req: Request<::hyper::Body>) -> ResponseResult {
|
|
|
|
|
let r = extract_json_body(&mut req).await?;
|
2021-02-16 22:15:54 -08:00
|
|
|
let r: json::LoginRequest =
|
|
|
|
|
serde_json::from_slice(&r).map_err(|e| bad_req(e.to_string()))?;
|
2020-05-30 19:08:54 -07:00
|
|
|
let authreq = self.authreq(&req);
|
2021-02-16 22:15:54 -08:00
|
|
|
let host = req
|
|
|
|
|
.headers()
|
|
|
|
|
.get(header::HOST)
|
|
|
|
|
.ok_or_else(|| bad_req("missing Host header!"))?;
|
2018-11-25 21:31:50 -08:00
|
|
|
let host = host.as_bytes();
|
2020-05-29 21:20:14 -07:00
|
|
|
let domain = match memchr(b':', host) {
|
2018-11-25 21:31:50 -08:00
|
|
|
Some(colon) => &host[0..colon],
|
|
|
|
|
None => host,
|
2021-02-16 22:15:54 -08:00
|
|
|
}
|
|
|
|
|
.to_owned();
|
2018-11-25 21:31:50 -08:00
|
|
|
let mut l = self.db.lock();
|
2021-03-31 10:44:08 -07:00
|
|
|
|
|
|
|
|
// If the request came in over https, tell the browser to only send the cookie on https
|
|
|
|
|
// requests also.
|
2020-05-30 19:08:54 -07:00
|
|
|
let is_secure = self.is_secure(&req);
|
2021-03-31 10:44:08 -07:00
|
|
|
|
|
|
|
|
// Use SameSite=Lax rather than SameSite=Strict. Safari apparently doesn't send
|
|
|
|
|
// SameSite=Strict cookies on WebSocket upgrade requests. There's no real security
|
|
|
|
|
// difference for Moonfire NVR anyway. SameSite=Strict exists as CSRF protection for
|
|
|
|
|
// sites that (unlike Moonfire NVR) don't follow best practices by (a)
|
|
|
|
|
// mutating based on GET requests and (b) not using CSRF tokens.
|
|
|
|
|
use auth::SessionFlag;
|
|
|
|
|
let flags = (SessionFlag::HttpOnly as i32)
|
|
|
|
|
| (SessionFlag::SameSite as i32)
|
2021-02-16 22:15:54 -08:00
|
|
|
| if is_secure {
|
2021-03-31 10:44:08 -07:00
|
|
|
SessionFlag::Secure as i32
|
2021-02-16 22:15:54 -08:00
|
|
|
} else {
|
|
|
|
|
0
|
|
|
|
|
};
|
|
|
|
|
let (sid, _) = l
|
|
|
|
|
.login_by_password(authreq, &r.username, r.password, Some(domain), flags)
|
2018-11-25 21:31:50 -08:00
|
|
|
.map_err(|e| plain_response(StatusCode::UNAUTHORIZED, e.to_string()))?;
|
2021-03-31 10:44:08 -07:00
|
|
|
let cookie = encode_sid(sid, flags);
|
2018-11-25 21:31:50 -08:00
|
|
|
Ok(Response::builder()
|
2021-02-16 22:15:54 -08:00
|
|
|
.header(
|
|
|
|
|
header::SET_COOKIE,
|
2021-03-31 10:44:08 -07:00
|
|
|
HeaderValue::try_from(cookie).expect("cookie can't have invalid bytes"),
|
2021-02-16 22:15:54 -08:00
|
|
|
)
|
2018-11-25 21:31:50 -08:00
|
|
|
.status(StatusCode::NO_CONTENT)
|
2021-02-16 22:15:54 -08:00
|
|
|
.body(b""[..].into())
|
|
|
|
|
.unwrap())
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
|
|
|
|
|
2020-05-30 19:08:54 -07:00
|
|
|
async fn logout(&self, mut req: Request<hyper::Body>) -> ResponseResult {
|
|
|
|
|
let r = extract_json_body(&mut req).await?;
|
2021-02-16 22:15:54 -08:00
|
|
|
let r: json::LogoutRequest =
|
|
|
|
|
serde_json::from_slice(&r).map_err(|e| bad_req(e.to_string()))?;
|
2018-11-25 21:31:50 -08:00
|
|
|
|
|
|
|
|
let mut res = Response::new(b""[..].into());
|
2020-05-30 19:08:54 -07:00
|
|
|
if let Some(sid) = extract_sid(&req) {
|
|
|
|
|
let authreq = self.authreq(&req);
|
2018-11-25 21:31:50 -08:00
|
|
|
let mut l = self.db.lock();
|
|
|
|
|
let hash = sid.hash();
|
|
|
|
|
let need_revoke = match l.authenticate_session(authreq.clone(), &hash) {
|
|
|
|
|
Ok((s, _)) => {
|
2020-01-08 23:23:58 -08:00
|
|
|
if !csrf_matches(r.csrf, s.csrf()) {
|
2018-11-25 21:31:50 -08:00
|
|
|
warn!("logout request with missing/incorrect csrf");
|
|
|
|
|
return Err(bad_req("logout with incorrect csrf token"));
|
|
|
|
|
}
|
|
|
|
|
info!("revoking session");
|
|
|
|
|
true
|
2021-02-16 22:15:54 -08:00
|
|
|
}
|
2018-11-25 21:31:50 -08:00
|
|
|
Err(e) => {
|
|
|
|
|
// TODO: distinguish "no such session", "session is no longer valid", and
|
|
|
|
|
// "user ... is disabled" (which are all client error / bad state) from database
|
|
|
|
|
// errors.
