v0.7.53-1 - auth and env var fixes

All credit and thanks to @Mich-b for fixing the authentication header issues that were causing problems in the NVR plugin and for addition of env vars for auth (and other future use)
aegjoyce · Apr 12, 2023 · b2288d1 · b2288d1
1 parent 1a7f73f
commit b2288d1
Show file tree

Hide file tree

Showing 27 changed files with 223 additions and 10 deletions.
diff --git a/scrypted-lite/CHANGELOG.md b/scrypted-lite/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 but this project does not adhere to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v0.7.53-1] - 2023-04-12
+### Added
+- Add user-configurable environment variables - all credit and thanks to @Mich-b
+### Changed
+- Update authentication to allow correct rendering of images and video in NVR plugin - all credit and thanks to @Mich-b
+
 ## [v0.7.53] - 2023-04-08
 ### Changed
 - Update base image to v0.7.53

diff --git a/scrypted-lite/DOCS.md b/scrypted-lite/DOCS.md
@@ -1,3 +1,17 @@
 # Scrypted Lite Add-on for Home Assistant
 
-For more information on Scrypted, please check out the [the Scrypted website](https://scrypted.app) or [the Scrypted GitHub page](https://github.com/koush/scrypted).
+For more information on Scrypted, please check out the [the Scrypted website](https://scrypted.app) or [the Scrypted GitHub page](https://github.com/koush/scrypted).
+
+# Advanced: Environment variables
+Environment variables may be set using the add-on configuration screen and are loaded as the add-on starts. Valid variables must begin with `SCRYPTED_`, for example:
+
+```
+- name: "SCRYPTED_DISABLE_AUTHENTICATION"
+  value: "false"
+- name: "SCRYPTED_ADMIN_TOKEN"
+  value: "secret"
+- name: "SCRYPTED_ADMIN_USERNAME"
+  value: "hassioingress"
+```
+
+If set, `SCRYPTED_ADMIN_TOKEN` can be used by `ingress.conf` to automatically authenticate all requests that originate from Home Assistant. 
diff --git a/scrypted-lite/README.md b/scrypted-lite/README.md
@@ -43,7 +43,7 @@ To export your configuration and database, make and download a backup of the Scr
 
 ## NVR
 
-Users of Scrypted NVR should set their recordings directory to `/media/scrypted`. Please bear in mind that backing up this folder will substantially increase the size of your Home Assistant backups!
+Users of Scrypted NVR should set their recordings directory to `/media/scrypted`. Please bear in mind that backing up this folder will substantially increase the size of your Home Assistant backups unless you exclude this folder as part of a partial backup!
 
 ## Known issues
 

diff --git a/scrypted-lite/config.yaml b/scrypted-lite/config.yaml
@@ -1,5 +1,5 @@
 name: Scrypted Lite
-version: "v0.7.53"
+version: "v0.7.53-1"
 slug: scrypted-lite
 description: Lite version of Scrypted with smaller image size and some dependencies removed
 url: "https://github.com/koush/scrypted"
@@ -24,3 +24,11 @@ backup_exclude:
   - /server
 map:
   - media:rw
+options:
+  env_vars: []
+schema:
+  env_vars:
+    - name: match(^SCRYPTED_([A-Z0-9_])+$)
+      value: str
+# The file scrypted\rootfs\etc\services.d\scrypted-run\run contains the logic to export all env_vars, since we need this when starting Scrypted. 
+# The file scrypted\rootfs\etc\services.d\nginx\run contains the logic to export all env_vars, since we also need the token in an nginx config. 
diff --git a/scrypted-lite/rootfs/etc/cont-init.d/nginx.sh b/scrypted-lite/rootfs/etc/cont-init.d/nginx.sh
@@ -11,6 +11,7 @@ declare ingress_port
 declare keyfile
 declare ingress_entry
 
