mh
/
mhsw-espurna
1
0
Fork 0
Code Releases 0 Activity
Fork of the espurna firmware for `mhsw` switches
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2756 Commits
18 Branches
212 MiB
Tree: 437424aaac
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '437424aaac'
${ noResults }
mhsw-espurna/code/espurna/web.ino

496 lines
14 KiB
Raw Normal View History

Complete update
8 years ago
[copyright-update] Update for 2019
5 years ago
Complete update
8 years ago
Option to build without web server support
7 years ago
Migrated to AsyncWebServer, AsyncWebSocket and AsyncMqttClient
8 years ago
First power.ino module
7 years ago
Added basic authetication and CSRF check to websocket requests
8 years ago
Complete update
8 years ago
Further renaming
7 years ago
Pre-build the different available WebUI images
6 years ago
Initial support for RFM69GW board
6 years ago
Use full web UI image if device has more than one webui module (#981)
6 years ago
Initial support for RFM69GW board
6 years ago
Use full web UI image if device has more than one webui module (#981)
6 years ago
Initial support for RFM69GW board
6 years ago
Use full web UI image if device has more than one webui module (#981)
6 years ago
Initial support for RFM69GW board
6 years ago
Use full web UI image if device has more than one webui module (#981)
6 years ago
Initial support for RFM69GW board
6 years ago
UI for LightFox
5 years ago
Fix conflicts: 1. Add thermostat to the espurna_modules in progmem.h 2. Add thermostat to webui, gulp, html, js. 3. in general.h MQTT_USE_JSON returned to 0 by default and 1 if thermostat enabled.
5 years ago
Initial support for RFM69GW board
6 years ago
Use full web UI image if device has more than one webui module (#981)
6 years ago
Pre-build the different available WebUI images
6 years ago
Option to build without NTP support
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
Small changes in config variables
7 years ago
HTTPS disabled by default
7 years ago
Option to build without NTP support
7 years ago
Testing web interface over SSL
7 years ago
Option to build without web server support
7 years ago
Option to change the port the embedded webserver is listening to, defaults to 80
7 years ago
Option to build without web server support
7 years ago
Restore settings & reset via HTTP
7 years ago
Complete update
8 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Test support for upcoming fauxmoESP 3.1.0
6 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Option to build without web server support
7 years ago
Split web code into web, ws and api
7 years ago
Option to build without web server support
7 years ago
Restore settings & reset via HTTP
7 years ago
Enable CORS
6 years ago
Backup and restore settings from file
7 years ago
Split web code into web, ws and api
7 years ago
Fix telnet & web debug responsiveness (#896)
6 years ago
Backup and restore settings from file
7 years ago
Pretty print config backup json
6 years ago
Backup and restore settings from file
7 years ago
Fix bug using snprintf
7 years ago
Backup and restore settings from file
7 years ago
Added security headers for each HTTP response
6 years ago
Dump settings line by line to prevent memory issues (#896)
6 years ago
Fix crash on loading malformed settings, option to load partial configuration
6 years ago
Adding /api and /apis to API request callback
6 years ago
Dump settings line by line to prevent memory issues (#896)
6 years ago
Fix crash on loading malformed settings, option to load partial configuration
6 years ago
Dump settings line by line to prevent memory issues (#896)
6 years ago
Backup and restore settings from file
7 years ago
Restore settings & reset via HTTP
7 years ago
Fix telnet & web debug responsiveness (#896)
6 years ago
Restore settings & reset via HTTP
7 years ago
Web OTA: check authentication result before accepting payload (#1812)
5 years ago
Restore settings & reset via HTTP
7 years ago
Refactor settings module, added settingsCommandRegister
6 years ago
Restore settings & reset via HTTP
7 years ago
Refactor settings module, added settingsCommandRegister
6 years ago
