mirror of
https://github.com/ruvnet/RuView
synced 2026-06-09 10:13:17 +00:00
ruv
f02b431b59
#864 — Docker no longer exposes the sensing API/stream unauthenticated: - Add `require_ws_token` middleware gating `/ws/*` (sensing + introspection) with the API token via `?token=` (browser) or `Authorization: Bearer` (programmatic). Previously /ws/sensing was ungated even with a token set. - docker-entrypoint.sh now fails closed: auto-generates a strong RUVIEW_API_TOKEN when none is supplied and prints it; explicit RUVIEW_ALLOW_UNAUTHENTICATED=1 restores the open LAN posture. - compose/Dockerfile wire the env vars; startup logs + CI smoke test updated to assert secure-by-default (401 with no token) and the opt-out path. - 7 new bearer_auth unit tests (15 total pass). #866 — CSI callbacks were starving (~3 in 70s, 0pps) under the MGMT-only promiscuous filter: - The documented "10 Hz probe injection" never existed — implement it for real (csi_inject_probe_request + 10 Hz timer). Validated on ESP32-C6 (COM9): probe TX succeeds at 10 Hz, but management-frame CSI stays sparse. - Re-admit DATA frames (MGMT+DATA) now that the original wDev_ProcessFiq SPI-cache crash is mitigated by WiFi RX/TX IRAM opts + the existing 50 Hz rate gate. Kconfig CSI_PROMISC_MGMT_ONLY falls back if needed. - Hardware-validated on COM9: yield 0 -> ~9pps avg (peak 19), presence/motion sensing restored, 0 panics over 35s. Co-Authored-By: claude-flow <ruv@ruv.net>
59 lines
2.5 KiB
YAML
59 lines
2.5 KiB
YAML
version: "3.9"
|
|
|
|
services:
|
|
sensing-server:
|
|
build:
|
|
context: ..
|
|
dockerfile: docker/Dockerfile.rust
|
|
image: ruvnet/wifi-densepose:latest
|
|
ports:
|
|
- "3000:3000" # REST API
|
|
- "3001:3001" # WebSocket
|
|
# ESP32 UDP. On Linux/macOS this works with multiple ESP32 nodes out of
|
|
# the box. On Docker Desktop for Windows, multi-source UDP is collapsed
|
|
# to one source IP at the WSL/Hyper-V boundary, so all-but-one node's
|
|
# frames are silently dropped (issue #374, #386).
|
|
#
|
|
# Windows workaround: change this to "5006:5005/udp" and run the host
|
|
# relay so every datagram arrives from the same loopback source:
|
|
#
|
|
# python scripts/udp-relay.py --listen-port 5005 --forward-port 5006
|
|
#
|
|
# See docs/TROUBLESHOOTING.md §9 for details.
|
|
- "5005:5005/udp"
|
|
environment:
|
|
- RUST_LOG=info
|
|
# Bearer-token auth (#864). Secure-by-default: if RUVIEW_API_TOKEN is
|
|
# unset the container generates a random token at startup — retrieve it
|
|
# with `docker compose logs sensing-server`. Pin a known token by exporting
|
|
# RUVIEW_API_TOKEN in your shell / .env, or run open on a trusted, isolated
|
|
# LAN with RUVIEW_ALLOW_UNAUTHENTICATED=1.
|
|
# REST: Authorization: Bearer <token>
|
|
# WS: ws://<host>:3001/ws/sensing?token=<token>
|
|
- RUVIEW_API_TOKEN=${RUVIEW_API_TOKEN:-}
|
|
- RUVIEW_ALLOW_UNAUTHENTICATED=${RUVIEW_ALLOW_UNAUTHENTICATED:-}
|
|
# CSI_SOURCE controls the data source for the sensing server.
|
|
# Options: auto (default) — probe for ESP32 UDP then fall back to simulation
|
|
# esp32 — receive real CSI frames from an ESP32 on UDP port 5005
|
|
# wifi — use host Wi-Fi RSSI/scan data (Windows netsh)
|
|
# simulated — generate synthetic CSI data (no hardware required)
|
|
- CSI_SOURCE=${CSI_SOURCE:-auto}
|
|
# MODELS_DIR controls where the server scans for .rvf model files.
|
|
# Mount a host directory and set this to make models visible:
|
|
# volumes: ["/path/to/models:/app/models"]
|
|
# MODELS_DIR=/app/models
|
|
- MODELS_DIR=${MODELS_DIR:-data/models}
|
|
# No explicit command needed — docker-entrypoint.sh uses CSI_SOURCE.
|
|
# Override with: command: ["--source", "esp32", "--tick-ms", "500"]
|
|
|
|
python-sensing:
|
|
build:
|
|
context: ..
|
|
dockerfile: docker/Dockerfile.python
|
|
image: ruvnet/wifi-densepose:python
|
|
ports:
|
|
- "8765:8765" # WebSocket
|
|
- "8080:8080" # UI
|
|
environment:
|
|
- PYTHONUNBUFFERED=1
|