Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Media browser does not work when accessing frigate with authentication. #812

Open
SamMousa opened this issue Dec 15, 2024 · 14 comments
Open

Media browser does not work when accessing frigate with authentication. #812

SamMousa opened this issue Dec 15, 2024 · 14 comments

Comments

@SamMousa
Copy link

Describe the bug

When browsing media via HA the proxied URLs for snapshots / clips / recordings all return 401 errors.
At the same time I see the resolved URL in the frigate container:

2024-12-15 19:27:13.663300410  192.168.18.3 - - [15/Dec/2024:19:27:13 +0100] "GET /api/events/1734285996.292472-4ggity/snapshot.jpg HTTP/1.1" 401 179 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0" "192.168.18.5"

I altered the nginx config inside the container to do a bit more logging, inside auth_request.conf I added:

add_header X-Requested-Uri $request_uri always;
add_header X-Requested-Auth $http_authorization always;

This helps me in seeing what the frigate request looks like through HA's internal proxy.

The resulting response headers from the 401 I get from HA, which is forwarded from frigate:

X-Requested-Uri: /api/events/1734270241.350298-6easg5/thumbnail.jpg

This means that there is no authorization header in the request from HA to Frigate.

I'm not sure how the unauthenticated request is possible since in https://github.com/blakeblackshear/frigate-hass-integration/blob/master/custom_components/frigate/api.py#L155 it uses the api wrapper which should be adding headers.

Debug logs

These show nothing interesting, which is weird.

2024-12-15 21:11:35.200 DEBUG (MainThread) [custom_components.frigate] Finished fetching frigate data in 0.010 seconds (success: True)
2024-12-15 21:11:40.196 DEBUG (MainThread) [custom_components.frigate] Finished fetching frigate data in 0.005 seconds (success: True)
2024-12-15 21:11:45.198 DEBUG (MainThread) [custom_components.frigate] Finished fetching frigate data in 0.008 seconds (success: True)

Version of the custom_component

5.6.0

For now this is all the time I can spend on this, I'll do more research and come back with more info if I have it.
If anyone else using the authenticated port 8197 to connect from this integration to frigate hosted on a different machine could confirm that their media browser works properly that'd be great.
@NickM-27
Copy link
Collaborator

NickM-27 commented Dec 15, 2024
edited
Loading

I'm not seeing this personally, snapshots and clips are loading for me using auth and the HA companion app

@SamMousa
Copy link
Author

I've reinstalled the integration, no change.
I've exposed port 5000 and reconfigured it to use that, it works instantly.

This means that the issue has to be somewhere in the integration, I have no explanation why you would not be seeing it. You're checking the HA media browser right? ie Media > Frigate

@NickM-27
Copy link
Collaborator

yes, using the media tab in the sidebar then choosing Frigate. Working fine for me on desktop browser as well just checked that. I can see in nginx that it is working correctly. What is your Frigate auth config?

@SamMousa
Copy link
Author

no auth related config; below is my full config for reference.
i run frigate via an orchestrator (hashicorp nomad), but in the end it just runs a docker container which directly exposes ports (ie no proxies on that side)

database:
  path: /db/frigate.db
tls:
  enabled: false
logger:
  default: debug
birdseye:
  mode: continuous
mqtt:
  host: 192.168.18.3
  user: xxxx
  password: xxxxx
go2rtc:
  rtsp:
    listen: :8554
    username: restream
    password: xxxxx
  streams:
    doorbell:
      - ffmpeg:http://192.168.17.3/flv?port=1935&app=bcs&stream=channel0_main.bcs&user=admin&password=xxxx#video=copy#audio=copy#audio=opus
      - rtsp://admin:[email protected]/Preview_01_main
    doorbell_sub:
      - ffmpeg:http://192.168.17.3/flv?port=1935&app=bcs&stream=channel0_ext.bcs&user=admin&password=xxxx
      - rtsp://admin:[email protected]/Preview_01_sub

cameras:
  doorbell:
    ffmpeg:
      inputs:
        - path: rtsp://restream:[email protected]:8554/doorbell_sub
          input_args: preset-rtsp-restream
          roles:
            - detect
        - path: rtsp://restream:[email protected]:8554/doorbell
          input_args: preset-rtsp-restream
          roles:
            - record
#            - rtmp
detectors:
  tensorrt:
    type: tensorrt
    device: 0 #This is the default, select the first GPU
model:
  path: /config/model_cache/tensorrt/yolov7-320.trt
  input_tensor: nchw
  input_pixel_format: rgb
  width: 320
  height: 320
      
      #  cpu1:
#    type: cpu
#  cpu2:
#   type: cpu
#  cpu3:
#    type: cpu
record:
  enabled: false
detect:
  enabled: true
version: 0.15-0
objects:
  track:
    - person
    - street sign
    - cell phone

@janusn
Copy link

janusn commented Dec 17, 2024

I have encountered the same problem as well. The streaming widgets worked fine if I connect to frigate via port 5000 but no stream while connecting to port 8971. I have been switching between them a dozen times.

Environment:

  • HA Core version: 2024.12.3
  • HA Frontend version: 20241127.8
  • Frigate version: 0.14.1-f4f3cfa
  • TLS on Frigate is enabled or disabled.
  • Frigate Card version: 6.0.12

@SamMousa
Copy link
Author

I have encountered the same problem as well. The streaming widgets worked fine if I connect to frigate via port 5000 but no stream while connecting to port 8971. I have been switching between them a dozen times.

Environment:

* HA Core version: 2024.12.3

* HA Frontend version: 20241127.8

* Frigate version: 0.14.1-f4f3cfa

* TLS on Frigate is enabled or disabled.

* Frigate Card version: 6.0.12

That's a different issue, did you configure the stream template in the integration settings?

@janusn
Copy link

janusn commented Dec 17, 2024

@SamMousa

Do you mean adding authentications on the field RTSP URL Template (see documentation) of this dialog?
IMG_4351

@janusn
Copy link

janusn commented Dec 17, 2024
edited
Loading

@SamMousa

Ok, thanks to your pointer, I have just tried and adding authentications on the field does fix the problem.

But it was not needed in the port 5000 setup. Shouldn’t the behavior consistent between both authenticated and unauthenticated setups?

@SamMousa
Copy link
Author

It's an different issue, not the one I'm having. If you want to have that discussion start a new issue please.

Can you confirm that in your case saved recordings, access via HA media browser do work?

@janusn
Copy link

janusn commented Dec 17, 2024

@SamMousa

yes they work on mine after added the RTSP URL template value.

@SamMousa
Copy link
Author

I think we are having a miscommunication, the saved recordings don't use go2rtc as far as I can tell.

@janusn
Copy link

janusn commented Dec 17, 2024
edited
Loading

@SamMousa

Is this the media browser that you mean?
IMG_4352

and this is one of the clips from the ‘clips’ button on frigate card. Please ignore the extra stats below.
IMG_4353

Could you clarify which features you mean?

@SamMousa
Copy link
Author

The first screenshot, that works for you with authentication? Hmm then it is related to my setup specifically...

@NickM-27
Copy link
Collaborator

Nothing in the code references port 5000 so this would be coming from some incorrect integration config

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SamMousa @NickM-27 @janusn