feat: add read-only mode to API and UI, disable write actions

2026-02-01 04:13:43 +03:00
parent 6085c8aabe
commit cc453dd9ed
24 changed files with 438 additions and 8 deletions
@@ -965,6 +965,7 @@ api:
  listen: ":1984"    # default ":1984", HTTP API port ("" - disabled)
  username: "admin"  # default "", Basic auth for WebUI
  password: "pass"   # default "", Basic auth for WebUI
+  read_only: true    # default false, Disable write actions in WebUI/API
  local_auth: true   # default false, Enable auth check for localhost requests
  base_path: "/rtc"  # default "", API prefix for serving on suburl (/api => /rtc/api)
  static_dir: "www"  # default "", folder for static files (custom web interface)
@@ -32,6 +32,7 @@ func Init() {
 			TLSCert    string `yaml:"tls_cert"`
 			TLSKey     string `yaml:"tls_key"`
 			UnixListen string `yaml:"unix_listen"`
+			ReadOnly   bool   `yaml:"read_only"`

 			AllowPaths []string `yaml:"allow_paths"`
 		} `yaml:"api"`
@@ -50,6 +51,9 @@ func Init() {
 	allowPaths = cfg.Mod.AllowPaths
 	basePath = cfg.Mod.BasePath
 	log = app.GetLogger("api")
+	ReadOnly = cfg.Mod.ReadOnly
+	app.ConfigReadOnly = ReadOnly
+	app.Info["read_only"] = ReadOnly

 	initStatic(cfg.Mod.StaticDir)

@@ -149,6 +153,15 @@ const (
 )

 var Handler http.Handler
+var ReadOnly bool
+
+func IsReadOnly() bool {
+	return ReadOnly
+}
+
+func ReadOnlyError(w http.ResponseWriter) {
+	http.Error(w, "read-only", http.StatusForbidden)
+}

 // HandleFunc handle pattern with relative path:
 // - "api/streams" => "{basepath}/api/streams"
@@ -249,6 +262,11 @@ func exitHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	if IsReadOnly() {
+		ReadOnlyError(w)
+		return
+	}
+
 	s := r.URL.Query().Get("code")
 	code, err := strconv.Atoi(s)

@@ -267,6 +285,11 @@ func restartHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	if IsReadOnly() {
+		ReadOnlyError(w)
+		return
+	}
+
 	path, err := os.Executable()
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -285,6 +308,10 @@ func logHandler(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/jsonlines")
 		_, _ = app.MemoryLog.WriteTo(w)
 	case "DELETE":
+		if IsReadOnly() {
+			ReadOnlyError(w)
+			return
+		}
 		app.MemoryLog.Reset()
 		Response(w, "OK", "text/plain")
 	default:
@@ -26,6 +26,10 @@ func configHandler(w http.ResponseWriter, r *http.Request) {
 		Response(w, data, "application/yaml")

 	case "POST", "PATCH":
+		if IsReadOnly() {
+			ReadOnlyError(w)
+			return
+		}
 		data, err := io.ReadAll(r.Body)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
@@ -0,0 +1,36 @@
+package api
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/AlexxIT/go2rtc/internal/app"
+	"github.com/stretchr/testify/require"
+)
+
+func TestConfigHandlerReadOnly(t *testing.T) {
+	prevPath := app.ConfigPath
+	prevReadOnly := ReadOnly
+	t.Cleanup(func() {
+		app.ConfigPath = prevPath
+		ReadOnly = prevReadOnly
+	})
+
+	app.ConfigPath = filepath.Join(t.TempDir(), "config.yaml")
+	ReadOnly = true
+
+	for _, method := range []string{"POST", "PATCH"} {
+		t.Run(method, func(t *testing.T) {
+			req := httptest.NewRequest(method, "/api/config", strings.NewReader("log:\n  level: info\n"))
+			w := httptest.NewRecorder()
+
+			configHandler(w, req)
+
+			require.Equal(t, http.StatusForbidden, w.Code)
+			require.Contains(t, w.Body.String(), "read-only")
+		})
+	}
+}
@@ -20,11 +20,15 @@ func LoadConfig(v any) {
 }

 var configMu sync.Mutex
+var ConfigReadOnly bool

 func PatchConfig(path []string, value any) error {
 	if ConfigPath == "" {
 		return errors.New("config file disabled")
 	}
+	if ConfigReadOnly {
+		return errors.New("config is read-only")
+	}

 	configMu.Lock()
 	defer configMu.Unlock()
@@ -0,0 +1,29 @@
+package app
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestPatchConfigReadOnly(t *testing.T) {
+	prevPath := ConfigPath
+	prevReadOnly := ConfigReadOnly
+	t.Cleanup(func() {
+		ConfigPath = prevPath
+		ConfigReadOnly = prevReadOnly
+	})
+
+	dir := t.TempDir()
+	path := filepath.Join(dir, "config.yaml")
+	require.NoError(t, os.WriteFile(path, []byte(""), 0644))
+
+	ConfigPath = path
+	ConfigReadOnly = true
+
+	err := PatchConfig([]string{"streams", "cam"}, "rtsp://example.com")
+	require.Error(t, err)
+	require.EqualError(t, err, "config is read-only")
+}
@@ -4,6 +4,7 @@ import (
 	"net/http"
 	"strings"

