Password protection for inverter settings API
This commit is contained in:
Thomas Basler
parent
902e632f51
commit
a646eae51a
@ -8,6 +8,7 @@
|
|||||||
#include "Configuration.h"
|
#include "Configuration.h"
|
||||||
#include "Hoymiles.h"
|
#include "Hoymiles.h"
|
||||||
#include "MqttHassPublishing.h"
|
#include "MqttHassPublishing.h"
|
||||||
|
#include "WebApi.h"
|
||||||
#include "helper.h"
|
#include "helper.h"
|
||||||
|
|
||||||
void WebApiInverterClass::init(AsyncWebServer* server)
|
void WebApiInverterClass::init(AsyncWebServer* server)
|
||||||
@ -28,6 +29,10 @@ void WebApiInverterClass::loop()
|
|||||||
|
|
||||||
void WebApiInverterClass::onInverterList(AsyncWebServerRequest* request)
|
void WebApiInverterClass::onInverterList(AsyncWebServerRequest* request)
|
||||||
{
|
{
|
||||||
|
if (!WebApi.checkCredentials(request)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
AsyncJsonResponse* response = new AsyncJsonResponse(false, 4096U);
|
AsyncJsonResponse* response = new AsyncJsonResponse(false, 4096U);
|
||||||
JsonObject root = response->getRoot();
|
JsonObject root = response->getRoot();
|
||||||
JsonArray data = root.createNestedArray(F("inverter"));
|
JsonArray data = root.createNestedArray(F("inverter"));
|
||||||
@ -66,6 +71,10 @@ void WebApiInverterClass::onInverterList(AsyncWebServerRequest* request)
|
|||||||
|
|
||||||
void WebApiInverterClass::onInverterAdd(AsyncWebServerRequest* request)
|
void WebApiInverterClass::onInverterAdd(AsyncWebServerRequest* request)
|
||||||
{
|
{
|
||||||
|
if (!WebApi.checkCredentials(request)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
AsyncJsonResponse* response = new AsyncJsonResponse();
|
AsyncJsonResponse* response = new AsyncJsonResponse();
|
||||||
JsonObject retMsg = response->getRoot();
|
JsonObject retMsg = response->getRoot();
|
||||||
retMsg[F("type")] = F("warning");
|
retMsg[F("type")] = F("warning");
|
||||||
@ -151,6 +160,10 @@ void WebApiInverterClass::onInverterAdd(AsyncWebServerRequest* request)
|
|||||||
|
|
||||||
void WebApiInverterClass::onInverterEdit(AsyncWebServerRequest* request)
|
void WebApiInverterClass::onInverterEdit(AsyncWebServerRequest* request)
|
||||||
{
|
{
|
||||||
|
if (!WebApi.checkCredentials(request)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
AsyncJsonResponse* response = new AsyncJsonResponse();
|
AsyncJsonResponse* response = new AsyncJsonResponse();
|
||||||
JsonObject retMsg = response->getRoot();
|
JsonObject retMsg = response->getRoot();
|
||||||
retMsg[F("type")] = F("warning");
|
retMsg[F("type")] = F("warning");
|
||||||
@ -265,6 +278,10 @@ void WebApiInverterClass::onInverterEdit(AsyncWebServerRequest* request)
|
|||||||
|
|
||||||
void WebApiInverterClass::onInverterDelete(AsyncWebServerRequest* request)
|
void WebApiInverterClass::onInverterDelete(AsyncWebServerRequest* request)
|
||||||
{
|
{
|
||||||
|
if (!WebApi.checkCredentials(request)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
AsyncJsonResponse* response = new AsyncJsonResponse();
|
AsyncJsonResponse* response = new AsyncJsonResponse();
|
||||||
JsonObject retMsg = response->getRoot();
|
JsonObject retMsg = response->getRoot();
|
||||||
retMsg[F("type")] = F("warning");
|
retMsg[F("type")] = F("warning");
|
||||||
|
|||||||
@ -100,7 +100,7 @@ const router = createRouter({
|
|||||||
router.beforeEach((to, from, next) => {
|
router.beforeEach((to, from, next) => {
|
||||||
// redirect to login page if not logged in and trying to access a restricted page
|
// redirect to login page if not logged in and trying to access a restricted page
|
||||||
