mh
/
mhsw-espurna
1
0
Fork 0
Code Releases 0 Activity
Fork of the espurna firmware for `mhsw` switches
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2900 Commits
18 Branches
212 MiB
Tree: a6c5c7e7c7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a6c5c7e7c7'
${ noResults }
mhsw-espurna/code/espurna/web.ino

511 lines
15 KiB
Raw Normal View History

Complete update
8 years ago
[copyright-update] Update for 2019
5 years ago
Complete update
8 years ago
Option to build without web server support
7 years ago
relay: replace eeprom 8bit with 32bit bitmask stored in settings - mask is defined as (relay# status << number) - transparently handle base-2 and base-10 numbers - if the relay mode requires us to save the mask, it will be saved as base-2
4 years ago
Migrated to AsyncWebServer, AsyncWebSocket and AsyncMqttClient
7 years ago
First power.ino module
7 years ago
Added basic authetication and CSRF check to websocket requests
7 years ago
Complete update
8 years ago
Further renaming
7 years ago
Pre-build the different available WebUI images
6 years ago
Initial support for RFM69GW board
6 years ago
Use full web UI image if device has more than one webui module (#981)
6 years ago
Initial support for RFM69GW board
6 years ago
Use full web UI image if device has more than one webui module (#981)
6 years ago
Initial support for RFM69GW board
6 years ago
Use full web UI image if device has more than one webui module (#981)
6 years ago
Initial support for RFM69GW board
6 years ago
Use full web UI image if device has more than one webui module (#981)
6 years ago
Initial support for RFM69GW board
6 years ago
UI for LightFox
5 years ago
Fix conflicts: 1. Add thermostat to the espurna_modules in progmem.h 2. Add thermostat to webui, gulp, html, js. 3. in general.h MQTT_USE_JSON returned to 0 by default and 1 if thermostat enabled.
5 years ago
Initial support for RFM69GW board
6 years ago
Use full web UI image if device has more than one webui module (#981)
6 years ago
Pre-build the different available WebUI images
6 years ago
Option to build without NTP support
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
MQTT rewrite with SSL fixes (#1751, #1829) * MQTT rewrite with SSL fixes - Added Arduino MQTT library support (actively maintained) - Added support for BearSSL (core >= 2.5) - BearSSL validation: insecure, fingerprinting and CA validation - AxTLS validation: insecure and fingerprinting - Support MFLN in order to reduce heap usage * Better header incl, fix building w/ no NTP_SUPPORT * Clean up code, use DEBUG_MSG_P * Fix compile error
5 years ago
HTTPS disabled by default
7 years ago
MQTT rewrite with SSL fixes (#1751, #1829) * MQTT rewrite with SSL fixes - Added Arduino MQTT library support (actively maintained) - Added support for BearSSL (core >= 2.5) - BearSSL validation: insecure, fingerprinting and CA validation - AxTLS validation: insecure and fingerprinting - Support MFLN in order to reduce heap usage * Better header incl, fix building w/ no NTP_SUPPORT * Clean up code, use DEBUG_MSG_P * Fix compile error
5 years ago
Testing web interface over SSL
7 years ago
Option to build without web server support
7 years ago
Option to change the port the embedded webserver is listening to, defaults to 80
7 years ago
Option to build without web server support
7 years ago
Restore settings & reset via HTTP
6 years ago
Complete update
8 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Test support for upcoming fauxmoESP 3.1.0
5 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Fixed size json payload & other WS bugfixes (#1843) - update every dynamicjsonbuffer with fixed size constructor argument - change to ws callback registration to use a class builder (just cosmetic) - test multiple ws data callbacks for each module - remove some of the static strings in favour of ws data callback - improve sensor ws callback data size, remove duplicated strings - use static buffer in wsDebugSend - postpone wsSend until loop, implement wsPost to allow other modules to queue message callbacks. remove Ticker based ws callbacks for data - update WebUI files
5 years ago
Option to build without web server support
7 years ago
Split web code into web, ws and api
6 years ago
Option to build without web server support
7 years ago
Restore settings & reset via HTTP
6 years ago
Authenticate /reset endpoint (#1858)
5 years ago
Restore settings & reset via HTTP
6 years ago
Enable CORS
6 years ago
Fixed size json payload & other WS bugfixes (#1843) - update every dynamicjsonbuffer with fixed size constructor argument - change to ws callback registration to use a class builder (just cosmetic) - test multiple ws data callbacks for each module - remove some of the static strings in favour of ws data callback - improve sensor ws callback data size, remove duplicated strings - use static buffer in wsDebugSend - postpone wsSend until loop, implement wsPost to allow other modules to queue message callbacks. remove Ticker based ws callbacks for data - update WebUI files
5 years ago
Enable CORS
6 years ago
Fixed size json payload & other WS bugfixes (#1843) - update every dynamicjsonbuffer with fixed size constructor argument - change to ws callback registration to use a class builder (just cosmetic) - test multiple ws data callbacks for each module - remove some of the static strings in favour of ws data callback - improve sensor ws callback data size, remove duplicated strings - use static buffer in wsDebugSend - postpone wsSend until loop, implement wsPost to allow other modules to queue message callbacks. remove Ticker based ws callbacks for data - update WebUI files
5 years ago
Enable CORS
6 years ago
Fixed size json payload & other WS bugfixes (#1843) - update every dynamicjsonbuffer with fixed size constructor argument - change to ws callback registration to use a class builder (just cosmetic) - test multiple ws data callbacks for each module - remove some of the static strings in favour of ws data callback - improve sensor ws callback data size, remove duplicated strings - use static buffer in wsDebugSend - postpone wsSend until loop, implement wsPost to allow other modules to queue message callbacks. remove Ticker based ws callbacks for data - update WebUI files
5 years ago
Enable CORS
6 years ago
Backup and restore settings from file
7 years ago
Split web code into web, ws and api
6 years ago
Fix telnet & web debug responsiveness (#896)
6 years ago
Backup and restore settings from file
7 years ago
Pretty print config backup json
