Commit Graph

190 Commits

Author SHA1 Message Date
Scott Lamb
2e49a1a0c8 bump minimum Rust to 1.57
Addresses a breakage with cdfb61f. the `named-profile` feature
wasn't available in 1.56.
2022-04-14 10:58:23 -07:00
Scott Lamb
cdfb61fb35 build docker image with lto 2022-04-14 10:53:03 -07:00
Scott Lamb
fd7438dd28 ignore port number in ws origin check
Fixes #219
2022-04-13 21:49:18 -07:00
Scott Lamb
21da924d84 update missing ui-dir log lines
https://github.com/scottlamb/moonfire-nvr/issues/218#issuecomment-1098671419
2022-04-13 20:26:28 -07:00
Scott Lamb
13bfb76855 prepare v0.7.4 2022-04-13 15:08:15 -07:00
Scott Lamb
2e2de8cc6a fix db tests for 3bc552b
(I ran `cargo test` rather than `cargo test --all`, oops!)
2022-04-13 14:52:18 -07:00
Scott Lamb
3bc552b950 seamless mid-stream video parameter changes
For #217. This handles the recording logic. May still need fixes to
playback and/or live stream logic.
2022-04-13 14:39:47 -07:00
Scott Lamb
967834ce15 reduce thread handoffs in RetinaStream 2022-04-13 13:34:41 -07:00
Scott Lamb
7b0a489541 rework stream threading model
Fixes #206. 307a388 switched to creating a single-threaded runtime for
each stream, then destroying prior to waiting for TEARDOWN on shutdown.
This meant that the shutdown process could panic with this error:

```
panic at '/home/slamb/git/retina/src/client/mod.rs:219:22': teardown Sender shouldn't be dropped: RecvError(())
```

Let's switch back to expecting a multithreaded runtime context.
Create one for the config subcommand, too.

Don't go all the way back to the old code with its channels, though.
That had the downside that the underlying retina::Session might outlive
the caller, so there could still be an active session when we start
the next one. I haven't seen this cause problems in practice but it
still doesn't seem right.
2022-04-13 11:39:38 -07:00
Scott Lamb
5e7d558f99 upgrade to Retina v0.3.9
This alone improves interop and diagnostics, as noted in Retina's
release notes. We also now give the camera name to the session group
(for improved logging of TEARDOWN operations) and expose the RTSP
server's "tool" attribute in debug logs and the config UI's "Test"
button.

Fixes #209
Fixes #213
2022-04-12 15:00:35 -07:00
Scott Lamb
3bc410b417 prepare v0.7.3 2022-03-22 14:56:15 -07:00
Scott Lamb
4c9aa93fdf check WebSocket origin
This fixes a real cross-site WebSocket hijacking (CSWSH) vulnerability.
If the attacker knows the URL of an NVR installation this user is
authenticated to and the UUID of a camera, and can trick the user into
visiting their webpage, they can grab the live stream. At least there's
some entropy in the camera UUID, but it was never intended to be a
secret.
2022-03-22 14:51:12 -07:00
Scott Lamb
307a3884a0 drop ffmpeg support
* switch the config interface over to use Retina and make the test
  button honor rtsp_transport = udp.

* adjust the threading model of the Retina streaming code.

  Before, it spawned a background future that read from the runtime and
  wrote to a channel. Other calls read from this channel.

  After, it does work directly from within the block_on calls (no
  channels).

  The immediate motivation was that the config interface didn't have
  another runtime handy. And passing in a current thread runtime
  deadlocked. I later learned this is a difference between
  Runtime::block_on and Handle::block_on. The former will drive IO and
  timers; the latter will not.

  But this is also more efficient to avoid so many thread hand-offs.
  Both the context switches and the extra spinning that
  tokio appears to do as mentioned here:
  https://github.com/scottlamb/retina/issues/5#issuecomment-871971550

  This may not be the final word on the threading model. Eventually
  I may not have per-stream writing threads at all. But I think it will
  be easier to look at this after getting rid of the separate
  `moonfire-nvr config` subcommand in favor of a web interface.

