Feature: Jinja2 template in poster field

AlexxIT / WebRTC

Home Assistant custom component for real-time viewing of almost any camera stream using WebRTC and other technologies.

https://github.com/AlexxIT/Blog

MIT License

1.34k stars 159 forks source link

Feature: Jinja2 template in poster field #679

Open JavanXD opened 2 months ago

JavanXD commented 2 months ago

The URL of the poster is encoded to something like:

string: /api/webrtc/ws?authSig=xxx-0aCvSaALjijo&poster=%7B%20%2Flocal%2Fimages443%2Fdoorbell.jpg%3F%7B%7B%20as_timestamp(now())%20%7D%7D%0A

I defined the poster in the webrtc card:

poster: "https://xxx/local/imagesxxx/doorbell.jpg?{{ as_timestamp(now()) }}"

Your code implies that Jinja2 templates are supported:

if "{{" in poster or "{%" in poster:
    # support Jinja2 tempaltes inside poster
    poster = Template(poster, hass).async_render()

But adding "{%" does not work as well as executing above Jinja2 template.

JavanXD commented 2 months ago

I found a related error log:

Logger: homeassistant.components.http.security_filter
Quelle: components/http/security_filter.py:65
Integration: HTTP (Dokumentation, Probleme)
Erstmals aufgetreten: 4. April 2024 um 23:48:58 (126 Vorkommnisse)
Zuletzt protokolliert: 00:02:26

Filtered a request with unsafe byte query string: /api/webrtc/ws?authSig=2ODE0NSwiZXhwIjoxNzEyMjY4MTc1fQ.NHLLu-CazKxsto3Heq-UmEQBzygi0UrqakhVmunHcyM&poster=%7B%25%20se%20%2Flocal%2Fimages443%2Fdoorbell.jpg%3F%7B%7B%20as_timestamp(now())%20%7D%7D%0A

Looks like the request is getting filtered by Homeassistants security module.

To fix this could you please base64 the poster field?

AlexxIT commented 2 months ago

https://github.com/AlexxIT/WebRTC/blob/309b6d5521a4fbaa129f01ace3dcecbfdad6c758/custom_components/webrtc/www/webrtc-camera.js#L68