|
|
|
|
|
warn!("logout failed: {}", e);
|
|
|
|
|
false
|
2021-02-16 22:15:54 -08:00
|
|
|
}
|
2018-11-25 21:31:50 -08:00
|
|
|
};
|
|
|
|
|
if need_revoke {
|
|
|
|
|
// TODO: inline this above with non-lexical lifetimes.
|
|
|
|
|
l.revoke_session(auth::RevocationReason::LoggedOut, None, authreq, &hash)
|
2021-02-16 22:15:54 -08:00
|
|
|
.map_err(internal_server_err)?;
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// By now the session is invalid (whether it was valid to start with or not).
|
|
|
|
|
// Clear useless cookie.
|
2021-02-16 22:15:54 -08:00
|
|
|
res.headers_mut().append(
|
|
|
|
|
header::SET_COOKIE,
|
|
|
|
|
HeaderValue::from_str("s=; Max-Age=0; Path=/").unwrap(),
|
|
|
|
|
);
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
|
|
|
|
*res.status_mut() = StatusCode::NO_CONTENT;
|
|
|
|
|
Ok(res)
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-16 22:15:54 -08:00
|
|
|
async fn post_signals(&self, mut req: Request<hyper::Body>, caller: Caller) -> ResponseResult {
|
2019-06-19 15:17:50 -07:00
|
|
|
if !caller.permissions.update_signals {
|
2021-03-10 16:18:47 -08:00
|
|
|
bail_t!(PermissionDenied, "update_signals required");
|
2019-06-19 15:17:50 -07:00
|
|
|
}
|
2020-05-30 19:08:54 -07:00
|
|
|
let r = extract_json_body(&mut req).await?;
|
2021-02-16 22:15:54 -08:00
|
|
|
let r: json::PostSignalsRequest =
|
|
|
|
|
serde_json::from_slice(&r).map_err(|e| bad_req(e.to_string()))?;
|
2019-06-14 16:11:12 -07:00
|
|
|
let now = recording::Time::new(self.db.clocks().realtime());
|
2021-04-21 10:44:01 -07:00
|
|
|
let mut l = self.db.lock();
|
|
|
|
|
let start = match r.start {
|
|
|
|
|
json::PostSignalsTimeBase::Epoch(t) => t,
|
|
|
|
|
json::PostSignalsTimeBase::Now(d) => now + d,
|
|
|
|
|
};
|
|
|
|
|
let end = match r.end {
|
|
|
|
|
json::PostSignalsTimeBase::Epoch(t) => t,
|
|
|
|
|
json::PostSignalsTimeBase::Now(d) => now + d,
|
2019-06-14 16:11:12 -07:00
|
|
|
};
|
2021-02-16 22:15:54 -08:00
|
|
|
l.update_signals(start..end, &r.signal_ids, &r.states)
|
|
|
|
|
.map_err(from_base_error)?;
|
2021-04-21 10:44:01 -07:00
|
|
|
serve_json(&req, &json::PostSignalsResponse { time_90k: now })
|
2019-06-14 16:11:12 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn get_signals(&self, req: &Request<hyper::Body>) -> ResponseResult {
|
2021-02-16 22:15:54 -08:00
|
|
|
let mut time = recording::Time::min_value()..recording::Time::max_value();
|
2019-06-06 16:18:13 -07:00
|
|
|
if let Some(q) = req.uri().query() {
|
|
|
|
|
for (key, value) in form_urlencoded::parse(q.as_bytes()) {
|
|
|
|
|
let (key, value) = (key.borrow(), value.borrow());
|
|
|
|
|
match key {
|
|
|
|
|
"startTime90k" => {
|
|
|
|
|
time.start = recording::Time::parse(value)
|
|
|
|
|
.map_err(|_| bad_req("unparseable startTime90k"))?
|
2021-02-16 22:15:54 -08:00
|
|
|
}
|
2019-06-06 16:18:13 -07:00
|
|
|
"endTime90k" => {
|
|
|
|
|
time.end = recording::Time::parse(value)
|
|
|
|
|
.map_err(|_| bad_req("unparseable endTime90k"))?
|
2021-02-16 22:15:54 -08:00
|
|
|
}
|
|
|
|
|
_ => {}
|
2019-06-06 16:18:13 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let mut signals = json::Signals::default();
|
2021-02-16 22:15:54 -08:00
|
|
|
self.db
|
|
|
|
|
.lock()
|
|
|
|
|
.list_changes_by_time(time, &mut |c: &db::signal::ListStateChangesRow| {
|
2021-04-21 10:44:01 -07:00
|
|
|
signals.times_90k.push(c.when);
|
2021-02-16 22:15:54 -08:00
|
|
|
signals.signal_ids.push(c.signal);
|
|
|
|
|
signals.states.push(c.state);
|
|
|
|
|
});
|
2019-06-06 16:18:13 -07:00
|
|
|
serve_json(req, &signals)
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-06 05:16:09 -08:00
|
|
|
/// Authenticates the session (if any) and returns a Caller.
