implement OTA lock / security

do not reboot after settings set -> add reboot button

ota not really working yet

TODO.txt

@@ -3,19 +3,20 @@ sequence
 simple slide transition
 additional color picker field
 implement all settings setters
-implement OTA lock / security
 implement HSB slider option
 implement ranges
 implement discrete range color setter
 implement discrete single color setter
-do not reboot after settings set -> add reboot button
 svg icons in html
 notifier function -> send get request
 nightlight function -> turns off after set time (+implement fading)
 add preferred colors to settings -> quickly t. UI, button select,
 use iframe for settings, seperate tabs for wifi and application confg
+use iframe for all adv. features?
+/dumpeeprom and /pusheeprom
 
 BUGS
 static ip disables mdns
-XXX authentification for security relevant areas (/edit, /update (!!!), /list, /down, [/settings, /reset, /cleareeprom])
+? authentification for security relevant areas ([/settings, /reset])
 (Unverified) led_amount does nothing (is always 16) because NeoPixelBus is initiated before EEPROM read
+notifier wrong ips

wled00/data/index.htm

@@ -188,7 +188,7 @@
 <body onload="Startup()" class=" __plain_text_READY__">
 	<div id="tbB" class="tool_box">
 		<input type="image" class="settingsbutton" src="/button.png" onclick="OpenSettings()"id="tool">
-		<input type="image" class="nightbutton" src="/moon.png" onclick="ToggleNightMode()"id="night">
+		<!--<input type="image" class="nightbutton" src="/moon.png" onclick="ToggleNightMode()"id="night">-->
 	</div>
 	<div id="cdB" class="ctrl_box">
 		<form id="form_c" name="Ctrl_form">

wled00/data/settings.htm

@@ -47,9 +47,7 @@
 							document.S_form.NORAP.checked = (this.responseXML.getElementsByTagName('norap')[0].innerHTML)!=0?true:false;
 							document.getElementsByClassName("sip")[0].innerHTML = this.responseXML.getElementsByTagName('sip')[0].innerHTML;
 							document.getElementsByClassName("sip")[1].innerHTML = this.responseXML.getElementsByTagName('sip')[1].innerHTML;
-							document.getElementsByClassName("otastat")[0].innerHTML = this.responseXML.getElementsByTagName('otastat')[0].innerHTML;
 							document.getElementsByClassName("msg")[0].innerHTML = this.responseXML.getElementsByTagName('msg')[0].innerHTML;
-							if (S_form.NOOTA.checked) {document.S_form.NOOTA.disabled="disabled";}
 						}
 					}
 				}
@@ -124,12 +122,11 @@
 		Hosts to send notifications to: (1 IP per line) <br>
 		<textarea name="NSIPS" rows="8" cols="16"></textarea>
 		<h3>Security</h3>
-		OTA enabled: <input type="checkbox" name="NOOTA" value="0"> <br>
+		OTA locked: <input type="checkbox" name="NOOTA" value="0"> <br>
 		Passphrase: <input type="password" name="OPASS" maxlength="32"> <br>
 		To enable OTA, for security reasons you need to also enter the correct password! <br>
 		The password may/should be changed when OTA is enabled. <br>
-		Disable OTA when not in use, otherwise an attacker could reflash device software! <br>
-		Current status: <span class="otastat"> Unknown </span> <br> <br>
+		Disable OTA when not in use, otherwise an attacker could reflash device software! <br> <br>
 		Disable recovery AP (<i>Not implemented</i>): <input type="checkbox" name="NORAP" value="0"> <br>
 		In case of a connection error there will be no wireless recovery possible! <br>
 		Completely disables all Access Point functions. <br> <br>

wled00/data/settingssaved.htm

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html><head>
+	<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+	<title>Saved Settings</title>
+	<script>
+		function OpenMain()
+		{
+			window.open("/","_self");
+		}
+		function OpenReboot()
+		{
+			window.open("/reset","_self");
+		}
+	
+	</script>
+	</head><body>
+	<div align="center">
+		<h2>Settings saved.</h2>
+		<p>If you made changes to WiFi configuration, please reboot.</p><br>
+		<input type="button" name="BACK" value="Close" onclick="OpenMain()">
+		<input type="button" name="BACK" value="Reboot" onclick="OpenReboot()">
+	</div></body>
+</html>
+	

