implement OTA lock / security
do not reboot after settings set -> add reboot button ota not really working yet
This commit is contained in:
parent
e22fb965f7
commit
9a06c748c0
7
TODO.txt
7
TODO.txt
@ -3,19 +3,20 @@ sequence
|
|||||||
simple slide transition
|
simple slide transition
|
||||||
additional color picker field
|
additional color picker field
|
||||||
implement all settings setters
|
implement all settings setters
|
||||||
implement OTA lock / security
|
|
||||||
implement HSB slider option
|
implement HSB slider option
|
||||||
implement ranges
|
implement ranges
|
||||||
implement discrete range color setter
|
implement discrete range color setter
|
||||||
implement discrete single color setter
|
implement discrete single color setter
|
||||||
do not reboot after settings set -> add reboot button
|
|
||||||
svg icons in html
|
svg icons in html
|
||||||
notifier function -> send get request
|
notifier function -> send get request
|
||||||
nightlight function -> turns off after set time (+implement fading)
|
nightlight function -> turns off after set time (+implement fading)
|
||||||
add preferred colors to settings -> quickly t. UI, button select,
|
add preferred colors to settings -> quickly t. UI, button select,
|
||||||
use iframe for settings, seperate tabs for wifi and application confg
|
use iframe for settings, seperate tabs for wifi and application confg
|
||||||
|
use iframe for all adv. features?
|
||||||
|
/dumpeeprom and /pusheeprom
|
||||||
|
|
||||||
BUGS
|
BUGS
|
||||||
static ip disables mdns
|
static ip disables mdns
|
||||||
XXX authentification for security relevant areas (/edit, /update (!!!), /list, /down, [/settings, /reset, /cleareeprom])
|
? authentification for security relevant areas ([/settings, /reset])
|
||||||
(Unverified) led_amount does nothing (is always 16) because NeoPixelBus is initiated before EEPROM read
|
(Unverified) led_amount does nothing (is always 16) because NeoPixelBus is initiated before EEPROM read
|
||||||
|
notifier wrong ips
|
||||||
|
@ -188,7 +188,7 @@
|
|||||||
<body onload="Startup()" class=" __plain_text_READY__">
|
<body onload="Startup()" class=" __plain_text_READY__">
|
||||||
<div id="tbB" class="tool_box">
|
<div id="tbB" class="tool_box">
|
||||||
<input type="image" class="settingsbutton" src="/button.png" onclick="OpenSettings()"id="tool">
|
<input type="image" class="settingsbutton" src="/button.png" onclick="OpenSettings()"id="tool">
|
||||||
<input type="image" class="nightbutton" src="/moon.png" onclick="ToggleNightMode()"id="night">
|
<!--<input type="image" class="nightbutton" src="/moon.png" onclick="ToggleNightMode()"id="night">-->
|
||||||
</div>
|
</div>
|
||||||
<div id="cdB" class="ctrl_box">
|
<div id="cdB" class="ctrl_box">
|
||||||
<form id="form_c" name="Ctrl_form">
|
<form id="form_c" name="Ctrl_form">
|
||||||
|
@ -47,9 +47,7 @@
|
|||||||
document.S_form.NORAP.checked = (this.responseXML.getElementsByTagName('norap')[0].innerHTML)!=0?true:false;
|
document.S_form.NORAP.checked = (this.responseXML.getElementsByTagName('norap')[0].innerHTML)!=0?true:false;
|
||||||
document.getElementsByClassName("sip")[0].innerHTML = this.responseXML.getElementsByTagName('sip')[0].innerHTML;
