Full ALPR Database System for Blue Iris!

[algertc]

Just pushed an update.

• Added camera name column to live feed. Optionally send with "camera":"&CAM" or &NAME for long name.
• Additional sorting options in plate database
• Auth bypass for HomeAssistant dashboards
• Database migration fix (Requires new migrations.sql file from GitHub)
• Ability to correct or edit OCR responses in the live feed page

Update instructions:
I originally misunderstood how the docker entrypoint worked with the database. In order to update your database schema with the latest changes, a new file: migrations.sql is required. I also had to make changes to the compose file to accommodate this. Please download the migrations.sql from the GitHub repository and make sure that you edit your compose file to add the new sections under "db", as seen in the latest version in the repository (added a volume for migrations and a command section that will perform the update). After this, the update procedure is the same: docker compose down, docker compose pull, docker compose up -d. All of the data in your database will remain intact.


HomeAssistant:
I spun up a HA instance to test this, and as far as I can tell, It is working now. I spent quite a while trying to get a more robust solution to work, but ended up back at the IP whitelist in the end. There is now a HomeAssistant section in the settings page that will let you add IP addresses to bypass the authentication. Note that these IPs are the devices that you use to access your HA webserver, not the HA IP itself. It will also only bypass when viewing through your HA dashboard. i.e. If you whitelist a device, it will be able to use the app inside of HA without logging in but must still log in if accessing the app directly / not through HA. If I understand the use case correctly, this should be a pretty functional solution for most people.

It definitely isn't rock solid from a security perspective (the IP can easily be spoofed), but I would actually expect it to be fairly OK for what it needs to protect against. You never know what strange stuff / dubious backdoored IOT devices might be lurking around on your network. This is, of course, especially true for HomeAssistant users. While this is still security by obscurity, I'd wager that the odds of a malicious IOT device or crawler figuring out which IPs you are allowing, spoofing one of those IPs, and simulating an iframe are virtually zero, aside from a targeted attack. None of this even matters at the moment since the app isn't using HTTPS yet, but I'm trying to future-proof / plan ahead where I can and not be the cause of any security incidents.


A note on vehicle description & Public data:
Someone mentioned the idea of integrating some public data sources to look up plates. While this would be super useful, in practice, it just isn't reliable at all. I do quite a lot of web scraping/osint/working with data brokers day to day, and license plates are among the hardest to get good data for. DMV data isn't public, so you have to rely on other sources, which there are plenty of, but the issue is that license plates just change too frequently, and there's a massive delay to get up-to-date results. With a VIN number, you can almost always find the vehicle info, but between sales, registration/state changes, vanity plates, specialty plates, etc., it ends up being really tough to keep track of.

If anyone is curious to test results on their local traffic, Oreilly Auto Parts actually lets you look up any plate for free:

https://www.oreillyauto.com/vin-lookup

I don't think it makes sense to try to integrate any lookup functionality like this since the result percentage is so low, but I'm sharing that as a resource. It has come in handy a couple of times for me when looking at nighttime footage where I didn't have any legible video to see the make/model of a vehicle of interest.

On this note, the vehicle description column has been removed from the front end since it serves no purpose at the moment.


@Vettester @prsmith777 @Skinny1

 

[Vettester]

Thanks for the update! Unfortunately, this still doesn’t work inside of Home Assistant. Maybe I’m doing something wrong but I added the IP addresses of the devices to the whitelist and it is still asking for login credentials.

 

[algertc]

Thanks for the update! Unfortunately, this still doesn’t work inside of Home Assistant. Maybe I’m doing something wrong but I added the IP addresses of the devices to the whitelist and it is still asking for login credentials.

View attachment 208627

View attachment 208628

UGH. iframe hell. Really thought that was going to do it.


Do you access your HA through a reverse proxy or something? That's the only thing I can think of. I tested it with multiple devices in a bunch of different configurations, and it worked on my network. I'm guessing you already tested those other devices, but please do if you haven't. If not reverse proxy, I'll have to PM you some logs to add for debugging because I honestly have no idea otherwise.


On another HA note, I noticed someone's fork of my repo this morning that seemed to be testing out other automation capability with HA. Requesting the data, live updates, more complex logic like checking if a plate is known/flagged, triggering other things, etc. I think the next addition will be webhook support to send received plates to other systems (like HA) for automations and such. Let me know if this would be of interest.

 

[Vettester]

UGH. iframe hell. Really thought that was going to do it.

I’m not using a reverse proxy and I have tried this on multiple devices (MacBook, iPhone, iPad). In your test environment how did you install HA?

