mirror of
https://github.com/lumapu/ahoy.git
synced 2025-07-23 11:17:11 +02:00
0.8.78
* try to finalize API token protection
This commit is contained in:
lumapu
parent
15349520d2
commit
8b2db4abfa
6 changed files with 39 additions and 49 deletions
|
|
@ -1,5 +1,8 @@
|
|||
# Development Changes
|
||||
|
||||
## 0.8.78 - 2024-02-09
|
||||
* finalized API token access #1415
|
||||
|
||||
## 0.8.77 - 2024-02-08
|
||||
* merge PR: BugFix: ACK #1414
|
||||
* fix suspicious if condition #1416
|
||||
|
|
|
|||
12
src/app.h
12
src/app.h
|
|
@ -251,8 +251,8 @@ class app : public IApp, public ah::Scheduler {
|
|||
mProtection->lock();
|
||||
}
|
||||
|
||||
char *unlock(const char *clientIp) override {
|
||||
return mProtection->unlock(clientIp);
|
||||
char *unlock(const char *clientIp, bool loginFromWeb) override {
|
||||
return mProtection->unlock(clientIp, loginFromWeb);
|
||||
}
|
||||
|
||||
void resetLockTimeout(void) override {
|
||||
|
|
@ -263,12 +263,8 @@ class app : public IApp, public ah::Scheduler {
|
|||
return mProtection->isProtected();
|
||||
}
|
||||
|
||||
bool isProtected(const char *clientIp) const override {
|
||||
return mProtection->isProtected(clientIp);
|
||||
}
|
||||
|
||||
bool isProtected(const char *clientIp, const char *token) const override {
|
||||
return mProtection->isProtected(clientIp, token);
|
||||
bool isProtected(const char *token, bool askedFromWeb) const override {
|
||||
return mProtection->isProtected(token, askedFromWeb);
|
||||
}
|
||||
|
||||
bool getNrfEnabled(void) override {
|
||||
|
|
|
|||
|
|
@ -62,11 +62,10 @@ class IApp {
|
|||
virtual uint32_t getMqttTxCnt() = 0;
|
||||
|
||||
virtual void lock(void) = 0;
|
||||
virtual char *unlock(const char *clientIp) = 0;
|
||||
virtual char *unlock(const char *clientIp, bool loginFromWeb) = 0;
|
||||
virtual void resetLockTimeout(void) = 0;
|
||||
virtual bool isProtected(void) const = 0;
|
||||
virtual bool isProtected(const char *clientIp) const = 0;
|
||||
virtual bool isProtected(const char *clientIp, const char *token) const = 0;
|
||||
virtual bool isProtected(const char *token, bool askedFromWeb) const = 0;
|
||||
|
||||
virtual uint16_t getHistoryValue(uint8_t type, uint16_t i) = 0;
|
||||
virtual uint16_t getHistoryMaxDay() = 0;
|
||||
|
|
|
|||
|
|
@ -40,21 +40,26 @@ class Protection {
|
|||
// auto logout
|
||||
if(0 != mLogoutTimeout) {
|
||||
if (0 == --mLogoutTimeout) {
|
||||
if(mPwd[0] != '\0')
|
||||
if(mPwd[0] != '\0') {
|
||||
mProtected = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void lock(void) {
|
||||
mProtected = true;
|
||||
mLoginIp.fill(0);
|
||||
mToken.fill(0);
|
||||
}
|
||||
|
||||
char *unlock(const char *clientIp) {
|
||||
char *unlock(const char *clientIp, bool loginFromWeb) {
|
||||
mLogoutTimeout = LOGOUT_TIMEOUT;
|
||||
mProtected = false;
|
||||
|
||||
if(loginFromWeb)
|
||||
ah::ip2Arr(static_cast<uint8_t*>(mLoginIp.data()), clientIp);
|
||||
else
|
||||
genToken();
|
||||
|
||||
return reinterpret_cast<char*>(mToken.data());
|
||||
|
|
@ -69,29 +74,26 @@ class Protection {
|
|||
return mProtected;
|
||||
}
|
||||
|
||||
bool isProtected(const char *clientIp, const char *token) const {
|
||||
if(isProtected(clientIp))
|
||||
return true;
|
||||
|
||||
if(0 == mToken[0]) // token is zero
|
||||
return true;
|
||||
|
||||
return (0 != strncmp(token, mToken.data(), 16));
|
||||
}
|
||||
|
||||
bool isProtected(const char *clientIp) const {
|
||||
bool isProtected(const char *token, bool askedFromWeb) const { // token == clientIp
|
||||
if(mProtected)
|
||||
return true;
|
||||
|
||||
if(mPwd[0] == '\0')
|
||||
return false;
|
||||
|
||||
if(askedFromWeb) { // check IP address
|
||||
std::array<uint8_t, 4> ip;
|
||||