|
document.getElementsByClassName("sip")[0].innerHTML = this.responseXML.getElementsByTagName('sip')[0].innerHTML;
|
||||||
document.getElementsByClassName("sip")[1].innerHTML = this.responseXML.getElementsByTagName('sip')[1].innerHTML;
|
document.getElementsByClassName("sip")[1].innerHTML = this.responseXML.getElementsByTagName('sip')[1].innerHTML;
|
||||||
document.getElementsByClassName("otastat")[0].innerHTML = this.responseXML.getElementsByTagName('otastat')[0].innerHTML;
|
|
||||||
document.getElementsByClassName("msg")[0].innerHTML = this.responseXML.getElementsByTagName('msg')[0].innerHTML;
|
document.getElementsByClassName("msg")[0].innerHTML = this.responseXML.getElementsByTagName('msg')[0].innerHTML;
|
||||||
if (S_form.NOOTA.checked) {document.S_form.NOOTA.disabled="disabled";}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -124,12 +122,11 @@
|
|||||||
Hosts to send notifications to: (1 IP per line) <br>
|
Hosts to send notifications to: (1 IP per line) <br>
|
||||||
<textarea name="NSIPS" rows="8" cols="16"></textarea>
|
<textarea name="NSIPS" rows="8" cols="16"></textarea>
|
||||||
<h3>Security</h3>
|
<h3>Security</h3>
|
||||||
OTA enabled: <input type="checkbox" name="NOOTA" value="0"> <br>
|
OTA locked: <input type="checkbox" name="NOOTA" value="0"> <br>
|
||||||
Passphrase: <input type="password" name="OPASS" maxlength="32"> <br>
|
Passphrase: <input type="password" name="OPASS" maxlength="32"> <br>
|
||||||
To enable OTA, for security reasons you need to also enter the correct password! <br>
|
To enable OTA, for security reasons you need to also enter the correct password! <br>
|
||||||
The password may/should be changed when OTA is enabled. <br>
|
The password may/should be changed when OTA is enabled. <br>
|
||||||
Disable OTA when not in use, otherwise an attacker could reflash device software! <br>
|
Disable OTA when not in use, otherwise an attacker could reflash device software! <br> <br>
|
||||||
Current status: <span class="otastat"> Unknown </span> <br> <br>
|
|
||||||
Disable recovery AP (<i>Not implemented</i>): <input type="checkbox" name="NORAP" value="0"> <br>
|
Disable recovery AP (<i>Not implemented</i>): <input type="checkbox" name="NORAP" value="0"> <br>
|
||||||
In case of a connection error there will be no wireless recovery possible! <br>
|
In case of a connection error there will be no wireless recovery possible! <br>
|
||||||
Completely disables all Access Point functions. <br> <br>
|
Completely disables all Access Point functions. <br> <br>
|
||||||
|
24
wled00/data/settingssaved.htm
Normal file
24
wled00/data/settingssaved.htm
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<html><head>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
|
||||||
|
<title>Saved Settings</title>
|
||||||
|
<script>
|
||||||
|
function OpenMain()
|
||||||
|
{
|
||||||
|
window.open("/","_self");
|
||||||
|
}
|
||||||
|
function OpenReboot()
|
||||||
|
{
|
||||||
|
window.open("/reset","_self");
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</head><body>
|
||||||
|
<div align="center">
|
||||||
|
<h2>Settings saved.</h2>
|
||||||
|
<p>If you made changes to WiFi configuration, please reboot.</p><br>
|
||||||
|
