major: kestrel is now a tak server #6

keligrubb · 2026-02-17T15:43:35Z

keligrubb commented

2026-02-17 15:43:35 +00:00

Added

CoT (Cursor on Target) server on port 8089 enabling ATAK/iTAK device connectivity
Support for TAK stream protocol and traditional XML CoT messages
TLS/SSL support with automatic fallback to plain TCP
Username/password authentication for CoT connections
Real-time device position tracking with TTL-based expiration (90s default)
API endpoints: /api/cot/config, /api/cot/server-package, /api/cot/truststore, /api/me/cot-password
TAK Server section in Settings with QR code for iTAK setup
ATAK password management in Account page for OIDC users
CoT device markers on map showing real-time positions
Comprehensive documentation in docs/ directory
Environment variables: COT_PORT, COT_TTL_MS, COT_REQUIRE_AUTH, COT_SSL_CERT, COT_SSL_KEY, COT_DEBUG
Dependencies: fast-xml-parser, jszip, qrcode

Changed

Authentication system supports CoT password management for OIDC users
Database schema includes cot_password_hash field
Test suite refactored to follow functional design principles

Removed

Consolidated utility modules: authConfig.js, authSkipPaths.js, bootstrap.js, poiConstants.js, session.js

Security

XML entity expansion protection in CoT parser
Enhanced input validation and SQL injection prevention
Authentication timeout to prevent hanging connections

Breaking Changes

Port 8089 must be exposed for CoT server. Update firewall rules and Docker/Kubernetes configurations.

Migration Notes

OIDC users must set ATAK password via Account settings before connecting
Docker: expose port 8089 (-p 8089:8089)
Kubernetes: update Helm values to expose port 8089

## Added - CoT (Cursor on Target) server on port 8089 enabling ATAK/iTAK device connectivity - Support for TAK stream protocol and traditional XML CoT messages - TLS/SSL support with automatic fallback to plain TCP - Username/password authentication for CoT connections - Real-time device position tracking with TTL-based expiration (90s default) - API endpoints: `/api/cot/config`, `/api/cot/server-package`, `/api/cot/truststore`, `/api/me/cot-password` - TAK Server section in Settings with QR code for iTAK setup - ATAK password management in Account page for OIDC users - CoT device markers on map showing real-time positions - Comprehensive documentation in `docs/` directory - Environment variables: `COT_PORT`, `COT_TTL_MS`, `COT_REQUIRE_AUTH`, `COT_SSL_CERT`, `COT_SSL_KEY`, `COT_DEBUG` - Dependencies: `fast-xml-parser`, `jszip`, `qrcode` ## Changed - Authentication system supports CoT password management for OIDC users - Database schema includes `cot_password_hash` field - Test suite refactored to follow functional design principles ## Removed - Consolidated utility modules: `authConfig.js`, `authSkipPaths.js`, `bootstrap.js`, `poiConstants.js`, `session.js` ## Security - XML entity expansion protection in CoT parser - Enhanced input validation and SQL injection prevention - Authentication timeout to prevent hanging connections ## Breaking Changes - Port 8089 must be exposed for CoT server. Update firewall rules and Docker/Kubernetes configurations. ## Migration Notes - OIDC users must set ATAK password via Account settings before connecting - Docker: expose port 8089 (`-p 8089:8089`) - Kubernetes: update Helm values to expose port 8089

keligrubb self-assigned this 2026-02-17 15:43:35 +00:00

keligrubb added 1 commit 2026-02-17 15:43:36 +00:00

make kestrel a tak server, so that it can send and receive pois as cots data