cal-overflow / serverless-security-system Goto Github PK

Look into video streams with kinesis

Consider the pricing of this feature

Maybe it could work well if it is only streaming the data this way when a user is actually viewing the footage page on UI.

See the TODO's in cloud/lambda/auth.py and cloud/lambda/users.py where we're sometimes making a request to our table and ignoring what happens.

In simpler terms: figure out if we need to confirm actions like table.put_item or table.delete_item in boto3.

Write better documentation and update the READMEs.

Add the abilty to favorite videos. This should show as a star next to the timestamps in the footage UI.
Favorites are shared across all users.

A better term may be "highlight."

Add rules to the create_user API that only allows the user name to include alphanumeric characters, hyphens, and underscores.

See if it's possible to enforce this at the Dynamo level (i.e., block putItem with incorrect characters)

Find a solution for when the stack is first created and there is no "admin" users. Currently one must go into Dynamo and create a user record before they can log in.

Additionally, see about the simplest way to run the docker run when the device reboots. This would be beneficial for a scenario where the power goes out.

Determine good values for a high, medium, and low motion threshold (stack parameter)

Decide if there is any benefit in switching to per-request billing strategy for the DynamoDB table.

Create a way for admin's to invite other users.

A simple solution may be to create a new user in the dynamo table with a limited access token. Then, generate a /invite?token=1a2b3c url that they can use to authenticate and truly create their user.

A default admin user should be created when the system is first deployed. The pin can be something simple like password or admin (similar to how a lot of internet routers are set up).

The system user can go in and update the user's name and pin.

This can likely be implemented using a AWS::CloudFormation::CustomResource that performs a putItem on the user dynamodb table.

The "essential" resources are likely an S3 bucket with the correct policies.
Additionally, look into [Access keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/MakingRequests.html#TypesofSecurityCredentials} and other ways that the client can authenticate with a specific s3 bucket.

Add an option (probably in the Cloudformation stack parameter) that the check-video-for-motion lambda function reads.
For videos that include motion, the lambda function will rewrite the video in S3 bucket to include outlined movement.

Serverless backend for serving videos, users, managing the system configuration, etc.

Figure out if the default concurrency option is sufficient

Update the video processer lambda to encode mp4 videos with avc1 instead of mp4v for universal browser playback.

When we perform

response = s3_client.list_objects_v2(Bucket=BUCKET, Prefix=folder)

There is a chance that not all objects are returned. AWS's ListObjectsV2 returns a maximum of 1000 items, so pagination needs to be implemented for scenarios where there are a large number of files.

Figure out what is causing errors like this when using npm ci in place of npm i and then switch back to using npm ci.

See if it any video compression is possible on videos before they are sent to the cloud.

I think it makes sense to create a substack within the template.yml that includes all of the resources necessary for this.

At first glance, I assume this'll look like:

• S3 bucket
• Cloudfront distro
• ACM Certificate (i'm not sure if this is necessary for a cloudfront distro with the default url - I'm not dealing with custom domains for this)

If all that is needed is another S3 bucket and a cloudfront distro, then it makes sense to keep it in the template.yml stack.

Look into problems that may arise with limited Lambda concurrency.
For example, what would happen if a device came back online and uploaded 100 videos at the same time. Assuming a lambda concurrency limit of 10, how do we "queue" the others so they are eventually processed as needed?

When the files are synced, they should be deleted locally.

Implement a lambda function that runs daily. The function should look at a configuration option (days_to_keep_old_motionless_footage) and remove all footage/normal (videos with no motion) objects that are older than the setting. The default value should be something big like a month or maybe even a year.

Use a static JS framework for this.