joachim/location-mqtt-tracker-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
29 Commits 1 Branch 0 Tags
def94bfeb8acab6c6cd629197f1b7083a80dcb6a
Commit Graph

5 Commits

Author SHA1 Message Date
Joachim Hummel
e64a22dee5 Clean up development artifacts and obsolete code 
Dependencies:
- Remove unused bcrypt package (only bcryptjs is used)
- Remove @types/bcrypt (only @types/bcryptjs needed)

Scripts cleanup:
- Delete migration scripts (one-time use, already applied):
  - add-mqtt-tables.js
  - add-parent-user-column.js
  - migrate-device-ownership.js
  - fix-acl-topic-patterns.js
  - update-acl-permission.js
- Delete personal test/debug scripts:
  - reset-joachim-password.js
  - test-joachim-password.js
  - check-admin.js
  - check-user-password.js
  - test-password.js
  - test-device-access.js
  - test-user-visibility.js
- Move change-mqtt-admin-password.sh to scripts/ directory

Code cleanup:
- Remove debug console.log statements from:
  - app/api/locations/ingest/route.ts
  - components/map/MapView.tsx (2 debug logs)
  - lib/db.ts

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-01 09:03:18 +00:00
Joachim Hummel
b95866f549 Fix MQTT password sync to actually update password.txt 
- Add scripts/sync-mqtt-config.ts for standalone sync execution
- Update change-mqtt-admin-password.sh to use tsx to execute sync
- Now properly regenerates password.txt with new hashed password
- Mosquitto config is automatically reloaded after sync

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-01 08:19:25 +00:00
Joachim Hummel
31c0e1f572 Fix MQTT topic pattern for OwnTracks and implement privacy isolation 
CRITICAL FIX: The OwnTracks app publishes to owntracks/<username>/<device_id>,
not owntracks/owntrack/<device_id>. This was causing data delivery failures
and privacy violations.

Changes:
- Fix ACL topic pattern: owntracks/<username>/# (was: owntracks/owntrack/<device_id>)
- Backend now uses MQTT_ADMIN_USERNAME for global subscription
- Update UI forms and placeholders with correct pattern
- Update email template with correct topic format
- Enable Mosquitto ACL file for user isolation
- Add migration script for existing ACL rules
- Update documentation (README, GEMINI.md)

Privacy & Security:
- Each user isolated at MQTT broker level via ACL
- Backend subscribes with admin credentials to owntracks/+/+
- Web UI filters data by parent_user_id for additional security
- GDPR compliant multi-layer defense in depth

Files changed:
- lib/mqtt-db.ts - Updated createDefaultRule() to use username
- app/api/mqtt/credentials/route.ts - Pass username to ACL creation
- app/admin/mqtt/page.tsx - UI forms and state management
- emails/mqtt-credentials.tsx - Email template topic pattern
- lib/mqtt-subscriber.ts - Use admin credentials from env
- mosquitto/config/mosquitto.conf - Enable ACL enforcement
- README.md, GEMINI.md - Documentation updates
- scripts/fix-acl-topic-patterns.js - Migration script
- MQTT_TOPIC_FIX.md - Detailed implementation guide

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-29 21:49:31 +00:00
Joachim Hummel
632c92f3ee Add MQTT tables and parent_user_id column to database schema 
Added MQTT credentials, ACL rules, and sync status tables for broker integration. Added parent_user_id column to User table for hierarchical user management.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-29 13:37:01 +00:00
Joachim Hummel
843e93a274 first commit 2025-11-24 16:30:37 +00:00