patrick/OpenDTU
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Password protection for firmware update API

Browse Source
This commit is contained in:
Thomas Basler 2022-11-07 19:02:07 +01:00
parent d63476c70e
commit 233efe3a50
3 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/WebApi_firmware.cpp
View File

@ -7,6 +7,7 @@
#include "AsyncJson.h"
#include "Configuration.h"
#include "Update.h"
#include "WebApi.h"
#include "helper.h"
void WebApiFirmwareClass::init(AsyncWebServer* server)
@ -31,6 +32,10 @@ void WebApiFirmwareClass::loop()
void WebApiFirmwareClass::onFirmwareUpdateFinish(AsyncWebServerRequest* request)
{
if (!WebApi.checkCredentials(request)) {
return;
}
// the request handler is triggered after the upload has finished...
// create the response, add header, and send response
@ -46,6 +51,10 @@ void WebApiFirmwareClass::onFirmwareUpdateFinish(AsyncWebServerRequest* request)
void WebApiFirmwareClass::onFirmwareUpdateUpload(AsyncWebServerRequest* request, String filename, size_t index, uint8_t* data, size_t len, bool final)
{
if (!WebApi.checkCredentials(request)) {
return;
}
// Upload handler chunks in data
if (!index) {
if (!request->hasParam("MD5", true)) {

3
webapp/src/router/index.ts
View File

@ -99,8 +99,7 @@ const router = createRouter({
router.beforeEach((to, from, next) => {
// redirect to login page if not logged in and trying to access a restricted page
const publicPages = ['/', '/login', '/about', '/info/network', '/info/system', '/info/ntp', '/info/mqtt',
'/firmware/upgrade', ];
const publicPages = ['/', '/login', '/about', '/info/network', '/info/system', '/info/ntp', '/info/mqtt', ];
const authRequired = !publicPages.includes(to.path);
const loggedIn = localStorage.getItem('user');

4
webapp/src/views/FirmwareUpgradeView.vue
View File

@ -77,6 +77,7 @@ import {
BIconArrowRepeat,
BIconCheckCircle
} from 'bootstrap-icons-vue';
import { authHeader } from '@/utils/authentication';
export default defineComponent({
components: {
@ -160,6 +161,9 @@ export default defineComponent({
formData.append("MD5", (md5 as string));
formData.append("firmware", this.file, "firmware");
request.open("post", "/api/firmware/update");
authHeader().forEach((value, key) => {
request.setRequestHeader(key, value);
});
request.send(formData);
})
.catch(() => {