+
 port=$(bashio::addon.port 71864)
 if bashio::var.has_value "${port}"; then
     bashio::config.require.ssl

diff --git a/scrypted-lite/rootfs/etc/nginx/servers/ingress.conf b/scrypted-lite/rootfs/etc/nginx/servers/ingress.conf
@@ -15,6 +15,8 @@ server {
     location / {
         proxy_pass http://backend;
         proxy_redirect ~^/(.+)$ $real_scheme://$http_host%%ingress_entry%%/$1;
+        proxy_set_header Authorization "Bearer %%authorization_header%%";
+        proxy_pass_header Authorization;
 
         # Make URLs relative
         sub_filter '/endpoint/' '%%ingress_entry%%/endpoint/';
@@ -31,4 +33,10 @@ server {
         sub_filter 'top.window.location.href' 'location.href';
     }
 
+    # Fix when ingress_entry is added too many times. The slash after backend does the trick. 
+    location %%ingress_entry%%/ {
+        proxy_pass http://backend/;
+        proxy_set_header Authorization "Bearer %%authorization_header%%";
+        proxy_pass_header Authorization;
+    }
 }
diff --git a/scrypted-lite/rootfs/etc/services.d/nginx/run b/scrypted-lite/rootfs/etc/services.d/nginx/run
@@ -5,8 +5,27 @@
 # ==============================================================================
 
 # Wait for the Scrypted service to become available
+declare name
+declare value
 bashio::net.wait_for 10443
 
 bashio::log.info "Starting NGinx..."
+for var in $(bashio::config 'env_vars|keys'); do
+    name=$(bashio::config "env_vars[${var}].name")
+    value=$(bashio::config "env_vars[${var}].value")
+    bashio::log.info "Setting ${name} in nginx run" 
+    export "${name}=${value}"
+done
+
+
+if [[ ! -v SCRYPTED_ADMIN_TOKEN || -z "$SCRYPTED_ADMIN_TOKEN"  ]]; 
+then
+    bashio::log.info "No SCRYPTED_ADMIN_TOKEN setting found, removing proxy_pass_header config."
+    sed -i "s/.*Authorization.*//g" /etc/nginx/servers/ingress.conf
+else
+    bashio::log.info "SCRYPTED_ADMIN_TOKEN setting found, adding proxy_pass_header config." 
+    sed -i "s/%%authorization_header%%/$SCRYPTED_ADMIN_TOKEN/g" /etc/nginx/servers/ingress.conf
+fi
+
 
 exec nginx
diff --git a/scrypted-lite/rootfs/etc/services.d/scrypted-run/run b/scrypted-lite/rootfs/etc/services.d/scrypted-run/run
@@ -3,6 +3,8 @@
 # Home Assistant Community Add-on: Log Viewer
 # Runs the Log Viewer
 # ==============================================================================
+declare name
+declare value
 bashio::log.info "Starting Scrypted..."
 
 # Ensure the configuration exists
@@ -16,4 +18,12 @@ else
     cp /etc/options.json /config/data_scrypted/
 fi
 
+
+for var in $(bashio::config 'env_vars|keys'); do
+    name=$(bashio::config "env_vars[${var}].name")
+    value=$(bashio::config "env_vars[${var}].value")
+    bashio::log.info "Setting ${name} in scrypted run" 
+    export "${name}=${value}"
+done
+
 cd /server && npm exec scrypted-serve
diff --git a/scrypted-lite/translations/en.yaml b/scrypted-lite/translations/en.yaml
@@ -0,0 +1,5 @@
+---
+configuration:
+  env_vars:
+    name: Environment variables
+    description: A list of environment variables that you want to set. Only accepts environment variables that start with "SCRYPTED_". 
diff --git a/scrypted-thin/CHANGELOG.md b/scrypted-thin/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 but this project does not adhere to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v0.7.53-1] - 2023-04-12
+### Added
+- Add user-configurable environment variables - all credit and thanks to @Mich-b
+### Changed
+- Update authentication to allow correct rendering of images and video in NVR plugin - all credit and thanks to @Mich-b
+
 ## [v0.7.53] - 2023-04-08
 ### Changed
 - Update base image to v0.7.53

diff --git a/scrypted-thin/DOCS.md b/scrypted-thin/DOCS.md
@@ -1,3 +1,17 @@
 # Scrypted Thin Add-on for Home Assistant
 
