replace api/settings and customizatons with secure REST calls #501

src/system.cpp

@@ -689,8 +689,6 @@ void System::commands_init() {
 
     // these commands will return data in JSON format
     Command::add(EMSdevice::DeviceType::SYSTEM, F_(info), System::command_info, F("show system status"));
-    Command::add(EMSdevice::DeviceType::SYSTEM, F_(settings), System::command_settings, F("fetch system settings"), CommandFlag::ADMIN_ONLY);
-    Command::add(EMSdevice::DeviceType::SYSTEM, F_(customizations), System::command_customizations, F("fetch system customizations"));
     Command::add(EMSdevice::DeviceType::SYSTEM, F_(commands), System::command_commands, F("fetch system commands"));
 
 #if defined(EMSESP_DEBUG)
@@ -973,34 +971,6 @@ bool System::saveSettings(const char * filename, const char * section, JsonObjec
     return false; // not found
 }
 
-// export all settings to JSON text
-// we need to keep the original format so the import/upload works as we just replace files
-// http://ems-esp/api/system/settings
-bool System::command_settings(const char * value, const int8_t id, JsonObject & output) {
-    output["type"] = "settings";
-
-    JsonObject node = output.createNestedObject("System");
-    node["version"] = EMSESP_APP_VERSION;
-
-    extractSettings(NETWORK_SETTINGS_FILE, "Network", output);
-    extractSettings(AP_SETTINGS_FILE, "AP", output);
-    extractSettings(MQTT_SETTINGS_FILE, "MQTT", output);
-    extractSettings(NTP_SETTINGS_FILE, "NTP", output);
-    extractSettings(OTA_SETTINGS_FILE, "OTA", output);
-    extractSettings(SECURITY_SETTINGS_FILE, "Security", output);
-    extractSettings(EMSESP_SETTINGS_FILE, "Settings", output);
-
-    return true;
-}
-
-// http://ems-esp/api/system/customizations
-// we need to keep the original format so the import/upload works as we just replace file
-bool System::command_customizations(const char * value, const int8_t id, JsonObject & output) {
-    output["type"] = "customizations";
-    extractSettings(EMSESP_CUSTOMIZATION_FILE, "Customizations", output);
-    return true;
-}
-
 // export status information including the device information
 // http://ems-esp/api/system/info
 bool System::command_info(const char * value, const int8_t id, JsonObject & output) {

src/system.h

@@ -61,8 +61,6 @@ class System {
     static bool command_watch(const char * value, const int8_t id);
 
     static bool command_info(const char * value, const int8_t id, JsonObject & output);
-    static bool command_settings(const char * value, const int8_t id, JsonObject & output);
-    static bool command_customizations(const char * value, const int8_t id, JsonObject & output);
     static bool command_commands(const char * value, const int8_t id, JsonObject & output);
 
     std::string reset_reason(uint8_t cpu) const;

src/version.h

@@ -1 +1 @@
-#define EMSESP_APP_VERSION "3.4.0b17"
+#define EMSESP_APP_VERSION "3.4.0b18"

src/web/WebAPIService.cpp

@@ -32,6 +32,12 @@ WebAPIService::WebAPIService(AsyncWebServer * server, SecurityManager * security
     , _apiHandler("/api", std::bind(&WebAPIService::webAPIService_post, this, _1, _2), 256) { // for POSTS, must use 'Content-Type: application/json' in header
     server->on("/api", HTTP_GET, std::bind(&WebAPIService::webAPIService_get, this, _1));     // for GETS
     server->addHandler(&_apiHandler);
+
+    // for settings
+    server->on(GET_SETTINGS_PATH, HTTP_GET, securityManager->wrapRequest(std::bind(&WebAPIService::getSettings, this, _1), AuthenticationPredicates::IS_ADMIN));
+    server->on(GET_CUSTOMIZATIONS_PATH,
+               HTTP_GET,
+               securityManager->wrapRequest(std::bind(&WebAPIService::getCustomizations, this, _1), AuthenticationPredicates::IS_ADMIN));
 }
 
 // HTTP GET
@@ -150,4 +156,37 @@ void WebAPIService::parse(AsyncWebServerRequest * request, JsonObject & input) {
 #endif
 }
 
+void WebAPIService::getSettings(AsyncWebServerRequest * request) {
+    auto *     response = new AsyncJsonResponse(false, EMSESP_JSON_SIZE_XLARGE_DYN);
+    JsonObject root     = response->getRoot();
+
+    root["type"] = "settings";
+
+    JsonObject node = root.createNestedObject("System");
+    node["version"] = EMSESP_APP_VERSION;
+
+    System::extractSettings(NETWORK_SETTINGS_FILE, "Network", root);
+    System::extractSettings(AP_SETTINGS_FILE, "AP", root);
+    System::extractSettings(MQTT_SETTINGS_FILE, "MQTT", root);
+    System::extractSettings(NTP_SETTINGS_FILE, "NTP", root);
+    System::extractSettings(OTA_SETTINGS_FILE, "OTA", root);
+    System::extractSettings(SECURITY_SETTINGS_FILE, "Security", root);
+    System::extractSettings(EMSESP_SETTINGS_FILE, "Settings", root);
+
+    response->setLength();
+    request->send(response);
+}
+
+void WebAPIService::getCustomizations(AsyncWebServerRequest * request) {
+    auto *     response = new AsyncJsonResponse(false, EMSESP_JSON_SIZE_XLARGE_DYN);
+    JsonObject root     = response->getRoot();
+
+    root["type"] = "customizations";
+
+    System::extractSettings(EMSESP_CUSTOMIZATION_FILE, "Customizations", root);
+
+    response->setLength();
+    request->send(response);
+}
+
 } // namespace emsesp

src/web/WebAPIService.h

@@ -20,6 +20,8 @@
 #define WebAPIService_h
 
 #define EMSESP_API_SERVICE_PATH "/api"
+#define GET_SETTINGS_PATH "/rest/getSettings"
+#define GET_CUSTOMIZATIONS_PATH "/rest/getCustomizations"
 
 namespace emsesp {
 
@@ -46,6 +48,9 @@ class WebAPIService {
     static uint16_t api_fails_;
 
     void parse(AsyncWebServerRequest * request, JsonObject & input);
+
+    void getSettings(AsyncWebServerRequest * request);
+    void getCustomizations(AsyncWebServerRequest * request);
 };
 
 } // namespace emsesp