const publicPages = ['/', '/login', '/about', '/info/network', '/info/system', '/info/ntp', '/info/mqtt',
|
const publicPages = ['/', '/login', '/about', '/info/network', '/info/system', '/info/ntp', '/info/mqtt',
|
||||||
'/settings/inverter', '/firmware/upgrade', '/settings/config', ];
|
'/firmware/upgrade', '/settings/config', ];
|
||||||
const authRequired = !publicPages.includes(to.path);
|
const authRequired = !publicPages.includes(to.path);
|
||||||
const loggedIn = localStorage.getItem('user');
|
const loggedIn = localStorage.getItem('user');
|
||||||
|
|
||||||
|
|||||||
@ -147,6 +147,7 @@ import {
|
|||||||
} from 'bootstrap-icons-vue';
|
} from 'bootstrap-icons-vue';
|
||||||
import * as bootstrap from 'bootstrap';
|
import * as bootstrap from 'bootstrap';
|
||||||
import BootstrapAlert from "@/components/BootstrapAlert.vue";
|
import BootstrapAlert from "@/components/BootstrapAlert.vue";
|
||||||
|
import { handleResponse, authHeader } from '@/utils/authentication';
|
||||||
|
|
||||||
declare interface Inverter {
|
declare interface Inverter {
|
||||||
id: string,
|
id: string,
|
||||||
@ -196,8 +197,8 @@ export default defineComponent({
|
|||||||
methods: {
|
methods: {
|
||||||
getInverters() {
|
getInverters() {
|
||||||
this.dataLoading = true;
|
this.dataLoading = true;
|
||||||
fetch("/api/inverter/list")
|
fetch("/api/inverter/list", { headers: authHeader() })
|
||||||
.then((response) => response.json())
|
.then(handleResponse)
|
||||||
.then((data) => {
|
.then((data) => {
|
||||||
this.inverters = data.inverter;
|
this.inverters = data.inverter;
|
||||||
this.dataLoading = false;
|
this.dataLoading = false;
|
||||||
@ -209,15 +210,10 @@ export default defineComponent({
|
|||||||
|
|
||||||
fetch("/api/inverter/add", {
|
fetch("/api/inverter/add", {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
|
headers: authHeader(),
|
||||||
body: formData,
|
body: formData,
|
||||||
})
|
})
|
||||||
.then(function (response) {
|
.then(handleResponse)
|
||||||
if (response.status != 200) {
|
|
||||||
throw response.status;
|
|
||||||
} else {
|
|
||||||
return response.json();
|
|
||||||
}
|
|
||||||
})
|
|
||||||
.then(
|
.then(
|
||||||
(response) => {
|
(response) => {
|
||||||
this.alertMessage = response.message;
|
this.alertMessage = response.message;
|
||||||
@ -250,15 +246,10 @@ export default defineComponent({
|
|||||||
|
|
||||||
fetch("/api/inverter/del", {
|
fetch("/api/inverter/del", {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
|
headers: authHeader(),
|
||||||
body: formData,
|
body: formData,
|
||||||
})
|
})
|
||||||
.then(function (response) {
|
.then(handleResponse)
|
||||||
if (response.status != 200) {
|
|
||||||
throw response.status;
|
|
||||||
} else {
|
|
||||||
return response.json();
|
|
||||||
}
|
|
||||||
})
|
|
||||||
.then(
|
.then(
|
||||||
(response) => {
|
(response) => {
|
||||||
this.alertMessage = response.message;
|
this.alertMessage = response.message;
|
||||||
@ -295,15 +286,10 @@ export default defineComponent({
|
|||||||
|
|
||||||
fetch("/api/inverter/edit", {
|
fetch("/api/inverter/edit", {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
|
headers: authHeader(),
|
||||||
body: formData,
|
body: formData,
|
||||||
})
|
})
|
||||||
.then(function (response) {
|
.then(handleResponse)
|
||||||
if (response.status != 200) {
|
|
||||||
throw response.status;
|
|
||||||
} else {
|
|
||||||
return response.json();
|
|
||||||
}
|
|
||||||
})
|
|
||||||
.then(
|
.then(
|
||||||
(response) => {
|
(response) => {
|
||||||
this.alertMessage = response.message;
|
this.alertMessage = response.message;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user