mirror of
https://github.com/blakeblackshear/frigate.git
synced 2026-06-21 03:41:55 +03:00
Compare commits
5 Commits
b38f1ddb76
...
a098ba36b0
| Author | SHA1 | Date | |
|---|---|---|---|
|
a098ba36b0 | ||
|
|
5003ab895c | ||
|
|
652ea2454f | ||
|
|
b5a360be39 | ||
|
|
54a7c5015e |
@ -12,6 +12,7 @@ import time
|
||||
from datetime import datetime
|
||||
from pathlib import Path
|
||||
from typing import List, Optional
|
||||
from urllib.parse import parse_qs, urlparse
|
||||
|
||||
from fastapi import APIRouter, Depends, HTTPException, Request, Response
|
||||
from fastapi.responses import JSONResponse, RedirectResponse
|
||||
@ -26,7 +27,11 @@ from frigate.api.defs.request.app_body import (
|
||||
AppPutRoleBody,
|
||||
)
|
||||
from frigate.api.defs.tags import Tags
|
||||
from frigate.api.media_auth import check_camera_access, deny_response_for_media_uri
|
||||
from frigate.api.media_auth import (
|
||||
check_camera_access,
|
||||
deny_response_for_media_uri,
|
||||
is_role_restricted,
|
||||
)
|
||||
from frigate.config import AuthConfig, NetworkingConfig, ProxyConfig
|
||||
from frigate.const import CONFIG_DIR, JWT_SECRET_ENV_VAR, PASSWORD_HASH_ALGORITHM
|
||||
from frigate.models import User
|
||||
@ -658,6 +663,10 @@ def auth(request: Request):
|
||||
if deny_status is not None:
|
||||
return Response("", status_code=deny_status)
|
||||
|
||||
deny_status = deny_response_for_go2rtc_stream(original_url, role, request)
|
||||
if deny_status is not None:
|
||||
return Response("", status_code=deny_status)
|
||||
|
||||
return success_response
|
||||
|
||||
# now apply authentication
|
||||
@ -757,6 +766,10 @@ def auth(request: Request):
|
||||
if deny_status is not None:
|
||||
return Response("", status_code=deny_status)
|
||||
|
||||
deny_status = deny_response_for_go2rtc_stream(original_url, role, request)
|
||||
if deny_status is not None:
|
||||
return Response("", status_code=deny_status)
|
||||
|
||||
return success_response
|
||||
except Exception as e:
|
||||
logger.error(f"Error parsing jwt: {e}")
|
||||
@ -1112,6 +1125,66 @@ def _get_stream_owner_cameras(request: Request, stream_name: str) -> set[str]:
|
||||
return owner_cameras
|
||||
|
||||
|
||||
# nginx proxies these paths straight to go2rtc with authentication-only checks
|
||||
# (see auth_request.conf). Each names the desired stream via the `src` query
|
||||
# param, so the camera-level check must happen here in the `/auth` subrequest —
|
||||
# `require_go2rtc_stream_access` only guards the REST `/go2rtc/streams/{name}`
|
||||
# endpoint, not these proxied live-stream paths.
|
||||
GO2RTC_STREAM_PROXY_PATHS = frozenset(
|
||||
{
|
||||
"/live/mse/api/ws",
|
||||
"/live/webrtc/api/ws",
|
||||
"/api/go2rtc/webrtc",
|
||||
}
|
||||
)
|
||||
|
||||
|
||||
def deny_response_for_go2rtc_stream(
|
||||
original_url: Optional[str], role: Optional[str], request: Request
|
||||
) -> Optional[int]:
|
||||
"""Block role-restricted users from go2rtc live streams they cannot access.
|
||||
|
||||
Returns 403 when any `src` stream named in `original_url` resolves to a
|
||||
camera outside the role's allow-list (or when no `src` is provided on a
|
||||
stream-proxy path), otherwise None. Mirrors the resolution logic in
|
||||
`require_go2rtc_stream_access` so substream names map to their owning
|
||||
camera correctly.
|
||||
"""
|
||||
if not original_url:
|
||||
return None
|
||||
|
||||
parsed = urlparse(original_url)
|
||||
if parsed.path not in GO2RTC_STREAM_PROXY_PATHS:
|
||||
return None
|
||||
|
||||
frigate_config = request.app.frigate_config
|
||||
|
||||
# admin and full-access roles (no allow-list) bypass the camera check
|
||||
if not role or not is_role_restricted(role, frigate_config):
|
||||
return None
|
||||
|
||||
sources = parse_qs(parsed.query).get("src", [])
|
||||
if not sources:
|
||||
# a stream-proxy request naming no stream has nothing legitimate to
|
||||
# show a restricted user
|
||||
return 403
|
||||
|
||||
allowed_cameras = set(
|
||||
User.get_allowed_cameras(
|
||||
role,
|
||||
frigate_config.auth.roles,
|
||||
set(frigate_config.cameras.keys()),
|
||||
)
|
||||
)
|
||||
|
||||
# deny if any requested source resolves outside the allow-list
|
||||
for src in sources:
|
||||
if not (_get_stream_owner_cameras(request, src) & allowed_cameras):
|
||||
return 403
|
||||
|
||||
return None
|
||||
|
||||
|
||||
async def require_go2rtc_stream_access(
|
||||
stream_name: Optional[str] = None,
|
||||
request: Request = None,
|
||||
|
||||
@ -595,112 +595,92 @@ class BirdsEyeFrameManager:
|
||||
) -> Optional[list[list[Any]]]:
|
||||
"""Calculate the optimal layout for 2+ cameras."""
