joachim/location-mqtt-tracker-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
location-mqtt-tracker-app/mosquitto/config/mosquitto.conf
Joachim Hummel 31c0e1f572 Fix MQTT topic pattern for OwnTracks and implement privacy isolation 
CRITICAL FIX: The OwnTracks app publishes to owntracks/<username>/<device_id>,
not owntracks/owntrack/<device_id>. This was causing data delivery failures
and privacy violations.

Changes:
- Fix ACL topic pattern: owntracks/<username>/# (was: owntracks/owntrack/<device_id>)
- Backend now uses MQTT_ADMIN_USERNAME for global subscription
- Update UI forms and placeholders with correct pattern
- Update email template with correct topic format
- Enable Mosquitto ACL file for user isolation
- Add migration script for existing ACL rules
- Update documentation (README, GEMINI.md)

Privacy & Security:
- Each user isolated at MQTT broker level via ACL
- Backend subscribes with admin credentials to owntracks/+/+
- Web UI filters data by parent_user_id for additional security
- GDPR compliant multi-layer defense in depth

Files changed:
- lib/mqtt-db.ts - Updated createDefaultRule() to use username
- app/api/mqtt/credentials/route.ts - Pass username to ACL creation
- app/admin/mqtt/page.tsx - UI forms and state management
- emails/mqtt-credentials.tsx - Email template topic pattern
- lib/mqtt-subscriber.ts - Use admin credentials from env
- mosquitto/config/mosquitto.conf - Enable ACL enforcement
- README.md, GEMINI.md - Documentation updates
- scripts/fix-acl-topic-patterns.js - Migration script
- MQTT_TOPIC_FIX.md - Detailed implementation guide

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-29 21:49:31 +00:00

46 lines
1.1 KiB
Plaintext
Raw Permalink Blame History

# Mosquitto Configuration für Location Tracker
# Listener auf allen Interfaces
listener 1883
protocol mqtt
# WebSocket Listener (optional)
listener 9001
protocol websockets
# Persistenz
persistence true
persistence_location /mosquitto/data/
# Logging
log_dest file /mosquitto/log/mosquitto.log
log_dest stdout
log_type error
log_type warning
log_type notice
log_type information
log_timestamp true
# Authentifizierung
# Aktiviert bei Erstinstallation - Admin User wird durch Sync konfiguriert
# allow_anonymous false
allow_anonymous true
password_file /mosquitto/config/password.txt
# Access Control List
acl_file /mosquitto/config/acl.txt
# Connection Settings
max_connections -1
# QoS 1/2 Settings - optimiert für GPS Tracking
max_inflight_messages 100 # Erhöht von 20 - mehr parallele QoS 1/2 Messages
max_queued_messages 10000 # Erhöht von 1000 - größerer Buffer bei Offline-Clients
max_queued_bytes 0 # 0 = unlimited
# QoS 0 Settings
upgrade_outgoing_qos false # Respektiere Client QoS Level
# Retain Messages
retain_available true
Reference in New Issue View Git Blame Copy Permalink