Commit Graph

866 Commits

Author SHA1 Message Date
Scott Lamb
3c1163dfe2 use SameSite=Strict (for #26)
I initially chose SameSite=Lax because I thought if a user followed a
link to the landing page, the landing page's ajax requests wouldn't send
the cookie. But I just did an experiment, and that's not true. Only the
initial page load (of a .html file) lacks the cookie. All of its
resources and ajax requests send the cookie. I'm not sure about
document.cookie accesses, but my cookie is HttpOnly anyway, so it's
irrelevant. So no reason to be lax.
2018-12-01 22:04:54 -08:00
Scott Lamb
3f76096a81 add Cache-Control: private hdr to non-static stuff
for #26
2018-12-01 16:55:10 -08:00
Scott Lamb
4f87c16c31 Merge branch 'master' into auth 2018-12-01 15:27:54 -08:00
Scott Lamb
35e6891221 update all Rust deps 2018-12-01 15:20:19 -08:00
Scott Lamb
087fdafc61 endpoint to debug --trust-forward-hdrs for #26 2018-12-01 00:44:19 -08:00
Scott Lamb
d35a4592e3 Merge branch 'master' into auth 2018-12-01 00:06:43 -08:00
Scott Lamb
b2bdccb507 Javascript fix for unauthenticated case
newTimeFormat didn't handle newTimeZone not having been called well.
Restore the prior behavior of having called newTimeZone(null), which was
apparently good enough.
2018-12-01 00:04:43 -08:00
Scott Lamb
131c5e0640 Fix "no garbage row for <id>" flush failure loops
Add some comments along the way.

Fixes #63.
2018-12-01 00:03:43 -08:00
Scott Lamb
7a81d36562 support proxy forwarded headers
I went with legacy headers (X-Real-IP, X-Forwarded-Proto) because they
appear to be more widely supported than the RFC 7239 Forwarded header.
2018-11-28 14:49:56 -08:00
Scott Lamb
4daf618c29 fix a couple compile errors in 422cd2a
I just ran a "cargo test" on this after a round of tweaks, not
"cargo test --all", so I missed compile errors in the db crate,
and a Javascript lint config error. travis-ci caught these.
2018-11-27 12:23:44 -08:00
Scott Lamb
422cd2a75e preliminary web support for auth (#26)
Some caveats:

  * it doesn't record the peer IP yet, which makes it harder to verify
    sessions are valid. This is a little annoying to do in hyper now
    (see hyperium/hyper#1410). The direct peer might not be what we want
    right now anyway because there's no TLS support yet (see #27).  In
    the meantime, the sane way to expose Moonfire NVR to the Internet is
    via a proxy server, and recording the proxy's IP is not useful.
    Maybe better to interpret a RFC 7239 Forwarded header (and/or
    the older X-Forwarded-{For,Proto} headers).

  * it doesn't ever use Secure (https-only) cookies, for a similar reason.
    It's not safe to use even with a tls proxy until this is fixed.

  * there's no "moonfire-nvr config" support for inspecting/invalidating
    sessions yet.

  * in debug builds, logging in is crazy slow. See libpasta/libpasta#9.

Some notes:

  * I removed the Javascript "no-use-before-defined" lint, as some of
    the functions form a cycle.

  * Fixed #20 along the way. I needed to add support for properly
    returning non-OK HTTP statuses to signal unauthorized and such.

  * I removed the Access-Control-Allow-Origin header support, which was
    at odds with the "SameSite=lax" in the cookie header. The "yarn
    start" method for running a local proxy server accomplishes the same
    thing as the Access-Control-Allow-Origin support in a more secure
    manner.
2018-11-27 11:08:33 -08:00
Scott Lamb
679370c77a Merge branch 'master' into auth 2018-11-20 11:26:26 -08:00
Scott Lamb
61af963a64 Merge branch 'master' into auth 2018-11-20 11:10:47 -08:00
Scott Lamb
496f7d7e3a upgrade some JS deps to work with node 11
Fixes #62

* added travis config for latest node as well as 8.

* ran "yarn upgrade -P webpack-dev-server", which caused the upath
  dependency to be upgraded. I arrived at this by inspecting yarn.lock
  for the things depending on upack, along with some trial and error.
  ("yarn upgrade -P chokidar" was less successful.)
2018-11-20 11:06:20 -08:00
Scott Lamb
071be03c6f update most deps, notably including reqwest
Fixes #60

The reqwest dependency is significant because the old version required
an old version of openssl, complicating compilation on newer platforms.
reqwest also pulled in old/duplicate versions of hyper, tokio, etc.
Nice to drop a lot of that cruft.

I left rusqlite and uuid alone because they had breaking changes I
didn't want to mess with at the moment.

