admin/NewSmoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

linked device, device tasks and certs in database

Browse Source
This commit is contained in:
tdv
2025-10-13 20:04:54 +03:00
parent 2895c6afdd
commit bdb89f0966
5 changed files with 30 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
nginx/dev.conf
View File

@@ -98,25 +98,25 @@ server {
} }
# ---- mTLS-protected paths ---- # ---- mTLS-protected paths ----
location ^~ /records { location ^~ /api/records {
if ($ssl_client_verify != SUCCESS) { if ($ssl_client_verify != SUCCESS) {
return 495; return 495;
} }
proxy_pass http://snoop-api:8080; proxy_pass http://snoop-api:8080/;
} }
location ^~ /tasks { location ^~ /api/tasks {
if ($ssl_client_verify != SUCCESS) { if ($ssl_client_verify != SUCCESS) {
return 495; return 495;
} }
proxy_pass http://snoop-api:8080; proxy_pass http://snoop-api:8080/;
} }
location ^~ /renew { location ^~ /api/renew {
if ($ssl_client_verify != SUCCESS) { if ($ssl_client_verify != SUCCESS) {
return 495; return 495;
} }
proxy_pass http://snoop-api:8080; proxy_pass http://snoop-api:8080/;
} }
# MediaMTX HLS # MediaMTX HLS
@@ -158,4 +158,19 @@ server {
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
} }
location ^~ /api/ {
proxy_pass http://snoop-api:8080/; # trailing slash strips /api
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# (Optional) WS/SSE friendly defaults
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
}
} }

2
server/internal/handlers/mediamtx.go
View File

@@ -227,7 +227,7 @@ func (h *MediaMTXHandler) StartStreamPayload(guid string) (string, error) {
return "", err return "", err
} }
whip := fmt.Sprintf("%s/whip/%s?token=%s", whip := fmt.Sprintf("%s/whip/%s?token=%s",
strings.TrimRight(h.cfg.WebRTCBaseURL, "/"), strings.TrimRight(h.cfg.PublicBaseURL, "/"),
path, path,
url.QueryEscape(tok), url.QueryEscape(tok),
) )

1
server/internal/models/cert.go
View File

@@ -13,6 +13,7 @@ type DeviceCertificate struct {
NotAfter time.Time NotAfter time.Time
PemCert string `gorm:"type:text"` // PEM of leaf cert PemCert string `gorm:"type:text"` // PEM of leaf cert
CreatedAt time.Time CreatedAt time.Time
Device Device `gorm:"constraint:OnDelete:CASCADE;foreignKey:DeviceGUID;references:GUID"`
} }
// “Instant kill” list checked by the mTLS guard before allowing access. // “Instant kill” list checked by the mTLS guard before allowing access.

2
server/internal/models/device.go
View File

@@ -7,6 +7,8 @@ type Device struct {
Name string `gorm:"size:255;not null"` Name string `gorm:"size:255;not null"`
Users []User `gorm:"many2many:user_devices;constraint:OnDelete:CASCADE;"` Users []User `gorm:"many2many:user_devices;constraint:OnDelete:CASCADE;"`
Records []Record `gorm:"foreignKey:DeviceGUID;references:GUID;constraint:OnDelete:CASCADE"` Records []Record `gorm:"foreignKey:DeviceGUID;references:GUID;constraint:OnDelete:CASCADE"`
Tasks []DEviceTask `gorm:"foreignKey:DeviceGUID;references:GUID;constraint:OnDelete:CASCADE"`
Certs []DeviceCertificate `gorm:"foreignKey:DeviceGUID;references:GUID;constraint:OnDelete:CASCADE"`
CreatedAt time.Time CreatedAt time.Time
UpdatedAt time.Time UpdatedAt time.Time
} }

1
server/internal/models/task.go
View File

@@ -48,4 +48,5 @@ type DEviceTask struct {
// Optional: small attempt/lease system if you ever need retries/timeouts // Optional: small attempt/lease system if you ever need retries/timeouts
// Attempts int `gorm:"not null;default:0"` // Attempts int `gorm:"not null;default:0"`
Device Device `gorm:"constraint:OnDelete:CASCADE;foreignKey:DeviceGUID;references:GUID"`
} }