ipcam 0.3.5 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 364d7aea8083301b5c3bfd0ec5c26d8afa68ac6496433495da0e56812f4dafe0
-  data.tar.gz: '09776c05b93354b60adaf89314d3c4f0ba1878ef83bd4cef1410cc72ba0639bb'
+  metadata.gz: a3646608decd74c82db0631040a7ddd1b4f94ae1feef0ae39272505a4b27e45f
+  data.tar.gz: bf43c0a17f8e99a083776aa4e983ab86525dc1cdf0f3949588549f54dd2662af
 SHA512:
-  metadata.gz: 983cdf9103d28102f42f76f8b230b84c5ece86c41f94d01c78cce4a1d97461e7ff25c60eb344f508e107a338a3fedcd9eb880b11fe9712a121692580b33cb549
-  data.tar.gz: eb89a8b0d1ad4e512f764e292c9fb61b237571bfc4bf4d785db335020704d58fe025ea0257f090911cd21fde6007c26423d74a9fe77f787bb2032ab326df33c0
+  metadata.gz: 56806547cb2de27720261e2c026337709e505f05ac8c73a9581f2d692a81af66c1358b4b99cc174e9035243e60aaaeecff87fb4b2ab080f5c6d75f8a1995536b
+  data.tar.gz: 15787dd7f41e5a406e50d8b9ffc4c6fc3802e677b1680a3aa5b9e4d29bb711c4af91495a28e2c6465aca9cc65f03fc4f6afc7ac90e69b7bf8a4d4642c1d1efb6

data/README.md

@@ -22,6 +22,11 @@ Connect a camera device compatible with V4L2 and start ipcam as follows.
 ```
 ipcam [options] [device-file]
 options:
+        --use-ssl
+        --ssl-cert=CRT-FILE
+        --ssl-key=KEY-FILE
+    -D, --digest-auth=FILE
+    -A, --add-user=USER,PASSWD
         --bind=ADDR
         --port=PORT
     -d, --database-file=FILE
@@ -40,6 +45,21 @@ Then connect to port 4567 by http browser and operate. The accessible URLs are a
 
 ### options
 <dl>
+  <dt>--use-ssl</dt>
+  <dd>Specify use SSL/TLS. If you use this option, shall specify a certificate file and a key file (Use the --ssl-cert and --ssl-key options).</dd>
+
+  <dt>--ssl-cert=CRT-FILE</dt>
+  <dd>Specifies the file that contains the X 509 server certificate.</dd>
+
+  <dt>--ssl-key=KEY-FILE</dt>
+  <dd>Specifies the key file that was used when the certificate was created.</dd>
+
+  <dt>-D, --digest-auth=YAML-FILE</dt>
+  <dd>Specifies to use restrict access by Digest Authentication. This argument is followed by a password file written in YAML.</dd>
+
+  <dt>-A, --add-user=USER-NAME,PASSWORD</dt>
+  <dd>Add entry to the password file. If you specify this option, only to add an entry to the password file to exit this application.</dd>
+
   <dt>--bind=ADDR</dt>
   <dd>Specify the address to which the HTTP server binds. by default, IPv6 any address("::") is used.</dd>
 
@@ -62,6 +82,33 @@ Then connect to port 4567 by http browser and operate. The accessible URLs are a
   <dd></dd>
 </dl>
 
+### Use digest authentication
+To restrict access by digest authentication, the password file written in YAML must be specified in the "--digest-auth" option. This file must be YAML-encoded map data of A1 strings (ref. RFC 7616) keyed by the user name.
+
+This file can be created using the "--add-user" option. The actual procedure is as follows. 
+
+#### Create password file
+##### create password file, and add user "foo"
+If specified password file does not exist and the "--digest-auth" and "--add-user" options are specified together, new password file containing user entry will be created.
+```
+ipcam --digest-auth passwd.yml --add-user foo,XXXXXXX
+```
+
+##### and add user "bar"
+If specified password file exists and the "--digest-auth" option and "--add-user" option are specified together, a user entry is added to the password file.
+```
+ipcam --digest-auth passwd.yml --add-user bar,YYYYYY
+```
+
+#### Run the server
+If only the "--digest-auth" option is specified, the server is started and performs digest authentication with the specified password file.
+```
+ipcam --digest-auth passwd.yml --use-ssl --ssl-cert cert/server.crt --ssl-key cert/server.key /dev/video0
+```
+
+#### Delete user from password file
+To delete a user, edit the YAML file directly.