6 years ago
Backup and restore settings from file
7 years ago
Fix bug using snprintf
7 years ago
Backup and restore settings from file
7 years ago
Added security headers for each HTTP response
6 years ago
Dump settings line by line to prevent memory issues (#896)
6 years ago
Fix crash on loading malformed settings, option to load partial configuration
6 years ago
Adding /api and /apis to API request callback
6 years ago
Dump settings line by line to prevent memory issues (#896)
6 years ago
Fix crash on loading malformed settings, option to load partial configuration
6 years ago
Dump settings line by line to prevent memory issues (#896)
6 years ago
Backup and restore settings from file
7 years ago
Restore settings & reset via HTTP
6 years ago
Fix telnet & web debug responsiveness (#896)
6 years ago
Restore settings & reset via HTTP
6 years ago
Web OTA: check authentication result before accepting payload (#1812)
5 years ago
Restore settings & reset via HTTP
6 years ago
Fixed size json payload & other WS bugfixes (#1843) - update every dynamicjsonbuffer with fixed size constructor argument - change to ws callback registration to use a class builder (just cosmetic) - test multiple ws data callbacks for each module - remove some of the static strings in favour of ws data callback - improve sensor ws callback data size, remove duplicated strings - use static buffer in wsDebugSend - postpone wsSend until loop, implement wsPost to allow other modules to queue message callbacks. remove Ticker based ws callbacks for data - update WebUI files
5 years ago
Restore settings & reset via HTTP
6 years ago
Fixed size json payload & other WS bugfixes (#1843) - update every dynamicjsonbuffer with fixed size constructor argument - change to ws callback registration to use a class builder (just cosmetic) - test multiple ws data callbacks for each module - remove some of the static strings in favour of ws data callback - improve sensor ws callback data size, remove duplicated strings - use static buffer in wsDebugSend - postpone wsSend until loop, implement wsPost to allow other modules to queue message callbacks. remove Ticker based ws callbacks for data - update WebUI files
5 years ago
Restore settings & reset via HTTP
6 years ago
Fixed size json payload & other WS bugfixes (#1843) - update every dynamicjsonbuffer with fixed size constructor argument - change to ws callback registration to use a class builder (just cosmetic) - test multiple ws data callbacks for each module - remove some of the static strings in favour of ws data callback - improve sensor ws callback data size, remove duplicated strings - use static buffer in wsDebugSend - postpone wsSend until loop, implement wsPost to allow other modules to queue message callbacks. remove Ticker based ws callbacks for data - update WebUI files
5 years ago
Restore settings & reset via HTTP
6 years ago
Further renaming
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
Using gulp to generate the embedded web contents, added Last-Modifier support to embedded home
7 years ago
Split web code into web, ws and api
6 years ago
Fix telnet & web debug responsiveness (#896)
6 years ago
Using gulp to generate the embedded web contents, added Last-Modifier support to embedded home
7 years ago
MQTT rewrite with SSL fixes (#1751, #1829) * MQTT rewrite with SSL fixes - Added Arduino MQTT library support (actively maintained) - Added support for BearSSL (core >= 2.5) - BearSSL validation: insecure, fingerprinting and CA validation - AxTLS validation: insecure and fingerprinting - Support MFLN in order to reduce heap usage * Better header incl, fix building w/ no NTP_SUPPORT * Clean up code, use DEBUG_MSG_P * Fix compile error
5 years ago
Chunked response for SSL requests
7 years ago
WTF - ESP.getFreeHeap crashing the system for an specific light bulb...
6 years ago
Chunked response for SSL requests
7 years ago
Pre-build the different available WebUI images
6 years ago
Chunked response for SSL requests
7 years ago
Pre-build the different available WebUI images
6 years ago
Chunked response for SSL requests
7 years ago
Pre-build the different available WebUI images
6 years ago
Chunked response for SSL requests
7 years ago
Pre-build the different available WebUI images
6 years ago
Chunked response for SSL requests
7 years ago
Using gulp to generate the embedded web contents, added Last-Modifier support to embedded home
7 years ago
Update web.ino tabs to spaces for consistency
6 years ago
Using gulp to generate the embedded web contents, added Last-Modifier support to embedded home
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
MQTT rewrite with SSL fixes (#1751, #1829) * MQTT rewrite with SSL fixes - Added Arduino MQTT library support (actively maintained) - Added support for BearSSL (core >= 2.5) - BearSSL validation: insecure, fingerprinting and CA validation - AxTLS validation: insecure and fingerprinting - Support MFLN in order to reduce heap usage * Better header incl, fix building w/ no NTP_SUPPORT * Clean up code, use DEBUG_MSG_P * Fix compile error
5 years ago
Added code for SSL certificate reading from SPIFFS
7 years ago
Testing web interface over SSL
7 years ago
Small changes in config variables
7 years ago
Added code for SSL certificate reading from SPIFFS
7 years ago
HTTPS disabled by default
7 years ago
Testing web interface over SSL
7 years ago
HTTPS disabled by default
7 years ago
Testing web interface over SSL
7 years ago
HTTPS disabled by default
7 years ago
Testing web interface over SSL
7 years ago
HTTPS disabled by default
7 years ago
Testing web interface over SSL
7 years ago
Added code for SSL certificate reading from SPIFFS
7 years ago
Testing web interface over SSL
7 years ago
Added code for SSL certificate reading from SPIFFS
7 years ago
Testing web interface over SSL
7 years ago
Upgrade form and handle code
7 years ago
Add Update error number to error message in web UI
7 years ago
Split web code into web, ws and api
6 years ago
Fix telnet & web debug responsiveness (#896)
6 years ago
Simplify and fix web auth code (#284)
6 years ago
Add Update error number to error message in web UI
7 years ago
Wrong messages when upgrading from web UI
7 years ago
Add Update error number to error message in web UI
7 years ago
Upgrade form and handle code
7 years ago
Added security headers for each HTTP response
6 years ago
Update EEPROM_Rotate to 0.9.1 and use rotate(false) before OTA
6 years ago
Unify reset calls
6 years ago
