Commit Graph

210 Commits

Author SHA1 Message Date
Scott Lamb
dfa949815b
tweaks to api and docs
In particular, the docs now talk about the CSRF protection. This is
increasing relevant as we start having more mutation endpoints. And
make the signals api expect a csrf for session auth to match the newer
users api.
2023-01-05 12:21:35 -06:00
Scott Lamb
42fe054d46
make GET /api/ return current permissions
This is useful for e.g. deciding whether or not to present the user
admin UI in navigation.

As part of this change, I adjusted the casing in Permissions, and then
all the toml stuff for consistency. Noted in changelog.
2022-12-31 12:43:13 -05:00
Scott Lamb
88d7165c3e correct and more robust update privilege check 2022-12-26 00:55:05 -05:00
Scott Lamb
163eaa4cf9 support username properly in POST /api/users/:id
I mistakenly left this out. Also, fix the behavior if something is
forgotten. Before, it'd silently ignore it. Now, it correctly returns
Unimplemented, in both POST /api/users/:id and PUT /api/users.
2022-12-25 23:01:17 -05:00
Scott Lamb
6c90077ff1 make PUT requests actually work 2022-12-25 23:01:17 -05:00
Scott Lamb
c02fc6f439 more user admin actions 2022-12-25 23:01:17 -05:00
Scott Lamb
3ab30a318f add GET /users/ endpoint 2022-12-25 23:01:17 -05:00
Scott Lamb
dffec68b2f retrieve and set users' permissions 2022-12-25 23:01:17 -05:00
Scott Lamb
be4e11c506 extend POST /users/:id
Now you can set a password for a user while the server is running,
e.g. via the following command:

```shell
curl \
    -H 'Content-Type: application/json' \
    -d '{"update": {"password": "asdf"}}' \
    --unix-socket /var/lib/moonfire-nvr/sock \
    http://nvr/api/users/1
```
2022-12-23 13:14:24 -08:00
Scott Lamb
a5824b8633 fix inverted cond on deleting sample file dir
Symptom: in `nvr config`, if you create a dir and then immediately try
to delete it, it would fail saying it's in-use. This check is supposed
to be for having a running syncer on the directory, which would be
an arc count > 1.
2022-10-03 08:29:11 -04:00
Scott Lamb
8b50a45ab0 fix config url checking
* In 0866b239, while fixing a clippy error, I accidentally inverted the
  error condition.
* While I'm at it, improve the diagnostics. Print which field we're
  talking about and the expected URL schemes.
2022-10-03 08:29:11 -04:00
Scott Lamb
ae502200c0 upgrade various Rust dependencies
This stops using parking_lot entirely. Since Rust 1.62, the std
implementations on Linux are direct futexes, not the boxed pthread
mutexes they used to be. No real reason to use parking_lot anymore, so
shed this dependency.
2022-09-28 22:20:48 -07:00
Scott Lamb
d8ff02ab8b upgrade Retina to 0.4.2
Fixes #238
2022-09-28 09:30:16 -07:00
Scott Lamb
0866b23991 clean up the easy clippy errors
I'm still not running clippy on CI and probably should.
There are a few left that were a little more involved to address.
2022-09-28 09:29:16 -07:00
Scott Lamb
b03eceb21a upgrade to Retina 0.4.1
Fixes #234
2022-08-09 08:02:07 -07:00
Scott Lamb
14f70ff4ce upgrade to Retina 0.4.0 2022-05-17 21:17:17 -07:00
K
0d2cda5c18 Get zone name by stripping */zoneinfo/ 2022-05-10 22:00:03 -07:00
Scott Lamb
8e8b48b906 prepare 0.7.5 with Retina 0.3.10
Fixes #224
2022-05-09 13:17:18 -07:00
Scott Lamb
841e06e354 update a few deps 2022-05-02 11:23:03 -07:00
Greg V
909a174957 fix build on nightly rust
error[E0106]: missing lifetime specifier
  --> base/time.rs:26:68
   |
26 | fn fixed_len_num<'a>(len: usize) -> impl FnMut(&'a str) -> IResult<&'a str, i32> {
   |                                                                    ^ expected named lifetime parameter
   |
   = help: this function's return type contains a borrowed value with an elided lifetime, but the lifetime cannot be derived from the arguments
help: consider using the `'a` lifetime
2022-05-01 14:34:38 -07:00
Scott Lamb
2e49a1a0c8 bump minimum Rust to 1.57
Addresses a breakage with cdfb61f. the `named-profile` feature
wasn't available in 1.56.
2022-04-14 10:58:23 -07:00
Scott Lamb
cdfb61fb35 build docker image with lto 2022-04-14 10:53:03 -07:00
Scott Lamb
fd7438dd28 ignore port number in ws origin check
Fixes #219
2022-04-13 21:49:18 -07:00
Scott Lamb
21da924d84 update missing ui-dir log lines
https://github.com/scottlamb/moonfire-nvr/issues/218#issuecomment-1098671419
2022-04-13 20:26:28 -07:00
Scott Lamb
13bfb76855 prepare v0.7.4 2022-04-13 15:08:15 -07:00
Scott Lamb
2e2de8cc6a fix db tests for 3bc552b
(I ran `cargo test` rather than `cargo test --all`, oops!)
2022-04-13 14:52:18 -07:00
Scott Lamb
3bc552b950 seamless mid-stream video parameter changes
For #217. This handles the recording logic. May still need fixes to
playback and/or live stream logic.
2022-04-13 14:39:47 -07:00
Scott Lamb
967834ce15 reduce thread handoffs in RetinaStream 2022-04-13 13:34:41 -07:00
Scott Lamb
7b0a489541 rework stream threading model
Fixes #206. 307a388 switched to creating a single-threaded runtime for
each stream, then destroying prior to waiting for TEARDOWN on shutdown.
This meant that the shutdown process could panic with this error:

```
panic at '/home/slamb/git/retina/src/client/mod.rs:219:22': teardown Sender shouldn't be dropped: RecvError(())
```

Let's switch back to expecting a multithreaded runtime context.
Create one for the config subcommand, too.

Don't go all the way back to the old code with its channels, though.
That had the downside that the underlying retina::Session might outlive
the caller, so there could still be an active session when we start
the next one. I haven't seen this cause problems in practice but it
still doesn't seem right.
2022-04-13 11:39:38 -07:00
Scott Lamb
5e7d558f99 upgrade to Retina v0.3.9
This alone improves interop and diagnostics, as noted in Retina's
release notes. We also now give the camera name to the session group
(for improved logging of TEARDOWN operations) and expose the RTSP
server's "tool" attribute in debug logs and the config UI's "Test"
button.

Fixes #209
Fixes #213
2022-04-12 15:00:35 -07:00
Scott Lamb
3bc410b417 prepare v0.7.3 2022-03-22 14:56:15 -07:00
Scott Lamb
4c9aa93fdf check WebSocket origin
This fixes a real cross-site WebSocket hijacking (CSWSH) vulnerability.
If the attacker knows the URL of an NVR installation this user is
authenticated to and the UUID of a camera, and can trick the user into
visiting their webpage, they can grab the live stream. At least there's
some entropy in the camera UUID, but it was never intended to be a
secret.
2022-03-22 14:51:12 -07:00
Scott Lamb
307a3884a0 drop ffmpeg support
* switch the config interface over to use Retina and make the test
  button honor rtsp_transport = udp.

* adjust the threading model of the Retina streaming code.

  Before, it spawned a background future that read from the runtime and
  wrote to a channel. Other calls read from this channel.

  After, it does work directly from within the block_on calls (no
  channels).

  The immediate motivation was that the config interface didn't have
  another runtime handy. And passing in a current thread runtime
  deadlocked. I later learned this is a difference between
  Runtime::block_on and Handle::block_on. The former will drive IO and
  timers; the latter will not.