+
 ### device-file
 specify target device file (ex: /dev/video1). if omittedm,  it will use "/dev/video0".
 

data/bin/ipcam

@@ -10,6 +10,8 @@
 require 'pathname'
 require 'optparse'
 require 'logger'
+require 'yaml'
+require 'digest/md5'
 
 Thread.abort_on_exception = true
 
@@ -47,6 +49,49 @@ OptionParser.new { |opt|
   opt.version  = IPCam::VERSION
   opt.banner  += " [DEVICE-FILE]"
 
+  opt.on('--use-ssl') {
+    $use_ssl   = true
+  }
+
+  opt.on('--ssl-cert=CRT-FILE', String) { |val|
+    $ssl_cert  = val
+  }
+
+  opt.on('--ssl-key=KEY-FILE', String) { |val|
+    $ssl_key   = val
+  }
+
+  opt.on('-D', '--digest-auth=FILE', String) { |val|
+    $use_dauth = true
+    $pwd_file  = Pathname.new(val)
+
+    if $pwd_file.exist?
+      if $pwd_file.world_readable? || $pwd_file.world_writable?
+        raise("password file shall be not world readble/writable")
+      end
+
+      $pwd_db  = YAML.load_file(val)
+    else
+
+      $pwd_db  = {}
+    end
+  }
+
+  opt.on('-A', '--add-user=USER,PASSWD', Array) { |val|
+    raise("passwd file is not specified") if not $pwd_db
+    raise("user \"#{val[0]}\" is already exist") if $pwd_db.include?(val[0])
+
+    $pwd_db[val[0]] = \
+          Digest::MD5.hexdigest("#{val[0]}:#{TRADITIONAL_NAME}:#{val[1]}")
+
+    $pwd_file.open("w") { |f|
+      f.chmod(0o600)
+      f.write($pwd_db.to_yaml)
+    }
+
+    exit
+  }
+
   opt.on('--bind=ADDR') { |val|
     $bind_addr = val
   }
@@ -117,6 +162,11 @@ OptionParser.new { |opt|
   if $db_file.exist? and (not $db_file.writable?)
     raise("#{$db_file.to_s} is not writable")
   end
+
+  if $use_ssl
+    raise("SSL cert file not specified") if not $ssl_cert
+    raise("SSL key file not specified") if not $ssl_key
+  end
 }
 
 #

data/lib/ipcam/version.rb

@@ -1,3 +1,3 @@
 module IPCam
-  VERSION = "0.3.5"
+  VERSION = "0.4.0"
 end

data/lib/ipcam/webserver.rb

@@ -50,12 +50,24 @@ module IPCam
 
         return nil
       end
+
+      def websock_url
+        return "#{($use_ssl)? "wss":"ws"}://${location.hostname}:#{$ws_port}"
+      end
     end
 
     get "/" do
       redirect "/main"
     end
 
+    get "/js/const.js" do
+      content_type("text/javascript")
+
+      <<~EOS
+        const WEBSOCK_URL = `#{websock_url}`; 
+      EOS
+    end
+
     get "/main" do
       erb :main
     end
@@ -93,8 +105,10 @@ module IPCam
           begin
             app.add_client(queue)
 
-            sock.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_QUICKACK, 1)
-            sock.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
+            if sock.kind_of?(TCPSocket)
+              sock.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_QUICKACK, 1)
+              sock.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
+            end
 
             sock.write("\r\n".b)
             sock.flush
@@ -107,23 +121,24 @@ module IPCam
 
               if $extend_header
                 header = <<~EOT.b
-                  --#{boundary}
+                  --#{boundary}\r
                   Content-Type: image/jpeg\r
                   Content-Length: #{body.bytesize}\r
-                  X-Frame-Number: #{fc}
-                  X-Timestamp: #{(Time.now.to_f * 1000).round}
+                  X-Frame-Number: #{fc}\r
+                  X-Timestamp: #{(Time.now.to_f * 1000).round}\r
                   \r
                 EOT
               else
                 header = <<~EOT.b
-                  --#{boundary}
+                  --#{boundary}\r
                   Content-Type: image/jpeg\r
                   Content-Length: #{body.bytesize}\r
                   \r
                 EOT
               end
 
-              sock.write(header, body)
+              sock.write(header)
+              sock.write(body)
               sock.flush
               fc += 1
 
@@ -143,7 +158,7 @@ module IPCam
         }
       }
 
-      # ↓力業でsinatraがContent-Lengthを付与仕様とするのを抑止している
+      # ↓力業でsinatraがContent-Lengthを付与するのを抑止している
       def response.calculate_content_length?
