Skip to content

Feat: Enable virtual RuView execution with Colab and ngrok#924

Open
iamaanahmad wants to merge 4 commits into
ruvnet:mainfrom
iamaanahmad:add-colab-notebook
Open

Feat: Enable virtual RuView execution with Colab and ngrok#924
iamaanahmad wants to merge 4 commits into
ruvnet:mainfrom
iamaanahmad:add-colab-notebook

Conversation

@iamaanahmad
Copy link
Copy Markdown

@iamaanahmad iamaanahmad commented Jun 3, 2026

This Pull Request introduces a new Colab notebook and updates to the project's documentation to enable users to run the RuView project virtually using Google Colab and ngrok.

This integration allows for easy setup and execution of the wifi-densepose-sensing-server in a cloud environment, making the project more accessible for development, testing, and demonstration without requiring a local setup.

Key Changes

  • New Colab Notebook: Provides a step-by-step guide to clone the RuView repository, install dependencies, run the sensing server, and expose it via ngrok.
  • NGROK_AUTH_TOKEN and NGROK_HOST handling: Instructions are provided within the Colab notebook and the updated README on how to obtain and configure ngrok tokens and hostnames securely.
  • Updated README: The main README (README.md) has been updated with a concise section outlining how to run the project virtually using the provided Colab notebook.

How to Use

  1. Open the Colab notebook (link available in the README).
  2. Follow the instructions to set your NGROK_AUTH_TOKEN and NGROK_HOST.
  3. Run all cells to launch the wifi-densepose-sensing-server and get a public ngrok URL.

This significantly lowers the barrier to entry for new contributors and users to experiment with RuView.

ImgBotApp and others added 4 commits June 3, 2026 05:14
@ImgBotApp
[ImgBot] Optimize images
966cbbe 
*Total -- 28,217.84kb -> 17,087.69kb (39.44%)

/docs/archtocode-visual-overview/frontent-architecture.png -- 1,502.28kb -> 511.43kb (65.96%)
/v2/crates/wifi-densepose-desktop/icons/128x128@2x.png -- 0.84kb -> 0.29kb (65.5%)
/docs/archtocode-visual-overview/state-decision-flow.png -- 2,501.29kb -> 876.12kb (64.97%)
/docs/archtocode-visual-overview/advanced-architecture.png -- 4,532.40kb -> 1,601.45kb (64.67%)
/docs/archtocode-visual-overview/error-handling-flow.png -- 1,969.83kb -> 751.57kb (61.85%)
/references/densepose_performance_chart.png -- 194.74kb -> 75.07kb (61.45%)
/docs/archtocode-visual-overview/hight-level-flow-architecture.png -- 1,283.08kb -> 522.45kb (59.28%)
/ui/mobile/assets/android-icon-background.png -- 17.14kb -> 7.20kb (57.99%)
/docs/archtocode-visual-overview/project-timeline.png -- 1,319.36kb -> 632.80kb (52.04%)
/ui/mobile/assets/android-icon-monochrome.png -- 4.04kb -> 2.31kb (42.78%)
/assets/v2-screen.png -- 4,087.10kb -> 2,889.57kb (29.3%)
/assets/screen.png -- 269.65kb -> 197.38kb (26.8%)
/v2/crates/wifi-densepose-desktop/icons/128x128.png -- 0.38kb -> 0.28kb (26.4%)
/references/wifi-densepose-arch.png -- 1,111.61kb -> 821.96kb (26.06%)
/references/generated_image.png -- 1,111.61kb -> 821.96kb (26.06%)
/ui/mobile/assets/favicon.png -- 1.10kb -> 0.83kb (24.27%)
/examples/three.js/screenshots/01-helpers.png -- 95.81kb -> 73.83kb (22.94%)
/assets/seed.png -- 1,255.45kb -> 1,007.93kb (19.72%)
/references/generated_image_1.png -- 1,656.90kb -> 1,341.06kb (19.06%)
/assets/screenshot.png -- 400.68kb -> 333.66kb (16.73%)
/assets/ruview-seed.png -- 1,957.18kb -> 1,770.38kb (9.54%)
/dashboard/public/icon-512.svg -- 0.49kb -> 0.46kb (7.54%)
/examples/three.js/screenshots/03-skinned.png -- 631.58kb -> 606.96kb (3.9%)
/assets/ruview-small.jpg -- 203.21kb -> 195.44kb (3.83%)
/examples/three.js/screenshots/04-skinned-fbx.png -- 682.33kb -> 658.81kb (3.45%)
/examples/three.js/screenshots/02-cinematic.png -- 597.73kb -> 579.00kb (3.13%)
/examples/three.js/screenshots/05-skinned-realtime.png -- 595.87kb -> 579.02kb (2.83%)
/assets/ruview-small-gemini.jpg -- 156.91kb -> 152.88kb (2.57%)
/dashboard/public/icon-192.svg -- 0.31kb -> 0.30kb (2.56%)
/ui/mobile/assets/android-icon-foreground.png -- 76.95kb -> 75.31kb (2.13%)

Signed-off-by: ImgBotApp <ImgBotHelp@gmail.com>
@iamaanahmad
Merge pull request #1 from iamaanahmad/imgbot
c9ed63d 
Optimized images - image files size has been reduced by 39%
@iamaanahmad
Created using Colab
6f0030b
@iamaanahmad
docs: Update README with Google Colab instructions
fb9ab94 
Added a new section to the README providing step-by-step instructions on how to run the project virtually using Google Colab. This includes
guidance on obtaining ngrok tokens, setting up the environment, and accessing the UI.
@ruvnet
Copy link
Copy Markdown
Owner

ruvnet commented Jun 3, 2026

Nice for accessibility — a one-click Colab demo is great. One security issue to address before merge, though, because this puts the sensing surface on the public internet (not just a LAN):

The notebook exposes the sensing API + live stream unauthenticated. Cell 5/6 run:

sensing-server --bind-addr 0.0.0.0 --http-port 3000     # no RUVIEW_API_TOKEN
ngrok.connect(3000, "http")                              # → public URL

With no RUVIEW_API_TOKEN, /api/v1/* bearer auth is a no-op (see #864). The only guard here is SENSING_ALLOWED_HOSTS (host-header validation), which is not authentication — it stops browser DNS-rebinding, not a direct client. So anyone who has (or scans for) the ngrok URL can read:

  • GET /api/v1/sensing/latest, GET /api/v1/pose/current
  • WS /ws/sensing — the live presence/pose/vitals stream

ngrok-free hostnames are public and enumerable, so this is effectively "publish live in-room sensing to the internet."

Suggested fixes (any one closes the REST hole; do the tunnel one to also cover the WS):

  1. Generate and set a token before launching, and print it for the user: 
    import secrets; API_TOKEN = secrets.token_urlsafe(24)
env["RUVIEW_API_TOKEN"] = API_TOKEN
print("API token (send as 'Authorization: Bearer …'):", API_TOKEN)
    Note (per Docker default exposes unauthenticated sensing API and /ws/sensing stream #864): this protects /api/v1/* but /ws/sensing is intentionally outside bearer auth, so the live stream is still open.
  2. Best for a public demo — put auth on the tunnel itself, which covers REST and WS: 
    ngrok.connect(3000, "http", auth="demo:<password>")   # basic-auth on the tunnel
# or ngrok OAuth: oauth_provider=..., oauth_allow_emails=[...]
  3. At minimum, a prominent ⚠️ in the notebook + README that this publishes unauthenticated live sensing data publicly, and to stop the tunnel when done.

I'd go with #2 (tunnel auth) as the default in the notebook — it's the only option that also protects /ws/sensing. Happy to suggest the exact cell edit if useful.

@ruvnet ruvnet mentioned this pull request Jun 3, 2026
Merged
ruvnet added a commit that referenced this pull request Jun 3, 2026
@ruvnet
fix(auth): match the Bearer scheme case-insensitively (RFC 6750) (#929)
be48143 
`require_bearer` parsed the Authorization header with
`strip_prefix("Bearer ")`, which is case-sensitive. Per RFC 6750 §2.1 /
RFC 7235 §2.1 the auth-scheme is case-insensitive, so a correct token sent
as `Authorization: bearer <token>` (or `BEARER`, or with extra whitespace)
was rejected with a confusing "invalid bearer token" 401 — needless friction
when setting up `RUVIEW_API_TOKEN` (the active #864/#924 theme).

Now the scheme is matched with `eq_ignore_ascii_case` and leading token
whitespace trimmed. The token comparison itself is unchanged — still exact
and constant-time (`ct_eq`) — so this does not weaken auth: a wrong token or
a non-Bearer scheme (`Basic …`) still returns 401.

New test `accepts_case_insensitive_bearer_scheme` covers `bearer`/`BEARER`/
extra-space (accept) and wrong-token/`Basic` (still reject). bearer_auth
suite: 9 passed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@iamaanahmad @ruvnet @ImgBotApp