Address Copilot review: sub-stream with override, length validation, log level

matteius · claude · matteius · commit 36402dc6cae6 · 2026-04-14T03:04:43.000-04:00
- Sub-stream registration no longer bypassed when main stream has
  go2rtc_source_override — all three registration paths
  (register_all, sync_from_database, register_stream) now skip only
  the main stream API call while still registering {name}_sub via API
- Validate go2rtc_config_override length on save (reject &gt;= 4096 bytes)
- Downgrade full config file dump from INFO to DEBUG to avoid leaking
  credentials from overrides into production logs

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/src/video/go2rtc/go2rtc_integration.c b/src/video/go2rtc/go2rtc_integration.c
@@ -1355,29 +1355,28 @@ bool go2rtc_integration_register_all_streams(void) {
     bool all_success = true;
     for (int i = 0; i < count; i++) {
         if (streams[i].enabled) {
-            // Skip streams with go2rtc source override — they are already
-            // defined in the go2rtc.yaml config file and don't need API registration.
+            // Skip main stream API registration when go2rtc source override is set —
+            // the main stream is already defined in go2rtc.yaml.
+            // Sub-stream registration still proceeds via API regardless.
             if (streams[i].go2rtc_source_override[0] != '\0') {
-                log_info("Skipping API registration for stream %s (has go2rtc source override)", streams[i].name);
-                continue;
-            }
-
-            log_info("Registering stream %s with go2rtc", streams[i].name);
-
-            // Register the stream with go2rtc
-            if (!go2rtc_stream_register(streams[i].name, streams[i].url,
-                                       streams[i].onvif_username[0] != '\0' ? streams[i].onvif_username : NULL,
-                                       streams[i].onvif_password[0] != '\0' ? streams[i].onvif_password : NULL,
-                                       streams[i].backchannel_enabled, streams[i].protocol,
-                                       streams[i].record_audio)) {
-                log_error("Failed to register stream %s with go2rtc", streams[i].name);
-                all_success = false;
-                // Continue with other streams
+                log_info("Skipping main stream API registration for %s (has go2rtc source override)", streams[i].name);
             } else {
-                log_info("Successfully registered stream %s with go2rtc", streams[i].name);
+                log_info("Registering stream %s with go2rtc", streams[i].name);
+
+                if (!go2rtc_stream_register(streams[i].name, streams[i].url,
+                                           streams[i].onvif_username[0] != '\0' ? streams[i].onvif_username : NULL,
+                                           streams[i].onvif_password[0] != '\0' ? streams[i].onvif_password : NULL,
+                                           streams[i].backchannel_enabled, streams[i].protocol,
+                                           streams[i].record_audio)) {
+                    log_error("Failed to register stream %s with go2rtc", streams[i].name);
+                    all_success = false;
+                } else {
+                    log_info("Successfully registered stream %s with go2rtc", streams[i].name);
+                }
             }
 
-            // Register sub-stream if configured (low-res for grid view)
+            // Register sub-stream if configured (low-res for grid view) —
+            // always via API, even when main stream uses config override.
             if (streams[i].sub_stream_url[0] != '\0') {
                 char sub_name[MAX_STREAM_NAME + 8];
                 snprintf(sub_name, sizeof(sub_name), "%s_sub", streams[i].name);
@@ -1454,23 +1453,7 @@ bool go2rtc_sync_streams_from_database(void) {
             skipped++;
             continue;
         }
-        if (db_streams[i].go2rtc_source_override[0] != '\0') {
-            log_debug("Skipping API sync for stream %s (has go2rtc source override)", db_streams[i].name);
-            skipped++;
-            continue;
-        }
-
-        // Check if stream already exists in go2rtc
-        if (go2rtc_api_stream_exists(db_streams[i].name)) {
-            log_debug("Stream %s already exists in go2rtc, skipping", db_streams[i].name);
-            skipped++;
-            continue;
-        }
-
-        // Stream needs to be registered
-        log_info("Registering missing stream %s with go2rtc", db_streams[i].name);
-
-        // Determine username and password
+        // Determine username and password (needed for both main and sub-stream)
         const char *username = NULL;
         const char *password = NULL;
 
