MyFavMirrors/moonfire-nvr
1
0
Fork 0
mirror of https://github.com/scottlamb/moonfire-nvr.git synced 2025-03-13 21:12:55 -04:00
Code Issues Packages Projects Releases Wiki Activity
998 Commits 8 Branches 29 Tags
Commit Graph

6 Commits

Author SHA1 Message Date
Scott Lamb
64ca096ff3 massive error overhaul 
* fully stop using ancient `failure` crate in favor of own error type
* set an `ErrorKind` on everything
 2023-07-09 22:04:17 -07:00
Scott Lamb
438de38202
rework WebSocket error return protocol 
This gives much better information to the UI layer, getting rid of a
whole troubleshooting guide entry. See #119 #132 #218 #219

I also restructured the code in anticipation of a new WebSocket event
stream (#40).
 2023-02-15 17:26:40 -08:00
Scott Lamb
a9430464b6
cargo clippy --fix 
This switches to inlining variable names into format args. clippy
now suggests this syntax, and I like it.
 2023-01-29 15:01:19 -08:00
Scott Lamb
fd7438dd28 ignore port number in ws origin check 
Fixes #219
 2022-04-13 21:49:18 -07:00
Scott Lamb
4c9aa93fdf check WebSocket origin 
This fixes a real cross-site WebSocket hijacking (CSWSH) vulnerability.
If the attacker knows the URL of an NVR installation this user is
authenticated to and the UUID of a camera, and can trick the user into
visiting their webpage, they can grab the live stream. At least there's
some entropy in the camera UUID, but it was never intended to be a
secret.
 2022-03-22 14:51:12 -07:00
Scott Lamb
87f9736d80 separate live view into its own file 2021-10-28 13:07:39 -07:00