jeans/WLED
jeans/WLED
1
0
Fork 0
mirror of https://github.com/wled/WLED.git synced 2025-07-24 19:26:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

UI communication progress

Browse Source
This commit is contained in:
Christian Schwinne 2024-10-13 22:48:20 +02:00
parent af1ee61ba7
commit b02bc29d29
4 changed files with 83 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
readme.md
View File

@ -10,6 +10,9 @@
</p> </p>
> [!CAUTION]
> This branch is actively used for research purposes. **Please do not push** to it.
# Welcome to my project WLED! ✨ # Welcome to my project WLED! ✨
A fast and feature-rich implementation of an ESP8266/ESP32 webserver to control NeoPixel (WS2812B, WS2811, SK6812) LEDs or also SPI based chipsets like the WS2801 and APA102! A fast and feature-rich implementation of an ESP8266/ESP32 webserver to control NeoPixel (WS2812B, WS2811, SK6812) LEDs or also SPI based chipsets like the WS2801 and APA102!

14
wled00/crypto.cpp
View File

@ -31,6 +31,20 @@ bool hmac_verify(const char* message, const char* psk, const byte* signature) {
return true; return true;
} }
bool verify_json_hmac(JsonObject root) {
JsonObject msg = root["msg"];
if (!msg) {
Serial.println(F("No message object found in JSON."));
return false;
}
const char *sig = msg["sig"];
if (sig == nullptr) {
Serial.println(F("No signature found in JSON."));
return false;
}
}
bool hmac_test() { bool hmac_test() {
Serial.println(F("Testing HMAC...")); Serial.println(F("Testing HMAC..."));
unsigned long start = millis(); unsigned long start = millis();

37
wled00/data/index.js
View File

@ -214,6 +214,10 @@ function loadSkinCSS(cId)
} }
} }
var useSRA = false;
var sraWindow = null;
var sraOrigin = '';
function getURL(path) { function getURL(path) {
return (loc ? locproto + "//" + locip : "") + path; return (loc ? locproto + "//" + locip : "") + path;
} }
@ -243,6 +247,13 @@ function onLoad()
var sett = localStorage.getItem('wledUiCfg'); var sett = localStorage.getItem('wledUiCfg');
if (sett) cfg = mergeDeep(cfg, JSON.parse(sett)); if (sett) cfg = mergeDeep(cfg, JSON.parse(sett));
if (window.opener) {
// can't get opener origin due to cross-origin browser policy
//var openerOrigin = window.opener.location.origin;
//console.log("WLED-UI opener origin: " + openerOrigin);
window.opener.postMessage('{"wled-ui":"onload"}', '*'); //openerOrigin);
}
tooltip(); tooltip();
resetPUtil(); resetPUtil();
initFilters(); initFilters();
@ -301,6 +312,26 @@ function onLoad()
}); });
} }
function handleWindowMessageEvent(event) {
console.log(`Received message: ${event.data}`);
console.log(`origin: ${event.origin}`);
try {
var json = JSON.parse(event.data)
} catch (e) {
console.log(`Error parsing JSON: ${e}`);
return;
}
if (json['wled-rc'] === 'ready') {
useSRA = true;
sraWindow = event.source;
sraOrigin = event.origin;
} else if (json['wled-rc'] === 'hmac') {
console.log(`Received HMAC: ${json['hmac']}`);
}
}
onmessage = (event) => { handleWindowMessageEvent(event) };
function updateTablinks(tabI) function updateTablinks(tabI)
{ {
var tablinks = gEBCN("tablinks"); var tablinks = gEBCN("tablinks");
@ -1703,6 +1734,12 @@ function requestJson(command=null)
if (req.length > 500 && lastinfo && lastinfo.arch == "esp8266") useWs = false; // esp8266 can only handle 500 bytes if (req.length > 500 && lastinfo && lastinfo.arch == "esp8266") useWs = false; // esp8266 can only handle 500 bytes
}; };
if (command && useSRA && !command['sig']) { // secure remote access integration, need to get HMAC from rc.wled.me
// if we already have a command including a signature, we are good to go
sraWindow.postMessage(JSON.stringify({"wled-ui":"hmac-req", "msg":command}), sraOrigin);
return; // TODO need a sort of pending indicator
}
if (useWs) { if (useWs) {
ws.send(req?req:'{"v":true}'); ws.send(req?req:'{"v":true}');
return; return;

30
wled00/wled_server.cpp
View File

@ -297,9 +297,26 @@ void initServer()
DeserializationError error = deserializeJson(*pDoc, (uint8_t*)(request->_tempObject)); DeserializationError error = deserializeJson(*pDoc, (uint8_t*)(request->_tempObject));
// if enabled, calculate HMAC and verify it // if enabled, calculate HMAC and verify it
Serial.println("HMAC verification"); Serial.println(F("HMAC verification"));
Serial.write((const char*)request->_tempObject, request->contentLength()); Serial.write((const char*)request->_tempObject, request->contentLength());
// actually we need to verify the HMAC of the nested "msg" object
if (strlen((const char*)request->_tempObject) > request->contentLength()) {
Serial.println(F("HMAC verification failed: content is not null-terminated"));
releaseJSONBufferLock();
serveJsonError(request, 400, ERR_JSON);
return;
}
// find the "msg" object in JSON
char * msgPtr = strstr((const char*)request->_tempObject, "\"msg\":");
if (msgPtr == NULL) {
Serial.println(F("HMAC verification failed: no \"msg\" object found"));
releaseJSONBufferLock();
serveJsonError(request, 400, ERR_JSON);
return;
}
char * objStart = strchr(msgPtr, '{');
JsonObject root = pDoc->as<JsonObject>(); JsonObject root = pDoc->as<JsonObject>();
if (error || root.isNull()) { if (error || root.isNull()) {
releaseJSONBufferLock(); releaseJSONBufferLock();
@ -307,6 +324,17 @@ void initServer()
return; return;
} }
// if (root.containsKey("sig")) {
// const char* hmacProvided = root["sig"];
// char hmac_calculated[SHA256HMAC_SIZE];
// hmac_sign((const char*)request->_tempObject, settings.hmacKey, (byte*)hmac_calculated);
// if (memcmp(hmac_calculated, hmac, SHA256HMAC_SIZE) != 0) {
// releaseJSONBufferLock();
// serveJsonError(request, 401, ERR_HMAC);
// return;
// }
// }
// old 4-digit pin logic for settings authentication (no transport encryption) // old 4-digit pin logic for settings authentication (no transport encryption)
if (root.containsKey("pin")) checkSettingsPIN(root["pin"].as<const char*>()); if (root.containsKey("pin")) checkSettingsPIN(root["pin"].as<const char*>());