Commit Graph

170 Commits

Author SHA1 Message Date
Scott Lamb
4204d84bde
disable proxy buffering in nginx
Buffering to local disk is unnecessary and wasteful.
Moonfire connections are cheap.
2021-08-13 15:28:31 -07:00
Scott Lamb
b8b5038f71 better error msg on live view when misconfigured
Improves (but doesn't fix) #119 and #120.
2021-08-13 12:02:42 -07:00
Scott Lamb
115b081dcd update arm docker build notes 2021-08-12 09:36:13 -07:00
Scott Lamb
164c8c5b21 clarify support for node 12 and 14
* run node 12, 14, and 16 (next to be supported) on CI. This will catch
  node version-specific problems like that solved in dad9bdc.
* mention 12 and 14 in build instructions and link to instructions for
  installing that version.
* follow this in Dockerfile, installing version 14. This addresses
  a "Cannot find module 'worker_threads'" error introduced in
  39a63e0, which (inadvisedly) upgraded gzipper 4->5 in addition to
  the material-ui upgrade.
* use utf-8 encoding rather than ascii in live part parser. Those
  builds apparently don't support ascii. iThey must use "small-icu" or
  have ICU disabled, as described here:
  https://nodejs.org/api/util.html#util_encodings_supported_when_node_js_is_built_with_the_small_icu_option
2021-08-11 23:45:17 -07:00
Scott Lamb
f4c70803d3 add warning about docker builds not working on arm
see #141
2021-08-11 14:38:41 -07:00
Scott Lamb
889deac5be explicitly cd into dir in build instructions
as suggested in #141
2021-08-11 13:52:53 -07:00
Scott Lamb
84ce447fab
use journald log driver in docker wrapper script
As mentioned in https://lwn.net/Articles/676831/, Docker's default loses the logs every time a container is destroyed. Also, https://docs.docker.com/config/containers/logging/configure/ says that the default never rotates the logfiles.
2021-07-16 09:23:45 -07:00
Scott Lamb
3ce9366b0c links to system setup wiki page 2021-07-13 16:08:50 -07:00
Scott Lamb
2c3a22c223 link to our own guide on disabling UAS 2021-07-13 12:49:17 -07:00
Scott Lamb
6046598179 use "unless-stopped" rather than "on-failure"
The latter doesn't restart the docker container on system startup.
2021-07-13 11:23:41 -07:00
Scott Lamb
1bd05348bf troubleshooting section about incorrect timestamps 2021-07-13 11:18:17 -07:00
Scott Lamb
f078328935 prepare v0.6.4 2021-06-28 20:32:33 -07:00
Scott Lamb
5be69baaa6 switch default RTSP library to retina 2021-06-28 16:38:21 -07:00
Scott Lamb
3a6918f3df raise minimum Rust version to 1.52
as required by Retina
2021-06-07 14:43:26 -07:00
Scott Lamb
23d77693de read sample files from dedicated threads
Reading from the mmap()ed region in the tokio threads could cause
them to stall:

*   That could affect UI serving when there were concurrent
    UI requests (i.e., not just requests that needed the reads in
    question anyway).
*   If there's a faulty disk, it could cause the UI to totally hang.
    Better to not mix disks between threads.
*   Soon, I want to handle RTSP from the tokio threads (#37). Similarly,
    we don't want RTSP streaming to block on operations from unrelated
    disks.

I went with just one thread per disk which I think is sufficient.
But it'd be possible to do a fixed-size pool instead which might improve
latency when some pages are already cached.

I also dropped the memmap dependency. I had to compute the page
alignment anyway to get mremap to work, and Moonfire NVR already is
Unix-specific, so there wasn't much value from the memmap or memmap2
crates.