<input type="button" name="BACK" value="Close" onclick="OpenMain()">
|
||||||
|
<input type="button" name="BACK" value="Reboot" onclick="OpenReboot()">
|
||||||
|
</div></body>
|
||||||
|
</html>
|
||||||
|
|
@ -30,7 +30,8 @@ byte col[]{255, 127, 0};
|
|||||||
boolean fadeTransition = true;
|
boolean fadeTransition = true;
|
||||||
boolean seqTransition = false;
|
boolean seqTransition = false;
|
||||||
uint16_t transitionDelay = 1500;
|
uint16_t transitionDelay = 1500;
|
||||||
boolean ota_lock = false;
|
boolean ota_lock = true;
|
||||||
|
String otapass = "wledota";
|
||||||
boolean only_ap = false;
|
boolean only_ap = false;
|
||||||
uint8_t led_amount = 16;
|
uint8_t led_amount = 16;
|
||||||
uint8_t buttonPin = 3; //needs pull-up
|
uint8_t buttonPin = 3; //needs pull-up
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
void clearEEPROM()
|
void clearEEPROM()
|
||||||
{
|
{
|
||||||
for (int i = 0; i < 256; i++)
|
for (int i = 0; i < 1024; i++)
|
||||||
{
|
{
|
||||||
EEPROM.write(i, 0);
|
EEPROM.write(i, 0);
|
||||||
}
|
}
|
||||||
@ -36,10 +36,14 @@ void saveSettingsToEEPROM()
|
|||||||
}
|
}
|
||||||
EEPROM.write(224, nightlightDelayMins);
|
EEPROM.write(224, nightlightDelayMins);
|
||||||
EEPROM.write(225, nightlightFade);
|
EEPROM.write(225, nightlightFade);
|
||||||
EEPROM.write(228, aphide);
|
EEPROM.write(226, notifyDirect);
|
||||||
EEPROM.write(227, apchannel);
|
EEPROM.write(227, apchannel);
|
||||||
|
EEPROM.write(228, aphide);
|
||||||
EEPROM.write(229, led_amount);
|
EEPROM.write(229, led_amount);
|
||||||
|
EEPROM.write(230, notifyButton);
|
||||||
|
EEPROM.write(231, notifyForward);
|
||||||
EEPROM.write(232, buttonEnabled);
|
EEPROM.write(232, buttonEnabled);
|
||||||
|
//233 reserved for first boot flag
|
||||||
EEPROM.write(234, staticip[0]);
|
EEPROM.write(234, staticip[0]);
|
||||||
EEPROM.write(235, staticip[1]);
|
EEPROM.write(235, staticip[1]);
|
||||||
EEPROM.write(236, staticip[2]);
|
EEPROM.write(236, staticip[2]);
|
||||||
@ -56,9 +60,17 @@ void saveSettingsToEEPROM()
|
|||||||
EEPROM.write(247, col[1]);
|
EEPROM.write(247, col[1]);
|
||||||
EEPROM.write(248, col[2]);
|
EEPROM.write(248, col[2]);
|
||||||
EEPROM.write(249, bri);
|
EEPROM.write(249, bri);
|
||||||
|
EEPROM.write(250, receiveNotifications);
|
||||||
EEPROM.write(251, fadeTransition);
|
EEPROM.write(251, fadeTransition);
|
||||||
EEPROM.write(253, (transitionDelay >> 0) & 0xFF);
|
EEPROM.write(253, (transitionDelay >> 0) & 0xFF);
|
||||||
EEPROM.write(254, (transitionDelay >> 8) & 0xFF);
|
EEPROM.write(254, (transitionDelay >> 8) & 0xFF);
|
||||||
|
EEPROM.write(255, bri_n);
|
||||||
|
//255,250,231,230,226 notifier bytes
|
||||||
|
for (int i = 256; i < 288; ++i)
|
||||||
|
{
|
||||||
|
EEPROM.write(i, otapass.charAt(i-256));
|
||||||
|
}
|
||||||
|
EEPROM.write(289, ota_lock);
|
||||||
EEPROM.commit();
|
EEPROM.commit();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -99,11 +111,16 @@ void loadSettingsFromEEPROM()
|
|||||||
if (EEPROM.read(i) == 0) break;
|
if (EEPROM.read(i) == 0) break;
|
||||||
appass += char(EEPROM.read(i));
|
appass += char(EEPROM.read(i));
|
||||||
}
|
}
|
||||||
aphide = EEPROM.read(228);
|
nightlightDelayMins = EEPROM.read(224);
|
||||||