* in tests, read `.mp4` files via the `mp4` crate rather than ffmpeg.
  The annoying part is that this doesn't parse edit lists; oh well.

* simplify the `Opener` interface. Formerly, it'd take either a RTSP
  URL or a path to a `.mp4` file, and they'd share some code because
  they both sometimes used ffmpeg. Now, they're totally different
  libraries (`retina` vs `mp4`). Pull the latter out to a `testutil`
  module with a different interface that exposes more of the `mp4`
  stuff. Now `Opener` is just for RTSP.

* simplify the h264 module. It had a lot of logic to deal with Annex B.
  Retina doesn't use this encoding.

Fixes #36
Fixes #126
2022-03-18 13:22:47 -07:00
Scott Lamb
be3a5b200e prepare v0.7.2 2022-03-16 18:31:12 -07:00
Scott Lamb
e9ac61f15c allow omitting permissions in config 2022-03-16 17:51:49 -07:00
Scott Lamb
892427592e tweak config format (#133)
* switch from json to toml.
  I think this will be more user-friendly. It allows comments and has
  less punctuation. Fewer surprises than yaml (which has e.g. the
  "Norway problem"). I might have stayed with JSON if I could see a
  good serde json library that allows comments, but hson is unmaintained
  and serde-json strictly follows the spec.

* switch from camelCase to snake_case. Seems more idiomatic for TOML
  and matches the Rust source.

* forbid unknown keys. Better to spot errors sooner.

* rename "trust_forward_hdrs" to "trust_forward_headers". Nothing else
  is abbreviated.
2022-03-16 12:34:39 -07:00
Scott Lamb
78cdd82f36 fix warnings 2022-03-11 12:01:35 -08:00
Scott Lamb
5264e9848e fix test failure 2022-03-11 11:59:20 -08:00
Scott Lamb
7467b382dc make Unix sockets bind reliably and add to config 2022-03-11 11:52:00 -08:00
Scott Lamb
7c453b5f9d support treating own effective uid as privileged
I intend this to be an easy bootstrapping mechanism for web auth.
2022-03-11 11:10:26 -08:00
Scott Lamb
4ce3e511b5 support Unix sockets (#133) 2022-03-09 16:47:08 -08:00
Scott Lamb
ceaef46ea9 introduce /etc/moonfire-nvr.json (#133) 2022-03-09 13:18:33 -08:00
Scott Lamb
1a51b53b54 upgrade moonfire-ffmpeg 2022-03-08 11:42:05 -08:00
Scott Lamb
adc7087dc2 upgrade reffers dependency 2022-03-08 11:41:00 -08:00
Scott Lamb
8720495608 upgrade scrypt dependency 2022-03-08 11:40:25 -08:00
Scott Lamb
197e10f56f upgrade tokio-tungstenite 2022-03-08 11:39:22 -08:00
Scott Lamb
ce3cf9c096 upgrade rusqlite 2022-03-08 11:37:45 -08:00
Scott Lamb
c5ef87ee79 upgrade cursive 2022-03-08 11:35:29 -08:00
Scott Lamb
9d70d68710 fix #187 via a dependency upgrade
I did a full `cargo upgrade` and fixed what it broke:

*   a couple things for the latest protobuf 3.0 alphas
    (note alphas don't promise API stability)
*   new minimum supported Rust version

This should have some other nice effects: parking_lot now uses inline
assembler, tokio has gotten faster, etc.
2022-03-08 11:24:44 -08:00
Scott Lamb
6ca9f451c2 update retina to 0.3.7
Notably, this includes scottlamb/retina#50, which fixes a panic
parsing the DESCRIBE response sent by some cameras. Should improve #192.
2022-01-28 22:49:41 -08:00
Greg V
64142b7684 Do not check for video codec by checking SDP video parameters
Since retina now supports in-band parameters, we should only check the media type for this.
2022-01-28 22:48:27 -08:00
Scott Lamb
77775a82e5 make moonfire-nvr sql enforce integrity
https://github.com/scottlamb/moonfire-nvr/issues/175#issuecomment-1008096087
2022-01-08 10:54:40 -08:00
Scott Lamb
0406e09ca4 reduce debug output in release/bench builds
This reduces the binary size from 154 MiB to 70 MiB (#70 progress).
Tools like `cargo flamegraph` still work fine.

