/* WEBSERVER MODULE Copyright (C) 2016-2019 by Xose PĂ©rez */ #include "espurna.h" #if WEB_SUPPORT #include #include #include #include #include #include #include #include #include #include #include "ntp.h" #include "settings.h" #include "system.h" #include "utils.h" #include "web.h" #include "ws.h" #if WEB_EMBEDDED namespace { #if WEBUI_IMAGE == WEBUI_IMAGE_SMALL #include "static/index.small.html.ipp" #elif WEBUI_IMAGE == WEBUI_IMAGE_LIGHT #include "static/index.light.html.ipp" #elif WEBUI_IMAGE == WEBUI_IMAGE_SENSOR #include "static/index.sensor.html.ipp" #elif WEBUI_IMAGE == WEBUI_IMAGE_RFBRIDGE #include "static/index.rfbridge.html.ipp" #elif WEBUI_IMAGE == WEBUI_IMAGE_RFM69 #include "static/index.rfm69.html.ipp" #elif WEBUI_IMAGE == WEBUI_IMAGE_LIGHTFOX #include "static/index.lightfox.html.ipp" #elif WEBUI_IMAGE == WEBUI_IMAGE_GARLAND #include "static/index.garland.html.ipp" #elif WEBUI_IMAGE == WEBUI_IMAGE_THERMOSTAT #include "static/index.thermostat.html.ipp" #elif WEBUI_IMAGE == WEBUI_IMAGE_CURTAIN #include "static/index.curtain.html.ipp" #elif WEBUI_IMAGE == WEBUI_IMAGE_FULL #include "static/index.all.html.ipp" #endif } // namespace #endif // WEB_EMBEDDED #if WEB_SSL_ENABLED #include "static/server.cer.h" #include "static/server.key.h" #endif // WEB_SSL_ENABLED namespace espurna { namespace web { namespace { namespace build { STRING_VIEW_INLINE(WebRemoteDomain, WEB_REMOTE_DOMAIN); constexpr auto DefaultPort = uint16_t{ #if WEB_SSL_ENABLED 443 #else 80 #endif }; constexpr uint16_t port() { return (WEB_PORT == 0) ? DefaultPort : (WEB_PORT); } constexpr bool access_log() { return 1 == WEB_ACCESS_LOG; } } // namespace build namespace settings { namespace keys { STRING_VIEW_INLINE(Prefix, "web"); STRING_VIEW_INLINE(AccessLog, "webAccessLog"); STRING_VIEW_INLINE(Domain, "webDomain"); STRING_VIEW_INLINE(Port, "webPort"); } // namespace keys bool access_log() { return getSetting(keys::AccessLog, build::access_log()); } String domain() { return getSetting(keys::Domain, build::WebRemoteDomain); } uint16_t port() { return getSetting(keys::Port, build::port()); } } // namespace settings } // namespace } // namespace web } // namespace espurna namespace { static constexpr size_t WebConfigBufferMax { 4096 }; template void _addHeader(T& other, espurna::StringView name, espurna::StringView value) { other.addHeader(name.toString(), value.toString()); } void _addConnectionClose(AsyncWebServerResponse* response) { _addHeader(*response, STRING_VIEW("Connection"), STRING_VIEW("close")); } void _addSecurityHeaders(AsyncWebServerResponse* response) { _addHeader(*response, STRING_VIEW("X-XSS-Protection"), STRING_VIEW("1; mode=block")); _addHeader(*response, STRING_VIEW("X-Content-Type-Options"), STRING_VIEW("nosniff")); _addHeader(*response, STRING_VIEW("X-Frame-Options"), STRING_VIEW("deny")); } #if WEB_EMBEDDED static constexpr auto WebContentEncoding = espurna::StringView(webui_content_encoding); static constexpr auto WebLastModified = espurna::StringView(webui_last_modified); void _addGenericHeaders(AsyncWebServerResponse* response) { if (WebContentEncoding.length()) { _addHeader(*response, STRING_VIEW("Content-Encoding"), WebContentEncoding); } _addHeader(*response, STRING_VIEW("Last-Modified"), WebLastModified); } #endif } // namespace namespace espurna { namespace web { namespace print { bool RequestPrint::_addBuffer() { if ((_buffers.size() + 1) > _config.backlog.count) { if (!