Sulkta-OSS/adacam-api
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
adacam-api/adacam_api
History
Cobb 22fba16c0c
All checks were successful
gitleaks / scan (push) Successful in 35s
Details
security: random per-device API token + one-shot pairing window (CRIT auth-bypass fix) 
The bearer token was sha256(serial)[:32] and the serial is served unauthenticated, so anyone reaching :5000 could compute it and take the device over. Now: token is a random secrets.token_urlsafe(32) at /data/adacam/api_token (never derived from serial); /pair only returns it during a one-shot pairing window (/data/adacam/pairing_open, opened by adacam-pair or install.sh, closes after one pair); require_auth uses hmac.compare_digest. NEEDS ON-DEVICE PAIRING TEST before merge to main — see SECURITY-PAIRING.md.
2026-06-13 09:48:29 -07:00
..
routes fix: pre-liberation review — frames dir, wigle config GET, debug redis-keys endpoint 2026-03-14 17:59:08 -07:00
__init__.py Initial commit: adacam-api v1.0.0 2026-03-14 08:13:04 -07:00
app.py security: random per-device API token + one-shot pairing window (CRIT auth-bypass fix) 2026-06-13 09:48:29 -07:00
auth.py security: random per-device API token + one-shot pairing window (CRIT auth-bypass fix) 2026-06-13 09:48:29 -07:00
config.py Rotate AdaMaps ingest+read keys (env-required, no inline default) 2026-05-27 09:17:22 -07:00
db.py Initial commit: adacam-api v1.0.0 2026-03-14 08:13:04 -07:00
forwarder.py Initial commit: adacam-api v1.0.0 2026-03-14 08:13:04 -07:00
redis_client.py fix: GPS from SQLite framekms (confirmed live device schema) 2026-03-14 20:51:26 -07:00