BetterCorp/BetterFrame
1
0
Fork 0
mirror of https://github.com/BetterCorp/BetterFrame.git synced 2026-05-26 16:56:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
No description
250 commits 1 branch 156 tags 1.9 MiB
TypeScript 65.4%
Rust 21%
JavaScript 5.9%
Shell 5.1%
HTML 2.4%
Other 0.2%
Find a file
Mitchell R caf6095b6e
feat(security): per-kiosk encryption keys for camera passwords 
Replaces shared cluster_key for bundle encryption. Each kiosk gets a
unique 32-byte AES key generated at pairing time:

Server:
  - confirmPairing generates randomBytes(32), stores encrypted with
    server secret on kiosks.encrypt_key_encrypted column
  - Delivers plaintext encrypt_key to kiosk in claim response (one-time)
  - generateBundle prefers per-kiosk key over cluster_key for
    encryptForCluster (same AES-256-GCM format, different key per kiosk)

Kiosk:
  - ClaimResp gains encrypt_key field, stored encrypted at rest
  - onvif_events prefers encrypt_key over cluster_key for decryption
  - Backward compatible: old kiosks without encrypt_key still use
    cluster_key (both delivered at pairing)

Security improvement: compromised SD card only exposes camera passwords
encrypted for THAT specific kiosk, not the entire fleet. Rotate by
deleting + re-pairing the compromised kiosk.
2026-05-23 01:36:43 +02:00
.github/workflows fix(ci): retry firmware auto-import on TLS/transient failure 2026-05-23 00:05:21 +02:00
deploy fix(cursor): correct Xcursor binary format (was missing version field) 2026-05-23 00:22:28 +02:00
docs feat(ota): add RAUC OS update foundation 2026-05-20 05:15:29 +02:00
kiosk feat(security): per-kiosk encryption keys for camera passwords 2026-05-23 01:36:43 +02:00
nodered fix(nodered): parse JSON body in trigger nodes 2026-05-13 03:07:22 +02:00
scripts fix(rauc): switch signing keys from Ed25519 to ECDSA P-256 2026-05-21 15:45:26 +02:00
server feat(security): per-kiosk encryption keys for camera passwords 2026-05-23 01:36:43 +02:00
.gitattributes fix(deploy): mark setup-pi-kiosk.sh executable in git index + add .gitattributes 2026-05-13 03:33:41 +02:00
.gitignore feat(remote-debug): journal streaming + secure terminal via WebSocket 2026-05-22 20:13:39 +02:00
CLAUDE.md fix(proxy): split Node-RED route surfaces 2026-05-11 10:44:45 +02:00
docker-compose.coolify.yml fix(version): derive server version from git at Docker build time 2026-05-21 16:02:21 +02:00
docker-compose.yml fix(release): surface build versions 2026-05-21 08:51:41 +02:00
LICENSE-AGPL.txt docs: dual-license declaration + vendored AGPL-3.0 text 2026-05-15 04:47:46 +02:00
LICENSE-COMMERCIAL.md docs: dual-license declaration + vendored AGPL-3.0 text 2026-05-15 04:47:46 +02:00
LICENSE.md docs: dual-license declaration + vendored AGPL-3.0 text 2026-05-15 04:47:46 +02:00
package-lock.json feat(store): Postgres adapter foundation + BF_DB selector (phase 1) 2026-05-18 22:50:48 +02:00
package.json adding initial project 2026-05-10 01:09:13 +02:00
sec-config.yaml feat: Node-RED custom nodes + dashboard entity type 2026-05-13 01:47:53 +02:00
tsconfig.base.json adding initial project 2026-05-10 01:09:13 +02:00