Restore settings & reset via HTTP
7 years ago
Further renaming
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
Using gulp to generate the embedded web contents, added Last-Modifier support to embedded home
7 years ago
Split web code into web, ws and api
7 years ago
Fix telnet & web debug responsiveness (#896)
6 years ago
Using gulp to generate the embedded web contents, added Last-Modifier support to embedded home
7 years ago
Chunked response for SSL requests
7 years ago
WTF - ESP.getFreeHeap crashing the system for an specific light bulb...
7 years ago
Chunked response for SSL requests
7 years ago
Pre-build the different available WebUI images
6 years ago
Chunked response for SSL requests
7 years ago
Pre-build the different available WebUI images
6 years ago
Chunked response for SSL requests
7 years ago
Pre-build the different available WebUI images
6 years ago
Chunked response for SSL requests
7 years ago
Pre-build the different available WebUI images
6 years ago
Chunked response for SSL requests
7 years ago
Using gulp to generate the embedded web contents, added Last-Modifier support to embedded home
7 years ago
Update web.ino tabs to spaces for consistency
6 years ago
Using gulp to generate the embedded web contents, added Last-Modifier support to embedded home
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
Small changes in config variables
7 years ago
Added code for SSL certificate reading from SPIFFS
7 years ago
Testing web interface over SSL
7 years ago
Small changes in config variables
7 years ago
Added code for SSL certificate reading from SPIFFS
7 years ago
HTTPS disabled by default
7 years ago
Testing web interface over SSL
7 years ago
HTTPS disabled by default
7 years ago
Testing web interface over SSL
7 years ago
HTTPS disabled by default
7 years ago
Testing web interface over SSL
7 years ago
HTTPS disabled by default
7 years ago
Testing web interface over SSL
7 years ago
Added code for SSL certificate reading from SPIFFS
7 years ago
Testing web interface over SSL
7 years ago
Added code for SSL certificate reading from SPIFFS
7 years ago
Testing web interface over SSL
7 years ago
Upgrade form and handle code
7 years ago
Add Update error number to error message in web UI
7 years ago
Split web code into web, ws and api
7 years ago
Fix telnet & web debug responsiveness (#896)
6 years ago
Simplify and fix web auth code (#284)
7 years ago
Add Update error number to error message in web UI
7 years ago
Wrong messages when upgrading from web UI
7 years ago
Add Update error number to error message in web UI
7 years ago
Upgrade form and handle code
7 years ago
Added security headers for each HTTP response
6 years ago
Update EEPROM_Rotate to 0.9.1 and use rotate(false) before OTA
6 years ago
Unify reset calls
7 years ago
Do not restart after failed web upgrade
7 years ago
Small changes in reset delays after web upgrade
7 years ago
Add Update error number to error message in web UI
7 years ago
Upgrade form and handle code
7 years ago
Web OTA: check authentication result before accepting payload (#1812)
5 years ago
Update API, backup EEPROM to last sector before OTA upgrades
6 years ago
Upgrade form and handle code
7 years ago
Update API, backup EEPROM to last sector before OTA upgrades
6 years ago
Update EEPROM_Rotate to 0.9.1 and use rotate(false) before OTA
6 years ago
Update API, backup EEPROM to last sector before OTA upgrades
6 years ago
Upgrade form and handle code
7 years ago
Fix references to Serial
7 years ago
Upgrade form and handle code
7 years ago
Update API, backup EEPROM to last sector before OTA upgrades
6 years ago
Upgrade form and handle code
7 years ago
Update API, backup EEPROM to last sector before OTA upgrades
6 years ago
Upgrade form and handle code
7 years ago
Fix references to Serial
7 years ago
Upgrade form and handle code
7 years ago
Update API, backup EEPROM to last sector before OTA upgrades
6 years ago
Upgrade form and handle code
7 years ago
Fix references to Serial
7 years ago
Upgrade form and handle code
7 years ago
Avoid websocket ping back on fw upgrade via web UI form (#1574)
5 years ago
