major: kestrel is now a tak server (#6) · e61e6bc7e3 - kestrelos

major: kestrel is now a tak server (#6)

All checks were successful

ci/woodpecker/push/push Pipeline was successful

Details

## Added

- CoT (Cursor on Target) server on port 8089 enabling ATAK/iTAK device connectivity
- Support for TAK stream protocol and traditional XML CoT messages
- TLS/SSL support with automatic fallback to plain TCP
- Username/password authentication for CoT connections
- Real-time device position tracking with TTL-based expiration (90s default)
- API endpoints: `/api/cot/config`, `/api/cot/server-package`, `/api/cot/truststore`, `/api/me/cot-password`
- TAK Server section in Settings with QR code for iTAK setup
- ATAK password management in Account page for OIDC users
- CoT device markers on map showing real-time positions
- Comprehensive documentation in `docs/` directory
- Environment variables: `COT_PORT`, `COT_TTL_MS`, `COT_REQUIRE_AUTH`, `COT_SSL_CERT`, `COT_SSL_KEY`, `COT_DEBUG`
- Dependencies: `fast-xml-parser`, `jszip`, `qrcode`

## Changed

- Authentication system supports CoT password management for OIDC users
- Database schema includes `cot_password_hash` field
- Test suite refactored to follow functional design principles

## Removed

- Consolidated utility modules: `authConfig.js`, `authSkipPaths.js`, `bootstrap.js`, `poiConstants.js`, `session.js`

## Security

- XML entity expansion protection in CoT parser
- Enhanced input validation and SQL injection prevention
- Authentication timeout to prevent hanging connections

## Breaking Changes

- Port 8089 must be exposed for CoT server. Update firewall rules and Docker/Kubernetes configurations.

## Migration Notes

- OIDC users must set ATAK password via Account settings before connecting
- Docker: expose port 8089 (`-p 8089:8089`)
- Kubernetes: update Helm values to expose port 8089

Co-authored-by: Madison Grubb <madison@elastiflow.com>
Reviewed-on: #6

This commit was merged in pull request #6.

This commit is contained in:

Keli Grubb

2026-02-17 16:41:41 +00:00

parent b18283d3b3

commit e61e6bc7e3

117 changed files with 5329 additions and 1040 deletions

									
										10

server/routes/health/ready.get.js
									
												View File
												
				@@ -1 +1,9 @@

				export default defineEventHandler(() => ({ status: 'ready' }))

				import { healthCheck } from '../../utils/db.js'

				export default defineEventHandler(async () => {

				  const health = await healthCheck()

				  if (!health.healthy) {

				    throw createError({ statusCode: 503, message: 'Database not ready' })

				  }

				  return { status: 'ready' }

				})

major: kestrel is now a tak server (#6) All checks were successful ci/woodpecker/push/push Pipeline was successful Details

10 server/routes/health/ready.get.js Unescape Escape View File

major: kestrel is now a tak server (#6)

All checks were successful

ci/woodpecker/push/push Pipeline was successful

Details

10

server/routes/health/ready.get.js

View File