_exhaustBuffers()) { _state = State::Error; return false; } } // Note: c++17, emplace returns created object reference // c++11, we need to use .back() _buffers.emplace_back(_config.backlog.size, 0); _buffers.back().clear(); return true; } // Creates response object that will handle the data written into the Print& interface. // // This API expects a **very** careful approach to context switching between SYS and CONT: // - Returning RESPONSE_TRY_AGAIN before buffers are filled will result in invalid size marker being sent on the wire. // HTTP client (curl, python requests etc., as discovered in testing) will then drop the connection // - Returning 0 will immediately close the connection from our side // - Calling _prepareRequest() **before** _buffers are filled will result in returning 0 // - Calling yield() / delay() while request handler is active **may** trigger this callback out of sequence // (e.g. Stream.write(...), Stream.read(...), DEBUG_MSG(...), or any other API trying to switch contexts) // - Receiving data (tcp ack from the previous packet) **will** trigger the callback when switching contexts. size_t RequestPrint::_handleRequest(uint8_t* data, size_t maxLen) { switch (_state) { case State::None: return RESPONSE_TRY_AGAIN; case State::Error: case State::Done: return 0; case State::Sending: break; } size_t written = 0; while ((written < maxLen) && !_buffers.empty()) { auto& chunk =_buffers.front(); auto have = maxLen - written; if (chunk.size() > have) { std::copy(chunk.data(), chunk.data() + have, data + written); chunk.erase(chunk.begin(), chunk.begin() + have); written += have; } else { std::copy(chunk.data(), chunk.data() + chunk.size(), data + written); _buffers.pop_front(); written += chunk.size(); } } return written; } void RequestPrint::_prepareRequest() { _state = State::Sending; auto *response = _request->beginChunkedResponse( _config.mimeType, [this](uint8_t*data, size_t maxLen, size_t) -> size_t { return this->_handleRequest(data, maxLen); }); _addConnectionClose(response); _request->send(response); } size_t RequestPrint::write(uint8_t b) { return write(&b, 1); } bool RequestPrint::_exhaustBuffers() { // XXX: espasyncwebserver will trigger write callback if we setup response too early // exploring code, callback handler responds to a special return value RESPONSE_TRY_AGAIN // but, it seemingly breaks chunked response logic // XXX: this should be **the only place** that can trigger yield() while we stay in CONT if (_state == State::None) { _prepareRequest(); } using TimeSource = espurna::time::CoreClock; const auto start = TimeSource::now(); do { if (TimeSource::now() - start > _config.backlog.timeout) { _buffers.clear(); break; } yield(); } while (!_buffers.empty()); return _buffers.empty(); } void RequestPrint::flush() { _exhaustBuffers(); _state = State::Done; } size_t RequestPrint::write(const uint8_t* data, size_t size) { if (_state == State::Error) { return 0; } size_t full_size = size; auto* data_ptr = data; while (size) { if (_buffers.empty() && !_addBuffer()) { full_size = 0; break; } auto& current = _buffers.back(); const auto have = current.capacity() - current.size(); if (have >= size) { current.insert(current.end(), data_ptr, data_ptr + size); size = 0; } else { current.insert(current.end(), data_ptr, data_ptr + have); if (!_addBuffer()) { full_size = 0; break; } data_ptr += have; size -= have; } } return full_size; } } // namespace print } // namespace web } // namespace espurna // ----------------------------------------------------------------------------- namespace { uint16_t _port{}; AsyncWebServer* _server; // XXX shared between requests! std::vector* _webConfigBuffer; bool _webConfigSuccess = false; // TODO server may not cache the full body std::vector _web_request_callbacks; std::vector _web_body_callbacks; } // namespace // ----------------------------------------------------------------------------- // HOOKS // ----------------------------------------------------------------------------- namespace { bool _authenticateRequest(AsyncWebServerRequest* request) { #if USE_PASSWORD return request->authenticate(WEB_USERNAME, systemPassword().c_str()); #else return true; #endif } // Whether the request is for this hostname or IP