From bdb89f0966bf719b8e3ba12b6c96a496b0254bc9 Mon Sep 17 00:00:00 2001 From: tdv Date: Mon, 13 Oct 2025 20:04:54 +0300 Subject: [PATCH] linked device, device tasks and certs in database --- nginx/dev.conf | 27 +++++++++++++++++++++------ server/internal/handlers/mediamtx.go | 2 +- server/internal/models/cert.go | 1 + server/internal/models/device.go | 10 ++++++---- server/internal/models/task.go | 1 + 5 files changed, 30 insertions(+), 11 deletions(-) diff --git a/nginx/dev.conf b/nginx/dev.conf index b8e7a5e..aa80466 100644 --- a/nginx/dev.conf +++ b/nginx/dev.conf @@ -98,25 +98,25 @@ server { } # ---- mTLS-protected paths ---- - location ^~ /records { + location ^~ /api/records { if ($ssl_client_verify != SUCCESS) { return 495; } - proxy_pass http://snoop-api:8080; + proxy_pass http://snoop-api:8080/; } - location ^~ /tasks { + location ^~ /api/tasks { if ($ssl_client_verify != SUCCESS) { return 495; } - proxy_pass http://snoop-api:8080; + proxy_pass http://snoop-api:8080/; } - location ^~ /renew { + location ^~ /api/renew { if ($ssl_client_verify != SUCCESS) { return 495; } - proxy_pass http://snoop-api:8080; + proxy_pass http://snoop-api:8080/; } # MediaMTX HLS @@ -158,4 +158,19 @@ server { proxy_set_header Connection $connection_upgrade; } + location ^~ /api/ { + proxy_pass http://snoop-api:8080/; # trailing slash strips /api + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # (Optional) WS/SSE friendly defaults + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_read_timeout 3600s; + proxy_send_timeout 3600s; + } + } \ No newline at end of file diff --git a/server/internal/handlers/mediamtx.go b/server/internal/handlers/mediamtx.go index e751c9b..00eae30 100644 --- a/server/internal/handlers/mediamtx.go +++ b/server/internal/handlers/mediamtx.go @@ -227,7 +227,7 @@ func (h *MediaMTXHandler) StartStreamPayload(guid string) (string, error) { return "", err } whip := fmt.Sprintf("%s/whip/%s?token=%s", - strings.TrimRight(h.cfg.WebRTCBaseURL, "/"), + strings.TrimRight(h.cfg.PublicBaseURL, "/"), path, url.QueryEscape(tok), ) diff --git a/server/internal/models/cert.go b/server/internal/models/cert.go index 6715fa8..b3af99e 100644 --- a/server/internal/models/cert.go +++ b/server/internal/models/cert.go @@ -13,6 +13,7 @@ type DeviceCertificate struct { NotAfter time.Time PemCert string `gorm:"type:text"` // PEM of leaf cert CreatedAt time.Time + Device Device `gorm:"constraint:OnDelete:CASCADE;foreignKey:DeviceGUID;references:GUID"` } // “Instant kill” list checked by the mTLS guard before allowing access. diff --git a/server/internal/models/device.go b/server/internal/models/device.go index 6604673..51b4c00 100644 --- a/server/internal/models/device.go +++ b/server/internal/models/device.go @@ -3,10 +3,12 @@ package models import "time" type Device struct { - GUID string `gorm:"primaryKey"` - Name string `gorm:"size:255;not null"` - Users []User `gorm:"many2many:user_devices;constraint:OnDelete:CASCADE;"` - Records []Record `gorm:"foreignKey:DeviceGUID;references:GUID;constraint:OnDelete:CASCADE"` + GUID string `gorm:"primaryKey"` + Name string `gorm:"size:255;not null"` + Users []User `gorm:"many2many:user_devices;constraint:OnDelete:CASCADE;"` + Records []Record `gorm:"foreignKey:DeviceGUID;references:GUID;constraint:OnDelete:CASCADE"` + Tasks []DEviceTask `gorm:"foreignKey:DeviceGUID;references:GUID;constraint:OnDelete:CASCADE"` + Certs []DeviceCertificate `gorm:"foreignKey:DeviceGUID;references:GUID;constraint:OnDelete:CASCADE"` CreatedAt time.Time UpdatedAt time.Time } diff --git a/server/internal/models/task.go b/server/internal/models/task.go index d8d033a..dca0222 100644 --- a/server/internal/models/task.go +++ b/server/internal/models/task.go @@ -48,4 +48,5 @@ type DEviceTask struct { // Optional: small attempt/lease system if you ever need retries/timeouts // Attempts int `gorm:"not null;default:0"` + Device Device `gorm:"constraint:OnDelete:CASCADE;foreignKey:DeviceGUID;references:GUID"` }