From df11db1244d25194874991470689d65f48cb898e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20B=C3=B6hm?= <andreas@boehm.cx>
Date: Thu, 8 Aug 2024 20:58:12 +0200
Subject: [PATCH] fix: add auth check on battery, huawei and powermeter API
 endpoints (#1155)

---
 src/WebApi_Huawei.cpp     | 11 ++++-------
 src/WebApi_battery.cpp    |  4 ++++
 src/WebApi_powermeter.cpp |  4 ++++
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/WebApi_Huawei.cpp b/src/WebApi_Huawei.cpp
index 685ab594..d2f1d2e1 100644
--- a/src/WebApi_Huawei.cpp
+++ b/src/WebApi_Huawei.cpp
@@ -145,15 +145,12 @@ void WebApiHuaweiClass::onPost(AsyncWebServerRequest* request)
     WebApi.sendJsonResponse(request, response, __FUNCTION__, __LINE__);
 }
 
-
-
-
 void WebApiHuaweiClass::onAdminGet(AsyncWebServerRequest* request)
 {
-    if (!WebApi.checkCredentialsReadonly(request)) {
+    if (!WebApi.checkCredentials(request)) {
         return;
     }
-    
+
     AsyncJsonResponse* response = new AsyncJsonResponse();
     auto& root = response->getRoot();
     const CONFIG_T& config = Configuration.get();
@@ -167,7 +164,7 @@ void WebApiHuaweiClass::onAdminGet(AsyncWebServerRequest* request)
     root["voltage_limit"] = static_cast<int>(config.Huawei.Auto_Power_Voltage_Limit * 100) / 100.0;
     root["enable_voltage_limit"] = static_cast<int>(config.Huawei.Auto_Power_Enable_Voltage_Limit * 100) / 100.0;
     root["lower_power_limit"] = config.Huawei.Auto_Power_Lower_Power_Limit;
-    root["upper_power_limit"] = config.Huawei.Auto_Power_Upper_Power_Limit;   
+    root["upper_power_limit"] = config.Huawei.Auto_Power_Upper_Power_Limit;
     root["stop_batterysoc_threshold"] = config.Huawei.Auto_Power_Stop_BatterySoC_Threshold;
     root["target_power_consumption"] = config.Huawei.Auto_Power_Target_Power_Consumption;
 
@@ -213,7 +210,7 @@ void WebApiHuaweiClass::onAdminPost(AsyncWebServerRequest* request)
     config.Huawei.Auto_Power_Voltage_Limit = root["voltage_limit"].as<float>();
     config.Huawei.Auto_Power_Enable_Voltage_Limit = root["enable_voltage_limit"].as<float>();
     config.Huawei.Auto_Power_Lower_Power_Limit = root["lower_power_limit"].as<float>();
-    config.Huawei.Auto_Power_Upper_Power_Limit = root["upper_power_limit"].as<float>();    
+    config.Huawei.Auto_Power_Upper_Power_Limit = root["upper_power_limit"].as<float>();
     config.Huawei.Auto_Power_Stop_BatterySoC_Threshold = root["stop_batterysoc_threshold"];
     config.Huawei.Auto_Power_Target_Power_Consumption = root["target_power_consumption"];
 
diff --git a/src/WebApi_battery.cpp b/src/WebApi_battery.cpp
index a0badd3e..aa8040d7 100644
--- a/src/WebApi_battery.cpp
+++ b/src/WebApi_battery.cpp
@@ -52,6 +52,10 @@ void WebApiBatteryClass::onStatus(AsyncWebServerRequest* request)
 
 void WebApiBatteryClass::onAdminGet(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentials(request)) {
+        return;
+    }
+
     onStatus(request);
 }
 
diff --git a/src/WebApi_powermeter.cpp b/src/WebApi_powermeter.cpp
index b3276d4f..59297a0b 100644
--- a/src/WebApi_powermeter.cpp
+++ b/src/WebApi_powermeter.cpp
@@ -32,6 +32,10 @@ void WebApiPowerMeterClass::init(AsyncWebServer& server, Scheduler& scheduler)
 
 void WebApiPowerMeterClass::onStatus(AsyncWebServerRequest* request)
 {
+    if (!WebApi.checkCredentialsReadonly(request)) {
+        return;
+    }
+
     AsyncJsonResponse* response = new AsyncJsonResponse();
     auto& root = response->getRoot();
     const CONFIG_T& config = Configuration.get();