alexei.dolgolyov/ledgrab
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity
Files
d3a6416a1d93b413621f8f359f3c19b0f0eeea3d
ledgrab/server/pyproject.toml
T
alexei.dolgolyov 123da1b5c4
Build Android APK / build-android (push) Failing after 1m45s
Details
Lint & Test / test (push) Successful in 4m54s
Details
fix: comprehensive security, stability, and code quality audit 
Security:
- Force API key auth for LAN (non-loopback) requests; remove shipped dev key
- Block path-traversal in backup restore; require auth on backup endpoints
- SSRF protection: DNS resolve + private/loopback/link-local IP rejection
- AES-256-GCM encryption for HA tokens and MQTT passwords with auto-migration
- WebSocket auth migrated from query-string to first-message protocol
- Asset upload: extension allowlist, server-side mime, Content-Disposition
- Update installer: SHA256 verification, tar/zip member validation
- Tightened CORS (explicit methods/headers, no credentials)
- ADB serial regex allowlist, webhook rate-limit key fix, log scrubbing

Android:
- Root-capture: ordered teardown, screenrecord respawn watchdog, child reaping
- USB permission blocking API via CompletableDeferred
- Python init crash guard with fatal-error screen
- Moved root grant + QR generation off Main thread
- Cached PyObject engine for per-frame bridge calls
- Ordered ScreenCapture resource cleanup, allowBackup=false

Python:
- Replaced all asyncio.get_event_loop() with get_running_loop/to_thread
- Split color_strip_sources.py (1683->5 files) and color_strip_stream.py
  (1324->7 files) into packages
- Extracted FrameLimiter utility, migrated 9 stream loops
- Provider base-class reuse, WLED state caching + URL normalization
- Narrowed broad except-pass in WS routes, threading fixes in BaseStore

Frontend:
- XSS fix: escapeHtml on dynamic option labels, reconcile-based list renders
- Typed DOM helpers, safe localStorage access, AbortController listener hygiene
- openAuthedWs helper for first-message WS auth protocol
- Migrated remaining plain <select>s to IconSelect/EntitySelect

Design:
- WCAG AA primary color on light theme (#2e7d32, 5.4:1 contrast)
- Android TV 10-foot breakpoint (tv.css)
- Consolidated z-index tokens, unified easing, card-running GPU hints
2026-04-16 04:56:04 +03:00

114 lines
3.4 KiB
TOML
Raw Blame History

[build-system]
requires = ["setuptools>=68.0", "wheel"]
build-backend = "setuptools.build_meta"
[project]
name = "ledgrab"
version = "0.3.0"
description = "Ambient lighting system that captures screen content and drives LED strips in real time"
authors = [
{name = "Alexei Dolgolyov", email = "dolgolyov.alexei@gmail.com"}
]
readme = "README.md"
requires-python = ">=3.11"
license = {text = "MIT"}
keywords = ["wled", "ambient-lighting", "screen-capture", "home-automation"]
classifiers = [
"Development Status :: 3 - Alpha",
"Intended Audience :: End Users/Desktop",
"License :: OSI Approved :: MIT License",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
]
dependencies = [
"fastapi>=0.115.0",
"uvicorn[standard]>=0.32.0",
"cryptography>=42.0.0",
"httpx>=0.27.2",
"mss>=9.0.2",
"numpy>=2.1.3",
"pydantic>=2.9.2",
"pydantic-settings>=2.6.0",
"PyYAML>=6.0.2",
"structlog>=24.4.0",
"python-json-logger>=3.1.0",
"python-dateutil>=2.9.0",
"python-multipart>=0.0.12",
"jinja2>=3.1.0",
"zeroconf>=0.131.0",
"pyserial>=3.5",
"psutil>=5.9.0",
"nvidia-ml-py>=12.0.0",
"PyAudioWPatch>=0.2.12; sys_platform == 'win32'",
"sounddevice>=0.5",
"aiomqtt>=2.0.0",
"openrgb-python>=0.2.15",
"opencv-python-headless>=4.8.0",
"websockets>=13.0",
"just-playback>=0.1.7",
"pystray>=0.19.0; sys_platform == 'win32'",
"Pillow>=10.4.0; sys_platform == 'win32'",
]
[project.optional-dependencies]
dev = [
"pytest>=8.3.3",
"pytest-asyncio>=0.24.0",
"pytest-cov>=6.0.0",
"respx>=0.21.1",
"black>=24.0.0",
"ruff>=0.6.0",
"opencv-python-headless>=4.8.0",
"Pillow>=10.4.0",
]
camera = [
# opencv-python-headless is now a core dependency (used for image encoding)
# camera extra kept for backwards compatibility
]
# High-performance Android capture via scrcpy H.264 streaming
scrcpy = [
"scrcpy-client>=0.5.0",
]
# OS notification capture (winrt packages are ~2.5MB total vs winsdk's ~35MB)
notifications = [
"winrt-Windows.UI.Notifications>=3.0.0; sys_platform == 'win32'",
"winrt-Windows.UI.Notifications.Management>=3.0.0; sys_platform == 'win32'",
"winrt-Windows.Foundation>=3.0.0; sys_platform == 'win32'",
"winrt-Windows.Foundation.Collections>=3.0.0; sys_platform == 'win32'",
"winrt-Windows.ApplicationModel>=3.0.0; sys_platform == 'win32'",
"dbus-next>=0.2.3; sys_platform == 'linux'",
]
# High-performance screen capture engines (Windows only)
perf = [
"dxcam>=0.0.5; sys_platform == 'win32'",
"bettercam>=1.0.0; sys_platform == 'win32'",
"windows-capture>=1.5.0; sys_platform == 'win32'",
]
[project.urls]
Homepage = "https://git.dolgolyov-family.by/alexei.dolgolyov/ledgrab"
Repository = "https://git.dolgolyov-family.by/alexei.dolgolyov/ledgrab"
Documentation = "https://git.dolgolyov-family.by/alexei.dolgolyov/ledgrab/src/branch/master/INSTALLATION.md"
Issues = "https://git.dolgolyov-family.by/alexei.dolgolyov/ledgrab/issues"
[tool.setuptools]
package-dir = {"" = "src"}
[tool.setuptools.packages.find]
where = ["src"]
[tool.pytest.ini_options]
testpaths = ["tests"]
asyncio_mode = "auto"
addopts = "-v --cov=ledgrab --cov-report=html --cov-report=term"
[tool.black]
line-length = 100
target-version = ['py311']
[tool.ruff]
line-length = 100
target-version = "py311"
Reference in New Issue View Git Blame Copy Permalink