implement OTA lock / security
do not reboot after settings set -> add reboot button ota not really working yet
This commit is contained in:
parent
e22fb965f7
commit
9a06c748c0
7
TODO.txt
7
TODO.txt
@ -3,19 +3,20 @@ sequence
|
||||
simple slide transition
|
||||
additional color picker field
|
||||
implement all settings setters
|
||||
implement OTA lock / security
|
||||
implement HSB slider option
|
||||
implement ranges
|
||||
implement discrete range color setter
|
||||
implement discrete single color setter
|
||||
do not reboot after settings set -> add reboot button
|
||||
svg icons in html
|
||||
notifier function -> send get request
|
||||
nightlight function -> turns off after set time (+implement fading)
|
||||
add preferred colors to settings -> quickly t. UI, button select,
|
||||
use iframe for settings, seperate tabs for wifi and application confg
|
||||
use iframe for all adv. features?
|
||||
/dumpeeprom and /pusheeprom
|
||||
|
||||
BUGS
|
||||
static ip disables mdns
|
||||
XXX authentification for security relevant areas (/edit, /update (!!!), /list, /down, [/settings, /reset, /cleareeprom])
|
||||
? authentification for security relevant areas ([/settings, /reset])
|
||||
(Unverified) led_amount does nothing (is always 16) because NeoPixelBus is initiated before EEPROM read
|
||||
notifier wrong ips
|
||||
|
@ -188,7 +188,7 @@
|
||||
<body onload="Startup()" class=" __plain_text_READY__">
|
||||
<div id="tbB" class="tool_box">
|
||||
<input type="image" class="settingsbutton" src="/button.png" onclick="OpenSettings()"id="tool">
|
||||
<input type="image" class="nightbutton" src="/moon.png" onclick="ToggleNightMode()"id="night">
|
||||
<!--<input type="image" class="nightbutton" src="/moon.png" onclick="ToggleNightMode()"id="night">-->
|
||||
</div>
|
||||
<div id="cdB" class="ctrl_box">
|
||||
<form id="form_c" name="Ctrl_form">
|
||||
|
@ -47,9 +47,7 @@
|
||||
document.S_form.NORAP.checked = (this.responseXML.getElementsByTagName('norap')[0].innerHTML)!=0?true:false;
|
||||
document.getElementsByClassName("sip")[0].innerHTML = this.responseXML.getElementsByTagName('sip')[0].innerHTML;
|
||||
document.getElementsByClassName("sip")[1].innerHTML = this.responseXML.getElementsByTagName('sip')[1].innerHTML;
|
||||
document.getElementsByClassName("otastat")[0].innerHTML = this.responseXML.getElementsByTagName('otastat')[0].innerHTML;
|
||||
document.getElementsByClassName("msg")[0].innerHTML = this.responseXML.getElementsByTagName('msg')[0].innerHTML;
|
||||
if (S_form.NOOTA.checked) {document.S_form.NOOTA.disabled="disabled";}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -124,12 +122,11 @@
|
||||
Hosts to send notifications to: (1 IP per line) <br>
|
||||
<textarea name="NSIPS" rows="8" cols="16"></textarea>
|
||||
<h3>Security</h3>
|
||||
OTA enabled: <input type="checkbox" name="NOOTA" value="0"> <br>
|
||||
OTA locked: <input type="checkbox" name="NOOTA" value="0"> <br>
|
||||
Passphrase: <input type="password" name="OPASS" maxlength="32"> <br>
|
||||
To enable OTA, for security reasons you need to also enter the correct password! <br>
|
||||
The password may/should be changed when OTA is enabled. <br>
|
||||
Disable OTA when not in use, otherwise an attacker could reflash device software! <br>
|
||||
Current status: <span class="otastat"> Unknown </span> <br> <br>
|
||||
Disable OTA when not in use, otherwise an attacker could reflash device software! <br> <br>
|
||||
Disable recovery AP (<i>Not implemented</i>): <input type="checkbox" name="NORAP" value="0"> <br>
|
||||
In case of a connection error there will be no wireless recovery possible! <br>
|
||||
Completely disables all Access Point functions. <br> <br>
