mirror of
https://github.com/lumapu/ahoy.git
synced 2025-07-21 10:17:13 +02:00
lumapu
parent
d5cecbb5b0
commit
a51a761215
6 changed files with 64 additions and 64 deletions
|
|
@ -350,7 +350,7 @@ build_flags = ${env.build_flags}
|
||||||
-DDEF_LED1=17
|
-DDEF_LED1=17
|
||||||
-DLED_ACTIVE_HIGH
|
-DLED_ACTIVE_HIGH
|
||||||
-DARDUINO_USB_MODE=1
|
-DARDUINO_USB_MODE=1
|
||||||
#-DARDUINO_USB_CDC_ON_BOOT=1
|
-DARDUINO_USB_CDC_ON_BOOT=1
|
||||||
monitor_filters =
|
monitor_filters =
|
||||||
esp32_exception_decoder, colorize
|
esp32_exception_decoder, colorize
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -33,8 +33,7 @@ class Protection {
|
||||||
return mInstance;
|
return mInstance;
|
||||||
}
|
}
|
||||||
|
|
||||||
void tickSecond() {
|
void tickSecond() { // auto logout
|
||||||
// auto logout
|
|
||||||
if(0 != mLogoutTimeout) {
|
if(0 != mLogoutTimeout) {
|
||||||
if (0 == --mLogoutTimeout) {
|
if (0 == --mLogoutTimeout) {
|
||||||
if(mPwd[0] != '\0')
|
if(mPwd[0] != '\0')
|
||||||
|
|
@ -77,8 +76,10 @@ class Protection {
|
||||||
if(askedFromWeb)
|
if(askedFromWeb)
|
||||||
return !isIdentical(clientIp, mWebIp);
|
return !isIdentical(clientIp, mWebIp);
|
||||||
|
|
||||||
// API call
|
if(nullptr == token)
|
||||||
if(0 == mToken[0]) // token is zero, from WebUi (logged in)
|
return true;
|
||||||
|
|
||||||
|
if('*' == token[0]) // call from WebUI
|
||||||
return !isIdentical(clientIp, mWebIp);
|
return !isIdentical(clientIp, mWebIp);
|
||||||
|
|
||||||
if(isIdentical(clientIp, mApiIp))
|
if(isIdentical(clientIp, mApiIp))
|
||||||
|
|
@ -92,10 +93,9 @@ class Protection {
|
||||||
mToken.fill(0);
|
mToken.fill(0);
|
||||||
for(uint8_t i = 0; i < 16; i++) {
|
for(uint8_t i = 0; i < 16; i++) {
|
||||||
mToken[i] = random(1, 35);
|
mToken[i] = random(1, 35);
|
||||||
if(mToken[i] < 10)
|
// convert to ascii number 1-9 (zero isn't allowed) or upper
|
||||||
mToken[i] += 0x30; // convert to ascii number 1-9 (zero isn't allowed)
|
// case character A-Z
|
||||||
else
|
mToken[i] += (mToken[i] < 10) ? 0x30 : 0x37;
|
||||||
mToken[i] += 0x37; // convert to ascii upper case character A-Z
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -841,15 +841,8 @@ class RestApi {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(mConfig->sys.adminPwd[0] != '\0') { // check if admin password is set
|
if(isProtected(jsonIn, jsonOut, clientIP))
|
||||||
if(strncmp("*", clientIP, 1) != 0) { // no call from MqTT
|
return false;
|
||||||
const char* token = jsonIn["token"];
|
|
||||||
if(mApp->isProtected(clientIP, token, false)) {
|
|
||||||
jsonOut[F("error")] = F(IS_PROTECTED);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Inverter<> *iv = mSys->getInverterByPos(jsonIn[F("id")]);
|
Inverter<> *iv = mSys->getInverterByPos(jsonIn[F("id")]);
|
||||||
bool accepted = true;
|
bool accepted = true;
|
||||||
|
|
@ -894,15 +887,8 @@ class RestApi {
|
||||||
}
|
}
|
||||||
|
|
||||||
bool setSetup(JsonObject jsonIn, JsonObject jsonOut, const char *clientIP) {
|
bool setSetup(JsonObject jsonIn, JsonObject jsonOut, const char *clientIP) {
|
||||||
if(mConfig->sys.adminPwd[0] != '\0') { // check if admin password is set
|
if(isProtected(jsonIn, jsonOut, clientIP))