Fixes #88
2021-06-04 19:50:13 -07:00
Scott Lamb
90dd68ee7c update nginx tutorial link 2021-06-04 09:00:24 -07:00
Scott Lamb
ede1ce3192 mention tools for autodetecting RTSP URLs 2021-04-27 10:59:55 -07:00
Iron Oxidizer
146a27aac7
improved hard drive setup docs (#122)
* Use the standard UUID syntax for /etc/fstab

* Added instruction to create sample directory

* Update install.md

* Change sample ownership instead of perms
2021-04-11 21:15:45 -07:00
Scott Lamb
2936c138c5 various doc improvements
I bumped the minimum Rust version because I'm taking advantage of
the rustdoc linking added in Rust 1.48:
https://blog.rust-lang.org/2020/11/19/Rust-1.48.html#easier-linking-in-rustdoc
2021-04-10 17:34:52 -07:00
Scott Lamb
98d106553a add a quick troubleshooting note about #119 2021-04-09 14:28:20 -07:00
Scott Lamb
7c0a634bed avoid clock problems on some Docker setups
In particular, this was happening out of the box on Raspberry Pi OS Lite
20210304, as reported by ironoxidizer@gmail.com here:
https://groups.google.com/g/moonfire-nvr-users/c/2j9LvfFl2u8/m/tJcNS2WfCQAJ

*   adjust main.rs to make the problem more obvious
*   mention it in the troubleshooting guide
*   sidestep it in the nvr docker wrapper script

also just use --networking=host rather than --publish (avoiding a proxy
process). I'm using Docker to simplify the build and deployment process,
not as a security boundary, so just do the simpler thing.
2021-04-08 22:21:03 -07:00
Scott Lamb
4d4d78ba64 mass markdown reformatting
Add tables of contents (using the VS Code Markdown All-In-One extension)
and reformat lists to consistently use 4-space indents. No content
changes.
2021-04-01 12:32:31 -07:00
Scott Lamb
74b13a0fbf add troubleshooting info about out of disk space
As discussed in #84. Also reorganize the troubleshooting guide a bit so
it will be easier to navigate as it grows.
2021-04-01 11:43:21 -07:00
Scott Lamb
96255efd3e increase disk space slack recommendation
As discussed in #84 and #116.
2021-04-01 10:01:46 -07:00
Scott Lamb
a434b42672 live stream troubleshooting info 2021-03-31 16:36:21 -07:00
Scott Lamb
56661924ae Merge branch 'master' into new-ui 2021-03-12 14:53:15 -08:00
Scott Lamb
6f2befec65 release script fixes 2021-03-12 13:33:08 -08:00
Scott Lamb
d5320302a3 prepare version 0.6.2 2021-03-12 12:36:20 -08:00
Scott Lamb
2d4e7e5878 tweak the docker release flows 2021-03-12 12:21:44 -08:00
Scott Lamb
1458d668d7 tweak color env variable options
As noted in mylog's 2b1085c:
Looks like both the GNU tools' --color argument and cargo's
CARGO_TERM_COLOR expect always/never rather than on/off. Match that.
Might as well understand off/no/false and on/yes/true also.
2021-03-12 09:24:20 -08:00
Scott Lamb
8ced3155e2 docker optimizations, doc improvements 2021-03-11 23:38:58 -08:00
Scott Lamb
9099d07dfa improve panic messages and docs (#112) 2021-03-10 08:12:49 -08:00
Scott Lamb
ea8bdef7d9 support color coding logs (#112)
ffmpeg was already doing this; now do it for native logs.
2021-03-09 22:09:30 -08:00
Scott Lamb
242368aa47 more help reading logs 2021-03-09 13:15:25 -08:00
Scott Lamb
2808d5e139 help folks read logs (#112)
*   add more description to the troubleshooting guide
*   adjust the log format to match more recent glog
*   include a config for the lnav tool, which will help colorize,
    browse, and search the logs.

Next up: install an ffmpeg log callback for consistency.
2021-03-09 00:10:32 -08:00
Scott Lamb
9aa72fe670 small but important fix to instructions
Without quotes around the here-document word, the expansion happens
as the command is run, which isn't what I had in mind.
2021-02-28 22:13:38 -08:00
Scott Lamb
f281922359 start a new React-based UI (#111)
This doesn't do much yet but should provide a better foundation for
improvement than the jQuery UI, as described in the github issue.
2021-02-17 19:42:32 -08:00
Scott Lamb
64f8d38e01 0.6.1 2021-02-16 12:01:51 -08:00
Scott Lamb
44039889c5 switch from yarn to npm
This eases build setup. Where Yarn requires a separate package
repository, npm is available in the standard one.

yarn's package repository signature was recently expired, and apparently
will expire again in a year. Avoid dealing with that.

