Commit Graph

78 Commits

Author SHA1 Message Date
Leandro Silva
5ea5d27908 Fix typo in v0.7.8 change log note 2023-10-21 20:13:49 -07:00
Scott Lamb
a2d243d3a4 support systemd socket activation 2023-10-20 21:44:34 -07:00
Scott Lamb
89ee2d0269 systemd Ready/Stopping notification 2023-10-20 11:51:55 -07:00
Scott Lamb
ee98bf5236 no more Docker!
* use `termion` rather than `ncurses` to limit runtime deps
* cross-compile with `cross` instead of our own dockerfiles/scripts
* update instructions
* update release procedure and GitHub actions to match
* prep changelog for `v0.7.8`

Fixes #160
Closes #265
2023-10-18 21:55:47 -07:00
Scott Lamb
ef62ebfc6c Merge remote-tracking branch 'origin/release-0.7.7' 2023-10-16 22:05:54 -07:00
Scott Lamb
faba358925 bundle UI files into the binary
This is optional but now enabled for release builds.

Why?

* It shrinks the release docker images a bit, as the binary
  includes only the gzipped version of files and uncompressed into RAM
  at startup (which should be fast).

* It's a step toward #160.
2023-08-06 08:16:27 -05:00
Scott Lamb
cff832e646 prep v0.7.7 2023-08-03 14:03:48 -07:00
Scott Lamb
02ac1a5570 fix #289: crash on sample dir Add button press 2023-08-03 15:58:57 -05:00
Scott Lamb
0f019b6fb3 log to stderr, not stdout 2023-08-03 15:48:59 -05:00
Scott Lamb
4ad627b997 prep 0.7.6 release 2023-07-08 10:22:04 -07:00
Scott Lamb
aa60bc991c test and fix #282
Sessions' last use updates weren't getting persisted to the database
because the update statement wasn't passing through the hash.

Also address a TODO of tracing in tests by using the same tracing
setup as in production.
2023-07-04 20:53:53 -07:00
Scott Lamb
028243532a upgrade to Rust 1.70, use std::sync::OnceLock
The most notable part of this is that `db::auth` no longer holds a lock
during password hashing operations. That was probably never a great
idea...
2023-07-04 20:44:21 -07:00
Scott Lamb
ebcdd76084 switch from log to tracing
I think this is a big improvement in readability.

I removed the `lnav` config, which is a little sad, but I don't think it
supports this structured logging format well. Still seems worthwhile on
balance.
2023-07-04 16:51:22 -07:00
Skye
db2e0f1d39 Bump minimum Rust version to 1.65 2023-07-04 16:37:36 -07:00
Scott Lamb
53414ed903 upgrade to Retina 0.4.5 2023-07-04 13:46:15 -07:00
Scott Lamb
438de38202
rework WebSocket error return protocol
This gives much better information to the UI layer, getting rid of a
whole troubleshooting guide entry. See #119 #132 #218 #219

I also restructured the code in anticipation of a new WebSocket event
stream (#40).
2023-02-15 17:26:40 -08:00
Scott Lamb
015dfef9c9
fix #257
Apparently a `MenuItem` with a value of `undefined` is possible but
doesn't actually fire a change event. Strange. Use the string `"null"`
instead.
2023-02-13 11:05:27 -08:00
Scott Lamb
f7718edc7f
moonfire-nvr login --permissions: take JSON
This improves usability and shrinks the binary: 12.0 MiB to 11.0 MiB
just now.
2023-02-11 12:08:50 -08:00
Scott Lamb
dac0f44ed8
user admin UI 2023-01-08 03:30:53 -06:00
Scott Lamb
8c4e69f772
user admin api improvements 2023-01-08 03:21:42 -06:00
Scott Lamb
a4bc7f5218
config file reference and doc reorganization 2023-01-06 14:25:13 -06:00
Scott Lamb
689765ea97
upgrade Rust deps 2023-01-05 17:43:45 -06:00
Scott Lamb
cc34a1aef5
Retina 0.4.4 2023-01-05 16:38:13 -06:00
Scott Lamb
dfa949815b
tweaks to api and docs
In particular, the docs now talk about the CSRF protection. This is
increasing relevant as we start having more mutation endpoints. And
make the signals api expect a csrf for session auth to match the newer
users api.
2023-01-05 12:21:35 -06:00
Scott Lamb
42fe054d46
make GET /api/ return current permissions
This is useful for e.g. deciding whether or not to present the user
admin UI in navigation.