Upgrade form and handle code
7 years ago
Close connection in notFound callback (#1768) * Close connection in notFound callback * Add early check of AP mode
5 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Close connection in notFound callback (#1768) * Close connection in notFound callback * Add early check of AP mode
5 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Close connection in notFound callback (#1768) * Close connection in notFound callback * Add early check of AP mode
5 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Close connection in notFound callback (#1768) * Close connection in notFound callback * Add early check of AP mode
5 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Test support for upcoming fauxmoESP 3.1.0
6 years ago
Close connection in notFound callback (#1768) * Close connection in notFound callback * Add early check of AP mode
5 years ago
Test support for upcoming fauxmoESP 3.1.0
6 years ago
Close connection in notFound callback (#1768) * Close connection in notFound callback * Add early check of AP mode
5 years ago
Test support for upcoming fauxmoESP 3.1.0
6 years ago
Option to build without web server support
7 years ago
Revert WS to ticket-based authentication
6 years ago
Build option to disable password check (USE_PASSWORD). Password check is enabled by default. Use at your own risk (#373)
6 years ago
Added password check to telnet
6 years ago
Build option to disable password check (USE_PASSWORD). Password check is enabled by default. Use at your own risk (#373)
6 years ago
Split web code into web, ws and api
7 years ago
Test support for upcoming fauxmoESP 3.1.0
6 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
SSDP working
6 years ago
Split web code into web, ws and api
7 years ago
Migrated to AsyncWebServer, AsyncWebSocket and AsyncMqttClient
8 years ago
Option to build without web server support
7 years ago
Fix bug using snprintf
7 years ago
Option to build without web server support
7 years ago
Option to change the port the embedded webserver is listening to, defaults to 80
7 years ago
SSDP working
6 years ago
Testing web interface over SSL
7 years ago
Option to change the port the embedded webserver is listening to, defaults to 80
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
* Support for ITead's Sonoff Dual * Support for Electrodragon's ESP Relay Board * Support for multi-relay boards * Changed relay MQTT topics * Changed relay API entry points * Removed non-secure api entry points
8 years ago
Further renaming
7 years ago
Using gulp to generate the embedded web contents, added Last-Modifier support to embedded home
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
Adding /api and /apis to API request callback
6 years ago
Restore settings & reset via HTTP
7 years ago
Backup and restore settings from file
7 years ago
Restore settings & reset via HTTP
7 years ago
Web OTA: check authentication result before accepting payload (#1812)
5 years ago
Enable CORS
6 years ago
Bring back HTTP relay entry points
8 years ago
Migrated to AsyncWebServer, AsyncWebSocket and AsyncMqttClient
8 years ago
Refactoring build flag names
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
Using gulp to generate the embedded web contents, added Last-Modifier support to embedded home
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
Split web code into web, ws and api
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
Added EEPROM management commands to terminal interface
8 years ago
Test support for upcoming fauxmoESP 3.1.0
6 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Test support for upcoming fauxmoESP 3.1.0
6 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Migrated to AsyncWebServer, AsyncWebSocket and AsyncMqttClient
8 years ago
Small changes in config variables
7 years ago
SSDP working
6 years ago
Testing web interface over SSL
7 years ago
SSDP working
6 years ago
Testing web interface over SSL
7 years ago
Added password check to telnet
6 years ago
SSDP working
6 years ago
Complete update
8 years ago
Option to build without web server support
7 years ago
 
