Commit Graph

56 Commits

Author SHA1 Message Date
Scott Lamb
cc34a1aef5
Retina 0.4.4 2023-01-05 16:38:13 -06:00
Scott Lamb
dfa949815b
tweaks to api and docs
In particular, the docs now talk about the CSRF protection. This is
increasing relevant as we start having more mutation endpoints. And
make the signals api expect a csrf for session auth to match the newer
users api.
2023-01-05 12:21:35 -06:00
Scott Lamb
42fe054d46
make GET /api/ return current permissions
This is useful for e.g. deciding whether or not to present the user
admin UI in navigation.

As part of this change, I adjusted the casing in Permissions, and then
all the toml stuff for consistency. Noted in changelog.
2022-12-31 12:43:13 -05:00
Scott Lamb
c02fc6f439 more user admin actions 2022-12-25 23:01:17 -05:00
Scott Lamb
3ab30a318f add GET /users/ endpoint 2022-12-25 23:01:17 -05:00
Scott Lamb
dffec68b2f retrieve and set users' permissions 2022-12-25 23:01:17 -05:00
Scott Lamb
ae502200c0 upgrade various Rust dependencies
This stops using parking_lot entirely. Since Rust 1.62, the std
implementations on Linux are direct futexes, not the boxed pthread
mutexes they used to be. No real reason to use parking_lot anymore, so
shed this dependency.
2022-09-28 22:20:48 -07:00
Scott Lamb
b03eceb21a upgrade to Retina 0.4.1
Fixes #234
2022-08-09 08:02:07 -07:00
Scott Lamb
8e8b48b906 prepare 0.7.5 with Retina 0.3.10
Fixes #224
2022-05-09 13:17:18 -07:00
Scott Lamb
841e06e354 update a few deps 2022-05-02 11:23:03 -07:00
Scott Lamb
2e49a1a0c8 bump minimum Rust to 1.57
Addresses a breakage with cdfb61f. the `named-profile` feature
wasn't available in 1.56.
2022-04-14 10:58:23 -07:00
Scott Lamb
cdfb61fb35 build docker image with lto 2022-04-14 10:53:03 -07:00
Scott Lamb
fd7438dd28 ignore port number in ws origin check
Fixes #219
2022-04-13 21:49:18 -07:00
Scott Lamb
9e6ac27cb0 mention #206 in v0.7.4 changelog 2022-04-13 18:14:57 -07:00
Scott Lamb
13bfb76855 prepare v0.7.4 2022-04-13 15:08:15 -07:00
Scott Lamb
18f29f8bdb create gh release on tag
For #210

*   update changelog format so that `parse-changelog` is happy.
*   add the example from taiki-e/create-gh-release-action verbatim.
    Fingers crossed it works in my setup.
2022-04-13 15:00:49 -07:00
Scott Lamb
3bc552b950 seamless mid-stream video parameter changes
For #217. This handles the recording logic. May still need fixes to
playback and/or live stream logic.
2022-04-13 14:39:47 -07:00
Scott Lamb
5e7d558f99 upgrade to Retina v0.3.9
This alone improves interop and diagnostics, as noted in Retina's
release notes. We also now give the camera name to the session group
(for improved logging of TEARDOWN operations) and expose the RTSP
server's "tool" attribute in debug logs and the config UI's "Test"
button.

Fixes #209
Fixes #213
2022-04-12 15:00:35 -07:00
Scott Lamb
3bc410b417 prepare v0.7.3 2022-03-22 14:56:15 -07:00
Scott Lamb
4c9aa93fdf check WebSocket origin
This fixes a real cross-site WebSocket hijacking (CSWSH) vulnerability.
If the attacker knows the URL of an NVR installation this user is
authenticated to and the UUID of a camera, and can trick the user into
visiting their webpage, they can grab the live stream. At least there's
some entropy in the camera UUID, but it was never intended to be a
secret.
2022-03-22 14:51:12 -07:00
Scott Lamb
be3a5b200e prepare v0.7.2 2022-03-16 18:31:12 -07:00
Scott Lamb
892427592e tweak config format (#133)
* switch from json to toml.
  I think this will be more user-friendly. It allows comments and has
  less punctuation. Fewer surprises than yaml (which has e.g. the
  "Norway problem"). I might have stayed with JSON if I could see a
  good serde json library that allows comments, but hson is unmaintained
  and serde-json strictly follows the spec.

* switch from camelCase to snake_case. Seems more idiomatic for TOML
  and matches the Rust source.

* forbid unknown keys. Better to spot errors sooner.

* rename "trust_forward_hdrs" to "trust_forward_headers". Nothing else
  is abbreviated.
2022-03-16 12:34:39 -07:00
Scott Lamb
ceaef46ea9 introduce /etc/moonfire-nvr.json (#133) 2022-03-09 13:18:33 -08:00
Scott Lamb
9d70d68710 fix #187 via a dependency upgrade
I did a full `cargo upgrade` and fixed what it broke:

*   a couple things for the latest protobuf 3.0 alphas
    (note alphas don't promise API stability)
*   new minimum supported Rust version

This should have some other nice effects: parking_lot now uses inline
assembler, tokio has gotten faster, etc.
2022-03-08 11:24:44 -08:00
Scott Lamb
0406e09ca4 reduce debug output in release/bench builds
This reduces the binary size from 154 MiB to 70 MiB (#70 progress).
Tools like `cargo flamegraph` still work fine.