As part of this change, I adjusted the casing in Permissions, and then
all the toml stuff for consistency. Noted in changelog.
2022-12-31 12:43:13 -05:00
Scott Lamb
c02fc6f439 more user admin actions 2022-12-25 23:01:17 -05:00
Scott Lamb
3ab30a318f add GET /users/ endpoint 2022-12-25 23:01:17 -05:00
Scott Lamb
dffec68b2f retrieve and set users' permissions 2022-12-25 23:01:17 -05:00
Scott Lamb
ae502200c0 upgrade various Rust dependencies
This stops using parking_lot entirely. Since Rust 1.62, the std
implementations on Linux are direct futexes, not the boxed pthread
mutexes they used to be. No real reason to use parking_lot anymore, so
shed this dependency.
2022-09-28 22:20:48 -07:00
Scott Lamb
b03eceb21a upgrade to Retina 0.4.1
Fixes #234
2022-08-09 08:02:07 -07:00
Scott Lamb
8e8b48b906 prepare 0.7.5 with Retina 0.3.10
Fixes #224
2022-05-09 13:17:18 -07:00
Scott Lamb
841e06e354 update a few deps 2022-05-02 11:23:03 -07:00
Scott Lamb
2e49a1a0c8 bump minimum Rust to 1.57
Addresses a breakage with cdfb61f. the `named-profile` feature
wasn't available in 1.56.
2022-04-14 10:58:23 -07:00
Scott Lamb
cdfb61fb35 build docker image with lto 2022-04-14 10:53:03 -07:00
Scott Lamb
fd7438dd28 ignore port number in ws origin check
Fixes #219
2022-04-13 21:49:18 -07:00
Scott Lamb
9e6ac27cb0 mention #206 in v0.7.4 changelog 2022-04-13 18:14:57 -07:00
Scott Lamb
13bfb76855 prepare v0.7.4 2022-04-13 15:08:15 -07:00
Scott Lamb
18f29f8bdb create gh release on tag
For #210

*   update changelog format so that `parse-changelog` is happy.
*   add the example from taiki-e/create-gh-release-action verbatim.
    Fingers crossed it works in my setup.
2022-04-13 15:00:49 -07:00
Scott Lamb
3bc552b950 seamless mid-stream video parameter changes
For #217. This handles the recording logic. May still need fixes to
playback and/or live stream logic.
2022-04-13 14:39:47 -07:00
Scott Lamb
5e7d558f99 upgrade to Retina v0.3.9
This alone improves interop and diagnostics, as noted in Retina's
release notes. We also now give the camera name to the session group
(for improved logging of TEARDOWN operations) and expose the RTSP
server's "tool" attribute in debug logs and the config UI's "Test"
button.

Fixes #209
Fixes #213
2022-04-12 15:00:35 -07:00
Scott Lamb
3bc410b417 prepare v0.7.3 2022-03-22 14:56:15 -07:00
Scott Lamb
4c9aa93fdf check WebSocket origin
This fixes a real cross-site WebSocket hijacking (CSWSH) vulnerability.
If the attacker knows the URL of an NVR installation this user is
authenticated to and the UUID of a camera, and can trick the user into
visiting their webpage, they can grab the live stream. At least there's
some entropy in the camera UUID, but it was never intended to be a
secret.
2022-03-22 14:51:12 -07:00
Scott Lamb
be3a5b200e prepare v0.7.2 2022-03-16 18:31:12 -07:00
Scott Lamb
892427592e tweak config format (#133)
* switch from json to toml.
  I think this will be more user-friendly. It allows comments and has
  less punctuation. Fewer surprises than yaml (which has e.g. the
  "Norway problem"). I might have stayed with JSON if I could see a
  good serde json library that allows comments, but hson is unmaintained
  and serde-json strictly follows the spec.

* switch from camelCase to snake_case. Seems more idiomatic for TOML
  and matches the Rust source.

* forbid unknown keys. Better to spot errors sooner.

* rename "trust_forward_hdrs" to "trust_forward_headers". Nothing else
  is abbreviated.
2022-03-16 12:34:39 -07:00
Scott Lamb
ceaef46ea9 introduce /etc/moonfire-nvr.json (#133) 2022-03-09 13:18:33 -08:00
Scott Lamb
9d70d68710 fix #187 via a dependency upgrade
I did a full `cargo upgrade` and fixed what it broke:

*   a couple things for the latest protobuf 3.0 alphas
    (note alphas don't promise API stability)
*   new minimum supported Rust version

This should have some other nice effects: parking_lot now uses inline
assembler, tokio has gotten faster, etc.
2022-03-08 11:24:44 -08:00
Scott Lamb
0406e09ca4 reduce debug output in release/bench builds
This reduces the binary size from 154 MiB to 70 MiB (#70 progress).
Tools like `cargo flamegraph` still work fine.

As suggested by "EarthFeet" on reddit:
https://www.reddit.com/r/rust/comments/rw0jad/cargos_strip_profile_option_has_been_stabilized/hra193k/
2022-01-05 10:28:32 -08:00
Scott Lamb
9b241c80dc update retina and http-serve deps
* new retina notably fixes #184
* new http-serve removes an accidental debug print on stdout
2021-12-29 22:16:21 -08:00
Scott Lamb
5c7263b1bd include ext stream in API response; better docs
In particular, the docs now explicitly call out that API changes can
happen at any version, and from 0.7.0 onward they're described in
the changelog.
2021-11-23 13:04:02 -08:00
Scott Lamb
cf492a2ffa fix #182: error on upgrade when onvif_host empty 2021-11-23 10:17:47 -08:00