[web_server] Conditionally compile authentication code to save flash memory (#10022)

2025-08-04 09:27:47 +00:00 · 2025-08-03 16:09:12 -10:00 · 2025-08-03 16:09:12 -10:00 · 494a1a216c
commit 494a1a216c
parent a75f73dbf0
7 changed files with 21 additions and 0 deletions
--- a/esphome/components/web_server/init.py
+++ b/esphome/components/web_server/init.py
@ -298,6 +298,7 @@ async def to_code(config):
    if config[CONF_ENABLE_PRIVATE_NETWORK_ACCESS]:
        cg.add_define("USE_WEBSERVER_PRIVATE_NETWORK_ACCESS")
    if CONF_AUTH in config:
+        cg.add_define("USE_WEBSERVER_AUTH")
        cg.add(paren.set_auth_username(config[CONF_AUTH][CONF_USERNAME]))
        cg.add(paren.set_auth_password(config[CONF_AUTH][CONF_PASSWORD]))
    if CONF_CSS_INCLUDE in config:
--- a/esphome/components/web_server_base/web_server_base.cpp
+++ b/esphome/components/web_server_base/web_server_base.cpp
@ -14,9 +14,11 @@ WebServerBase *global_web_server_base = nullptr;  // NOLINT(cppcoreguidelines-av
 void WebServerBase::add_handler(AsyncWebHandler *handler) {
  // remove all handlers

+#ifdef USE_WEBSERVER_AUTH
  if (!credentials_.username.empty()) {
    handler = new internal::AuthMiddlewareHandler(handler, &credentials_);
  }
+#endif
  this->handlers_.push_back(handler);
  if (this->server_ != nullptr) {
    this->server_->addHandler(handler);
--- a/esphome/components/web_server_base/web_server_base.h
+++ b/esphome/components/web_server_base/web_server_base.h
@ -41,6 +41,7 @@ class MiddlewareHandler : public AsyncWebHandler {
  AsyncWebHandler *next_;
 };

+#ifdef USE_WEBSERVER_AUTH
 struct Credentials {
  std::string username;
  std::string password;
@ -79,6 +80,7 @@ class AuthMiddlewareHandler : public MiddlewareHandler {
 protected:
  Credentials *credentials_;
 };
+#endif

 }  // namespace internal

@ -108,8 +110,10 @@ class WebServerBase : public Component {
  std::shared_ptr<AsyncWebServer> get_server() const { return server_; }
  float get_setup_priority() const override;

+#ifdef USE_WEBSERVER_AUTH
  void set_auth_username(std::string auth_username) { credentials_.username = std::move(auth_username); }
  void set_auth_password(std::string auth_password) { credentials_.password = std::move(auth_password); }
+#endif

  void add_handler(AsyncWebHandler *handler);

@ -121,7 +125,9 @@ class WebServerBase : public Component {
  uint16_t port_{80};
  std::shared_ptr<AsyncWebServer> server_{nullptr};
  std::vector<AsyncWebHandler *> handlers_;
+#ifdef USE_WEBSERVER_AUTH
  internal::Credentials credentials_;
+#endif
 };

 }  // namespace web_server_base
--- a/esphome/components/web_server_idf/web_server_idf.cpp
+++ b/esphome/components/web_server_idf/web_server_idf.cpp
@ -223,6 +223,7 @@ void AsyncWebServerRequest::init_response_(AsyncWebServerResponse *rsp, int code
  this->rsp_ = rsp;
 }

+#ifdef USE_WEBSERVER_AUTH
 bool AsyncWebServerRequest::authenticate(const char *username, const char *password) const {
  if (username == nullptr || password == nullptr || *username == 0) {
    return true;
@ -261,6 +262,7 @@ void AsyncWebServerRequest::requestAuthentication(const char *realm) const {
  httpd_resp_set_hdr(*this, "WWW-Authenticate", auth_val.c_str());
  httpd_resp_send_err(*this, HTTPD_401_UNAUTHORIZED, nullptr);
 }
+#endif

 AsyncWebParameter *AsyncWebServerRequest::getParam(const std::string &name) {
  auto find = this->params_.find(name);
--- a/esphome/components/web_server_idf/web_server_idf.h
+++ b/esphome/components/web_server_idf/web_server_idf.h
@ -115,9 +115,11 @@ class AsyncWebServerRequest {
  // NOLINTNEXTLINE(readability-identifier-naming)
  size_t contentLength() const { return this->req_->content_len; }

+#ifdef USE_WEBSERVER_AUTH
  bool authenticate(const char *username, const char *password) const;
  // NOLINTNEXTLINE(readability-identifier-naming)
  void requestAuthentication(const char *realm = nullptr) const;
+#endif

  void redirect(const std::string &url);

--- a/esphome/core/defines.h
+++ b/esphome/core/defines.h
@ -163,6 +163,7 @@
 #define USE_SPI
 #define USE_VOICE_ASSISTANT
 #define USE_WEBSERVER
+#define USE_WEBSERVER_AUTH
 #define USE_WEBSERVER_OTA
 #define USE_WEBSERVER_PORT 80  // NOLINT
 #define USE_WEBSERVER_SORTING
@ -210,6 +211,7 @@
  {}

 #define USE_WEBSERVER
+#define USE_WEBSERVER_AUTH
 #define USE_WEBSERVER_PORT 80  // NOLINT
 #endif

@ -226,6 +228,7 @@
 #define USE_SOCKET_IMPL_LWIP_SOCKETS
 #define USE_SOCKET_SELECT_SUPPORT
 #define USE_WEBSERVER
+#define USE_WEBSERVER_AUTH
 #define USE_WEBSERVER_PORT 80  // NOLINT
 #endif

--- a/tests/components/web_server/test.esp32-idf.yaml
+++ b/tests/components/web_server/test.esp32-idf.yaml
@ -1 +1,6 @@
 <<: !include common_v2.yaml
+
+web_server:
+  auth:
+    username: admin
+    password: password