         return false
       end
@@ -167,6 +182,18 @@ module IPCam
     end
 
     class << self
+      if $use_dauth
+        def new(*)
+          ret = Rack::Auth::Digest::MD5.new(super) {|user| $pwd_db[user]}
+
+          ret.realm            = TRADITIONAL_NAME
+          ret.opaque           = SecureRandom.alphanumeric(32)
+          ret.passwords_hashed = true
+
+          return ret
+        end
+      end
+
       def bind_url
         if $bind_addr.include?(":")
           addr = "[#{$bind_addr}]" if $bind_addr.include?(":")
@@ -174,7 +201,13 @@ module IPCam
           addr = $bind_addr
         end
 
-        return "tcp://#{addr}:#{$http_port}"
+        if $use_ssl
+          ret = "ssl://#{addr}:#{$http_port}?key=#{$ssl_key}&cert=#{$ssl_cert}"
+        else
+          ret = "tcp://#{addr}:#{$http_port}"
+        end
+
+        return ret
       end
       private :bind_url
 

data/lib/ipcam/websock.rb

@@ -106,7 +106,7 @@ module IPCam
           addr = $bind_addr
         end
 
-        return "tcp://#{addr}:#{$ws_port}"
+        return "#{($use_ssl)? "ssl":"tcp"}://#{addr}:#{$ws_port}"
       end
       private :bind_url
 
@@ -121,7 +121,17 @@ module IPCam
 
           $logger.info("websock") {"started (#{bind_url()})"}
 
-          EM::WebSocket.start(:host => $bind_addr, :port => $ws_port) { |sock|
+          opts = {
+            :host        => $bind_addr,
+            :port        => $ws_port,
+            :secure      => $use_ssl,
+            :tls_options => {
+              :private_key_file => $ssl_key,
+              :cert_chain_file  => $ssl_cert
+            }
+          }
+
+          EM::WebSocket.start(opts) { |sock|
             peer = Socket.unpack_sockaddr_in(sock.get_peername)
             addr = peer[1]
             port = peer[0]

data/resource/ipcam/js/main.js

@@ -9,8 +9,6 @@
    * define constants
    */
 
-  const WS_URL = `ws://${location.hostname}:${parseInt(location.port)+1}/`;
-
   /*
    * declar package global variabled
    */
@@ -547,7 +545,7 @@
   }
 
   function initialize() {
-    session       = new Session(WS_URL);
+    session       = new Session(WEBSOCK_URL);
     capabilities  = null;
     controls      = null;
     sliders       = null;

data/resource/ipcam/scss/main/style.scss

@@ -18,6 +18,7 @@ body {
   }
 
   div.jumbotron {
+    position: relative;
     padding: 2rem 1rem;
     margin-bottom: 0px;
 
@@ -30,6 +31,17 @@ body {
     }
   }
 
+  div#version {
+    position: absolute;
+    right: 5px;
+    bottom: 5px;
+    opacity: 0.0;
+  }
+
+  div#version:hover {
+    opacity: 1.0;
+  }
+
   div#switches {
     width: 15%;
     height: 100%;

data/resource/ipcam/views/main.erb

@@ -11,6 +11,7 @@
     </meta>
 
     <script type="text/javascript" src="/js/jquery-3.4.1.min.js"></script>
+    <script type="text/javascript" src="/js/const.js"></script>
     <script type="text/javascript" src="/js/util.js"></script>
     <script type="text/javascript" src="/js/main.js"></script>
   </head>
@@ -21,6 +22,10 @@
         <h3 id="device-file"></h3>
         <h6 id="device-name"></h3>
       </div>
+
+      <div id="version">
+        version <%= IPCam::VERSION %>
+      </div>
     </div>
 
     <div id="main-area" class="d-flex d-flex-row">

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ipcam
 version: !ruby/object:Gem::Version
-  version: 0.3.5
+  version: 0.4.0
 platform: ruby
 authors:
 - Hirosho Kuwagata
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-06-27 00:00:00.000000000 Z
+date: 2019-10-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler