Trouble with tokens - reverse proxy #78

D34DC3N73R · 2021-08-25T00:21:48Z

I have a bit of a strange issue that I've noticed with auth, reverse proxy, and tokens.

I have my HA notification using the following URLs for both preview and image links, just like the documentation.
https://double-take.mydomain.com/api/storage/matches/{{trigger.to_state.attributes.match.filename}}?box=true&token={{trigger.to_state.attributes.token}}

The preview image will show up in the notification, but clicking the link leads to an error page displaying {"error":"Unauthorized"}

Loading the UI, finding the same image, and comparing the links show the last part of the token is different.

For instance, the URL for the image I get from the notification would have something like:
...token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb3V0ZSI6InN0b3JhZ2UiLCJpYXQiOjE2Mjk4MzE0MTgsImV4cCI6MTYyOTgzNTAxOH0.huZHokRVXgSyfYGdYULEDtntf-Hvt1BHgg7JUdZDw64
and the URL for the image I get from the double-take UI would have something like:
...token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb3V0ZSI6InN0b3JhZ2UiLCJpYXQiOjE2Mjk4NDk0ODcsImV4cCI6MTYyOTg1MzA4N30.77ji-R4ILNos6ooQ7EpWqheliN-5hI9MnuNKKLdwPDc

It seems weird that the image will show fine in the notification preview, but not actually load when tapping on the image link.

The text was updated successfully, but these errors were encountered:

jakowenko · 2021-08-25T04:22:42Z

Hm...that's strange the preview shows but clicking the link doesn't work. You're sure the links are the same and there's not a small difference that would lead one to not work?

The tokens being different is ok, the UI has separate ones generated to load the images.

Could you post the YAML for your HA notification? Feel free to omit anything that is sensitive. I just want to make sure nothing is missing.

D34DC3N73R · 2021-08-25T05:23:44Z

Sure, here's the automation.

- alias: Notification - Double-Take
  mode: single
  trigger:
  - platform: state
    entity_id: sensor.double_take_person1
  - platform: state
    entity_id: sensor.double_take_person2
  condition:
  - condition: template
    value_template: '{{ trigger.to_state.state != trigger.from_state.state }}'
  action:
  - service: notify.mobile_app_pixel
    data:
      message: '{{trigger.to_state.attributes.friendly_name}} ({{trigger.to_state.attributes.match.confidence}}%)
        is near the {{trigger.to_state.state}}<br> {{trigger.to_state.attributes.match.detector}}'
      data:
        image: https://doubletake.mydomain.com/api/storage/matches/{{trigger.to_state.attributes.match.filename}}?box=true&token={{trigger.to_state.attributes.token}}
        actions:
        - action: URI
          title: View Image
          uri: https://doubletake.mydomain.com/api/storage/matches/{{trigger.to_state.attributes.match.filename}}?box=true&token={{trigger.to_state.attributes.token}}

jakowenko · 2021-08-25T05:32:59Z

Ya those match up, so should be good. Just thought of something as well, the token for these notifications is currently only good for 1 hour. Is the notification you are clicking on older than 1 hour? If so, that would explain it and I could increase the time or make it adjustable.

D34DC3N73R · 2021-08-25T05:51:47Z

That could definitely be the issue. Making it adjustable seems ideal. Personally, I would have mine configured for around 12 hours.

jakowenko · 2021-08-30T03:46:09Z

Hey @D34DC3N73R, I pushed a new beta build with the ability to adjust this. I'm defaulting it to 24h currently, but can be adjusted by adding this to your config. The value is expressed in seconds or a string describing a time span zeit/ms. Let me know if this resolves your issue.

token:
  image: 24h

D34DC3N73R · 2021-09-02T07:58:17Z

Thanks, that did the trick!

# [0.11.0](v0.10.2...v0.11.0) (2021-09-21) ### Bug Fixes * add auth middleware to filters route ([d25c1fd](d25c1fd)) * add auth token to saveURLs function ([#70](#70)) ([167758f](167758f)) * add support for multiple training uploads ([#77](#77)) ([142b3f7](142b3f7)) * better error handling when training fails to prevent stuck loading bar ([07dfd25](07dfd25)) * better handling of new filters ([3fffa6e](3fffa6e)) * button alignment on train toolbar ([c9b38ce](c9b38ce)) * catch errors from recognize/test ([51629d3](51629d3)) * catch get-orientation errors ([d1ca17d](d1ca17d)) * catch if paginated page has no results and return to page 1 ([713be92](713be92)) * catch invalid config on save before writing file ([#94](#94)) ([e4503e8](e4503e8)) * catch when time format is null ([#98](#98)) ([ed872dd](ed872dd)) * check for first number in status to determine if file is trained or untrained ([125f96e](125f96e)) * clean /tmp files after processing and remove all on restarts [#76](#76) ([a5c761f](a5c761f)) * clean mqtt /tmp files after processing [#76](#76) ([b6478ce](b6478ce)) * clear disabled array ([dd84f85](dd84f85)) * define default value for error ([5f27099](5f27099)) * don't reprocess if no detectors configured ([157e7c7](157e7c7)) * loop through compreface plugin results on ui ([83cea24](83cea24)) * **mqtt:** don't publish message if client isn't connected ([5901ebe](5901ebe)) * pass auth token on /cameras route to recognize endpoint ([2e940bf](2e940bf)) * pass upcoming filename to start function to use in response ([32f0bae](32f0bae)) * prevent pagination changes if api is loading ([c767aae](c767aae)) * sanpshot mask check ([56f3ea6](56f3ea6)) * update respond middleware to use res.customStatusCode instead of native res.statusCode ([caf6a89](caf6a89)) * use HTTPSuccess for test controller response ([9bcf8fa](9bcf8fa)) ### Features * ability to adjust thumbnail quality/size and page limit ([e5207fa](e5207fa)) * ability to include base64 encoded string in API results and MQTT messages ([#52](#52)) ([233d56a](233d56a)) * ability to increase auth token expiration ([#78](#78), [#80](#80)) ([d68d39e](d68d39e)) * ability to mask images before processing [#79](#79) ([decb245](decb245)) * ability to reprocess images from the matches page ([#84](#84)) ([809d5f3](809d5f3)) * ability to resize source images with query string ([c2ea600](c2ea600)) * add a delay expressed in seconds between each detection loop ([#83](#83)) ([23dc29e](23dc29e)) * add createdAt, updatedAt to detector detail and tooltip ([#100](#100)) ([03c83f5](03c83f5)) * allow customizing frigate labels ([#95](#95)) ([5eb100a](5eb100a)) * apple-touch-startup-image and theme color ([d8106bb](d8106bb)) * configure detector timeouts ([f654dec](f654dec)) * copy yaml config with defaults ([052ab4b](052ab4b)) * enable or disable frigate mqtt topic snapshot processing ([#83](#83)) ([3bf2bea](3bf2bea)) * filter training results when dropdown is used ([#89](#89)) ([81232aa](81232aa)) * include reasons why image was a miss on matches page ([#90](#90)) ([f5e220b](f5e220b)) * include version on config page with ability to copy ([029bfea](029bfea)) * log level support ([#84](#84)) ([5f91b83](5f91b83)) * pagination and filtering on all matches + refactoring ([af30071](af30071)) * publish errors to mqtt topic ([#52](#52)) ([01a2d6c](01a2d6c)) * redact secrets and keys from logs ([0f3ef02](0f3ef02)) * sockets for live reloading ([50fef76](50fef76)) * support for compreface mask plugin ([#85](#85)) ([7951524](7951524)) * support for multiple frigate urls and topics ([4ead9f7](4ead9f7)) * **train:** pagination ([f749437](f749437))

# [1.0.0](v0.10.2...v1.0.0) (2021-09-21) ### Bug Fixes * add auth middleware to filters route ([d25c1fd](d25c1fd)) * add auth token to saveURLs function ([#70](#70)) ([167758f](167758f)) * add support for multiple training uploads ([#77](#77)) ([142b3f7](142b3f7)) * better error handling when training fails to prevent stuck loading bar ([07dfd25](07dfd25)) * better handling of new filters ([3fffa6e](3fffa6e)) * button alignment on train toolbar ([c9b38ce](c9b38ce)) * catch errors from recognize/test ([51629d3](51629d3)) * catch get-orientation errors ([d1ca17d](d1ca17d)) * catch if paginated page has no results and return to page 1 ([713be92](713be92)) * catch invalid config on save before writing file ([#94](#94)) ([e4503e8](e4503e8)) * catch when time format is null ([#98](#98)) ([ed872dd](ed872dd)) * check for first number in status to determine if file is trained or untrained ([125f96e](125f96e)) * clean /tmp files after processing and remove all on restarts [#76](#76) ([a5c761f](a5c761f)) * clean mqtt /tmp files after processing [#76](#76) ([b6478ce](b6478ce)) * clear disabled array ([dd84f85](dd84f85)) * define default value for error ([5f27099](5f27099)) * don't reprocess if no detectors configured ([157e7c7](157e7c7)) * loop through compreface plugin results on ui ([83cea24](83cea24)) * **mqtt:** don't publish message if client isn't connected ([5901ebe](5901ebe)) * pass auth token on /cameras route to recognize endpoint ([2e940bf](2e940bf)) * pass upcoming filename to start function to use in response ([32f0bae](32f0bae)) * prevent pagination changes if api is loading ([c767aae](c767aae)) * sanpshot mask check ([56f3ea6](56f3ea6)) * update respond middleware to use res.customStatusCode instead of native res.statusCode ([caf6a89](caf6a89)) * use HTTPSuccess for test controller response ([9bcf8fa](9bcf8fa)) ### chore * release ([3dddd40](3dddd40)) ### Features * ability to adjust thumbnail quality/size and page limit ([e5207fa](e5207fa)) * ability to include base64 encoded string in API results and MQTT messages ([#52](#52)) ([233d56a](233d56a)) * ability to increase auth token expiration ([#78](#78), [#80](#80)) ([d68d39e](d68d39e)) * ability to mask images before processing [#79](#79) ([decb245](decb245)) * ability to reprocess images from the matches page ([#84](#84)) ([809d5f3](809d5f3)) * ability to resize source images with query string ([c2ea600](c2ea600)) * add a delay expressed in seconds between each detection loop ([#83](#83)) ([23dc29e](23dc29e)) * add createdAt, updatedAt to detector detail and tooltip ([#100](#100)) ([03c83f5](03c83f5)) * allow customizing frigate labels ([#95](#95)) ([5eb100a](5eb100a)) * apple-touch-startup-image and theme color ([d8106bb](d8106bb)) * configure detector timeouts ([f654dec](f654dec)) * copy yaml config with defaults ([052ab4b](052ab4b)) * enable or disable frigate mqtt topic snapshot processing ([#83](#83)) ([3bf2bea](3bf2bea)) * filter training results when dropdown is used ([#89](#89)) ([81232aa](81232aa)) * include reasons why image was a miss on matches page ([#90](#90)) ([f5e220b](f5e220b)) * include version on config page with ability to copy ([029bfea](029bfea)) * log level support ([#84](#84)) ([5f91b83](5f91b83)) * pagination and filtering on all matches + refactoring ([af30071](af30071)) * publish errors to mqtt topic ([#52](#52)) ([01a2d6c](01a2d6c)) * redact secrets and keys from logs ([0f3ef02](0f3ef02)) * sockets for live reloading ([50fef76](50fef76)) * support for compreface mask plugin ([#85](#85)) ([7951524](7951524)) * support for multiple frigate urls and topics ([4ead9f7](4ead9f7)) * **train:** pagination ([f749437](f749437)) ### BREAKING CHANGES * v1.0.0

