From f5971fcfa945fbdd4f04028260c81966db30b726 Mon Sep 17 00:00:00 2001 From: softwarecrash Date: Wed, 1 Nov 2023 22:57:07 +0100 Subject: [PATCH] add WebUI basic auth --- src/Settings.h | 14 +++++++++++++- src/htmlProzessor.h | 4 ++++ src/main.cpp | 14 ++++++++++++++ src/webpages/HTML_SETTINGS_EDIT.html | 11 +++++++++++ 4 files changed, 42 insertions(+), 1 deletion(-) diff --git a/src/Settings.h b/src/Settings.h index 43337b2..ba7abaf 100644 --- a/src/Settings.h +++ b/src/Settings.h @@ -8,7 +8,7 @@ class Settings { // change eeprom config version ONLY when new parameter is added and need reset the parameter - unsigned int configVersion = 10; + unsigned int configVersion = 11; public: String deviceNameStr; @@ -26,6 +26,8 @@ class Settings unsigned int deviceQuantity; // Quantity of Devices bool mqttJson; // switch between classic mqtt and json bool webUIdarkmode; // Flag for color mode in webUI + char httpUser[40]; // http basic auth username + char httpPass[40]; // http basic auth password } data; void load() @@ -103,6 +105,14 @@ class Settings { data.webUIdarkmode = false; } + if (strlen(data.httpUser) == 0 || strlen(data.httpUser) >= 40) + { + strcpy(data.httpUser, ""); + } + if (strlen(data.httpPass) == 0 || strlen(data.httpPass) >= 40) + { + strcpy(data.httpPass, ""); + } } void coVersCheck() { @@ -120,6 +130,8 @@ class Settings data.mqttRefresh = 300; data.mqttJson = false; data.webUIdarkmode = false; + strcpy(data.httpUser, ""); + strcpy(data.httpPass, ""); save(); load(); diff --git a/src/htmlProzessor.h b/src/htmlProzessor.h index 27883d6..f6a9c63 100644 --- a/src/htmlProzessor.h +++ b/src/htmlProzessor.h @@ -38,5 +38,9 @@ String htmlProcessor(const String &var) return (_settings.data.webUIdarkmode ? "dark" : "light"); if (var == F("pre_webuidarkmode")) return (_settings.data.webUIdarkmode ? "checked" : ""); + if (var == F("pre_http_user")) + return (_settings.data.httpUser); + if (var == F("pre_http_pass")) + return (_settings.data.httpPass); return String(); } diff --git a/src/main.cpp b/src/main.cpp index 9bd3c97..e097ae8 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -234,17 +234,20 @@ void setup() server.on("/", HTTP_GET, [](AsyncWebServerRequest *request) { + if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication(); AsyncWebServerResponse *response = request->beginResponse_P(200, "text/html", HTML_MAIN, htmlProcessor); request->send(response); }); server.on("/livejson", HTTP_GET, [](AsyncWebServerRequest *request) { + if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication(); AsyncResponseStream *response = request->beginResponseStream("application/json"); serializeJson(liveJson, *response); request->send(response); }); server.on("/reboot", HTTP_GET, [](AsyncWebServerRequest *request) { + if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication(); AsyncWebServerResponse *response = request->beginResponse_P(200, "text/html", HTML_REBOOT, htmlProcessor); request->send(response); restartNow = true; @@ -252,11 +255,13 @@ void setup() server.on("/confirmreset", HTTP_GET, [](AsyncWebServerRequest *request) { + if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication(); AsyncWebServerResponse *response = request->beginResponse_P(200, "text/html", HTML_CONFIRM_RESET, htmlProcessor); request->send(response); }); server.on("/reset", HTTP_GET, [](AsyncWebServerRequest *request) { + if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication(); AsyncWebServerResponse *response = request->beginResponse(200, "text/plain", "Device is Erasing..."); response->addHeader("Refresh", "15; url=/"); response->addHeader("Connection", "close"); @@ -268,16 +273,19 @@ void setup() server.on("/settings", HTTP_GET, [](AsyncWebServerRequest *request) { + if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication(); AsyncWebServerResponse *response = request->beginResponse_P(200, "text/html", HTML_SETTINGS, htmlProcessor); request->send(response); }); server.on("/settingsedit", HTTP_GET, [](AsyncWebServerRequest *request) { + if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication(); AsyncWebServerResponse *response = request->beginResponse_P(200, "text/html", HTML_SETTINGS_EDIT, htmlProcessor); request->send(response); }); server.on("/settingssave", HTTP_POST, [](AsyncWebServerRequest *request) { + if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication(); strncpy(_settings.data.mqttServer, request->arg("post_mqttServer").c_str(), 40); _settings.data.mqttPort = request->arg("post_mqttPort").toInt(); strncpy(_settings.data.mqttUser, request->arg("post_mqttUser").c_str(), 40); @@ -289,11 +297,16 @@ void setup() _settings.data.mqttJson = (request->arg("post_mqttjson") == "true") ? true : false; strncpy(_settings.data.mqttTriggerPath, request->arg("post_mqtttrigger").c_str(), 80); _settings.data.webUIdarkmode = (request->arg("post_webuicolormode") == "true") ? true : false; + + strncpy(_settings.data.httpUser, request->arg("post_httpUser").c_str(), 40); + strncpy(_settings.data.httpPass, request->arg("post_httpPass").c_str(), 40); + _settings.save(); request->redirect("/reboot"); }); server.on("/set", HTTP_GET, [](AsyncWebServerRequest *request) { + if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication(); AsyncWebParameter *p = request->getParam(0); String resultMsg = "message received"; if (p->name() == "datetime") @@ -357,6 +370,7 @@ void setup() server.on( "/update", HTTP_POST, [](AsyncWebServerRequest *request) { + if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication(); //https://gist.github.com/JMishou/60cb762047b735685e8a09cd2eb42a60 // the request handler is triggered after the upload has finished... // create the response, add header, and send response diff --git a/src/webpages/HTML_SETTINGS_EDIT.html b/src/webpages/HTML_SETTINGS_EDIT.html index 9b89713..a1ca81c 100644 --- a/src/webpages/HTML_SETTINGS_EDIT.html +++ b/src/webpages/HTML_SETTINGS_EDIT.html @@ -63,6 +63,17 @@

Edit Configuration

+
+ HTTP Username + +
+
+ HTTP Password + +
+