// SPDX-License-Identifier: GPL-2.0-or-later /* * Copyright (C) 2022 Thomas Basler and others */ #include "WebApi_security.h" #include "Configuration.h" #include "WebApi.h" #include "WebApi_errors.h" #include "helper.h" #include void WebApiSecurityClass::init(AsyncWebServer* server) { using std::placeholders::_1; _server = server; _server->on("/api/security/config", HTTP_GET, std::bind(&WebApiSecurityClass::onSecurityGet, this, _1)); _server->on("/api/security/config", HTTP_POST, std::bind(&WebApiSecurityClass::onSecurityPost, this, _1)); _server->on("/api/security/authenticate", HTTP_GET, std::bind(&WebApiSecurityClass::onAuthenticateGet, this, _1)); } void WebApiSecurityClass::loop() { } void WebApiSecurityClass::onSecurityGet(AsyncWebServerRequest* request) { if (!WebApi.checkCredentials(request)) { return; } AsyncJsonResponse* response = new AsyncJsonResponse(); JsonObject root = response->getRoot(); const CONFIG_T& config = Configuration.get(); root[F("password")] = config.Security_Password; root[F("allow_readonly")] = config.Security_AllowReadonly; response->setLength(); request->send(response); } void WebApiSecurityClass::onSecurityPost(AsyncWebServerRequest* request) { if (!WebApi.checkCredentials(request)) { return; } AsyncJsonResponse* response = new AsyncJsonResponse(); JsonObject retMsg = response->getRoot(); retMsg[F("type")] = F("warning"); if (!request->hasParam("data", true)) { retMsg[F("message")] = F("No values found!"); retMsg[F("code")] = WebApiError::GenericNoValueFound; response->setLength(); request->send(response); return; } String json = request->getParam("data", true)->value(); if (json.length() > 1024) { retMsg[F("message")] = F("Data too large!"); retMsg[F("code")] = WebApiError::GenericDataTooLarge; response->setLength(); request->send(response); return; } DynamicJsonDocument root(1024); DeserializationError error = deserializeJson(root, json); if (error) { retMsg[F("message")] = F("Failed to parse data!"); retMsg[F("code")] = WebApiError::GenericParseError; response->setLength(); request->send(response); return; } if (!root.containsKey("password") && root.containsKey("allow_readonly")) { retMsg[F("message")] = F("Values are missing!"); retMsg[F("code")] = WebApiError::GenericValueMissing; response->setLength(); request->send(response); return; } if (root[F("password")].as().length() < 8 || root[F("password")].as().length() > WIFI_MAX_PASSWORD_STRLEN) { retMsg[F("message")] = F("Password must between 8 and " STR(WIFI_MAX_PASSWORD_STRLEN) " characters long!"); retMsg[F("code")] = WebApiError::SecurityPasswordLength; retMsg[F("param")][F("max")] = WIFI_MAX_PASSWORD_STRLEN; response->setLength(); request->send(response); return; } CONFIG_T& config = Configuration.get(); strlcpy(config.Security_Password, root[F("password")].as().c_str(), sizeof(config.Security_Password)); config.Security_AllowReadonly = root[F("allow_readonly")].as(); Configuration.write(); retMsg[F("type")] = F("success"); retMsg[F("message")] = F("Settings saved!"); retMsg[F("code")] = WebApiError::GenericSuccess; response->setLength(); request->send(response); } void WebApiSecurityClass::onAuthenticateGet(AsyncWebServerRequest* request) { if (!WebApi.checkCredentials(request)) { return; } AsyncJsonResponse* response = new AsyncJsonResponse(); JsonObject retMsg = response->getRoot(); retMsg[F("type")] = F("success"); retMsg[F("message")] = F("Authentication successfull!"); retMsg[F("code")] = WebApiError::SecurityAuthSuccess; response->setLength(); request->send(response); }