lba.gitea/WLED
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

implement OTA lock / security

Browse Source 
do not reboot after settings set -> add reboot button

ota not really working yet
This commit is contained in:
cschwinne 2016-11-20 01:47:15 +01:00
parent e22fb965f7
commit 9a06c748c0
9 changed files with 107 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
TODO.txt
View File

@ -3,19 +3,20 @@ sequence
simple slide transition simple slide transition
additional color picker field additional color picker field
implement all settings setters implement all settings setters
implement OTA lock / security
implement HSB slider option implement HSB slider option
implement ranges implement ranges
implement discrete range color setter implement discrete range color setter
implement discrete single color setter implement discrete single color setter
do not reboot after settings set -> add reboot button
svg icons in html svg icons in html
notifier function -> send get request notifier function -> send get request
nightlight function -> turns off after set time (+implement fading) nightlight function -> turns off after set time (+implement fading)
add preferred colors to settings -> quickly t. UI, button select, add preferred colors to settings -> quickly t. UI, button select,
use iframe for settings, seperate tabs for wifi and application confg use iframe for settings, seperate tabs for wifi and application confg
use iframe for all adv. features?
/dumpeeprom and /pusheeprom
BUGS BUGS
static ip disables mdns static ip disables mdns
XXX authentification for security relevant areas (/edit, /update (!!!), /list, /down, [/settings, /reset, /cleareeprom]) ? authentification for security relevant areas ([/settings, /reset])
(Unverified) led_amount does nothing (is always 16) because NeoPixelBus is initiated before EEPROM read (Unverified) led_amount does nothing (is always 16) because NeoPixelBus is initiated before EEPROM read
notifier wrong ips

2
wled00/data/index.htm
View File

@ -188,7 +188,7 @@
<body onload="Startup()" class=" __plain_text_READY__"> <body onload="Startup()" class=" __plain_text_READY__">
<div id="tbB" class="tool_box"> <div id="tbB" class="tool_box">
<input type="image" class="settingsbutton" src="/button.png" onclick="OpenSettings()"id="tool"> <input type="image" class="settingsbutton" src="/button.png" onclick="OpenSettings()"id="tool">
<input type="image" class="nightbutton" src="/moon.png" onclick="ToggleNightMode()"id="night"> <!--<input type="image" class="nightbutton" src="/moon.png" onclick="ToggleNightMode()"id="night">-->
</div> </div>
<div id="cdB" class="ctrl_box"> <div id="cdB" class="ctrl_box">
<form id="form_c" name="Ctrl_form"> <form id="form_c" name="Ctrl_form">

7
wled00/data/settings.htm
View File

@ -47,9 +47,7 @@
document.S_form.NORAP.checked = (this.responseXML.getElementsByTagName('norap')[0].innerHTML)!=0?true:false; document.S_form.NORAP.checked = (this.responseXML.getElementsByTagName('norap')[0].innerHTML)!=0?true:false;
document.getElementsByClassName("sip")[0].innerHTML = this.responseXML.getElementsByTagName('sip')[0].innerHTML; document.getElementsByClassName("sip")[0].innerHTML = this.responseXML.getElementsByTagName('sip')[0].innerHTML;
document.getElementsByClassName("sip")[1].innerHTML = this.responseXML.getElementsByTagName('sip')[1].innerHTML; document.getElementsByClassName("sip")[1].innerHTML = this.responseXML.getElementsByTagName('sip')[1].innerHTML;
document.getElementsByClassName("otastat")[0].innerHTML = this.responseXML.getElementsByTagName('otastat')[0].innerHTML;
document.getElementsByClassName("msg")[0].innerHTML = this.responseXML.getElementsByTagName('msg')[0].innerHTML; document.getElementsByClassName("msg")[0].innerHTML = this.responseXML.getElementsByTagName('msg')[0].innerHTML;
if (S_form.NOOTA.checked) {document.S_form.NOOTA.disabled="disabled";}
} }
} }
} }
@ -124,12 +122,11 @@
Hosts to send notifications to: (1 IP per line) <br> Hosts to send notifications to: (1 IP per line) <br>
<textarea name="NSIPS" rows="8" cols="16"></textarea> <textarea name="NSIPS" rows="8" cols="16"></textarea>
<h3>Security</h3> <h3>Security</h3>
OTA enabled: <input type="checkbox" name="NOOTA" value="0"> <br> OTA locked: <input type="checkbox" name="NOOTA" value="0"> <br>
Passphrase: <input type="password" name="OPASS" maxlength="32"> <br> Passphrase: <input type="password" name="OPASS" maxlength="32"> <br>
To enable OTA, for security reasons you need to also enter the correct password! <br> To enable OTA, for security reasons you need to also enter the correct password! <br>
The password may/should be changed when OTA is enabled. <br> The password may/should be changed when OTA is enabled. <br>
Disable OTA when not in use, otherwise an attacker could reflash device software! <br> Disable OTA when not in use, otherwise an attacker could reflash device software! <br> <br>
Current status: <span class="otastat"> Unknown </span> <br> <br>
Disable recovery AP (<i>Not implemented</i>): <input type="checkbox" name="NORAP" value="0"> <br> Disable recovery AP (<i>Not implemented</i>): <input type="checkbox" name="NORAP" value="0"> <br>
In case of a connection error there will be no wireless recovery possible! <br> In case of a connection error there will be no wireless recovery possible! <br>
Completely disables all Access Point functions. <br> <br> Completely disables all Access Point functions. <br> <br>

24
wled00/data/settingssaved.htm Normal file
View File

@ -0,0 +1,24 @@
<!DOCTYPE html>
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Saved Settings</title>
<script>
function OpenMain()
{
window.open("/","_self");
}
function OpenReboot()
{
window.open("/reset","_self");
}
</script>
</head><body>
<div align="center">
<h2>Settings saved.</h2>
<p>If you made changes to WiFi configuration, please reboot.</p><br>
<input type="button" name="BACK" value="Close" onclick="OpenMain()">
<input type="button" name="BACK" value="Reboot" onclick="OpenReboot()">
</div></body>
</html>

3
wled00/wled00.ino
View File

@ -30,7 +30,8 @@ byte col[]{255, 127, 0};
boolean fadeTransition = true; boolean fadeTransition = true;
boolean seqTransition = false; boolean seqTransition = false;
uint16_t transitionDelay = 1500; uint16_t transitionDelay = 1500;
boolean ota_lock = false; boolean ota_lock = true;
String otapass = "wledota";
boolean only_ap = false; boolean only_ap = false;
uint8_t led_amount = 16; uint8_t led_amount = 16;
uint8_t buttonPin = 3; //needs pull-up uint8_t buttonPin = 3; //needs pull-up

33
wled00/wled01_eeprom.ino
View File

@ -1,6 +1,6 @@
void clearEEPROM() void clearEEPROM()
{ {
for (int i = 0; i < 256; i++) for (int i = 0; i < 1024; i++)
{ {
EEPROM.write(i, 0); EEPROM.write(i, 0);
} }
@ -36,10 +36,14 @@ void saveSettingsToEEPROM()
} }
EEPROM.write(224, nightlightDelayMins); EEPROM.write(224, nightlightDelayMins);
EEPROM.write(225, nightlightFade); EEPROM.write(225, nightlightFade);
EEPROM.write(228, aphide); EEPROM.write(226, notifyDirect);
EEPROM.write(227, apchannel); EEPROM.write(227, apchannel);
EEPROM.write(228, aphide);
EEPROM.write(229, led_amount); EEPROM.write(229, led_amount);
EEPROM.write(230, notifyButton);
EEPROM.write(231, notifyForward);
EEPROM.write(232, buttonEnabled); EEPROM.write(232, buttonEnabled);
//233 reserved for first boot flag
EEPROM.write(234, staticip[0]); EEPROM.write(234, staticip[0]);
EEPROM.write(235, staticip[1]); EEPROM.write(235, staticip[1]);
EEPROM.write(236, staticip[2]); EEPROM.write(236, staticip[2]);
@ -56,9 +60,17 @@ void saveSettingsToEEPROM()
EEPROM.write(247, col[1]); EEPROM.write(247, col[1]);
EEPROM.write(248, col[2]); EEPROM.write(248, col[2]);
EEPROM.write(249, bri); EEPROM.write(249, bri);
EEPROM.write(250, receiveNotifications);
EEPROM.write(251, fadeTransition); EEPROM.write(251, fadeTransition);
EEPROM.write(253, (transitionDelay >> 0) & 0xFF); EEPROM.write(253, (transitionDelay >> 0) & 0xFF);
EEPROM.write(254, (transitionDelay >> 8) & 0xFF); EEPROM.write(254, (transitionDelay >> 8) & 0xFF);
EEPROM.write(255, bri_n);
