How get access with long live token {authSig} to /media/local/?

henaa · January 17, 2022, 1:09am

Hi

it’s possible to create a “hard” token to watch my media?

For example:

https://abc.duckdns.org:8123/media/local/double-take/matches/00498fec-37cc-4b46-841a-989219bb9863.jpg?authSig={long live token}

mk-maddin · January 17, 2022, 7:19am

Using home assistant tokens you can only access folders below /config/www which in your url is available as /local/

If you would like to access your local media folder located as /media/local you will have to mount (symlink - never tested if this works?) it below /config/www (e.g. /config/www/mysub) so you can access it via e.g. /local/mysub.

henaa · January 17, 2022, 7:58am

My problem is when I doing automation with notifications

I want to get last image from “matches” folders

Where I used in the automation on my local address all working well only if I connet with my phone to Wifi

When my phone disconnected from wifi I got only alert without image

I really don’t know how to solve it

mk-maddin · January 17, 2022, 8:10am

Based on your description I would say this seems not be a problem directly with home assistant, but with access to your server instance in general.

Can you manually browse the image from your phone when you are not within the wifi?
Is your HA instance exposed to the internet (either via Port Forwarding or via Home Assistant cloud) ?

henaa · January 17, 2022, 9:20am

No - I can browse from phone to image only when I’m connected to wifi
Yes - my HA was exposed to the internet via DuckDns and internal port forwarding, and its work great

mk-maddin · January 17, 2022, 9:40am

so as said - your image is within a location which is not accessible from external.
Have you tried to save the image into /config/www/ folder as said and tried to access it via /local/myimage.jpg ?

henaa · January 17, 2022, 10:30am

Yes, I success.

https://xxx.duckdns.org:8123/local/test.jpeg

The problem like you mentioned it’s not secure. Anyone who knows the file name can watch it

mk-maddin · January 17, 2022, 10:39am

Absolutely true.
I am not aware about a way HA is able to do that kind of authentication for you.
As I see it there would be only two options:
a) Security through obscurity …not very great but you could do a randomize jpg name and have it with this more unlikely fore someone to get it …and as you are doing notifications I would assume you do not need it forever, but can just delete it after e.g. 12 hours. A lot of services on the web do it this way.
b) You setup a separated webserver (e.g. apache), expose this to web, handle authentication there and just sent a link via the HA notification.

henaa · January 17, 2022, 11:44am

I have another option to use “api/hassio_ingress”

https://xxx.duckdns.org:8123/api/hassio_ingress/wxZONpw7YVgYS7hH32s_Bs-8nalnsaKXI77rr2QEou8/api/storage/matches/8f4f197b-8450-4a05-bbd8-12cbaf490d1e.jpg

When I’m trying access from incognito mode I got - 401: Unauthorized

This is wxZONpw7YVgYS7hH32s_Bs-8nalnsaKXI77rr2QEou8 not a token to access?

hanm13 · June 29, 2023, 2:14pm

Any solution for this?

ponut · August 2, 2023, 12:39am

So I have found a pseudo solution to this. Navigate to your photo in your /media/path-to-photo/test.jpg
Get the url link of the picture that is presented and use that url for your purpose. The auth token at that endpoint will work for a while. A long lived token will not work in place of this token.

Researching how to refresh my endpoint with a fresh token programmatically with each notify service call brought me here.

reef-actor · August 2, 2023, 2:24am

I have used this before to get the access token for /api/, may give you an idea

action:
  - service: notify.notify_someone
    data:
      message: Drive image
      data:
        notification_icon: mdi:cctv
        image: >-
          /api/camera_proxy/camera.drive_person?token={{
          state_attr('camera.drive_person','access_token') }}

ponut · August 4, 2023, 1:38am

This is great!! It took me a little bit to figure out how to incorporate this into a picture card but it worked!
@reef-actor much appreciated for the assist!
The configurations that worked for me.

In configuration.yaml

# Create camera entity from a file.
camera:
  - platform: local_file
    name: <choose_your_name>_unsecure # Insecure option
    file_path: "/config/www/<path_to_file>"
  - platform: local_file
    name: <choose_your_name1> # Requires authentication
    file_path: "/media/<path_to_file>"

In automation

service: notify.<device_to_notify>
    data:
      message: Someone was seen at the door!
      title: A person was detected!!
      data: # API to access the camera entity created above
        image: >-
          api/camera_proxy/camera.<choose_your_name1>?token=state_attr('camera.<choose_your_name1>','access_token')
          }}
        entity_id: camera.<choose_your_name1>
        actions: # action buttons in notification
          - action: URI
            title: View Camera Feed
            uri: /lovelace/<path_to_card>
          - action: URI
            title: View Snapshot
            uri: /lovelace/<path_to_card>

yaml for the picture card

show_state: true
show_name: true
camera_view: live
type: picture-entity
image: >-
  /api/camera_proxy/camera.<choose_your_name1>?token={{state_attr('camera.<choose_your_name1>','access_token')
  }}
entity: camera.<choose_your_name1>

*edited for consistent naming