  1. /*

  2. 

  3. WEBSERVER MODULE
  4. 

  5. Copyright (C) 2016-2019 by Xose Pérez <xose dot perez at gmail dot com>
  6. 

  7. */
  8. 

  9. #if WEB_SUPPORT

  10. 

  11. #include <ESPAsyncTCP.h>

  12. #include <ESPAsyncWebServer.h>

  13. #include <Hash.h>

  14. #include <FS.h>

  15. #include <AsyncJson.h>

  16. #include <ArduinoJson.h>

  17. 

  18. #if WEB_EMBEDDED

  19. 

  20. #if WEBUI_IMAGE == WEBUI_IMAGE_SMALL

  21.     #include "static/index.small.html.gz.h"

  22. #elif WEBUI_IMAGE == WEBUI_IMAGE_LIGHT

  23.     #include "static/index.light.html.gz.h"

  24. #elif WEBUI_IMAGE == WEBUI_IMAGE_SENSOR

  25.     #include "static/index.sensor.html.gz.h"

  26. #elif WEBUI_IMAGE == WEBUI_IMAGE_RFBRIDGE

  27.     #include "static/index.rfbridge.html.gz.h"

  28. #elif WEBUI_IMAGE == WEBUI_IMAGE_RFM69

  29.     #include "static/index.rfm69.html.gz.h"

  30. #elif WEBUI_IMAGE == WEBUI_IMAGE_LIGHTFOX

  31.     #include "static/index.lightfox.html.gz.h"

  32. #elif WEBUI_IMAGE == WEBUI_IMAGE_THERMOSTAT

  33.     #include "static/index.thermostat.html.gz.h"

  34. #elif WEBUI_IMAGE == WEBUI_IMAGE_FULL

  35.     #include "static/index.all.html.gz.h"

  36. #endif

  37. 

  38. #endif // WEB_EMBEDDED

  39. 

  40. #if ASYNC_TCP_SSL_ENABLED & WEB_SSL_ENABLED

  41. #include "static/server.cer.h"

  42. #include "static/server.key.h"

  43. #endif // ASYNC_TCP_SSL_ENABLED & WEB_SSL_ENABLED

  44. 

  45. // -----------------------------------------------------------------------------

  46. 

  47. AsyncWebServer * _server;
  48. char _last_modified[50];
  49. std::vector<uint8_t> * _webConfigBuffer;
  50. bool _webConfigSuccess = false;
  51. 

  52. std::vector<web_request_callback_f> _web_request_callbacks;
  53. std::vector<web_body_callback_f> _web_body_callbacks;
  54. 

  55. // -----------------------------------------------------------------------------

  56. // HOOKS

  57. // -----------------------------------------------------------------------------

  58. 

  59. void _onReset(AsyncWebServerRequest *request) {
  60.     deferredReset(100, CUSTOM_RESET_HTTP);
  61.     request->send(200);
  62. }
  63. 

  64. void _onDiscover(AsyncWebServerRequest *request) {
  65. 

  66.     webLog(request);
  67. 

  68.     AsyncResponseStream *response = request->beginResponseStream("text/json");
  69. 

  70.     DynamicJsonBuffer jsonBuffer;
  71.     JsonObject &root = jsonBuffer.createObject();
  72.     root["app"] = APP_NAME;
  73.     root["version"] = APP_VERSION;
  74.     root["hostname"] = getSetting("hostname");
  75.     root["device"] = getBoardName();
  76.     root.printTo(*response);
  77. 

  78.     request->send(response);
  79. 

  80. }
  81. 

  82. void _onGetConfig(AsyncWebServerRequest *request) {
  83. 

  84.     webLog(request);
  85.     if (!webAuthenticate(request)) {
  86.         return request->requestAuthentication(getSetting("hostname").c_str());
  87.     }
  88. 

  89.     AsyncResponseStream *response = request->beginResponseStream("text/json");
  90. 

  91.     char buffer[100];
  92.     snprintf_P(buffer, sizeof(buffer), PSTR("attachment; filename=\"%s-backup.json\""), (char *) getSetting("hostname").c_str());
  93.     response->addHeader("Content-Disposition", buffer);
  94.     response->addHeader("X-XSS-Protection", "1; mode=block");
  95.     response->addHeader("X-Content-Type-Options", "nosniff");
  96.     response->addHeader("X-Frame-Options", "deny");
  97. 

  98.     response->printf("{\n\"app\": \"%s\"", APP_NAME);
  99.     response->printf(",\n\"version\": \"%s\"", APP_VERSION);
  100.     response->printf(",\n\"backup\": \"1\"");
  101.     #if NTP_SUPPORT

  102.         response->printf(",\n\"timestamp\": \"%s\"", ntpDateTime().c_str());
  103.     #endif

  104. 

