search

blakeblackshear / frigate

NVR with realtime local object detection for IP cameras
https://frigate.video
MIT License
19.2k stars 1.76k forks source link

"View Only" Web UI feature request #3539

Open paulplac opened 2 years ago

paulplac commented 2 years ago

Describe what you are trying to accomplish and why in non technical terms I would love a "view only" WEB UI that I could allow my family to access without being able to delete events, turn off detection's or expose camera passwords.

Describe the solution you'd like An option to disable/hide the following: -Delete button on events page -Toggle buttons on camera page -Debug page (at least hide "config" section so that camera passwords are not exposed)

Describe alternatives you've considered I love the Web UI. I don't run HA, but did try it out as an alternate solution. HA does not offer the same simplicity and features as the UI (slow to load cameras and viewing events for all cameras is clunky compared to the Web UI events page).

Additional context Either an option to toggle the "view only" Web UI in the config file or an ability to log in with different permissions would be fantastic. Currently I have openhab send push notification to my phone which link back to the Web UI via reverse proxy.

kzkvv commented 12 months ago

Hi! I have the same problem and I found a dirty workaround. It disables all visible delete/modify actions on backend side.

Disclaimer: I know that what I will write next is a kind of crime against the open-source community. It will be better to contribute and add this feature instead of writing this comment. But I think this workaround will help for some people for whom is really important to have read-only access to Frigate UI right now.

Backend part of Frigate is written in python, which is an interpreted programming language. It means that you can modify source code on the fly, restart Frigate and your changes will be applied immediatly.

This workaround works with docker-compose deploy and Frigate 0.12.1:

  1. Specify the image version explicitly in docker-compose
  2. Pull Frigate sources
  3. Checkout master branch, reset local commit history to release tag
  4. Modify source files. You can check changes in my branch disables toggles, restart, events deletion and any config changes from UI in 0.12.1: https://github.com/blakeblackshear/frigate/compare/master...kzkvv:frigate:read-only-example
  5. Copy modified files from source code to the folder-near-docker-compose
  6. Bind all files using "volumes" section 
      - ./folder-near-docker-compose/dispatcher.py:/opt/frigate/frigate/comms/dispatcher.py
  - ./folder-near-docker-compose/http.py:/opt/frigate/frigate/http.py
  7. Restart container with Frigate

P.S. You can also develop or fix some part of code on-the fly using the same flow

ristomatti commented 2 months ago

A slightly less intrusive but limited method would be to block calls to specific API endpoints on a firewall level. Based on quick testing in DevTools, it appears the UI works fine even if requests to /api/reviews are blocked. If access to reviews is something you want to share, only blockPOST requests. Similarly it seems possible to prevent saving settings. Leaking settings/passwords could not easily be done this way as all the settings are fetched right after logging in and the cameras won't load without it.

Preventing leaking camera passwors can however be avoided by proxying the cameras from a separately installed Go2RTC (or MediaMTX instance).

Edit: Or simpler yet, use a different URL for sharing and do the above in the HTTP proxy level as suggested here.