patrick/OpenDTU-old
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Password protection for config settings API

Browse Source
This commit is contained in:
Thomas Basler 2022-11-07 18:48:02 +01:00
parent 7798854b2b
commit fe8b68d2be
3 changed files with 35 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/WebApi_config.cpp
View File

@ -6,6 +6,7 @@
#include "ArduinoJson.h"
#include "AsyncJson.h"
#include "Configuration.h"
#include "WebApi.h"
#include <LittleFS.h>
void WebApiConfigClass::init(AsyncWebServer* server)
@ -32,11 +33,19 @@ void WebApiConfigClass::loop()
void WebApiConfigClass::onConfigGet(AsyncWebServerRequest* request)
{
if (!WebApi.checkCredentials(request)) {
return;
}
request->send(LittleFS, CONFIG_FILENAME_JSON, String(), true);
}
void WebApiConfigClass::onConfigDelete(AsyncWebServerRequest* request)
{
if (!WebApi.checkCredentials(request)) {
return;
}
AsyncJsonResponse* response = new AsyncJsonResponse();
JsonObject retMsg = response->getRoot();
retMsg[F("type")] = F("warning");
@ -93,6 +102,10 @@ void WebApiConfigClass::onConfigDelete(AsyncWebServerRequest* request)
void WebApiConfigClass::onConfigUploadFinish(AsyncWebServerRequest* request)
{
if (!WebApi.checkCredentials(request)) {
return;
}
// the request handler is triggered after the upload has finished...
// create the response, add header, and send response
@ -108,6 +121,10 @@ void WebApiConfigClass::onConfigUploadFinish(AsyncWebServerRequest* request)
void WebApiConfigClass::onConfigUpload(AsyncWebServerRequest* request, String filename, size_t index, uint8_t* data, size_t len, bool final)
{
if (!WebApi.checkCredentials(request)) {
return;
}
if (!index) {
// open the file on first call and store the file handle in the request object
request->_tempFile = LittleFS.open(CONFIG_FILENAME_JSON, "w");

2
webapp/src/router/index.ts
View File

@ -100,7 +100,7 @@ const router = createRouter({
router.beforeEach((to, from, next) => {
// redirect to login page if not logged in and trying to access a restricted page
const publicPages = ['/', '/login', '/about', '/info/network', '/info/system', '/info/ntp', '/info/mqtt',
'/firmware/upgrade', '/settings/config', ];
'/firmware/upgrade', ];
const authRequired = !publicPages.includes(to.path);
const loggedIn = localStorage.getItem('user');

28
webapp/src/views/ConfigAdminView.vue
View File

@ -112,6 +112,7 @@ import {
} from 'bootstrap-icons-vue';
import * as bootstrap from 'bootstrap';
import BootstrapAlert from "@/components/BootstrapAlert.vue";
import { handleResponse, authHeader } from '@/utils/authentication';
export default defineComponent({
components: {
@ -152,15 +153,10 @@ export default defineComponent({
fetch("/api/config/delete", {
method: "POST",
headers: authHeader(),
body: formData,
})
.then(function (response) {
if (response.status != 200) {
throw response.status;
} else {
return response.json();
}
})
.then(handleResponse)
.then(
(response) => {
this.alertMessage = response.message;
@ -171,10 +167,17 @@ export default defineComponent({
this.modalFactoryReset.hide();
},
downloadConfig() {
const link = document.createElement('a')
link.href = "/api/config/get"
link.download = 'config.json'
link.click()
fetch("/api/config/get", { headers: authHeader() })
.then(res => res.blob())
.then(blob => {
var file = window.URL.createObjectURL(blob);
var a = document.createElement('a');
a.href = file;
a.download = "config.json";
document.body.appendChild(a);
a.click();
a.remove();
});
},
uploadConfig(event: Event | null) {
this.uploading = true;
@ -206,6 +209,9 @@ export default defineComponent({
formData.append("config", this.file, "config");
request.open("post", "/api/config/upload");
authHeader().forEach((value, key) => {
request.setRequestHeader(key, value);
});
request.send(formData);
},
clear() {