mirror of
https://github.com/lumapu/ahoy.git
synced 2025-04-29 18:26:21 +02:00
lumapu
parent
d5cecbb5b0
commit
a51a761215
6 changed files with 64 additions and 64 deletions
|
|
@ -350,7 +350,7 @@ build_flags = ${env.build_flags}
|
|||
-DDEF_LED1=17
|
||||
-DLED_ACTIVE_HIGH
|
||||
-DARDUINO_USB_MODE=1
|
||||
#-DARDUINO_USB_CDC_ON_BOOT=1
|
||||
-DARDUINO_USB_CDC_ON_BOOT=1
|
||||
monitor_filters =
|
||||
esp32_exception_decoder, colorize
|
||||
|
||||
|
|
|
|||
|
|
@ -33,8 +33,7 @@ class Protection {
|
|||
return mInstance;
|
||||
}
|
||||
|
||||
void tickSecond() {
|
||||
// auto logout
|
||||
void tickSecond() { // auto logout
|
||||
if(0 != mLogoutTimeout) {
|
||||
if (0 == --mLogoutTimeout) {
|
||||
if(mPwd[0] != '\0')
|
||||
|
|
@ -77,8 +76,10 @@ class Protection {
|
|||
if(askedFromWeb)
|
||||
return !isIdentical(clientIp, mWebIp);
|
||||
|
||||
// API call
|
||||
if(0 == mToken[0]) // token is zero, from WebUi (logged in)
|
||||
if(nullptr == token)
|
||||
return true;
|
||||
|
||||
if('*' == token[0]) // call from WebUI
|
||||
return !isIdentical(clientIp, mWebIp);
|
||||
|
||||
if(isIdentical(clientIp, mApiIp))
|
||||
|
|
@ -92,10 +93,9 @@ class Protection {
|
|||
mToken.fill(0);
|
||||
for(uint8_t i = 0; i < 16; i++) {
|
||||
mToken[i] = random(1, 35);
|
||||
if(mToken[i] < 10)
|
||||
mToken[i] += 0x30; // convert to ascii number 1-9 (zero isn't allowed)
|
||||
else
|
||||
mToken[i] += 0x37; // convert to ascii upper case character A-Z
|
||||
// convert to ascii number 1-9 (zero isn't allowed) or upper
|
||||
// case character A-Z
|
||||
mToken[i] += (mToken[i] < 10) ? 0x30 : 0x37;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -841,15 +841,8 @@ class RestApi {
|
|||
return true;
|
||||
}
|
||||
|
||||
if(mConfig->sys.adminPwd[0] != '\0') { // check if admin password is set
|
||||
if(strncmp("*", clientIP, 1) != 0) { // no call from MqTT
|
||||
const char* token = jsonIn["token"];
|
||||
if(mApp->isProtected(clientIP, token, false)) {
|
||||
jsonOut[F("error")] = F(IS_PROTECTED);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
if(isProtected(jsonIn, jsonOut, clientIP))
|
||||
return false;
|
||||
|
||||
Inverter<> *iv = mSys->getInverterByPos(jsonIn[F("id")]);
|
||||
bool accepted = true;
|
||||
|
|
@ -894,15 +887,8 @@ class RestApi {
|
|||
}
|
||||
|
||||
bool setSetup(JsonObject jsonIn, JsonObject jsonOut, const char *clientIP) {
|
||||
if(mConfig->sys.adminPwd[0] != '\0') { // check if admin password is set
|
||||
if(strncmp("*", clientIP, 1) != 0) { // no call from MqTT
|
||||
const char* token = jsonIn["token"];
|
||||
if(mApp->isProtected(clientIP, token, false)) {
|
||||
jsonOut[F("error")] = F(IS_PROTECTED);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
if(isProtected(jsonIn, jsonOut, clientIP))
|
||||
return false;
|
||||
|
||||
#if !defined(ETHERNET)
|
||||
if(F("scan_wifi") == jsonIn[F("cmd")])
|
||||
|
|
@ -951,6 +937,25 @@ class RestApi {
|
|||
return true;
|
||||
}
|
||||
|
||||
bool isProtected(JsonObject jsonIn, JsonObject jsonOut, const char *clientIP) {
|
||||
if(mConfig->sys.adminPwd[0] != '\0') { // check if admin password is set
|
||||
if(strncmp("*", clientIP, 1) != 0) { // no call from MqTT
|
||||
const char* token = nullptr;
|
||||
if(jsonIn.containsKey(F("token")))
|
||||
token = jsonIn["token"];
|
||||
|
||||
if(!mApp->isProtected(clientIP, token, false))
|
||||
return false;
|
||||
|
||||
jsonOut[F("error")] = F(IS_PROTECTED);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
private:
|
||||
IApp *mApp = nullptr;
|
||||
HMSYSTEM *mSys = nullptr;
|
||||
HmRadio<> *mRadioNrf = nullptr;
|
||||
|
|
|
|||
|
|
@ -41,27 +41,24 @@
|
|||
var release = null;
|
||||
|
||||
function apiCb(obj) {
|
||||
var e = document.getElementById("apiResult");
|
||||
var e = document.getElementById("apiResult")
|
||||