|
||||
|
||||
def map_layout(
|
||||
camera_layout: list[list[Any]], row_height: int
|
||||
) -> tuple[int, int, Optional[list[list[Any]]]]:
|
||||
"""Map the calculated layout."""
|
||||
candidate_layout = []
|
||||
starting_x = 0
|
||||
x = 0
|
||||
def find_available_x(
|
||||
current_x: int,
|
||||
width: int,
|
||||
reserved_ranges: list[tuple[int, int]],
|
||||
max_width: int,
|
||||
) -> Optional[int]:
|
||||
"""Find the first horizontal slot that does not collide with reservations."""
|
||||
x = current_x
|
||||
|
||||
for reserved_start, reserved_end in sorted(reserved_ranges):
|
||||
if x >= reserved_end:
|
||||
continue
|
||||
|
||||
if x + width <= reserved_start:
|
||||
return x
|
||||
|
||||
x = max(x, reserved_end)
|
||||
|
||||
if x + width <= max_width:
|
||||
return x
|
||||
|
||||
return None
|
||||
|
||||
def map_layout(row_height: int) -> tuple[int, int, Optional[list[list[Any]]]]:
|
||||
"""Lay out cameras row by row while reserving portrait spans for the next row."""
|
||||
candidate_layout: list[list[Any]] = []
|
||||
reserved_ranges: dict[int, list[tuple[int, int]]] = {}
|
||||
current_row: list[Any] = []
|
||||
row_index = 0
|
||||
row_y = 0
|
||||
row_x = 0
|
||||
max_width = 0
|
||||
y = 0
|
||||
max_height = 0
|
||||
|
||||
for row in camera_layout:
|
||||
final_row = []
|
||||
max_width = max(max_width, x)
|
||||
x = starting_x
|
||||
for cameras in row:
|
||||
camera_dims = self.cameras[cameras[0]]["dimensions"].copy()
|
||||
camera_aspect = cameras[1]
|
||||
|
||||
if camera_dims[1] > camera_dims[0]:
|
||||
scaled_height = int(row_height * 2)
|
||||
scaled_width = int(scaled_height * camera_aspect)
|
||||
starting_x = scaled_width
|
||||
else:
|
||||
scaled_height = row_height
|
||||
scaled_width = int(scaled_height * camera_aspect)
|
||||
|
||||
# layout is too large
|
||||
if (
|
||||
x + scaled_width > self.canvas.width
|
||||
or y + scaled_height > self.canvas.height
|
||||
):
|
||||
return x + scaled_width, y + scaled_height, None
|
||||
|
||||
final_row.append((cameras[0], (x, y, scaled_width, scaled_height)))
|
||||
x += scaled_width
|
||||
|
||||
y += row_height
|
||||
candidate_layout.append(final_row)
|
||||
|
||||
if max_width == 0:
|
||||
max_width = x
|
||||
|
||||
return max_width, y, candidate_layout
|
||||
|
||||
canvas_aspect_x, canvas_aspect_y = self.canvas.get_aspect(coefficient)
|
||||
camera_layout: list[list[Any]] = []
|
||||
camera_layout.append([])
|
||||
starting_x = 0
|
||||
x = starting_x
|
||||
y = 0
|
||||
y_i = 0
|
||||
max_y = 0
|
||||
for camera in cameras_to_add:
|
||||
camera_dims = self.cameras[camera]["dimensions"].copy()
|
||||
camera_aspect_x, camera_aspect_y = self.canvas.get_camera_aspect(
|
||||
camera, camera_dims[0], camera_dims[1]
|
||||
)
|
||||
portrait = camera_dims[1] > camera_dims[0]
|
||||
scaled_height = row_height * 2 if portrait else row_height
|
||||
scaled_width = int(scaled_height * (camera_aspect_x / camera_aspect_y))
|
||||
|
||||
if camera_dims[1] > camera_dims[0]:
|
||||
portrait = True
|
||||
else:
|
||||
portrait = False
|
||||
while True:
|
||||
x = find_available_x(
|
||||
row_x,
|
||||
scaled_width,
|
||||
reserved_ranges.get(row_index, []),
|
||||
self.canvas.width,
|
||||
)
|
||||
|
||||
if (x + camera_aspect_x) <= canvas_aspect_x:
|
||||
# insert if camera can fit on current row
|
||||
camera_layout[y_i].append(
|
||||
(
|
||||
camera,
|
||||
camera_aspect_x / camera_aspect_y,
|
||||
)
|
||||
if x is not None and row_y + scaled_height <= self.canvas.height:
|
||||
current_row.append(
|
||||
(camera, (x, row_y, scaled_width, scaled_height))
|
||||
)
|
||||
row_x = x + scaled_width
|
||||
max_width = max(max_width, row_x)
|
||||
max_height = max(max_height, row_y + scaled_height)
|
||||
|
||||
if portrait:
|
||||
starting_x = camera_aspect_x
|
||||
else:
|
||||
max_y = max(
|
||||
max_y,
|
||||
camera_aspect_y,
|
||||
reserved_ranges.setdefault(row_index + 1, []).append(
|
||||
(x, row_x)
|
||||
)
|
||||
|
||||
x += camera_aspect_x
|
||||
else:
|
||||
# move on to the next row and insert
|
||||
y += max_y
|
||||
y_i += 1
|
||||
camera_layout.append([])
|
||||
x = starting_x
|
||||
break
|
||||
|
||||
if x + camera_aspect_x > canvas_aspect_x:
|
||||
return None
|
||||
if current_row:
|
||||
candidate_layout.append(current_row)
|
||||
current_row = []
|
||||
|
||||