|
||||||
if(strncmp("*", clientIP, 1) != 0) { // no call from MqTT
|
return false;
|
||||||
const char* token = jsonIn["token"];
|
|
||||||
if(mApp->isProtected(clientIP, token, false)) {
|
|
||||||
jsonOut[F("error")] = F(IS_PROTECTED);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#if !defined(ETHERNET)
|
#if !defined(ETHERNET)
|
||||||
if(F("scan_wifi") == jsonIn[F("cmd")])
|
if(F("scan_wifi") == jsonIn[F("cmd")])
|
||||||
|
|
@ -951,6 +937,25 @@ class RestApi {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool isProtected(JsonObject jsonIn, JsonObject jsonOut, const char *clientIP) {
|
||||||
|
if(mConfig->sys.adminPwd[0] != '\0') { // check if admin password is set
|
||||||
|
if(strncmp("*", clientIP, 1) != 0) { // no call from MqTT
|
||||||
|
const char* token = nullptr;
|
||||||
|
if(jsonIn.containsKey(F("token")))
|
||||||
|
token = jsonIn["token"];
|
||||||
|
|
||||||
|
if(!mApp->isProtected(clientIP, token, false))
|
||||||
|
return false;
|
||||||
|
|
||||||
|
jsonOut[F("error")] = F(IS_PROTECTED);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
private:
|
||||||
IApp *mApp = nullptr;
|
IApp *mApp = nullptr;
|
||||||
HMSYSTEM *mSys = nullptr;
|
HMSYSTEM *mSys = nullptr;
|
||||||
HmRadio<> *mRadioNrf = nullptr;
|
HmRadio<> *mRadioNrf = nullptr;
|
||||||
|
|
|
||||||
|
|
@ -41,27 +41,24 @@
|
||||||
var release = null;
|
var release = null;
|
||||||
|
|
||||||
function apiCb(obj) {
|
function apiCb(obj) {
|
||||||
var e = document.getElementById("apiResult");
|
var e = document.getElementById("apiResult")
|
||||||
if(obj.success) {
|
if(obj.success) {
|
||||||
e.innerHTML = " {#COMMAND_EXE}";
|
e.innerHTML = " {#COMMAND_EXE}"
|
||||||
getAjax("/api/index", parse);
|
getAjax("/api/index", parse)
|
||||||
}
|
} else
|
||||||
else
|
e.innerHTML = " {#ERROR}: " + obj.error
|
||||||
e.innerHTML = " {#ERROR}: " + obj.error;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function setTime() {
|
function setTime() {
|
||||||
var date = new Date();
|
var date = new Date()
|
||||||
var obj = new Object();
|
var obj = {cmd: "set_time", token: "*", val: parseInt(date.getTime() / 1000)}
|
||||||
obj.cmd = "set_time";
|
getAjax("/api/setup", apiCb, "POST", JSON.stringify(obj))
|
||||||
obj.val = parseInt(date.getTime() / 1000);
|
|
||||||
getAjax("/api/setup", apiCb, "POST", JSON.stringify(obj));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function parseGeneric(obj) {
|
function parseGeneric(obj) {
|
||||||
if(exeOnce)
|
if(exeOnce)
|
||||||
parseESP(obj);
|
parseESP(obj)
|
||||||
parseRssi(obj);
|
parseRssi(obj)
|
||||||
}
|
}
|
||||||
|
|
||||||
function parseSys(obj) {
|
function parseSys(obj) {
|
||||||
|
|
|
||||||
|
|
@ -559,31 +559,26 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
function setTime() {
|
function setTime() {
|
||||||
var date = new Date();
|
var date = new Date()
|
||||||
var obj = new Object();
|
var obj = {cmd: "set_time", token: "*", val: parseInt(date.getTime() / 1000)}
|
||||||
obj.cmd = "set_time";
|
getAjax("/api/setup", apiCbNtp, "POST", JSON.stringify(obj))
|
||||||
obj.val = parseInt(date.getTime() / 1000);
|
setTimeout(function() {getAjax('/api/index', apiCbNtp2)}, 2000)