  105.     // Write the keys line by line (not sorted)

  106.     unsigned long count = settingsKeyCount();
  107.     for (unsigned int i=0; i<count; i++) {
  108.         String key = settingsKeyName(i);
  109.         String value = getSetting(key);
  110.         response->printf(",\n\"%s\": \"%s\"", key.c_str(), value.c_str());
  111.     }
  112.     response->printf("\n}");
  113. 

  114.     request->send(response);
  115. 

  116. }
  117. 

  118. void _onPostConfig(AsyncWebServerRequest *request) {
  119.     webLog(request);
  120.     if (!webAuthenticate(request)) {
  121.         return request->requestAuthentication(getSetting("hostname").c_str());
  122.     }
  123.     request->send(_webConfigSuccess ? 200 : 400);
  124. }
  125. 

  126. void _onPostConfigData(AsyncWebServerRequest *request, String filename, size_t index, uint8_t *data, size_t len, bool final) {
  127. 

  128.     if (!webAuthenticate(request)) {
  129.         return request->requestAuthentication(getSetting("hostname").c_str());
  130.     }
  131. 

  132.     // No buffer

  133.     if (final && (index == 0)) {
  134.         DynamicJsonBuffer jsonBuffer;
  135.         JsonObject& root = jsonBuffer.parseObject((char *) data);
  136.         if (root.success()) _webConfigSuccess = settingsRestoreJson(root);
  137.         return;
  138.     }
  139. 

  140.     // Buffer start => reset

  141.     if (index == 0) if (_webConfigBuffer) delete _webConfigBuffer;
  142. 

  143.     // init buffer if it doesn't exist

  144.     if (!_webConfigBuffer) {
  145.         _webConfigBuffer = new std::vector<uint8_t>();
  146.         _webConfigSuccess = false;
  147.     }
  148. 

  149.     // Copy

  150.     if (len > 0) {
  151.         _webConfigBuffer->reserve(_webConfigBuffer->size() + len);
  152.         _webConfigBuffer->insert(_webConfigBuffer->end(), data, data + len);
  153.     }
  154. 

  155.     // Ending

  156.     if (final) {
  157. 

  158.         _webConfigBuffer->push_back(0);
  159. 

  160.         // Parse JSON

  161.         DynamicJsonBuffer jsonBuffer;
  162.         JsonObject& root = jsonBuffer.parseObject((char *) _webConfigBuffer->data());
  163.         if (root.success()) _webConfigSuccess = settingsRestoreJson(root);
  164.         delete _webConfigBuffer;
  165. 

  166.     }
  167. 

  168. }
  169. 

  170. #if WEB_EMBEDDED

  171. void _onHome(AsyncWebServerRequest *request) {
  172. 

  173.     webLog(request);
  174.     if (!webAuthenticate(request)) {
  175.         return request->requestAuthentication(getSetting("hostname").c_str());
  176.     }
  177. 

  178.     if (request->header("If-Modified-Since").equals(_last_modified)) {
  179. 

  180.         request->send(304);
  181. 

  182.     } else {
  183. 

  184.         #if ASYNC_TCP_SSL_ENABLED

  185. 

  186.             // Chunked response, we calculate the chunks based on free heap (in multiples of 32)

  187.             // This is necessary when a TLS connection is open since it sucks too much memory

  188.             DEBUG_MSG_P(PSTR("[MAIN] Free heap: %d bytes\n"), getFreeHeap());
  189.             size_t max = (getFreeHeap() / 3) & 0xFFE0;
  190. 

  191.             AsyncWebServerResponse *response = request->beginChunkedResponse("text/html", [max](uint8_t *buffer, size_t maxLen, size_t index) -> size_t {
  192. 