camera_layout[y_i].append(
|
||||
(
|
||||
camera,
|
||||
camera_aspect_x / camera_aspect_y,
|
||||
)
|
||||
)
|
||||
x += camera_aspect_x
|
||||
row_index += 1
|
||||
row_y = row_index * row_height
|
||||
row_x = 0
|
||||
|
||||
if y + max_y > canvas_aspect_y:
|
||||
return None
|
||||
if row_y + scaled_height > self.canvas.height:
|
||||
overflow_width = max(max_width, scaled_width)
|
||||
overflow_height = row_y + scaled_height
|
||||
return overflow_width, overflow_height, None
|
||||
|
||||
row_height = int(self.canvas.height / coefficient)
|
||||
total_width, total_height, standard_candidate_layout = map_layout(
|
||||
camera_layout, row_height
|
||||
)
|
||||
if current_row:
|
||||
candidate_layout.append(current_row)
|
||||
|
||||
return max_width, max_height, candidate_layout
|
||||
|
||||
row_height = max(1, int(self.canvas.height / coefficient))
|
||||
total_width, total_height, standard_candidate_layout = map_layout(row_height)
|
||||
|
||||
if not standard_candidate_layout:
|
||||
# if standard layout didn't work
|
||||
@ -709,9 +689,9 @@ class BirdsEyeFrameManager:
|
||||
total_width / self.canvas.width,
|
||||
total_height / self.canvas.height,
|
||||
)
|
||||
row_height = int(row_height / scale_down_percent)
|
||||
row_height = max(1, int(row_height / scale_down_percent))
|
||||
total_width, total_height, standard_candidate_layout = map_layout(
|
||||
camera_layout, row_height
|
||||
row_height
|
||||
)
|
||||
|
||||
if not standard_candidate_layout:
|
||||
@ -725,8 +705,8 @@ class BirdsEyeFrameManager:
|
||||
1 / (total_width / self.canvas.width),
|
||||
1 / (total_height / self.canvas.height),
|
||||
)
|
||||
row_height = int(row_height * scale_up_percent)
|
||||
_, _, scaled_layout = map_layout(camera_layout, row_height)
|
||||
row_height = max(1, int(row_height * scale_up_percent))
|
||||
_, _, scaled_layout = map_layout(row_height)
|
||||
|
||||
if scaled_layout:
|
||||
return scaled_layout
|
||||
|
||||
@ -1,11 +1,64 @@
|
||||
"""Test camera user and password cleanup."""
|
||||
"""Tests for Birdseye canvas sizing and layout behavior."""
|
||||
|
||||
import unittest
|
||||
from multiprocessing import Event
|
||||
|
||||
from frigate.output.birdseye import get_canvas_shape
|
||||
from frigate.config import FrigateConfig
|
||||
from frigate.output.birdseye import BirdsEyeFrameManager, get_canvas_shape
|
||||
|
||||
|
||||
class TestBirdseye(unittest.TestCase):
|
||||
def _build_manager(
|
||||
self, camera_dimensions: dict[str, tuple[int, int]]
|
||||
) -> BirdsEyeFrameManager:
|
||||
config = {
|
||||
"mqtt": {"host": "mqtt"},
|
||||
"birdseye": {"width": 1280, "height": 720},
|
||||
"cameras": {},
|
||||
}
|
||||
|
||||
for order, (camera, dimensions) in enumerate(
|
||||
camera_dimensions.items(), start=1
|
||||
):
|
||||
config["cameras"][camera] = {
|
||||
"ffmpeg": {
|
||||
"inputs": [
|
||||
{
|
||||
"path": f"rtsp://10.0.0.1:554/{camera}",
|
||||
"roles": ["detect"],
|
||||
}
|
||||
]
|
||||
},
|
||||
"detect": {
|
||||
"width": dimensions[0],
|
||||
"height": dimensions[1],
|
||||
"fps": 5,
|
||||
},
|
||||
"birdseye": {"order": order},
|
||||
}
|
||||
|
||||
return BirdsEyeFrameManager(FrigateConfig(**config), Event())
|
||||
|
||||
def _assert_no_overlaps(
|
||||
self, layout: list[list[tuple[str, tuple[int, int, int, int]]]]
|
||||
):
|
||||
rectangles = [position for row in layout for _, position in row]
|
||||
|
||||
for index, rect in enumerate(rectangles):
|
||||
x1, y1, width1, height1 = rect
|
||||
for other in rectangles[index + 1 :]:
|
||||
x2, y2, width2, height2 = other
|
||||
overlap = (
|
||||
x1 < x2 + width2
|
||||
and x2 < x1 + width1
|
||||
and y1 < y2 + height2
|
||||
and y2 < y1 + height1
|
||||
)
|
||||
self.assertFalse(
|
||||
overlap,
|
||||
msg=f"Overlapping rectangles found: {rect} and {other}",
|
||||
)
|
||||
|
||||
def test_16x9(self):
|
||||
"""Test 16x9 aspect ratio works as expected for birdseye."""
|
||||
width = 1280
|
||||
@ -45,3 +98,104 @@ class TestBirdseye(unittest.TestCase):
|
||||
canvas_width, canvas_height = get_canvas_shape(width, height)
|
||||
assert canvas_width == width # width will be the same
|
||||
assert canvas_height != height
|
||||
|
||||
def test_portrait_camera_does_not_overlap_next_row(self):
|
||||
"""Portrait cameras should reserve their real horizontal position on the next row."""