Fixes #110.
2021-02-16 12:01:51 -08:00
Scott Lamb
5acca1a253 tips on hardware failures and fs corruption 2021-02-11 16:04:40 -08:00
Scott Lamb
9a5957d5ef overhaul error messages
Inspired by the poor error message here:
https://github.com/scottlamb/moonfire-nvr/issues/107#issuecomment-777587727

*   print the friendlier Display version of the error rather than Debug.
    Eg, "EROFS: Read-only filesystem" rather than "Sys(EROFS)". Do this
    everywhere: on command exit, on syncer retries, and on stream
    retries.
*   print the most immediate problem and additional lines for each
    cause.
*   print the backtrace or an advertisement for RUST_BACKTRACE=1 if it's
    unavailable.
*   also mention RUST_BACKTRACE=1 in the troubleshooting guide.
*   add context in various places, including pathnames. There are surely
    many places more it'd be helpful, but this is a start.
*   allow subcommands to return failure without an Error.
    In particular, "moonfire-nvr check" does its own error printing
    because it wants to print all the errors it finds. Printing "see
    earlier errors" with a meaningless stack trace seems like it'd just
    confuse. But I also want to get rid of the misleading "Success" at
    the end and 0 return to the OS.
2021-02-11 10:57:09 -08:00
Scott Lamb
ff1615a0b4 address database upgrade slowness (#107)
* give a rule of thumb for update time in the documentation
* log the SQLite3 version, which can affect performance
* do the vacuum in non-WAL mode, to correctly set the page size and to
  avoid very slow behavior on older SQLite3 versions. Larger page sizes
  are generally faster (including subsequent vacuum operations).
  This won't help much for the first vacuum after this change, but it
  will help afterward.
* likewise, set the page size properly on "moonfire-nvr init".
2021-02-10 22:28:40 -08:00
Scott Lamb
dd66c7b0dd restructure into "server" and "ui" subdirs
Besides being more clear about what belongs to which, this helps with
docker caching. The server and ui parts are only rebuilt when their
respective subdirectories change.

Extend this a bit further by making the webpack build not depend on
the target architecture. And adding cache dirs so parts of the server
and ui build process can be reused when layer-wide caching fails.
2021-01-22 22:01:17 -08:00
Scott Lamb
c140296da2 fix dependencies in CI
Running "apt-get install" without a preceding "apt-get update" has
started failing on GitHub Actions, eg:

https://github.com/scottlamb/moonfire-nvr/runs/1750609817

I believe the problem is that older packages have been removed from
the mirror, and the update will fix this, as described here:

https://github.com/actions/virtual-environments/issues/675#issuecomment-671057659

Also, I was using ncurses version 5 packages, when I should be using the
unversioned default. Same in the build guide.
2021-01-22 10:39:09 -08:00
Scott Lamb
7eac83fc51
Update install.md
fix timezone setting
2021-01-21 16:57:07 -08:00
Scott Lamb
31801e20c3 update docs to recommend new Docker setup
and remove the old scripts, to reduce the supported ways of doing
things.
2021-01-21 16:00:38 -08:00
Scott Lamb
aab36bb5b6 replacing travis-ci with github actions 2020-12-22 22:49:43 -08:00
Scott Lamb
b34914c73e prepare to merge schema version 6 to master 2020-12-22 19:53:29 -08:00
Scott Lamb
b078851ad7 remove half-baked object detection schema
I want to release schema version 6 now, with the fully developed pieces.
2020-12-22 19:50:51 -08:00
Scott Lamb
269db57a53 update various deps
This brings most things reasonably up-to-date. libpasta's deps are
dragging a bit, keeping us on an older ring to avoid duplication,
and causing us to use three versions of base64. And I need to update
a few of my companion crates' parking_lot dep to match tokio.
2020-11-23 00:31:38 -08:00
Scott Lamb
8512199d85 Merge branch 'master' into new-schema 2020-11-22 20:40:16 -08:00
Scott Lamb
642eb4f60b update min Rust version to 1.42.0
rusqlite 0.24.1 uses matches!, which was introduced in this version.
So 1682553 does't work on prior versions.