  193.                 // Get the chunk based on the index and maxLen

  194.                 size_t len = webui_image_len - index;
  195.                 if (len > maxLen) len = maxLen;
  196.                 if (len > max) len = max;
  197.                 if (len > 0) memcpy_P(buffer, webui_image + index, len);
  198. 

  199.                 DEBUG_MSG_P(PSTR("[WEB] Sending %d%%%% (max chunk size: %4d)\r"), int(100 * index / webui_image_len), max);
  200.                 if (len == 0) DEBUG_MSG_P(PSTR("\n"));
  201. 

  202.                 // Return the actual length of the chunk (0 for end of file)

  203.                 return len;
  204. 

  205.             });
  206. 

  207.         #else

  208. 

  209.             AsyncWebServerResponse *response = request->beginResponse_P(200, "text/html", webui_image, webui_image_len);
  210. 

  211.         #endif

  212. 

  213.         response->addHeader("Content-Encoding", "gzip");
  214.         response->addHeader("Last-Modified", _last_modified);
  215.         response->addHeader("X-XSS-Protection", "1; mode=block");
  216.         response->addHeader("X-Content-Type-Options", "nosniff");
  217.         response->addHeader("X-Frame-Options", "deny");
  218.         request->send(response);
  219. 

  220.     }
  221. 

  222. }
  223. #endif

  224. 

  225. #if ASYNC_TCP_SSL_ENABLED & WEB_SSL_ENABLED

  226. 

  227. int _onCertificate(void * arg, const char *filename, uint8_t **buf) {
  228. 

  229. #if WEB_EMBEDDED

  230. 

  231.     if (strcmp(filename, "server.cer") == 0) {
  232.         uint8_t * nbuf = (uint8_t*) malloc(server_cer_len);
  233.         memcpy_P(nbuf, server_cer, server_cer_len);
  234.         *buf = nbuf;
  235.         DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - OK\n"), filename);
  236.         return server_cer_len;
  237.     }
  238. 

  239.     if (strcmp(filename, "server.key") == 0) {
  240.         uint8_t * nbuf = (uint8_t*) malloc(server_key_len);
  241.         memcpy_P(nbuf, server_key, server_key_len);
  242.         *buf = nbuf;
  243.         DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - OK\n"), filename);
  244.         return server_key_len;
  245.     }
  246. 

  247.     DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - ERROR\n"), filename);
  248.     *buf = 0;
  249.     return 0;
  250. 

  251. #else

  252. 

  253.     File file = SPIFFS.open(filename, "r");
  254.     if (file) {
  255.         size_t size = file.size();
  256.         uint8_t * nbuf = (uint8_t*) malloc(size);
  257.         if (nbuf) {
  258.             size = file.read(nbuf, size);
  259.             file.close();
  260.             *buf = nbuf;
  261.             DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - OK\n"), filename);
  262.             return size;
  263.         }
  264.         file.close();
  265.     }
  266.     DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - ERROR\n"), filename);
  267.     *buf = 0;
  268.     return 0;
  269. 

  270. #endif

  271. 

  272. }
  273. 

  274. #endif

  275. 

  276. void _onUpgrade(AsyncWebServerRequest *request) {
  277. 

  278.     webLog(request);
  279.     if (!webAuthenticate(request)) {
  280.         return request->requestAuthentication(getSetting("hostname").c_str());
  281.     }
  282. 

  283.     char buffer[10];
  284.     if (!Update.hasError()) {
  285.         sprintf_P(buffer, PSTR("OK"));
  286.     } else {
  287.         sprintf_P(buffer, PSTR("ERROR %d"), Update.getError());
  288.     }
  289. 

  290.     AsyncWebServerResponse *response = request->beginResponse(200, "text/plain", buffer);
  291.     response->addHeader("Connection", "close");
  292.     response->addHeader("X-XSS-Protection", "1; mode=block");
  293.     response->addHeader("X-Content-Type-Options", "nosniff");
  294.     response->addHeader("X-Frame-Options", "deny");
  295.     if (Update.hasError()) {
  296.         eepromRotate(true);
  297.     } else {
  298.         deferredReset(100, CUSTOM_RESET_UPGRADE);
  299.     }
  300.     request->send(response);
  301. 

