Sulkta-Coop/adacam-api
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8 commits 1 branch 1 tag 48 KiB
Commit graph

8 commits

This branch
This branch
All branches
Author SHA1 Message Date
Cobb Hayes
beead1d6b0 audit follow-ups: deps floor, LICENSE, gate /debug/redis-keys 
- requirements.txt: bump floors past known CVEs (flask>=2.3.2 fixes
  CVE-2023-30861, requests>=2.32.0 fixes CVE-2023-32681 + CVE-2024-35195,
  redis>=5.0 fixes CVE-2023-28858/9).
- LICENSE: add MIT text (README claimed MIT but the file was missing).
- /api/1/debug/redis-keys: require auth. Was unauthenticated info-disclosure
  on the LAN/AP side.
 2026-05-27 09:22:12 -07:00
Cobb Hayes
81a6d18c1d Rotate AdaMaps ingest+read keys (env-required, no inline default) 
Previous values (adamaps-ingest-2026, adamaps-read-2026, mapnet-ingest-2026)
were inline defaults across adamaps + adacam-api + varroa. The ingest key
was briefly anon-visible during the 2026-05-27 Forgejo public-flip when
adacam-api + varroa were public for a short window before the leak was
spotted.

New values live in Vaultwarden:
  - AdaMaps — API_KEY (ingest)
  - AdaMaps — READ_KEY

Validators now hard-fail at boot if the env var is missing. Service is
on hold today; when it resumes, both env vars must be set.
 2026-05-27 09:17:22 -07:00
Kayos
595c1cadf5 fix: GPS from SQLite framekms (confirmed live device schema) 
odc-api.db confirmed present on device. framekms table has:
  latitude, longitude, altitude, hdop, satellites_used, time
NOT lat_deg/lon_deg/alt_m/num_satellites as previously assumed.
Redis fallback retained, supports both field naming conventions.
API response format unchanged (still returns lat_deg/lon_deg for Varroa compat).
 2026-03-14 20:51:26 -07:00
Kayos
174de0637e fix: pre-liberation review — frames dir, wigle config GET, debug redis-keys endpoint 
CRITICAL:
- frames.py: FRAMES_DIR corrected to /tmp/adacam/pics
- frames.py: graceful handling when capture not started

IMPORTANT:
- wigle.py: added GET /api/1/wigle/config endpoint for Varroa
- app.py: added GET /api/1/debug/redis-keys endpoint for GPS troubleshooting
- install.sh: removed python validation that runs from wrong directory
 2026-03-14 17:59:08 -07:00
Kayos
064378870b feat: wigle config and status endpoints 2026-03-14 15:49:32 -07:00
Kayos
eaf49841f0 feat: bearer token auth, pairing, wifi config, ssh toggle, remove /cmd 2026-03-14 11:47:10 -07:00
kayos
37aefb84c8 Initial commit: adacam-api v1.0.0 
Clean Python Flask replacement for odc-api (434k lines Node.js → ~350 lines Python)
- GET /api/1/landmarks/last/{N} - last N detections from SQLite
- POST /api/1/landmarks - ingest detections + forward to AdaMaps
- GET /api/1/gnssConcise/latestValid - GPS fix from Redis
- GET /api/1/status - device status
- GET /api/1/deviceinfo - device identity
- GET /api/1/recording/frames/latest - latest frame path

No /api/1/cmd - that's the CVE, it's gone.

Includes:
- SQLite for local storage + offline queue
- Background thread for AdaMaps retry
- systemd service unit
- install.sh for device deployment
 2026-03-14 08:13:04 -07:00
kayos
b05c0e3d03 Initial commit 2026-03-14 08:11:41 -07:00