MyFavMirrors/moonfire-nvr
1
0
Fork 0
mirror of https://github.com/scottlamb/moonfire-nvr.git synced 2025-02-24 11:59:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix --require-auth flag

Browse Source 
Apparently with docopt, --require-auth=false doesn't work, so booleans
with a default value of true can't be turned off. Toggle the default to
false to deal with this, for now. I'd prefer the default be true, but
I also would prefer to not use a negative --no-require-auth or
--allow-unauthenticated flag. I think I'll switch from docopt to clap
in the near future; it seems to be what the cool kids use.
This commit is contained in:
Scott Lamb 2018-12-28 08:39:50 -06:00
parent 54ebc6ec2f
commit 4580038013
4 changed files with 7 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
guide/install-manual.md
View File

@ -84,8 +84,7 @@ Moonfire NVR can be run as a systemd service. Create
[Service] [Service]
ExecStart=/usr/local/bin/moonfire-nvr run \ ExecStart=/usr/local/bin/moonfire-nvr run \
--db-dir=/var/lib/moonfire-nvr/db \ --db-dir=/var/lib/moonfire-nvr/db \
--http-addr=0.0.0.0:8080 \ --http-addr=0.0.0.0:8080
--require-auth=false
Environment=TZ=:/etc/localtime Environment=TZ=:/etc/localtime
Environment=MOONFIRE_FORMAT=google-systemd Environment=MOONFIRE_FORMAT=google-systemd
Environment=MOONFIRE_LOG=info Environment=MOONFIRE_LOG=info

10
guide/secure.md
View File

@ -153,15 +153,13 @@ In your `/etc/systemd/system/moonfire-nvr.service` file, look for these lines:
``` ```
ExecStart=/usr/local/bin/moonfire-nvr run \ ExecStart=/usr/local/bin/moonfire-nvr run \
... --db-dir=/var/lib/moonfire-nvr/db \
--http-addr=0.0.0.0:8080 \ --http-addr=0.0.0.0:8080
--require-auth=false
``` ```
Change `--require-auth=false` to `--require-auth=true --trust-forward-hdrs`. Add `--require-auth --trust-forward-hdrs`. This change has two effects:
This change has two effects:
* `--require-auth=true` means that web users must authenticate. * `--require-auth` means that web users must authenticate.
* `--trust-forward-hdrs` means that Moonfire NVR will look for `X-Real-IP` * `--trust-forward-hdrs` means that Moonfire NVR will look for `X-Real-IP`
and `X-Forwarded-Proto` headers as added by the webserver configuration and `X-Forwarded-Proto` headers as added by the webserver configuration
in the next section. in the next section.

3
scripts/install.sh
View File

@ -106,8 +106,7 @@ After=network-online.target
ExecStart=${SERVICE_BIN} run \\ ExecStart=${SERVICE_BIN} run \\
--db-dir=${DB_DIR} \\ --db-dir=${DB_DIR} \\
--ui-dir=${LIB_DIR}/ui \\ --ui-dir=${LIB_DIR}/ui \\
--http-addr=0.0.0.0:${NVR_PORT} \ --http-addr=0.0.0.0:${NVR_PORT}
--require=auth=false
Environment=TZ=:/etc/localtime Environment=TZ=:/etc/localtime
Environment=MOONFIRE_FORMAT=google-systemd Environment=MOONFIRE_FORMAT=google-systemd
Environment=MOONFIRE_LOG=info Environment=MOONFIRE_LOG=info

3
src/cmds/run.rs
View File

@ -66,8 +66,7 @@ Options:
--http-addr=ADDR Set the bind address for the unencrypted HTTP server. --http-addr=ADDR Set the bind address for the unencrypted HTTP server.
[default: 0.0.0.0:8080] [default: 0.0.0.0:8080]
--read-only Forces read-only mode / disables recording. --read-only Forces read-only mode / disables recording.
--require-auth=BOOL Requires authentication to access the web interface. --require-auth Requires authentication to access the web interface.
[default: true]
--trust-forward-hdrs Trust X-Real-IP: and X-Forwarded-Proto: headers on --trust-forward-hdrs Trust X-Real-IP: and X-Forwarded-Proto: headers on
the incoming request. Set this only after ensuring the incoming request. Set this only after ensuring
your proxy server is configured to set them and that your proxy server is configured to set them and that