https://travis-ci.org/github/scottlamb/moonfire-nvr/jobs/745309747
2020-11-22 18:45:54 -08:00
Scott Lamb
cb97ccdfeb start splitting wall and media duration for #34
This splits the schema and playback path. The recording path still
adjusts the frame durations and always says the wall and media durations
are the same. I expect to change that in a following commit. I wouldn't
be surprised if that shakes out some bugs in this portion.
2020-08-04 21:44:01 -07:00
Jack Challen
9370732ed9 Add note about initializing empty DB
The first time moonfire's run it needs an (empty) db. The docs
appear to miss that step.
Made surrounding documentation slightly more explicit.
2020-07-18 09:26:58 +01:00
Scott Lamb
f3ddbfe22a track cumulative duration and runs
This is useful for a combo scrub bar-based UI (#32) + live view UI (#59)
in a non-obvious way. When constructing a HTML Media Source Extensions
API SourceBuffer, the caller can specify a "mode" of either "segments"
or "sequence":

In "sequence" mode, playback assumes segments are added sequentially.
This is good enough for a live view-only UI (#59) but not for a scrub
bar UI in which you may want to seek backward to a segment you've never
seen before. You will then need to insert a segment out-of-sequence.
Imagine what happens when the user goes forward again until the end of
the segment inserted immediately before it. The user should see the
chronologically next segment or a pause for loading if it's unavailable.
The best approximation of this is to track the mapping of timestamps to
segments and insert a VTTCue with an enter/exit handler that seeks to
the right position. But seeking isn't instantaneous; the user will
likely briefly see first the segment they seeked to before. That's
janky. Additionally, the "canplaythrough" event will behave strangely.

In "segments" mode, playback respects the timestamps we set:

* The obvious choice is to use wall clock timestamps. This is fine if
  they're known to be fixed and correct. They're not. The
  currently-recording segment may be "unanchored", meaning its start
  timestamp is not yet fixed. Older timestamps may overlap if the system
  clock was stepped between runs. The latter isn't /too/ bad from a user
  perspective, though it's confusing as a developer. We probably will
  only end up showing the more recent recording for a given
  timestamp anyway. But the former is quite annoying. It means we have
  to throw away part of the SourceBuffer that we may want to seek back
  (causing UI pauses when that happens) or keep our own spare copy of it
  (memory bloat). I'd like to avoid the whole mess.

* Another approach is to use timestamps that are guaranteed to be in
  the correct order but that may have gaps. In particular, a timestamp
  of (recording_id * max_recording_duration) + time_within_recording.
  But again seeking isn't instantaneous. In my experiments, there's a
  visible pause between segments that drives me nuts.

* Finally, the approach that led me to this schema change. Use
  timestamps that place each segment after the one before, possibly with
  an intentional gap between runs (to force a wait where we have an
  actual gap). This should make the browser's natural playback behavior
  work properly: it never goes to an incorrect place, and it only waits
  when/if we want it to. We have to maintain a mapping between its
  timestamps and segment ids but that's doable.

This commit is only the schema change; the new data aren't exposed in
the API yet, much less used by a UI.

Note that stream.next_recording_id became stream.cum_recordings. I made
a slight definition change in the process: recording ids for new streams
start at 0 rather than 1. Various tests changed accordingly.

The upgrade process makes a best effort to backfill these new fields,
but of course it doesn't know the total duration or number of runs of
previously deleted rows. That's good enough.
2020-06-09 16:17:32 -07:00
Scott Lamb
6187aa64cf Merge branch 'master' into new-schema 2020-06-03 15:47:10 -07:00
Scott Lamb
88fe6e5135 fix description of MOONFIRE_DEV_HOST 2020-05-08 19:29:47 -07:00
Scott Lamb
c6fe1b66a1 add a preliminary schema for object detection (#30) 2020-03-25 18:10:37 -07:00
Scott Lamb
00991733f2 use Blake3 instead of SHA-1 or Blake2b
Benefits:

* Blake3 is faster. This is most noticeable for the hashing of the
  sample file data.
* we no longer need OpenSSL, which helps with shrinking the binary size
  (#70). sha1 basically forced OpenSSL usage; ring deliberately doesn't
  support this old algorithm, and the pure-Rust sha1 crate is painfully
  slow. OpenSSL might still be a better choice than ring/rustls for TLS
  but it's nice to have the option.