Bumped the minimum Rust version to 1.30.0, as required by the
new encoding_rs crate (and perhaps other things).
2018-11-20 09:32:55 -08:00
Scott Lamb
8a5056b253 "moonfire-nvr config" support for users (for #26) 2018-11-02 07:15:48 -07:00
Scott Lamb
f9d4b5bb8a fix accidental dependency on rust 1.30.0
travis-ci's 1.27.0 build failed with:

error[E0658]: access to extern crates through prelude is experimental (see issue #44660)
   --> db/auth.rs:159:6
    |
159 | impl rusqlite::types::FromSql for FromSqlIpAddr {
    |      ^^^^^^^^
2018-11-02 07:02:08 -07:00
Scott Lamb
75f233da79 initial db layer work for authentication (#26) 2018-11-01 23:25:06 -07:00
Scott Lamb
aa81eae65a more robust timezone detection (fixes #12) 2018-08-31 17:19:24 -07:00
Scott Lamb
fc0bc51bed build and lint the UI in travis-ci
This is a separate item in the matrix, so it doesn't go through this for
each of the three Rust versions.
2018-08-31 08:19:56 -07:00
Scott Lamb
ee3da33470 fix trailing whitespace in Javascript
I want to make travis-ci enforce that everything passes lint.
Get it in a good state first.
2018-08-31 07:31:22 -07:00
Scott Lamb
8adf6f4bc7 extend cache timeout
300 is insufficient for nightly, perhaps due to the extra weight of
the optimized build for the benchmark.
2018-08-31 00:01:30 -07:00
Scott Lamb
d7e0fcc3ba cache ffmpeg build in travis-ci
Hopefully this will significantly speed up builds.
2018-08-30 23:10:12 -07:00
Scott Lamb
955a0a8c15 upgrade to hyper 0.12.x
Just one (intentional) functional change---now the streamers start
shutting down while the webserver shuts down gracefully.
2018-08-29 22:26:19 -07:00
Scott Lamb
91ef07b9a7 bump required rust to 1.27
1.26 doesn't work with the updated rusqlite:

error[E0658]: use of unstable library feature 'duration_extras' (see issue #46507)
  --> /home/travis/.cargo/registry/src/github.com-1ecc6299db9ec823/rusqlite-0.14.0/src/busy.rs:26:49
   |
26 |             .and_then(|t| t.checked_add(timeout.subsec_millis().into()))
   |                                                 ^^^^^^^^^^^^^
2018-08-28 21:47:02 -07:00
Scott Lamb
0cc4d191c0 bump minimum Rust version to 1.26
1.25 also fails with the upgraded reffers because u128 isn't stable:

error[E0658]: 128-bit type is unstable (see issue #35118)
   --> /home/travis/.cargo/git/checkouts/reffers-rs-0d00fc7f893338b3/49a4d75/src/rc_bitmask.rs:194:34
    |
194 | rc_bit_mask_internal!(primitive, u128, 42, 42, 42);
    |                                  ^^^^
2018-08-27 21:32:51 -07:00
Scott Lamb
6ab416caed bump minimum Rust version
travis-ci pointed out that building with 1.21 broke with a recent dep
upgrade (8c52c36). reffers now uses nested groups of imports, which is a
feature introduced with Rust 1.25. Prior to 1.25, it fails as follows:

error: expected one of `,` or `as`, found `::`
 --> /home/travis/.cargo/git/checkouts/reffers-rs-0d00fc7f893338b3/49a4d75/src/arc.rs:6:46
  |
6 | use std::sync::atomic::{AtomicUsize, Ordering::SeqCst};
  |                                              ^^ expected one of `,` or `as` here
2018-08-25 06:33:50 -07:00
Scott Lamb
a10e77d98e update cursive from 0.7 to 0.9 2018-08-24 22:14:03 -07:00
Scott Lamb
8c52c36b51 upgrade a few deps 2018-08-24 22:06:14 -07:00
Scott Lamb
5bba71345c few small markdown tweaks 2018-08-24 21:04:13 -07:00
Scott Lamb
489fda6abe add missing guide/install-scripted.md
I mistakenly lost a "git mv easy-install.md install-scripted.md" when
reworking the commit, I suppose.
2018-08-24 20:59:56 -07:00
Scott Lamb
c5345c1e11 simplify and fix installation instructions
* install.md, install-manual.md, and easy-install.md had a lot of
  redundancy. Rework them so the common prefix and suffix are in
  install.md and it's clear when to navigate back and forth. This
  removes from very stale references to prep.sh and cameras.sql in
  install-manual.md (which never should have mentioned these scripts
  anyway).

* remove all the SAMPLE_MEDIA_DIR, SAMPLE_FILE_DIR, and
  SAMPLE_FILE_PATH stuff from the scripts. This was too complicated
  (one variable will suffice) and inconsistent in terminology (a
  couple "samples dir" occurrences slipped through review; they
  should have been "sample file dir"). It also wasn't really useful
  enough because the procedure for a mount point is manual anyway,
  and because some installs will have multiple sample file dirs
  anyway.

* in the mount point procedure, fix the paths to be consistent. Also
  describe the "nofail" and "Requires=" config I have on my machine.

