From 9116052ecb02e7894f69239dcee716b74f1761dd Mon Sep 17 00:00:00 2001 From: bogd Date: Tue, 24 Oct 2023 12:39:20 +0200 Subject: [PATCH] added basic authorization to the POST requests, removed var zize definitions from old API --- include/HTTPServer.h | 4 ---- include/SystemApplication.h | 2 +- src/HTTPServer.c | 19 +++++++++++++++---- src/RestApiHandler.c | 36 ++++++++++++++++++------------------ 4 files changed, 34 insertions(+), 27 deletions(-) diff --git a/include/HTTPServer.h b/include/HTTPServer.h index a4ffc88..0a6c9c6 100644 --- a/include/HTTPServer.h +++ b/include/HTTPServer.h @@ -43,10 +43,6 @@ #include "mbedtls/base64.h" #include "SystemApplication.h" -#define MAX_DYNVAR_NAME_LENGTH 32 -#define MAX_DYNVAR_LENGTH 256 -#define MAX_INCFILE_LENGTH 1024 - /* Max length a file path can have on storage */ #define FILE_PATH_MAX (ESP_VFS_PATH_MAX + CONFIG_SPIFFS_OBJ_NAME_LEN) #define MAX_FILE_SIZE (200*1024) // 200 KB diff --git a/include/SystemApplication.h b/include/SystemApplication.h index 9238aee..adaad33 100644 --- a/include/SystemApplication.h +++ b/include/SystemApplication.h @@ -31,7 +31,7 @@ #define REAST_API_DEBUG_MODE 0 #define EXPECTED_MAX_DATA_SIZE (4096) -#define VAR_MAX_NAME_LENGTH MAX_DYNVAR_NAME_LENGTH +#define VAR_MAX_NAME_LENGTH (32) #define VAR_MAX_VALUE_LENGTH (2048) #define PAYLOAD_ERROR 0 diff --git a/src/HTTPServer.c b/src/HTTPServer.c index 5c05e11..471802e 100644 --- a/src/HTTPServer.c +++ b/src/HTTPServer.c @@ -188,13 +188,13 @@ static esp_err_t POSTHandler(httpd_req_t *req) int received; int remaining = req->content_len; buf[req->content_len] = 0x00; - HTTP_IO_RESULT http_res; while (remaining > 0) { #if HTTP_SERVER_DEBUG_LEVEL > 0 ESP_LOGI(TAG, "Remaining size : %d", remaining); #endif /* Receive the file part by part into a buffer */ + if ((received = httpd_req_recv(req, buf, MIN(remaining, SCRATCH_BUFSIZE))) <= 0) { @@ -218,13 +218,24 @@ static esp_err_t POSTHandler(httpd_req_t *req) char filepath[FILE_PATH_MAX]; const char *filename; + //check auth for all files + if (CheckAuth(req) != ESP_OK) + { + return ESP_FAIL; + } + filename = get_path_from_uri(filepath, ((struct file_server_data*) req->user_ctx)->base_path, req->uri, sizeof(filepath)); - http_res = HTTP_IO_DONE; + if (!memcmp(filename, url_api, sizeof(url_api))) - http_res = HTTPPostSysAPI(req, buf); + HTTPPostSysAPI(req, buf); + else + { + httpd_resp_send_err(req, HTTPD_404_NOT_FOUND, "URL not found"); + return ESP_FAIL; + } } @@ -301,7 +312,7 @@ static esp_err_t GETHandler2(httpd_req_t *req) /*Check if content of file is compressed*/ char file_header[3]; espfs_fread(file, file_header, 3); - if(!memcmp(file_header, GZIP_SIGN, 3)) + if (!memcmp(file_header, GZIP_SIGN, 3)) { httpd_resp_set_hdr(req, "Content-Encoding", "gzip"); } diff --git a/src/RestApiHandler.c b/src/RestApiHandler.c index d975428..3efb386 100644 --- a/src/RestApiHandler.c +++ b/src/RestApiHandler.c @@ -43,7 +43,7 @@ void SetAppVars(rest_var_t *appvars, int size) static void PrintInterfaceState(char *argres, int rw, esp_netif_t *netif) { - snprintf(argres, MAX_DYNVAR_LENGTH, + snprintf(argres, VAR_MAX_VALUE_LENGTH, (netif != NULL && esp_netif_is_netif_up(netif)) ? "\"CONNECTED\"" : "\"DISCONNECTED\""); } @@ -71,11 +71,11 @@ static void funct_gsm_stat(char *argres, int rw) static void funct_mqtt_1_stat(char *argres, int rw) { - snprintf(argres, MAX_DYNVAR_LENGTH, (GetMQTT1Connected()) ? "\"CONNECTED\"" : "\"DISCONNECTED\""); + snprintf(argres, VAR_MAX_VALUE_LENGTH, (GetMQTT1Connected()) ? "\"CONNECTED\"" : "\"DISCONNECTED\""); } static void funct_mqtt_2_stat(char *argres, int