Merge pull request #4307 from blazoncek/compile-pin

Compile time lock PIN definition
This commit is contained in:
Blaž Kristan 2025-03-08 12:44:10 +01:00 committed by GitHub
commit b908384ba2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 21 additions and 8 deletions

View File

@ -217,6 +217,10 @@ using PSRAMDynamicJsonDocument = BasicJsonDocument<PSRAM_Allocator>;
#define WLED_AP_PASS DEFAULT_AP_PASS #define WLED_AP_PASS DEFAULT_AP_PASS
#endif #endif
#ifndef WLED_PIN
#define WLED_PIN ""
#endif
#ifndef SPIFFS_EDITOR_AIRCOOOKIE #ifndef SPIFFS_EDITOR_AIRCOOOKIE
#error You are not using the Aircoookie fork of the ESPAsyncWebserver library.\ #error You are not using the Aircoookie fork of the ESPAsyncWebserver library.\
Using upstream puts your WiFi password at risk of being served by the filesystem.\ Using upstream puts your WiFi password at risk of being served by the filesystem.\
@ -277,7 +281,11 @@ WLED_GLOBAL char releaseString[] _INIT(WLED_RELEASE_NAME); // must include the q
// AP and OTA default passwords (for maximum security change them!) // AP and OTA default passwords (for maximum security change them!)
WLED_GLOBAL char apPass[65] _INIT(WLED_AP_PASS); WLED_GLOBAL char apPass[65] _INIT(WLED_AP_PASS);
#ifdef WLED_OTA_PASS
WLED_GLOBAL char otaPass[33] _INIT(WLED_OTA_PASS);
#else
WLED_GLOBAL char otaPass[33] _INIT(DEFAULT_OTA_PASS); WLED_GLOBAL char otaPass[33] _INIT(DEFAULT_OTA_PASS);
#endif
// Hardware and pin config // Hardware and pin config
#ifndef BTNPIN #ifndef BTNPIN
@ -570,11 +578,15 @@ WLED_GLOBAL byte macroLongPress[WLED_MAX_BUTTONS] _INIT({0});
WLED_GLOBAL byte macroDoublePress[WLED_MAX_BUTTONS] _INIT({0}); WLED_GLOBAL byte macroDoublePress[WLED_MAX_BUTTONS] _INIT({0});
// Security CONFIG // Security CONFIG
#ifdef WLED_OTA_PASS
WLED_GLOBAL bool otaLock _INIT(true); // prevents OTA firmware updates without password. ALWAYS enable if system exposed to any public networks
#else
WLED_GLOBAL bool otaLock _INIT(false); // prevents OTA firmware updates without password. ALWAYS enable if system exposed to any public networks WLED_GLOBAL bool otaLock _INIT(false); // prevents OTA firmware updates without password. ALWAYS enable if system exposed to any public networks
#endif
WLED_GLOBAL bool wifiLock _INIT(false); // prevents access to WiFi settings when OTA lock is enabled WLED_GLOBAL bool wifiLock _INIT(false); // prevents access to WiFi settings when OTA lock is enabled
WLED_GLOBAL bool aOtaEnabled _INIT(true); // ArduinoOTA allows easy updates directly from the IDE. Careful, it does not auto-disable when OTA lock is on WLED_GLOBAL bool aOtaEnabled _INIT(true); // ArduinoOTA allows easy updates directly from the IDE. Careful, it does not auto-disable when OTA lock is on
WLED_GLOBAL char settingsPIN[5] _INIT(""); // PIN for settings pages WLED_GLOBAL char settingsPIN[5] _INIT(WLED_PIN); // PIN for settings pages
WLED_GLOBAL bool correctPIN _INIT(true); WLED_GLOBAL bool correctPIN _INIT(!strlen(settingsPIN));
WLED_GLOBAL unsigned long lastEditTime _INIT(0); WLED_GLOBAL unsigned long lastEditTime _INIT(0);
WLED_GLOBAL uint16_t userVar0 _INIT(0), userVar1 _INIT(0); //available for use in usermod WLED_GLOBAL uint16_t userVar0 _INIT(0), userVar1 _INIT(0); //available for use in usermod

View File

@ -567,13 +567,14 @@ void serveSettings(AsyncWebServerRequest* request, bool post) {
//else if (url.indexOf("/edit") >= 0) subPage = 10; //else if (url.indexOf("/edit") >= 0) subPage = 10;
else subPage = SUBPAGE_WELCOME; else subPage = SUBPAGE_WELCOME;
if (!correctPIN && strlen(settingsPIN) > 0 && (subPage > 0 && subPage < 11)) { bool pinRequired = !correctPIN && strlen(settingsPIN) > 0 && (subPage > (WLED_WIFI_CONFIGURED ? SUBPAGE_MENU : SUBPAGE_WIFI) && subPage < SUBPAGE_LOCK);
if (pinRequired) {
originalSubPage = subPage; originalSubPage = subPage;
subPage = SUBPAGE_PINREQ; // require PIN subPage = SUBPAGE_PINREQ; // require PIN
} }
// if OTA locked or too frequent PIN entry requests fail hard // if OTA locked or too frequent PIN entry requests fail hard
if ((subPage == SUBPAGE_WIFI && wifiLock && otaLock) || (post && !correctPIN && millis()-lastEditTime < PIN_RETRY_COOLDOWN)) if ((subPage == SUBPAGE_WIFI && wifiLock && otaLock) || (post && pinRequired && millis()-lastEditTime < PIN_RETRY_COOLDOWN))
{ {
serveMessage(request, 401, FPSTR(s_accessdenied), FPSTR(s_unlock_ota), 254); return; serveMessage(request, 401, FPSTR(s_accessdenied), FPSTR(s_unlock_ota), 254); return;
} }
@ -609,7 +610,7 @@ void serveSettings(AsyncWebServerRequest* request, bool post) {
if (!s2[0]) strcpy_P(s2, s_redirecting); if (!s2[0]) strcpy_P(s2, s_redirecting);
bool redirectAfter9s = (subPage == SUBPAGE_WIFI || ((subPage == SUBPAGE_SEC || subPage == SUBPAGE_UM) && doReboot)); bool redirectAfter9s = (subPage == SUBPAGE_WIFI || ((subPage == SUBPAGE_SEC || subPage == SUBPAGE_UM) && doReboot));
serveMessage(request, (correctPIN ? 200 : 401), s, s2, redirectAfter9s ? 129 : (correctPIN ? 1 : 3)); serveMessage(request, (!pinRequired ? 200 : 401), s, s2, redirectAfter9s ? 129 : (!pinRequired ? 1 : 3));
return; return;
} }
} }