BetterCorp/BetterFrame
1
0
Fork 0
mirror of https://github.com/BetterCorp/BetterFrame.git synced 2026-05-26 16:56:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
No description
233 commits 1 branch 156 tags 1.9 MiB
TypeScript 65.4%
Rust 21%
JavaScript 5.9%
Shell 5.1%
HTML 2.4%
Other 0.2%
Find a file
Mitchell R 4cf9704350
fix(onvif-events): store cluster_key at pairing + implement AES-256-GCM decrypt 
Root cause: kiosk never stored cluster_key from pairing response.
Bundle ships onvif_password_encrypted (AES-256-GCM with cluster key).
decrypt_cluster was a stub returning None → empty password → WSSE auth
fails → CreatePullPoint rejected → no events ever.

Fix:
1. ClaimResp now includes cluster_key field
2. Stored encrypted at rest alongside kiosk_key (at_rest.rs)
3. Loaded at bundle render, passed to onvif_events::start()
4. decrypt_cluster implements full AES-256-GCM: parse v1.<iv>.<tag>.<ct>
   format, base64url decode, decrypt with cluster key

Also: removed BF_ENABLE_ONVIF_EVENTS env gate — if camera is type=onvif
with onvif_host, subscribe. Gate was redundant with the type filter.

Also: bump Angie proxy_read_timeout to 600s on /api/admin/ for OS
bundle import (downloads ~1GB from GitHub, was timing out at 60s).

NOTE: existing paired kiosks won't have cluster_key stored. They need
to re-pair (delete + re-add) to receive it. New pairings get it
automatically.
2026-05-22 22:18:25 +02:00
.github/workflows fix(ci): wait for GitHub CDN before OS bundle auto-import (504 race) 2026-05-22 22:11:31 +02:00
deploy fix(onvif-events): store cluster_key at pairing + implement AES-256-GCM decrypt 2026-05-22 22:18:25 +02:00
docs feat(ota): add RAUC OS update foundation 2026-05-20 05:15:29 +02:00
kiosk fix(onvif-events): store cluster_key at pairing + implement AES-256-GCM decrypt 2026-05-22 22:18:25 +02:00
nodered fix(nodered): parse JSON body in trigger nodes 2026-05-13 03:07:22 +02:00
scripts fix(rauc): switch signing keys from Ed25519 to ECDSA P-256 2026-05-21 15:45:26 +02:00
server fix(terminal): get channel from server heartbeat response, not env/build 2026-05-22 20:51:18 +02:00
.gitattributes fix(deploy): mark setup-pi-kiosk.sh executable in git index + add .gitattributes 2026-05-13 03:33:41 +02:00
.gitignore feat(remote-debug): journal streaming + secure terminal via WebSocket 2026-05-22 20:13:39 +02:00
CLAUDE.md fix(proxy): split Node-RED route surfaces 2026-05-11 10:44:45 +02:00
docker-compose.coolify.yml fix(version): derive server version from git at Docker build time 2026-05-21 16:02:21 +02:00
docker-compose.yml fix(release): surface build versions 2026-05-21 08:51:41 +02:00
LICENSE-AGPL.txt docs: dual-license declaration + vendored AGPL-3.0 text 2026-05-15 04:47:46 +02:00
LICENSE-COMMERCIAL.md docs: dual-license declaration + vendored AGPL-3.0 text 2026-05-15 04:47:46 +02:00
LICENSE.md docs: dual-license declaration + vendored AGPL-3.0 text 2026-05-15 04:47:46 +02:00
package-lock.json feat(store): Postgres adapter foundation + BF_DB selector (phase 1) 2026-05-18 22:50:48 +02:00
package.json adding initial project 2026-05-10 01:09:13 +02:00
sec-config.yaml feat: Node-RED custom nodes + dashboard entity type 2026-05-13 01:47:53 +02:00
tsconfig.base.json adding initial project 2026-05-10 01:09:13 +02:00