# [1.0.0](v0.10.2...v1.0.0) (2021-09-21) ### Bug Fixes * add auth middleware to filters route ([d25c1fd](d25c1fd)) * add auth token to saveURLs function ([#70](#70)) ([167758f](167758f)) * add support for multiple training uploads ([#77](#77)) ([142b3f7](142b3f7)) * better error handling when training fails to prevent stuck loading bar ([07dfd25](07dfd25)) * better handling of new filters ([3fffa6e](3fffa6e)) * button alignment on train toolbar ([c9b38ce](c9b38ce)) * catch errors from recognize/test ([51629d3](51629d3)) * catch get-orientation errors ([d1ca17d](d1ca17d)) * catch if paginated page has no results and return to page 1 ([713be92](713be92)) * catch invalid config on save before writing file ([#94](#94)) ([e4503e8](e4503e8)) * catch when time format is null ([#98](#98)) ([ed872dd](ed872dd)) * check for first number in status to determine if file is trained or untrained ([125f96e](125f96e)) * clean /tmp files after processing and remove all on restarts [#76](#76) ([a5c761f](a5c761f)) * clean mqtt /tmp files after processing [#76](#76) ([b6478ce](b6478ce)) * clear disabled array ([dd84f85](dd84f85)) * define default value for error ([5f27099](5f27099)) * don't reprocess if no detectors configured ([157e7c7](157e7c7)) * loop through compreface plugin results on ui ([83cea24](83cea24)) * **mqtt:** don't publish message if client isn't connected ([5901ebe](5901ebe)) * pass auth token on /cameras route to recognize endpoint ([2e940bf](2e940bf)) * pass upcoming filename to start function to use in response ([32f0bae](32f0bae)) * prevent pagination changes if api is loading ([c767aae](c767aae)) * sanpshot mask check ([56f3ea6](56f3ea6)) * update respond middleware to use res.customStatusCode instead of native res.statusCode ([caf6a89](caf6a89)) * use HTTPSuccess for test controller response ([9bcf8fa](9bcf8fa)) ### chore * release ([824db79](824db79)) ### Features * ability to adjust thumbnail quality/size and page limit ([e5207fa](e5207fa)) * ability to include base64 encoded string in API results and MQTT messages ([#52](#52)) ([233d56a](233d56a)) * ability to increase auth token expiration ([#78](#78), [#80](#80)) ([d68d39e](d68d39e)) * ability to mask images before processing [#79](#79) ([decb245](decb245)) * ability to reprocess images from the matches page ([#84](#84)) ([809d5f3](809d5f3)) * ability to resize source images with query string ([c2ea600](c2ea600)) * add a delay expressed in seconds between each detection loop ([#83](#83)) ([23dc29e](23dc29e)) * add createdAt, updatedAt to detector detail and tooltip ([#100](#100)) ([03c83f5](03c83f5)) * allow customizing frigate labels ([#95](#95)) ([5eb100a](5eb100a)) * apple-touch-startup-image and theme color ([d8106bb](d8106bb)) * configure detector timeouts ([f654dec](f654dec)) * copy yaml config with defaults ([052ab4b](052ab4b)) * enable or disable frigate mqtt topic snapshot processing ([#83](#83)) ([3bf2bea](3bf2bea)) * filter training results when dropdown is used ([#89](#89)) ([81232aa](81232aa)) * include reasons why image was a miss on matches page ([#90](#90)) ([f5e220b](f5e220b)) * include version on config page with ability to copy ([029bfea](029bfea)) * log level support ([#84](#84)) ([5f91b83](5f91b83)) * pagination and filtering on all matches + refactoring ([af30071](af30071)) * publish errors to mqtt topic ([#52](#52)) ([01a2d6c](01a2d6c)) * redact secrets and keys from logs ([0f3ef02](0f3ef02)) * sockets for live reloading ([50fef76](50fef76)) * support for compreface mask plugin ([#85](#85)) ([7951524](7951524)) * support for multiple frigate urls and topics ([4ead9f7](4ead9f7)) * **train:** pagination ([f749437](f749437)) ### BREAKING CHANGES * v1.0.0

jakowenko mentioned this issue Aug 26, 2021

unauthorised error using API #80

Closed

jakowenko added a commit that referenced this issue Aug 30, 2021

feat: ability to increase auth token expiration (#78, #80)

d68d39e

D34DC3N73R closed this as completed Sep 2, 2021

LordNex mentioned this issue Aug 28, 2022

[BUG] Notification with image - I didn't succeed to get image from the external link [HA] #187

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trouble with tokens - reverse proxy #78

Trouble with tokens - reverse proxy #78

D34DC3N73R commented Aug 25, 2021

jakowenko commented Aug 25, 2021

D34DC3N73R commented Aug 25, 2021

jakowenko commented Aug 25, 2021

D34DC3N73R commented Aug 25, 2021

jakowenko commented Aug 30, 2021

D34DC3N73R commented Sep 2, 2021

Trouble with tokens - reverse proxy #78

Trouble with tokens - reverse proxy #78

Comments

D34DC3N73R commented Aug 25, 2021

jakowenko commented Aug 25, 2021

D34DC3N73R commented Aug 25, 2021

jakowenko commented Aug 25, 2021

D34DC3N73R commented Aug 25, 2021

jakowenko commented Aug 30, 2021

D34DC3N73R commented Sep 2, 2021