rw) { - snprintf(argres, MAX_DYNVAR_LENGTH, (GetMQTT2Connected()) ? "\"CONNECTED\"" : "\"DISCONNECTED\""); + snprintf(argres, VAR_MAX_VALUE_LENGTH, (GetMQTT2Connected()) ? "\"CONNECTED\"" : "\"DISCONNECTED\""); } static void funct_mqtt_1_test(char *argres, int rw) { @@ -102,63 +102,63 @@ static void funct_time(char *argres, int rw) { time_t now; time(&now); - snprintf(argres, MAX_DYNVAR_LENGTH, "%d", (int) now); + snprintf(argres, VAR_MAX_VALUE_LENGTH, "%d", (int) now); } static void funct_uptime(char *argres, int rw) { - snprintf(argres, MAX_DYNVAR_LENGTH, "%d", (int) GetUpTime()); + snprintf(argres, VAR_MAX_VALUE_LENGTH, "%d", (int) GetUpTime()); } static void funct_wifi_level(char *argres, int rw) { wifi_ap_record_t wifi; if (esp_wifi_sta_get_ap_info(&wifi) == ESP_OK) - snprintf(argres, MAX_DYNVAR_LENGTH, "\"%ddBm\"", wifi.rssi); + snprintf(argres, VAR_MAX_VALUE_LENGTH, "\"%ddBm\"", wifi.rssi); else - snprintf(argres, MAX_DYNVAR_LENGTH, "\"-\""); + snprintf(argres, VAR_MAX_VALUE_LENGTH, "\"-\""); } static void funct_fram(char *argres, int rw) { - snprintf(argres, MAX_DYNVAR_LENGTH, "%d", (int) esp_get_free_heap_size()); + snprintf(argres, VAR_MAX_VALUE_LENGTH, "%d", (int) esp_get_free_heap_size()); } static void funct_fram_min(char *argres, int rw) { - snprintf(argres, MAX_DYNVAR_LENGTH, "%d", (int) esp_get_minimum_free_heap_size()); + snprintf(argres, VAR_MAX_VALUE_LENGTH, "%d", (int) esp_get_minimum_free_heap_size()); } static void funct_idf_ver(char *argres, int rw) { esp_app_desc_t cur_app_info; if (esp_ota_get_partition_description(esp_ota_get_running_partition(), &cur_app_info) == ESP_OK) - snprintf(argres, MAX_DYNVAR_LENGTH, "\"%s\"", cur_app_info.idf_ver); + snprintf(argres, VAR_MAX_VALUE_LENGTH, "\"%s\"", cur_app_info.idf_ver); else - snprintf(argres, MAX_DYNVAR_LENGTH, "%s", "ESP_ERR_NOT_SUPPORTED"); + snprintf(argres, VAR_MAX_VALUE_LENGTH, "%s", "ESP_ERR_NOT_SUPPORTED"); } static void funct_fw_ver(char *argres, int rw) { esp_app_desc_t cur_app_info; if (esp_ota_get_partition_description(esp_ota_get_running_partition(), &cur_app_info) == ESP_OK) - snprintf(argres, MAX_DYNVAR_LENGTH, "\"%s\"", cur_app_info.version); + snprintf(argres, VAR_MAX_VALUE_LENGTH, "\"%s\"", cur_app_info.version); else - snprintf(argres, MAX_DYNVAR_LENGTH, "%s", "ESP_ERR_NOT_SUPPORTED"); + snprintf(argres, VAR_MAX_VALUE_LENGTH, "%s", "ESP_ERR_NOT_SUPPORTED"); } static void funct_build_date(char *argres, int rw) { esp_app_desc_t cur_app_info; if (esp_ota_get_partition_description(esp_ota_get_running_partition(), &cur_app_info) == ESP_OK) - snprintf(argres, MAX_DYNVAR_LENGTH, "\"%s %s\"", cur_app_info.date, cur_app_info.time); + snprintf(argres, VAR_MAX_VALUE_LENGTH, "\"%s %s\"", cur_app_info.date, cur_app_info.time); else - snprintf(argres, MAX_DYNVAR_LENGTH, "%s", "ESP_ERR_NOT_SUPPORTED"); + snprintf(argres, VAR_MAX_VALUE_LENGTH, "%s", "ESP_ERR_NOT_SUPPORTED"); } static void PrintMACFromInterface(char *argres, int rw, esp_netif_t *netif) { uint8_t mac_addr[6] = { 0 }; esp_netif_get_mac(netif, mac_addr); - snprintf(argres, MAX_DYNVAR_LENGTH, "\"%02x-%02x-%02x-%02x-%02x-%02x\"", + snprintf(argres, VAR_MAX_VALUE_LENGTH, "\"%02x-%02x-%02x-%02x-%02x-%02x\"", mac_addr[0], mac_addr[1], mac_addr[2], @@ -274,7 +274,7 @@ static void funct_ota_start(char *argres, int rw) } static void funct_ota_newver(char *argres, int rw) { - snprintf(argres, MAX_DYNVAR_LENGTH, "\"%s\"", GetAvailVersion()); + snprintf(argres, VAR_MAX_VALUE_LENGTH, "\"%s\"", GetAvailVersion()); } //CRON implementation BEGIN @@ -338,7 +338,7 @@ static void funct_exec(char *argres, int rw) if (rw) ExecCommand(argres); else - snprintf(argres, MAX_DYNVAR_LENGTH, "\"EXECUTED\""); + snprintf(argres, VAR_MAX_VALUE_LENGTH, "\"EXECUTED\""); } const int hw_rev = CONFIG_BOARD_HARDWARE_REVISION;