+	"github.com/AlexxIT/go2rtc/internal/api"
 	"github.com/AlexxIT/go2rtc/internal/streams"
 )

@@ -12,6 +13,10 @@ func apiFFmpeg(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "", http.StatusMethodNotAllowed)
 		return
 	}
+	if api.IsReadOnly() {
+		api.ReadOnlyError(w)
+		return
+	}

 	query := r.URL.Query()
 	dst := query.Get("dst")
@@ -0,0 +1,26 @@
+package ffmpeg
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/AlexxIT/go2rtc/internal/api"
+	"github.com/stretchr/testify/require"
+)
+
+func TestApiFFmpegReadOnly(t *testing.T) {
+	prevReadOnly := api.ReadOnly
+	t.Cleanup(func() {
+		api.ReadOnly = prevReadOnly
+	})
+
+	api.ReadOnly = true
+
+	req := httptest.NewRequest("POST", "/api/ffmpeg?dst=cam&text=hello", nil)
+	w := httptest.NewRecorder()
+
+	apiFFmpeg(w, req)
+
+	require.Equal(t, http.StatusForbidden, w.Code)
+}
@@ -43,6 +43,10 @@ func apiDiscovery(w http.ResponseWriter, r *http.Request) {
 }

 func apiHomekit(w http.ResponseWriter, r *http.Request) {
+	if api.IsReadOnly() && r.Method != "GET" {
+		api.ReadOnlyError(w)
+		return
+	}
 	if err := r.ParseForm(); err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
@@ -0,0 +1,37 @@
+package homekit
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/AlexxIT/go2rtc/internal/api"
+	"github.com/stretchr/testify/require"
+)
+
+func TestApiHomekitReadOnly(t *testing.T) {
+	prevReadOnly := api.ReadOnly
+	t.Cleanup(func() {
+		api.ReadOnly = prevReadOnly
+	})
+
+	api.ReadOnly = true
+
+	t.Run("POST blocked", func(t *testing.T) {
+		req := httptest.NewRequest("POST", "/api/homekit", nil)
+		w := httptest.NewRecorder()
+
+		apiHomekit(w, req)
+
+		require.Equal(t, http.StatusForbidden, w.Code)
+	})
+
+	t.Run("GET allowed", func(t *testing.T) {
+		req := httptest.NewRequest("GET", "/api/homekit", nil)
+		w := httptest.NewRecorder()
+
+		apiHomekit(w, req)
+
+		require.Equal(t, http.StatusOK, w.Code)
+	})
+}
@@ -24,6 +24,10 @@ var Auth struct {
 }

 func apiHandle(w http.ResponseWriter, r *http.Request) {
+	if api.IsReadOnly() && r.Method != "GET" {
+		api.ReadOnlyError(w)
+		return
+	}
 	switch r.Method {
 	case "GET":
 		if Auth.UserData == nil {
@@ -0,0 +1,26 @@
+package roborock
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/AlexxIT/go2rtc/internal/api"
+	"github.com/stretchr/testify/require"
+)
+
+func TestApiHandleReadOnly(t *testing.T) {
+	prevReadOnly := api.ReadOnly
+	t.Cleanup(func() {
+		api.ReadOnly = prevReadOnly
+	})
+
+	api.ReadOnly = true
+
+	req := httptest.NewRequest("POST", "/api/roborock", nil)
+	w := httptest.NewRecorder()
+
+	apiHandle(w, req)
+
+	require.Equal(t, http.StatusForbidden, w.Code)
+}
@@ -12,6 +12,13 @@ import (

 func apiStreams(w http.ResponseWriter, r *http.Request) {
 	w = creds.SecretResponse(w)
+	if api.IsReadOnly() {
+		switch r.Method {
+		case "PUT", "PATCH", "POST", "DELETE":
+			api.ReadOnlyError(w)
+			return
+		}
+	}

 	query := r.URL.Query()
 	src := query.Get("src")
@@ -130,6 +137,13 @@ func apiStreamsDOT(w http.ResponseWriter, r *http.Request) {
 }