|
||||
manager = self._build_manager(
|
||||
{
|
||||
"cam_a": (1280, 720),
|
||||
"cam_p": (360, 640),
|
||||
"cam_b": (1280, 720),
|
||||
"cam_c": (640, 480),
|
||||
}
|
||||
)
|
||||
|
||||
layout = manager.calculate_layout(["cam_a", "cam_p", "cam_b", "cam_c"], 3)
|
||||
|
||||
self.assertIsNotNone(layout)
|
||||
assert layout is not None
|
||||
self._assert_no_overlaps(layout)
|
||||
|
||||
cam_c = [
|
||||
position for row in layout for camera, position in row if camera == "cam_c"
|
||||
][0]
|
||||
self.assertEqual(cam_c[0], 0)
|
||||
|
||||
def test_portrait_reservation_only_applies_to_next_row(self):
|
||||
"""Portrait reservations should not push later rows after the span ends."""
|
||||
manager = self._build_manager(
|
||||
{
|
||||
"cam_a": (1280, 720),
|
||||
"cam_p": (360, 640),
|
||||
"cam_b": (1280, 720),
|
||||
"cam_c": (1280, 720),
|
||||
"cam_d": (1280, 720),
|
||||
"cam_e": (1280, 720),
|
||||
}
|
||||
)
|
||||
|
||||
layout = manager.calculate_layout(
|
||||
["cam_a", "cam_p", "cam_b", "cam_c", "cam_d", "cam_e"],
|
||||
3,
|
||||
)
|
||||
|
||||
self.assertIsNotNone(layout)
|
||||
assert layout is not None
|
||||
self._assert_no_overlaps(layout)
|
||||
|
||||
cam_e = [
|
||||
position for row in layout for camera, position in row if camera == "cam_e"
|
||||
][0]
|
||||
self.assertEqual(cam_e[0], 0)
|
||||
|
||||
def test_multiple_portraits_reserve_distinct_ranges(self):
|
||||
"""Multiple portrait cameras in one row should reserve separate spans below them."""
|
||||
manager = self._build_manager(
|
||||
{
|
||||
"cam_a": (640, 480),
|
||||
"cam_p1": (360, 640),
|
||||
"cam_p2": (360, 640),
|
||||
"cam_b": (640, 480),
|
||||
"cam_c": (1280, 720),
|
||||
"cam_d": (640, 480),
|
||||
}
|
||||
)
|
||||
|
||||
layout = manager.calculate_layout(
|
||||
["cam_a", "cam_p1", "cam_p2", "cam_b", "cam_c", "cam_d"],
|
||||
4,
|
||||
)
|
||||
|
||||
self.assertIsNotNone(layout)
|
||||
assert layout is not None
|
||||
self._assert_no_overlaps(layout)
|
||||
|
||||
def test_two_landscapes_then_portrait_then_two_landscapes(self):
|
||||
"""A portrait after two landscapes should reserve only its own tail span."""
|
||||
manager = self._build_manager(
|
||||
{
|
||||
"cam_a": (1280, 720),
|
||||
"cam_b": (1280, 720),
|
||||
"cam_p": (360, 640),
|
||||
"cam_c": (1280, 720),
|
||||
"cam_d": (1280, 720),
|
||||
}
|
||||
)
|
||||
|
||||
layout = manager.calculate_layout(
|
||||
["cam_a", "cam_b", "cam_p", "cam_c", "cam_d"],
|
||||
3,
|
||||
)
|
||||
|
||||
self.assertIsNotNone(layout)
|
||||
assert layout is not None
|
||||
self._assert_no_overlaps(layout)
|
||||
|
||||
cam_c = [
|
||||
position for row in layout for camera, position in row if camera == "cam_c"
|
||||
][0]
|
||||
cam_d = [
|
||||
position for row in layout for camera, position in row if camera == "cam_d"
|
||||
][0]
|
||||
self.assertEqual(cam_c[0], 0)
|
||||
self.assertEqual(cam_d[0], cam_c[0] + cam_c[2])
|
||||
|
||||
175
frigate/test/test_go2rtc_stream_auth.py
Normal file
175
frigate/test/test_go2rtc_stream_auth.py
Normal file
@ -0,0 +1,175 @@
|
||||
"""Unit tests for `deny_response_for_go2rtc_stream`.
|
||||
|
||||
Covers the camera-level authorization enforced in the `/auth` subrequest for
|
||||
the nginx-proxied go2rtc live-stream paths (MSE/WebRTC WebSockets and the
|
||||
WebRTC signaling endpoint). These paths name the stream via the `src` query
|
||||
param, which the static-media auth in `media_auth` does not inspect.