|
||||
|
24
wled00/data/settingssaved.htm
Normal file
24
wled00/data/settingssaved.htm
Normal file
@ -0,0 +1,24 @@
|
||||
<!DOCTYPE html>
|
||||
<html><head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
|
||||
<title>Saved Settings</title>
|
||||
<script>
|
||||
function OpenMain()
|
||||
{
|
||||
window.open("/","_self");
|
||||
}
|
||||
function OpenReboot()
|
||||
{
|
||||
window.open("/reset","_self");
|
||||
}
|
||||
|
||||
</script>
|
||||
</head><body>
|
||||
<div align="center">
|
||||
<h2>Settings saved.</h2>
|
||||
<p>If you made changes to WiFi configuration, please reboot.</p><br>
|
||||
<input type="button" name="BACK" value="Close" onclick="OpenMain()">
|
||||
<input type="button" name="BACK" value="Reboot" onclick="OpenReboot()">
|
||||
</div></body>
|
||||
</html>
|
||||
|
@ -30,7 +30,8 @@ byte col[]{255, 127, 0};
|
||||
boolean fadeTransition = true;
|
||||
boolean seqTransition = false;
|
||||
uint16_t transitionDelay = 1500;
|
||||
boolean ota_lock = false;
|
||||
boolean ota_lock = true;
|
||||
String otapass = "wledota";
|
||||
boolean only_ap = false;
|
||||
uint8_t led_amount = 16;
|
||||
uint8_t buttonPin = 3; //needs pull-up
|
||||
|
@ -1,6 +1,6 @@
|
||||
void clearEEPROM()
|
||||
{
|
||||
for (int i = 0; i < 256; i++)
|
||||
for (int i = 0; i < 1024; i++)
|
||||
{
|
||||
EEPROM.write(i, 0);
|
||||
}
|
||||
@ -36,10 +36,14 @@ void saveSettingsToEEPROM()
|
||||
}
|
||||
EEPROM.write(224, nightlightDelayMins);
|
||||
EEPROM.write(225, nightlightFade);
|
||||
EEPROM.write(228, aphide);
|
||||
EEPROM.write(226, notifyDirect);
|
||||
EEPROM.write(227, apchannel);
|
||||
EEPROM.write(228, aphide);
|
||||
EEPROM.write(229, led_amount);
|
||||
EEPROM.write(230, notifyButton);
|
||||
EEPROM.write(231, notifyForward);
|
||||
EEPROM.write(232, buttonEnabled);
|
||||
//233 reserved for first boot flag
|
||||
EEPROM.write(234, staticip[0]);
|
||||
EEPROM.write(235, staticip[1]);
|
||||
EEPROM.write(236, staticip[2]);
|
||||
@ -56,9 +60,17 @@ void saveSettingsToEEPROM()
|
||||
EEPROM.write(247, col[1]);
|
||||
EEPROM.write(248, col[2]);
|
||||
EEPROM.write(249, bri);
|
||||
EEPROM.write(250, receiveNotifications);
|
||||
EEPROM.write(251, fadeTransition);
|
||||
EEPROM.write(253, (transitionDelay >> 0) & 0xFF);
|
||||
EEPROM.write(254, (transitionDelay >> 8) & 0xFF);
|
||||
EEPROM.write(255, bri_n);
|
||||
//255,250,231,230,226 notifier bytes
|
||||
for (int i = 256; i < 288; ++i)
|
||||
{
|
||||
EEPROM.write(i, otapass.charAt(i-256));
|
||||
}
|
||||
EEPROM.write(289, ota_lock);
|
||||
EEPROM.commit();
|
||||
}
|
||||
|
||||
@ -99,11 +111,16 @@ void loadSettingsFromEEPROM()
|
||||
if (EEPROM.read(i) == 0) break;
|
||||
appass += char(EEPROM.read(i));
|
||||
}
|
||||
aphide = EEPROM.read(228);
|
||||
if (aphide > 1) aphide = 1;
|
||||
nightlightDelayMins = EEPROM.read(224);
|
||||
nightlightFade = EEPROM.read(225);
|
||||
notifyDirect = EEPROM.read(226);
|
||||
apchannel = EEPROM.read(227);
|
||||
if (apchannel > 13 || apchannel < 1) apchannel = 1;
|
||||
aphide = EEPROM.read(228);
|
||||
if (aphide > 1) aphide = 1;
|
||||
led_amount = EEPROM.read(229);
|
||||
notifyButton = EEPROM.read(230);
|
||||
notifyForward = EEPROM.read(231);
|
||||
buttonEnabled = EEPROM.read(232);
|
||||
staticip[0] = EEPROM.read(234);
|
||||
staticip[1] = EEPROM.read(235);
|
||||
@ -121,6 +138,14 @@ void loadSettingsFromEEPROM()
|
||||
col[1] = EEPROM.read(247);
|
||||
col[2] = EEPROM.read(248);
|
||||
bri = EEPROM.read(249);
|
||||
receiveNotifications = EEPROM.read(250);
|
||||
fadeTransition = EEPROM.read(251);
|
||||
transitionDelay = ((EEPROM.read(253) << 0) & 0xFF) + ((EEPROM.read(254) << 8) & 0xFF00);
|
||||
bri_n = EEPROM.read(255);
|
||||
for (int i = 256; i < 288; ++i)
|
||||
{
|
||||
if (EEPROM.read(i) == 0) break;
|
||||
otapass += char(EEPROM.read(i));
|
||||
}
|
||||
ota_lock = EEPROM.read(289);
|
||||
}
|
||||
|
@ -102,7 +102,9 @@ void XML_response_settings()
|
||||
resp = resp + "\n";
|
||||
}
|
||||
resp = resp + "</nsips>";
|
||||
resp = resp + "<noota>0</noota>"; //NI
|
||||
resp = resp + "<noota>";
|
||||
resp = resp + bool2int(ota_lock);
|
||||
resp = resp +"</noota>";
|
||||
resp = resp + "<norap>0</norap>"; //NI
|
||||
resp = resp + "<sip>";
|
||||
if (!WiFi.localIP()[0] == 0)
|
||||
@ -132,7 +134,7 @@ void XML_response_settings()
|
||||
{
|
||||
resp = resp + "Not active";
|
||||
}
|
||||
resp = resp + "</sip><otastat>Not implemented</otastat>";
|
||||
resp = resp + "</sip><otastat>LS</otastat>";
|
||||
resp = resp + "<msg>WLED 0.3pd OK</msg>";
|
||||
resp = resp + "</vs>";
|
||||
Serial.println(resp);
|
||||
|
@ -105,6 +105,12 @@ void handleSettingsSet()
|
||||
int i = server.arg("TDLAY").toInt();
|
||||
if (i > 0) transitionDelay = i;
|
||||
}
|
||||
if (server.hasArg("TLDUR"))
|
||||
{
|
||||
int i = server.arg("TLDUR").toInt();
|
||||
if (i > 0) nightlightDelayMins = i;
|
||||
}
|
||||
nightlightFade = server.hasArg("TLFDE");
|
||||
receiveNotifications = server.hasArg("NRCVE");
|
||||
if (server.hasArg("NRBRI"))
|
||||
{
|
||||
@ -118,6 +124,21 @@ void handleSettingsSet()
|
||||
{
|
||||
notifier_ips_raw = server.arg("NSIPS");
|
||||
}
|
||||
if (server.hasArg("OPASS"))
|
||||
{
|
||||
if (!ota_lock)
|
||||
{
|
||||
if (server.arg("OPASS").length() > 0)
|
||||
otapass = server.arg("OPASS");
|
||||
} else if (!server.hasArg("NOOTA"))
|
||||
{
|
||||
if (otapass.equals(server.arg("OPASS")))
|
||||
{
|
||||
ota_lock = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (server.hasArg("NOOTA")) ota_lock = true;
|
||||
saveSettingsToEEPROM();
|
||||
}
|
||||
|
||||
|
@ -20,7 +20,7 @@ void wledInit()
|
||||
Serial.printf("\n");
|
||||
}
|
||||
Serial.println("Init EEPROM");
|
||||
EEPROM.begin(256);
|
||||
EEPROM.begin(1024);
|
||||
loadSettingsFromEEPROM();
|
||||
|
||||
Serial.print("CC: SSID: ");
|
||||
@ -77,11 +77,13 @@ void wledInit()
|
||||
server.on("/", HTTP_GET, [](){
|
||||
if(!handleFileRead("/index.htm")) server.send(404, "text/plain", "FileNotFound");
|
||||
});
|
||||
server.on("/reset", HTTP_GET, reset);
|
||||
server.on("/reset", HTTP_GET, [](){
|
||||
server.send(200, "text/plain", "Rebooting... Go to main page when lights turn on.");
|
||||
reset();
|
||||
});
|
||||
server.on("/set-settings", HTTP_POST, [](){
|
||||
handleSettingsSet();
|
||||
server.send(200, "text/plain", "Settings saved. Please wait for light to turn back on, then go to main page...");
|
||||
reset();
|
||||
if(!handleFileRead("/settingssaved.htm")) server.send(404, "text/plain", "SettingsSaved");
|
||||
});
|
||||
if (!ota_lock){
|
||||
server.on("/edit", HTTP_GET, [](){
|
||||
@ -94,6 +96,20 @@ void wledInit()
|
||||
server.on("/cleareeprom", HTTP_GET, clearEEPROM);
|
||||
//init ota page
|
||||
httpUpdater.setup(&server);
|
||||
} else
|
||||
{
|
||||
server.on("/edit", HTTP_GET, [](){
|
||||
server.send(500, "text/plain", "OTA lock active");
|
||||
});
|
||||
server.on("/down", HTTP_GET, [](){
|
||||
server.send(500, "text/plain", "OTA lock active");
|
||||
});
|
||||
server.on("/cleareeprom", HTTP_GET, [](){
|
||||
server.send(500, "text/plain", "OTA lock active");
|
||||
});
|
||||
server.on("/update", HTTP_GET, [](){
|
||||
server.send(500, "text/plain", "OTA lock active");
|
||||
});
|
||||
}
|
||||
//called when the url is not defined here, ajax-in; get-settings
|
||||
server.onNotFound([](){
|
||||
|
Loading…
Reference in New Issue
Block a user