 func apiPreload(w http.ResponseWriter, r *http.Request) {
+	if api.IsReadOnly() {
+		switch r.Method {
+		case "PUT", "DELETE":
+			api.ReadOnlyError(w)
+			return
+		}
+	}
 	// GET - return all preloads
 	if r.Method == "GET" {
 		api.ResponseJSON(w, GetPreloads())
@@ -0,0 +1,68 @@
+package streams
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/AlexxIT/go2rtc/internal/api"
+	"github.com/stretchr/testify/require"
+)
+
+func TestApiStreamsReadOnly(t *testing.T) {
+	prevReadOnly := api.ReadOnly
+	t.Cleanup(func() {
+		api.ReadOnly = prevReadOnly
+	})
+
+	api.ReadOnly = true
+
+	for _, method := range []string{"PUT", "PATCH", "POST", "DELETE"} {
+		t.Run(method, func(t *testing.T) {
+			req := httptest.NewRequest(method, "/api/streams?src=test", nil)
+			w := httptest.NewRecorder()
+
+			apiStreams(w, req)
+
+			require.Equal(t, http.StatusForbidden, w.Code)
+		})
+	}
+
+	t.Run("GET allowed", func(t *testing.T) {
+		req := httptest.NewRequest("GET", "/api/streams", nil)
+		w := httptest.NewRecorder()
+
+		apiStreams(w, req)
+
+		require.Equal(t, http.StatusOK, w.Code)
+	})
+}
+
+func TestApiPreloadReadOnly(t *testing.T) {
+	prevReadOnly := api.ReadOnly
+	t.Cleanup(func() {
+		api.ReadOnly = prevReadOnly
+	})
+
+	api.ReadOnly = true
+
+	for _, method := range []string{"PUT", "DELETE"} {
+		t.Run(method, func(t *testing.T) {
+			req := httptest.NewRequest(method, "/api/preload?src=test", nil)
+			w := httptest.NewRecorder()
+
+			apiPreload(w, req)
+
+			require.Equal(t, http.StatusForbidden, w.Code)
+		})
+	}
+
+	t.Run("GET allowed", func(t *testing.T) {
+		req := httptest.NewRequest("GET", "/api/preload", nil)
+		w := httptest.NewRecorder()
+
+		apiPreload(w, req)
+
+		require.Equal(t, http.StatusOK, w.Code)
+	})
+}
@@ -59,6 +59,10 @@ func getCloud(email string) (*wyze.Cloud, error) {
 }

 func apiWyze(w http.ResponseWriter, r *http.Request) {
+	if api.IsReadOnly() && r.Method != "GET" {
+		api.ReadOnlyError(w)
+		return
+	}
 	switch r.Method {
 	case "GET":
 		apiDeviceList(w, r)
@@ -0,0 +1,26 @@
+package wyze
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/AlexxIT/go2rtc/internal/api"
+	"github.com/stretchr/testify/require"
+)
+
+func TestApiWyzeReadOnly(t *testing.T) {
+	prevReadOnly := api.ReadOnly
+	t.Cleanup(func() {
+		api.ReadOnly = prevReadOnly
+	})
+
+	api.ReadOnly = true
+
+	req := httptest.NewRequest("POST", "/api/wyze", nil)
+	w := httptest.NewRecorder()
+
+	apiWyze(w, req)
+
+	require.Equal(t, http.StatusForbidden, w.Code)
+}
@@ -219,6 +219,10 @@ func wakeUpCamera(url *url.URL) error {
 }

 func apiXiaomi(w http.ResponseWriter, r *http.Request) {
+	if api.IsReadOnly() && r.Method != "GET" {
+		api.ReadOnlyError(w)
+		return
+	}
 	switch r.Method {
 	case "GET":
 		apiDeviceList(w, r)
@@ -0,0 +1,26 @@
+package xiaomi
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/AlexxIT/go2rtc/internal/api"
+	"github.com/stretchr/testify/require"
+)
+
+func TestApiXiaomiReadOnly(t *testing.T) {
+	prevReadOnly := api.ReadOnly
+	t.Cleanup(func() {
+		api.ReadOnly = prevReadOnly
+	})
+
+	api.ReadOnly = true
+
+	req := httptest.NewRequest("POST", "/api/xiaomi", nil)
+	w := httptest.NewRecorder()
+
+	apiXiaomi(w, req)
+
+	require.Equal(t, http.StatusForbidden, w.Code)
+}
@@ -52,8 +52,24 @@
        drawTable(table, await r.json());
    }
 </script>
+<script>
+    window.addEventListener('DOMContentLoaded', () => {
+        if (!window.go2rtcReady) return;
+        window.go2rtcReady.then(data => {
+            if (!data || !data.read_only) return;
+            const banner = document.getElementById('readonly-banner');
+            if (banner) banner.style.display = 'block';
+            document.querySelectorAll('main input, main select, main button, main textarea').forEach(el => {
+                el.disabled = true;
+            });
+        });
+    });
+</script>

 <main>
+    <div id="readonly-banner" style="display: none; padding: 10px; background: #ffe9e9; border: 1px solid #f0b4b4;">
+        Read-only mode: add actions are disabled.
+    </div>
    <button id="stream">Temporary stream</button>
    <div>
        <form id="stream-form">
@@ -566,4 +582,4 @@
 </main>

 </body>
-</html>
+</html>
@@ -1182,7 +1182,20 @@

        let dump;

-        document.getElementById('save').addEventListener('click', async () => {
+        const saveButton = document.getElementById('save');
+        const applyReadOnly = () => {
+            saveButton.disabled = true;
+            saveButton.title = 'Read-only mode';
+            editor.updateOptions({readOnly: true});
+        };
+
+        if (window.go2rtcReady) {
+            window.go2rtcReady.then(data => {
+                if (data && data.read_only) applyReadOnly();
+            });
+        }
+
+        saveButton.addEventListener('click', async () => {
            let r = await fetch('api/config', {cache: 'no-cache'});
            if (r.ok && dump !== await r.text()) {
                alert('Config was changed from another place. Refresh the page and make changes again');
@@ -45,11 +45,18 @@
 </main>

 <script>
-    const templates = [
+    let templates = [
        '<a href="stream.html?src={name}">stream</a>',
        '<a href="links.html?src={name}">links</a>',
        '<a href="#" data-name="{name}">delete</a>',
    ];
+    let readOnly = false;
+
+    const applyReadOnly = (flag) => {
+        if (!flag || readOnly) return;
+        readOnly = true;
+        templates = templates.filter(link => link.indexOf('delete') < 0);
+    };

    document.querySelector('.controls > button')
        .addEventListener('click', () => {
@@ -144,13 +151,21 @@
    // Auto-reload
    setInterval(reload, 1000);

-    const url = new URL('api', location.href);
-    fetch(url, {cache: 'no-cache'}).then(r => r.json()).then(data => {
-        const info = document.querySelector('.info');
+    const info = document.querySelector('.info');
+    const applyInfo = (data) => {
        info.innerText = `version: ${data.version} / config: ${data.config_path}`;
-    });
+        applyReadOnly(Boolean(data.read_only));
+        reload();
+    };

-    reload();
+    if (window.go2rtcReady) {
+        window.go2rtcReady.then(data => {
+            if (data) applyInfo(data);
+        });
+    } else {
+        const url = new URL('api', location.href);
+        fetch(url, {cache: 'no-cache'}).then(r => r.json()).then(data => applyInfo(data));
+    }
 </script>

 </body>
@@ -152,6 +152,21 @@ Telegram: rtmps://xxx-x.rtmp.t.me/s/xxxxxxxxxx:xxxxxxxxxxxxxxxxxxxxxx</pre>
            fetch(url, {method: 'POST'});
        });
    </script>
+    <script>
+        const applyReadOnly = () => {
+            const ids = ['play-send', 'play-url', 'pub-send', 'pub-url'];
+            ids.forEach(id => {
+                const el = document.getElementById(id);
+                if (el) el.disabled = true;
+            });
+        };
+
+        if (window.go2rtcReady) {
+            window.go2rtcReady.then(data => {
+                if (data && data.read_only) applyReadOnly();
+            });
+        }
+    </script>

    <div id="webrtc">
        <h2>WebRTC Magic</h2>
@@ -133,3 +133,24 @@ document.body.innerHTML = `
    </nav>
 </header>
 ` + document.body.innerHTML;
+
+window.go2rtcReady = (async () => {
+    try {
+        const url = new URL('api', location.href);
+        const r = await fetch(url, {cache: 'no-cache'});
+        if (!r.ok) return null;
+        const data = await r.json();
+        window.go2rtcInfo = data;
+        return data;
+    } catch (e) {
+        return null;
+    }
+})();
+
+window.go2rtcReady.then(data => {
+    if (!data || !data.read_only) return;
+    const links = document.querySelectorAll('nav a[href="add.html"], nav a[href="config.html"]');
+    links.forEach(link => {
+        link.style.display = 'none';
+    });
+});
@@ -68,6 +68,11 @@
        "password": {
          "type": "string"
        },
+        "read_only": {
+          "description": "Disable write actions in WebUI/API",
+          "type": "boolean",
+          "default": false
+        },
        "local_auth": {
          "description": "Enable auth check for localhost requests",
          "type": "boolean",