andry/EMS-ESP32
1
0
Fork 0
mirror of https://github.com/emsesp/EMS-ESP32.git synced 2025-12-07 16:29:51 +03:00
Code Issues Packages Projects Releases Wiki Activity

only write access in API is enabled

Browse Source
This commit is contained in:
proddy
2021-04-06 18:39:03 +02:00
parent 5ef1c7e3bd
commit 7e196785d8
2 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/WebAPIService.cpp
View File

@@ -28,10 +28,6 @@ WebAPIService::WebAPIService(AsyncWebServer * server) {
// e.g. http://ems-esp/api?device=boiler&cmd=wwtemp&data=20&id=1 // e.g. http://ems-esp/api?device=boiler&cmd=wwtemp&data=20&id=1
void WebAPIService::webAPIService(AsyncWebServerRequest * request) { void WebAPIService::webAPIService(AsyncWebServerRequest * request) {
// see if the API is enabled
bool api_enabled;
EMSESP::webSettingsService.read([&](WebSettings & settings) { api_enabled = settings.api_enabled; });
// must have device and cmd parameters // must have device and cmd parameters
if ((!request->hasParam(F_(device))) || (!request->hasParam(F_(cmd)))) { if ((!request->hasParam(F_(device))) || (!request->hasParam(F_(cmd)))) {
request->send(400, "text/plain", F("Invalid syntax")); request->send(400, "text/plain", F("Invalid syntax"));
@@ -77,8 +73,10 @@ void WebAPIService::webAPIService(AsyncWebServerRequest * request) {
if (data.isEmpty()) { if (data.isEmpty()) {
ok = Command::call(device_type, cmd.c_str(), nullptr, id.toInt(), json); // command only ok = Command::call(device_type, cmd.c_str(), nullptr, id.toInt(), json); // command only
} else { } else {
if (api_enabled) {
// we only allow commands with parameters if the API is enabled // we only allow commands with parameters if the API is enabled
bool api_enabled;
EMSESP::webSettingsService.read([&](WebSettings & settings) { api_enabled = settings.api_enabled; });
if (api_enabled) {
ok = Command::call(device_type, cmd.c_str(), data.c_str(), id.toInt(), json); // has cmd, data and id ok = Command::call(device_type, cmd.c_str(), data.c_str(), id.toInt(), json); // has cmd, data and id
} else { } else {
request->send(401, "text/plain", F("Unauthorized")); request->send(401, "text/plain", F("Unauthorized"));

15
src/WebDevicesService.cpp
View File

@@ -100,7 +100,16 @@ void WebDevicesService::device_data(AsyncWebServerRequest * request, JsonVariant
request->send(response); request->send(response);
} }
// takes a command and its data value from a specific Device, from the Web
void WebDevicesService::write_value(AsyncWebServerRequest * request, JsonVariant & json) { void WebDevicesService::write_value(AsyncWebServerRequest * request, JsonVariant & json) {
// only issue commands if the API is enabled
EMSESP::webSettingsService.read([&](WebSettings & settings) {
if (!settings.api_enabled) {
request->send(403); // forbidden error
return;
}
});
if (json.is<JsonObject>()) { if (json.is<JsonObject>()) {
JsonObject dv = json["devicevalue"]; JsonObject dv = json["devicevalue"];
@@ -125,16 +134,14 @@ void WebDevicesService::write_value(AsyncWebServerRequest * request, JsonVariant
} }
if (ok) { if (ok) {
AsyncWebServerResponse * response = request->beginResponse(200); // OK request->send(200);
request->send(response);
} }
return; // found device, quit return; // found device, quit
} }
} }
} }
AsyncWebServerResponse * response = request->beginResponse(204); // no content error request->send(204); // no content error
request->send(response);
} }
} }