As suggested by "EarthFeet" on reddit:
https://www.reddit.com/r/rust/comments/rw0jad/cargos_strip_profile_option_has_been_stabilized/hra193k/
2022-01-05 10:28:32 -08:00
Scott Lamb
9b241c80dc update retina and http-serve deps
* new retina notably fixes #184
* new http-serve removes an accidental debug print on stdout
2021-12-29 22:16:21 -08:00
Scott Lamb
5c7263b1bd include ext stream in API response; better docs
In particular, the docs now explicitly call out that API changes can
happen at any version, and from 0.7.0 onward they're described in
the changelog.
2021-11-23 13:04:02 -08:00
Scott Lamb
0f6c1b3856 use github URLs in doc pointers
This is better particularly when the user is following the docker
instructions and doesn't have a local checkout at all. It also is a
rendered HTML view rather than raw markdown.

It'd be nice to link to the exact release we're using, not tip of
master. I didn't do this now because it'll likely take some work with
build.rs to check if the user is on a tagged release or not.

Fixes #180
2021-11-23 10:49:42 -08:00
Scott Lamb
cf492a2ffa fix #182: error on upgrade when onvif_host empty 2021-11-23 10:17:47 -08:00
Scott Lamb
af9c8bb05a remove obsolete CameraConfig
Since 0.7.0, the one in the db package is used both for actual storage
within the database and for API use. I left the API-specific version
around by accident.
2021-11-23 09:56:05 -08:00
Scott Lamb
a7c574eb43 extract_cookie should check all Cookie headers 2021-10-28 15:09:02 -07:00
Scott Lamb
1e17a53280 separate out signals API to own file 2021-10-28 14:09:30 -07:00
Scott Lamb
1f41a27cc3 extract /api/{login,logout} to their own file 2021-10-28 13:57:32 -07:00
Scott Lamb
bae45a0855 move /view.{mp4,m4s} to their own file 2021-10-28 13:23:49 -07:00
Scott Lamb
87f9736d80 separate live view into its own file 2021-10-28 13:07:39 -07:00
Scott Lamb
cf08c95a4b split static file serving into its own file 2021-10-28 12:49:50 -07:00
Scott Lamb
4231ec45ce start splitting up web.rs
It's getting huge and hard to work with. The path stuff is easy to pull
out.
2021-10-28 12:38:29 -07:00
Scott Lamb
1c9a55653d allow setting rtsp transport per-stream 2021-10-27 14:28:44 -07:00
Scott Lamb
981cee0706 revert cursive upgrade
SelectView::set_selection doesn't seem to be working properly. The
symptom is editing an existing camera will clear the sample file dir,
and thus hitting edit without making any changes will fail.
2021-10-27 14:27:10 -07:00
Scott Lamb
973d2fbfe2 use newer cargo version resolver
This trims ~700KiB off moonfire-nvr's text section, much of it by
eliminating h2. See #70.
2021-10-27 13:19:37 -07:00
Scott Lamb
4aab6baebb add server version to /api response
Fixes #171
2021-10-27 13:09:20 -07:00
Scott Lamb
504f1a36ab switch from libpasta to just scrypt
This drops several older dependencies and reduces final binary size
(text section by ~200KiB, unstripped binary by ~12MiB)

I'll have to manually add new hash formats, and I won't ever be able
to take advantage of libpasta's (currently unused) facility to wrap
hashes, but I think it's worth it. libpasta isn't well-maintained.
2021-10-27 11:50:55 -07:00