For the video sample entries, I decided we don't need to hash at all. I
think the id number is sufficiently stable, and it's okay---perhaps even
desirable---if an existing init segment changes for fixes like e5b83c2.
2020-03-20 21:46:53 -07:00
Scott Lamb
e5b83c21e1 schema version 6 with pixel aspect ratio
This makes anamorphic sub streams display correctly, even ones from old
Hikvision cameras that don't properly set the aspect ratio at the H.264
layer.
2020-03-19 21:40:59 -07:00
Scott Lamb
4b397670a4 revamp webpack config
* simplify it. Go from six checked-in config files + one local one to
  three checked-in configs + commandline options. I find it less
  confusing to have the options plumbed through fewer layers.

* support developing against a https production server, as described in
  guide/developing-ui.md.

* fix the source map. The sourceMap parameter in prod.config.js as far
  as I can tell evaluated to false when run with production config, and
  anyway UglifyJS seems to be incompatible with the specified
  cheap-module-source-map. Use source-map instead.
2020-03-01 19:26:45 -08:00
Scott Lamb
92266612b5 switch to websocket for live stream (#59)
The multipart stream / hanging GET approach worked in a prototype for a
single stream, but Chrome has a per-host limit of six connections. If I
try streaming all my cameras at once, I hit that limit. I can't open all
the streams, much less additional connections to load init segments and
such. Websockets apparently has a much higher limit of 256.
2020-02-29 14:39:16 -08:00
Scott Lamb
8af7bca6c2 upgrade to hyper 0.13 ecosystem
This doesn't take much advantage of async fns so far. For example, the
with_{form,json}_body functions are still designed to be used with
future combinators when it'd be more natural to call them from async
fns now. But it's a start.

Similarly, this still uses the old version of reqwest. Small steps.

Requires Rust 1.40 now. (1.39 is a requirement of async, and 1.40 is a
requirement of http-serve 0.2.0.)
2020-01-09 16:07:46 -08:00
Scott Lamb
154d0c30c0 note caveat on signals schema 2019-12-28 08:00:38 -06:00
Scott Lamb
72d301af6e get rid of deprecated mem::uninitialized()
This requires a Rust version bump, as MaybeUninit was introduced in Rust
1.36.
2019-12-28 07:51:47 -06:00
Scott Lamb
81ae879ac6 mount options for fewer write operations 2019-07-20 15:33:51 -07:00
Scott Lamb
f1112031c2 Merge branch 'master' into new-schema 2019-07-10 17:03:30 -07:00
Scott Lamb
d2e18ca5e2 improve flush_if_sec docs 2019-07-10 15:17:55 -07:00
Scott Lamb
fb50617a7b add links to the wiki 2019-07-10 11:45:25 -07:00
Scott Lamb
34253fb96a add links to the wiki 2019-07-10 11:43:58 -07:00
Scott Lamb
106cf8cb4b Merge branch 'master' into new-schema 2019-07-10 02:03:13 -07:00
Scott Lamb
81d4fd67d4 suggest RequireMountsFor in systemd service file
Besides using one line instead of two, this avoids the need to do hex
escaping of characters like hyphens.
2019-07-10 02:00:10 -07:00
Scott Lamb
71c64908ec Merge branch 'master' into new-schema 2019-07-10 00:59:42 -07:00
Scott Lamb
1c904b925a many improvements to install docs/procedures
* in markdown files, use code fences rather than indented blocks.
    This is harder to screw up (one of them was off by a space so didn't
    render properly) and allows me to add info strings.

