turn off linting for: jsx-a11y/control-has-associated-label

README.md

@@ -109,8 +109,10 @@ This repository contains everything you'll need to know about our core product,
 - Single camera per instance (e.g. one container per camera).
 - Primary and secondary stream setup (record full-res, stream low-res).
 - Low resolution streaming through MQTT and full resolution streaming through WebRTC.
+- End-to-end encryption through MQTT using RSA and AES.
 - Ability to specifiy conditions: offline mode, motion region, time table, continuous recording, etc.
 - Post- and pre-recording on motion detection.
+- Encryption at rest using AES-256-CBC.
 - Ability to create fragmented recordings, and streaming though HLS fMP4.
 - [Deploy where you want](#how-to-run-and-deploy-a-kerberos-agent) with the tools you use: `docker`, `docker compose`, `ansible`, `terraform`, `kubernetes`, etc.
 - Cloud storage/persistance: Kerberos Hub, Kerberos Vault and Dropbox. [(WIP: Minio, Storj, Google Drive, FTP etc.)](https://github.com/kerberos-io/agent/issues/95)

machinery/go.mod

@@ -2,7 +2,8 @@ module github.com/kerberos-io/agent/machinery
 
 go 1.19
 
-// replace github.com/kerberos-io/joy4 v1.0.57 => ../../../../github.com/kerberos-io/joy4
+//replace github.com/kerberos-io/joy4 v1.0.58 => ../../../../github.com/kerberos-io/joy4
+
 // replace github.com/kerberos-io/onvif v0.0.6 => ../../../../github.com/kerberos-io/onvif
 
 require (
@@ -20,11 +21,12 @@ require (
 	github.com/gin-contrib/pprof v1.4.0
 	github.com/gin-gonic/contrib v0.0.0-20221130124618-7e01895a63f2
 	github.com/gin-gonic/gin v1.8.2
+	github.com/gofrs/uuid v3.2.0+incompatible
 	github.com/golang-jwt/jwt/v4 v4.4.3
 	github.com/golang-module/carbon/v2 v2.2.3
 	github.com/gorilla/websocket v1.5.0
 	github.com/kellydunn/golang-geo v0.7.0
-	github.com/kerberos-io/joy4 v1.0.58
+	github.com/kerberos-io/joy4 v1.0.60
 	github.com/kerberos-io/onvif v0.0.7
 	github.com/minio/minio-go/v6 v6.0.57
 	github.com/nsmith5/mjpeg v0.0.0-20200913181537-54b8ada0e53e
@@ -72,7 +74,6 @@ require (
 	github.com/go-playground/validator/v10 v10.11.1 // indirect
 	github.com/go-stack/stack v1.8.0 // indirect
 	github.com/goccy/go-json v0.10.0 // indirect
-	github.com/gofrs/uuid v3.2.0+incompatible // indirect
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect

machinery/go.sum

@@ -264,8 +264,8 @@ github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/kellydunn/golang-geo v0.7.0 h1:A5j0/BvNgGwY6Yb6inXQxzYwlPHc6WVZR+MrarZYNNg=
 github.com/kellydunn/golang-geo v0.7.0/go.mod h1:YYlQPJ+DPEzrHx8kT3oPHC/NjyvCCXE+IuKGKdrjrcU=
-github.com/kerberos-io/joy4 v1.0.58 h1:R8EECSF+bG7o2yHC6cX/lF77Z+bDVGl6OioLZ3+5MN4=
-github.com/kerberos-io/joy4 v1.0.58/go.mod h1:nZp4AjvKvTOXRrmDyAIOw+Da+JA5OcSo/JundGfOlFU=
+github.com/kerberos-io/joy4 v1.0.60 h1:W9LMTHw+Lgz4J9/28xCvvVebhcAioup49NqxYVmrH38=
+github.com/kerberos-io/joy4 v1.0.60/go.mod h1:nZp4AjvKvTOXRrmDyAIOw+Da+JA5OcSo/JundGfOlFU=
 github.com/kerberos-io/onvif v0.0.7 h1:LIrXjTH7G2W9DN69xZeJSB0uS3W1+C3huFO8kTqx7/A=
 github.com/kerberos-io/onvif v0.0.7/go.mod h1:Hr2dJOH2LM5SpYKk17gYZ1CMjhGhUl+QlT5kwYogrW0=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=

machinery/src/cloud/Cloud.go

@@ -554,10 +554,12 @@ func HandleLiveStreamHD(livestreamCursor *pubsub.QueueCursor, configuration *mod
 				for handshake := range communication.HandleLiveHDHandshake {
 					log.Log.Info("HandleLiveStreamHD: setting up a peer connection.")
 					key := config.Key + "/" + handshake.SessionID
+					webrtc.CandidatesMutex.Lock()
 					_, ok := webrtc.CandidateArrays[key]
 					if !ok {
 						webrtc.CandidateArrays[key] = make(chan string)
 					}
+					webrtc.CandidatesMutex.Unlock()
 					webrtc.InitializeWebRTCConnection(configuration, communication, mqttClient, videoTrack, audioTrack, handshake, webrtc.CandidateArrays[key])
 
