BetterCorp/BetterFrame
1
0
Fork 0
mirror of https://github.com/BetterCorp/BetterFrame.git synced 2026-05-26 16:56:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
No description
220 commits 1 branch 156 tags 1.9 MiB
TypeScript 65.4%
Rust 21%
JavaScript 5.9%
Shell 5.1%
HTML 2.4%
Other 0.2%
Find a file
Mitchell R c5068615ee
feat(remote-debug): journal streaming + secure terminal via WebSocket 
Kiosk side (remote_debug.rs + ws_client.rs refactor):
  - Journal streaming: server sends journal-start → kiosk spawns
    journalctl -f, pipes lines back as journal-line messages via WS.
    journal-stop kills the process. On-demand, not always-on.
  - Terminal: server sends terminal-request → kiosk checks lockout +
    firmware_channel == "dev" → generates 8-char code displayed on
    screen as fullscreen overlay (NOT logged) → server relays admin's
    code via terminal-auth → kiosk validates with constant-time compare
    → on success spawns bash, relays I/O as base64 terminal-data.
  - Lockout: 3 failed codes per boot → lockout_count++. 3 lockouts
    (9 total failures) → permanent (reflash only). Reboot resets
    attempt counter, not lockout counter. Successful pairing resets all.
  - ws_client.rs rewritten with split reader/writer + tokio::select!
    for multiplexing incoming WS messages with outbound journal/terminal
    data from sync threads.

Server side (coordinator-ws + routes-admin):
  - New admin debug WS endpoint: /ws/admin/debug/:kioskId. Authenticated
    via admin API key (query param) or session cookie. Relays messages
    bidirectionally between admin browser ↔ kiosk.
  - Admin pages: /admin/kiosks/:id/logs (journal viewer with start/
    stop/clear) and /admin/kiosks/:id/terminal (code entry + terminal
    area). Both open in new tabs from the kiosk detail page.
  - Angie proxy config updated with /ws/admin/debug/ location block.

Security:
  - Terminal only on dev channel
  - Code displayed physically on screen, never logged or stored server-side
  - Lockout: 3/boot, 3 lockouts = permanent, pairing resets
  - Kiosk responds "locked" without specifying which lockout triggered
2026-05-22 20:13:39 +02:00
.github/workflows fix(ci): always build kiosk binary + image on every master push 2026-05-22 18:37:23 +02:00
deploy feat(remote-debug): journal streaming + secure terminal via WebSocket 2026-05-22 20:13:39 +02:00
docs feat(ota): add RAUC OS update foundation 2026-05-20 05:15:29 +02:00
kiosk feat(remote-debug): journal streaming + secure terminal via WebSocket 2026-05-22 20:13:39 +02:00
nodered fix(nodered): parse JSON body in trigger nodes 2026-05-13 03:07:22 +02:00
scripts fix(rauc): switch signing keys from Ed25519 to ECDSA P-256 2026-05-21 15:45:26 +02:00
server feat(remote-debug): journal streaming + secure terminal via WebSocket 2026-05-22 20:13:39 +02:00
.gitattributes fix(deploy): mark setup-pi-kiosk.sh executable in git index + add .gitattributes 2026-05-13 03:33:41 +02:00
.gitignore feat(remote-debug): journal streaming + secure terminal via WebSocket 2026-05-22 20:13:39 +02:00
CLAUDE.md fix(proxy): split Node-RED route surfaces 2026-05-11 10:44:45 +02:00
docker-compose.coolify.yml fix(version): derive server version from git at Docker build time 2026-05-21 16:02:21 +02:00
docker-compose.yml fix(release): surface build versions 2026-05-21 08:51:41 +02:00
LICENSE-AGPL.txt docs: dual-license declaration + vendored AGPL-3.0 text 2026-05-15 04:47:46 +02:00
LICENSE-COMMERCIAL.md docs: dual-license declaration + vendored AGPL-3.0 text 2026-05-15 04:47:46 +02:00
LICENSE.md docs: dual-license declaration + vendored AGPL-3.0 text 2026-05-15 04:47:46 +02:00
package-lock.json feat(store): Postgres adapter foundation + BF_DB selector (phase 1) 2026-05-18 22:50:48 +02:00
package.json adding initial project 2026-05-10 01:09:13 +02:00
sec-config.yaml feat: Node-RED custom nodes + dashboard entity type 2026-05-13 01:47:53 +02:00
tsconfig.base.json adding initial project 2026-05-10 01:09:13 +02:00