ah::ip2Arr(static_cast<uint8_t*>(ip.data()), clientIp);
|
||||
ah::ip2Arr(static_cast<uint8_t*>(ip.data()), token);
|
||||
for(uint8_t i = 0; i < 4; i++) {
|
||||
if(mLoginIp[i] != ip[i])
|
||||
return true;
|
||||
}
|
||||
} else { // API call - check token
|
||||
if(0 == mToken[0]) // token is zero
|
||||
return true;
|
||||
|
||||
return (0 != strncmp(token, mToken.data(), 16));
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -266,7 +266,7 @@ class RestApi {
|
|||
obj[F("modules")] = String(mApp->getVersionModules());
|
||||
obj[F("build")] = String(AUTO_GIT_HASH);
|
||||
obj[F("env")] = String(ENV_NAME);
|
||||
obj[F("menu_prot")] = mApp->isProtected(request->client()->remoteIP().toString().c_str());
|
||||
obj[F("menu_prot")] = mApp->isProtected(request->client()->remoteIP().toString().c_str(), true);
|
||||
obj[F("menu_mask")] = (uint16_t)(mConfig->sys.protectionMask );
|
||||
obj[F("menu_protEn")] = (bool) (mConfig->sys.adminPwd[0] != '\0');
|
||||
obj[F("cst_lnk")] = String(mConfig->plugin.customLink);
|
||||
|
|
@ -833,7 +833,7 @@ class RestApi {
|
|||
bool setCtrl(JsonObject jsonIn, JsonObject jsonOut, const char *clientIP) {
|
||||
if(F("auth") == jsonIn[F("cmd")]) {
|
||||
if(String(jsonIn["val"]) == String(mConfig->sys.adminPwd))
|
||||
jsonOut["token"] = mApp->unlock(clientIP);
|
||||
jsonOut["token"] = mApp->unlock(clientIP, false);
|
||||
else {
|
||||
jsonOut[F("error")] = F(AUTH_ERROR);
|
||||
return false;
|
||||
|
|
@ -841,20 +841,10 @@ class RestApi {
|
|||
return true;
|
||||
}
|
||||
|
||||
/*if(mConfig->sys.adminPwd[0] != '\0') { // check if admin password is set
|
||||
if(strncmp("*", clientIP, 1) != 0) { // no call from MqTT
|
||||
const char* token = jsonIn["token"];
|
||||
if(mApp->isProtected(clientIP, token)) {
|
||||
jsonOut[F("error")] = F(IS_PROTECTED);
|
||||
jsonOut[F("bla")] = String(token);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}*/
|
||||
|
||||
if(mConfig->sys.adminPwd[0] != '\0') { // check if admin password is set
|
||||
if(strncmp("*", clientIP, 1) != 0) { // no call from MqTT
|
||||
if(mApp->isProtected(clientIP)) {
|
||||
const char* token = jsonIn["token"];
|
||||
if(mApp->isProtected(token, false)) {
|
||||
jsonOut[F("error")] = F(IS_PROTECTED);
|
||||
return false;
|
||||
}
|
||||
|
|
@ -904,15 +894,15 @@ class RestApi {
|
|||
}
|
||||
|
||||
bool setSetup(JsonObject jsonIn, JsonObject jsonOut, const char *clientIP) {
|
||||
/*if(mConfig->sys.adminPwd[0] != '\0') { // check if admin password is set
|
||||
if(mConfig->sys.adminPwd[0] != '\0') { // check if admin password is set
|
||||
if(strncmp("*", clientIP, 1) != 0) { // no call from MqTT
|
||||
const char* token = jsonIn["token"];
|
||||
if(mApp->isProtected(clientIP, token)) {
|
||||
if(mApp->isProtected(token, false)) {
|
||||
jsonOut[F("error")] = F(IS_PROTECTED);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}*/
|
||||
}
|
||||
|
||||
#if !defined(ETHERNET)
|
||||
if(F("scan_wifi") == jsonIn[F("cmd")])
|
||||
|
|
|
|||
|
|
@ -227,7 +227,7 @@ class Web {
|
|||
}
|
||||
|
||||
void checkProtection(AsyncWebServerRequest *request) {
|
||||
if(mApp->isProtected(request->client()->remoteIP().toString().c_str())) {
|
||||
if(mApp->isProtected(request->client()->remoteIP().toString().c_str(), true)) {
|
||||
checkRedirect(request);
|
||||
return;
|
||||
}
|
||||
|
|
@ -314,7 +314,7 @@ class Web {
|
|||
|
||||
if (request->args() > 0) {
|
||||
if (String(request->arg("pwd")) == String(mConfig->sys.adminPwd)) {
|
||||
mApp->unlock(request->client()->remoteIP().toString().c_str());
|
||||
mApp->unlock(request->client()->remoteIP().toString().c_str(), true);
|
||||
request->redirect("/");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue