Added user system UI and WoL

firmware/v3/web-server/api.ino

@@ -1,487 +1,486 @@
-/*
-
-    API.ino
-
-    This script handle API requests
-    functions.
-*/
-
-/* Utilities Functions */
-String GetPara(AsyncWebServerRequest *request, String key) {
-  if (request->hasParam(key)) {
-    return request->getParam(key)->value();
-  }
-  return "";
-}
-
-void SendErrorResp(AsyncWebServerRequest *r, String errorMessage) {
-  //Parse the error message into json
-  StaticJsonDocument<200> jsonDocument;
-  JsonObject root = jsonDocument.to<JsonObject>();
-  root["error"] = errorMessage;
-  String jsonString;
-  serializeJson(root, jsonString);
-
-  //Send it out with request handler
-  r->send(200, "application/json", jsonString);
-}
-
-void SendJsonResp(AsyncWebServerRequest *r, String jsonString) {
-  r->send(200, "application/json", jsonString);
-}
-
-void SendOK(AsyncWebServerRequest *r) {
-  r->send(200, "application/json", "\"ok\"");
-}
-
-//Handle auth check if the request has been authed.
-//Return false if user is not authed
-bool HandleAuth(AsyncWebServerRequest *request) {
-  //Handle for API calls authentication validate
-  if (!IsUserAuthed(request)) {
-    //user not logged in
-    request->send(401, "text/html", "401 - Unauthorized");
-    return false;
-  }
-
-  return true;
-}
-
-/*
-
-    Handler Functions
-
-    These are API endpoints handler
-    which handle special API call
-    for backend operations
-
-*/
-
-/* Authentications */
-//Check if the user has logged in
-void HandleCheckAuth(AsyncWebServerRequest *r) {
-  if (IsUserAuthed(r)) {
-    SendJsonResp(r, "true");
-  } else {
-    SendJsonResp(r, "false");
-  }
-}
-
-//Handle login request
-void HandleLogin(AsyncWebServerRequest *r) {
-  String username = GetPara(r, "username");
-  String password = GetPara(r, "password");
-  if (adminUsername == "") {
-    SendErrorResp(r, "admin account not enabled");
-    return;
-  }
-  if (username.equals(adminUsername) && password.equals(adminPassword)) {
-    //Username and password correct. Set a cookie for this login.
-    //Generate a unique cookie for this login session
-    String cookieId = GeneratedRandomHex();
-    Serial.print("Generating new cookie ID ");
-    Serial.println(cookieId);
-
-    String expireUTC = getUTCTimeString(getTime() + 604800);
-    Serial.print("Generating expire UTC timestamp ");
-    Serial.println(expireUTC);
-
-    AsyncWebServerResponse *response = r->beginResponse(200, "application/json", "\"ok\"");
-    response->addHeader("Server", mdnsName);
-    response->addHeader("Cache-Control", "no-cache");
-    response->addHeader("Set-Cookie", "web-auth=" + cookieId + "; Path=/; Expires=" + expireUTC + "; Max-Age=604800");
-
-    //Save the cookie id
-    DBWrite("auth", "cookie", cookieId);
-    authSession = cookieId;
-
-    //Return login succ
-    r->send(response);
-
-    Serial.println(username + " logged in");
-    return;
-  } else if (UserCheckAuth(username, password)) {
-    //User Login. Generate a session for this user
-    String cookieId = GeneratedRandomHex();
-    Serial.print("Generating new cookie ID ");
-    Serial.println(cookieId);
-
-    String expireUTC = getUTCTimeString(getTime() + 604800);
-    Serial.print("Generating expire UTC timestamp ");
-    Serial.println(expireUTC);
-
-    AsyncWebServerResponse *response = r->beginResponse(200, "application/json", "\"ok\"");
-    response->addHeader("Server", mdnsName);
-    response->addHeader("Cache-Control", "no-cache");
-    response->addHeader("Set-Cookie", "web-auth=" + cookieId + "; Path=/; Expires=" + expireUTC + "; Max-Age=604800");
-
-    //Save the cookie id
-    DBWrite("sess", cookieId, username);
-    //Return login succ
-    r->send(response);
-
-    Serial.println(username + " logged in");
-    return;
-  } else {
-    SendErrorResp(r, "invalid username or password");
-    return;
-  }
-  SendOK(r);
-}
-
-//Handle logout request, or you can logout with
-//just front-end by going to log:out@{ip_addr}/api/auth/logout
-void HandleLogout(AsyncWebServerRequest *r) {
-  if (!IsUserAuthed(r)) {
-    SendErrorResp(r, "not logged in");
-    return;
-  }
-
-  //Delete the server side cookie
-  if (IsAdmin(r)) {
-    DBRemove("auth", "cookie");
-    authSession = "";
-  } else {
-    //Get the session from user
-    String authCookie = GetCookieValueByKey(r, "web-auth");
-    if (authCookie == "") {
-      SendErrorResp(r, "unknown error: unable to read cookie from header");
-      return;
-    }
-    //Remove the session map
-    DBRemove("sess", authCookie);
-  }
-
-  //Remove the cookie on client side
-  AsyncWebServerResponse *response = r->beginResponse(200, "application/json", "\"ok\"");
-  response->addHeader("Server", mdnsName);
-  response->addHeader("Cache-Control", "no-cache");
-  response->addHeader("Set-Cookie", "web-auth=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT");
-  r->send(response);
-}
-
-/* File System Functions */
-//HandleListDir handle the listing of directory under /www/
-void HandleListDir(AsyncWebServerRequest *r) {
-  if (!HandleAuth(r)) {
-    return;
-  }
-
-  //Get the folder path to be listed
-  //As ESP8266 dont have enough memory for proper struct to json conv, we are hacking a json string out of a single for-loop
-  String jsonString = "[";
-  String folderPath = GetPara(r, "dir");
-  folderPath = "/www" + folderPath;
-  if (SD.exists(folderPath)) {
-    File root = SD.open(folderPath);
-    bool firstObject = true;
-    if (root) {
-      while (true) {
-        File entry = root.openNextFile();
-        if (!entry) {
-          // No more files
-          break;
-        } else {
-          //There are more lines. Add a , to the end of the previous json object
-          if (!firstObject) {
-            jsonString = jsonString + ",";
-          } else {
-            firstObject = false;
-          }
-        }
-
-        String isDirString = "true";
-        if (!entry.isDirectory()) {
-          isDirString = "false";
-        }
-        jsonString = jsonString + "{\"Filename\":\"" + entry.name() + "\",\"Filesize\":" + String(entry.size()) + ",\"IsDir\":" + isDirString + "}";
-        entry.close();
-      }
-      root.close();
-
-      jsonString += "]";
-      SendJsonResp(r, jsonString);
-    } else {
-      SendErrorResp(r, "path read failed");
-    }
-  } else {
-    SendErrorResp(r, "path not found");
-  }
-  Serial.println(folderPath);
-}
-
-//Handle file rename on SD card
-void HandleFileRename(AsyncWebServerRequest *r) {
-  if (!HandleAuth(r)) {
-    return;
-  }
-  String srcFile = GetPara(r, "src");
-  String destFile = GetPara(r, "dest");
-  srcFile.trim();
-  destFile.trim();
-  srcFile = "/www" + srcFile;
-  destFile = "/www" + destFile;
-  if (!SD.exists(srcFile)) {
-    SendErrorResp(r, "source file not exists");
-    return;
-  }
-
-  if (SD.exists(destFile)) {
-    SendErrorResp(r, "destination file already exists");
-    return;
-  }
-
-  SD.rename(srcFile, destFile);
-  SendOK(r);
-}
-
-
-//Handle file delete on SD card
-void HandleFileDel(AsyncWebServerRequest *r) {
-  if (!HandleAuth(r)) {
-    return;
-  }
-  String targetFile = GetPara(r, "target");
-  targetFile.trim();
-  if (targetFile.equals("/")) {
-    //Do not allow remove the whole root folder
-    SendErrorResp(r, "you cannot remove the root folder");
-    return;
-  }
-  targetFile = "/www" + targetFile;
-  if (!SD.exists(targetFile)) {
-    SendErrorResp(r, "target file not exists");
-    return;
-  }
-
-
-
-  if (!SD.remove(targetFile)) {
-    if (IsDir(targetFile)) {
-      if (!targetFile.endsWith("/")) {
-        //pad the tailing slash
-        targetFile = targetFile + "/";
-      }
-
-      //Try remove dir
-      if (!SD.rmdir(targetFile)) {
-        //The folder might contain stuffs. Do recursive delete
-        Serial.println("rmdir failed. Trying recursive delete");
-        if (recursiveDirRemove(targetFile)) {
-          SendOK(r);
-        } else {
-          SendErrorResp(r, "folder delete failed");
-        }
-
-      } else {
-        SendOK(r);
-      }
-    } else {
-      SendErrorResp(r, "file delete failed");
-    }
-    return;
-  }
-
-  SendOK(r);
-}
-
-//Hanle creating new Folder
-void HandleNewFolder(AsyncWebServerRequest *r) {
-  if (!HandleAuth(r)) {
-    return;
-  }
-
-  //Get and clean the folder path
-  String folderPath = GetPara(r, "path");
-  folderPath.trim();
-  if (folderPath == "") {
-    SendErrorResp(r, "invalid folder path given");
-    return;
-  }
-
-  folderPath = "/www" + folderPath;
-
-  if (SD.exists(folderPath)) {
-    //Already exists
-    SendErrorResp(r, "folder with given path already exists");
-    return;
-  }
-
-  SD.mkdir(folderPath);
-  SendOK(r);
-}
-
-//Handle download file from any path, including the private store folder
-void HandleFileDownload(AsyncWebServerRequest *r) {
-  if (!HandleAuth(r)) {
-    return;
-  }
-  String targetFile = GetPara(r, "file");
-  String preview = GetPara(r, "preview");
-  if (!SD.exists("/www" + targetFile)) {
-    r->send(404, "text/html", "404 - File Not Found");
-    return;
-  }
-
-  //Check if it is dir, ESP8266 have no power of creating zip file
-  if (IsDir("/www" + targetFile)) {
-    r->send(500, "text/html", "500 - Internal Server Error: Target is a folder");
-    return;
-  }
-
-  //Ok. Proceed with file serving
-  if (preview == "true") {
-    //Serve
-    r->send(SDFS, "/www" + targetFile, getMime(targetFile), false);
-  } else {
-    //Download
-    r->send(SDFS, "/www" + targetFile, "application/octet-stream", false);
-  }
-}
-
-//Get the file / folder properties
-void HandleFileProp(AsyncWebServerRequest *r) {
-  if (!HandleAuth(r)) {
-    return;
-  }
-  String filepath = GetPara(r, "file");
-  filepath.trim();
-  String realFilepath = "/www" + filepath;
-
-  String resp = "";
-  if (IsDir(realFilepath)) {
-    //target is a folder
-    uint32_t totalSize = 0;
-    uint16_t fileCount = 0;
-    uint16_t folderCount = 0;
-    analyzeDirectory(realFilepath, totalSize, fileCount, folderCount);
-    resp = "{\"filename\":\"" + basename(filepath) + "\",\"filepath\":\"" + filepath + "\",\"isDir\":true,\"filesize\":" + String(totalSize) + ",\"fileCounts\":" + String(fileCount) + ",\"folderCounts\":" + String(folderCount) + "}";
-
-  } else {
-    //target is a file
-    File targetFile = SD.open(realFilepath);
-    if (!targetFile) {
-      SendErrorResp(r, "File open failed");
-      return;
-    }
-
-    resp = "{\"filename\":\"" + basename(filepath) + "\",\"filepath\":\"" + filepath + "\",\"isDir\":false,\"filesize\":" + String(targetFile.size()) + "}";
-    targetFile.close();
-  }
-
-  SendJsonResp(r, resp);
-}
-
-//Search with basic keyword match
-void HandleFileSearch(AsyncWebServerRequest *r) {
-  if (!HandleAuth(r)) {
-    return;
-  }
-  String keyword = GetPara(r, "keyword");
-  keyword.trim();
-  if (keyword.equals("")) {
-    SendErrorResp(r, "keyword cannot be empty");
-    return;
-  }
-
-  //Prepare for the resp
-  AsyncResponseStream *response = r->beginResponseStream("application/json");
-  response->print("[");
-
-  //Recursive search for the whole /www/ directory (Require tailing slash)
-  int foundCounter = 0;
-  scanSDCardForKeyword("/www/", keyword, &foundCounter, response);
-
-  //Send the resp
-  response->print("]");
-  r->send(response);
-}
-/* Handle Load and Set of Prefernece Value */
-//Set Preference, auth user only
-void HandleSetPref(AsyncWebServerRequest *r) {
-  if (!HandleAuth(r)) {
-    return;
-  }
-  String key = GetPara(r, "key");
-  String val = GetPara(r, "value");
-  key.trim();
-  val.trim();
-
-  if (key == "" || val == "") {
-    SendErrorResp(r, "invalid key or value given");
-    return;
-  }
-
-  DBWrite("pref", key, val);
-  SendOK(r);
-}
-
-//Load Prefernece, allow public access
-void HandleLoadPref(AsyncWebServerRequest *r) {
-  String key = GetPara(r, "key");
-  key.trim();
-  if (!DBKeyExists("pref", key)) {
-    SendErrorResp(r, "preference with given key not found");
-    return;
-  }
-
-  String prefValue = DBRead("pref", key);
-  r->send(200, "application/json", "\"" + prefValue + "\"");
-}
-
-/* Handle System Info */
-void HandleLoadSpaceInfo(AsyncWebServerRequest *r) {
-  String jsonResp = "{\
-    \"diskSpace\":" + String(getSDCardTotalSpace())
-                    + ",\
-    \"usedSpace\": " + String(getSDCardUsedSpace())
-                    + "\
-  }";
-
-  SendJsonResp(r, jsonResp);
-}
-
-/* Handle Wake On Lan Request */
-void HandleWakeOnLan(AsyncWebServerRequest *r) {
-  if (!IsUserAuthed(r)) {
-    SendErrorResp(r, "not logged in");
-    return;
-  }
-
-  if (r->hasArg("mac")) {
-    String macAddress = r->arg("mac");
-    Serial.print("Sending WoL packet to: ");
-    Serial.println(macAddress);
-
-    //Send MAC address to both port 9 and 7
-    WOL.sendMagicPacket(macAddress);
-    WOL.sendMagicPacket(macAddress, 7);
-
-    r->send(200, "text/plain", "Received MAC Address: " + macAddress);
-    return;
-  } else {
-    r->send(400, "text/plain", "Missing 'mac' parameter");
-    return;
-  }
-}
-
-
-//Get the current connected WiFi info
-void HandleWiFiInfo(AsyncWebServerRequest *r) {
-  StaticJsonDocument<256> jsonBuffer;
-  jsonBuffer["SSID"] = WiFi.SSID();
-  jsonBuffer["WifiStatus"] = WiFi.status();
-  jsonBuffer["WifiStrength"] = WiFi.RSSI();
-  jsonBuffer["MAC"] = WiFi.macAddress();
-  jsonBuffer["IP"] = WiFi.localIP().toString();
-  jsonBuffer["Subnet"] = WiFi.subnetMask().toString();
-  jsonBuffer["Gateway"] = WiFi.gatewayIP().toString();
-  jsonBuffer["DNS1"] = WiFi.dnsIP(0).toString();
-  jsonBuffer["DNS2"] = WiFi.dnsIP(1).toString();
-  jsonBuffer["DNS3"] = WiFi.dnsIP(2).toString();
-
-  // Serialize the JSON buffer to a string
-  String jsonString;
-  serializeJson(jsonBuffer, jsonString);
-  SendJsonResp(r, jsonString);
-}
+/*
+
+    API.ino
+
+    This script handle API requests
+    functions.
+*/
+
+/* Utilities Functions */
+String GetPara(AsyncWebServerRequest *request, String key) {
+  if (request->hasParam(key)) {
+    return request->getParam(key)->value();
+  }
+  return "";
+}
+
+void SendErrorResp(AsyncWebServerRequest *r, String errorMessage) {
+  //Parse the error message into json
+  StaticJsonDocument<200> jsonDocument;
+  JsonObject root = jsonDocument.to<JsonObject>();
+  root["error"] = errorMessage;
+  String jsonString;
+  serializeJson(root, jsonString);
+
+  //Send it out with request handler
+  r->send(200, "application/json", jsonString);
+}
+
+void SendJsonResp(AsyncWebServerRequest *r, String jsonString) {
+  r->send(200, "application/json", jsonString);
+}
+
+void SendOK(AsyncWebServerRequest *r) {
+  r->send(200, "application/json", "\"ok\"");
+}
+
+//Handle auth check if the request has been authed.
+//Return false if user is not authed
+bool HandleAuth(AsyncWebServerRequest *request) {
+  //Handle for API calls authentication validate
+  if (!IsUserAuthed(request)) {
+    //user not logged in
+    request->send(401, "text/html", "401 - Unauthorized");
+    return false;
+  }
+
+  return true;
+}
+
+/*
+
+    Handler Functions
+
+    These are API endpoints handler
+    which handle special API call
+    for backend operations
+
+*/
+
+/* Authentications */
+//Check if the user has logged in
+void HandleCheckAuth(AsyncWebServerRequest *r) {
+  if (IsUserAuthed(r)) {
+    SendJsonResp(r, "true");
+  } else {
+    SendJsonResp(r, "false");
+  }
+}
+
+//Handle login request
+void HandleLogin(AsyncWebServerRequest *r) {
+  String username = GetPara(r, "username");
+  String password = GetPara(r, "password");
+  if (adminUsername == "") {
+    SendErrorResp(r, "admin account not enabled");
+    return;
+  }
+  if (username.equals(adminUsername) && password.equals(adminPassword)) {
+    //Username and password correct. Set a cookie for this login.
+    //Generate a unique cookie for this login session
+    String cookieId = GeneratedRandomHex();
+    Serial.print("Generating new cookie ID ");
+    Serial.println(cookieId);
+
+    String expireUTC = getUTCTimeString(getTime() + 604800);
+    Serial.print("Generating expire UTC timestamp ");
+    Serial.println(expireUTC);
+
+    AsyncWebServerResponse *response = r->beginResponse(200, "application/json", "\"ok\"");
+    response->addHeader("Server", mdnsName);
+    response->addHeader("Cache-Control", "no-cache");
+    response->addHeader("Set-Cookie", "web-auth=" + cookieId + "; Path=/; Expires=" + expireUTC + "; Max-Age=604800");
+
+    //Save the cookie id
+    DBWrite("auth", "cookie", cookieId);
+    authSession = cookieId;
+
+    //Return login succ
+    r->send(response);
+
+    Serial.println(username + " logged in");
+    return;
+  } else if (UserCheckAuth(username, password)) {
+    //User Login. Generate a session for this user
+    String cookieId = GeneratedRandomHex();
+    Serial.print("Generating new cookie ID ");
+    Serial.println(cookieId);
+
+    String expireUTC = getUTCTimeString(getTime() + 604800);
+    Serial.print("Generating expire UTC timestamp ");
+    Serial.println(expireUTC);
+
+    AsyncWebServerResponse *response = r->beginResponse(200, "application/json", "\"ok\"");
+    response->addHeader("Server", mdnsName);
+    response->addHeader("Cache-Control", "no-cache");
+    response->addHeader("Set-Cookie", "web-auth=" + cookieId + "; Path=/; Expires=" + expireUTC + "; Max-Age=604800");
+
+    //Save the cookie id
+    DBWrite("sess", cookieId, username);
+    //Return login succ
+    r->send(response);
+
+    Serial.println(username + " logged in");
+    return;
+  } else {
+    SendErrorResp(r, "invalid username or password");
+    return;
+  }
+  SendOK(r);
+}
+
+//Handle logout request, or you can logout with
+//just front-end by going to log:out@{ip_addr}/api/auth/logout
+void HandleLogout(AsyncWebServerRequest *r) {
+  if (!IsUserAuthed(r)) {
+    SendErrorResp(r, "not logged in");
+    return;
+  }
+
+  //Delete the server side cookie
+  if (IsAdmin(r)) {
+    DBRemove("auth", "cookie");
+    authSession = "";
+  } else {
+    //Get the session from user
+    String authCookie = GetCookieValueByKey(r, "web-auth");
+    if (authCookie == "") {
+      SendErrorResp(r, "unknown error: unable to read cookie from header");
+      return;
+    }
+    //Remove the session map
+    DBRemove("sess", authCookie);
+  }
+
+  //Remove the cookie on client side
+  AsyncWebServerResponse *response = r->beginResponse(200, "application/json", "\"ok\"");
+  response->addHeader("Server", mdnsName);
+  response->addHeader("Cache-Control", "no-cache");
+  response->addHeader("Set-Cookie", "web-auth=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT");
+  r->send(response);
+}
+
+/* File System Functions */
+//HandleListDir handle the listing of directory under /www/
+void HandleListDir(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+
+  //Get the folder path to be listed
+  //As ESP8266 dont have enough memory for proper struct to json conv, we are hacking a json string out of a single for-loop
+  String jsonString = "[";
+  String folderPath = GetPara(r, "dir");
+  folderPath = "/www" + folderPath;
+  if (SD.exists(folderPath)) {
+    File root = SD.open(folderPath);
+    bool firstObject = true;
+    if (root) {
+      while (true) {
+        File entry = root.openNextFile();
+        if (!entry) {
+          // No more files
+          break;
+        } else {
+          //There are more lines. Add a , to the end of the previous json object
+          if (!firstObject) {
+            jsonString = jsonString + ",";
+          } else {
+            firstObject = false;
+          }
+        }
+
+        String isDirString = "true";
+        if (!entry.isDirectory()) {
+          isDirString = "false";
+        }
+        jsonString = jsonString + "{\"Filename\":\"" + entry.name() + "\",\"Filesize\":" + String(entry.size()) + ",\"IsDir\":" + isDirString + "}";
+        entry.close();
+      }
+      root.close();
+
+      jsonString += "]";
+      SendJsonResp(r, jsonString);
+    } else {
+      SendErrorResp(r, "path read failed");
+    }
+  } else {
+    SendErrorResp(r, "path not found");
+  }
+  Serial.println(folderPath);
+}
+
+//Handle file rename on SD card
+void HandleFileRename(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String srcFile = GetPara(r, "src");
+  String destFile = GetPara(r, "dest");
+  srcFile.trim();
+  destFile.trim();
+  srcFile = "/www" + srcFile;
+  destFile = "/www" + destFile;
+  if (!SD.exists(srcFile)) {
+    SendErrorResp(r, "source file not exists");
+    return;
+  }
+
+  if (SD.exists(destFile)) {
+    SendErrorResp(r, "destination file already exists");
+    return;
+  }
+
+  SD.rename(srcFile, destFile);
+  SendOK(r);
+}
+
+
+//Handle file delete on SD card
+void HandleFileDel(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String targetFile = GetPara(r, "target");
+  targetFile.trim();
+  if (targetFile.equals("/")) {
+    //Do not allow remove the whole root folder
+    SendErrorResp(r, "you cannot remove the root folder");
+    return;
+  }
+  targetFile = "/www" + targetFile;
+  if (!SD.exists(targetFile)) {
+    SendErrorResp(r, "target file not exists");
+    return;
+  }
+
+
+
+  if (!SD.remove(targetFile)) {
+    if (IsDir(targetFile)) {
+      if (!targetFile.endsWith("/")) {
+        //pad the tailing slash
+        targetFile = targetFile + "/";
+      }
+
+      //Try remove dir
+      if (!SD.rmdir(targetFile)) {
+        //The folder might contain stuffs. Do recursive delete
+        Serial.println("rmdir failed. Trying recursive delete");
+        if (recursiveDirRemove(targetFile)) {
+          SendOK(r);
+        } else {
+          SendErrorResp(r, "folder delete failed");
+        }
+
+      } else {
+        SendOK(r);
+      }
+    } else {
+      SendErrorResp(r, "file delete failed");
+    }
+    return;
+  }
+
+  SendOK(r);
+}
+
+//Hanle creating new Folder
+void HandleNewFolder(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+
+  //Get and clean the folder path
+  String folderPath = GetPara(r, "path");
+  folderPath.trim();
+  if (folderPath == "") {
+    SendErrorResp(r, "invalid folder path given");
+    return;
+  }
+
+  folderPath = "/www" + folderPath;
+
+  if (SD.exists(folderPath)) {
+    //Already exists
+    SendErrorResp(r, "folder with given path already exists");
+    return;
+  }
+
+  SD.mkdir(folderPath);
+  SendOK(r);
+}
+
+//Handle download file from any path, including the private store folder
+void HandleFileDownload(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String targetFile = GetPara(r, "file");
+  String preview = GetPara(r, "preview");
+  if (!SD.exists("/www" + targetFile)) {
+    r->send(404, "text/html", "404 - File Not Found");
+    return;
+  }
+
+  //Check if it is dir, ESP8266 have no power of creating zip file
+  if (IsDir("/www" + targetFile)) {
+    r->send(500, "text/html", "500 - Internal Server Error: Target is a folder");
+    return;
+  }
+
+  //Ok. Proceed with file serving
+  if (preview == "true") {
+    //Serve
+    r->send(SDFS, "/www" + targetFile, getMime(targetFile), false);
+  } else {
+    //Download
+    r->send(SDFS, "/www" + targetFile, "application/octet-stream", false);
+  }
+}
+
+//Get the file / folder properties
+void HandleFileProp(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String filepath = GetPara(r, "file");
+  filepath.trim();
+  String realFilepath = "/www" + filepath;
+
+  String resp = "";
+  if (IsDir(realFilepath)) {
+    //target is a folder
+    uint32_t totalSize = 0;
+    uint16_t fileCount = 0;
+    uint16_t folderCount = 0;
+    analyzeDirectory(realFilepath, totalSize, fileCount, folderCount);
+    resp = "{\"filename\":\"" + basename(filepath) + "\",\"filepath\":\"" + filepath + "\",\"isDir\":true,\"filesize\":" + String(totalSize) + ",\"fileCounts\":" + String(fileCount) + ",\"folderCounts\":" + String(folderCount) + "}";
+
+  } else {
+    //target is a file
+    File targetFile = SD.open(realFilepath);
+    if (!targetFile) {
+      SendErrorResp(r, "File open failed");
+      return;
+    }
+
+    resp = "{\"filename\":\"" + basename(filepath) + "\",\"filepath\":\"" + filepath + "\",\"isDir\":false,\"filesize\":" + String(targetFile.size()) + "}";
+    targetFile.close();
+  }
+
+  SendJsonResp(r, resp);
+}
+
+//Search with basic keyword match
+void HandleFileSearch(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String keyword = GetPara(r, "keyword");
+  keyword.trim();
+  if (keyword.equals("")) {
+    SendErrorResp(r, "keyword cannot be empty");
+    return;
+  }
+
+  //Prepare for the resp
+  AsyncResponseStream *response = r->beginResponseStream("application/json");
+  response->print("[");
+
+  //Recursive search for the whole /www/ directory (Require tailing slash)
+  int foundCounter = 0;
+  scanSDCardForKeyword("/www/", keyword, &foundCounter, response);
+
+  //Send the resp
+  response->print("]");
+  r->send(response);
+}
+/* Handle Load and Set of Prefernece Value */
+//Set Preference, auth user only
+void HandleSetPref(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String key = GetPara(r, "key");
+  String val = GetPara(r, "value");
+  key.trim();
+  val.trim();
+
+  if (key == "" || val == "") {
+    SendErrorResp(r, "invalid key or value given");
+    return;
+  }
+
+  DBWrite("pref", key, val);
+  SendOK(r);
+}
+
+//Load Prefernece, allow public access
+void HandleLoadPref(AsyncWebServerRequest *r) {
+  String key = GetPara(r, "key");
+  key.trim();
+  if (!DBKeyExists("pref", key)) {
+    SendErrorResp(r, "preference with given key not found");
+    return;
+  }
+
+  String prefValue = DBRead("pref", key);
+  r->send(200, "application/json", "\"" + prefValue + "\"");
+}
+
+/* Handle System Info */
+void HandleLoadSpaceInfo(AsyncWebServerRequest *r) {
+  String jsonResp = "{\
+    \"diskSpace\":" + String(getSDCardTotalSpace())
+                    + ",\
+    \"usedSpace\": " + String(getSDCardUsedSpace())
+                    + "\
+  }";
+
+  SendJsonResp(r, jsonResp);
+}
+
+/* Handle Wake On Lan Request */
+void HandleWakeOnLan(AsyncWebServerRequest *r) {
+  if (!IsUserAuthed(r)) {
+    SendErrorResp(r, "not logged in");
+    return;
+  }
+
+  if (r->hasArg("mac")) {
+    String macAddress = r->arg("mac");
+    Serial.print("Sending WoL packet to: ");
+    Serial.println(macAddress);
+
+    //Send MAC address to both port 9 and 7
+    WOL.sendMagicPacket(macAddress);
+    WOL.sendMagicPacket(macAddress, 7);
+
+    r->send(200, "text/plain", "Received MAC Address: " + macAddress);
+    return;
+  } else {
+    r->send(400, "text/plain", "Missing 'mac' parameter");
+    return;
+  }
+}
+
+//Get the current connected WiFi info
+void HandleWiFiInfo(AsyncWebServerRequest *r) {
+  StaticJsonDocument<256> jsonBuffer;
+  jsonBuffer["SSID"] = WiFi.SSID();
+  jsonBuffer["WifiStatus"] = WiFi.status();
+  jsonBuffer["WifiStrength"] = WiFi.RSSI();
+  jsonBuffer["MAC"] = WiFi.macAddress();
+  jsonBuffer["IP"] = WiFi.localIP().toString();
+  jsonBuffer["Subnet"] = WiFi.subnetMask().toString();
+  jsonBuffer["Gateway"] = WiFi.gatewayIP().toString();
+  jsonBuffer["DNS1"] = WiFi.dnsIP(0).toString();
+  jsonBuffer["DNS2"] = WiFi.dnsIP(1).toString();
+  jsonBuffer["DNS3"] = WiFi.dnsIP(2).toString();
+
+  // Serialize the JSON buffer to a string
+  String jsonString;
+  serializeJson(jsonBuffer, jsonString);
+  SendJsonResp(r, jsonString);
+}

firmware/v3/web-server/server.ino

@@ -1,160 +1,164 @@
-/*
-
-    Web Server
-
-    This is the main entry point of the WebStick bare metal
-    web server. If you have exception rules that shall not
-    be handled by the main router, you can do them here.
-
-*/
-
-//Check if a user is authenticated / logged in
-bool IsUserAuthed(AsyncWebServerRequest *request) {
-  if (request->hasHeader("Cookie")) {
-    //User cookie from browser
-    String authCookie = GetCookieValueByKey(request, "web-auth");
-    if (authCookie == "") {
-      return false;
-    }
-
-    //Match it to the server side value in kvdb
-    //Serial.println(authCookie); //user cookie
-    //Serial.println(authSession); //server session
-    if (authSession == "") {
-      //Server side has no resumable login session
-      return false;
-    }
-    if (authCookie.equals(authSession)) {
-      return true;
-    }
-    return false;
-  } else {
-    Serial.println("Cookie Missing");
-    return false;
-  }
-}
-
-//Check if a user is authenticated and is Admin
-bool IsAdmin(AsyncWebServerRequest *request) {
-  if (request->hasHeader("Cookie")) {
-    //User cookie from browser
-    String authCookie = GetCookieValueByKey(request, "web-auth");
-    if (authCookie == "") {
-      return false;
-    }
-
-    //Match it to the server side value in kvdb
-    if (authSession == "") {
-      //Server side has no resumable login session
-      return false;
-    }
-    if (authCookie.equals(authSession)) {
-      return true;
-    }
-    return false;
-  } else {
-    return false;
-  }
-}
-
-
-//Reply the request by a directory list
-void HandleDirRender(AsyncWebServerRequest *r, String dirName, String dirToList) {
-  AsyncResponseStream *response = r->beginResponseStream("text/html");
-  //Serve directory entries
-  File directory = SD.open(dirToList);
-
-  // Check if the directory is open
-  if (!directory) {
-    SendErrorResp(r, "unable to open directory");
-    return;
-  }
-
-  response->print("<!DOCTYPE html><html><head><meta charset=\"utf-8\"><title>Content of " + dirName + "</title></head><body style=\"margin: 3em;font-family: Arial;\">");
-  response->print("<h3>Content of " + dirName + "</h3><div style=\"width: 100%;border-bottom: 1px solid #d9d9d9;\"></div><ul>");
-  // List the contents of the directory
-  while (true) {
-    File entry = directory.openNextFile();
-    if (!entry) {
-      // No more files
-      break;
-    }
-
-    // Print the file name
-    response->print("<li><a href=\"./" + String(entry.name()) + "\">");
-    response->print(entry.name());
-    response->print(" (" + humanReadableSize(entry.size()) + ")</a></li>");
-    Serial.println(entry.name());
-
-    entry.close();
-  }
-
-  // Close the directory
-  directory.close();
-
-  response->print("</ul><div style=\"width: 100%;border-bottom: 1px solid #d9d9d9;\"></div><br><a href=\"../\">Back</a>");
-  response->print("<br><br><body></html>");
-  r->send(response);
-}
-
-
-void initWebServer() {
-  /*
-     Other handles here, like this
-    server.on("/logout", HTTP_GET, [](AsyncWebServerRequest *request){
-    request->send(401);
-    });
-  */
-
-  /*
-  server.on("/test", HTTP_GET, [](AsyncWebServerRequest * request) {
-    getSDCardUsedSpace();
-    request->send(200);
-  });
-  */
-
-  /* Authentication Functions */
-  server.on("/api/auth/chk", HTTP_GET, HandleCheckAuth);
-  server.on("/api/auth/login", HTTP_POST, HandleLogin);
-  server.on("/api/auth/logout", HTTP_GET, HandleLogout);
-
-  /* User System Functions */
-  server.on("/api/user/new", HTTP_POST, HandleNewUser);
-  server.on("/api/user/chpw", HTTP_POST, HandleUserChangePassword);
-  server.on("/api/user/del", HTTP_POST, HandleRemoveUser);
-  server.on("/api/user/list", HTTP_GET, HandleUserList);
-
-  /* File System Functions */
-  server.on("/api/fs/list", HTTP_GET, HandleListDir);
-  server.on("/api/fs/del", HTTP_POST, HandleFileDel);
-  server.on("/api/fs/move", HTTP_POST, HandleFileRename);
-  server.on("/api/fs/download", HTTP_GET, HandleFileDownload);
-  server.on("/api/fs/newFolder", HTTP_POST, HandleNewFolder);
-  server.on("/api/fs/disk", HTTP_GET, HandleLoadSpaceInfo);
-  server.on("/api/fs/properties", HTTP_GET, HandleFileProp);
-  server.on("/api/fs/search", HTTP_GET, HandleFileSearch);
-
-  /* Preference */
-  server.on("/api/pref/set", HTTP_GET, HandleSetPref);
-  server.on("/api/pref/get", HTTP_GET, HandleLoadPref);
-
-  /* Others */
-  server.on("/api/info/wifi", HTTP_GET, HandleWiFiInfo); //Show WiFi Information
-  server.on("/api/wol", HTTP_GET, HandleWakeOnLan); //Handle WoL request
-
-  //File upload handler. see upload.ino
-  server.onFileUpload(handleFileUpload);
-
-  //Not found handler
-  server.onNotFound([](AsyncWebServerRequest *request) {
-    //Generally it will not arrive here as NOT FOUND is also handled in the main router.
-    //See router.ino for implementation details.
-    prettyPrintRequest(request);
-    request->send(404, "text/plain", "Not Found");
-  });
-
-  //Main Router, see router.ino
-  server.addHandler(new MainRouter());
-
-  server.begin();
-}
+/*
+
+    Web Server
+
+    This is the main entry point of the WebStick bare metal
+    web server. If you have exception rules that shall not
+    be handled by the main router, you can do them here.
+
+*/
+
+//Check if a user is authenticated / logged in
+bool IsUserAuthed(AsyncWebServerRequest *request) {
+  if (request->hasHeader("Cookie")) {
+    //User cookie from browser
+    String authCookie = GetCookieValueByKey(request, "web-auth");
+    if (authCookie == "") {
+      return false;
+    }
+
+    //Match it to the server side value in kvdb
+    if (authSession == "") {
+      //Server side has no resumable login session
+      return false;
+    }
+    if (authCookie.equals(authSession)) {
+      //Admin login
+      return true;
+    }else if (DBKeyExists("sess", authCookie)){
+      //User login
+      return true;
+    }
+    
+    return false;
+  } else {
+    Serial.println("Cookie Missing");
+    return false;
+  }
+}
+
+//Check if a user is authenticated and is Admin
+bool IsAdmin(AsyncWebServerRequest *request) {
+  if (request->hasHeader("Cookie")) {
+    //User cookie from browser
+    String authCookie = GetCookieValueByKey(request, "web-auth");
+    if (authCookie == "") {
+      return false;
+    }
+
+    //Match it to the server side value in kvdb
+    if (authSession == "") {
+      //Server side has no resumable login session
+      return false;
+    }
+    if (authCookie.equals(authSession)) {
+      return true;
+    }
+    return false;
+  } else {
+    return false;
+  }
+}
+
+
+//Reply the request by a directory list
+void HandleDirRender(AsyncWebServerRequest *r, String dirName, String dirToList) {
+  AsyncResponseStream *response = r->beginResponseStream("text/html");
+  //Serve directory entries
+  File directory = SD.open(dirToList);
+
+  // Check if the directory is open
+  if (!directory) {
+    SendErrorResp(r, "unable to open directory");
+    return;
+  }
+
+  response->print("<!DOCTYPE html><html><head><meta charset=\"utf-8\"><title>Content of " + dirName + "</title></head><body style=\"margin: 3em;font-family: Arial;\">");
+  response->print("<h3>Content of " + dirName + "</h3><div style=\"width: 100%;border-bottom: 1px solid #d9d9d9;\"></div><ul>");
+  // List the contents of the directory
+  while (true) {
+    File entry = directory.openNextFile();
+    if (!entry) {
+      // No more files
+      break;
+    }
+
+    // Print the file name
+    response->print("<li><a href=\"./" + String(entry.name()) + "\">");
+    response->print(entry.name());
+    response->print(" (" + humanReadableSize(entry.size()) + ")</a></li>");
+    Serial.println(entry.name());
+
+    entry.close();
+  }
+
+  // Close the directory
+  directory.close();
+
+  response->print("</ul><div style=\"width: 100%;border-bottom: 1px solid #d9d9d9;\"></div><br><a href=\"../\">Back</a>");
+  response->print("<br><br><body></html>");
+  r->send(response);
+}
+
+
+void initWebServer() {
+  /*
+     Other handles here, like this
+    server.on("/logout", HTTP_GET, [](AsyncWebServerRequest *request){
+    request->send(401);
+    });
+  */
+
+  /*
+  server.on("/test", HTTP_GET, [](AsyncWebServerRequest * request) {
+    getSDCardUsedSpace();
+    request->send(200);
+  });
+  */
+
+  /* Authentication Functions */
+  server.on("/api/auth/chk", HTTP_GET, HandleCheckAuth);
+  server.on("/api/auth/login", HTTP_POST, HandleLogin);
+  server.on("/api/auth/logout", HTTP_GET, HandleLogout);
+
+  /* User System Functions */
+  server.on("/api/user/info", HTTP_GET, HandleGetUserinfo);
+  server.on("/api/user/new", HTTP_POST, HandleNewUser);
+  server.on("/api/user/chpw", HTTP_POST, HandleUserChangePassword);
+  server.on("/api/user/del", HTTP_POST, HandleRemoveUser);
+  server.on("/api/user/list", HTTP_GET, HandleUserList);
+
+  /* File System Functions */
+  server.on("/api/fs/list", HTTP_GET, HandleListDir);
+  server.on("/api/fs/del", HTTP_POST, HandleFileDel);
+  server.on("/api/fs/move", HTTP_POST, HandleFileRename);
+  server.on("/api/fs/download", HTTP_GET, HandleFileDownload);
+  server.on("/api/fs/newFolder", HTTP_POST, HandleNewFolder);
+  server.on("/api/fs/disk", HTTP_GET, HandleLoadSpaceInfo);
+  server.on("/api/fs/properties", HTTP_GET, HandleFileProp);
+  server.on("/api/fs/search", HTTP_GET, HandleFileSearch);
+
+  /* Preference */
+  server.on("/api/pref/set", HTTP_GET, HandleSetPref);
+  server.on("/api/pref/get", HTTP_GET, HandleLoadPref);
+
+  /* Others */
+  server.on("/api/info/wifi", HTTP_GET, HandleWiFiInfo); //Show WiFi Information
+  server.on("/api/wol", HTTP_GET, HandleWakeOnLan); //Handle WoL request
+
+  //File upload handler. see upload.ino
+  server.onFileUpload(handleFileUpload);
+
+  //Not found handler
+  server.onNotFound([](AsyncWebServerRequest *request) {
+    //Generally it will not arrive here as NOT FOUND is also handled in the main router.
+    //See router.ino for implementation details.
+    prettyPrintRequest(request);
+    request->send(404, "text/plain", "Not Found");
+  });
+
+  //Main Router, see router.ino
+  server.addHandler(new MainRouter());
+
+  server.begin();
+}