|
||||
"""
|
||||
|
||||
import types
|
||||
import unittest
|
||||
|
||||
from frigate.api.auth import deny_response_for_go2rtc_stream
|
||||
from frigate.config import FrigateConfig
|
||||
|
||||
_CONFIG = {
|
||||
"mqtt": {"host": "mqtt"},
|
||||
"auth": {
|
||||
"roles": {
|
||||
"limited_user": ["front_door"],
|
||||
"dual_user": ["front_door", "back_door"],
|
||||
}
|
||||
},
|
||||
"cameras": {
|
||||
"front_door": {
|
||||
"ffmpeg": {
|
||||
"inputs": [{"path": "rtsp://10.0.0.1:554/video", "roles": ["detect"]}]
|
||||
},
|
||||
"detect": {"height": 1080, "width": 1920, "fps": 5},
|
||||
# go2rtc stream name differs from the camera name (substream)
|
||||
"live": {"streams": {"Main Stream": "front_door_sub"}},
|
||||
},
|
||||
"back_door": {
|
||||
"ffmpeg": {
|
||||
"inputs": [{"path": "rtsp://10.0.0.2:554/video", "roles": ["detect"]}]
|
||||
},
|
||||
"detect": {"height": 1080, "width": 1920, "fps": 5},
|
||||
},
|
||||
"garage": {
|
||||
"ffmpeg": {
|
||||
"inputs": [{"path": "rtsp://10.0.0.3:554/video", "roles": ["detect"]}]
|
||||
},
|
||||
"detect": {"height": 1080, "width": 1920, "fps": 5},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
def _request(config: FrigateConfig) -> types.SimpleNamespace:
|
||||
return types.SimpleNamespace(app=types.SimpleNamespace(frigate_config=config))
|
||||
|
||||
|
||||
class TestDenyResponseForGo2rtcStream(unittest.TestCase):
|
||||
def setUp(self) -> None:
|
||||
self.config = FrigateConfig(**_CONFIG)
|
||||
self.request = _request(self.config)
|
||||
|
||||
def _deny(self, url: str, role: str):
|
||||
return deny_response_for_go2rtc_stream(url, role, self.request)
|
||||
|
||||
# --- non-stream paths pass through ---
|
||||
|
||||
def test_non_stream_path_passes_through(self):
|
||||
self.assertIsNone(
|
||||
self._deny("http://host/clips/back_door-1.jpg", "limited_user")
|
||||
)
|
||||
|
||||
def test_empty_url_passes_through(self):
|
||||
self.assertIsNone(self._deny("", "limited_user"))
|
||||
|
||||
def test_jsmpeg_path_not_handled_here(self):
|
||||
# jsmpeg is authorized per-frame in the output pipeline, not here
|
||||
self.assertIsNone(
|
||||
self._deny("http://host/live/jsmpeg/back_door", "limited_user")
|
||||
)
|
||||
|
||||
# --- restricted role: allowed vs forbidden cameras ---
|
||||
|
||||
def test_mse_allowed_camera(self):
|
||||
self.assertIsNone(
|
||||
self._deny("http://host/live/mse/api/ws?src=front_door", "limited_user")
|
||||
)
|
||||
|
||||
def test_mse_forbidden_camera_denied(self):
|
||||
self.assertEqual(
|
||||
self._deny("http://host/live/mse/api/ws?src=back_door", "limited_user"),
|
||||
403,
|
||||
)
|
||||
|
||||
def test_webrtc_ws_forbidden_camera_denied(self):
|
||||
self.assertEqual(
|
||||
self._deny("http://host/live/webrtc/api/ws?src=back_door", "limited_user"),
|
||||
403,
|
||||
)
|
||||
|
||||
def test_webrtc_signaling_forbidden_camera_denied(self):
|
||||
self.assertEqual(
|
||||
self._deny("http://host/api/go2rtc/webrtc?src=back_door", "limited_user"),
|
||||
403,
|
||||
)
|
||||
|
||||
def test_unknown_camera_denied(self):
|
||||
self.assertEqual(
|
||||
self._deny("http://host/live/mse/api/ws?src=nonexistent", "limited_user"),
|
||||
403,
|
||||
)
|
||||
|
||||
def test_missing_src_denied(self):
|
||||
self.assertEqual(self._deny("http://host/live/mse/api/ws", "limited_user"), 403)
|
||||
|
||||
# --- multi-camera role: each assigned camera allowed, others denied ---
|
||||
|
||||
def test_multi_camera_role_allows_first_assigned(self):
|
||||
self.assertIsNone(
|
||||
self._deny("http://host/live/mse/api/ws?src=front_door", "dual_user")
|
||||
)
|
||||
|
||||
def test_multi_camera_role_allows_second_assigned(self):
|
||||
self.assertIsNone(
|
||||
self._deny("http://host/live/mse/api/ws?src=back_door", "dual_user")
|
||||
)
|
||||
|
||||
def test_multi_camera_role_denies_unassigned(self):
|
||||
# garage is configured but not in dual_user's allow-list
|
||||
self.assertEqual(
|
||||
self._deny("http://host/live/mse/api/ws?src=garage", "dual_user"),
|
||||
403,
|
||||
)
|
||||
|
||||
# --- substream names resolve to their owning camera ---
|
||||
|
||||
def test_allowed_substream_resolves_to_owning_camera(self):
|
||||
# front_door_sub is owned by front_door, which limited_user may access
|
||||
self.assertIsNone(
|
||||
self._deny("http://host/live/mse/api/ws?src=front_door_sub", "limited_user")
|
||||
)
|
||||
|
||||
# --- multiple src values: deny if any is forbidden ---
|
||||
|
||||
