4.1.4: QR sharing, venv tarball, flash script improvements
QR Channel Key Sharing: - Admin-only QR generator in about.html (was visible to all) - QR button for saved keys on account page - Fixed about() route missing channel status vars (bug) Pi Build Optimization: - Pre-built venv tarball support (39MB zstd, skips 20+ min compile) - setup.sh auto-detects and extracts tarball if present - Strip __pycache__/tests before tarball (295MB → 208MB) Flash Script Improvements: - flash-image.sh now uses config.json for headless WiFi setup - Consistent wipe prompt on both flash scripts - pull-image.sh re-enables auto-expand before shrinking Build Docs: - Added zstd and jq to pre-setup apt-get - Documented fast build option with pre-built venv 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Aaron D. Lee
144
PLAN-4.1.4.md
144
PLAN-4.1.4.md
@@ -1,17 +1,157 @@
|
||||
# Stegasoo 4.1.4 Plan
|
||||
|
||||
## Build / Deploy
|
||||
- [ ] Pre-built Python 3.12 venv tarball for Pi (skip 20+ min compile)
|
||||
- [x] Pre-built Python 3.12 venv tarball for Pi (skip 20+ min compile) - see details below
|
||||
- [x] Fixed partition sizing in flash script (16GB rootfs for faster imaging)
|
||||
- [x] Rename `flash-pi.sh` → `flash-stock-img.sh` for clarity
|
||||
- [x] pip-audit integration in release validation
|
||||
|
||||
### Pi venv Tarball Approach
|
||||
1. Flash fresh Pi image, let it fully build (20+ min compile)
|
||||
2. Once running and working, SSH in and create optimized tarball:
|
||||
```bash
|
||||
cd /opt/stegasoo
|
||||
# Strip caches and tests (295MB → 208MB)
|
||||
find venv/ -type d -name '__pycache__' -exec rm -rf {} + 2>/dev/null
|
||||
find venv/ -type d -name 'tests' -exec rm -rf {} + 2>/dev/null
|
||||
find venv/ -type d -name 'test' -exec rm -rf {} + 2>/dev/null
|
||||
# Compress with zstd (208MB → 39MB)
|
||||
tar -cf - venv/ | zstd -19 -T0 > /tmp/stegasoo-venv-pi-arm64.tar.zst
|
||||
```
|
||||
3. Pull tarball to host: `scp admin@pi:/tmp/stegasoo-venv-pi-arm64.tar.zst rpi/`
|
||||
4. setup.sh auto-detects and extracts tarball if present in rpi/
|
||||
5. Re-flash and test fresh build with pre-built venv (should be <2 min vs 20+)
|
||||
|
||||
## Features
|
||||
- [ ] QR channel key sharing (needs UI thought - avoid crowding encode/decode pages)
|
||||
- [x] QR channel key sharing (see detailed plan below)
|
||||
- [ ] Role-based permissions: admin / mod / user
|
||||
- [x] `stegasoo info` fastfetch-style command (version, service status, channel, CPU, temp, etc.)
|
||||
- [ ] Better capacity estimates / pre-flight check before encode fails
|
||||
|
||||
---
|
||||
|
||||
## QR Channel Key Sharing - Implementation Plan
|
||||
|
||||
### Current State
|
||||
- ✅ **CLI**: `stegasoo channel qr` generates ASCII/PNG QR for server channel key
|
||||
- ✅ **Web UI (about.html)**: Client-side QR generator exists - input key, generate/show QR, download PNG
|
||||
- ✅ **Account page**: Shows saved channel keys with fingerprint, rename, delete
|
||||
- ❌ No role restrictions on QR sharing
|
||||
- ❌ No QR button for saved keys on account page
|
||||
- ❌ No QR scanning to import keys
|
||||
|
||||
### Design Decisions
|
||||
|
||||
**UI Placement** (avoiding encode/decode page crowding):
|
||||
- Keep QR generator in **about.html** (already exists, logical place for tools)
|
||||
- Add QR button to **account.html** saved keys (small icon, doesn't crowd)
|
||||
- Both should be admin-only
|
||||
|
||||
**Role Restriction** (per user request):
|
||||
- QR sharing = admin only (hide generator + saved key QR buttons from non-admins)
|
||||
- Prerequisite: Need role-based permissions feature first
|
||||
- Interim option: Just hide from non-admin users using existing `is_admin` flag
|
||||
|
||||
### Implementation Steps
|
||||
|
||||
#### Phase 1: Admin-only restriction (quick win)
|
||||
1. **about.html**: Wrap QR generator section in `{% if is_admin %}` block
|
||||
2. **Account route**: Pass `is_admin` to template (if not already)
|
||||
3. **account.html**: Add small QR icon button to saved keys row (admin only)
|
||||
- Opens modal with QR canvas (reuse qrcode.js pattern from about.html)
|
||||
- Download PNG button in modal
|
||||
|
||||
#### Phase 2: QR Import (optional enhancement)
|
||||
1. Add "Import via QR" button to account.html key-add section
|
||||
2. Use device camera or file upload to scan QR
|
||||
3. Decode and populate channel_key input field
|
||||
4. Requires `pyzbar` on server OR client-side JS library like `jsQR`
|
||||
|
||||
### Files to Modify
|
||||
|
||||
```
|
||||
frontends/web/app.py
|
||||
- about() route: Add missing vars: is_admin, channel_configured,
|
||||
channel_fingerprint, channel_source (BUG: currently not passed!)
|
||||
- account() route: ✅ Already passes is_admin
|
||||
|
||||
frontends/web/templates/about.html
|
||||
- Wrap channel key QR section in {% if is_admin %}
|
||||
|
||||
frontends/web/templates/account.html
|
||||
- Add QR button to saved keys (admin only)
|
||||
- Add QR modal (copy pattern from about.html)
|
||||
- Include qrcode.min.js CDN script
|
||||
```
|
||||
|
||||
### Bug Found During Research
|
||||
The about.html template uses `channel_configured`, `channel_fingerprint`,
|
||||
`channel_source` but the route doesn't pass them - always shows "public mode".
|
||||
Fix this while implementing QR admin restriction.
|
||||
|
||||
### Exact Code Changes
|
||||
|
||||
**app.py - Fix about() route (around line 1564):**
|
||||
```python
|
||||
@app.route("/about")
|
||||
def about():
|
||||
from stegasoo.channel import get_channel_status
|
||||
channel_status = get_channel_status()
|
||||
|
||||
# Check if user is admin (for QR sharing)
|
||||
current_user = get_current_user()
|
||||
is_admin = current_user.is_admin if current_user else False
|
||||
|
||||
return render_template(
|
||||
"about.html",
|
||||
has_argon2=has_argon2(),
|
||||
has_qrcode_read=HAS_QRCODE_READ,
|
||||
# Channel info (bugfix)
|
||||
channel_configured=channel_status["configured"],
|
||||
channel_fingerprint=channel_status.get("fingerprint"),
|
||||
channel_source=channel_status.get("source"),
|
||||
# Admin check for QR sharing
|
||||
is_admin=is_admin,
|
||||
)
|
||||
```
|
||||
|
||||
### Template Changes Preview
|
||||
|
||||
**account.html - Add to saved key row:**
|
||||
```html
|
||||
{% if is_admin %}
|
||||
<button type="button" class="btn btn-outline-info btn-sm"
|
||||
onclick="showKeyQr('{{ key.channel_key }}')" title="Show QR">
|
||||
<i class="bi bi-qr-code"></i>
|
||||
</button>
|
||||
{% endif %}
|
||||
```
|
||||
|
||||
**about.html - Wrap existing section:**
|
||||
```html
|
||||
{% if is_admin %}
|
||||
<!-- Channel Key QR Generator -->
|
||||
<div class="card bg-dark border-secondary">
|
||||
...existing QR generator...
|
||||
</div>
|
||||
{% endif %}
|
||||
```
|
||||
|
||||
### Testing Checklist (Phase 1 Implemented)
|
||||
- [ ] Non-admin users cannot see QR generator in about.html
|
||||
- [ ] Non-admin users cannot see QR buttons on account page
|
||||
- [ ] Admin users can generate QR for any saved key
|
||||
- [ ] QR downloads work correctly
|
||||
- [ ] QR scans correctly with phone camera
|
||||
|
||||
### Implementation Status
|
||||
**Phase 1: COMPLETE** - Admin-only QR sharing implemented:
|
||||
- `app.py`: Fixed about() route to pass channel status + is_admin
|
||||
- `about.html`: QR generator wrapped in `{% if is_admin %}` with Admin badge
|
||||
- `account.html`: QR button added to saved keys (admin only), modal + JS for generation/download
|
||||
|
||||
---
|
||||
|
||||
## Security
|
||||
- [ ] Optional encryption for temp file storage (paranoid mode, config toggle)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user