patrick/OpenDTU-old
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: prevent unauthorized access to OnBattery websockets

Browse Source 
it turns out that authentication was never implemented on
OpenDTU-OnBattery-specific websocket connections. found while
applying https://github.com/tbnobody/OpenDTU/pull/2320
This commit is contained in:
Bernhard Kirchen 2024-09-30 22:26:31 +02:00
parent 185ac36282
commit 1812e6eb6a
7 changed files with 69 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/WebApi_ws_Huawei.h
View File

@ -10,6 +10,7 @@ class WebApiWsHuaweiLiveClass {
public: public:
WebApiWsHuaweiLiveClass(); WebApiWsHuaweiLiveClass();
void init(AsyncWebServer& server, Scheduler& scheduler); void init(AsyncWebServer& server, Scheduler& scheduler);
void reload();
private: private:
void generateCommonJsonResponse(JsonVariant& root); void generateCommonJsonResponse(JsonVariant& root);
@ -18,6 +19,7 @@ private:
AsyncWebServer* _server; AsyncWebServer* _server;
AsyncWebSocket _ws; AsyncWebSocket _ws;
AuthenticationMiddleware _simpleDigestAuth;
std::mutex _mutex; std::mutex _mutex;

2
include/WebApi_ws_battery.h
View File

@ -10,6 +10,7 @@ class WebApiWsBatteryLiveClass {
public: public:
WebApiWsBatteryLiveClass(); WebApiWsBatteryLiveClass();
void init(AsyncWebServer& server, Scheduler& scheduler); void init(AsyncWebServer& server, Scheduler& scheduler);
void reload();
private: private:
void generateCommonJsonResponse(JsonVariant& root); void generateCommonJsonResponse(JsonVariant& root);
@ -18,6 +19,7 @@ private:
AsyncWebServer* _server; AsyncWebServer* _server;
AsyncWebSocket _ws; AsyncWebSocket _ws;
AuthenticationMiddleware _simpleDigestAuth;
uint32_t _lastUpdateCheck = 0; uint32_t _lastUpdateCheck = 0;
static constexpr uint16_t _responseSize = 1024 + 512; static constexpr uint16_t _responseSize = 1024 + 512;

2
include/WebApi_ws_vedirect_live.h
View File

@ -12,6 +12,7 @@ class WebApiWsVedirectLiveClass {
public: public:
WebApiWsVedirectLiveClass(); WebApiWsVedirectLiveClass();
void init(AsyncWebServer& server, Scheduler& scheduler); void init(AsyncWebServer& server, Scheduler& scheduler);
void reload();
private: private:
void generateCommonJsonResponse(JsonVariant& root, bool fullUpdate); void generateCommonJsonResponse(JsonVariant& root, bool fullUpdate);
@ -22,6 +23,7 @@ private:
AsyncWebServer* _server; AsyncWebServer* _server;
AsyncWebSocket _ws; AsyncWebSocket _ws;
AuthenticationMiddleware _simpleDigestAuth;
uint32_t _lastFullPublish = 0; uint32_t _lastFullPublish = 0;
uint32_t _lastPublish = 0; uint32_t _lastPublish = 0;

3
src/WebApi.cpp
View File

@ -51,6 +51,9 @@ void WebApiClass::reload()
{ {
_webApiWsConsole.reload(); _webApiWsConsole.reload();
_webApiWsLive.reload(); _webApiWsLive.reload();
_webApiWsBatteryLive.reload();
_webApiWsVedirectLive.reload();
_webApiWsHuaweiLive.reload();
} }
bool WebApiClass::checkCredentials(AsyncWebServerRequest* request) bool WebApiClass::checkCredentials(AsyncWebServerRequest* request)

20
src/WebApi_ws_Huawei.cpp
View File

@ -42,6 +42,26 @@ void WebApiWsHuaweiLiveClass::init(AsyncWebServer& server, Scheduler& scheduler)
_sendDataTask.setIterations(TASK_FOREVER); _sendDataTask.setIterations(TASK_FOREVER);
_sendDataTask.setInterval(1 * TASK_SECOND); _sendDataTask.setInterval(1 * TASK_SECOND);
_sendDataTask.enable(); _sendDataTask.enable();
_simpleDigestAuth.setUsername(AUTH_USERNAME);
_simpleDigestAuth.setRealm("AC charger websocket");
reload();
}
void WebApiWsHuaweiLiveClass::reload()
{
_ws.removeMiddleware(&_simpleDigestAuth);
auto const& config = Configuration.get();
if (config.Security.AllowReadonly) { return; }
_ws.enable(false);
_simpleDigestAuth.setPassword(config.Security.Password);
_ws.addMiddleware(&_simpleDigestAuth);
_ws.closeAll();
_ws.enable(true);
} }
void WebApiWsHuaweiLiveClass::wsCleanupTaskCb() void WebApiWsHuaweiLiveClass::wsCleanupTaskCb()

20
src/WebApi_ws_battery.cpp
View File

@ -42,6 +42,26 @@ void WebApiWsBatteryLiveClass::init(AsyncWebServer& server, Scheduler& scheduler
_sendDataTask.setIterations(TASK_FOREVER); _sendDataTask.setIterations(TASK_FOREVER);
_sendDataTask.setInterval(1 * TASK_SECOND); _sendDataTask.setInterval(1 * TASK_SECOND);
_sendDataTask.enable(); _sendDataTask.enable();
_simpleDigestAuth.setUsername(AUTH_USERNAME);
_simpleDigestAuth.setRealm("battery websocket");
reload();
}
void WebApiWsBatteryLiveClass::reload()
{
_ws.removeMiddleware(&_simpleDigestAuth);
auto const& config = Configuration.get();
if (config.Security.AllowReadonly) { return; }
_ws.enable(false);
_simpleDigestAuth.setPassword(config.Security.Password);
_ws.addMiddleware(&_simpleDigestAuth);
_ws.closeAll();
_ws.enable(true);
} }
void WebApiWsBatteryLiveClass::wsCleanupTaskCb() void WebApiWsBatteryLiveClass::wsCleanupTaskCb()

20
src/WebApi_ws_vedirect_live.cpp
View File

@ -44,6 +44,26 @@ void WebApiWsVedirectLiveClass::init(AsyncWebServer& server, Scheduler& schedule
_sendDataTask.setIterations(TASK_FOREVER); _sendDataTask.setIterations(TASK_FOREVER);
_sendDataTask.setInterval(500 * TASK_MILLISECOND); _sendDataTask.setInterval(500 * TASK_MILLISECOND);
_sendDataTask.enable(); _sendDataTask.enable();
_simpleDigestAuth.setUsername(AUTH_USERNAME);
_simpleDigestAuth.setRealm("vedirect websocket");
reload();
}
void WebApiWsVedirectLiveClass::reload()
{
_ws.removeMiddleware(&_simpleDigestAuth);
auto const& config = Configuration.get();
if (config.Security.AllowReadonly) { return; }
_ws.enable(false);
_simpleDigestAuth.setPassword(config.Security.Password);
_ws.addMiddleware(&_simpleDigestAuth);
_ws.closeAll();
_ws.enable(true);
} }
void WebApiWsVedirectLiveClass::wsCleanupTaskCb() void WebApiWsVedirectLiveClass::wsCleanupTaskCb()