|
|
|
|
|
///
|
|
|
|
|
/// If there's no session,
|
|
|
|
|
/// 1. if `allow_unauthenticated_permissions` is configured, returns okay
|
|
|
|
|
/// with those permissions.
|
|
|
|
|
/// 2. if the caller specifies `unauth_path`, returns okay with no
|
|
|
|
|
/// permissions.
|
|
|
|
|
/// 3. returns `Unauthenticated` error otherwise.
|
|
|
|
|
///
|
|
|
|
|
/// Does no authorization. That is, this doesn't check that the returned
|
|
|
|
|
/// permissions are sufficient for whatever operation the caller is
|
|
|
|
|
/// performing.
|
2021-02-16 22:15:54 -08:00
|
|
|
fn authenticate(
|
|
|
|
|
&self,
|
|
|
|
|
req: &Request<hyper::Body>,
|
|
|
|
|
unauth_path: bool,
|
|
|
|
|
) -> Result<Caller, base::Error> {
|
2018-11-25 21:31:50 -08:00
|
|
|
if let Some(sid) = extract_sid(req) {
|
|
|
|
|
let authreq = self.authreq(req);
|
2019-06-19 15:17:50 -07:00
|
|
|
|
2021-05-17 14:31:50 -07:00
|
|
|
match self.db.lock().authenticate_session(authreq, &sid.hash()) {
|
2021-03-06 05:16:09 -08:00
|
|
|
Ok((s, u)) => {
|
|
|
|
|
return Ok(Caller {
|
|
|
|
|
permissions: s.permissions.clone(),
|
2021-09-01 15:01:42 -07:00
|
|
|
user: Some(json::ToplevelUser {
|
|
|
|
|
id: s.user_id,
|
|
|
|
|
name: u.username.clone(),
|
2021-10-26 13:08:45 -07:00
|
|
|
preferences: u.config.preferences.clone(),
|
2021-09-01 15:01:42 -07:00
|
|
|
session: Some(json::Session { csrf: s.csrf() }),
|
2021-03-06 05:16:09 -08:00
|
|
|
}),
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
Err(e) if e.kind() == base::ErrorKind::Unauthenticated => {
|
|
|
|
|
// Log the specific reason this session is unauthenticated.
|
|
|
|
|
// Don't let the API client see it, as it may have a
|
|
|
|
|
// revocation reason that isn't for their eyes.
|
|
|
|
|
warn!("Session authentication failed: {:?}", &e);
|
|
|
|
|
}
|
|
|
|
|
Err(e) => return Err(e),
|
|
|
|
|
};
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
2019-06-19 15:17:50 -07:00
|
|
|
|
|
|
|
|
if let Some(s) = self.allow_unauthenticated_permissions.as_ref() {
|
|
|
|
|
return Ok(Caller {
|
|
|
|
|
permissions: s.clone(),
|
2021-09-01 15:01:42 -07:00
|
|
|
user: None,
|
2019-06-19 15:17:50 -07:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if unauth_path {
|
|
|
|
|
return Ok(Caller {
|
|
|
|
|
permissions: db::Permissions::default(),
|
2021-09-01 15:01:42 -07:00
|
|
|
user: None,
|
2021-02-16 22:15:54 -08:00
|
|
|
});
|
2019-06-19 15:17:50 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bail_t!(Unauthenticated, "unauthenticated");
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-31 10:44:08 -07:00
|
|
|
/// Encodes a session into `Set-Cookie` header value form.
|
|
|
|
|
fn encode_sid(sid: db::RawSessionId, flags: i32) -> String {
|
|
|
|
|
let mut cookie = String::with_capacity(128);
|
|
|
|
|
cookie.push_str("s=");
|
|
|
|
|
base64::encode_config_buf(&sid, base64::STANDARD_NO_PAD, &mut cookie);
|
|
|
|
|
use auth::SessionFlag;
|
|
|
|
|
if (flags & SessionFlag::HttpOnly as i32) != 0 {
|
|
|
|
|
cookie.push_str("; HttpOnly");
|
|
|
|
|
}
|
|
|
|
|
if (flags & SessionFlag::Secure as i32) != 0 {
|
|
|
|
|
cookie.push_str("; Secure");
|
|
|
|
|
}
|
|
|
|
|
if (flags & SessionFlag::SameSiteStrict as i32) != 0 {
|
|