firmware/v3/web-server/users.ino

@@ -1,199 +1,213 @@
-/*
-  User.ino
-
-  This is a new module handling user systems on ESP8266
-
-*/
-
-//Check if a user login is valid by username and password
-bool UserCheckAuth(String username, String password) {
-  username.trim();
-  password.trim();
-  //Load user info from db
-  if (!DBKeyExists("user", username)) {
-    return false;
-  }
-
-  String userHashedPassword = DBRead("user", username);  //User hashed password from kvdb
-  String enteredHashedPassword = sha1(password);         //Entered hashed password
-  return userHashedPassword.equals(enteredHashedPassword);
-}
-
-//Get the username from the request, return empty string if unable to resolve
-String GetUsernameFromRequest(AsyncWebServerRequest *r) {
-  if (r->hasHeader("Cookie")) {
-    //User cookie from browser
-    String authCookie = GetCookieValueByKey(r, "web-auth");
-    if (authCookie == "") {
-      return "";
-    }
-
-    //Check if this is admin login
-    if (authCookie.equals(authSession)) {
-      return adminUsername;
-    }
-
-    //Check if user login
-    if (DBKeyExists("sess", authCookie)) {
-      //Return the username of this session
-      return DBRead("sess", authCookie);
-    }
-
-    //Not found
-    return "";
-  }
-
-  //This user have no cookie in header
-  return "";
-}
-
-//Create new user, creator must be admin
-void HandleNewUser(AsyncWebServerRequest *r) {
-  if (!IsAdmin(r)) {
-    SendErrorResp(r, "this function require admin permission");
-    return;
-  }
-  String username = GetPara(r, "username");
-  String password = GetPara(r, "password");
-  username.trim();
-  password.trim();
-
-  //Check if the inputs are valid
-  if (username == "" || password == "") {
-    SendErrorResp(r, "username or password is an empty string");
-    return;
-  } else if (password.length() < 8) {
-    SendErrorResp(r, "password must contain at least 8 characters");
-    return;
-  }
-
-  //Check if the user already exists
-  if (DBKeyExists("user", username)) {
-    SendErrorResp(r, "user with name: " + username + " already exists");
-    return;
-  }
-
-  //OK create the user
-  bool succ = DBWrite("user", username, sha1(password));
-  if (!succ) {
-    SendErrorResp(r, "write new user to database failed");
-    return;
-  }
-  r->send(200, "application/json", "\"OK\"");
-}
-
-//Remove the given username from the system
-void HandleRemoveUser(AsyncWebServerRequest *r) {
-  if (!IsAdmin(r)) {
-    SendErrorResp(r, "this function require admin permission");
-    return;
-  }
-
-  String username = GetPara(r, "username");
-  username.trim();
-
-  //Check if the user exists
-  if (!DBKeyExists("user", username)) {
-    SendErrorResp(r, "user with name: " + username + " not exists");
-    return;
-  }
-
-  //Okey, remove the user
-  bool succ = DBRemove("user", username);
-  if (!succ) {
-    SendErrorResp(r, "remove user from system failed");
-    return;
-  }
-  r->send(200, "application/json", "\"OK\"");
-}
-
-//Admin or the user themselve change password for the account
-void HandleUserChangePassword(AsyncWebServerRequest *r) {
-  //Get requesting username
-  if (!IsUserAuthed(r)) {
-    SendErrorResp(r, "user not logged in");
-    return;
-  }
-
-  String currentUser = GetUsernameFromRequest(r);
-  if (currentUser == "") {
-    SendErrorResp(r, "unable to load user from system");
-    return;
-  }
-
-  //Check if the user can change password
-  //note that admin password cannot be changed on-the-fly
-  //admin password can only be changed in SD card config file
-  String modifyingUsername = GetPara(r, "username");
-  String newPassword = GetPara(r, "newpw");
-  modifyingUsername.trim();
-  newPassword.trim();
-
-  if (modifyingUsername == adminUsername) {
-    SendErrorResp(r, "admin username can only be changed in the config file");
-    return;
-  }
-  if (currentUser == adminUsername || modifyingUsername == currentUser) {
-    //Allow modify
-    if (newPassword.length() < 8) {
-      SendErrorResp(r, "password must contain at least 8 characters");
-      return;
-    }
-
-    //Write to database
-    bool succ = DBWrite("user", modifyingUsername, sha1(newPassword));
-    if (!succ) {
-      SendErrorResp(r, "write new user to database failed");
-      return;
-    }
-    SendOK(r);
-
-  } else {
-    SendErrorResp(r, "permission denied");
-    return;
-  }
-
-  SendOK(r);
-}
-
-
-//Remove the given username from the system
-void HandleUserList(AsyncWebServerRequest *r) {
-  if (!IsAdmin(r)) {
-    SendErrorResp(r, "this function require admin permission");
-    return;
-  }
-
-  //Build the json with brute force
-  String jsonString = "[";
-  //As the DB do not support list, it directly access the root of the folder where the kvdb stores the entries
-  File root = SD.open(DB_root + "user/");
-  bool firstObject = true;
-  if (root) {
-    while (true) {
-      File entry = root.openNextFile();
-      if (!entry) {
-        // No more files
-        break;
-      } else {
-        //There are more lines. Add a , to the end of the previous json object
-        if (!firstObject) {
-          jsonString = jsonString + ",";
-        } else {
-          firstObject = false;
-        }
-
-        //Filter out all the directory if any
-        if (entry.isDirectory()) {
-          continue;
-        }
-
-        //Append to the JSON line
-        jsonString = jsonString + "{\"Username\":\"" + entry.name() + "\"}";
-      }
-    }
-  }
-  jsonString += "]";
-
-  r->send(200, "application/json", "\"OK\"");
-}
+/*
+  User.ino
+
+  This is a new module handling user systems on ESP8266
+
+*/
+
+//Check if a user login is valid by username and password
+bool UserCheckAuth(String username, String password) {
+  username.trim();
+  password.trim();
+  //Load user info from db
+  if (!DBKeyExists("user", username)) {
+    return false;
+  }
+
+  String userHashedPassword = DBRead("user", username);  //User hashed password from kvdb
+  String enteredHashedPassword = sha1(password);         //Entered hashed password
+  return userHashedPassword.equals(enteredHashedPassword);
+}
+
+//Get the username from the request, return empty string if unable to resolve
+String GetUsernameFromRequest(AsyncWebServerRequest *r) {
+  if (r->hasHeader("Cookie")) {
+    //User cookie from browser
+    String authCookie = GetCookieValueByKey(r, "web-auth");
+    if (authCookie == "") {
+      return "";
+    }
+
+    //Check if this is admin login
+    if (authCookie.equals(authSession)) {
+      return adminUsername;
+    }
+
+    //Check if user login
+    if (DBKeyExists("sess", authCookie)) {
+      //Return the username of this session
+      return DBRead("sess", authCookie);
+    }
+
+    //Not found
+    return "";
+  }
+
+  //This user have no cookie in header
+  return "";
+}
+
+//Create new user, creator must be admin
+void HandleNewUser(AsyncWebServerRequest *r) {
+  if (!IsAdmin(r)) {
+    SendErrorResp(r, "this function require admin permission");
+    return;
+  }
+  String username = GetPara(r, "username");
+  String password = GetPara(r, "password");
+  username.trim();
+  password.trim();
+
+  //Check if the inputs are valid
+  if (username == "" || password == "") {
+    SendErrorResp(r, "username or password is an empty string");
+    return;
+  } else if (password.length() < 8) {
+    SendErrorResp(r, "password must contain at least 8 characters");
+    return;
+  }
+
+  //Check if the user already exists
+  if (DBKeyExists("user", username)) {
+    SendErrorResp(r, "user with name: " + username + " already exists");
+    return;
+  }
+
+  //OK create the user
+  bool succ = DBWrite("user", username, sha1(password));
+  if (!succ) {
+    SendErrorResp(r, "write new user to database failed");
+    return;
+  }
+  r->send(200, "application/json", "\"OK\"");
+}
+
+//Remove the given username from the system
+void HandleRemoveUser(AsyncWebServerRequest *r) {
+  if (!IsAdmin(r)) {
+    SendErrorResp(r, "this function require admin permission");
+    return;
+  }
+
+  String username = GetPara(r, "username");
+  username.trim();
+
+  //Check if the user exists
+  if (!DBKeyExists("user", username)) {
+    SendErrorResp(r, "user with name: " + username + " not exists");
+    return;
+  }
+
+  //Okey, remove the user
+  bool succ = DBRemove("user", username);
+  if (!succ) {
+    SendErrorResp(r, "remove user from system failed");
+    return;
+  }
+  r->send(200, "application/json", "\"OK\"");
+}
+
+//Admin or the user themselve change password for the account
+void HandleUserChangePassword(AsyncWebServerRequest *r) {
+  //Get requesting username
+  if (!IsUserAuthed(r)) {
+    SendErrorResp(r, "user not logged in");
+    return;
+  }
+
+  String currentUser = GetUsernameFromRequest(r);
+  if (currentUser == "") {
+    SendErrorResp(r, "unable to load user from system");
+    return;
+  }
+
+  //Check if the user can change password
+  //note that admin password cannot be changed on-the-fly
+  //admin password can only be changed in SD card config file
+  String modifyingUsername = GetPara(r, "username");
+  String newPassword = GetPara(r, "newpw");
+  modifyingUsername.trim();
+  newPassword.trim();
+
+  if (modifyingUsername == adminUsername) {
+    SendErrorResp(r, "admin username can only be changed in the config file");
+    return;
+  }
+  if (currentUser == adminUsername || modifyingUsername == currentUser) {
+    //Allow modify
+    if (newPassword.length() < 8) {
+      SendErrorResp(r, "password must contain at least 8 characters");
+      return;
+    }
+
+    //Write to database
+    bool succ = DBWrite("user", modifyingUsername, sha1(newPassword));
+    if (!succ) {
+      SendErrorResp(r, "write new user to database failed");
+      return;
+    }
+    SendOK(r);
+
+  } else {
+    SendErrorResp(r, "permission denied");
+    return;
+  }
+
+  SendOK(r);
+}
+
+//Get the current username
+void HandleGetUserinfo(AsyncWebServerRequest *r){
+  if (!HandleAuth(r)) {
+    return;
+  }
+
+  String isAdmin = "false";
+  if (IsAdmin(r)){
+    isAdmin = "true";
+  }
+
+  String username = GetUsernameFromRequest(r);
+  r->send(200, "application/json", "{\"username\":\"" + username + "\", \"admin\":" + isAdmin + "}");
+}
+
+//List all users registered in this WebStick
+void HandleUserList(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+
+  //Build the json with brute force
+  String jsonString = "[";
+  //As the DB do not support list, it directly access the root of the folder where the kvdb stores the entries
+  File root = SD.open(DB_root + "user/");
+  bool firstObject = true;
+  if (root) {
+    while (true) {
+      File entry = root.openNextFile();
+      if (!entry) {
+        // No more files
+        break;
+      } else {
+        //There are more lines. Add a , to the end of the previous json object
+        if (!firstObject) {
+          jsonString = jsonString + ",";
+        } else {
+          firstObject = false;
+        }
+
+        //Filter out all the directory if any
+        if (entry.isDirectory()) {
+          continue;
+        }
+
+        //Append to the JSON line
+        jsonString = jsonString + "{\"Username\":\"" + entry.name() + "\"}";
+      }
+    }
+  }
+  jsonString += "]";
+
+  r->send(200, "application/json", jsonString);
+  
+}

firmware/v3/web-server/utils.ino

@@ -1,260 +1,260 @@
-/*
-
-    Utilities
-
-*/
-
-//Pretty print for easy debug
-void prettyPrintRequest(AsyncWebServerRequest * request) {
-  if (request->method() == HTTP_GET)
-    Serial.printf("GET");
-  else if (request->method() == HTTP_POST)
-    Serial.printf("POST");
-  else if (request->method() == HTTP_DELETE)
-    Serial.printf("DELETE");
-  else if (request->method() == HTTP_PUT)
-    Serial.printf("PUT");
-  else if (request->method() == HTTP_PATCH)
-    Serial.printf("PATCH");
-  else if (request->method() == HTTP_HEAD)
-    Serial.printf("HEAD");
-  else if (request->method() == HTTP_OPTIONS)
-    Serial.printf("OPTIONS");
-  else
-    Serial.printf("UNKNOWN");
-  Serial.printf(" http://%s%s\n", request->host().c_str(), request->url().c_str());
-
-  if (request->contentLength()) {
-    Serial.printf("_CONTENT_TYPE: %s\n", request->contentType().c_str());
-    Serial.printf("_CONTENT_LENGTH: %u\n", request->contentLength());
-  }
-
-  int headers = request->headers();
-  int i;
-  for (i = 0; i < headers; i++) {
-    AsyncWebHeader* h = request->getHeader(i);
-    Serial.printf("_HEADER[%s]: %s\n", h->name().c_str(), h->value().c_str());
-  }
-
-  int params = request->params();
-  for (i = 0; i < params; i++) {
-    AsyncWebParameter* p = request->getParam(i);
-    if (p->isFile()) {
-      Serial.printf("_FILE[%s]: %s, size: %u\n", p->name().c_str(), p->value().c_str(), p->size());
-    } else if (p->isPost()) {
-      Serial.printf("_POST[%s]: %s\n", p->name().c_str(), p->value().c_str());
-    } else {
-      Serial.printf("_GET[%s]: %s\n", p->name().c_str(), p->value().c_str());
-    }
-  }
-}
-
-//Check if a path is dir
-bool IsDir(const String& path) {
-  File file = SD.open(path);
-  if (file && !file.isDirectory()) {
-    file.close();
-    return false;
-  }
-  file.close();
-  return true;
-}
-
-//Generate a random 32 bit hex
-String GeneratedRandomHex() {
-  String hexString = "";
-
-  for (int i = 0; i < 8; i++) {
-    byte randomValue = random(256);  // Generate a random byte (0 to 255)
-    hexString += String(randomValue, HEX);  // Convert the random byte to its hexadecimal representation
-  }
-
-  return hexString;
-}
-
-//Get the current unix timestamp
-unsigned long getTime() {
-  unsigned long now = timeClient.getEpochTime();
-  return now;
-}
-
-//Convert Unix timestamp to UTC string
-String getUTCTimeString(time_t unixTimestamp) {
-  char utcString[30];
-  const char* weekdayNames[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
-  const char* monthNames[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
-
-  tm* timeInfo = gmtime(&unixTimestamp);
-  sprintf(utcString, "%s, %02d %s %04d %02d:%02d:%02d GMT",
-          weekdayNames[timeInfo->tm_wday], timeInfo->tm_mday, monthNames[timeInfo->tm_mon],
-          timeInfo->tm_year + 1900, timeInfo->tm_hour, timeInfo->tm_min, timeInfo->tm_sec);
-
-  return String(utcString);
-}
-
-//Get a certain cookie value by its key
-String GetCookieValueByKey(AsyncWebServerRequest *request, const String& key) {
-  //Check if the Cookie header exists
-  if (!request->hasHeader("Cookie")) {
-    return "";
-  }
-
-  //Load the cookie value as string from header
-  String targetValue = "";
-  AsyncWebHeader* h = request->getHeader("Cookie");
-  String cookieHeader = String(h->value().c_str());
-
-  // Find the start and end positions of target cookie key
-  int startIndex = cookieHeader.indexOf(key + "=");
-  if (startIndex != -1) {
-    startIndex += 9;  // Length of "web-auth="
-
-    int endIndex = cookieHeader.indexOf(';', startIndex);
-    if (endIndex == -1) {
-      endIndex = cookieHeader.length();
-    }
-
-    // Extract the value of the "web-auth" cookie
-    targetValue = cookieHeader.substring(startIndex, endIndex);
-  }
-
-  return targetValue;
-}
-
-//Get the filename from filepath
-String basename(const String& filePath) {
-  int lastSlashIndex = filePath.lastIndexOf('/');
-
-  // If no slash is found, return the original path
-  if (lastSlashIndex == -1) {
-    return filePath;
-  }
-
-  // Return the substring after the last slash
-  return filePath.substring(lastSlashIndex + 1);
-}
-
-
-bool recursiveDirRemove(const String& path) {
-  Serial.println(path);
-  File directory = SD.open(path);
-  if (!directory) {
-    Serial.println("Error opening directory!");
-    return false;
-  }
-
-  // Delete all the files in the directory
-  directory.rewindDirectory();
-  while (true) {
-    File entry = directory.openNextFile();
-    if (!entry) {
-      // No more files
-      break;
-    }
-
-    String filename = String(entry.name());
-    if (entry.isDirectory()) {
-      // Recursively delete the subdirectory
-      recursiveDirRemove(path + filename);
-    } else {
-      // Delete the file
-      entry.close();
-      Serial.println("Removing " + path + filename);
-      SD.remove(path + filename);
-    }
-  }
-
-  // Close the directory
-  directory.close();
-
-  // Delete the directory itself
-  if (!SD.rmdir(path)) {
-    Serial.println("Error deleting directory!");
-    return false;
-  }
-
-  return true;
-}
-
-/*
-
-   uint32_t totalSize = 0;
-   uint16_t fileCount = 0;
-   uint16_t folderCount = 0;
-
-   // Call the recursive function to analyze the directory and its contents
-   analyzeDirectory(directoryPath, totalSize, fileCount, folderCount);
-*/
-void analyzeDirectory(const String& path, uint32_t& totalSize, uint16_t& fileCount, uint16_t& folderCount) {
-  File directory = SD.open(path);
-  if (!directory) {
-    Serial.println("Error opening directory!");
-    return;
-  }
-
-  // Analyze all files and subdirectories in the directory
-  directory.rewindDirectory();
-  while (true) {
-    File entry = directory.openNextFile();
-    if (!entry) {
-      // No more files
-      break;
-    }
-
-    if (entry.isDirectory()) {
-      // Recursively analyze the subdirectory
-      folderCount++;
-      analyzeDirectory(entry.name(), totalSize, fileCount, folderCount);
-    } else {
-      // Update the counters and add file size to total size
-      fileCount++;
-      totalSize += entry.size();
-    }
-
-    entry.close();
-  }
-
-  // Close the directory
-  directory.close();
-}
-
-void scanSDCardForKeyword(const String& directoryPath, const String& keyword, int *matchCounter, AsyncResponseStream *response) {
-  File directory = SD.open(directoryPath);
-  if (!directory) {
-    Serial.println("Error opening directory " + directoryPath);
-    return;
-  }
-
-  // Scan all files and subdirectories in the directory
-  directory.rewindDirectory();
-  while (true) {
-    File entry = directory.openNextFile();
-    if (!entry) {
-      // No more files
-      break;
-    }
-
-    if (entry.isDirectory()) {
-      // Recursively scan the subdirectory
-      scanSDCardForKeyword((directoryPath + entry.name() + "/"), keyword, matchCounter, response);
-    } else {
-      // Check if the filename contains the keyword
-      String filename = basename(entry.name());
-      if (filename.indexOf(keyword) != -1) {
-        if ((*matchCounter) > 0){
-          //Append a comma before appending next matching file
-          response->print(",");
-        }
-        
-        //When writing response, trim off the /www root folder name from directoryPath
-        response->print("\"" + directoryPath.substring(4) + entry.name() + "\"");
-        (*matchCounter)++;
-      }
-    }
-
-    entry.close();
-  }
-
-  // Close the directory
-  directory.close();
-}
+/*
+
+    Utilities
+
+*/
+
+//Pretty print for easy debug
+void prettyPrintRequest(AsyncWebServerRequest * request) {
+  if (request->method() == HTTP_GET)
+    Serial.printf("GET");
+  else if (request->method() == HTTP_POST)
+    Serial.printf("POST");
+  else if (request->method() == HTTP_DELETE)
+    Serial.printf("DELETE");
+  else if (request->method() == HTTP_PUT)
+    Serial.printf("PUT");
+  else if (request->method() == HTTP_PATCH)
+    Serial.printf("PATCH");
+  else if (request->method() == HTTP_HEAD)
+    Serial.printf("HEAD");
+  else if (request->method() == HTTP_OPTIONS)
+    Serial.printf("OPTIONS");
+  else
+    Serial.printf("UNKNOWN");
+  Serial.printf(" http://%s%s\n", request->host().c_str(), request->url().c_str());
+
+  if (request->contentLength()) {
+    Serial.printf("_CONTENT_TYPE: %s\n", request->contentType().c_str());
+    Serial.printf("_CONTENT_LENGTH: %u\n", request->contentLength());
+  }
+
+  int headers = request->headers();
+  int i;
+  for (i = 0; i < headers; i++) {
+    AsyncWebHeader* h = request->getHeader(i);
+    Serial.printf("_HEADER[%s]: %s\n", h->name().c_str(), h->value().c_str());
+  }
+
+  int params = request->params();
+  for (i = 0; i < params; i++) {
+    AsyncWebParameter* p = request->getParam(i);
+    if (p->isFile()) {
+      Serial.printf("_FILE[%s]: %s, size: %u\n", p->name().c_str(), p->value().c_str(), p->size());
+    } else if (p->isPost()) {
+      Serial.printf("_POST[%s]: %s\n", p->name().c_str(), p->value().c_str());
+    } else {
+      Serial.printf("_GET[%s]: %s\n", p->name().c_str(), p->value().c_str());
+    }
+  }
+}
+
+//Check if a path is dir
+bool IsDir(const String& path) {
+  File file = SD.open(path);
+  if (file && !file.isDirectory()) {
+    file.close();
+    return false;
+  }
+  file.close();
+  return true;
+}
+
+//Generate a random 32 bit hex
+String GeneratedRandomHex() {
+  String hexString = "";
+
+  for (int i = 0; i < 8; i++) {
+    byte randomValue = random(256);  // Generate a random byte (0 to 255)
+    hexString += String(randomValue, HEX);  // Convert the random byte to its hexadecimal representation
+  }
+
+  return hexString;
+}
+
+//Get the current unix timestamp
+unsigned long getTime() {
+  unsigned long now = timeClient.getEpochTime();
+  return now;
+}
+
+//Convert Unix timestamp to UTC string
+String getUTCTimeString(time_t unixTimestamp) {
+  char utcString[30];
+  const char* weekdayNames[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
+  const char* monthNames[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
+
+  tm* timeInfo = gmtime(&unixTimestamp);
+  sprintf(utcString, "%s, %02d %s %04d %02d:%02d:%02d GMT",
+          weekdayNames[timeInfo->tm_wday], timeInfo->tm_mday, monthNames[timeInfo->tm_mon],
+          timeInfo->tm_year + 1900, timeInfo->tm_hour, timeInfo->tm_min, timeInfo->tm_sec);
+
+  return String(utcString);
+}
+
+//Get a certain cookie value by its key
+String GetCookieValueByKey(AsyncWebServerRequest *request, const String& key) {
+  //Check if the Cookie header exists
+  if (!request->hasHeader("Cookie")) {
+    return "";
+  }
+
+  //Load the cookie value as string from header
+  String targetValue = "";
+  AsyncWebHeader* h = request->getHeader("Cookie");
+  String cookieHeader = String(h->value().c_str());
+
+  // Find the start and end positions of target cookie key
+  int startIndex = cookieHeader.indexOf(key + "=");
+  if (startIndex != -1) {
+    startIndex += 9;  // Length of "web-auth="
+
+    int endIndex = cookieHeader.indexOf(';', startIndex);
+    if (endIndex == -1) {
+      endIndex = cookieHeader.length();
+    }
+
+    // Extract the value of the "web-auth" cookie
+    targetValue = cookieHeader.substring(startIndex, endIndex);
+  }
+
+  return targetValue;
+}
+
+//Get the filename from filepath
+String basename(const String& filePath) {
+  int lastSlashIndex = filePath.lastIndexOf('/');
+
+  // If no slash is found, return the original path
+  if (lastSlashIndex == -1) {
+    return filePath;
+  }
+
+  // Return the substring after the last slash
+  return filePath.substring(lastSlashIndex + 1);
+}
+
+
+bool recursiveDirRemove(const String& path) {
+  Serial.println(path);
+  File directory = SD.open(path);
+  if (!directory) {
+    Serial.println("Error opening directory!");
+    return false;
+  }
+
+  // Delete all the files in the directory
+  directory.rewindDirectory();
+  while (true) {
+    File entry = directory.openNextFile();
+    if (!entry) {
+      // No more files
+      break;
+    }
+
+    String filename = String(entry.name());
+    if (entry.isDirectory()) {
+      // Recursively delete the subdirectory
+      recursiveDirRemove(path + filename);
+    } else {
+      // Delete the file
+      entry.close();
+      Serial.println("Removing " + path + filename);
+      SD.remove(path + filename);
+    }
+  }
+
+  // Close the directory
+  directory.close();
+
+  // Delete the directory itself
+  if (!SD.rmdir(path)) {
+    Serial.println("Error deleting directory!");
+    return false;
+  }
+
+  return true;
+}
+
+/*
+
+   uint32_t totalSize = 0;
+   uint16_t fileCount = 0;
+   uint16_t folderCount = 0;
+
+   // Call the recursive function to analyze the directory and its contents
+   analyzeDirectory(directoryPath, totalSize, fileCount, folderCount);
+*/
+void analyzeDirectory(const String& path, uint32_t& totalSize, uint16_t& fileCount, uint16_t& folderCount) {
+  File directory = SD.open(path);
+  if (!directory) {
+    Serial.println("Error opening directory!");
+    return;
+  }
+
+  // Analyze all files and subdirectories in the directory
+  directory.rewindDirectory();
+  while (true) {
+    File entry = directory.openNextFile();
+    if (!entry) {
+      // No more files
+      break;
+    }
+
+    if (entry.isDirectory()) {
+      // Recursively analyze the subdirectory
+      folderCount++;
+      analyzeDirectory(entry.name(), totalSize, fileCount, folderCount);
+    } else {
+      // Update the counters and add file size to total size
+      fileCount++;
+      totalSize += entry.size();
+    }
+
+    entry.close();
+  }
+
+  // Close the directory
+  directory.close();
+}
+
+void scanSDCardForKeyword(const String& directoryPath, const String& keyword, int *matchCounter, AsyncResponseStream *response) {
+  File directory = SD.open(directoryPath);
+  if (!directory) {
+    Serial.println("Error opening directory " + directoryPath);
+    return;
+  }
+
+  // Scan all files and subdirectories in the directory
+  directory.rewindDirectory();
+  while (true) {
+    File entry = directory.openNextFile();
+    if (!entry) {
+      // No more files
+      break;
+    }
+
+    if (entry.isDirectory()) {
+      // Recursively scan the subdirectory
+      scanSDCardForKeyword((directoryPath + entry.name() + "/"), keyword, matchCounter, response);
+    } else {
+      // Check if the filename contains the keyword
+      String filename = basename(entry.name());
+      if (filename.indexOf(keyword) != -1) {
+        if ((*matchCounter) > 0){
+          //Append a comma before appending next matching file
+          response->print(",");
+        }
+        
+        //When writing response, trim off the /www root folder name from directoryPath
+        response->print("\"" + directoryPath.substring(4) + entry.name() + "\"");
+        (*matchCounter)++;
+      }
+    }
+
+    entry.close();
+  }
+
+  // Close the directory
+  directory.close();
+}

firmware/v3/web-server/web-server.ino

@@ -1,119 +1,122 @@
-/*
- * 
- *  Web Server Stick v3
- *  Author: Toby Chui
- *  
- *  This firmware load and serve web content
- *  from microSD card. 
- *  
- *  The following firmware config are recommended
- *  Board: Wemos D1 Mini
- *  CPU clockspeed: 160Mhz
- *  IwIP Varient: v2 Higher Bandwidth
- *  
- *  Require external library: 
- *  - ESPAsyncTCP (https://github.com/me-no-dev/ESPAsyncTCP)
- *  - ESPAsyncWebServer (https://github.com/me-no-dev/ESPAsyncWebServer)
- *  - ArduinoJson (https://github.com/bblanchon/ArduinoJson)
- *  - Wake On LAN (see lib folder and include it as library)
- */
-
-//WiFi library
-#include <ESP8266WiFi.h>
-
-//SD cards library
-#include <SPI.h>
-#include <SD.h>
-#include <FS.h>
-
-//Web server library
-#include <ESPAsyncTCP.h>
-#include <ESPAsyncWebServer.h>
-#include <ArduinoJson.h>
-
-//Discovery related library
-#include <ESP8266mDNS.h>
-#include <NTPClient.h>
-#include <WiFiUdp.h>
-#include <WakeOnLan.h>
-
-/* Hardware Configurations */
-#define CS_PIN D0
-
-/* Software Global Variables */
-AsyncWebServer server(80);
-String adminUsername = "";
-String adminPassword = "";
-String mdnsName = "webstick";
-String authSession = ""; //Session key for admin
-
-/* Time Keeping */
-WiFiUDP ntpUDP;
-NTPClient timeClient(ntpUDP, "pool.ntp.org");
-
-/* Wake On Lan */
-WakeOnLan WOL(ntpUDP);
-
-/* Debug variables */
-
-/* Function definations */
-String loadWiFiInfoFromSD();
-
-
-void setup() {
-  // Setup Debug Serial Port
-  Serial.begin(9600);
-  
-  //Try Initialize SD card (blocking)
-  while (!SD.begin(CS_PIN, 32000000)){
-    Serial.println("SD card initialization failed. Retrying in 3 seconds...");
-    delay(3000);
-  }
-  Serial.println("SD card initialized");
-  Serial.println("\n\nStorage Info:");
-  Serial.println("----------------------");
-  getSDCardTotalSpace();
-  getSDCardUsedSpace();
-  Serial.println("----------------------");
-  Serial.println();
-
-  //Connect to wifi based on settings (cfg/wifi.txt)
-  initWiFiConn();
-
-  //Load admin credentials from SD card (cfg/admin.txt)
-  initAdminCredentials();
-  
-  //Start mDNS service
-  initmDNSName();
-  if (!MDNS.begin(mdnsName)){
-      Serial.println("mDNS Error. Skipping.");
-  }else{
-      Serial.println("mDNS started. Connect to your webstick using http://" + mdnsName + ".local");
-      MDNS.addService("http", "tcp", 80);
-  }
-
-  //Start NTP time client
-  timeClient.begin();
-  Serial.print("Requesting time from NTP (unix timestamp): ");
-  timeClient.update();
-  Serial.println(getTime());
-
-  //Wake on Lan Settings
-  WOL.setRepeat(3, 100);
-  WOL.calculateBroadcastAddress(WiFi.localIP(), WiFi.subnetMask());
-
-  //Initialize database
-  DBInit();
-
-  //Resume login session if any
-  initLoginSessionKey();
-  
-  // Start listening to HTTP Requests
-  initWebServer();
-}
-  
-
-void loop(){
-  MDNS.update();
-  timeClient.update();
-}
+/*
+ * 
+ *  Web Server Stick v3
+ *  Author: Toby Chui
+ *  
+ *  This firmware load and serve web content
+ *  from microSD card. 
+ *  
+ *  The following firmware config are recommended
+ *  Board: Wemos D1 Mini
+ *  CPU clockspeed: 160Mhz
+ *  IwIP Varient: v2 Higher Bandwidth
+ *  
+ *  Require external library: 
+ *  - ESPAsyncTCP (https://github.com/me-no-dev/ESPAsyncTCP)
+ *  - ESPAsyncWebServer (https://github.com/me-no-dev/ESPAsyncWebServer)
+ *  - ArduinoJson (https://github.com/bblanchon/ArduinoJson)
+ *  - ESPping (https://github.com/dvarrel/ESPping)
+ *  - Wake On LAN (https://github.com/a7md0/WakeOnLan)
+ */
+
+//WiFi library
+#include <ESP8266WiFi.h>
+
+//SD cards library
+#include <SPI.h>
+#include <SD.h>
+#include <FS.h>
+
+//Web server library
+#include <ESPAsyncTCP.h>
+#include <ESPAsyncWebServer.h>
+#include <ArduinoJson.h>
+
+//Discovery related library
+#include <ESP8266mDNS.h>
+#include <ESPping.h>
+#include <NTPClient.h>
+#include <WiFiUdp.h>
+#include <WakeOnLan.h>
+
+
+/* Hardware Configurations */
+#define CS_PIN D0
+
+/* Software Global Variables */
+AsyncWebServer server(80);
+String adminUsername = "";
+String adminPassword = "";
+String mdnsName = "webstick";
+String authSession = ""; //Session key for admin
+
+/* Time Keeping */
+WiFiUDP ntpUDP;
+NTPClient timeClient(ntpUDP, "pool.ntp.org");
+
+/* Wake On Lan */
+WakeOnLan WOL(ntpUDP);
+
+/* Debug variables */
+
+/* Function definations */
+String loadWiFiInfoFromSD();
+
+
+void setup() {
+  // Setup Debug Serial Port
+  Serial.begin(9600);
+  
+  //Try Initialize SD card (blocking)
+  while (!SD.begin(CS_PIN, 32000000)){
+    Serial.println("SD card initialization failed. Retrying in 3 seconds...");
+    delay(3000);
+  }
+  Serial.println("SD card initialized");
+  Serial.println("\n\nStorage Info:");
+  Serial.println("----------------------");
+  getSDCardTotalSpace();
+  getSDCardUsedSpace();
+  Serial.println("----------------------");
+  Serial.println();
+
+  //Connect to wifi based on settings (cfg/wifi.txt)
+  initWiFiConn();
+
+  //Load admin credentials from SD card (cfg/admin.txt)
+  initAdminCredentials();
+  
+  //Start mDNS service
+  initmDNSName();
+  if (!MDNS.begin(mdnsName)){
+      Serial.println("mDNS Error. Skipping.");
+  }else{
+      Serial.println("mDNS started. Connect to your webstick using http://" + mdnsName + ".local");
+      MDNS.addService("http", "tcp", 80);
+  }
+
+  //Start NTP time client
+  timeClient.begin();
+  Serial.print("Requesting time from NTP (unix timestamp): ");
+  timeClient.update();
+  Serial.println(getTime());
+
+  //Wake on Lan Settings
+  WOL.setRepeat(3, 100);
+  WOL.calculateBroadcastAddress(WiFi.localIP(), WiFi.subnetMask());
+
+  //Initialize database
+  DBInit();
+
+  //Resume login session if any
+  initLoginSessionKey();
+  
+  // Start listening to HTTP Requests
+  initWebServer();
+}
+  
+
+void loop(){
+  MDNS.update();
+  timeClient.update();
+}

sd_card/www/admin/img/cluster.svg

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="128px"
+	 height="128px" viewBox="0 0 128 128" enable-background="new 0 0 128 128" xml:space="preserve">
+<g id="圖層_1">
+	<rect x="12.563" y="32.823" fill="#727171" width="102.834" height="86.829"/>
+	<path fill="#3E3A39" d="M113.23,114.962c0,1.729-1.357,3.127-3.035,3.127H17.64c-1.676,0-3.035-1.398-3.035-3.127V95.153
+		c0-1.729,1.359-3.127,3.035-3.127h92.556c1.678,0,3.035,1.398,3.035,3.127V114.962z"/>
+	<circle fill="#00A0E9" cx="100.48" cy="105.066" r="3.708"/>
+</g>
+<g id="圖層_2">
+	<polygon fill="#DCDDDD" points="96.438,14.002 30.271,14.002 12.604,32.823 115.438,32.823 	"/>
+	<path fill="#3E3A39" d="M113.023,85.822c0,1.729-1.357,3.127-3.035,3.127H17.433c-1.676,0-3.035-1.398-3.035-3.127V66.014
+		c0-1.729,1.359-3.127,3.035-3.127h92.556c1.678,0,3.035,1.398,3.035,3.127V85.822z"/>
+	<circle fill="#00A0E9" cx="100.273" cy="75.929" r="3.708"/>
+	<path fill="#3E3A39" d="M112.92,57.3c0,1.729-1.357,3.127-3.035,3.127H17.329c-1.676,0-3.035-1.398-3.035-3.127V37.492
+		c0-1.729,1.359-3.127,3.035-3.127h92.556c1.678,0,3.035,1.398,3.035,3.127V57.3z"/>
+	<circle fill="#00A0E9" cx="100.17" cy="47.406" r="3.708"/>
+</g>
+</svg>

sd_card/www/admin/img/user.svg

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" id="圖層_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 width="128px" height="128px" viewBox="0 0 128 128" enable-background="new 0 0 128 128" xml:space="preserve">
+<circle fill="#231815" cx="65" cy="42.483" r="20.033"/>
+<path fill="#231815" d="M63.895,106.882c16.229,0,29.361-2.217,29.361-4.959c0-21.133-8.806-38.231-19.689-38.231
+	c0,3.251-3.989,5.883-8.921,5.883c-4.693,0-8.492-2.632-8.492-5.883c-10.728,0-19.41,17.099-19.41,38.231
+	c0,2.742,12.235,4.959,27.355,4.959"/>
+</svg>

