Keli Grubb
e61e6bc7e3
All checks were successful
ci/woodpecker/push/push Pipeline was successful
## Added - CoT (Cursor on Target) server on port 8089 enabling ATAK/iTAK device connectivity - Support for TAK stream protocol and traditional XML CoT messages - TLS/SSL support with automatic fallback to plain TCP - Username/password authentication for CoT connections - Real-time device position tracking with TTL-based expiration (90s default) - API endpoints: `/api/cot/config`, `/api/cot/server-package`, `/api/cot/truststore`, `/api/me/cot-password` - TAK Server section in Settings with QR code for iTAK setup - ATAK password management in Account page for OIDC users - CoT device markers on map showing real-time positions - Comprehensive documentation in `docs/` directory - Environment variables: `COT_PORT`, `COT_TTL_MS`, `COT_REQUIRE_AUTH`, `COT_SSL_CERT`, `COT_SSL_KEY`, `COT_DEBUG` - Dependencies: `fast-xml-parser`, `jszip`, `qrcode` ## Changed - Authentication system supports CoT password management for OIDC users - Database schema includes `cot_password_hash` field - Test suite refactored to follow functional design principles ## Removed - Consolidated utility modules: `authConfig.js`, `authSkipPaths.js`, `bootstrap.js`, `poiConstants.js`, `session.js` ## Security - XML entity expansion protection in CoT parser - Enhanced input validation and SQL injection prevention - Authentication timeout to prevent hanging connections ## Breaking Changes - Port 8089 must be exposed for CoT server. Update firewall rules and Docker/Kubernetes configurations. ## Migration Notes - OIDC users must set ATAK password via Account settings before connecting - Docker: expose port 8089 (`-p 8089:8089`) - Kubernetes: update Helm values to expose port 8089 Co-authored-by: Madison Grubb <madison@elastiflow.com> Reviewed-on: #6
45 lines
1.5 KiB
Markdown
45 lines
1.5 KiB
Markdown
# Share Live
|
|
|
|
Stream your phone's camera and location to KestrelOS. Appears as a **live session** on the map and in **Cameras**. Uses **WebRTC** (Mediasoup) and requires **HTTPS** on mobile.
|
|
|
|
## Usage
|
|
|
|
1. Open **Share live** (sidebar → **Share live** or `/share-live`)
|
|
2. Tap **Start sharing**, allow camera/location permissions
|
|
3. Device appears on map and in **Cameras**
|
|
4. Tap **Stop sharing** to end
|
|
|
|
**Permissions:** Admin/leader can start sharing. All users can view live sessions.
|
|
|
|
## Requirements
|
|
|
|
- **HTTPS** (browsers require secure context for camera/geolocation)
|
|
- **Camera and location permissions**
|
|
- **WebRTC ports:** UDP/TCP `40000-49999` open on server
|
|
|
|
## Local Development
|
|
|
|
**Generate self-signed cert:**
|
|
```bash
|
|
chmod +x scripts/gen-dev-cert.sh
|
|
./scripts/gen-dev-cert.sh 192.168.1.123 # Your LAN IP
|
|
npm run dev
|
|
```
|
|
|
|
**On phone:** Open `https://192.168.1.123:3000`, accept cert warning, sign in, use Share live.
|
|
|
|
## WebRTC Configuration
|
|
|
|
- Server auto-detects LAN IP for WebRTC
|
|
- **Docker/multiple NICs:** Set `MEDIASOUP_ANNOUNCED_IP` to client-reachable IP/hostname
|
|
- **"Wrong host" error:** Use same URL on phone/server, or set `MEDIASOUP_ANNOUNCED_IP`
|
|
|
|
## Troubleshooting
|
|
|
|
| Issue | Fix |
|
|
|-------|-----|
|
|
| "HTTPS required" | Use `https://` (not `http://`) |
|
|
| "Media devices not available" | Ensure HTTPS and browser permissions |
|
|
| "WebRTC: failed" / "Wrong host" | Set `MEDIASOUP_ANNOUNCED_IP`, open firewall ports `40000-49999` |
|
|
| Stream not visible | Check server reachability and firewall |
|