def test_multiple_src_one_forbidden_denied(self):
|
||||
self.assertEqual(
|
||||
self._deny(
|
||||
"http://host/live/mse/api/ws?src=front_door&src=back_door",
|
||||
"limited_user",
|
||||
),
|
||||
403,
|
||||
)
|
||||
|
||||
def test_multiple_src_all_allowed(self):
|
||||
self.assertIsNone(
|
||||
self._deny(
|
||||
"http://host/live/mse/api/ws?src=front_door&src=front_door_sub",
|
||||
"limited_user",
|
||||
)
|
||||
)
|
||||
|
||||
# --- privileged roles bypass the check ---
|
||||
|
||||
def test_admin_bypasses(self):
|
||||
self.assertIsNone(
|
||||
self._deny("http://host/live/mse/api/ws?src=back_door", "admin")
|
||||
)
|
||||
|
||||
def test_builtin_viewer_role_bypasses(self):
|
||||
# the built-in viewer role is not in the config allow-list map, so it
|
||||
# is treated as full access
|
||||
self.assertIsNone(
|
||||
self._deny("http://host/live/mse/api/ws?src=back_door", "viewer")
|
||||
)
|
||||
|
||||
def test_missing_role_bypasses(self):
|
||||
self.assertIsNone(self._deny("http://host/live/mse/api/ws?src=back_door", None))
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
@ -70,6 +70,13 @@
|
||||
"selectFromTimeline": "Select from Timeline",
|
||||
"cameraSelection": "Cameras",
|
||||
"cameraSelectionHelp": "Cameras with tracked objects in this time range are pre-selected",
|
||||
"searchOrSelectGroup": "Search, or select a camera group...",
|
||||
"selectAll": "Select all cameras",
|
||||
"clearSelection": "Clear selection",
|
||||
"selectWithActivity": "Cameras with tracked objects",
|
||||
"selectGroup": "Select group",
|
||||
"noMatchingCameras": "No cameras match your search",
|
||||
"selectedCount": "{{selected}} / {{total}} selected",
|
||||
"checkingActivity": "Checking camera activity...",
|
||||
"noCameras": "No cameras available",
|
||||
"detectionCount_one": "1 tracked object",
|
||||
|
||||
@ -243,12 +243,7 @@ export default function CameraReviewClassification({
|
||||
handleZoneToggle("alerts.required_zones", zone.name)
|
||||
}
|
||||
/>
|
||||
<Label
|
||||
className={cn(
|
||||
"font-normal",
|
||||
!zone.friendly_name && "smart-capitalize",
|
||||
)}
|
||||
>
|
||||
<Label className="font-normal">
|
||||
{zone.friendly_name || zone.name}
|
||||
</Label>
|
||||
</div>
|
||||
|
||||
@ -29,8 +29,8 @@ function getZoneDisplayName(zoneName: string, context?: FormContext): string {
|
||||
}
|
||||
}
|
||||
}
|
||||
// Fallback to cleaning up the zone name
|
||||
return String(zoneName).replace(/_/g, " ");
|
||||
// Fallback to the raw zone id verbatim (no friendly_name available)
|
||||
return String(zoneName);
|
||||
}
|
||||
|
||||
export function ZoneSwitchesWidget(props: WidgetProps) {
|
||||
|
||||
@ -39,6 +39,16 @@ import {
|
||||
TooltipContent,
|
||||
TooltipTrigger,
|
||||
} from "@/components/ui/tooltip";
|
||||
import {
|
||||
Command,
|
||||
CommandGroup,
|
||||
CommandInput,
|
||||
CommandItem,
|
||||
CommandList,
|
||||
CommandSeparator,
|
||||
} from "../ui/command";
|
||||
import { IconRenderer } from "../icons/IconPicker";
|
||||
import * as LuIcons from "react-icons/lu";
|
||||
import { isDesktop, isMobile } from "react-device-detect";
|
||||
import { Drawer, DrawerContent, DrawerTrigger } from "../ui/drawer";
|
||||
import SaveExportOverlay from "./SaveExportOverlay";
|
||||
@ -376,6 +386,9 @@ export function ExportContent({
|
||||
const [newCaseName, setNewCaseName] = useState("");
|
||||
const [newCaseDescription, setNewCaseDescription] = useState("");
|
||||
const [isStartingBatchExport, setIsStartingBatchExport] = useState(false);
|
||||
const [cameraSearch, setCameraSearch] = useState("");
|
||||
const [cameraMenuOpen, setCameraMenuOpen] = useState(false);
|
||||
const cameraMenuRef = useRef<HTMLDivElement>(null);
|
||||
const multiRangeKey = useMemo(() => {
|
||||
if (activeTab !== "multi" || !range) {
|
||||
return undefined;
|
||||
@ -577,6 +590,75 @@ export function ExportContent({
|
||||
);
|
||||
}, []);
|
||||
|
||||
const availableCameraIds = useMemo(
|
||||
() => cameraActivities.map((activity) => activity.camera),
|
||||
[cameraActivities],
|
||||
);
|
||||
|
||||
const activeCameraIds = useMemo(
|
||||
() =>
|
||||
cameraActivities
|
||||
.filter((activity) => activity.hasDetections)
|
||||
.map((activity) => activity.camera),
|
||||
[cameraActivities],
|
||||
);
|
||||
|
||||
const cameraGroups = useMemo(
|
||||
() =>
|
||||
Object.entries(config?.camera_groups ?? {})
|
||||
.map(([name, group]) => ({
|
||||
name,
|
||||
icon: group.icon,
|
||||
order: group.order,
|
||||
cameras: group.cameras.filter((cameraId) =>
|
||||
availableCameraIds.includes(cameraId),
|
||||
),
|
||||
}))
|
||||
.filter((group) => group.cameras.length > 0)
|
||||
.sort((a, b) => a.order - b.order),
|
||||
[config?.camera_groups, availableCameraIds],
|
||||
);
|
||||
|
||||
// Filter the rendered camera cards by the search query
|
||||
const filteredCameraActivities = useMemo(() => {
|
||||
const query = cameraSearch.trim().toLowerCase();
|
||||
if (!query) {
|
||||
return cameraActivities;
|
||||
}
|
||||
return cameraActivities.filter((activity) => {
|
||||
const friendlyName = resolveCameraName(config, activity.camera);
|
||||
return (
|
||||
activity.camera.toLowerCase().includes(query) ||
|
||||
friendlyName.toLowerCase().includes(query)
|
||||
);
|
||||
});
|
||||
}, [cameraActivities, cameraSearch, config]);
|
||||
|
||||
// Group/all/activity selection replaces the current selection
|
||||
const applyCameraSelection = useCallback((cameraIds: string[]) => {
|
||||
setHasManualCameraSelection(true);
|
||||
setSelectedCameraIds(cameraIds);
|
||||
setCameraMenuOpen(false);
|
||||
}, []);
|
||||
|
||||
// Close the dropdown when focus leaves the camera selection control entirely
|
||||
const handleCameraInputBlur = useCallback((event: React.FocusEvent) => {
|
||||
if (
|
||||
cameraMenuRef.current &&
|
||||
!cameraMenuRef.current.contains(event.relatedTarget as Node)
|
||||
) {
|
||||
setCameraMenuOpen(false);
|
||||
}
|
||||
}, []);
|
||||
|
||||
// Reset the search and dropdown when leaving the multi-camera tab
|
||||
useEffect(() => {
|
||||
if (activeTab !== "multi") {
|
||||
setCameraSearch("");
|
||||
setCameraMenuOpen(false);
|
||||
}
|
||||
}, [activeTab]);
|
||||
|
||||
const startBatchExport = useCallback(async () => {
|
||||
if (isStartingBatchExport) {
|
||||
return;
|
||||
@ -802,7 +884,7 @@ export function ExportContent({
|
||||
|
||||
{isAdmin && (
|
||||
<div className="space-y-2">
|
||||
<Label className="text-sm text-secondary-foreground">
|
||||
<Label className="text-sm text-primary">
|
||||
{t("export.case.label")}
|
||||
</Label>
|
||||
<Select
|
||||
@ -859,7 +941,7 @@ export function ExportContent({
|
||||
)}
|
||||
>
|
||||
<div className="space-y-2">
|
||||
<Label className="text-sm text-secondary-foreground">
|
||||
<Label className="text-sm text-primary">
|
||||
{t("export.multiCamera.timeRange")}
|
||||
</Label>
|
||||
<div className="flex items-center gap-2">
|
||||
@ -902,16 +984,109 @@ export function ExportContent({
|
||||
</div>
|
||||
|
||||
<div className="space-y-2">
|
||||
<Label className="text-sm text-secondary-foreground">
|
||||
<div className="flex items-center justify-between gap-2">
|
||||
<Label className="text-sm text-primary">
|
||||
{t("export.multiCamera.cameraSelection")}
|
||||
</Label>
|
||||
{availableCameraIds.length > 0 && (
|
||||
<span className="text-xs text-muted-foreground">
|
||||
{t("export.multiCamera.selectedCount", {
|
||||
selected: selectedCameraCount,
|
||||
total: availableCameraIds.length,
|
||||
})}
|
||||
</span>
|
||||
)}
|
||||
</div>
|
||||
<div className="text-xs text-muted-foreground">
|
||||
{t("export.multiCamera.cameraSelectionHelp")}
|
||||
</div>
|
||||
{!isEventsLoading && availableCameraIds.length > 0 && (
|
||||
<div className="relative" ref={cameraMenuRef}>
|
||||
<Command
|
||||
shouldFilter={false}
|
||||
className="overflow-visible rounded-md border bg-secondary/40"
|
||||
>
|
||||
<CommandInput
|
||||
value={cameraSearch}
|
||||
onValueChange={setCameraSearch}
|
||||
onFocus={() => setCameraMenuOpen(true)}
|
||||
onBlur={handleCameraInputBlur}
|
||||
placeholder={t("export.multiCamera.searchOrSelectGroup")}
|
||||
/>
|
||||
{/* Hide the actions/groups menu while a search query is
|
||||
active so it doesn't cover the filtered camera cards. */}
|
||||
{cameraMenuOpen && cameraSearch.trim().length === 0 && (
|
||||
<CommandList className="absolute top-full z-10 mt-1 max-h-72 w-full rounded-md border bg-background shadow-md">
|
||||
<CommandGroup>
|
||||
<CommandItem
|
||||
value="action:select-all"
|
||||
className="cursor-pointer"
|
||||
onSelect={() =>
|
||||
applyCameraSelection(availableCameraIds)
|
||||
}
|
||||
>
|
||||
<span>{t("export.multiCamera.selectAll")}</span>
|
||||
<span className="ml-auto text-xs text-muted-foreground">
|
||||
{availableCameraIds.length}
|
||||
</span>
|
||||
</CommandItem>
|
||||
<CommandItem
|
||||
value="action:clear"
|
||||
className="cursor-pointer"
|
||||
onSelect={() => applyCameraSelection([])}
|
||||
>
|
||||
{t("export.multiCamera.clearSelection")}
|
||||
</CommandItem>
|
||||
<CommandItem
|
||||
value="action:activity"
|
||||
className="cursor-pointer"
|
||||
onSelect={() => applyCameraSelection(activeCameraIds)}
|
||||
>
|
||||
<span>
|
||||
{t("export.multiCamera.selectWithActivity")}
|
||||
</span>
|
||||
<span className="ml-auto text-xs text-muted-foreground">
|
||||
{activeCameraIds.length}
|
||||
</span>
|
||||
</CommandItem>
|
||||
</CommandGroup>
|
||||
{cameraGroups.length > 0 && (
|
||||
<>
|
||||
<CommandSeparator />
|
||||
<CommandGroup
|
||||
heading={t("export.multiCamera.selectGroup")}
|
||||
>
|
||||
{cameraGroups.map((group) => (
|
||||
<CommandItem
|
||||
key={group.name}
|
||||
value={`group:${group.name}`}
|
||||
className="cursor-pointer"
|
||||
onSelect={() =>
|
||||
applyCameraSelection(group.cameras)
|
||||
}
|
||||
>
|
||||
<IconRenderer
|
||||
icon={LuIcons[group.icon]}
|
||||
className="mr-2 size-4 text-secondary-foreground"
|
||||
/>
|
||||
<span className="truncate">{group.name}</span>
|
||||
<span className="ml-auto text-xs text-muted-foreground">
|
||||
{group.cameras.length}
|
||||
</span>
|
||||
</CommandItem>
|
||||
))}
|
||||
</CommandGroup>
|
||||
</>
|
||||
)}
|
||||
</CommandList>
|
||||
)}
|
||||
</Command>
|
||||
</div>
|
||||
)}
|
||||
<div
|
||||
className={cn(
|
||||
"scrollbar-container space-y-2",
|
||||
isDesktop && "max-h-64 overflow-y-auto pr-1",
|
||||
isDesktop && "max-h-64 overflow-y-auto p-0.5 pr-1",
|
||||
)}
|
||||
>
|
||||
{isEventsLoading && (
|
||||
@ -924,7 +1099,14 @@ export function ExportContent({
|
||||
{t("export.multiCamera.noCameras")}
|
||||
</div>
|
||||
)}
|
||||
{cameraActivities.map((activity) => {
|
||||
{!isEventsLoading &&
|
||||
cameraActivities.length > 0 &&
|
||||
filteredCameraActivities.length === 0 && (
|
||||
<div className="px-2 py-4 text-sm text-muted-foreground">
|
||||
{t("export.multiCamera.noMatchingCameras")}
|
||||
</div>
|
||||
)}
|
||||
{filteredCameraActivities.map((activity) => {
|
||||
const isSelected = selectedCameraIds.includes(activity.camera);
|
||||
|
||||
return (
|
||||
@ -981,7 +1163,7 @@ export function ExportContent({
|
||||
</div>
|
||||
|
||||
<div className="space-y-2">
|
||||
<Label className="text-sm text-secondary-foreground">
|
||||
<Label className="text-sm text-primary">
|
||||
{t("export.multiCamera.nameLabel")}
|
||||
</Label>
|
||||
<Input
|
||||
@ -994,7 +1176,7 @@ export function ExportContent({
|
||||
|
||||
{isAdmin && (
|
||||
<div className="space-y-2">
|
||||
<Label className="text-sm text-secondary-foreground">
|
||||
<Label className="text-sm text-primary">
|
||||
{t("export.case.label")}
|
||||
</Label>
|
||||
<Select
|
||||
|
||||
@ -1197,14 +1197,7 @@ function LifecycleIconRow({
|
||||
backgroundColor: `rgb(${color})`,
|
||||
}}
|
||||
/>
|
||||
<span
|
||||
className={cn(
|
||||
item.data?.zones_friendly_names?.[zidx] === zone &&
|
||||
"smart-capitalize",
|
||||
)}
|
||||
>
|
||||
{item.data?.zones_friendly_names?.[zidx]}
|
||||
</span>
|
||||
<span>{item.data?.zones_friendly_names?.[zidx]}</span>
|
||||
</Badge>
|
||||
);
|
||||
})}
|
||||
|
||||
@ -7,12 +7,12 @@ export function resolveZoneName(
|
||||
zoneId: string,
|
||||
cameraId?: string,
|
||||
) {
|
||||
if (!config) return String(zoneId).replace(/_/g, " ");
|
||||
if (!config) return String(zoneId);
|
||||
|
||||
if (cameraId) {
|
||||
const camera = config.cameras?.[String(cameraId)];
|
||||
const zone = camera?.zones?.[zoneId];
|
||||
return zone?.friendly_name || String(zoneId).replace(/_/g, " ");
|
||||
return zone?.friendly_name || String(zoneId);
|
||||
}
|
||||
|
||||
for (const camKey in config.cameras) {
|
||||
@ -21,12 +21,12 @@ export function resolveZoneName(
|
||||
if (!cam?.zones) continue;
|
||||
if (Object.prototype.hasOwnProperty.call(cam.zones, zoneId)) {
|
||||
const zone = cam.zones[zoneId];
|
||||
return zone?.friendly_name || String(zoneId).replace(/_/g, " ");
|
||||
return zone?.friendly_name || String(zoneId);
|
||||
}
|
||||
}
|
||||
|
||||
// Fallback: return a cleaned-up zoneId string
|
||||
return String(zoneId).replace(/_/g, " ");
|
||||
// Fallback: display the raw zone id verbatim (no friendly_name available)
|
||||
return String(zoneId);
|
||||
}
|
||||
|
||||
export function useZoneFriendlyName(zoneId: string, cameraId?: string): string {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user