  * uniformly use "useradd" to create the user and group in all three
    places (install-manual.md, script-functions.sh, Dockerfile) rather
    than addgroup + adduser. Create a full home dir, which I suspect was
    the problem in #67. Don't allow customizing group name; it's always
    the same as the user.

  * install the sqlite3 package so that the "moonfire-nvr sql" command
    works properly.

  * remove "setup_db" function, which was out of place. Since the
    creation of the "moonfire-nvr init" command, this has to happen
    after installation of the binary. install.md gives instructions on
    this part anyway so remove it from the script.

  * give a proper command to create the db dir. It was creating it
    within the current directory, not within /var/lib/moonfire-nvr.
    Don't bother creating sample directory; "moonfire-nvr config"
    will do this.

  * when setting owners on a newly created directory, use a single
    "install -d" command rather than "mkdir" + "chown".

  * address confusion about whether sample file dirs need to be
    precreated. (Only when Moonfire NVR doesn't have write permissions
    on the parent.)

  * always just install the packaged version of ffmpeg rather than
    building our own. This has been usable since Debian/Raspbian 9
    Stretch; Debian/Raspbian 10 Buster is out now so there's no excuse
    for still running Debian/Raspbian 8 Jessie.

  * don't chown the UI directory; it can be owned by root as with
    the binary.

  * in scripts/install.sh, don't enable/start the service yet. It hasn't
    been configured.
2019-07-10 00:56:43 -07:00
Scott Lamb
d61b5e1bdd Use fixed-size directory meta files
Add a new schema version 5; now 4 means the directory meta may or may
not be upgraded.

Fixes #65: now it's possible to open the directory even if it lies on a
completely full disk.
2019-07-04 23:30:37 -05:00
Scott Lamb
afe693ef95 fix obsolete flag name 2019-06-20 16:22:46 -07:00
Scott Lamb
eaf6608597 tweak and document version 3->4 upgrade 2019-06-20 16:03:59 -07:00
Scott Lamb
a5ffe3ca2c bump minimum Rust version
The master version of rust-protobuf requires the TryFrom feature,
stabilized in 1.34.
2019-06-19 15:56:04 -07:00
Scott Lamb
fda7e4ca2b add concept of user/session permissions
(I also considered the names "capabilities" and "scopes", but I think
"permissions" is the most widely understood.)

This is increasingly necessary as the web API becomes more capable.
Among other things, it allows:

* non-administrator users who can view but not access camera passwords
  or change any state
* workers that update signal state based on cameras' built-in motion
  detection or a security system's events but don't need to view videos
* control over what can be done without authenticating

Currently session permissions are just copied from user permissions, but
you can also imagine admin sessions vs not, as a checkbox when signing
in. This would match the standard Unix workflow of using a
non-administrative session most of the time.

Relevant to my current signals work (#28) and to the addition of an
administrative API (#35, including #66).
2019-06-19 15:34:20 -07:00
Scott Lamb
b629fe6ac1 upgrade rusqlite, bump required Rust to 1.33
The new rusqlite requires the transpose_result feature, stabilized in
this Rust version.
2019-05-31 16:19:04 -07:00
Scott Lamb
3668c69d4b bump required Rust version to 1.32
travis-ci pointed out that the dependency bump broke 1.31:

   Compiling docopt v1.1.0
error[E0658]: imports can only refer to extern crate names passed with `--extern` on stable channel (see issue #53130)
   --> /home/travis/.cargo/registry/src/github.com-1ecc6299db9ec823/docopt-1.1.0/src/parse.rs:48:5
    |
48  |   use regex;
    |       ^^^^^
    |

Looks like uniform_paths was stabilized in 1.32, and I verified locally that
version builds.
2019-05-31 16:09:42 -07:00
Scott Lamb
d7a0cb9a7c Remove mention of #36 from troubleshooting guide
The 091217b workaround of telling ffmpeg to only request the video
stream works perfectly fine for now. I'll revisit when adding audio
support (#34).