 				}

machinery/src/config/main.go

@@ -162,6 +162,12 @@ func OpenConfig(configDirectory string, configuration *models.Configuration) {
 		conjungo.Merge(&s3, configuration.CustomConfig.S3, opts)
 		configuration.Config.S3 = &s3
 
+		// Merge Encryption settings
+		var encryption models.Encryption
+		conjungo.Merge(&encryption, configuration.GlobalConfig.Encryption, opts)
+		conjungo.Merge(&encryption, configuration.CustomConfig.Encryption, opts)
+		configuration.Config.Encryption = &encryption
+
 		// Merge timetable manually because it's an array
 		configuration.Config.Timetable = configuration.CustomConfig.Timetable
 
@@ -511,10 +517,12 @@ func SaveConfig(configDirectory string, config models.Config, configuration *mod
 func StoreConfig(configDirectory string, config models.Config) error {
 
 	// Encryption key can be set wrong.
-	encryptionPrivateKey := config.Encryption.PrivateKey
-	// Replace \\n by \n
-	encryptionPrivateKey = strings.ReplaceAll(encryptionPrivateKey, "\\n", "\n")
-	config.Encryption.PrivateKey = encryptionPrivateKey
+	if config.Encryption != nil {
+		encryptionPrivateKey := config.Encryption.PrivateKey
+		// Replace \\n by \n
+		encryptionPrivateKey = strings.ReplaceAll(encryptionPrivateKey, "\\n", "\n")
+		config.Encryption.PrivateKey = encryptionPrivateKey
+	}
 
 	// Save into database
 	if os.Getenv("DEPLOYMENT") == "factory" || os.Getenv("MACHINERY_ENVIRONMENT") == "kubernetes" {

machinery/src/models/Config.go

@@ -42,7 +42,7 @@ type Config struct {
 	HubPrivateKey     string       `json:"hub_private_key" bson:"hub_private_key"`
 	HubSite           string       `json:"hub_site" bson:"hub_site"`
 	ConditionURI      string       `json:"condition_uri" bson:"condition_uri"`
-	Encryption        *Encryption  `json:"encryption,omitempty" bson:"encryption",omitempty`
+	Encryption        *Encryption  `json:"encryption,omitempty" bson:"encryption,omitempty"`
 }
 
 // Capture defines which camera type (Id) you are using (IP, USB or Raspberry Pi camera),

machinery/src/routers/http/Server.go

@@ -1,7 +1,9 @@
 package http
 
 import (
+	"io"
 	"os"
+	"strconv"
 
 	jwt "github.com/appleboy/gin-jwt/v2"
 	"github.com/gin-contrib/pprof"
@@ -12,6 +14,7 @@ import (
 	"log"
 
 	_ "github.com/kerberos-io/agent/machinery/docs"
+	"github.com/kerberos-io/agent/machinery/src/encryption"
 	"github.com/kerberos-io/agent/machinery/src/models"
 	swaggerFiles "github.com/swaggo/files"
 	ginSwagger "github.com/swaggo/gin-swagger"
@@ -77,7 +80,7 @@ func StartServer(configDirectory string, configuration *models.Configuration, co
 	r.Use(static.Serve("/settings", static.LocalFile(configDirectory+"/www", true)))
 	r.Use(static.Serve("/login", static.LocalFile(configDirectory+"/www", true)))
 	r.Handle("GET", "/file/*filepath", func(c *gin.Context) {
-		Files(c, configDirectory)
+		Files(c, configDirectory, configuration)
 	})
 
 	// Run the api on port
@@ -87,8 +90,50 @@ func StartServer(configDirectory string, configuration *models.Configuration, co
 	}
 }
 