//255,250,231,230,226 notifier bytes
for (int i = 256; i < 288; ++i)
{
EEPROM.write(i, otapass.charAt(i-256));
}
EEPROM.write(289, ota_lock);
EEPROM.commit(); EEPROM.commit();
} }
@ -99,11 +111,16 @@ void loadSettingsFromEEPROM()
if (EEPROM.read(i) == 0) break; if (EEPROM.read(i) == 0) break;
appass += char(EEPROM.read(i)); appass += char(EEPROM.read(i));
} }
aphide = EEPROM.read(228); nightlightDelayMins = EEPROM.read(224);
if (aphide > 1) aphide = 1; nightlightFade = EEPROM.read(225);
notifyDirect = EEPROM.read(226);
apchannel = EEPROM.read(227); apchannel = EEPROM.read(227);
if (apchannel > 13 || apchannel < 1) apchannel = 1; if (apchannel > 13 || apchannel < 1) apchannel = 1;
aphide = EEPROM.read(228);
if (aphide > 1) aphide = 1;
led_amount = EEPROM.read(229); led_amount = EEPROM.read(229);
notifyButton = EEPROM.read(230);
notifyForward = EEPROM.read(231);
buttonEnabled = EEPROM.read(232); buttonEnabled = EEPROM.read(232);
staticip[0] = EEPROM.read(234); staticip[0] = EEPROM.read(234);
staticip[1] = EEPROM.read(235); staticip[1] = EEPROM.read(235);
@ -121,6 +138,14 @@ void loadSettingsFromEEPROM()
col[1] = EEPROM.read(247); col[1] = EEPROM.read(247);
col[2] = EEPROM.read(248); col[2] = EEPROM.read(248);
bri = EEPROM.read(249); bri = EEPROM.read(249);
receiveNotifications = EEPROM.read(250);
fadeTransition = EEPROM.read(251); fadeTransition = EEPROM.read(251);
transitionDelay = ((EEPROM.read(253) << 0) & 0xFF) + ((EEPROM.read(254) << 8) & 0xFF00); transitionDelay = ((EEPROM.read(253) << 0) & 0xFF) + ((EEPROM.read(254) << 8) & 0xFF00);
bri_n = EEPROM.read(255);
for (int i = 256; i < 288; ++i)
{
if (EEPROM.read(i) == 0) break;
otapass += char(EEPROM.read(i));
}
ota_lock = EEPROM.read(289);
} }

6
wled00/wled02_xml.ino
View File

@ -102,7 +102,9 @@ void XML_response_settings()
resp = resp + "\n"; resp = resp + "\n";
} }
resp = resp + "</nsips>"; resp = resp + "</nsips>";
resp = resp + "<noota>0</noota>"; //NI resp = resp + "<noota>";
resp = resp + bool2int(ota_lock);
resp = resp +"</noota>";
resp = resp + "<norap>0</norap>"; //NI resp = resp + "<norap>0</norap>"; //NI
resp = resp + "<sip>"; resp = resp + "<sip>";
if (!WiFi.localIP()[0] == 0) if (!WiFi.localIP()[0] == 0)
@ -132,7 +134,7 @@ void XML_response_settings()
{ {
resp = resp + "Not active"; resp = resp + "Not active";
} }
resp = resp + "</sip><otastat>Not implemented</otastat>"; resp = resp + "</sip><otastat>LS</otastat>";
resp = resp + "<msg>WLED 0.3pd OK</msg>"; resp = resp + "<msg>WLED 0.3pd OK</msg>";
resp = resp + "</vs>"; resp = resp + "</vs>";
Serial.println(resp); Serial.println(resp);