wled00/wled00.ino

@@ -30,7 +30,8 @@ byte col[]{255, 127, 0};
 boolean fadeTransition = true;
 boolean seqTransition = false;
 uint16_t transitionDelay = 1500;
-boolean ota_lock = false;
+boolean ota_lock = true;
+String otapass = "wledota";
 boolean only_ap = false;
 uint8_t led_amount = 16;
 uint8_t buttonPin = 3; //needs pull-up

wled00/wled01_eeprom.ino

@@ -1,6 +1,6 @@
 void clearEEPROM()
 {
-  for (int i = 0; i < 256; i++)
+  for (int i = 0; i < 1024; i++)
   {
     EEPROM.write(i, 0);
   }
@@ -36,10 +36,14 @@ void saveSettingsToEEPROM()
   }
   EEPROM.write(224, nightlightDelayMins);
   EEPROM.write(225, nightlightFade);
-  EEPROM.write(228, aphide);
+  EEPROM.write(226, notifyDirect);
   EEPROM.write(227, apchannel);
+  EEPROM.write(228, aphide);
   EEPROM.write(229, led_amount);
+  EEPROM.write(230, notifyButton);
+  EEPROM.write(231, notifyForward);
   EEPROM.write(232, buttonEnabled);
+  //233 reserved for first boot flag
   EEPROM.write(234, staticip[0]);
   EEPROM.write(235, staticip[1]);
   EEPROM.write(236, staticip[2]);
@@ -56,9 +60,17 @@ void saveSettingsToEEPROM()
   EEPROM.write(247, col[1]);
   EEPROM.write(248, col[2]);
   EEPROM.write(249, bri);
+  EEPROM.write(250, receiveNotifications);
   EEPROM.write(251, fadeTransition);
   EEPROM.write(253, (transitionDelay >> 0) & 0xFF);
   EEPROM.write(254, (transitionDelay >> 8) & 0xFF);
+  EEPROM.write(255, bri_n);
+  //255,250,231,230,226 notifier bytes
+  for (int i = 256; i < 288; ++i)
+  {
+    EEPROM.write(i, otapass.charAt(i-256));
+  }
+  EEPROM.write(289, ota_lock);
   EEPROM.commit();
 }
 
@@ -99,11 +111,16 @@ void loadSettingsFromEEPROM()
     if (EEPROM.read(i) == 0) break;
     appass += char(EEPROM.read(i));
   }
-  aphide = EEPROM.read(228);
-  if (aphide > 1) aphide = 1;
+  nightlightDelayMins = EEPROM.read(224);
+  nightlightFade = EEPROM.read(225);
+  notifyDirect = EEPROM.read(226);
   apchannel = EEPROM.read(227);
   if (apchannel > 13 || apchannel < 1) apchannel = 1;
+  aphide = EEPROM.read(228);
+  if (aphide > 1) aphide = 1;
   led_amount = EEPROM.read(229);
+  notifyButton = EEPROM.read(230);
+  notifyForward = EEPROM.read(231);
   buttonEnabled = EEPROM.read(232);
   staticip[0] = EEPROM.read(234);
   staticip[1] = EEPROM.read(235);
@@ -121,6 +138,14 @@ void loadSettingsFromEEPROM()
   col[1] = EEPROM.read(247);
   col[2] = EEPROM.read(248);
   bri = EEPROM.read(249);
+  receiveNotifications = EEPROM.read(250);
   fadeTransition = EEPROM.read(251);
   transitionDelay = ((EEPROM.read(253) << 0) & 0xFF) + ((EEPROM.read(254) << 8) & 0xFF00);
+  bri_n = EEPROM.read(255);
+  for (int i = 256; i < 288; ++i)
+  {
+    if (EEPROM.read(i) == 0) break;
+    otapass += char(EEPROM.read(i));
+  }
+  ota_lock = EEPROM.read(289);
 }

