* jwt permissions
* add old password to body req
* add model and migration
need to track the datetime that passwords were changed for the jwt
* auth api backend changes
- use os.open to create jwt secret with restrictive permissions (0o600: read/write for owner only)
- add backend validation for password strength
- add iat claim to jwt so the server can determine when a token was issued and reject any jwts issued before a user's password_changed_at timestamp, ensuring old tokens are invalidated after a password change
- set logout route to public to avoid 401 when logging out
- issue new jwt for users who change their own password so they stay logged in
* improve set password dialog
- add field to verify old password
- add password strength requirements
* frontend tweaks for password dialog
* i18n
* use verify endpoint for existing password verification
avoid /login side effects (creating a new session)
* public logout
* only check if password has changed on jwt refresh
* fix tests
Fix migration 030 by using raw sql to select usernames (avoid ORM selecting nonexistent columns)
* add multi device warning to password dialog
* remove password verification endpoint
Just send old_password + new password in one request, let the backend handle verification in a single operation
* Add base class for global config updates
* Add or remove camera states
* Move camera process management to separate thread
* Move camera management fully to separate class
* Cleanup
* Stop camera processes when stop command is sent
* Start processes dynamically when needed
* Adjust
* Leave extra room in tracked object queue for two cameras
* Dynamically set extra config pieces
* Add some TODOs
* Fix type check
* Simplify config updates
* Improve typing
* Correctly handle indexed entries
* Cleanup
* Create out SHM
* Use ZMQ for signaling object detectoin is completed
* Get camera correctly created
* Cleanup for updating the cameras config
* Cleanup
* Don't enable audio if no cameras have audio transcription
* Use exact string so similar camera names don't interfere
* Add ability to update config via json body to config/set endpoint
Additionally, update the config in a single rather than multiple calls for each updated key
* fix autotracking calibration to support new config updater function
---------
Co-authored-by: Josh Hawkins <32435876+hawkeye217@users.noreply.github.com>
* Include config publisher in api
* Call update topic for passed topics
* Update zones dynamically
* Update zones internally
* Support zone and mask reset
* Handle updating objects config
* Don't put status for needing to restart Frigate
* Cleanup http tests
* Fix tests
* db migration
* db model
* assign admin role on password reset
* add role to jwt and api responses
* don't restrict api access for admins yet
* use json response
* frontend auth context
* update auth form for profile endpoint
* add access denied page
* add protected routes
* auth hook
* dialogs
* user settings view
* restrict viewer access to settings
* restrict camera functions for viewer role
* add password dialog to account menu
* spacing tweak
* migrator default to admin
* escape quotes in migrator
* ui tweaks
* tweaks
* colors
* colors
* fix merge conflict
* fix icons
* add api layer enforcement
* ui tweaks
* fix error message
* debug
* clean up
* remove print
* guard apis for admin only
* fix tests
* fix review tests
* use correct error responses from api in toasts
* add role to account menu
* Organize api files
* Add more API definitions for events
* Add export select by ID
* Typing fixes
* Update openapi spec
* Change type
* Fix test
* Fix message
* Fix tests