Do not restart after failed web upgrade
7 years ago
Small changes in reset delays after web upgrade
7 years ago
Add Update error number to error message in web UI
7 years ago
Upgrade form and handle code
7 years ago
Web OTA: check authentication result before accepting payload (#1812)
5 years ago
Update API, backup EEPROM to last sector before OTA upgrades
6 years ago
Upgrade form and handle code
7 years ago
Update API, backup EEPROM to last sector before OTA upgrades
6 years ago
Update EEPROM_Rotate to 0.9.1 and use rotate(false) before OTA
6 years ago
Update API, backup EEPROM to last sector before OTA upgrades
6 years ago
Upgrade form and handle code
7 years ago
Fix references to Serial
7 years ago
Upgrade form and handle code
7 years ago
Update API, backup EEPROM to last sector before OTA upgrades
6 years ago
Upgrade form and handle code
7 years ago
Update API, backup EEPROM to last sector before OTA upgrades
6 years ago
Upgrade form and handle code
7 years ago
Fix references to Serial
7 years ago
Upgrade form and handle code
7 years ago
Update API, backup EEPROM to last sector before OTA upgrades
6 years ago
Upgrade form and handle code
7 years ago
Fix references to Serial
7 years ago
Upgrade form and handle code
7 years ago
Experimental support of HTTPUpdate for OTA (#1751) - add httpupdate ota impelementation - move async ota into a separate module - support bearssl & axtls through wificlientsecure - allow to disable arduino ide ota module
5 years ago
Upgrade form and handle code
7 years ago
Close connection in notFound callback (#1768) * Close connection in notFound callback * Add early check of AP mode
5 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Close connection in notFound callback (#1768) * Close connection in notFound callback * Add early check of AP mode
5 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Close connection in notFound callback (#1768) * Close connection in notFound callback * Add early check of AP mode
5 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Close connection in notFound callback (#1768) * Close connection in notFound callback * Add early check of AP mode
5 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Test support for upcoming fauxmoESP 3.1.0
5 years ago
Close connection in notFound callback (#1768) * Close connection in notFound callback * Add early check of AP mode
5 years ago
Test support for upcoming fauxmoESP 3.1.0
5 years ago
Close connection in notFound callback (#1768) * Close connection in notFound callback * Add early check of AP mode
5 years ago
Test support for upcoming fauxmoESP 3.1.0
5 years ago
Option to build without web server support
7 years ago
Revert WS to ticket-based authentication
6 years ago
Build option to disable password check (USE_PASSWORD). Password check is enabled by default. Use at your own risk (#373)
6 years ago
Added password check to telnet
6 years ago
Build option to disable password check (USE_PASSWORD). Password check is enabled by default. Use at your own risk (#373)
6 years ago
Split web code into web, ws and api
6 years ago
Test support for upcoming fauxmoESP 3.1.0
5 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
SSDP working
6 years ago
MQTT rewrite with SSL fixes (#1751, #1829) * MQTT rewrite with SSL fixes - Added Arduino MQTT library support (actively maintained) - Added support for BearSSL (core >= 2.5) - BearSSL validation: insecure, fingerprinting and CA validation - AxTLS validation: insecure and fingerprinting - Support MFLN in order to reduce heap usage * Better header incl, fix building w/ no NTP_SUPPORT * Clean up code, use DEBUG_MSG_P * Fix compile error
5 years ago
SSDP working
6 years ago
Split web code into web, ws and api
6 years ago
Migrated to AsyncWebServer, AsyncWebSocket and AsyncMqttClient
7 years ago
Option to build without web server support
7 years ago
Fix bug using snprintf
7 years ago
Option to build without web server support
7 years ago
Option to change the port the embedded webserver is listening to, defaults to 80
7 years ago
SSDP working
6 years ago
Testing web interface over SSL
7 years ago
Option to change the port the embedded webserver is listening to, defaults to 80
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
* Support for ITead's Sonoff Dual * Support for Electrodragon's ESP Relay Board * Support for multi-relay boards * Changed relay MQTT topics * Changed relay API entry points * Removed non-secure api entry points
7 years ago
Further renaming
7 years ago
Using gulp to generate the embedded web contents, added Last-Modifier support to embedded home
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
Adding /api and /apis to API request callback
6 years ago
Restore settings & reset via HTTP
6 years ago
Backup and restore settings from file
7 years ago
Restore settings & reset via HTTP
6 years ago
Web OTA: check authentication result before accepting payload (#1812)
5 years ago
Enable CORS
6 years ago
Bring back HTTP relay entry points
7 years ago
Migrated to AsyncWebServer, AsyncWebSocket and AsyncMqttClient
7 years ago
Refactoring build flag names
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
Using gulp to generate the embedded web contents, added Last-Modifier support to embedded home
7 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
Split web code into web, ws and api
6 years ago
Experimental option to embed the web interface in the firmware image
7 years ago
Added EEPROM management commands to terminal interface
7 years ago
Test support for upcoming fauxmoESP 3.1.0
5 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Test support for upcoming fauxmoESP 3.1.0
5 years ago
Reduce memory footprint of API calls (#1133)
6 years ago
Migrated to AsyncWebServer, AsyncWebSocket and AsyncMqttClient
7 years ago
MQTT rewrite with SSL fixes (#1751, #1829) * MQTT rewrite with SSL fixes - Added Arduino MQTT library support (actively maintained) - Added support for BearSSL (core >= 2.5) - BearSSL validation: insecure, fingerprinting and CA validation - AxTLS validation: insecure and fingerprinting - Support MFLN in order to reduce heap usage * Better header incl, fix building w/ no NTP_SUPPORT * Clean up code, use DEBUG_MSG_P * Fix compile error
5 years ago
SSDP working
6 years ago
Testing web interface over SSL
7 years ago
SSDP working
6 years ago
Testing web interface over SSL
7 years ago
Added password check to telnet
6 years ago
SSDP working
6 years ago
Complete update
8 years ago
Option to build without web server support
7 years ago
 