  302. }
  303. 

  304. void _onUpgradeFile(AsyncWebServerRequest *request, String filename, size_t index, uint8_t *data, size_t len, bool final) {
  305. 

  306.     if (!webAuthenticate(request)) {
  307.         return request->requestAuthentication(getSetting("hostname").c_str());
  308.     }
  309. 

  310.     if (!index) {
  311. 

  312.         // Disabling EEPROM rotation to prevent writing to EEPROM after the upgrade

  313.         eepromRotate(false);
  314. 

  315.         DEBUG_MSG_P(PSTR("[UPGRADE] Start: %s\n"), filename.c_str());
  316.         Update.runAsync(true);
  317.         if (!Update.begin((ESP.getFreeSketchSpace() - 0x1000) & 0xFFFFF000)) {
  318.             #ifdef DEBUG_PORT

  319.                 Update.printError(DEBUG_PORT);
  320.             #endif

  321.         }
  322. 

  323.     }
  324. 

  325.     if (!Update.hasError()) {
  326.         if (Update.write(data, len) != len) {
  327.             #ifdef DEBUG_PORT

  328.                 Update.printError(DEBUG_PORT);
  329.             #endif

  330.         }
  331.     }
  332. 

  333.     if (final) {
  334.         if (Update.end(true)){
  335.             DEBUG_MSG_P(PSTR("[UPGRADE] Success:  %u bytes\n"), index + len);
  336.         } else {
  337.             #ifdef DEBUG_PORT

  338.                 Update.printError(DEBUG_PORT);
  339.             #endif

  340.         }
  341.     } else {
  342.         //Removed to avoid websocket ping back during upgrade (see #1574)

  343.         //DEBUG_MSG_P(PSTR("[UPGRADE] Progress: %u bytes\r"), index + len);

  344.     }
  345. }
  346. 

  347. bool _onAPModeRequest(AsyncWebServerRequest *request) {
  348. 

  349.     if ((WiFi.getMode() & WIFI_AP) > 0) {
  350.         const String domain = getSetting("hostname") + ".";
  351.         const String host = request->header("Host");
  352.         const String ip = WiFi.softAPIP().toString();
  353. 

  354.         // Only allow requests that use our hostname or ip

  355.         if (host.equals(ip)) return true;
  356.         if (host.startsWith(domain)) return true;
  357. 

  358.         // Immediatly close the connection, ref: https://github.com/xoseperez/espurna/issues/1660

  359.         // Not doing so will cause memory exhaustion, because the connection will linger

  360.         request->send(404);
  361.         request->client()->close();
  362. 

  363.         return false;
  364.     }
  365. 

  366.     return true;
  367. 

  368. }
  369. 

  370. void _onRequest(AsyncWebServerRequest *request){
  371. 

  372.     if (!_onAPModeRequest(request)) return;
  373. 

  374.     // Send request to subscribers

  375.     for (unsigned char i = 0; i < _web_request_callbacks.size(); i++) {
  376.         bool response = (_web_request_callbacks[i])(request);
  377.         if (response) return;
  378.     }
  379. 

  380.     // No subscriber handled the request, return a 404 with implicit "Connection: close"

  381.     request->send(404);
  382. 

  383.     // And immediatly close the connection, ref: https://github.com/xoseperez/espurna/issues/1660

  384.     // Not doing so will cause memory exhaustion, because the connection will linger

  385.     request->client()->close();
  386. 

  387. }
  388. 

  389. void _onBody(AsyncWebServerRequest *request, uint8_t *data, size_t len, size_t index, size_t total) {
  390. 

  391.     if (!_onAPModeRequest(request)) return;
  392. 

  393.     // Send request to subscribers

  394.     for (unsigned char i = 0; i < _web_body_callbacks.size(); i++) {
  395.         bool response = (_web_body_callbacks[i])(request, data, len, index, total);
  396.         if (response) return;
  397.     }
  398. 