One other thing I’ve notice is that as the db gets larger the app slows down significantly. Is there someway to optimize the database or do you have a recommendation on how many records can be stored?

 

[Vettester]

On another HA note

Not sure I want automations triggered by passing cars. The pushover functionality does what I need for now.

 

[algertc]

I’m not using a reverse proxy and I have tried this on multiple devices (MacBook, iPhone, iPad). In your test environment how did you install HA?

One other thing I’ve notice is that as the db gets larger the app slows down significantly. Is there someway to optimize the database or do you have a recommendation on how many records can be stored?

What does it say in the server logs in the container if you navigate to your HA dashboard and reload the page? It should print something like "checking IP: <IP>". If something is wrong, it should print a warning on another line near that explaining what's wrong.

I just used the HA docker image and clicked "add webpage" then put in the URL. I was able to access the ALPR database as an iframe on the dashboard without logging in on my phone, my laptop, and desktop.


The way the images are stored right now is pretty terrible. They are just dumped directly into the database as base64 text which was a lazy solution that I used originally to get things going and have not changed, but definitely need to. How many records do you have in your live feed (plate_reads) table? It shouldn't be too slow even with minimal hardware. I have 3000 currently, and it's fairly speedy. The pagination should handle this pretty effectively. If it's unusably slow, check the size of the images you are sending. I have mine set to a pretty low resolution at 50% quality. Reworking this will be next up.

 

[Vettester]

What does it say in the server logs in the container if you navigate to your HA dashboard and reload the page? It should print something like "checking IP: <IP>". If something is wrong, it should print a warning on another line near that explaining what's wrong.

Is this what you’re looking for? I assume 172.18.0.1 is a proxy connection test.

 

[prsmith777]

On another HA note, I noticed someone's fork of my repo this morning that seemed to be testing out other automation capability with HA. Requesting the data, live updates, more complex logic like checking if a plate is known/flagged, triggering other things, etc. I think the next addition will be webhook support to send received plates to other systems (like HA) for automations and such. Let me know if this would be of interest.

Very interested in these capabilities. For my driveway LPR, I'd like to be able to have HA match certain license plates to announce who is coming up the driveway.

 

[Vettester]

How many records do you have in your live feed (plate_reads) table? It shouldn't be too slow even with minimal hardware. I have 3000 currently, and it's fairly speedy.one

Not sure on the total number, but I have over 4350 unique plates with the top one seen 73 times.

 

[Skinny1]

Just pushed an update.

• Added camera name column to live feed. Optionally send with "camera":"&CAM" or &NAME for long name.
• Additional sorting options in plate database
• Auth bypass for HomeAssistant dashboards
• Database migration fix (Requires new migrations.sql file from GitHub)
• Ability to correct or edit OCR responses in the live feed page

Update instructions:
I originally misunderstood how the docker entrypoint worked with the database. In order to update your database schema with the latest changes, a new file: migrations.sql is required. I also had to make changes to the compose file to accommodate this. Please download the migrations.sql from the GitHub repository and make sure that you edit your compose file to add the new sections under "db", as seen in the latest version in the repository (added a volume for migrations and a command section that will perform the update). After this, the update procedure is the same: docker compose down, docker compose pull, docker compose up -d. All of the data in your database will remain intact.


HomeAssistant:
I spun up a HA instance to test this, and as far as I can tell, It is working now. I spent quite a while trying to get a more robust solution to work, but ended up back at the IP whitelist in the end. There is now a HomeAssistant section in the settings page that will let you add IP addresses to bypass the authentication. Note that these IPs are the devices that you use to access your HA webserver, not the HA IP itself. It will also only bypass when viewing through your HA dashboard. i.e. If you whitelist a device, it will be able to use the app inside of HA without logging in but must still log in if accessing the app directly / not through HA. If I understand the use case correctly, this should be a pretty functional solution for most people.

It definitely isn't rock solid from a security perspective (the IP can easily be spoofed), but I would actually expect it to be fairly OK for what it needs to protect against. You never know what strange stuff / dubious backdoored IOT devices might be lurking around on your network. This is, of course, especially true for HomeAssistant users. While this is still security by obscurity, I'd wager that the odds of a malicious IOT device or crawler figuring out which IPs you are allowing, spoofing one of those IPs, and simulating an iframe are virtually zero, aside from a targeted attack. None of this even matters at the moment since the app isn't using HTTPS yet, but I'm trying to future-proof / plan ahead where I can and not be the cause of any security incidents.