@@ -1481,20 +1464,33 @@ bool go2rtc_sync_streams_from_database(void) {
             password = db_streams[i].onvif_password;
         }
 
-        // Register the stream
-        if (!go2rtc_stream_register(db_streams[i].name, db_streams[i].url,
-                                    username, password,
-                                    db_streams[i].backchannel_enabled, db_streams[i].protocol,
-                                    db_streams[i].record_audio)) {
-            log_error("Failed to register stream %s with go2rtc", db_streams[i].name);
-            all_success = false;
-            failed++;
+        // Skip main stream API sync when override is set (defined in go2rtc.yaml),
+        // but still fall through to sub-stream registration below.
+        if (db_streams[i].go2rtc_source_override[0] != '\0') {
+            log_debug("Skipping main stream API sync for %s (has go2rtc source override)", db_streams[i].name);
+            skipped++;
+        } else if (go2rtc_api_stream_exists(db_streams[i].name)) {
+            log_debug("Stream %s already exists in go2rtc, skipping", db_streams[i].name);
+            skipped++;
         } else {
-            log_info("Successfully synced stream %s to go2rtc", db_streams[i].name);
-            synced++;
+            // Stream needs to be registered
+            log_info("Registering missing stream %s with go2rtc", db_streams[i].name);
+
+            if (!go2rtc_stream_register(db_streams[i].name, db_streams[i].url,
+                                        username, password,
+                                        db_streams[i].backchannel_enabled, db_streams[i].protocol,
+                                        db_streams[i].record_audio)) {
+                log_error("Failed to register stream %s with go2rtc", db_streams[i].name);
+                all_success = false;
+                failed++;
+            } else {
+                log_info("Successfully synced stream %s to go2rtc", db_streams[i].name);
+                synced++;
+            }
         }
 
-        // Register sub-stream if configured
+        // Register sub-stream if configured — always via API,
+        // even when main stream uses config override.
         if (db_streams[i].sub_stream_url[0] != '\0') {
             char sub_name[MAX_STREAM_NAME + 8];
             snprintf(sub_name, sizeof(sub_name), "%s_sub", db_streams[i].name);
@@ -1810,22 +1806,16 @@ bool go2rtc_integration_register_stream(const char *stream_name) {
         return false;
     }
 
-    // Check for go2rtc source override — these streams are defined in go2rtc.yaml
-    // and don't need API registration
-    {
-        stream_config_t check_config;
-        if (get_stream_config(stream, &check_config) == 0 && check_config.go2rtc_source_override[0] != '\0') {
-            log_info("Stream %s has go2rtc source override, skipping API registration", stream_name);
-            return true;
-        }
-    }
-
     stream_config_t config;
     if (get_stream_config(stream, &config) != 0) {
         log_error("Failed to get config for stream %s", stream_name);
         return false;
     }
 
+    // Check for go2rtc source override — main stream is defined in go2rtc.yaml
+    // and doesn't need API registration, but sub-stream still needs it.
+    bool skip_main = (config.go2rtc_source_override[0] != '\0');
+
     // Determine username and password
     // Priority: 1) onvif fields, 2) extracted from URL
     char username[64] = {0};
@@ -1865,29 +1855,36 @@ bool go2rtc_integration_register_stream(const char *stream_name) {
         }
     }
 