wled00/wled02_xml.ino

@@ -102,7 +102,9 @@ void XML_response_settings()
     resp = resp + "\n";
   }
   resp = resp + "</nsips>";
-  resp = resp + "<noota>0</noota>"; //NI
+  resp = resp + "<noota>";
+  resp = resp + bool2int(ota_lock);
+  resp = resp +"</noota>";
   resp = resp + "<norap>0</norap>"; //NI
   resp = resp + "<sip>";
   if (!WiFi.localIP()[0] == 0)
@@ -132,7 +134,7 @@ void XML_response_settings()
   {
     resp = resp + "Not active";
   }
-  resp = resp + "</sip><otastat>Not implemented</otastat>";
+  resp = resp + "</sip><otastat>LS</otastat>";
   resp = resp + "<msg>WLED 0.3pd OK</msg>";
   resp = resp + "</vs>";
   Serial.println(resp);

wled00/wled03_set.ino

@@ -105,6 +105,12 @@ void handleSettingsSet()
     int i = server.arg("TDLAY").toInt();
     if (i > 0) transitionDelay = i;
   }
+  if (server.hasArg("TLDUR"))
+  {
+    int i = server.arg("TLDUR").toInt();
+    if (i > 0) nightlightDelayMins = i;
+  }
+  nightlightFade = server.hasArg("TLFDE");
   receiveNotifications = server.hasArg("NRCVE");
   if (server.hasArg("NRBRI"))
   {
@@ -118,6 +124,21 @@ void handleSettingsSet()
   {
     notifier_ips_raw = server.arg("NSIPS");
   }
+  if (server.hasArg("OPASS"))
+  {
+    if (!ota_lock)
+    {
+      if (server.arg("OPASS").length() > 0)
+      otapass = server.arg("OPASS");
+    } else if (!server.hasArg("NOOTA"))
+    {
+      if (otapass.equals(server.arg("OPASS")))
+      {
+        ota_lock = false;
+      }
+    }
+  }
+  if (server.hasArg("NOOTA")) ota_lock = true;
   saveSettingsToEEPROM();
 }
 

wled00/wled05_init.ino

@@ -20,7 +20,7 @@ void wledInit()
     Serial.printf("\n");
   }
   Serial.println("Init EEPROM");
-  EEPROM.begin(256);
+  EEPROM.begin(1024);
   loadSettingsFromEEPROM();
 
   Serial.print("CC: SSID: ");
@@ -77,11 +77,13 @@ void wledInit()
   server.on("/", HTTP_GET, [](){
     if(!handleFileRead("/index.htm")) server.send(404, "text/plain", "FileNotFound");
   });
-  server.on("/reset", HTTP_GET, reset);
+  server.on("/reset", HTTP_GET, [](){
+    server.send(200, "text/plain", "Rebooting... Go to main page when lights turn on.");
+    reset();
+  });
   server.on("/set-settings", HTTP_POST, [](){
     handleSettingsSet();
-    server.send(200, "text/plain", "Settings saved. Please wait for light to turn back on, then go to main page...");
-    reset();
+    if(!handleFileRead("/settingssaved.htm")) server.send(404, "text/plain", "SettingsSaved");
   });
   if (!ota_lock){
     server.on("/edit", HTTP_GET, [](){
@@ -94,6 +96,20 @@ void wledInit()
     server.on("/cleareeprom", HTTP_GET, clearEEPROM);
     //init ota page
     httpUpdater.setup(&server);
+  } else
+  {
+    server.on("/edit", HTTP_GET, [](){
+    server.send(500, "text/plain", "OTA lock active");
+    });
+    server.on("/down", HTTP_GET, [](){
+    server.send(500, "text/plain", "OTA lock active");
+    });
+    server.on("/cleareeprom", HTTP_GET, [](){
+    server.send(500, "text/plain", "OTA lock active");
+    });
+    server.on("/update", HTTP_GET, [](){
+    server.send(500, "text/plain", "OTA lock active");
+    });
   }
   //called when the url is not defined here, ajax-in; get-settings
   server.onNotFound([](){