-func Files(c *gin.Context, configDirectory string) {
-	c.Header("Access-Control-Allow-Origin", "*")
-	c.Header("Content-Type", "video/mp4")
-	c.File(configDirectory + "/data/recordings" + c.Param("filepath"))
+func Files(c *gin.Context, configDirectory string, configuration *models.Configuration) {
+
+	// Get File
+	filePath := configDirectory + "/data/recordings" + c.Param("filepath")
+	_, err := os.Open(filePath)
+	if err != nil {
+		c.JSON(404, gin.H{"error": "File not found"})
+		return
+	}
+
+	contents, err := os.ReadFile(filePath)
+	if err == nil {
+
+		// Get symmetric key
+		symmetricKey := configuration.Config.Encryption.SymmetricKey
+		// Decrypt file
+		if symmetricKey != "" {
+
+			// Read file
+			if err != nil {
+				c.JSON(404, gin.H{"error": "File not found"})
+				return
+			}
+
+			// Decrypt file
+			contents, err = encryption.AesDecrypt(contents, symmetricKey)
+			if err != nil {
+				c.JSON(404, gin.H{"error": "File not found"})
+				return
+			}
+		}
+
+		// Get fileSize from contents
+		fileSize := len(contents)
+
+		// Send file to gin
+		c.Header("Access-Control-Allow-Origin", "*")
+		c.Header("Content-Disposition", "attachment; filename="+filePath)
+		c.Header("Content-Type", "video/mp4")
+		c.Header("Content-Length", strconv.Itoa(fileSize))
+		// Send contents to gin
+		io.WriteString(c.Writer, string(contents))
+	} else {
+		c.JSON(404, gin.H{"error": "File not found"})
+		return
+	}
 }

machinery/src/routers/mqtt/main.go

@@ -457,7 +457,12 @@ func HandleReceiveHDCandidates(mqttClient mqtt.Client, hubKey string, payload mo
 
 	if receiveHDCandidatesPayload.Timestamp != 0 {
 		if communication.CameraConnected {
-			channel := webrtc.CandidateArrays[receiveHDCandidatesPayload.SessionID]
+			key := configuration.Config.Key + "/" + receiveHDCandidatesPayload.SessionID
+			channel := webrtc.CandidateArrays[key]
+			if channel == nil {
+				channel = make(chan string)
+				webrtc.CandidateArrays[key] = channel
+			}
 			log.Log.Info("HandleReceiveHDCandidates: " + receiveHDCandidatesPayload.Candidate)
 			channel <- receiveHDCandidatesPayload.Candidate
 		} else {

machinery/src/webrtc/main.go

@@ -125,6 +125,7 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 						Credential: w.TurnServersCredential,
 					},
 				},
+				//ICETransportPolicy: pionWebRTC.ICETransportPolicyRelay,
 			},
 		)
 
@@ -179,6 +180,9 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 				panic(err)
 			}
 
+			// When an ICE candidate is available send to the other Pion instance
+			// the other Pion instance will add this candidate by calling AddICECandidate
+			var candidatesMux sync.Mutex
 			// When an ICE candidate is available send to the other peer using the signaling server (MQTT).
 			// The other peer will add this candidate by calling AddICECandidate
 			peerConnection.OnICECandidate(func(candidate *pionWebRTC.ICECandidate) {
@@ -186,6 +190,9 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 					return
 				}
 
+				candidatesMux.Lock()
+				defer candidatesMux.Unlock()
+
 				//  Create a config map
 				valueMap := make(map[string]interface{})
 				candateJSON := candidate.ToJSON()
@@ -208,7 +215,9 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 				}
 				payload, err := models.PackageMQTTMessage(configuration, message)
 				if err == nil {
-					mqttClient.Publish("kerberos/hub/"+hubKey, 0, false, payload)
+					log.Log.Info("InitializeWebRTCConnection:" + string(candateBinary))
+					token := mqttClient.Publish("kerberos/hub/"+hubKey, 2, false, payload)
+					token.Wait()
 				} else {
 					log.Log.Info("HandleRequestConfig: something went wrong while sending acknowledge config to hub: " + string(payload))
 				}
@@ -233,7 +242,8 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 				}
 				payload, err := models.PackageMQTTMessage(configuration, message)
 				if err == nil {
-					mqttClient.Publish("kerberos/hub/"+hubKey, 0, false, payload)
+					token := mqttClient.Publish("kerberos/hub/"+hubKey, 2, false, payload)
+					token.Wait()
 				} else {
 					log.Log.Info("HandleRequestConfig: something went wrong while sending acknowledge config to hub: " + string(payload))
 				}

ui/.eslintrc.json

@@ -25,6 +25,7 @@
     "jsx-a11y/media-has-caption": "off",
     "jsx-a11y/anchor-is-valid": "off",
     "jsx-a11y/click-events-have-key-events": "off",
+    "jsx-a11y/control-has-associated-label": "off",
     "jsx-a11y/no-noninteractive-element-interactions": "off",
     "jsx-a11y/no-static-element-interactions": "off",
     "jsx-a11y/label-has-associated-control": [