A note on vehicle description & Public data:
Someone mentioned the idea of integrating some public data sources to look up plates. While this would be super useful, in practice, it just isn't reliable at all. I do quite a lot of web scraping/osint/working with data brokers day to day, and license plates are among the hardest to get good data for. DMV data isn't public, so you have to rely on other sources, which there are plenty of, but the issue is that license plates just change too frequently, and there's a massive delay to get up-to-date results. With a VIN number, you can almost always find the vehicle info, but between sales, registration/state changes, vanity plates, specialty plates, etc., it ends up being really tough to keep track of.

If anyone is curious to test results on their local traffic, Oreilly Auto Parts actually lets you look up any plate for free:

https://www.oreillyauto.com/vin-lookup

I don't think it makes sense to try to integrate any lookup functionality like this since the result percentage is so low, but I'm sharing that as a resource. It has come in handy a couple of times for me when looking at nighttime footage where I didn't have any legible video to see the make/model of a vehicle of interest.

On this note, the vehicle description column has been removed from the front end since it serves no purpose at the moment.


@Vettester @prsmith777 @Skinny1

Wonder if anyone would be interested in making a how to install video for the new

Just pushed an update.

• Added camera name column to live feed. Optionally send with "camera":"&CAM" or &NAME for long name.
• Additional sorting options in plate database
• Auth bypass for HomeAssistant dashboards
• Database migration fix (Requires new migrations.sql file from GitHub)
• Ability to correct or edit OCR responses in the live feed page

Update instructions:
I originally misunderstood how the docker entrypoint worked with the database. In order to update your database schema with the latest changes, a new file: migrations.sql is required. I also had to make changes to the compose file to accommodate this. Please download the migrations.sql from the GitHub repository and make sure that you edit your compose file to add the new sections under "db", as seen in the latest version in the repository (added a volume for migrations and a command section that will perform the update). After this, the update procedure is the same: docker compose down, docker compose pull, docker compose up -d. All of the data in your database will remain intact.


HomeAssistant:
I spun up a HA instance to test this, and as far as I can tell, It is working now. I spent quite a while trying to get a more robust solution to work, but ended up back at the IP whitelist in the end. There is now a HomeAssistant section in the settings page that will let you add IP addresses to bypass the authentication. Note that these IPs are the devices that you use to access your HA webserver, not the HA IP itself. It will also only bypass when viewing through your HA dashboard. i.e. If you whitelist a device, it will be able to use the app inside of HA without logging in but must still log in if accessing the app directly / not through HA. If I understand the use case correctly, this should be a pretty functional solution for most people.

It definitely isn't rock solid from a security perspective (the IP can easily be spoofed), but I would actually expect it to be fairly OK for what it needs to protect against. You never know what strange stuff / dubious backdoored IOT devices might be lurking around on your network. This is, of course, especially true for HomeAssistant users. While this is still security by obscurity, I'd wager that the odds of a malicious IOT device or crawler figuring out which IPs you are allowing, spoofing one of those IPs, and simulating an iframe are virtually zero, aside from a targeted attack. None of this even matters at the moment since the app isn't using HTTPS yet, but I'm trying to future-proof / plan ahead where I can and not be the cause of any security incidents.


A note on vehicle description & Public data:
Someone mentioned the idea of integrating some public data sources to look up plates. While this would be super useful, in practice, it just isn't reliable at all. I do quite a lot of web scraping/osint/working with data brokers day to day, and license plates are among the hardest to get good data for. DMV data isn't public, so you have to rely on other sources, which there are plenty of, but the issue is that license plates just change too frequently, and there's a massive delay to get up-to-date results. With a VIN number, you can almost always find the vehicle info, but between sales, registration/state changes, vanity plates, specialty plates, etc., it ends up being really tough to keep track of.

If anyone is curious to test results on their local traffic, Oreilly Auto Parts actually lets you look up any plate for free:

https://www.oreillyauto.com/vin-lookup

I don't think it makes sense to try to integrate any lookup functionality like this since the result percentage is so low, but I'm sharing that as a resource. It has come in handy a couple of times for me when looking at nighttime footage where I didn't have any legible video to see the make/model of a vehicle of interest.

On this note, the vehicle description column has been removed from the front end since it serves no purpose at the moment.


@Vettester @prsmith777 @Skinny1

I wonder if anyone would be interested in making a short how-to install youtube video for the new full ALPR Database system for Blue Iris?

​

 

[hikky_b]

It was me playing with a fork of your repo. Please note for anyone looking that I have no experience with nextJS so it's essentially heavy AI use within cursor and learning on the fly, along with git..

