arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-19 23:22:16 +03:00
Code

make HTTP Update Server more secure (#2104)

Browse Source 
* make HTTP Update Server more secure

* added option for authentication
* added option to change the url for upload

* move to overloaded setup

* remove delay in both examples

* Get better result responses

* fix strings

interesting, the meta did not refresh if the successResponse is put in
"R"
This commit is contained in:
Me No Dev 2016-06-07 05:09:05 +03:00 committed by Ivan Grokhotkov
parent 32bd42b028
commit a7ced9cabb
4 changed files with 94 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
libraries/ESP8266HTTPUpdateServer/examples/SecureWebUpdater/SecureWebUpdater.ino Normal file
View File

@ -0,0 +1,45 @@
/*
To upload through terminal you can use: curl -F "image=@firmware.bin" esp8266-webupdate.local/update
*/
#include <ESP8266WiFi.h>
#include <WiFiClient.h>
#include <ESP8266WebServer.h>
#include <ESP8266mDNS.h>
#include <ESP8266HTTPUpdateServer.h>
const char* host = "esp8266-webupdate";
const char* update_path = "/firmware";
const char* update_username = "admin";
const char* update_password = "admin";
const char* ssid = "........";
const char* password = "........";
ESP8266WebServer httpServer(80);
ESP8266HTTPUpdateServer httpUpdater;
void setup(void){
Serial.begin(115200);
Serial.println();
Serial.println("Booting Sketch...");
WiFi.mode(WIFI_AP_STA);
WiFi.begin(ssid, password);
while(WiFi.waitForConnectResult() != WL_CONNECTED){
WiFi.begin(ssid, password);
Serial.println("WiFi failed, retrying.");
}
MDNS.begin(host);
httpUpdater.setup(&httpServer, update_path, update_username, update_password);
httpServer.begin();
MDNS.addService("http", "tcp", 80);
Serial.printf("HTTPUpdateServer ready! Open http://%s.local%s in your browser and login with username '%s' and password '%s'\n", host, update_path, update_username, update_password);
}
void loop(void){
httpServer.handleClient();
}

1
libraries/ESP8266HTTPUpdateServer/examples/WebUpdater/WebUpdater.ino
View File

@ -39,5 +39,4 @@ void setup(void){
void loop(void){ void loop(void){
httpServer.handleClient(); httpServer.handleClient();
delay(1);
} }

39
libraries/ESP8266HTTPUpdateServer/src/ESP8266HTTPUpdateServer.cpp
View File

@ -7,34 +7,41 @@
const char* ESP8266HTTPUpdateServer::_serverIndex = const char* ESP8266HTTPUpdateServer::_serverIndex =
R"(<html><body><form method='POST' action='/update' enctype='multipart/form-data'> R"(<html><body><form method='POST' action='' enctype='multipart/form-data'>
<input type='file' name='update'> <input type='file' name='update'>
<input type='submit' value='Update'> <input type='submit' value='Update'>
</form> </form>
</body></html>)"; </body></html>)";
const char* ESP8266HTTPUpdateServer::_failedResponse = R"(Update Failed!)";
const char* ESP8266HTTPUpdateServer::_successResponse = "<META http-equiv=\"refresh\" content=\"15;URL=\">Update Success! Rebooting...";
ESP8266HTTPUpdateServer::ESP8266HTTPUpdateServer(bool serial_debug) ESP8266HTTPUpdateServer::ESP8266HTTPUpdateServer(bool serial_debug)
{ {
_serial_output = serial_debug; _serial_output = serial_debug;
_server = NULL; _server = NULL;
_username = NULL;
_password = NULL;
_authenticated = false;
} }
void ESP8266HTTPUpdateServer::setup(ESP8266WebServer *server) void ESP8266HTTPUpdateServer::setup(ESP8266WebServer *server, const char * path, const char * username, const char * password)
{ {
_server = server; _server = server;
_username = (char *)username;
_password = (char *)password;
// handler for the /update form page // handler for the /update form page
_server->on("/update", HTTP_GET, [&](){ _server->on(path, HTTP_GET, [&](){
_server->sendHeader("Connection", "close"); if(_username != NULL && _password != NULL && !_server->authenticate(_username, _password))
_server->sendHeader("Access-Control-Allow-Origin", "*"); return _server->requestAuthentication();
_server->send(200, "text/html", _serverIndex); _server->send(200, "text/html", _serverIndex);
}); });
// handler for the /update form POST (once file upload finishes) // handler for the /update form POST (once file upload finishes)
_server->on("/update", HTTP_POST, [&](){ _server->on(path, HTTP_POST, [&](){
_server->sendHeader("Connection", "close"); if(!_authenticated)
_server->sendHeader("Access-Control-Allow-Origin", "*"); return _server->requestAuthentication();
_server->send(200, "text/html", (Update.hasError())?"FAIL":"<META http-equiv=\"refresh\" content=\"15;URL=/update\">OK"); _server->send(200, "text/html", Update.hasError() ? _failedResponse : _successResponse);
ESP.restart(); ESP.restart();
},[&](){ },[&](){
// handler for the file upload, get's the sketch bytes, and writes // handler for the file upload, get's the sketch bytes, and writes
@ -43,6 +50,14 @@ void ESP8266HTTPUpdateServer::setup(ESP8266WebServer *server)
if(upload.status == UPLOAD_FILE_START){ if(upload.status == UPLOAD_FILE_START){
if (_serial_output) if (_serial_output)
Serial.setDebugOutput(true); Serial.setDebugOutput(true);
_authenticated = (_username == NULL || _password == NULL || _server->authenticate(_username, _password));
if(!_authenticated){
if (_serial_output)
Serial.printf("Unauthenticated Update\n");
return;
}
WiFiUDP::stopAll(); WiFiUDP::stopAll();
if (_serial_output) if (_serial_output)
Serial.printf("Update: %s\n", upload.filename.c_str()); Serial.printf("Update: %s\n", upload.filename.c_str());
@ -50,20 +65,20 @@ void ESP8266HTTPUpdateServer::setup(ESP8266WebServer *server)
if(!Update.begin(maxSketchSpace)){//start with max available size if(!Update.begin(maxSketchSpace)){//start with max available size
if (_serial_output) Update.printError(Serial); if (_serial_output) Update.printError(Serial);
} }
} else if(upload.status == UPLOAD_FILE_WRITE){ } else if(_authenticated && upload.status == UPLOAD_FILE_WRITE){
if (_serial_output) Serial.printf("."); if (_serial_output) Serial.printf(".");
if(Update.write(upload.buf, upload.currentSize) != upload.currentSize){ if(Update.write(upload.buf, upload.currentSize) != upload.currentSize){
if (_serial_output) Update.printError(Serial); if (_serial_output) Update.printError(Serial);
} }
} else if(upload.status == UPLOAD_FILE_END){ } else if(_authenticated && upload.status == UPLOAD_FILE_END){
if(Update.end(true)){ //true to set the size to the current progress if(Update.end(true)){ //true to set the size to the current progress
if (_serial_output) Serial.printf("Update Success: %u\nRebooting...\n", upload.totalSize); if (_serial_output) Serial.printf("Update Success: %u\nRebooting...\n", upload.totalSize);
} else { } else {
if (_serial_output) Update.printError(Serial); if (_serial_output) Update.printError(Serial);
} }
if (_serial_output) Serial.setDebugOutput(false); if (_serial_output) Serial.setDebugOutput(false);
} else if(upload.status == UPLOAD_FILE_ABORTED){ } else if(_authenticated && upload.status == UPLOAD_FILE_ABORTED){
Update.end(); Update.end();
if (_serial_output) Serial.println("Update was aborted"); if (_serial_output) Serial.println("Update was aborted");
} }

23
libraries/ESP8266HTTPUpdateServer/src/ESP8266HTTPUpdateServer.h
View File

@ -9,9 +9,30 @@ class ESP8266HTTPUpdateServer
bool _serial_output; bool _serial_output;
ESP8266WebServer *_server; ESP8266WebServer *_server;
static const char *_serverIndex; static const char *_serverIndex;
static const char *_failedResponse;
static const char *_successResponse;
char * _username;
char * _password;
bool _authenticated;
public: public:
ESP8266HTTPUpdateServer(bool serial_debug=false); ESP8266HTTPUpdateServer(bool serial_debug=false);
void setup(ESP8266WebServer *server=NULL);
void setup(ESP8266WebServer *server)
{
setup(server, NULL, NULL);
}
void setup(ESP8266WebServer *server, const char * path)
{
setup(server, path, NULL, NULL);
}
void setup(ESP8266WebServer *server, const char * username, const char * password)
{
setup(server, "/update", username, password);
}
void setup(ESP8266WebServer *server, const char * path, const char * username, const char * password);
}; };