|
|
|
cookie.push_str("; SameSite=Strict");
|
|
|
|
|
} else if (flags & SessionFlag::SameSite as i32) != 0 {
|
|
|
|
|
cookie.push_str("; SameSite=Lax");
|
|
|
|
|
}
|
|
|
|
|
cookie.push_str("; Max-Age=2147483648; Path=/");
|
|
|
|
|
cookie
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-25 14:34:00 -08:00
|
|
|
#[cfg(test)]
|
|
|
|
|
mod tests {
|
2021-10-28 12:49:50 -07:00
|
|
|
use super::Segments;
|
2018-12-28 21:53:29 -06:00
|
|
|
use db::testutil::{self, TestDb};
|
2020-01-08 23:04:36 -08:00
|
|
|
use futures::future::FutureExt;
|
2018-12-28 21:53:29 -06:00
|
|
|
use log::info;
|
2018-11-25 21:31:50 -08:00
|
|
|
use std::collections::HashMap;
|
2020-04-17 23:02:02 -07:00
|
|
|
use std::str::FromStr;
|
2020-05-30 19:08:54 -07:00
|
|
|
use std::sync::Arc;
|
2016-11-25 14:34:00 -08:00
|
|
|
|
2018-11-25 21:31:50 -08:00
|
|
|
struct Server {
|
2018-12-28 21:53:29 -06:00
|
|
|
db: TestDb<base::clock::RealClocks>,
|
2018-11-25 21:31:50 -08:00
|
|
|
base_url: String,
|
|
|
|
|
//test_camera_uuid: Uuid,
|
|
|
|
|
handle: Option<::std::thread::JoinHandle<()>>,
|
2020-01-08 23:04:36 -08:00
|
|
|
shutdown_tx: Option<futures::channel::oneshot::Sender<()>>,
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl Server {
|
2019-06-19 15:17:50 -07:00
|
|
|
fn new(allow_unauthenticated_permissions: Option<db::Permissions>) -> Server {
|
2018-12-28 21:53:29 -06:00
|
|
|
let db = TestDb::new(base::clock::RealClocks {});
|
2020-01-08 23:04:36 -08:00
|
|
|
let (shutdown_tx, shutdown_rx) = futures::channel::oneshot::channel::<()>();
|
2021-02-16 22:15:54 -08:00
|
|
|
let service = Arc::new(
|
|
|
|
|
super::Service::new(super::Config {
|
|
|
|
|
db: db.db.clone(),
|
|
|
|
|
ui_dir: None,
|
|
|
|
|
allow_unauthenticated_permissions,
|
|
|
|
|
trust_forward_hdrs: true,
|
|
|
|
|
time_zone_name: "".to_owned(),
|
|
|
|
|
})
|
|
|
|
|
.unwrap(),
|
|
|
|
|
);
|
2020-01-08 23:04:36 -08:00
|
|
|
let make_svc = hyper::service::make_service_fn(move |_conn| {
|
|
|
|
|
futures::future::ok::<_, std::convert::Infallible>(hyper::service::service_fn({
|
2020-05-30 19:08:54 -07:00
|
|
|
let s = Arc::clone(&service);
|
|
|
|
|
move |req| Arc::clone(&s).serve(req)
|
2020-01-08 23:04:36 -08:00
|
|
|
}))
|
|
|
|
|
});
|
2020-01-09 20:06:30 -08:00
|
|
|
let (tx, rx) = std::sync::mpsc::channel();
|
|
|
|
|
let handle = ::std::thread::spawn(move || {
|
2020-01-08 23:04:36 -08:00
|
|
|
let addr = ([127, 0, 0, 1], 0).into();
|
2021-01-27 11:47:52 -08:00
|
|
|
let rt = tokio::runtime::Runtime::new().unwrap();
|
|
|
|
|
let srv = {
|
|
|
|
|
let _guard = rt.enter();
|
2021-02-16 22:15:54 -08:00
|
|
|
hyper::server::Server::bind(&addr)
|
|
|
|
|
.tcp_nodelay(true)
|
|
|
|
|
.serve(make_svc)
|
2021-01-27 11:47:52 -08:00
|
|
|
};
|
2021-02-16 22:15:54 -08:00
|
|
|
let addr = srv.local_addr(); // resolve port 0 to a real ephemeral port number.
|
2020-01-09 20:06:30 -08:00
|
|
|
tx.send(addr).unwrap();
|
2021-02-16 22:15:54 -08:00
|
|
|
rt.block_on(srv.with_graceful_shutdown(shutdown_rx.map(|_| ())))
|
|
|
|
|
.unwrap();
|
2018-11-25 21:31:50 -08:00
|
|
|
});
|
2020-01-09 20:06:30 -08:00
|
|
|
let addr = rx.recv().unwrap();
|
2018-11-25 21:31:50 -08:00
|
|
|
|
|
|
|
|
// Create a user.