  1. /*

  2. 

  3. WEBSERVER MODULE
  4. 

  5. Copyright (C) 2016-2019 by Xose Pérez <xose dot perez at gmail dot com>
  6. 

  7. */
  8. 

  9. #if WEB_SUPPORT

  10. 

  11. #include "utils.h"

  12. 

  13. #include <ESPAsyncTCP.h>

  14. #include <ESPAsyncWebServer.h>

  15. #include <Hash.h>

  16. #include <FS.h>

  17. #include <AsyncJson.h>

  18. #include <ArduinoJson.h>

  19. 

  20. #if WEB_EMBEDDED

  21. 

  22. #if WEBUI_IMAGE == WEBUI_IMAGE_SMALL

  23.     #include "static/index.small.html.gz.h"

  24. #elif WEBUI_IMAGE == WEBUI_IMAGE_LIGHT

  25.     #include "static/index.light.html.gz.h"

  26. #elif WEBUI_IMAGE == WEBUI_IMAGE_SENSOR

  27.     #include "static/index.sensor.html.gz.h"

  28. #elif WEBUI_IMAGE == WEBUI_IMAGE_RFBRIDGE

  29.     #include "static/index.rfbridge.html.gz.h"

  30. #elif WEBUI_IMAGE == WEBUI_IMAGE_RFM69

  31.     #include "static/index.rfm69.html.gz.h"

  32. #elif WEBUI_IMAGE == WEBUI_IMAGE_LIGHTFOX

  33.     #include "static/index.lightfox.html.gz.h"

  34. #elif WEBUI_IMAGE == WEBUI_IMAGE_THERMOSTAT

  35.     #include "static/index.thermostat.html.gz.h"

  36. #elif WEBUI_IMAGE == WEBUI_IMAGE_FULL

  37.     #include "static/index.all.html.gz.h"

  38. #endif

  39. 