bool _isAPModeRequest(AsyncWebServerRequest* request) { if (wifiConnectable()) { const auto direct = request->client()->localIP() == wifiApIp(); if (!direct) { return false; } const auto header = request->getHeader(F("Host")); if (!header) { return false; } const auto host = header->value(); const auto domain = systemHostname() + '.'; const auto ip = wifiApIp().toString(); if (!host.equals(ip) && !host.startsWith(domain)) { return false; } return true; } return false; } // Allow only requests that use our hostname or IP bool _onAPModeRequest(AsyncWebServerRequest* request) { if (wifiConnectable()) { if (_isAPModeRequest(request)) { return true; } // Immediately close the connection, ref: https://github.com/xoseperez/espurna/issues/1660 // Not doing so will cause memory exhaustion, because the connection will linger request->send(404); request->client()->close(); return false; } return true; } void _webRequestAuth(AsyncWebServerRequest* request) { request->requestAuthentication(systemHostname().c_str(), true); } void _onReset(AsyncWebServerRequest *request) { if (!_authenticateRequest(request)) { _webRequestAuth(request); return; } prepareReset(CustomResetReason::Web); request->send(200); } void _onDiscover(AsyncWebServerRequest *request) { StaticJsonBuffer buffer; JsonObject& root = buffer.createObject(); root["hostname"] = systemHostname(); root["device"] = systemDevice(); const auto app = buildApp(); root["app"] = app.name; root["version"] = app.version; auto* response = request->beginResponseStream( F("application/json"), root.measureLength()); response->setCode(200); root.printTo(*response); request->send(response); } void _setupAccessControlHeaders() { const auto domain = espurna::web::settings::domain(); auto& headers = DefaultHeaders::Instance(); _addHeader(headers, STRING_VIEW("Access-Control-Allow-Origin"), domain); if (!domain.equals("*")) { _addHeader(headers, STRING_VIEW("Access-Control-Allow-Credentials"), STRING_VIEW("true")); } } void _onGetConfig(AsyncWebServerRequest *request) { if (!_authenticateRequest(request)) { _webRequestAuth(request); return; } auto out = std::make_shared(); out->reserve(TCP_MSS); const auto app = buildApp(); char buffer[256]; int prefix_len = snprintf_P(buffer, sizeof(buffer), PSTR("{\n\"app\": \"%s\",\n\"version\": \"%s\",\n\"backup\": \"1\""), app.name.c_str(), app.version.c_str()); if (prefix_len <= 0) { request->send(500); return; } out->concat(buffer, prefix_len); espurna::settings::foreach([&](espurna::settings::kvs_type::KeyValueResult&& kv) { auto key = kv.key.read(); auto value = kv.value.read(); int len = snprintf_P(buffer, sizeof(buffer), PSTR("\"%s\": \"%s\""), key.c_str(), value.c_str()); if (len > 0) { *out += ",\n"; out->concat(buffer, len); } }); *out += "\n}"; AsyncWebServerResponse* response = request->beginChunkedResponse( F("application/json"), [out](uint8_t* buffer, size_t maxLen, size_t index) -> size_t { auto len = out->length(); if (index == len) { return 0; } auto* ptr = out->c_str() + index; size_t have = std::min(len - index, maxLen); if (have) { std::copy(ptr, ptr + have, buffer); } return have; }); auto get_timestamp = []() -> String { #if NTP_SUPPORT if (ntpSynced()) { return ntpDateTime(); } #endif return String(espurna::time::millis().time_since_epoch().count(), 10); }; int written = snprintf_P(buffer, sizeof(buffer), PSTR("attachment; filename=\"%s %s backup.json\""), systemHostname().c_str(), get_timestamp().c_str()); if (written > 0) { _addSecurityHeaders(response); _addHeader(*response, STRING_VIEW("Content-Disposition"), espurna::StringView(&buffer[0], written)); request->send(response); return; } request->send(500); } void _onPostConfig(AsyncWebServerRequest *request) { if (!_authenticateRequest(request)) { _webRequestAuth(request); return; } request->send(_webConfigSuccess ? 