* remove redundant per-view toasters in settings
* add variants to standardize dialog footer button layouts
* remove text-md
this class name compiles to nothing in tailwind. we used to add it to prevent iOS from zooming when focusing on an input, but that is now solved via the viewport meta in index.html
* make wizard footers consistent with dialog footers
* consistent destructive button style
remove text-white from individual buttons and add it to the variant
* add shm frame lifetime calculation and update UI for shared memory metrics
* consistent sizing on activity indicator in save buttons
* fix offline overlay overflowing on mobile when in grid mode
* Adjust title prompt to have less rigidity
* Improve motion boxes handling for features that don't require motion
* Improve handling of classes starting with digits
* Improve vehicle nuance
* tweak lpr docs
* Improve grammar
* Don't allow # in face name
* add password requirements to new user dialog
* change password requirements
* Clenaup
---------
Co-authored-by: Josh Hawkins <32435876+hawkeye217@users.noreply.github.com>
* only show jwt secret tip for admin users
* fix preview endpoint 403 for viewer role when "all" param is used
* Update docs dependencies
* add warning if ffmpeg isn't selected for reolink http streams
* Update the motion for motion masks
* Also update objects
* Add docs about backchannel and two way talk takeover
* don't require restart when deleting zone or mask
* Ensure motion is correctly set when adjusting masks
* don't use python style raw prefixes in yaml examples in LPR docs
* wording
---------
Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
* jwt permissions
* add old password to body req
* add model and migration
need to track the datetime that passwords were changed for the jwt
* auth api backend changes
- use os.open to create jwt secret with restrictive permissions (0o600: read/write for owner only)
- add backend validation for password strength
- add iat claim to jwt so the server can determine when a token was issued and reject any jwts issued before a user's password_changed_at timestamp, ensuring old tokens are invalidated after a password change
- set logout route to public to avoid 401 when logging out
- issue new jwt for users who change their own password so they stay logged in
* improve set password dialog
- add field to verify old password
- add password strength requirements
* frontend tweaks for password dialog
* i18n
* use verify endpoint for existing password verification
avoid /login side effects (creating a new session)
* public logout
* only check if password has changed on jwt refresh
* fix tests
Fix migration 030 by using raw sql to select usernames (avoid ORM selecting nonexistent columns)
* add multi device warning to password dialog
* remove password verification endpoint
Just send old_password + new password in one request, let the backend handle verification in a single operation
* update config for roles and add validator
* ensure admin and viewer are never overridden
* add class method to user to retrieve all allowed cameras
* enforce config roles in auth api endpoints
* add camera access api dependency functions
* protect review endpoints
* protect preview endpoints
* rename param name for better fastapi injection matching
* remove unneeded
* protect export endpoints
* protect event endpoints
* protect media endpoints
* update auth hook for allowed cameras
* update default app view
* ensure anonymous user always returns all cameras
* limit cameras in explore
* cameras is already a list
* limit cameras in review/history
* limit cameras in live view
* limit cameras in camera groups
* only show face library and classification in sidebar for admin
* remove check in delete reviews
since admin role is required, no need to check camera access. fixes failing test
* pass request with camera access for tests
* more async
* camera access tests
* fix proxy auth tests
* allowed cameras for review tests
* combine event tests and refactor for camera access
* fix post validation for roles
* don't limit roles in create user dialog
* fix triggers endpoints
no need to run require camera access dep since the required role is admin
* fix type
* create and edit role dialogs
* delete role dialog
* fix role change dialog
* update settings view for roles
* i18n changes
* minor spacing tweaks
* docs
* use badges and camera name label component
* clarify docs
* display all cameras badge for admin and viewer
* i18n fix
* use validator to prevent reserved and empty roles from being assigned
* split users and roles into separate tabs in settings
* tweak docs
* clarify docs
* change icon
* don't memoize roles
always recalculate on component render
* db migration
* db model
* assign admin role on password reset
* add role to jwt and api responses
* don't restrict api access for admins yet
* use json response
* frontend auth context
* update auth form for profile endpoint
* add access denied page
* add protected routes
* auth hook
* dialogs
* user settings view
* restrict viewer access to settings
* restrict camera functions for viewer role
* add password dialog to account menu
* spacing tweak
* migrator default to admin
* escape quotes in migrator
* ui tweaks
* tweaks
* colors
* colors
* fix merge conflict
* fix icons
* add api layer enforcement
* ui tweaks
* fix error message
* debug
* clean up
* remove print
* guard apis for admin only
* fix tests
* fix review tests
* use correct error responses from api in toasts
* add role to account menu
* reload the window on 401
* backend apis for auth
* add login page
* re-enable web linter
* fix login page routing
* bypass csrf for internal auth endpoint
* disable healthcheck in devcontainer target
* include login page in vite build
* redirect to login page on 401
* implement config for users and settings
* implement JWT actual secret
* add brute force protection on login
* add support for redirecting from auth failures on api calls
* return location for redirect
* default cookie name should pass regex test
* set hash iterations to current OWASP recommendation
* move users to database instead of config
* config option to reset admin password on startup
* user management UI
* check for deleted user on refresh
* validate username and fixes
* remove password constraint
* cleanup
* fix user check on refresh
* web fixes
* implement auth via new external port
* use x-forwarded-for to rate limit login attempts by ip
* implement logout and profile
* fixes
* lint fixes
* add support for user passthru from upstream proxies
* add support for specifying a logout url
* add documentation
* Update docs/docs/configuration/authentication.md
Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
* Update docs/docs/configuration/authentication.md
Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
---------
Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