-    // Register with go2rtc
-    if (go2rtc_stream_register(stream_name, config.url,
-                               username[0] != '\0' ? username : NULL,
-                               password[0] != '\0' ? password : NULL,
-                               config.backchannel_enabled, config.protocol,
-                               config.record_audio)) {
-        log_info("Successfully registered stream %s with go2rtc", stream_name);
-
-        // Register sub-stream if configured
-        if (config.sub_stream_url[0] != '\0') {
-            char sub_name[MAX_STREAM_NAME + 8];
-            snprintf(sub_name, sizeof(sub_name), "%s_sub", stream_name);
-            log_info("Registering sub-stream %s with go2rtc", sub_name);
-            go2rtc_stream_register(sub_name, config.sub_stream_url,
+    // Register main stream with go2rtc (skip if override is set — defined in YAML)
+    bool main_ok = true;
+    if (skip_main) {
+        log_info("Stream %s has go2rtc source override, skipping main API registration", stream_name);
+    } else {
+        if (go2rtc_stream_register(stream_name, config.url,
                                    username[0] != '\0' ? username : NULL,
                                    password[0] != '\0' ? password : NULL,
-                                   false, config.protocol, false);
+                                   config.backchannel_enabled, config.protocol,
+                                   config.record_audio)) {
+            log_info("Successfully registered stream %s with go2rtc", stream_name);
+        } else {
+            log_warn("Failed to register stream %s with go2rtc", stream_name);
+            main_ok = false;
         }
-        return true;
     }
 
-    log_warn("Failed to register stream %s with go2rtc", stream_name);
-    return false;
+    // Register sub-stream if configured — always via API,
+    // even when main stream uses config override.
+    if (config.sub_stream_url[0] != '\0') {
+        char sub_name[MAX_STREAM_NAME + 8];
+        snprintf(sub_name, sizeof(sub_name), "%s_sub", stream_name);
+        log_info("Registering sub-stream %s with go2rtc", sub_name);
+        go2rtc_stream_register(sub_name, config.sub_stream_url,
+                               username[0] != '\0' ? username : NULL,
+                               password[0] != '\0' ? password : NULL,
+                               false, config.protocol, false);
+    }
+
+    return main_ok || skip_main;
 }
 
 // ============================================================================
diff --git a/src/video/go2rtc/go2rtc_process.c b/src/video/go2rtc/go2rtc_process.c
@@ -783,18 +783,19 @@ bool go2rtc_process_generate_config(const char *config_path, int api_port) {
     fclose(config_file);
     log_info("Generated go2rtc configuration file: %s", config_path);
 
-    // Print the content of the config file for debugging
+    // Print the content of the config file at DEBUG level to avoid
+    // leaking credentials from overrides into production logs.
     FILE *read_file = fopen(config_path, "r");
     if (read_file) {
         char line[256];
-        log_info("Contents of go2rtc config file:");
+        log_debug("Contents of go2rtc config file:");
         while (fgets(line, sizeof(line), read_file)) {
             // Remove newline character
             size_t len = strlen(line);
             if (len > 0 && line[len-1] == '\n') {
                 line[len-1] = '\0';
             }
-            log_info("  %s", line);
+            log_debug("  %s", line);
         }
         fclose(read_file);
     }
diff --git a/src/web/api_handlers_settings.c b/src/web/api_handlers_settings.c
@@ -963,7 +963,10 @@ void handle_post_settings(const http_request_t *req, http_response_t *res) {
     // go2rtc global config override (stored in system_settings)
     cJSON *go2rtc_config_override = cJSON_GetObjectItem(settings, "go2rtc_config_override");
     if (go2rtc_config_override && cJSON_IsString(go2rtc_config_override)) {
-        if (db_set_system_setting("go2rtc_config_override", go2rtc_config_override->valuestring) != 0) {
+        size_t override_len = strlen(go2rtc_config_override->valuestring);
+        if (override_len >= 4096) {
+            log_error("go2rtc_config_override too long (%zu bytes, max 4095)", override_len);
+        } else if (db_set_system_setting("go2rtc_config_override", go2rtc_config_override->valuestring) != 0) {
             log_error("Failed to save go2rtc_config_override to system_settings");
         } else {
             log_info("Updated go2rtc_config_override");