|
|
|
|
|
let mut c = db::UserChange::add_user("slamb".to_owned());
|
|
|
|
|
c.set_password("hunter2".to_owned());
|
|
|
|
|
db.db.lock().apply_user_change(c).unwrap();
|
|
|
|
|
|
|
|
|
|
Server {
|
|
|
|
|
db,
|
|
|
|
|
base_url: format!("http://{}:{}", addr.ip(), addr.port()),
|
|
|
|
|
handle: Some(handle),
|
|
|
|
|
shutdown_tx: Some(shutdown_tx),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl Drop for Server {
|
|
|
|
|
fn drop(&mut self) {
|
|
|
|
|
self.shutdown_tx.take().unwrap().send(()).unwrap();
|
|
|
|
|
self.handle.take().unwrap().join().unwrap()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[derive(Clone, Debug, Default)]
|
|
|
|
|
struct SessionCookie(Option<String>);
|
|
|
|
|
|
|
|
|
|
impl SessionCookie {
|
2020-01-08 23:04:36 -08:00
|
|
|
pub fn new(headers: &reqwest::header::HeaderMap) -> Self {
|
2018-11-25 21:31:50 -08:00
|
|
|
let mut c = SessionCookie::default();
|
|
|
|
|
c.update(headers);
|
|
|
|
|
c
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-08 23:04:36 -08:00
|
|
|
pub fn update(&mut self, headers: &reqwest::header::HeaderMap) {
|
|
|
|
|
for set_cookie in headers.get_all(reqwest::header::SET_COOKIE) {
|
2018-11-25 21:31:50 -08:00
|
|
|
let mut set_cookie = set_cookie.to_str().unwrap().split("; ");
|
|
|
|
|
let c = set_cookie.next().unwrap();
|
|
|
|
|
let mut clear = false;
|
|
|
|
|
for attr in set_cookie {
|
|
|
|
|
if attr == "Max-Age=0" {
|
|
|
|
|
clear = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if !c.starts_with("s=") {
|
|
|
|
|
panic!("unrecognized cookie");
|
|
|
|
|
}
|
|
|
|
|
self.0 = if clear { None } else { Some(c.to_owned()) };
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Produces a `Cookie` header value.
|
|
|
|
|
pub fn header(&self) -> String {
|
2021-05-06 09:47:07 -07:00
|
|
|
self.0.clone().unwrap()
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-20 22:08:18 -08:00
|
|
|
#[test]
|
2021-02-16 22:15:54 -08:00
|
|
|
#[rustfmt::skip]
|
2016-12-20 22:08:18 -08:00
|
|
|
fn test_segments() {
|
|
|
|
|
testutil::init();
|
2021-02-16 22:15:54 -08:00
|
|
|
assert_eq!(
|
|
|
|
|
Segments { ids: 1..2, open_id: None, start_time: 0, end_time: None },
|
|
|
|
|
Segments::from_str("1").unwrap()
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
Segments { ids: 1..2, open_id: Some(42), start_time: 0, end_time: None },
|
|
|
|
|
Segments::from_str("1@42").unwrap()
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
Segments { ids: 1..2, open_id: None, start_time: 26, end_time: None },
|
|
|
|
|
Segments::from_str("1.26-").unwrap()
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
Segments { ids: 1..2, open_id: Some(42), start_time: 26, end_time: None },
|
|
|
|
|
Segments::from_str("1@42.26-").unwrap()
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
Segments { ids: 1..2, open_id: None, start_time: 0, end_time: Some(42) },
|
|
|
|
|
Segments::from_str("1.-42").unwrap()
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
Segments { ids: 1..2, open_id: None, start_time: 26, end_time: Some(42) },
|
|
|
|
|
Segments::from_str("1.26-42").unwrap()
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
Segments { ids: 1..6, open_id: None, start_time: 0, end_time: None },
|
|
|
|
|
Segments::from_str("1-5").unwrap()
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
Segments { ids: 1..6, open_id: None, start_time: 26, end_time: None },
|
|
|
|
|
Segments::from_str("1-5.26-").unwrap()
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
Segments { ids: 1..6, open_id: None, start_time: 0, end_time: Some(42) },
|
|
|
|
|
Segments::from_str("1-5.-42").unwrap()
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
Segments { ids: 1..6, open_id: None, start_time: 26, end_time: Some(42) },
|
|
|
|
|
Segments::from_str("1-5.26-42").unwrap()
|
|
|
|
|
);
|
2016-12-20 22:08:18 -08:00
|
|
|
}
|
2018-11-25 21:31:50 -08:00
|
|
|
|
2020-01-09 20:06:30 -08:00
|
|
|
#[tokio::test]
|
|
|
|
|
async fn unauthorized_without_cookie() {
|
2018-11-25 21:31:50 -08:00
|
|
|
testutil::init();
