mirror of
https://github.com/BetterCorp/BetterFrame.git
synced 2026-05-26 23:26:34 +00:00
4cf9704350
Root cause: kiosk never stored cluster_key from pairing response. Bundle ships onvif_password_encrypted (AES-256-GCM with cluster key). decrypt_cluster was a stub returning None → empty password → WSSE auth fails → CreatePullPoint rejected → no events ever. Fix: 1. ClaimResp now includes cluster_key field 2. Stored encrypted at rest alongside kiosk_key (at_rest.rs) 3. Loaded at bundle render, passed to onvif_events::start() 4. decrypt_cluster implements full AES-256-GCM: parse v1.<iv>.<tag>.<ct> format, base64url decode, decrypt with cluster key Also: removed BF_ENABLE_ONVIF_EVENTS env gate — if camera is type=onvif with onvif_host, subscribe. Gate was redundant with the type filter. Also: bump Angie proxy_read_timeout to 600s on /api/admin/ for OS bundle import (downloads ~1GB from GitHub, was timing out at 60s). NOTE: existing paired kiosks won't have cluster_key stored. They need to re-pair (delete + re-add) to receive it. New pairings get it automatically. |
||
|---|---|---|
| .. | ||
| betterframe.docker.conf | ||