Sulkta-OSS/adacam-api
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9 commits 1 branch 1 tag 53 KiB
Commit graph

9 commits

This branch
This branch
All branches
Author SHA1 Message Date
kayos
08d0e8a702 ci: add gitleaks workflow (Sulkta canonical)
All checks were successful
gitleaks / scan (push) Successful in 20s
Details
2026-05-27 22:14:29 -07:00
Cobb Hayes
10f7c9572c audit follow-ups: deps floor, LICENSE, gate /debug/redis-keys 
- requirements.txt: bump floors past known CVEs (flask>=2.3.2 fixes
  CVE-2023-30861, requests>=2.32.0 fixes CVE-2023-32681 + CVE-2024-35195,
  redis>=5.0 fixes CVE-2023-28858/9).
- LICENSE: add MIT text (README claimed MIT but the file was missing).
- /api/1/debug/redis-keys: require auth. Was unauthenticated info-disclosure
  on the LAN/AP side.
 2026-05-27 09:22:12 -07:00
Cobb Hayes
aa7d6d9d71 Rotate AdaMaps ingest+read keys (env-required, no inline default) 
Previous values (***REMOVED***, ***REMOVED***, ***REMOVED***)
were inline defaults across adamaps + adacam-api + varroa. The ingest key
was briefly anon-visible during the 2026-05-27 Forgejo public-flip when
adacam-api + varroa were public for a short window before the leak was
spotted.

New values live in Vaultwarden:
  - AdaMaps — API_KEY (ingest)
  - AdaMaps — READ_KEY

Validators now hard-fail at boot if the env var is missing. Service is
on hold today; when it resumes, both env vars must be set.
 2026-05-27 09:17:22 -07:00
Kayos
9e639ead17 fix: GPS from SQLite framekms (confirmed live device schema) 
odc-api.db confirmed present on device. framekms table has:
  latitude, longitude, altitude, hdop, satellites_used, time
NOT lat_deg/lon_deg/alt_m/num_satellites as previously assumed.
Redis fallback retained, supports both field naming conventions.
API response format unchanged (still returns lat_deg/lon_deg for Varroa compat).
 2026-03-14 20:51:26 -07:00
Kayos
5fa7d8fd11 fix: pre-liberation review — frames dir, wigle config GET, debug redis-keys endpoint 
CRITICAL:
- frames.py: FRAMES_DIR corrected to /tmp/adacam/pics
- frames.py: graceful handling when capture not started

IMPORTANT:
- wigle.py: added GET /api/1/wigle/config endpoint for Varroa
- app.py: added GET /api/1/debug/redis-keys endpoint for GPS troubleshooting
- install.sh: removed python validation that runs from wrong directory
 2026-03-14 17:59:08 -07:00
Kayos
f2a89badf1 feat: wigle config and status endpoints 2026-03-14 15:49:32 -07:00
Kayos
2dc772e618 feat: bearer token auth, pairing, wifi config, ssh toggle, remove /cmd 2026-03-14 11:47:10 -07:00
kayos
0974a8ab98 Initial commit: adacam-api v1.0.0 
Clean Python Flask replacement for odc-api (434k lines Node.js → ~350 lines Python)
- GET /api/1/landmarks/last/{N} - last N detections from SQLite
- POST /api/1/landmarks - ingest detections + forward to AdaMaps
- GET /api/1/gnssConcise/latestValid - GPS fix from Redis
- GET /api/1/status - device status
- GET /api/1/deviceinfo - device identity
- GET /api/1/recording/frames/latest - latest frame path

No /api/1/cmd - that's the CVE, it's gone.

Includes:
- SQLite for local storage + offline queue
- Background thread for AdaMaps retry
- systemd service unit
- install.sh for device deployment
 2026-03-14 08:13:04 -07:00
kayos
b05c0e3d03 Initial commit 2026-03-14 08:11:41 -07:00