MyFavMirrors/moonfire-nvr
1
0
Fork 0
mirror of https://github.com/scottlamb/moonfire-nvr.git synced 2025-12-06 07:42:29 -05:00
Code Issues Packages Projects Releases Wiki Activity

add concept of user/session permissions

Browse Source 
(I also considered the names "capabilities" and "scopes", but I think
"permissions" is the most widely understood.)

This is increasingly necessary as the web API becomes more capable.
Among other things, it allows:

* non-administrator users who can view but not access camera passwords
  or change any state
* workers that update signal state based on cameras' built-in motion
  detection or a security system's events but don't need to view videos
* control over what can be done without authenticating

Currently session permissions are just copied from user permissions, but
you can also imagine admin sessions vs not, as a checkbox when signing
in. This would match the standard Unix workflow of using a
non-administrative session most of the time.

Relevant to my current signals work (#28) and to the addition of an
administrative API (#35, including #66).
This commit is contained in:
Scott Lamb
2019-06-19 15:17:50 -07:00
parent d8b8d5d5e0
commit fda7e4ca2b
23 changed files with 336 additions and 741 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
design/api.md
View File

@@ -53,11 +53,15 @@ request parameters:
* `days`: a boolean indicating if the days parameter described below
should be included.
* `cameraConfigs`: a boolean indicating if the `camera.config` parameter
described below should be included. This requires the
`read_camera_configs` permission as described in `schema.proto`.
Example request URI:
Example request URI (with added whitespace between parameters):
```
/api/?days=true
&cameraConfigs=true
```
The `application/json` response will have a dict as follows:
@@ -68,6 +72,11 @@ The `application/json` response will have a dict as follows:
* `uuid`: in text format
* `shortName`: a short name (typically one or two words)
* `description`: a longer description (typically a phrase or paragraph)
* `config`: (only included if request parameter `cameraConfigs` is true)
a dictionary describing the configuration of the camera:
* `username`
* `password`
* `host`
* `streams`: a dict of stream type ("main" or "sub") to a dictionary
describing the stream:
* `retainBytes`: the configured total number of bytes of completed
@@ -81,9 +90,10 @@ The `application/json` response will have a dict as follows:
be lesser if there are gaps in the recorded data.
* `totalSampleFileBytes`: the total number of bytes of sample data
(the `mdat` portion of a `.mp4` file).
* `days`: object representing calendar days (in the server's time
zone) with non-zero total duration of recordings for that day. The
keys are of the form `YYYY-mm-dd`; the values are objects with the
* `days`: (only included if request pararameter `days` is true)
dictionary representing calendar days (in the server's time zone)
with non-zero total duration of recordings for that day. The keys
are of the form `YYYY-mm-dd`; the values are objects with the
following attributes:
* `totalDuration90k` is the total duration recorded during that
day. If a recording spans a day boundary, some portion of it
@@ -124,6 +134,11 @@ Example response:
"uuid": "fd20f7a2-9d69-4cb3-94ed-d51a20c3edfe",
"shortName": "driveway",
"description": "Hikvision DS-2CD2032 overlooking the driveway from east",
"config": {
"host": "192.168.1.100",
"user": "admin",
"password": "12345",
},
"streams": {
"main": {
"retainBytes": 536870912000,
@@ -193,7 +208,9 @@ Example response:
### `GET /api/cameras/<uuid>/`
Returns information for the camera with the given URL.
Returns information for the camera with the given URL. As in the like section
of `GET /api/` with the `days` parameter set and the `cameraConfigs` parameter
unset.
Example response:
@@ -311,6 +328,8 @@ Example response:
### `GET /api/cameras/<uuid>/<stream>/view.mp4`
Requires the `view_video` permission.
Returns a `.mp4` file, with an etag and support for range requests. The MIME
type will be `video/mp4`, with a `codecs` parameter as specified in
[RFC 6381][rfc-6381].
@@ -525,6 +544,8 @@ This represents the following observations:
### `POST /api/signals`
Requires the `update_signals` permission.
Alters the state of a signal.
A typical client might be a subscriber of a camera's built-in motion