200 : 400); } void _onPostConfigFile(AsyncWebServerRequest *request, String, size_t index, uint8_t *data, size_t len, bool final) { if (!_authenticateRequest(request)) { _webRequestAuth(request); return; } // No buffer if (final && (index == 0)) { _webConfigSuccess = settingsRestoreJson((char*) data); return; } // Buffer start => reset if (index == 0) if (_webConfigBuffer) delete _webConfigBuffer; // init buffer if it doesn't exist if (!_webConfigBuffer) { _webConfigBuffer = new std::vector(); _webConfigSuccess = false; } // Copy if (len > 0) { if ((_webConfigBuffer->size() + len) > std::min(WebConfigBufferMax, systemFreeHeap() - sizeof(std::vector))) { delete _webConfigBuffer; _webConfigBuffer = nullptr; request->send(500); return; } _webConfigBuffer->reserve(_webConfigBuffer->size() + len); _webConfigBuffer->insert(_webConfigBuffer->end(), data, data + len); } // Ending if (final) { _webConfigBuffer->push_back(0); _webConfigSuccess = settingsRestoreJson((char*) _webConfigBuffer->data()); delete _webConfigBuffer; } } #if WIFI_AP_CAPTIVE_SUPPORT String _apCaptiveLocation() { STRING_VIEW_INLINE(Prefix, "http://"); return Prefix.toString() + wifiApIp().toString(); } void _onAPCaptiveRequest(AsyncWebServerRequest* request) { if (wifiConnectable()) { auto* response = request->beginResponse(302); _addHeader(*response, STRING_VIEW("Location"), _apCaptiveLocation()); _addConnectionClose(response); request->send(response); return; } request->send(404); } #endif #if WEB_EMBEDDED void _onHome(AsyncWebServerRequest *request) { if (!_isAPModeRequest(request) && !_authenticateRequest(request)) { _webRequestAuth(request); return; } const auto* modified = request->getHeader( STRING_VIEW("If-Modified-Since").toString()); if (modified && (modified->value() == WebLastModified)) { request->send(304); return; } #if WEB_SSL_ENABLED // Chunked response, we calculate the chunks based on free heap (in multiples of 32) // This is necessary when a TLS connection is open since it sucks too much memory const size_t max = (systemFreeHeap() / 3) & 0xFFE0; auto* response = request->beginChunkedResponse("text/html", [max](uint8_t *buffer, size_t maxLen, size_t index) -> size_t { // Get the chunk based on the index and maxLen size_t len = std::size(webui_data) - index; len = std::min({len, maxLen, max}); if (len > 0) { memcpy_P(buffer, webui_data + index, len); } // Return the actual length of the chunk (0 for end of file) return len; }); #else auto* response = request->beginResponse_P(200, F("text/html"), webui_data, std::size(webui_data)); #endif _addGenericHeaders(response); _addSecurityHeaders(response); request->send(response); } #endif #if WEB_SSL_ENABLED int _onCertificate(void * arg, const char *filename, uint8_t **buf) { #if WEB_EMBEDDED if (strcmp(filename, "server.cer") == 0) { uint8_t * nbuf = (uint8_t*) malloc(server_cer_len); memcpy_P(nbuf, server_cer, server_cer_len); *buf = nbuf; DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - OK\n"), filename); return server_cer_len; } if (strcmp(filename, "server.key") == 0) { uint8_t * nbuf = (uint8_t*) malloc(server_key_len); memcpy_P(nbuf, server_key, server_key_len); *buf = nbuf; DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - OK\n"), filename); return server_key_len; } DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - ERROR\n"), filename); *buf = 0; return 0; #else File file = SPIFFS.open(filename, "r"); if (file) { size_t size = file.size(); uint8_t * nbuf = (uint8_t*) malloc(size); if (nbuf) { size = file.read(nbuf, size); file.close(); *buf = nbuf; DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - OK\n"), filename); return size; } file.close(); } DEBUG_MSG_P(PSTR("[WEB] SSL File: %s - ERROR\n"), filename); *buf = 0; return 0; #endif // WEB_EMBEDDED == 1 } #endif // WEB_SSL_ENABLED void _onRequest(AsyncWebServerRequest *request){ if (!