As suggested by "EarthFeet" on reddit:
https://www.reddit.com/r/rust/comments/rw0jad/cargos_strip_profile_option_has_been_stabilized/hra193k/
2022-01-05 10:28:32 -08:00
Scott Lamb
9b241c80dc update retina and http-serve deps
* new retina notably fixes #184
* new http-serve removes an accidental debug print on stdout
2021-12-29 22:16:21 -08:00
Scott Lamb
5c7263b1bd include ext stream in API response; better docs
In particular, the docs now explicitly call out that API changes can
happen at any version, and from 0.7.0 onward they're described in
the changelog.
2021-11-23 13:04:02 -08:00
Scott Lamb
cf492a2ffa fix #182: error on upgrade when onvif_host empty 2021-11-23 10:17:47 -08:00
Scott Lamb
1c9a55653d allow setting rtsp transport per-stream 2021-10-27 14:28:44 -07:00
Scott Lamb
981cee0706 revert cursive upgrade
SelectView::set_selection doesn't seem to be working properly. The
symptom is editing an existing camera will clear the sample file dir,
and thus hitting edit without making any changes will fail.
2021-10-27 14:27:10 -07:00
Scott Lamb
46ac812d3e v0.7.0 2021-10-27 12:03:11 -07:00
Scott Lamb
ddda01e4fa preparing v0.7.0 2021-10-26 18:54:26 -07:00
Scott Lamb
985f6e675f prepare v0.6.7 w/ Retina v0.3.3
This improves authentication over RTSP.
2021-10-20 14:59:33 -07:00
Scott Lamb
095417bb20 Retina 0.3.2, better TEARDOWNs 2021-09-29 05:56:20 -07:00
Scott Lamb
82102c0d17 trim whitespace from /etc/timezone 2021-09-24 10:49:04 -07:00
Scott Lamb
0c0c0692f3 prepare version 0.6.6 2021-09-23 20:02:31 -07:00
Scott Lamb
19faa0f028 changelog tweak 2021-09-23 18:16:39 -07:00
Scott Lamb
b41a6c43da shutdown better
After a frustrating search for a suitable channel to use for shutdown
(tokio::sync::Receiver and
futures::future::Shared<tokio::sync::oneshot::Receiver> didn't look
quite right) in which I rethought my life decisions, I finally just made
my own (server/base/shutdown.rs). We can easily poll it or wait for it
in async or sync contexts. Most importantly, it's convenient; not that
it really matters here, but it's also efficient.

We now do a slightly better job of propagating a "graceful" shutdown
signal, and this channel will give us tools to improve it over time.

* Shut down even when writer or syncer operations are stuck. Fixes #117
* Not done yet: streamers should instantly shut down without waiting for
  a connection attempt or frame or something. I'll probably
  implement that when removing --rtsp-library=ffmpeg. The code should be
  cleaner then.
* Not done yet: fix a couple places that sleep for up to a second when
  they could shut down immediately. I just need to do the plumbing for
  mock clocks to work.

I also implemented an immediate shutdown mode, activated by a second
signal. I think this will mitigate the streamer wait situation.
2021-09-23 16:33:29 -07:00
Scott Lamb
92f594ef58 handle stale RTSP sessions
* upgrade to Retina 0.3.1 which automatically tears down sessions
* wait out stale sessions before reconnecting
* wait for teardown to complete before shutting down

This adds some pressure on #117: it will keep waiting for the stale
session to expire even if the user has requested shutdown. I'll try
to address that next.
2021-09-09 22:10:45 -07:00
Scott Lamb
981a91c425 add changelog entry for #157 2021-08-31 16:44:53 -07:00
Scott Lamb
78bafb01f6 support udp with retina or ffmpeg 2021-08-31 08:11:18 -07:00
Scott Lamb
5c3c61838f improve Reolink interoperability with new Retina
Attempt at #114 and #144. Let's see how much it helps.
2021-08-19 15:06:20 -07:00
Scott Lamb
4e77a26410 document and check minimum SQLite version
Fixes #147
2021-08-19 10:08:53 -07:00
Scott Lamb
dd4a901adb bump etag format version when headers change
I forgot to do this in 27395ec resulting in #146. Bump the version now,
and update the digest used in the tests so they will remind me to
bump the version any time the headers change.
2021-08-19 09:51:09 -07:00
Scott Lamb
711071f003 prepare version 0.6.5 2021-08-13 12:08:19 -07:00
Scott Lamb
b8b5038f71 better error msg on live view when misconfigured
Improves (but doesn't fix) #119 and #120.
2021-08-13 12:02:42 -07:00
Scott Lamb
42cf77f0d6 upgrade to retina v0.1.0 2021-08-13 11:48:58 -07:00
Scott Lamb
b388aab250 better error message for live view on iOS (#121) 2021-08-13 08:50:06 -07:00
Scott Lamb
27395ecd4e UI: improve aspect ratio handling
As written in the changelog: Live streams formerly worked around a
Firefox pixel aspect ratio bug by forcing all videos to 16:9, which
dramatically distorted 9:16 camera views. Playback didn't, so anamorphic
videos looked correct on Chrome but slightly stretched on Firefox. Now
both live streams and playback are fully correct on all browsers.
2021-08-12 13:33:19 -07:00
Scott Lamb
f078328935 prepare v0.6.4 2021-06-28 20:32:33 -07:00