sd_card/www/admin/img/users.svg

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="128px"
+	 height="128px" viewBox="0 0 128 128" enable-background="new 0 0 128 128" xml:space="preserve">
+<g id="圖層_2">
+	<circle fill="#00A0E9" stroke="#FFFFFF" stroke-miterlimit="10" cx="97.083" cy="47.867" r="15.248"/>
+	<path fill="#00A0E9" stroke="#FFFFFF" stroke-miterlimit="10" d="M96.241,96.882c12.353,0,22.348-1.688,22.348-3.774
+		c0-16.084-6.702-29.099-14.986-29.099c0,2.476-3.037,4.478-6.79,4.478c-3.572,0-6.464-2.002-6.464-4.478
+		c-8.165,0-14.772,13.015-14.772,29.099c0,2.087,9.313,3.774,20.82,3.774"/>
+	<circle fill="#00A0E9" stroke="#FFFFFF" stroke-miterlimit="10" cx="31.583" cy="45.632" r="15.248"/>
+	<path fill="#00A0E9" stroke="#FFFFFF" stroke-miterlimit="10" d="M30.742,94.646c12.353,0,22.348-1.688,22.348-3.773
+		c0-16.084-6.702-29.1-14.986-29.1c0,2.476-3.037,4.479-6.79,4.479c-3.572,0-6.464-2.003-6.464-4.479
+		c-8.165,0-14.772,13.016-14.772,29.1c0,2.086,9.313,3.773,20.82,3.773"/>
+</g>
+<g id="圖層_1">
+	<circle fill="#00A0E9" stroke="#FFFFFF" stroke-width="3" stroke-miterlimit="10" cx="64" cy="42.483" r="20.033"/>
+	<path fill="#00A0E9" stroke="#FFFFFF" stroke-width="3" stroke-miterlimit="10" d="M62.895,106.882
+		c16.229,0,29.361-2.217,29.361-4.959c0-21.133-8.806-38.231-19.689-38.231c0,3.252-3.99,5.883-8.922,5.883
+		c-4.693,0-8.492-2.631-8.492-5.883c-10.728,0-19.41,17.099-19.41,38.231c0,2.742,12.235,4.959,27.355,4.959"/>
+</g>
+</svg>

sd_card/www/admin/index.html

@@ -35,6 +35,7 @@
         </a>
         <a class="active yellow selectable item" onclick="switchFrame(event, this);" xframe="fs"><i class="folder icon"></i> File Manager</a>
         <a class="violet selectable item" onclick="switchFrame(event, this);" xframe="search">Search</a>
+        <a class="blue selectable item" onclick="switchFrame(event, this);" xframe="users">Users</a>
         <a class="grey selectable item" onclick="switchFrame(event, this);" xframe="info">Info</a>
         <div class="right menu">
             <a class="grey selectable item" title="Logout" onclick="handleLogout();"><i class="ui sign-out icon"></i></a>
@@ -47,6 +48,9 @@
         <div id="search" class="frameWrapper" style="display:none;">
             <iframe src="search.html"></iframe>
         </div>
+        <div id="users" class="frameWrapper" style="display:none;">
+            <iframe src="users.html"></iframe>
+        </div>
         <div id="info" class="frameWrapper" style="display:none;">
             <iframe src="info.html"></iframe>
         </div>

sd_card/www/admin/info.html

@@ -33,6 +33,20 @@
             <p id="volText"></p>
             <button onclick="initSDCardInfo();" style="position: absolute; top: 0.6em; right: 0.6em;" class="ui circular icon right floated basic button"><i class="ui green refresh icon"></i></button>
         </div>
+        <div class="ui segment">
+            <h3 class="ui header">
+                <img src="img/cluster.svg">
+                <div class="content">
+                    Wake-On-Lan
+                    <div class="sub header">Power on a host in LAN by sending WoL magic packet</div>
+                </div>
+            </h3>
+            <p>Target host MAC address (in XX:XX:XX:XX:XX:XX format)</p>
+            <div class="ui action small fluid input">
+                <input type="text" id="targetMacAddress" placeholder="MAC Address">
+                <button class="ui basic button" onclick="sendWakeOnLan();"><i class="green power icon"></i> Power-On</button>
+            </div>
+        </div>
         <div class="ui segment">
             <h3 class="ui header">
                 <img src="img/wifi.svg">
@@ -53,6 +67,7 @@
         </div>
         <div class="ui divider"></div>
         <p>WebStick Management Interface designed by <a href="https://imuslab.com" target="_blank">tobychui</a></p>
+        <br>
     </div>
     <script>
         function initWiFiInfo(){
@@ -122,6 +137,37 @@
         }
         initSDCardInfo();
 
+        //Send wake on lan package
+        function sendWakeOnLan(){
+            var macAddr= $("#targetMacAddress").val().trim();
+            var regex = /^([0-9A-F]{2}[:-]){5}([0-9A-F]{2})$/;
+            if (!regex.test(macAddr)){
+                alert(macAddr + " is not a valid MAC address");
+                return;
+            }
+
+            $.get("/api/wol?mac=" + macAddr, function(data){
+                if (data.error != undefined){
+                    alert(data.error);
+                }else{
+                    alert("WoL magic packet sent!")
+                }
+            })
+        }
+
+        //Send ICMP Ping
+        function pingTarget(){
+            var ipaddress = $("#targetIpAddr").val().trim();
+            if (/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/.test(ipaddress)) {  
+                $.get("/api/ping?ipaddr=" + ipaddress, function(data){
+                    alert(data);
+                })
+            }else{
+                alert("Invalid ip address given");
+            }
+        }
+
+
         function humanFileSize(bytes, si=false, dp=1) {
             const thresh = si ? 1000 : 1024;
 

sd_card/www/admin/users.html

@@ -0,0 +1,189 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta charset="utf-8">
+        <title>Users List</title>
+        <meta name="viewport" content="width=device-width, initial-scale=1" >
+
+        <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
+        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.4.1/semantic.min.css" />
+        <script src="https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.4.1/semantic.min.js"></script>
+        <style>
+            body{
+                background-color: rgb(243, 243, 243);
+            }
+        </style>
+    </head>
+    <body>
+        <br>
+        <div class="ui container">
+            <div class="ui segment">
+                <h4 class="ui header">
+                    <img src="img/user.svg">
+                    <div class="content">
+                      <span id="currentUsername"><i class="ui loading spinner icon"></i> Loading</span>
+                      <div class="sub header">Current User Information</div>
+                    </div>
+                </h4>
+            </div>
+            <div class="ui segment">
+                <table class="ui unstackable basic celled table">
+                    <thead>
+                      <tr><th>Username</th>
+                      <th>Actions</th>
+                    </tr></thead>
+                    <tbody id="userTable">
+                      <tr>
+                        <td colspan="2"><i class="ui loading spinner icon"></i> Loading</td>
+                      </tr>
+                    </tbody>
+                </table>
+                <div class="ui divider"></div>
+                <form id="newUserForm" class="ui form" onsubmit="handleNewUser(event);">
+                    <div class="field">
+                      <label>Username</label>
+                      <input id="username" type="text">
+                    </div>
+                    <div class="field">
+                      <label>Password</label>
+                      <input id="password" type="password">
+                    </div>
+                    <div class="field">
+                        <label>Confirm Password</label>
+                        <input id="confirmpw" type="password">
+                    </div>
+                    <button class="ui basic button"><i class="ui green add icon"></i> Create User</button>
+                </form>
+               
+            </div>
+        </div>
+        <script>
+            var currentUserInfo = {};
+            //Load current login user info from server
+            function initUserInfo(){
+                $.get("/api/user/info", function(data){
+                    currentUserInfo = data;
+                    var html = data.username;
+                    if (data.admin){
+                        html += ` <i class="yellow shield alternate icon"></i>`;
+                    }else{
+                        //Hide the new user section
+                        $("#newUserForm").remove();
+                    }
+                    $("#currentUsername").html(html);
+                    initUserList();
+                })
+            }
+            initUserInfo();
+
+            //Load user list from WebStick
+            function initUserList(){
+                $("#userTable").html(`<tr>
+                    <td colspan="2"><i class="ui loading spinner icon"></i> Loading</td>
+                </tr>`);
+                $.get("/api/user/list", function(data){
+                    if (data.error != undefined){
+                        alert(data.error);
+                    }else{
+                        $("#userTable").html(``);
+                        data.forEach(function(user){
+                            let username = user.Username;
+
+                            if (!currentUserInfo.admin){
+                                //Not admin
+                                var actionField = '<small style="opacity: 0.3;">No available actions</small>';
+                                if (username == currentUserInfo.username){
+                                    actionField = `<button class="ui basic button" onclick="changePassword('${username}');"><i class="ui blue edit icon"></i> Change Password</button>`;
+                                }
+                                $("#userTable").append(`<tr>
+                                    <td>${username}</td>
+                                    <td>
+                                        ${actionField}
+                                    </td>
+                                </tr>`);
+                            }else{
+                                //admin
+                                $("#userTable").append(`<tr>
+                                    <td>${username}</td>
+                                    <td userid="${username}">
+                                        <button class="ui basic button" onclick="changePassword('${username}');"><i class="ui blue edit icon"></i> Change Password</button>
+                                        <button class="ui basic button" onclick="delUser('${username}');"><i class="ui red trash icon"></i> Remove</button>
+                                    </td>
+                                </tr>`);
+                            }
+                           
+                        });
+
+                        if (data.length == 0){
+                            $("#userTable").append(`<tr>
+                                <td colspan="2"><i class="green circle check icon"></i> No registered user</td>
+                            </tr>`);
+                        }
+                    }
+                })
+            }
+            
+
+            //Create new user
+            function handleNewUser(e){
+                e.preventDefault();
+                let username = $("#username").val().trim();
+                let password = $("#password").val().trim();
+                let confirmpw = $("#confirmpw").val().trim();
+
+                if (password != confirmpw){
+                    //Mismatch
+                    $("#confirmpw").parent().addClass("error");
+                    return;
+                }else{
+                    $("#confirmpw").parent().removeClass("error");
+                }
+
+                //Create the user
+                $.post("/api/user/new?username=" + username + "&password=" + password, function(data){
+                    if (data.error != undefined){
+                        alert(data.error);
+                    }else{
+                        //User added
+                        initUserList();
+                        $("#username").val("");
+                        $("#password").val("");
+                        $("#confirmpw").val("");
+                    }
+                })
+            }
+
+            //Server side will check for if you are admin
+            function delUser(username){
+                $.post("/api/user/del?username=" + username, function(data){
+                    if (data.error != undefined){
+                        alert(data.error);
+                    }else{
+                        //ok!
+                        initUserList();
+                    }
+                })
+            }
+
+            //Change password, admin can change all user's password, 
+            //user can only change their own password
+            function changePassword(username){
+                let newpassword = prompt("New password", "");
+                let confirmNewPassword  = prompt("Confirm new password", "");
+                if (newpassword != confirmNewPassword){
+                    alert("Confirm password not match!");
+                    return;
+                }
+
+                //Request server side to change user password
+                $.post("/api/user/chpw?username=" + username + "&newpw=" + newpassword, function(data){
+                    if (data.error != undefined){
+                        alert(data.error);
+                    }else{
+                        alert("Password updated!");
+                    }
+                })
+            }
+        </script>
+    </body>
+</html>