_onAPModeRequest(request)) return; // Send request to subscribers, break when request is 'handled' by the callback for (auto& callback : _web_request_callbacks) { if (callback(request)) { return; } } // No subscriber handled the request, return a 404 with implicit "Connection: close" request->send(404); // And immediately close the connection, ref: https://github.com/xoseperez/espurna/issues/1660 // Not doing so will cause memory exhaustion, because the connection will linger request->client()->close(); } void _onBody(AsyncWebServerRequest *request, uint8_t *data, size_t len, size_t index, size_t total) { if (!_onAPModeRequest(request)) return; // Send request to subscribers for (unsigned char i = 0; i < _web_body_callbacks.size(); i++) { bool response = (_web_body_callbacks[i])(request, data, len, index, total); if (response) return; } // Same as _onAPModeRequest(...) request->send(404); request->client()->close(); } void _onVisible(JsonObject& root) { root[espurna::web::settings::keys::Port] = _port; } bool _onKeyCheck(espurna::StringView key, const JsonVariant&) { return key.startsWith(espurna::web::settings::keys::Prefix); } } // namespace void webSecurityHeaders(AsyncWebServerResponse* response) { _addSecurityHeaders(response); } bool webApModeRequest(AsyncWebServerRequest* request) { return _isAPModeRequest(request); } bool webAuthenticate(AsyncWebServerRequest *request) { return _authenticateRequest(request); } uint16_t webPort() { return _port; } AsyncWebServer& webServer() { return *_server; } void webBodyRegister(web_body_callback_f callback) { _web_body_callbacks.push_back(callback); } void webRequestRegister(web_request_callback_f callback) { _web_request_callbacks.push_back(callback); } void webLog(AsyncWebServerRequest* request) { const auto client = request->client(); String from = client ? client->remoteIP().toString() : F("(unknown)"); DEBUG_MSG_P(PSTR("[WEBSERVER] %s - %s %s\n"), from.c_str(), request->methodToString(), request->url().c_str()); } class WebAccessLogHandler : public AsyncWebHandler { bool canHandle(AsyncWebServerRequest* request) override { webLog(request); return false; } }; void webSetup() { // Create server and install global URL debug handler // (since we don't want to forcibly add it to each instance) using namespace espurna::web; _port = settings::port(); _server = new AsyncWebServer(_port); #if DEBUG_SUPPORT if (settings::access_log()) { static WebAccessLogHandler log; _server->addHandler(&log); } #endif // Rewrites _server->rewrite("/", "/index.html"); // Serve home (basic authentication protection is done manually b/c the handler is installed through callback functions) #if WEB_EMBEDDED _server->on("/index.html", HTTP_GET, _onHome); #endif // Serve static files (not supported, yet) #if SPIFFS_SUPPORT _server->serveStatic("/", SPIFFS, "/") .setLastModified(_last_modified) .setFilter([](AsyncWebServerRequest *request) -> bool { webLog(request); return true; }); #endif _server->on("/reset", HTTP_GET, _onReset); _server->on("/config", HTTP_GET, _onGetConfig); _server->on("/config", HTTP_POST | HTTP_PUT, _onPostConfig, _onPostConfigFile); _server->on("/discover", HTTP_GET, _onDiscover); #if WIFI_AP_CAPTIVE_SUPPORT _server->on("/generate_204", _onAPCaptiveRequest); _server->on("/fwlink", _onAPCaptiveRequest); #endif // Handle every other request, including 404 _server->onRequestBody(_onBody); _server->onNotFound(_onRequest); // Run server #if WEB_SSL_ENABLED _server->onSslFileRequest(_onCertificate, NULL); _server->beginSecure("server.cer", "server.key", NULL); #else _server->begin(); #endif DEBUG_MSG_P(PSTR("[WEBSERVER] Webserver running on port %hu\n"), _port); // CORS setup _setupAccessControlHeaders(); // Handle ws server settings updates wsRegister() .onVisible(_onVisible) .onKeyCheck(_onKeyCheck); } #endif // WEB_SUPPORT