The MQTT_PUBLIC_BROKER_URL environment variable was defined in .env but
wasn't being passed to the app container in docker-compose.yml, causing
emails to still show the internal broker URL (mqtt://mosquitto:1883)
instead of the public one (mqtt://192.168.10.118:1883).
Changes:
- Added MQTT_PUBLIC_BROKER_URL to docker-compose.yml environment section
- Fixed .env to use proper format: mqtt://192.168.10.118:1883
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The MQTT broker URL in credential emails was using the internal Docker
address (mqtt://mosquitto:1883) which is not accessible from external
OwnTracks apps. Added MQTT_PUBLIC_BROKER_URL environment variable to
configure the publicly accessible broker address for client apps.
Changes:
- Add MQTT_PUBLIC_BROKER_URL to .env.example with documentation
- Update send-credentials route to use public URL with fallback
- Maintain backward compatibility with existing MQTT_BROKER_URL
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove obsolete reference to scripts/add-mqtt-tables.js
- MQTT tables are now created in init-database.js
- Fixes Docker build failure
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove max reconnect attempts limit (was 10)
- MQTT subscriber now retries indefinitely until connection succeeds
- Reduce log spam by logging only first 10 attempts, then every 10th
- Prevents permanent connection loss after temporary network issues
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Move types/location.ts to lib/types.ts
- Update all imports from @/types/location to @/lib/types
- Remove empty types/ directory
- Better aligns with Next.js conventions
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add scripts/sync-mqtt-config.ts for standalone sync execution
- Update change-mqtt-admin-password.sh to use tsx to execute sync
- Now properly regenerates password.txt with new hashed password
- Mosquitto config is automatically reloaded after sync
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Remove automatic sync that required authentication. Users should either:
- Log into Admin Panel and click 'Sync MQTT Config'
- Or restart Mosquitto container to apply changes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed allow_anonymous from true to false in mosquitto.conf to prevent unauthorized access to the MQTT broker. Authentication is now required for all connections.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Replace placeholder graphics with actual screenshots for both security dashboard and admin panel. Simplify image display with consistent styling.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Downloaded admin panel screenshot from pCloud and saved to public folder
- Replaced placeholder icon with actual screenshot in homepage demo section
- Implemented responsive image display: full screenshot on desktop (object-contain), cropped view on mobile (object-cover)
- Image hosted locally for better performance and reliability
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add logout functionality to map page header:
- Import signOut from next-auth/react
- Add Logout button next to Admin button
- Use same red gradient styling as admin layout
- Redirect to /login after logout
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add closing div tags for relative wrapper elements:
- Close relative div in devices page card structure
- Close relative div in users page card structure
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add gradient hero section with welcome message
- Redesign stat cards with colorful gradients and hover effects
- Update system status cards with color-coded backgrounds
- Enhance database statistics section with modern cards
- Modernize device list table with gradient headers
- Improve database maintenance section with better visual hierarchy
- Add gradient background to entire admin layout
- Update header with glassmorphism effect and modern badges
- Enhance navigation with improved active states and transitions
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
CRITICAL FIX: The OwnTracks app publishes to owntracks/<username>/<device_id>,
not owntracks/owntrack/<device_id>. This was causing data delivery failures
and privacy violations.
Changes:
- Fix ACL topic pattern: owntracks/<username>/# (was: owntracks/owntrack/<device_id>)
- Backend now uses MQTT_ADMIN_USERNAME for global subscription
- Update UI forms and placeholders with correct pattern
- Update email template with correct topic format
- Enable Mosquitto ACL file for user isolation
- Add migration script for existing ACL rules
- Update documentation (README, GEMINI.md)
Privacy & Security:
- Each user isolated at MQTT broker level via ACL
- Backend subscribes with admin credentials to owntracks/+/+
- Web UI filters data by parent_user_id for additional security
- GDPR compliant multi-layer defense in depth
Files changed:
- lib/mqtt-db.ts - Updated createDefaultRule() to use username
- app/api/mqtt/credentials/route.ts - Pass username to ACL creation
- app/admin/mqtt/page.tsx - UI forms and state management
- emails/mqtt-credentials.tsx - Email template topic pattern
- lib/mqtt-subscriber.ts - Use admin credentials from env
- mosquitto/config/mosquitto.conf - Enable ACL enforcement
- README.md, GEMINI.md - Documentation updates
- scripts/fix-acl-topic-patterns.js - Migration script
- MQTT_TOPIC_FIX.md - Detailed implementation guide
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Redesign header with consistent button heights and spacing
- Move all controls to single compact row on desktop
- Add proper visual hierarchy with subtle shadows and borders
- Implement modern color scheme (gray-50/200/300/700/900)
- Optimize spacing to maximize map visibility
- Improve responsive layout for mobile devices
- Add smooth transitions and hover states
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed hardcoded MQTT_BROKER_URL to read from .env file with fallback to mqtt://mosquitto:1883. This allows using external MQTT brokers like mqtt://tracking.unixweb.de:1883 by simply updating the .env file.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added documentation for:
- parent_user_id column in User table (hierarchical user management)
- mqtt_credentials table with device authentication
- mqtt_acl_rules table for topic permissions
- mqtt_sync_status table for broker synchronization
- All new database indexes
- Updated ER diagram with new relationships
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added MQTT credentials, ACL rules, and sync status tables for broker integration. Added parent_user_id column to User table for hierarchical user management.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