|
2019-06-19 15:17:50 -07:00
|
|
|
let s = Server::new(None);
|
2018-11-25 21:31:50 -08:00
|
|
|
let cli = reqwest::Client::new();
|
2021-02-16 22:15:54 -08:00
|
|
|
let resp = cli
|
|
|
|
|
.get(&format!("{}/api/", &s.base_url))
|
|
|
|
|
.send()
|
|
|
|
|
.await
|
|
|
|
|
.unwrap();
|
2020-01-08 23:04:36 -08:00
|
|
|
assert_eq!(resp.status(), reqwest::StatusCode::UNAUTHORIZED);
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
|
|
|
|
|
2020-01-09 20:06:30 -08:00
|
|
|
#[tokio::test]
|
|
|
|
|
async fn login() {
|
2018-11-25 21:31:50 -08:00
|
|
|
testutil::init();
|
2019-06-19 15:17:50 -07:00
|
|
|
let s = Server::new(None);
|
2018-11-25 21:31:50 -08:00
|
|
|
let cli = reqwest::Client::new();
|
|
|
|
|
let login_url = format!("{}/api/login", &s.base_url);
|
|
|
|
|
|
2020-01-09 20:06:30 -08:00
|
|
|
let resp = cli.get(&login_url).send().await.unwrap();
|
2020-01-08 23:04:36 -08:00
|
|
|
assert_eq!(resp.status(), reqwest::StatusCode::METHOD_NOT_ALLOWED);
|
2018-11-25 21:31:50 -08:00
|
|
|
|
2020-01-09 20:06:30 -08:00
|
|
|
let resp = cli.post(&login_url).send().await.unwrap();
|
2020-01-08 23:04:36 -08:00
|
|
|
assert_eq!(resp.status(), reqwest::StatusCode::BAD_REQUEST);
|
2018-11-25 21:31:50 -08:00
|
|
|
|
|
|
|
|
let mut p = HashMap::new();
|
|
|
|
|
p.insert("username", "slamb");
|
|
|
|
|
p.insert("password", "asdf");
|
2020-01-09 20:06:30 -08:00
|
|
|
let resp = cli.post(&login_url).json(&p).send().await.unwrap();
|
2020-01-08 23:04:36 -08:00
|
|
|
assert_eq!(resp.status(), reqwest::StatusCode::UNAUTHORIZED);
|
2018-11-25 21:31:50 -08:00
|
|
|
|
|
|
|
|
p.insert("password", "hunter2");
|
2020-01-09 20:06:30 -08:00
|
|
|
let resp = cli.post(&login_url).json(&p).send().await.unwrap();
|
2020-01-08 23:04:36 -08:00
|
|
|
assert_eq!(resp.status(), reqwest::StatusCode::NO_CONTENT);
|
2018-11-25 21:31:50 -08:00
|
|
|
let cookie = SessionCookie::new(resp.headers());
|
|
|
|
|
info!("cookie: {:?}", cookie);
|
|
|
|
|
info!("header: {}", cookie.header());
|
|
|
|
|
|
2021-02-16 22:15:54 -08:00
|
|
|
let resp = cli
|
|
|
|
|
.get(&format!("{}/api/", &s.base_url))
|
|
|
|
|
.header(reqwest::header::COOKIE, cookie.header())
|
|
|
|
|
.send()
|
|
|
|
|
.await
|
|
|
|
|
.unwrap();
|
2020-01-08 23:04:36 -08:00
|
|
|
assert_eq!(resp.status(), reqwest::StatusCode::OK);
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
|
|
|
|
|
2020-01-09 20:06:30 -08:00
|
|
|
#[tokio::test]
|
|
|
|
|
async fn logout() {
|
2018-11-25 21:31:50 -08:00
|
|
|
testutil::init();
|
2019-06-19 15:17:50 -07:00
|
|
|
let s = Server::new(None);
|
2018-11-25 21:31:50 -08:00
|
|
|
let cli = reqwest::Client::new();
|
|
|
|
|
let mut p = HashMap::new();
|
|
|
|
|
p.insert("username", "slamb");
|
|
|
|
|
p.insert("password", "hunter2");
|
2021-02-16 22:15:54 -08:00
|
|
|
let resp = cli
|
|
|
|
|
.post(&format!("{}/api/login", &s.base_url))
|
|
|
|
|
.json(&p)
|
|
|
|
|
.send()
|
|
|
|
|
.await
|
|
|
|
|
.unwrap();
|
2020-01-08 23:04:36 -08:00
|
|
|
assert_eq!(resp.status(), reqwest::StatusCode::NO_CONTENT);
|
2018-11-25 21:31:50 -08:00
|
|
|
let cookie = SessionCookie::new(resp.headers());
|
|
|
|
|
|
|
|
|
|
// A GET shouldn't work.
|
2021-02-16 22:15:54 -08:00
|
|
|
let resp = cli
|
|
|
|
|
.get(&format!("{}/api/logout", &s.base_url))
|
|
|
|
|
.header(reqwest::header::COOKIE, cookie.header())
|
|
|
|
|
.send()
|
|
|
|
|
.await
|
|
|
|
|
.unwrap();
|
2020-01-08 23:04:36 -08:00
|
|
|
assert_eq!(resp.status(), reqwest::StatusCode::METHOD_NOT_ALLOWED);
|
2018-11-25 21:31:50 -08:00
|
|
|
|
|
|
|
|
// Neither should a POST without a csrf token.
|
2021-02-16 22:15:54 -08:00
|
|
|
let resp = cli
|
|
|
|
|
.post(&format!("{}/api/logout", &s.base_url))
|
|
|
|
|
.header(reqwest::header::COOKIE, cookie.header())
|
|
|
|
|
.send()
|
|
|
|
|
.await
|
|
|
|
|
.unwrap();
|
2020-01-08 23:04:36 -08:00
|
|
|
assert_eq!(resp.status(), reqwest::StatusCode::BAD_REQUEST);
|
2018-11-25 21:31:50 -08:00
|
|
|
|
|
|
|
|
// But it should work with the csrf token.
|
|
|
|
|
// Retrieve that from the toplevel API request.
|
2021-02-16 22:15:54 -08:00
|
|
|
let toplevel: serde_json::Value = cli
|
|
|
|
|
.post(&format!("{}/api/", &s.base_url))
|
|
|
|
|
.header(reqwest::header::COOKIE, cookie.header())
|
|
|
|
|
.send()
|
|
|
|
|
.await
|
|
|
|
|
.unwrap()
|
|
|
|
|
.json()
|
|
|
|
|
.await
|
|
|
|
|
.unwrap();
|
|
|
|
|
let csrf = toplevel
|
2021-09-01 15:01:42 -07:00
|
|
|
.get("user")
|
|
|
|
|
.unwrap()
|
2021-02-16 22:15:54 -08:00
|
|
|
.get("session")
|
|
|
|
|
.unwrap()
|
|
|
|
|
.get("csrf")
|
|
|
|
|
.unwrap()
|
|
|
|
|
.as_str();
|
2018-11-25 21:31:50 -08:00
|
|
|
let mut p = HashMap::new();
|
|
|
|
|
p.insert("csrf", csrf);
|
2021-02-16 22:15:54 -08:00
|
|
|
let resp = cli
|
|
|
|
|
.post(&format!("{}/api/logout", &s.base_url))
|
|
|
|
|
.header(reqwest::header::COOKIE, cookie.header())
|
|
|
|
|
.json(&p)
|
|
|
|
|
.send()
|
|
|
|
|
.await
|
|
|
|
|
.unwrap();
|
2020-01-08 23:04:36 -08:00
|
|
|
assert_eq!(resp.status(), reqwest::StatusCode::NO_CONTENT);
|
2018-11-25 21:31:50 -08:00
|
|
|
let mut updated_cookie = cookie.clone();
|
|
|
|
|
updated_cookie.update(resp.headers());
|
|
|
|
|
|
|
|
|
|
// The cookie should be cleared client-side.
|
|
|
|
|
assert!(updated_cookie.0.is_none());
|
|
|
|
|
|
|
|
|
|
// It should also be invalidated server-side.
|
2021-02-16 22:15:54 -08:00
|
|
|
let resp = cli
|
|
|
|
|
.get(&format!("{}/api/", &s.base_url))
|
|
|
|
|
.header(reqwest::header::COOKIE, cookie.header())
|
|
|
|
|
.send()
|
|
|
|
|
.await
|
|
|
|
|
.unwrap();
|
2020-01-08 23:04:36 -08:00
|
|
|
assert_eq!(resp.status(), reqwest::StatusCode::UNAUTHORIZED);
|
2018-11-25 21:31:50 -08:00
|
|
|
}
|
2018-12-28 17:30:33 -06:00
|
|
|
|
2020-01-09 20:06:30 -08:00
|
|
|
#[tokio::test]
|
|
|
|
|
async fn view_without_segments() {
|
2018-12-28 17:30:33 -06:00
|
|
|
testutil::init();
|
2019-06-19 15:17:50 -07:00
|
|
|
let mut permissions = db::Permissions::new();
|
|
|
|
|
permissions.view_video = true;
|
|
|
|
|
let s = Server::new(Some(permissions));
|
2018-12-28 17:30:33 -06:00
|
|
|
let cli = reqwest::Client::new();
|
2021-02-16 22:15:54 -08:00
|
|
|
let resp = cli
|
|
|
|
|
.get(&format!(
|
|
|
|
|
"{}/api/cameras/{}/main/view.mp4",
|
|
|
|
|
&s.base_url, s.db.test_camera_uuid
|
|
|
|
|
))
|
|
|
|
|
.send()
|
|
|
|
|
.await
|
|
|
|
|
.unwrap();
|
2020-01-08 23:04:36 -08:00
|
|
|
assert_eq!(resp.status(), reqwest::StatusCode::BAD_REQUEST);
|
2018-12-28 17:30:33 -06:00
|
|
|
}
|
2021-03-31 10:44:08 -07:00
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn encode_sid() {
|
|
|
|
|
use super::encode_sid;
|
|
|
|
|
use db::auth::{RawSessionId, SessionFlag};
|
|
|
|
|
let s64 = "3LbrruP5vj/hpE8kvYTz/rNDg4BleRiTCHGA3Ocm91z/YrtxHDxexmrz46biZJxJ";
|
|
|
|
|
let s = RawSessionId::decode_base64(s64.as_bytes()).unwrap();
|
|
|
|
|
assert_eq!(
|
|
|
|
|
encode_sid(
|
|
|
|
|
s,
|
|
|
|
|
(SessionFlag::Secure as i32)
|
|
|
|
|
| (SessionFlag::HttpOnly as i32)
|
|
|
|
|
| (SessionFlag::SameSite as i32)
|
|
|
|
|
| (SessionFlag::SameSiteStrict as i32)
|
|
|
|
|
),
|
|
|
|
|
format!(
|
|
|
|
|
"s={}; HttpOnly; Secure; SameSite=Strict; Max-Age=2147483648; Path=/",
|
|
|
|
|
s64
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
encode_sid(s, SessionFlag::SameSite as i32),
|
|
|
|
|
format!("s={}; SameSite=Lax; Max-Age=2147483648; Path=/", s64)
|
|
|
|
|
);
|
|
|
|
|
}
|
2016-11-25 14:34:00 -08:00
|
|
|
}
|
2017-02-12 20:37:03 -08:00
|
|
|
|
2021-02-16 22:15:54 -08:00
|
|
|
#[cfg(all(test, feature = "nightly"))]
|
2017-02-12 20:37:03 -08:00
|
|
|
mod bench {
|
|
|
|
|
extern crate test;
|
|
|
|
|
|
2018-02-20 23:15:39 -08:00
|
|
|
use db::testutil::{self, TestDb};
|
2017-02-12 20:37:03 -08:00
|
|
|
use hyper;
|
2018-12-28 21:53:29 -06:00
|
|
|
use lazy_static::lazy_static;
|
2020-05-30 19:08:54 -07:00
|
|
|
use std::sync::Arc;
|
2018-02-03 21:56:04 -08:00
|
|
|
use uuid::Uuid;
|
2017-02-12 20:37:03 -08:00
|
|
|
|
|
|
|
|
struct Server {
|
|
|
|
|
base_url: String,
|
2018-02-03 21:56:04 -08:00
|
|
|
test_camera_uuid: Uuid,
|
2017-02-12 20:37:03 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl Server {
|
|
|
|
|
fn new() -> Server {
|
2018-03-23 15:16:43 -07:00
|
|
|
let db = TestDb::new(::base::clock::RealClocks {});
|
2018-02-03 21:56:04 -08:00
|
|
|
let test_camera_uuid = db.test_camera_uuid;
|
2017-02-12 20:37:03 -08:00
|
|
|
testutil::add_dummy_recordings_to_db(&db.db, 1440);
|
2021-02-16 22:15:54 -08:00
|
|
|
let service = Arc::new(
|
|
|
|
|
super::Service::new(super::Config {
|
|
|
|
|
db: db.db.clone(),
|
|
|
|
|
ui_dir: None,
|
|
|
|
|
allow_unauthenticated_permissions: Some(db::Permissions::default()),
|
|
|
|
|
trust_forward_hdrs: false,
|
|
|
|
|
time_zone_name: "".to_owned(),
|
|
|
|
|
})
|
|
|
|
|
.unwrap(),
|
|
|
|
|
);
|
2020-01-08 23:04:36 -08:00
|
|
|
let make_svc = hyper::service::make_service_fn(move |_conn| {
|
|
|
|
|
futures::future::ok::<_, std::convert::Infallible>(hyper::service::service_fn({
|
2020-05-30 19:08:54 -07:00
|
|
|
let s = Arc::clone(&service);
|
|
|
|
|
move |req| Arc::clone(&s).serve(req)
|
2020-01-08 23:04:36 -08:00
|
|
|
}))
|
|
|
|
|
});
|
2021-01-27 11:47:52 -08:00
|
|
|
let rt = tokio::runtime::Runtime::new().unwrap();
|
|
|
|
|
let srv = {
|
|
|
|
|
let _guard = rt.enter();
|
2020-01-08 23:04:36 -08:00
|
|
|
let addr = ([127, 0, 0, 1], 0).into();
|
|
|
|
|
hyper::server::Server::bind(&addr)
|
|
|
|
|
.tcp_nodelay(true)
|
|
|
|
|
.serve(make_svc)
|
2021-01-27 11:47:52 -08:00
|
|
|
};
|
2021-02-16 22:15:54 -08:00
|
|
|
let addr = srv.local_addr(); // resolve port 0 to a real ephemeral port number.
|
2017-02-12 20:37:03 -08:00
|
|
|
::std::thread::spawn(move || {
|
2020-01-08 23:04:36 -08:00
|
|
|
rt.block_on(srv).unwrap();
|
2017-02-12 20:37:03 -08:00
|
|
|
});
|
2018-02-03 21:56:04 -08:00
|
|
|
Server {
|
|
|
|
|
base_url: format!("http://{}:{}", addr.ip(), addr.port()),
|
|
|
|
|
test_camera_uuid,
|
|
|
|
|
}
|
2017-02-12 20:37:03 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
lazy_static! {
|
2020-08-07 15:30:22 -07:00
|
|
|
static ref SERVER: Server = Server::new();
|
2017-02-12 20:37:03 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[bench]
|
2018-12-28 21:53:29 -06:00
|
|
|
fn serve_stream_recordings(b: &mut test::Bencher) {
|
2017-02-12 20:37:03 -08:00
|
|
|
testutil::init();
|
|
|
|
|
let server = &*SERVER;
|
2021-02-16 22:15:54 -08:00
|
|
|
let url = reqwest::Url::parse(&format!(
|
|
|
|
|
"{}/api/cameras/{}/main/recordings",
|
|
|
|
|
server.base_url, server.test_camera_uuid
|
|
|
|
|
))
|
|
|
|
|
.unwrap();
|
2017-11-16 23:01:09 -08:00
|
|
|
let client = reqwest::Client::new();
|
2021-01-27 11:47:52 -08:00
|
|
|
let rt = tokio::runtime::Runtime::new().unwrap();
|
|
|
|
|
let f = || {
|
2020-02-16 23:58:07 -08:00
|
|
|
rt.block_on(async {
|
|
|
|
|
let resp = client.get(url.clone()).send().await.unwrap();
|
|
|
|
|
assert_eq!(resp.status(), reqwest::StatusCode::OK);
|
|
|
|
|
let _b = resp.bytes().await.unwrap();
|
|
|
|
|
});
|
2017-03-03 22:26:29 -08:00
|
|
|
};
|
2021-02-16 22:15:54 -08:00
|
|
|
f(); // warm.
|
2017-03-03 22:26:29 -08:00
|
|
|
b.iter(f);
|
2017-02-12 20:37:03 -08:00
|
|
|
}
|
|
|
|
|
}
|
