Unified NVR System - Engineering Architecture

Technology Stack

• Backend: Python 3.11 + Flask + Threading
• Frontend: ES6 + jQuery + WebRTC (WHEP) + HLS.js + Axios
• Video Processing: FFmpeg 7+ with dual-output support (sub + main streams)
• Stream Delivery: MediaMTX for WebRTC (~200ms), LL-HLS (~2s), and RTSP re-export
• Protocol Bridge: Neolink v0.6.2 for Baichuan-to-RTSP translation
• Containerization: Docker + Docker Compose
• Credentials: AWS Secrets Manager integration
• Database: PostgreSQL + PostgREST (recording metadata, PTZ latency learning)
• Motion Detection: Reolink Baichuan, ONVIF PullPoint, FFmpeg scene detection

Component Responsibilities

• CameraRepository: DB-first camera config loading (PostgreSQL cameras table via PostgREST) with JSON fallback. Provides filtering by type/capability, per-user stream type resolution via get_effective_stream_type(). cameras.json used only for initial seeding and admin reset.
• StreamManager: Orchestrates FFmpeg processes with dual-output (sub/main), manages stream lifecycle, implements watchdog restarts
• Credential Providers: Fetch credentials from AWS Secrets Manager per vendor (Eufy, Reolink, UniFi, Amcrest, SV3C)
• Stream Handlers: Build RTSP URLs, FFmpeg parameters using Strategy Pattern; SV3C added Dec 2025
• RecordingService: Manages continuous, motion-triggered, and manual recording with pre-buffer support
• SegmentBufferManager: Rolling 5-second segment buffer for pre-motion capture
• SnapshotService: Periodic JPEG capture from MediaMTX RTSP output
• ONVIF PTZ Handler: Standardized pan/tilt/zoom/preset control across Amcrest, Reolink, SV3C
• Motion Detection: Three methods: Reolink Baichuan (push), ONVIF PullPoint (poll), FFmpeg scene detection (universal)

Audio Architecture (Jan 19, 2026)

Key Discovery: WebRTC only supports Opus audio codec. MediaMTX explicitly skips AAC/MPEG-4 audio tracks for WebRTC sessions.

• Camera Native Audio: Most cameras (UniFi, Reolink) output AAC LC @ 16kHz mono
• WebRTC Requirement: Must transcode AAC → Opus for audio to work
• FFmpeg Config: "c:a": "libopus", "b:a": "32k" in cameras.json audio section
• Video Passthrough: Video stays as copy (-c:v copy) - only audio is transcoded (minimal CPU)
• Both Streams: Sub and main streams both use Opus (fullscreen also uses WebRTC)

Config Location: config/cameras.json → per-camera ll_hls.audio section

Code Location: streaming/ffmpeg_params.py lines 386-395 (sub stream) and 417-425 (main stream)

FFmpeg Parameter Resolution

• stream_type filtering: resolution_sub vs resolution_main selected based on request
• Key translation: Project keys (e.g., frame_rate_grid_mode) mapped to FFmpeg flags (-r)
• Codec handling: "c:v": "transcode" resolves to -c:v libx264
• Scale filter: resolution_sub: "320x240" becomes -vf scale=320:240

Recording Directory Structure

• Path Format: /recordings/{type}/{CAMERA_NAME}/YYYY/MM/DD/{serial}_{timestamp}.mp4
• Recording Types: motion, continuous, manual, snapshots
• Pre-Buffer: /recordings/buffer/{camera_id}/seg_*.ts (rolling segments, auto-cleanup)
• Camera Name Normalization: Uppercase, spaces to underscores, special chars removed, max 50 chars

PTZ Controller Features (Nov 2025 - Jan 2026)

• ONVIF Protocol: Standardized pan/tilt/zoom/preset control for Amcrest, Reolink, SV3C
• Adaptive Latency: PostgreSQL-backed per-camera latency learning (rolling avg of 10 samples)
• Race Condition Fix: Fire-and-forget move commands with acknowledgment tracking before stop
• Touch Device Support: Document-level touchend handlers, mobile-optimized controls
• Draggable Controls: PTZ panel draggable in fullscreen mode with position persistence
• GotoHomePosition: ONVIF command for PTZ stepper recalibration

Problem: iOS Safari has unreliable multipart MJPEG parsing and strict video decode limits (~4-8 simultaneous HLS streams). Android handles MJPEG well but also has resource constraints on mobile.

Solution: Device-specific streaming strategies with snapshot polling for iOS grid view.

iOS Snapshot Implementation Details

• Endpoint: /api/snap/<camera_id> - Returns latest JPEG from frame buffer
• Frame Sources: Checks reolink_mjpeg_capture_service → mediaserver_mjpeg_service → unifi frame buffers
• Polling Interval: 1 second (configurable via SnapshotStreamManager)
• Element Swap: <video> → <img class="stream-snapshot-img"> for grid view
• Fullscreen Switch: SNAPSHOT → HLS main stream with element restoration
• Resource Management: All other cameras' snapshot polling paused during fullscreen

iOS WebRTC Support (DTLS Enabled - Jan 18, 2026)

• DTLS-SRTP Enabled: MediaMTX configured with webrtcEncryption: yes for iOS Safari WebRTC support (~200ms latency)
• Configuration: cameras.json has webrtc_global_settings.enable_dtls: true
• nginx Proxy: WHEP endpoint proxied via HTTPS (/webrtc/ → https://nvr-packager:8889 with SSL verify off)
• Grid Mode Options: iOS defaults to snapshot polling (1fps), but experimental "Force WebRTC Grid" setting available
• Fullscreen: iOS now uses WebRTC (~200ms) instead of HLS fallback (~2-4s)

Playback Volume Control

Per-camera volume control with browser persistence:

• UI: Click speaker icon → popup with slider (0-100%) and mute toggle
• Storage: localStorage cameraAudioPreferences[cameraId] = { volume: 75, muted: false }
• Implementation: static/js/streaming/stream.js - event handlers for slider input/change
• Styling: static/css/components/stream-volume-popup.css

Two-Way Audio (Talkback)

Browser microphone → camera speaker communication:

• Eufy (Working): Browser → WebSocket → Flask → TalkbackTranscoder (FFmpeg: 16kHz mono AAC ADTS 20kbps) → Eufy P2P Bridge → Camera
• ONVIF (via go2rtc): Browser → WebSocket → Flask → go2rtc API → ONVIF AudioBackChannel → Camera
• go2rtc Service: nvr-go2rtc container handles ONVIF backchannel while MediaMTX serves video (avoids dual-connection issues)

Camera Power Control

Remote power cycle capability for cameras connected to smart outlets or PoE switches:

• Hubitat Integration: Cameras connected to Hubitat-controlled smart outlets (Zigbee/Z-Wave)
• UniFi PoE Integration: Cameras powered via UniFi switch PoE ports
• Manual Trigger: Power button in stream controls (immediate cycle)
• Auto Power-Cycle: Optional feature when camera goes OFFLINE (disabled by default)

Authentication Architecture: bcrypt-based password authentication with PostgreSQL session storage. Role-based access (admin/user). Sessions are indefinite until logout. No JWT — Flask signed cookies with server-side session tracking.

• Password Hashing: bcrypt via Python bcrypt library (cost factor 12)
• Session Storage: user_sessions table — UUID session IDs, IP address, user agent, last_activity timestamp
• Roles: admin (full access, user management) and user (camera access, no admin)
• First Login: must_change_password = true forces password change before accessing NVR
• Per-User Camera Preferences: user_camera_preferences table stores preferred stream type per camera per user. Resolved at stream start via get_effective_stream_type(serial, user_id) (user pref > camera default)
• Camera Visibility: user_camera_access table — if no rows for a user, they see all cameras; rows restrict to allowed list
• Default Accounts: admin/admin (must change), view/view — created by psql/init-db.sql on fresh DB init

DB-First Architecture: Camera configuration migrated from static cameras.json to PostgreSQL cameras table. CameraRepository uses DB as runtime source of truth with JSON as fallback and reset source.

• Loading Priority: PostgreSQL (via PostgREST) → JSON fallback → error
• Auto-Sync: services/camera_config_sync.py runs at startup — detects new cameras in JSON not in DB and inserts them; cameras in DB but not JSON are logged (not deleted)
• Write Path: All camera config writes go to DB + JSON backup simultaneously via update_camera_setting()
• Interface Unchanged: All 14+ consuming services use CameraRepository unchanged — DB migration was transparent
• Camera Rename: PUT /api/camera/<serial>/name — updates DB + JSON + in-memory cache atomically
• Admin Endpoints: POST /api/cameras/force-sync (reset from JSON), GET /api/cameras/data-source (check current source)
• Vendor Configs: unifi.json, eufy.json, reolink.json, amcrest.json remain as JSON (static infra config, not per-camera runtime)

HTTP Request Reduction: Five-phase refactor reduced browser→server HTTP traffic from ~1930 req/min to ~700 req/min per browser tab.

• Phase 1 — nginx Static Files: nginx/nginx.conf serves /static/ directly with 1h cache + Cache-Control: public, immutable. Removes 71+ per-page-load requests from Gunicorn/Flask.
• Phase 2 — SocketIO Camera State Push: camera_state_tracker.py emits camera_state_changed events on /stream_events namespace. camera-state-monitor.js subscribes and falls back to 30s batch polling. Reduced 120 req/min → 2 req/min.
• Phase 3 — Non-Blocking Stream Restart: /api/stream/restart/<serial> returns immediately (202), notifies completion via SocketIO. Eliminates 15-second blocking requests.
• Phase 4 — PostgREST Connection Pooling: _postgrest_session = requests.Session() in app.py. Reuses TCP connections across all PostgREST interactions, eliminating ~50-70ms overhead per cycle.
• Phase 5 — Snapshot Visibility Gating: snapshot-stream.js uses IntersectionObserver — pauses polling for off-screen cameras (100px rootMargin for pre-fetch). Reduced ~1200 → ~300 req/min for snapshot cameras.

External API: Flask Blueprint (services/external_api_routes.py) exposes NVR camera data and stream URLs to external services (TILES home automation dashboard).

• Authentication: Bearer token via NVR_API_TOKEN env var (stored in AWS Secrets Manager). Dev fallback: LAN-only IP check with warning log.
• Endpoints:
  • GET /api/external/cameras — list all cameras with capabilities (including has_audio)
  • GET /api/external/stream-url/<serial> — get current stream URL for a camera
  • GET /api/external/snapshot/<serial> — get latest snapshot
  • GET /api/external/status — NVR health status
• CORS: Configured to allow Authorization header from TILES origin
• Token Retrieval for TILES: NVR_API_TOKEN is in AWS Secrets Manager NVR-Secrets — pulled via pull_nvr_secrets()

File Structure Reference

• Entry Point: app.py - Flask application and service initialization
• Stream Orchestration: streaming/stream_manager.py
• Vendor Handlers: streaming/handlers/{eufy,reolink,unifi,amcrest,sv3c}_stream_handler.py
• Credential Providers: services/credentials/{eufy,reolink,unifi,amcrest,sv3c}_credential_provider.py
• FFmpeg Config: streaming/ffmpeg_params.py
• Camera Config (runtime): PostgreSQL cameras table (seeded from config/cameras.json)
• Camera Config (source/reset): config/cameras.json
• Camera Config Sync: services/camera_config_sync.py — auto-seeds DB from JSON on startup
• Recording Config: config/recording_settings.json
• go2rtc Config: config/go2rtc.yaml
• Talkback Transcoder: services/talkback_transcoder.py
• Recording Service: services/recording/recording_service.py
• Segment Buffer: services/recording/segment_buffer.py
• Storage Manager: services/recording/storage_manager.py
• Motion Detection: services/motion/ffmpeg_motion_detector.py, services/onvif/onvif_event_listener.py
• ONVIF PTZ: services/onvif/onvif_ptz_handler.py
• Eufy Bridge: services/eufy/eufy_bridge.py — self-healing P2P bridge (auto-restart, keepalive, BridgeCrashedError)
• Power Services: services/power/hubitat_power_service.py, services/power/unifi_poe_service.py
• Power Controller: static/js/controllers/power-controller.js
• External API: services/external_api_routes.py — REST API for TILES integration (Bearer token auth)
• Camera State Tracker: services/camera_state_tracker.py — emits SocketIO push events on state change
• Neolink Config: config/neolink.toml
• Frontend Streaming: static/js/streaming/*.js (stream.js, webrtc-stream.js, hls-stream.js, snapshot-stream.js, camera-state-monitor.js)
• Frontend Controllers: static/js/controllers/*.js (includes ptz-controller.js with Eufy retry UI)
• Templates: templates/streams.html
• Database Schema: psql/init-db.sql — consolidated, all 13 tables (recordings, motion_events, users, cameras, etc.)
• DB Migrations: psql/migrations/001–011_*.sql — apply to existing deployments only
• nginx Config: nginx/nginx.conf — serves /static/ directly (bypasses Flask/Gunicorn)