21
wled00/wled03_set.ino
View File

@ -105,6 +105,12 @@ void handleSettingsSet()
int i = server.arg("TDLAY").toInt(); int i = server.arg("TDLAY").toInt();
if (i > 0) transitionDelay = i; if (i > 0) transitionDelay = i;
} }
if (server.hasArg("TLDUR"))
{
int i = server.arg("TLDUR").toInt();
if (i > 0) nightlightDelayMins = i;
}
nightlightFade = server.hasArg("TLFDE");
receiveNotifications = server.hasArg("NRCVE"); receiveNotifications = server.hasArg("NRCVE");
if (server.hasArg("NRBRI")) if (server.hasArg("NRBRI"))
{ {
@ -118,6 +124,21 @@ void handleSettingsSet()
{ {
notifier_ips_raw = server.arg("NSIPS"); notifier_ips_raw = server.arg("NSIPS");
} }
if (server.hasArg("OPASS"))
{
if (!ota_lock)
{
if (server.arg("OPASS").length() > 0)
otapass = server.arg("OPASS");
} else if (!server.hasArg("NOOTA"))
{
if (otapass.equals(server.arg("OPASS")))
{
ota_lock = false;
}
}
}
if (server.hasArg("NOOTA")) ota_lock = true;
saveSettingsToEEPROM(); saveSettingsToEEPROM();
} }

24
wled00/wled05_init.ino
View File

@ -20,7 +20,7 @@ void wledInit()
Serial.printf("\n"); Serial.printf("\n");
} }
Serial.println("Init EEPROM"); Serial.println("Init EEPROM");
EEPROM.begin(256); EEPROM.begin(1024);
loadSettingsFromEEPROM(); loadSettingsFromEEPROM();
Serial.print("CC: SSID: "); Serial.print("CC: SSID: ");
@ -77,11 +77,13 @@ void wledInit()
server.on("/", HTTP_GET, [](){ server.on("/", HTTP_GET, [](){
if(!handleFileRead("/index.htm")) server.send(404, "text/plain", "FileNotFound"); if(!handleFileRead("/index.htm")) server.send(404, "text/plain", "FileNotFound");
}); });
server.on("/reset", HTTP_GET, reset); server.on("/reset", HTTP_GET, [](){
server.send(200, "text/plain", "Rebooting... Go to main page when lights turn on.");
reset();
});
server.on("/set-settings", HTTP_POST, [](){ server.on("/set-settings", HTTP_POST, [](){
handleSettingsSet(); handleSettingsSet();
server.send(200, "text/plain", "Settings saved. Please wait for light to turn back on, then go to main page..."); if(!handleFileRead("/settingssaved.htm")) server.send(404, "text/plain", "SettingsSaved");
reset();
}); });
if (!ota_lock){ if (!ota_lock){
server.on("/edit", HTTP_GET, [](){ server.on("/edit", HTTP_GET, [](){
@ -94,6 +96,20 @@ void wledInit()
server.on("/cleareeprom", HTTP_GET, clearEEPROM); server.on("/cleareeprom", HTTP_GET, clearEEPROM);
//init ota page //init ota page
httpUpdater.setup(&server); httpUpdater.setup(&server);
} else
{
server.on("/edit", HTTP_GET, [](){
server.send(500, "text/plain", "OTA lock active");
});
server.on("/down", HTTP_GET, [](){
server.send(500, "text/plain", "OTA lock active");
});
server.on("/cleareeprom", HTTP_GET, [](){
server.send(500, "text/plain", "OTA lock active");
});
server.on("/update", HTTP_GET, [](){
server.send(500, "text/plain", "OTA lock active");
});
} }
//called when the url is not defined here, ajax-in; get-settings //called when the url is not defined here, ajax-in; get-settings
server.onNotFound([](){ server.onNotFound([](){