  40. #endif // WEB_EMBEDDED

  41. 

  42. #if SECURE_CLIENT == SECURE_CLIENT_AXTLS & WEB_SSL_ENABLED

  43. #include "static/server.cer.h"

  44. #include "static/server.key.h"

  45. #endif // SECURE_CLIENT == SECURE_CLIENT_AXTLS & WEB_SSL_ENABLED

  46. 

  47. // -----------------------------------------------------------------------------

  48. 

  49. AsyncWebServer * _server;
  50. char _last_modified[50];
  51. std::vector<uint8_t> * _webConfigBuffer;
  52. bool _webConfigSuccess = false;
  53. 

  54. std::vector<web_request_callback_f> _web_request_callbacks;
  55. std::vector<web_body_callback_f> _web_body_callbacks;
  56. 

  57. constexpr const size_t WEB_CONFIG_BUFFER_MAX = 4096;
  58. 

  59. // -----------------------------------------------------------------------------

  60. // HOOKS

  61. // -----------------------------------------------------------------------------

  62. 

  63. void _onReset(AsyncWebServerRequest *request) {
  64. 

  65.     webLog(request);
  66.     if (!webAuthenticate(request)) {
  67.         return request->requestAuthentication(getSetting("hostname").c_str());
  68.     }
  69. 

  70.     deferredReset(100, CUSTOM_RESET_HTTP);
  71.     request->send(200);
  72. }
  73. 

  74. void _onDiscover(AsyncWebServerRequest *request) {
  75. 

  76.     webLog(request);
  77. 

  78.     AsyncResponseStream *response = request->beginResponseStream("application/json");
  79. 

  80.     const String device = getBoardName();
  81.     const String hostname = getSetting("hostname");
  82. 

  83.     StaticJsonBuffer<JSON_OBJECT_SIZE(4)> jsonBuffer;
  84.     JsonObject &root = jsonBuffer.createObject();
  85.     root["app"] = APP_NAME;
  86.     root["version"] = APP_VERSION;
  87.     root["device"] = device.c_str();
  88.     root["hostname"] = hostname.c_str();
  89.     root.printTo(*response);
  90. 

  91.     request->send(response);
  92. 

  93. }
  94. 

  95. void _onGetConfig(AsyncWebServerRequest *request) {
  96. 

  97.     webLog(request);
  98.     if (!webAuthenticate(request)) {
  99.         return request->requestAuthentication(getSetting("hostname").c_str());
  100.     }
  101. 

  102.     AsyncResponseStream *response = request->beginResponseStream("text/json");
  103. 

  104.     char buffer[100];
  105.     snprintf_P(buffer, sizeof(buffer), PSTR("attachment; filename=\"%s-backup.json\""), (char *) getSetting("hostname").c_str());
  106.     response->addHeader("Content-Disposition", buffer);
  107.     response->addHeader("X-XSS-Protection", "1; mode=block");
  108.     response->addHeader("X-Content-Type-Options", "nosniff");
  109.     response->addHeader("X-Frame-Options", "deny");
  110. 

  111.     response->printf("{\n\"app\": \"%s\"", APP_NAME);
  112.     response->printf(",\n\"version\": \"%s\"", APP_VERSION);
  113.     response->printf(",\n\"backup\": \"1\"");
  114.     #if NTP_SUPPORT

  115.         response->printf(",\n\"timestamp\": \"%s\"", ntpDateTime().c_str());
  116.     #endif

  117. 

  118.     // Write the keys line by line (not sorted)

  119.     unsigned long count = settingsKeyCount();
  120.     for (unsigned int i=0; i<count; i++) {
  121.         String key = settingsKeyName(i);
  122.         String value = getSetting(key);
  123.         response->printf(",\n\"%s\": \"%s\"", key.c_str(), value.c_str());
  124.     }
  125.     response->printf("\n}");
  126. 

  127.     request->send(response);
  128. 

  129. }
  130. 

  131. void _onPostConfig(AsyncWebServerRequest *request) {
  132.     webLog(request);
  133.     if (!webAuthenticate(request)) {
  134.         return request->requestAuthentication(getSetting("hostname").c_str());
  135.     }
  136.     request->send(_webConfigSuccess ? 200 : 400);
  137. }
  138. 

  139. void _onPostConfigData(AsyncWebServerRequest *request, String filename, size_t index, uint8_t *data, size_t len, bool final) {
  140. 

  141.     if (!webAuthenticate(request)) {
  142.         return request->requestAuthentication(getSetting("hostname").c_str());
  143.     }
  144. 

  145.     // No buffer

  146.     if (final && (index == 0)) {
  147.         _webConfigSuccess = settingsRestoreJson((char*) data);
  148.         return;
  149.     }
  150. 

  151.     // Buffer start => reset

  152.     if (index == 0) if (_webConfigBuffer) delete _webConfigBuffer;
  153. 

  154.     // init buffer if it doesn't exist

  155.     if (!_webConfigBuffer) {
  156.         _webConfigBuffer = new std::vector<uint8_t>();
  157.         _webConfigSuccess = false;
  158.     }
  159. 

  160.     // Copy

  161.     if (len > 0) {
  162.         if ((_webConfigBuffer->size() + len) > std::min(WEB_CONFIG_BUFFER_MAX, getFreeHeap() - sizeof(std::vector<uint8_t>))) {
  163.             delete _webConfigBuffer;
  164.             _webConfigBuffer = nullptr;
  165.             request->send(500);
  166.             return;
  167.         }
  168.         _webConfigBuffer->reserve(_webConfigBuffer->size() + len);
  169.         _webConfigBuffer->insert(_webConfigBuffer->end(), data, data + len);
  170.     }
  171. 

  172.     // Ending

  173.     if (final) {
  174. 

  175.         _webConfigBuffer->push_back(0);
  176.         _webConfigSuccess = settingsRestoreJson((char*) _webConfigBuffer->data());
  177.         delete _webConfigBuffer;
  178. 

  179.     }
  180. 

  181. }
  182. 

  183. #if WEB_EMBEDDED

  184. void _onHome(AsyncWebServerRequest *request) {
  185. 

  186.     webLog(request);
  187.     if (!webAuthenticate(request)) {
  188.         return request->requestAuthentication(getSetting("hostname").c_str());
  189.     }
  190. 

  191.     if (request->header("If-Modified-Since").equals(_last_modified)) {
  192. 

  193.         request->send(304);
  194. 

  195.     } else {
  196. 

  197.         #if SECURE_CLIENT == SECURE_CLIENT_AXTLS

  198. 

  199.             // Chunked response, we calculate the chunks based on free heap (in multiples of 32)

  200.             // This is necessary when a TLS connection is open since it sucks too much memory

  201.             DEBUG_MSG_P(PSTR("[MAIN] Free heap: %d bytes\n"), getFreeHeap());
  202.             size_t max = (getFreeHeap() / 3) & 0xFFE0;
  203. 

  204.             AsyncWebServerResponse *response = request->beginChunkedResponse("text/html", [max](uint8_t *buffer, size_t maxLen, size_t index) -> size_t {
  205. 

  206.                 // Get the chunk based on the index and maxLen

  207.                 size_t len = webui_image_len - index;
  208.                 if (len > maxLen) len = maxLen;
  209.                 if (len > max) len = max;
  210.                 if (len > 0) memcpy_P(buffer, webui_image + index, len);
  211. 

  212.                 DEBUG_MSG_P(PSTR("[WEB] Sending %d%%%% (max chunk size: %4d)\r"), int(100 * index / webui_image_len), max);
  213.                 if (len == 0) DEBUG_MSG_P(PSTR("\n"));
  214. 

  215.                 // Return the actual length of the chunk (0 for end of file)

  216.                 return len;
  217. 

  218.             });
  219. 

  220.         #else

  221. 

  222.             AsyncWebServerResponse *response = request->beginResponse_P(200, "text/html", webui_image, webui_image_len);
  223. 

  224.         #endif

  225. 

  226.         response->addHeader("Content-Encoding", "gzip");
  227.         response->addHeader("Last-Modified", _last_modified);
  228.         response->addHeader("X-XSS-Protection", "1; mode=block");
  229.         response->addHeader("X-Content-Type-Options", "nosniff");
  230.         response->addHeader("X-Frame-Options", "deny");
  231.         request->send(response);
  232. 

  233.     }
  234. 

  235. }
  236. #endif

  237. 

  238. #if SECURE_CLIENT == SECURE_CLIENT_AXTLS & WEB_SSL_ENABLED

  239. 

  240. int _onCertificate(void * arg, const char *filename, uint8_t **buf) {
  241. 

  242. #if WEB_EMBEDDED

  243. 

  244.     if (strcmp(filename, "server.cer") == 0) {
  245.         uint8_t * nbuf = (uint8_t*) malloc(server_cer_len);
  246.         memcpy_P(nbuf, server_cer, server_cer_len);
  247.         *buf = nbuf;
  248.         DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - OK\n"), filename);
  249.         return server_cer_len;
  250.     }
  251. 

  252.     if (strcmp(filename, "server.key") == 0) {
  253.         uint8_t * nbuf = (uint8_t*) malloc(server_key_len);
  254.         memcpy_P(nbuf, server_key, server_key_len);
  255.         *buf = nbuf;
  256.         DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - OK\n"), filename);
  257.         return server_key_len;
  258.     }
  259. 

  260.     DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - ERROR\n"), filename);
  261.     *buf = 0;
  262.     return 0;
  263. 

  264. #else

  265. 

  266.     File file = SPIFFS.open(filename, "r");
  267.     if (file) {
  268.         size_t size = file.size();
  269.         uint8_t * nbuf = (uint8_t*) malloc(size);
  270.         if (nbuf) {
  271.             size = file.read(nbuf, size);
  272.             file.close();
  273.             *buf = nbuf;
  274.             DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - OK\n"), filename);
  275.             return size;
  276.         }
  277.         file.close();
  278.     }
  279.     DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - ERROR\n"), filename);
  280.     *buf = 0;
  281.     return 0;
  282. 

  283. #endif

  284. 

  285. }
  286. 

  287. #endif

  288. 

  289. void _onUpgrade(AsyncWebServerRequest *request) {
  290. 

  291.     webLog(request);
  292.     if (!webAuthenticate(request)) {
  293.         return request->requestAuthentication(getSetting("hostname").c_str());
  294.     }
  295. 

  296.     char buffer[10];
  297.     if (!Update.hasError()) {
  298.         sprintf_P(buffer, PSTR("OK"));
  299.     } else {
  300.         sprintf_P(buffer, PSTR("ERROR %d"), Update.getError());
  301.     }
  302. 

  303.     AsyncWebServerResponse *response = request->beginResponse(200, "text/plain", buffer);
  304.     response->addHeader("Connection", "close");
  305.     response->addHeader("X-XSS-Protection", "1; mode=block");
  306.     response->addHeader("X-Content-Type-Options", "nosniff");
  307.     response->addHeader("X-Frame-Options", "deny");
  308.     if (Update.hasError()) {
  309.         eepromRotate(true);
  310.     } else {
  311.         deferredReset(100, CUSTOM_RESET_UPGRADE);
  312.     }
  313.     request->send(response);
  314. 

  315. }
  316. 

  317. void _onUpgradeFile(AsyncWebServerRequest *request, String filename, size_t index, uint8_t *data, size_t len, bool final) {
  318. 

  319.     if (!webAuthenticate(request)) {
  320.         return request->requestAuthentication(getSetting("hostname").c_str());
  321.     }
  322. 

  323.     if (!index) {
  324. 

  325.         // Disabling EEPROM rotation to prevent writing to EEPROM after the upgrade

  326.         eepromRotate(false);
  327. 

  328.         DEBUG_MSG_P(PSTR("[UPGRADE] Start: %s\n"), filename.c_str());
  329.         Update.runAsync(true);
  330.         if (!Update.begin((ESP.getFreeSketchSpace() - 0x1000) & 0xFFFFF000)) {
  331.             #ifdef DEBUG_PORT

  332.                 Update.printError(DEBUG_PORT);
  333.             #endif

  334.         }
  335. 

  336.     }
  337. 

  338.     if (!Update.hasError()) {
  339.         if (Update.write(data, len) != len) {
  340.             #ifdef DEBUG_PORT

  341.                 Update.printError(DEBUG_PORT);
  342.             #endif

  343.         }
  344.     }
  345. 

  346.     if (final) {
  347.         if (Update.end(true)){
  348.             DEBUG_MSG_P(PSTR("[UPGRADE] Success:  %u bytes\n"), index + len);
  349.         } else {
  350.             #ifdef DEBUG_PORT

  351.                 Update.printError(DEBUG_PORT);
  352.             #endif

  353.         }
  354.     } else {
  355.         // Removed to avoid websocket ping back during upgrade (see #1574)

  356.         // TODO: implement as separate from debugging message

  357.         if (wsConnected()) return;
  358.         DEBUG_MSG_P(PSTR("[UPGRADE] Progress: %u bytes\r"), index + len);
  359.     }
  360. }
  361. 

  362. bool _onAPModeRequest(AsyncWebServerRequest *request) {
  363. 

  364.     if ((WiFi.getMode() & WIFI_AP) > 0) {
  365.         const String domain = getSetting("hostname") + ".";
  366.         const String host = request->header("Host");
  367.         const String ip = WiFi.softAPIP().toString();
  368. 

  369.         // Only allow requests that use our hostname or ip

  370.         if (host.equals(ip)) return true;
  371.         if (host.startsWith(domain)) return true;
  372. 

  373.         // Immediatly close the connection, ref: https://github.com/xoseperez/espurna/issues/1660

  374.         // Not doing so will cause memory exhaustion, because the connection will linger

  375.         request->send(404);
  376.         request->client()->close();
  377. 

  378.         return false;
  379.     }
  380. 

  381.     return true;
  382. 

  383. }
  384. 

  385. void _onRequest(AsyncWebServerRequest *request){
  386. 

  387.     if (!_onAPModeRequest(request)) return;
  388. 

