Commit Graph

17 Commits

Author SHA1 Message Date
Josh Hawkins
bf311e6467
Simplify auth check (#17138)
* simplify get_current_user

* add sanity check
2025-03-13 16:01:15 -05:00
MkSavin
bea6cf29c2
fix(auth): Added trimming to jwt secret token read from .jwt_secret (#16467)
Added cleaning of leading and trailing spaces and special characters from a line when reading a secret token from a `.jwt_secret` file
2025-03-10 16:36:43 -06:00
Josh Hawkins
2be5225440
More auth role fixes (#17067)
* simplify check and handle comma separated roles

* spacing
2025-03-10 10:00:35 -05:00
Josh Hawkins
cb25bd4a88
Auth role bugfixes (#17066)
* get correct role from header map

* fix profile endpoint
2025-03-10 07:59:24 -06:00
Josh Hawkins
74ca009b0b
UI viewer role (#16978)
* db migration

* db model

* assign admin role on password reset

* add role to jwt and api responses

* don't restrict api access for admins yet

* use json response

* frontend auth context

* update auth form for profile endpoint

* add access denied page

* add protected routes

* auth hook

* dialogs

* user settings view

* restrict viewer access to settings

* restrict camera functions for viewer role

* add password dialog to account menu

* spacing tweak

* migrator default to admin

* escape quotes in migrator

* ui tweaks

* tweaks

* colors

* colors

* fix merge conflict

* fix icons

* add api layer enforcement

* ui tweaks

* fix error message

* debug

* clean up

* remove print

* guard apis for admin only

* fix tests

* fix review tests

* use correct error responses from api in toasts

* add role to account menu
2025-03-08 10:01:08 -06:00
Blake Blackshear
6b12a45a95
return 401 for login failures (#15432)
* return 401 for login failures

* only setup the rate limiter when configured
2024-12-10 06:42:55 -07:00
Nicolas Mowen
bb86e71e65
fix auth remote addr access (#15378) 2024-12-06 10:25:43 -06:00
Nicolas Mowen
d3b631a952
Api improvements (#15327)
* Organize api files

* Add more API definitions for events

* Add export select by ID

* Typing fixes

* Update openapi spec

* Change type

* Fix test

* Fix message

* Fix tests
2024-12-06 08:04:02 -06:00
Nicolas Mowen
0eccb6a610
Db fixes (#14364)
* Handle case where embeddings overflow token limit

* Set notification tokens

* Fix sort
2024-10-15 07:17:54 -06:00
gtsiam
bbbb3b4a06
Split config.py into multiple files (#14038)
* Replace logging.warn with logging.warning

* Install config global state early

* Split config.py into more manageable pieces
2024-09-28 14:21:42 -05:00
Rui Alves
cffc431bf0
Frigate HTTP API using FastAPI (#13871)
* POC: Added FastAPI with one endpoint (get /logs/service)

* POC: Revert error_log

* POC: Converted preview related endpoints to FastAPI

* POC: Converted two more endpoints to FastAPI

* POC: lint

* Convert all media endpoints to FastAPI. Added /media prefix (/media/camera && media/events && /media/preview)

* Convert all notifications API endpoints to FastAPI

* Convert first review API endpoints to FastAPI

* Convert remaining review API endpoints to FastAPI

* Convert export endpoints to FastAPI

* Fix path parameters

* Convert events endpoints to FastAPI

* Use body for multiple events endpoints

* Use body for multiple events endpoints (create and end event)

* Convert app endpoints to FastAPI

* Convert app endpoints to FastAPI

* Convert auth endpoints to FastAPI

* Removed flask app in favour of FastAPI app. Implemented FastAPI middleware to check CSRF, connect and disconnect from DB. Added middleware x-forwared-for headers

* Added starlette plugin to expose custom headers

* Use slowapi as the limiter

* Use query parameters for the frame latest endpoint

* Use query parameters for the media snapshot.jpg endpoint

* Use query parameters for the media MJPEG feed endpoint

* Revert initial nginx.conf change

* Added missing even_id for /events/search endpoint

* Removed left over comment

* Use FastAPI TestClient

* severity query parameter should be a string

* Use the same pattern for all tests

* Fix endpoint

* Revert media routers to old names. Order routes to make sure the dynamic ones from media.py are only used whenever there's no match on auth/etc

* Reverted paths for media on tsx files

* Deleted file

* Fix test_http to use TestClient

* Formatting

* Bind timeline to DB

* Fix http tests

* Replace filename with pathvalidate

* Fix latest.ext handling and disable uvicorn access logs

* Add cosntraints to api provided values

* Formatting

* Remove unused

* Remove unused

* Get rate limiter working

---------

Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-09-24 07:05:30 -06:00
Josh Thorpe
8f51f7b4c4
strip whitespaces when loading secrets (#12393)
* strip whitespaces when loading secrets

* formatting
2024-07-12 07:36:15 -06:00
Miguel Angel Nubla
02af1b0ac7
Fix header auth (#11985) 2024-06-16 05:52:17 -05:00
Blake Blackshear
9ceffeb191
split out proxy from auth (#11963)
* split out proxy from auth

* update documentation

* fixup auth mode check
2024-06-14 18:02:13 -05:00
Blake Blackshear
b3eab17f2c
just check for secret file specifically (#11877)
* just check for secret file specifically

* add josh to funding
2024-06-11 06:53:12 -06:00
Blake Blackshear
402f5fa142
add setting for secure flag on cookie (#11422)
* add setting for secure flag on cookie

* docs fix
2024-05-18 13:53:49 -06:00
Blake Blackshear
1133202cbd
Auth! (#11347)
* reload the window on 401

* backend apis for auth

* add login page

* re-enable web linter

* fix login page routing

* bypass csrf for internal auth endpoint

* disable healthcheck in devcontainer target

* include login page in vite build

* redirect to login page on 401

* implement config for users and settings

* implement JWT actual secret

* add brute force protection on login

* add support for redirecting from auth failures on api calls

* return location for redirect

* default cookie name should pass regex test

* set hash iterations to current OWASP recommendation

* move users to database instead of config

* config option to reset admin password on startup

* user management UI

* check for deleted user on refresh

* validate username and fixes

* remove password constraint

* cleanup

* fix user check on refresh

* web fixes

* implement auth via new external port

* use x-forwarded-for to rate limit login attempts by ip

* implement logout and profile

* fixes

* lint fixes

* add support for user passthru from upstream proxies

* add support for specifying a logout url

* add documentation

* Update docs/docs/configuration/authentication.md

Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>

* Update docs/docs/configuration/authentication.md

Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>

---------

Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>
2024-05-18 10:36:13 -06:00