|
||||||
getAjax("/api/setup", apiCbNtp, "POST", JSON.stringify(obj));
|
|
||||||
setTimeout(function() {getAjax('/api/index', apiCbNtp2)}, 2000);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function scan() {
|
function scan() {
|
||||||
var obj = new Object();
|
var obj = {cmd: "scan_wifi", token: "*"}
|
||||||
obj.cmd = "scan_wifi";
|
|
||||||
getAjax("/api/setup", apiCbWifi, "POST", JSON.stringify(obj));
|
getAjax("/api/setup", apiCbWifi, "POST", JSON.stringify(obj));
|
||||||
setTimeout(function() {getAjax('/api/setup/networks', listNetworks)}, 5000);
|
setTimeout(function() {getAjax('/api/setup/networks', listNetworks)}, 5000);
|
||||||
}
|
}
|
||||||
|
|
||||||
function syncTime() {
|
function syncTime() {
|
||||||
var obj = new Object();
|
var obj = {cmd: "sync_ntp", token: "*"}
|
||||||
obj.cmd = "sync_ntp";
|
getAjax("/api/setup", apiCbNtp, "POST", JSON.stringify(obj))
|
||||||
getAjax("/api/setup", apiCbNtp, "POST", JSON.stringify(obj));
|
setTimeout(function() {getAjax('/api/index', apiCbNtp2)}, 2000)
|
||||||
setTimeout(function() {getAjax('/api/index', apiCbNtp2)}, 2000);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function sendDiscoveryConfig() {
|
function sendDiscoveryConfig() {
|
||||||
var obj = new Object();
|
var obj = {cmd: "discovery_cfg", token: "*"}
|
||||||
obj.cmd = "discovery_cfg";
|
|
||||||
getAjax("/api/setup", apiCbMqtt, "POST", JSON.stringify(obj));
|
getAjax("/api/setup", apiCbMqtt, "POST", JSON.stringify(obj));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -837,8 +832,9 @@
|
||||||
|
|
||||||
function ivSave() {
|
function ivSave() {
|
||||||
var o = new Object();
|
var o = new Object();
|
||||||
o.cmd = "save_iv";
|
o.cmd = "save_iv"
|
||||||
o.id = obj.id;
|
o.token = "*"
|
||||||
|
o.id = obj.id
|
||||||
o.ser = parseInt(document.getElementsByName("ser")[0].value, 16);
|
o.ser = parseInt(document.getElementsByName("ser")[0].value, 16);
|
||||||
o.name = document.getElementsByName("name")[0].value;
|
o.name = document.getElementsByName("name")[0].value;
|
||||||
o.en = document.getElementsByName("enable")[0].checked;
|
o.en = document.getElementsByName("enable")[0].checked;
|
||||||
|
|
|
||||||
|
|
@ -454,18 +454,20 @@
|
||||||
val = 100;
|
val = 100;
|
||||||
|
|
||||||
var obj = new Object();
|
var obj = new Object();
|
||||||
obj.id = id;
|
obj.id = id
|
||||||
obj.cmd = cmd;
|
obj.token = "*"
|
||||||
obj.val = Math.round(val*10);
|
obj.cmd = cmd
|
||||||
getAjax("/api/ctrl", ctrlCb, "POST", JSON.stringify(obj));
|
obj.val = Math.round(val*10)
|
||||||
|
getAjax("/api/ctrl", ctrlCb, "POST", JSON.stringify(obj))
|
||||||
}
|
}
|
||||||
|
|
||||||
function applyCtrl(id, cmd, val=0) {
|
function applyCtrl(id, cmd, val=0) {
|
||||||
var obj = new Object();
|
var obj = new Object();
|
||||||
obj.id = id;
|
obj.id = id
|
||||||
obj.cmd = cmd;
|
obj.token = "*"
|
||||||
obj.val = val;
|
obj.cmd = cmd
|
||||||
getAjax("/api/ctrl", ctrlCb2, "POST", JSON.stringify(obj));
|
obj.val = val
|
||||||
|
getAjax("/api/ctrl", ctrlCb2, "POST", JSON.stringify(obj))
|
||||||
}
|
}
|
||||||
|
|
||||||
function ctrlCb(obj) {
|
function ctrlCb(obj) {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue