MyFavMirrors/moonfire-nvr
1
0
Fork 0
mirror of https://github.com/scottlamb/moonfire-nvr.git synced 2025-01-15 08:45:01 -05:00
Code Issues Packages Projects Releases Wiki Activity
854 Commits 11 Branches 26 Tags 16 MiB
dffec68b2f
Commit Graph

16 Commits

Author SHA1 Message Date
Scott Lamb
dffec68b2f retrieve and set users' permissions 2022-12-25 23:01:17 -05:00
Scott Lamb
be4e11c506 extend POST /users/:id 
Now you can set a password for a user while the server is running,
e.g. via the following command:

```shell
curl \
    -H 'Content-Type: application/json' \
    -d '{"update": {"password": "asdf"}}' \
    --unix-socket /var/lib/moonfire-nvr/sock \
    http://nvr/api/users/1
```
 2022-12-23 13:14:24 -08:00
Scott Lamb
0866b23991 clean up the easy clippy errors 
I'm still not running clippy on CI and probably should.
There are a few left that were a little more involved to address.
 2022-09-28 09:29:16 -07:00
Scott Lamb
fd7438dd28 ignore port number in ws origin check 
Fixes #219
 2022-04-13 21:49:18 -07:00
Scott Lamb
21da924d84 update missing ui-dir log lines 
https://github.com/scottlamb/moonfire-nvr/issues/218#issuecomment-1098671419
 2022-04-13 20:26:28 -07:00
Scott Lamb
4c9aa93fdf check WebSocket origin 
This fixes a real cross-site WebSocket hijacking (CSWSH) vulnerability.
If the attacker knows the URL of an NVR installation this user is
authenticated to and the UUID of a camera, and can trick the user into
visiting their webpage, they can grab the live stream. At least there's
some entropy in the camera UUID, but it was never intended to be a
secret.
 2022-03-22 14:51:12 -07:00
Scott Lamb
5264e9848e fix test failure 2022-03-11 11:59:20 -08:00
Scott Lamb
7c453b5f9d support treating own effective uid as privileged 
I intend this to be an easy bootstrapping mechanism for web auth.
 2022-03-11 11:10:26 -08:00
Scott Lamb
4ce3e511b5 support Unix sockets (#133) 2022-03-09 16:47:08 -08:00
Scott Lamb
a7c574eb43 extract_cookie should check all Cookie headers 2021-10-28 15:09:02 -07:00
Scott Lamb
1e17a53280 separate out signals API to own file 2021-10-28 14:09:30 -07:00
Scott Lamb
1f41a27cc3 extract /api/{login,logout} to their own file 2021-10-28 13:57:32 -07:00
Scott Lamb
bae45a0855 move /view.{mp4,m4s} to their own file 2021-10-28 13:23:49 -07:00
Scott Lamb
87f9736d80 separate live view into its own file 2021-10-28 13:07:39 -07:00
Scott Lamb
cf08c95a4b split static file serving into its own file 2021-10-28 12:49:50 -07:00
Scott Lamb
4231ec45ce start splitting up web.rs 
It's getting huge and hard to work with. The path stuff is easy to pull
out.
 2021-10-28 12:38:29 -07:00