I use HA and tried using an iframe and got the same issues as posted above. Iframes are a pain indeed.. I will look into it further.

My main use case for HA with this ALPR DB was not to just have a live feed of plate detections but to use it as the backend storage for known plates and detections. HA automations are so powerful and flexible that it doesn't make sense to me to add this automation logic into the ALPR dashboard, but create endpoints that we can query in automations from HA.

Example flow:

Blue Iris detects plate --> Sends data to ALPR DB & also the plate number to HA --> HA automation triggers and checks if the plate number is saved as a known plate in the DB --> [IF true] open gate and plays TTS on house speakers.

Interested to hear how others would use the data from the ALPR db in their HA automations etc and what I'm missing with my example logic

 

[algertc]

Is this what you’re looking for? I assume 172.18.01 is a proxy connection test.

View attachment 208648

The IP comes from the x forwarded for header which should be the IP of the device you are browsing from. That seems like a docker IP, which is confusing. Does that 172 address look familiar at all?

Can you confirm: the iframe setup (what address you have it connecting to), the address that you use to hit your HA dashboard, and how your HA is deployed?

This suggests there's an extra hop somewhere along the way.

 

[algertc]

Not sure on the total number, but I have over 4350 unique plates with the top one seen 73 times.

View attachment 208660

Oh my that is a lot of cars. That will definitely be problematic for the database page since its trying to get all 4350 records at once and any sorting also happens on the client.

I will fix this by adding pagination like the live feed.

 

[algertc]

Wonder if anyone would be interested in making a how to install video for the new

I wonder if anyone would be interested in making a short how-to install youtube video for the new full ALPR Database system for Blue Iris?

​

Was thinking about this. Will do.

 

[Vettester]

Can you confirm: the iframe setup (what address you have it connecting to), the address that you use to hit your HA dashboard, and how your HA is deployed?

I’m running HAOS on a baremetal BMAX x86 mini-pc. Everything on my network is 192.168.86.0/24 so I’m not sure where the 172.18.0.1 is coming from.

 

[algertc]

It was me playing with a fork of your repo. Please note for anyone looking that I have no experience with nextJS so it's essentially heavy AI use within cursor and learning on the fly, along with git..

I use HA and tried using an iframe and got the same issues as posted above. Iframes are a pain indeed.. I will look into it further.

My main use case for HA with this ALPR DB was not to just have a live feed of plate detections but to use it as the backend storage for known plates and detections. HA automations are so powerful and flexible that it doesn't make sense to me to add this automation logic into the ALPR dashboard, but create endpoints that we can query in automations from HA.

Example flow:

Blue Iris detects plate --> Sends data to ALPR DB & also the plate number to HA --> HA automation triggers and checks if the plate number is saved as a known plate in the DB --> [IF true] open gate and plays TTS on house speakers.

Interested to hear how others would use the data from the ALPR db in their HA automations etc and what I'm missing with my example logic

Ah nice ok. I'm definitely no professional either - lots of AI generated code in my repo haha.

Can you share more about your iframe not working? If you could check the same logs and see what it says that would help me figure it out. Mine is working perfectly, so I am a little lost.


On your automation flow, are you also storing the plates in HA? If not, would it possibly make sense to do something like this: Blue Iris detects plate --> Sends data to ALPR DB --> ALPR DB receives a recognition, sends all necessary data to your HA with a webhook --> HA automation logic

This is what I meant to explain in the issue. If I understand correctly it seems like this would be a lot easier since you can just send the data once instead of multiple back and forth requests, while also keeping all logic within HA

 

[algertc]

I’m running HAOS on a baremetal BMAX x86 mini-pc. Everything on my network is 192.168.86.0/24 so I’m not sure where the 172.18.0.1 is coming from.

I created a branch called iframe in the repo and added some extra logs on lines 91-99 of file:/app/api/verify-whitelist/route.js. If you are able, please see if you can edit the file directly in the docker container to add those lines.

Link: File on Iframe branch

 

[Vettester]

If you are able, please see if you can edit the file directly in the docker container to add those lines.

Does the bracket on line 96 remain there or should I delete it?

 

[algertc]

Does the bracket on line 96 remain there or should I delete it?

View attachment 208682

I can't fully tell from that ss. Looks like it should be removed. Easiest is probably to just copy and paste the whole file actually. Lmk

 

[Vettester]

Easiest is probably to just copy and paste the whole file actually. Lmk

That’s what I thought so that’s what I did. Here’s the log after the change.