andry/EMS-ESP32
1
0
Fork 0
mirror of https://github.com/emsesp/EMS-ESP32.git synced 2025-12-06 15:59:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix authentication check for GET commands that need admin - Refactor MQTT subscriptions and API calls #173

Browse Source
This commit is contained in:
proddy
2021-11-09 20:54:41 +01:00
parent 234533f241
commit 88f78f6541
4 changed files with 53 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/command.cpp
View File

@@ -30,7 +30,7 @@ std::vector<Command::CmdFunction> Command::cmdfunctions_;
// the path is leading so if duplicate keys are in the input JSON it will be ignored
// the entry point will be either via the Web API (api/) or MQTT (<base>/)
// returns a return code and json output
uint8_t Command::process(const char * path, const bool authenticated, const JsonObject & input, JsonObject & output) {
uint8_t Command::process(const char * path, const bool is_admin, const JsonObject & input, JsonObject & output) {
SUrlParser p; // parse URL for the path names
p.parse(path);
@@ -146,16 +146,16 @@ uint8_t Command::process(const char * path, const bool authenticated, const Json
// call the command based on the type
uint8_t return_code = CommandRet::ERROR;
if (data.is<const char *>()) {
return_code = Command::call(device_type, command_p, data.as<const char *>(), authenticated, id_n, output);
return_code = Command::call(device_type, command_p, data.as<const char *>(), is_admin, id_n, output);
} else if (data.is<int>()) {
char data_str[10];
return_code = Command::call(device_type, command_p, Helpers::itoa(data_str, (int16_t)data.as<int>()), authenticated, id_n, output);
return_code = Command::call(device_type, command_p, Helpers::itoa(data_str, (int16_t)data.as<int>()), is_admin, id_n, output);
} else if (data.is<float>()) {
char data_str[10];
return_code = Command::call(device_type, command_p, Helpers::render_value(data_str, (float)data.as<float>(), 2), authenticated, id_n, output);
return_code = Command::call(device_type, command_p, Helpers::render_value(data_str, (float)data.as<float>(), 2), is_admin, id_n, output);
} else if (data.isNull()) {
// empty
return_code = Command::call(device_type, command_p, "", authenticated, id_n, output);
return_code = Command::call(device_type, command_p, "", is_admin, id_n, output);
} else {
// can't process
output.clear();
@@ -243,7 +243,7 @@ uint8_t Command::call(const uint8_t device_type, const char * cmd, const char *
// calls a command. Takes a json object for output.
// id may be used to represent a heating circuit for example
// returns 0 if the command errored, 1 (TRUE) if ok, 2 if not found, 3 if error or 4 if not allowed
uint8_t Command::call(const uint8_t device_type, const char * cmd, const char * value, bool authenticated, const int8_t id, JsonObject & output) {
uint8_t Command::call(const uint8_t device_type, const char * cmd, const char * value, const bool is_admin, const int8_t id, JsonObject & output) {
uint8_t return_code = CommandRet::OK;
std::string dname = EMSdevice::device_type_2_device_name(device_type);
@@ -274,7 +274,7 @@ uint8_t Command::call(const uint8_t device_type, const char * cmd, const char *
}
// check permissions
if (cf->has_flags(CommandFlag::ADMIN_ONLY) && !authenticated) {
if (cf->has_flags(CommandFlag::ADMIN_ONLY) && !is_admin) {
output["message"] = "authentication failed";
return CommandRet::NOT_ALLOWED; // command not allowed
}