if(obj.success) {
|
||||
e.innerHTML = " {#COMMAND_EXE}";
|
||||
getAjax("/api/index", parse);
|
||||
}
|
||||
else
|
||||
e.innerHTML = " {#ERROR}: " + obj.error;
|
||||
e.innerHTML = " {#COMMAND_EXE}"
|
||||
getAjax("/api/index", parse)
|
||||
} else
|
||||
e.innerHTML = " {#ERROR}: " + obj.error
|
||||
}
|
||||
|
||||
function setTime() {
|
||||
var date = new Date();
|
||||
var obj = new Object();
|
||||
obj.cmd = "set_time";
|
||||
obj.val = parseInt(date.getTime() / 1000);
|
||||
getAjax("/api/setup", apiCb, "POST", JSON.stringify(obj));
|
||||
var date = new Date()
|
||||
var obj = {cmd: "set_time", token: "*", val: parseInt(date.getTime() / 1000)}
|
||||
getAjax("/api/setup", apiCb, "POST", JSON.stringify(obj))
|
||||
}
|
||||
|
||||
function parseGeneric(obj) {
|
||||
if(exeOnce)
|
||||
parseESP(obj);
|
||||
parseRssi(obj);
|
||||
parseESP(obj)
|
||||
parseRssi(obj)
|
||||
}
|
||||
|
||||
function parseSys(obj) {
|
||||
|
|
|
|||
|
|
@ -559,31 +559,26 @@
|
|||
}
|
||||
|
||||
function setTime() {
|
||||
var date = new Date();
|
||||
var obj = new Object();
|
||||
obj.cmd = "set_time";
|
||||
obj.val = parseInt(date.getTime() / 1000);
|
||||
getAjax("/api/setup", apiCbNtp, "POST", JSON.stringify(obj));
|
||||
setTimeout(function() {getAjax('/api/index', apiCbNtp2)}, 2000);
|
||||
var date = new Date()
|
||||
var obj = {cmd: "set_time", token: "*", val: parseInt(date.getTime() / 1000)}
|
||||
getAjax("/api/setup", apiCbNtp, "POST", JSON.stringify(obj))
|
||||
setTimeout(function() {getAjax('/api/index', apiCbNtp2)}, 2000)
|
||||
}
|
||||
|
||||
function scan() {
|
||||
var obj = new Object();
|
||||
obj.cmd = "scan_wifi";
|
||||
var obj = {cmd: "scan_wifi", token: "*"}
|
||||
getAjax("/api/setup", apiCbWifi, "POST", JSON.stringify(obj));
|
||||
setTimeout(function() {getAjax('/api/setup/networks', listNetworks)}, 5000);
|
||||
}
|
||||
|
||||
function syncTime() {
|
||||
var obj = new Object();
|
||||
obj.cmd = "sync_ntp";
|
||||
getAjax("/api/setup", apiCbNtp, "POST", JSON.stringify(obj));
|
||||
setTimeout(function() {getAjax('/api/index', apiCbNtp2)}, 2000);
|
||||
var obj = {cmd: "sync_ntp", token: "*"}
|
||||
getAjax("/api/setup", apiCbNtp, "POST", JSON.stringify(obj))
|
||||
setTimeout(function() {getAjax('/api/index', apiCbNtp2)}, 2000)
|
||||
}
|
||||
|
||||
function sendDiscoveryConfig() {
|
||||
var obj = new Object();
|
||||
obj.cmd = "discovery_cfg";
|
||||
var obj = {cmd: "discovery_cfg", token: "*"}
|
||||
getAjax("/api/setup", apiCbMqtt, "POST", JSON.stringify(obj));
|
||||
}
|
||||
|
||||
|
|
@ -837,8 +832,9 @@
|
|||
|
||||
function ivSave() {
|
||||
var o = new Object();
|
||||
o.cmd = "save_iv";
|
||||
o.id = obj.id;
|
||||
o.cmd = "save_iv"
|
||||
o.token = "*"
|
||||
o.id = obj.id
|
||||
o.ser = parseInt(document.getElementsByName("ser")[0].value, 16);
|
||||
o.name = document.getElementsByName("name")[0].value;
|
||||
o.en = document.getElementsByName("enable")[0].checked;
|
||||
|
|
|
|||
|
|
@ -454,18 +454,20 @@
|
|||
val = 100;
|
||||
|
||||
var obj = new Object();
|
||||
obj.id = id;
|
||||
obj.cmd = cmd;
|
||||
obj.val = Math.round(val*10);
|
||||
getAjax("/api/ctrl", ctrlCb, "POST", JSON.stringify(obj));
|
||||
obj.id = id
|
||||
obj.token = "*"
|
||||
obj.cmd = cmd
|
||||
obj.val = Math.round(val*10)
|
||||
getAjax("/api/ctrl", ctrlCb, "POST", JSON.stringify(obj))
|
||||
}
|
||||
|
||||
function applyCtrl(id, cmd, val=0) {
|
||||
var obj = new Object();
|
||||
obj.id = id;
|
||||
obj.cmd = cmd;
|
||||
obj.val = val;
|
||||
getAjax("/api/ctrl", ctrlCb2, "POST", JSON.stringify(obj));
|
||||
obj.id = id
|
||||
obj.token = "*"
|
||||
obj.cmd = cmd
|
||||
obj.val = val
|
||||
getAjax("/api/ctrl", ctrlCb2, "POST", JSON.stringify(obj))
|
||||
}
|
||||
|
||||
function ctrlCb(obj) {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue