andry/EMS-ESP32
1
0
Fork 0
mirror of https://github.com/emsesp/EMS-ESP32.git synced 2025-12-07 08:19:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

only write access in API is enabled

Browse Source
This commit is contained in:
proddy
2021-04-06 18:39:03 +02:00
parent 5ef1c7e3bd
commit 7e196785d8
2 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/WebAPIService.cpp
View File

@@ -28,10 +28,6 @@ WebAPIService::WebAPIService(AsyncWebServer * server) {
// e.g. http://ems-esp/api?device=boiler&cmd=wwtemp&data=20&id=1
void WebAPIService::webAPIService(AsyncWebServerRequest * request) {
// see if the API is enabled
bool api_enabled;
EMSESP::webSettingsService.read([&](WebSettings & settings) { api_enabled = settings.api_enabled; });
// must have device and cmd parameters
if ((!request->hasParam(F_(device))) || (!request->hasParam(F_(cmd)))) {
request->send(400, "text/plain", F("Invalid syntax"));
@@ -77,8 +73,10 @@ void WebAPIService::webAPIService(AsyncWebServerRequest * request) {
if (data.isEmpty()) {
ok = Command::call(device_type, cmd.c_str(), nullptr, id.toInt(), json); // command only
} else {
// we only allow commands with parameters if the API is enabled
bool api_enabled;
EMSESP::webSettingsService.read([&](WebSettings & settings) { api_enabled = settings.api_enabled; });
if (api_enabled) {
// we only allow commands with parameters if the API is enabled
ok = Command::call(device_type, cmd.c_str(), data.c_str(), id.toInt(), json); // has cmd, data and id
} else {
request->send(401, "text/plain", F("Unauthorized"));