  389.     // Send request to subscribers

  390.     for (unsigned char i = 0; i < _web_request_callbacks.size(); i++) {
  391.         bool response = (_web_request_callbacks[i])(request);
  392.         if (response) return;
  393.     }
  394. 

  395.     // No subscriber handled the request, return a 404 with implicit "Connection: close"

  396.     request->send(404);
  397. 

  398.     // And immediatly close the connection, ref: https://github.com/xoseperez/espurna/issues/1660

  399.     // Not doing so will cause memory exhaustion, because the connection will linger

  400.     request->client()->close();
  401. 

  402. }
  403. 

  404. void _onBody(AsyncWebServerRequest *request, uint8_t *data, size_t len, size_t index, size_t total) {
  405. 

  406.     if (!_onAPModeRequest(request)) return;
  407. 

  408.     // Send request to subscribers

  409.     for (unsigned char i = 0; i < _web_body_callbacks.size(); i++) {
  410.         bool response = (_web_body_callbacks[i])(request, data, len, index, total);
  411.         if (response) return;
  412.     }
  413. 

  414.     // Same as _onAPModeRequest(...)

  415.     request->send(404);
  416.     request->client()->close();
  417. 

  418. }
  419. 

  420. 

  421. // -----------------------------------------------------------------------------

  422. 

  423. bool webAuthenticate(AsyncWebServerRequest *request) {
  424.     #if USE_PASSWORD

  425.         String password = getAdminPass();
  426.         char httpPassword[password.length() + 1];
  427.         password.toCharArray(httpPassword, password.length() + 1);
  428.         return request->authenticate(WEB_USERNAME, httpPassword);
  429.     #else

  430.         return true;
  431.     #endif

  432. }
  433. 

  434. // -----------------------------------------------------------------------------

  435. 

  436. AsyncWebServer * webServer() {
  437.     return _server;
  438. }
  439. 

  440. void webBodyRegister(web_body_callback_f callback) {
  441.     _web_body_callbacks.push_back(callback);
  442. }
  443. 

  444. void webRequestRegister(web_request_callback_f callback) {
  445.     _web_request_callbacks.push_back(callback);
  446. }
  447. 

  448. unsigned int webPort() {
  449.     #if SECURE_CLIENT == SECURE_CLIENT_AXTLS & WEB_SSL_ENABLED

  450.         return 443;
  451.     #else

  452.         return getSetting("webPort", WEB_PORT).toInt();
  453.     #endif

  454. }
  455. 

  456. void webLog(AsyncWebServerRequest *request) {
  457.     DEBUG_MSG_P(PSTR("[WEBSERVER] Request: %s %s\n"), request->methodToString(), request->url().c_str());
  458. }
  459. 

  460. void webSetup() {
  461. 

  462.     // Cache the Last-Modifier header value

  463.     snprintf_P(_last_modified, sizeof(_last_modified), PSTR("%s %s GMT"), __DATE__, __TIME__);
  464. 

  465.     // Create server

  466.     unsigned int port = webPort();
  467.     _server = new AsyncWebServer(port);
  468. 

  469.     // Rewrites

  470.     _server->rewrite("/", "/index.html");
  471. 

  472.     // Serve home (basic authentication protection)

  473.     #if WEB_EMBEDDED

  474.         _server->on("/index.html", HTTP_GET, _onHome);
  475.     #endif

  476. 

  477.     // Other entry points

  478.     _server->on("/reset", HTTP_GET, _onReset);
  479.     _server->on("/config", HTTP_GET, _onGetConfig);
  480.     _server->on("/config", HTTP_POST | HTTP_PUT, _onPostConfig, _onPostConfigData);
  481.     _server->on("/upgrade", HTTP_POST, _onUpgrade, _onUpgradeFile);
  482.     _server->on("/discover", HTTP_GET, _onDiscover);
  483. 

  484.     // Serve static files

  485.     #if SPIFFS_SUPPORT

  486.         _server->serveStatic("/", SPIFFS, "/")
  487.             .setLastModified(_last_modified)
  488.             .setFilter([](AsyncWebServerRequest *request) -> bool {
  489.                 webLog(request);
  490.                 return true;
  491.             });
  492.     #endif

  493. 

  494. 

  495.     // Handle other requests, including 404

  496.     _server->onRequestBody(_onBody);
  497.     _server->onNotFound(_onRequest);
  498. 

  499.     // Run server

  500.     #if SECURE_CLIENT == SECURE_CLIENT_AXTLS & WEB_SSL_ENABLED

  501.         _server->onSslFileRequest(_onCertificate, NULL);
  502.         _server->beginSecure("server.cer", "server.key", NULL);
  503.     #else

  504.         _server->begin();
  505.     #endif

  506. 

  507.     DEBUG_MSG_P(PSTR("[WEBSERVER] Webserver running on port %u\n"), port);
  508. 

  509. }
  510. 

  511. #endif // WEB_SUPPORT