patrick/OpenDTU
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Password protection for ntp settings API

Browse Source
This commit is contained in:
Thomas Basler 2022-11-03 21:20:12 +01:00
parent e605e42c3e
commit 3a2f73a2b3
3 changed files with 27 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/WebApi_ntp.cpp
View File

@ -7,6 +7,7 @@
#include "AsyncJson.h" #include "AsyncJson.h"
#include "Configuration.h" #include "Configuration.h"
#include "NtpSettings.h" #include "NtpSettings.h"
#include "WebApi.h"
#include "helper.h" #include "helper.h"
void WebApiNtpClass::init(AsyncWebServer* server) void WebApiNtpClass::init(AsyncWebServer* server)
@ -52,6 +53,10 @@ void WebApiNtpClass::onNtpStatus(AsyncWebServerRequest* request)
void WebApiNtpClass::onNtpAdminGet(AsyncWebServerRequest* request) void WebApiNtpClass::onNtpAdminGet(AsyncWebServerRequest* request)
{ {
if (!WebApi.checkCredentials(request)) {
return;
}
AsyncJsonResponse* response = new AsyncJsonResponse(); AsyncJsonResponse* response = new AsyncJsonResponse();
JsonObject root = response->getRoot(); JsonObject root = response->getRoot();
const CONFIG_T& config = Configuration.get(); const CONFIG_T& config = Configuration.get();
@ -66,6 +71,10 @@ void WebApiNtpClass::onNtpAdminGet(AsyncWebServerRequest* request)
void WebApiNtpClass::onNtpAdminPost(AsyncWebServerRequest* request) void WebApiNtpClass::onNtpAdminPost(AsyncWebServerRequest* request)
{ {
if (!WebApi.checkCredentials(request)) {
return;
}
AsyncJsonResponse* response = new AsyncJsonResponse(); AsyncJsonResponse* response = new AsyncJsonResponse();
JsonObject retMsg = response->getRoot(); JsonObject retMsg = response->getRoot();
retMsg[F("type")] = F("warning"); retMsg[F("type")] = F("warning");
@ -142,6 +151,10 @@ void WebApiNtpClass::onNtpAdminPost(AsyncWebServerRequest* request)
void WebApiNtpClass::onNtpTimeGet(AsyncWebServerRequest* request) void WebApiNtpClass::onNtpTimeGet(AsyncWebServerRequest* request)
{ {
if (!WebApi.checkCredentials(request)) {
return;
}
AsyncJsonResponse* response = new AsyncJsonResponse(); AsyncJsonResponse* response = new AsyncJsonResponse();
JsonObject root = response->getRoot(); JsonObject root = response->getRoot();
@ -165,6 +178,10 @@ void WebApiNtpClass::onNtpTimeGet(AsyncWebServerRequest* request)
void WebApiNtpClass::onNtpTimePost(AsyncWebServerRequest* request) void WebApiNtpClass::onNtpTimePost(AsyncWebServerRequest* request)
{ {
if (!WebApi.checkCredentials(request)) {
return;
}
AsyncJsonResponse* response = new AsyncJsonResponse(); AsyncJsonResponse* response = new AsyncJsonResponse();
JsonObject retMsg = response->getRoot(); JsonObject retMsg = response->getRoot();
retMsg[F("type")] = F("warning"); retMsg[F("type")] = F("warning");

2
webapp/src/router/index.ts
View File

@ -100,7 +100,7 @@ const router = createRouter({
router.beforeEach((to, from, next) => { router.beforeEach((to, from, next) => {
// redirect to login page if not logged in and trying to access a restricted page // redirect to login page if not logged in and trying to access a restricted page
const publicPages = ['/', '/login', '/about', '/info/network', '/info/system', '/info/ntp', '/info/mqtt', const publicPages = ['/', '/login', '/about', '/info/network', '/info/system', '/info/ntp', '/info/mqtt',
'/settings/ntp', '/settings/mqtt', '/settings/inverter', '/firmware/upgrade', '/settings/config', ]; '/settings/mqtt', '/settings/inverter', '/firmware/upgrade', '/settings/config', ];
const authRequired = !publicPages.includes(to.path); const authRequired = !publicPages.includes(to.path);
const loggedIn = localStorage.getItem('user'); const loggedIn = localStorage.getItem('user');

27
webapp/src/views/NtpAdminView.vue
View File

@ -75,6 +75,7 @@
import { defineComponent } from 'vue'; import { defineComponent } from 'vue';
import BasePage from '@/components/BasePage.vue'; import BasePage from '@/components/BasePage.vue';
import BootstrapAlert from "@/components/BootstrapAlert.vue"; import BootstrapAlert from "@/components/BootstrapAlert.vue";
import { handleResponse, authHeader } from '@/utils/authentication';
import type { NtpConfig } from "@/types/NtpConfig"; import type { NtpConfig } from "@/types/NtpConfig";
export default defineComponent({ export default defineComponent({
@ -127,8 +128,8 @@ export default defineComponent({
}, },
getNtpConfig() { getNtpConfig() {
this.dataLoading = true; this.dataLoading = true;
fetch("/api/ntp/config") fetch("/api/ntp/config", { headers: authHeader() })
.then((response) => response.json()) .then(handleResponse)
.then( .then(
(data) => { (data) => {
this.ntpConfigList = data; this.ntpConfigList = data;
@ -142,8 +143,8 @@ export default defineComponent({
}, },
getCurrentTime() { getCurrentTime() {
this.dataLoading = true; this.dataLoading = true;
fetch("/api/ntp/time") fetch("/api/ntp/time", { headers: authHeader() })
.then((response) => response.json()) .then(handleResponse)
.then( .then(
(data) => { (data) => {
this.mcuTime = new Date( this.mcuTime = new Date(
@ -168,15 +169,10 @@ export default defineComponent({
fetch("/api/ntp/time", { fetch("/api/ntp/time", {
method: "POST", method: "POST",
headers: authHeader(),
body: formData, body: formData,
}) })
.then(function (response) { .then(handleResponse)
if (response.status != 200) {
throw response.status;
} else {
return response.json();
}
})
.then( .then(
(response) => { (response) => {
this.alertMessage = response.message; this.alertMessage = response.message;
@ -196,15 +192,10 @@ export default defineComponent({
fetch("/api/ntp/config", { fetch("/api/ntp/config", {
method: "POST", method: "POST",
headers: authHeader(),
body: formData, body: formData,
}) })
.then(function (response) { .then(handleResponse)
if (response.status != 200) {
throw response.status;
} else {
return response.json();
}
})
.then( .then(
(response) => { (response) => {
this.alertMessage = response.message; this.alertMessage = response.message;