* fix some incorrect info about how to use "moonfire-nvr config" and
  describe "flush_if_sec".
2018-08-24 20:45:46 -07:00
Scott Lamb
8dc5d64333 make with_recording_playback less monomorphized
This is a minor code size reduction - instead of being monomorphized
into four variants (according to "cargo llvm-lines"), it's now
monomorphized into two. The stripped release binary on macOS is about
8kB smaller (0.15%). Not a huge improvement but better than nothing.

Benchmarks seem unchanged (though they have a lot of variance).
2018-08-24 15:34:42 -07:00
Scott Lamb
d7a94956eb deflake writer tests
There was a race condition here because it wasn't waiting for the db
flush to complete. This made write_path_retries sometimes not reflect
the consequence of the flush, causing an assertion failure. I assume it
was also responsible for gc_path_retries timeouts under travis-ci.
2018-08-07 21:58:40 -05:00
Scott Lamb
f3127f563a fifth attempt at travis config
typo: it's --jobs=2, not -jobs=2.
2018-08-07 16:01:43 -05:00
Scott Lamb
01e8dab67f fourth attempt at travis config
* upgrade min required rust to 1.21; crossbeam-deque requires the
  ord_max_min feature, apparently stabilized in this version.

* use "make --jobs=2" to build ffmpeg so it goes faster.
  https://docs.travis-ci.com/user/reference/overview/ says there are 2
  cores available.
2018-08-07 15:51:19 -05:00
Scott Lamb
62a1bad8b9 third attempt at travis config
* upgrade minimum required Rust from 1.17 to 1.20; reffers 0.4.2
  apparently uses std::mem::ManuallyDrop, introduced in 1.20

* install ffmpeg from source (requiring sudo access) rather than using
  the ancient one from Ubuntu Trusty to meet the minimum version
  requirements specified in ffmpeg/build.rs.
2018-08-07 15:28:34 -05:00
Scott Lamb
a81de3f620 second attempt at travis config
* list apt packages to install
* apparently it's rust 1.17.0, not rust 1.17
2018-05-01 08:38:25 -07:00
Scott Lamb
7bb33522e2 first attempt at a travis config
This just does a build+test. I'll try the install scripts (for #58) in a
following commit.
2018-05-01 08:28:14 -07:00
Scott Lamb
23b221c5ed address setup_db bitrot (#58) 2018-05-01 07:31:38 -07:00
Scott Lamb
f2888e2b32 couple fixes to the dialog close button
* add back in button.css (broken with f5aa008)
* remove a redundant .png file-loader which apparently caused the .png
  asset to not load properly (broken with f5aa008)
2018-04-28 06:39:29 -07:00
Scott Lamb
a5528e1c02
Merge pull request #56 from scottlamb/pr-merge-new-schema
Merge new-schema branch
2018-04-27 06:52:46 -07:00
Scott Lamb
23fff5917c Merge branch 'new-schema'
The Rust portions of the merge are straightforward, but the Javascript
is not. The new-schema branch is based on my hacky prototype UI; the
master branch is based on Dolf's rewrite. I attempted to match the
new-schema changes in Dolf's new structure.
2018-04-27 06:42:39 -07:00
Scott Lamb
9982c0b080 small adjustments to auth schema
Nothing uses the user and user_session tables yet; I'm trying to
anticipate what auth will need before freezing schema version 3.
2018-04-27 06:24:02 -07:00
Scott Lamb
b0071515e0 update deps
I want to use hyper::server::Request::bytes_mut(), so an update is
needed. Update everything at once. Most notably, the http-serve update
starts using the http crate types for some things. (More to come.)
2018-04-06 15:54:52 -07:00
Scott Lamb
f720f6acd4 fix timezone fetching on macOS High Sierra 2018-04-06 13:49:18 -07:00
Scott Lamb
97d831e054 move strutil to base crate
I plan to use strutil::hex in db/auth.rs.
2018-03-30 08:54:20 -07:00
Dolf Starreveld
f5aa0080bb A little more UI refactor, cleanup, eslint more strict (#54)
* A little more UI refactor, cleanup, eslint more strict

* Split out imports for jQuery components and put them where needed.
* No longer do all of it in application module.
* Prepares better for code splitting.
* Split out video player dialog
* Simplifies jquery-ui dependencies for code splitting
* Simplifies code
* Configure to generate more, but smaller bundles.
* Setup some more strict eslint settings
* Fix css to import rather than require
* Change settings to correctly support tree shaking in production build

Signed-off-by: Dolf Starreveld <dolf@starreveld.com>

* Remove “old” code from TimeFormatter

* Accidentally left behind due to overlapping PRs

Signed-off-by: Dolf Starreveld <dolf@starreveld.com>
2018-03-25 22:18:56 -07:00
Dolf Starreveld
eaae640703 Initial docker support (#55)
* Dockerfile which allows full build on ubuntu
* No cross-compile yet
* Fixed build scripts bug found with docker

Signed-off-by: Dolf Starreveld <dolf@starreveld.com>
2018-03-25 21:03:02 -07:00
Scott Lamb
0701121586 a couple refinements to the new user_session table 2018-03-25 07:23:40 -07:00