  399.     // Same as _onAPModeRequest(...)

  400.     request->send(404);
  401.     request->client()->close();
  402. 

  403. }
  404. 

  405. 

  406. // -----------------------------------------------------------------------------

  407. 

  408. bool webAuthenticate(AsyncWebServerRequest *request) {
  409.     #if USE_PASSWORD

  410.         String password = getAdminPass();
  411.         char httpPassword[password.length() + 1];
  412.         password.toCharArray(httpPassword, password.length() + 1);
  413.         return request->authenticate(WEB_USERNAME, httpPassword);
  414.     #else

  415.         return true;
  416.     #endif

  417. }
  418. 

  419. // -----------------------------------------------------------------------------

  420. 

  421. AsyncWebServer * webServer() {
  422.     return _server;
  423. }
  424. 

  425. void webBodyRegister(web_body_callback_f callback) {
  426.     _web_body_callbacks.push_back(callback);
  427. }
  428. 

  429. void webRequestRegister(web_request_callback_f callback) {
  430.     _web_request_callbacks.push_back(callback);
  431. }
  432. 

  433. unsigned int webPort() {
  434.     #if ASYNC_TCP_SSL_ENABLED & WEB_SSL_ENABLED

  435.         return 443;
  436.     #else

  437.         return getSetting("webPort", WEB_PORT).toInt();
  438.     #endif

  439. }
  440. 

  441. void webLog(AsyncWebServerRequest *request) {
  442.     DEBUG_MSG_P(PSTR("[WEBSERVER] Request: %s %s\n"), request->methodToString(), request->url().c_str());
  443. }
  444. 

  445. void webSetup() {
  446. 

  447.     // Cache the Last-Modifier header value

  448.     snprintf_P(_last_modified, sizeof(_last_modified), PSTR("%s %s GMT"), __DATE__, __TIME__);
  449. 

  450.     // Create server

  451.     unsigned int port = webPort();
  452.     _server = new AsyncWebServer(port);
  453. 

  454.     // Rewrites

  455.     _server->rewrite("/", "/index.html");
  456. 

  457.     // Serve home (basic authentication protection)

  458.     #if WEB_EMBEDDED

  459.         _server->on("/index.html", HTTP_GET, _onHome);
  460.     #endif

  461. 

  462.     // Other entry points

  463.     _server->on("/reset", HTTP_GET, _onReset);
  464.     _server->on("/config", HTTP_GET, _onGetConfig);
  465.     _server->on("/config", HTTP_POST | HTTP_PUT, _onPostConfig, _onPostConfigData);
  466.     _server->on("/upgrade", HTTP_POST, _onUpgrade, _onUpgradeFile);
  467.     _server->on("/discover", HTTP_GET, _onDiscover);
  468. 

  469.     // Serve static files

  470.     #if SPIFFS_SUPPORT

  471.         _server->serveStatic("/", SPIFFS, "/")
  472.             .setLastModified(_last_modified)
  473.             .setFilter([](AsyncWebServerRequest *request) -> bool {
  474.                 webLog(request);
  475.                 return true;
  476.             });
  477.     #endif

  478. 

  479. 

  480.     // Handle other requests, including 404

  481.     _server->onRequestBody(_onBody);
  482.     _server->onNotFound(_onRequest);
  483. 

  484.     // Run server

  485.     #if ASYNC_TCP_SSL_ENABLED & WEB_SSL_ENABLED

  486.         _server->onSslFileRequest(_onCertificate, NULL);
  487.         _server->beginSecure("server.cer", "server.key", NULL);
  488.     #else

  489.         _server->begin();
  490.     #endif

  491. 

  492.     DEBUG_MSG_P(PSTR("[WEBSERVER] Webserver running on port %u\n"), port);
  493. 

  494. }
  495. 

  496. #endif // WEB_SUPPORT