Telegram, camera_proxy and trusted networks

On version - 0.101.3
I’ve neglected it recently so I thought I’d update go through trim out any old config and rectify a few issues.
The only one i’m struggling with now is my cameras.

I have 4 cameras as entities and they work great. i did have a few automations setup for a state change on the doorbell or front door based on presence -> telegram push of images grabbed from the cameras.

data:
  photo:
    url: >-
      https://MYURL:8123/api/camera_proxy/camera.front_door?api_password=MySuPeRSeCreTPassWoRd
message: 'Time seen {{ as_timestamp(now()) | timestamp_custom(''%H:%M'', true) }}'
title: Front Door Opened!

This seems to have stopped working at some point. Hitting that URL directly doesnt work either (401: Unauthorized) so i assume legacy_api_password is depracated now.

A quick browse around the forums seems to suggest i should be using :
trusted_networks to combate this

homeassistant:
  customize: !include customize.yaml
  auth_providers:
#    - type: legacy_api_password
#      api_password: MySuPeRSeCreTPassWoRd
    - type: trusted_networks
      trusted_networks:
        - '127.0.0.1'
        - '192.168.169.0/24'
      allow_bypass_login: true
      trusted_users:
        192.168.169.0/24: d9e5b06fbef340e9b436172c90f31a8c
        127.0.0.1: d9e5b06fbef340e9b436172c90f31a8c

However, I’m still receiving 401’s

more searching the forums -
If I fire up postman and hit https://MYURL:8123/api/camera_proxy/camera.front_door? using a newly generated LLT with the authentication set to bearer and it works. Do we have an example of how this should be formatted? I see a fair few questions about this and no full answers.

Thanks!

T

It is no longer possible to make authenticated requests using trusted networks or by appending ?api_password=X to the URL. You will now first need to get an authentication token and use that token to make requests.

Is there some reason you don’t use the URL of the camera itself to send the image? You don’t need to proxy the image through home assistant.

Aha, well that explains why the legacy_api_password wasnt working.

Although I still cant find any examples of what the connection string would look like for proxying it through if using an LLT. Reason I ask is because out of the 4 cameras i have setup, 2 of them are ffmpeg and a direct grab doesn’t work.

  - platform: ffmpeg
    input: "rtsp://username:[email protected]/onvif1"
    name: Landing

All of my cameras are ffmpeg, but I had no issues connecting and getting a capture. I was using a HTTP GET node in node-red to grab an image, but I have since moved over to the HA api grabbing the camera (because Node-Red already has a LLT websocket connection into my HA)

oh cool, Hmm… any chance you could throw some config of how that looks? Node-red scared me when i looked at it and I haven’t had time to re-visit it yet.

Thanks m0e

Node-red is as easy or as hard as you want it.

This is a flow that I use.

Motion Detection is a subflow consisting of all the motion sensors I want monitored outside of my house, Notifications is a “traffic light” node so that I can disable the alerts easily, set path is a function that simply looks at what motion sensor triggered the flow and creates a path to pass to the API call.

if(msg.payload === 'Breached'){
    msg.payload = {}
    if(msg.topic.includes('sensor.backporch')){
        msg.payload.path = '/api/camera_proxy/camera.backporch';
    }
    if(msg.topic.includes('sensor.sidedoor')){
        msg.payload.path = '/api/camera_proxy/camera.sidedoor';
    }
    if(msg.topic.includes('sensor.driveway')){
        msg.payload.path = '/api/camera_proxy/camera.driveway';
    }
    return msg;
}
else { return null; }

Conversation and IMAGE nodes are part of ChatBot and send the whole message off to Telegram on another flow.