if (aphide > 1) aphide = 1;
|
nightlightFade = EEPROM.read(225);
|
||||||
|
notifyDirect = EEPROM.read(226);
|
||||||
apchannel = EEPROM.read(227);
|
apchannel = EEPROM.read(227);
|
||||||
if (apchannel > 13 || apchannel < 1) apchannel = 1;
|
if (apchannel > 13 || apchannel < 1) apchannel = 1;
|
||||||
|
aphide = EEPROM.read(228);
|
||||||
|
if (aphide > 1) aphide = 1;
|
||||||
led_amount = EEPROM.read(229);
|
led_amount = EEPROM.read(229);
|
||||||
|
notifyButton = EEPROM.read(230);
|
||||||
|
notifyForward = EEPROM.read(231);
|
||||||
buttonEnabled = EEPROM.read(232);
|
buttonEnabled = EEPROM.read(232);
|
||||||
staticip[0] = EEPROM.read(234);
|
staticip[0] = EEPROM.read(234);
|
||||||
staticip[1] = EEPROM.read(235);
|
staticip[1] = EEPROM.read(235);
|
||||||
@ -121,6 +138,14 @@ void loadSettingsFromEEPROM()
|
|||||||
col[1] = EEPROM.read(247);
|
col[1] = EEPROM.read(247);
|
||||||
col[2] = EEPROM.read(248);
|
col[2] = EEPROM.read(248);
|
||||||
bri = EEPROM.read(249);
|
bri = EEPROM.read(249);
|
||||||
|
receiveNotifications = EEPROM.read(250);
|
||||||
fadeTransition = EEPROM.read(251);
|
fadeTransition = EEPROM.read(251);
|
||||||
transitionDelay = ((EEPROM.read(253) << 0) & 0xFF) + ((EEPROM.read(254) << 8) & 0xFF00);
|
transitionDelay = ((EEPROM.read(253) << 0) & 0xFF) + ((EEPROM.read(254) << 8) & 0xFF00);
|
||||||
|
bri_n = EEPROM.read(255);
|
||||||
|
for (int i = 256; i < 288; ++i)
|
||||||
|
{
|
||||||
|
if (EEPROM.read(i) == 0) break;
|
||||||
|
otapass += char(EEPROM.read(i));
|
||||||
|
}
|
||||||
|
ota_lock = EEPROM.read(289);
|
||||||
}
|
}
|
||||||
|
@ -102,7 +102,9 @@ void XML_response_settings()
|
|||||||
resp = resp + "\n";
|
resp = resp + "\n";
|
||||||
}
|
}
|
||||||
resp = resp + "</nsips>";
|
resp = resp + "</nsips>";
|
||||||
resp = resp + "<noota>0</noota>"; //NI
|
resp = resp + "<noota>";
|
||||||
|
resp = resp + bool2int(ota_lock);
|
||||||
|
resp = resp +"</noota>";
|
||||||
resp = resp + "<norap>0</norap>"; //NI
|
resp = resp + "<norap>0</norap>"; //NI
|
||||||
resp = resp + "<sip>";
|
resp = resp + "<sip>";
|
||||||
if (!WiFi.localIP()[0] == 0)
|
if (!WiFi.localIP()[0] == 0)
|
||||||
@ -132,7 +134,7 @@ void XML_response_settings()
|
|||||||
{
|
{
|
||||||
resp = resp + "Not active";
|
resp = resp + "Not active";
|
||||||
}
|
}
|
||||||
resp = resp + "</sip><otastat>Not implemented</otastat>";
|
resp = resp + "</sip><otastat>LS</otastat>";
|
||||||
resp = resp + "<msg>WLED 0.3pd OK</msg>";
|
resp = resp + "<msg>WLED 0.3pd OK</msg>";
|
||||||
resp = resp + "</vs>";
|
resp = resp + "</vs>";
|
||||||
Serial.println(resp);
|
Serial.println(resp);
|
||||||
|
@ -105,6 +105,12 @@ void handleSettingsSet()
|
|||||||
int i = server.arg("TDLAY").toInt();
|
int i = server.arg("TDLAY").toInt();
|
||||||
if (i > 0) transitionDelay = i;
|
if (i > 0) transitionDelay = i;
|
||||||
}
|
}
|
||||||
|
if (server.hasArg("TLDUR"))
|
||||||
|
{
|
||||||
|
int i = server.arg("TLDUR").toInt();
|
||||||
|
if (i > 0) nightlightDelayMins = i;
|
||||||
|
}
|
||||||
|
nightlightFade = server.hasArg("TLFDE");
|
||||||
receiveNotifications = server.hasArg("NRCVE");
|
receiveNotifications = server.hasArg("NRCVE");
|
||||||
if (server.hasArg("NRBRI"))
|
if (server.hasArg("NRBRI"))
|
||||||
{
|
{
|
||||||
@ -118,6 +124,21 @@ void handleSettingsSet()
|
|||||||
{
|
{
|
||||||
notifier_ips_raw = server.arg("NSIPS");
|
notifier_ips_raw = server.arg("NSIPS");
|
||||||
}
|
}
|
||||||
|
if (server.hasArg("OPASS"))
|
||||||
|
{
|
||||||
|
if (!ota_lock)
|
||||||
|
{
|
||||||
|
if (server.arg("OPASS").length() > 0)
|
||||||
|
otapass = server.arg("OPASS");
|
||||||
|
} else if (!server.hasArg("NOOTA"))
|
||||||
|
{
|
||||||
|
if (otapass.equals(server.arg("OPASS")))
|
||||||
|
{
|
||||||
|
ota_lock = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (server.hasArg("NOOTA")) ota_lock = true;
|
||||||
saveSettingsToEEPROM();
|
saveSettingsToEEPROM();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@ void wledInit()
|
|||||||
Serial.printf("\n");
|
Serial.printf("\n");
|
||||||
}
|
}
|
||||||
Serial.println("Init EEPROM");
|
Serial.println("Init EEPROM");
|
||||||
EEPROM.begin(256);
|
EEPROM.begin(1024);
|
||||||
loadSettingsFromEEPROM();
|
loadSettingsFromEEPROM();
|
||||||
|
|
||||||
Serial.print("CC: SSID: ");
|
Serial.print("CC: SSID: ");
|
||||||
@ -77,11 +77,13 @@ void wledInit()
|
|||||||
server.on("/", HTTP_GET, [](){
|
server.on("/", HTTP_GET, [](){
|
||||||
if(!handleFileRead("/index.htm")) server.send(404, "text/plain", "FileNotFound");
|
if(!handleFileRead("/index.htm")) server.send(404, "text/plain", "FileNotFound");
|
||||||
});
|
});
|
||||||
server.on("/reset", HTTP_GET, reset);
|
server.on("/reset", HTTP_GET, [](){
|
||||||
|
server.send(200, "text/plain", "Rebooting... Go to main page when lights turn on.");
|
||||||
|
reset();
|
||||||
|
});
|
||||||
server.on("/set-settings", HTTP_POST, [](){
|
server.on("/set-settings", HTTP_POST, [](){
|
||||||
handleSettingsSet();
|
handleSettingsSet();
|
||||||
server.send(200, "text/plain", "Settings saved. Please wait for light to turn back on, then go to main page...");
|
if(!handleFileRead("/settingssaved.htm")) server.send(404, "text/plain", "SettingsSaved");
|
||||||
reset();
|
|
||||||
});
|
});
|
||||||
if (!ota_lock){
|
if (!ota_lock){
|
||||||
server.on("/edit", HTTP_GET, [](){
|
server.on("/edit", HTTP_GET, [](){
|
||||||
@ -94,6 +96,20 @@ void wledInit()
|
|||||||
server.on("/cleareeprom", HTTP_GET, clearEEPROM);
|
server.on("/cleareeprom", HTTP_GET, clearEEPROM);
|
||||||
//init ota page
|
//init ota page
|
||||||
httpUpdater.setup(&server);
|
httpUpdater.setup(&server);
|
||||||
|
} else
|
||||||
|
{
|
||||||
|
server.on("/edit", HTTP_GET, [](){
|
||||||
|
server.send(500, "text/plain", "OTA lock active");
|
||||||
|
});
|
||||||
|
server.on("/down", HTTP_GET, [](){
|
||||||
|
server.send(500, "text/plain", "OTA lock active");
|
||||||
|
});
|
||||||
|
server.on("/cleareeprom", HTTP_GET, [](){
|
||||||
|
server.send(500, "text/plain", "OTA lock active");
|
||||||
|
});
|
||||||
|
server.on("/update", HTTP_GET, [](){
|
||||||
|
server.send(500, "text/plain", "OTA lock active");
|
||||||
|
});
|
||||||
}
|
}
|
||||||
//called when the url is not defined here, ajax-in; get-settings
|
//called when the url is not defined here, ajax-in; get-settings
|
||||||
server.onNotFound([](){
|
server.onNotFound([](){
|
||||||
|
Loading…
Reference in New Issue
Block a user