-For more information on Scrypted, please check out the [the Scrypted website](https://scrypted.app) or [the Scrypted GitHub page](https://github.com/koush/scrypted).
+For more information on Scrypted, please check out the [the Scrypted website](https://scrypted.app) or [the Scrypted GitHub page](https://github.com/koush/scrypted).
+
+# Advanced: Environment variables
+Environment variables may be set using the add-on configuration screen and are loaded as the add-on starts. Valid variables must begin with `SCRYPTED_`, for example:
+
+```
+- name: "SCRYPTED_DISABLE_AUTHENTICATION"
+  value: "false"
+- name: "SCRYPTED_ADMIN_TOKEN"
+  value: "secret"
+- name: "SCRYPTED_ADMIN_USERNAME"
+  value: "hassioingress"
+```
+
+If set, `SCRYPTED_ADMIN_TOKEN` can be used by `ingress.conf` to automatically authenticate all requests that originate from Home Assistant. 
diff --git a/scrypted-thin/README.md b/scrypted-thin/README.md
@@ -43,7 +43,7 @@ To export your configuration and database, make and download a backup of the Scr
 
 ## NVR
 
-Users of Scrypted NVR should set their recordings directory to `/media/scrypted`. Please bear in mind that backing up this folder will substantially increase the size of your Home Assistant backups!
+Users of Scrypted NVR should set their recordings directory to `/media/scrypted`. Please bear in mind that backing up this folder will substantially increase the size of your Home Assistant backups unless you exclude this folder as part of a partial backup!
 
 ## Known issues
 

diff --git a/scrypted-thin/config.yaml b/scrypted-thin/config.yaml
@@ -1,5 +1,5 @@
 name: Scrypted Thin
-version: "v0.7.53"
+version: "v0.7.53-1"
 slug: scrypted-thin
 description: Thin version of Scrypted with smaller image size and some dependencies removed
 url: "https://github.com/koush/scrypted"
@@ -24,3 +24,11 @@ backup_exclude:
   - /server
 map:
   - media:rw
+options:
+  env_vars: []
+schema:
+  env_vars:
+    - name: match(^SCRYPTED_([A-Z0-9_])+$)
+      value: str
+# The file scrypted\rootfs\etc\services.d\scrypted-run\run contains the logic to export all env_vars, since we need this when starting Scrypted. 
+# The file scrypted\rootfs\etc\services.d\nginx\run contains the logic to export all env_vars, since we also need the token in an nginx config. 
diff --git a/scrypted-thin/rootfs/etc/cont-init.d/nginx.sh b/scrypted-thin/rootfs/etc/cont-init.d/nginx.sh
@@ -11,6 +11,7 @@ declare ingress_port
 declare keyfile
 declare ingress_entry
 
+
 port=$(bashio::addon.port 71864)
 if bashio::var.has_value "${port}"; then
     bashio::config.require.ssl

diff --git a/scrypted-thin/rootfs/etc/nginx/servers/ingress.conf b/scrypted-thin/rootfs/etc/nginx/servers/ingress.conf
@@ -15,6 +15,8 @@ server {
     location / {
         proxy_pass http://backend;
         proxy_redirect ~^/(.+)$ $real_scheme://$http_host%%ingress_entry%%/$1;
+        proxy_set_header Authorization "Bearer %%authorization_header%%";
+        proxy_pass_header Authorization;
 
         # Make URLs relative
         sub_filter '/endpoint/' '%%ingress_entry%%/endpoint/';
@@ -31,4 +33,10 @@ server {
         sub_filter 'top.window.location.href' 'location.href';
     }
 
+    # Fix when ingress_entry is added too many times. The slash after backend does the trick. 
+    location %%ingress_entry%%/ {
+        proxy_pass http://backend/;
+        proxy_set_header Authorization "Bearer %%authorization_header%%";
+        proxy_pass_header Authorization;
+    }
 }
diff --git a/scrypted-thin/rootfs/etc/services.d/nginx/run b/scrypted-thin/rootfs/etc/services.d/nginx/run
@@ -5,8 +5,27 @@
 # ==============================================================================
 
 # Wait for the Scrypted service to become available
+declare name
+declare value
 bashio::net.wait_for 10443
 
 bashio::log.info "Starting NGinx..."
+for var in $(bashio::config 'env_vars|keys'); do
+    name=$(bashio::config "env_vars[${var}].name")
+    value=$(bashio::config "env_vars[${var}].value")
+    bashio::log.info "Setting ${name} in nginx run" 
+    export "${name}=${value}"
+done
+
+
+if [[ ! -v SCRYPTED_ADMIN_TOKEN || -z "$SCRYPTED_ADMIN_TOKEN"  ]]; 
+then
+    bashio::log.info "No SCRYPTED_ADMIN_TOKEN setting found, removing proxy_pass_header config."
+    sed -i "s/.*Authorization.*//g" /etc/nginx/servers/ingress.conf
+else
+    bashio::log.info "SCRYPTED_ADMIN_TOKEN setting found, adding proxy_pass_header config." 
+    sed -i "s/%%authorization_header%%/$SCRYPTED_ADMIN_TOKEN/g" /etc/nginx/servers/ingress.conf
+fi
+
 
 exec nginx
diff --git a/scrypted-thin/rootfs/etc/services.d/scrypted-run/run b/scrypted-thin/rootfs/etc/services.d/scrypted-run/run
@@ -3,6 +3,8 @@
 # Home Assistant Community Add-on: Log Viewer
 # Runs the Log Viewer
 # ==============================================================================
+declare name
+declare value
 bashio::log.info "Starting Scrypted..."
 
 # Ensure the configuration exists
@@ -16,4 +18,12 @@ else
     cp /etc/options.json /config/data_scrypted/
 fi
 
+
+for var in $(bashio::config 'env_vars|keys'); do
+    name=$(bashio::config "env_vars[${var}].name")
+    value=$(bashio::config "env_vars[${var}].value")
+    bashio::log.info "Setting ${name} in scrypted run" 
+    export "${name}=${value}"
+done
+
 cd /server && npm exec scrypted-serve
diff --git a/scrypted-thin/translations/en.yaml b/scrypted-thin/translations/en.yaml
@@ -0,0 +1,5 @@
+---
+configuration:
+  env_vars:
+    name: Environment variables
+    description: A list of environment variables that you want to set. Only accepts environment variables that start with "SCRYPTED_". 
diff --git a/scrypted/CHANGELOG.md b/scrypted/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 but this project does not adhere to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v0.7.53-1] - 2023-04-12
+### Added
+- Add user-configurable environment variables - all credit and thanks to @Mich-b
+### Changed
+- Update authentication to allow correct rendering of images and video in NVR plugin - all credit and thanks to @Mich-b
+
 ## [v0.7.53] - 2023-04-08
 ### Changed
 - Update base image to v0.7.53

diff --git a/scrypted/DOCS.md b/scrypted/DOCS.md
@@ -1,3 +1,17 @@
 # Scrypted Add-on for Home Assistant
 
-For more information on Scrypted, please check out the [the Scrypted website](https://scrypted.app) or [the Scrypted GitHub page](https://github.com/koush/scrypted).
+For more information on Scrypted, please check out the [the Scrypted website](https://scrypted.app) or [the Scrypted GitHub page](https://github.com/koush/scrypted).
+
+# Advanced: Environment variables
+Environment variables may be set using the add-on configuration screen and are loaded as the add-on starts. Valid variables must begin with `SCRYPTED_`, for example:
+
+```
+- name: "SCRYPTED_DISABLE_AUTHENTICATION"
+  value: "false"
+- name: "SCRYPTED_ADMIN_TOKEN"
+  value: "secret"
+- name: "SCRYPTED_ADMIN_USERNAME"
+  value: "hassioingress"
+```
+
+If set, `SCRYPTED_ADMIN_TOKEN` can be used by `ingress.conf` to automatically authenticate all requests that originate from Home Assistant. 
diff --git a/scrypted/README.md b/scrypted/README.md
@@ -43,7 +43,7 @@ To export your configuration and database, make and download a backup of the Scr
 
 ## NVR
 
-Users of Scrypted NVR should set their recordings directory to `/media/scrypted`. Please bear in mind that backing up this folder will substantially increase the size of your Home Assistant backups!
+Users of Scrypted NVR should set their recordings directory to `/media/scrypted`. Please bear in mind that backing up this folder will substantially increase the size of your Home Assistant backups unless you exclude this folder as part of a partial backup!
 
 ## Known issues
 

diff --git a/scrypted/config.yaml b/scrypted/config.yaml
@@ -1,5 +1,5 @@
 name: Scrypted
-version: "v0.7.53"
+version: "v0.7.53-1"
 slug: scrypted
 description: A home automation platform powered by node.js
 url: "https://github.com/koush/scrypted"
@@ -24,3 +24,11 @@ backup_exclude:
   - /server
 map:
   - media:rw
+options:
+  env_vars: []
+schema:
+  env_vars:
+    - name: match(^SCRYPTED_([A-Z0-9_])+$)
+      value: str
+# The file scrypted\rootfs\etc\services.d\scrypted-run\run contains the logic to export all env_vars, since we need this when starting Scrypted. 
+# The file scrypted\rootfs\etc\services.d\nginx\run contains the logic to export all env_vars, since we also need the token in an nginx config. 
diff --git a/scrypted/rootfs/etc/cont-init.d/nginx.sh b/scrypted/rootfs/etc/cont-init.d/nginx.sh
@@ -11,6 +11,7 @@ declare ingress_port
 declare keyfile
 declare ingress_entry
 
+
 port=$(bashio::addon.port 71864)
 if bashio::var.has_value "${port}"; then
     bashio::config.require.ssl

diff --git a/scrypted/rootfs/etc/nginx/servers/ingress.conf b/scrypted/rootfs/etc/nginx/servers/ingress.conf
@@ -15,6 +15,8 @@ server {
     location / {
         proxy_pass http://backend;
         proxy_redirect ~^/(.+)$ $real_scheme://$http_host%%ingress_entry%%/$1;
+        proxy_set_header Authorization "Bearer %%authorization_header%%";
+        proxy_pass_header Authorization;
 
         # Make URLs relative
         sub_filter '/endpoint/' '%%ingress_entry%%/endpoint/';
@@ -31,4 +33,10 @@ server {
         sub_filter 'top.window.location.href' 'location.href';
     }
 
-}
+    # Fix when ingress_entry is added too many times. The slash after backend does the trick. 
+    location %%ingress_entry%%/ {
+        proxy_pass http://backend/;
+        proxy_set_header Authorization "Bearer %%authorization_header%%";
+        proxy_pass_header Authorization;
+    }
+}
-Original file line number
+Diff line change
@@ Expand Up @@
     ## NVR
-    Users of Scrypted NVR should set their recordings directory to `/media/scrypted`. Please bear in mind that backing up this folder will substantially increase the size of your Home Assistant backups!
+    Users of Scrypted NVR should set their recordings directory to `/media/scrypted`. Please bear in mind that backing up this folder will substantially increase the size of your Home Assistant backups unless you exclude this folder as part of a partial backup!
     ## Known issues
@@ Expand Down @@