  But this is also more efficient to avoid so many thread hand-offs.
  Both the context switches and the extra spinning that
  tokio appears to do as mentioned here:
  https://github.com/scottlamb/retina/issues/5#issuecomment-871971550

  This may not be the final word on the threading model. Eventually
  I may not have per-stream writing threads at all. But I think it will
  be easier to look at this after getting rid of the separate
  `moonfire-nvr config` subcommand in favor of a web interface.

* in tests, read `.mp4` files via the `mp4` crate rather than ffmpeg.
  The annoying part is that this doesn't parse edit lists; oh well.

* simplify the `Opener` interface. Formerly, it'd take either a RTSP
  URL or a path to a `.mp4` file, and they'd share some code because
  they both sometimes used ffmpeg. Now, they're totally different
  libraries (`retina` vs `mp4`). Pull the latter out to a `testutil`
  module with a different interface that exposes more of the `mp4`
  stuff. Now `Opener` is just for RTSP.

* simplify the h264 module. It had a lot of logic to deal with Annex B.
  Retina doesn't use this encoding.

Fixes #36
Fixes #126
2022-03-18 13:22:47 -07:00
Scott Lamb
be3a5b200e prepare v0.7.2 2022-03-16 18:31:12 -07:00
Scott Lamb
e9ac61f15c allow omitting permissions in config 2022-03-16 17:51:49 -07:00
Scott Lamb
892427592e tweak config format (#133)
* switch from json to toml.
  I think this will be more user-friendly. It allows comments and has
  less punctuation. Fewer surprises than yaml (which has e.g. the
  "Norway problem"). I might have stayed with JSON if I could see a
  good serde json library that allows comments, but hson is unmaintained
  and serde-json strictly follows the spec.

* switch from camelCase to snake_case. Seems more idiomatic for TOML
  and matches the Rust source.

* forbid unknown keys. Better to spot errors sooner.

* rename "trust_forward_hdrs" to "trust_forward_headers". Nothing else
  is abbreviated.
2022-03-16 12:34:39 -07:00
Scott Lamb
78cdd82f36 fix warnings 2022-03-11 12:01:35 -08:00
Scott Lamb
5264e9848e fix test failure 2022-03-11 11:59:20 -08:00
Scott Lamb
7467b382dc make Unix sockets bind reliably and add to config 2022-03-11 11:52:00 -08:00
Scott Lamb
7c453b5f9d support treating own effective uid as privileged
I intend this to be an easy bootstrapping mechanism for web auth.
2022-03-11 11:10:26 -08:00
Scott Lamb
4ce3e511b5 support Unix sockets (#133) 2022-03-09 16:47:08 -08:00
Scott Lamb
ceaef46ea9 introduce /etc/moonfire-nvr.json (#133) 2022-03-09 13:18:33 -08:00
Scott Lamb
1a51b53b54 upgrade moonfire-ffmpeg 2022-03-08 11:42:05 -08:00
Scott Lamb
adc7087dc2 upgrade reffers dependency 2022-03-08 11:41:00 -08:00
Scott Lamb
8720495608 upgrade scrypt dependency 2022-03-08 11:40:25 -08:00
Scott Lamb
197e10f56f upgrade tokio-tungstenite 2022-03-08 11:39:22 -08:00
Scott Lamb
ce3cf9c096 upgrade rusqlite 2022-03-08 11:37:45 -08:00
Scott Lamb
c5ef87ee79 upgrade cursive 2022-03-08 11:35:29 -08:00
Scott Lamb
9d70d68710 fix #187 via a dependency upgrade
I did a full `cargo upgrade` and fixed what it broke:

*   a couple things for the latest protobuf 3.0 alphas
    (note alphas don't promise API stability)
*   new minimum supported Rust version

This should have some other nice effects: parking_lot now uses inline
assembler, tokio has gotten faster, etc.
2022-03-08 11:24:44 -08:00
Scott Lamb
6ca9f451c2 update retina to 0.3.7
Notably, this includes scottlamb/retina#50, which fixes a panic
parsing the DESCRIBE response sent by some cameras. Should improve #192.
2022-01-28 22:49:41 -08:00