Fixes #36
2019-02-13 22:25:33 -08:00
Scott Lamb
ff58f24785 update deps 2018-12-28 10:13:03 -06:00
Scott Lamb
4580038013 fix --require-auth flag
Apparently with docopt, --require-auth=false doesn't work, so booleans
with a default value of true can't be turned off. Toggle the default to
false to deal with this, for now. I'd prefer the default be true, but
I also would prefer to not use a negative --no-require-auth or
--allow-unauthenticated flag. I think I'll switch from docopt to clap
in the near future; it seems to be what the cool kids use.
2018-12-28 08:39:50 -06:00
Scott Lamb
278a87d5fd tweaks to guide/secure.md
after reading the rendered version online
2018-12-27 16:29:26 -06:00
Scott Lamb
24674f5b50 document proxy setup in guide/secure.md (for #26)
The guide is not as quick to follow and amateur-friendly as I'd like. A
few things that might improve matters:

   * complete #27 (built-in https+letsencrypt), so that when not sharing
     the port, users don't need to use nginx or certbot.
   * more ubiquitous IPv6 (out of my control but should happen over
     time) to reduce need to share the port
   * embed a dynamic DNS client
   * support UPnP Internet Gateway Device Control Protocol (if common
     routers have this enabled? probably not for security reasons.)

It's progress, though. Enough that I think I'll merge the auth branch
into master shortly.
2018-12-27 16:00:15 -06:00
Scott Lamb
422cd2a75e preliminary web support for auth (#26)
Some caveats:

  * it doesn't record the peer IP yet, which makes it harder to verify
    sessions are valid. This is a little annoying to do in hyper now
    (see hyperium/hyper#1410). The direct peer might not be what we want
    right now anyway because there's no TLS support yet (see #27).  In
    the meantime, the sane way to expose Moonfire NVR to the Internet is
    via a proxy server, and recording the proxy's IP is not useful.
    Maybe better to interpret a RFC 7239 Forwarded header (and/or
    the older X-Forwarded-{For,Proto} headers).

  * it doesn't ever use Secure (https-only) cookies, for a similar reason.
    It's not safe to use even with a tls proxy until this is fixed.

  * there's no "moonfire-nvr config" support for inspecting/invalidating
    sessions yet.

  * in debug builds, logging in is crazy slow. See libpasta/libpasta#9.

Some notes:

  * I removed the Javascript "no-use-before-defined" lint, as some of
    the functions form a cycle.

  * Fixed #20 along the way. I needed to add support for properly
    returning non-OK HTTP statuses to signal unauthorized and such.

  * I removed the Access-Control-Allow-Origin header support, which was
    at odds with the "SameSite=lax" in the cookie header. The "yarn
    start" method for running a local proxy server accomplishes the same
    thing as the Access-Control-Allow-Origin support in a more secure
    manner.
2018-11-27 11:08:33 -08:00
Scott Lamb
071be03c6f update most deps, notably including reqwest
Fixes #60

The reqwest dependency is significant because the old version required
an old version of openssl, complicating compilation on newer platforms.
reqwest also pulled in old/duplicate versions of hyper, tokio, etc.
Nice to drop a lot of that cruft.

I left rusqlite and uuid alone because they had breaking changes I
didn't want to mess with at the moment.

Bumped the minimum Rust version to 1.30.0, as required by the
new encoding_rs crate (and perhaps other things).
2018-11-20 09:32:55 -08:00
Scott Lamb
aa81eae65a more robust timezone detection (fixes #12) 2018-08-31 17:19:24 -07:00
Scott Lamb
91ef07b9a7 bump required rust to 1.27
1.26 doesn't work with the updated rusqlite:

error[E0658]: use of unstable library feature 'duration_extras' (see issue #46507)
  --> /home/travis/.cargo/registry/src/github.com-1ecc6299db9ec823/rusqlite-0.14.0/src/busy.rs:26:49
   |
26 |             .and_then(|t| t.checked_add(timeout.subsec_millis().into()))
   |                                                 ^^^^^^^^^^^^^
2018-08-28 21:47:02 -07:00
Scott Lamb
0cc4d191c0 bump minimum Rust version to 1.26
1.25 also fails with the upgraded reffers because u128 isn't stable:

error[E0658]: 128-bit type is unstable (see issue #35118)
   --> /home/travis/.cargo/git/checkouts/reffers-rs-0d00fc7f893338b3/49a4d75/src/rc_bitmask.rs:194:34
    |
194 | rc_bit_mask_internal!(primitive, u128, 42, 42, 42);
    |                                  ^^^^
2018-08-27 21:32:51 -07:00
Scott Lamb
6ab416caed bump minimum Rust version
travis-ci pointed out that building with 1.21 broke with a recent dep
upgrade (8c52c36). reffers now uses nested groups of imports, which is a
feature introduced with Rust 1.25. Prior to 1.25, it fails as follows:

error: expected one of `,` or `as`, found `::`
 --> /home/travis/.cargo/git/checkouts/reffers-rs-0d00fc7f893338b3/49a4d75/src/arc.rs:6:46
  |
6 | use std::sync::atomic::{AtomicUsize, Ordering::SeqCst};
  |                                              ^^ expected one of `,` or `as` here
2018-08-25 06:33:50 -07:00
Scott Lamb
5bba71345c few small markdown tweaks 2018-08-24 21:04:13 -07:00
Scott Lamb
489fda6abe add missing guide/install-scripted.md
I mistakenly lost a "git mv easy-install.md install-scripted.md" when
reworking the commit, I suppose.
2018-08-24 20:59:56 -07:00
Scott Lamb
c5345c1e11 simplify and fix installation instructions
* install.md, install-manual.md, and easy-install.md had a lot of
  redundancy. Rework them so the common prefix and suffix are in
  install.md and it's clear when to navigate back and forth. This
  removes from very stale references to prep.sh and cameras.sql in
  install-manual.md (which never should have mentioned these scripts
  anyway).

* remove all the SAMPLE_MEDIA_DIR, SAMPLE_FILE_DIR, and
  SAMPLE_FILE_PATH stuff from the scripts. This was too complicated
  (one variable will suffice) and inconsistent in terminology (a
  couple "samples dir" occurrences slipped through review; they
  should have been "sample file dir"). It also wasn't really useful
  enough because the procedure for a mount point is manual anyway,
  and because some installs will have multiple sample file dirs
  anyway.

* in the mount point procedure, fix the paths to be consistent. Also
  describe the "nofail" and "Requires=" config I have on my machine.

* fix some incorrect info about how to use "moonfire-nvr config" and
  describe "flush_if_sec".
2018-08-24 20:45:46 -07:00
Scott Lamb
01e8dab67f fourth attempt at travis config
* upgrade min required rust to 1.21; crossbeam-deque requires the
  ord_max_min feature, apparently stabilized in this version.

* use "make --jobs=2" to build ffmpeg so it goes faster.
  https://docs.travis-ci.com/user/reference/overview/ says there are 2
  cores available.
2018-08-07 15:51:19 -05:00
Scott Lamb
62a1bad8b9 third attempt at travis config
* upgrade minimum required Rust from 1.17 to 1.20; reffers 0.4.2
  apparently uses std::mem::ManuallyDrop, introduced in 1.20

* install ffmpeg from source (requiring sudo access) rather than using
  the ancient one from Ubuntu Trusty to meet the minimum version
  requirements specified in ffmpeg/build.rs.
2018-08-07 15:28:34 -05:00
Scott Lamb
299c0b1802 Merge branch 'master' (early part) into new-schema
Catch the new-schema branch up with everything up to (but not including) the
big UI refactoring. I'll merge that separately.
2018-03-24 22:29:40 -07:00
Scott Lamb
1c9f2a4d83 initial schema for user authentication (#26)
This is only the database schema, which I'm adding now in the hopes of
freezing schema version 3. There's no way yet to create users, much less
actually authenticate.
2018-03-21 23:57:45 -07:00
Scott Lamb
dfee66c84b support additional recording_integrity timestamps
These are not actually populated by the code yet. I'm trying to get the
v3 schema frozen as soon as possible; actually using the fields can come
later.

Add some explanation of their value in time.md, along with some general
musing on leap seconds, and a correction on the frequency error of my cameras.
2018-03-21 22:32:41 -07:00