gilles/Strix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Dockerfile, fix SQLite immutable mode, URL-encode credentials

Browse Source 
- Dockerfile: multi-stage build with golang:1.26 and alpine + ffmpeg
- SQLite: use file: URI with immutable=1 for read-only access
- URL builder: encode user/pass with PathEscape/QueryEscape for
  special characters (@, \, :, etc.)
- Health endpoint: truncate uptime to seconds
- Release skill: update smoke test to /api endpoint
- Remove unused ValidateID function
This commit is contained in:
eduard256
2026-03-25 11:28:47 +00:00
parent 27117900eb
commit 4d171f69c7
6 changed files with 44 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.claude/skills/release_strix/SKILL.md
+1 -1
View File
@@ -121,7 +121,7 @@ Verify the new version tag exists and both amd64 and arm64 platforms are present
```bash ```bash
docker run --rm -d --name strix-smoke-test -p 14567:4567 eduard256/strix:$VERSION docker run --rm -d --name strix-smoke-test -p 14567:4567 eduard256/strix:$VERSION
sleep 5 sleep 5
curl -s http://localhost:14567/api/v1/health | jq '.version' curl -s http://localhost:14567/api | jq '.version'
docker stop strix-smoke-test docker stop strix-smoke-test
``` ```
Dockerfile
+28
View File
@@ -0,0 +1,28 @@
FROM golang:1.26-alpine AS builder
RUN apk add --no-cache gcc musl-dev
WORKDIR /src
COPY go.mod go.sum ./
RUN go mod download
COPY . .
ARG VERSION=dev
RUN CGO_ENABLED=1 go build -ldflags "-s -w -X main.version=${VERSION}" -o /strix .
FROM alpine:latest
RUN apk add --no-cache ffmpeg ca-certificates
COPY --from=builder /strix /usr/local/bin/strix
WORKDIR /app
COPY cameras.db .
EXPOSE 4567
HEALTHCHECK --interval=30s --timeout=3s CMD wget -q --spider http://localhost:4567/api/health || exit 1
USER nobody
ENTRYPOINT ["strix"]
internal/api/api.go
+1 -1
View File
@@ -108,7 +108,7 @@ func apiHandler(w http.ResponseWriter, r *http.Request) {
func apiHealth(w http.ResponseWriter, r *http.Request) { func apiHealth(w http.ResponseWriter, r *http.Request) {
ResponseJSON(w, map[string]any{ ResponseJSON(w, map[string]any{
"version": app.Version, "version": app.Version,
"uptime": time.Since(app.StartTime).String(), "uptime": time.Since(app.StartTime).Truncate(time.Second).String(),
}) })
} }
internal/probe/probe.go
+1 -1
View File
@@ -29,7 +29,7 @@ func Init() {
log = app.GetLogger("probe") log = app.GetLogger("probe")
var err error var err error
db, err = sql.Open("sqlite3", app.DB+"?mode=ro") db, err = sql.Open("sqlite3", "file:"+app.DB+"?mode=ro&immutable=1")
if err != nil { if err != nil {
log.Error().Err(err).Msg("[probe] db open") log.Error().Err(err).Msg("[probe] db open")
} }
internal/search/search.go
+1 -1
View File
@@ -21,7 +21,7 @@ func Init() {
log = app.GetLogger("search") log = app.GetLogger("search")
var err error var err error
db, err = sql.Open("sqlite3", app.DB+"?mode=ro") db, err = sql.Open("sqlite3", "file:"+app.DB+"?mode=ro&immutable=1")
if err != nil { if err != nil {
log.Fatal().Err(err).Msg("[search] db open") log.Fatal().Err(err).Msg("[search] db open")
} }
pkg/camdb/streams.go
+12 -28
View File
@@ -3,8 +3,8 @@ package camdb
import ( import (
"database/sql" "database/sql"
"encoding/base64" "encoding/base64"
"errors"
"fmt" "fmt"
"net/url"
"strconv" "strconv"
"strings" "strings"
) )
@@ -125,26 +125,6 @@ func BuildStreams(db *sql.DB, p *StreamParams) ([]string, error) {
return streams, nil return streams, nil
} }
// ValidateID checks if id format is valid
func ValidateID(id string) error {
switch {
case strings.HasPrefix(id, "b:"):
if len(id) < 3 {
return errors.New("camdb: empty brand id")
}
case strings.HasPrefix(id, "m:"):
if strings.Count(id, ":") < 2 {
return fmt.Errorf("camdb: invalid model id: %s", id)
}
case strings.HasPrefix(id, "p:"):
if len(id) < 3 {
return errors.New("camdb: empty preset id")
}
default:
return fmt.Errorf("camdb: unknown prefix: %s", id)
}
return nil
}
// internals // internals
@@ -153,7 +133,7 @@ func buildURL(protocol, path, ip string, port int, user, pass string, channel in
var auth string var auth string
if user != "" { if user != "" {
auth = user + ":" + pass + "@" auth = url.PathEscape(user) + ":" + url.PathEscape(pass) + "@"
} }
host := ip host := ip
@@ -174,6 +154,10 @@ func replacePlaceholders(s, ip string, port int, user, pass string, channel int)
auth = base64.StdEncoding.EncodeToString([]byte(user + ":" + pass)) auth = base64.StdEncoding.EncodeToString([]byte(user + ":" + pass))
} }
// URL-encode credentials for safe use in query parameters
encUser := url.QueryEscape(user)
encPass := url.QueryEscape(pass)
pairs := []string{ pairs := []string{
"[CHANNEL]", strconv.Itoa(channel), "[CHANNEL]", strconv.Itoa(channel),
"[channel]", strconv.Itoa(channel), "[channel]", strconv.Itoa(channel),
@@ -183,12 +167,12 @@ func replacePlaceholders(s, ip string, port int, user, pass string, channel int)
"[channel+1]", strconv.Itoa(channel + 1), "[channel+1]", strconv.Itoa(channel + 1),
"{CHANNEL+1}", strconv.Itoa(channel + 1), "{CHANNEL+1}", strconv.Itoa(channel + 1),
"{channel+1}", strconv.Itoa(channel + 1), "{channel+1}", strconv.Itoa(channel + 1),
"[USERNAME]", user, "[username]", user, "[USERNAME]", encUser, "[username]", encUser,
"[USER]", user, "[user]", user, "[USER]", encUser, "[user]", encUser,
"[PASSWORD]", pass, "[password]", pass, "[PASSWORD]", encPass, "[password]", encPass,
"[PASWORD]", pass, "[pasword]", pass, "[PASWORD]", encPass, "[pasword]", encPass,
"[PASS]", pass, "[pass]", pass, "[PASS]", encPass, "[pass]", encPass,
"[PWD]", pass, "[pwd]", pass, "[PWD]", encPass, "[pwd]", encPass,
"[WIDTH]", "640", "[width]", "640", "[WIDTH]", "640", "[width]", "640",
"[HEIGHT]", "480", "[height]", "480", "[HEIGHT]", "480", "[height]", "480",
"[IP]", ip, "[ip]", ip, "[IP]", ip, "[ip]", ip,